static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md, const char *policy, int no_nonce, int cert) { int ret = 0; TS_REQ *ts_req = NULL; int len; TS_MSG_IMPRINT *msg_imprint = NULL; X509_ALGOR *algo = NULL; unsigned char *data = NULL; ASN1_OBJECT *policy_obj = NULL; ASN1_INTEGER *nonce_asn1 = NULL; if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL) goto err; if ((ts_req = TS_REQ_new()) == NULL) goto err; if (!TS_REQ_set_version(ts_req, 1)) goto err; if ((msg_imprint = TS_MSG_IMPRINT_new()) == NULL) goto err; if ((algo = X509_ALGOR_new()) == NULL) goto err; if ((algo->algorithm = OBJ_nid2obj(EVP_MD_type(md))) == NULL) goto err; if ((algo->parameter = ASN1_TYPE_new()) == NULL) goto err; algo->parameter->type = V_ASN1_NULL; if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo)) goto err; if ((len = create_digest(data_bio, digest, md, &data)) == 0) goto err; if (!TS_MSG_IMPRINT_set_msg(msg_imprint, data, len)) goto err; if (!TS_REQ_set_msg_imprint(ts_req, msg_imprint)) goto err; if (policy && (policy_obj = txt2obj(policy)) == NULL) goto err; if (policy_obj && !TS_REQ_set_policy_id(ts_req, policy_obj)) goto err; /* Setting nonce if requested. */ if (!no_nonce && (nonce_asn1 = create_nonce(NONCE_LENGTH)) == NULL) goto err; if (nonce_asn1 && !TS_REQ_set_nonce(ts_req, nonce_asn1)) goto err; if (!TS_REQ_set_cert_req(ts_req, cert)) goto err; ret = 1; err: if (!ret) { TS_REQ_free(ts_req); ts_req = NULL; BIO_printf(bio_err, "could not create query\n"); ERR_print_errors(bio_err); } TS_MSG_IMPRINT_free(msg_imprint); X509_ALGOR_free(algo); OPENSSL_free(data); ASN1_OBJECT_free(policy_obj); ASN1_INTEGER_free(nonce_asn1); return ts_req; }
int add_digest_challenge(struct pmsg *msg, char *realm, int stale) { struct digest_auth_info auth; strcpy(auth.realm, realm); create_nonce(&auth); /* LIVE.COM expects the challenge in exactly this format */ return add_header_printf(msg, "WWW-Authenticate", "Digest realm=\"%s\", nonce=\"%s\"%s", auth.realm, auth.nonce, stale ? ", stale=true" : ""); }
compact_signature sign_compact(ec_secret secret, hash_digest hash) { init.init(); compact_signature out; ec_secret nonce; unsigned index = 0; do { nonce = create_nonce(secret, hash, index++); } while (secp256k1_ecdsa_sign_compact(hash.data(), hash.size(), out.signature.data(), secret.data(), nonce.data(), &out.recid) <= 0); return out; }
//------------------------------------------------------------------------------ // deals with private API methods: std::string KClient::private_method(const std::string& method, const KInput& input) const { // build method URL std::string path = "/" + version_ + "/private/" + method; std::string method_url = url_ + path; curl_easy_setopt(curl_, CURLOPT_URL, method_url.c_str()); // create a nonce and and postdata std::string nonce = create_nonce(); std::string postdata = "nonce=" + nonce; // if 'input' is not empty generate other postdata if (!input.empty()) postdata = postdata + "&" + build_query(input); curl_easy_setopt(curl_, CURLOPT_POSTFIELDS, postdata.c_str()); // add custom header curl_slist* chunk = NULL; std::string key_header = "API-Key: " + key_; std::string sign_header = "API-Sign: " + signature(path, nonce, postdata); chunk = curl_slist_append(chunk, key_header.c_str()); chunk = curl_slist_append(chunk, sign_header.c_str()); curl_easy_setopt(curl_, CURLOPT_HTTPHEADER, chunk); // where CURL write callback function stores the response std::string response; curl_easy_setopt(curl_, CURLOPT_WRITEDATA, static_cast<void*>(&response)); // perform CURL request CURLcode result = curl_easy_perform(curl_); // free the custom headers curl_slist_free_all(chunk); // check perform result if (result != CURLE_OK) { std::ostringstream oss; oss << "curl_easy_perform() failed: " << curl_easy_strerror(result); throw std::runtime_error(oss.str()); } return response; }
