diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-01-24 10:44:10 +0000 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2016-01-24 10:44:10 +0000 |
commit | 814b5e47aa0a9e154e3226539648d78d3ce2c293 (patch) | |
tree | 2d9271663bb5ecbeabc685dbe669ecd0b95f76ca /src/identity-provider | |
parent | f95fe0a950bbb6e3c86ae6308c63466c77aed3e0 (diff) | |
download | gnunet-814b5e47aa0a9e154e3226539648d78d3ce2c293.tar.gz gnunet-814b5e47aa0a9e154e3226539648d78d3ce2c293.zip |
- fix
Diffstat (limited to 'src/identity-provider')
-rw-r--r-- | src/identity-provider/gnunet-service-identity-provider.c | 11 | ||||
-rw-r--r-- | src/identity-provider/identity_provider.h | 4 | ||||
-rw-r--r-- | src/identity-provider/identity_provider_api.c | 4 | ||||
-rw-r--r-- | src/identity-provider/identity_token.c | 17 | ||||
-rw-r--r-- | src/identity-provider/identity_token.h | 6 | ||||
-rw-r--r-- | src/identity-provider/plugin_rest_identity_provider.c | 40 |
6 files changed, 62 insertions, 20 deletions
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 3ce99bfd4..05b73db1a 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c | |||
@@ -876,7 +876,8 @@ do_shutdown (void *cls, | |||
876 | 876 | ||
877 | static struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage* | 877 | static struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage* |
878 | create_exchange_result_message (const char* token, | 878 | create_exchange_result_message (const char* token, |
879 | const char* label) | 879 | const char* label, |
880 | uint64_t ticket_nonce) | ||
880 | { | 881 | { |
881 | struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage *erm; | 882 | struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage *erm; |
882 | uint16_t token_len = strlen (token) + 1; | 883 | uint16_t token_len = strlen (token) + 1; |
@@ -885,6 +886,7 @@ create_exchange_result_message (const char* token, | |||
885 | erm->header.type = htons (GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE_RESULT); | 886 | erm->header.type = htons (GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE_RESULT); |
886 | erm->header.size = htons (sizeof (struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage) | 887 | erm->header.size = htons (sizeof (struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage) |
887 | + token_len); | 888 | + token_len); |
889 | erm->ticket_nonce = htonl (ticket_nonce); | ||
888 | memcpy (&erm[1], token, token_len); | 890 | memcpy (&erm[1], token, token_len); |
889 | return erm; | 891 | return erm; |
890 | } | 892 | } |
@@ -1007,12 +1009,12 @@ sign_and_return_token (void *cls, | |||
1007 | 1009 | ||
1008 | //Remote nonce | 1010 | //Remote nonce |
1009 | nonce_str = NULL; | 1011 | nonce_str = NULL; |
1010 | GNUNET_asprintf (&nonce_str, "%d", handle->nonce); | 1012 | GNUNET_asprintf (&nonce_str, "%lu", handle->nonce); |
1011 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str); | 1013 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str); |
1012 | 1014 | ||
1013 | GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key, | 1015 | GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key, |
1014 | &pub_key); | 1016 | &pub_key); |
1015 | handle->ticket = ticket_create (nonce_str, | 1017 | handle->ticket = ticket_create (handle->nonce, |
1016 | &pub_key, | 1018 | &pub_key, |
1017 | handle->label, | 1019 | handle->label, |
1018 | &handle->aud_key); | 1020 | &handle->aud_key); |
@@ -1190,7 +1192,8 @@ process_lookup_result (void *cls, uint32_t rd_count, | |||
1190 | &token_str)); | 1192 | &token_str)); |
1191 | 1193 | ||
1192 | erm = create_exchange_result_message (token_str, | 1194 | erm = create_exchange_result_message (token_str, |
1193 | handle->label); | 1195 | handle->label, |
1196 | handle->ticket->payload->nonce); | ||
1194 | GNUNET_SERVER_notification_context_unicast (nc, | 1197 | GNUNET_SERVER_notification_context_unicast (nc, |
1195 | handle->client, | 1198 | handle->client, |
1196 | &erm->header, | 1199 | &erm->header, |
diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h index 067e5aedf..682a20760 100644 --- a/src/identity-provider/identity_provider.h +++ b/src/identity-provider/identity_provider.h | |||
