diff options
author | Christian Grothoff <christian@grothoff.org> | 2015-04-18 00:51:43 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2015-04-18 00:51:43 +0200 |
commit | e61b83495e1a20e3661cd31fbd9d71899f6a2380 (patch) | |
tree | 5545a915ca464c9654a5aa18e654f25d9e98973f | |
parent | c5b0d8c76eacbafc4990f247e1de41304265801a (diff) |
implementing /test/encrypt
-rw-r--r-- | src/mint/taler-mint-httpd.c | 11 | ||||
-rw-r--r-- | src/mint/taler-mint-httpd_test.c | 87 | ||||
-rw-r--r-- | src/mint/taler-mint-httpd_test.h | 25 |
3 files changed, 117 insertions, 6 deletions
diff --git a/src/mint/taler-mint-httpd.c b/src/mint/taler-mint-httpd.c index 2b7d1d5e2..392e87299 100644 --- a/src/mint/taler-mint-httpd.c +++ b/src/mint/taler-mint-httpd.c @@ -198,8 +198,8 @@ handle_mhd_request (void *cls, #if HAVE_DEVELOPER { "/test", MHD_HTTP_METHOD_POST, "application/json", - NULL, 0, - &TMH_TEST_handler_test, MHD_HTTP_OK }, + NULL, 0, + &TMH_TEST_handler_test, MHD_HTTP_OK }, { "/test", NULL, "text/plain", "Only POST is allowed", 0, &TMH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED }, @@ -211,6 +211,13 @@ handle_mhd_request (void *cls, "Only POST is allowed", 0, &TMH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED }, + { "/test/encrypt", MHD_HTTP_METHOD_POST, "application/json", + NULL, 0, + &TMH_TEST_handler_test_encrypt, MHD_HTTP_OK }, + { "/test/encrypt", NULL, "text/plain", + "Only POST is allowed", 0, + &TMH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED }, + { "/test/hkdf", MHD_HTTP_METHOD_POST, "application/json", NULL, 0, &TMH_TEST_handler_test_hkdf, MHD_HTTP_OK }, diff --git a/src/mint/taler-mint-httpd_test.c b/src/mint/taler-mint-httpd_test.c index 5061b22b8..d29f629ba 100644 --- a/src/mint/taler-mint-httpd_test.c +++ b/src/mint/taler-mint-httpd_test.c @@ -20,8 +20,7 @@ * @author Christian Grothoff * * TODO: - * - Symmetric encryption/decryption - * - high-level transfer key logic + * - /test/transfer for high-level transfer key logic */ #include "platform.h" #include <gnunet/gnunet_util_lib.h> @@ -93,6 +92,86 @@ TMH_TEST_handler_test_base32 (struct TMH_RequestHandler *rh, /** + * Handle a "/test/encrypt" request. Parses the JSON in the post, + * runs the Crockford Base32 decoder on the "input" field in the JSON, + * and encrypts the result with a shared secret derived using the HKDF + * function with salt "skey" and IV derived with salt "iv" of the + * Crockford Base32-encoded "key_hash" field in the JSON. The + * symmetric encryption is the AES/Twofish double-encryption used in + * Taler/GNUnet. The resulting ciphertext is returned as a Crockford + * Base32 encoded JSON string. + * + * @param rh context of the handler + * @param connection the MHD connection to handle + * @param[in,out] connection_cls the connection's closure (can be updated) + * @param upload_data upload data + * @param[in,out] upload_data_size number of bytes (left) in @a upload_data + * @return MHD result code + */ +int +TMH_TEST_handler_test_encrypt (struct TMH_RequestHandler *rh, + struct MHD_Connection *connection, + void **connection_cls, + const char *upload_data, + size_t *upload_data_size) +{ + json_t *json; + int res; + struct GNUNET_HashCode key; + struct GNUNET_CRYPTO_SymmetricInitializationVector iv; + struct GNUNET_CRYPTO_SymmetricSessionKey skey; + struct TMH_PARSE_FieldSpecification spec[] = { + TMH_PARSE_MEMBER_VARIABLE ("input"), + TMH_PARSE_MEMBER_FIXED ("key_hash", &key), + TMH_PARSE_MEMBER_END + }; + char *out; + + res = TMH_PARSE_post_json (connection, + connection_cls, + upload_data, + upload_data_size, + &json); + if (GNUNET_SYSERR == res) + return MHD_NO; + if ( (GNUNET_NO == res) || (NULL == json) ) + return MHD_YES; + res = TMH_PARSE_json_data (connection, + json, + spec); + json_decref (json); + if (GNUNET_YES != res) + return (GNUNET_NO == res) ? MHD_YES : MHD_NO; + GNUNET_assert (GNUNET_YES == + GNUNET_CRYPTO_kdf (&skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), + "skey", strlen ("skey"), + &key, sizeof (key), + NULL, 0)); + GNUNET_assert (GNUNET_YES == + GNUNET_CRYPTO_kdf (&iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector), + "iv", strlen ("iv"), + &key, sizeof (key), + NULL, 0)); + out = GNUNET_malloc (spec[0].destination_size_out); + GNUNET_break (spec[0].destination_size_out == + GNUNET_CRYPTO_symmetric_encrypt (spec[0].destination, + spec[0].destination_size_out, + &skey, + &iv, + out)); + json = TALER_json_from_data (out, + spec[0].destination_size_out); + GNUNET_free (out); + TMH_PARSE_release_data (spec); + res = TMH_RESPONSE_reply_json (connection, + json, + MHD_HTTP_OK); + json_decref (json); + return res; +} + + +/** * Handle a "/test/hkdf" request. Parses the JSON in the post, runs * the Crockford Base32 decoder on the "input" field in the JSON, * computes `HKDF(input, "salty")` and sends the result back as a JSON @@ -123,7 +202,7 @@ TMH_TEST_handler_test_hkdf (struct TMH_RequestHandler *rh, TMH_PARSE_MEMBER_VARIABLE ("input"), TMH_PARSE_MEMBER_END }; - + res = TMH_PARSE_post_json (connection, connection_cls, upload_data, @@ -136,6 +215,7 @@ TMH_TEST_handler_test_hkdf (struct TMH_RequestHandler *rh, res = TMH_PARSE_json_data (connection, json, spec); + json_decref (json); if (GNUNET_YES != res) return (GNUNET_NO == res) ? MHD_YES : MHD_NO; GNUNET_CRYPTO_kdf (&hc, sizeof (hc), @@ -144,7 +224,6 @@ TMH_TEST_handler_test_hkdf (struct TMH_RequestHandler *rh, spec[0].destination_size_out, NULL, 0); TMH_PARSE_release_data (spec); - json_decref (json); json = TALER_json_from_data (&hc, sizeof (struct GNUNET_HashCode)); res = TMH_RESPONSE_reply_json (connection, json, diff --git a/src/mint/taler-mint-httpd_test.h b/src/mint/taler-mint-httpd_test.h index 5de63bb15..cafbb0729 100644 --- a/src/mint/taler-mint-httpd_test.h +++ b/src/mint/taler-mint-httpd_test.h @@ -50,6 +50,31 @@ TMH_TEST_handler_test_base32 (struct TMH_RequestHandler *rh, /** + * Handle a "/test/encrypt" request. Parses the JSON in the post, + * runs the Crockford Base32 decoder on the "input" field in the JSON, + * and encrypts the result with a shared secret derived using the HKDF + * function with salt "skey" and IV derived with salt "iv" of the + * Crockford Base32-encoded "key_hash" field in the JSON. The + * symmetric encryption is the AES/Twofish double-encryption used in + * Taler/GNUnet. The resulting ciphertext is returned as a Crockford + * Base32 encoded JSON string. + * + * @param rh context of the handler + * @param connection the MHD connection to handle + * @param[in,out] connection_cls the connection's closure (can be updated) + * @param upload_data upload data + * @param[in,out] upload_data_size number of bytes (left) in @a upload_data + * @return MHD result code + */ +int +TMH_TEST_handler_test_encrypt (struct TMH_RequestHandler *rh, + struct MHD_Connection *connection, + void **connection_cls, + const char *upload_data, + size_t *upload_data_size); + + +/** * Handle a "/test/hkdf" request. Parses the JSON in the post, runs * the Crockford Base32 decoder on the "input" field in the JSON, * computes `HKDF(input, "salty")` and sends the result back as a JSON |