diff options
Diffstat (limited to 'src/identity-provider/identity_token.c')
-rw-r--r-- | src/identity-provider/identity_token.c | 75 |
1 files changed, 37 insertions, 38 deletions
diff --git a/src/identity-provider/identity_token.c b/src/identity-provider/identity_token.c index 673d0b037..0f6cba626 100644 --- a/src/identity-provider/identity_token.c +++ b/src/identity-provider/identity_token.c | |||
@@ -67,7 +67,7 @@ create_sym_key_from_ecdh(const struct GNUNET_HashCode *new_key_hash, | |||
67 | 67 | ||
68 | 68 | ||
69 | /** | 69 | /** |
70 | * Decrypts metainfo part from a token code | 70 | * Decrypts data part from a token code |
71 | */ | 71 | */ |
72 | static int | 72 | static int |
73 | decrypt_str_ecdhe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 73 | decrypt_str_ecdhe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
@@ -639,10 +639,10 @@ ticket_payload_serialize (struct TokenTicketPayload *payload, | |||
639 | 639 | ||
640 | /** | 640 | /** |
641 | * Create the token code | 641 | * Create the token code |
642 | * The metadata is encrypted with a share ECDH derived secret using B (aud_key) | 642 | * The data is encrypted with a share ECDH derived secret using B (aud_key) |
643 | * and e (ecdh_privkey) | 643 | * and e (ecdh_privkey) |
644 | * The ticket also contains E (ecdh_pubkey) and a signature over the | 644 | * The ticket also contains E (ecdh_pubkey) and a signature over the |
645 | * metadata and E | 645 | * data and E |
646 | */ | 646 | */ |
647 | struct TokenTicket* | 647 | struct TokenTicket* |
648 | ticket_create (const char* nonce_str, | 648 | ticket_create (const char* nonce_str, |
@@ -725,7 +725,7 @@ ticket_serialize (struct TokenTicket *ticket, | |||
725 | dh_key_str = GNUNET_STRINGS_data_to_string_alloc (&ticket->ecdh_pubkey, | 725 | dh_key_str = GNUNET_STRINGS_data_to_string_alloc (&ticket->ecdh_pubkey, |
726 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | 726 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); |
727 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Using ECDH pubkey %s to encrypt\n", dh_key_str); | 727 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Using ECDH pubkey %s to encrypt\n", dh_key_str); |
728 | GNUNET_asprintf (&ticket_str, "{\"meta\": \"%s\", \"ecdh\": \"%s\", \"signature\": \"%s\"}", | 728 | GNUNET_asprintf (&ticket_str, "{\"data\": \"%s\", \"ecdh\": \"%s\", \"signature\": \"%s\"}", |
729 | ticket_payload_str, dh_key_str, ticket_sig_str); | 729 | ticket_payload_str, dh_key_str, ticket_sig_str); |
730 | GNUNET_STRINGS_base64_encode (ticket_str, strlen (ticket_str), result); | 730 | GNUNET_STRINGS_base64_encode (ticket_str, strlen (ticket_str), result); |
731 | GNUNET_free (dh_key_str); | 731 | GNUNET_free (dh_key_str); |
@@ -754,26 +754,26 @@ ticket_payload_parse(const char *raw_data, | |||
754 | json_t *identity_json; | 754 | json_t *identity_json; |
755 | json_t *nonce_json; | 755 | json_t *nonce_json; |
756 | json_error_t err_json; | 756 | json_error_t err_json; |
757 | char* meta_str; | 757 | char* data_str; |
758 | struct GNUNET_CRYPTO_EcdsaPublicKey id_pkey; | 758 | struct GNUNET_CRYPTO_EcdsaPublicKey id_pkey; |
759 | 759 | ||
760 | if (GNUNET_OK != decrypt_str_ecdhe (priv_key, | 760 | if (GNUNET_OK != decrypt_str_ecdhe (priv_key, |
761 | ecdhe_pkey, | 761 | ecdhe_pkey, |
762 | raw_data, | 762 | raw_data, |
763 | data_len, | 763 | data_len, |
764 | &meta_str)) | 764 | &data_str)) |
765 | { | 765 | { |
766 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Metadata decryption failed\n"); | 766 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Data decryption failed\n"); |
767 | return GNUNET_SYSERR; | 767 | return GNUNET_SYSERR; |
768 | } | 768 | } |
769 | 769 | ||
770 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Metadata: %s\n", meta_str); | 770 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Data: %s\n", data_str); |
771 | root = json_loads (meta_str, JSON_DECODE_ANY, &err_json); | 771 | root = json_loads (data_str, JSON_DECODE_ANY, &err_json); |
772 | if (!root) | 772 | if (!root) |
773 | { | 773 | { |
774 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 774 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
775 | "Error parsing metadata: %s\n", err_json.text); | 775 | "Error parsing data: %s\n", err_json.text); |
776 | GNUNET_free (meta_str); | 776 | GNUNET_free (data_str); |
777 | return GNUNET_SYSERR; | 777 | return GNUNET_SYSERR; |
778 | } | 778 | } |
779 | 779 | ||
@@ -781,9 +781,9 @@ ticket_payload_parse(const char *raw_data, | |||
781 | if (!json_is_string (identity_json)) | 781 | if (!json_is_string (identity_json)) |
782 | { | 782 | { |
