diff options
author | Adnan H <acednan@gmail.com> | 2016-12-05 22:17:37 +0100 |
---|---|---|
committer | Adnan H <acednan@gmail.com> | 2016-12-05 22:17:37 +0100 |
commit | 38153c76241311666e9aa26f2cec534f62900c72 (patch) | |
tree | cdadc6bf060ee284cdac5e1ed2c1743cbffb4ea8 | |
parent | 0f854e736bf6f2d62649fe38e25967dd71aec97f (diff) | |
parent | 01fcfd11a5e4c170e0b31c60157fb9748c0d3277 (diff) | |
download | gnunet-38153c76241311666e9aa26f2cec534f62900c72.tar.gz gnunet-38153c76241311666e9aa26f2cec534f62900c72.zip |
Merge branch 'credentials' of git+ssh://gnunet.org/gnunet into credentials
-rw-r--r-- | src/credential/credential.h | 10 | ||||
-rw-r--r-- | src/credential/credential_api.c | 34 | ||||
-rw-r--r-- | src/credential/gnunet-credential.c | 37 | ||||
-rw-r--r-- | src/credential/gnunet-service-credential.c | 52 | ||||
-rw-r--r-- | src/credential/plugin_gnsrecord_credential.c | 79 | ||||
-rwxr-xr-x | src/credential/test_credential_issue.sh | 36 | ||||
-rwxr-xr-x | src/credential/test_credential_verify_simple.sh | 52 | ||||
-rw-r--r-- | src/include/gnunet_credential_service.h | 5 |
8 files changed, 219 insertions, 86 deletions
diff --git a/src/credential/credential.h b/src/credential/credential.h index 2acaf73a5..8b5cf6db9 100644 --- a/src/credential/credential.h +++ b/src/credential/credential.h | |||
@@ -50,6 +50,16 @@ struct VerifyMessage | |||
50 | struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; | 50 | struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; |
51 | 51 | ||
52 | /** | 52 | /** |
53 | * Length of the issuer attribute | ||
54 | */ | ||
55 | uint16_t issuer_attribute_len; | ||
56 | |||
57 | /** | ||
58 | * Length of the subject attribute | ||
59 | */ | ||
60 | uint16_t subject_attribute_len; | ||
61 | |||
62 | /** | ||
53 | * Unique identifier for this request (for key collisions). | 63 | * Unique identifier for this request (for key collisions). |
54 | */ | 64 | */ |
55 | uint32_t id GNUNET_PACKED; | 65 | uint32_t id GNUNET_PACKED; |
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 8d3c96ca8..3be2d8bbb 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c | |||
@@ -369,7 +369,7 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, | |||
369 | struct GNUNET_CREDENTIAL_Request *vr; | 369 | struct GNUNET_CREDENTIAL_Request *vr; |
370 | size_t nlen; | 370 | size_t nlen; |
371 | 371 | ||
372 | if (NULL == issuer_attribute) | 372 | if (NULL == issuer_attribute || NULL == subject_attribute) |
373 | { | 373 | { |
374 | GNUNET_break (0); | 374 | GNUNET_break (0); |
375 | return NULL; | 375 | return NULL; |
@@ -378,7 +378,7 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, | |||
378 | LOG (GNUNET_ERROR_TYPE_DEBUG, | 378 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
379 | "Trying to verify `%s' in CREDENTIAL\n", | 379 | "Trying to verify `%s' in CREDENTIAL\n", |
380 | issuer_attribute); | 380 | issuer_attribute); |
381 | nlen = strlen (issuer_attribute) + 1; | 381 | nlen = strlen (issuer_attribute) + strlen (subject_attribute) + 1; |
382 | if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*vr)) | 382 | if (nlen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (*vr)) |
383 | { | 383 | { |
384 | GNUNET_break (0); | 384 | GNUNET_break (0); |
@@ -395,9 +395,14 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, | |||
395 | v_msg->id = htonl (vr->r_id); | 395 | v_msg->id = htonl (vr->r_id); |
396 | v_msg->subject_key = *subject_key; | 396 | v_msg->subject_key = *subject_key; |
397 | v_msg->issuer_key = *issuer_key; | 397 | v_msg->issuer_key = *issuer_key; |