@@ -81,10 +81,10 @@ struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage | |||
81 | struct GNUNET_MessageHeader header; | 81 | struct GNUNET_MessageHeader header; |
82 | 82 | ||
83 | /** | 83 | /** |
84 | * Number of bytes in token string including 0-termination, in NBO; | 84 | * Nonce found in ticket. NBO |
85 | * 0 on error. | 85 | * 0 on error. |
86 | */ | 86 | */ |
87 | uint16_t name_len GNUNET_PACKED; | 87 | uint64_t ticket_nonce GNUNET_PACKED; |
88 | 88 | ||
89 | /* followed by 0-terminated token */ | 89 | /* followed by 0-terminated token */ |
90 | 90 | ||
diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c index 543ee406d..f702ba890 100644 --- a/src/identity-provider/identity_provider_api.c +++ b/src/identity-provider/identity_provider_api.c | |||
@@ -197,6 +197,7 @@ message_handler (void *cls, | |||
197 | char *token_str; | 197 | char *token_str; |
198 | char *label_str; | 198 | char *label_str; |
199 | uint16_t size; | 199 | uint16_t size; |
200 | uint64_t ticket_nonce; | ||
200 | 201 | ||
201 | if (NULL == msg) | 202 | if (NULL == msg) |
202 | { | 203 | { |
@@ -295,8 +296,9 @@ message_handler (void *cls, | |||
295 | GNUNET_CLIENT_receive (h->client, &message_handler, h, | 296 | GNUNET_CLIENT_receive (h->client, &message_handler, h, |
296 | GNUNET_TIME_UNIT_FOREVER_REL); | 297 | GNUNET_TIME_UNIT_FOREVER_REL); |
297 | token.data = str; | 298 | token.data = str; |
299 | ticket_nonce = ntohl (erm->ticket_nonce); | ||
298 | if (NULL != op->ex_cb) | 300 | if (NULL != op->ex_cb) |
299 | op->ex_cb (op->cls, &token); | 301 | op->ex_cb (op->cls, &token, ticket_nonce); |
300 | GNUNET_free (op); | 302 | GNUNET_free (op); |
301 | break; | 303 | break; |
302 | 304 | ||
diff --git a/src/identity-provider/identity_token.c b/src/identity-provider/identity_token.c index 2ca7b9d92..41731bbf4 100644 --- a/src/identity-provider/identity_token.c +++ b/src/identity-provider/identity_token.c | |||
@@ -597,14 +597,14 @@ token_serialize (const struct IdentityToken *token, | |||
597 | } | 597 | } |
598 | 598 | ||
599 | struct TokenTicketPayload* | 599 | struct TokenTicketPayload* |
600 | ticket_payload_create (const char* nonce, | 600 | ticket_payload_create (uint64_t nonce, |
601 | const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, | 601 | const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, |
602 | const char* lbl_str) | 602 | const char* lbl_str) |
603 | { | 603 | { |
604 | struct TokenTicketPayload* payload; | 604 | struct TokenTicketPayload* payload; |
605 | 605 | ||
606 | payload = GNUNET_malloc (sizeof (struct TokenTicketPayload)); | 606 | payload = GNUNET_malloc (sizeof (struct TokenTicketPayload)); |
607 | GNUNET_asprintf (&payload->nonce, nonce, strlen (nonce)); | 607 | payload->nonce = nonce; |
608 | payload->identity_key = *identity_pkey; | 608 | payload->identity_key = *identity_pkey; |
609 | GNUNET_asprintf (&payload->label, lbl_str, strlen (lbl_str)); | 609 | GNUNET_asprintf (&payload->label, lbl_str, strlen (lbl_str)); |
610 | return payload; | 610 | return payload; |
@@ -613,8 +613,6 @@ ticket_payload_create (const char* nonce, | |||
613 | void | 613 | void |
614 | ticket_payload_destroy (struct TokenTicketPayload* payload) | 614 | ticket_payload_destroy (struct TokenTicketPayload* payload) |
615 | { | 615 | { |
616 | if (NULL != payload->nonce) | ||
617 | GNUNET_free (payload->nonce); | ||
618 | if (NULL != payload->label) | 616 | if (NULL != payload->label) |
619 | GNUNET_free (payload->label); | 617 | GNUNET_free (payload->label); |
620 | GNUNET_free (payload); | 618 | GNUNET_free (payload); |
@@ -630,7 +628,7 @@ ticket_payload_serialize (struct TokenTicketPayload *payload, | |||
630 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | 628 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); |
631 | 629 | ||
632 | GNUNET_asprintf (result, | 630 | GNUNET_asprintf (result, |
633 | "{\"nonce\": \"%u\",\"identity\": \"%s\",\"label\": \"%s\"}", | 631 | "{\"nonce\": \"%lu\",\"identity\": \"%s\",\"label\": \"%s\"}", |
634 | payload->nonce, identity_key_str, payload->label); | 632 | payload->nonce, identity_key_str, payload->label); |
635 | GNUNET_free (identity_key_str); | 633 | GNUNET_free (identity_key_str); |
636 | 634 | ||
