Add base64url routines.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

src/usb/lwip/rest.c

@@ -20,6 +20,7 @@
 #include "rest.h"
 #include <strings.h>
 #include "random.h"
+#include "crypto_utils.h"
 
 #define REST_MAX_SESSIONS 4
 
@@ -34,6 +35,11 @@ rest_session_t *rest_session_create(const rest_session_role_t role, rest_session
             random_fill_buffer(rest_sessions[i].id, sizeof(rest_sessions[i].id));
             rest_sessions[i].created_at = board_millis();
             rest_sessions[i].last_activity_timestamp = rest_sessions[i].created_at;
+            size_t olen = 0;
+            if (base64url_encode(rest_sessions[i].id_str, sizeof(rest_sessions[i].id_str), &olen, (const unsigned char *)rest_sessions[i].id, sizeof(rest_sessions[i].id)) != 0) {
+                memset(&rest_sessions[i], 0, sizeof(rest_session_t));
+                return NULL;
+            }
             return &rest_sessions[i];
         }
     }
@@ -54,6 +60,20 @@ rest_session_t *rest_session_get(const uint8_t *id, size_t id_len) {
     return NULL;
 }
 
+rest_session_t *rest_session_get_by_id_str(const char *id_str) {
+    if (id_str == NULL || strlen(id_str) != 22) {
+        return NULL;
+    }
+    for (int i = 0; i < REST_MAX_SESSIONS; i++) {
+        if (rest_sessions[i].status != REST_SESSION_UNKNOWN && rest_sessions[i].status != REST_SESSION_EXPIRED && rest_sessions[i].status != REST_SESSION_TERMINATED) {
+            if (strcmp((const char *)rest_sessions[i].id_str, id_str) == 0) {
+                return &rest_sessions[i];
+            }
+        }
+    }
+    return NULL;
+}
+
 int rest_session_terminate(const uint8_t *id, size_t id_len) {
     rest_session_t *session = rest_session_get(id, id_len);
     if (session == NULL) {

src/usb/lwip/rest.h

@@ -25,6 +25,7 @@
 #include <stdint.h>
 #include <time.h>
 #include "cJSON.h"
+#include "mbedtls/base64.h"
 
 #define REST_MAX_REQUEST_SIZE 1024
 #define REST_MAX_METHOD_SIZE 8
@@ -85,9 +86,9 @@ typedef struct {
 } rest_route_t;
 
 typedef enum {
-    REST_SESSION_NONE = 0,
-    REST_SESSION_USER = 0x1,
-    REST_SESSION_ADMIN = 0x2
+    REST_SESSION_ROLE_NONE = 0,
+    REST_SESSION_ROLE_USER = 0x1,
+    REST_SESSION_ROLE_ADMIN = 0x2
 } rest_session_role_t;
 
 typedef enum {
@@ -102,6 +103,7 @@ typedef enum {
 
 typedef struct {
     uint8_t id[16];
+    uint8_t id_str[25];
     time_t last_activity_timestamp;
     time_t created_at;
     uint32_t last_seq;
@@ -120,6 +122,7 @@ const rest_route_t *rest_get_routes(size_t *count);
 
 extern rest_session_t *rest_session_create(const rest_session_role_t role, rest_session_status_t status);
 extern rest_session_t *rest_session_get(const uint8_t *id, size_t id_len);
+extern rest_session_t *rest_session_get_by_id_str(const char *id_str);
 extern int rest_session_terminate(const uint8_t *id, size_t id_len);
 extern int rest_session_update_activity(const uint8_t *id, size_t id_len);
 extern int rest_session_set_status(const uint8_t *id, size_t id_len, rest_session_status_t status);

src/usb/lwip/rest_server.c

@@ -24,7 +24,6 @@
 
 #include <ctype.h>
 #include <strings.h>
-#include "mbedtls/base64.h"
 #include "mbedtls/md.h"
 #include "mbedtls/hkdf.h"
 #include "crypto_utils.h"
@@ -615,7 +614,7 @@ static int rest_verify_request_signature(const rest_request_t *request, const re
     if (md_info == NULL) {
         return PICOKEYS_ERR_MEMORY_FATAL;
     }
-    if (mbedtls_base64_decode(hmac_x, sizeof(hmac_x), &olen, (const unsigned char *)request->headers[REST_HEADER_X_SIGNATURE], strlen(request->headers[REST_HEADER_X_SIGNATURE])) != 0) {
+    if (base64url_decode(hmac_x, sizeof(hmac_x), &olen, (const unsigned char *)request->headers[REST_HEADER_X_SIGNATURE], strlen(request->headers[REST_HEADER_X_SIGNATURE])) != 0) {
         return PICOKEYS_EXEC_ERROR;
     }
     mbedtls_md_init(&ctx);
@@ -707,7 +706,7 @@ void rest_handle_request(rest_conn_t *conn) {
                 send_json_error(conn, 401, "authentication_required");
                 return;
             }
-            rest_session_t *session = rest_session_get((const uint8_t *)request->headers[REST_HEADER_X_SESSION_ID], strlen(request->headers[REST_HEADER_X_SESSION_ID]));
+            rest_session_t *session = rest_session_get_by_id_str(request->headers[REST_HEADER_X_SESSION_ID]);
             if (!session) {
                 send_json_error(conn, 401, "authentication_required");
                 return;