diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2016-12-06 10:09:21 +0100 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2016-12-06 10:09:21 +0100 |
commit | 10b2bbf99b0dc611a735ad0a04d3ab5109a090f0 (patch) | |
tree | c7cd07943c91d5a995aaca588259069449cbd7b3 /src/credential | |
parent | 8c1425aa729914e0b2695fcab1ce29ea0aebffbb (diff) | |
download | gnunet-10b2bbf99b0dc611a735ad0a04d3ab5109a090f0.tar.gz gnunet-10b2bbf99b0dc611a735ad0a04d3ab5109a090f0.zip |
-add expiration to cred
Diffstat (limited to 'src/credential')
-rw-r--r-- | src/credential/credential_api.c | 22 | ||||
-rw-r--r-- | src/credential/gnunet-credential.c | 34 | ||||
-rw-r--r-- | src/credential/gnunet-service-credential.c | 1 | ||||
-rw-r--r-- | src/credential/plugin_gnsrecord_credential.c | 19 | ||||
-rwxr-xr-x | src/credential/test_credential_issue.sh | 2 |
5 files changed, 59 insertions, 19 deletions
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 3be2d8bbb..eb7af5b53 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c | |||
@@ -425,35 +425,29 @@ struct GNUNET_CREDENTIAL_CredentialRecordData * | |||
425 | GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, | 425 | GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, |
426 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | 426 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, |
427 | struct GNUNET_CRYPTO_EcdsaPublicKey *subject, | 427 | struct GNUNET_CRYPTO_EcdsaPublicKey *subject, |
428 | const char *attribute) | 428 | const char *attribute, |
429 | struct GNUNET_TIME_Absolute *expiration) | ||
429 | { | 430 | { |
430 | struct GNUNET_CREDENTIAL_CredentialRecordData *crd; | 431 | struct GNUNET_CREDENTIAL_CredentialRecordData *crd; |
431 | struct GNUNET_CRYPTO_EccSignaturePurpose *purp; | ||
432 | 432 | ||
433 | crd = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (attribute) + 1); | 433 | crd = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (attribute) + 1); |
434 | 434 | ||
435 | purp = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + | 435 | crd->purpose.size = htonl (strlen (attribute) + 1 + |
436 | strlen (attribute) + 1); | ||
437 | purp->size = htonl (strlen (attribute) + 1 + | ||
438 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + | 436 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + |
439 | sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)); | 437 | sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
438 | sizeof (uint64_t)); | ||
440 | 439 | ||
441 | purp->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); | 440 | crd->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); |
442 | GNUNET_CRYPTO_ecdsa_key_get_public (issuer, | 441 | GNUNET_CRYPTO_ecdsa_key_get_public (issuer, |
443 | &crd->issuer_key); | 442 | &crd->issuer_key); |
444 | crd->subject_key = *subject; | 443 | crd->subject_key = *subject; |
444 | crd->expiration = GNUNET_htonll (expiration->abs_value_us); | ||
445 | GNUNET_memcpy (&crd[1], | 445 | GNUNET_memcpy (&crd[1], |
446 | attribute, | 446 | attribute, |
447 | strlen (attribute)); | 447 | strlen (attribute)); |
448 | GNUNET_memcpy (&purp[1], | ||
449 | subject, | ||
450 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
451 | GNUNET_memcpy (&purp[1] + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), | ||
452 | attribute, | ||
453 | strlen (attribute)); | ||
454 | if (GNUNET_OK != | 448 | if (GNUNET_OK != |
455 | GNUNET_CRYPTO_ecdsa_sign (issuer, | 449 | GNUNET_CRYPTO_ecdsa_sign (issuer, |
456 | purp, | 450 | &crd->purpose, |
457 | &crd->sig)) | 451 | &crd->sig)) |
458 | { | 452 | { |
459 | GNUNET_break (0); | 453 | GNUNET_break (0); |
diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index a7b92447b..a2d494f2a 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c | |||
@@ -68,6 +68,11 @@ static char *subject_key; | |||
68 | static char *subject_credential; | 68 | static char *subject_credential; |
69 | 69 | ||
70 | /** | 70 | /** |
71 | * Credential TTL | ||
72 | */ | ||
73 | static char *expiration; | ||
74 | |||
75 | /** | ||
71 | * Subject key | 76 | * Subject key |
72 | */ | 77 | */ |
73 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_pkey; | 78 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_pkey; |
@@ -180,6 +185,8 @@ identity_cb (void *cls, | |||
180 | { | 185 | { |
