Domů Procházet Nápověda
Přihlásit se
hp
/
gits-r-us
Sledovat 4
Oblíbit 2
Rozštěpit 1
Soubory Úkoly 1 Pull Requesty 0 Wiki
Strom: ab142472bb
Větve Značky
gits-r-us
/
thirdparty
/
libmacaroons
/
v2.c

v2.c 28 KB
Historie Surový

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049 
  1. /* Copyright (c) 2016, Robert Escriva
    2. 

  2.  * All rights reserved.
    3. 

  3.  *
    4. 

  4.  * Redistribution and use in source and binary forms, with or without
    5. 

  5.  * modification, are permitted provided that the following conditions are met:
    6. 

  6.  *
    7. 

  7.  *     * Redistributions of source code must retain the above copyright notice,
    8. 

  8.  *       this list of conditions and the following disclaimer.
    9. 

  9.  *     * Redistributions in binary form must reproduce the above copyright
    10. 

  10.  *       notice, this list of conditions and the following disclaimer in the
    11. 

  11.  *       documentation and/or other materials provided with the distribution.
    12. 

  12.  *     * Neither the name of this project nor the names of its contributors may
    13. 

  13.  *       be used to endorse or promote products derived from this software
    14. 

  14.  *       without specific prior written permission.
    15. 

  15.  *
    16. 

  16.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
    17. 

  17.  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
    18. 

  18.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
    19. 

  19.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
    20. 

  20.  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
    21. 

  21.  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
    22. 

  22.  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
    23. 

  23.  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
    24. 

  24.  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    25. 

  25.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    26. 

  26.  * POSSIBILITY OF SUCH DAMAGE.
    27. 

  27.  */
    28. 

  28. 

  29. /* C */
    30. 

  30. #include <assert.h>
    31. 

  31. #include <ctype.h>
    32. 

  32. #include <stdint.h>
    33. 

  33. #include <string.h>
    34. 

  34. 

  35. /* macaroons */
    36. 

  36. #include "v2.h"
    37. 

  37. #include "base64.h"
    38. 

  38. #include "constants.h"
    39. 

  39. #include "varint.h"
    40. 

  40. 

  41. #define TYPE_LOCATION 1
    42. 

  42. #define TYPE_IDENTIFIER 2
    43. 

  43. #define TYPE_VID 4
    44. 

  44. #define TYPE_SIGNATURE 6
    45. 

  45. #define EOS 0
    46. 

  46. 

  47. #define ENC_STR 1
    48. 

  48. #define ENC_B64 2
    49. 

  49. 

  50. struct field
    51. 

  51. {
    52. 

  52.     uint8_t type;
    53. 

  53.     struct slice data;
    54. 

  54. };
    55. 

  55. 

  56. size_t
    57. 

  57. required_field_size(const struct slice* f)
    58. 

  58. {
    59. 

  59.     return 1 + varint_length(f->size) + f->size;
    60. 

  60. }
    61. 

  61. 

  62. size_t
    63. 

  63. optional_field_size(const struct slice* f)
    64. 

  64. {
    65. 

  65.     return f->size ? required_field_size(f) : 0;
    66. 

  66. }
    67. 

  67. 

  68. size_t
    69. 

  69. macaroon_serialize_size_hint_v2(const struct macaroon* M)
    70. 

  70. {
    71. 

  71.     size_t i;
    72. 

  72.     size_t sz = 4 /* 1 for version, 3 for 3 EOS markers */
    73. 

  73.               + optional_field_size(&M->location)
    74. 

  74.               + required_field_size(&M->identifier)
    75. 

  75.               + required_field_size(&M->signature);
    76. 

  76. 

  77.     for (i = 0; i < M->num_caveats; ++i)
    78. 

  78.     {
    79. 

  79.         sz += optional_field_size(&M->caveats[i].cl);
    80. 

  80.         sz += required_field_size(&M->caveats[i].cid);
    81. 

  81.         sz += optional_field_size(&M->caveats[i].vid);
    82. 

  82.         sz += 1 /* EOS */;
    83. 

  83.     }
    84. 

  84. 

  85.     return sz;
    86. 

  86. }
    87. 

  87. 

  88. int
    89. 

  89. emit_required_field(uint8_t type, const struct slice* f,
    90. 

  90.                     unsigned char** ptr,
    91. 

  91.                     unsigned char* const end)
    92. 

  92. {
    93. 

  93.     const size_t sz = 1 + varint_length(f->size) + f->size;
    94. 

  94.     if (*ptr + sz > end) return -1;
    95. 

  95.     **ptr = type;
    96. 

  96.     ++*ptr;
    97. 

  97.     *ptr = packvarint(f->size, *ptr);
    98. 

  98.     memmove(*ptr, f->data, f->size);
    99. 

  99.     *ptr += f->size;
    100. 

  100.     return 0;
    101. 

  101. }
    102. 

  102. 

  103. int
    104. 

  104. emit_optional_field(uint8_t type, const struct slice* f,
    105. 

  105.                     unsigned char** ptr,
    106. 

  106.                     unsigned char* const end)
    107. 

  107. {
    108. 

  108.     return f->size ? emit_required_field(type, f, ptr, end) : 0;
    109. 

  109. }
    110. 

  110. 

  111. int
    112. 

  112. emit_eos(unsigned char** ptr, unsigned char* const end)
    113. 

  113. {
    114. 

  114.     if (*ptr >= end) return -1;
    115. 

  115.     **ptr = EOS;
    116. 

  116.     ++*ptr;
    117. 

  117.     return 0;
    118. 

  118. }
    119. 

  119. 

  120. size_t
    121. 

  121. macaroon_serialize_v2(const struct macaroon* M,
    122. 

  122.                       unsigned char* data, size_t data_sz,
    123. 

  123.                       enum macaroon_returncode* err)
    124. 

  124. {
    125. 

  125.     unsigned char* ptr = data;
    126. 

  126.     unsigned char* const end = ptr + data_sz;
    127. 

  127.     size_t i;
    128. 

  128.     if (ptr >= end) goto emit_buf_too_small;
    129. 

  129.     *ptr = 2;
    130. 

  130.     ++ptr;
    131. 

  131.     if (emit_optional_field(TYPE_LOCATION, &M->location, &ptr, end) < 0) goto emit_buf_too_small;
    132. 

  132.     if (emit_required_field(TYPE_IDENTIFIER, &M->identifier, &ptr, end) < 0) goto emit_buf_too_small;
    133. 

