commit 67690d4577f9f6c31f1350b27904d22682c77fcd
parent b66f9898f64c7268c5671da357e312a855be4ba5
Author: Bohdan Potuzhnyi <potub1@bfh.ch>
Date: Sat, 14 Sep 2024 17:55:12 +0000
change to using GNUNET_STRINGS_base64url_encode
Diffstat:
5 files changed, 28 insertions(+), 122 deletions(-)
diff --git a/src/challenger/Makefile.am b/src/challenger/Makefile.am
@@ -22,7 +22,7 @@ bin_SCRIPTS = \
check_SCRIPTS = \
test-challenger.sh \
- test-challenger-pkce.sh
+ test-challenger-pkce.sh
TESTS = \
$(check_SCRIPTS)
@@ -48,8 +48,8 @@ challenger_httpd_SOURCES = \
challenger-httpd_mhd.c challenger-httpd_mhd.h \
challenger-httpd_setup.c challenger-httpd_setup.h \
challenger-httpd_solve.c challenger-httpd_solve.h \
- challenger-httpd_token.c challenger-httpd_token.h \
- src/base64.c src/base64.h
+ challenger-httpd_token.c challenger-httpd_token.h
+
challenger_httpd_LDADD = \
$(top_builddir)/src/util/libchallengerutil.la \
$(top_builddir)/src/challengerdb/libchallengerdb.la \
diff --git a/src/challenger/challenger-httpd_token.c b/src/challenger/challenger-httpd_token.c
@@ -25,7 +25,6 @@
#include "challenger-httpd_common.h"
#include <taler/taler_json_lib.h>
#include <taler/taler_signatures.h>
-#include "src/base64.h"
/**
* Context for a /token operation.
*/
@@ -66,7 +65,7 @@ struct TokenContext
* Uploaded 'grant_type' field from POST data.
*/
char *grant_type;
-
+
/**
* Uploaded 'code_verifier' field from POST data.
*/
@@ -402,7 +401,7 @@ CH_handler_token (struct CH_HandlerContext *hc,
case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
break;
}
-
+
/* Verify the code_challenge if present*/
if (code_challenge != NULL)
{
@@ -421,12 +420,12 @@ CH_handler_token (struct CH_HandlerContext *hc,
TALER_EC_GENERIC_PARAMETER_MISSING,
"code_verifier is missing");
}
-
+
if (0 == strcmp (code_challenge_method, "S256"))
{
gcry_md_hd_t hd;
unsigned char hash[32];
- char *encoded_hash;
+ char *encoded_hash = NULL;
size_t encoded_len;
// Initialize libgcrypt
@@ -440,9 +439,27 @@ CH_handler_token (struct CH_HandlerContext *hc,
gcry_md_close(hd);
// Perform base64url encoding
- encoded_hash = base64url_encode(hash, 32, &encoded_len);
+ encoded_len = GNUNET_STRINGS_base64url_encode(hash, 32, &encoded_hash);
- if (0 != strcmp(encoded_hash, code_challenge)) {
+ if (0 == encoded_len || NULL == encoded_hash)
+ {
+ GNUNET_break_op(0);
+ GNUNET_free(client_scope);
+ GNUNET_free(client_secret);
+ GNUNET_free(client_redirect_uri);
+ GNUNET_free(client_state);
+ GNUNET_free(code_challenge);
+ GNUNET_free(code_challenge_method);
+ return TALER_MHD_reply_with_oauth_error(
+ hc->connection,
+ MHD_HTTP_INTERNAL_SERVER_ERROR,
+ "server_error",
+ TALER_EC_CHALLENGER_HELPER_EXEC_FAILED,
+ "Failed to encode hash to Base64 URL");
+ }
+
+ if (0 != strcmp(encoded_hash, code_challenge))
+ {
GNUNET_break_op(0);
GNUNET_free(client_scope);
GNUNET_free(client_secret);
@@ -478,7 +495,7 @@ CH_handler_token (struct CH_HandlerContext *hc,
}
}
}
-
+
if (NULL == address)
{
GNUNET_break_op (0);
diff --git a/src/challenger/src/.dirstamp b/src/challenger/src/.dirstamp
diff --git a/src/challenger/src/base64.c b/src/challenger/src/base64.c
@@ -1,77 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU Affero General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
-*/
-/**
- * @file src/base64.c
- * @brief functions to handle base64 encoding
- * @author Bohdan Potuzhnyi & Vlada Svirsh
- */
-
-#include <gcrypt.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <stddef.h>
-#include "base64.h"
-
-// Base64 character set for standard encoding
-static const char base64_table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-// Function to base64 encode
-char *base64_encode(const unsigned char *data, size_t input_length, size_t *output_length) {
- *output_length = 4 * ((input_length + 2) / 3);
- char *encoded_data = (char *)malloc(*output_length + 1);
- if (encoded_data == NULL) return NULL;
-
- for (size_t i = 0, j = 0; i < input_length;) {
- uint32_t octet_a = i < input_length ? (unsigned char)data[i++] : 0;
- uint32_t octet_b = i < input_length ? (unsigned char)data[i++] : 0;
- uint32_t octet_c = i < input_length ? (unsigned char)data[i++] : 0;
-
- uint32_t triple = (octet_a << 0x10) + (octet_b << 0x08) + octet_c;
-
- encoded_data[j++] = base64_table[(triple >> 3 * 6) & 0x3F];
- encoded_data[j++] = base64_table[(triple >> 2 * 6) & 0x3F];
- encoded_data[j++] = base64_table[(triple >> 1 * 6) & 0x3F];
- encoded_data[j++] = base64_table[(triple >> 0 * 6) & 0x3F];
- }
-
- static const int mod_table[] = {0, 2, 1};
- for (size_t i = 0; i < mod_table[input_length % 3]; ++i)
- encoded_data[*output_length - 1 - i] = '=';
-
- encoded_data[*output_length] = '\0';
- return encoded_data;
-}
-
-// Function to base64url encode (modifies the base64 encoding output)
-char *base64url_encode(const unsigned char *input, size_t len, size_t *out_len) {
- char *encoded_data = base64_encode(input, len, out_len);
- if (encoded_data == NULL) return NULL;
-
- for (size_t i = 0; i < *out_len; i++) {
- if (encoded_data[i] == '+') {
- encoded_data[i] = '-';
- } else if (encoded_data[i] == '/') {
- encoded_data[i] = '_';
- } else if (encoded_data[i] == '=') {
- encoded_data[i] = '\0'; // Remove padding character
- *out_len = i;
- break;
- }
- }
-
- return encoded_data;
-}
-
diff --git a/src/challenger/src/base64.h b/src/challenger/src/base64.h
@@ -1,34 +0,0 @@
-/*
- This file is part of Challenger
- Copyright (C) 2023 Taler Systems SA
-
- Challenger is free software; you can redistribute it and/or modify it under the
- terms of the GNU Affero General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- Challenger is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License along with
- Challenger; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
-*/
-/**
- * @file src/base64.h
- * @brief functions to handle base64 encoding
- * @author Bohdan Potuzhnyi & Vlada Svirsh
- */
-
-#ifndef BASE64_H
-#define BASE64_H
-
-#include <stddef.h>
-
-// Function to base64 encode
-char *base64_encode(const unsigned char *data, size_t input_length, size_t *output_length);
-
-// Function to base64url encode (modifies the base64 encoding output)
-char *base64url_encode(const unsigned char *input, size_t len, size_t *out_len);
-
-#endif // BASE64_H
-
