diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2016-12-02 17:29:08 +0100 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2016-12-02 17:29:08 +0100 |
commit | 646723dd495657a184d1f7e439f4958a72bee1df (patch) | |
tree | 77df41a043da4fd8cf1ad5449d11362c427df619 /src/credential | |
parent | 59f9630b8be3dcde087a4ef6956217704d0dacb4 (diff) | |
download | gnunet-646723dd495657a184d1f7e439f4958a72bee1df.tar.gz gnunet-646723dd495657a184d1f7e439f4958a72bee1df.zip |
- add verify and issue to cli
Diffstat (limited to 'src/credential')
-rw-r--r-- | src/credential/Makefile.am | 1 | ||||
-rw-r--r-- | src/credential/credential_api.c | 45 | ||||
-rw-r--r-- | src/credential/gnunet-credential.c | 139 | ||||
-rw-r--r-- | src/credential/plugin_gnsrecord_credential.c | 10 |
4 files changed, 170 insertions, 25 deletions
diff --git a/src/credential/Makefile.am b/src/credential/Makefile.am index 6469895e3..e85c3cc2d 100644 --- a/src/credential/Makefile.am +++ b/src/credential/Makefile.am | |||
@@ -57,6 +57,7 @@ gnunet_credential_SOURCES = \ | |||
57 | gnunet_credential_LDADD = \ | 57 | gnunet_credential_LDADD = \ |
58 | libgnunetcredential.la \ | 58 | libgnunetcredential.la \ |
59 | $(top_builddir)/src/util/libgnunetutil.la \ | 59 | $(top_builddir)/src/util/libgnunetutil.la \ |
60 | $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \ | ||
60 | $(top_builddir)/src/identity/libgnunetidentity.la \ | 61 | $(top_builddir)/src/identity/libgnunetidentity.la \ |
61 | $(GN_LIBINTL) | 62 | $(GN_LIBINTL) |
62 | 63 | ||
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 8ff66c574..8d3c96ca8 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c | |||
@@ -28,6 +28,7 @@ | |||
28 | #include "gnunet_arm_service.h" | 28 | #include "gnunet_arm_service.h" |
29 | #include "gnunet_hello_lib.h" | 29 | #include "gnunet_hello_lib.h" |
30 | #include "gnunet_protocols.h" | 30 | #include "gnunet_protocols.h" |
31 | #include "gnunet_signatures.h" | ||
31 | #include "credential.h" | 32 | #include "credential.h" |
32 | #include "gnunet_credential_service.h" | 33 | #include "gnunet_credential_service.h" |
33 | #include "gnunet_identity_service.h" | 34 | #include "gnunet_identity_service.h" |
@@ -406,5 +407,49 @@ GNUNET_CREDENTIAL_verify (struct GNUNET_CREDENTIAL_Handle *handle, | |||
406 | return vr; | 407 | return vr; |
407 | } | 408 | } |
408 | 409 | ||
410 | /** | ||
411 | * Issue an attribute to a subject | ||
412 | * | ||
413 | * @param handle handle to the Credential service | ||
414 | * @param issuer the ego that should be used to issue the attribute | ||
415 | * @param subject the subject of the attribute | ||
416 | * @param attribute the name of the attribute | ||
417 | * @return handle to the queued request | ||
418 | */ | ||
419 | struct GNUNET_CREDENTIAL_CredentialRecordData * | ||
420 | GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, | ||
421 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | ||
422 | struct GNUNET_CRYPTO_EcdsaPublicKey *subject, | ||
423 | const char *attribute) | ||
424 | { | ||
425 | struct GNUNET_CREDENTIAL_CredentialRecordData *crd; | ||
426 | |||
427 | crd = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (attribute) + 1); | ||
428 | |||
429 | crd->purpose.size = htonl (strlen (attribute) + 1 + | ||
430 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + | ||
