From 814b5e47aa0a9e154e3226539648d78d3ce2c293 Mon Sep 17 00:00:00 2001
From: Martin Schanzenbach <mschanzenbach@posteo.de>
Date: Sun, 24 Jan 2016 10:44:10 +0000
Subject: [PATCH] - fix

---
 .../gnunet-service-identity-provider.c        | 11 +++--
 src/identity-provider/identity_provider.h     |  4 +-
 src/identity-provider/identity_provider_api.c |  4 +-
 src/identity-provider/identity_token.c        | 17 ++++----
 src/identity-provider/identity_token.h        |  6 +--
 .../plugin_rest_identity_provider.c           | 40 ++++++++++++++++++-
 .../gnunet_identity_provider_service.h        |  3 +-
 7 files changed, 64 insertions(+), 21 deletions(-)

diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c
index 3ce99bfd4..05b73db1a 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -876,7 +876,8 @@ do_shutdown (void *cls,
 
 static struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage*
 create_exchange_result_message (const char* token,
-                                const char* label)
+                                const char* label,
+                                uint64_t ticket_nonce)
 {
   struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage *erm;
   uint16_t token_len = strlen (token) + 1;
@@ -885,6 +886,7 @@ create_exchange_result_message (const char* token,
   erm->header.type = htons (GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_EXCHANGE_RESULT);
   erm->header.size = htons (sizeof (struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage) 
                             + token_len);
+  erm->ticket_nonce = htonl (ticket_nonce);
   memcpy (&erm[1], token, token_len);
   return erm;
 }
@@ -1007,12 +1009,12 @@ sign_and_return_token (void *cls,
 
   //Remote nonce 
   nonce_str = NULL;
-  GNUNET_asprintf (&nonce_str, "%d", handle->nonce);
+  GNUNET_asprintf (&nonce_str, "%lu", handle->nonce);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Request nonce: %s\n", nonce_str);
 
   GNUNET_CRYPTO_ecdsa_key_get_public (&handle->iss_key,
                                       &pub_key);
-  handle->ticket = ticket_create (nonce_str,
+  handle->ticket = ticket_create (handle->nonce,
                                   &pub_key,
                                   handle->label,
                                   &handle->aud_key);
@@ -1190,7 +1192,8 @@ process_lookup_result (void *cls, uint32_t rd_count,
                                                &token_str));
 
   erm = create_exchange_result_message (token_str,
-                                        handle->label);
+                                        handle->label,
+                                        handle->ticket->payload->nonce);
   GNUNET_SERVER_notification_context_unicast (nc,
                                               handle->client,
                                               &erm->header,
diff --git a/src/identity-provider/identity_provider.h b/src/identity-provider/identity_provider.h
index 067e5aedf..682a20760 100644
--- a/src/identity-provider/identity_provider.h
+++ b/src/identity-provider/identity_provider.h
@@ -81,10 +81,10 @@ struct GNUNET_IDENTITY_PROVIDER_ExchangeResultMessage
   struct GNUNET_MessageHeader header;
 
   /**
-   * Number of bytes in token string including 0-termination, in NBO;
+   * Nonce found in ticket. NBO
    * 0 on error.
    */
-  uint16_t name_len GNUNET_PACKED;
+  uint64_t ticket_nonce GNUNET_PACKED;
 
   /* followed by 0-terminated token */
 
diff --git a/src/identity-provider/identity_provider_api.c b/src/identity-provider/identity_provider_api.c
index 543ee406d..f702ba890 100644
--- a/src/identity-provider/identity_provider_api.c
+++ b/src/identity-provider/identity_provider_api.c
@@ -197,6 +197,7 @@ message_handler (void *cls,
   char *token_str;
   char *label_str;
   uint16_t size;
+  uint64_t ticket_nonce;
 
   if (NULL == msg)
   {
@@ -295,8 +296,9 @@ message_handler (void *cls,
     GNUNET_CLIENT_receive (h->client, &message_handler, h,
 			   GNUNET_TIME_UNIT_FOREVER_REL);
     token.data = str;
+    ticket_nonce = ntohl (erm->ticket_nonce);
     if (NULL != op->ex_cb)
-      op->ex_cb (op->cls, &token);
+      op->ex_cb (op->cls, &token, ticket_nonce);
     GNUNET_free (op);
     break;
   
