diff options
| author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-01-12 14:47:58 +0000 |
|---|---|---|
| committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-01-12 14:47:58 +0000 |
| commit | 548c7bbb68f5c22eadff4d54630d369e322a58b8 (patch) | |
| tree | 6ca8703ea12b15623dbbd40d08b7eef08317f946 /src/identity-provider | |
| parent | 219e64fe613c47eab4c143791128c2b453be3bf8 (diff) | |
| download | gnunet-548c7bbb68f5c22eadff4d54630d369e322a58b8.tar.gz gnunet-548c7bbb68f5c22eadff4d54630d369e322a58b8.zip | |
-minor
Diffstat (limited to 'src/identity-provider')
| -rw-r--r-- | src/identity-provider/identity_token.c | 75 |
1 files changed, 37 insertions, 38 deletions
diff --git a/src/identity-provider/identity_token.c b/src/identity-provider/identity_token.c index 673d0b037..0f6cba626 100644 --- a/src/identity-provider/identity_token.c +++ b/src/identity-provider/identity_token.c | |||
| @@ -67,7 +67,7 @@ create_sym_key_from_ecdh(const struct GNUNET_HashCode *new_key_hash, | |||
| 67 | 67 | ||
| 68 | 68 | ||
| 69 | /** | 69 | /** |
| 70 | * Decrypts metainfo part from a token code | 70 | * Decrypts data part from a token code |
| 71 | */ | 71 | */ |
| 72 | static int | 72 | static int |
| 73 | decrypt_str_ecdhe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 73 | decrypt_str_ecdhe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
| @@ -639,10 +639,10 @@ ticket_payload_serialize (struct TokenTicketPayload *payload, | |||
| 639 | 639 | ||
| 640 | /** | 640 | /** |
| 641 | * Create the token code | 641 | * Create the token code |
| 642 | * The metadata is encrypted with a share ECDH derived secret using B (aud_key) | 642 | * The data is encrypted with a share ECDH derived secret using B (aud_key) |
| 643 | * and e (ecdh_privkey) | 643 | * and e (ecdh_privkey) |
| 644 | * The ticket also contains E (ecdh_pubkey) and a signature over the | 644 | * The ticket also contains E (ecdh_pubkey) and a signature over the |
| 645 | * metadata and E | 645 | * data and E |
| 646 | */ | 646 | */ |
| 647 | struct TokenTicket* | 647 | struct TokenTicket* |
| 648 | ticket_create (const char* nonce_str, | 648 | ticket_create (const char* nonce_str, |
| @@ -725,7 +725,7 @@ ticket_serialize (struct TokenTicket *ticket, | |||
| 725 | dh_key_str = GNUNET_STRINGS_data_to_string_alloc (&ticket->ecdh_pubkey, | 725 | dh_key_str = GNUNET_STRINGS_data_to_string_alloc (&ticket->ecdh_pubkey, |
| 726 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | 726 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); |
| 727 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Using ECDH pubkey %s to encrypt\n", dh_key_str); | 727 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Using ECDH pubkey %s to encrypt\n", dh_key_str); |
| 728 | GNUNET_asprintf (&ticket_str, "{\"meta\": \"%s\", \"ecdh\": \"%s\", \"signature\": \"%s\"}", | 728 | GNUNET_asprintf (&ticket_str, "{\"data\": \"%s\", \"ecdh\": \"%s\", \"signature\": \"%s\"}", |
| 729 | ticket_payload_str, dh_key_str, ticket_sig_str); | 729 | ticket_payload_str, dh_key_str, ticket_sig_str); |
| 730 | GNUNET_STRINGS_base64_encode (ticket_str, strlen (ticket_str), result); | 730 | GNUNET_STRINGS_base64_encode (ticket_str, strlen (ticket_str), result); |
| 731 | GNUNET_free (dh_key_str); | 731 | GNUNET_free (dh_key_str); |
| @@ -754,26 +754,26 @@ ticket_payload_parse(const char *raw_data, | |||
| 754 | json_t *identity_json; | 754 | json_t *identity_json; |
| 755 | json_t *nonce_json; | 755 | json_t *nonce_json; |
| 756 | json_error_t err_json; | 756 | json_error_t err_json; |
| 757 | char* meta_str; | 757 | char* data_str; |
| 758 | struct GNUNET_CRYPTO_EcdsaPublicKey id_pkey; | 758 | struct GNUNET_CRYPTO_EcdsaPublicKey id_pkey; |
| 759 | 759 | ||