431 | sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | ||
432 | sizeof (struct GNUNET_TIME_AbsoluteNBO)); | ||
433 | crd->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); | ||
434 | GNUNET_CRYPTO_ecdsa_key_get_public (issuer, | ||
435 | &crd->issuer_key); | ||
436 | |||
437 | GNUNET_memcpy (&crd[1], | ||
438 | attribute, | ||
439 | strlen (attribute)); | ||
440 | if (GNUNET_OK != | ||
441 | GNUNET_CRYPTO_ecdsa_sign (issuer, | ||
442 | &crd->purpose, | ||
443 | &crd->sig)) | ||
444 | { | ||
445 | GNUNET_break (0); | ||
446 | GNUNET_free (crd); | ||
447 | return NULL; | ||
448 | } | ||
449 | return crd; | ||
450 | } | ||
451 | |||
452 | |||
453 | |||
409 | 454 | ||
410 | /* end of credential_api.c */ | 455 | /* end of credential_api.c */ |
diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index bfd4223ba..eaad6d5cf 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c | |||
@@ -25,6 +25,7 @@ | |||
25 | #include "platform.h" | 25 | #include "platform.h" |
26 | #include <gnunet_util_lib.h> | 26 | #include <gnunet_util_lib.h> |
27 | #include <gnunet_credential_service.h> | 27 | #include <gnunet_credential_service.h> |
28 | #include <gnunet_gnsrecord_lib.h> | ||
28 | 29 | ||
29 | /** | 30 | /** |
30 | * Configuration we are using. | 31 | * Configuration we are using. |
@@ -32,6 +33,11 @@ | |||
32 | static const struct GNUNET_CONFIGURATION_Handle *cfg; | 33 | static const struct GNUNET_CONFIGURATION_Handle *cfg; |
33 | 34 | ||
34 | /** | 35 | /** |
36 | * EgoLookup | ||
37 | */ | ||
38 | static struct GNUNET_IDENTITY_EgoLookup *el; | ||
39 | |||
40 | /** | ||
35 | * Handle to Credential service. | 41 | * Handle to Credential service. |
36 | */ | 42 | */ |
37 | static struct GNUNET_CREDENTIAL_Handle *credential; | 43 | static struct GNUNET_CREDENTIAL_Handle *credential; |
@@ -62,15 +68,41 @@ static char *subject_key; | |||
62 | static char *subject_credential; | 68 | static char *subject_credential; |
63 | 69 | ||
64 | /** | 70 | /** |
71 | * Subject key | ||
72 | */ | ||
73 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_pkey; | ||
74 | |||
75 | /** | ||
76 | * Issuer key | ||
77 | */ | ||
78 | struct GNUNET_CRYPTO_EcdsaPublicKey issuer_pkey; | ||
79 | |||
80 | |||
81 | /** | ||
65 | * Issuer pubkey string | 82 | * Issuer pubkey string |
66 | */ | 83 | */ |
67 | static char *issuer_key; | 84 | static char *issuer_key; |
68 | 85 | ||
69 | /** | 86 | /** |
87 | * Issuer ego | ||
88 | */ | ||
89 | static char *issuer_ego_name; | ||
90 | |||
91 | /** | ||
70 | * Issuer attribute | 92 | * Issuer attribute |
71 | */ | 93 | */ |
72 | static char *issuer_attr; | 94 | static char *issuer_attr; |
73 | 95 | ||
96 | /** | ||
97 | * Verify mode | ||
98 | */ | ||
99 | static uint32_t verify; | ||
100 | |||
101 | /** | ||
102 | * Issue mode | ||
103 | */ | ||
104 | static uint32_t create_cred; | ||
105 | |||
74 | 106 | ||
75 | /** | 107 | /** |
76 | * Task run on shutdown. Cleans up everything. | 108 | * Task run on shutdown. Cleans up everything. |
@@ -135,6 +167,45 @@ handle_verify_result (void *cls, | |||
135 | GNUNET_SCHEDULER_shutdown (); | 167 | GNUNET_SCHEDULER_shutdown (); |
136 | } | 168 | } |
137 | 169 | ||
170 | /** | ||
171 | * Callback invoked from identity service with ego information. | ||
