Add identity_t type & rename signing key api to identity.

This commit is contained in:
Jeremy Lakeman 2016-08-15 13:13:26 +09:30
parent dc7226b6a5
commit b6256ea89a
22 changed files with 211 additions and 213 deletions

View File

@ -26,8 +26,8 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// verify the signature at the end of a message, on return message_len will be reduced by the length of the signature.
int crypto_verify_message(struct subscriber *subscriber, unsigned char *message, size_t *message_len)
{
if (!subscriber->sas_valid){
keyring_send_sas_request(subscriber);
if (!subscriber->id_valid){
keyring_send_identity_request(subscriber);
return WHY("SAS key not currently on record, cannot verify");
}
@ -39,7 +39,7 @@ int crypto_verify_message(struct subscriber *subscriber, unsigned char *message,
unsigned char hash[crypto_hash_sha512_BYTES];
crypto_hash_sha512(hash,message,*message_len);
if (crypto_sign_verify_detached(&message[*message_len], hash, crypto_hash_sha512_BYTES, subscriber->sas_public))
if (crypto_sign_verify_detached(&message[*message_len], hash, crypto_hash_sha512_BYTES, subscriber->id_public.binary))
return WHY("Signature verification failed");
return 0;

View File

@ -30,6 +30,11 @@ int cmp_sid_t(const sid_t *a, const sid_t *b)
return memcmp(a, b, sizeof a->binary);
}
int cmp_identity_t(const identity_t *a, const identity_t *b)
{
return memcmp(a, b, sizeof a->binary);
}
int str_to_sid_t(sid_t *sidp, const char *hex)
{
return parse_sid_t(sidp, hex, -1, NULL); // checks for nul terminator
@ -97,6 +102,33 @@ int strn_is_subscriber_id(const char *sid, size_t *lenp)
return 0;
}
int str_is_identity(const char *id)
{
return is_xstring(id, IDENTITY_STRLEN);
}
int strn_is_identity(const char *id, size_t *lenp)
{
if (is_xsubstring(id, IDENTITY_STRLEN)){
if (lenp)
*lenp = SID_STRLEN;
return 1;
}
return 0;
}
int str_to_identity_t(identity_t *idp, const char *hex)
{
return parse_hex_t(idp, hex);
}
int strn_to_identity_t(identity_t *idp, const char *hex, size_t hexlen)
{
const char *endp;
return parse_hexn_t(idp, hex, hexlen, &endp);
}
int cmp_rhizome_bid_t(const rhizome_bid_t *a, const rhizome_bid_t *b)
{
return memcmp(a, b, sizeof a->binary);

View File

@ -21,6 +21,8 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
int str_is_subscriber_id(const char *sid);
int strn_is_subscriber_id(const char *sid, size_t *lenp);
int str_is_identity(const char *sid);
int strn_is_identity(const char *sid, size_t *lenp);
int str_is_did(const char *did);
int strn_is_did(const char *did, size_t *lenp);

View File

@ -143,7 +143,7 @@ public class KeyringCommon
json.consume(JSONTokeniser.Token.COLON);
SubscriberId sid = new SubscriberId(json.consume(String.class));
json.consume(JSONTokeniser.Token.COMMA);
json.consume("sign");
json.consume("identity");
json.consume(JSONTokeniser.Token.COLON);
SigningKey sas = new SigningKey(json.consume(String.class));
String did = null;

View File

@ -49,7 +49,7 @@ public class KeyringIdentityList {
this.httpConnector = connector;
this.table = new JSONTableScanner()
.addColumn("sid", SubscriberId.class)
.addColumn("sign", SigningKey.class)
.addColumn("identity", SigningKey.class)
.addColumn("did", String.class, JSONTokeniser.Narrow.ALLOW_NULL)
.addColumn("name", String.class, JSONTokeniser.Narrow.ALLOW_NULL);
}
@ -121,7 +121,7 @@ public class KeyringIdentityList {
return new KeyringIdentity(
rowCount++,
new Subscriber((SubscriberId)row.get("sid"),
(SigningKey) row.get("sign"),
(SigningKey) row.get("identity"),
true),
(String)row.get("did"),
(String)row.get("name")

