diff options
-rw-r--r-- | src/identity/plugin_rest_identity.c | 2 | ||||
-rwxr-xr-x | src/identity/test_plugin_rest_identity_signature.sh | 101 | ||||
-rw-r--r-- | src/util/crypto_ecc.c | 4 |
3 files changed, 57 insertions, 50 deletions
diff --git a/src/identity/plugin_rest_identity.c b/src/identity/plugin_rest_identity.c index 15e0987f2..f46de1091 100644 --- a/src/identity/plugin_rest_identity.c +++ b/src/identity/plugin_rest_identity.c | |||
@@ -1236,7 +1236,7 @@ ego_sign_data_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego) | |||
1236 | return; | 1236 | return; |
1237 | } | 1237 | } |
1238 | 1238 | ||
1239 | sig_str = malloc (64); | 1239 | sig_str = malloc (128); |
1240 | GNUNET_CRYPTO_eddsa_signature_encode ( | 1240 | GNUNET_CRYPTO_eddsa_signature_encode ( |
1241 | (const struct GNUNET_CRYPTO_EddsaSignature *) &sig, | 1241 | (const struct GNUNET_CRYPTO_EddsaSignature *) &sig, |
1242 | &sig_str); | 1242 | &sig_str); |
diff --git a/src/identity/test_plugin_rest_identity_signature.sh b/src/identity/test_plugin_rest_identity_signature.sh index 6b3470388..a4d5fa5d7 100755 --- a/src/identity/test_plugin_rest_identity_signature.sh +++ b/src/identity/test_plugin_rest_identity_signature.sh | |||
@@ -2,25 +2,16 @@ | |||
2 | 2 | ||
3 | # https://www.rfc-editor.org/rfc/rfc7515#appendix-A.3 | 3 | # https://www.rfc-editor.org/rfc/rfc7515#appendix-A.3 |
4 | 4 | ||
5 | header='{"alg":"ES256"}' | 5 | header='{"alg":"EdDSA"}' |
6 | payload='{"iss":"joe",\r\n "exp":1300819380,\r\n "http://example.com/is_root":true}' | 6 | payload='Example of Ed25519 signing' |
7 | 7 | key='{ "kty":"OKP", | |
8 | key='{"kty":"EC", | 8 | "crv":"Ed25519", |
9 | "crv":"P-256", | 9 | "d":"nWGxne_9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A", |
10 | "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", | 10 | "x":"11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo" |
11 | "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", | 11 | }' |
12 | "d":"jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI" | 12 | |
13 | }' | 13 | header_payload_test="eyJhbGciOiJFZERTQSJ9.RXhhbXBsZSBvZiBFZDI1NTE5IHNpZ25pbmc" |
14 | 14 | signature_test="hgyY0il_MGCjP0JzlnLWG1PPOt7-09PGcvMg3AIbQR6dWbhijcNR4ki4iylGjg5BhVsPt9g7sVvpAr_MuM0KAg" | |
15 | header_payload_test=( | ||
16 | 101 121 74 104 98 71 99 105 79 105 74 70 85 122 73 | ||
17 | 49 78 105 74 57 46 101 121 74 112 99 51 77 105 79 105 | ||
18 | 74 113 98 50 85 105 76 65 48 75 73 67 74 108 101 72 | ||
19 | 65 105 79 106 69 122 77 68 65 52 77 84 107 122 79 68 | ||
20 | 65 115 68 81 111 103 73 109 104 48 100 72 65 54 76 | ||
21 | 121 57 108 101 71 70 116 99 71 120 108 76 109 78 118 | ||
22 | 98 83 57 112 99 49 57 121 98 50 57 48 73 106 112 48 | ||
23 | 99 110 86 108 102 81) | ||
24 | 15 | ||
25 | base64url_add_padding() { | 16 | base64url_add_padding() { |
26 | for i in $( seq 1 $(( 4 - ${#1} % 4 )) ); do padding+="="; done | 17 | for i in $( seq 1 $(( 4 - ${#1} % 4 )) ); do padding+="="; done |
@@ -33,42 +24,58 @@ base64url_encode () { | |||
33 | 24 | ||
34 | base64url_decode () { | 25 | base64url_decode () { |
35 | padded_input=$(base64url_add_padding "$1") | 26 | padded_input=$(base64url_add_padding "$1") |
36 | echo -n "$padded_input" | tr '_-' '/+' | base64 -w0 --decode | 27 | echo -n "$padded_input" | basenc --base64url -d |
37 | } | 28 | } |
38 | 29 | ||
39 | base32crockford_encode () { | 30 | base32crockford_encode () { |
40 | echo -n "$i" | basenc --base32hex | tr 'IJKLMNOPQRSTUV' 'JKMNPQRSTVWXYZ' | 31 | echo -n -e "$1" | basenc --base32hex | tr 'IJKLMNOPQRSTUV' 'JKMNPQRSTVWXYZ' |
41 | } | 32 | } |
42 | 33 | ||
43 | header_enc=$(base64url_encode "$header") | 34 | echo -n "jwk: " |
