gnunet-svn
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-anastasis] 01/01: modified salt request again :D


From: gnunet
Subject: [taler-anastasis] 01/01: modified salt request again :D
Date: Mon, 20 Apr 2020 11:36:58 +0200

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository anastasis.

commit 72e30295e73e849b3a2498107009b5dcb22a3fb9
Author: Dennis Neufeld <address@hidden>
AuthorDate: Fri Apr 17 09:12:24 2020 +0000

    modified salt request again :D
    
    modified header
    
    worked on keyshare request
    
    worked on keyshare request
    
    fixed compiling errors
    
    fixed compiling warnings
    
    worked on keyshare lookup testing
    
    worked on keyshare lookup api
    
    .gitignore
    
    .gitignore
    
    secretshare
    
    uncrustify
    
    fix wrong GNUNET_assert usage...
    
    worked on fixing uuid issue... still something wrong
    rebase
    .gitignore vgcore
---
 .gitignore                                |   3 +
 src/backend/anastasis-httpd_truth.c       |  58 +++---
 src/include/anastasis.h                   |  24 ++-
 src/include/anastasis_crypto_lib.h        |  16 +-
 src/include/anastasis_service.h           |  22 +--
 src/include/anastasis_testing_lib.h       | 107 ++++++++---
 src/lib/Makefile.am                       |   3 +
 src/lib/anastasis.c                       | 155 +++++++++++++---
 src/lib/anastasis_api_keyshare_lookup.c   | 217 ++++++++++++-----------
 src/lib/anastasis_api_salt.c              |  24 ++-
 src/lib/anastasis_api_truth_store.c       |  32 ++--
 src/lib/test_anastasis_api.c              |  47 +++--
 src/lib/testing_api_cmd_keyshare_lookup.c | 283 ++++++++++++++++++++++++++++++
 src/lib/testing_api_cmd_policy_lookup.c   |  26 ++-
 src/lib/testing_api_cmd_truth_store.c     | 133 ++++++++++----
 src/lib/testing_api_trait_uuid.c          |  74 ++++++++
 src/stasis/plugin_anastasis_postgres.c    |  12 +-
 src/stasis/test_anastasis_db.c            |  10 +-
 src/util/anastasis_crypto.c               |  32 ++--
 src/util/test_anastasis_crypto.c          |  63 ++++---
 20 files changed, 973 insertions(+), 368 deletions(-)

diff --git a/.gitignore b/.gitignore
index 7ccb73b..08fb675 100644
--- a/.gitignore
+++ b/.gitignore
@@ -84,3 +84,6 @@ src/util/test_anastasis_crypto.log
 src/util/test_anastasis_crypto
 src/util/test_anastasis_crypto.trs
 src/lib/test_anastasisrest_api
+src/lib/vgcore.*
+src/util/vgcore.*
+src/statis/vgcore.*
\ No newline at end of file
diff --git a/src/backend/anastasis-httpd_truth.c 
b/src/backend/anastasis-httpd_truth.c
index 7db3d6a..25de255 100644
--- a/src/backend/anastasis-httpd_truth.c
+++ b/src/backend/anastasis-httpd_truth.c
@@ -22,6 +22,7 @@
  */
 #include "platform.h"
 #include "anastasis-httpd.h"
+#include "anastasis_service.h"
 #include "anastasis-httpd_truth.h"
 #include <gnunet/gnunet_util_lib.h>
 #include <gnunet/gnunet_rest_lib.h>
@@ -40,13 +41,14 @@ AH_handler_truth_get (struct MHD_Connection *connection,
 {
   // FIXME: Handle truth get
   uuid_t uuid;
-  struct GNUNET_CRYPTO_SymmetricSessionKey decryption_key;
+  struct ANASTASIS_CRYPTO_TruthKey truth_key;
   struct GNUNET_HashCode challenge_response;
   const char *challenge_response_s;
   void *encrypted_truth;
+  size_t encrypted_truth_size;
   void *decrypted_truth;
+  size_t decrypted_truth_size;
   void *encrypted_keyshare;
-  char result[GNUNET_CRYPTO_AES_KEY_LENGTH];
   char *truth_mime;
   char *method;
   int ret;
@@ -61,9 +63,18 @@ AH_handler_truth_get (struct MHD_Connection *connection,
     uuid_str = &url[strlen ("/truth/")];
     uuid_parse (uuid_str, uuid);
 
+    GNUNET_assert (NULL != uuid_str);
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Uuid from Url (keyshare lookup): %s\n",
+                uuid_str);
+
     challenge_response_s = MHD_lookup_connection_value (connection,
                                                         MHD_GET_ARGUMENT_KIND,
                                                         "response");
+    GNUNET_assert (NULL != challenge_response_s);
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Challenge response from url (keyshare lookup): %s\n",
+                challenge_response_s);
   }
   {
     // check if header contains Truth-Decryption-Key
@@ -77,8 +88,9 @@ AH_handler_truth_get (struct MHD_Connection *connection,
          (GNUNET_OK !=
           GNUNET_STRINGS_string_to_data (tdk,
                                          strlen (tdk),
-                                         &decryption_key,
-                                         sizeof (&decryption_key))))
+                                         &truth_key,
+                                         sizeof (struct
+                                                 ANASTASIS_CRYPTO_TruthKey))))
     {
       GNUNET_break_op (0);
       return TALER_MHD_reply_with_error (connection,
@@ -93,7 +105,6 @@ AH_handler_truth_get (struct MHD_Connection *connection,
   {
     // load encrypted truth from db
     enum ANASTASIS_DB_QueryStatus qs;
-    size_t encrypted_truth_size;
 
     qs = db->get_escrow_challenge (db->cls,
                                    &uuid,
@@ -105,35 +116,14 @@ AH_handler_truth_get (struct MHD_Connection *connection,
     {
       return qs;
     }
-
-    if (NULL == challenge_response_s)
-    {
-      // FIXME: Return escrow challenge
-    }
   }
   {
-    struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
-
-    GNUNET_CRYPTO_symmetric_derive_iv (&iv,
-                                       &decryption_key,
-                                       "ECT",
-                                       strlen ("ECT"));
-
-    decrypted_truth = GNUNET_malloc (GNUNET_CRYPTO_AES_KEY_LENGTH);
-
     // decrypt encrypted_truth
-    if (GNUNET_CRYPTO_AES_KEY_LENGTH !=
-        GNUNET_CRYPTO_symmetric_decrypt (result,
-                                         GNUNET_CRYPTO_AES_KEY_LENGTH,
-                                         &decryption_key,
-                                         &iv,
-                                         decrypted_truth
-                                         ))
-    {
-      printf ("Wrong return value from decrypt block.\n");
-      ret = 1;
-      goto error;
-    }
+    ANASTASIS_CRYPTO_truth_decrypt (&truth_key,
+                                    encrypted_truth,
+                                    encrypted_truth_size,
+                                    &decrypted_truth,
+                                    &decrypted_truth_size);
   }
   {
     // validate challenge response
@@ -185,10 +175,6 @@ AH_handler_truth_get (struct MHD_Connection *connection,
 
     }
   }
-
-  return MHD_NO;
-
-error:
   GNUNET_free_non_null (decrypted_truth);
-  return ret;
+  return MHD_NO;
 }
\ No newline at end of file
diff --git a/src/include/anastasis.h b/src/include/anastasis.h
index 31ddcc7..2eaaf38 100644
--- a/src/include/anastasis.h
+++ b/src/include/anastasis.h
@@ -23,6 +23,7 @@
 #include "platform.h"
 #include <taler/taler_json_lib.h>
 #include <gnunet/gnunet_util_lib.h>
+#include <uuid/uuid.h>
 
 
 /*Download api*/
@@ -42,11 +43,18 @@ struct ANASTASIS_EscrowMethod
 */
 struct ANASTASIS_DecryptionPolicy
 {
-  // subset of methods that must be satisfied for this dp
-  struct ANASTASIS_EscrowMethod *ems;
-
-  unsigned int ems_len;
-
+  /**
+   * Set of escrow methods identfied by their uuids
+   */
+  uuid_t *escrow_uuids;
+  /**
+   * length of the methods in this policy
+   */
+  unsigned int uuids_length;
+  /**
+   * encrypted masterkey ( encrypted with the policy key)
+   */
+  struct ANASTASIS_CRYPTO_EncryptedMasterKey *emk;
 };
 
 /**
@@ -59,6 +67,10 @@ struct ANASTASIS_RecoveryInformation
 
   unsigned int dps_len;
 
+  struct ANSTASIS_EscrowMethod *ems;
+
+  unsigned int ems_len;
+
   unsigned int version;     // actual version obtained
 
 };
@@ -373,6 +385,8 @@ ANASTASIS_secret_share (const json_t *id_data,
                         const struct GNUNET_HashCode *last_etag,
                         struct ANASTASIS_Policy *policies[],
                         unsigned int policies_len,
+                        struct ANASTASIS_Truth *truths[],
+                        unsigned int truths_len,
                         ANASTASIS_SharePaymentCallback spc,
                         void *spc_cls,
                         ANASTASIS_ShareResultCallback src,
diff --git a/src/include/anastasis_crypto_lib.h 
b/src/include/anastasis_crypto_lib.h
index 3e3eeb3..2aeb776 100644
--- a/src/include/anastasis_crypto_lib.h
+++ b/src/include/anastasis_crypto_lib.h
@@ -48,7 +48,7 @@ struct ANASTASIS_CRYPTO_AccountPrivateKey
 */
 struct ANASTASIS_CRYPTO_TruthKey
 {
-  uint32_t key[8];
+  struct GNUNET_HashCode key;
 };
 
 
@@ -57,7 +57,7 @@ struct ANASTASIS_CRYPTO_TruthKey
 */
 struct ANASTASIS_CRYPTO_Salt
 {
-  char *salt;
+  const char *salt;
 };
 
 
@@ -165,7 +165,7 @@ struct ANASTASIS_CRYPTO_UserIdentifier
 void
 ANASTASIS_CRYPTO_user_identifier_derive (
   const json_t *id_data,
-  const struct ANASTASIS_CRYPTO_Salt server_salt,
+  const struct ANASTASIS_CRYPTO_Salt *server_salt,
   struct ANASTASIS_CRYPTO_UserIdentifier *id);
 