163
keyring.c
View File

@ -46,7 +46,7 @@ static int keyring_identity_mac(const keyring_identity *id, unsigned char *pkrsa
static int keyring_commit_identity(keyring_file *k, keyring_identity *id);
struct combined_pk{
uint8_t sign_key[crypto_sign_PUBLICKEYBYTES];
identity_t sign_key;
sid_t box_key;
};
@ -231,60 +231,18 @@ keypair *keyring_find_did(keyring_iterator *it, const char *did)
return NULL;
}
const uint8_t * keyring_get_box(const keyring_identity *id)
{
keypair *kp = id->keypairs;
while(kp){
if (kp->type == KEYTYPE_CRYPTOBOX)
return kp->private_key;
if (kp->type == KEYTYPE_CRYPTOCOMBINED){
struct combined_sk *secret = (struct combined_sk *)kp->private_key;
return secret->box_key;
}
kp = kp->next;
}
return NULL;
keyring_identity *keyring_find_identity_sid(keyring_file *k, const sid_t *sidp){
keyring_identity *id = k->identities;
while(id && (!id->box_pk || cmp_sid_t(id->box_pk,sidp)!=0))
id = id->next;
return id;
}
int keyring_find_box(keyring_iterator *it, const sid_t *sidp, const uint8_t **sk)
{
keypair *kp;
while((kp=keyring_next_key(it))){
if (kp->type == KEYTYPE_CRYPTOBOX){
if (memcmp(sidp->binary, kp->public_key, SID_SIZE) == 0){
if (sk)
*sk = kp->private_key;
return 1;
}
}else if(kp->type == KEYTYPE_CRYPTOCOMBINED){
struct combined_pk *pk = (struct combined_pk *)kp->public_key;
if (memcmp(sidp->binary, pk->box_key.binary, SID_SIZE) == 0){
if (sk){
struct combined_sk *secret = (struct combined_sk *)kp->private_key;
*sk = secret->box_key;
}
return 1;
}
}
}
return 0;
}
keyring_identity *keyring_find_identity(keyring_file *k, const sid_t *sidp){
keypair *kp;
keyring_iterator it;
keyring_iterator_start(k, &it);
while((kp=keyring_next_key(&it))){
if (kp->type == KEYTYPE_CRYPTOBOX){
if (memcmp(sidp->binary, kp->public_key, SID_SIZE) == 0)
return it.identity;
}else if(kp->type == KEYTYPE_CRYPTOCOMBINED){
struct combined_pk *pk = (struct combined_pk *)kp->public_key;
if (memcmp(sidp->binary, pk->box_key.binary, SID_SIZE) == 0)
return it.identity;
}
}
return NULL;
keyring_identity *keyring_find_identity(keyring_file *k, const identity_t *sign){
keyring_identity *id = k->identities;
while(id && (!id->box_pk || cmp_identity_t(id->sign_pk, sign)!=0))
id = id->next;
return id;
}
static void add_subscriber(keyring_identity *id)
@ -298,13 +256,13 @@ static void add_subscriber(keyring_identity *id)
if (id->sign_pk){
// copy our signing key, so we can pass it to peers
bcopy(id->sign_pk, id->subscriber->sas_public, sizeof id->subscriber->sas_public);
id->subscriber->sas_valid = 1;
bcopy(id->sign_pk, &id->subscriber->id_public, sizeof id->subscriber->id_public);
id->subscriber->id_valid = 1;
keypair *kp = id->keypairs;
while(kp){
if (kp->type == KEYTYPE_CRYPTOCOMBINED){
id->subscriber->sas_combined = 1;
id->subscriber->id_combined = 1;
break;
}
kp = kp->next;
@ -367,35 +325,34 @@ void keyring_free(keyring_file *k)
return;
}
int keyring_release_identity(keyring_iterator *it)
int keyring_release_identities_by_pin(keyring_file *f, const char *pin)
{
assert(it->identity);
keyring_identity **i=&it->file->identities;
keyring_identity **i=&f->identities;
while(*i){
if ((*i)==it->identity){
(*i) = it->identity->next;
keyring_free_identity(it->identity);
it->identity=(*i);
if (it->identity)
it->keypair = it->identity->keypairs;
else
it->keypair = NULL;
return 0;
keyring_identity *id = (*i);