783 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 783 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
784 | "Error parsing metadata: %s\n", err_json.text); | 784 | "Error parsing data: %s\n", err_json.text); |
785 | json_decref (root); | 785 | json_decref (root); |
786 | GNUNET_free (meta_str); | 786 | GNUNET_free (data_str); |
787 | return GNUNET_SYSERR; | 787 | return GNUNET_SYSERR; |
788 | } | 788 | } |
789 | identity_key_str = json_string_value (identity_json); | 789 | identity_key_str = json_string_value (identity_json); |
@@ -797,9 +797,9 @@ ticket_payload_parse(const char *raw_data, | |||
797 | if (!json_is_string (label_json)) | 797 | if (!json_is_string (label_json)) |
798 | { | 798 | { |
799 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 799 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
800 | "Error parsing metadata: %s\n", err_json.text); | 800 | "Error parsing data: %s\n", err_json.text); |
801 | json_decref (root); | 801 | json_decref (root); |
802 | GNUNET_free (meta_str); | 802 | GNUNET_free (data_str); |
803 | return GNUNET_SYSERR; | 803 | return GNUNET_SYSERR; |
804 | } | 804 | } |
805 | 805 | ||
@@ -810,9 +810,9 @@ ticket_payload_parse(const char *raw_data, | |||
810 | if (!json_is_string (label_json)) | 810 | if (!json_is_string (label_json)) |
811 | { | 811 | { |
812 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 812 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
813 | "Error parsing metadata: %s\n", err_json.text); | 813 | "Error parsing data: %s\n", err_json.text); |
814 | json_decref (root); | 814 | json_decref (root); |
815 | GNUNET_free (meta_str); | 815 | GNUNET_free (data_str); |
816 | return GNUNET_SYSERR; | 816 | return GNUNET_SYSERR; |
817 | } | 817 | } |
818 | 818 | ||
@@ -822,7 +822,7 @@ ticket_payload_parse(const char *raw_data, | |||
822 | *result = ticket_payload_create (nonce_str, | 822 | *result = ticket_payload_create (nonce_str, |
823 | (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey, | 823 | (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey, |
824 | label_str); | 824 | label_str); |
825 | GNUNET_free (meta_str); | 825 | GNUNET_free (data_str); |
826 | json_decref (root); | 826 | json_decref (root); |
827 | return GNUNET_OK; | 827 | return GNUNET_OK; |
828 | 828 | ||
@@ -833,19 +833,19 @@ ticket_parse (const char *raw_data, | |||
833 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 833 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
834 | struct TokenTicket **result) | 834 | struct TokenTicket **result) |
835 | { | 835 | { |
836 | const char* enc_meta_str; | 836 | const char* enc_data_str; |
837 | const char* ecdh_enc_str; | 837 | const char* ecdh_enc_str; |
838 | const char* signature_enc_str; | 838 | const char* signature_enc_str; |
839 | 839 | ||
840 | json_t *root; | 840 | json_t *root; |
841 | json_t *signature_json; | 841 | json_t *signature_json; |
842 | json_t *ecdh_json; | 842 | json_t *ecdh_json; |
843 | json_t *enc_meta_json; | 843 | json_t *enc_data_json; |
844 | json_error_t err_json; | 844 | json_error_t err_json; |
845 | char* enc_meta; | 845 | char* enc_data; |
846 | char* ticket_decoded; | 846 | char* ticket_decoded; |
847 | char* write_ptr; | 847 | char* write_ptr; |
848 | size_t enc_meta_len; | 848 | size_t enc_data_len; |
849 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; | 849 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; |
850 | struct TokenTicket *ticket; | 850 | struct TokenTicket *ticket; |
851 | struct TokenTicketPayload *ticket_payload; | 851 | struct TokenTicketPayload *ticket_payload; |
@@ -863,11 +863,11 @@ ticket_parse (const char *raw_data, | |||
863 | 863 | ||
864 | signature_json = json_object_get (root, "signature"); | 864 | signature_json = json_object_get (root, "signature"); |
865 | ecdh_json = json_object_get (root, "ecdh"); | 865 | ecdh_json = json_object_get (root, "ecdh"); |
866 | enc_meta_json = json_object_get (root, "meta"); | 866 | enc_data_json = json_object_get (root, "data"); |
867 | 867 | ||
868 | signature_enc_str = json_string_value (signature_json); | 868 | signature_enc_str = json_string_value (signature_json); |
869 | ecdh_enc_str = json_string_value (ecdh_json); | 869 | ecdh_enc_str = json_string_value (ecdh_json); |
870 | enc_meta_str = json_string_value (enc_meta_json); | 870 | enc_data_str = json_string_value (enc_data_json); |
871 | 871 | ||
872 | ticket = GNUNET_malloc (sizeof (struct TokenTicket)); | 872 | ticket = GNUNET_malloc (sizeof (struct TokenTicket)); |
873 | 873 | ||
@@ -876,12 +876,12 @@ ticket_parse (const char *raw_data, | |||
876 | &ticket->ecdh_pubkey, | 876 | &ticket->ecdh_pubkey, |
877 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey))) | 877 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey))) |