diff --git a/src/identity-provider/identity_token.c b/src/identity-provider/identity_token.c
index 2ca7b9d92..41731bbf4 100644
--- a/src/identity-provider/identity_token.c
+++ b/src/identity-provider/identity_token.c
@@ -597,14 +597,14 @@ token_serialize (const struct IdentityToken *token,
 }
 
 struct TokenTicketPayload*
-ticket_payload_create (const char* nonce,
+ticket_payload_create (uint64_t nonce,
                        const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey,
                        const char* lbl_str)
 {
   struct TokenTicketPayload* payload;
 
   payload = GNUNET_malloc (sizeof (struct TokenTicketPayload));
-  GNUNET_asprintf (&payload->nonce, nonce, strlen (nonce));
+  payload->nonce = nonce;
   payload->identity_key = *identity_pkey;
   GNUNET_asprintf (&payload->label, lbl_str, strlen (lbl_str));
   return payload;
@@ -613,8 +613,6 @@ ticket_payload_create (const char* nonce,
 void
 ticket_payload_destroy (struct TokenTicketPayload* payload)
 {
-  if (NULL != payload->nonce)
-    GNUNET_free (payload->nonce);
   if (NULL != payload->label)
     GNUNET_free (payload->label);
   GNUNET_free (payload);
@@ -630,7 +628,7 @@ ticket_payload_serialize (struct TokenTicketPayload *payload,
                                                           sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
 
   GNUNET_asprintf (result, 
-                   "{\"nonce\": \"%u\",\"identity\": \"%s\",\"label\": \"%s\"}",
+                   "{\"nonce\": \"%lu\",\"identity\": \"%s\",\"label\": \"%s\"}",
                    payload->nonce, identity_key_str, payload->label);
   GNUNET_free (identity_key_str);
 
@@ -645,7 +643,7 @@ ticket_payload_serialize (struct TokenTicketPayload *payload,
  * data and E
  */
 struct TokenTicket*
-ticket_create (const char* nonce_str,
+ticket_create (uint64_t nonce,
                const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey,
                const char* lbl_str,
                const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key)
@@ -654,7 +652,7 @@ ticket_create (const char* nonce_str,
   struct TokenTicketPayload *code_payload;
 
   ticket = GNUNET_malloc (sizeof (struct TokenTicket));
-  code_payload = ticket_payload_create (nonce_str,
+  code_payload = ticket_payload_create (nonce,
                                         identity_pkey,
                                         lbl_str);
   ticket->aud_key = *aud_key;
@@ -755,6 +753,7 @@ ticket_payload_parse(const char *raw_data,
   json_t *nonce_json;
   json_error_t err_json;
   char* data_str;
+  uint64_t nonce;
   struct GNUNET_CRYPTO_EcdsaPublicKey id_pkey;
 
   if (GNUNET_OK != decrypt_str_ecdhe (priv_key,
@@ -818,8 +817,10 @@ ticket_payload_parse(const char *raw_data,
 
   nonce_str = json_string_value (nonce_json);
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found nonce: %s\n", nonce_str);
+  
+  GNUNET_assert (0 != sscanf (nonce_str, "%lu", &nonce));
 
-  *result = ticket_payload_create (nonce_str,
+  *result = ticket_payload_create (nonce,
                                    (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey,
                                    label_str);
   GNUNET_free (data_str);
diff --git a/src/identity-provider/identity_token.h b/src/identity-provider/identity_token.h
index e8e52c03e..6cd08dbaa 100644
--- a/src/identity-provider/identity_token.h
+++ b/src/identity-provider/identity_token.h
@@ -110,7 +110,7 @@ struct TokenTicketPayload
   /**
    * Nonce
    */
-  char* nonce;
+  uint64_t nonce;
 
