- fix

author: Martin Schanzenbach <mschanzenbach@posteo.de> 2016-01-24 10:44:10 +0000
committer: Martin Schanzenbach <mschanzenbach@posteo.de> 2016-01-24 10:44:10 +0000
commit: 814b5e47aa0a9e154e3226539648d78d3ce2c293 (patch)
tree: 2d9271663bb5ecbeabc685dbe669ecd0b95f76ca /src/identity-provider
parent: f95fe0a950bbb6e3c86ae6308c63466c77aed3e0 (diff)
download: gnunet-814b5e47aa0a9e154e3226539648d78d3ce2c293.tar.gz
gnunet-814b5e47aa0a9e154e3226539648d78d3ce2c293.zip
6 files changed, 62 insertions, 20 deletions
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c
index 3ce99bfd4..05b73db1a 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -876,7 +876,8 @@ do_shutdown (void *cls,
 static struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage*
 create_exchange_result_message (const char* token,
-                                const char* label)
+                                const char* label,
+                                uint64_t ticket_nonce)
 {
  struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage *erm;
  uint16_t token_len = strlen (token) + 1;
@@ -885,6 +886,7 @@ create_exchange_result_message (const char* token,
  erm->header.type = htons (GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE_RESULT);
  erm->header.size = htons (sizeof (struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage) 
                            + token_len);
+  erm->ticket_nonce = htonl (ticket_nonce);
  memcpy (&erm[1], token, token_len);
  return erm;
 }
@@ -1007,12 +1009,12 @@ sign_and_return_token (void *cls,
  //Remote nonce 
  nonce_str = NULL;
-  GNUNET_asprintf (&nonce_str, "%d", handle->nonce);
+  GNUNET_asprintf (&nonce_str, "%lu", handle->nonce);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str);
  GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key,
                                      &pub_key);
-  handle->ticket = ticket_create (nonce_str,
+  handle->ticket = ticket_create (handle->nonce,
                                  &pub_key,
                                  handle->label,
                                  &handle->aud_key);
@@ -1190,7 +1192,8 @@ process_lookup_result (void *cls, uint32_t rd_count,
                                               &token_str));
  erm = create_exchange_result_message (token_str,
-                                        handle->label);
+                                        handle->label,
+                                        handle->ticket->payload->nonce);
  GNUNET_SERVER_notification_context_unicast (nc,
                                              handle->client,
                                              &erm->header,
diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h
index 067e5aedf..682a20760 100644
--- a/src/identity-provider/identity_provider.h
+++ b/src/identity-provider/identity_provider.h
@@ -81,10 +81,10 @@ struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage
  struct GNUNET_MessageHeader header;
  /**
-   * Number of bytes in token string including 0-termination, in NBO;
+   * Nonce found in ticket. NBO
   * 0 on error.
   */
-  uint16_t name_len GNUNET_PACKED;
+  uint64_t ticket_nonce GNUNET_PACKED;
  /* followed by 0-terminated token */
diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c
index 543ee406d..f702ba890 100644
--- a/src/identity-provider/identity_provider_api.c
+++ b/src/identity-provider/identity_provider_api.c
@@ -197,6 +197,7 @@ message_handler (void *cls,
  char *token_str;
  char *label_str;
  uint16_t size;
+  uint64_t ticket_nonce;
  if (NULL == msg)
  {
@@ -295,8 +296,9 @@ message_handler (void *cls,
    GNUNET_CLIENT_receive (h->client, &message_handler, h,
                           GNUNET_TIME_UNIT_FOREVER_REL);
    token.data = str;
+    ticket_nonce = ntohl (erm->ticket_nonce);
    if (NULL != op->ex_cb)
-      op->ex_cb (op->cls, &token);
+      op->ex_cb (op->cls, &token, ticket_nonce);
    GNUNET_free (op);
    break;
  
diff --git a/src/identity-provider/identity_token.c b/src/identity-provider/identity_token.c
index 2ca7b9d92..41731bbf4 100644
--- a/src/identity-provider/identity_token.c
+++ b/src/identity-provider/identity_token.c
@@ -597,14 +597,14 @@ token_serialize (const struct IdentityToken *token,
 }
 struct TokenTicketPayload*
-ticket_payload_create (const char* nonce,
+ticket_payload_create (uint64_t nonce,
                       const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey,
                       const char* lbl_str)
 {
  struct TokenTicketPayload* payload;
  payload = GNUNET_malloc (sizeof (struct TokenTicketPayload));
-  GNUNET_asprintf (&payload->nonce, nonce, strlen (nonce));
+  payload->nonce = nonce;
  payload->identity_key = *identity_pkey;
  GNUNET_asprintf (&payload->label, lbl_str, strlen (lbl_str));
  return payload;
@@ -613,8 +613,6 @@ ticket_payload_create (const char* nonce,
 void
 ticket_payload_destroy (struct TokenTicketPayload* payload)
 {
-  if (NULL != payload->nonce)
-    GNUNET_free (payload->nonce);
  if (NULL != payload->label)
    GNUNET_free (payload->label);
  GNUNET_free (payload);
@@ -630,7 +628,7 @@ ticket_payload_serialize (struct TokenTicketPayload *payload,
                                                          sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
  GNUNET_asprintf (result, 
-                   "{\"nonce\": \"%u\",\"identity\": \"%s\",\"label\": \"%s\"}",
+                   "{\"nonce\": \"%lu\",\"identity\": \"%s\",\"label\": \"%s\"}",
                   payload->nonce, identity_key_str, payload->label);
  GNUNET_free (identity_key_str);
@@ -645,7 +643,7 @@ ticket_payload_serialize (struct TokenTicketPayload *payload,
 * data and E
 */
 struct TokenTicket*
-ticket_create (const char* nonce_str,
+ticket_create (uint64_t nonce,