if (id->PKRPin && strcmp(id->PKRPin, pin) == 0){
(*i) = id->next;
keyring_free_identity(id);
}else{
i=&id->next;
}
i=&(*i)->next;
}
return WHY("Previous identity not found");
return 0;
}
int keyring_release_subscriber(keyring_file *k, const sid_t *sid)
{
keyring_iterator it;
keyring_iterator_start(k, &it);
if (!keyring_find_sid(&it, sid))
return WHYF("Keyring entry for %s not found", alloca_tohex_sid_t(*sid));
return keyring_release_identity(&it);
keyring_identity **i=&k->identities;
while(*i){
keyring_identity *id = (*i);
if (cmp_sid_t(id->box_pk,sid)==0){
(*i) = id->next;
keyring_free_identity(id);
return 0;
}
i=&id->next;
}
return WHYF("Keyring entry for %s not found", alloca_tohex_sid_t(*sid));
}
void keyring_free_identity(keyring_identity *id)
@ -532,7 +489,7 @@ static void create_cryptocombined(keypair *kp)
{
struct combined_pk *pk = (struct combined_pk *)kp->public_key;
struct combined_sk *sk = (struct combined_sk *)kp->private_key;
crypto_sign_ed25519_keypair(pk->sign_key, sk->sign_key);
crypto_sign_ed25519_keypair(pk->sign_key.binary, sk->sign_key);
crypto_sign_ed25519_sk_to_curve25519(sk->box_key, sk->sign_key);
crypto_scalarmult_base(pk->box_key.binary, sk->box_key);
}
@ -553,7 +510,7 @@ static int unpack_cryptocombined(keypair *kp, struct rotbuf *rb, size_t key_leng
struct combined_sk *sk = (struct combined_sk *)kp->private_key;
assert(key_length == sizeof seed);
rotbuf_getbuf(rb, seed, sizeof seed);
crypto_sign_ed25519_seed_keypair(pk->sign_key, sk->sign_key, seed);
crypto_sign_ed25519_seed_keypair(pk->sign_key.binary, sk->sign_key, seed);
crypto_sign_ed25519_sk_to_curve25519(sk->box_key, sk->sign_key);
crypto_scalarmult_base(pk->box_key.binary, sk->box_key);
return 0;
@ -1241,7 +1198,7 @@ static int keyring_finalise_identity(uint8_t *dirty, keyring_identity *id)
if (dirty)
*dirty = 1;
}
id->sign_pk = kp->public_key;
id->sign_pk = (const identity_t *)kp->public_key;
id->sign_sk = kp->private_key;
break;
case KEYTYPE_CRYPTOCOMBINED:{
@ -1249,7 +1206,7 @@ static int keyring_finalise_identity(uint8_t *dirty, keyring_identity *id)
struct combined_sk *sk = (struct combined_sk *)kp->private_key;
id->box_pk = &pk->box_key;
id->box_sk = sk->box_key;
id->sign_pk = pk->sign_key;
id->sign_pk = &pk->sign_key;
id->sign_sk = sk->sign_key;
break;
}
@ -1408,9 +1365,7 @@ static int keyring_commit_identity(keyring_file *k, keyring_identity *id)
{
keyring_finalise_identity(&k->dirty, id);
// Do nothing if an identity with this sid already exists
keyring_iterator it;
keyring_iterator_start(k, &it);
if (keyring_find_sid(&it, id->box_pk))
if (keyring_find_identity_sid(k, id->box_pk))
return 0;
set_slot(k, id->slot, 1);
@ -1709,9 +1664,9 @@ int keyring_sign_message(struct keyring_identity *identity, unsigned char *conte
return 0;
}
static int keyring_store_sas(struct internal_mdp_header *header, struct overlay_buffer *payload)
static int keyring_store_id(struct internal_mdp_header *header, struct overlay_buffer *payload)
{
if (header->source->sas_valid){
if (header->source->id_valid){
DEBUGF(keyring, "Ignoring SID:SAS mapping for %s, already have one", alloca_tohex_sid_t(header->source->sid));
return 0;
}
@ -1719,34 +1674,34 @@ static int keyring_store_sas(struct internal_mdp_header *header, struct overlay_
DEBUGF(keyring, "Received SID:SAS mapping, %zd bytes", len);
if (ob_remaining(payload) < SAS_SIZE + crypto_sign_BYTES)
