mirror of
https://github.com/servalproject/serval-dna.git
synced 2025-01-18 10:46:23 +00:00
Fix import bundle test and bug
Add lots of debug to track down cause of rhizome list .selfsigned column bug
This commit is contained in:
Andrew Bettison
parent
0bf366f789
commit
0997909053
@ -148,16 +148,20 @@ int rhizome_bk_xor(const unsigned char *authorSid, // binary
|
||||
if (rs_len<16||rs_len>1024)
|
||||
return WHYF("invalid Rhizome Secret: length=%d", rs_len);
|
||||
unsigned char *rs=keyring->contexts[cn]->identities[in]->keypairs[kp]->private_key;
|
||||
if (debug & DEBUG_RHIZOME) DEBUGF(" RS %s", alloca_tohex(rs, rs_len));
|
||||
if (debug & DEBUG_RHIZOME) DEBUGF(" bid %s", alloca_tohex(bid, crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES));
|
||||
int combined_len=rs_len+crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES;
|
||||
unsigned char buffer[combined_len];
|
||||
bcopy(&rs[0],&buffer[0],rs_len);
|
||||
bcopy(&bid[0],&buffer[rs_len],crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES);
|
||||
unsigned char hash[crypto_hash_sha512_BYTES];
|
||||
crypto_hash_sha512(hash,buffer,combined_len);
|
||||
int len=crypto_sign_edwards25519sha512batch_SECRETKEYBYTES;
|
||||
if (debug & DEBUG_RHIZOME) DEBUGF(" hash %s", alloca_tohex(hash, sizeof hash));
|
||||
if (debug & DEBUG_RHIZOME) DEBUGF(" bkin %s", alloca_tohex(bkin, crypto_sign_edwards25519sha512batch_SECRETKEYBYTES));
|
||||
int i;
|
||||
for(i=0;i<len;i++)
|
||||
for(i = 0; i != crypto_sign_edwards25519sha512batch_SECRETKEYBYTES; ++i)
|
||||
bkout[i]=bkin[i]^hash[i];
|
||||
if (debug & DEBUG_RHIZOME) DEBUGF("bkout %s", alloca_tohex(bkout, crypto_sign_edwards25519sha512batch_SECRETKEYBYTES));
|
||||
bzero(&buffer[0],combined_len);
|
||||
bzero(&hash[0],crypto_hash_sha512_BYTES);
|
||||
return 0;
|
||||
@ -167,6 +171,8 @@ int rhizome_bk_xor(const unsigned char *authorSid, // binary
|
||||
private key for the BID. Decoding BK's relies on the provision of
|
||||
the appropriate SID.
|
||||
|
||||
Return 0 if the private key was extracted, 1 if not. Return -1 if an error occurs.
|
||||
|
||||
XXX Note that this function is not able to verify that the private key
|
||||
is correct, as there is no exposed API in NaCl for calculating the
|
||||
public key from a cryptosign private key. We thus have to trust that
|
||||
@ -205,21 +211,24 @@ int rhizome_is_self_signed(rhizome_manifest *m)
|
||||
if (debug & DEBUG_RHIZOME) DEBUGF("missing BK field");
|
||||
return 1;
|
||||
}
|
||||
if (debug & DEBUG_RHIZOME) DEBUGF(" BK %s", bk);
|
||||
unsigned char bkBytes[RHIZOME_BUNDLE_KEY_BYTES];
|
||||
if (fromhexstr(bkBytes, bk, RHIZOME_BUNDLE_KEY_BYTES) == -1)
|
||||
return WHYF("invalid BK field: %s", bk);
|
||||
int cn = 0, in = 0, kp = 0;
|
||||
for (; keyring_next_identity(keyring, &cn, &in, &kp); ++kp) {
|
||||
const unsigned char *authorSid = keyring->contexts[cn]->identities[in]->keypairs[kp]->public_key;
|
||||
if (debug & DEBUG_RHIZOME) DEBUGF("try identity %s", alloca_tohex(authorSid, SID_SIZE));
|
||||
if (debug & DEBUG_RHIZOME) DEBUGF("identity %s", alloca_tohex(authorSid, SID_SIZE));
|
||||
int rkp = keyring_identity_find_keytype(keyring, cn, in, KEYTYPE_RHIZOME);
|
||||
if (rkp != -1) {
|
||||
if (debug & DEBUG_RHIZOME) DEBUGF(" RS %s", alloca_tohex(
|
||||
keyring->contexts[cn]->identities[in]->keypairs[rkp]->private_key,
|
||||
keyring->contexts[cn]->identities[in]->keypairs[rkp]->private_key_len));
|
||||
switch (rhizome_bk_xor(authorSid, m->cryptoSignPublic, bkBytes, m->cryptoSignSecret)) {
|
||||
case -1:
|
||||
return WHY("rhizome_bk_xor() failed");
|
||||
case 0:
|
||||
D;
|
||||
if (rhizome_verify_bundle_privatekey(m))
|
||||
if (rhizome_verify_bundle_privatekey(m) == 0)
|
||||
return 0; // bingo
|
||||
break;
|
||||
}
|
||||
@ -229,6 +238,7 @@ int rhizome_is_self_signed(rhizome_manifest *m)
|
||||
}
|
||||
|
||||
/* Verify the validity of the manifest's sccret key.