181 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; | 186 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; |
182 | struct GNUNET_CREDENTIAL_CredentialRecordData *crd; | 187 | struct GNUNET_CREDENTIAL_CredentialRecordData *crd; |
188 | struct GNUNET_TIME_Absolute etime_abs; | ||
189 | struct GNUNET_TIME_Relative etime_rel; | ||
183 | char *res; | 190 | char *res; |
184 | 191 | ||
185 | el = NULL; | 192 | el = NULL; |
@@ -194,13 +201,35 @@ identity_cb (void *cls, | |||
194 | GNUNET_SCHEDULER_shutdown (); | 201 | GNUNET_SCHEDULER_shutdown (); |
195 | return; | 202 | return; |
196 | } | 203 | } |
204 | if (NULL == expiration) | ||
205 | { | ||
206 | fprintf (stderr, | ||
207 | "Please specify a TTL\n"); | ||
208 | GNUNET_SCHEDULER_shutdown (); | ||
209 | return; | ||
210 | } else if (GNUNET_OK == GNUNET_STRINGS_fancy_time_to_relative (expiration, | ||
211 | &etime_rel)) | ||
212 | { | ||
213 | etime_abs = GNUNET_TIME_relative_to_absolute (etime_rel); | ||
214 | } else if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_absolute (expiration, | ||
215 | &etime_abs)) | ||
216 | { | ||
217 | fprintf (stderr, | ||
218 | "%s is not a valid ttl!\n", | ||
219 | expiration); | ||
220 | GNUNET_SCHEDULER_shutdown (); | ||
221 | return; | ||
222 | } | ||
223 | |||
224 | |||
197 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); | 225 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); |
198 | GNUNET_free_non_null (issuer_ego_name); | 226 | GNUNET_free_non_null (issuer_ego_name); |
199 | issuer_ego_name = NULL; | 227 | issuer_ego_name = NULL; |
200 | crd = GNUNET_CREDENTIAL_issue (credential, | 228 | crd = GNUNET_CREDENTIAL_issue (credential, |
201 | privkey, | 229 | privkey, |
202 | &subject_pkey, | 230 | &subject_pkey, |
203 | issuer_attr); | 231 | issuer_attr, |
232 | &etime_abs); | ||
204 | res = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL, | 233 | res = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL, |
205 | crd, | 234 | crd, |
206 | sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (issuer_attr) + 1); | 235 | sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (issuer_attr) + 1); |
@@ -353,6 +382,9 @@ main (int argc, char *const *argv) | |||
353 | {'a', "attribute", "ATTR", | 382 | {'a', "attribute", "ATTR", |
354 | gettext_noop ("The issuer attribute to verify against or to issue"), 1, | 383 | gettext_noop ("The issuer attribute to verify against or to issue"), 1, |
355 | &GNUNET_GETOPT_set_string, &issuer_attr}, | 384 | &GNUNET_GETOPT_set_string, &issuer_attr}, |
385 | {'T', "ttl", "EXP", | ||
386 | gettext_noop ("The time to live for the credential"), 1, | ||
387 | &GNUNET_GETOPT_set_string, &expiration}, | ||
356 | GNUNET_GETOPT_OPTION_END | 388 | GNUNET_GETOPT_OPTION_END |
357 | }; | 389 | }; |
358 | int ret; | 390 | int ret; |
diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 792d8741e..7f18c77f6 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c | |||
@@ -327,6 +327,7 @@ send_lookup_response (void* cls, | |||
327 | const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; | 327 | const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; |
328 | struct GNUNET_CRYPTO_EccSignaturePurpose *purp; | 328 | struct GNUNET_CRYPTO_EccSignaturePurpose *purp; |
329 | struct CredentialRecordEntry *cr_entry; | 329 | struct CredentialRecordEntry *cr_entry; |
330 | uint32_t cred_verified; | ||
330 | 331 | ||
331 | cred_record_count = 0; | 332 | cred_record_count = 0; |
332 | struct AttributeRecordEntry *attr_entry; | 333 | struct AttributeRecordEntry *attr_entry; |
diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index f6aec9bcc..60b677a4e 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c | |||
@@ -74,10 +74,13 @@ credential_value_to_string (void *cls, | |||
74 | case GNUNET_GNSRECORD_TYPE_CREDENTIAL: | 74 | case GNUNET_GNSRECORD_TYPE_CREDENTIAL: |
75 | { | 75 | { |
76 | struct GNUNET_CREDENTIAL_CredentialRecordData cred; | 76 | struct GNUNET_CREDENTIAL_CredentialRecordData cred; |
77 | struct GNUNET_TIME_Absolute etime_abs; | ||
77 | char *cred_str; | 78 | char *cred_str; |
78 | char *subject_pkey; | 79 | char *subject_pkey; |
79 | char *issuer_pkey; | 80 | char *issuer_pkey; |
80 | char *signature; | 81 | char *signature; |
82 | const char *expiration; | ||
83 | |||
81 | 84 | ||