878 | { | 878 | { |
879 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH PKEY %s invalid in metadata\n", ecdh_enc_str); | 879 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH PKEY %s invalid in data\n", ecdh_enc_str); |
880 | json_decref (root); | 880 | json_decref (root); |
881 | GNUNET_free (ticket); | 881 | GNUNET_free (ticket); |
882 | return GNUNET_SYSERR; | 882 | return GNUNET_SYSERR; |
883 | } | 883 | } |
884 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Using ECDH pubkey %s for metadata decryption\n", ecdh_enc_str); | 884 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Using ECDH pubkey %s for data decryption\n", ecdh_enc_str); |
885 | if (GNUNET_OK != GNUNET_STRINGS_string_to_data (signature_enc_str, | 885 | if (GNUNET_OK != GNUNET_STRINGS_string_to_data (signature_enc_str, |
886 | strlen (signature_enc_str), | 886 | strlen (signature_enc_str), |
887 | &ticket->signature, | 887 | &ticket->signature, |
@@ -890,43 +890,42 @@ ticket_parse (const char *raw_data, | |||
890 | json_decref (root); | 890 | json_decref (root); |
891 | GNUNET_free (ticket_decoded); | 891 | GNUNET_free (ticket_decoded); |
892 | GNUNET_free (ticket); | 892 | GNUNET_free (ticket); |
893 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH signature invalid in metadata\n"); | 893 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH signature invalid in data\n"); |
894 | return GNUNET_SYSERR; | 894 | return GNUNET_SYSERR; |
895 | } | 895 | } |
896 | 896 | ||
897 | enc_meta_len = GNUNET_STRINGS_base64_decode (enc_meta_str, | 897 | enc_data_len = GNUNET_STRINGS_base64_decode (enc_data_str, |
898 | strlen (enc_meta_str), | 898 | strlen (enc_data_str), |
899 | &enc_meta); | 899 | &enc_data); |
900 | 900 | ||
901 | 901 | ||
902 | if (GNUNET_OK != ticket_payload_parse (enc_meta, | 902 | if (GNUNET_OK != ticket_payload_parse (enc_data, |
903 | enc_meta_len, | 903 | enc_data_len, |
904 | priv_key, | 904 | priv_key, |
905 | (const struct GNUNET_CRYPTO_EcdhePublicKey*)&ticket->ecdh_pubkey, | 905 | (const struct GNUNET_CRYPTO_EcdhePublicKey*)&ticket->ecdh_pubkey, |
906 | &ticket_payload)) | 906 | &ticket_payload)) |
907 | { | 907 | { |
908 | json_decref (root); | 908 | json_decref (root); |
909 | GNUNET_free (enc_meta); | 909 | GNUNET_free (enc_data); |
910 | GNUNET_free (ticket_decoded); | 910 | GNUNET_free (ticket_decoded); |
911 | GNUNET_free (ticket); | 911 | GNUNET_free (ticket); |
912 | return GNUNET_SYSERR; | 912 | return GNUNET_SYSERR; |
913 | } | 913 | } |
914 | 914 | ||
915 | ticket->payload = ticket_payload; | 915 | ticket->payload = ticket_payload; |
916 | //TODO: check signature here | ||
917 | purpose = | 916 | purpose = |
918 | GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | 917 | GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
919 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + //E | 918 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + //E |
920 | enc_meta_len); // E_K (code_str) | 919 | enc_data_len); // E_K (code_str) |
921 | purpose->size = | 920 | purpose->size = |
922 | htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | 921 | htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
923 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + | 922 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + |
924 | enc_meta_len); | 923 | enc_data_len); |
925 | purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET); | 924 | purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET); |
926 | write_ptr = (char*) &purpose[1]; | 925 | write_ptr = (char*) &purpose[1]; |
927 | memcpy (write_ptr, &ticket->ecdh_pubkey, sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | 926 | memcpy (write_ptr, &ticket->ecdh_pubkey, sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); |
928 | write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey); | 927 | write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey); |
929 | memcpy (write_ptr, enc_meta, enc_meta_len); | 928 | memcpy (write_ptr, enc_data, enc_data_len); |
930 | 929 | ||
931 | if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET, | 930 | if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET, |
932 | purpose, | 931 | purpose, |
@@ -944,7 +943,7 @@ ticket_parse (const char *raw_data, | |||
944 | *result = ticket; | 943 | *result = ticket; |
945 | GNUNET_free (purpose); | 944 | GNUNET_free (purpose); |
946 | 945 | ||
947 | GNUNET_free (enc_meta); | 946 | GNUNET_free (enc_data); |
948 | GNUNET_free (ticket_decoded); | 947 | GNUNET_free (ticket_decoded); |
949 | json_decref (root); | 948 | json_decref (root); |
950 | return GNUNET_OK; | 949 | return GNUNET_OK; |