static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md,
const char *policy, int no_nonce, int cert)
{
int ret = 0;
TS_REQ *ts_req = NULL;
int len;
TS_MSG_IMPRINT *msg_imprint = NULL;
X509_ALGOR *algo = NULL;
unsigned char *data = NULL;
ASN1_OBJECT *policy_obj = NULL;
ASN1_INTEGER *nonce_asn1 = NULL;
if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)
goto err;
if ((ts_req = TS_REQ_new()) == NULL)
goto err;
if (!TS_REQ_set_version(ts_req, 1))
goto err;
if ((msg_imprint = TS_MSG_IMPRINT_new()) == NULL)
goto err;
if ((algo = X509_ALGOR_new()) == NULL)
goto err;
if ((algo->algorithm = OBJ_nid2obj(EVP_MD_type(md))) == NULL)
goto err;
if ((algo->parameter = ASN1_TYPE_new()) == NULL)
goto err;
algo->parameter->type = V_ASN1_NULL;
if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo))
goto err;
if ((len = create_digest(data_bio, digest, md, &data)) == 0)
goto err;
if (!TS_MSG_IMPRINT_set_msg(msg_imprint, data, len))
goto err;
if (!TS_REQ_set_msg_imprint(ts_req, msg_imprint))
goto err;
if (policy && (policy_obj = txt2obj(policy)) == NULL)
goto err;
if (policy_obj && !TS_REQ_set_policy_id(ts_req, policy_obj))
goto err;
/* Setting nonce if requested. */
if (!no_nonce && (nonce_asn1 = create_nonce(NONCE_LENGTH)) == NULL)
goto err;
if (nonce_asn1 && !TS_REQ_set_nonce(ts_req, nonce_asn1))
goto err;
if (!TS_REQ_set_cert_req(ts_req, cert))
goto err;
ret = 1;
err:
if (!ret) {
TS_REQ_free(ts_req);
ts_req = NULL;
BIO_printf(bio_err, "could not create query\n");
ERR_print_errors(bio_err);
}
TS_MSG_IMPRINT_free(msg_imprint);
X509_ALGOR_free(algo);
OPENSSL_free(data);
ASN1_OBJECT_free(policy_obj);
ASN1_INTEGER_free(nonce_asn1);
return ts_req;
}
int add_digest_challenge(struct pmsg *msg, char *realm, int stale)
{
struct digest_auth_info auth;
strcpy(auth.realm, realm);
create_nonce(&auth);
/* LIVE.COM expects the challenge in exactly this format */
return add_header_printf(msg, "WWW-Authenticate",
"Digest realm=\"%s\", nonce=\"%s\"%s",
auth.realm, auth.nonce,
stale ? ", stale=true" : "");
}
compact_signature sign_compact(ec_secret secret, hash_digest hash)
{
init.init();
compact_signature out;
ec_secret nonce;
unsigned index = 0;
do {
nonce = create_nonce(secret, hash, index++);
} while (secp256k1_ecdsa_sign_compact(hash.data(), hash.size(),
out.signature.data(), secret.data(), nonce.data(), &out.recid) <= 0);
return out;
}
//------------------------------------------------------------------------------
// deals with private API methods:
std::string KClient::private_method(const std::string& method,
const KInput& input) const
{
// build method URL
std::string path = "/" + version_ + "/private/" + method;
std::string method_url = url_ + path;
curl_easy_setopt(curl_, CURLOPT_URL, method_url.c_str());
// create a nonce and and postdata
std::string nonce = create_nonce();
std::string postdata = "nonce=" + nonce;
// if 'input' is not empty generate other postdata
if (!input.empty())
postdata = postdata + "&" + build_query(input);
curl_easy_setopt(curl_, CURLOPT_POSTFIELDS, postdata.c_str());
// add custom header
curl_slist* chunk = NULL;
std::string key_header = "API-Key: " + key_;
std::string sign_header = "API-Sign: " + signature(path, nonce, postdata);
chunk = curl_slist_append(chunk, key_header.c_str());
chunk = curl_slist_append(chunk, sign_header.c_str());
curl_easy_setopt(curl_, CURLOPT_HTTPHEADER, chunk);
// where CURL write callback function stores the response
std::string response;
curl_easy_setopt(curl_, CURLOPT_WRITEDATA, static_cast<void*>(&response));
// perform CURL request
CURLcode result = curl_easy_perform(curl_);
// free the custom headers
curl_slist_free_all(chunk);
// check perform result
if (result != CURLE_OK) {
std::ostringstream oss;
oss << "curl_easy_perform() failed: " << curl_easy_strerror(result);
