aboutsummaryrefslogtreecommitdiff
path: root/src/credential
diff options
context:
space:
mode:
authorSchanzenbach, Martin <mschanzenbach@posteo.de>2016-12-06 10:09:21 +0100
committerSchanzenbach, Martin <mschanzenbach@posteo.de>2016-12-06 10:09:21 +0100
commit10b2bbf99b0dc611a735ad0a04d3ab5109a090f0 (patch)
treec7cd07943c91d5a995aaca588259069449cbd7b3 /src/credential
parent8c1425aa729914e0b2695fcab1ce29ea0aebffbb (diff)
downloadgnunet-10b2bbf99b0dc611a735ad0a04d3ab5109a090f0.tar.gz
gnunet-10b2bbf99b0dc611a735ad0a04d3ab5109a090f0.zip
-add expiration to cred
Diffstat (limited to 'src/credential')
-rw-r--r--src/credential/credential_api.c22
-rw-r--r--src/credential/gnunet-credential.c34
-rw-r--r--src/credential/gnunet-service-credential.c1
-rw-r--r--src/credential/plugin_gnsrecord_credential.c19
-rwxr-xr-xsrc/credential/test_credential_issue.sh2
5 files changed, 59 insertions, 19 deletions
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c
index 3be2d8bbb..eb7af5b53 100644
--- a/src/credential/credential_api.c
+++ b/src/credential/credential_api.c
@@ -425,35 +425,29 @@ struct GNUNET_CREDENTIAL_CredentialRecordData *
425GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, 425GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle,
426 const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, 426 const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
427 struct GNUNET_CRYPTO_EcdsaPublicKey *subject, 427 struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
428 const char *attribute) 428 const char *attribute,
429 struct GNUNET_TIME_Absolute *expiration)
429{ 430{
430 struct GNUNET_CREDENTIAL_CredentialRecordData *crd; 431 struct GNUNET_CREDENTIAL_CredentialRecordData *crd;
431 struct GNUNET_CRYPTO_EccSignaturePurpose *purp;
432 432
433 crd = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (attribute) + 1); 433 crd = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (attribute) + 1);
434 434
435 purp = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + 435 crd->purpose.size = htonl (strlen (attribute) + 1 +
436 strlen (attribute) + 1);
437 purp->size = htonl (strlen (attribute) + 1 +
438 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + 436 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) +
439 sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)); 437 sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
438 sizeof (uint64_t));
440 439
441 purp->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); 440 crd->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL);
442 GNUNET_CRYPTO_ecdsa_key_get_public (issuer, 441 GNUNET_CRYPTO_ecdsa_key_get_public (issuer,
443 &crd->issuer_key); 442 &crd->issuer_key);
444 crd->subject_key = *subject; 443 crd->subject_key = *subject;
444 crd->expiration = GNUNET_htonll (expiration->abs_value_us);
445 GNUNET_memcpy (&crd[1], 445 GNUNET_memcpy (&crd[1],
446 attribute, 446 attribute,
447 strlen (attribute)); 447 strlen (attribute));
448 GNUNET_memcpy (&purp[1],
449 subject,
450 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
451 GNUNET_memcpy (&purp[1] + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
452 attribute,
453 strlen (attribute));
454 if (GNUNET_OK != 448 if (GNUNET_OK !=
455 GNUNET_CRYPTO_ecdsa_sign (issuer, 449 GNUNET_CRYPTO_ecdsa_sign (issuer,
456 purp, 450 &crd->purpose,
457 &crd->sig)) 451 &crd->sig))
458 { 452 {
459 GNUNET_break (0); 453 GNUNET_break (0);
diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c
index a7b92447b..a2d494f2a 100644
--- a/src/credential/gnunet-credential.c
+++ b/src/credential/gnunet-credential.c
@@ -68,6 +68,11 @@ static char *subject_key;
68static char *subject_credential; 68static char *subject_credential;
69 69
70/** 70/**
71 * Credential TTL
72 */
73static char *expiration;
74
75/**
71 * Subject key 76 * Subject key
72 */ 77 */
73struct GNUNET_CRYPTO_EcdsaPublicKey subject_pkey; 78struct GNUNET_CRYPTO_EcdsaPublicKey subject_pkey;
