Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: impl multiple exits for auth_cli + minor refactoring
Browse files Browse the repository at this point in the history
srieteja committed Dec 12, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent 85f5023 commit 6e1ac0b
Showing 8 changed files with 223 additions and 111 deletions.
1 change: 1 addition & 0 deletions packages/atauth/include/atauth/atauth_constants.h
Original file line number Diff line number Diff line change
@@ -6,6 +6,7 @@
#define DEFAULT_APKAM_RETRY_INTERVAL 10 // seconds
#define MAX_APKAM_AUTH_RETRY_ATTMEPTS 10
#define ENROLLMENT_DENIED_ERR_CODE "error:AT0025"
#define ENROLLMENT_PENDING_ERR_CODE "error:AT0026"


#define ENCRYPTED_DEFAULT_ENC_PRIVKEY_NAME "default_enc_private_key"
11 changes: 6 additions & 5 deletions packages/atauth/src/atactivate.c
Original file line number Diff line number Diff line change
@@ -16,10 +16,9 @@
#include <stdlib.h>
#include <string.h>

#define TAG "Activate CLI"
#define TAG "activate_cli"

int main(int argc, char *argv[]) {
atlogger_set_logging_level(ATLOGGER_LOGGING_LEVEL_DEBUG);
int ret = 0;
char *atsign_temp = NULL, *cram_secret = NULL, *root_host = NULL, *atkeys_fp = NULL, *otp = NULL;
char enrollment_id[ENROLL_ID_MAX_LEN];
@@ -50,7 +49,8 @@ int main(int argc, char *argv[]) {
aes_key_base64_size); // size of AES256 key encrypted with another AES256 key(bytes)
const size_t aes256_encrypted_aes256_key_unsigned_char_size =
sizeof(unsigned char) * aes256_encrypted_aes256_key_size;
unsigned char *encrypted_default_encryption_private_key_bytes = malloc(aes256_encrypted_rsa_privkey_unsigned_char_size);
unsigned char *encrypted_default_encryption_private_key_bytes =
malloc(aes256_encrypted_rsa_privkey_unsigned_char_size);
unsigned char *encrypted_self_encryption_key_bytes = malloc(aes256_encrypted_aes256_key_unsigned_char_size);

// intialize base64 encoded encrypted APKAM symmetric Key and encrypted default encryption private key
@@ -143,7 +143,7 @@ int main(int argc, char *argv[]) {

// 1.1 Ensure atsign starts with '@'
char *atsign = NULL;
if((ret = atclient_string_utils_atsign_with_at(atsign_temp, &atsign)) != 0) {
if ((ret = atclient_string_utils_atsign_with_at(atsign_temp, &atsign)) != 0) {
atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "atclient_string_utils_atsign_with_at: %d\n", ret);
goto exit;
}
@@ -262,7 +262,8 @@ int main(int argc, char *argv[]) {

// 4.1.1 Base64 encode the encrypted_default_encryption_private_key
size_t encrypted_default_encryption_private_key_base64_len = 0;
if ((ret = atchops_base64_encode(encrypted_default_encryption_private_key_bytes, encrypted_def_encrypt_private_key_bytes_len,
if ((ret = atchops_base64_encode(encrypted_default_encryption_private_key_bytes,
encrypted_def_encrypt_private_key_bytes_len,
encrypted_default_encryption_private_key_base64,
sizeof(unsigned char) * aes256_encrypted_rsa_2048_privkey_base64_len,
&encrypted_default_encryption_private_key_base64_len)) != 0) {
198 changes: 100 additions & 98 deletions packages/atauth/src/auth_cli.c

Large diffs are not rendered by default.

100 changes: 100 additions & 0 deletions packages/atauth/src/enc_test.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
#include <atchops/aes_ctr.h>
#include <atchops/base64.h>
#include <atchops/iv.h>
#include <atlogger/atlogger.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define ENCODED_ENCRYPTED_AES_KEY "1xxewcGwphrpyFkDlfwgIjtHxvpqj1Y7v7vDemJgw8Pj7ewUIByzQwnxsfq6FGO"
#define AES_KEY "A6jZvnt89Cj1RuNuHUyUdbFCOjGiY99zGSLaQ5aQ7sI="

int main() {
atlogger_set_logging_level(ATLOGGER_LOGGING_LEVEL_DEBUG);

// Decode the encrypted AES key
size_t encoded_len = strlen(ENCODED_ENCRYPTED_AES_KEY);
size_t ciph_decoded_len = 0;
size_t ciph_decoded_size = atchops_base64_decoded_size(encoded_len);
unsigned char *decoded_encrypted_aes_key = malloc(ciph_decoded_size);

if (!decoded_encrypted_aes_key ||
atchops_base64_decode(ENCODED_ENCRYPTED_AES_KEY, encoded_len, decoded_encrypted_aes_key, ciph_decoded_size, &ciph_decoded_len) != 0) {
fprintf(stderr, "Base64 decoding failed\n");
free(decoded_encrypted_aes_key);
return 1;
}

printf("Decoded encrypted AES key size: %lu\n", ciph_decoded_size);
printf("Decoded encrypted AES key length: %lu\n", ciph_decoded_len);

for (size_t i = 0; i < ciph_decoded_len; i++) {
printf("%d\t", decoded_encrypted_aes_key[i]);
}
printf("\n");