throw std::runtime_error(oss.str());
}
return response;
}
endorsement sign(ec_secret secret, hash_digest hash)
{
init.init();
int out_size = max_endorsement_size;
endorsement signature(out_size);
ec_secret nonce;
unsigned index = 0;
do {
nonce = create_nonce(secret, hash, index++);
} while (secp256k1_ecdsa_sign(hash.data(), hash.size(), signature.data(),
&out_size, secret.data(), nonce.data()) <= 0);
signature.resize(out_size);
return signature;
}
void send_nonce(struct network_status *net_stat)
/*@ requires [?f0]world(?pub, ?key_clsfy) &*&
proof_obligations(pub) &*&
network_status(net_stat) &*&
principal(?principal, ?count1) &*&
true == bad(principal); @*/
/*@ ensures [f0]world(pub, key_clsfy) &*&
proof_obligations(pub) &*&
network_status(net_stat) &*&
principal(principal, ?count2); @*/
{
int i = random_int_();
//@ close nonce_request(principal, i);
struct item *nonce = create_nonce();
//@ assert item(nonce, ?n, pub);
//@ open proof_obligations(pub);
//@ assert is_public_nonce(?proof, pub);
//@ close exists(info_for_item);
//@ proof(n);
//@ close proof_obligations(pub);
network_send(net_stat, nonce);
item_free(nonce);
}
UNSIGNED32 get_timestamp_response(const char* urlStr, char* hash, UNSIGNED32 hash_size, UNSIGNED32 httpTimeOut, TS_RESP** tsResponse)
{
UNSIGNED32 result = TINTERNALERROR;
BIO* responseBio = NULL;
Url* url = NULL;
TS_REQ* tsRequest = NULL;
BIO* requestBio = NULL;
int requestHeaderLength;
int requestLength;
int requestContentLength;
char requestHeader[2048 + 256];
char* request = NULL;
void* contentBuffer = NULL;
void* resultBuffer = NULL;
int resultLength;
TS_MSG_IMPRINT* msgImprint = NULL;
ASN1_OCTET_STRING* hashedMessage = NULL;
int hashedMessageLength;
int httpResult;
char *urlBuffer = NULL;
int redirection = 0;
/* Check if TS url is specified */
if (!urlStr)
{
goto end;
}
/* Get Request for timestamp */
tsRequest = get_timestamp_request(hash, hash_size, create_nonce(NONCE_LENGTH));
msgImprint = TS_REQ_get_msg_imprint(tsRequest);
hashedMessage = TS_MSG_IMPRINT_get_msg(msgImprint);
hashedMessageLength = ASN1_STRING_length((ASN1_STRING*)hashedMessage);
if ((int)hash_size != hashedMessageLength)
{
goto end;
}
requestBio = BIO_new(BIO_s_mem());
if (requestBio == NULL)
{
goto end;
}
if (!i2d_TS_REQ_bio(requestBio, tsRequest))
{
goto end;
}
contentBuffer = memory_alloc(BIO_number_written(requestBio));
if (contentBuffer == NULL)
{
goto end;
}
requestContentLength = BIO_read(requestBio, contentBuffer, BIO_number_written(requestBio));
/* Allocate memory buffer for timestamp server url */
urlBuffer = memory_alloc(strlen(urlStr) + 1);
if (!urlBuffer)
{
goto end;
}
/* Copy TS url to allocated buffer */
strcpy(urlBuffer, urlStr);
http_redirect:
/* Parse and check URL */
url = parse_url(urlBuffer);
if (url == NULL)
{
goto end;
}
if (strcmp(url->Scheme, "http") != 0)
{
goto end;
}
requestHeaderLength = sprintf(requestHeader, "POST %s HTTP/1.0\r\nHOST: %s\r\nPragma: no-cache\r\nContent-Type: application/timestamp-query\r\nAccept: application/timestamp-reply\r\nContent-Length: %d\r\n\r\n",
urlBuffer, url->Host, requestContentLength);
requestLength = requestHeaderLength + requestContentLength;
request = (char*)memory_alloc(requestLength);
if (request == NULL)
{
goto end;
}
memcpy(request, requestHeader, requestHeaderLength);
memcpy(request + requestHeaderLength, contentBuffer, requestContentLength);
httpResult = http_read(url->Host, request, requestLength, url->Port, httpTimeOut, 1, &resultBuffer, &resultLength);
if (httpResult == HTTP_REDIRECTION && (resultBuffer) && !redirection)
{
free_url(url);
url = NULL;
memory_free(request);
request = NULL;
/* Allocated buffer for redirected url */
urlBuffer = memory_realloc(urlBuffer, resultLength);
if (!urlBuffer)
{
goto end;
}
