2013-11-21 02:12:59 +00:00
|
|
|
/*
|
|
|
|
|
Serval DNA keyring
|
2016-11-11 00:09:50 +00:00
|
|
|
Copyright (C) 2013-2015 Serval Project Inc.
|
2013-11-21 02:12:59 +00:00
|
|
|
Copyright (C) 2010-2012 Paul Gardner-Stephen
|
|
|
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
|
|
|
modify it under the terms of the GNU General Public License
|
|
|
|
|
as published by the Free Software Foundation; either version 2
|
|
|
|
|
of the License, or (at your option) any later version.
|
|
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
|
along with this program; if not, write to the Free Software
|
|
|
|
|
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
|
*/
|
|
|
|
|
|
2013-12-04 06:44:14 +00:00
|
|
|
#ifndef __SERVAL_DNA__KEYRING_H
|
|
|
|
|
#define __SERVAL_DNA__KEYRING_H
|
2013-10-16 03:00:00 +00:00
|
|
|
|
2018-03-08 00:25:36 +00:00
|
|
|
#include "lang.h" // for bool_t
|
Switch to feature-driven linking
This introduces a new way of linking Serval executables and dynamic
libraries from static libraries like libservald.a -- called
"feature-driven" linking.
The Makefile now links servald and serval-tests from libservald.a,
rather than from an explicit list of object (.o) files. Thanks to the
section-based method for registering functions such as HTTP handlers,
CLI commands and MDP handlers, these object files had become
"stand-alone" and hence were no longer included in the link because
there was no unresolved reference that required them to be linked in.
The new "feature.h" provides the DECLARE_FEATURE(name) macro that each
stand-alone source file uses to declare the named feature(s) it
provides. Each executable can call the USE_FEATURE(name) macro in any
of its explicitly-linked source files to cause the corresponding
object(s) to be included in the link, eg, servald_features.c.
The DEFINE_BINDING() macro has been extended so that every individual
MDP binding is given a feature name based on its port number macro, eg,
"mdp_binding_MDP_PORT_ECHO".
Some features have been factored into their own separate source files so
they can be omitted or included in a build independently of each other:
- the MDP bindings for MDP_PORT_DNALOOKUP, MDP_PORT_ECHO,
MDP_PORT_TRACE, MDP_PORT_KEYMAPREQUEST, MDP_PORT_RHIZOME_xxx,
MDP_PORT_PROBE, MDP_PORT_STUN, MDP_PORT_STUNREQ
- the CLI "log" and "echo" commands
- the CLI "rhizome direct" command
The JNI source files are only compiled if the <jni.h> header is present,
otherwise they are omitted from libservald.so.
2016-10-13 02:58:23 +00:00
|
|
|
#include "serval_types.h" // for sid_t
|
|
|
|
|
#include "os.h" // for time_ms_t
|
|
|
|
|
|
2014-10-31 03:13:23 +00:00
|
|
|
struct cli_parsed;
|
|
|
|
|
#include "xprintf.h"
|
|
|
|
|
|
2013-10-16 03:00:00 +00:00
|
|
|
typedef struct keypair {
|
2013-12-10 06:04:35 +00:00
|
|
|
unsigned type;
|
2013-10-16 03:00:00 +00:00
|
|
|
unsigned char *private_key;
|
|
|
|
|
size_t private_key_len;
|
|
|
|
|
unsigned char *public_key;
|
|
|
|
|
size_t public_key_len;
|
2014-10-31 03:13:23 +00:00
|
|
|
struct keypair *next;
|
2013-10-16 03:00:00 +00:00
|
|
|
} keypair;
|
|
|
|
|
|
|
|
|
|
/* Contains just the list of private:public key pairs and types,
|
|
|
|
|
the pin used to extract them, and the slot in the keyring file
|
|
|
|
|
(so that it can be replaced/rewritten as required). */
|
|
|
|
|
#define PKR_SALT_BYTES 32
|
|
|
|
|
#define PKR_MAC_BYTES 64
|
2016-06-15 03:15:06 +00:00
|
|
|
struct keyring_challenge{
|
|
|
|
|
time_ms_t expires;
|
|
|
|
|
unsigned char challenge[24];
|
|
|
|
|
};
|
|
|
|
|
|
2018-03-08 00:25:36 +00:00
|
|
|
/* An unlocked identity is represented by an instance of one of these structs
|
|
|
|
|
* in the linked list starting in the keyring_file structure.
|
|
|
|
|
*/
|
2013-10-16 03:00:00 +00:00
|
|
|
typedef struct keyring_identity {
|
2018-03-08 00:25:36 +00:00
|
|
|
// A nul-terminated string containing the identity's PIN (passphrase); NULL
|
|
|
|
|
// if no PIN (empty passphrase). This string must be free()d before the
|
|
|
|
|
// struct is deallocated.
