From 10b2bbf99b0dc611a735ad0a04d3ab5109a090f0 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Tue, 6 Dec 2016 10:09:21 +0100 Subject: -add expiration to cred --- src/credential/credential_api.c | 22 +++++++----------- src/credential/gnunet-credential.c | 34 +++++++++++++++++++++++++++- src/credential/gnunet-service-credential.c | 1 + src/credential/plugin_gnsrecord_credential.c | 19 +++++++++++++--- src/credential/test_credential_issue.sh | 2 +- 5 files changed, 59 insertions(+), 19 deletions(-) (limited to 'src/credential') diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 3be2d8bbb..eb7af5b53 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -425,35 +425,29 @@ struct GNUNET_CREDENTIAL_CredentialRecordData * GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle, const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, struct GNUNET_CRYPTO_EcdsaPublicKey *subject, - const char *attribute) + const char *attribute, + struct GNUNET_TIME_Absolute *expiration) { struct GNUNET_CREDENTIAL_CredentialRecordData *crd; - struct GNUNET_CRYPTO_EccSignaturePurpose *purp; crd = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (attribute) + 1); - purp = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + - strlen (attribute) + 1); - purp->size = htonl (strlen (attribute) + 1 + + crd->purpose.size = htonl (strlen (attribute) + 1 + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) + - sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)); + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + + sizeof (uint64_t)); - purp->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); + crd->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL); GNUNET_CRYPTO_ecdsa_key_get_public (issuer, &crd->issuer_key); crd->subject_key = *subject; + crd->expiration = GNUNET_htonll (expiration->abs_value_us); GNUNET_memcpy (&crd[1], attribute, strlen (attribute)); - GNUNET_memcpy (&purp[1], - subject, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - GNUNET_memcpy (&purp[1] + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), - attribute, - strlen (attribute)); if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (issuer, - purp, + &crd->purpose, &crd->sig)) { GNUNET_break (0); diff --git a/src/credential/gnunet-credential.c b/src/credential/gnunet-credential.c index a7b92447b..a2d494f2a 100644 --- a/src/credential/gnunet-credential.c +++ b/src/credential/gnunet-credential.c @@ -67,6 +67,11 @@ static char *subject_key; */ static char *subject_credential; +/** + * Credential TTL + */ +static char *expiration; + /** * Subject key */ @@ -180,6 +185,8 @@ identity_cb (void *cls, { const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey; struct GNUNET_CREDENTIAL_CredentialRecordData *crd; + struct GNUNET_TIME_Absolute etime_abs; + struct GNUNET_TIME_Relative etime_rel; char *res; el = NULL; @@ -194,13 +201,35 @@ identity_cb (void *cls, GNUNET_SCHEDULER_shutdown (); return; } + if (NULL == expiration) + { + fprintf (stderr, + "Please specify a TTL\n"); + GNUNET_SCHEDULER_shutdown (); + return; + } else if (GNUNET_OK == GNUNET_STRINGS_fancy_time_to_relative (expiration, + &etime_rel)) + { + etime_abs = GNUNET_TIME_relative_to_absolute (etime_rel); + } else if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_absolute (expiration, + &etime_abs)) + { + fprintf (stderr, + "%s is not a valid ttl!