172 | * An @a ego of NULL means the ego was not found. | ||
173 | * | ||
174 | * @param cls closure with the configuration | ||
175 | * @param ego an ego known to identity service, or NULL | ||
176 | */ | ||
177 | static void | ||
178 | identity_cb (void *cls, | ||
179 | const struct GNUNET_IDENTITY_Ego *ego) | ||
180 | { | ||
181 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; | ||
182 | struct GNUNET_CREDENTIAL_CredentialRecordData *crd; | ||
183 | |||
184 | el = NULL; | ||
185 | if (NULL == ego) | ||
186 | { | ||
187 | if (NULL != issuer_ego_name) | ||
188 | { | ||
189 | fprintf (stderr, | ||
190 | _("Ego `%s' not known to identity service\n"), | ||
191 | issuer_ego_name); | ||
192 | } | ||
193 | GNUNET_SCHEDULER_shutdown (); | ||
194 | return; | ||
195 | } | ||
196 | privkey = GNUNET_IDENTITY_ego_get_private_key (ego); | ||
197 | GNUNET_free_non_null (issuer_ego_name); | ||
198 | issuer_ego_name = NULL; | ||
199 | crd = GNUNET_CREDENTIAL_issue (credential, | ||
200 | privkey, | ||
201 | &subject_pkey, | ||
202 | issuer_attr); | ||
203 | printf ("Success.\n"); | ||
204 | printf (GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL, | ||
205 | crd, | ||
206 | sizeof (crd) + strlen (issuer_attr) + 1)); | ||
207 | } | ||
208 | |||
138 | 209 | ||
139 | 210 | ||
140 | 211 | ||
@@ -162,39 +233,53 @@ run (void *cls, | |||
162 | _("Failed to connect to CREDENTIAL\n")); | 233 | _("Failed to connect to CREDENTIAL\n")); |
163 | return; | 234 | return; |
164 | } | 235 | } |
236 | |||
237 | |||
238 | |||
165 | tt = GNUNET_SCHEDULER_add_delayed (timeout, | 239 | tt = GNUNET_SCHEDULER_add_delayed (timeout, |
166 | &do_timeout, NULL); | 240 | &do_timeout, NULL); |
167 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); | 241 | GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL); |
168 | 242 | ||
169 | 243 | ||
170 | 244 | ||
171 | struct GNUNET_CRYPTO_EcdsaPublicKey subject_pkey; | 245 | if (NULL == subject_key) |
172 | struct GNUNET_CRYPTO_EcdsaPublicKey issuer_pkey; | 246 | { |
247 | fprintf (stderr, | ||
248 | _("Subject public key needed\n")); | ||
249 | GNUNET_SCHEDULER_shutdown (); | ||
250 | return; | ||
173 | 251 | ||
174 | if (NULL != subject_key && NULL != issuer_key) | 252 | } |
253 | if (GNUNET_OK != | ||
254 | GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_key, | ||
255 | strlen (subject_key), | ||
256 | &subject_pkey)) | ||
175 | { | 257 | { |
176 | if (GNUNET_OK != | 258 | fprintf (stderr, |
177 | GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_key, | 259 | _("Subject public key `%s' is not well-formed\n"), |
178 | strlen (subject_key), | 260 | subject_key); |
179 | &subject_pkey)) | 261 | GNUNET_SCHEDULER_shutdown (); |
262 | return; | ||
263 | } | ||
264 | |||
265 | if (GNUNET_YES == verify) { | ||
266 | if (NULL == issuer_key) | ||
180 | { | 267 | { |
181 | fprintf (stderr, | 268 | fprintf (stderr, |
182 | _("Subject public key `%s' is not well-formed\n"), | 269 | _("Issuer public key not well-formed\n")); |
183 | subject_key); | ||
184 | GNUNET_SCHEDULER_shutdown (); | 270 | GNUNET_SCHEDULER_shutdown (); |
185 | return; | 271 | return; |
186 | } | ||
187 | 272 | ||
273 | } | ||
188 | if (GNUNET_OK != | 274 | if (GNUNET_OK != |
189 | GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_key, | 275 | GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_key, |