  133.     if (emit_eos(&ptr, end) < 0) goto emit_buf_too_small;
    134. 

  134. 

  135.     for (i = 0; i < M->num_caveats; ++i)
    136. 

  136.     {
    137. 

  137.         const struct caveat* C = &M->caveats[i];
    138. 

  138.         if (emit_optional_field(TYPE_LOCATION, &C->cl, &ptr, end) < 0) goto emit_buf_too_small;
    139. 

  139.         if (emit_required_field(TYPE_IDENTIFIER, &C->cid, &ptr, end) < 0) goto emit_buf_too_small;
    140. 

  140.         if (emit_optional_field(TYPE_VID, &C->vid, &ptr, end) < 0) goto emit_buf_too_small;
    141. 

  141.         if (emit_eos(&ptr, end) < 0) goto emit_buf_too_small;
    142. 

  142.     }
    143. 

  143. 

  144.     if (emit_eos(&ptr, end) < 0) goto emit_buf_too_small;
    145. 

  145.     if (emit_required_field(TYPE_SIGNATURE, &M->signature, &ptr, end) < 0) goto emit_buf_too_small;
    146. 

  146.     return ptr - data;
    147. 

  147. 

  148. emit_buf_too_small:
    149. 

  149.     *err = MACAROON_BUF_TOO_SMALL;
    150. 

  150.     return 0;
    151. 

  151. }
    152. 

  152. 

  153. int
    154. 

  154. parse_field(const unsigned char** _data,
    155. 

  155.             const unsigned char* const end,
    156. 

  156.             struct field* parsed)
    157. 

  157. {
    158. 

  158.     const unsigned char* data = *_data;
    159. 

  159.     if (data >= end) return -1;
    160. 

  160.     uint64_t field = 0;
    161. 

  161.     uint64_t length = 0;
    162. 

  162.     data = unpackvarint(data, end, &field);
    163. 

  163.     if (!data) return -1;
    164. 

  164.     data = unpackvarint(data, end, &length);
    165. 

  165.     if (!data) return -1;
    166. 

  166.     if ((field & 0xffU) != field) return -1;
    167. 

  167.     if (data + length > end) return -1;
    168. 

  168.     parsed->type = field & 0xffU;
    169. 

  169.     parsed->data.data = data;
    170. 

  170.     parsed->data.size = length;
    171. 

  171.     data += length;
    172. 

  172.     assert(data <= end);
    173. 

  173.     *_data = data;
    174. 

  174.     return 0;
    175. 

  175. }
    176. 

  176. 

  177. int
    178. 

  178. parse_optional_field(const unsigned char** data,
    179. 

  179.                      const unsigned char* const end,
    180. 

  180.                      uint8_t type,
    181. 

  181.                      struct field* parsed)
    182. 

  182. {
    183. 

  183.     assert((type & 0x7fU) == type);
    184. 

  184.     if (*data >= end) return -1;
    185. 

  185. 

  186.     if (*data == end || (*data < end && **data != type))
    187. 

  187.     {
    188. 

  188.         parsed->type = type;
    189. 

  189.         parsed->data.data = NULL;
    190. 

  190.         parsed->data.size = 0;
    191. 

  191.         return 0;
    192. 

  192.     }
    193. 

  193. 

  194.     int ret = parse_field(data, end, parsed);
    195. 

  195.     assert(ret != 0 || parsed->type == type);
    196. 

  196.     return ret;
    197. 

  197. }
    198. 

  198. 

  199. int
    200. 

  200. parse_required_field(const unsigned char** data,
    201. 

  201.                      const unsigned char* const end,
    202. 

  202.                      uint8_t type,
    203. 

  203.                      struct field* parsed)
    204. 

  204. {
    205. 

  205.     assert((type & 0x7fU) == type);
    206. 

  206.     if (*data >= end) return -1;
    207. 

  207. 

  208.     if (*data == end || (*data < end && **data != type))
    209. 

  209.     {
    210. 

  210.         return -1;
    211. 

  211.     }
    212. 

  212. 

  213.     int ret = parse_field(data, end, parsed);
    214. 

  214.     assert(ret != 0 || parsed->type == type);
    215. 

  215.     return ret;
    216. 

  216. }
    217. 

  217. 

  218. int
    219. 

  219. parse_eos(const unsigned char** data, const unsigned char* const end)
    220. 

  220. {
    221. 

  221.     int ret = (*data >= end || **data != EOS) ?  -1 : 0;
    222. 

  222.     ++*data;
    223. 

  223.     return ret;
    224. 

  224. }
    225. 

  225. 

  226. struct macaroon*
    227. 

  227. macaroon_deserialize_v2(const unsigned char* data, size_t data_sz,
    228. 

  228.                         enum macaroon_returncode* err)
    229. 

  229. {
    230. 

  230.     const unsigned char* const end = data + data_sz;
    231. 

  231.     size_t i;
    232. 

  232. 

  233.     if (data >= end || *data != 2)
    234. 

  234.     {
    235. 

  235.         *err = MACAROON_INVALID;
    236. 

  236.         return NULL;
    237. 

  237.     }
    238. 

  238. 

  239.     ++data;
    240. 

  240.     struct caveat* caveats = malloc(sizeof(struct caveat) * 4);
    241. 

  241.     size_t caveats_cap = 4;
    242. 

  242.     size_t caveats_sz = 0;
    243. 

  243. 

  244.     struct field location;
    245. 

  245.     struct field identifier;
    246. 

  246.     if (parse_optional_field(&data, end, TYPE_LOCATION, &location) < 0) goto parse_invalid;
    247. 

  247.     if (parse_required_field(&data, end, TYPE_IDENTIFIER, &identifier) < 0) goto parse_invalid;
    248. 

  248.     if (parse_eos(&data, end) < 0) goto parse_invalid;
    249. 

  249.     size_t body_sz = location.data.size + identifier.data.size;
    250. 

  250. 

  251.     while (data < end && *data != EOS)
    252. 

  252.     {
    253. 

  253.         struct field cl;
    254. 

  254.         struct field cid;
    255. 

  255.         struct field vid;
    256. 

  256. 

  257.         if (parse_optional_field(&data, end, TYPE_LOCATION, &cl) < 0) goto parse_invalid;
    258. 

  258.         if (parse_required_field(&data, end, TYPE_IDENTIFIER, &cid) < 0) goto parse_invalid;
    259. 

