diff options
Diffstat (limited to 'src/identity-provider/identity_token.c')
| -rw-r--r-- | src/identity-provider/identity_token.c | 62 |
1 files changed, 36 insertions, 26 deletions
diff --git a/src/identity-provider/identity_token.c b/src/identity-provider/identity_token.c index 10e142ca0..6cf0d4222 100644 --- a/src/identity-provider/identity_token.c +++ b/src/identity-provider/identity_token.c | |||
| @@ -167,7 +167,8 @@ encrypt_str_ecdhe (const char *plaintext, | |||
| 167 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Encrypting string %s\n (len=%d)", | 167 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Encrypting string %s\n (len=%d)", |
| 168 | plaintext, | 168 | plaintext, |
| 169 | strlen (plaintext)); | 169 | strlen (plaintext)); |
| 170 | enc_size = GNUNET_CRYPTO_symmetric_encrypt (plaintext, strlen (plaintext), | 170 | enc_size = GNUNET_CRYPTO_symmetric_encrypt (plaintext, |
| 171 | strlen (plaintext), | ||
| 171 | &skey, &iv, | 172 | &skey, &iv, |
| 172 | *cyphertext); | 173 | *cyphertext); |
| 173 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Encrypted (len=%d)", enc_size); | 174 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Encrypted (len=%d)", enc_size); |
| @@ -494,14 +495,16 @@ ticket_payload_create (const char* nonce, | |||
| 494 | void | 495 | void |
| 495 | ticket_payload_destroy (struct TokenTicketPayload* payload) | 496 | ticket_payload_destroy (struct TokenTicketPayload* payload) |
| 496 | { | 497 | { |
| 497 | GNUNET_free (payload->nonce); | 498 | if (NULL != payload->nonce) |
| 498 | GNUNET_free (payload->label); | 499 | GNUNET_free (payload->nonce); |
| 500 | if (NULL != payload->label) | ||
| 501 | GNUNET_free (payload->label); | ||
| 499 | GNUNET_free (payload); | 502 | GNUNET_free (payload); |
| 500 | } | 503 | } |
| 501 | 504 | ||
| 502 | void | 505 | void |
| 503 | ticket_payload_serialize (struct TokenTicketPayload *payload, | 506 | ticket_payload_serialize (struct TokenTicketPayload *payload, |
| 504 | char **result) | 507 | char **result) |
| 505 | { | 508 | { |
| 506 | char* identity_key_str; | 509 | char* identity_key_str; |
| 507 | 510 | ||
| @@ -525,17 +528,17 @@ ticket_payload_serialize (struct TokenTicketPayload *payload, | |||
| 525 | */ | 528 | */ |
| 526 | struct TokenTicket* | 529 | struct TokenTicket* |
| 527 | ticket_create (const char* nonce_str, | 530 | ticket_create (const char* nonce_str, |
| 528 | const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, | 531 | const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, |
| 529 | const char* lbl_str, | 532 | const char* lbl_str, |
| 530 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key) | 533 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key) |
| 531 | { | 534 | { |
| 532 | struct TokenTicket *ticket; | 535 | struct TokenTicket *ticket; |
| 533 | struct TokenTicketPayload *code_payload; | 536 | struct TokenTicketPayload *code_payload; |
| 534 | 537 | ||
| 535 | ticket = GNUNET_malloc (sizeof (struct TokenTicket)); | 538 | ticket = GNUNET_malloc (sizeof (struct TokenTicket)); |
| 536 | code_payload = ticket_payload_create (nonce_str, | 539 | code_payload = ticket_payload_create (nonce_str, |
| 537 | identity_pkey, | 540 | identity_pkey, |
| 538 | lbl_str); | 541 | lbl_str); |
| 539 | ticket->aud_key = *aud_key; | 542 | ticket->aud_key = *aud_key; |
| 540 | ticket->payload = code_payload; | 543 | ticket->payload = code_payload; |
| 541 | 544 | ||
| @@ -552,8 +555,8 @@ ticket_destroy (struct TokenTicket *ticket) | |||
| 552 | 555 | ||
| 553 | int | 556 | int |
| 554 | ticket_serialize (struct TokenTicket *ticket, | 557 | ticket_serialize (struct TokenTicket *ticket, |
| 555 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 558 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
| 556 | char **result) | 559 | char **result) |
| 557 | { | 560 | { |
| 558 | char *code_payload_str; | 561 | char *code_payload_str; |
| 559 | char *enc_ticket_payload; | 562 | char *enc_ticket_payload; |
| @@ -567,7 +570,7 @@ ticket_serialize (struct TokenTicket *ticket, | |||
| 567 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; | 570 | struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; |