398 | v_msg->issuer_attribute_len = htons(strlen(issuer_attribute)); | ||
399 | v_msg->subject_attribute_len = htons(strlen(subject_attribute)); | ||
398 | GNUNET_memcpy (&v_msg[1], | 400 | GNUNET_memcpy (&v_msg[1], |
401 | issuer_attribute, | ||
402 | strlen (issuer_attribute)); | ||
403 | GNUNET_memcpy (((char*)&v_msg[1]) + strlen (issuer_attribute), | ||
399 | subject_attribute, | 404 | subject_attribute, |
400 | nlen); | 405 | strlen (subject_attribute)); |
401 | GNUNET_CONTAINER_DLL_insert (handle->verify_head, | 406 | GNUNET_CONTAINER_DLL_insert (handle->verify_head, |
402 | handle->verify_tail, | 407 | handle->verify_tail, |
403 | vr); | 408 | vr); |
@@ -423,23 +428,32 @@ GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, | |||
423 | const char *attribute) | 428 | const char *attribute) |
424 | { | 429 | { |
425 | struct GNUNET_CREDENTIAL_CredentialRecordData *crd; | 430 | struct GNUNET_CREDENTIAL_CredentialRecordData *crd; |
431 | struct GNUNET_CRYPTO_EccSignaturePurpose *purp; | ||
426 | 432 | ||
427 | crd = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (attribute) + 1); | 433 | crd = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (attribute) + 1); |
428 | 434 | ||
429 | crd->purpose.size = htonl (strlen (attribute) + 1 + | 435 | purp = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + |
430 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + | 436 | strlen (attribute) + 1); |
431 | sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | 437 | purp->size = htonl (strlen (attribute) + 1 + |
432 | sizeof (struct GNUNET_TIME_AbsoluteNBO)); | 438 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + |
433 | crd->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); | 439 | sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)); |
440 | |||
441 | purp->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); | ||
434 | GNUNET_CRYPTO_ecdsa_key_get_public (issuer, | 442 | GNUNET_CRYPTO_ecdsa_key_get_public (issuer, |
435 | &crd->issuer_key); | 443 | &crd->issuer_key); |
436 | 444 | crd->subject_key = *subject; | |
437 | GNUNET_memcpy (&crd[1], | 445 | GNUNET_memcpy (&crd[1], |
438 | attribute, | 446 | attribute, |
439 | strlen (attribute)); | 447 | strlen (attribute)); |
448 | GNUNET_memcpy (&purp[1], | ||
449 | subject, | ||
450 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
451 | GNUNET_memcpy (&purp[1] + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), | ||
452 | attribute, | ||
453 | strlen (attribute)); | ||
440 | if (GNUNET_OK != | 454 | if (GNUNET_OK != |
441 | GNUNET_CRYPTO_ecdsa_sign (issuer, | 455 | GNUNET_CRYPTO_ecdsa_sign (issuer, |
442 | &crd->purpose, | 456 | purp, |
443 | &crd->sig)) | 457 | &crd->sig)) |
444 | { | 458 | { |
445 | GNUNET_break (0); | 459 | GNUNET_break (0); |
diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index eaad6d5cf..a7b92447b 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c | |||
@@ -180,6 +180,7 @@ identity_cb (void *cls, | |||
180 | { | 180 | { |
181 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; | 181 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; |
182 | struct GNUNET_CREDENTIAL_CredentialRecordData *crd; | 182 | struct GNUNET_CREDENTIAL_CredentialRecordData *crd; |
183 | char *res; | ||
183 | 184 | ||
184 | el = NULL; | 185 | el = NULL; |
185 | if (NULL == ego) | 186 | if (NULL == ego) |
@@ -200,10 +201,11 @@ identity_cb (void *cls, | |||
200 | privkey, | 201 | privkey, |
201 | &subject_pkey, | 202 | &subject_pkey, |
202 | issuer_attr); | 203 | issuer_attr); |
203 | printf ("Success.\n"); | 204 | res = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL, |