\n", + expiration); + GNUNET_SCHEDULER_shutdown (); + return; + } + + privkey = GNUNET_IDENTITY_ego_get_private_key (ego); GNUNET_free_non_null (issuer_ego_name); issuer_ego_name = NULL; crd = GNUNET_CREDENTIAL_issue (credential, privkey, &subject_pkey, - issuer_attr); + issuer_attr, + &etime_abs); res = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL, crd, sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (issuer_attr) + 1); @@ -353,6 +382,9 @@ main (int argc, char *const *argv) {'a', "attribute", "ATTR", gettext_noop ("The issuer attribute to verify against or to issue"), 1, &GNUNET_GETOPT_set_string, &issuer_attr}, + {'T', "ttl", "EXP", + gettext_noop ("The time to live for the credential"), 1, + &GNUNET_GETOPT_set_string, &expiration}, GNUNET_GETOPT_OPTION_END }; int ret; diff --git a/src/credential/gnunet-service-credential.c b/src/credential/gnunet-service-credential.c index 792d8741e..7f18c77f6 100644 --- a/src/credential/gnunet-service-credential.c +++ b/src/credential/gnunet-service-credential.c @@ -327,6 +327,7 @@ send_lookup_response (void* cls, const struct GNUNET_CREDENTIAL_CredentialRecordData *crd; struct GNUNET_CRYPTO_EccSignaturePurpose *purp; struct CredentialRecordEntry *cr_entry; + uint32_t cred_verified; cred_record_count = 0; struct AttributeRecordEntry *attr_entry; diff --git a/src/credential/plugin_gnsrecord_credential.c b/src/credential/plugin_gnsrecord_credential.c index f6aec9bcc..60b677a4e 100644 --- a/src/credential/plugin_gnsrecord_credential.c +++ b/src/credential/plugin_gnsrecord_credential.c @@ -74,10 +74,13 @@ credential_value_to_string (void *cls, case GNUNET_GNSRECORD_TYPE_CREDENTIAL: { struct GNUNET_CREDENTIAL_CredentialRecordData cred; + struct GNUNET_TIME_Absolute etime_abs; char *cred_str; char *subject_pkey; char *issuer_pkey; char *signature; + const char *expiration; + if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)) return NULL; /* malformed */ @@ -87,14 +90,17 @@ credential_value_to_string (void *cls, cdata = data; subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key); issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key); + etime_abs.abs_value_us = GNUNET_ntohll(cred.expiration); + expiration = GNUNET_STRINGS_absolute_time_to_string (etime_abs); GNUNET_STRINGS_base64_encode ((char*)&cred.sig, sizeof (struct GNUNET_CRYPTO_EcdsaSignature), &signature); GNUNET_asprintf (&cred_str, - "%s.%s -> %s sig:%s", + "%s.%s -> %s exp:%s sig:%s", issuer_pkey, &cdata[sizeof (cred)], subject_pkey, + expiration, signature); GNUNET_free (subject_pkey); GNUNET_free (issuer_pkey); @@ -141,13 +147,17 @@ credential_string_to_value (void *cls, char issuer_pkey[enclen + 1]; char name[253 + 1]; char signature[128]; //TODO max payload size + char expiration[256]; + struct GNUNET_CRYPTO_EcdsaSignature *sig; + struct GNUNET_TIME_Absolute etime_abs; - if (4 != SSCANF (s, - "%52s.%253s -> %52s sig:%s", + if (5 != SSCANF (s, + "%52s.%253s -> %52s exp:%255s sig:%127s", issuer_pkey, name, subject_pkey, + expiration, signature)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, @@ -163,10 +173,13 @@ credential_string_to_value (void *cls, GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey, strlen (issuer_pkey), &cred->issuer_key); + GNUNET_STRINGS_fancy_time_to_absolute (expiration, + &etime_abs); GNUNET_STRINGS_base64_decode (signature, strlen (signature), (char**)&sig); cred->sig = *sig; + cred->expiration = htonl (etime_abs.abs_value_us); GNUNET_free (sig); GNUNET_memcpy (&cred[1], name, diff --git a/src/credential/test_credential_issue.sh b/src/credential/test_credential_issue.sh index 95eac2957..4d1ba67c7 100755 --- a/src/credential/test_credential_issue.sh +++ b/src/credential/test_credential_issue.sh @@ -29,7 +29,7 @@ gnunet-identity -C testsubject -c test_credential_lookup.conf SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}') ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}') #TODO1 Get credential and store it with subject (3) -$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR -c test_credential_lookup.conf +$DO_TIMEOUT valgrind gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR --ttl=5m -c test_credential_lookup.conf STATUS=$? gnunet-arm -e -c test_credential_lookup.conf -- cgit v1.2.3