[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] branch master updated (fcfa115e2 -> cc70504a2)
From: |
gnunet |
Subject: |
[gnunet] branch master updated (fcfa115e2 -> cc70504a2) |
Date: |
Wed, 31 Aug 2022 17:04:38 +0200 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a change to branch master
in repository gnunet.
from fcfa115e2 -update gana
new 3eab839a5 - siop for reclaim; A rest endpoint that signs stuff
new bece25385 -sign rest api + unfinished test
new 45f2059a5 - add to gitignore
new 7777cef05 -switch to EdDSA egos only for signature rest endpoint
new 2a46a30bd - finished test for signature rest endpoint
new cc70504a2 Merge branch 'dev/trizuz/siop'
The 6 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/identity/plugin_rest_identity.c | 129 +++++++++++++++++++++
.../test_plugin_rest_identity_signature.sh | 81 +++++++++++++
src/include/gnunet_crypto_lib.h | 63 ++++++++++
src/util/.gitignore | 2 +
src/util/Makefile.am | 6 +
src/util/crypto_ecc.c | 64 ++++++++++
.../{test_common_endian.c => test_crypto_ecc.c} | 40 ++++---
7 files changed, 372 insertions(+), 13 deletions(-)
create mode 100755 src/identity/test_plugin_rest_identity_signature.sh
copy src/util/{test_common_endian.c => test_crypto_ecc.c} (50%)
diff --git a/src/identity/plugin_rest_identity.c
b/src/identity/plugin_rest_identity.c
index d7cd0e826..f46de1091 100644
--- a/src/identity/plugin_rest_identity.c
+++ b/src/identity/plugin_rest_identity.c
@@ -28,6 +28,8 @@
#include "gnunet_rest_plugin.h"
#include "gnunet_identity_service.h"
#include "gnunet_rest_lib.h"
+#include "identity.h"
+#include "gnunet_crypto_lib.h"
#include "microhttpd.h"
#include <jansson.h>
@@ -51,6 +53,11 @@
*/
#define GNUNET_REST_API_NS_IDENTITY_SUBSYSTEM "/identity/subsystem"
+/**
+ * Identity Namespace with sign specifier
+ */
+#define GNUNET_REST_API_NS_SIGN "/sign"
+
/**
* Parameter public key
*/
@@ -1185,6 +1192,127 @@ ego_delete_name (struct GNUNET_REST_RequestHandle
*con_handle,
handle);
}
+struct ego_sign_data_cls
+{
+ void *data;
+ struct RequestHandle *handle;
+};
+
+void
+ego_sign_data_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego)
+{
+ struct RequestHandle *handle = ((struct ego_sign_data_cls *) cls)->handle;
+ unsigned char *data
+ = (unsigned char *) ((struct ego_sign_data_cls *) cls)->data; // data is
url decoded
+ struct MHD_Response *resp;
+ struct GNUNET_CRYPTO_EddsaSignature sig;
+ char *sig_str;
+ char *result;
+
+ if (ego == NULL)
+ {
+ handle->response_code = MHD_HTTP_BAD_REQUEST;
+ handle->emsg = GNUNET_strdup ("Ego not found");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ if (ntohl (ego->pk.type) != GNUNET_IDENTITY_TYPE_EDDSA)
+ {
+ handle->response_code = MHD_HTTP_BAD_REQUEST;
+ handle->emsg = GNUNET_strdup ("Ego has to use an EdDSA key");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ if ( GNUNET_OK != GNUNET_CRYPTO_eddsa_sign_raw (&(ego->pk.eddsa_key),
+ (void *) data,
+ strlen (data),
+ &sig))
+ {
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ handle->emsg = GNUNET_strdup ("Signature creation failed");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ sig_str = malloc (128);
+ GNUNET_CRYPTO_eddsa_signature_encode (
+ (const struct GNUNET_CRYPTO_EddsaSignature *) &sig,
+ &sig_str);
+
+ GNUNET_asprintf (&result,
+ "{\"signature\": \"%s\"}",
+ sig_str);
+
+ resp = GNUNET_REST_create_response (result);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+
+ free (data);
+ free (sig_str);
+ free (result);
+ free (cls);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle, handle);
+}
+
+/**
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
+void
+ego_sign_data (struct GNUNET_REST_RequestHandle *con_handle,
+ const char *url,
+ void *cls)
+{
+ // TODO: replace with precompiler #define
+ const char *username_key = "user";
+ const char *data_key = "data";
+
+ struct RequestHandle *handle = cls;
+ struct MHD_Response *resp;
+ struct GNUNET_HashCode cache_key_username;
+ struct GNUNET_HashCode cache_key_data;
+ char *username;
+ char *data;