 
@@ -229,7 +229,7 @@ ANASTASIS_CRYPTO_recovery_document_decrypt (
  * @param enc_key_share[out] holds the encrypted share, the first 48 Bytes are 
the used nonce and tag
  */
 void
-ANASTASIS_CRYPTO_key_share_encrypt (
+ANASTASIS_CRYPTO_keyshare_encrypt (
   const struct ANASTASIS_CRYPTO_KeyShare *key_share,
   const struct ANASTASIS_CRYPTO_UserIdentifier *id,
   struct ANASTASIS_CRYPTO_EncryptedKeyShare **enc_key_share);
@@ -243,7 +243,7 @@ ANASTASIS_CRYPTO_key_share_encrypt (
  * @param key_share[out] the result of decryption
  */
 void
-ANASTASIS_CRYPTO_key_share_decrypt (
+ANASTASIS_CRYPTO_keyshare_decrypt (
   const struct ANASTASIS_CRYPTO_EncryptedKeyShare *enc_key_share,
   const struct ANASTASIS_CRYPTO_UserIdentifier *id,
   struct ANASTASIS_CRYPTO_KeyShare **key_share);
@@ -297,7 +297,7 @@ ANASTASIS_CRYPTO_truth_decrypt (
  * @param key_share[out] reference to the created key share.
  */
 void
-ANASTASIS_CRYPTO_key_share_create (
+ANASTASIS_CRYPTO_keyshare_create (
   struct ANASTASIS_CRYPTO_KeyShare *key_share);
 
 
@@ -351,6 +351,7 @@ ANASTASIS_CRYPTO_core_secret_encrypt (
  * @param encrypted_core_secret the encrypted core secret from the user, will 
be encrypted with the policy key
  * @param encrypted_core_secret_size size of the encrypted core secret
  * @param core_secret[out] decrypted core secret will be returned
+ * @param core_secret_size[out] size of core secret
  */
 void
 ANASTASIS_CRYPTO_core_secret_recover (
@@ -358,4 +359,5 @@ ANASTASIS_CRYPTO_core_secret_recover (
   const struct ANASTASIS_CRYPTO_PolicyKey policy_key,
   const void *encrypted_core_secret,
   size_t encrypted_core_secret_size,
-  void **core_secret);
\ No newline at end of file
+  void **core_secret,
+  size_t *core_secret_size);
\ No newline at end of file
diff --git a/src/include/anastasis_service.h b/src/include/anastasis_service.h
index cb40706..d20ffb9 100644
--- a/src/include/anastasis_service.h
+++ b/src/include/anastasis_service.h
@@ -191,7 +191,7 @@ struct ANASTASIS_KeyShareDownloadDetails
   /**
     * Number of bytes in truth_data.
     */
-  size_t encrypted_key_share_size;
+  size_t encrypted_keyshare_size;
 };
 
 /**
@@ -469,13 +469,13 @@ typedef void
  * @return handle for this operation, NULL upon errors
  */
 struct ANASTASIS_KeyShareLookupOperation *
-ANASTASIS_key_share_lookup (struct GNUNET_CURL_Context *ctx,
-                            const char *backend_url,
-                            uuid_t *truth_uuid,
-                            const struct ANASTASIS_CRYPTO_TruthKey *truth_key,
-                            const struct GNUNET_HashCode *hashed_answer,
-                            ANASTASIS_KeyShareLookupCallback cb,
-                            void *cb_cls);
+ANASTASIS_keyshare_lookup (struct GNUNET_CURL_Context *ctx,
+                           const char *backend_url,
+                           const uuid_t *truth_uuid,
+                           const struct ANASTASIS_CRYPTO_TruthKey *truth_key,
+                           const struct GNUNET_HashCode *hashed_answer,
+                           ANASTASIS_KeyShareLookupCallback cb,
+                           void *cb_cls);
 
 
 /**
@@ -484,8 +484,8 @@ ANASTASIS_key_share_lookup (struct GNUNET_CURL_Context *ctx,
  * @param tlo cancel the truth lookup operation
  */
 void
-ANASTASIS_key_share_lookup_cancel (struct
-                                   ANASTASIS_KeyShareLookupOperation *kslo);
+ANASTASIS_keyshare_lookup_cancel (struct
+                                  ANASTASIS_KeyShareLookupOperation *kslo);
 
 /**
  * Handle for a POST /truth operation.
@@ -523,7 +523,7 @@ typedef void
 struct ANASTASIS_TruthStoreOperation *
 ANASTASIS_truth_store (struct GNUNET_CURL_Context *ctx,
                        const char *backend_url,
-                       const uuid_t truth_uuid,
+                       const uuid_t *truth_uuid,
                        json_t *truth_data,
                        int payment_requested,
                        const char *paid_order_id,
diff --git a/src/include/anastasis_testing_lib.h 
b/src/include/anastasis_testing_lib.h
index b6cda89..386eadf 100644
--- a/src/include/anastasis_testing_lib.h
+++ b/src/include/anastasis_testing_lib.h
@@ -1,22 +1,18 @@
 /*
-  This file is part of TALER
-  (C) 2018 Taler Systems SA
-
-  TALER is free software; you can redistribute it and/or modify
-  it under the terms of the GNU General Public License as
-  published by the Free Software Foundation; either version 3, or
-  (at your option) any later version.
-
-  TALER is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-  GNU General Public License for more details.
-
-  You should have received a copy of the GNU General Public
-  License along with TALER; see the file COPYING.  If not, see
-  <http://www.gnu.org/licenses/>
-*/
+  This file is part of Anastasis
+  Copyright (C) 2020 Taler Systems SA
+
+  Anastasis is free software; you can redistribute it and/or modify it under 
the
+  terms of the GNU Lesser General Public License as published by the Free 
Software
+  Foundation; either version 3, or (at your option) any later version.
 
+  Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License along with
+  Anastasis; see the file COPYING.GPL.  If not, see 
<http://www.gnu.org/licenses/>
+*/
 /**
  * @file include/anastasis_testing_lib.h
  * @brief API for writing an interpreter to test Taler components
@@ -161,6 +157,30 @@ ANASTASIS_TESTING_make_trait_payment_identifier (unsigned 
int index,
                                                  const struct
                                                  ANASTASIS_PaymentSecretP *h);
 
+/**
+ * Obtain an uuid from @a cmd.
+ *
+ * @param cmd command to extract the number from.
+ * @param index the number's index number.
+ * @param u[out] set to the number coming from @a cmd.
+ * @return #GNUNET_OK on success.
+ */
+int
+ANASTASIS_TESTING_get_trait_uuid (const struct TALER_TESTING_Command *cmd,
+                                  unsigned int index,
+                                  const uuid_t **u);
+
+/**
+ * Offer an uuid.
+ *
+ * @param index the number's index number.
+ * @param u the uuid to offer.
+ * @return #GNUNET_OK on success.
+ */
+struct TALER_TESTING_Trait
+ANASTASIS_TESTING_make_trait_uuid (unsigned int index,
+                                   const uuid_t *u);
+
 /**
  * Prepare the merchant execution.  Create tables and check if
  * the port is available.
@@ -320,16 +340,41 @@ enum ANASTASIS_TESTING_TruthStoreOption
 
 };
 
+/**
+ * Creates a truth key.
+ *
+ * @param key_str a str you want to be a truth key
+ * @return truthkey
+ */
+struct ANASTASIS_CRYPTO_TruthKey *
+ANASTASIS_TESTING_make_truthkey (const char *key_str);
+
+/**
+ * Creates hash of an answer
+ *
+ * @param answer the answer to a challenge (e.g. a secure question)
+ * @param size_answer size of the answer
+ * @return hash of the answer
+ */
+struct GNUNET_HashCode
+ANASTASIS_TESTING_make_hashed_answer (const void *answer,
+                                      size_t size_answer);
+
 /**
  * Creates a sample of truth.
  *
  * @param method the challenge method
  * @param mime_type mime type of the truth
+ * @param answer the hashed answer (part of truth) to a challenge
+ * @param key the key to encrypt the truth
  * @return truth in json format
  */
-json_t*
-ANASTASIS_TESTING_make_truth_example (char *method,
-                                      char *mime_type);
+json_t *
+ANASTASIS_TESTING_make_truth_example (const char *method,
+                                      const char *mime_type,
+                                      const struct GNUNET_HashCode answer,
+                                      const struct
+                                      ANASTASIS_CRYPTO_TruthKey *key);
 
 /**
  * Make the "truth store" command.
@@ -346,25 +391,29 @@ ANASTASIS_TESTING_cmd_truth_store (const char *label,
                                    const char *anastasis_url,
                                    const char *prev_upload,
                                    unsigned int http_status,
-                                   enum
-                                   ANASTASIS_TESTING_TruthStoreOption tso,
+                                   enum ANASTASIS_TESTING_TruthStoreOption tso,
                                    json_t *truth_data);
 
 /**
- * Make the "truth lookup" command.
+ * Make the "keyshare lookup" command.
  *
  * @param label command label
- * @param ANASTASIS_url base URL of the ANASTASIS serving
- *        the truth lookup request.
+ * @param anastasis_url base URL of the ANASTASIS serving
+ *        the keyshare lookup request.
  * @param http_status expected HTTP status.
+ * @param answer hashed answer (response to challenge)
+ * @param key key to decrypt truth
  * @param upload_ref reference to upload command
  * @return the command
  */
 struct TALER_TESTING_Command
-ANASTASIS_TESTING_cmd_truth_lookup (const char *label,
-                                    const char *ANASTASIS_url,
-                                    unsigned int http_status,
-                                    const char *upload_ref);
+ANASTASIS_TESTING_cmd_keyshare_lookup (const char *label,
+                                       const char *anastasis_url,
+                                       unsigned int http_status,
+                                       const struct GNUNET_HashCode answer,
+                                       const struct
+                                       ANASTASIS_CRYPTO_TruthKey *key,
+                                       const char *upload_ref);
 
