diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/include/gnunet_crypto_lib.h | 17 | ||||
-rw-r--r-- | src/reclaim/jwt.c | 16 | ||||
-rw-r--r-- | src/reclaim/jwt.h | 2 | ||||
-rw-r--r-- | src/reclaim/plugin_rest_openid_connect.c | 4 | ||||
-rw-r--r-- | src/util/crypto_hash.c | 26 |
5 files changed, 51 insertions, 14 deletions
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 7b69c157f..8a591fa09 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -726,6 +726,23 @@ GNUNET_CRYPTO_hash_context_abort (struct GNUNET_HashContext *hc); | |||
726 | 726 | ||
727 | 727 | ||
728 | /** | 728 | /** |
729 | * Calculate HMAC of a message (RFC 2104) | ||
730 | * TODO: Shouldn' this be the standard hmac function and | ||
731 | * the above be renamed? | ||
732 | * | ||
733 | * @param key secret key | ||
734 | * @param key_len secret key length | ||
735 | * @param plaintext input plaintext | ||
736 | * @param plaintext_len length of @a plaintext | ||
737 | * @param hmac where to store the hmac | ||
738 | */ | ||
739 | void | ||
740 | GNUNET_CRYPTO_hmac_raw (const void *key, size_t key_len, | ||
741 | const void *plaintext, size_t plaintext_len, | ||
742 | struct GNUNET_HashCode *hmac); | ||
743 | |||
744 | |||
745 | /** | ||
729 | * @ingroup hash | 746 | * @ingroup hash |
730 | * Calculate HMAC of a message (RFC 2104) | 747 | * Calculate HMAC of a message (RFC 2104) |
731 | * | 748 | * |
diff --git a/src/reclaim/jwt.c b/src/reclaim/jwt.c index 45b5d73f6..ec1e6d098 100644 --- a/src/reclaim/jwt.c +++ b/src/reclaim/jwt.c | |||
@@ -65,8 +65,8 @@ create_jwt_header(void) | |||
65 | char* | 65 | char* |
66 | jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | 66 | jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, |
67 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, | 67 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, |
68 | const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, | 68 | const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, |
69 | const struct GNUNET_CRYPTO_AuthKey *priv_key) | 69 | const char *secret_key) |
70 | { | 70 | { |
71 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; | 71 | struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le; |
72 | struct GNUNET_HashCode signature; | 72 | struct GNUNET_HashCode signature; |
@@ -89,12 +89,12 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
89 | //nonce only if nonce | 89 | //nonce only if nonce |
90 | // OPTIONAL acr,amr,azp | 90 | // OPTIONAL acr,amr,azp |
91 | subject = GNUNET_STRINGS_data_to_string_alloc (&sub_key, | 91 | subject = GNUNET_STRINGS_data_to_string_alloc (&sub_key, |
92 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | 92 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); |
93 | audience = GNUNET_STRINGS_data_to_string_alloc (aud_key, | 93 | audience = GNUNET_STRINGS_data_to_string_alloc (aud_key, |
94 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | 94 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); |
95 | header = create_jwt_header (); | 95 | header = create_jwt_header (); |
96 | body = json_object (); | 96 | body = json_object (); |
97 | 97 | ||
98 | //iss REQUIRED case sensitive server uri with https | 98 | //iss REQUIRED case sensitive server uri with https |
99 | //The issuer is the local reclaim instance (e.g. https://reclaim.id/api/openid) | 99 | //The issuer is the local reclaim instance (e.g. https://reclaim.id/api/openid) |
100 | json_object_set_new (body, | 100 | json_object_set_new (body, |
@@ -108,8 +108,8 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
108 | for (le = attrs->list_head; NULL != le; le = le->next) | 108 | for (le = attrs->list_head; NULL != le; le = le->next) |
109 | { | 109 | { |
110 | attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, | 110 | attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type, |
111 | le->claim->data, | 111 | le->claim->data, |
112 | le->claim->data_size); | 112 | le->claim->data_size); |
113 | json_object_set_new (body, | 113 | json_object_set_new (body, |
114 | le->claim->name, | 114 | le->claim->name, |
115 | json_string (attr_val_str)); | 115 | json_string (attr_val_str)); |
@@ -142,8 +142,8 @@ jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | |||
142 | * Creating the JWT signature. This might not be | 142 | * Creating the JWT signature. This might not be |
143 | * standards compliant, check. | 143 | * standards compliant, check. |
144 | */ | 144 | */ |
145 | GNUNET_asprintf (&signature_target, "%s,%s", header_base64, body_base64); | 145 | GNUNET_asprintf (&signature_target, "%s.%s", header_base64, body_base64); |
146 | GNUNET_CRYPTO_hmac (priv_key, signature_target, strlen (signature_target), &signature); | 146 | GNUNET_CRYPTO_hmac_raw (secret_key, strlen (secret_key), signature_target, strlen (signature_target), &signature); |
147 | GNUNET_STRINGS_base64_encode ((const char*)&signature, | 147 | GNUNET_STRINGS_base64_encode ((const char*)&signature, |