204 | printf (GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL, | 205 | crd, |
205 | crd, | 206 | sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (issuer_attr) + 1); |
206 | sizeof (crd) + strlen (issuer_attr) + 1)); | 207 | printf ("%s\n", res); |
208 | GNUNET_SCHEDULER_shutdown (); | ||
207 | } | 209 | } |
208 | 210 | ||
209 | 211 | ||
@@ -225,15 +227,6 @@ run (void *cls, | |||
225 | { | 227 | { |
226 | 228 | ||
227 | cfg = c; | 229 | cfg = c; |
228 | credential = GNUNET_CREDENTIAL_connect (cfg); | ||
229 | |||
230 | if (NULL == credential) | ||
231 | { | ||
232 | fprintf (stderr, | ||
233 | _("Failed to connect to CREDENTIAL\n")); | ||
234 | return; | ||
235 | } | ||
236 | |||
237 | 230 | ||
238 | 231 | ||
239 | tt = GNUNET_SCHEDULER_add_delayed (timeout, | 232 | tt = GNUNET_SCHEDULER_add_delayed (timeout, |
@@ -281,6 +274,22 @@ run (void *cls, | |||
281 | issuer_key); | 274 | issuer_key); |
282 | GNUNET_SCHEDULER_shutdown (); | 275 | GNUNET_SCHEDULER_shutdown (); |
283 | } | 276 | } |
277 | credential = GNUNET_CREDENTIAL_connect (cfg); | ||
278 | |||
279 | if (NULL == credential) | ||
280 | { | ||
281 | fprintf (stderr, | ||
282 | _("Failed to connect to CREDENTIAL\n")); | ||
283 | GNUNET_SCHEDULER_shutdown (); | ||
284 | } | ||
285 | |||
286 | if (NULL == issuer_attr || NULL == subject_credential) | ||
287 | { | ||
288 | fprintf (stderr, | ||
289 | _("You must provide issuer and subject attributes\n")); | ||
290 | GNUNET_SCHEDULER_shutdown (); | ||
291 | } | ||
292 | |||
284 | 293 | ||
285 | verify_request = GNUNET_CREDENTIAL_verify(credential, | 294 | verify_request = GNUNET_CREDENTIAL_verify(credential, |
286 | &issuer_pkey, | 295 | &issuer_pkey, |
@@ -332,7 +341,7 @@ main (int argc, char *const *argv) | |||
332 | {'s', "subject", "PKEY", | 341 | {'s', "subject", "PKEY", |
333 | gettext_noop ("The public key of the subject to lookup the credential for"), 1, | 342 | gettext_noop ("The public key of the subject to lookup the credential for"), 1, |
334 | &GNUNET_GETOPT_set_string, &subject_key}, | 343 | &GNUNET_GETOPT_set_string, &subject_key}, |
335 | {'c', "credential", "CRED", | 344 | {'b', "credential", "CRED", |
336 | gettext_noop ("The name of the credential presented by the subject"), 1, | 345 | gettext_noop ("The name of the credential presented by the subject"), 1, |
337 | &GNUNET_GETOPT_set_string, &subject_credential}, | 346 | &GNUNET_GETOPT_set_string, &subject_credential}, |
338 | {'i', "issuer", "PKEY", | 347 | {'i', "issuer", "PKEY", |
diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 047ea0075..792d8741e 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c | |||
@@ -228,9 +228,7 @@ check_verify (void *cls, | |||
228 | const struct VerifyMessage *v_msg) | 228 | const struct VerifyMessage *v_msg) |
229 | { | 229 | { |
230 | size_t msg_size; | 230 | size_t msg_size; |
231 | size_t attr_len; | 231 | const char* attrs; |
232 | const char* s_attr; | ||
233 | const char* i_attr; | ||
234 | 232 | ||
235 | msg_size = ntohs (v_msg->header.size); | 233 | msg_size = ntohs (v_msg->header.size); |
236 | if (msg_size < sizeof (struct VerifyMessage)) | 234 | if (msg_size < sizeof (struct VerifyMessage)) |
@@ -238,17 +236,16 @@ check_verify (void *cls, | |||
238 | GNUNET_break (0); | 236 | GNUNET_break (0); |
239 | return GNUNET_SYSERR; | 237 | return GNUNET_SYSERR; |
240 | } | 238 | } |
241 | i_attr = (const char *) &v_msg[1]; | 239 | if ((ntohs (v_msg->issuer_attribute_len) > GNUNET_CREDENTIAL_MAX_LENGTH) || |