|
||||
Return 0 if valid, 1 if not. Return -1 if an error occurs.
|
||||
XXX This is a pretty ugly way to do it, but NaCl offers no API to
|
||||
do this cleanly.
|
||||
*/
|
||||
@ -255,7 +265,7 @@ int rhizome_verify_bundle_privatekey(rhizome_manifest *m)
|
||||
return 0; // valid
|
||||
}
|
||||
m->haveSecret = 0;
|
||||
if (1) {
|
||||
if (debug & DEBUG_RHIZOME) {
|
||||
DEBUGF(" stored public key = %s*", alloca_tohex(m->cryptoSignPublic, 8));
|
||||
DEBUGF("computed public key = %s*", alloca_tohex(pk, 8));
|
||||
}
|
||||
@ -274,7 +284,7 @@ rhizome_signature *rhizome_sign_hash(rhizome_manifest *m, const unsigned char *a
|
||||
unsigned char *hash=m->manifesthash;
|
||||
unsigned char *publicKeyBytes=m->cryptoSignPublic;
|
||||
|
||||
if (!m->haveSecret && rhizome_extract_privatekey(m, authorSid) == -1) {
|
||||
if (!m->haveSecret && rhizome_extract_privatekey(m, authorSid)) {
|
||||
WHY("Cannot find secret key to sign manifest data.");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -132,12 +132,13 @@ int rhizome_opendb()
|
||||
|
||||
if (create_rhizome_datastore_dir() == -1)
|
||||
return WHY("No Directory");
|
||||
char dbname[1024];
|
||||
if (!FORM_RHIZOME_DATASTORE_PATH(dbname, "rhizome.db"))
|
||||
char dbpath[1024];
|
||||
if (!FORM_RHIZOME_DATASTORE_PATH(dbpath, "rhizome.db"))
|
||||
return WHY("Invalid path");
|
||||
|
||||
if (sqlite3_open(dbname,&rhizome_db))
|
||||
return WHYF("SQLite could not open database: %s", sqlite3_errmsg(rhizome_db));
|
||||
if (sqlite3_open(dbpath,&rhizome_db))
|
||||
return WHYF("SQLite could not open database %s: %s", dbpath, sqlite3_errmsg(rhizome_db));
|
||||
int loglevel = (debug & DEBUG_RHIZOME) ? LOG_LEVEL_DEBUG : LOG_LEVEL_SILENT;
|
||||
|
||||
/* Read Rhizome configuration */
|
||||
double rhizome_kb = atof(confValueGet("rhizome_kb", "1024"));
|
||||
@ -147,8 +148,8 @@ int rhizome_opendb()
|
||||
DEBUGF("Rhizome will use %lldB of storage for its database.", rhizome_space);
|
||||
}
|
||||
/* Create tables as required */
|
||||
if ( sqlite_exec_void("PRAGMA auto_vacuum=2;") == -1
|
||||
|| sqlite_exec_void("CREATE TABLE IF NOT EXISTS GROUPLIST(id text not null primary key, closed integer,ciphered integer,priority integer);") == -1
|
||||
sqlite_exec_void_loglevel(loglevel, "PRAGMA auto_vacuum=2;");
|
||||
if ( sqlite_exec_void("CREATE TABLE IF NOT EXISTS GROUPLIST(id text not null primary key, closed integer,ciphered integer,priority integer);") == -1
|
||||
|| sqlite_exec_void("CREATE TABLE IF NOT EXISTS MANIFESTS(id text not null primary key, manifest blob, version integer,inserttime integer, bar blob);") == -1
|
||||
|| sqlite_exec_void("CREATE TABLE IF NOT EXISTS FILES(id text not null primary key, data blob, length integer, highestpriority integer, datavalid integer);") == -1
|
||||
|| sqlite_exec_void("DROP TABLE IF EXISTS FILEMANIFESTS;") == -1
|
||||
@ -159,18 +160,14 @@ int rhizome_opendb()
|
||||
}
|
||||
// No easy way to tell if these columns already exist, should probably create some kind of schema
|
||||
// version table. Running these a second time will fail.