if (ob_remaining(payload) < IDENTITY_SIZE + crypto_sign_BYTES)
return WHY("Truncated key mapping announcement?");
const uint8_t *sas_public = ob_get_bytes_ptr(payload, SAS_SIZE);
const uint8_t *id_public = ob_get_bytes_ptr(payload, IDENTITY_SIZE);
const uint8_t *compactsignature = ob_get_bytes_ptr(payload, crypto_sign_BYTES);
if (crypto_sign_verify_detached(compactsignature, header->source->sid.binary, SID_SIZE, sas_public))
if (crypto_sign_verify_detached(compactsignature, header->source->sid.binary, SID_SIZE, id_public))
return WHY("SID:SAS mapping verification signature does not verify");
// test if the sas key can be used to derive the sid
// test if the signing key can be used to derive the sid
sid_t sid;
if (crypto_sign_ed25519_pk_to_curve25519(sid.binary, sas_public)==0
if (crypto_sign_ed25519_pk_to_curve25519(sid.binary, id_public)==0
&& memcmp(&sid, &header->source->sid, sizeof sid) == 0)
header->source->sas_combined=1;
header->source->id_combined=1;
/* now store it */
bcopy(sas_public, header->source->sas_public, SAS_SIZE);
header->source->sas_valid=1;
header->source->sas_last_request=-1;
bcopy(id_public, &header->source->id_public, IDENTITY_SIZE);
header->source->id_valid=1;
header->source->id_last_request=-1;
DEBUGF(keyring, "Stored SID:SAS mapping, SID=%s to SAS=%s",
alloca_tohex_sid_t(header->source->sid),
alloca_tohex_sas(header->source->sas_public)
alloca_tohex_identity_t(&header->source->id_public)
);
return 0;
}
static int keyring_respond_sas(struct internal_mdp_header *header)
static int keyring_respond_id(struct internal_mdp_header *header)
{
keyring_identity *id = header->destination->identity;
@ -1761,7 +1716,7 @@ static int keyring_respond_sas(struct internal_mdp_header *header)
ob_limitsize(response_payload, sizeof buff);
ob_append_byte(response_payload, KEYTYPE_CRYPTOSIGN);
ob_append_bytes(response_payload, id->sign_pk, crypto_sign_PUBLICKEYBYTES);
ob_append_bytes(response_payload, id->sign_pk->binary, crypto_sign_PUBLICKEYBYTES);
uint8_t *sig = ob_append_space(response_payload, crypto_sign_BYTES);
if (crypto_sign_detached(sig, NULL, header->destination->sid.binary, SID_SIZE, id->sign_sk))
@ -1929,8 +1884,8 @@ static int keyring_mapping_request(struct internal_mdp_header *header, struct ov
switch(ob_get(payload)){
case KEYTYPE_CRYPTOSIGN:
if (ob_remaining(payload)==0)
return keyring_respond_sas(header);
return keyring_store_sas(header, payload);
return keyring_respond_id(header);
return keyring_store_id(header, payload);
break;
case UNLOCK_REQUEST:
{
@ -1947,13 +1902,13 @@ static int keyring_mapping_request(struct internal_mdp_header *header, struct ov
return WHY("Not implemented");
}
int keyring_send_sas_request(struct subscriber *subscriber){
if (subscriber->sas_valid)
int keyring_send_identity_request(struct subscriber *subscriber){
if (subscriber->id_valid)
return 0;
time_ms_t now = gettime_ms();
if (now < subscriber->sas_last_request + 100){
if (now < subscriber->id_last_request + 100){
DEBUG(keyring, "Too soon to ask for SAS mapping again");
return 0;
}
@ -1974,7 +1929,7 @@ int keyring_send_sas_request(struct subscriber *subscriber){
ob_append_byte(payload, KEYTYPE_CRYPTOSIGN);
DEBUGF(keyring, "Sending SAS resolution request");
subscriber->sas_last_request=now;
subscriber->id_last_request=now;
ob_flip(payload);
int ret = overlay_send_frame(&header, payload);
ob_free(payload);