 /**
  * Make the "salt" command.
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index 2ff47a5..d6706c5 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -21,6 +21,7 @@ libanastasisrest_la_SOURCES = \
   anastasis_api_policy_store.c \
   anastasis_api_truth_store.c \
   anastasis_api_policy_lookup.c \
+  anastasis_api_keyshare_lookup.c \
   anastasis_api_curl_defaults.c anastasis_api_curl_defaults.h
 libanastasisrest_la_LIBADD = \
   -lgnunetcurl \
@@ -58,11 +59,13 @@ libanastasistesting_la_SOURCES = \
   testing_api_cmd_policy_store.c \
   testing_api_cmd_truth_store.c \
   testing_api_cmd_policy_lookup.c \
+  testing_api_cmd_keyshare_lookup.c \
   testing_api_cmd_salt.c \
   testing_api_helpers.c \
   testing_api_trait_account_pub.c \
   testing_api_trait_account_priv.c \
   testing_api_trait_payment_identifier.c \
+  testing_api_trait_uuid.c \
   testing_api_trait_hash.c
 libanastasistesting_la_LIBADD = \
   $(top_builddir)/src/lib/libanastasisrest.la \
diff --git a/src/lib/anastasis.c b/src/lib/anastasis.c
index ff34aad..1f74d5d 100644
--- a/src/lib/anastasis.c
+++ b/src/lib/anastasis.c
@@ -120,6 +120,22 @@ struct ANASTASIS_Challenge
    * uuid which defines this challenge
    */
   uuid_t challenge_uuid;
+  /**
+   * Key used to encrypt the truth passed to the server
+   */
+  struct ANASTASIS_CRYPTO_TruthKey truth_key;
+  /**
+   * Salt used to encrypt the truth
+   */
+  struct ANASTASIS_CRYPTO_Salt truth_salt;
+  /**
+   * plaintext challenge which is sent to the client
+   */
+  void *challenge;
+  /**
+   * size of the challenge
+   */
+  size_t challenge_size;
 };
 
 /**
@@ -288,7 +304,7 @@ ANASTASIS_recovery_begin (const json_t *id_data,
                            &salt_cb,
                            ss);
   ANASTASIS_CRYPTO_user_identifier_derive (id_data,
-                                           ss->so->salt,
+                                           &ss->so->salt,
                                            &r->id);
   salt_cleanup (ss);
   ANASTASIS_CRYPTO_account_public_key_derive (&r->id,
@@ -577,13 +593,13 @@ ANASTASIS_truth_upload (const json_t *id_data,
                            &salt_cb,
                            ss);
 
-  ANASTASIS_CRYPTO_key_share_create (&t->key_share);
+  ANASTASIS_CRYPTO_keyshare_create (&t->key_share);
   ANASTASIS_CRYPTO_user_identifier_derive (id_data,
-                                           ss->so->salt,
+                                           &ss->so->salt,
                                            &tu->id);
-  ANASTASIS_CRYPTO_key_share_encrypt (&t->key_share,
-                                      &tu->id,
-                                      &encrypted_key_share);
+  ANASTASIS_CRYPTO_keyshare_encrypt (&t->key_share,
+                                     &tu->id,
+                                     &encrypted_key_share);
   salt_cleanup (ss);
 
   GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
@@ -609,7 +625,7 @@ ANASTASIS_truth_upload (const json_t *id_data,
 
   tu->tso = ANASTASIS_truth_store (tu->ctx,
                                    t->url,
-                                   t->uuid,
+                                   &t->uuid,
                                    truth,
                                    tu->payment_requested,
                                    tu->paid_order_id,
@@ -669,13 +685,13 @@ struct ANASTASIS_Policy
    */
   struct ANASTASIS_CRYPTO_Salt salt;
   /**
-  * size of the truths
-  */
-  unsigned int truths_len;
+   * set of truths inside this policy
+   */
+  uuid_t *uuids;
   /**
-  * set of truths inside this policy
-  */
-  struct ANASTASIS_Truth *truths[];
+   * length of methods used
+   */
+  unsigned int uuid_length;
 };
 
 /**
@@ -690,21 +706,20 @@ ANASTASIS_policy_create (struct ANASTASIS_Truth *truths[],
 {
   struct ANASTASIS_Policy *p;
   p = GNUNET_new (struct ANASTASIS_Policy);
-  struct ANASTASIS_CRYPTO_PolicyKey policy_key;
   struct ANASTASIS_CRYPTO_KeyShare key_shares[truths_len];
-  // FIXME
-  // p->truths = truths;
-  p->truths_len = truths_len;
-
+  uuid_t uuids[truths_len];
   for (unsigned int i = 0; i < truths_len; i++)
   {
     key_shares[i] = truths[i]->key_share;
+    memcpy (uuids[i], truths[i]->uuid, sizeof(uuid_t));
   }
   // FIXME SALT
   ANASTASIS_CRYPTO_policy_key_derive (key_shares,
                                       truths_len,
                                       &p->salt,
                                       &p->policy_key);
+  p->uuids = uuids;
+  p->uuid_length = truths_len;
   return p;
 }
 
@@ -748,6 +763,36 @@ struct ANASTASIS_SecretShare
    * Hash of the current upload.
    */
   struct GNUNET_HashCode curr_hash;
+  /**
+ * Identity key material used for the derivation of keys
+*/
+  struct ANASTASIS_CRYPTO_UserIdentifier id;
+  /**
+   * Public key for a request
+  */
+  struct ANASTASIS_CRYPTO_AccountPrivateKey priv_key;
+  /**
+   * Curl context
+  */
+  struct GNUNET_CURL_Context *ctx;
+  // FIXME not sure how to do payment
+  int payment_requested;
+  const char *payment_order_id;
+};
+
+/**
+ * FIXME NOT SURE IF NEEDED
+ * Internal struct which defines an escrow method
+ */
+struct ANASTASIS_TruthMethod
+{
+  char *url;
+  char *escrow_method;
+  uuid_t uuid;
+  struct ANASTASIS_CRYPTO_TruthKey truth_key;
+  struct ANASTASIS_CRYPTO_Salt salt;
+  void *challenge;
+  size_t challenge_size;
 };
 
 
@@ -762,7 +807,6 @@ policy_store_cb (void *cls,
 }
 
 
-
 /**
 * Creates a recovery document with the created policies.
 *
@@ -782,6 +826,8 @@ ANASTASIS_secret_share (const json_t *id_data,
                         const struct GNUNET_HashCode *last_etag,
                         struct ANASTASIS_Policy *policies[],
                         unsigned int policies_len,
+                        struct ANASTASIS_Truth *truths[],
+                        unsigned int truths_len,
                         ANASTASIS_SharePaymentCallback spc,
                         void *spc_cls,
                         ANASTASIS_ShareResultCallback src,
@@ -796,30 +842,81 @@ ANASTASIS_secret_share (const json_t *id_data,
   struct ANASTASIS_CRYPTO_EncryptedMasterKey
     encrypted_master_keys[policies_len];
   struct ANASTASIS_CRYPTO_PolicyKey policy_keys[policies_len];
+  struct ANASTASIS_DecryptionPolicy decryption_policies[policies_len];
+  struct ANASTASIS_TruthMethod truth_methods[truths_len];
+  struct SaltState *st = src_cls;
+  st->http_status = MHD_HTTP_OK;
+  void *enc_rec_doc;
+  size_t enc_rec_doc_size;
   json_t *recovery_document;
 
   for (unsigned int i = 0; i < policies_len; i++)
   {
     policy_keys[i] = policies[i]->policy_key;
   }
+  // FIXME CHALLENGE
+  for (unsigned int l = 0; l < truths_len; l++)
+  {
+    memcpy (truth_methods[l].uuid, truths[l]->uuid, sizeof(uuid_t));
+    truth_methods[l].url = truths[l]->url;
+    truth_methods[l].truth_key = truths[l]->truth_key;
+    truth_methods[l].salt = *truths[l]->salt;
+    truth_methods[l].escrow_method = truths[l]->method;
+  }
 
-  ANASTASIS_CRYPTO_core_secret_encrypt ((struct ANASTASIS_CRYPTO_PolicyKey *)
-                                        &policy_keys,
+  ANASTASIS_CRYPTO_core_secret_encrypt (policy_keys,
                                         policies_len,
                                         core_secret,
                                         core_secret_size,
                                         &encrypted_core_secret,
-                                        (struct
-                                         ANASTASIS_CRYPTO_EncryptedMasterKey *)
-                                        &encrypted_master_keys);
+                                        encrypted_master_keys);
 
+  for (unsigned int j = 0; j < policies_len; j++)
+  {
+    decryption_policies[j].emk  = &encrypted_master_keys[j];
+    decryption_policies[j].uuids_length = policies[j]->uuid_length;
+    decryption_policies[j].escrow_uuids = policies[j]->uuids;
+  }
 
-  // build recovery document in json
-  // Compress recovery document
-  // policy document encrypt
-  // policy upload
+  // FIXME
+  recovery_document = json_pack (
+    " s:[fmt],"       /* escrow methods */
+    " s:[fmt],"       /* decryption policies */
+    " s:o}",       /* encrypted core secret */
+    "escrow_methods", &truth_methods,
+    "decryption_policies", &decryption_policies,
+    "core_secret", GNUNET_JSON_from_data (
+      core_secret, core_secret_size));
+
+  st->so = ANASTASIS_salt (ss->ctx,
+                           truth_methods[0].url,
+                           &salt_cb,
+                           st);
+  ANASTASIS_CRYPTO_user_identifier_derive (id_data,
+                                           &st->so->salt,
+                                           &ss->id);
+  salt_cleanup (st);
+
+  // ANASTASIS_CRYPTO_account_private_key_derive (&ss->id,
+  //                                            &ss->priv_key);
+
+  ANASTASIS_CRYPTO_recovery_document_encrypt (&ss->id,
+                                              recovery_document,
+                                              sizeof(recovery_document),// 
FIXME
+                                              &enc_rec_doc,
+                                              &enc_rec_doc_size);
+
+  ss->pso = ANASTASIS_policy_store (ss->ctx,
+                                    truth_methods[0].url,
+                                    &ss->priv_key,
+                                    last_etag,
+                                    enc_rec_doc,
+                                    enc_rec_doc_size,
+                                    ss->payment_requested,
+                                    ss->payment_order_id,
+                                    &policy_store_cb,
+                                    ss);
   // Callback handle
-
   return ss;
 }
 
diff --git a/src/lib/anastasis_api_keyshare_lookup.c 
b/src/lib/anastasis_api_keyshare_lookup.c
index 806ea8b..a70596a 100644
--- a/src/lib/anastasis_api_keyshare_lookup.c
+++ b/src/lib/anastasis_api_keyshare_lookup.c
@@ -1,25 +1,21 @@
 /*
-  This file is part of ANASTASIS
-  Copyright (C) 2014-2019 GNUnet e.V. and INRIA
+  This file is part of Anastasis
+  Copyright (C) 2020 Taler Systems SA
 
-  ANASTASIS is free software; you can redistribute it and/or modify
-  it under the terms of the GNU Lesser General Public License as
-  published by the Free Software Foundation; either version 2.1,
-  or (at your option) any later version.
+  Anastasis is free software; you can redistribute it and/or modify it under 
the
+  terms of the GNU Lesser General Public License as published by the Free 
Software
+  Foundation; either version 3, or (at your option) any later version.
 