               const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey,
               const char* lbl_str,
               const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key)
@@ -654,7 +652,7 @@ ticket_create (const char* nonce_str,
  struct TokenTicketPayload *code_payload;
  ticket = GNUNET_malloc (sizeof (struct TokenTicket));
-  code_payload = ticket_payload_create (nonce_str,
+  code_payload = ticket_payload_create (nonce,
                                        identity_pkey,
                                        lbl_str);
  ticket->aud_key = *aud_key;
@@ -755,6 +753,7 @@ ticket_payload_parse(const char *raw_data,
  json_t *nonce_json;
  json_error_t err_json;
  char* data_str;
+  uint64_t nonce;
  struct GNUNET_CRYPTO_EcdsaPublicKey id_pkey;
  if (GNUNET_OK != decrypt_str_ecdhe (priv_key,
@@ -818,8 +817,10 @@ ticket_payload_parse(const char *raw_data,
  nonce_str = json_string_value (nonce_json);
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found nonce: %s\n", nonce_str);
+  
+  GNUNET_assert (0 != sscanf (nonce_str, "%lu", &nonce));
-  *result = ticket_payload_create (nonce_str,
+  *result = ticket_payload_create (nonce,
                                   (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey,
                                   label_str);
  GNUNET_free (data_str);
diff --git a/src/identity-provider/identity_token.h b/src/identity-provider/identity_token.h
index e8e52c03e..6cd08dbaa 100644
--- a/src/identity-provider/identity_token.h
+++ b/src/identity-provider/identity_token.h
@@ -110,7 +110,7 @@ struct TokenTicketPayload
  /**
   * Nonce
   */
-  char* nonce;
+  uint64_t nonce;
  /**
   * Label
@@ -293,7 +293,7 @@ token_parse2 (const char* data,
 * Creates a ticket that can be exchanged by the audience for 
 * the token. The token must be placed under the label
 *
- * @param nonce_str nonce provided by the audience that requested the ticket
+ * @param nonce nonce provided by the audience that requested the ticket
 * @param iss_pkey the issuer pubkey used to sign the ticket
 * @param label the label encoded in the ticket
 * @param aud_ley the audience pubkey used to encrypt the ticket payload
@@ -301,7 +301,7 @@ token_parse2 (const char* data,
 * @return the ticket
 */
 struct TokenTicket*
-ticket_create (const char* nonce_str,
+ticket_create (uint64_t nonce,
               const struct GNUNET_CRYPTO_EcdsaPublicKey* iss_pkey,
               const char* lbl_str,
               const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key);
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c
index 161d61931..0110ba024 100644
--- a/src/identity-provider/plugin_rest_identity_provider.c
+++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -62,6 +62,11 @@
 #define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET "ticket"
 /**
+ * The parameter name in which the expected nonce must be provided
+ */
+#define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE "expected_nonce"
+/**
 * The parameter name in which the ticket must be provided
 */
 #define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TOKEN "token"
@@ -767,13 +772,44 @@ list_token_cont (struct RestConnectionDataHandle *con_handle,
 */
 static void
 exchange_cont (void *cls,
-               const struct GNUNET_IDENTITY_PROVIDER_Token *token)
+               const struct GNUNET_IDENTITY_PROVIDER_Token *token,
+               uint64_t ticket_nonce)
 {
  json_t *root;
  struct RequestHandle *handle = cls;
  struct MHD_Response *resp;
+  struct GNUNET_HashCode key;
  char* result;
  char* token_str;
+  char* nonce_str;
+  uint64_t expected_nonce;
+  
+  //Get nonce
+  GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE,
+                      strlen (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE),
+                      &key);
+  if ( GNUNET_NO ==
+       GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map,
+                                               &key) )
+  {
+    handle->emsg = GNUNET_strdup ("No nonce given.");
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+  nonce_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
+                                                  &key);
+  GNUNET_assert (1 == sscanf (nonce_str, "%lu", &expected_nonce));
+  if (ticket_nonce != expected_nonce)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Ticket nonce %lu does not match expected nonce %lu\n",
+                ticket_nonce, expected_nonce);
+    handle->emsg = GNUNET_strdup ("Ticket nonce does not match expected nonce\n");
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
  root = json_object ();
  token_str = GNUNET_IDENTITY_PROVIDER_token_to_string (token);
@@ -820,6 +856,7 @@ exchange_token_ticket_cb (void *cls,
    return;
  }
+  //Get ticket
  GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET,
                      strlen (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET),
                      &key);
@@ -834,7 +871,6 @@ exchange_token_ticket_cb (void *cls,
  }
  ticket_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
                                                  &key);
  handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego);
  GNUNET_IDENTITY_PROVIDER_string_to_ticket (ticket_str,
                                             &ticket);
author	Martin Schanzenbach <mschanzenbach@posteo.de>	2016-01-24 10:44:10 +0000
committer	Martin Schanzenbach <mschanzenbach@posteo.de>	2016-01-24 10:44:10 +0000
commit	814b5e47aa0a9e154e3226539648d78d3ce2c293 (patch)
tree	2d9271663bb5ecbeabc685dbe669ecd0b95f76ca /src/identity-provider
parent	f95fe0a950bbb6e3c86ae6308c63466c77aed3e0 (diff)
download	gnunet-814b5e47aa0a9e154e3226539648d78d3ce2c293.tar.gz gnunet-814b5e47aa0a9e154e3226539648d78d3ce2c293.zip