View File

@ -51,7 +51,7 @@ typedef struct keyring_identity {
const uint8_t *box_sk;
const sid_t *box_pk;
const uint8_t *sign_sk;
const uint8_t *sign_pk;
const identity_t *sign_pk;
struct keyring_identity *next;
keypair *keypairs;
} keyring_identity;
@ -89,12 +89,12 @@ keypair * keyring_next_key(keyring_iterator *it);
keypair * keyring_next_keytype(keyring_iterator *it, unsigned keytype);
keypair *keyring_identity_keytype(const keyring_identity *id, unsigned keytype);
keypair *keyring_find_did(keyring_iterator *it, const char *did);
keyring_identity *keyring_find_identity(keyring_file *k, const sid_t *sidp);
int keyring_find_box(keyring_iterator *it, const sid_t *sidp, const uint8_t **sk);
#define keyring_find_sid(I, S) keyring_find_box(I, S, NULL)
keyring_identity *keyring_find_identity_sid(keyring_file *k, const sid_t *sidp);
keyring_identity *keyring_find_identity(keyring_file *k, const identity_t *sign);
void keyring_free(keyring_file *k);
int keyring_release_identity(keyring_iterator *it);
int keyring_release_identities_by_pin(keyring_file *f, const char *pin);
int keyring_release_subscriber(keyring_file *k, const sid_t *sid);
#define KEYTYPE_CRYPTOBOX 0x01 // must be lowest
#define KEYTYPE_CRYPTOSIGN 0x02
@ -119,7 +119,7 @@ keyring_file *keyring_open_instance_cli(const struct cli_parsed *parsed);
int keyring_enter_pin(keyring_file *k, const char *pin);
int keyring_set_did(keyring_identity *id, const char *did, const char *name);
int keyring_sign_message(struct keyring_identity *identity, unsigned char *content, size_t buffer_len, size_t *content_len);
int keyring_send_sas_request(struct subscriber *subscriber);
int keyring_send_identity_request(struct subscriber *subscriber);
int keyring_commit(keyring_file *k);
keyring_identity *keyring_inmemory_identity();