190 | strlen (issuer_key), | 276 | strlen (issuer_key), |
191 | &issuer_pkey)) | 277 | &issuer_pkey)) |
192 | { | 278 | { |
193 | fprintf (stderr, | 279 | fprintf (stderr, |
194 | _("Authority public key `%s' is not well-formed\n"), | 280 | _("Issuer public key `%s' is not well-formed\n"), |
195 | issuer_key); | 281 | issuer_key); |
196 | GNUNET_SCHEDULER_shutdown (); | 282 | GNUNET_SCHEDULER_shutdown (); |
197 | return; | ||
198 | } | 283 | } |
199 | 284 | ||
200 | verify_request = GNUNET_CREDENTIAL_verify(credential, | 285 | verify_request = GNUNET_CREDENTIAL_verify(credential, |
@@ -204,15 +289,26 @@ run (void *cls, | |||
204 | subject_credential, | 289 | subject_credential, |
205 | &handle_verify_result, | 290 | &handle_verify_result, |
206 | NULL); | 291 | NULL); |
292 | } else if (GNUNET_YES == create_cred) { | ||
293 | if (NULL == issuer_ego_name) | ||
294 | { | ||
295 | fprintf (stderr, | ||
296 | _("Issuer ego required\n")); | ||
297 | GNUNET_SCHEDULER_shutdown (); | ||
298 | return; | ||
299 | |||
300 | } | ||
301 | el = GNUNET_IDENTITY_ego_lookup (cfg, | ||
302 | issuer_ego_name, | ||
303 | &identity_cb, | ||
304 | (void *) cfg); | ||
207 | return; | 305 | return; |
208 | } | 306 | } else { |
209 | else | ||
210 | { | ||
211 | fprintf (stderr, | 307 | fprintf (stderr, |
212 | _("Please specify name to lookup, subject key and issuer key!\n")); | 308 | _("Please specify name to lookup, subject key and issuer key!\n")); |
213 | GNUNET_SCHEDULER_shutdown (); | 309 | GNUNET_SCHEDULER_shutdown (); |
214 | return; | ||
215 | } | 310 | } |
311 | return; | ||
216 | } | 312 | } |
217 | 313 | ||
218 | 314 | ||
@@ -227,6 +323,12 @@ int | |||
227 | main (int argc, char *const *argv) | 323 | main (int argc, char *const *argv) |
228 | { | 324 | { |
229 | static const struct GNUNET_GETOPT_CommandLineOption options[] = { | 325 | static const struct GNUNET_GETOPT_CommandLineOption options[] = { |
326 | {'I', "issue", NULL, | ||
327 | gettext_noop ("create credential"), 0, | ||
328 | &GNUNET_GETOPT_set_one, &create_cred}, | ||
329 | {'V', "verify", NULL, | ||
330 | gettext_noop ("verify credential against attribute"), 0, | ||
331 | &GNUNET_GETOPT_set_one, &verify}, | ||
230 | {'s', "subject", "PKEY", | 332 | {'s', "subject", "PKEY", |
231 | gettext_noop ("The public key of the subject to lookup the credential for"), 1, | 333 | gettext_noop ("The public key of the subject to lookup the credential for"), 1, |
232 | &GNUNET_GETOPT_set_string, &subject_key}, | 334 | &GNUNET_GETOPT_set_string, &subject_key}, |
@@ -236,8 +338,11 @@ main (int argc, char *const *argv) | |||
236 | {'i', "issuer", "PKEY", | 338 | {'i', "issuer", "PKEY", |
237 | gettext_noop ("The public key of the authority to verify the credential against"), 1, | 339 | gettext_noop ("The public key of the authority to verify the credential against"), 1, |
238 | &GNUNET_GETOPT_set_string, &issuer_key}, | 340 | &GNUNET_GETOPT_set_string, &issuer_key}, |
341 | {'e', "ego", "EGO", | ||
342 | gettext_noop ("The ego to use to issue"), 1, | ||
343 | &GNUNET_GETOPT_set_string, &issuer_ego_name}, | ||
239 | {'a', "attribute", "ATTR", | 344 | {'a', "attribute", "ATTR", |
240 | gettext_noop ("The issuer attribute to verify against"), 1, | 345 | gettext_noop ("The issuer attribute to verify against or to issue"), 1, |