82 | if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) | 85 | if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) |
83 | return NULL; /* malformed */ | 86 | return NULL; /* malformed */ |
@@ -87,14 +90,17 @@ credential_value_to_string (void *cls, | |||
87 | cdata = data; | 90 | cdata = data; |
88 | subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); | 91 | subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); |
89 | issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); | 92 | issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); |
93 | etime_abs.abs_value_us = GNUNET_ntohll(cred.expiration); | ||
94 | expiration = GNUNET_STRINGS_absolute_time_to_string (etime_abs); | ||
90 | GNUNET_STRINGS_base64_encode ((char*)&cred.sig, | 95 | GNUNET_STRINGS_base64_encode ((char*)&cred.sig, |
91 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature), | 96 | sizeof (struct GNUNET_CRYPTO_EcdsaSignature), |
92 | &signature); | 97 | &signature); |
93 | GNUNET_asprintf (&cred_str, | 98 | GNUNET_asprintf (&cred_str, |
94 | "%s.%s -> %s sig:%s", | 99 | "%s.%s -> %s exp:%s sig:%s", |
95 | issuer_pkey, | 100 | issuer_pkey, |
96 | &cdata[sizeof (cred)], | 101 | &cdata[sizeof (cred)], |
97 | subject_pkey, | 102 | subject_pkey, |
103 | expiration, | ||
98 | signature); | 104 | signature); |
99 | GNUNET_free (subject_pkey); | 105 | GNUNET_free (subject_pkey); |
100 | GNUNET_free (issuer_pkey); | 106 | GNUNET_free (issuer_pkey); |
@@ -141,13 +147,17 @@ credential_string_to_value (void *cls, | |||
141 | char issuer_pkey[enclen + 1]; | 147 | char issuer_pkey[enclen + 1]; |
142 | char name[253 + 1]; | 148 | char name[253 + 1]; |
143 | char signature[128]; //TODO max payload size | 149 | char signature[128]; //TODO max payload size |
150 | char expiration[256]; | ||
151 | |||
144 | struct GNUNET_CRYPTO_EcdsaSignature *sig; | 152 | struct GNUNET_CRYPTO_EcdsaSignature *sig; |
153 | struct GNUNET_TIME_Absolute etime_abs; | ||
145 | 154 | ||
146 | if (4 != SSCANF (s, | 155 | if (5 != SSCANF (s, |
147 | "%52s.%253s -> %52s sig:%s", | 156 | "%52s.%253s -> %52s exp:%255s sig:%127s", |
148 | issuer_pkey, | 157 | issuer_pkey, |
149 | name, | 158 | name, |
150 | subject_pkey, | 159 | subject_pkey, |
160 | expiration, | ||
151 | signature)) | 161 | signature)) |
152 | { | 162 | { |
153 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 163 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
@@ -163,10 +173,13 @@ credential_string_to_value (void *cls, | |||
163 | GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey, | 173 | GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey, |
164 | strlen (issuer_pkey), | 174 | strlen (issuer_pkey), |
165 | &cred->issuer_key); | 175 | &cred->issuer_key); |
176 | GNUNET_STRINGS_fancy_time_to_absolute (expiration, | ||
177 | &etime_abs); | ||
166 | GNUNET_STRINGS_base64_decode (signature, | 178 | GNUNET_STRINGS_base64_decode (signature, |
167 | strlen (signature), | 179 | strlen (signature), |
168 | (char**)&sig); | 180 | (char**)&sig); |
169 | cred->sig = *sig; | 181 | cred->sig = *sig; |
182 | cred->expiration = htonl (etime_abs.abs_value_us); | ||
170 | GNUNET_free (sig); | 183 | GNUNET_free (sig); |
171 | GNUNET_memcpy (&cred[1], | 184 | GNUNET_memcpy (&cred[1], |
172 | name, | 185 | name, |
diff --git a/src/credential/test_credential_issue.sh b/src/credential/test_credential_issue.sh index 95eac2957..4d1ba67c7 100755 --- a/src/credential/test_credential_issue.sh +++ b/src/credential/test_credential_issue.sh | |||
@@ -29,7 +29,7 @@ gnunet-identity -C testsubject -c test_credential_lookup.conf | |||
29 | SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') | 29 | SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') |
30 | ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') | 30 | ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') |
31 | #TODO1 Get credential and store it with subject (3) | 31 | #TODO1 Get credential and store it with subject (3) |
32 | $DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR -c test_credential_lookup.conf | 32 | $DO_TIMEOUT valgrind gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR --ttl=5m -c test_credential_lookup.conf |
33 | STATUS=$? | 33 | STATUS=$? |
34 | 34 | ||
35 | gnunet-arm -e -c test_credential_lookup.conf | 35 | gnunet-arm -e -c test_credential_lookup.conf |