Create keyring.h and move definitions there

2025-02-21 01:42:18 +00:00 · 2013-10-16 13:30:00 +10:30 · 2013-10-16 13:30:00 +10:30 · 4434b1b65d
commit 4434b1b65d
parent 534b01ba2a
17 changed files with 116 additions and 99 deletions
--- a/commandline.c
+++ b/commandline.c
@ -45,6 +45,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 #include "cli.h"
 #include "overlay_address.h"
 #include "overlay_buffer.h"
+#include "keyring.h"

 extern struct cli_schema command_line_options[];

--- a/crypto.c
+++ b/crypto.c
@ -3,6 +3,7 @@
 #include "serval.h"
 #include "overlay_address.h"
 #include "crypto.h"
+#include "keyring.h"

 // verify a signature against a public sas key.
 int crypto_verify_signature(unsigned char *sas_key, 
--- a/directory_client.c
+++ b/directory_client.c
@ -16,6 +16,7 @@
 #include "str.h"
 #include "overlay_address.h"
 #include "conf.h"
+#include "keyring.h"

 struct subscriber *directory_service;

--- a/headerfiles.mk
+++ b/headerfiles.mk
@ -5,6 +5,7 @@ HDRS=	fifo.h \
 	overlay_packet.h \
 	rhizome.h \
 	serval.h \
+	keyring.h \
 	cli.h \
 	str.h \
 	rotbuf.h \
--- a/keyring.c
+++ b/keyring.c
@ -29,6 +29,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 #include "overlay_address.h"
 #include "crypto.h"
 #include "overlay_packet.h"
+#include "keyring.h"

 static void keyring_free_keypair(keypair *kp);
 static void keyring_free_context(keyring_context *c);
@ -1429,7 +1430,7 @@ int keyring_set_did(keyring_identity *id, const char *did, const char *name)
  return 0;
 }