148 | sizeof (struct GNUNET_HashCode), | 148 | sizeof (struct GNUNET_HashCode), |
149 | &signature_base64); | 149 | &signature_base64); |
diff --git a/src/reclaim/jwt.h b/src/reclaim/jwt.h index 4b0b01be3..39b4e2f3c 100644 --- a/src/reclaim/jwt.h +++ b/src/reclaim/jwt.h | |||
@@ -5,6 +5,6 @@ char* | |||
5 | jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | 5 | jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, |
6 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, | 6 | const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key, |
7 | const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, | 7 | const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs, |
8 | const struct GNUNET_CRYPTO_AuthKey *priv_key); | 8 | const char* secret_key); |
9 | 9 | ||
10 | #endif | 10 | #endif |
diff --git a/src/reclaim/plugin_rest_openid_connect.c b/src/reclaim/plugin_rest_openid_connect.c index 6aa2cd907..5a34e5b72 100644 --- a/src/reclaim/plugin_rest_openid_connect.c +++ b/src/reclaim/plugin_rest_openid_connect.c | |||
@@ -1647,14 +1647,12 @@ token_endpoint (struct GNUNET_REST_RequestHandle *con_handle, | |||
1647 | GNUNET_free(ticket); | 1647 | GNUNET_free(ticket); |
1648 | return; | 1648 | return; |
1649 | } | 1649 | } |
1650 | struct GNUNET_CRYPTO_AuthKey jwt_sign_key; | ||
1651 | struct GNUNET_CRYPTO_EcdsaPublicKey pk; | 1650 | struct GNUNET_CRYPTO_EcdsaPublicKey pk; |
1652 | GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pk); | 1651 | GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pk); |
1653 | GNUNET_CRYPTO_hash (jwt_secret, strlen (jwt_secret), (struct GNUNET_HashCode*)jwt_sign_key.key); | ||
1654 | char *id_token = jwt_create_from_list(&ticket->audience, | 1652 | char *id_token = jwt_create_from_list(&ticket->audience, |
1655 | &pk, | 1653 | &pk, |
1656 | cl, | 1654 | cl, |
1657 | &jwt_sign_key); | 1655 | jwt_secret); |
1658 | 1656 | ||
1659 | //Create random access_token | 1657 | //Create random access_token |
1660 | char* access_token_number; | 1658 | char* access_token_number; |
diff --git a/src/util/crypto_hash.c b/src/util/crypto_hash.c index 8410b7835..fe1f58df7 100644 --- a/src/util/crypto_hash.c +++ b/src/util/crypto_hash.c | |||
@@ -365,14 +365,17 @@ GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key, | |||
365 | 365 | ||
366 | /** | 366 | /** |
367 | * Calculate HMAC of a message (RFC 2104) | 367 | * Calculate HMAC of a message (RFC 2104) |
368 | * TODO: Shouldn' this be the standard hmac function and | ||
369 | * the above be renamed? | ||
368 | * | 370 | * |
369 | * @param key secret key | 371 | * @param key secret key |
372 | * @param key_len secret key length | ||
370 | * @param plaintext input plaintext | 373 | * @param plaintext input plaintext |
371 | * @param plaintext_len length of @a plaintext | 374 | * @param plaintext_len length of @a plaintext |
372 | * @param hmac where to store the hmac | 375 | * @param hmac where to store the hmac |
373 | */ | 376 | */ |
374 | void | 377 | void |
375 | GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key, | 378 | GNUNET_CRYPTO_hmac_raw (const void *key, size_t key_len, |
376 | const void *plaintext, size_t plaintext_len, | 379 | const void *plaintext, size_t plaintext_len, |
377 | struct GNUNET_HashCode *hmac) | 380 | struct GNUNET_HashCode *hmac) |
378 | { | 381 | { |
@@ -390,7 +393,7 @@ GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key, | |||
390 | { | 393 | { |
391 | gcry_md_reset (md); | 394 | gcry_md_reset (md); |
392 | } | 395 | } |
393 | gcry_md_setkey (md, key->key, sizeof (key->key)); | 396 | gcry_md_setkey (md, key, key_len); |
394 | gcry_md_write (md, plaintext, plaintext_len); | 397 | gcry_md_write (md, plaintext, plaintext_len); |
395 | mc = gcry_md_read (md, GCRY_MD_SHA512); | 398 | mc = gcry_md_read (md, GCRY_MD_SHA512); |
396 | GNUNET_assert (NULL != mc); | 399 | GNUNET_assert (NULL != mc); |
@@ -399,6 +402,25 @@ GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key, | |||
399 | 402 | ||
400 | 403 | ||
401 | /** | 404 | /** |
405 | * Calculate HMAC of a message (RFC 2104) | ||
406 | * | ||
407 | * @param key secret key | ||
408 | * @param plaintext input plaintext | ||
409 | * @param plaintext_len length of @a plaintext | ||
410 | * @param hmac where to store the hmac | ||
411 | */ | ||
412 | void | ||
413 | GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key, | ||
414 | const void *plaintext, size_t plaintext_len, | ||
415 | struct GNUNET_HashCode *hmac) | ||
416 | { | ||
417 | GNUNET_CRYPTO_hmac_raw ((void*) key->key, sizeof (key->key), | ||
418 | plaintext, plaintext_len, | ||
419 | hmac); | ||
420 | } | ||
421 | |||
422 | |||
423 | /** | ||
402 | * Context for cummulative hashing. | 424 | * Context for cummulative hashing. |
403 | */ | 425 | */ |
404 | struct GNUNET_HashContext | 426 | struct GNUNET_HashContext |