aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2015-04-18 00:51:43 +0200
committerChristian Grothoff <christian@grothoff.org>2015-04-18 00:51:43 +0200
commite61b83495e1a20e3661cd31fbd9d71899f6a2380 (patch)
tree5545a915ca464c9654a5aa18e654f25d9e98973f
parentc5b0d8c76eacbafc4990f247e1de41304265801a (diff)
implementing /test/encrypt
-rw-r--r--src/mint/taler-mint-httpd.c11
-rw-r--r--src/mint/taler-mint-httpd_test.c87
-rw-r--r--src/mint/taler-mint-httpd_test.h25
3 files changed, 117 insertions, 6 deletions
diff --git a/src/mint/taler-mint-httpd.c b/src/mint/taler-mint-httpd.c
index 2b7d1d5e2..392e87299 100644
--- a/src/mint/taler-mint-httpd.c
+++ b/src/mint/taler-mint-httpd.c
@@ -198,8 +198,8 @@ handle_mhd_request (void *cls,
#if HAVE_DEVELOPER
{ "/test", MHD_HTTP_METHOD_POST, "application/json",
- NULL, 0,
- &TMH_TEST_handler_test, MHD_HTTP_OK },
+ NULL, 0,
+ &TMH_TEST_handler_test, MHD_HTTP_OK },
{ "/test", NULL, "text/plain",
"Only POST is allowed", 0,
&TMH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED },
@@ -211,6 +211,13 @@ handle_mhd_request (void *cls,
"Only POST is allowed", 0,
&TMH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED },
+ { "/test/encrypt", MHD_HTTP_METHOD_POST, "application/json",
+ NULL, 0,
+ &TMH_TEST_handler_test_encrypt, MHD_HTTP_OK },
+ { "/test/encrypt", NULL, "text/plain",
+ "Only POST is allowed", 0,
+ &TMH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED },
+
{ "/test/hkdf", MHD_HTTP_METHOD_POST, "application/json",
NULL, 0,
&TMH_TEST_handler_test_hkdf, MHD_HTTP_OK },
diff --git a/src/mint/taler-mint-httpd_test.c b/src/mint/taler-mint-httpd_test.c
index 5061b22b8..d29f629ba 100644
--- a/src/mint/taler-mint-httpd_test.c
+++ b/src/mint/taler-mint-httpd_test.c
@@ -20,8 +20,7 @@
* @author Christian Grothoff
*
* TODO:
- * - Symmetric encryption/decryption
- * - high-level transfer key logic
+ * - /test/transfer for high-level transfer key logic
*/
#include "platform.h"
#include <gnunet/gnunet_util_lib.h>
@@ -93,6 +92,86 @@ TMH_TEST_handler_test_base32 (struct TMH_RequestHandler *rh,
/**
+ * Handle a "/test/encrypt" request. Parses the JSON in the post,
+ * runs the Crockford Base32 decoder on the "input" field in the JSON,
+ * and encrypts the result with a shared secret derived using the HKDF
+ * function with salt "skey" and IV derived with salt "iv" of the
+ * Crockford Base32-encoded "key_hash" field in the JSON. The
+ * symmetric encryption is the AES/Twofish double-encryption used in
+ * Taler/GNUnet. The resulting ciphertext is returned as a Crockford
+ * Base32 encoded JSON string.