@@ -180,6 +185,8 @@ identity_cb (void *cls,
180{ 185{
181 const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; 186 const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
182 struct GNUNET_CREDENTIAL_CredentialRecordData *crd; 187 struct GNUNET_CREDENTIAL_CredentialRecordData *crd;
188 struct GNUNET_TIME_Absolute etime_abs;
189 struct GNUNET_TIME_Relative etime_rel;
183 char *res; 190 char *res;
184 191
185 el = NULL; 192 el = NULL;
@@ -194,13 +201,35 @@ identity_cb (void *cls,
194 GNUNET_SCHEDULER_shutdown (); 201 GNUNET_SCHEDULER_shutdown ();
195 return; 202 return;
196 } 203 }
204 if (NULL == expiration)
205 {
206 fprintf (stderr,
207 "Please specify a TTL\n");
208 GNUNET_SCHEDULER_shutdown ();
209 return;
210 } else if (GNUNET_OK == GNUNET_STRINGS_fancy_time_to_relative (expiration,
211 &etime_rel))
212 {
213 etime_abs = GNUNET_TIME_relative_to_absolute (etime_rel);
214 } else if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_absolute (expiration,
215 &etime_abs))
216 {
217 fprintf (stderr,
218 "%s is not a valid ttl!\n",
219 expiration);
220 GNUNET_SCHEDULER_shutdown ();
221 return;
222 }
223
224
197 privkey = GNUNET_IDENTITY_ego_get_private_key (ego); 225 privkey = GNUNET_IDENTITY_ego_get_private_key (ego);
198 GNUNET_free_non_null (issuer_ego_name); 226 GNUNET_free_non_null (issuer_ego_name);
199 issuer_ego_name = NULL; 227 issuer_ego_name = NULL;
200 crd = GNUNET_CREDENTIAL_issue (credential, 228 crd = GNUNET_CREDENTIAL_issue (credential,
201 privkey, 229 privkey,
202 &subject_pkey, 230 &subject_pkey,
203 issuer_attr); 231 issuer_attr,
232 &etime_abs);
204 res = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL, 233 res = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL,
205 crd, 234 crd,
206 sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (issuer_attr) + 1); 235 sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (issuer_attr) + 1);
@@ -353,6 +382,9 @@ main (int argc, char *const *argv)
353 {'a', "attribute", "ATTR", 382 {'a', "attribute", "ATTR",
354 gettext_noop ("The issuer attribute to verify against or to issue"), 1, 383 gettext_noop ("The issuer attribute to verify against or to issue"), 1,
355 &GNUNET_GETOPT_set_string, &issuer_attr}, 384 &GNUNET_GETOPT_set_string, &issuer_attr},
385 {'T', "ttl", "EXP",
386 gettext_noop ("The time to live for the credential"), 1,
387 &GNUNET_GETOPT_set_string, &expiration},
356 GNUNET_GETOPT_OPTION_END 388 GNUNET_GETOPT_OPTION_END
357 }; 389 };
358 int ret; 390 int ret;
diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c
index 792d8741e..7f18c77f6 100644
--- a/src/credential/gnunet-service-credential.c
+++ b/src/credential/gnunet-service-credential.c
@@ -327,6 +327,7 @@ send_lookup_response (void* cls,
327 const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; 327 const struct GNUNET_CREDENTIAL_CredentialRecordData *crd;
328 struct GNUNET_CRYPTO_EccSignaturePurpose *purp; 328 struct GNUNET_CRYPTO_EccSignaturePurpose *purp;
329 struct CredentialRecordEntry *cr_entry; 329 struct CredentialRecordEntry *cr_entry;
330 uint32_t cred_verified;
330 331
331 cred_record_count = 0; 332 cred_record_count = 0;
332 struct AttributeRecordEntry *attr_entry; 333 struct AttributeRecordEntry *attr_entry;
diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c
index f6aec9bcc..60b677a4e 100644
--- a/src/credential/plugin_gnsrecord_credential.c
+++ b/src/credential/plugin_gnsrecord_credential.c
@@ -74,10 +74,13 @@ credential_value_to_string (void *cls,
74 case GNUNET_GNSRECORD_TYPE_CREDENTIAL: 74 case GNUNET_GNSRECORD_TYPE_CREDENTIAL:
75 { 75 {
76 struct GNUNET_CREDENTIAL_CredentialRecordData cred; 76 struct GNUNET_CREDENTIAL_CredentialRecordData cred;
77 struct GNUNET_TIME_Absolute etime_abs;
77 char *cred_str; 78 char *cred_str;
78 char *subject_pkey; 79 char *subject_pkey;
79 char *issuer_pkey; 80 char *issuer_pkey;
80 char *signature; 81 char *signature;