@@ -645,7 +643,7 @@ ticket_payload_serialize (struct TokenTicketPayload *payload, | |||
645 | * data and E | 643 | * data and E |
646 | */ | 644 | */ |
647 | struct TokenTicket* | 645 | struct TokenTicket* |
648 | ticket_create (const char* nonce_str, | 646 | ticket_create (uint64_t nonce, |
649 | const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, | 647 | const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, |
650 | const char* lbl_str, | 648 | const char* lbl_str, |
651 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key) | 649 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key) |
@@ -654,7 +652,7 @@ ticket_create (const char* nonce_str, | |||
654 | struct TokenTicketPayload *code_payload; | 652 | struct TokenTicketPayload *code_payload; |
655 | 653 | ||
656 | ticket = GNUNET_malloc (sizeof (struct TokenTicket)); | 654 | ticket = GNUNET_malloc (sizeof (struct TokenTicket)); |
657 | code_payload = ticket_payload_create (nonce_str, | 655 | code_payload = ticket_payload_create (nonce, |
658 | identity_pkey, | 656 | identity_pkey, |
659 | lbl_str); | 657 | lbl_str); |
660 | ticket->aud_key = *aud_key; | 658 | ticket->aud_key = *aud_key; |
@@ -755,6 +753,7 @@ ticket_payload_parse(const char *raw_data, | |||
755 | json_t *nonce_json; | 753 | json_t *nonce_json; |
756 | json_error_t err_json; | 754 | json_error_t err_json; |
757 | char* data_str; | 755 | char* data_str; |
756 | uint64_t nonce; | ||
758 | struct GNUNET_CRYPTO_EcdsaPublicKey id_pkey; | 757 | struct GNUNET_CRYPTO_EcdsaPublicKey id_pkey; |
759 | 758 | ||
760 | if (GNUNET_OK != decrypt_str_ecdhe (priv_key, | 759 | if (GNUNET_OK != decrypt_str_ecdhe (priv_key, |
@@ -818,8 +817,10 @@ ticket_payload_parse(const char *raw_data, | |||
818 | 817 | ||
819 | nonce_str = json_string_value (nonce_json); | 818 | nonce_str = json_string_value (nonce_json); |
820 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found nonce: %s\n", nonce_str); | 819 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found nonce: %s\n", nonce_str); |
820 | |||
821 | GNUNET_assert (0 != sscanf (nonce_str, "%lu", &nonce)); | ||
821 | 822 | ||
822 | *result = ticket_payload_create (nonce_str, | 823 | *result = ticket_payload_create (nonce, |
823 | (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey, | 824 | (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey, |
824 | label_str); | 825 | label_str); |
825 | GNUNET_free (data_str); | 826 | GNUNET_free (data_str); |
diff --git a/src/identity-provider/identity_token.h b/src/identity-provider/identity_token.h index e8e52c03e..6cd08dbaa 100644 --- a/src/identity-provider/identity_token.h +++ b/src/identity-provider/identity_token.h | |||
@@ -110,7 +110,7 @@ struct TokenTicketPayload | |||
110 | /** | 110 | /** |
111 | * Nonce | 111 | * Nonce |
112 | */ | 112 | */ |
113 | char* nonce; | 113 | uint64_t nonce; |
114 | 114 | ||
115 | /** | 115 | /** |
116 | * Label | 116 | * Label |
@@ -293,7 +293,7 @@ token_parse2 (const char* data, | |||
293 | * Creates a ticket that can be exchanged by the audience for | 293 | * Creates a ticket that can be exchanged by the audience for |
294 | * the token. The token must be placed under the label | 294 | * the token. The token must be placed under the label |
295 | * | 295 | * |
296 | * @param nonce_str nonce provided by the audience that requested the ticket | 296 | * @param nonce nonce provided by the audience that requested the ticket |
297 | * @param iss_pkey the issuer pubkey used to sign the ticket | 297 | * @param iss_pkey the issuer pubkey used to sign the ticket |
298 | * @param label the label encoded in the ticket | 298 | * @param label the label encoded in the ticket |
299 | * @param aud_ley the audience pubkey used to encrypt the ticket payload | 299 | * @param aud_ley the audience pubkey used to encrypt the ticket payload |
@@ -301,7 +301,7 @@ token_parse2 (const char* data, | |||
301 | * @return the ticket | 301 | * @return the ticket |
302 | */ | 302 | */ |
303 | struct TokenTicket* | 303 | struct TokenTicket* |
304 | ticket_create (const char* nonce_str, | 304 | ticket_create (uint64_t nonce, |
305 | const struct GNUNET_CRYPTO_EcdsaPublicKey* iss_pkey, | 305 | const struct GNUNET_CRYPTO_EcdsaPublicKey* iss_pkey, |