-int keyring_find_did(const keyring_file *k,int *cn,int *in,int *kp,char *did)
+int keyring_find_did(const keyring_file *k, int *cn, int *in, int *kp, const char *did)
 {
  for (; keyring_sanitise_position(k,cn,in,kp) == 0; ++*kp) {
    if (k->contexts[*cn]->identities[*in]->keypairs[*kp]->type==KEYTYPE_DID) {
--- a/keyring.h
+++ b/keyring.h
@ -0,0 +1,100 @@
+#ifndef __SERVALD_KEYRING_H
+#define __SERVALD_KEYRING_H
+
+typedef struct keypair {
+  int type;
+  unsigned char *private_key;
+  size_t private_key_len;
+  unsigned char *public_key;
+  size_t public_key_len;
+} keypair;
+
+/* Contains just the list of private:public key pairs and types,
+   the pin used to extract them, and the slot in the keyring file
+   (so that it can be replaced/rewritten as required). */
+#define PKR_MAX_KEYPAIRS 64
+#define PKR_SALT_BYTES 32
+#define PKR_MAC_BYTES 64
+typedef struct keyring_identity {
+  char *PKRPin;
+  struct subscriber *subscriber;
+  time_ms_t challenge_expires;
+  unsigned char challenge[24];
+  unsigned int slot;
+  unsigned int keypair_count;
+  keypair *keypairs[PKR_MAX_KEYPAIRS];
+} keyring_identity;
+
+/* 64K identities, can easily be increased should the need arise,
+   but keep it low-ish for now so that the 64K pointers don't eat too
+   much ram on a small device.  Should probably think about having
+   small and large device settings for some of these things */
+#define KEYRING_MAX_IDENTITIES 65536
+typedef struct keyring_context {
+  char *KeyRingPin;
+  unsigned char *KeyRingSalt;
+  int KeyRingSaltLen;
+  unsigned int identity_count;
+  keyring_identity *identities[KEYRING_MAX_IDENTITIES];
+} keyring_context;
+
+#define KEYRING_PAGE_SIZE 4096LL
+#define KEYRING_BAM_BYTES 2048LL
+#define KEYRING_BAM_BITS (KEYRING_BAM_BYTES<<3)
+#define KEYRING_SLAB_SIZE (KEYRING_PAGE_SIZE*KEYRING_BAM_BITS)
+typedef struct keyring_bam {
+  off_t file_offset;
+  unsigned char bitmap[KEYRING_BAM_BYTES];
+  struct keyring_bam *next;
+} keyring_bam;
+
+#define KEYRING_MAX_CONTEXTS 256
+typedef struct keyring_file {
+  int context_count;
+  keyring_bam *bam;
+  keyring_context *contexts[KEYRING_MAX_CONTEXTS];
+  FILE *file;
+  off_t file_size;
+} keyring_file;
+
+void keyring_free(keyring_file *k);
+void keyring_release_identity(keyring_file *k, int cn, int id);
+#define KEYTYPE_CRYPTOBOX 0x01 // must be lowest
+#define KEYTYPE_CRYPTOSIGN 0x02
+#define KEYTYPE_RHIZOME 0x03
+/* DIDs aren't really keys, but the keyring is a real handy place to keep them,
+   and keep them private if people so desire */
+#define KEYTYPE_DID 0x04
+
+/* handle to keyring file for use in running instance */
+extern keyring_file *keyring;
+
+/* Public calls to keyring management */
+keyring_file *keyring_open(const char *path, int writeable);
+keyring_file *keyring_open_instance();
+keyring_file *keyring_open_instance_cli(const struct cli_parsed *parsed);
+int keyring_enter_pin(keyring_file *k, const char *pin);
+int keyring_set_did(keyring_identity *id, const char *did, const char *name);
+int keyring_sanitise_position(const keyring_file *k,int *cn,int *in,int *kp);
+int keyring_next_keytype(const keyring_file *k, int *cn, int *in, int *kp, int keytype);
+int keyring_next_identity(const keyring_file *k,int *cn,int *in,int *kp);
+int keyring_identity_find_keytype(const keyring_file *k, int cn, int in, int keytype);
+int keyring_find_did(const keyring_file *k,int *cn,int *in,int *kp, const char *did);
+int keyring_find_sid(const keyring_file *k,int *cn,int *in,int *kp, const sid_t *sidp);
+unsigned char *keyring_find_sas_private(keyring_file *k, const sid_t *sidp, unsigned char **sas_public);
+int keyring_send_sas_request(struct subscriber *subscriber);
+
+int keyring_commit(keyring_file *k);
+keyring_identity *keyring_create_identity(keyring_file *k,keyring_context *c, const char *pin);
+int keyring_seed(keyring_file *k);
+void keyring_identity_extract(const keyring_identity *id, const sid_t **sidp, const char **didp, const char **namep);
+int keyring_load(keyring_file *k, const char *keyring_pin, unsigned entry_pinc, const char **entry_pinv, FILE *input);
+int keyring_dump(keyring_file *k, XPRINTF xpf, int include_secret);
+
+unsigned char *keyring_get_nm_bytes(const sid_t *known_sidp, const sid_t *unknown_sidp);
+
+int keyring_mapping_request(keyring_file *k, struct overlay_frame *frame, overlay_mdp_frame *req);
+int keyring_send_unlock(struct subscriber *subscriber);
+void keyring_release_subscriber(keyring_file *k, const sid_t *sid);
+
+#endif // __SERVALD_KEYRING_H
--- a/meshms.c
+++ b/meshms.c
@ -5,6 +5,7 @@
 #include "conf.h"
 #include "crypto.h"
 #include "strlcpy.h"
+#include "keyring.h"

 #define MESHMS_BLOCK_TYPE_ACK 0x01
 #define MESHMS_BLOCK_TYPE_MESSAGE 0x02
--- a/overlay.c
+++ b/overlay.c
@ -72,6 +72,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 #include "conf.h"
 #include "rhizome.h"
 #include "strbuf.h"
+#include "keyring.h"

 int overlayMode=0;

--- a/overlay_address.h
+++ b/overlay_address.h
@ -82,7 +82,7 @@ struct subscriber{
  unsigned char sas_valid;
  