endorsement sign(ec_secret secret, hash_digest hash) { init.init(); int out_size = max_endorsement_size; endorsement signature(out_size); ec_secret nonce; unsigned index = 0; do { nonce = create_nonce(secret, hash, index++); } while (secp256k1_ecdsa_sign(hash.data(), hash.size(), signature.data(), &out_size, secret.data(), nonce.data()) <= 0); signature.resize(out_size); return signature; }
void send_nonce(struct network_status *net_stat) /*@ requires [?f0]world(?pub, ?key_clsfy) &*& proof_obligations(pub) &*& network_status(net_stat) &*& principal(?principal, ?count1) &*& true == bad(principal); @*/ /*@ ensures [f0]world(pub, key_clsfy) &*& proof_obligations(pub) &*& network_status(net_stat) &*& principal(principal, ?count2); @*/ { int i = random_int_(); //@ close nonce_request(principal, i); struct item *nonce = create_nonce(); //@ assert item(nonce, ?n, pub); //@ open proof_obligations(pub); //@ assert is_public_nonce(?proof, pub); //@ close exists(info_for_item); //@ proof(n); //@ close proof_obligations(pub); network_send(net_stat, nonce); item_free(nonce); }
UNSIGNED32 get_timestamp_response(const char* urlStr, char* hash, UNSIGNED32 hash_size, UNSIGNED32 httpTimeOut, TS_RESP** tsResponse) { UNSIGNED32 result = TINTERNALERROR; BIO* responseBio = NULL; Url* url = NULL; TS_REQ* tsRequest = NULL; BIO* requestBio = NULL; int requestHeaderLength; int requestLength; int requestContentLength; char requestHeader[2048 + 256]; char* request = NULL; void* contentBuffer = NULL; void* resultBuffer = NULL; int resultLength; TS_MSG_IMPRINT* msgImprint = NULL; ASN1_OCTET_STRING* hashedMessage = NULL; int hashedMessageLength; int httpResult; char *urlBuffer = NULL; int redirection = 0; /* Check if TS url is specified */ if (!urlStr) { goto end; } /* Get Request for timestamp */ tsRequest = get_timestamp_request(hash, hash_size, create_nonce(NONCE_LENGTH)); msgImprint = TS_REQ_get_msg_imprint(tsRequest); hashedMessage = TS_MSG_IMPRINT_get_msg(msgImprint); hashedMessageLength = ASN1_STRING_length((ASN1_STRING*)hashedMessage); if ((int)hash_size != hashedMessageLength) { goto end; } requestBio = BIO_new(BIO_s_mem()); if (requestBio == NULL) { goto end; } if (!i2d_TS_REQ_bio(requestBio, tsRequest)) { goto end; } contentBuffer = memory_alloc(BIO_number_written(requestBio)); if (contentBuffer == NULL) { goto end; } requestContentLength = BIO_read(requestBio, contentBuffer, BIO_number_written(requestBio)); /* Allocate memory buffer for timestamp server url */ urlBuffer = memory_alloc(strlen(urlStr) + 1); if (!urlBuffer) { goto end; } /* Copy TS url to allocated buffer */ strcpy(urlBuffer, urlStr); http_redirect: /* Parse and check URL */ url = parse_url(urlBuffer); if (url == NULL) { goto end; } if (strcmp(url->Scheme, "http") != 0) { goto end; } requestHeaderLength = sprintf(requestHeader, "POST %s HTTP/1.0\r\nHOST: %s\r\nPragma: no-cache\r\nContent-Type: application/timestamp-query\r\nAccept: application/timestamp-reply\r\nContent-Length: %d\r\n\r\n", urlBuffer, url->Host, requestContentLength); requestLength = requestHeaderLength + requestContentLength; request = (char*)memory_alloc(requestLength); if (request == NULL) { goto end; } memcpy(request, requestHeader, requestHeaderLength); memcpy(request + requestHeaderLength, contentBuffer, requestContentLength); httpResult = http_read(url->Host, request, requestLength, url->Port, httpTimeOut, 1, &resultBuffer, &resultLength); if (httpResult == HTTP_REDIRECTION && (resultBuffer) && !redirection) { free_url(url); url = NULL; memory_free(request); request = NULL; /* Allocated buffer for redirected url */ urlBuffer = memory_realloc(urlBuffer, resultLength); if (!urlBuffer) { goto