// Decode the AES key
encoded_len = strlen(AES_KEY);
size_t decoded_size = atchops_base64_decoded_size(encoded_len);
size_t decoded_len = 0;
unsigned char *aes_key_bytes = malloc(decoded_size);

if (!aes_key_bytes ||
atchops_base64_decode(AES_KEY, encoded_len, aes_key_bytes, decoded_size, &decoded_len) != 0) {
fprintf(stderr, "Base64 decoding of AES key failed\n");
free(decoded_encrypted_aes_key);
free(aes_key_bytes);
return 2;
}

printf("Decoded AES key length: %lu\n", decoded_len);

// Initialize IV
unsigned char *iv = malloc(ATCHOPS_IV_BUFFER_SIZE);
if (!iv) {
fprintf(stderr, "Memory allocation for IV failed\n");
free(decoded_encrypted_aes_key);
free(aes_key_bytes);
return 3;
}

// Decrypt the self-encrypted key
size_t decrypted_size = atchops_aes_ctr_plaintext_size(ciph_decoded_len);
printf("Decrypted self-encrypted key szie: %lu\n", decrypted_size);
unsigned char *decrypted_self_enc_key = malloc(decrypted_size);
size_t decrypted_len = 0;

if (!decrypted_self_enc_key) {
fprintf(stderr, "Memory allocation for decrypted key failed\n");
free(decoded_encrypted_aes_key);
free(aes_key_bytes);
free(iv);
return 4;
}
memset(decrypted_self_enc_key, 0, decrypted_size);

if (atchops_aes_ctr_decrypt(aes_key_bytes, ATCHOPS_AES_256, iv, decoded_encrypted_aes_key, ciph_decoded_len,
decrypted_self_enc_key, decrypted_size, &decrypted_len) != 0) {
fprintf(stderr, "AES decryption failed\n");
free(decoded_encrypted_aes_key);
free(aes_key_bytes);
free(iv);
free(decrypted_self_enc_key);
return 5;
}

printf("Decrypted self-encrypted key length: %lu\n", decrypted_len);

for (size_t i = 0; i < decrypted_len; i++) {
printf("%d\t", decrypted_self_enc_key[i]);
}
printf("\n");

// Cleanup
free(decoded_encrypted_aes_key);
free(aes_key_bytes);
free(iv);
free(decrypted_self_enc_key);

return 0;
}
2 changes: 1 addition & 1 deletion packages/atauth/src/send_enroll_request.c
Original file line number Diff line number Diff line change
@@ -105,7 +105,7 @@ int atauth_send_enroll_request(atclient *client, const atcommons_enroll_params_t
}
strncpy(enroll_status, enroll_status_cjson->valuestring, strlen(enroll_status_cjson->valuestring));
enroll_status[strlen(enroll_status_cjson->valuestring)] = '\0';

atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_INFO, "Enrollment request sent successfully\n");
ret = 0;

cjson_delete_exit:
4 changes: 2 additions & 2 deletions packages/atclient/src/atclient.c
Original file line number Diff line number Diff line change
@@ -315,8 +315,8 @@ int atclient_pkam_authenticate(atclient *ctx, const char *atsign, const atclient
char *str_with_data_prefix = NULL;
if (atclient_string_utils_get_substring_position((char *)recv, ATCLIENT_DATA_TOKEN, &str_with_data_prefix) != 0) {
ret = 1;
atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "recv was \"%.*s\" and did not have prefix \"data:\"\n",
(int)recv_len, recv);
atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "recv: \"%.*s\" \n", (int)recv_len, recv);
atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_DEBUG, "recv did not have prefix \"data:\"\n");
goto exit;
}

7 changes: 4 additions & 3 deletions packages/atcommons/include/atcommons/enroll_namespace.h
Original file line number Diff line number Diff line change
@@ -60,10 +60,11 @@ int atcommons_enroll_namespace_list_append(atcommons_enroll_namespace_list_t **n
atcommons_enroll_namespace_t *ns);

/**
* @brief Parses a namespace list string and populates these namespaces into the enroll_namespace_list_t struct provided
*
* @param ns_list
* @param json_str
* @return
* @param ns_list Double pointer to a enroll_namespace_list_t struct which would hold the list of namespaces
* @param json_str The namespace list string that is to be parsed. (Expected format: "ns1:rw,ns2:r")
* @return int 0 on success, non-zero int on failure
*/
int atcommons_enroll_namespace_list_from_string(atcommons_enroll_namespace_list_t **ns_list, char *json_str);

11 changes: 9 additions & 2 deletions packages/atcommons/src/enroll_namespace.c
Original file line number Diff line number Diff line change
@@ -1,13 +1,16 @@
#include "atcommons/enroll_namespace.h"

#include "cJSON.h"
#include "atcommons/json.h"

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <atlogger/atlogger.h>

#if defined(__linux__)
#include <linux/limits.h>
#endif

#define TAG "enroll_namespace"

int atcommons_enroll_namespace_list_append(atcommons_enroll_namespace_list_t **ns_list,
@@ -56,6 +59,7 @@ int atcommons_enroll_namespace_to_json(char *ns_str, const size_t ns_str_size, s
return 0;
}

#ifdef ATCOMMONS_JSON_PROVIDER_CJSON
int atcommons_enroll_namespace_list_to_json(char **ns_list_string, size_t *ns_list_str_len,
const atcommons_enroll_namespace_list_t *ns_list) {
if (ns_list == NULL) {
@@ -90,6 +94,9 @@ int atcommons_enroll_namespace_list_to_json(char **ns_list_string, size_t *ns_li
cJSON_Delete(json_obj);
return 0;
}
#else
#error "JSON provider not supported"
#endif

int atcommons_enroll_namespace_list_from_string(atcommons_enroll_namespace_list_t **ns_list, char *json_str) {
int sep_count = 0;

0 comments on commit 6e1ac0b

Please sign in to comment.