  259.         if (parse_optional_field(&data, end, TYPE_VID, &vid) < 0) goto parse_invalid;
    260. 

  260.         if (parse_eos(&data, end) < 0) goto parse_invalid;
    261. 

  261. 

  262.         if (caveats_sz == caveats_cap)
    263. 

  263.         {
    264. 

  264.             caveats_cap *= 2;
    265. 

  265.             struct caveat* tmp = realloc(caveats, sizeof(struct caveat) * caveats_cap);
    266. 

  266.             if (!tmp) goto parse_invalid;
    267. 

  267.             caveats = tmp;
    268. 

  268.         }
    269. 

  269. 

  270.         caveats[caveats_sz].cid = cid.data;
    271. 

  271.         caveats[caveats_sz].vid = vid.data;
    272. 

  272.         caveats[caveats_sz].cl = cl.data;
    273. 

  273.         ++caveats_sz;
    274. 

  274.         body_sz += cid.data.size + vid.data.size + cl.data.size;
    275. 

  275.     }
    276. 

  276. 

  277.     if (parse_eos(&data, end) < 0) goto parse_invalid;
    278. 

  278.     struct field signature;
    279. 

  279.     if (parse_required_field(&data, end, TYPE_SIGNATURE, &signature) < 0) goto parse_invalid;
    280. 

  280.     body_sz += signature.data.size;
    281. 

  281. 

  282.     unsigned char* ptr = NULL;
    283. 

  283.     struct macaroon* M = macaroon_malloc(caveats_sz, body_sz, &ptr);
    284. 

  284. 

  285.     if (!M)
    286. 

  286.     {
    287. 

  287.         *err = MACAROON_OUT_OF_MEMORY;
    288. 

  288.         goto parse_error;
    289. 

  289.     }
    290. 

  290. 

  291.     ptr = copy_slice(&location.data, &M->location, ptr);
    292. 

  292.     ptr = copy_slice(&identifier.data, &M->identifier, ptr);
    293. 

  293.     ptr = copy_slice(&signature.data, &M->signature, ptr);
    294. 

  294.     M->num_caveats = caveats_sz;
    295. 

  295. 

  296.     for (i = 0; i < caveats_sz; ++i)
    297. 

  297.     {
    298. 

  298.         ptr = copy_slice(&caveats[i].cid, &M->caveats[i].cid, ptr);
    299. 

  299.         ptr = copy_slice(&caveats[i].vid, &M->caveats[i].vid, ptr);
    300. 

  300.         ptr = copy_slice(&caveats[i].cl, &M->caveats[i].cl, ptr);
    301. 

  301.     }
    302. 

  302. 

  303.     free(caveats);
    304. 

  304.     return M;
    305. 

  305. 

  306. parse_invalid:
    307. 

  307.     *err = MACAROON_INVALID;
    308. 

  308. parse_error:
    309. 

  309.     if (caveats)
    310. 

  310.     {
    311. 

  311.         free(caveats);
    312. 

  312.     }
    313. 

  313. 

  314.     return NULL;
    315. 

  315. }
    316. 

  316. 

  317. #define JSON_START "{\"v\":2"
    318. 

  318. #define JSON_CAVEATS_START ",\"c\":["
    319. 

  319. #define JSON_CAVEATS_FINISH "],"
    320. 

  320. 

  321. /* size prior to 64 suffix */
    322. 

  322. #define JSON_MAX_FIELD_SIZE 1
    323. 

  323. 

  324. const char*
    325. 

  325. json_field_type(uint8_t type)
    326. 

  326. {
    327. 

  327.     /* If you elongate these strings, update JSON_MAX_FIELD_SIZE */
    328. 

  328.     switch (type)
    329. 

  329.     {
    330. 

  330.         case TYPE_LOCATION:
    331. 

  331.             return "l";
    332. 

  332.         case TYPE_IDENTIFIER:
    333. 

  333.             return "i";
    334. 

  334.         case TYPE_VID:
    335. 

  335.             return "v";
    336. 

  336.         case TYPE_SIGNATURE:
    337. 

  337.             return "s";
    338. 

  338.         default:
    339. 

  339.             return NULL;
    340. 

  340.     }
    341. 

  341. }
    342. 

  342. 

  343. const char*
    344. 

  344. json_field_type_b64(uint8_t type)
    345. 

  345. {
    346. 

  346.     /* If you elongate these strings, update JSON_MAX_FIELD_SIZE */
    347. 

  347.     switch (type)
    348. 

  348.     {
    349. 

  349.         case TYPE_LOCATION:
    350. 

  350.             return "l64";
    351. 

  351.         case TYPE_IDENTIFIER:
    352. 

  352.             return "i64";
    353. 

  353.         case TYPE_VID:
    354. 

  354.             return "v64";
    355. 

  355.         case TYPE_SIGNATURE:
    356. 

  356.             return "s64";
    357. 

  357.         default:
    358. 

  358.             return NULL;
    359. 

  359.     }
    360. 

  360. }
    361. 

  361. 

  362. const char*
    363. 

  363. json_field_type_encoded(uint8_t type, int encoding)
    364. 

  364. {
    365. 

  365.     switch (encoding)
    366. 

  366.     {
    367. 

  367.         case ENC_STR:
    368. 

  368.             return json_field_type(type);
    369. 

  369.         case ENC_B64:
    370. 

  370.             return json_field_type_b64(type);
    371. 

  371.         default:
    372. 

  372.             return NULL;
    373. 

  373.     }
    374. 

  374. }
    375. 

  375. 

  376. size_t
    377. 

  377. json_required_field_size(int encoding, const struct slice* f)
    378. 

  378. {
    379. 

  379.     switch (encoding)
    380. 

  380.     {
    381. 

  381.         case ENC_STR:
    382. 

  382.             return 6 + JSON_MAX_FIELD_SIZE + f->size;
    383. 

  383.         case ENC_B64:
    384. 

  384.             return 6 + JSON_MAX_FIELD_SIZE + 2 + (8 * f->size + 7) / 6;
    385. 

  385.         default:
    386. 

  386.             abort();
    387. 

  387.     }
    388. 

  388. }
    389. 

  389. 

  390. size_t
    391. 

  391. json_optional_field_size(int encoding, const struct slice* f)
    392. 

  392. {
    393. 

  393.     return f->size ? json_required_field_size(encoding, f) : 0;
    394. 

  394. }
    395. 

  395. 

  396. size_t
    397. 

