static scs_keyset_t *retr_keyset (scs_t *ctx) { char raw_tid[SCS_TID_MAX]; scs_atoms_t *ats = &ctx->atoms; size_t raw_tid_len = sizeof raw_tid - 1; /* Make sure we have room for the terminating NUL char. */ if (base64url_decode(ats->b64_tid, strlen(ats->b64_tid), (uint8_t *) raw_tid, &raw_tid_len)) { scs_set_error(ctx, SCS_ERR_DECODE, "Base-64 decoding of tid failed"); return NULL; } raw_tid[raw_tid_len] = '\0'; /* Try active keyset first. */ if (ctx->cur_keyset.active && !strcmp(raw_tid, ctx->cur_keyset.tid)) return &ctx->cur_keyset; /* Then backup. */ if (ctx->prev_keyset.active && !strcmp(raw_tid, ctx->prev_keyset.tid)) return &ctx->prev_keyset; /* Not found. */ scs_set_error(ctx, SCS_ERR_WRONG_TID, "tid \'%s\' not found", raw_tid); return NULL; }
/* Note that tid has been already decoded in order to identify the running * keyset inside retr_keyset(). Its value is found in the selected keyset. */ static int decode_atoms (scs_t *ctx, scs_keyset_t *ks) { scs_atoms_t *ats = &ctx->atoms; size_t i, tstamp_sz = sizeof(ats->tstamp), iv_sz = ks->block_sz; enum { NUM_ATOMS = 4 }; struct { const char *id; uint8_t *raw; size_t *raw_sz; const char *enc; size_t enc_sz; } A[NUM_ATOMS] = { { "SCS DATA", ats->data, &ats->data_sz, /* Initially set to data_capacity. */ ats->b64_data, strlen(ats->b64_data) }, { "SCS TSTAMP", (uint8_t *) ats->tstamp, &tstamp_sz, ats->b64_tstamp, strlen(ats->b64_tstamp) }, { "SCS IV", ats->iv, &iv_sz, ats->b64_iv, strlen(ats->b64_iv) }, { "SCS AUTHTAG", ats->tag, &ats->tag_sz, ats->b64_tag, strlen(ats->b64_tag) } }; for (i = 0; i < NUM_ATOMS; ++i) { if (base64url_decode(A[i].enc, A[i].enc_sz, A[i].raw, A[i].raw_sz)) { scs_set_error(ctx, SCS_ERR_DECODE, "%s decoding failed", A[i].id); return -1; } } /* Terminate tstamp string. */ ats->tstamp[tstamp_sz] = '\0'; return 0; }
static int strn_to_list_token(const char *str, uint64_t *rowidp, const char **afterp) { unsigned char token[sizeof rhizome_db_uuid.u.binary + sizeof *rowidp]; if (base64url_decode(token, sizeof token, str, 0, afterp, 0, NULL) != sizeof token) return 0; if (cmp_uuid_t(&rhizome_db_uuid, (serval_uuid_t *) &token) != 0) return 0; memcpy(rowidp, token + sizeof rhizome_db_uuid.u.binary, sizeof *rowidp); return 1; }
bool g_UnpackID(const string& packed_id, string& binary_id) { size_t binary_id_len; base64url_decode(NULL, packed_id.length(), NULL, 0, &binary_id_len); binary_id.resize(binary_id_len); binary_id[0] = '\0'; unsigned char* ptr = (unsigned char*) const_cast<char*>(binary_id.data()); if (base64url_decode(packed_id.data(), packed_id.length(), ptr, binary_id_len, NULL) != eBase64_OK) return false; s_Unscramble(ptr, binary_id_len); return true; }
VerifyResult verify_assertion_local(request_rec *r, const char *assertion) { char *pair; char *last = NULL; VerifyResult res = apr_pcalloc(r->pool, sizeof(struct _VerifyResult)); char *assertion_string = apr_pstrdup(r->pool, assertion); char *delim = "."; const char *assertions[16]; int i = 0; /* XXX: Need to make sure we don't overrun assertions[] */ for (pair = apr_strtok(assertion_string, delim, &last); pair; pair = apr_strtok(NULL, delim, &last)) { assertions[i++] = pair; } ap_log_rerror(APLOG_MARK, APLOG_WARNING | APLOG_NOERRNO, 0, r, ERRTAG "Local Assertion Verification enabled but not implemented yet"); int assertion_count = i; json_object *json_assertions[16]; enum json_tokener_error jerr; for (i = 0; i < assertion_count; i++) { assertions[i] = base64url_decode(r->pool, assertions[i]); json_assertions[i] = json_tokener_parse_verbose(assertions[i], &jerr); if (json_tokener_success != jerr) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, ERRTAG "json parse error %s", json_tokener_error_desc(jerr)); ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, ERRTAG "Raw Pair %d is %s", i, assertions[i]); } else { ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, ERRTAG "JSON is %s", json_object_to_json_string(json_assertions[i])); } } json_object *principal = json_object_object_get(json_assertions[1], "principal"); json_object *issuer = json_object_object_get(json_assertions[1], "iss"); json_object *expiry = json_object_object_get(json_assertions[3], "exp"); json_object *audience = json_object_object_get(json_assertions[3], "aud"); json_object *email = NULL; /* Not fully implemented yet */ res->errorResponse = "Local verification enabled but not implemented yet"; if (principal && json_object_is_type(principal, json_type_object)) { email = json_object_object_get(principal, "email"); if (email && json_object_is_type(email, json_type_string)) { res->verifiedEmail = json_object_get_string(email); } } if (issuer && json_object_is_type(issuer, json_type_string)) { res->identityIssuer = json_object_get_string(issuer); } if (audience && json_object_is_type(audience, json_type_string)) { const char *audience_str = json_object_get_string(audience); ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, ERRTAG "Audience is %s", audience_str); } if (expiry && json_object_is_type(expiry, json_type_int)) { int64_t expiry_time = json_object_get_int64(expiry); ap_log_rerror(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r, ERRTAG "Expiry is %" APR_INT64_T_FMT, expiry_time); } /* Fake success */ if (email && issuer) { res->errorResponse = NULL; } return res; }
int main (int argc, char **argv) { const char *evector[7] = { "", "f", "fo", "foo", "foob", "fooba", "foobar"}; const char *dvector[7] = { "", "Zg", "Zm8", "Zm9v", "Zm9vYg", "Zm9vYmE", "Zm9vYmFy"}; char dest[64] = {'\0'}; size_t dlen = 0; int r, i; for (i = 0; i < 7; i++) { memset(dest, 0, 64); r = base64url_encode(dest, 63, evector[i], strlen(evector[i]), &dlen); if (r < 0) { printf("FAIL encode \"%s\"\n", evector[i]); continue; } if (strlen(dvector[i]) != dlen) { printf("FAIL encode \"%s\"\n", evector[i]); continue; } if (strncmp(dvector[i], dest, dlen)) { printf("FAIL encode \"%s\"\n", evector[i]); continue; } printf("PASS encode \"%s\" => \"%s\"\n", evector[i], dest); } for (i = 0; i < 7; i++) { memset(dest, 0, 64); r = base64url_decode(dest, 63, dvector[i], strlen(dvector[i]), &dlen); if (r < 0) { printf("FAIL decode \"%s\" r=%d\n", dvector[i], r); continue; } if (strlen(evector[i]) != dlen) { printf("FAIL decode \"%s\" => \"%s\"(%zu)\n", dvector[i], dest, dlen); continue; } if (strncmp(evector[i], dest, dlen)) { printf("FAIL decode \"%s\" =>\"%s\"\n", dvector[i], dest); continue; } printf("PASS decode \"%s\" => \"%s\"\n", dvector[i], dest); } return 0; }