  // private keys for local identities
-  keyring_identity *identity;
+  struct keyring_identity *identity;
 };

 struct broadcast{
--- a/overlay_link.c
+++ b/overlay_link.c
@ -4,6 +4,7 @@
 #include "overlay_address.h"
 #include "overlay_buffer.h"
 #include "overlay_packet.h"
+#include "keyring.h"

 #define MIN_BURST_LENGTH 5000

--- a/overlay_mdp.c
+++ b/overlay_mdp.c
@ -29,6 +29,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 #include "overlay_packet.h"
 #include "mdp_client.h"
 #include "crypto.h"
+#include "keyring.h"

 static void overlay_mdp_poll(struct sched_ent *alarm);
 static void mdp_poll2(struct sched_ent *alarm);
--- a/overlay_mdp_services.c
+++ b/overlay_mdp_services.c
@ -28,6 +28,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 #include "rhizome.h"
 #include "crypto.h"
 #include "log.h"
+#include "keyring.h"

 int rhizome_mdp_send_block(struct subscriber *dest, const rhizome_bid_t *bid, uint64_t version, uint64_t fileOffset, uint32_t bitmap, uint16_t blockLength)
 {
--- a/rhizome_bundle.c
+++ b/rhizome_bundle.c
@ -25,6 +25,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 #include "rhizome.h"
 #include "str.h"
 #include "mem.h"
+#include "keyring.h"

 static const char *rhizome_manifest_get(const rhizome_manifest *m, const char *var)
 {
--- a/rhizome_crypto.c
+++ b/rhizome_crypto.c
@ -29,6 +29,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 #include "str.h"
 #include "rhizome.h"
 #include "crypto.h"
+#include "keyring.h"

 /* Work out the encrypt/decrypt key for the supplied manifest.
   If the manifest is not encrypted, then return NULL.
--- a/rhizome_database.c
+++ b/rhizome_database.c
@ -28,6 +28,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 #include "strbuf.h"
 #include "strbuf_helpers.h"
 #include "str.h"
+#include "keyring.h"

 static char rhizome_thisdatastore_path[256];

--- a/route_link.c
+++ b/route_link.c
@ -4,6 +4,7 @@
 #include "overlay_packet.h"
 #include "str.h"
 #include "conf.h"
+#include "keyring.h"
 #include <assert.h>

 /*
--- a/serval.h
+++ b/serval.h
@ -103,7 +103,6 @@ struct in_addr {
 #endif

 #include <fcntl.h>
-#include <ctype.h>
 #include <sys/stat.h>

 #include "fdqueue.h"
@ -240,100 +239,9 @@ extern char *instrumentation_file;
 extern char *batman_socket;
 extern char *batman_peerfile;

-
 struct subscriber;
 struct decode_context;