  397. macaroon_serialize_size_hint_v2j(const struct macaroon* M)
    398. 

  398. {
    399. 

  399.     size_t i;
    400. 

  400.     size_t sz = STRLENOF(JSON_START)
    401. 

  401.               + STRLENOF(JSON_CAVEATS_START)
    402. 

  402.               + STRLENOF(JSON_CAVEATS_FINISH)
    403. 

  403.               + 1 /* finishing */
    404. 

  404.               + json_optional_field_size(ENC_STR, &M->location)
    405. 

  405.               + json_required_field_size(ENC_STR, &M->identifier)
    406. 

  406.               + json_required_field_size(ENC_B64, &M->signature);
    407. 

  407. 

  408.     for (i = 0; i < M->num_caveats; ++i)
    409. 

  409.     {
    410. 

  410.         sz += 3; /* ,{} */
    411. 

  411.         sz += json_optional_field_size(ENC_STR, &M->caveats[i].cl);
    412. 

  412.         sz += json_required_field_size(ENC_STR, &M->caveats[i].cid);
    413. 

  413.         sz += json_optional_field_size(ENC_STR, &M->caveats[i].vid);
    414. 

  414.     }
    415. 

  415. 

  416.     return sz;
    417. 

  417. }
    418. 

  418. 

  419. void
    420. 

  420. json_emit_char(unsigned char c,
    421. 

  421.                unsigned char** ptr,
    422. 

  422.                unsigned char* const end)
    423. 

  423. {
    424. 

  424.     assert(*ptr < end);
    425. 

  425.     **ptr = c;
    426. 

  426.     ++*ptr;
    427. 

  427. }
    428. 

  428. 

  429. int
    430. 

  430. json_emit_string(const char* str, size_t str_sz,
    431. 

  431.                  unsigned char** ptr,
    432. 

  432.                  unsigned char* const end)
    433. 

  433. {
    434. 

  434.     if (*ptr + str_sz + 2 > end) return -1;
    435. 

  435.     json_emit_char('"', ptr, end);
    436. 

  436.     memmove(*ptr, str, str_sz);
    437. 

  437.     *ptr += str_sz;
    438. 

  438.     json_emit_char('"', ptr, end);
    439. 

  439.     return 0;
    440. 

  440. }
    441. 

  441. 

  442. int
    443. 

  443. json_emit_string_b64(const char* str, size_t str_sz,
    444. 

  444.                      unsigned char** ptr,
    445. 

  445.                      unsigned char* const end)
    446. 

  446. {
    447. 

  447.     const size_t b64_sz = (str_sz * 8 + 7) / 6;
    448. 

  448.     if (*ptr + b64_sz + 2 > end) return -1;
    449. 

  449.     json_emit_char('"', ptr, end);
    450. 

  450. #pragma GCC diagnostic push
    451. 

  451. #pragma GCC diagnostic ignored "-Wpointer-sign"
    452. 

  452.     int ret = b64_ntop(str, str_sz, *ptr, end - *ptr);
    453. 

  453.     if (ret < 0) return -1;
    454. 

  454.     *ptr += ret;
    455. 

  455. #pragma GCC diagnostic pop
    456. 

  456.     json_emit_char('"', ptr, end);
    457. 

  457.     return 0;
    458. 

  458. }
    459. 

  459. 

  460. int
    461. 

  461. json_emit_encoded_string(int encoding,
    462. 

  462.                          const char* str, size_t str_sz,
    463. 

  463.                          unsigned char** ptr,
    464. 

  464.                          unsigned char* const end)
    465. 

  465. {
    466. 

  466.     switch (encoding)
    467. 

  467.     {
    468. 

  468.         case ENC_STR:
    469. 

  469.             /* XXX check that it is UTF-8 and switch to other case if not */
    470. 

  470.             /* XXX if the above XXX is addressed, remember to adjust sz hint */
    471. 

  471.             return json_emit_string(str, str_sz, ptr, end);
    472. 

  472.         case ENC_B64:
    473. 

  473.             return json_emit_string_b64(str, str_sz, ptr, end);
    474. 

  474.         default:
    475. 

  475.             return -1;
    476. 

  476.     }
    477. 

  477. }
    478. 

  478. 

  479. int
    480. 

  480. json_emit_required_field(int comma, int encoding, uint8_t _type,
    481. 

  481.                          const struct slice* f,
    482. 

  482.                          unsigned char** ptr,
    483. 

  483.                          unsigned char* const end)
    484. 

  484. {
    485. 

  485.     const char* type = json_field_type_encoded(_type, encoding);
    486. 

  486.     assert(type);
    487. 

  487.     const size_t type_sz = strlen(type);
    488. 

  488.     const size_t sz = 6/*quote field + quote value + colon + comma */
    489. 

  489.                     + type_sz + f->size;
    490. 

  490.     if (*ptr + sz > end) return -1;
    491. 

  491.     if (comma) json_emit_char(',', ptr, end);
    492. 

  492.     if (json_emit_string(type, type_sz, ptr, end) < 0) return -1;
    493. 

  493.     json_emit_char(':', ptr, end);
    494. 

  494.     if (json_emit_encoded_string(encoding, (const char*)f->data, f->size, ptr, end) < 0) return -1;
    495. 

  495.     assert(*ptr <= end);
    496. 

  496.     return 0;
    497. 

  497. }
    498. 

  498. 

  499. int
    500. 

  500. json_emit_optional_field(int comma, int encoding, uint8_t type,
    501. 

  501.                          const struct slice* f,
    502. 

  502.                          unsigned char** ptr,
    503. 

  503.                          unsigned char* const end)
    504. 

  504. {
    505. 

  505.     return f->size ? json_emit_required_field(comma, encoding, type, f, ptr, end) : 0;
    506. 

  506. }
    507. 

  507. 

  508. int
    509. 

  509. json_emit_start(unsigned char** ptr,
    510. 

  510.                 unsigned char* const end)
    511. 

  511. {
    512. 

  512.     const size_t sz = STRLENOF(JSON_START);
    513. 

  513.     if (*ptr + sz > end) return -1;
    514. 

  514.     memmove(*ptr, JSON_START, sz);
    515. 

  515.     *ptr += sz;
    516. 

  516.     return 0;
    517. 

  517. }
    518. 

  518. 

  519. int
    520. 

  520. json_emit_finish(unsigned char** ptr,
    521. 

  521.                  unsigned char* const end)
    522. 

