---
configure.ac | 9 ++++
libaccounts-glib/Makefile.am | 4 +-
libaccounts-glib/ag-account.c | 107 ++++++++++++++++++++++++++++++++++-------
tests/check_ag.c | 24 +++++++--
4 files changed, 118 insertions(+), 26 deletions(-)
diff --git a/configure.ac b/configure.ac
index 913dbb5..ff2300f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -18,6 +18,15 @@ AC_SUBST(LIBACCOUNTS_LIBS)
PKG_CHECK_MODULES([CHECK], [check >= 0.9.4])
+dnl Check for aegis-crypto library.
+PKG_CHECK_MODULES(AEGISCRYPTO, aegis-crypto, have_aegiscrypto=yes)
+
+if test x$have_aegiscrypto = xyes; then
+ AC_DEFINE(HAVE_AEGISCRYPTO, 1, [Description])
+ AC_SUBST(AEGISCRYPTO_CFLAGS)
+ AC_SUBST(AEGISCRYPTO_LIBS)
+fi
+
AC_ISC_POSIX
AC_PROG_CC
AM_PROG_CC_STDC
diff --git a/libaccounts-glib/Makefile.am b/libaccounts-glib/Makefile.am
index 9056620..f348e7b 100644
--- a/libaccounts-glib/Makefile.am
+++ b/libaccounts-glib/Makefile.am
@@ -1,8 +1,8 @@
lib_LTLIBRARIES = \
libaccounts-glib.la
-libaccounts_glib_la_CFLAGS = $(LIBACCOUNTS_CFLAGS) -Wall -Werror
-libaccounts_glib_la_LIBADD = $(LIBACCOUNTS_LIBS) -lrt
+libaccounts_glib_la_CFLAGS = $(LIBACCOUNTS_CFLAGS) $(AEGISCRYPTO_CFLAGS) -Wall
-Werror
+libaccounts_glib_la_LIBADD = $(LIBACCOUNTS_LIBS) $(AEGISCRYPTO_LIBS) -lrt
libaccounts_glib_la_LDFLAGS = \
-version-info 1:3:1 \
-export-symbols-regex '^ag_'
diff --git a/libaccounts-glib/ag-account.c b/libaccounts-glib/ag-account.c
index a2354ba..95d7ccb 100644
--- a/libaccounts-glib/ag-account.c
+++ b/libaccounts-glib/ag-account.c
@@ -41,6 +41,10 @@
#include "ag-service.h"
#include "ag-util.h"
+#ifdef HAVE_AEGISCRYPTO
+ #include <aegis_crypto.h>
+#endif
+
#include <string.h>
#define SERVICE_GLOBAL "global"
@@ -303,6 +307,7 @@ ag_account_watch_int (AgAccount *account, gchar *key, gchar
*prefix,
return watch;
}
+#ifdef HAVE_AEGISCRYPTO
static gboolean
got_account_signature (sqlite3_stmt *stmt, AgSignature *sgn)
{
@@ -311,6 +316,7 @@ got_account_signature (sqlite3_stmt *stmt, AgSignature *sgn)
return TRUE;
}
+#endif
static gboolean
got_account_setting (sqlite3_stmt *stmt, GHashTable *settings)
@@ -2085,6 +2091,7 @@ ag_account_store_blocking (AgAccount *account, GError
**error)
return TRUE;
}
+#ifdef HAVE_AEGISCRYPTO
static gboolean
store_data (gpointer key, gpointer value, gpointer data)
{
@@ -2169,20 +2176,28 @@ signature_data (AgAccount *account, const gchar *key)
return g_string_free (data, FALSE);
}
+#endif
+
/**
* ag_account_sign:
* @key: the name of the key or prefix of the keys to be signed.
- * @token: token for creating signature.
+ * @token: aegis token (NULL teminated string) or NULL in order to use the
+ application aegis ID token, for creating the signature. The
+ application must possess (request) the token.
*
- * Creates signature of the @key with given @token.
+ * Creates signature of the @key with given @token. The account must be
+ * stored prior to calling this function.