-typedef struct keypair {
-  int type;
-  unsigned char *private_key;
-  size_t private_key_len;
-  unsigned char *public_key;
-  size_t public_key_len;
-} keypair;
-
-/* Contains just the list of private:public key pairs and types,
-   the pin used to extract them, and the slot in the keyring file
-   (so that it can be replaced/rewritten as required). */
-#define PKR_MAX_KEYPAIRS 64
-#define PKR_SALT_BYTES 32
-#define PKR_MAC_BYTES 64
-typedef struct keyring_identity {
-  char *PKRPin;
-  struct subscriber *subscriber;
-  time_ms_t challenge_expires;
-  unsigned char challenge[24];
-  unsigned int slot;
-  unsigned int keypair_count;
-  keypair *keypairs[PKR_MAX_KEYPAIRS];
-} keyring_identity;
-
-/* 64K identities, can easily be increased should the need arise,
-   but keep it low-ish for now so that the 64K pointers don't eat too
-   much ram on a small device.  Should probably think about having
-   small and large device settings for some of these things */
-#define KEYRING_MAX_IDENTITIES 65536
-typedef struct keyring_context {
-  char *KeyRingPin;
-  unsigned char *KeyRingSalt;
-  int KeyRingSaltLen;
-  unsigned int identity_count;
-  keyring_identity *identities[KEYRING_MAX_IDENTITIES];
-} keyring_context;
-
-#define KEYRING_PAGE_SIZE 4096LL
-#define KEYRING_BAM_BYTES 2048LL
-#define KEYRING_BAM_BITS (KEYRING_BAM_BYTES<<3)
-#define KEYRING_SLAB_SIZE (KEYRING_PAGE_SIZE*KEYRING_BAM_BITS)
-typedef struct keyring_bam {
-  off_t file_offset;
-  unsigned char bitmap[KEYRING_BAM_BYTES];
-  struct keyring_bam *next;
-} keyring_bam;
-
-#define KEYRING_MAX_CONTEXTS 256
-typedef struct keyring_file {
-  int context_count;
-  keyring_bam *bam;
-  keyring_context *contexts[KEYRING_MAX_CONTEXTS];
-  FILE *file;
-  off_t file_size;
-} keyring_file;
-
-void keyring_free(keyring_file *k);
-void keyring_release_identity(keyring_file *k, int cn, int id);
-#define KEYTYPE_CRYPTOBOX 0x01 // must be lowest
-#define KEYTYPE_CRYPTOSIGN 0x02
-#define KEYTYPE_RHIZOME 0x03
-/* DIDs aren't really keys, but the keyring is a real handy place to keep them,
-   and keep them private if people so desire */
-#define KEYTYPE_DID 0x04
-
-/* handle to keyring file for use in running instance */
-extern keyring_file *keyring;
-
-/* Public calls to keyring management */
-keyring_file *keyring_open(const char *path, int writeable);
-keyring_file *keyring_open_instance();
-keyring_file *keyring_open_instance_cli(const struct cli_parsed *parsed);
-int keyring_enter_pin(keyring_file *k, const char *pin);
-int keyring_set_did(keyring_identity *id, const char *did, const char *name);
-int keyring_sanitise_position(const keyring_file *k,int *cn,int *in,int *kp);
-int keyring_next_keytype(const keyring_file *k, int *cn, int *in, int *kp, int keytype);
-int keyring_next_identity(const keyring_file *k,int *cn,int *in,int *kp);
-int keyring_identity_find_keytype(const keyring_file *k, int cn, int in, int keytype);
-int keyring_find_did(const keyring_file *k,int *cn,int *in,int *kp,char *did);
-int keyring_find_sid(const keyring_file *k,int *cn,int *in,int *kp, const sid_t *sidp);
-unsigned char *keyring_find_sas_private(keyring_file *k, const sid_t *sidp, unsigned char **sas_public);
-int keyring_send_sas_request(struct subscriber *subscriber);
-
-int keyring_commit(keyring_file *k);
-keyring_identity *keyring_create_identity(keyring_file *k,keyring_context *c, const char *pin);
-int keyring_seed(keyring_file *k);
-void keyring_identity_extract(const keyring_identity *id, const sid_t **sidp, const char **didp, const char **namep);
-int keyring_load(keyring_file *k, const char *keyring_pin, unsigned entry_pinc, const char **entry_pinv, FILE *input);
-int keyring_dump(keyring_file *k, XPRINTF xpf, int include_secret);
-
 /* Make sure we have space to put bytes of the packet as we go along */
 #define CHECK_PACKET_LEN(B) {if (((*packet_len)+(B))>=packet_maxlen) { return WHY("Packet composition ran out of space."); } }

@ -612,7 +520,6 @@ typedef struct sockaddr_mdp {
  sid_t sid;
  mdp_port_t port;
 } sockaddr_mdp;
-unsigned char *keyring_get_nm_bytes(const sid_t *known_sidp, const sid_t *unknown_sidp);

 typedef struct overlay_mdp_data_frame {
  sockaddr_mdp src;
@ -664,10 +571,6 @@ typedef struct overlay_mdp_frame {
  };
 } overlay_mdp_frame;

-int keyring_mapping_request(keyring_file *k, struct overlay_frame *frame, overlay_mdp_frame *req);
-int keyring_send_unlock(struct subscriber *subscriber);
-void keyring_release_subscriber(keyring_file *k, const sid_t *sid);
-
 /* Server-side MDP functions */
 int overlay_mdp_swap_src_dst(overlay_mdp_frame *mdp);
 int overlay_mdp_reply(int sock,struct sockaddr_un *recvaddr, socklen_t recvaddrlen,