241 | &GNUNET_GETOPT_set_string, &issuer_attr}, | 346 | &GNUNET_GETOPT_set_string, &issuer_attr}, |
242 | GNUNET_GETOPT_OPTION_END | 347 | GNUNET_GETOPT_OPTION_END |
243 | }; | 348 | }; |
diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index d321a43a4..c7cbb8bdd 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c | |||
@@ -77,7 +77,6 @@ credential_value_to_string (void *cls, | |||
77 | char *cred_str; | 77 | char *cred_str; |
78 | char *subject_pkey; | 78 | char *subject_pkey; |
79 | char *issuer_pkey; | 79 | char *issuer_pkey; |
80 | uint32_t cf; // Credential flags | ||
81 | if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) | 80 | if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) |
82 | return NULL; /* malformed */ | 81 | return NULL; /* malformed */ |
83 | memcpy (&cred, | 82 | memcpy (&cred, |
@@ -86,13 +85,11 @@ credential_value_to_string (void *cls, | |||
86 | cdata = data; | 85 | cdata = data; |
87 | subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); | 86 | subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); |
88 | issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); | 87 | issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); |
89 | cf = ntohl (cred.credential_flags); | ||
90 | 88 | ||
91 | GNUNET_asprintf (&cred_str, | 89 | GNUNET_asprintf (&cred_str, |
92 | "%s %s %u %s", | 90 | "%s %s %s", |
93 | subject_pkey, | 91 | subject_pkey, |
94 | issuer_pkey, | 92 | issuer_pkey, |
95 | (unsigned int) cf, | ||
96 | &cdata[sizeof (cred)]); | 93 | &cdata[sizeof (cred)]); |
97 | GNUNET_free (subject_pkey); | 94 | GNUNET_free (subject_pkey); |
98 | GNUNET_free (issuer_pkey); | 95 | GNUNET_free (issuer_pkey); |
@@ -132,7 +129,6 @@ credential_string_to_value (void *cls, | |||
132 | case GNUNET_GNSRECORD_TYPE_CREDENTIAL: | 129 | case GNUNET_GNSRECORD_TYPE_CREDENTIAL: |
133 | { | 130 | { |
134 | struct GNUNET_CREDENTIAL_CredentialRecordData *cred; | 131 | struct GNUNET_CREDENTIAL_CredentialRecordData *cred; |
135 | unsigned int cf; // credential flags | ||
136 | 132 | ||
137 | size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8; | 133 | size_t enclen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8; |
138 | if (enclen % 5 > 0) | 134 | if (enclen % 5 > 0) |
@@ -143,10 +139,9 @@ credential_string_to_value (void *cls, | |||
143 | char name[253 + 1]; | 139 | char name[253 + 1]; |
144 | 140 | ||
145 | if (5 != SSCANF (s, | 141 | if (5 != SSCANF (s, |
146 | "%52s %52s %u %253s", | 142 | "%52s %52s %253s", |
147 | subject_pkey, | 143 | subject_pkey, |
148 | issuer_pkey, | 144 | issuer_pkey, |
149 | &cf, | ||
150 | name)) | 145 | name)) |
151 | { | 146 | { |
152 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 147 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
@@ -162,7 +157,6 @@ credential_string_to_value (void *cls, | |||
162 | GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey, | 157 | GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey, |
163 | strlen (issuer_pkey), | 158 | strlen (issuer_pkey), |
164 | &cred->issuer_key); | 159 | &cred->issuer_key); |
165 | cred->credential_flags = htonl (cf); | ||
166 | GNUNET_memcpy (&cred[1], | 160 | GNUNET_memcpy (&cred[1], |
167 | name, | 161 | name, |
168 | strlen (name)); | 162 | strlen (name)); |