-  ANASTASIS is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-  GNU Lesser General Public License for more details.
+  Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 
-  You should have received a copy of the GNU Lesser General Public
-  License along with ANASTASIS; see the file COPYING.LGPL.  If not,
-  see <http://www.gnu.org/licenses/>
+  You should have received a copy of the GNU General Public License along with
+  Anastasis; see the file COPYING.GPL.  If not, see 
<http://www.gnu.org/licenses/>
 */
-
 /**
  * @file lib/anastasis_api_policy_lookup.c
- * @brief Implementation of the /policy GET and POST
+ * @brief Implementation of the /policy GET
  * @author Christian Grothoff
  * @author Dennis Neufeld
  * @author Dominik Meister
@@ -55,7 +51,7 @@ struct ANASTASIS_KeyShareLookupOperation
   /**
    * Function to call with the result.
    */
-  ANASTASIS_KeyshareLookupCallback cb;
+  ANASTASIS_KeyShareLookupCallback cb;
 
   /**
    * Closure for @a cb.
@@ -70,35 +66,36 @@ struct ANASTASIS_KeyShareLookupOperation
   /**
    * Identification of the Truth Object
    */
-  uuid_t truth_uuid;
+  const uuid_t *truth_uuid;
 
   /**
    * Key to decrypt the truth on the server
    */
-  struct ANASTASIS_CRYPTO_TruthKey truth_key;
+  const struct ANASTASIS_CRYPTO_TruthKey *truth_key;
 
   /**
    * Hash of the response (security question)
    */
-  struct GNUNET_HashCode hashed_answer;
+  const struct GNUNET_HashCode *hashed_answer;
 };
 
+
 /**
  * Cancel a pending /truth GET request
  *
  * @param handle from the operation to cancel
  */
 void
-ANASTASIS_key_share_lookup_cancel (struct
-                                   ANASTASIS_KeyShareLookupOperation *klo)
+ANASTASIS_keyshare_lookup_cancel (struct
+                                  ANASTASIS_KeyShareLookupOperation *kslo)
 {
-  if (NULL != klo->job)
+  if (NULL != kslo->job)
   {
-    GNUNET_CURL_job_cancel (klo->job);
-    klo->job = NULL;
+    GNUNET_CURL_job_cancel (kslo->job);
+    kslo->job = NULL;
   }
-  GNUNET_free (klo->url);
-  GNUNET_free (klo);
+  GNUNET_free (kslo->url);
+  GNUNET_free (kslo);
 }
 
 
@@ -106,14 +103,14 @@ ANASTASIS_key_share_lookup_cancel (struct
  * Process GET /truth response
  */
 static void
-handle_key_share_lookup_finished (void *cls,
-                                  long response_code,
-                                  const void *data,
-                                  size_t data_size)
+handle_keyshare_lookup_finished (void *cls,
+                                 long response_code,
+                                 const void *data,
+                                 size_t data_size)
 {
-  struct ANASTASIS_KeyshareLookupOperation *klo = cls;
+  struct ANASTASIS_KeyShareLookupOperation *kslo = cls;
 
-  klo->job = NULL;
+  kslo->job = NULL;
   switch (response_code)
   {
   case 0:
@@ -127,14 +124,14 @@ handle_key_share_lookup_finished (void *cls,
       struct ANASTASIS_KeyShareDownloadDetails kdd;
 
       /* Success, call callback with all details! */
-      memset (&dd, 0, sizeof (dd));
-      kdd.keyshare = klo->data;
-      kdd.keyshare_size = klo->data_size;
-      klo->cb (klo->cb_cls,
-               response_code,
-               &kdd);
-      klo->cb = NULL;
-      ANASTASIS_key_share_lookup_cancel (klo);
+      memset (&kdd, 0, sizeof (kdd));
+      kdd.encrypted_key_share = data;
+      kdd.encrypted_keyshare_size = data_size;
+      kslo->cb (kslo->cb_cls,
+                response_code,
+                &kdd);
+      kslo->cb = NULL;
+      ANASTASIS_keyshare_lookup_cancel (kslo);
       return;
     }
   case MHD_HTTP_BAD_REQUEST:
@@ -157,14 +154,14 @@ handle_key_share_lookup_finished (void *cls,
     response_code = 0;
     break;
   }
-  if (NULL != klo->cb)
+  if (NULL != kslo->cb)
   {
-    klo->cb (klo->cb_cls,
-             response_code,
-             NULL);
-    klo->cb = NULL;
+    kslo->cb (kslo->cb_cls,
+              response_code,
+              NULL);
+    kslo->cb = NULL;
   }
-  ANASTASIS_key_share_lookup_cancel (klo);
+  ANASTASIS_keyshare_lookup_cancel (kslo);
 }
 
 
@@ -174,7 +171,7 @@ handle_key_share_lookup_finished (void *cls,
  * @param buffer one line of HTTP header data
  * @param size size of an item
  * @param nitems number of items passed
- * @param userdata our `struct ANASTASIS_PolicyLookupOperation *`
+ * @param userdata our `struct ANASTASIS_KeyShareLookupOperation *`
  * @return `size * nitems`
  */
 static size_t
@@ -183,23 +180,26 @@ handle_header (char *buffer,
                size_t nitems,
                void *userdata)
 {
-  struct ANASTASIS_KeyShareLookupOperation *klo = userdata;
+  struct ANASTASIS_KeyShareLookupOperation *kslo = userdata;
   size_t total = size * nitems;
   char *ndup;
   const char *hdr_type;
   char *hdr_val;
+  char *sp;
 
   ndup = GNUNET_strndup (buffer,
                          total);
-  hdr_type = strtok (ndup,
-                     ":");
+  hdr_type = strtok_r (ndup,
+                       ":",
+                       &sp);
   if (NULL == hdr_type)
   {
     GNUNET_free (ndup);
     return total;
   }
-  hdr_val = strtok (NULL,
-                    "\n\r");
+  hdr_val = strtok_r (NULL,
+                      "\n\r",
+                      &sp);
   if (NULL == hdr_val)
   {
     GNUNET_free (ndup);
@@ -208,29 +208,14 @@ handle_header (char *buffer,
   if (' ' == *hdr_val)
     hdr_val++;
   if (0 == strcasecmp (hdr_type,
-                       "Anastasis-Policy-Signature"))
+                       "Truth-Decryption-Key"))
   {
     if (GNUNET_OK !=
         GNUNET_STRINGS_string_to_data (hdr_val,
                                        strlen (hdr_val),
-                                       &plo->account_sig,
+                                       &kslo->truth_key,
                                        sizeof (struct
-                                               ANASTASIS_AccountSignatureP)))
-    {
-      GNUNET_break_op (0);
-      GNUNET_free (ndup);
-      return 0;
-    }
-  }
-  /* FIXME: reasonable?*/
-  if (0 == strcasecmp (hdr_type,
-                       "Anastasis-Previous"))
-  {
-    if (GNUNET_OK !=
-        GNUNET_STRINGS_string_to_data (hdr_val,
-                                       strlen (hdr_val),
-                                       &plo->anastasis_previous,
-                                       sizeof (struct GNUNET_HashCode)))
+                                               ANASTASIS_CRYPTO_TruthKey)))
     {
       GNUNET_break_op (0);
       GNUNET_free (ndup);
@@ -255,54 +240,74 @@ handle_header (char *buffer,
  * @return handle for this operation, NULL upon errors
  */
 struct ANASTASIS_KeyShareLookupOperation *
-ANASTASIS_key_share_lookup (struct GNUNET_CURL_Context *ctx,
-                            const char *backend_url,
-                            uuid_t *truth_uuid,
-                            const struct ANASTASIS_CRYPTO_TruthKey *truth_key,
-                            const struct GNUNET_HashCode *hashed_answer,
-                            ANASTASIS_KeyShareLookupCallback cb,
-                            void *cb_cls)
+ANASTASIS_keyshare_lookup (struct GNUNET_CURL_Context *ctx,
+                           const char *backend_url,
+                           const uuid_t *truth_uuid,
+                           const struct ANASTASIS_CRYPTO_TruthKey *truth_key,
+                           const struct GNUNET_HashCode *hashed_answer,
+                           ANASTASIS_KeyShareLookupCallback cb,
+                           void *cb_cls)
 {
-  struct ANASTASIS_KeyShareLookupOperation *klo;
+  struct ANASTASIS_KeyShareLookupOperation *kslo;
   CURL *eh;
   char *uuid_str;
-  char *hashed_answer;
+  char *hashed_answer_str;
   char *path;
 
-  klo = GNUNET_new (struct ANASTASIS_KeyShareLookupOperation);
-  klo->ctx = ctx;
-  klo->cb = cb;
-  klo->cb_cls = cb_cls;
-  klo->truth_key = truth_key;
-  uuid_str = GNUNET_STRINGS_data_to_string_alloc (&truth_uuid,
-                                                  sizeof (truth_uuid));
-  hashed_answer = GNUNET_STRINGS_data_to_string_alloc (&hashed_answer,
-                                                       sizeof (hashed_answer));
+  kslo = GNUNET_new (struct ANASTASIS_KeyShareLookupOperation);
+  kslo->ctx = ctx;
+  kslo->cb = cb;
+  kslo->cb_cls = cb_cls;
+  kslo->truth_key = truth_key;
+    << << << < HEAD
+
+    GNUNET_assert (NULL != truth_uuid);
+  uuid_str = GNUNET_STRINGS_data_to_string_alloc (truth_uuid,
+                                                  sizeof (*truth_uuid));
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+              "UUID in keyshare lookup:  %s\n",
+              uuid_str);
+  GNUNET_assert (NULL != hashed_answer);
+  ====== =
+    uuid_str = GNUNET_STRINGS_data_to_string_alloc (truth_uuid,
+                                                    sizeof (*truth_uuid));
+  >> >> >> > f6a488c ... modified salt request
+  hashed_answer_str = GNUNET_STRINGS_data_to_string_alloc (hashed_answer,
+                                                           sizeof (struct
+                                                                   
GNUNET_HashCode));
   GNUNET_asprintf (&path,
                    "truth/%s",
                    uuid_str);
-  GNUNET_free (uuid_str);
-  klo->url = TALER_url_join (backend_url,
-                             path,
-                             "response",
-                             hashed_answer,
-                             NULL);
+  kslo->url = TALER_url_join (backend_url,
+                              path,
+                              "response",
+                              hashed_answer_str,
+                              NULL);
   GNUNET_free (path);
-  GNUNET_free (hashed_answer);
-  eh = curl_easy_init ();
+  GNUNET_free (uuid_str);
+  GNUNET_free (hashed_answer_str);
+    << << << < HEAD
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Url get request (keyshare lookup): %s\n",
+                kslo->url);
+  ====== =
+    >> >> >> > f6a488c ... modified salt request
+    eh = curl_easy_init ();
   GNUNET_assert (CURLE_OK ==
                  curl_easy_setopt (eh,
                                    CURLOPT_HEADERFUNCTION,
                                    &handle_header));
-  GNUNET_assert ((CURLE_OK != curl_easy_setopt (eh,
+  GNUNET_assert ((CURLE_OK == curl_easy_setopt (eh,
                                                 CURLOPT_URL,
-                                                klo)));
-  klo->cb = cb;
-  klo->cb_cls = cb_cls;
-  klo->job = GNUNET_CURL_job_add_raw (ctx,
-                                      eh,
-                                      GNUNET_NO,
-                                      &handle_key_share_lookup_finished,
-                                      klo);
-  return klo;
+                                                kslo)));
+  kslo->cb = cb;
+  kslo->cb_cls = cb_cls;
+  kslo->job = GNUNET_CURL_job_add_raw (ctx,
+                                       eh,
+                                       GNUNET_NO,
+                                       &handle_keyshare_lookup_finished,
+                                       kslo);
+  return kslo;
 }
+
+/* end of anastasis_api_keyshare_lookup.c */
diff --git a/src/lib/anastasis_api_salt.c b/src/lib/anastasis_api_salt.c
index b38977a..f21ee59 100644
--- a/src/lib/anastasis_api_salt.c
+++ b/src/lib/anastasis_api_salt.c
@@ -1,22 +1,18 @@
 /*
-  This file is part of TALER
-  Copyright (C) 2014-2017 GNUnet e.V. and INRIA
+  This file is part of Anastasis
+  Copyright (C) 2020 Taler Systems SA
 
