diff options
author | Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> | 2018-07-21 08:00:49 +0200 |
---|---|---|
committer | Schanzenbach, Martin <martin.schanzenbach@aisec.fraunhofer.de> | 2018-07-21 08:00:49 +0200 |
commit | ee4adf9768a740c3d79b854453eb8bc0f5c14d30 (patch) | |
tree | 3c7d321c31cbebd56a6fcb883a43b8f6136a3dd8 /src/reclaim/jwt.c | |
parent | 1914b435ce08b95c02d9c630acc292f4a7548a47 (diff) | |
download | gnunet-ee4adf9768a740c3d79b854453eb8bc0f5c14d30.tar.gz gnunet-ee4adf9768a740c3d79b854453eb8bc0f5c14d30.zip |
add more general HMAC function for JWTs
Diffstat (limited to 'src/reclaim/jwt.c')
-rw-r--r-- | src/reclaim/jwt.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/src/reclaim/jwt.c b/src/reclaim/jwt.c index 45b5d73f6..ec1e6d098 100644 --- a/src/reclaim/jwt.c +++ b/src/reclaim/jwt.c | |||
@@ -65,8 +65,8 @@ create_jwt_header(void) | |||
65 | char* | 65 | char* |
66 | jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | 66 | jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, |
67 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, | 67 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, |
68 | const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, | 68 | const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, |
69 | const struct GNUNET_CRYPTO_AuthKey *priv_key) | 69 | const char *secret_key) |
70 | { | 70 | { |
71 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; | 71 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; |
72 | struct GNUNET_HashCode signature; | 72 | struct GNUNET_HashCode signature; |
@@ -89,12 +89,12 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
89 | //nonce only if nonce | 89 | //nonce only if nonce |
90 | // OPTIONAL acr,amr,azp | 90 | // OPTIONAL acr,amr,azp |
91 | subject = GNUNET_STRINGS_data_to_string_alloc (&sub_key, | 91 | subject = GNUNET_STRINGS_data_to_string_alloc (&sub_key, |
92 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | 92 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); |
93 | audience = GNUNET_STRINGS_data_to_string_alloc (aud_key, | 93 | audience = GNUNET_STRINGS_data_to_string_alloc (aud_key, |
94 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | 94 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); |
95 | header = create_jwt_header (); | 95 | header = create_jwt_header (); |
96 | body = json_object (); | 96 | body = json_object (); |
97 | 97 | ||
98 | //iss REQUIRED case sensitive server uri with https | 98 | //iss REQUIRED case sensitive server uri with https |
99 | //The issuer is the local reclaim instance (e.g. https://reclaim.id/api/openid) | 99 | //The issuer is the local reclaim instance (e.g. https://reclaim.id/api/openid) |
100 | json_object_set_new (body, | 100 | json_object_set_new (body, |
@@ -108,8 +108,8 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
108 | for (le = attrs->list_head; NULL != le; le = le->next) | 108 | for (le = attrs->list_head; NULL != le; le = le->next) |
109 | { | 109 | { |
110 | attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, | 110 | attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, |
111 | le->claim->data, | 111 | le->claim->data, |
112 | le->claim->data_size); | 112 | le->claim->data_size); |
113 | json_object_set_new (body, | 113 | json_object_set_new (body, |
114 | le->claim->name, | 114 | le->claim->name, |
115 | json_string (attr_val_str)); | 115 | json_string (attr_val_str)); |
@@ -142,8 +142,8 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
142 | * Creating the JWT signature. This might not be | 142 | * Creating the JWT signature. This might not be |
143 | * standards compliant, check. | 143 | * standards compliant, check. |
144 | */ | 144 | */ |
145 | GNUNET_asprintf (&signature_target, "%s,%s", header_base64, body_base64); | 145 | GNUNET_asprintf (&signature_target, "%s.%s", header_base64, body_base64); |
146 | GNUNET_CRYPTO_hmac (priv_key, signature_target, strlen (signature_target), &signature); | 146 | GNUNET_CRYPTO_hmac_raw (secret_key, strlen (secret_key), signature_target, strlen (signature_target), &signature); |
147 | GNUNET_STRINGS_base64_encode ((const char*)&signature, | 147 | GNUNET_STRINGS_base64_encode ((const char*)&signature, |
148 | sizeof (struct GNUNET_HashCode), | 148 | sizeof (struct GNUNET_HashCode), |
149 | &signature_base64); | 149 | &signature_base64); |