+ char *result;
+
+ struct ego_sign_data_cls *cls2;
+
+ GNUNET_CRYPTO_hash (username_key, strlen (username_key),
&cache_key_username);
+ GNUNET_CRYPTO_hash (data_key, strlen (data_key), &cache_key_data);
+
+ if ((GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (
+ handle->rest_handle->url_param_map,
+ &cache_key_username)) ||
+ (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (
+ handle->rest_handle->url_param_map,
+ &cache_key_data)))
+ {
+ handle->response_code = MHD_HTTP_BAD_REQUEST;
+ handle->emsg = GNUNET_strdup ("URL parameter missing");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ username = (char *) GNUNET_CONTAINER_multihashmap_get (
+ handle->rest_handle->url_param_map,
+ &cache_key_username);
+
+ data = (char *) GNUNET_CONTAINER_multihashmap_get (
+ handle->rest_handle->url_param_map,
+ &cache_key_data);
+
+ cls2 = malloc (sizeof(struct ego_sign_data_cls));
+ cls2->data = (void *) GNUNET_strdup (data);
+ cls2->handle = handle;
+
+ GNUNET_IDENTITY_ego_lookup (cfg,
+ username,
+ ego_sign_data_cb,
+ cls2);
+}
/**
* Respond to OPTIONS request
@@ -1335,6 +1463,7 @@ rest_process_request (struct GNUNET_REST_RequestHandle
*rest_handle,
GNUNET_REST_API_NS_IDENTITY_NAME,
&ego_delete_name },
{ MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY, &options_cont },
+ { MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_SIGN, &ego_sign_data},
GNUNET_REST_HANDLER_END };
diff --git a/src/identity/test_plugin_rest_identity_signature.sh
b/src/identity/test_plugin_rest_identity_signature.sh
new file mode 100755
index 000000000..a4d5fa5d7
--- /dev/null
+++ b/src/identity/test_plugin_rest_identity_signature.sh
@@ -0,0 +1,81 @@
+#!/usr/bin/bash
+
+# https://www.rfc-editor.org/rfc/rfc7515#appendix-A.3
+
+header='{"alg":"EdDSA"}'
+payload='Example of Ed25519 signing'
+key='{ "kty":"OKP",
+ "crv":"Ed25519",
+ "d":"nWGxne_9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A",
+ "x":"11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo"
+ }'
+
+header_payload_test="eyJhbGciOiJFZERTQSJ9.RXhhbXBsZSBvZiBFZDI1NTE5IHNpZ25pbmc"
+signature_test="hgyY0il_MGCjP0JzlnLWG1PPOt7-09PGcvMg3AIbQR6dWbhijcNR4ki4iylGjg5BhVsPt9g7sVvpAr_MuM0KAg"
+
+base64url_add_padding() {
+ for i in $( seq 1 $(( 4 - ${#1} % 4 )) ); do padding+="="; done
+ echo "$1""$padding"
+}
+
+base64url_encode () {
+ echo -n -e "$1" | base64 -w0 | tr '+/' '-_' | tr -d '='
+}
+
+base64url_decode () {
+ padded_input=$(base64url_add_padding "$1")
+ echo -n "$padded_input" | basenc --base64url -d
+}
+
+base32crockford_encode () {
+ echo -n -e "$1" | basenc --base32hex | tr 'IJKLMNOPQRSTUV' 'JKMNPQRSTVWXYZ'
+}
+
+echo -n "jwk: "
+echo $key | jq
+
+# Create Header
+# 65556 (decimal)
+# = 00000000-00000001-00000000-00010100 (binary little endian)
+# = 00-01-00-14 (hex little endian)
+header_hex=("00" "01" "00" "14")
+
+# Convert secret JWK to HEX array
+key_hex=( $( base64url_decode $( echo -n "$key" | jq -r '.d' ) | xxd -p | tr
-d '\n' | fold -w 2 | tr '\n' ' ' ) )
+
+# Concat header and key
+header_key_hex=(${header_hex[@]} ${key_hex[@]})
+
+# Encode with Base32Crogford
+key_gnunet=$(echo -n "${header_key_hex[*]}" | tr -d " " | xxd -p -r | basenc
--base32hex | tr 'IJKLMNOPQRSTUV' 'JKMNPQRSTVWXYZ' | tr -d "=")
+echo "gnunet skey: $key_gnunet"
+
+# Create ego
+gnunet-identity -C ego9696595726 -X -P "$key_gnunet"
+
+# Test base64url encoding and header.payload generation
+header_payload_enc="$(base64url_encode "$header").$(base64url_encode
"$payload")"
+if [ $header_payload_enc != $header_payload_test ] ;
+then
+ exit 1
+fi
+echo "header.payload: $header_payload_enc"
+
+# Sign JWT
+signature_enc=$(curl -s
"localhost:7776/sign?user=ego9696595726&data=$header_payload_enc" | jq -r
'.signature')
+jwt="$header_payload_enc.$signature_enc"
+echo "header.payload.signature: $jwt"
+
+gnunet-identity -D ego9696595726
+
+if [ $signature_enc != $signature_test ]
+then
+ echo "Signature does not check out:"
+ echo "$signature_enc"
+ echo "$signature_test"
+ exit 1
+else
+ echo "Signature does check out!"