-  TALER is free software; you can redistribute it and/or modify
-  it under the terms of the GNU Lesser General Public License as
-  published by the Free Software Foundation; either version 2.1,
-  or (at your option) any later version.
+  Anastasis is free software; you can redistribute it and/or modify it under 
the
+  terms of the GNU Lesser General Public License as published by the Free 
Software
+  Foundation; either version 3, or (at your option) any later version.
 
-  TALER is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-  GNU Lesser General Public License for more details.
+  Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 
-  You should have received a copy of the GNU Lesser General Public
-  License along with TALER; see the file COPYING.LGPL.  If not,
-  see <http://www.gnu.org/licenses/>
+  You should have received a copy of the GNU General Public License along with
+  Anastasis; see the file COPYING.GPL.  If not, see 
<http://www.gnu.org/licenses/>
 */
-
 /**
  * @file lib/anastasis_api_salt.c
  * @brief Implementation of the /salt GET
diff --git a/src/lib/anastasis_api_truth_store.c 
b/src/lib/anastasis_api_truth_store.c
index 3b8e19d..7552364 100644
--- a/src/lib/anastasis_api_truth_store.c
+++ b/src/lib/anastasis_api_truth_store.c
@@ -1,22 +1,18 @@
 /*
-  This file is part of ANASTASIS
-  Copyright (C) 2014-2019 GNUnet e.V. and INRIA
+  This file is part of Anastasis
+  Copyright (C) 2020 Taler Systems SA
 
-  ANASTASIS is free software; you can redistribute it and/or modify
-  it under the terms of the GNU Lesser General Public License as
-  published by the Free Software Foundation; either version 2.1,
-  or (at your option) any later version.
+  Anastasis is free software; you can redistribute it and/or modify it under 
the
+  terms of the GNU Lesser General Public License as published by the Free 
Software
+  Foundation; either version 3, or (at your option) any later version.
 
-  ANASTASIS is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-  GNU Lesser General Public License for more details.
+  Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 
-  You should have received a copy of the GNU Lesser General Public
-  License along with ANASTASIS; see the file COPYING.LGPL.  If not,
-  see <http://www.gnu.org/licenses/>
+  You should have received a copy of the GNU General Public License along with
+  Anastasis; see the file COPYING.GPL.  If not, see 
<http://www.gnu.org/licenses/>
 */
-
 /**
  * @file lib/anastasis_api_truth_store.c
  * @brief Implementation of the /truth GET and POST
@@ -263,7 +259,7 @@ handle_header (char *buffer,
 struct ANASTASIS_TruthStoreOperation *
 ANASTASIS_truth_store (struct GNUNET_CURL_Context *ctx,
                        const char *backend_url,
-                       const uuid_t truth_uuid,
+                       const uuid_t *truth_uuid,
                        json_t *truth_data,
                        int payment_requested,
                        const char *paid_order_id,
@@ -274,6 +270,9 @@ ANASTASIS_truth_store (struct GNUNET_CURL_Context *ctx,
   CURL *eh;
   char *json_str;
 
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Truth json before upload 3: %s\n",
+              json_dumps (truth_data, JSON_COMPACT));
   json_str = json_dumps (truth_data,
                          JSON_COMPACT);
 
@@ -285,7 +284,7 @@ ANASTASIS_truth_store (struct GNUNET_CURL_Context *ctx,
       char uuid_str[37];
       char *path;
 
-      uuid_unparse (truth_uuid, uuid_str);
+      uuid_unparse (*truth_uuid, uuid_str);
       GNUNET_log (GNUNET_ERROR_TYPE_INFO,
                   "UUID:  %s\n",
                   uuid_str);
@@ -345,5 +344,6 @@ ANASTASIS_truth_store (struct GNUNET_CURL_Context *ctx,
                                       GNUNET_NO,
                                       &handle_truth_store_finished,
                                       tso);
+  json_decref (truth_data);
   return tso;
 }
diff --git a/src/lib/test_anastasis_api.c b/src/lib/test_anastasis_api.c
index 984699a..317f7af 100644
--- a/src/lib/test_anastasis_api.c
+++ b/src/lib/test_anastasis_api.c
@@ -1,22 +1,18 @@
 /*
-  This file is part of TALER
-  Copyright (C) 2014-2019 Taler Systems SA
-
-  TALER is free software; you can redistribute it and/or modify
-  it under the terms of the GNU General Public License as
-  published by the Free Software Foundation; either version 3, or
-  (at your option) any later version.
-
-  TALER is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-  GNU General Public License for more details.
-
-  You should have received a copy of the GNU General Public
-  License along with TALER; see the file COPYING.  If not, see
-  <http://www.gnu.org/licenses/>
-*/
+  This file is part of Anastasis
+  Copyright (C) 2020 Taler Systems SA
+
+  Anastasis is free software; you can redistribute it and/or modify it under 
the
+  terms of the GNU Lesser General Public License as published by the Free 
Software
+  Foundation; either version 3, or (at your option) any later version.
+
+  Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 
+  You should have received a copy of the GNU General Public License along with
+  Anastasis; see the file COPYING.GPL.  If not, see 
<http://www.gnu.org/licenses/>
+*/
 /**
  * @file lib/test_anastasis_api.c
  * @brief testcase to test anastasis' HTTP API interface
@@ -243,7 +239,22 @@ run (void *cls,
                                        ANASTASIS_TESTING_TSO_NONE,
                                        ANASTASIS_TESTING_make_truth_example (
                                          "Truth method",
-                                         "Truth mime")),
+                                         "Truth mime",
+                                         ANASTASIS_TESTING_make_hashed_answer (
+                                           "Hashed-Answer",
+                                           strlen ("Hashed-Answer")),
+                                         ANASTASIS_TESTING_make_truthkey (
+                                           "Truth-Key"))),
+    ANASTASIS_TESTING_cmd_keyshare_lookup ("keyshare-lookup-1",
+                                           anastasis_url,
+                                           MHD_HTTP_OK,
+                                           
ANASTASIS_TESTING_make_hashed_answer (
+                                             "Hashed-Answer",
+                                             strlen ("Hashed-Answer")),
+                                           ANASTASIS_TESTING_make_truthkey (
+                                             "Truth-Key"),
+                                           "truth-store-1"),
+
     TALER_TESTING_cmd_end ()
   };
 
