From 98af48b5aa09192248a8dd99c7250c553bd26638 Mon Sep 17 00:00:00 2001
From: Vitaly Buka <vitalybuka@google.com>
Date: Wed, 2 Mar 2016 11:10:39 -0800
Subject: Update macaroon lib

Change-Id: Iada0942ea1037ba061d53ee271a40965393306c1
Reviewed-on: https://weave-review.googlesource.com/2797
Reviewed-by: Alex Vakulenko <avakulenko@google.com>
---
 third_party/libuweave/src/macaroon.c        | 36 +++++++++++++++++++++--------
 third_party/libuweave/src/macaroon.h        | 30 +++++++++++++++++++++---
 third_party/libuweave/src/macaroon_caveat.c |  7 +++---
 3 files changed, 56 insertions(+), 17 deletions(-)

(limited to 'third_party')

diff --git a/third_party/libuweave/src/macaroon.c b/third_party/libuweave/src/macaroon.c
index c823804..007aa15 100644
--- a/third_party/libuweave/src/macaroon.c
+++ b/third_party/libuweave/src/macaroon.c
@@ -31,15 +31,15 @@ static bool create_mac_tag_(const uint8_t* key,
 
   // Compute the first tag by using the key
   if (!uw_macaroon_caveat_sign_(key, key_len, context, caveats[0], mac_tag_buff,
-                                UW_MACAROON_MAC_LEN)) {
+                                sizeof(mac_tag_buff))) {
     return false;
   }
 
   // Compute the rest of the tags by using the tag as the key
   for (size_t i = 1; i < num_caveats; i++) {
-    if (!uw_macaroon_caveat_sign_(mac_tag_buff, UW_MACAROON_MAC_LEN, context,
+    if (!uw_macaroon_caveat_sign_(mac_tag_buff, sizeof(mac_tag_buff), context,
                                   caveats[i], mac_tag_buff,
-                                  UW_MACAROON_MAC_LEN)) {
+                                  sizeof(mac_tag_buff))) {
       return false;
     }
   }
@@ -100,25 +100,32 @@ bool uw_macaroon_extend_(const UwMacaroon* old_macaroon,
       additional_caveat == NULL || buffer == NULL || buffer_size == 0) {
     return false;
   }
+  // If we update the same macaroon in-place, do not zero it.
+  if (new_macaroon != old_macaroon) {
+    *new_macaroon = (UwMacaroon){};
+  }
+
+  const size_t old_count = old_macaroon->num_caveats;
+  const size_t new_count = old_count + 1;
 
-  new_macaroon->num_caveats = old_macaroon->num_caveats + 1;
+  new_macaroon->num_caveats = new_count;
 
   // Extend the caveat pointer list
-  if ((new_macaroon->num_caveats) * sizeof(UwMacaroonCaveat*) > buffer_size) {
+  if (new_count * sizeof(new_macaroon->caveats[0]) > buffer_size) {
     // Not enough memory to store the extended caveat pointer list
     return false;
   }
   const UwMacaroonCaveat** extended_list = (const UwMacaroonCaveat**)buffer;
-  if (new_macaroon->caveats != old_macaroon->caveats) {
+  if (extended_list != old_macaroon->caveats) {
     memcpy(extended_list, old_macaroon->caveats,
-           old_macaroon->num_caveats * sizeof(old_macaroon->caveats[0]));
+           old_count * sizeof(old_macaroon->caveats[0]));
   }
-  extended_list[old_macaroon->num_caveats] = additional_caveat;
+  extended_list[old_count] = additional_caveat;
   new_macaroon->caveats = (const UwMacaroonCaveat* const*)extended_list;
 
   // Compute the new MAC tag
   return create_mac_tag_(old_macaroon->mac_tag, UW_MACAROON_MAC_LEN, context,
-                         new_macaroon->caveats + old_macaroon->num_caveats, 1,
+                         new_macaroon->caveats + old_count, 1,
                          new_macaroon->mac_tag);
 }
 
@@ -133,7 +140,7 @@ static void init_validation_result(UwMacaroonValidationResult* result) {
 /** Reset the result object to the lowest scope when encountering errors */
 static void reset_validation_result(UwMacaroonValidationResult* result) {
   *result = (UwMacaroonValidationResult){
-      .weave_app_restricted = true,
+      .app_commands_only = true,
       .granted_scope = UW_MACAROON_CAVEAT_SCOPE_LOWEST_POSSIBLE};
 }
 