   /**
    * Label
@@ -293,7 +293,7 @@ token_parse2 (const char* data,
  * Creates a ticket that can be exchanged by the audience for 
  * the token. The token must be placed under the label
  *
- * @param nonce_str nonce provided by the audience that requested the ticket
+ * @param nonce nonce provided by the audience that requested the ticket
  * @param iss_pkey the issuer pubkey used to sign the ticket
  * @param label the label encoded in the ticket
  * @param aud_ley the audience pubkey used to encrypt the ticket payload
@@ -301,7 +301,7 @@ token_parse2 (const char* data,
  * @return the ticket
  */
 struct TokenTicket*
-ticket_create (const char* nonce_str,
+ticket_create (uint64_t nonce,
                const struct GNUNET_CRYPTO_EcdsaPublicKey* iss_pkey,
                const char* lbl_str,
                const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key);
diff --git a/src/identity-provider/plugin_rest_identity_provider.c b/src/identity-provider/plugin_rest_identity_provider.c
index 161d61931..0110ba024 100644
--- a/src/identity-provider/plugin_rest_identity_provider.c
+++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -61,6 +61,11 @@
  */
 #define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET "ticket"
 
+/**
+ * The parameter name in which the expected nonce must be provided
+ */
+#define GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE "expected_nonce"
+
 /**
  * The parameter name in which the ticket must be provided
  */
@@ -767,13 +772,44 @@ list_token_cont (struct RestConnectionDataHandle *con_handle,
  */
 static void
 exchange_cont (void *cls,
-               const struct GNUNET_IDENTITY_PROVIDER_Token *token)
+               const struct GNUNET_IDENTITY_PROVIDER_Token *token,
+               uint64_t ticket_nonce)
 {
   json_t *root;
   struct RequestHandle *handle = cls;
   struct MHD_Response *resp;
+  struct GNUNET_HashCode key;
   char* result;
   char* token_str;
+  char* nonce_str;
+  uint64_t expected_nonce;
+  
+  //Get nonce
+  GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE,
+                      strlen (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_EXPECTED_NONCE),
+                      &key);
+
+  if ( GNUNET_NO ==
+       GNUNET_CONTAINER_multihashmap_contains (handle->conndata_handle->url_param_map,
+                                               &key) )
+  {
+    handle->emsg = GNUNET_strdup ("No nonce given.");
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
+  nonce_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
+                                                  &key);
+  GNUNET_assert (1 == sscanf (nonce_str, "%lu", &expected_nonce));
+
+  if (ticket_nonce != expected_nonce)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Ticket nonce %lu does not match expected nonce %lu\n",
+                ticket_nonce, expected_nonce);
+    handle->emsg = GNUNET_strdup ("Ticket nonce does not match expected nonce\n");
+    GNUNET_SCHEDULER_add_now (&do_error, handle);
+    return;
+  }
 
   root = json_object ();
   token_str = GNUNET_IDENTITY_PROVIDER_token_to_string (token);
@@ -820,6 +856,7 @@ exchange_token_ticket_cb (void *cls,
     return;
   }
 
+  //Get ticket
   GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET,
                       strlen (GNUNET_REST_JSONAPI_IDENTITY_PROVIDER_TICKET),
                       &key);
@@ -834,7 +871,6 @@ exchange_token_ticket_cb (void *cls,
   }
   ticket_str = GNUNET_CONTAINER_multihashmap_get (handle->conndata_handle->url_param_map,
                                                   &key);
-
   handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego);
   GNUNET_IDENTITY_PROVIDER_string_to_ticket (ticket_str,
                                              &ticket);
diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h
index bcebb0460..e533f6f8c 100644
--- a/src/include/gnunet_identity_provider_service.h
+++ b/src/include/gnunet_identity_provider_service.h
@@ -75,7 +75,8 @@ struct GNUNET_IDENTITY_PROVIDER_Operation;
  */
 typedef void
 (*GNUNET_IDENTITY_PROVIDER_ExchangeCallback)(void *cls,
-                            const struct GNUNET_IDENTITY_PROVIDER_Token *token);
+                            const struct GNUNET_IDENTITY_PROVIDER_Token *token,
+                            uint64_t ticket_nonce);
 
 /**
  * Method called when a token has been issued.
-- 
2.25.1