diff --git a/src/lib/testing_api_cmd_keyshare_lookup.c 
b/src/lib/testing_api_cmd_keyshare_lookup.c
new file mode 100644
index 0000000..ec2f491
--- /dev/null
+++ b/src/lib/testing_api_cmd_keyshare_lookup.c
@@ -0,0 +1,283 @@
+/*
+  This file is part of Anastasis
+  Copyright (C) 2020 Taler Systems SA
+
+  Anastasis is free software; you can redistribute it and/or modify it under 
the
+  terms of the GNU Lesser General Public License as published by the Free 
Software
+  Foundation; either version 3, or (at your option) any later version.
+
+  Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License along with
+  Anastasis; see the file COPYING.GPL.  If not, see 
<http://www.gnu.org/licenses/>
+*/
+/**
+ * @file lib/anastasis_api_keyshare_lookup.c
+ * @brief Testing of Implementation of the /truth GET
+ * @author Christian Grothoff
+ * @author Dennis Neufeld
+ * @author Dominik Meister
+ */
+
+#include "platform.h"
+#include "anastasis_testing_lib.h"
+#include <taler/taler_util.h>
+#include <taler/taler_testing_lib.h>
+
+
+/**
+ * State for a "keyshare lookup" CMD.
+ */
+struct KeyShareLookupState
+{
+  /**
+   * The interpreter state.
+   */
+  struct TALER_TESTING_Interpreter *is;
+
+  /**
+   * URL of the anastasis backend.
+   */
+  const char *anastasis_url;
+
+  /**
+   * Expected status code.
+   */
+  unsigned int http_status;
+
+  /**
+   * The /truth GET operation handle.
+   */
+  struct ANASTASIS_KeyShareLookupOperation *kslo;
+
+  /**
+   * Hashed answer to a challenge
+   */
+  struct GNUNET_HashCode hashed_answer;
+
+  /**
+   * Key to decrypt truth
+   */
+  const struct ANASTASIS_CRYPTO_TruthKey *truth_key;
+
+  /**
+   * Identification of the Truth Object
+   */
+  const uuid_t *truth_uuid;
+
+  /**
+   * Reference to upload command we expect to lookup.
+   */
+  const char *upload_reference;
+};
+
+/**
+ * Function called with the results of a #ANASTASIS_keyshare_lookup().
+ *
+ * @param cls closure
+ * @param http_status HTTP status of the request
+ * @param ud details about the lookup operation
+ */
+static void
+keyshare_lookup_cb (void *cls,
+                    unsigned int http_status,
+                    const struct ANASTASIS_KeyShareDownloadDetails *dd)
+{
+  struct KeyShareLookupState *ksls = cls;
+
+  ksls->kslo = NULL;
+  if (http_status != ksls->http_status)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Unexpected response code %u to command %s in %s:%u\n",
+                http_status,
+                ksls->is->commands[ksls->is->ip].label,
+                __FILE__,
+                __LINE__);
+    TALER_TESTING_interpreter_fail (ksls->is);
+    return;
+  }
+  TALER_TESTING_interpreter_next (ksls->is);
+}
+
+
+/**
+ * Run a "keyshare lookup" CMD.
+ *
+ * @param cls closure.
+ * @param cmd command currently being run.
+ * @param is interpreter state.
+ */
+static void
+keyshare_lookup_run (void *cls,
+                     const struct TALER_TESTING_Command *cmd,
+                     struct TALER_TESTING_Interpreter *is)
+{
+  struct KeyShareLookupState *ksls = cls;
+
+  ksls->is = is;
+  if (NULL != ksls->upload_reference)
+  {
+    const struct TALER_TESTING_Command *upload_cmd;
+
+    upload_cmd = TALER_TESTING_interpreter_lookup_command
+                   (is,
+                   ksls->upload_reference);
+    if (NULL == upload_cmd)
+    {
+      GNUNET_break (0);
+      TALER_TESTING_interpreter_fail (ksls->is);
+      return;
+    }
+      << << << < HEAD
+        {
+        const uuid_t *uuid;
+
+        if (GNUNET_OK !=
+            ANASTASIS_TESTING_get_trait_uuid (upload_cmd,
+                                              0,
+                                              &uuid))
+        {
+          GNUNET_break (0);
+          TALER_TESTING_interpreter_fail (ksls->is);
+          return;
+        }
+        ksls->truth_uuid = uuid;
+        if (NULL == ksls->truth_uuid)
+        {
+          GNUNET_break (0);
+          TALER_TESTING_interpreter_fail (ksls->is);
+          return;
+        }
+        GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                    "Uuid from trait: %s\n",
+                    TALER_B2S (ksls->truth_uuid));
+
+        ====== =
+          if (GNUNET_OK !=
+              ANASTASIS_TESTING_get_trait_uuid (upload_cmd,
+                                                0,
+                                                &ksls->truth_uuid))
+        {
+          GNUNET_break (0);
+          TALER_TESTING_interpreter_fail (ksls->is);
+          return;
+          >> >> >> > f6a488c ... modified salt request
+        }
+      }
+      ksls->kslo = ANASTASIS_keyshare_lookup (is->ctx,
+                                              ksls->anastasis_url,
+                                              ksls->truth_uuid,
+                                              ksls->truth_key,
+                                              &ksls->hashed_answer,
+                                              &keyshare_lookup_cb,
+                                              ksls);
+    if (NULL == ksls->kslo)
+    {
+      GNUNET_break (0);
+      TALER_TESTING_interpreter_fail (ksls->is);
+      return;
+    }
+  }
+
+
+/**
+ * Free the state of a "keyshare lookup" CMD, and possibly
+ * cancel it if it did not complete.
+ *
+ * @param cls closure.
+ * @param cmd command being freed.
+ */
+  static void
+  keyshare_lookup_cleanup (void *cls,
+                           const struct TALER_TESTING_Command *cmd)
+  {
+    struct KeyShareLookupState *ksls = cls;
+
+    if (NULL != ksls->kslo)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                  "Command '%s' did not complete (keyshare lookup)\n",
+                  cmd->label);
+      ANASTASIS_keyshare_lookup_cancel (ksls->kslo);
+      ksls->kslo = NULL;
+    }
+    GNUNET_free (ksls);
+  }
+
+
+/**
+ * Creates hash of an answer
+ *
+ * @param answer the answer to a challenge (e.g. a secure question)
+ * @param size_answer size of the answer
+ * @return hash of the answer
+ */
+  struct GNUNET_HashCode
+  ANASTASIS_TESTING_make_hashed_answer (const void *answer,
+                                        size_t size_answer)
+  {
+    struct GNUNET_HashCode hashed_answer;
+    GNUNET_CRYPTO_hash (answer,
+                        size_answer,
+                        &hashed_answer);
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Hashed answer: %s\n",
+                TALER_B2S (&hashed_answer));
+    return hashed_answer;
+  }
+
+
+/**
+ * Make the "keyshare lookup" command.
+ *
+ * @param label command label
+ * @param anastasis_url base URL of the ANASTASIS serving
+ *        the keyshare lookup request.
+ * @param http_status expected HTTP status.
+ * @param answer hashed answer (response to challenge)
+ * @param key key to decrypt truth
+ * @param upload_ref reference to upload command
+ * @return the command
+ */
+  struct TALER_TESTING_Command
+  ANASTASIS_TESTING_cmd_keyshare_lookup (const char *label,
+                                         const char *anastasis_url,
+                                         unsigned int http_status,
+                                         const struct GNUNET_HashCode answer,
+                                         const struct
+                                         ANASTASIS_CRYPTO_TruthKey *key,
+                                         const char *upload_ref)
+  {
+    struct KeyShareLookupState *ksls;
+
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Hashed answer in keyshare lookup cmd: %s\n",
+                TALER_B2S (&answer));
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "TruthKey in keyshare lookup cmd: %s\n",
+                TALER_B2S (key));
+
+    GNUNET_assert (NULL != upload_ref);
+    ksls = GNUNET_new (struct KeyShareLookupState);
+    ksls->http_status = http_status;
+    ksls->anastasis_url = anastasis_url;
+    ksls->upload_reference = upload_ref;
+    ksls->hashed_answer = answer;
+    ksls->truth_key = key;
+    {
+      struct TALER_TESTING_Command cmd = {
+        .cls = ksls,
+        .label = label,
+        .run = &keyshare_lookup_run,
+        .cleanup = &keyshare_lookup_cleanup
+      };
+
+      return cmd;
+    }
+  }
+
+
+/* end of testing_api_cmd_keyshare_lookup.c */
\ No newline at end of file
diff --git a/src/lib/testing_api_cmd_policy_lookup.c 
b/src/lib/testing_api_cmd_policy_lookup.c
index c41ce10..744466d 100644
--- a/src/lib/testing_api_cmd_policy_lookup.c
+++ b/src/lib/testing_api_cmd_policy_lookup.c
@@ -1,22 +1,18 @@
 /*
-  This file is part of ANASTASIS
-  Copyright (C) 2014-2019 Taler Systems SA
+  This file is part of Anastasis
+  Copyright (C) 2020 Taler Systems SA
 
-  ANASTASIS is free software; you can redistribute it and/or modify
-  it under the terms of the GNU General Public License as
-  published by the Free Software Foundation; either version 3, or
-  (at your option) any later version.
+  Anastasis is free software; you can redistribute it and/or modify it under 
the
+  terms of the GNU Lesser General Public License as published by the Free 
Software
+  Foundation; either version 3, or (at your option) any later version.
 
-  ANASTASIS is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-  GNU General Public License for more details.
+  Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 
-  You should have received a copy of the GNU General Public
-  License along with ANASTASIS; see the file COPYING.  If not, see
-  <http://www.gnu.org/licenses/>
+  You should have received a copy of the GNU General Public License along with
+  Anastasis; see the file COPYING.GPL.  If not, see 
<http://www.gnu.org/licenses/>
 */
-
 /**
  * @file lib/testing_api_cmd_policy_lookup.c
  * @brief command to execute the anastasis backend service.
@@ -263,7 +259,7 @@ ANASTASIS_TESTING_cmd_policy_lookup (const char *label,
  *
  * @param label command label
  * @param anastasis_url base URL of the ANASTASIS serving
- *        the policy store request.
+ *        the policy lookup request.
  * @return the command
  */
 struct TALER_TESTING_Command
diff --git a/src/lib/testing_api_cmd_truth_store.c 
b/src/lib/testing_api_cmd_truth_store.c
index 11c44ac..bb52a4c 100644
--- a/src/lib/testing_api_cmd_truth_store.c
+++ b/src/lib/testing_api_cmd_truth_store.c
@@ -1,22 +1,26 @@
 /*
-  This file is part of ANASTASIS
-  Copyright (C) 2014-2019 Taler Systems SA
-
-  ANASTASIS is free software; you can redistribute it and/or modify
-  it under the terms of the GNU General Public License as
-  published by the Free Software Foundation; either version 3, or
-  (at your option) any later version.
-
-  ANASTASIS is distributed in the hope that it will be useful, but
-  WITHOUT ANY WARRANTY; without even the implied warranty of
-  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-  GNU General Public License for more details.
-
-  You should have received a copy of the GNU General Public
-  License along with ANASTASIS; see the file COPYING.  If not, see
-  <http://www.gnu.org/licenses/>
-*/
+  This file is part of Anastasis
+  Copyright (C) 2020 Taler Systems SA
+
+  Anastasis is free software; you can redistribute it and/or modify it under 
the
+  terms of the GNU Lesser General Public License as published by the Free 
Software
+  Foundation; either version 3, or (at your option) any later version.
+<<<<<<< HEAD
+
+  Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+=======
 
+  Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+>>>>>>> f6a488c... modified salt request
+  You should have received a copy of the GNU General Public License along with
+  Anastasis; see the file COPYING.GPL.  If not, see 
<http://www.gnu.org/licenses/>
+*/
 /**
  * @file lib/testing_api_cmd_truth_store.c
  * @brief command to execute the anastasis backend service.
@@ -34,7 +38,6 @@
  */
 struct TruthStoreState
 {
-
   /**
    * The policy data.
    */
@@ -45,7 +48,10 @@ struct TruthStoreState
    */
   unsigned int http_status;
 
-  const uuid_t truth_uuid;
+  /**
+   * Uuid of truth
+   */
+  const uuid_t *truth_uuid;
 