242 | if ( ('\0' != i_attr[v_msg->header.size - sizeof (struct VerifyMessage) - 1]) || | 240 | (ntohs (v_msg->subject_attribute_len) > GNUNET_CREDENTIAL_MAX_LENGTH)) |
243 | (strlen (i_attr) > GNUNET_CREDENTIAL_MAX_LENGTH) ) | ||
244 | { | 241 | { |
245 | GNUNET_break (0); | 242 | GNUNET_break (0); |
246 | return GNUNET_SYSERR; | 243 | return GNUNET_SYSERR; |
247 | } | 244 | } |
248 | attr_len = strlen (i_attr); | 245 | attrs = (const char *) &v_msg[1]; |
249 | s_attr = ((const char *) &v_msg[1]) + attr_len + 1; | 246 | |
250 | if ( ('\0' != s_attr[v_msg->header.size - sizeof (struct VerifyMessage) - 1]) || | 247 | if ( ('\0' != attrs[ntohs(v_msg->header.size) - sizeof (struct VerifyMessage) - 1]) || |
251 | (strlen (s_attr) > GNUNET_CREDENTIAL_MAX_LENGTH) ) | 248 | (strlen (attrs) > GNUNET_CREDENTIAL_MAX_LENGTH * 2) ) |
252 | { | 249 | { |
253 | GNUNET_break (0); | 250 | GNUNET_break (0); |
254 | return GNUNET_SYSERR; | 251 | return GNUNET_SYSERR; |
@@ -328,8 +325,8 @@ send_lookup_response (void* cls, | |||
328 | struct GNUNET_MQ_Envelope *env; | 325 | struct GNUNET_MQ_Envelope *env; |
329 | struct VerifyResultMessage *rmsg; | 326 | struct VerifyResultMessage *rmsg; |
330 | const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; | 327 | const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; |
328 | struct GNUNET_CRYPTO_EccSignaturePurpose *purp; | ||
331 | struct CredentialRecordEntry *cr_entry; | 329 | struct CredentialRecordEntry *cr_entry; |
332 | int cred_verified; | ||
333 | 330 | ||
334 | cred_record_count = 0; | 331 | cred_record_count = 0; |
335 | struct AttributeRecordEntry *attr_entry; | 332 | struct AttributeRecordEntry *attr_entry; |
@@ -361,14 +358,23 @@ send_lookup_response (void* cls, | |||
361 | GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, | 358 | GNUNET_CONTAINER_DLL_insert_tail (vrh->cred_chain_head, |
362 | vrh->cred_chain_tail, | 359 | vrh->cred_chain_tail, |
363 | cr_entry); | 360 | cr_entry); |
364 | 361 | purp = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | |
362 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + | ||
363 | strlen ((char*)&crd[1]) +1 ); | ||
364 | purp->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | ||
365 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + | ||
366 | strlen ((char*)&crd[1]) +1 ); | ||
367 | |||
368 | purp->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); | ||
365 | if(GNUNET_OK == GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, | 369 | if(GNUNET_OK == GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_CREDENTIAL, |
366 | &crd->purpose, | 370 | purp, |
367 | &crd->sig, &crd->issuer_key)) | 371 | &crd->sig, |
368 | { | 372 | &crd->issuer_key)) |
369 | cred_verified = GNUNET_YES; | 373 | { |
374 | GNUNET_free (purp); | ||
370 | break; | 375 | break; |
371 | } | 376 | } |
377 | GNUNET_free (purp); | ||
372 | 378 | ||
373 | } | 379 | } |
374 | 380 | ||
@@ -394,7 +400,6 @@ send_lookup_response (void* cls, | |||
394 | } | 400 | } |
395 | 401 | ||
396 | 402 | ||
397 | |||
398 | /** | 403 | /** |
399 | * TODO | 404 | * TODO |
400 | * Start resolution of Attribute delegations from issuer | 405 | * Start resolution of Attribute delegations from issuer |
@@ -466,12 +471,12 @@ static void | |||
466 | handle_verify (void *cls, | 471 | handle_verify (void *cls, |
467 | const struct VerifyMessage *v_msg) | 472 | const struct VerifyMessage *v_msg) |
468 | { | 473 | { |
474 | char attrs[GNUNET_CREDENTIAL_MAX_LENGTH*2 + 1]; | ||
469 | char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; | 475 | char issuer_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; |
