ExternalVendorCode/serval-dna
1
0
Fork 0
mirror of https://github.com/servalproject/serval-dna.git synced 2025-02-21 01:42:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Issue #17, improve speed of "rhizome extract manifest"

Browse Source 
In the case that the MANIFESTS 'author' column is not NULL, do not perform a
full bundle secret verification in order to clear the '.readonly' flag, just
check whether the author's SID is present in the keyring with a proper-size
rhizome secret.
This commit is contained in:
Andrew Bettison 2012-10-15 18:33:44 +10:30
parent f6d9e6cb0e
commit 52ccd07020
3 changed files with 56 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
rhizome.h
View File

@ -294,6 +294,7 @@ int rhizome_fetching_get_fds(struct pollfd *fds,int *fdcount,int fdmax);
int rhizome_manifest_version_cache_lookup(rhizome_manifest *m);
int rhizome_manifest_version_cache_store(rhizome_manifest *m);
int monitor_announce_bundle(rhizome_manifest *m);
int rhizome_find_secret(const unsigned char *authorSid, int *rs_len, const unsigned char **rs);
int rhizome_bk_xor(const unsigned char *authorSid, // binary
unsigned char bid[crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES],
unsigned char bkin[crypto_sign_edwards25519sha512batch_SECRETKEYBYTES],

68
rhizome_crypto.c
View File

@ -66,6 +66,41 @@ static void rhizome_bk_xor_rs(
OUT();
}
/* Given the SID of a bundle's author, search for an identity in the keyring and return its
* Rhizome secret if found.
*
* Returns -1 if an error occurs.
* Returns 0 if the author's rhizome secret is found; '*rs' is set to point to the secret key in the
* keyring, and '*rs_len' is set to the key length.
* Returns 2 if the author's identity is not in the keyring.
* Returns 3 if the author's identity is in the keyring but has no rhizome secret.
*
* @author Andrew Bettison <andrew@servalproject.com>
*/
int rhizome_find_secret(const unsigned char *authorSid, int *rs_len, const unsigned char **rs)
{
int cn=0, in=0, kp=0;
if (!keyring_find_sid(keyring,&cn,&in,&kp,authorSid)) {
if (debug & DEBUG_RHIZOME)
DEBUGF("identity sid=%s is not in keyring", alloca_tohex_sid(authorSid));
return 2;
}
kp = keyring_identity_find_keytype(keyring, cn, in, KEYTYPE_RHIZOME);
if (kp == -1) {
if (debug & DEBUG_RHIZOME)
DEBUGF("identity sid=%s has no Rhizome Secret", alloca_tohex_sid(authorSid));
return 3;
}
int rslen = keyring->contexts[cn]->identities[in]->keypairs[kp]->private_key_len;
if (rslen < 16 || rslen > 1024)
return WHYF("identity sid=%s has invalid Rhizome Secret: length=%d", alloca_tohex_sid(authorSid), rslen);
if (rs_len)
*rs_len = rslen;
if (rs)
*rs = keyring->contexts[cn]->identities[in]->keypairs[kp]->private_key;
return 0;
}
/* Given the SID of a bundle's author and the bundle ID, XOR a bundle key (private or public) with
* RS##BID where RS is the rhizome secret of the bundle's author, and BID is the bundle's public key
* (aka the Bundle ID).
@ -74,8 +109,10 @@ static void rhizome_bk_xor_rs(
*
* Returns -1 if an error occurs.
* Returns 0 if the author's private key is located and the XOR is performed successfully.
* Returns 2 if the author's identity is not in the keyring.
* Returns 3 if the author's identity is in the keyring but has no rhizome secret.
* Returns 2 if the author's identity is not in the keyring (this return code from
* rhizome_find_secret()).
* Returns 3 if the author's identity is in the keyring but has no rhizome secret (this return code
* from rhizome_find_secret()).
*
* Looks up the SID in the keyring, and if it is present and has a valid-looking RS, calls
* rhizome_bk_xor_rs() to perform the XOR.
@ -89,26 +126,17 @@ int rhizome_bk_xor(const unsigned char *authorSid, // binary
{
if (crypto_sign_edwards25519sha512batch_SECRETKEYBYTES > crypto_hash_sha512_BYTES)
return WHY("BK needs to be longer than it can be");
int cn=0,in=0,kp=0;
if (!keyring_find_sid(keyring,&cn,&in,&kp,authorSid)) {
int rs_len;
const unsigned char *rs;
int result = rhizome_find_secret(authorSid, &rs_len, &rs);
if (result == -1)
return WHY("Error searching for Rhizome secret");
if (result == 0) {
if (debug & DEBUG_RHIZOME)
DEBUGF("identity sid=%s is not in keyring", alloca_tohex_sid(authorSid));
return 2;
DEBUGF("using identity sid=%s", alloca_tohex_sid(authorSid));
rhizome_bk_xor_rs(rs, rs_len, bid, bkin, bkout);
}
kp = keyring_identity_find_keytype(keyring, cn, in, KEYTYPE_RHIZOME);
if (kp == -1) {
if (debug & DEBUG_RHIZOME)
DEBUGF("identity sid=%s has no Rhizome Secret", alloca_tohex_sid(authorSid));
return 3;
}
int rs_len = keyring->contexts[cn]->identities[in]->keypairs[kp]->private_key_len;
if (rs_len < 16 || rs_len > 1024)
return WHYF("identity sid=%s has invalid Rhizome Secret: length=%d", alloca_tohex_sid(authorSid), rs_len);
const unsigned char *rs = keyring->contexts[cn]->identities[in]->keypairs[kp]->private_key;
if (debug & DEBUG_RHIZOME)
DEBUGF("using identity sid=%s", alloca_tohex_sid(authorSid));
rhizome_bk_xor_rs(rs, rs_len, bid, bkin, bkout);
return 0;
return result;
}
/* See if the manifest has a BK entry, and if so, use it to obtain the private key for the BID. The