@@ -318,3 +325,12 @@ bool uw_macaroon_deserialize_(const uint8_t* in,
 
   return true;
 }
+
+time_t uw_macaroon_get_expiration_unix_epoch_time_(
+    UwMacaroonValidationResult* result) {
+  // Expiration times of 0 and UINT32_MAX both mean no expiration.
+  if (result->expiration_time == 0 || result->expiration_time == UINT32_MAX) {
+    return 0;
+  }
+  return uw_macaroon_j2000_to_unix_epoch(result->expiration_time);
+}
diff --git a/third_party/libuweave/src/macaroon.h b/third_party/libuweave/src/macaroon.h
index 5e73b28..310f988 100644
--- a/third_party/libuweave/src/macaroon.h
+++ b/third_party/libuweave/src/macaroon.h
@@ -8,12 +8,16 @@
 #include <stdbool.h>
 #include <stddef.h>
 #include <stdint.h>
+#include <time.h>
 
 #include "src/macaroon_caveat.h"
 #include "src/macaroon_context.h"
 
 #define UW_MACAROON_MAC_LEN 16
 
+// Jan 1st 2000 00:00:00 in unix epoch seconds.
+#define J2000_EPOCH_OFFSET 946684800
+
 // Note: If we are looking to make memory savings on MCUs,
 // at the cost of a little extra processing, we can make
 // the macaroon encoding the actual in-memory representation.
@@ -44,8 +48,8 @@ typedef struct {
 
 typedef struct {
   UwMacaroonCaveatScopeType granted_scope;
-  uint32_t expiration_time;
-  bool weave_app_restricted;
+  uint32_t expiration_time;  // In number of seconds since Jan 1st 2000 00:00:00
+  bool app_commands_only;
   const uint8_t* lan_session_id;
   size_t lan_session_id_len;
   UwMacaroonDelegateeInfo delegatees[MAX_NUM_DELEGATEES];
@@ -59,7 +63,10 @@ bool uw_macaroon_create_from_root_key_(UwMacaroon* new_macaroon,
                                        const UwMacaroonCaveat* const caveats[],
                                        size_t num_caveats);
 
-/** Creates a new macaroon with a new caveat. */
+/**
+ * Creates a new macaroon with a new caveat. The buffer must be large enough to
+ * hold the count of caveats in the old_macaroon plus one.
+ */
 bool uw_macaroon_extend_(const UwMacaroon* old_macaroon,
                          UwMacaroon* new_macaroon,
                          const UwMacaroonContext* context,
@@ -97,4 +104,21 @@ bool uw_macaroon_deserialize_(const uint8_t* in,
                               size_t buffer_size,
                               UwMacaroon* new_macaroon);
 
+/** Converts a j2000 timestamp to a unix timestamp. */
+static inline time_t uw_macaroon_j2000_to_unix_epoch(time_t j2000) {
+  return j2000 + J2000_EPOCH_OFFSET;
+}
+
+/** Converts a unix timestamp to a j2000 timestamp. */
+static inline time_t uw_macaroon_unix_epoch_to_j2000(time_t unix) {
+  return unix - J2000_EPOCH_OFFSET;
+}
+
+/**
+ * Gets the expiration time of the macaroon as the number of seconds since the
+ * unix epoch. A value of 0 means no expiration.
+ */
+time_t uw_macaroon_get_expiration_unix_epoch_time_(
+    UwMacaroonValidationResult* result);
+
 #endif  // LIBUWEAVE_SRC_MACAROON_H_
diff --git a/third_party/libuweave/src/macaroon_caveat.c b/third_party/libuweave/src/macaroon_caveat.c
index 0abf7ca..bd1011b 100644
--- a/third_party/libuweave/src/macaroon_caveat.c
+++ b/third_party/libuweave/src/macaroon_caveat.c
@@ -349,8 +349,7 @@ bool uw_macaroon_caveat_sign_(const uint8_t* key,
   }
 
   UwMacaroonCaveatType caveat_type;
-  if (!uw_macaroon_caveat_get_type_(caveat, &caveat_type) ||
-      !is_valid_caveat_type_(caveat_type)) {
+  if (!uw_macaroon_caveat_get_type_(caveat, &caveat_type)) {
     return false;
   }
 
@@ -407,7 +406,7 @@ bool uw_macaroon_caveat_sign_(const uint8_t* key,
   }
 
   // The length here includes: 1. the header for the whole byte string; 2. the
-  // header for the addtional value part; 3. the additional value part.
+  // header for the additional value part; 3. the additional value part.
   size_t total_length =
       caveat->num_bytes + value_cbor_prefix_len + additional_value_str_len;
   if (!uw_macaroon_encoding_encode_byte_str_len_(
@@ -579,7 +578,7 @@ bool uw_macaroon_caveat_validate_(const UwMacaroonCaveat* caveat,
       return true;
 
     case kUwMacaroonCaveatTypeAppCommandsOnly:
-      result->weave_app_restricted = true;
+      result->app_commands_only = true;
       return true;
 
     case kUwMacaroonCaveatTypeLanSessionID:
-- 
cgit v1.2.3