[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnunet] 32/171: -add expiration to cred
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnunet] 32/171: -add expiration to cred |
Date: |
Thu, 04 Jan 2018 16:09:00 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
commit 10b2bbf99b0dc611a735ad0a04d3ab5109a090f0
Author: Schanzenbach, Martin <address@hidden>
AuthorDate: Tue Dec 6 10:09:21 2016 +0100
-add expiration to cred
---
src/credential/credential_api.c | 22 +++++++-----------
src/credential/gnunet-credential.c | 34 +++++++++++++++++++++++++++-
src/credential/gnunet-service-credential.c | 1 +
src/credential/plugin_gnsrecord_credential.c | 19 +++++++++++++---
src/credential/test_credential_issue.sh | 2 +-
src/include/gnunet_credential_service.h | 8 ++++++-
6 files changed, 66 insertions(+), 20 deletions(-)
diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c
index 3be2d8bbb..eb7af5b53 100644
--- a/src/credential/credential_api.c
+++ b/src/credential/credential_api.c
@@ -425,35 +425,29 @@ struct GNUNET_CREDENTIAL_CredentialRecordData *
GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle,
const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
- const char *attribute)
+ const char *attribute,
+ struct GNUNET_TIME_Absolute *expiration)
{
struct GNUNET_CREDENTIAL_CredentialRecordData *crd;
- struct GNUNET_CRYPTO_EccSignaturePurpose *purp;
crd = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData)
+ strlen (attribute) + 1);
- purp = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) +
- strlen (attribute) + 1);
- purp->size = htonl (strlen (attribute) + 1 +
+ crd->purpose.size = htonl (strlen (attribute) + 1 +
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) +
- sizeof (struct
GNUNET_CRYPTO_EccSignaturePurpose));
+ sizeof (struct
GNUNET_CRYPTO_EccSignaturePurpose) +
+ sizeof (uint64_t));
- purp->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL);
+ crd->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL);
GNUNET_CRYPTO_ecdsa_key_get_public (issuer,
&crd->issuer_key);
crd->subject_key = *subject;
+ crd->expiration = GNUNET_htonll (expiration->abs_value_us);
GNUNET_memcpy (&crd[1],
attribute,
strlen (attribute));
- GNUNET_memcpy (&purp[1],
- subject,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
- GNUNET_memcpy (&purp[1] + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
- attribute,
- strlen (attribute));
if (GNUNET_OK !=
GNUNET_CRYPTO_ecdsa_sign (issuer,
- purp,
+ &crd->purpose,
&crd->sig))
{
GNUNET_break (0);
diff --git a/src/credential/gnunet-credential.c
b/src/credential/gnunet-credential.c
index a7b92447b..a2d494f2a 100644
--- a/src/credential/gnunet-credential.c
+++ b/src/credential/gnunet-credential.c
@@ -68,6 +68,11 @@ static char *subject_key;
static char *subject_credential;
/**
+ * Credential TTL
+ */
+static char *expiration;
+
+/**
* Subject key
*/
struct GNUNET_CRYPTO_EcdsaPublicKey subject_pkey;
@@ -180,6 +185,8 @@ identity_cb (void *cls,
{
const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
struct GNUNET_CREDENTIAL_CredentialRecordData *crd;
+ struct GNUNET_TIME_Absolute etime_abs;
+ struct GNUNET_TIME_Relative etime_rel;
char *res;
el = NULL;
@@ -194,13 +201,35 @@ identity_cb (void *cls,
GNUNET_SCHEDULER_shutdown ();
return;
}
+ if (NULL == expiration)
+ {
+ fprintf (stderr,
+ "Please specify a TTL\n");
+ GNUNET_SCHEDULER_shutdown ();
+ return;
+ } else if (GNUNET_OK == GNUNET_STRINGS_fancy_time_to_relative (expiration,
+ &etime_rel))
+ {
+ etime_abs = GNUNET_TIME_relative_to_absolute (etime_rel);
+ } else if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_absolute (expiration,
+ &etime_abs))
+ {
+ fprintf (stderr,
+ "%s is not a valid ttl!\n",