306 | const char* lbl_str, | 306 | const char* lbl_str, |
307 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key); | 307 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key); |
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c index 161d61931..0110ba024 100644 --- a/src/identity-provider/plugin_rest_identity_provider.c +++ b/src/identity-provider/plugin_rest_identity_provider.c | |||
@@ -62,6 +62,11 @@ | |||
62 | #define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET "ticket" | 62 | #define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET "ticket" |
63 | 63 | ||
64 | /** | 64 | /** |
65 | * The parameter name in which the expected nonce must be provided | ||
66 | */ | ||
67 | #define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE "expected_nonce" | ||
68 | |||
69 | /** | ||
65 | * The parameter name in which the ticket must be provided | 70 | * The parameter name in which the ticket must be provided |
66 | */ | 71 | */ |
67 | #define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TOKEN "token" | 72 | #define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TOKEN "token" |
@@ -767,13 +772,44 @@ list_token_cont (struct RestConnectionDataHandle *con_handle, | |||
767 | */ | 772 | */ |
768 | static void | 773 | static void |
769 | exchange_cont (void *cls, | 774 | exchange_cont (void *cls, |
770 | const struct GNUNET_IDENTITY_PROVIDER_Token *token) | 775 | const struct GNUNET_IDENTITY_PROVIDER_Token *token, |
776 | uint64_t ticket_nonce) | ||
771 | { | 777 | { |
772 | json_t *root; | 778 | json_t *root; |
773 | struct RequestHandle *handle = cls; | 779 | struct RequestHandle *handle = cls; |
774 | struct MHD_Response *resp; | 780 | struct MHD_Response *resp; |
781 | struct GNUNET_HashCode key; | ||
775 | char* result; | 782 | char* result; |
776 | char* token_str; | 783 | char* token_str; |
784 | char* nonce_str; | ||
785 | uint64_t expected_nonce; | ||
786 | |||
787 | //Get nonce | ||
788 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE, | ||
789 | strlen (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE), | ||
790 | &key); | ||
791 | |||
792 | if ( GNUNET_NO == | ||
793 | GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map, | ||
794 | &key) ) | ||
795 | { | ||
796 | handle->emsg = GNUNET_strdup ("No nonce given."); | ||
797 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
798 | return; | ||
799 | } | ||
800 | nonce_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | ||
801 | &key); | ||
802 | GNUNET_assert (1 == sscanf (nonce_str, "%lu", &expected_nonce)); | ||
803 | |||
804 | if (ticket_nonce != expected_nonce) | ||
805 | { | ||
806 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
807 | "Ticket nonce %lu does not match expected nonce %lu\n", | ||
808 | ticket_nonce, expected_nonce); | ||
809 | handle->emsg = GNUNET_strdup ("Ticket nonce does not match expected nonce\n"); | ||
810 | GNUNET_SCHEDULER_add_now (&do_error, handle); | ||
811 | return; | ||
812 | } | ||
777 | 813 | ||
778 | root = json_object (); | 814 | root = json_object (); |
779 | token_str = GNUNET_IDENTITY_PROVIDER_token_to_string (token); | 815 | token_str = GNUNET_IDENTITY_PROVIDER_token_to_string (token); |
@@ -820,6 +856,7 @@ exchange_token_ticket_cb (void *cls, | |||
820 | return; | 856 | return; |
821 | } | 857 | } |
822 | 858 | ||
859 | //Get ticket | ||
823 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET, | 860 | GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET, |
824 | strlen (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET), | 861 | strlen (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET), |
825 | &key); | 862 | &key); |
@@ -834,7 +871,6 @@ exchange_token_ticket_cb (void *cls, | |||
834 | } | 871 | } |
835 | ticket_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, | 872 | ticket_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map, |
836 | &key); | 873 | &key); |
837 | |||
838 | handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego); | 874 | handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego); |
839 | GNUNET_IDENTITY_PROVIDER_string_to_ticket (ticket_str, | 875 | GNUNET_IDENTITY_PROVIDER_string_to_ticket (ticket_str, |
840 | &ticket); | 876 | &ticket); |