  522. {
    523. 

  523.     if (*ptr >= end) return -1;
    524. 

  524.     json_emit_char('}', ptr, end);
    525. 

  525.     return 0;
    526. 

  526. }
    527. 

  527. 

  528. int
    529. 

  529. json_emit_caveats_start(unsigned char** ptr,
    530. 

  530.                         unsigned char* const end)
    531. 

  531. {
    532. 

  532.     const size_t sz = STRLENOF(JSON_CAVEATS_START);
    533. 

  533.     if (*ptr + sz > end) return -1;
    534. 

  534.     memmove(*ptr, JSON_CAVEATS_START, sz);
    535. 

  535.     *ptr += sz;
    536. 

  536.     return 0;
    537. 

  537. }
    538. 

  538. 

  539. int
    540. 

  540. json_emit_caveats_finish(unsigned char** ptr,
    541. 

  541.                          unsigned char* const end)
    542. 

  542. {
    543. 

  543.     const size_t sz = STRLENOF(JSON_CAVEATS_FINISH);
    544. 

  544.     if (*ptr + sz > end) return -1;
    545. 

  545.     memmove(*ptr, JSON_CAVEATS_FINISH, sz);
    546. 

  546.     *ptr += sz;
    547. 

  547.     return 0;
    548. 

  548. }
    549. 

  549. 

  550. size_t
    551. 

  551. macaroon_serialize_v2j(const struct macaroon* M,
    552. 

  552.                        unsigned char* data, size_t data_sz,
    553. 

  553.                        enum macaroon_returncode* err)
    554. 

  554. {
    555. 

  555.     unsigned char* ptr = data;
    556. 

  556.     unsigned char* const end = ptr + data_sz;
    557. 

  557.     size_t i;
    558. 

  558.     if (ptr >= end) goto json_emit_buf_too_small;
    559. 

  559.     if (json_emit_start(&ptr, end) < 0) goto json_emit_buf_too_small;
    560. 

  560.     if (json_emit_optional_field(1, ENC_STR, TYPE_LOCATION, &M->location, &ptr, end) < 0) goto json_emit_buf_too_small;
    561. 

  561.     if (json_emit_required_field(1, ENC_STR, TYPE_IDENTIFIER, &M->identifier, &ptr, end) < 0) goto json_emit_buf_too_small;
    562. 

  562.     if (json_emit_caveats_start(&ptr, end) < 0) goto json_emit_buf_too_small;
    563. 

  563. 

  564.     for (i = 0; i < M->num_caveats; ++i)
    565. 

  565.     {
    566. 

  566.         const struct caveat* C = &M->caveats[i];
    567. 

  567.         if (ptr + 3 >= end) goto json_emit_buf_too_small;
    568. 

  568.         if (i > 0) json_emit_char(',', &ptr, end);
    569. 

  569.         json_emit_char('{', &ptr, end);
    570. 

  570.         if (json_emit_required_field(0, ENC_STR, TYPE_IDENTIFIER, &C->cid, &ptr, end) < 0) goto json_emit_buf_too_small;
    571. 

  571.         if (json_emit_optional_field(1, ENC_STR, TYPE_LOCATION, &C->cl, &ptr, end) < 0) goto json_emit_buf_too_small;
    572. 

  572.         if (json_emit_optional_field(1, ENC_STR, TYPE_VID, &C->vid, &ptr, end) < 0) goto json_emit_buf_too_small;
    573. 

  573.         if (ptr >= end) goto json_emit_buf_too_small;
    574. 

  574.         json_emit_char('}', &ptr, end);
    575. 

  575.     }
    576. 

  576. 

  577.     if (json_emit_caveats_finish(&ptr, end) < 0) goto json_emit_buf_too_small;
    578. 

  578.     if (json_emit_required_field(0, ENC_B64, TYPE_SIGNATURE, &M->signature, &ptr, end) < 0) goto json_emit_buf_too_small;
    579. 

  579.     if (json_emit_finish(&ptr, end) < 0) goto json_emit_buf_too_small;
    580. 

  580.     return ptr - data;
    581. 

  581. 

  582. json_emit_buf_too_small:
    583. 

  583.     *err = MACAROON_BUF_TOO_SMALL;
    584. 

  584.     return 0;
    585. 

  585. }
    586. 

  586. 

  587. /* all but the top level parsing function only changes "err" if it's not
    588. 

  588.  * MACAROON_INVALID; it's assumed to already equal that.
    589. 

  589.  */
    590. 

  590. 

  591. void
    592. 

  592. j2b_skip_whitespace(char** ptr, char* end)
    593. 

  593. {
    594. 

  594.     while (*ptr < end)
    595. 

  595.     {
    596. 

  596.         if (!isspace(**ptr))
    597. 

  597.         {
    598. 

  598.             break;
    599. 

  599.         }
    600. 

  600. 

  601.         ++*ptr;
    602. 

  602.     }
    603. 

  603. }
    604. 

  604. 

  605. int
    606. 

  606. j2b_string(char** ptr, char* end,
    607. 

  607.            enum macaroon_returncode* err, struct slice* s)
    608. 

  608. {
    609. 

  609.     *err = MACAROON_INVALID;
    610. 

  610.     assert(*ptr < end);
    611. 

  611.     assert(**ptr == '"');
    612. 

  612.     ++*ptr;
    613. 

  613.     s->data = (const unsigned char*)*ptr;
    614. 

  614. 

  615.     while (*ptr < end)
    616. 

  616.     {
    617. 

  617.         if (**ptr == '\\')
    618. 

  618.         {
    619. 

  619.             if (*ptr + 1 >= end)
    620. 

  620.             {
    621. 

  621.                 return -1;
    622. 

  622.             }
    623. 

  623. 

  624.             if ((*ptr)[1] == 'u')
    625. 

  625.             {
    626. 

  626.                 if (*ptr + 6 >= end)
    627. 

  627.                 {
    628. 

  628.                     return -1;
    629. 

  629.                 }
    630. 

  630. 

  631.                 *ptr += 6;
    632. 

  632.             }
    633. 

  633.             else
    634. 

  634.             {
    635. 

  635.                 *ptr += 2;
    636. 

  636.             }
    637. 

  637.         }
    638. 

  638.         else if (**ptr == '"')
    639. 

  639.         {
    640. 

  640.             break;
    641. 

  641.         }
    642. 

  642.         else
    643. 

  643.         {
    644. 