82 const char *expiration;
83
81 84
82 if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) 85 if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData))
83 return NULL; /* malformed */ 86 return NULL; /* malformed */
@@ -87,14 +90,17 @@ credential_value_to_string (void *cls,
87 cdata = data; 90 cdata = data;
88 subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); 91 subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key);
89 issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); 92 issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key);
93 etime_abs.abs_value_us = GNUNET_ntohll(cred.expiration);
94 expiration = GNUNET_STRINGS_absolute_time_to_string (etime_abs);
90 GNUNET_STRINGS_base64_encode ((char*)&cred.sig, 95 GNUNET_STRINGS_base64_encode ((char*)&cred.sig,
91 sizeof (struct GNUNET_CRYPTO_EcdsaSignature), 96 sizeof (struct GNUNET_CRYPTO_EcdsaSignature),
92 &signature); 97 &signature);
93 GNUNET_asprintf (&cred_str, 98 GNUNET_asprintf (&cred_str,
94 "%s.%s -> %s sig:%s", 99 "%s.%s -> %s exp:%s sig:%s",
95 issuer_pkey, 100 issuer_pkey,
96 &cdata[sizeof (cred)], 101 &cdata[sizeof (cred)],
97 subject_pkey, 102 subject_pkey,
103 expiration,
98 signature); 104 signature);
99 GNUNET_free (subject_pkey); 105 GNUNET_free (subject_pkey);
100 GNUNET_free (issuer_pkey); 106 GNUNET_free (issuer_pkey);
@@ -141,13 +147,17 @@ credential_string_to_value (void *cls,
141 char issuer_pkey[enclen + 1]; 147 char issuer_pkey[enclen + 1];
142 char name[253 + 1]; 148 char name[253 + 1];
143 char signature[128]; //TODO max payload size 149 char signature[128]; //TODO max payload size
150 char expiration[256];
151
144 struct GNUNET_CRYPTO_EcdsaSignature *sig; 152 struct GNUNET_CRYPTO_EcdsaSignature *sig;
153 struct GNUNET_TIME_Absolute etime_abs;
145 154
146 if (4 != SSCANF (s, 155 if (5 != SSCANF (s,
147 "%52s.%253s -> %52s sig:%s", 156 "%52s.%253s -> %52s exp:%255s sig:%127s",
148 issuer_pkey, 157 issuer_pkey,
149 name, 158 name,
150 subject_pkey, 159 subject_pkey,
160 expiration,
151 signature)) 161 signature))
152 { 162 {
153 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 163 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
@@ -163,10 +173,13 @@ credential_string_to_value (void *cls,
163 GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey, 173 GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey,
164 strlen (issuer_pkey), 174 strlen (issuer_pkey),
165 &cred->issuer_key); 175 &cred->issuer_key);
176 GNUNET_STRINGS_fancy_time_to_absolute (expiration,
177 &etime_abs);
166 GNUNET_STRINGS_base64_decode (signature, 178 GNUNET_STRINGS_base64_decode (signature,
167 strlen (signature), 179 strlen (signature),
168 (char**)&sig); 180 (char**)&sig);
169 cred->sig = *sig; 181 cred->sig = *sig;
182 cred->expiration = htonl (etime_abs.abs_value_us);
170 GNUNET_free (sig); 183 GNUNET_free (sig);
171 GNUNET_memcpy (&cred[1], 184 GNUNET_memcpy (&cred[1],
172 name, 185 name,
diff --git a/src/credential/test_credential_issue.sh b/src/credential/test_credential_issue.sh
index 95eac2957..4d1ba67c7 100755
--- a/src/credential/test_credential_issue.sh
+++ b/src/credential/test_credential_issue.sh
@@ -29,7 +29,7 @@ gnunet-identity -C testsubject -c test_credential_lookup.conf
29SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') 29SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}')
30ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') 30ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}')
31#TODO1 Get credential and store it with subject (3) 31#TODO1 Get credential and store it with subject (3)
32$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR -c test_credential_lookup.conf 32$DO_TIMEOUT valgrind gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR --ttl=5m -c test_credential_lookup.conf
33STATUS=$? 33STATUS=$?
34 34
35gnunet-arm -e -c test_credential_lookup.conf 35gnunet-arm -e -c test_credential_lookup.conf