+ exit 1
+fi
+
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index d7f6b94f1..b41eea8a3 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -1949,6 +1949,69 @@ GNUNET_CRYPTO_ecdsa_sign_ (
const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
struct GNUNET_CRYPTO_EcdsaSignature *sig);
+/**
+ * @brief
+ *
+ * @param priv
+ * @param data
+ * @param len
+ * @param sig
+ * @return enum GNUNET_GenericReturnValue
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_eddsa_sign_raw (
+ const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
+ void *data,
+ size_t size,
+ struct GNUNET_CRYPTO_EddsaSignature *sig);
+
+/**
+ * @brief
+ *
+ * @param sig
+ * @param sig_str
+ * @return enum GNUNET_GenericReturnValue
+ */
+size_t
+GNUNET_CRYPTO_eddsa_signature_encode(
+ const struct GNUNET_CRYPTO_EddsaSignature *sig,
+ char **sig_str);
+
+/**
+ * @brief
+ *
+ * @param sig_str
+ * @param sig
+ * @return enum GNUNET_GenericReturnValue
+ */
+size_t
+GNUNET_CRYPTO_eddsa_signature_decode(
+ const char *sig_str,
+ struct GNUNET_CRYPTO_EddsaSignature *sig);
+
+/**
+ * @brief
+ *
+ * @param sig
+ * @param sig_str
+ * @return enum GNUNET_GenericReturnValue
+ */
+size_t
+GNUNET_CRYPTO_ecdsa_signature_encode(
+ const struct GNUNET_CRYPTO_EcdsaSignature *sig,
+ char **sig_str);
+
+/**
+ * @brief
+ *
+ * @param sig_str
+ * @param sig
+ * @return enum GNUNET_GenericReturnValue
+ */
+size_t
+GNUNET_CRYPTO_ecdsa_signature_decode(
+ const char *sig_str,
+ struct GNUNET_CRYPTO_EcdsaSignature *sig);
/**
* @ingroup crypto
diff --git a/src/util/.gitignore b/src/util/.gitignore
index 0e3449fed..6151c4f7a 100644
--- a/src/util/.gitignore
+++ b/src/util/.gitignore
@@ -85,3 +85,5 @@ perf_malloc
perf_mq
perf_scheduler
gnunet-base32
+test_crypto_cs
+test_crypto_ecc
diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index 9cb7da15b..b86fa0f12 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -292,6 +292,7 @@ check_PROGRAMS = \
test_container_heap \
test_crypto_symmetric \
test_crypto_crc \
+ test_crypto_ecc \
test_crypto_cs \
test_crypto_ecdsa \
test_crypto_eddsa \
@@ -460,6 +461,11 @@ test_crypto_cs_LDADD = \
libgnunetutil.la \
-lsodium
+test_crypto_ecc_SOURCES = \
+ test_crypto_ecc.c
+test_crypto_ecc_LDADD = \
+ libgnunetutil.la
+
test_crypto_ecdsa_SOURCES = \
test_crypto_ecdsa.c
test_crypto_ecdsa_LDADD = \
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 0e73078bd..8eba2f635 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -594,6 +594,70 @@ GNUNET_CRYPTO_ecdsa_sign_ (
return GNUNET_OK;
}
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_eddsa_sign_raw (
+ const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
+ void *data,
+ size_t size,
+ struct GNUNET_CRYPTO_EddsaSignature *sig)
+{
+ unsigned char sk[crypto_sign_SECRETKEYBYTES];
+ unsigned char pk[crypto_sign_PUBLICKEYBYTES];
+ int res;
+
+ GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
+ res = crypto_sign_detached ((uint8_t *) sig,
+ NULL,
+ (uint8_t *) data,
+ size,
+ sk);
+ return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
+}
+
+size_t
+GNUNET_CRYPTO_eddsa_signature_encode (
+ const struct GNUNET_CRYPTO_EddsaSignature *sig,
+ char **sig_str)
+{
+ return GNUNET_STRINGS_base64url_encode (