|
2013-10-16 03:00:00 +00:00
|
|
|
char *PKRPin;
|
2018-03-08 00:25:36 +00:00
|
|
|
|
|
|
|
|
// Whether all other identities in the same keyring file that have the same
|
|
|
|
|
// PIN are also unlocked:
|
|
|
|
|
bool_t is_fully_unlocked : 1;
|
|
|
|
|
|
2013-10-16 03:00:00 +00:00
|
|
|
struct subscriber *subscriber;
|
|
|
|
|
unsigned int slot;
|
2016-06-15 03:15:06 +00:00
|
|
|
struct keyring_challenge *challenge;
|
2016-05-31 03:20:32 +00:00
|
|
|
const uint8_t *box_sk;
|
|
|
|
|
const sid_t *box_pk;
|
2016-09-27 06:21:23 +00:00
|
|
|
const sign_keypair_t *sign_keypair;
|
2014-10-31 03:13:23 +00:00
|
|
|
struct keyring_identity *next;
|
|
|
|
|
keypair *keypairs;
|
2013-10-16 03:00:00 +00:00
|
|
|
} keyring_identity;
|
|
|
|
|
|
2015-02-23 02:54:05 +00:00
|
|
|
#define KEYRING_PAGE_SIZE ((size_t)4096)
|
|
|
|
|
#define KEYRING_BAM_BYTES ((size_t)2048)
|
2013-10-16 03:00:00 +00:00
|
|
|
#define KEYRING_BAM_BITS (KEYRING_BAM_BYTES<<3)
|
|
|
|
|
#define KEYRING_SLAB_SIZE (KEYRING_PAGE_SIZE*KEYRING_BAM_BITS)
|
2016-09-20 06:57:49 +00:00
|
|
|
|
|
|
|
|
// should be a power of 2
|
|
|
|
|
#define KEYRING_ALLOC_CHUNK (16)
|
|
|
|
|
|
2013-10-16 03:00:00 +00:00
|
|
|
typedef struct keyring_bam {
|
2015-02-23 02:54:05 +00:00
|
|
|
size_t file_offset;
|
2018-03-08 00:25:36 +00:00
|
|
|
unsigned char allocmap[KEYRING_BAM_BYTES];
|
|
|
|
|
unsigned char loadmap[KEYRING_BAM_BYTES];
|
2013-10-16 03:00:00 +00:00
|
|
|
struct keyring_bam *next;
|
|
|
|
|
} keyring_bam;
|
|
|
|
|
|
|
|
|
|
typedef struct keyring_file {
|
|
|
|
|
keyring_bam *bam;
|
2014-10-31 04:30:52 +00:00
|
|
|
char *KeyRingPin;
|
|
|
|
|
unsigned char *KeyRingSalt;
|
|
|
|
|
int KeyRingSaltLen;
|
|
|
|
|
keyring_identity *identities;
|
2013-10-16 03:00:00 +00:00
|
|
|
FILE *file;
|
2015-02-23 02:54:05 +00:00
|
|
|
size_t file_size;
|
2016-05-31 03:20:32 +00:00
|
|
|
uint8_t dirty;
|
2013-10-16 03:00:00 +00:00
|
|
|
} keyring_file;
|
|
|
|
|
|
2014-10-31 03:13:23 +00:00
|
|
|
typedef struct keyring_iterator{
|
|
|
|
|
keyring_file *file;
|
|
|
|
|
keyring_identity *identity;
|
|
|
|
|
keypair *keypair;
|
|
|
|
|
} keyring_iterator;
|
|
|
|
|
|
|
|
|
|
void keyring_iterator_start(keyring_file *k, keyring_iterator *it);
|
|
|
|
|
keyring_identity * keyring_next_identity(keyring_iterator *it);
|
|
|
|
|
keypair * keyring_next_key(keyring_iterator *it);
|
|
|
|
|
keypair * keyring_next_keytype(keyring_iterator *it, unsigned keytype);
|
2016-05-31 03:20:32 +00:00
|
|
|
keypair *keyring_identity_keytype(const keyring_identity *id, unsigned keytype);
|
2014-10-31 03:13:23 +00:00
|
|
|
keypair *keyring_find_did(keyring_iterator *it, const char *did);
|
2016-08-15 03:43:26 +00:00
|
|
|
keyring_identity *keyring_find_identity_sid(keyring_file *k, const sid_t *sidp);
|
|
|
|
|
keyring_identity *keyring_find_identity(keyring_file *k, const identity_t *sign);
|
2014-10-31 03:13:23 +00:00
|
|
|
|
2013-10-16 03:00:00 +00:00
|
|
|
void keyring_free(keyring_file *k);
|
2018-03-08 00:25:36 +00:00
|
|
|
void keyring_release_identities_by_pin(keyring_file *f, const char *pin);
|
|
|
|
|
void keyring_release_identity(keyring_file *k, keyring_identity *id);
|
2016-08-15 03:43:26 +00:00
|
|
|
int keyring_release_subscriber(keyring_file *k, const sid_t *sid);
|
2014-10-31 03:13:23 +00:00
|
|
|
|
2013-10-16 03:00:00 +00:00
|
|
|
#define KEYTYPE_CRYPTOBOX 0x01 // must be lowest
|
|
|
|
|
#define KEYTYPE_CRYPTOSIGN 0x02
|
|
|
|
|
#define KEYTYPE_RHIZOME 0x03
|
|
|
|
|
/* DIDs aren't really keys, but the keyring is a real handy place to keep them,
|
|
|
|
|
and keep them private if people so desire */