470 | char subject_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; | 476 | char subject_attribute[GNUNET_CREDENTIAL_MAX_LENGTH + 1]; |
471 | size_t issuer_attribute_len; | ||
472 | struct VerifyRequestHandle *vrh; | 477 | struct VerifyRequestHandle *vrh; |
473 | struct GNUNET_SERVICE_Client *client = cls; | 478 | struct GNUNET_SERVICE_Client *client = cls; |
474 | char *attrptr = issuer_attribute; | 479 | char *attrptr = attrs; |
475 | const char *utf_in; | 480 | const char *utf_in; |
476 | 481 | ||
477 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 482 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
@@ -479,10 +484,11 @@ handle_verify (void *cls, | |||
479 | 484 | ||
480 | utf_in = (const char *) &v_msg[1]; | 485 | utf_in = (const char *) &v_msg[1]; |
481 | GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); | 486 | GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); |
482 | issuer_attribute_len = strlen (utf_in); | 487 | |
483 | utf_in = (const char *) (&v_msg[1] + issuer_attribute_len + 1); | 488 | GNUNET_memcpy (issuer_attribute, attrs, ntohs (v_msg->issuer_attribute_len)); |
484 | attrptr = subject_attribute; | 489 | issuer_attribute[ntohs (v_msg->issuer_attribute_len)] = '\0'; |
485 | GNUNET_STRINGS_utf8_tolower (utf_in, attrptr); | 490 | GNUNET_memcpy (subject_attribute, attrs+strlen(issuer_attribute), ntohs (v_msg->subject_attribute_len)); |
491 | subject_attribute[ntohs (v_msg->subject_attribute_len)] = '\0'; | ||
486 | vrh = GNUNET_new (struct VerifyRequestHandle); | 492 | vrh = GNUNET_new (struct VerifyRequestHandle); |
487 | GNUNET_CONTAINER_DLL_insert (vrh_head, vrh_tail, vrh); | 493 | GNUNET_CONTAINER_DLL_insert (vrh_head, vrh_tail, vrh); |
488 | vrh->client = client; | 494 | vrh->client = client; |
diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index c7cbb8bdd..f6aec9bcc 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c | |||
@@ -73,33 +73,36 @@ credential_value_to_string (void *cls, | |||
73 | } | 73 | } |
74 | case GNUNET_GNSRECORD_TYPE_CREDENTIAL: | 74 | case GNUNET_GNSRECORD_TYPE_CREDENTIAL: |
75 | { | 75 | { |
76 | struct GNUNET_CREDENTIAL_CredentialRecordData cred; | 76 | struct GNUNET_CREDENTIAL_CredentialRecordData cred; |
77 | char *cred_str; | 77 | char *cred_str; |
78 | char *subject_pkey; | 78 | char *subject_pkey; |
79 | char *issuer_pkey; | 79 | char *issuer_pkey; |
80 | if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) | 80 | char *signature; |
81 | return NULL; /* malformed */ | 81 | |
82 | memcpy (&cred, | 82 | if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) |
83 | data, | 83 | return NULL; /* malformed */ |
84 | sizeof (cred)); | 84 | memcpy (&cred, |
85 | cdata = data; | 85 | data, |
86 | subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); | 86 | sizeof (cred)); |
87 | issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); | 87 | cdata = data; |
88 | 88 | subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); | |
89 | issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); | ||
90 | GNUNET_STRINGS_base64_encode ((char*)&cred.sig, | ||
91 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature), | ||
92 | &signature); | ||
89 | GNUNET_asprintf (&cred_str, | 93 | GNUNET_asprintf (&cred_str, |
90 | "%s %s %s", | 94 | "%s.%s -> %s sig:%s", |
91 | subject_pkey, | 95 | issuer_pkey, |
92 | issuer_pkey, | 96 | &cdata[sizeof (cred)], |
93 | &cdata[sizeof (cred)]); | 97 | subject_pkey, |
94 | GNUNET_free (subject_pkey); | 98 | signature); |
95 | GNUNET_free (issuer_pkey); | 99 | GNUNET_free (subject_pkey); |