+ *
+ * @param rh context of the handler
+ * @param connection the MHD connection to handle
+ * @param[in,out] connection_cls the connection's closure (can be updated)
+ * @param upload_data upload data
+ * @param[in,out] upload_data_size number of bytes (left) in @a upload_data
+ * @return MHD result code
+ */
+int
+TMH_TEST_handler_test_encrypt (struct TMH_RequestHandler *rh,
+ struct MHD_Connection *connection,
+ void **connection_cls,
+ const char *upload_data,
+ size_t *upload_data_size)
+{
+ json_t *json;
+ int res;
+ struct GNUNET_HashCode key;
+ struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
+ struct GNUNET_CRYPTO_SymmetricSessionKey skey;
+ struct TMH_PARSE_FieldSpecification spec[] = {
+ TMH_PARSE_MEMBER_VARIABLE ("input"),
+ TMH_PARSE_MEMBER_FIXED ("key_hash", &key),
+ TMH_PARSE_MEMBER_END
+ };
+ char *out;
+
+ res = TMH_PARSE_post_json (connection,
+ connection_cls,
+ upload_data,
+ upload_data_size,
+ &json);
+ if (GNUNET_SYSERR == res)
+ return MHD_NO;
+ if ( (GNUNET_NO == res) || (NULL == json) )
+ return MHD_YES;
+ res = TMH_PARSE_json_data (connection,
+ json,
+ spec);
+ json_decref (json);
+ if (GNUNET_YES != res)
+ return (GNUNET_NO == res) ? MHD_YES : MHD_NO;
+ GNUNET_assert (GNUNET_YES ==
+ GNUNET_CRYPTO_kdf (&skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
+ "skey", strlen ("skey"),
+ &key, sizeof (key),
+ NULL, 0));
+ GNUNET_assert (GNUNET_YES ==
+ GNUNET_CRYPTO_kdf (&iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector),
+ "iv", strlen ("iv"),
+ &key, sizeof (key),
+ NULL, 0));
+ out = GNUNET_malloc (spec[0].destination_size_out);
+ GNUNET_break (spec[0].destination_size_out ==
+ GNUNET_CRYPTO_symmetric_encrypt (spec[0].destination,
+ spec[0].destination_size_out,
+ &skey,
+ &iv,
+ out));
+ json = TALER_json_from_data (out,
+ spec[0].destination_size_out);
+ GNUNET_free (out);
+ TMH_PARSE_release_data (spec);
+ res = TMH_RESPONSE_reply_json (connection,
+ json,
+ MHD_HTTP_OK);
+ json_decref (json);
+ return res;
+}
+
+
+/**
* Handle a "/test/hkdf" request. Parses the JSON in the post, runs
* the Crockford Base32 decoder on the "input" field in the JSON,
* computes `HKDF(input, "salty")` and sends the result back as a JSON
@@ -123,7 +202,7 @@ TMH_TEST_handler_test_hkdf (struct TMH_RequestHandler *rh,
TMH_PARSE_MEMBER_VARIABLE ("input"),
TMH_PARSE_MEMBER_END
};
-
+
res = TMH_PARSE_post_json (connection,
connection_cls,
upload_data,
@@ -136,6 +215,7 @@ TMH_TEST_handler_test_hkdf (struct TMH_RequestHandler *rh,
res = TMH_PARSE_json_data (connection,
json,
spec);
+ json_decref (json);
if (GNUNET_YES != res)
return (GNUNET_NO == res) ? MHD_YES : MHD_NO;
GNUNET_CRYPTO_kdf (&hc, sizeof (hc),
@@ -144,7 +224,6 @@ TMH_TEST_handler_test_hkdf (struct TMH_RequestHandler *rh,
spec[0].destination_size_out,
NULL, 0);
TMH_PARSE_release_data (spec);
- json_decref (json);
json = TALER_json_from_data (&hc, sizeof (struct GNUNET_HashCode));
res = TMH_RESPONSE_reply_json (connection,
json,
diff --git a/src/mint/taler-mint-httpd_test.h b/src/mint/taler-mint-httpd_test.h
index 5de63bb15..cafbb0729 100644
--- a/src/mint/taler-mint-httpd_test.h
+++ b/src/mint/taler-mint-httpd_test.h
@@ -50,6 +50,31 @@ TMH_TEST_handler_test_base32 (struct TMH_RequestHandler *rh,
/**
+ * Handle a "/test/encrypt" request. Parses the JSON in the post,
+ * runs the Crockford Base32 decoder on the "input" field in the JSON,
+ * and encrypts the result with a shared secret derived using the HKDF
+ * function with salt "skey" and IV derived with salt "iv" of the
+ * Crockford Base32-encoded "key_hash" field in the JSON. The
+ * symmetric encryption is the AES/Twofish double-encryption used in
+ * Taler/GNUnet. The resulting ciphertext is returned as a Crockford
+ * Base32 encoded JSON string.
+ *
+ * @param rh context of the handler
+ * @param connection the MHD connection to handle
+ * @param[in,out] connection_cls the connection's closure (can be updated)
+ * @param upload_data upload data
+ * @param[in,out] upload_data_size number of bytes (left) in @a upload_data
+ * @return MHD result code
+ */
+int
+TMH_TEST_handler_test_encrypt (struct TMH_RequestHandler *rh,
+ struct MHD_Connection *connection,
+ void **connection_cls,
+ const char *upload_data,
+ size_t *upload_data_size);
+
+
+/**
* Handle a "/test/hkdf" request. Parses the JSON in the post, runs
* the Crockford Base32 decoder on the "input" field in the JSON,
* computes `HKDF(input, "salty")` and sends the result back as a JSON