44 | payload_enc=$(base64url_encode "$payload") | 35 | echo $key | jq |
36 | |||
37 | # Create Header | ||
38 | # 65556 (decimal) | ||
39 | # = 00000000-00000001-00000000-00010100 (binary little endian) | ||
40 | # = 00-01-00-14 (hex little endian) | ||
41 | header_hex=("00" "01" "00" "14") | ||
42 | |||
43 | # Convert secret JWK to HEX array | ||
44 | key_hex=( $( base64url_decode $( echo -n "$key" | jq -r '.d' ) | xxd -p | tr -d '\n' | fold -w 2 | tr '\n' ' ' ) ) | ||
45 | 45 | ||
46 | # encode header_payload test vektor | 46 | # Concat header and key |
47 | for i in "${header_payload_test[@]}" | 47 | header_key_hex=(${header_hex[@]} ${key_hex[@]}) |
48 | do | ||
49 | header_payload_test_enc+=$(printf "\x$(printf %x $i)") | ||
50 | done | ||
51 | 48 | ||
52 | # test base64url encoding and header-payload concatenation | 49 | # Encode with Base32Crogford |
53 | if [ "$header_enc.$payload_enc" != $header_payload_test_enc ] ; | 50 | key_gnunet=$(echo -n "${header_key_hex[*]}" | tr -d " " | xxd -p -r | basenc --base32hex | tr 'IJKLMNOPQRSTUV' 'JKMNPQRSTVWXYZ' | tr -d "=") |
51 | echo "gnunet skey: $key_gnunet" | ||
52 | |||
53 | # Create ego | ||
54 | gnunet-identity -C ego9696595726 -X -P "$key_gnunet" | ||
55 | |||
56 | # Test base64url encoding and header.payload generation | ||
57 | header_payload_enc="$(base64url_encode "$header").$(base64url_encode "$payload")" | ||
58 | if [ $header_payload_enc != $header_payload_test ] ; | ||
54 | then | 59 | then |
55 | exit 1 | 60 | exit 1 |
56 | fi | 61 | fi |
62 | echo "header.payload: $header_payload_enc" | ||
63 | |||
64 | # Sign JWT | ||
65 | signature_enc=$(curl -s "localhost:7776/sign?user=ego9696595726&data=$header_payload_enc" | jq -r '.signature') | ||
66 | jwt="$header_payload_enc.$signature_enc" | ||
67 | echo "header.payload.signature: $jwt" | ||
68 | |||
69 | gnunet-identity -D ego9696595726 | ||
70 | |||
71 | if [ $signature_enc != $signature_test ] | ||
72 | then | ||
73 | echo "Signature does not check out:" | ||
74 | echo "$signature_enc" | ||
75 | echo "$signature_test" | ||
76 | exit 1 | ||
77 | else | ||
78 | echo "Signature does check out!" | ||
79 | exit 1 | ||
80 | fi | ||
57 | 81 | ||
58 | signature_enc=$(curl -s "localhost:7776/sign?user=tristan&data=$header_payload_enc" | jq -r '.signature') | ||
59 | jwt="$header_enc.$payload_enc.$signature_enc" | ||
60 | echo $jwt | ||
61 | |||
62 | # Convert secret JWK to GNUnet skey | ||
63 | key_dec=$(base64url_decode $( echo -n "$key" | jq -r '.d')) | ||
64 | for i in $(echo -n $key_dec | xxd -p | tr -d '\n' | fold -w 2) | ||
65 | do | ||
66 | echo -n "$i " | ||
67 | done | ||
68 | echo "" | ||
69 | |||
70 | # TODO: Test Signature | ||
71 | # Gen key: Public Key GNS zone type value + d in crockford encoding | ||
72 | # Create new ego with key | ||
73 | # Check if signaure is valid using openssh | ||
74 | # Check if signaure is valid with test vektor | ||
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index 0ac6e2865..b8374537f 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c | |||
@@ -621,7 +621,7 @@ GNUNET_CRYPTO_eddsa_signature_encode ( | |||
621 | { | 621 | { |
622 | return GNUNET_STRINGS_base64url_encode ( | 622 | return GNUNET_STRINGS_base64url_encode ( |
623 | (void*) sig, | 623 | (void*) sig, |
624 | 32, | 624 | 64, |
625 | sig_str); | 625 | sig_str); |
626 | } | 626 | } |
627 | 627 | ||
@@ -643,7 +643,7 @@ GNUNET_CRYPTO_ecdsa_signature_encode ( | |||
643 | { | 643 | { |
644 | return GNUNET_STRINGS_base64url_encode ( | 644 | return GNUNET_STRINGS_base64url_encode ( |
645 | (void*) sig, | 645 | (void*) sig, |
646 | 32, | 646 | 64, |
647 | sig_str); | 647 | sig_str); |
648 | } | 648 | } |
649 | 649 | ||