148 lines
3.4 KiB
C
148 lines
3.4 KiB
C
#include "jwt.h"
|
|
#include "base64.h"
|
|
#include <dynstr.h>
|
|
#include <cjson/cJSON.h>
|
|
#include <openssl/evp.h>
|
|
#include <openssl/hmac.h>
|
|
#include <openssl/sha.h>
|
|
#include <errno.h>
|
|
#include <stddef.h>
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
|
|
static const char jwt_header[] = "{\"alg\": \"HS256\", \"typ\": \"JWT\"}";
|
|
|
|
static char *get_payload(const char *const name)
|
|
{
|
|
char *ret = NULL;
|
|
struct dynstr d;
|
|
|
|
dynstr_init(&d);
|
|
|
|
if (dynstr_append(&d, "{\"name\": \"%s\"}", name))
|
|
{
|
|
fprintf(stderr, "%s: dynstr_append name failed\n", __func__);
|
|
goto end;
|
|
}
|
|
else if (!(ret = base64_encode(d.str, d.len)))
|
|
{
|
|
fprintf(stderr, "%s: base64 failed\n", __func__);
|
|
goto end;
|
|
}
|
|
|
|
end:
|
|
dynstr_free(&d);
|
|
return ret;
|
|
}
|
|
|
|
static char *get_hmac(const void *const buf, const size_t n,
|
|
const void *const key, const size_t keyn)
|
|
{
|
|
unsigned char hmac[SHA256_DIGEST_LENGTH];
|
|
const EVP_MD *const md = EVP_sha256();
|
|
char *ret = NULL;
|
|
|
|
if (!md)
|
|
{
|
|
fprintf(stderr, "%s: EVP_sha256 failed\n", __func__);
|
|
return NULL;
|
|
}
|
|
else if (!HMAC(md, key, keyn, buf, n, hmac, NULL))
|
|
{
|
|
fprintf(stderr, "%s: HMAC failed\n", __func__);
|
|
return NULL;
|
|
}
|
|
else if (!(ret = base64_encode(hmac, sizeof hmac)))
|
|
{
|
|
fprintf(stderr, "%s: base64 failed\n", __func__);
|
|
return NULL;
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
char *jwt_encode(const char *const name, const void *const key, const size_t n)
|
|
{
|
|
char *ret = NULL;
|
|
char *const header = base64_encode(jwt_header, strlen(jwt_header)),
|
|
*const payload = get_payload(name),
|
|
*hmac = NULL;
|
|
struct dynstr jwt;
|
|
|
|
dynstr_init(&jwt);
|
|
|
|
if (!header)
|
|
{
|
|
fprintf(stderr, "%s: base64_encode header failed\n", __func__);
|
|
goto end;
|
|
}
|
|
else if (!payload)
|
|
{
|
|
fprintf(stderr, "%s: get_payload failed\n", __func__);
|
|
goto end;
|
|
}
|
|
else if (dynstr_append(&jwt, "%s.%s", header, payload))
|
|
{
|
|
fprintf(stderr, "%s: dynstr_append header+payload failed", __func__);
|
|
goto end;
|
|
}
|
|
else if (!(hmac = get_hmac(jwt.str, jwt.len, key, n)))
|
|
{
|
|
fprintf(stderr, "%s: get_hmac failed\n", __func__);
|
|
goto end;
|
|
}
|
|
else if (dynstr_append(&jwt, ".%s", hmac))
|
|
{
|
|
fprintf(stderr, "%s: dynstr_append hmac failed\n", __func__);
|
|
goto end;
|
|
}
|
|
|
|
ret = jwt.str;
|
|
|
|
end:
|
|
free(header);
|
|
free(payload);
|
|
free(hmac);
|
|
|
|
if (!ret)
|
|
dynstr_free(&jwt);
|
|
|
|
return ret;
|
|
}
|
|
|
|
int jwt_check(const char *const jwt, const void *const key, const size_t n)
|
|
{
|
|
const char *const p = strrchr(jwt, '.');
|
|
const EVP_MD *const md = EVP_sha256();
|
|
unsigned char hmac[SHA256_DIGEST_LENGTH];
|
|
char *dhmac = NULL;
|
|
size_t hmaclen;
|
|
|
|
if (!md)
|
|
{
|
|
fprintf(stderr, "%s: EVP_sha256 failed\n", __func__);
|
|
return -1;
|
|
}
|
|
else if (!p)
|
|
{
|
|
fprintf(stderr, "%s: expected '.'\n", __func__);
|
|
return 1;
|
|
}
|
|
else if (!HMAC(md, key, n, (const unsigned char *)jwt, p - jwt, hmac, NULL))
|
|
{
|
|
fprintf(stderr, "%s: HMAC failed\n", __func__);
|
|
return -1;
|
|
}
|
|
else if (!(dhmac = base64_decode(p + 1, &hmaclen)))
|
|
{
|
|
fprintf(stderr, "%s: base64_decode failed\n", __func__);
|
|
return -1;
|
|
}
|
|
|
|
const int r = memcmp(dhmac, hmac, hmaclen);
|
|
|
|
free(dhmac);
|
|
return !!r;
|
|
}
|