| 568 | 571 | ||
| 569 | ticket_payload_serialize (ticket->payload, | 572 | ticket_payload_serialize (ticket->payload, |
| 570 | &code_payload_str); | 573 | &code_payload_str); |
| 571 | 574 | ||
| 572 | GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (code_payload_str, | 575 | GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (code_payload_str, |
| 573 | &ticket->aud_key, | 576 | &ticket->aud_key, |
| @@ -594,7 +597,7 @@ ticket_serialize (struct TokenTicket *ticket, | |||
| 594 | memcpy (write_ptr, enc_ticket_payload, strlen (code_payload_str)); | 597 | memcpy (write_ptr, enc_ticket_payload, strlen (code_payload_str)); |
| 595 | GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_sign (priv_key, | 598 | GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_sign (priv_key, |
| 596 | purpose, | 599 | purpose, |
| 597 | &ticket->signature)); | 600 | &ticket->signature)); |
| 598 | GNUNET_STRINGS_base64_encode (enc_ticket_payload, | 601 | GNUNET_STRINGS_base64_encode (enc_ticket_payload, |
| 599 | strlen (code_payload_str), | 602 | strlen (code_payload_str), |
| 600 | &ticket_payload_str); | 603 | &ticket_payload_str); |
| @@ -619,10 +622,10 @@ ticket_serialize (struct TokenTicket *ticket, | |||
| 619 | 622 | ||
| 620 | int | 623 | int |
| 621 | ticket_payload_parse(const char *raw_data, | 624 | ticket_payload_parse(const char *raw_data, |
| 622 | ssize_t data_len, | 625 | ssize_t data_len, |
| 623 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 626 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
| 624 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecdhe_pkey, | 627 | const struct GNUNET_CRYPTO_EcdhePublicKey *ecdhe_pkey, |
| 625 | struct TokenTicketPayload **result) | 628 | struct TokenTicketPayload **result) |
| 626 | { | 629 | { |
| 627 | const char* label_str; | 630 | const char* label_str; |
| 628 | const char* nonce_str; | 631 | const char* nonce_str; |
| @@ -699,8 +702,8 @@ ticket_payload_parse(const char *raw_data, | |||
| 699 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Found nonce: %s\n", nonce_str); | 702 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Found nonce: %s\n", nonce_str); |
| 700 | 703 | ||
| 701 | *result = ticket_payload_create (nonce_str, | 704 | *result = ticket_payload_create (nonce_str, |
| 702 | (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey, | 705 | (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey, |
| 703 | label_str); | 706 | label_str); |
| 704 | GNUNET_free (meta_str); | 707 | GNUNET_free (meta_str); |
| 705 | json_decref (root); | 708 | json_decref (root); |
| 706 | return GNUNET_OK; | 709 | return GNUNET_OK; |
| @@ -709,8 +712,8 @@ ticket_payload_parse(const char *raw_data, | |||
| 709 | 712 | ||
| 710 | int | 713 | int |
| 711 | ticket_parse (const char *raw_data, | 714 | ticket_parse (const char *raw_data, |
| 712 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, | 715 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, |
| 713 | struct TokenTicket **result) | 716 | struct TokenTicket **result) |
| 714 | { | 717 | { |
| 715 | const char* enc_meta_str; | 718 | const char* enc_meta_str; |
| 716 | const char* ecdh_enc_str; | 719 | const char* ecdh_enc_str; |
| @@ -778,11 +781,18 @@ ticket_parse (const char *raw_data, | |||
| 778 | &enc_meta); | 781 | &enc_meta); |
| 779 | 782 | ||
| 780 | 783 | ||
| 781 | ticket_payload_parse (enc_meta, | 784 | if (GNUNET_OK != ticket_payload_parse (enc_meta, |
| 782 | enc_meta_len, | 785 | enc_meta_len, |
| 783 | priv_key, | 786 | priv_key, |
| 784 | (const struct GNUNET_CRYPTO_EcdhePublicKey*)&ticket->ecdh_pubkey, | 787 | (const struct GNUNET_CRYPTO_EcdhePublicKey*)&ticket->ecdh_pubkey, |
| 785 | &ticket_payload); | 788 | &ticket_payload)) |
| 789 | { | ||
| 790 | json_decref (root); | ||
| 791 | GNUNET_free (enc_meta); | ||
| 792 | GNUNET_free (ticket_decoded); | ||
| 793 | GNUNET_free (ticket); | ||
| 794 | return GNUNET_SYSERR; | ||
| 795 | } | ||
| 786 | 796 | ||
| 787 | ticket->payload = ticket_payload; | 797 | ticket->payload = ticket_payload; |
| 788 | //TODO: check signature here | 798 | //TODO: check signature here |