+ expiration);
+ GNUNET_SCHEDULER_shutdown ();
+ return;
+ }
+
+
privkey = GNUNET_IDENTITY_ego_get_private_key (ego);
GNUNET_free_non_null (issuer_ego_name);
issuer_ego_name = NULL;
crd = GNUNET_CREDENTIAL_issue (credential,
privkey,
&subject_pkey,
- issuer_attr);
+ issuer_attr,
+ &etime_abs);
res = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL,
crd,
sizeof (struct
GNUNET_CREDENTIAL_CredentialRecordData) + strlen (issuer_attr) + 1);
@@ -353,6 +382,9 @@ main (int argc, char *const *argv)
{'a', "attribute", "ATTR",
gettext_noop ("The issuer attribute to verify against or to issue"), 1,
&GNUNET_GETOPT_set_string, &issuer_attr},
+ {'T', "ttl", "EXP",
+ gettext_noop ("The time to live for the credential"), 1,
+ &GNUNET_GETOPT_set_string, &expiration},
GNUNET_GETOPT_OPTION_END
};
int ret;
diff --git a/src/credential/gnunet-service-credential.c
b/src/credential/gnunet-service-credential.c
index 792d8741e..7f18c77f6 100644
--- a/src/credential/gnunet-service-credential.c
+++ b/src/credential/gnunet-service-credential.c
@@ -327,6 +327,7 @@ send_lookup_response (void* cls,
const struct GNUNET_CREDENTIAL_CredentialRecordData *crd;
struct GNUNET_CRYPTO_EccSignaturePurpose *purp;
struct CredentialRecordEntry *cr_entry;
+ uint32_t cred_verified;
cred_record_count = 0;
struct AttributeRecordEntry *attr_entry;
diff --git a/src/credential/plugin_gnsrecord_credential.c
b/src/credential/plugin_gnsrecord_credential.c
index f6aec9bcc..60b677a4e 100644
--- a/src/credential/plugin_gnsrecord_credential.c
+++ b/src/credential/plugin_gnsrecord_credential.c
@@ -74,10 +74,13 @@ credential_value_to_string (void *cls,
case GNUNET_GNSRECORD_TYPE_CREDENTIAL:
{
struct GNUNET_CREDENTIAL_CredentialRecordData cred;
+ struct GNUNET_TIME_Absolute etime_abs;
char *cred_str;
char *subject_pkey;
char *issuer_pkey;
char *signature;
+ const char *expiration;
+
if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData))
return NULL; /* malformed */
@@ -87,14 +90,17 @@ credential_value_to_string (void *cls,
cdata = data;
subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string
(&cred.subject_key);
issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key);
+ etime_abs.abs_value_us = GNUNET_ntohll(cred.expiration);
+ expiration = GNUNET_STRINGS_absolute_time_to_string (etime_abs);
GNUNET_STRINGS_base64_encode ((char*)&cred.sig,
sizeof (struct
GNUNET_CRYPTO_EcdsaSignature),
&signature);
GNUNET_asprintf (&cred_str,
- "%s.%s -> %s sig:%s",
+ "%s.%s -> %s exp:%s sig:%s",
issuer_pkey,
&cdata[sizeof (cred)],
subject_pkey,
+ expiration,
signature);
GNUNET_free (subject_pkey);
GNUNET_free (issuer_pkey);
@@ -141,13 +147,17 @@ credential_string_to_value (void *cls,
char issuer_pkey[enclen + 1];
char name[253 + 1];
char signature[128]; //TODO max payload size
+ char expiration[256];
+
struct GNUNET_CRYPTO_EcdsaSignature *sig;
+ struct GNUNET_TIME_Absolute etime_abs;
- if (4 != SSCANF (s,
- "%52s.%253s -> %52s sig:%s",
+ if (5 != SSCANF (s,
+ "%52s.%253s -> %52s exp:%255s sig:%127s",
issuer_pkey,
name,
subject_pkey,
+ expiration,
signature))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
@@ -163,10 +173,13 @@ credential_string_to_value (void *cls,
GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey,
strlen (issuer_pkey),
&cred->issuer_key);
+ GNUNET_STRINGS_fancy_time_to_absolute (expiration,
+ &etime_abs);
GNUNET_STRINGS_base64_decode (signature,
strlen (signature),
(char**)&sig);
cred->sig = *sig;
+ cred->expiration = htonl (etime_abs.abs_value_us);
GNUNET_free (sig);
GNUNET_memcpy (&cred[1],
name,
diff --git a/src/credential/test_credential_issue.sh
b/src/credential/test_credential_issue.sh
index 95eac2957..4d1ba67c7 100755