96 | 100 | GNUNET_free (issuer_pkey); | |
97 | 101 | GNUNET_free (signature); | |
98 | 102 | return cred_str; | |
99 | return cred_str; | 103 | } |
100 | } | 104 | default: |
101 | default: | 105 | return NULL; |
102 | return NULL; | ||
103 | } | 106 | } |
104 | } | 107 | } |
105 | 108 | ||
@@ -117,10 +120,10 @@ credential_value_to_string (void *cls, | |||
117 | */ | 120 | */ |
118 | static int | 121 | static int |
119 | credential_string_to_value (void *cls, | 122 | credential_string_to_value (void *cls, |
120 | uint32_t type, | 123 | uint32_t type, |
121 | const char *s, | 124 | const char *s, |
122 | void **data, | 125 | void **data, |
123 | size_t *data_size) | 126 | size_t *data_size) |
124 | { | 127 | { |
125 | if (NULL == s) | 128 | if (NULL == s) |
126 | return GNUNET_SYSERR; | 129 | return GNUNET_SYSERR; |
@@ -137,12 +140,15 @@ credential_string_to_value (void *cls, | |||
137 | char subject_pkey[enclen + 1]; | 140 | char subject_pkey[enclen + 1]; |
138 | char issuer_pkey[enclen + 1]; | 141 | char issuer_pkey[enclen + 1]; |
139 | char name[253 + 1]; | 142 | char name[253 + 1]; |
143 | char signature[128]; //TODO max payload size | ||
144 | struct GNUNET_CRYPTO_EcdsaSignature *sig; | ||
140 | 145 | ||
141 | if (5 != SSCANF (s, | 146 | if (4 != SSCANF (s, |
142 | "%52s %52s %253s", | 147 | "%52s.%253s -> %52s sig:%s", |
143 | subject_pkey, | ||
144 | issuer_pkey, | 148 | issuer_pkey, |
145 | name)) | 149 | name, |
150 | subject_pkey, | ||
151 | signature)) | ||
146 | { | 152 | { |
147 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 153 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
148 | _("Unable to parse CRED record string `%s'\n"), | 154 | _("Unable to parse CRED record string `%s'\n"), |
@@ -157,6 +163,11 @@ credential_string_to_value (void *cls, | |||
157 | GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey, | 163 | GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey, |
158 | strlen (issuer_pkey), | 164 | strlen (issuer_pkey), |
159 | &cred->issuer_key); | 165 | &cred->issuer_key); |
166 | GNUNET_STRINGS_base64_decode (signature, | ||
167 | strlen (signature), | ||
168 | (char**)&sig); | ||
169 | cred->sig = *sig; | ||
170 | GNUNET_free (sig); | ||
160 | GNUNET_memcpy (&cred[1], | 171 | GNUNET_memcpy (&cred[1], |
161 | name, | 172 | name, |
162 | strlen (name)); | 173 | strlen (name)); |
diff --git a/src/credential/test_credential_issue.sh b/src/credential/test_credential_issue.sh new file mode 100755 index 000000000..95eac2957 --- /dev/null +++ b/src/credential/test_credential_issue.sh | |||
@@ -0,0 +1,36 @@ | |||
1 | #!/bin/bash | ||
2 | trap "gnunet-arm -e -c test_credential_lookup.conf" SIGINT | ||
3 | |||
4 | LOCATION=$(which gnunet-config) | ||
5 | if [ -z $LOCATION ] | ||
6 | then | ||
7 | LOCATION="gnunet-config" | ||
8 | fi | ||
9 | $LOCATION --version 1> /dev/null | ||
10 | if test $? != 0 | ||
11 | then | ||
12 | echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" | ||
13 | exit 77 | ||
14 | fi | ||
15 | |||
16 | rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` | ||
17 | |||
18 | # (1) PKEY1.user -> PKEY2.resu.user | ||
19 | # (2) PKEY2.resu -> PKEY3 | ||
20 | # (3) PKEY3.user -> PKEY4 | ||
21 | |||
22 | |||
23 | which timeout &> /dev/null && DO_TIMEOUT="timeout 30" | ||
24 | |||
25 | TEST_ATTR="test" | ||
26 | gnunet-arm -s -c test_credential_lookup.conf | ||
27 | gnunet-identity -C testissuer -c test_credential_lookup.conf | ||
28 | gnunet-identity -C testsubject -c test_credential_lookup.conf | ||
29 | SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') | ||
