[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-anastasis] 05/10: Worked on escrow challenge
From: |
gnunet |
Subject: |
[taler-anastasis] 05/10: Worked on escrow challenge |
Date: |
Wed, 15 Jan 2020 23:42:29 +0100 |
This is an automated email from the git hooks/post-receive script.
dennis-neufeld pushed a commit to branch master
in repository anastasis.
commit 800f8a135d0ac8103a00aada2f85a7db14561fc9
Author: Dennis Neufeld <address@hidden>
AuthorDate: Mon Jan 6 08:12:52 2020 +0000
Worked on escrow challenge
---
src/backend/anastasis-httpd_truth.c | 128 ++++++++++++++++++++++++++------
src/include/anastasis_database_plugin.h | 5 +-
src/stasis/plugin_anastasis_postgres.c | 11 ++-
src/stasis/test_anastasis_db.c | 13 +++-
4 files changed, 130 insertions(+), 27 deletions(-)
diff --git a/src/backend/anastasis-httpd_truth.c
b/src/backend/anastasis-httpd_truth.c
index 584f145..2574992 100644
--- a/src/backend/anastasis-httpd_truth.c
+++ b/src/backend/anastasis-httpd_truth.c
@@ -40,10 +40,16 @@ AH_handler_truth_get (struct MHD_Connection *connection,
{
// FIXME: Handle truth get
uuid_t uuid;
- struct ANASTASIS_CRYPTO_truth_key decryption_key;
+ struct GNUNET_CRYPTO_SymmetricSessionKey decryption_key;
struct GNUNET_HashCode challenge_response;
void *encrypted_truth;
+ void *decrypted_truth;
+ void *encrypted_keyshare;
+ char result[GNUNET_CRYPTO_AES_KEY_LENGTH];
+ uint32_t *nonce;
+ unsigned char *aes_gcm_tag[16];
char *truth_mime;
+ char *method;
int ret;
/* extract uuid from url */
@@ -65,19 +71,19 @@ AH_handler_truth_get (struct MHD_Connection *connection,
"Truth-Decryption-Key");
if ( (NULL != tdk) &&
- (GNUNET_OK !=
- GNUNET_STRINGS_string_to_data (tdk,
- strlen (tdk),
- &decryption_key,
- sizeof (&decryption_key))))
+ (GNUNET_OK !=
+ GNUNET_STRINGS_string_to_data (tdk,
+ strlen (tdk),
+ &decryption_key,
+ sizeof (&decryption_key))))
{
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (connection,
- MHD_HTTP_BAD_REQUEST,
- // FIXME: find error code
- TALER_EC_SYNC_BAD_IF_MATCH,
- "Truth-Decryption-Key does not
include a base32-encoded decryption key");
- }
+ MHD_HTTP_BAD_REQUEST,
+ // FIXME: find error code
+ TALER_EC_SYNC_BAD_IF_MATCH,
+ "Truth-Decryption-Key does not
include a base32-encoded decryption key");
+ }
else
return MHD_HTTP_PRECONDITION_FAILED;
}
@@ -90,32 +96,106 @@ AH_handler_truth_get (struct MHD_Connection *connection,
"Challenge-Response");
if ( (NULL != cr) &&
- (GNUNET_OK !=
- GNUNET_STRINGS_string_to_data (cr,
- strlen (cr),
- &challenge_response,
- sizeof (&challenge_response))))
+ (GNUNET_OK !=
+ GNUNET_STRINGS_string_to_data (cr,
+ strlen (cr),
+ &challenge_response,
+ sizeof (&challenge_response))))
{
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (connection,
- MHD_HTTP_BAD_REQUEST,
- // FIXME: find error code
- TALER_EC_SYNC_BAD_IF_MATCH,
- "Challenge_Response does not include
a base32-encoded challenge response");
+ MHD_HTTP_BAD_REQUEST,
+ // FIXME: find error code
+ TALER_EC_SYNC_BAD_IF_MATCH,
+ "Challenge_Response does not include
a base32-encoded challenge response");
}
else
return MHD_HTTP_PRECONDITION_FAILED;
}
{
- //Validate challenge response
+ // load encrypted truth from db
enum ANASTASIS_DB_QueryStatus qs;
qs = db->get_escrow_challenge (db->cls,
&uuid,
- &encrypted_truth,
- sizeof (&encrypted_truth),
- &truth_mime);
+ encrypted_truth,
+ sizeof (encrypted_truth),
+ &aes_gcm_tag,
+ &nonce,
+ &truth_mime,
+ &method);
+ if (qs != ANASTASIS_DB_STATUS_SUCCESS_ONE_RESULT) {
+ return qs;
+ }
+ }
+ {
+ struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
+
+ GNUNET_CRYPTO_symmetric_derive_iv (&iv,
+ &decryption_key,
+ "ECT",
+ strlen ("ECT"));
+
+ decrypted_truth = GNUNET_malloc (GNUNET_CRYPTO_AES_KEY_LENGTH);
+
+ //decrypt encrypted_truth
+ if (GNUNET_CRYPTO_AES_KEY_LENGTH !=
+ GNUNET_CRYPTO_symmetric_decrypt (result,
+ GNUNET_CRYPTO_AES_KEY_LENGTH,
+ &decryption_key,
+ &iv,
+ decrypted_truth
+ ))
+ {
+ printf ("Wrong return value from decrypt block.\n");
+ ret = 1;
+ goto error;
+ }
+ }