| 760 | if (GNUNET_OK != decrypt_str_ecdhe (priv_key, | 760 | if (GNUNET_OK != decrypt_str_ecdhe (priv_key, |
| 761 | ecdhe_pkey, | 761 | ecdhe_pkey, |
| 762 | raw_data, | 762 | raw_data, |
| 763 | data_len, | 763 | data_len, |
| 764 | &meta_str)) | 764 | &data_str)) |
| 765 | { | 765 | { |
| 766 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Metadata decryption failed\n"); | 766 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Data decryption failed\n"); |
| 767 | return GNUNET_SYSERR; | 767 | return GNUNET_SYSERR; |
| 768 | } | 768 | } |
| 769 | 769 | ||
| 770 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Metadata: %s\n", meta_str); | 770 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Data: %s\n", data_str); |
| 771 | root = json_loads (meta_str, JSON_DECODE_ANY, &err_json); | 771 | root = json_loads (data_str, JSON_DECODE_ANY, &err_json); |
| 772 | if (!root) | 772 | if (!root) |
| 773 | { | 773 | { |
| 774 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 774 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
| 775 | "Error parsing metadata: %s\n", err_json.text); | 775 | "Error parsing data: %s\n", err_json.text); |
| 776 | GNUNET_free (meta_str); | 776 | GNUNET_free (data_str); |
| 777 | return GNUNET_SYSERR; | 777 | return GNUNET_SYSERR; |
| 778 | } | 778 | } |
| 779 | 779 | ||
| @@ -781,9 +781,9 @@ ticket_payload_parse(const char *raw_data, | |||
| 781 | if (!json_is_string (identity_json)) | 781 | if (!json_is_string (identity_json)) |
| 782 | { | 782 | { |
| 783 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 783 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
| 784 | "Error parsing metadata: %s\n", err_json.text); | 784 | "Error parsing data: %s\n", err_json.text); |
| 785 | json_decref (root); | 785 | json_decref (root); |
| 786 | GNUNET_free (meta_str); | 786 | GNUNET_free (data_str); |
| 787 | return GNUNET_SYSERR; | 787 | return GNUNET_SYSERR; |
| 788 | } | 788 | } |
| 789 | identity_key_str = json_string_value (identity_json); | 789 | identity_key_str = json_string_value (identity_json); |
| @@ -797,9 +797,9 @@ ticket_payload_parse(const char *raw_data, | |||
| 797 | if (!json_is_string (label_json)) | 797 | if (!json_is_string (label_json)) |
| 798 | { | 798 | { |
| 799 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 799 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
| 800 | "Error parsing metadata: %s\n", err_json.text); | 800 | "Error parsing data: %s\n", err_json.text); |
| 801 | json_decref (root); | 801 | json_decref (root); |
| 802 | GNUNET_free (meta_str); | 802 | GNUNET_free (data_str); |
| 803 | return GNUNET_SYSERR; | 803 | return GNUNET_SYSERR; |
| 804 | } | 804 | } |
| 805 | 805 | ||
| @@ -810,9 +810,9 @@ ticket_payload_parse(const char *raw_data, | |||
| 810 | if (!json_is_string (label_json)) | 810 | if (!json_is_string (label_json)) |
| 811 | { | 811 | { |
| 812 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 812 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
| 813 | "Error parsing metadata: %s\n", err_json.text); | 813 | "Error parsing data: %s\n", err_json.text); |
| 814 | json_decref (root); | 814 | json_decref (root); |
| 815 | GNUNET_free (meta_str); | 815 | GNUNET_free (data_str); |
| 816 | return GNUNET_SYSERR; | 816 | return GNUNET_SYSERR; |
| 817 | } | 817 | } |
| 818 | 818 | ||
| @@ -822,7 +822,7 @@ ticket_payload_parse(const char *raw_data, | |||
| 822 | *result = ticket_payload_create (nonce_str, | 822 | *result = ticket_payload_create (nonce_str, |
| 823 | (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey, | 823 | (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey, |
| 824 | label_str); | 824 | label_str); |
| 825 | GNUNET_free (meta_str); | 825 | GNUNET_free (data_str); |