  644.             ++*ptr;
    645. 

  645.         }
    646. 

  646.     }
    647. 

  647. 

  648.     if (*ptr >= end)
    649. 

  649.     {
    650. 

  650.         return -1;
    651. 

  651.     }
    652. 

  652. 

  653.     **ptr = '\0';
    654. 

  654.     s->size = (const unsigned char*)*ptr - s->data;
    655. 

  655.     ++*ptr;
    656. 

  656.     return 0;
    657. 

  657. }
    658. 

  658. 

  659. int
    660. 

  660. j2b_b64_decode(struct slice* s)
    661. 

  661. {
    662. 

  662.     int ret;
    663. 

  663.     unsigned char* tmp = malloc(s->size);
    664. 

  664.     if (!tmp) return -1;
    665. 

  665.     ret = b64_pton((const char*)s->data, tmp, s->size);
    666. 

  666. 

  667.     if (ret >= 0)
    668. 

  668.     {
    669. 

  669. #pragma GCC diagnostic push
    670. 

  670. #pragma GCC diagnostic ignored "-Wcast-qual"
    671. 

  671.         memmove((unsigned char*)s->data, tmp, ret);
    672. 

  672. #pragma GCC diagnostic pop
    673. 

  673.         s->size = ret;
    674. 

  674.         ret = 0;
    675. 

  675.     }
    676. 

  676.     else
    677. 

  677.     {
    678. 

  678.         ret = -1;
    679. 

  679.     }
    680. 

  680. 

  681.     free(tmp);
    682. 

  682.     return ret;
    683. 

  683. }
    684. 

  684. 

  685. int
    686. 

  686. j2b_caveat(char** ptr, char* end, enum macaroon_returncode* err, struct caveat* caveat)
    687. 

  687. {
    688. 

  688.     struct slice s = EMPTY_SLICE;
    689. 

  689.     struct slice cl = EMPTY_SLICE;
    690. 

  690.     struct slice cid = EMPTY_SLICE;
    691. 

  691.     struct slice vid = EMPTY_SLICE;
    692. 

  692.     int seen_cl = 0;
    693. 

  693.     int seen_cid = 0;
    694. 

  694.     int seen_vid = 0;
    695. 

  695. 

  696.     if (*ptr >= end) return -1;
    697. 

  697.     if (**ptr != '{') return -1;
    698. 

  698.     ++*ptr;
    699. 

  699.     int first = 1;
    700. 

  700. 

  701.     while (*ptr < end)
    702. 

  702.     {
    703. 

  703.         j2b_skip_whitespace(ptr, end);
    704. 

  704. 

  705.         if (*ptr < end && **ptr == '}')
    706. 

  706.         {
    707. 

  707.             break;
    708. 

  708.         }
    709. 

  709. 

  710.         if (!first)
    711. 

  711.         {
    712. 

  712.             if (*ptr >= end || **ptr != ',') return -1;
    713. 

  713.             ++*ptr;
    714. 

  714.         }
    715. 

  715. 

  716.         first = 0;
    717. 

  717.         j2b_skip_whitespace(ptr, end);
    718. 

  718. 

  719.         if (*ptr >= end || **ptr != '"' ||
    720. 

  720.             j2b_string(ptr, end, err, &s) < 0)
    721. 

  721.         {
    722. 

  722.             return -1;
    723. 

  723.         }
    724. 

  724. 

  725.         j2b_skip_whitespace(ptr, end);
    726. 

  726.         if (*ptr >= end || **ptr != ':') return -1;
    727. 

  727.         ++*ptr;
    728. 

  728.         j2b_skip_whitespace(ptr, end);
    729. 

  729. 

  730.         if (s.size == 1 && memcmp("i", s.data, s.size) == 0)
    731. 

  731.         {
    732. 

  732.             if (seen_cid) return -1;
    733. 

  733.             if (j2b_string(ptr, end, err, &cid) < 0) return -1;
    734. 

  734.             seen_cid = 1;
    735. 

  735.         }
    736. 

  736.         else if (s.size == 1 && memcmp("l", s.data, s.size) == 0)
    737. 

  737.         {
    738. 

  738.             if (seen_cl) return -1;
    739. 

  739.             if (j2b_string(ptr, end, err, &cl) < 0) return -1;
    740. 

  740.             seen_cl = 1;
    741. 

  741.         }
    742. 

  742.         else if (s.size == 1 && memcmp("v", s.data, s.size) == 0)
    743. 

  743.         {
    744. 

  744.             if (seen_vid) return -1;
    745. 

  745.             if (j2b_string(ptr, end, err, &vid) < 0) return -1;
    746. 

  746.             seen_vid = 1;
    747. 

  747.         }
    748. 

  748.         else if (s.size == 3 && memcmp("i64", s.data, s.size) == 0)
    749. 

  749.         {
    750. 

  750.             if (seen_cid) return -1;
    751. 

  751.             if (j2b_string(ptr, end, err, &cid) < 0) return -1;
    752. 

  752.             seen_cid = 1;
    753. 

  753. 

  754.             if (j2b_b64_decode(&cid) < 0)
    755. 

  755.             {
    756. 

  756.                 *err = MACAROON_OUT_OF_MEMORY;
    757. 

  757.                 return -1;
    758. 

  758.             }
    759. 

  759.         }
    760. 

  760.         else if (s.size == 3 && memcmp("l64", s.data, s.size) == 0)
    761. 

  761.         {
    762. 

  762.             if (seen_cl) return -1;
    763. 

  763.             if (j2b_string(ptr, end, err, &cl) < 0) return -1;
    764. 

  764.             seen_cl = 1;
    765. 

  765. 

  766.             if (j2b_b64_decode(&cl) < 0)
    767. 

  767.             {
    768. 

  768.                 *err = MACAROON_OUT_OF_MEMORY;
    769. 

  769.                 return -1;
    770. 

  770.             }
    771. 

  771.         }
    772. 

  772.         else if (s.size == 3 && memcmp("v64", s.data, s.size) == 0)
    773. 

  773.         {
    774. 

  774.             if (seen_vid) return -1;
    775. 

  775.             if (j2b_string(ptr, end, err, &vid) < 0) return -1;
    776. 

  776.             seen_vid = 1;
    777. 

  777. 

  778.             if (j2b_b64_decode(&vid) < 0)
    779. 

  779.             {
    780. 

  780.                 *err = MACAROON_OUT_OF_MEMORY;
    781. 