--- a/src/credential/test_credential_issue.sh
+++ b/src/credential/test_credential_issue.sh
@@ -29,7 +29,7 @@ gnunet-identity -C testsubject -c test_credential_lookup.conf
SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep
testsubject | awk '{print $3}')
ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep
testissuer | awk '{print $3}')
#TODO1 Get credential and store it with subject (3)
-$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY
--attribute=$TEST_ATTR -c test_credential_lookup.conf
+$DO_TIMEOUT valgrind gnunet-credential --issue --ego=testissuer
--subject=$SUBJECT_KEY --attribute=$TEST_ATTR --ttl=5m -c
test_credential_lookup.conf
STATUS=$?
gnunet-arm -e -c test_credential_lookup.conf
diff --git a/src/include/gnunet_credential_service.h
b/src/include/gnunet_credential_service.h
index 151587768..a7de3c822 100644
--- a/src/include/gnunet_credential_service.h
+++ b/src/include/gnunet_credential_service.h
@@ -83,6 +83,10 @@ struct GNUNET_CREDENTIAL_CredentialRecordData {
*/
struct GNUNET_CRYPTO_EcdsaSignature sig;
+ /**
+ * Signature meta
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Public key of the issuer
@@ -250,13 +254,15 @@ GNUNET_CREDENTIAL_remove_delegation (struct
GNUNET_CREDENTIAL_Handle *handle,
* @param issuer the ego that should be used to issue the attribute
* @param subject the subject of the attribute
* @param attribute the name of the attribute
+ * @param expiration the TTL of the credential
* @return handle to the queued request
*/
struct GNUNET_CREDENTIAL_CredentialRecordData *
GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle,
const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
- const char *attribute);
+ const char *attribute,
+ struct GNUNET_TIME_Absolute *expiration);
/**
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnunet] 22/171: -add issue test, (continued)
- [GNUnet-SVN] [gnunet] 22/171: -add issue test, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 24/171: -add tests, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 29/171: Merge branch 'credentials' of git+ssh://gnunet.org/gnunet into credentials, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 36/171: -fix, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 26/171: - add signature to cred, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 28/171: - starting backward resolution, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 31/171: Merge branch 'credentials' of git+ssh://gnunet.org/gnunet into credentials, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 41/171: - fix test, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 34/171: - minor fixes, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 33/171: -fix, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 32/171: -add expiration to cred,
gnunet <=
- [GNUnet-SVN] [gnunet] 42/171: -add confs, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 35/171: Merge branch 'credentials' of git+ssh://gnunet.org/gnunet into credentials, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 38/171: - add signature check, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 40/171: - add delegation resolution, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 44/171: - Add rest plugin for credential, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 30/171: - add better test for verification, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 37/171: - add simple verification, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 47/171: -fix memleaks, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 39/171: -start delegation; cleanup, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 45/171: -more rest, gnunet, 2018/01/04