end; } memcpy(urlBuffer, resultBuffer, resultLength); memory_free(resultBuffer); redirection++; goto http_redirect; } else if ((httpResult == HTTP_NOERROR) && (resultBuffer)) { responseBio = BIO_new(BIO_s_mem()); if (responseBio == NULL) { goto end; } BIO_write(responseBio, resultBuffer, resultLength); *tsResponse = d2i_TS_RESP_bio(responseBio, NULL); if (*tsResponse == NULL) { goto end; } result = TNOERR; } else { switch (httpResult) { case HTTP_NOLIVEINTERNET_ERROR: result = TNONET; break; case HTTP_TIMEOUT_ERROR: result = TTIMEOUT; break; case HTTP_RESPONSESTATUS_ERROR: result = TSERVERERROR; break; default: result = TINTERNALERROR; break; } } end: free_url(url); if (tsRequest != NULL) { TS_REQ_free(tsRequest); } if (requestBio != NULL) { BIO_free_all(requestBio); } if (responseBio != NULL) { BIO_free_all(responseBio); } if (request != NULL) { memory_free(request); } if (contentBuffer != NULL) { memory_free(contentBuffer); } if (resultBuffer != NULL) { memory_free(resultBuffer); } if (urlBuffer != NULL) { memory_free(urlBuffer); } return result; }
bool Twitter::post_status(const char *message) { char *cp; int i; timestamp = get_time(); create_nonce(); compute_authorization(message); /* Post message to twitter. */ EthernetClient http; if (!http.connect(ip, port)) { println(PSTR("Could not connect to server")); return false; } http_print(&http, PSTR("POST ")); if (proxy) { http_print(&http, PSTR("http://")); http_print(&http, server); } http_print(&http, uri); http_println(&http, PSTR(" HTTP/1.1")); http_print(&http, PSTR("Host: ")); http_print(&http, server); http_newline(&http); http_println(&http, PSTR("Content-Type: application/x-www-form-urlencoded")); http_println(&http, PSTR("Connection: close")); /* Authorization header. */ http_print(&http, PSTR("Authorization: OAuth oauth_consumer_key=\"")); url_encode_pgm(buffer, consumer_key); http.write(buffer); http_print(&http, PSTR("\",oauth_signature_method=\"HMAC-SHA1")); http_print(&http, PSTR("\",oauth_timestamp=\"")); sprintf(buffer, "%ld", timestamp); http.write(buffer); http_print(&http, PSTR("\",oauth_nonce=\"")); hex_encode(buffer, nonce, sizeof(nonce)); http.write(buffer); http_print(&http, PSTR("\",oauth_version=\"1.0\",oauth_token=\"")); if (access_token_pgm) url_encode_pgm(buffer, access_token.pgm); else url_encode_eeprom(buffer, access_token.eeprom); http.write(buffer); http_print(&http, PSTR("\",oauth_signature=\"")); cp = base64_encode(buffer, signature, HASH_LENGTH); url_encode(cp + 1, buffer); http.write(cp + 1); http_println(&http, PSTR("\"")); /* Encode content. */ cp = url_encode(buffer, "status"); *cp++ = '='; cp = url_encode(cp, message); int content_length = cp - buffer; sprintf(cp + 1, "%d", content_length); http_print(&http, PSTR("Content-Length: ")); http.write(cp + 1); http_newline(&http); /* Header-body separator. */ http_newline(&http); /* And finally content. */ http.write(buffer); /* Read response status line. */ if (!read_line(&http, buffer, buffer_len) || buffer[0] == '\0') { http.stop(); return false; } int response_code; /* HTTP/1.1 200 Success */ for (i = 0; buffer[i] && buffer[i] != ' '; i++) ; if (buffer[i]) response_code = atoi(buffer + i + 1); else response_code = 0; bool success = (200 <= response_code && response_code < 300); if (!success) Serial.println(buffer); /* Skip header. */ while (true) { if (!read_line(&http, buffer, buffer_len)) { http.stop(); return false; } if (buffer[0] == '\0') break; /* Update our system basetime from the response `Date' header. */ process_date_header(buffer); } /* Handle content. */ while (http.connected()) { while (http.available() > 0) { uint8_t byte = http.read(); if (!success) Serial.write(byte); } delay(100); } http.stop(); if (!success) println(PSTR("")); return success; }