diff options
Diffstat (limited to 'jwt.c')
| -rw-r--r-- | jwt.c | 147 |
1 files changed, 147 insertions, 0 deletions
@@ -0,0 +1,147 @@ +#include "jwt.h" +#include "base64.h" +#include <dynstr.h> +#include <cjson/cJSON.h> +#include <openssl/evp.h> +#include <openssl/hmac.h> +#include <openssl/sha.h> +#include <errno.h> +#include <stddef.h> +#include <stdlib.h> +#include <stdio.h> +#include <string.h> + +static const char jwt_header[] = "{\"alg\": \"HS256\", \"typ\": \"JWT\"}"; + +static char *get_payload(const char *const name) +{ + char *ret = NULL; + struct dynstr d; + + dynstr_init(&d); + + if (dynstr_append(&d, "{\"name\": \"%s\"}", name)) + { + fprintf(stderr, "%s: dynstr_append name failed\n", __func__); + goto end; + } + else if (!(ret = base64_encode(d.str, d.len))) + { + fprintf(stderr, "%s: base64 failed\n", __func__); + goto end; + } + +end: + dynstr_free(&d); + return ret; +} + +static char *get_hmac(const void *const buf, const size_t n, + const void *const key, const size_t keyn) +{ + unsigned char hmac[SHA256_DIGEST_LENGTH]; + const EVP_MD *const md = EVP_sha256(); + char *ret = NULL; + + if (!md) + { + fprintf(stderr, "%s: EVP_sha256 failed\n", __func__); + return NULL; + } + else if (!HMAC(md, key, keyn, buf, n, hmac, NULL)) + { + fprintf(stderr, "%s: HMAC failed\n", __func__); + return NULL; + } + else if (!(ret = base64_encode(hmac, sizeof hmac))) + { + fprintf(stderr, "%s: base64 failed\n", __func__); + return NULL; + } + + return ret; +} + +char *jwt_encode(const char *const name, const void *const key, const size_t n) +{ + char *ret = NULL; + char *const header = base64_encode(jwt_header, strlen(jwt_header)), + *const payload = get_payload(name), + *hmac = NULL; + struct dynstr jwt; + + dynstr_init(&jwt); + + if (!header) + { + fprintf(stderr, "%s: base64_encode header failed\n", __func__); + goto end; + } + else if (!payload) + { + fprintf(stderr, "%s: get_payload failed\n", __func__); + goto end; + } + else if (dynstr_append(&jwt, "%s.%s", header, payload)) + { + fprintf(stderr, "%s: dynstr_append header+payload failed", __func__); + goto end; + } + else if (!(hmac = get_hmac(jwt.str, jwt.len, key, n))) + { + fprintf(stderr, "%s: get_hmac failed\n", __func__); + goto end; + } + else if (dynstr_append(&jwt, ".%s", hmac)) + { + fprintf(stderr, "%s: dynstr_append hmac failed\n", __func__); + goto end; + } + + ret = jwt.str; + +end: + free(header); + free(payload); + free(hmac); + + if (!ret) + dynstr_free(&jwt); + + return ret; +} + +int jwt_check(const char *const jwt, const void *const key, const size_t n) +{ + const char *const p = strrchr(jwt, '.'); + const EVP_MD *const md = EVP_sha256(); + unsigned char hmac[SHA256_DIGEST_LENGTH]; + char *dhmac = NULL; + size_t hmaclen; + + if (!md) + { + fprintf(stderr, "%s: EVP_sha256 failed\n", __func__); + return -1; + } + else if (!p) + { + fprintf(stderr, "%s: expected '.'\n", __func__); + return 1; + } + else if (!HMAC(md, key, n, (const unsigned char *)jwt, p - jwt, hmac, NULL)) + { + fprintf(stderr, "%s: HMAC failed\n", __func__); + return -1; + } + else if (!(dhmac = base64_decode(p + 1, &hmaclen))) + { + fprintf(stderr, "%s: base64_decode failed\n", __func__); + return -1; + } + + const int r = memcmp(dhmac, hmac, hmaclen); + + free(dhmac); + return !!r; +} |