diff options
author | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2020-02-06 22:34:11 +0100 |
---|---|---|
committer | Schanzenbach, Martin <mschanzenbach@posteo.de> | 2020-02-09 20:38:11 +0100 |
commit | d06446f143610790d9a0530d524d8e9db2a03b8c (patch) | |
tree | d42cdc3c342922b56a41487d5ed49fc1c981066a /src/reclaim | |
parent | a80090ffcc10a2a2c188313e997d16802f2777f1 (diff) | |
download | gnunet-d06446f143610790d9a0530d524d8e9db2a03b8c.tar.gz gnunet-d06446f143610790d9a0530d524d8e9db2a03b8c.zip |
add base64url encoding to util (RFC7515)
Diffstat (limited to 'src/reclaim')
-rw-r--r-- | src/reclaim/oidc_helper.c | 149 |
1 files changed, 9 insertions, 140 deletions
diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c index 487aa5695..92b4b69cc 100644 --- a/src/reclaim/oidc_helper.c +++ b/src/reclaim/oidc_helper.c | |||
@@ -287,10 +287,10 @@ OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
287 | json_decref (body); | 287 | json_decref (body); |
288 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,"ID-Token: %s\n", body_str); | 288 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,"ID-Token: %s\n", body_str); |
289 | 289 | ||
290 | GNUNET_STRINGS_base64_encode (header, strlen (header), &header_base64); | 290 | GNUNET_STRINGS_base64url_encode (header, strlen (header), &header_base64); |
291 | fix_base64 (header_base64); | 291 | fix_base64 (header_base64); |
292 | 292 | ||
293 | GNUNET_STRINGS_base64_encode (body_str, strlen (body_str), &body_base64); | 293 | GNUNET_STRINGS_base64url_encode (body_str, strlen (body_str), &body_base64); |
294 | fix_base64 (body_base64); | 294 | fix_base64 (body_base64); |
295 | 295 | ||
296 | GNUNET_free (subject); | 296 | GNUNET_free (subject); |
@@ -306,9 +306,9 @@ OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
306 | signature_target, | 306 | signature_target, |
307 | strlen (signature_target), | 307 | strlen (signature_target), |
308 | &signature); | 308 | &signature); |
309 | GNUNET_STRINGS_base64_encode ((const char *) &signature, | 309 | GNUNET_STRINGS_base64url_encode ((const char *) &signature, |
310 | sizeof(struct GNUNET_HashCode), | 310 | sizeof(struct GNUNET_HashCode), |
311 | &signature_base64); | 311 | &signature_base64); |
312 | fix_base64 (signature_base64); | 312 | fix_base64 (signature_base64); |
313 | 313 | ||
314 | GNUNET_asprintf (&result, | 314 | GNUNET_asprintf (&result, |
@@ -333,138 +333,6 @@ OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
333 | } | 333 | } |
334 | 334 | ||
335 | 335 | ||
336 | /* Converts a hex character to its integer value */ | ||
337 | static char | ||
338 | from_hex (char ch) | ||
339 | { | ||
340 | return isdigit (ch) ? ch - '0' : tolower (ch) - 'a' + 10; | ||
341 | } | ||
342 | |||
343 | |||
344 | /* Converts an integer value to its hex character*/ | ||
345 | static char | ||
346 | to_hex (char code) | ||
347 | { | ||
348 | static char hex[] = "0123456789abcdef"; | ||
349 | |||
350 | return hex[code & 15]; | ||
351 | } | ||
352 | |||
353 | |||
354 | /* Returns a url-encoded version of str */ | ||
355 | /* IMPORTANT: be sure to free() the returned string after use */ | ||
356 | static char * | ||
357 | url_encode (const char *str) | ||
358 | { | ||
359 | char *pstr = (char *) str; | ||
360 | char *buf = GNUNET_malloc (strlen (str) * 3 + 1); | ||
361 | char *pbuf = buf; | ||
362 | |||
363 | while (*pstr) | ||
364 | { | ||
365 | if (isalnum (*pstr) || (*pstr == '-') || (*pstr == '_') || (*pstr == '.') || | ||
366 | (*pstr == '~') ) | ||
367 | *pbuf++ = *pstr; | ||
368 | else if (*pstr == ' ') | ||
369 | *pbuf++ = '+'; | ||
370 | else | ||
371 | { | ||
372 | *pbuf++ = '%'; | ||
373 | *pbuf++ = to_hex (*pstr >> 4); | ||
374 | *pbuf++ = to_hex (*pstr & 15); | ||
375 | } | ||
376 | pstr++; | ||
377 | } | ||
378 | *pbuf = '\0'; | ||
379 | return buf; | ||
380 | } | ||
381 | |||
382 | |||
383 | /* Returns a url-decoded version of str */ | ||
384 | /* IMPORTANT: be sure to free() the returned string after use */ | ||
385 | static char * | ||
386 | url_decode (const char *str) | ||
387 | { | ||
388 | char *pstr = (char *) str; | ||
389 | char *buf = GNUNET_malloc (strlen (str) + 1); | ||
390 | char *pbuf = buf; | ||
391 | |||
392 | while (*pstr) | ||
393 | { | ||
394 | if (*pstr == '%') | ||
395 | { | ||
396 | if (pstr[1] && pstr[2]) | ||