View File

@ -123,6 +123,7 @@ static int app_keyring_list(const struct cli_parsed *parsed, struct cli_context
const char *names[]={
"sid",
"identity",
"did",
"name"
};
@ -137,6 +138,7 @@ static int app_keyring_list(const struct cli_parsed *parsed, struct cli_context
const char *name = NULL;
keyring_identity_extract(id, &did, &name);
cli_put_string(context, alloca_tohex_sid_t(*id->box_pk), ":");
cli_put_string(context, alloca_tohex_identity_t(id->sign_pk), ":");
cli_put_string(context, did, ":");
cli_put_string(context, name, "\n");
rowcount++;
@ -152,6 +154,10 @@ static void cli_output_identity(struct cli_context *context, const keyring_ident
cli_field_name(context, "sid", ":");
cli_put_string(context, alloca_tohex_sid_t(*id->box_pk), "\n");
}
if (id->sign_pk){
cli_field_name(context, "identity", ":");
cli_put_string(context, alloca_tohex_identity_t(id->sign_pk), "\n");
}
keypair *kp=id->keypairs;
while(kp){
switch(kp->type){
@ -201,9 +207,13 @@ static int app_keyring_list2(const struct cli_parsed *parsed, struct cli_context
while((id = keyring_next_identity(&it))){
unsigned fields=0;
// count the number of fields that we will output
keypair *kp=it.identity->keypairs;
keypair *kp=id->keypairs;
if (id->box_pk)
fields++;
if (id->sign_pk)
fields++;
while(kp){
if (kp->type==KEYTYPE_CRYPTOBOX || kp->type==KEYTYPE_PUBLIC_TAG)
if (kp->type==KEYTYPE_PUBLIC_TAG)
fields++;
if (kp->type==KEYTYPE_DID){
if (strlen((char*)kp->private_key))
@ -273,21 +283,20 @@ static int app_keyring_set_did(const struct cli_parsed *parsed, struct cli_conte
if (!(keyring = keyring_open_instance_cli(parsed)))
return -1;
keyring_iterator it;
keyring_iterator_start(keyring, &it);
keyring_identity *id = keyring_find_identity_sid(keyring, &sid);
int r=0;
if (!keyring_find_sid(&it, &sid))
if (!id)
r=WHY("No matching SID");
else{
if (keyring_set_did(it.identity, did, name))
if (keyring_set_did(id, did, name))
r=WHY("Could not set DID");
else{
if (keyring_commit(keyring))
r=WHY("Could not write updated keyring record");
else{
cli_output_identity(context, it.identity);
cli_output_identity(context, id);
}
}
}
@ -315,20 +324,19 @@ static int app_keyring_set_tag(const struct cli_parsed *parsed, struct cli_conte
if (str_to_sid_t(&sid, sidhex) == -1)
return WHY("str_to_sid_t() failed");
keyring_iterator it;
keyring_iterator_start(keyring, &it);
keyring_identity *id = keyring_find_identity_sid(keyring, &sid);
int r=0;
if (!keyring_find_sid(&it, &sid))
if (!id)
r=WHY("No matching SID");
else{
int length = strlen(value);
if (keyring_set_public_tag(it.identity, tag, (const unsigned char*)value, length))
if (keyring_set_public_tag(id, tag, (const unsigned char*)value, length))
r=WHY("Could not set tag value");
else{
if (keyring_commit(keyring))
r=WHY("Could not write updated keyring record");
else{
cli_output_identity(context, it.identity);
cli_output_identity(context, id);
}
}
}

View File

@ -98,10 +98,10 @@ static int http_request_keyring_response_identity(struct httpd_request *r, uint1
json_sid.type = JSON_STRING_NULTERM;
json_sid.u.string.content = alloca_tohex_sid_t(*id->box_pk);
json_id_kv[1].key = "sign";
json_id_kv[1].key = "identity";
json_id_kv[1].value = &json_sas;
json_sas.type = JSON_STRING_NULTERM;
json_sas.u.string.content = alloca_tohex_sas(id->sign_pk);
json_sas.u.string.content = alloca_tohex_identity_t(id->sign_pk);
if (did) {
json_id_kv[json_id.u.object.itemc].key = "did";
@ -152,7 +152,7 @@ static int restful_keyring_identitylist_json_content_chunk(struct http_request *
// identities.
const char *headers[] = {
"sid",
"sign",
"identity",
"did",
"name"
};
@ -183,7 +183,7 @@ static int restful_keyring_identitylist_json_content_chunk(struct http_request *
strbuf_puts(b, "\n[");
strbuf_json_string(b, alloca_tohex_sid_t(*r->u.sidlist.it.identity->box_pk));
strbuf_puts(b, ",");
strbuf_json_string(b, alloca_tohex_sas(r->u.sidlist.it.identity->sign_pk));
strbuf_json_string(b, alloca_tohex_identity_t(r->u.sidlist.it.identity->sign_pk));
strbuf_puts(b, ",");
strbuf_json_string(b, did);
strbuf_puts(b, ",");
@ -238,13 +238,12 @@ static int restful_keyring_set(httpd_request *r, const char *remainder)
const char *name = http_request_get_query_param(&r->http, "name");
if (pin)
keyring_enter_pin(keyring, pin);
keyring_iterator it;
keyring_iterator_start(keyring, &it);
if (!keyring_find_sid(&it, &r->sid1))
keyring_identity *id = keyring_find_identity_sid(keyring, &r->sid1);
if (!id)
return http_request_keyring_response(r, 404, "Identity not found");
if (keyring_set_did(it.identity, did ? did : "", name ? name : "") == -1)
if (keyring_set_did(id, did ? did : "", name ? name : "") == -1)
return http_request_keyring_response(r, 500, "Could not set identity DID/Name");
if (keyring_commit(keyring) == -1)
return http_request_keyring_response(r, 500, "Could not store new identity");
return http_request_keyring_response_identity(r, 200, CONTENT_TYPE_JSON, it.identity);
return http_request_keyring_response_identity(r, 200, CONTENT_TYPE_JSON, id);
}

