aboutsummaryrefslogtreecommitdiff
path: root/src/identity/test_plugin_rest_identity_signature.sh
diff options
context:
space:
mode:
Diffstat (limited to 'src/identity/test_plugin_rest_identity_signature.sh')
-rwxr-xr-xsrc/identity/test_plugin_rest_identity_signature.sh101
1 files changed, 54 insertions, 47 deletions
diff --git a/src/identity/test_plugin_rest_identity_signature.sh b/src/identity/test_plugin_rest_identity_signature.sh
index 6b3470388..a4d5fa5d7 100755
--- a/src/identity/test_plugin_rest_identity_signature.sh
+++ b/src/identity/test_plugin_rest_identity_signature.sh
@@ -2,25 +2,16 @@
2 2
3# https://www.rfc-editor.org/rfc/rfc7515#appendix-A.3 3# https://www.rfc-editor.org/rfc/rfc7515#appendix-A.3
4 4
5header='{"alg":"ES256"}' 5header='{"alg":"EdDSA"}'
6payload='{"iss":"joe",\r\n "exp":1300819380,\r\n "http://example.com/is_root":true}' 6payload='Example of Ed25519 signing'
7 7key='{ "kty":"OKP",
8key='{"kty":"EC", 8 "crv":"Ed25519",
9 "crv":"P-256", 9 "d":"nWGxne_9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A",
10 "x":"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU", 10 "x":"11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo"
11 "y":"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0", 11 }'
12 "d":"jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI" 12
13 }' 13header_payload_test="eyJhbGciOiJFZERTQSJ9.RXhhbXBsZSBvZiBFZDI1NTE5IHNpZ25pbmc"
14 14signature_test="hgyY0il_MGCjP0JzlnLWG1PPOt7-09PGcvMg3AIbQR6dWbhijcNR4ki4iylGjg5BhVsPt9g7sVvpAr_MuM0KAg"
15header_payload_test=(
16 101 121 74 104 98 71 99 105 79 105 74 70 85 122 73
17 49 78 105 74 57 46 101 121 74 112 99 51 77 105 79 105
18 74 113 98 50 85 105 76 65 48 75 73 67 74 108 101 72
19 65 105 79 106 69 122 77 68 65 52 77 84 107 122 79 68
20 65 115 68 81 111 103 73 109 104 48 100 72 65 54 76
21 121 57 108 101 71 70 116 99 71 120 108 76 109 78 118
22 98 83 57 112 99 49 57 121 98 50 57 48 73 106 112 48
23 99 110 86 108 102 81)
24 15
25base64url_add_padding() { 16base64url_add_padding() {
26 for i in $( seq 1 $(( 4 - ${#1} % 4 )) ); do padding+="="; done 17 for i in $( seq 1 $(( 4 - ${#1} % 4 )) ); do padding+="="; done
@@ -33,42 +24,58 @@ base64url_encode () {
33 24
34base64url_decode () { 25base64url_decode () {
35 padded_input=$(base64url_add_padding "$1") 26 padded_input=$(base64url_add_padding "$1")
36 echo -n "$padded_input" | tr '_-' '/+' | base64 -w0 --decode 27 echo -n "$padded_input" | basenc --base64url -d
37} 28}
38 29
39base32crockford_encode () { 30base32crockford_encode () {
40 echo -n "$i" | basenc --base32hex | tr 'IJKLMNOPQRSTUV' 'JKMNPQRSTVWXYZ' 31 echo -n -e "$1" | basenc --base32hex | tr 'IJKLMNOPQRSTUV' 'JKMNPQRSTVWXYZ'
41} 32}
42 33
43header_enc=$(base64url_encode "$header") 34echo -n "jwk: "
44payload_enc=$(base64url_encode "$payload") 35echo $key | jq
36
37# Create Header
38# 65556 (decimal)
39# = 00000000-00000001-00000000-00010100 (binary little endian)
40# = 00-01-00-14 (hex little endian)
41header_hex=("00" "01" "00" "14")
42
43# Convert secret JWK to HEX array
44key_hex=( $( base64url_decode $( echo -n "$key" | jq -r '.d' ) | xxd -p | tr -d '\n' | fold -w 2 | tr '\n' ' ' ) )
45 45
46# encode header_payload test vektor 46# Concat header and key
47for i in "${header_payload_test[@]}" 47header_key_hex=(${header_hex[@]} ${key_hex[@]})
48do
49 header_payload_test_enc+=$(printf "\x$(printf %x $i)")
50done
51 48
52# test base64url encoding and header-payload concatenation 49# Encode with Base32Crogford
53if [ "$header_enc.$payload_enc" != $header_payload_test_enc ] ; 50key_gnunet=$(echo -n "${header_key_hex[*]}" | tr -d " " | xxd -p -r | basenc --base32hex | tr 'IJKLMNOPQRSTUV' 'JKMNPQRSTVWXYZ' | tr -d "=")
51echo "gnunet skey: $key_gnunet"
52
53# Create ego
54gnunet-identity -C ego9696595726 -X -P "$key_gnunet"
55
56# Test base64url encoding and header.payload generation
57header_payload_enc="$(base64url_encode "$header").$(base64url_encode "$payload")"
58if [ $header_payload_enc != $header_payload_test ] ;
54then 59then
55 exit 1 60 exit 1
56fi 61fi
62echo "header.payload: $header_payload_enc"
63
64# Sign JWT
65signature_enc=$(curl -s "localhost:7776/sign?user=ego9696595726&data=$header_payload_enc" | jq -r '.signature')
66jwt="$header_payload_enc.$signature_enc"
67echo "header.payload.signature: $jwt"
68
69gnunet-identity -D ego9696595726
70
71if [ $signature_enc != $signature_test ]
72then
73 echo "Signature does not check out:"
74 echo "$signature_enc"
75 echo "$signature_test"
76 exit 1
77else
78 echo "Signature does check out!"
79 exit 1
80fi
57 81
58signature_enc=$(curl -s "localhost:7776/sign?user=tristan&data=$header_payload_enc" | jq -r '.signature')
59jwt="$header_enc.$payload_enc.$signature_enc"
60echo $jwt
61
62# Convert secret JWK to GNUnet skey
63key_dec=$(base64url_decode $( echo -n "$key" | jq -r '.d'))
64for i in $(echo -n $key_dec | xxd -p | tr -d '\n' | fold -w 2)
65do
66 echo -n "$i "
67done
68echo ""
69
70# TODO: Test Signature
71 # Gen key: Public Key GNS zone type value + d in crockford encoding
72 # Create new ego with key
73 # Check if signaure is valid using openssh
74 # Check if signaure is valid with test vektor