|
||||
int loglevel = (debug & DEBUG_RHIZOME) ? LOG_LEVEL_DEBUG : LOG_LEVEL_SILENT;
|
||||
sqlite_exec_void_loglevel(loglevel, "ALTER TABLE MANIFESTS ADD COLUMN filesize text;");
|
||||
sqlite_exec_void_loglevel(loglevel, "ALTER TABLE MANIFESTS ADD COLUMN filehash text;");
|
||||
sqlite_exec_void_loglevel(loglevel, "ALTER TABLE FILES ADD inserttime integer;");
|
||||
/* Upgrade schema */
|
||||
if ( sqlite_exec_void("CREATE INDEX IF NOT EXISTS IDX_MANIFESTS_HASH ON MANIFESTS(filehash);") == -1
|
||||
|| sqlite_exec_void("DELETE FROM MANIFESTS WHERE filehash IS NULL;") == -1
|
||||
|| sqlite_exec_void("DELETE FROM FILES WHERE NOT EXISTS( SELECT 1 FROM MANIFESTS WHERE MANIFESTS.filehash = FILES.id);") == -1
|
||||
|| sqlite_exec_void("DELETE FROM MANIFESTS WHERE NOT EXISTS( SELECT 1 FROM FILES WHERE MANIFESTS.filehash = FILES.id);") == -1
|
||||
) {
|
||||
return WHY("Failed to create schema");
|
||||
}
|
||||
/* Clean out database, but if this fails keep going (database may be read-only). */
|
||||
sqlite_exec_void_loglevel(LOG_LEVEL_WARN, "CREATE INDEX IF NOT EXISTS IDX_MANIFESTS_HASH ON MANIFESTS(filehash);");
|
||||
sqlite_exec_void_loglevel(LOG_LEVEL_WARN, "DELETE FROM MANIFESTS WHERE filehash IS NULL;");
|
||||
sqlite_exec_void_loglevel(LOG_LEVEL_WARN, "DELETE FROM FILES WHERE NOT EXISTS( SELECT 1 FROM MANIFESTS WHERE MANIFESTS.filehash = FILES.id);");
|
||||
sqlite_exec_void_loglevel(LOG_LEVEL_WARN, "DELETE FROM MANIFESTS WHERE NOT EXISTS( SELECT 1 FROM FILES WHERE MANIFESTS.filehash = FILES.id);");
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -731,7 +728,7 @@ int rhizome_list_manifests(const char *service, const char *sender_sid, const ch
|
||||
const char *blob_filehash = rhizome_manifest_get(m, "filehash", NULL, 0);
|
||||
long long blob_filesize = rhizome_manifest_get_ll(m, "filesize");
|
||||
int self_signed = rhizome_is_self_signed(m) ? 0 : 1;
|
||||
DEBUGF("Manifest payload size = %lld",blob_filesize);
|
||||
if (debug & DEBUG_RHIZOME) DEBUGF("manifest payload size = %lld", blob_filesize);
|
||||
cli_puts(blob_service ? blob_service : ""); cli_delim(":");
|
||||
cli_puts(q_manifestid); cli_delim(":");
|
||||
cli_printf("%lld", blob_version); cli_delim(":");
|
||||
|
||||
@ -779,7 +779,7 @@ test_ImportForeignBundle() {
|
||||
executeOk_servald rhizome import bundle fileA fileA.manifest
|
||||
assert_stdout_import_bundle fileA
|
||||
executeOk_servald rhizome list ''
|
||||
assert_rhizome_list fileA
|
||||
assert_rhizome_list fileA!
|
||||
}
|
||||
|
||||
runTests "$@"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user