16
rhizome_database.c
View File

@ -1438,13 +1438,13 @@ int rhizome_retrieve_manifest(const char *manifestid, rhizome_manifest **mp)
}
} else if (stowSid(m->author, 0, q_author) == -1) {
WARNF("MANIFESTS row id=%s contains invalid author=%s -- ignored", q_manifestid, alloca_str_toprint(q_author));
q_author = NULL; // don't output the ".author" field
} else {
// If the AUTHOR column contains a valid SID, then it means that author verification has
// already been done (either implicitly when the bundle was added locally, or explicitly
// the last time this verification was performed), so we trust that this bundle is
// writable if the AUTHOR is also present in the keyring and possesses a Rhizome Secret.
int result = rhizome_extract_privatekey(m);
// when rhizome_find_bundle_author() was called in the case above), so we represent this
// bundle as writable if the author is present in the keyring and possesses a Rhizome
// Secret.
int result = rhizome_find_secret(m->author, NULL, NULL);
switch (result) {
case -1:
ret = WHY("Error extracting manifest private key");
@ -1452,11 +1452,9 @@ int rhizome_retrieve_manifest(const char *manifestid, rhizome_manifest **mp)
case 0:
read_only = 0;
break;
case 4: // author is in keyring, but does not verify
WARNF("MANIFESTS row id=%s author=%s fails verification -- ignored", q_manifestid, q_author);
memset(m->author, 0, sizeof m->author);
if (sqlite_exec_void("UPDATE MANIFESTS SET author=NULL WHERE id='%s';", manifestIdUpper) == -1)
WHY("Error updating MANIFESTS author column");
default:
INFOF("bundle author=%s is not in keyring -- ignored", q_author);
memset(m->author, 0, sizeof m->author); // do not output ".author" field
break;
}
}