mirror of
https://github.com/servalproject/serval-dna.git
synced 2024-12-21 22:17:53 +00:00
added code to replace old-format SAS with new crypto_sign implementation
type on next use (so that people upgrading automatically get a new valid SAS instead of continuing to try to use an invalid one -- this is only a reasonable course of action since we have made no formal releases of the code). #17
This commit is contained in:
parent
499c4018bf
commit
55c9cff8cd
22
keyring.c
22
keyring.c
@ -17,6 +17,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "serval.h"
|
#include "serval.h"
|
||||||
|
#include "rhizome.h"
|
||||||
#include "nacl.h"
|
#include "nacl.h"
|
||||||
#include "overlay_address.h"
|
#include "overlay_address.h"
|
||||||
|
|
||||||
@ -1105,7 +1106,7 @@ int keyring_sanitise_position(const keyring_file *k,int *cn,int *in,int *kp)
|
|||||||
}
|
}
|
||||||
|
|
||||||
unsigned char *keyring_find_sas_private(keyring_file *k,unsigned char *sid,
|
unsigned char *keyring_find_sas_private(keyring_file *k,unsigned char *sid,
|
||||||
unsigned char **sas_public)
|
unsigned char **sas_public_out)
|
||||||
{
|
{
|
||||||
IN();
|
IN();
|
||||||
int cn=0,in=0,kp=0;
|
int cn=0,in=0,kp=0;
|
||||||
@ -1117,12 +1118,23 @@ unsigned char *keyring_find_sas_private(keyring_file *k,unsigned char *sid,
|
|||||||
for(kp=0;kp<k->contexts[cn]->identities[in]->keypair_count;kp++)
|
for(kp=0;kp<k->contexts[cn]->identities[in]->keypair_count;kp++)
|
||||||
if (k->contexts[cn]->identities[in]->keypairs[kp]->type==KEYTYPE_CRYPTOSIGN)
|
if (k->contexts[cn]->identities[in]->keypairs[kp]->type==KEYTYPE_CRYPTOSIGN)
|
||||||
{
|
{
|
||||||
if (sas_public)
|
unsigned char *sas_private=
|
||||||
*sas_public=
|
k->contexts[cn]->identities[in]->keypairs[kp]->private_key;
|
||||||
k->contexts[cn]->identities[in]->keypairs[kp]->public_key;
|
unsigned char *sas_public=
|
||||||
|
k->contexts[cn]->identities[in]->keypairs[kp]->public_key;
|
||||||
|
if (rhizome_verify_bundle_privatekey(NULL,sas_private,sas_public))
|
||||||
|
{
|
||||||
|
/* SAS key is invalid (perhaps because it was a pre 0.90 format one),
|
||||||
|
so replace it */
|
||||||
|
DEBUGF("SAS key is invalid -- regenerating.");
|
||||||
|
crypto_sign_edwards25519sha512batch_keypair(sas_public,
|
||||||
|
sas_private);
|
||||||
|
keyring_commit(k);
|
||||||
|
}
|
||||||
if (debug & DEBUG_KEYRING)
|
if (debug & DEBUG_KEYRING)
|
||||||
DEBUGF("Found SAS entry for %s*", alloca_tohex(sid, 7));
|
DEBUGF("Found SAS entry for %s*", alloca_tohex(sid, 7));
|
||||||
RETURN(k->contexts[cn]->identities[in]->keypairs[kp]->private_key);
|
if (sas_public_out) *sas_public_out=sas_public;
|
||||||
|
RETURN(sas_private);
|
||||||
}
|
}
|
||||||
|
|
||||||
RETURNNULL(WHYNULL("Identity lacks SAS"));
|
RETURNNULL(WHYNULL("Identity lacks SAS"));
|
||||||
|
@ -315,12 +315,12 @@ int rhizome_verify_bundle_privatekey(rhizome_manifest *m,
|
|||||||
ge_p3_tobytes(pk,&A);
|
ge_p3_tobytes(pk,&A);
|
||||||
|
|
||||||
for (i = 0;i < 32;++i) if (pkin[i] != pk[i]) {
|
for (i = 0;i < 32;++i) if (pkin[i] != pk[i]) {
|
||||||
if (sk==m->cryptoSignSecret&&pkin==m->cryptoSignPublic)
|
if (m&&sk==m->cryptoSignSecret&&pkin==m->cryptoSignPublic)
|
||||||
m->haveSecret=0;
|
m->haveSecret=0;
|
||||||
RETURN(-1);
|
RETURN(-1);
|
||||||
}
|
}
|
||||||
DEBUGF("We have the private key for this bundle.");
|
DEBUGF("We have the private key for this bundle.");
|
||||||
if (sk==m->cryptoSignSecret&&pkin==m->cryptoSignPublic) {
|
if (m&&sk==m->cryptoSignSecret&&pkin==m->cryptoSignPublic) {
|
||||||
DEBUGF("Set haveSecret=1 in manifest");
|
DEBUGF("Set haveSecret=1 in manifest");
|
||||||
m->haveSecret=1;
|
m->haveSecret=1;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user