   /**
    * Hash of the current upload.
@@ -216,6 +222,9 @@ truth_store_run (void *cls,
 {
   struct TruthStoreState *tss = cls;
   tss->is = is;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Truth json before upload 2: %s\n",
+              json_dumps (tss->truth_data, JSON_COMPACT));
   if (NULL != tss->prev_upload)
   {
     const struct TALER_TESTING_Command *ref;
@@ -253,12 +262,22 @@ truth_store_run (void *cls,
       }
     }
   }
-  // Create an uuid
-  uuid_t truth_uuid;
-  uuid_generate (truth_uuid);
+  {
+    // Create an uuid
+    uuid_t truth_uuid;
+    uuid_generate (truth_uuid);
+    tss->truth_uuid = &truth_uuid;
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Uuid created: %s\n",
+                TALER_B2S (&truth_uuid));
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Uuid stored in tss: %s\n",
+                TALER_B2S (tss->truth_uuid));
+  }
+
   tss->tso = ANASTASIS_truth_store (is->ctx,
                                     tss->anastasis_url,
-                                    truth_uuid,
+                                    tss->truth_uuid,
                                     tss->truth_data,
                                     (0 !=
                                      (ANASTASIS_TESTING_TSO_REQUEST_PAYMENT
@@ -321,6 +340,12 @@ truth_store_traits (void *cls,
   struct TALER_TESTING_Trait traits[] = {
     ANASTASIS_TESTING_make_trait_hash (ANASTASIS_TESTING_TRAIT_HASH_CURRENT,
                                        &tss->curr_hash),
+    ANASTASIS_TESTING_make_trait_uuid (0,
+                                       << << << < HEAD
+                                       tss->truth_uuid),
+    ====== =
+      &tss->truth_uuid),
+    >> >> >> > f6a488c ... modified salt request
     TALER_TESTING_make_trait_order_id (0,
                                        tss->payment_order_id),
     TALER_TESTING_trait_end ()
@@ -333,32 +358,63 @@ truth_store_traits (void *cls,
 }
 
 
+/**
+ * Creates a truth key.
+ *
+ * @param key_str a str you want to be a truth key
+ * @return truthkey (must be freed)
+ */
+struct ANASTASIS_CRYPTO_TruthKey *
+ANASTASIS_TESTING_make_truthkey (const char *key_str)
+{
+  struct ANASTASIS_CRYPTO_TruthKey *key;
+
+  key = GNUNET_new (struct ANASTASIS_CRYPTO_TruthKey);
+  GNUNET_CRYPTO_hash (key_str,
+                      strlen (key_str),
+                      &key->key);
+  return key;
+}
+
+
 /**
  * Creates a sample of truth.
  *
  * @param method the challenge method
  * @param mime_type mime type of the truth
+ * @param answer the hashed answer (part of truth) to a challenge
+ * @param key the key to encrypt the truth
  * @return truth in json format
  */
-json_t*
-ANASTASIS_TESTING_make_truth_example (char *method,
-                                      char *mime_type)
+json_t *
+ANASTASIS_TESTING_make_truth_example (const char *method,
+                                      const char *mime_type,
+                                      const struct GNUNET_HashCode answer,
+                                      const struct
+                                      ANASTASIS_CRYPTO_TruthKey *key)
 {
 
   json_t *truth_data;
   struct ANASTASIS_CRYPTO_EncryptedKeyShare keyshare_data;
-  struct GNUNET_HashCode truth_hash;
-  const char *encrypted_truth;
+  void *encrypted_truth;
+  size_t size_encrypted_truth;
+
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Hashed answer in truth example: %s\n",
+              TALER_B2S (&answer));
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "TruthKey in truth example: %s\n",
+              TALER_B2S (key));
 
   GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
                               &keyshare_data,
                               sizeof (struct
                                       ANASTASIS_CRYPTO_EncryptedKeyShare));
-  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
-                              &truth_hash,
-                              sizeof (struct GNUNET_HashCode));
-  encrypted_truth = "Truth test (et)";
-
+  ANASTASIS_CRYPTO_truth_encrypt (key,
+                                  &answer,
+                                  sizeof (answer),
+                                  &encrypted_truth,
+                                  &size_encrypted_truth);
   truth_data = json_pack ("{s:o," /* keyshare_data */
                           " s:s," /* method */
                           " s:o," /* encrypted_truth */
@@ -367,14 +423,15 @@ ANASTASIS_TESTING_make_truth_example (char *method,
                             &keyshare_data),
                           "method", method,
                           "encrypted_truth", GNUNET_JSON_from_data (
-                            encrypted_truth, strlen (encrypted_truth)),
+                            encrypted_truth,
+                            size_encrypted_truth),
                           "truth_mime", mime_type
                           );
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-              "Truth json before upload: %s\n",
+              "Truth json before upload 0: %s\n",
               json_dumps (truth_data, JSON_COMPACT));
   GNUNET_assert (NULL != truth_data);
-
+  GNUNET_free (encrypted_truth);
   return truth_data;
 }
 
@@ -401,6 +458,10 @@ ANASTASIS_TESTING_cmd_truth_store (const char *label,
 {
   struct TruthStoreState *tss;
 
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Truth json before upload 1: %s\n",
+              json_dumps (truth_data, JSON_COMPACT));
+
   tss = GNUNET_new (struct TruthStoreState);
   tss->truth_data = truth_data;
   tss->http_status = http_status;
diff --git a/src/lib/testing_api_trait_uuid.c b/src/lib/testing_api_trait_uuid.c
new file mode 100644
index 0000000..4a61eeb
--- /dev/null
+++ b/src/lib/testing_api_trait_uuid.c
@@ -0,0 +1,74 @@
+/*
+  This file is part of TALER
+  Copyright (C) 2020 Taler Systems SA
+
+  TALER is free software; you can redistribute it and/or modify it
+  under the terms of the GNU General Public License as published
+  by the Free Software Foundation; either version 3, or (at your
+  option) any later version.
+
+  TALER is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+  General Public License for more details.
+
+  You should have received a copy of the GNU General Public
+  License along with TALER; see the file COPYING.  If not, see
+  <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file lib/testing_api_trait_uuid.c
+ * @brief traits to offer a hash
+ * @author Christian Grothoff
+ * @author Dominik Meister
+ * @author Dennis Neufeld
+ */
+#include "platform.h"
+#include "anastasis_testing_lib.h"
+
+#define ANASTASIS_TESTING_TRAIT_UUID "anastasis-uuid"
+
+
+/**
+ * Obtain an uuid from @a cmd.
+ *
+ * @param cmd command to extract the number from.
+ * @param index the number's index number.
+ * @param u[out] set to the number coming from @a cmd.
+ * @return #GNUNET_OK on success.
+ */
+int
+ANASTASIS_TESTING_get_trait_uuid
+  (const struct TALER_TESTING_Command *cmd,
+  unsigned int index,
+  const uuid_t **u)
+{
+  return cmd->traits (cmd->cls,
+                      (const void **) u,
+                      ANASTASIS_TESTING_TRAIT_UUID,
+                      index);
+}
+
+
+/**
+ * Offer an uuid.
+ *
+ * @param index the number's index number.
+ * @param u the uuid to offer.
+ * @return #GNUNET_OK on success.
+ */
+struct TALER_TESTING_Trait
+ANASTASIS_TESTING_make_trait_uuid
+  (unsigned int index,
+  const uuid_t *u)
+{
+  struct TALER_TESTING_Trait ret = {
+    .index = index,
+    .trait_name = ANASTASIS_TESTING_TRAIT_UUID,
+    .ptr = (const void *) u
+  };
+  return ret;
+}
+
+
+/* end of testing_api_trait_uuid.c */
diff --git a/src/stasis/plugin_anastasis_postgres.c 
b/src/stasis/plugin_anastasis_postgres.c
index 399fef7..68d0ae7 100644
--- a/src/stasis/plugin_anastasis_postgres.c
+++ b/src/stasis/plugin_anastasis_postgres.c
@@ -1,17 +1,17 @@
 /*
-  This file is part of TALER
-  (C) 2014--2019 Taler Systems SA
+  This file is part of Anastasis
+  Copyright (C) 2020 Taler Systems SA
 
-  TALER is free software; you can redistribute it and/or modify it under the
+  Anastasis is free software; you can redistribute it and/or modify it under 
the
   terms of the GNU Lesser General Public License as published by the Free 
Software
   Foundation; either version 3, or (at your option) any later version.
 
-  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
-  WARRANTY; without even the implied warranty of ANASTASISABILITY or FITNESS 
FOR
+  Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 
   You should have received a copy of the GNU General Public License along with
-  TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+  Anastasis; see the file COPYING.GPL.  If not, see 
<http://www.gnu.org/licenses/>
 */
 /**
  * @file anastasis/plugin_anastasisdb_postgres.c
diff --git a/src/stasis/test_anastasis_db.c b/src/stasis/test_anastasis_db.c
index 4e11be8..cb557b5 100644
--- a/src/stasis/test_anastasis_db.c
+++ b/src/stasis/test_anastasis_db.c
@@ -1,17 +1,17 @@
 /*
-  This file is part of
-  (C) 2014-2017 INRIA
+  This file is part of Anastasis
+  Copyright (C) 2020 Taler Systems SA
 
-  TALER is free software; you can redistribute it and/or modify it under the
+  Anastasis is free software; you can redistribute it and/or modify it under 
the
   terms of the GNU Lesser General Public License as published by the Free 
Software
   Foundation; either version 3, or (at your option) any later version.
 
-  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+  Anastasis is distributed in the hope that it will be useful, but WITHOUT ANY
   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 
   You should have received a copy of the GNU General Public License along with
-  TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+  Anastasis; see the file COPYING.GPL.  If not, see 
<http://www.gnu.org/licenses/>
 */
 /**
  * @file anastasis/test_anastasis_db.c
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
index fade009..5c3b62e 100644
--- a/src/util/anastasis_crypto.c
+++ b/src/util/anastasis_crypto.c
@@ -244,7 +244,7 @@ anastasis_decrypt (const void *key,
 void
 ANASTASIS_CRYPTO_user_identifier_derive (
   const json_t *id_data,
-  const struct ANASTASIS_CRYPTO_Salt server_salt,
+  const struct ANASTASIS_CRYPTO_Salt *server_salt,
   struct ANASTASIS_CRYPTO_UserIdentifier *id)
 {
   char *json_enc;
@@ -254,8 +254,8 @@ ANASTASIS_CRYPTO_user_identifier_derive (
                                   strlen (json_enc),
                                   GCRY_KDF_SCRYPT,
                                   1, // subalgo
-                                  server_salt.salt,
-                                  strlen (server_salt.salt),
+                                  server_salt->salt,
+                                  strlen (server_salt->salt),
                                   1000, // iterations
                                   sizeof (struct
                                           ANASTASIS_CRYPTO_UserIdentifier),
@@ -378,7 +378,7 @@ ANASTASIS_CRYPTO_recovery_document_decrypt (
  * @param enc_key_share[out] holds the encrypted share, the first 48 Bytes are 
the used nonce and tag
  */
 void
-ANASTASIS_CRYPTO_key_share_encrypt (
+ANASTASIS_CRYPTO_keyshare_encrypt (
   const struct ANASTASIS_CRYPTO_KeyShare *key_share,
   const struct ANASTASIS_CRYPTO_UserIdentifier *id,
   struct ANASTASIS_CRYPTO_EncryptedKeyShare **enc_key_share)
@@ -396,8 +396,8 @@ ANASTASIS_CRYPTO_key_share_encrypt (
                      salt,
                      (void **) enc_key_share,
                      &eks_size);
-  GNUNET_assert (eks_size ==
-                 sizeof (struct ANASTASIS_CRYPTO_EncryptedKeyShare));
+  GNUNET_assert (eks_size == sizeof (struct
+                                     ANASTASIS_CRYPTO_EncryptedKeyShare));
 }
 