| 826 | json_decref (root); | 826 | json_decref (root); |
| 827 | return GNUNET_OK; | 827 | return GNUNET_OK; |
| 828 | 828 | ||
| @@ -833,19 +833,19 @@ ticket_parse (const char *raw_data, | |||
| 833 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 833 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
| 834 | struct TokenTicket **result) | 834 | struct TokenTicket **result) |
| 835 | { | 835 | { |
| 836 | const char* enc_meta_str; | 836 | const char* enc_data_str; |
| 837 | const char* ecdh_enc_str; | 837 | const char* ecdh_enc_str; |
| 838 | const char* signature_enc_str; | 838 | const char* signature_enc_str; |
| 839 | 839 | ||
| 840 | json_t *root; | 840 | json_t *root; |
| 841 | json_t *signature_json; | 841 | json_t *signature_json; |
| 842 | json_t *ecdh_json; | 842 | json_t *ecdh_json; |
| 843 | json_t *enc_meta_json; | 843 | json_t *enc_data_json; |
| 844 | json_error_t err_json; | 844 | json_error_t err_json; |
| 845 | char* enc_meta; | 845 | char* enc_data; |
| 846 | char* ticket_decoded; | 846 | char* ticket_decoded; |
| 847 | char* write_ptr; | 847 | char* write_ptr; |
| 848 | size_t enc_meta_len; | 848 | size_t enc_data_len; |
| 849 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; | 849 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; |
| 850 | struct TokenTicket *ticket; | 850 | struct TokenTicket *ticket; |
| 851 | struct TokenTicketPayload *ticket_payload; | 851 | struct TokenTicketPayload *ticket_payload; |
| @@ -863,11 +863,11 @@ ticket_parse (const char *raw_data, | |||
| 863 | 863 | ||
| 864 | signature_json = json_object_get (root, "signature"); | 864 | signature_json = json_object_get (root, "signature"); |
| 865 | ecdh_json = json_object_get (root, "ecdh"); | 865 | ecdh_json = json_object_get (root, "ecdh"); |
| 866 | enc_meta_json = json_object_get (root, "meta"); | 866 | enc_data_json = json_object_get (root, "data"); |
| 867 | 867 | ||
| 868 | signature_enc_str = json_string_value (signature_json); | 868 | signature_enc_str = json_string_value (signature_json); |
| 869 | ecdh_enc_str = json_string_value (ecdh_json); | 869 | ecdh_enc_str = json_string_value (ecdh_json); |
| 870 | enc_meta_str = json_string_value (enc_meta_json); | 870 | enc_data_str = json_string_value (enc_data_json); |
| 871 | 871 | ||
| 872 | ticket = GNUNET_malloc (sizeof (struct TokenTicket)); | 872 | ticket = GNUNET_malloc (sizeof (struct TokenTicket)); |
| 873 | 873 | ||
| @@ -876,12 +876,12 @@ ticket_parse (const char *raw_data, | |||
| 876 | &ticket->ecdh_pubkey, | 876 | &ticket->ecdh_pubkey, |
| 877 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey))) | 877 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey))) |
| 878 | { | 878 | { |
| 879 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH PKEY %s invalid in metadata\n", ecdh_enc_str); | 879 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH PKEY %s invalid in data\n", ecdh_enc_str); |
| 880 | json_decref (root); | 880 | json_decref (root); |
| 881 | GNUNET_free (ticket); | 881 | GNUNET_free (ticket); |
| 882 | return GNUNET_SYSERR; | 882 | return GNUNET_SYSERR; |
| 883 | } | 883 | } |
| 884 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Using ECDH pubkey %s for metadata decryption\n", ecdh_enc_str); | 884 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Using ECDH pubkey %s for data decryption\n", ecdh_enc_str); |
| 885 | if (GNUNET_OK != GNUNET_STRINGS_string_to_data (signature_enc_str, | 885 | if (GNUNET_OK != GNUNET_STRINGS_string_to_data (signature_enc_str, |
| 886 | strlen (signature_enc_str), | 886 | strlen (signature_enc_str), |
| 887 | &ticket->signature, | 887 | &ticket->signature, |
| @@ -890,43 +890,42 @@ ticket_parse (const char *raw_data, | |||
