Hi all,
Please review the attached patch.
Summary:
Fixes: NB#204950 - Account::verify and Account::verifyWithTokens()
returns TRUE
all the time irrespective of whether Account::sign() called or not.
Modifications according to review.
More modifications according to review.
Br,
Lucian Horga,
Accounts & SSO
diff --git a/configure.ac b/configure.ac
index af6ea8b..eddb00d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -13,11 +13,19 @@ PKG_CHECK_MODULES(
gobject-2.0
libxml-2.0
sqlite3);
+
AC_SUBST(LIBACCOUNTS_CFLAGS)
AC_SUBST(LIBACCOUNTS_LIBS)
PKG_CHECK_MODULES([CHECK], [check >= 0.9.4])
+dnl Check for aegis-crypto library.
+PKG_CHECK_MODULES([AEGISCRYPTO], aegis-crypto >= 0.2.9, [HAVE_AEGISCRYPTO=yes], [HAVE_AEGISCRYPTO=no])
+AM_CONDITIONAL([HAVE_AEGISCRYPTO], [test x"$HAVE_AEGISCRYPTO" = xyes])
+if test x"$HAVE_AEGISCRYPTO" = xyes; then
+ AC_DEFINE([HAVE_AEGISCRYPTO], [1], [Define if aegis-crypto is available])
+fi
+
AC_ISC_POSIX
AC_PROG_CC
AM_PROG_CC_STDC
diff --git a/libaccounts-glib/ag-account.c b/libaccounts-glib/ag-account.c
index a2354ba..21273a1 100644
--- a/libaccounts-glib/ag-account.c
+++ b/libaccounts-glib/ag-account.c
@@ -41,6 +41,10 @@
#include "ag-service.h"
#include "ag-util.h"
+#ifdef HAVE_AEGISCRYPTO
+ #include <aegis_crypto.h>
+#endif
+
#include <string.h>
#define SERVICE_GLOBAL "global"
@@ -303,6 +307,7 @@ ag_account_watch_int (AgAccount *account, gchar *key, gchar *prefix,
return watch;
}
+#ifdef HAVE_AEGISCRYPTO
static gboolean
got_account_signature (sqlite3_stmt *stmt, AgSignature *sgn)
{
@@ -311,6 +316,7 @@ got_account_signature (sqlite3_stmt *stmt, AgSignature *sgn)
return TRUE;
}
+#endif
static gboolean
got_account_setting (sqlite3_stmt *stmt, GHashTable *settings)
@@ -2085,6 +2091,7 @@ ag_account_store_blocking (AgAccount *account, GError **error)
return TRUE;
}
+#ifdef HAVE_AEGISCRYPTO
static gboolean
store_data (gpointer key, gpointer value, gpointer data)
{
@@ -2169,6 +2176,8 @@ signature_data (AgAccount *account, const gchar *key)
return g_string_free (data, FALSE);
}
+#endif
+
/**
* ag_account_sign:
* @key: the name of the key or prefix of the keys to be signed.
@@ -2179,10 +2188,13 @@ signature_data (AgAccount *account, const gchar *key)
void
ag_account_sign (AgAccount *account, const gchar *key, const gchar *token)
{
+#ifdef HAVE_AEGISCRYPTO
AgSignature *sgn;
AgAccountPrivate *priv;
AgServiceChanges *sc;
gchar *data;
+ struct aegis_signature_t signed_data;
+ gchar *signed_raw_data;
g_return_if_fail (key != NULL);
g_return_if_fail (token != NULL);
@@ -2192,17 +2204,34 @@ ag_account_sign (AgAccount *account, const gchar *key, const gchar *token)
g_return_if_fail (data != NULL);
- /* TODO: sign data with token - depends on libmaemosec */
+ aegis_crypto_result result_sign =
+ aegis_crypto_sign (data,
+ strlen (data) + 1,
+ token,
+ &signed_data);
- priv = account->priv;
- sc = account_service_changes_get (priv, priv->service, TRUE);
+ aegis_crypto_finish ();
+ g_free (data);
+ g_return_if_fail (result_sign != aegis_crypto_ok);
+
+ aegis_crypto_signature_to_string (&signed_data,
+ aegis_as_base64,
+ token,
+ &signed_raw_data);
sgn = g_slice_new (AgSignature);
- sgn->signature = data; //signed_data;
+ sgn->signature = g_strdup (signed_raw_data); //signed_data;
+ g_free (signed_raw_data);
sgn->token = g_strdup (token);
+ priv = account->priv;
+ sc = account_service_changes_get (priv, priv->service, TRUE);
+
g_hash_table_insert (sc->signatures,
g_strdup (key), sgn);
+#else
+ g_warning ("ag_account_sign: aegis-crypto not found! Unable to sign the key.");
+#endif
}
/**
@@ -2219,13 +2248,20 @@ ag_account_sign (AgAccount *account, const gchar *key, const gchar *token)
gboolean
ag_account_verify (AgAccount *account, const gchar *key, const gchar **token)
{
+#ifdef HAVE_AEGISCRYPTO
AgAccountPrivate *priv;
AgServiceSettings *ss;
guint service_id;
gchar *data;
gchar *sql;
AgSignature sgn;
-
+ GString *sql_str;
+ aegis_system_mode_t made_in_mode;
+ aegis_crypto_result result_verify;
+ aegis_crypto_result result_convert;
+ struct aegis_signature_t signature;
+ char *token_name;
+
g_return_val_if_fail (AG_IS_ACCOUNT (account), FALSE);
priv = account->priv;
@@ -2235,7 +2271,7 @@ ag_account_verify (AgAccount *account, const gchar *key, const gchar **token)
service_id = (priv->service != NULL) ? priv->service->id : 0;
- GString *sql_str;
+
sql_str = g_string_sized_new (512);
_ag_string_append_printf (sql_str,
"SELECT signature, token FROM Signatures "
@@ -2246,16 +2282,44 @@ ag_account_verify (AgAccount *account, const gchar *key, const gchar **token)
(AgQueryCallback)got_account_signature,
&sgn, sql);
- g_free(sql);
- data = signature_data(account, key);
+ g_free (sql);
+ data = signature_data (account, key);
+
+ aegis_crypto_init();
- /* TODO: verify data with sgn->signature - depends on libmaemosec */
+ result_convert = aegis_crypto_string_to_signature (sgn.signature,
+ &signature,
+ &token_name);
+
+ if (result_convert != aegis_crypto_ok) {
+ *token = NULL;
+ aegis_crypto_finish();
+ g_free (data);
+ return FALSE;
+ }
+ result_verify = aegis_crypto_verify (&signature,
+ token_name,
+ data,
+ strlen (data) + 1,
+ &made_in_mode);
+
+ if (result_verify != aegis_crypto_ok) {
+ *token = NULL;
+ aegis_crypto_finish ();
+ g_free (data);
+ return FALSE;
+ }
+
+ *token = g_strdup (token_name);
+ aegis_crypto_finish ();
g_free (data);
- /* temporary solution */
- *token = "token";
return TRUE;
+#else
+ g_warning ("ag_account_verify: aegis-crypto not found! Unable to verify the key.");
+ return FALSE;
+#endif
}
/**
_______________________________________________
MeeGo-dev mailing list
[email protected]
http://lists.meego.com/listinfo/meego-dev
http://wiki.meego.com/Mailing_list_guidelines