  781.                 return -1;
    782. 

  782.             }
    783. 

  783.         }
    784. 

  784.         else
    785. 

  785.         {
    786. 

  786.             return -1;
    787. 

  787.         }
    788. 

  788.     }
    789. 

  789. 

  790.     if (*ptr >= end) return -1;
    791. 

  791.     ++*ptr;
    792. 

  792.     if (!seen_cid) return -1;
    793. 

  793.     caveat->cid = cid;
    794. 

  794.     caveat->vid = vid;
    795. 

  795.     caveat->cl = cl;
    796. 

  796.     return 0;
    797. 

  797. }
    798. 

  798. 

  799. int
    800. 

  800. j2b_caveats(char** ptr, char* end, enum macaroon_returncode* err,
    801. 

  801.             struct caveat** caveats, size_t* caveats_sz)
    802. 

  802. {
    803. 

  803.     struct caveat* tmp = NULL;
    804. 

  804.     size_t caveats_cap = 4;
    805. 

  805.     *caveats_sz = 0;
    806. 

  806.     *caveats = malloc(sizeof(struct caveat) * caveats_cap);
    807. 

  807. 

  808.     if (!*caveats)
    809. 

  809.     {
    810. 

  810.         *err = MACAROON_OUT_OF_MEMORY;
    811. 

  811.         return -1;
    812. 

  812.     }
    813. 

  813. 

  814.     if (*ptr >= end || **ptr != '[') return -1;
    815. 

  815.     ++*ptr;
    816. 

  816.     j2b_skip_whitespace(ptr, end);
    817. 

  817. 

  818.     while (*ptr < end)
    819. 

  819.     {
    820. 

  820.         if (**ptr == ']') break;
    821. 

  821. 

  822.         if (*caveats_sz == caveats_cap)
    823. 

  823.         {
    824. 

  824.             caveats_cap = caveats_cap + (caveats_cap >> 1);
    825. 

  825.             tmp = realloc(*caveats, sizeof(struct caveat) * caveats_cap);
    826. 

  826. 

  827.             if (!tmp)
    828. 

  828.             {
    829. 

  829.                 *err = MACAROON_OUT_OF_MEMORY;
    830. 

  830.                 return -1;
    831. 

  831.             }
    832. 

  832. 

  833.             *caveats = tmp;
    834. 

  834.         }
    835. 

  835. 

  836.         if (j2b_caveat(ptr, end, err, *caveats + *caveats_sz) < 0) return -1;
    837. 

  837.         ++*caveats_sz;
    838. 

  838.         j2b_skip_whitespace(ptr, end);
    839. 

  839.         if (*ptr >= end) return -1;
    840. 

  840. 

  841.         if (**ptr == ',')
    842. 

  842.         {
    843. 

  843.             ++*ptr;
    844. 

  844.             j2b_skip_whitespace(ptr, end);
    845. 

  845.         }
    846. 

  846.         else  if (**ptr != ']')
    847. 

  847.         {
    848. 

  848.             return -1;;
    849. 

  849.         }
    850. 

  850.     }
    851. 

  851. 

  852.     if (*ptr >= end) return -1;
    853. 

  853.     ++*ptr;
    854. 

  854.     return 0;
    855. 

  855. }
    856. 

  856. 

  857. struct macaroon*
    858. 

  858. j2b_macaroon(char** ptr, char* end,
    859. 

  859.              enum macaroon_returncode* err)
    860. 

  860. {
    861. 

  861.     struct macaroon* M = NULL;
    862. 

  862.     struct slice s;
    863. 

  863.     struct slice location;
    864. 

  864.     struct slice identifier;
    865. 

  865.     struct slice signature;
    866. 

  866.     int seen_location = 0;
    867. 

  867.     int seen_identifier = 0;
    868. 

  868.     int seen_signature = 0;
    869. 

  869.     int seen_caveats = 0;
    870. 

  870.     /* allocated by j2b_caveats */
    871. 

  871.     struct caveat* caveats = NULL;
    872. 

  872.     size_t caveats_sz = 0;
    873. 

  873.     size_t i = 0;
    874. 

  874. 

  875.     *err = MACAROON_INVALID;
    876. 

  876.     j2b_skip_whitespace(ptr, end);
    877. 

  877.     if (*ptr >= end) goto invalid;
    878. 

  878.     if (**ptr != '{') goto invalid;
    879. 

  879.     ++*ptr;
    880. 

  880.     int first = 1;
    881. 

  881. 

  882.     while (*ptr < end)
    883. 

  883.     {
    884. 

  884.         j2b_skip_whitespace(ptr, end);
    885. 

  885. 

  886.         if (*ptr < end && **ptr == '}')
    887. 

  887.         {
    888. 

  888.             break;
    889. 

  889.         }
    890. 

  890. 

  891.         if (!first)
    892. 

  892.         {
    893. 

  893.             if (*ptr >= end || **ptr != ',') goto invalid;
    894. 

  894.             ++*ptr;
    895. 

  895.         }
    896. 

  896. 

  897.         first = 0;
    898. 

  898.         j2b_skip_whitespace(ptr, end);
    899. 

  899. 

  900.         if (*ptr >= end || **ptr != '"' ||
    901. 

  901.             j2b_string(ptr, end, err, &s) < 0)
    902. 

  902.         {
    903. 

  903.             goto invalid;
    904. 

  904.         }
    905. 

  905. 

  906.         j2b_skip_whitespace(ptr, end);
    907. 

  907.         if (*ptr >= end || **ptr != ':') goto invalid;
    908. 

  908.         ++*ptr;
    909. 

  909.         j2b_skip_whitespace(ptr, end);
    910. 

  910. 

  911.         if (s.size == 1 && memcmp("v", s.data, s.size) == 0)
    912. 

  912.         {
    913. 

  913.             if (**ptr != '2') goto invalid;
    914. 

  914.             ++*ptr;
    915. 

  915.             j2b_skip_whitespace(ptr, end);
    916. 

  916.         }
    917. 

  917.         else if (s.size == 1 && memcmp("i", s.data, s.size) == 0)
    918. 

  918.         {
    919. 

  919.             if (seen_identifier) goto invalid;
    920. 

  920.             if (j2b_string(ptr, end, err, &identifier) < 0) goto invalid;
    921. 

  921.             seen_identifier = 1;
    922. 

  922.         }
    923. 

  923.         else if (s.size == 1 && memcmp("l", s.data, s.size) == 0)
    924. 