30 | ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') | ||
31 | #TODO1 Get credential and store it with subject (3) | ||
32 | $DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR -c test_credential_lookup.conf | ||
33 | STATUS=$? | ||
34 | |||
35 | gnunet-arm -e -c test_credential_lookup.conf | ||
36 | exit $STATUS | ||
diff --git a/src/credential/test_credential_verify_simple.sh b/src/credential/test_credential_verify_simple.sh new file mode 100755 index 000000000..73ea24137 --- /dev/null +++ b/src/credential/test_credential_verify_simple.sh | |||
@@ -0,0 +1,52 @@ | |||
1 | #!/bin/bash | ||
2 | trap "gnunet-arm -e -c test_credential_lookup.conf" SIGINT | ||
3 | |||
4 | LOCATION=$(which gnunet-config) | ||
5 | if [ -z $LOCATION ] | ||
6 | then | ||
7 | LOCATION="gnunet-config" | ||
8 | fi | ||
9 | $LOCATION --version 1> /dev/null | ||
10 | if test $? != 0 | ||
11 | then | ||
12 | echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" | ||
13 | exit 77 | ||
14 | fi | ||
15 | |||
16 | rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` | ||
17 | |||
18 | # (3) Isser.user -> Subject | ||
19 | |||
20 | |||
21 | which timeout &> /dev/null && DO_TIMEOUT="timeout 30" | ||
22 | gnunet-arm -s -c test_credential_lookup.conf | ||
23 | gnunet-identity -C testissuer -c test_credential_lookup.conf | ||
24 | gnunet-identity -C testsubject -c test_credential_lookup.conf | ||
25 | |||
26 | TEST_ATTR="user" | ||
27 | SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') | ||
28 | ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') | ||
29 | CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR -c test_credential_lookup.conf` | ||
30 | |||
31 | TEST_CREDENTIAL="t1" | ||
32 | gnunet-namestore -p -z testsubject -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf | ||
33 | |||
34 | #TODO2 Add -z swich like in gnunet-gns | ||
35 | #RES_CRED=`$DO_TIMEOUT gnunet-credential --verify --issuer=$ISSUER_KEY --attribute="$TEST_ATTR" --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` | ||
36 | valgrind gnunet-credential --verify --issuer=$ISSUER_KEY --attribute=$TEST_ATTR --subject=$SUBJECT_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf | ||
37 | |||
38 | #TODO cleanup properly | ||
39 | gnunet-namestore -z testsubject -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf | ||
40 | gnunet-identity -D testsubject -c test_credential_lookup.conf | ||
41 | gnunet-arm -e -c test_credential_lookup.conf | ||
42 | |||
43 | #TODO3 proper test | ||
44 | exit 0 | ||
45 | |||
46 | if [ "$RES_CRED" == "Ok!" ] | ||
47 | then | ||
48 | exit 0 | ||
49 | else | ||
50 | echo "FAIL: Failed to verify credential $RES_IP." | ||
51 | exit 1 | ||
52 | fi | ||
diff --git a/src/include/gnunet_credential_service.h b/src/include/gnunet_credential_service.h index 088d0c75e..151587768 100644 --- a/src/include/gnunet_credential_service.h +++ b/src/include/gnunet_credential_service.h | |||
@@ -90,11 +90,6 @@ struct GNUNET_CREDENTIAL_CredentialRecordData { | |||
90 | struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; | 90 | struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key; |
91 | 91 | ||
92 | /** | 92 | /** |
93 | * Signature purpose (data to sign, kind of signature) | ||
94 | */ | ||
95 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
96 | |||
97 | /** | ||
98 | * Public key of the subject this credential was issued to | 93 | * Public key of the subject this credential was issued to |
99 | */ | 94 | */ |
100 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; | 95 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_key; |