memcpy(urlBuffer, resultBuffer, resultLength);
memory_free(resultBuffer);
redirection++;
goto http_redirect;
} else
if ((httpResult == HTTP_NOERROR) && (resultBuffer))
{
responseBio = BIO_new(BIO_s_mem());
if (responseBio == NULL)
{
goto end;
}
BIO_write(responseBio, resultBuffer, resultLength);
*tsResponse = d2i_TS_RESP_bio(responseBio, NULL);
if (*tsResponse == NULL)
{
goto end;
}
result = TNOERR;
}
else
{
switch (httpResult)
{
case HTTP_NOLIVEINTERNET_ERROR:
result = TNONET;
break;
case HTTP_TIMEOUT_ERROR:
result = TTIMEOUT;
break;
case HTTP_RESPONSESTATUS_ERROR:
result = TSERVERERROR;
break;
default:
result = TINTERNALERROR;
break;
}
}
end:
free_url(url);
if (tsRequest != NULL)
{
TS_REQ_free(tsRequest);
}
if (requestBio != NULL)
{
BIO_free_all(requestBio);
}
if (responseBio != NULL)
{
BIO_free_all(responseBio);
}
if (request != NULL)
{
memory_free(request);
}
if (contentBuffer != NULL)
{
memory_free(contentBuffer);
}
if (resultBuffer != NULL)
{
memory_free(resultBuffer);
}
if (urlBuffer != NULL)
{
memory_free(urlBuffer);
}
return result;
}
bool
Twitter::post_status(const char *message)
{
char *cp;
int i;
timestamp = get_time();
create_nonce();
compute_authorization(message);
/* Post message to twitter. */
EthernetClient http;
if (!http.connect(ip, port))
{
println(PSTR("Could not connect to server"));
return false;
}
http_print(&http, PSTR("POST "));
if (proxy)
{
http_print(&http, PSTR("http://"));
http_print(&http, server);
}
http_print(&http, uri);
http_println(&http, PSTR(" HTTP/1.1"));
http_print(&http, PSTR("Host: "));
http_print(&http, server);
http_newline(&http);
http_println(&http,
PSTR("Content-Type: application/x-www-form-urlencoded"));
http_println(&http, PSTR("Connection: close"));
/* Authorization header. */
http_print(&http, PSTR("Authorization: OAuth oauth_consumer_key=\""));
url_encode_pgm(buffer, consumer_key);
http.write(buffer);
http_print(&http, PSTR("\",oauth_signature_method=\"HMAC-SHA1"));
http_print(&http, PSTR("\",oauth_timestamp=\""));
sprintf(buffer, "%ld", timestamp);
http.write(buffer);
http_print(&http, PSTR("\",oauth_nonce=\""));
hex_encode(buffer, nonce, sizeof(nonce));
http.write(buffer);
http_print(&http, PSTR("\",oauth_version=\"1.0\",oauth_token=\""));
if (access_token_pgm)
url_encode_pgm(buffer, access_token.pgm);
else
url_encode_eeprom(buffer, access_token.eeprom);
http.write(buffer);
http_print(&http, PSTR("\",oauth_signature=\""));
cp = base64_encode(buffer, signature, HASH_LENGTH);
url_encode(cp + 1, buffer);
http.write(cp + 1);
http_println(&http, PSTR("\""));
/* Encode content. */
cp = url_encode(buffer, "status");
*cp++ = '=';
cp = url_encode(cp, message);
int content_length = cp - buffer;
sprintf(cp + 1, "%d", content_length);
http_print(&http, PSTR("Content-Length: "));
http.write(cp + 1);
http_newline(&http);
/* Header-body separator. */
http_newline(&http);
/* And finally content. */
http.write(buffer);
/* Read response status line. */
if (!read_line(&http, buffer, buffer_len) || buffer[0] == '\0')
{
http.stop();
return false;
}
int response_code;
/* HTTP/1.1 200 Success */
for (i = 0; buffer[i] && buffer[i] != ' '; i++)
;
if (buffer[i])
response_code = atoi(buffer + i + 1);
else
response_code = 0;
bool success = (200 <= response_code && response_code < 300);
if (!success)
Serial.println(buffer);
/* Skip header. */
while (true)
{
if (!read_line(&http, buffer, buffer_len))
{
http.stop();
return false;
}
if (buffer[0] == '\0')
break;
/* Update our system basetime from the response `Date'
header. */
process_date_header(buffer);
}
/* Handle content. */
while (http.connected())
{
while (http.available() > 0)
{
uint8_t byte = http.read();
if (!success)
Serial.write(byte);
}
delay(100);
}
http.stop();
if (!success)
println(PSTR(""));
return success;
}