 
@@ -409,7 +409,7 @@ ANASTASIS_CRYPTO_key_share_encrypt (
  * @param key_share[out] the result of decryption
  */
 void
-ANASTASIS_CRYPTO_key_share_decrypt (
+ANASTASIS_CRYPTO_keyshare_decrypt (
   const struct ANASTASIS_CRYPTO_EncryptedKeyShare *enc_key_share,
   const struct ANASTASIS_CRYPTO_UserIdentifier *id,
   struct ANASTASIS_CRYPTO_KeyShare **key_share)
@@ -495,7 +495,7 @@ ANASTASIS_CRYPTO_truth_decrypt (
  * @param key_share[out] reference to the created key share.
  */
 void
-ANASTASIS_CRYPTO_key_share_create (
+ANASTASIS_CRYPTO_keyshare_create (
   struct ANASTASIS_CRYPTO_KeyShare *key_share)
 {
   GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
@@ -596,6 +596,7 @@ ANASTASIS_CRYPTO_core_secret_encrypt (
  * @param encrypted_core_secret the encrypted core secret from the user, will 
be encrypted with the policy key
  * @param encrypted_core_secret_size size of the encrypted core secret
  * @param core_secret[out] decrypted core secret will be returned
+ * @param core_secret_size[out] size of core secret
  */
 void
 ANASTASIS_CRYPTO_core_secret_recover (
@@ -603,7 +604,8 @@ ANASTASIS_CRYPTO_core_secret_recover (
   const struct ANASTASIS_CRYPTO_PolicyKey policy_key,
   const void *encrypted_core_secret,
   size_t encrypted_core_secret_size,
-  void **core_secret)
+  void **core_secret,
+  size_t *core_secret_size)
 {
   struct GNUNET_CRYPTO_SymmetricSessionKey mk_sk;
   struct GNUNET_CRYPTO_SymmetricInitializationVector mk_iv;
@@ -624,12 +626,12 @@ ANASTASIS_CRYPTO_core_secret_recover (
   GNUNET_CRYPTO_hash_to_aes_key (&master_key,
                                  &core_sk,
                                  &core_iv);
-  GNUNET_assert (GNUNET_SYSERR !=
-                 GNUNET_CRYPTO_symmetric_decrypt (encrypted_core_secret,
-                                                  encrypted_core_secret_size,
-                                                  &core_sk,
-                                                  &core_iv,
-                                                  *core_secret));
+  *core_secret_size = GNUNET_CRYPTO_symmetric_decrypt (encrypted_core_secret,
+                                                       
encrypted_core_secret_size,
+                                                       &core_sk,
+                                                       &core_iv,
+                                                       *core_secret);
+  GNUNET_assert (GNUNET_SYSERR != *core_secret_size);
 }
 
 
diff --git a/src/util/test_anastasis_crypto.c b/src/util/test_anastasis_crypto.c
index ac17f9e..07a0712 100644
--- a/src/util/test_anastasis_crypto.c
+++ b/src/util/test_anastasis_crypto.c
@@ -56,13 +56,13 @@ test_user_identifier_derive (void)
   json_object_set_new (id_data_3, "arg1", json_string ("Hallo2"));
 
   ANASTASIS_CRYPTO_user_identifier_derive (id_data_1,
-                                           salt,
+                                           &salt,
                                            &id_1);
   ANASTASIS_CRYPTO_user_identifier_derive (id_data_2,
-                                           salt,
+                                           &salt,
                                            &id_2);
   ANASTASIS_CRYPTO_user_identifier_derive (id_data_3,
-                                           salt,
+                                           &salt,
                                            &id_3);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "UserIdentifier_1: %s\n",
@@ -75,6 +75,9 @@ test_user_identifier_derive (void)
               TALER_B2S (&id_3));
   GNUNET_assert (0 == GNUNET_memcmp (&id_1, &id_2));
   GNUNET_assert (0 != GNUNET_memcmp (&id_1, &id_3));
+  json_decref (id_data_1);
+  json_decref (id_data_2);
+  json_decref (id_data_3);
   return 0;
 }
 
@@ -92,6 +95,7 @@ test_recovery_document (void)
   size_t size_plaintext;
   struct ANASTASIS_CRYPTO_UserIdentifier id;
   struct ANASTASIS_CRYPTO_Salt salt;
+  int ret;
 
   json_t *id_data = json_object ();
   const char *test = "TEST_ERD";
@@ -99,7 +103,7 @@ test_recovery_document (void)
 
   json_object_set_new (id_data, "arg1", json_string ("ID_DATA"));
   ANASTASIS_CRYPTO_user_identifier_derive (id_data,
-                                           salt,
+                                           &salt,
                                            &id);
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
@@ -120,7 +124,12 @@ test_recovery_document (void)
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "ERD_AFTER:   %s\n",
               TALER_b2s (plaintext, size_plaintext));
-  return strncmp ((char *) plaintext, test, strlen (test));
+  GNUNET_assert (strlen (test) == size_plaintext);
+  ret = strncmp (plaintext, test, strlen (test));
+  json_decref (id_data);
+  GNUNET_free (ciphertext);
+  GNUNET_free (plaintext);
+  return ret;
 }
 
 
@@ -133,33 +142,36 @@ test_key_share (void)
   struct ANASTASIS_CRYPTO_KeyShare key_share;
   struct ANASTASIS_CRYPTO_KeyShare key_share_1;
   struct ANASTASIS_CRYPTO_KeyShare key_share_2;
+  int ret;
 
   // testing of enc-/decryption of a keyshare
   GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
                               &id,
                               sizeof (struct ANASTASIS_CRYPTO_UserIdentifier));
-  ANASTASIS_CRYPTO_key_share_create (&key_share);
+  ANASTASIS_CRYPTO_keyshare_create (&key_share);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "KEYSHARE_BEFORE:   %s\n",
               TALER_B2S (&key_share));
 
-  ANASTASIS_CRYPTO_key_share_encrypt (&key_share,
-                                      &id,
-                                      &ciphertext);
-  ANASTASIS_CRYPTO_key_share_decrypt (ciphertext,
-                                      &id,
-                                      &plaintext);
+  ANASTASIS_CRYPTO_keyshare_encrypt (&key_share,
+                                     &id,
+                                     &ciphertext);
+  ANASTASIS_CRYPTO_keyshare_decrypt (ciphertext,
+                                     &id,
+                                     &plaintext);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "KEYSHARE_AFTER:   %s\n",
               TALER_B2S (plaintext));
 
   // testing creation of keyshares
-  ANASTASIS_CRYPTO_key_share_create (&key_share_1);
-  ANASTASIS_CRYPTO_key_share_create (&key_share_2);
+  ANASTASIS_CRYPTO_keyshare_create (&key_share_1);
+  ANASTASIS_CRYPTO_keyshare_create (&key_share_2);
   GNUNET_assert (0 !=
                  GNUNET_memcmp (&key_share_1, &key_share_2));
-
-  return GNUNET_memcmp (&key_share, plaintext);
+  ret = GNUNET_memcmp (&key_share, plaintext);
+  GNUNET_free (ciphertext);
+  GNUNET_free (plaintext);
+  return ret;
 }
 
 
@@ -172,6 +184,7 @@ test_truth (void)
   void *plaintext;
   size_t size_plaintext;
   struct ANASTASIS_CRYPTO_TruthKey truth_enc_key;
+  int ret;
 
   GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
                               &truth_enc_key,
@@ -195,7 +208,11 @@ test_truth (void)
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "TRUTH_AFTER:   %s\n",
               TALER_b2s (plaintext, size_plaintext));
-  return strncmp ((char *) plaintext, test, strlen (test));
+  ret = strncmp (plaintext, test, strlen (test));
+  GNUNET_assert (strlen (test) == size_plaintext);
+  GNUNET_free (ciphertext);
+  GNUNET_free (plaintext);
+  return ret;
 }
 
 
@@ -223,7 +240,7 @@ test_core_secret (void)
     struct ANASTASIS_CRYPTO_KeyShare keyshares[keyshare_length];
     for (unsigned int j = 0; j < keyshare_length; j++)
     {
-      ANASTASIS_CRYPTO_key_share_create (&keyshares[j]);
+      ANASTASIS_CRYPTO_keyshare_create (&keyshares[j]);
       if (j > 0)
         GNUNET_assert (0 !=
                        GNUNET_memcmp (&keyshares[j - 1], &keyshares[j]));
@@ -259,15 +276,19 @@ test_core_secret (void)
   for (unsigned int k = 0; k < policy_keys_length; k++)
   {
     void *dec_core_secret;
+    size_t core_secret_size;
+
     ANASTASIS_CRYPTO_core_secret_recover (&encrypted_master_keys[k],
                                           policy_keys[k],
                                           enc_core_secret,
                                           strlen (test),
-                                          &dec_core_secret);
+                                          &dec_core_secret,
+                                          &core_secret_size);
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "CORE_SECRET_AFTER_%i:   %s\n",
                 k,
                 TALER_b2s (dec_core_secret, strlen (test)));
+    GNUNET_assert (strlen (test) == core_secret_size);
     GNUNET_assert (0 ==
                    strncmp (dec_core_secret, test, strlen (test)));
     GNUNET_assert (0 !=
@@ -275,6 +296,7 @@ test_core_secret (void)
                               test)));
     GNUNET_free (dec_core_secret);
   }
+  GNUNET_free (enc_core_secret);
   return 0;
 }
 
@@ -291,12 +313,13 @@ test_public_key_derive ()
 
   json_object_set_new (id_data, "arg1", json_string ("ID_DATA"));
   ANASTASIS_CRYPTO_user_identifier_derive (id_data,
-                                           server_salt,
+                                           &server_salt,
                                            &id);
 
   ANASTASIS_CRYPTO_account_public_key_derive (&id,
                                               &pub_key);
   // FIXME: write a real test, e.g. signing and verification
+  json_decref (id_data);
   return 0;
 }
 

-- 
To stop receiving notification emails like this one, please contact
address@hidden.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]