GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle,
const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
- const char *attribute)
+ const char *attribute,
+ struct GNUNET_TIME_Absolute *expiration)
{
struct GNUNET_CREDENTIAL_CredentialRecordData *crd;
- struct GNUNET_CRYPTO_EccSignaturePurpose *purp;
crd = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (attribute) + 1);
- purp = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) +
- strlen (attribute) + 1);
- purp->size = htonl (strlen (attribute) + 1 +
+ crd->purpose.size = htonl (strlen (attribute) + 1 +
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey) +
- sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose));
+ sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
+ sizeof (uint64_t));
- purp->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL);
+ crd->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL);
GNUNET_CRYPTO_ecdsa_key_get_public (issuer,
&crd->issuer_key);
crd->subject_key = *subject;
+ crd->expiration = GNUNET_htonll (expiration->abs_value_us);
GNUNET_memcpy (&crd[1],
attribute,
strlen (attribute));
- GNUNET_memcpy (&purp[1],
- subject,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
- GNUNET_memcpy (&purp[1] + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
- attribute,
- strlen (attribute));
if (GNUNET_OK !=
GNUNET_CRYPTO_ecdsa_sign (issuer,
- purp,
+ &crd->purpose,
&crd->sig))
{
GNUNET_break (0);
*/
static char *subject_credential;
+/**
+ * Credential TTL
+ */
+static char *expiration;
+
/**
* Subject key
*/
{
const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
struct GNUNET_CREDENTIAL_CredentialRecordData *crd;
+ struct GNUNET_TIME_Absolute etime_abs;
+ struct GNUNET_TIME_Relative etime_rel;
char *res;
el = NULL;
GNUNET_SCHEDULER_shutdown ();
return;
}
+ if (NULL == expiration)
+ {
+ fprintf (stderr,
+ "Please specify a TTL\n");
+ GNUNET_SCHEDULER_shutdown ();
+ return;
+ } else if (GNUNET_OK == GNUNET_STRINGS_fancy_time_to_relative (expiration,
+ &etime_rel))
+ {
+ etime_abs = GNUNET_TIME_relative_to_absolute (etime_rel);
+ } else if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_absolute (expiration,
+ &etime_abs))
+ {
+ fprintf (stderr,
+ "%s is not a valid ttl!\n",
+ expiration);
+ GNUNET_SCHEDULER_shutdown ();
+ return;
+ }
+
+
privkey = GNUNET_IDENTITY_ego_get_private_key (ego);
GNUNET_free_non_null (issuer_ego_name);
issuer_ego_name = NULL;
crd = GNUNET_CREDENTIAL_issue (credential,
privkey,
&subject_pkey,
- issuer_attr);
+ issuer_attr,
+ &etime_abs);
res = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL,
crd,
sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (issuer_attr) + 1);
{'a', "attribute", "ATTR",
gettext_noop ("The issuer attribute to verify against or to issue"), 1,
&GNUNET_GETOPT_set_string, &issuer_attr},
+ {'T', "ttl", "EXP",
+ gettext_noop ("The time to live for the credential"), 1,
+ &GNUNET_GETOPT_set_string, &expiration},
GNUNET_GETOPT_OPTION_END
};
int ret;
const struct GNUNET_CREDENTIAL_CredentialRecordData *crd;
struct GNUNET_CRYPTO_EccSignaturePurpose *purp;
struct CredentialRecordEntry *cr_entry;
+ uint32_t cred_verified;
cred_record_count = 0;
struct AttributeRecordEntry *attr_entry;
case GNUNET_GNSRECORD_TYPE_CREDENTIAL:
{
struct GNUNET_CREDENTIAL_CredentialRecordData cred;
+ struct GNUNET_TIME_Absolute etime_abs;
char *cred_str;
char *subject_pkey;
char *issuer_pkey;
char *signature;
+ const char *expiration;
+
if (data_size < sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData))
return NULL; /* malformed */
cdata = data;
subject_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.subject_key);
issuer_pkey = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred.issuer_key);
+ etime_abs.abs_value_us = GNUNET_ntohll(cred.expiration);
+ expiration = GNUNET_STRINGS_absolute_time_to_string (etime_abs);
GNUNET_STRINGS_base64_encode ((char*)&cred.sig,
sizeof (struct GNUNET_CRYPTO_EcdsaSignature),
&signature);
GNUNET_asprintf (&cred_str,
- "%s.%s -> %s sig:%s",
+ "%s.%s -> %s exp:%s sig:%s",
issuer_pkey,
&cdata[sizeof (cred)],
subject_pkey,
+ expiration,
signature);
GNUNET_free (subject_pkey);
GNUNET_free (issuer_pkey);
char issuer_pkey[enclen + 1];
char name[253 + 1];
char signature[128]; //TODO max payload size
+ char expiration[256];
+
struct GNUNET_CRYPTO_EcdsaSignature *sig;
+ struct GNUNET_TIME_Absolute etime_abs;
- if (4 != SSCANF (s,
- "%52s.%253s -> %52s sig:%s",
+ if (5 != SSCANF (s,
+ "%52s.%253s -> %52s exp:%255s sig:%127s",
issuer_pkey,
name,
subject_pkey,
+ expiration,
signature))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_pkey,
strlen (issuer_pkey),
&cred->issuer_key);
+ GNUNET_STRINGS_fancy_time_to_absolute (expiration,
+ &etime_abs);
GNUNET_STRINGS_base64_decode (signature,
strlen (signature),
(char**)&sig);
cred->sig = *sig;
+ cred->expiration = htonl (etime_abs.abs_value_us);
GNUNET_free (sig);
GNUNET_memcpy (&cred[1],
name,
SUBJECT_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testsubject | awk '{print $3}')
ISSUER_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep testissuer | awk '{print $3}')
#TODO1 Get credential and store it with subject (3)
-$DO_TIMEOUT gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR -c test_credential_lookup.conf
+$DO_TIMEOUT valgrind gnunet-credential --issue --ego=testissuer --subject=$SUBJECT_KEY --attribute=$TEST_ATTR --ttl=5m -c test_credential_lookup.conf
STATUS=$?
gnunet-arm -e -c test_credential_lookup.conf
*/
struct GNUNET_CRYPTO_EcdsaSignature sig;
+ /**
+ * Signature meta
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Public key of the issuer
* @param issuer the ego that should be used to issue the attribute
* @param subject the subject of the attribute
* @param attribute the name of the attribute
+ * @param expiration the TTL of the credential
* @return handle to the queued request
*/
struct GNUNET_CREDENTIAL_CredentialRecordData *
GNUNET_CREDENTIAL_issue (struct GNUNET_CREDENTIAL_Handle *handle,
const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
struct GNUNET_CRYPTO_EcdsaPublicKey *subject,
- const char *attribute);
+ const char *attribute,
+ struct GNUNET_TIME_Absolute *expiration);
/**
projects / oweals / gnunet.git / commitdiff