|
|
|
|
|
#define KEYTYPE_DID 0x04
|
|
|
|
|
|
2013-10-16 05:42:47 +00:00
|
|
|
/* Arbitrary name / value pairs */
|
|
|
|
|
#define KEYTYPE_PUBLIC_TAG 0x05
|
|
|
|
|
|
2016-04-19 05:45:53 +00:00
|
|
|
// Combined signing / encryption key data
|
|
|
|
|
#define KEYTYPE_CRYPTOCOMBINED 0x06
|
|
|
|
|
|
2016-11-11 00:09:50 +00:00
|
|
|
/* per-thread global handle to keyring file for use in running commands and server */
|
2015-05-25 02:16:37 +00:00
|
|
|
extern __thread keyring_file *keyring;
|
2013-10-16 03:00:00 +00:00
|
|
|
|
|
|
|
|
/* Public calls to keyring management */
|
2015-02-23 02:54:05 +00:00
|
|
|
keyring_file *keyring_create_instance();
|
2015-05-25 02:16:37 +00:00
|
|
|
keyring_file *keyring_open_instance(const char *pin);
|
2013-10-16 03:00:00 +00:00
|
|
|
keyring_file *keyring_open_instance_cli(const struct cli_parsed *parsed);
|
2018-03-08 00:25:36 +00:00
|
|
|
unsigned keyring_enter_pin(keyring_file *k, const char *pin);
|
2017-12-19 02:09:29 +00:00
|
|
|
int keyring_set_did_name(keyring_identity *id, const char *did, const char *name);
|
2016-09-20 00:30:02 +00:00
|
|
|
int keyring_set_pin(keyring_identity *id, const char *pin);
|
2016-04-19 05:45:53 +00:00
|
|
|
int keyring_sign_message(struct keyring_identity *identity, unsigned char *content, size_t buffer_len, size_t *content_len);
|
2016-08-15 03:43:26 +00:00
|
|
|
int keyring_send_identity_request(struct subscriber *subscriber);
|
2013-10-16 03:00:00 +00:00
|
|
|
|
|
|
|
|
int keyring_commit(keyring_file *k);
|
2016-06-15 07:38:25 +00:00
|
|
|
keyring_identity *keyring_inmemory_identity();
|
|
|
|
|
void keyring_free_identity(keyring_identity *id);
|
2014-10-31 04:30:52 +00:00
|
|
|
keyring_identity *keyring_create_identity(keyring_file *k, const char *pin);
|
2016-11-04 06:30:40 +00:00
|
|
|
void keyring_destroy_identity(keyring_file *k, keyring_identity *id);
|
2016-06-28 04:52:16 +00:00
|
|
|
void keyring_identity_extract(const keyring_identity *id, const char **didp, const char **namep);
|
2015-02-23 02:54:05 +00:00
|
|
|
int keyring_load_from_dump(keyring_file *k, unsigned entry_pinc, const char **entry_pinv, FILE *input);
|
2013-10-16 03:00:00 +00:00
|
|
|
int keyring_dump(keyring_file *k, XPRINTF xpf, int include_secret);
|
|
|
|
|
|
2016-05-31 03:20:32 +00:00
|
|
|
unsigned char *keyring_get_nm_bytes(const uint8_t *box_sk, const sid_t *box_pk, const sid_t *unknown_sidp);
|
2013-10-16 03:00:00 +00:00
|
|
|
|
2015-08-13 19:36:27 +00:00
|
|
|
struct internal_mdp_header;
|
|
|
|
|
struct overlay_buffer;
|
2013-10-16 03:00:00 +00:00
|
|
|
int keyring_send_unlock(struct subscriber *subscriber);
|
2014-10-31 03:13:23 +00:00
|
|
|
int keyring_release_subscriber(keyring_file *k, const sid_t *sid);
|
2013-10-16 03:00:00 +00:00
|
|
|
|
2013-10-24 01:13:03 +00:00
|
|
|
int keyring_set_public_tag(keyring_identity *id, const char *name, const unsigned char *value, size_t length);
|
2014-10-31 03:13:23 +00:00
|
|
|
keypair * keyring_find_public_tag(keyring_iterator *it, const char *name, const unsigned char **value, size_t *length);
|
|
|
|
|
keypair * keyring_find_public_tag_value(keyring_iterator *it, const char *name, const unsigned char *value, size_t length);
|
2013-10-24 01:13:03 +00:00
|
|
|
int keyring_unpack_tag(const unsigned char *packed, size_t packed_len, const char **name, const unsigned char **value, size_t *length);
|
|
|
|
|
int keyring_pack_tag(unsigned char *packed, size_t *packed_len, const char *name, const unsigned char *value, size_t length);
|
2013-10-16 05:42:47 +00:00
|
|
|
|
2013-12-04 06:44:14 +00:00
|
|
|
#endif // __SERVAL_DNA__KEYRING_H
|
