misc.c 2.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107
  1. /* vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80: */
  2. /*
  3. * Copyright 2016 Red Hat, Inc.
  4. *
  5. * Licensed under the Apache License, Version 2.0 (the "License");
  6. * you may not use this file except in compliance with the License.
  7. * You may obtain a copy of the License at
  8. *
  9. * http://www.apache.org/licenses/LICENSE-2.0
  10. *
  11. * Unless required by applicable law or agreed to in writing, software
  12. * distributed under the License is distributed on an "AS IS" BASIS,
  13. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14. * See the License for the specific language governing permissions and
  15. * limitations under the License.
  16. */
  17. #include "misc.h"
  18. #include <jose/b64.h>
  19. #include <string.h>
  20. #include "hooks.h"
  21. bool
  22. encode_protected(json_t *obj)
  23. {
  24. json_t *p = NULL;
  25. if (json_unpack(obj, "{s?o}", "protected", &p) == -1)
  26. return false;
  27. if (!p || json_is_string(p))
  28. return true;
  29. if (!json_is_object(p))
  30. return false;
  31. return json_object_set_new(obj, "protected", jose_b64_enc_dump(p)) == 0;
  32. }
  33. void
  34. zero(void *mem, size_t len)
  35. {
  36. memset(mem, 0, len);
  37. }
  38. bool
  39. handle_zip_enc(json_t *json, const void *in, size_t len, void **data, size_t *datalen)
  40. {
  41. json_t *prt = NULL;
  42. char *z = NULL;
  43. const jose_hook_alg_t *a = NULL;
  44. jose_io_auto_t *zip = NULL;
  45. jose_io_auto_t *zipdata = NULL;
  46. prt = json_object_get(json, "protected");
  47. if (prt && json_is_string(prt))
  48. prt = jose_b64_dec_load(prt);
  49. /* Check if we have "zip" in the protected header. */
  50. if (json_unpack(prt, "{s:s}", "zip", &z) == -1) {
  51. /* No zip. */
  52. *data = (void*)in;
  53. *datalen = len;
  54. return true;
  55. }
  56. /* OK, we have "zip", so we should compress the payload before
  57. * the encryption takes place. */
  58. a = jose_hook_alg_find(JOSE_HOOK_ALG_KIND_COMP, z);
  59. if (!a)
  60. return false;
  61. zipdata = jose_io_malloc(NULL, data, datalen);
  62. if (!zipdata)
  63. return false;
  64. zip = a->comp.def(a, NULL, zipdata);
  65. if (!zip || !zip->feed(zip, in, len) || !zip->done(zip))
  66. return false;
  67. return true;
  68. }
  69. bool
  70. zip_in_protected_header(json_t *json)
  71. {
  72. json_t *prt = NULL;
  73. char *z = NULL;
  74. prt = json_object_get(json, "protected");
  75. if (prt && json_is_string(prt))
  76. prt = jose_b64_dec_load(prt);
  77. /* Check if we have "zip" in the protected header. */
  78. if (json_unpack(prt, "{s:s}", "zip", &z) == -1)
  79. return false;
  80. /* We have "zip", but let's validate the alg also. */
  81. return jose_hook_alg_find(JOSE_HOOK_ALG_KIND_COMP, z) != NULL;
  82. }
  83. static void __attribute__((constructor))
  84. constructor(void)
  85. {
  86. json_object_seed(0);
  87. }