*/
void
ag_account_sign (AgAccount *account, const gchar *key, const gchar *token)
{
+#ifdef HAVE_AEGISCRYPTO
AgSignature *sgn;
AgAccountPrivate *priv;
AgServiceChanges *sc;
gchar *data;
+ struct aegis_signature_t signature;
+ gchar *signature_string;
g_return_if_fail (key != NULL);
g_return_if_fail (token != NULL);
@@ -2192,26 +2207,42 @@ ag_account_sign (AgAccount *account, const gchar *key,
const gchar *token)
g_return_if_fail (data != NULL);
- /* TODO: sign data with token - depends on libmaemosec */
+ aegis_crypto_result result_sign =
+ aegis_crypto_sign (data,
+ strlen (data),
+ token,
+ &signature);
+ g_free (data);
+ g_return_if_fail (result_sign == aegis_crypto_ok);
- priv = account->priv;
- sc = account_service_changes_get (priv, priv->service, TRUE);
+ aegis_crypto_signature_to_string (&signature,
+ aegis_as_base64,
+ token,
+ &signature_string);
+ aegis_crypto_finish ();
sgn = g_slice_new (AgSignature);
- sgn->signature = data; //signed_data;
+ sgn->signature = g_strdup (signature_string);
+ aegis_crypto_free (signature_string);
sgn->token = g_strdup (token);
+ priv = account->priv;
+ sc = account_service_changes_get (priv, priv->service, TRUE);
+
g_hash_table_insert (sc->signatures,
g_strdup (key), sgn);
+#else
+ g_warning ("ag_account_sign: aegis-crypto not found! Unable to sign the
key.");
+#endif
}
/**
* ag_account_verify:
* @key: the name of the key or prefix of the keys to be verified.
- * @token: location to receive the pointer to token.
+ * @token: location to receive the pointer to aegis token.
*
* Verify if the key is signed and the signature matches the value
- * and provides the token which was used for signing the @key.
+ * and provides the aegis token which was used for signing the @key.
*
* Returns: %TRUE if the key is signed and the signature matches
* the value.
@@ -2219,12 +2250,19 @@ ag_account_sign (AgAccount *account, const gchar *key,
const gchar *token)
gboolean
ag_account_verify (AgAccount *account, const gchar *key, const gchar **token)
{
+#ifdef HAVE_AEGISCRYPTO
AgAccountPrivate *priv;
AgServiceSettings *ss;
guint service_id;
gchar *data;
gchar *sql;
AgSignature sgn;
+ GString *sql_str;
+ aegis_system_mode_t made_in_mode;
+ aegis_crypto_result result_verify;
+ aegis_crypto_result result_convert;
+ struct aegis_signature_t signature;
+ char *token_name;
g_return_val_if_fail (AG_IS_ACCOUNT (account), FALSE);
@@ -2235,7 +2273,6 @@ ag_account_verify (AgAccount *account, const gchar *key,
const gchar **token)
service_id = (priv->service != NULL) ? priv->service->id : 0;
- GString *sql_str;
sql_str = g_string_sized_new (512);
_ag_string_append_printf (sql_str,
"SELECT signature, token FROM Signatures "
@@ -2246,27 +2283,61 @@ ag_account_verify (AgAccount *account, const gchar
*key, const gchar **token)
(AgQueryCallback)got_account_signature,
&sgn, sql);
- g_free(sql);
- data = signature_data(account, key);
+ g_free (sql);
+ data = signature_data (account, key);
+
+ aegis_crypto_init();
- /* TODO: verify data with sgn->signature - depends on libmaemosec */
+ token_name = NULL;
+ result_convert = aegis_crypto_string_to_signature (sgn.signature,
+ &signature,
+ &token_name);
+
+ if (result_convert != aegis_crypto_ok) {
+ *token = NULL;
+ aegis_crypto_finish ();
+ g_free (data);
+ return FALSE;
+ }
+
+ result_verify = aegis_crypto_verify (&signature,
+ token_name,
+ data,
+ strlen (data),
+ &made_in_mode);
+
+ if (result_verify != aegis_crypto_ok) {
+ *token = NULL;
+ aegis_crypto_free (token_name);
+ aegis_crypto_finish ();
+ g_free (data);
+ return FALSE;
+ }
+
+ *token = g_strdup (token_name);
+ if (token_name)
+ aegis_crypto_free (token_name);
+
+ aegis_crypto_finish ();
g_free (data);
- /* temporary solution */
- *token = "token";
return TRUE;
+#else
+ g_warning ("ag_account_verify: aegis-crypto not found! Unable to verify
the key.");
+ return FALSE;
+#endif
}
/**
- * ag_account_verify_with_token:
+ * ag_account_verify_with_tokens:
* @key: the name of the key or prefix of the keys to be verified.