+ {
+ //validate challenge response
+ if (method == "Secure Question") {
+ if(0 != GNUNET_memcmp (&challenge_response,
+ decrypted_truth))
+ {
+ GNUNET_break (0);
+ return;
+ }
+ else
+ {
+ // load encrypted keyshare from db
+ enum ANASTASIS_DB_QueryStatus qs;
+
+ qs = db->get_key_share (db->cls,
+ &uuid,
+ &encrypted_keyshare,
+ sizeof (&encrypted_keyshare));
+
+ if (qs != ANASTASIS_DB_STATUS_SUCCESS_ONE_RESULT) {
+ return qs;
+ }
+
+ struct MHD_Response *resp;
+ resp = MHD_create_response_from_buffer (sizeof (encrypted_keyshare),
+ encrypted_keyshare,
+ MHD_RESPMEM_MUST_FREE);
+ GNUNET_break (MHD_YES ==
+ MHD_add_response_header (resp,
+
MHD_HTTP_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
+ "*"));
+ ret = MHD_queue_response (connection,
+ MHD_HTTP_OK,
+ resp);
+ MHD_destroy_response (resp);
+ return ret;
+ }
+
+ }
}
return MHD_NO;
+
+ error:
+ GNUNET_free_non_null (decrypted_truth);
+ return ret;
}
\ No newline at end of file
diff --git a/src/include/anastasis_database_plugin.h
b/src/include/anastasis_database_plugin.h
index f5dd623..83ce138 100644
--- a/src/include/anastasis_database_plugin.h
+++ b/src/include/anastasis_database_plugin.h
@@ -278,7 +278,10 @@ struct ANASTASIS_DatabasePlugin
const uuid_t *uuid,
void **truth,
size_t *truth_size,
- char **truth_mime);
+ unsigned char **aes_gcm_tag,
+ uint32_t **nonce,
+ char **truth_mime,
+ char **method);
/**
* @param cls closure
diff --git a/src/stasis/plugin_anastasis_postgres.c
b/src/stasis/plugin_anastasis_postgres.c
index 1d28e2a..5fea5dc 100644
--- a/src/stasis/plugin_anastasis_postgres.c
+++ b/src/stasis/plugin_anastasis_postgres.c
@@ -814,7 +814,10 @@ postgres_get_escrow_challenge (void *cls,
const uuid_t *uuid,
void **truth,
size_t *truth_size,
- char **truth_mime)
+ unsigned char **aes_gcm_tag,
+ uint32_t **nonce,
+ char **truth_mime,
+ char **method)
{
struct PostgresClosure *pg = cls;
struct GNUNET_PQ_QueryParam params[] = {
@@ -825,8 +828,14 @@ postgres_get_escrow_challenge (void *cls,
GNUNET_PQ_result_spec_variable_size ("encrypted_truth",
truth,
truth_size),
+ GNUNET_PQ_result_spec_string ("aes_gcm_tag",
+ aes_gcm_tag),
+ GNUNET_PQ_result_spec_uint32 ("nonce",
+ nonce),
GNUNET_PQ_result_spec_string ("truth_mime",
truth_mime),
+ GNUNET_PQ_result_spec_string ("method",
+ method),
GNUNET_PQ_result_spec_end
};
diff --git a/src/stasis/test_anastasis_db.c b/src/stasis/test_anastasis_db.c
index 11107c1..b0d6664 100644
--- a/src/stasis/test_anastasis_db.c
+++ b/src/stasis/test_anastasis_db.c
@@ -136,6 +136,11 @@ static char *mime_type;
*/
static char *res_mime_type;
+/**
+ * Method
+ */
+static char *method;
+
/**
* Version of a Recoverydocument
*/
@@ -216,6 +221,9 @@ run (void *cls)
unsigned char aes_gcm_tag[16];
RND_BLK (&aes_gcm_tag);
+ unsigned char *res_aes_gcm_tag;
+ uint32_t *res_nonce;
+
post_counter = 2;
mime_type = "Picture";
TALER_string_to_amount ("EUR:30",&amount);
@@ -272,7 +280,10 @@ run (void *cls)
&uuid,
&truth,
&truthsize,
- &res_mime_type));
+ &res_aes_gcm_tag,
+ &res_nonce,
+ &res_mime_type,
+ &method));
FAILIF (ANASTASIS_DB_STATUS_SUCCESS_ONE_RESULT !=
plugin->get_key_share (plugin->cls,
--
To stop receiving notification emails like this one, please contact
address@hidden.
- [taler-anastasis] branch master updated (62e9415 -> 673a9dc), gnunet, 2020/01/15
- [taler-anastasis] 01/10: Added testing command for policy lookup, gnunet, 2020/01/15
- [taler-anastasis] 08/10: Worked on uploading truth, gnunet, 2020/01/15
- [taler-anastasis] 10/10: Merged, gnunet, 2020/01/15
- [taler-anastasis] 03/10: Modified db table anastasis_truth, gnunet, 2020/01/15
- [taler-anastasis] 04/10: Worked on escrow challenge, gnunet, 2020/01/15
- [taler-anastasis] 09/10: Merged, gnunet, 2020/01/15
- [taler-anastasis] 05/10: Worked on escrow challenge,
gnunet <=
- [taler-anastasis] 07/10: Worked on truth upload, gnunet, 2020/01/15
- [taler-anastasis] 06/10: Worked on escrow challenge, gnunet, 2020/01/15
- [taler-anastasis] 02/10: Worked on truth upload, gnunet, 2020/01/15