397 | { | ||
398 | *pbuf++ = from_hex (pstr[1]) << 4 | from_hex (pstr[2]); | ||
399 | pstr += 2; | ||
400 | } | ||
401 | } | ||
402 | else if (*pstr == '+') | ||
403 | { | ||
404 | *pbuf++ = ' '; | ||
405 | } | ||
406 | else | ||
407 | { | ||
408 | *pbuf++ = *pstr; | ||
409 | } | ||
410 | pstr++; | ||
411 | } | ||
412 | *pbuf = '\0'; | ||
413 | return buf; | ||
414 | } | ||
415 | |||
416 | |||
417 | /** | ||
418 | * Returns base64 encoded string urlencoded | ||
419 | * | ||
420 | * @param string the string to encode | ||
421 | * @return base64 encoded string | ||
422 | */ | ||
423 | static char * | ||
424 | base64_and_urlencode (const char *data, size_t data_size) | ||
425 | { | ||
426 | char *enc; | ||
427 | char *urlenc; | ||
428 | |||
429 | GNUNET_STRINGS_base64_encode (data, data_size, &enc); | ||
430 | urlenc = url_encode (enc); | ||
431 | GNUNET_free (enc); | ||
432 | return urlenc; | ||
433 | } | ||
434 | |||
435 | |||
436 | /** | ||
437 | * Returns base64 encoded string urlencoded | ||
438 | * | ||
439 | * @param string the string to encode | ||
440 | * @return base64 encoded string | ||
441 | */ | ||
442 | static char * | ||
443 | base64url_encode (const char *data, size_t data_size) | ||
444 | { | ||
445 | char *enc; | ||
446 | size_t pos; | ||
447 | |||
448 | GNUNET_STRINGS_base64_encode (data, data_size, &enc); | ||
449 | // Replace with correct characters for base64url | ||
450 | pos = 0; | ||
451 | while ('\0' != enc[pos]) | ||
452 | { | ||
453 | if ('+' == enc[pos]) | ||
454 | enc[pos] = '-'; | ||
455 | if ('/' == enc[pos]) | ||
456 | enc[pos] = '_'; | ||
457 | if ('=' == enc[pos]) | ||
458 | { | ||
459 | enc[pos] = '\0'; | ||
460 | break; | ||
461 | } | ||
462 | pos++; | ||
463 | } | ||
464 | return enc; | ||
465 | } | ||
466 | |||
467 | |||
468 | static void | 336 | static void |
469 | derive_aes_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key, | 337 | derive_aes_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key, |
470 | struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | 338 | struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, |
@@ -693,7 +561,7 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, | |||
693 | GNUNET_free (code_payload); | 561 | GNUNET_free (code_payload); |
694 | return NULL; | 562 | return NULL; |
695 | } | 563 | } |
696 | code_str = base64_and_urlencode (code_payload, code_payload_len); | 564 | GNUNET_STRINGS_base64url_encode (code_payload, code_payload_len, &code_str); |
697 | GNUNET_free (code_payload); | 565 | GNUNET_free (code_payload); |
698 | return code_str; | 566 | return code_str; |
699 | } | 567 | } |
@@ -742,7 +610,8 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, | |||
742 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Trying to decode `%s'\n", code); | 610 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Trying to decode `%s'\n", code); |
743 | code_payload = NULL; | 611 | code_payload = NULL; |
744 | code_payload_len = | 612 | code_payload_len = |
745 | GNUNET_STRINGS_base64_decode (code, strlen (code), (void **) &code_payload); | 613 | GNUNET_STRINGS_base64url_decode (code, strlen (code), |
614 | (void **) &code_payload); | ||
746 | if (code_payload_len < sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) | 615 | if (code_payload_len < sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) |
747 | + sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) | 616 | + sizeof(struct GNUNET_CRYPTO_EcdhePublicKey) |
748 | + sizeof(struct OIDC_Parameters) | 617 | + sizeof(struct OIDC_Parameters) |
@@ -789,7 +658,7 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, | |||
789 | code_verifier, | 658 | code_verifier, |
790 | strlen (code_verifier)); | 659 | strlen (code_verifier)); |
791 | // encode code verifier | 660 | // encode code verifier |
792 | expected_code_challenge = base64url_encode (code_verifier_hash, 256 / 8); | 661 | GNUNET_STRINGS_base64url_encode (code_verifier_hash, 256 / 8, &expected_code_challenge); |
793 | code_challenge = (char *) ¶ms[1]; | 662 | code_challenge = (char *) ¶ms[1]; |
794 | GNUNET_free (code_verifier_hash); | 663 | GNUNET_free (code_verifier_hash); |
795 | if ((strlen (expected_code_challenge) != code_challenge_len) || | 664 | if ((strlen (expected_code_challenge) != code_challenge_len) || |