- * @tokens: array of tokens.
+ * @tokens: array of aegis tokens.
*
- * Verify if the @key is signed with any of the token from the @tokens
+ * Verify if the @key is signed with any of the tokens from the @tokens
* and the signature is valid.
*
- * Returns: %TRUE if the key is signed with any of the given token
+ * Returns: %TRUE if the key is signed with any of the given tokens
* and the signature is valid.
*/
gboolean
diff --git a/tests/check_ag.c b/tests/check_ag.c
index df02c0d..46de191 100644
--- a/tests/check_ag.c
+++ b/tests/check_ag.c
@@ -1427,11 +1427,11 @@ END_TEST
START_TEST(test_sign_verify_key)
{
- const gchar *key = "test_key/";
const gchar *key1 = "test_key/key1";
const gchar *key2 = "test_key/key2";
- const gchar *list_of_tokens[] = {"t", "tok", "token", NULL};
- const gchar *token = "token";
+ const gchar *list_of_tokens[] = {"libaccounts-glib0::t",
"libaccounts-glib0::tok", "libaccounts-glib0::accounts-glib-access", NULL};
+ const gchar *token = "libaccounts-glib0::accounts-glib-access";
+ const gchar *reply_token;
const gchar *data = "some value 1";
const gchar *data2 = "some value 2";
gboolean ok;
@@ -1461,6 +1461,11 @@ START_TEST(test_sign_verify_key)
g_value_unset (&value);
ag_account_store (account, account_store_now_cb, TEST_STRING);
+ ok = ag_account_verify (account, key1, &reply_token);
+ fail_unless (!ok);
+
+ ok = ag_account_verify_with_tokens (account, key2, list_of_tokens);
+ fail_unless (!ok);
ag_account_sign (account, key1, token);
ag_account_sign (account, key2, token);
@@ -1470,7 +1475,7 @@ START_TEST(test_sign_verify_key)
fail_unless (account->id != 0, "Account ID is still 0!");
- ok = ag_account_verify (account, key1, &token);
+ ok = ag_account_verify (account, key1, &reply_token);
fail_unless (ok);
ok = ag_account_verify_with_tokens (account, key2, list_of_tokens);
@@ -1493,7 +1498,13 @@ START_TEST(test_sign_verify_key)
ag_account_store (account, account_store_now_cb, TEST_STRING);
- ag_account_sign (account, key, token);
+ ok = ag_account_verify (account, key1, &reply_token);
+ fail_unless (!ok);
+
+ ok = ag_account_verify_with_tokens (account, key2, list_of_tokens);
+ fail_unless (!ok);
+
+ ag_account_sign (account, key1, token);
ag_account_sign (account, key2, token);
ag_account_store (account, account_store_now_cb, TEST_STRING);
@@ -1501,10 +1512,11 @@ START_TEST(test_sign_verify_key)
fail_unless (account->id != 0, "Account ID is still 0!");
- ok = ag_account_verify (account, key1, &token);
+ ok = ag_account_verify (account, key1, &reply_token);
fail_unless (ok);
ok = ag_account_verify_with_tokens (account, key2, list_of_tokens);
+
fail_unless (ok);
end_test();
--
1.6.3.3
_______________________________________________
MeeGo-dev mailing list
[email protected]
http://lists.meego.com/listinfo/meego-dev
http://wiki.meego.com/Mailing_list_guidelines