| 890 | json_decref (root); | 890 | json_decref (root); |
| 891 | GNUNET_free (ticket_decoded); | 891 | GNUNET_free (ticket_decoded); |
| 892 | GNUNET_free (ticket); | 892 | GNUNET_free (ticket); |
| 893 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH signature invalid in metadata\n"); | 893 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH signature invalid in data\n"); |
| 894 | return GNUNET_SYSERR; | 894 | return GNUNET_SYSERR; |
| 895 | } | 895 | } |
| 896 | 896 | ||
| 897 | enc_meta_len = GNUNET_STRINGS_base64_decode (enc_meta_str, | 897 | enc_data_len = GNUNET_STRINGS_base64_decode (enc_data_str, |
| 898 | strlen (enc_meta_str), | 898 | strlen (enc_data_str), |
| 899 | &enc_meta); | 899 | &enc_data); |
| 900 | 900 | ||
| 901 | 901 | ||
| 902 | if (GNUNET_OK != ticket_payload_parse (enc_meta, | 902 | if (GNUNET_OK != ticket_payload_parse (enc_data, |
| 903 | enc_meta_len, | 903 | enc_data_len, |
| 904 | priv_key, | 904 | priv_key, |
| 905 | (const struct GNUNET_CRYPTO_EcdhePublicKey*)&ticket->ecdh_pubkey, | 905 | (const struct GNUNET_CRYPTO_EcdhePublicKey*)&ticket->ecdh_pubkey, |
| 906 | &ticket_payload)) | 906 | &ticket_payload)) |
| 907 | { | 907 | { |
| 908 | json_decref (root); | 908 | json_decref (root); |
| 909 | GNUNET_free (enc_meta); | 909 | GNUNET_free (enc_data); |
| 910 | GNUNET_free (ticket_decoded); | 910 | GNUNET_free (ticket_decoded); |
| 911 | GNUNET_free (ticket); | 911 | GNUNET_free (ticket); |
| 912 | return GNUNET_SYSERR; | 912 | return GNUNET_SYSERR; |
| 913 | } | 913 | } |
| 914 | 914 | ||
| 915 | ticket->payload = ticket_payload; | 915 | ticket->payload = ticket_payload; |
| 916 | //TODO: check signature here | ||
| 917 | purpose = | 916 | purpose = |
| 918 | GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | 917 | GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
| 919 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + //E | 918 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + //E |
| 920 | enc_meta_len); // E_K (code_str) | 919 | enc_data_len); // E_K (code_str) |
| 921 | purpose->size = | 920 | purpose->size = |
| 922 | htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | 921 | htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
| 923 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + | 922 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + |
| 924 | enc_meta_len); | 923 | enc_data_len); |
| 925 | purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET); | 924 | purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET); |
| 926 | write_ptr = (char*) &purpose[1]; | 925 | write_ptr = (char*) &purpose[1]; |
| 927 | memcpy (write_ptr, &ticket->ecdh_pubkey, sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | 926 | memcpy (write_ptr, &ticket->ecdh_pubkey, sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); |
| 928 | write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey); | 927 | write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey); |
| 929 | memcpy (write_ptr, enc_meta, enc_meta_len); | 928 | memcpy (write_ptr, enc_data, enc_data_len); |
| 930 | 929 | ||
| 931 | if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET, | 930 | if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET, |
| 932 | purpose, | 931 | purpose, |
| @@ -944,7 +943,7 @@ ticket_parse (const char *raw_data, | |||
| 944 | *result = ticket; | 943 | *result = ticket; |
| 945 | GNUNET_free (purpose); | 944 | GNUNET_free (purpose); |
| 946 | 945 | ||
| 947 | GNUNET_free (enc_meta); | 946 | GNUNET_free (enc_data); |
| 948 | GNUNET_free (ticket_decoded); | 947 | GNUNET_free (ticket_decoded); |
| 949 | json_decref (root); | 948 | json_decref (root); |
| 950 | return GNUNET_OK; | 949 | return GNUNET_OK; |