[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnunet] branch master updated: add more general HMAC funct
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnunet] branch master updated: add more general HMAC function for JWTs |
|
Date: |
Sat, 21 Jul 2018 08:00:56 +0200 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
The following commit(s) were added to refs/heads/master by this push:
new ee4adf976 add more general HMAC function for JWTs
ee4adf976 is described below
commit ee4adf9768a740c3d79b854453eb8bc0f5c14d30
Author: Schanzenbach, Martin <address@hidden>
AuthorDate: Sat Jul 21 08:00:49 2018 +0200
add more general HMAC function for JWTs
---
src/include/gnunet_crypto_lib.h | 17 +++++++++++++++++
src/reclaim/jwt.c | 16 ++++++++--------
src/reclaim/jwt.h | 2 +-
src/reclaim/plugin_rest_openid_connect.c | 4 +---
src/util/crypto_hash.c | 26 ++++++++++++++++++++++++--
5 files changed, 51 insertions(+), 14 deletions(-)
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 7b69c157f..8a591fa09 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -726,6 +726,23 @@ GNUNET_CRYPTO_hash_context_abort (struct
GNUNET_HashContext *hc);
/**
+ * Calculate HMAC of a message (RFC 2104)
+ * TODO: Shouldn' this be the standard hmac function and
+ * the above be renamed?
+ *
+ * @param key secret key
+ * @param key_len secret key length
+ * @param plaintext input plaintext
+ * @param plaintext_len length of @a plaintext
+ * @param hmac where to store the hmac
+ */
+void
+GNUNET_CRYPTO_hmac_raw (const void *key, size_t key_len,
+ const void *plaintext, size_t plaintext_len,
+ struct GNUNET_HashCode *hmac);
+
+
+/**
* @ingroup hash
* Calculate HMAC of a message (RFC 2104)
*
diff --git a/src/reclaim/jwt.c b/src/reclaim/jwt.c
index 45b5d73f6..ec1e6d098 100644
--- a/src/reclaim/jwt.c
+++ b/src/reclaim/jwt.c
@@ -65,8 +65,8 @@ create_jwt_header(void)
char*
jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
- const struct
GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
- const struct
GNUNET_CRYPTO_AuthKey *priv_key)
+ const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+ const char *secret_key)
{
struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
struct GNUNET_HashCode signature;
@@ -89,12 +89,12 @@ jwt_create_from_list (const struct
GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
//nonce only if nonce
// OPTIONAL acr,amr,azp
subject = GNUNET_STRINGS_data_to_string_alloc (&sub_key,
- sizeof (struct
GNUNET_CRYPTO_EcdsaPublicKey));
+ sizeof (struct
GNUNET_CRYPTO_EcdsaPublicKey));
audience = GNUNET_STRINGS_data_to_string_alloc (aud_key,
sizeof (struct
GNUNET_CRYPTO_EcdsaPublicKey));
header = create_jwt_header ();
body = json_object ();
-
+
//iss REQUIRED case sensitive server uri with https
//The issuer is the local reclaim instance (e.g.
https://reclaim.id/api/openid)
json_object_set_new (body,
@@ -108,8 +108,8 @@ jwt_create_from_list (const struct
GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
for (le = attrs->list_head; NULL != le; le = le->next)
{
attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type,
- le->claim->data,
-
le->claim->data_size);
+ le->claim->data,
+
le->claim->data_size);
json_object_set_new (body,
le->claim->name,
json_string (attr_val_str));
@@ -142,8 +142,8 @@ jwt_create_from_list (const struct
GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
* Creating the JWT signature. This might not be
* standards compliant, check.
*/
- GNUNET_asprintf (&signature_target, "%s,%s", header_base64, body_base64);
- GNUNET_CRYPTO_hmac (priv_key, signature_target, strlen (signature_target),
&signature);
+ GNUNET_asprintf (&signature_target, "%s.%s", header_base64, body_base64);
+ GNUNET_CRYPTO_hmac_raw (secret_key, strlen (secret_key), signature_target,
strlen (signature_target), &signature);
GNUNET_STRINGS_base64_encode ((const char*)&signature,
sizeof (struct GNUNET_HashCode),
&signature_base64);
diff --git a/src/reclaim/jwt.h b/src/reclaim/jwt.h
index 4b0b01be3..39b4e2f3c 100644
--- a/src/reclaim/jwt.h
+++ b/src/reclaim/jwt.h
@@ -5,6 +5,6 @@ char*
jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
const struct
GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
- const struct
GNUNET_CRYPTO_AuthKey *priv_key);
+ const char* secret_key);
#endif
diff --git a/src/reclaim/plugin_rest_openid_connect.c
b/src/reclaim/plugin_rest_openid_connect.c
index 6aa2cd907..5a34e5b72 100644
--- a/src/reclaim/plugin_rest_openid_connect.c
+++ b/src/reclaim/plugin_rest_openid_connect.c
@@ -1647,14 +1647,12 @@ token_endpoint (struct GNUNET_REST_RequestHandle
*con_handle,
GNUNET_free(ticket);
return;
}
- struct GNUNET_CRYPTO_AuthKey jwt_sign_key;
struct GNUNET_CRYPTO_EcdsaPublicKey pk;
GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pk);
- GNUNET_CRYPTO_hash (jwt_secret, strlen (jwt_secret), (struct
GNUNET_HashCode*)jwt_sign_key.key);
char *id_token = jwt_create_from_list(&ticket->audience,
&pk,
cl,
- &jwt_sign_key);
+ jwt_secret);
//Create random access_token
char* access_token_number;
diff --git a/src/util/crypto_hash.c b/src/util/crypto_hash.c
index 8410b7835..fe1f58df7 100644
--- a/src/util/crypto_hash.c
+++ b/src/util/crypto_hash.c
@@ -365,14 +365,17 @@ GNUNET_CRYPTO_hmac_derive_key_v (struct
GNUNET_CRYPTO_AuthKey *key,
/**
* Calculate HMAC of a message (RFC 2104)
+ * TODO: Shouldn' this be the standard hmac function and
+ * the above be renamed?
*
* @param key secret key
+ * @param key_len secret key length
* @param plaintext input plaintext
* @param plaintext_len length of @a plaintext
* @param hmac where to store the hmac
*/
void
-GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
+GNUNET_CRYPTO_hmac_raw (const void *key, size_t key_len,
const void *plaintext, size_t plaintext_len,
struct GNUNET_HashCode *hmac)
{
@@ -390,7 +393,7 @@ GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
{
gcry_md_reset (md);
}
- gcry_md_setkey (md, key->key, sizeof (key->key));
+ gcry_md_setkey (md, key, key_len);
gcry_md_write (md, plaintext, plaintext_len);
mc = gcry_md_read (md, GCRY_MD_SHA512);
GNUNET_assert (NULL != mc);
@@ -399,6 +402,25 @@ GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey
*key,
/**
+ * Calculate HMAC of a message (RFC 2104)
+ *
+ * @param key secret key
+ * @param plaintext input plaintext
+ * @param plaintext_len length of @a plaintext
+ * @param hmac where to store the hmac
+ */
+void
+GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
+ const void *plaintext, size_t plaintext_len,
+ struct GNUNET_HashCode *hmac)
+{
+ GNUNET_CRYPTO_hmac_raw ((void*) key->key, sizeof (key->key),
+ plaintext, plaintext_len,
+ hmac);
+}
+
+
+/**
* Context for cummulative hashing.
*/
struct GNUNET_HashContext
--
To stop receiving notification emails like this one, please contact
address@hidden
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [gnunet] branch master updated: add more general HMAC function for JWTs,
gnunet <=