  924.         {
    925. 

  925.             if (seen_location) goto invalid;
    926. 

  926.             if (j2b_string(ptr, end, err, &location) < 0) goto invalid;
    927. 

  927.             seen_location = 1;
    928. 

  928.         }
    929. 

  929.         else if (s.size == 1 && memcmp("s", s.data, s.size) == 0)
    930. 

  930.         {
    931. 

  931.             if (seen_signature) goto invalid;
    932. 

  932.             if (j2b_string(ptr, end, err, &signature) < 0) goto invalid;
    933. 

  933.             seen_signature = 1;
    934. 

  934.         }
    935. 

  935.         else if (s.size == 1 && memcmp("c", s.data, s.size) == 0)
    936. 

  936.         {
    937. 

  937.             if (seen_caveats) goto invalid;
    938. 

  938.             seen_caveats = 1;
    939. 

  939.             if (j2b_caveats(ptr, end, err, &caveats, &caveats_sz) < 0) goto error;
    940. 

  940.         }
    941. 

  941.         else if (s.size == 3 && memcmp("i64", s.data, s.size) == 0)
    942. 

  942.         {
    943. 

  943.             if (seen_identifier) goto invalid;
    944. 

  944.             if (j2b_string(ptr, end, err, &identifier) < 0) goto invalid;
    945. 

  945.             seen_identifier = 1;
    946. 

  946. 

  947.             if (j2b_b64_decode(&identifier) < 0)
    948. 

  948.             {
    949. 

  949.                 *err = MACAROON_OUT_OF_MEMORY;
    950. 

  950.                 goto error;
    951. 

  951.             }
    952. 

  952.         }
    953. 

  953.         else if (s.size == 3 && memcmp("l64", s.data, s.size) == 0)
    954. 

  954.         {
    955. 

  955.             if (seen_location) goto invalid;
    956. 

  956.             if (j2b_string(ptr, end, err, &location) < 0) goto invalid;
    957. 

  957.             seen_location = 1;
    958. 

  958. 

  959.             if (j2b_b64_decode(&location) < 0)
    960. 

  960.             {
    961. 

  961.                 *err = MACAROON_OUT_OF_MEMORY;
    962. 

  962.                 goto error;
    963. 

  963.             }
    964. 

  964.         }
    965. 

  965.         else if (s.size == 3 && memcmp("s64", s.data, s.size) == 0)
    966. 

  966.         {
    967. 

  967.             if (seen_signature) goto invalid;
    968. 

  968.             if (j2b_string(ptr, end, err, &signature) < 0) goto invalid;
    969. 

  969.             seen_signature = 1;
    970. 

  970. 

  971.             if (j2b_b64_decode(&signature) < 0)
    972. 

  972.             {
    973. 

  973.                 *err = MACAROON_OUT_OF_MEMORY;
    974. 

  974.                 goto error;
    975. 

  975.             }
    976. 

  976.         }
    977. 

  977.         else
    978. 

  978.         {
    979. 

  979.             goto invalid;
    980. 

  980.         }
    981. 

  981.     }
    982. 

  982. 

  983.     /* on a good exit ptr will point to '}', so error out it doesn't, advance
    984. 

  984.      * it, skip the whitespace, and error out if there are trailing characters
    985. 

  985.      */
    986. 

  986.     if (*ptr >= end) goto invalid;
    987. 

  987.     ++*ptr;
    988. 

  988.     j2b_skip_whitespace(ptr, end);
    989. 

  989.     if (*ptr != end) goto invalid;
    990. 

  990. 

  991.     /* sanity check */
    992. 

  992.     if (!seen_signature || !seen_identifier || !seen_caveats) goto invalid;
    993. 

  993. 

  994.     unsigned char* write = NULL;
    995. 

  995.     M = macaroon_malloc(caveats_sz, 10000/*body_sz*/, &write);
    996. 

  996. 

  997.     if (!M)
    998. 

  998.     {
    999. 

  999.         *err = MACAROON_OUT_OF_MEMORY;
    1000. 

  1000.         goto error;
    1001. 

  1001.     }
    1002. 

  1002. 

  1003.     write = copy_slice(&location, &M->location, write);
    1004. 

  1004.     write = copy_slice(&identifier, &M->identifier, write);
    1005. 

  1005.     write = copy_slice(&signature, &M->signature, write);
    1006. 

  1006.     M->num_caveats = caveats_sz;
    1007. 

  1007. 

  1008.     for (i = 0; i < caveats_sz; ++i)
    1009. 

  1009.     {
    1010. 

  1010.         write = copy_slice(&caveats[i].cid, &M->caveats[i].cid, write);
    1011. 

  1011.         write = copy_slice(&caveats[i].vid, &M->caveats[i].vid, write);
    1012. 

  1012.         write = copy_slice(&caveats[i].cl, &M->caveats[i].cl, write);
    1013. 

  1013.     }
    1014. 

  1014. 

  1015.     free(caveats);
    1016. 

  1016.     return M;
    1017. 

  1017. 

  1018. invalid:
    1019. 

  1019.     *err = MACAROON_INVALID;
    1020. 

  1020. error:
    1021. 

  1021.     if (caveats)
    1022. 

  1022.     {
    1023. 

  1023.         free(caveats);
    1024. 

  1024.     }
    1025. 

  1025. 

  1026.     return NULL;
    1027. 

  1027. }
    1028. 

  1028. 

  1029. struct macaroon*
    1030. 

  1030. macaroon_deserialize_v2j(const unsigned char* data, size_t data_sz,
    1031. 

  1031.                          enum macaroon_returncode* err)
    1032. 

  1032. {
    1033. 

  1033.     struct macaroon* M = NULL;
    1034. 

  1034.     char* copy = malloc(data_sz);
    1035. 

  1035.     char* ptr = copy;
    1036. 

  1036.     char* const end = ptr + data_sz;
    1037. 

  1037. 

  1038.     if (!copy)
    1039. 

  1039.     {
    1040. 

  1040.         *err = MACAROON_OUT_OF_MEMORY;
    1041. 

  1041.         return NULL;
    1042. 

  1042.     }
    1043. 

  1043. 

  1044.     memmove(copy, data, data_sz);
    1045. 

  1045.     M = j2b_macaroon(&ptr, end, err);
    1046. 

  1046.     free(copy);
    1047. 

  1047.     return M;
    1048. 

  1048. }
    1049. 

  1049.