static struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage*
create_exchange_result_message (const char* token,
- const char* label)
+ const char* label,
+ uint64_t ticket_nonce)
{
struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage *erm;
uint16_t token_len = strlen (token) + 1;
erm->header.type = htons (GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE_RESULT);
erm->header.size = htons (sizeof (struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage)
+ token_len);
+ erm->ticket_nonce = htonl (ticket_nonce);
memcpy (&erm[1], token, token_len);
return erm;
}
//Remote nonce
nonce_str = NULL;
- GNUNET_asprintf (&nonce_str, "%d", handle->nonce);
+ GNUNET_asprintf (&nonce_str, "%lu", handle->nonce);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str);
GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key,
&pub_key);
- handle->ticket = ticket_create (nonce_str,
+ handle->ticket = ticket_create (handle->nonce,
&pub_key,
handle->label,
&handle->aud_key);
&token_str));
erm = create_exchange_result_message (token_str,
- handle->label);
+ handle->label,
+ handle->ticket->payload->nonce);
GNUNET_SERVER_notification_context_unicast (nc,
handle->client,
&erm->header,
struct GNUNET_MessageHeader header;
/**
- * Number of bytes in token string including 0-termination, in NBO;
+ * Nonce found in ticket. NBO
* 0 on error.
*/
- uint16_t name_len GNUNET_PACKED;
+ uint64_t ticket_nonce GNUNET_PACKED;
/* followed by 0-terminated token */
char *token_str;
char *label_str;
uint16_t size;
+ uint64_t ticket_nonce;
if (NULL == msg)
{
GNUNET_CLIENT_receive (h->client, &message_handler, h,
GNUNET_TIME_UNIT_FOREVER_REL);
token.data = str;
+ ticket_nonce = ntohl (erm->ticket_nonce);
if (NULL != op->ex_cb)
- op->ex_cb (op->cls, &token);
+ op->ex_cb (op->cls, &token, ticket_nonce);
GNUNET_free (op);
break;
}
struct TokenTicketPayload*
-ticket_payload_create (const char* nonce,
+ticket_payload_create (uint64_t nonce,
const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey,
const char* lbl_str)
{
struct TokenTicketPayload* payload;
payload = GNUNET_malloc (sizeof (struct TokenTicketPayload));
- GNUNET_asprintf (&payload->nonce, nonce, strlen (nonce));
+ payload->nonce = nonce;
payload->identity_key = *identity_pkey;
GNUNET_asprintf (&payload->label, lbl_str, strlen (lbl_str));
return payload;
void
ticket_payload_destroy (struct TokenTicketPayload* payload)
{
- if (NULL != payload->nonce)
- GNUNET_free (payload->nonce);
if (NULL != payload->label)
GNUNET_free (payload->label);
GNUNET_free (payload);
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
GNUNET_asprintf (result,
- "{\"nonce\": \"%u\",\"identity\": \"%s\",\"label\": \"%s\"}",
+ "{\"nonce\": \"%lu\",\"identity\": \"%s\",\"label\": \"%s\"}",
payload->nonce, identity_key_str, payload->label);
GNUNET_free (identity_key_str);
* data and E
*/
struct TokenTicket*
-ticket_create (const char* nonce_str,
+ticket_create (uint64_t nonce,
const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey,
const char* lbl_str,
const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key)
struct TokenTicketPayload *code_payload;
ticket = GNUNET_malloc (sizeof (struct TokenTicket));
- code_payload = ticket_payload_create (nonce_str,
+ code_payload = ticket_payload_create (nonce,
identity_pkey,
lbl_str);
ticket->aud_key = *aud_key;
json_t *nonce_json;
json_error_t err_json;
char* data_str;
+ uint64_t nonce;
struct GNUNET_CRYPTO_EcdsaPublicKey id_pkey;
if (GNUNET_OK != decrypt_str_ecdhe (priv_key,
nonce_str = json_string_value (nonce_json);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found nonce: %s\n", nonce_str);
+
+ GNUNET_assert (0 != sscanf (nonce_str, "%lu", &nonce));
- *result = ticket_payload_create (nonce_str,
+ *result = ticket_payload_create (nonce,
(const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey,
label_str);
GNUNET_free (data_str);
/**
* Nonce
*/
- char* nonce;
+ uint64_t nonce;
/**
* Label
* Creates a ticket that can be exchanged by the audience for
* the token. The token must be placed under the label
*
- * @param nonce_str nonce provided by the audience that requested the ticket
+ * @param nonce nonce provided by the audience that requested the ticket
* @param iss_pkey the issuer pubkey used to sign the ticket
* @param label the label encoded in the ticket
* @param aud_ley the audience pubkey used to encrypt the ticket payload
* @return the ticket
*/
struct TokenTicket*
-ticket_create (const char* nonce_str,
+ticket_create (uint64_t nonce,
const struct GNUNET_CRYPTO_EcdsaPublicKey* iss_pkey,
const char* lbl_str,
const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key);
*/
#define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET "ticket"
+/**
+ * The parameter name in which the expected nonce must be provided
+ */
+#define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE "expected_nonce"
+
/**
* The parameter name in which the ticket must be provided
*/
*/
static void
exchange_cont (void *cls,
- const struct GNUNET_IDENTITY_PROVIDER_Token *token)
+ const struct GNUNET_IDENTITY_PROVIDER_Token *token,
+ uint64_t ticket_nonce)
{
json_t *root;
struct RequestHandle *handle = cls;
struct MHD_Response *resp;
+ struct GNUNET_HashCode key;
char* result;
char* token_str;
+ char* nonce_str;
+ uint64_t expected_nonce;
+
+ //Get nonce
+ GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE,
+ strlen (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE),
+ &key);
+
+ if ( GNUNET_NO ==
+ GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map,
+ &key) )
+ {
+ handle->emsg = GNUNET_strdup ("No nonce given.");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ nonce_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
+ &key);
+ GNUNET_assert (1 == sscanf (nonce_str, "%lu", &expected_nonce));
+
+ if (ticket_nonce != expected_nonce)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Ticket nonce %lu does not match expected nonce %lu\n",
+ ticket_nonce, expected_nonce);
+ handle->emsg = GNUNET_strdup ("Ticket nonce does not match expected nonce\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
root = json_object ();
token_str = GNUNET_IDENTITY_PROVIDER_token_to_string (token);
return;
}
+ //Get ticket
GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET,
strlen (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET),
&key);
}
ticket_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
&key);
-
handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego);
GNUNET_IDENTITY_PROVIDER_string_to_ticket (ticket_str,
&ticket);
*/
typedef void
(*GNUNET_IDENTITY_PROVIDER_ExchangeCallback)(void *cls,
- const struct GNUNET_IDENTITY_PROVIDER_Token *token);
+ const struct GNUNET_IDENTITY_PROVIDER_Token *token,
+ uint64_t ticket_nonce);
/**
* Method called when a token has been issued.
projects / oweals / gnunet.git / commitdiff