+ (void*) sig,
+ 64,
+ sig_str);
+}
+
+size_t
+GNUNET_CRYPTO_eddsa_signature_decode (
+ const char *sig_str,
+ struct GNUNET_CRYPTO_EddsaSignature *sig)
+{
+ return GNUNET_STRINGS_base64url_decode (
+ sig_str,
+ strlen (sig_str),
+ (void **) &sig);
+}
+
+size_t
+GNUNET_CRYPTO_ecdsa_signature_encode (
+ const struct GNUNET_CRYPTO_EcdsaSignature *sig,
+ char **sig_str)
+{
+ return GNUNET_STRINGS_base64url_encode (
+ (void*) sig,
+ 64,
+ sig_str);
+}
+
+size_t
+GNUNET_CRYPTO_ecdsa_signature_decode (
+ const char *sig_str,
+ struct GNUNET_CRYPTO_EcdsaSignature *sig)
+{
+ return GNUNET_STRINGS_base64url_decode (
+ sig_str,
+ strlen (sig_str),
+ (void **) &sig);
+}
+
enum GNUNET_GenericReturnValue
GNUNET_CRYPTO_eddsa_sign_ (
diff --git a/src/util/test_common_endian.c b/src/util/test_crypto_ecc.c
similarity index 50%
copy from src/util/test_common_endian.c
copy to src/util/test_crypto_ecc.c
index 10a85a1bb..ebfa04c45 100644
--- a/src/util/test_common_endian.c
+++ b/src/util/test_crypto_ecc.c
@@ -1,6 +1,6 @@
/*
This file is part of GNUnet.
- Copyright (C) 2009 GNUnet e.V.
+ Copyright (C) 2002-2015 GNUnet e.V.
GNUnet is free software: you can redistribute it and/or modify it
under the terms of the GNU Affero General Public License as published
@@ -16,28 +16,42 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
SPDX-License-Identifier: AGPL3.0-or-later
+
*/
/**
- * @file util/test_common_endian.c
- * @brief testcase for common_endian.c
+ * @file util/test_crypto_ecc.c
+ * @brief test case for crypto_ecc.c GNUNET_CRYPTO_ecdsa_sign_raw() function
+ * @author Tristan Schwieren
*/
#include "platform.h"
#include "gnunet_util_lib.h"
-#define CHECK(n) if (n != GNUNET_htonll (GNUNET_ntohll (n))) return 1;
+static int
+test_GNUNET_CRYPTO_ecdsa_sign_raw ()
+{
+ struct GNUNET_CRYPTO_EcdsaPrivateKey skey;
+ struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
+ struct GNUNET_CRYPTO_EcdsaSignature sig;
+ const char *test_data = "Hello World!";
+
+ /* Generate keys */
+ GNUNET_CRYPTO_ecdsa_key_create (&skey);
+ GNUNET_CRYPTO_ecdsa_key_get_public (&skey, &pkey);
+
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_ecdsa_sign_raw (&skey,
+ test_data,
+ strlen (test_data),
+ &sig));
+
+ return 0;
+}
int
main (int argc, char *argv[])
{
- GNUNET_log_setup ("test-common-endian", "WARNING", NULL);
- CHECK (1);
- CHECK (0x12345678);
- CHECK (123456789012345LL);
- if ((0x1234567890ABCDEFLL != GNUNET_htonll (0xEFCDAB9078563412LL)) &&
- (42 != htonl (42)) )
- return 1;
- return 0;
+ return test_GNUNET_CRYPTO_ecdsa_sign_raw ();
}
-/* end of test_common_endian.c */
+/* end of test_crypto_ecc.c */
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [gnunet] branch master updated (fcfa115e2 -> cc70504a2),
gnunet <=
- [gnunet] 01/06: - siop for reclaim; A rest endpoint that signs stuff, gnunet, 2022/08/31
- [gnunet] 04/06: -switch to EdDSA egos only for signature rest endpoint, gnunet, 2022/08/31
- [gnunet] 02/06: -sign rest api + unfinished test, gnunet, 2022/08/31
- [gnunet] 03/06: - add to gitignore, gnunet, 2022/08/31
- [gnunet] 06/06: Merge branch 'dev/trizuz/siop', gnunet, 2022/08/31
- [gnunet] 05/06: - finished test for signature rest endpoint, gnunet, 2022/08/31