View File

@ -535,7 +535,7 @@ enum meshms_status meshms_conversations_list(const keyring_identity *id, const s
if (!my_sid){
my_sid = id->box_pk;
}else if(!id){
id = keyring_find_identity(keyring, my_sid);
id = keyring_find_identity_sid(keyring, my_sid);
if (!id){
status = MESHMS_STATUS_SID_LOCKED;
goto end;
@ -585,7 +585,7 @@ enum meshms_status meshms_message_iterator_open(struct meshms_message_iterator *
enum meshms_status status = MESHMS_STATUS_ERROR;
bzero(iter, sizeof *iter);
keyring_identity *id = keyring_find_identity(keyring, me);
keyring_identity *id = keyring_find_identity_sid(keyring, me);
if (!id){
status = MESHMS_STATUS_SID_LOCKED;
WHY("Identity not found");
@ -748,7 +748,7 @@ enum meshms_status meshms_send_message(const sid_t *sender, const sid_t *recipie
struct meshms_conversations *conv = NULL;
enum meshms_status status = MESHMS_STATUS_ERROR;
keyring_identity *id = keyring_find_identity(keyring, sender);
keyring_identity *id = keyring_find_identity_sid(keyring, sender);
if (!id)
return MESHMS_STATUS_SID_LOCKED;
@ -780,7 +780,7 @@ enum meshms_status meshms_mark_read(const sid_t *sender, const sid_t *recipient,
enum meshms_status status = MESHMS_STATUS_ERROR;
struct meshms_conversations *conv = NULL;
keyring_identity *id = keyring_find_identity(keyring, sender);
keyring_identity *id = keyring_find_identity_sid(keyring, sender);
if (!id){
status = MESHMS_STATUS_SID_LOCKED;
goto end;

View File

@ -499,7 +499,7 @@ static int app_route_print(const struct cli_parsed *parsed, struct cli_context *
break;
// ignore signing key details for now
ob_skip(buff, SAS_SIZE+1);
ob_skip(buff, IDENTITY_SIZE+1);
if (ob_overrun(buff))
break;

View File

@ -350,10 +350,10 @@ static int add_explain_response(struct subscriber *subscriber, void *context)
DEBUGF(subscriber, "Explaining sid=%s", alloca_tohex_sid_t(subscriber->sid));
ob_checkpoint(b);
if (subscriber->sas_combined && response->sender && response->sender->sas_combined){
if (subscriber->id_combined && response->sender && response->sender->id_combined){
// TODO better condition for when we should send this?
ob_append_byte(b, OA_CODE_SIGNKEY);
ob_append_bytes(b, subscriber->sas_public, crypto_sign_PUBLICKEYBYTES);
ob_append_bytes(b, subscriber->id_public.binary, crypto_sign_PUBLICKEYBYTES);
}else{
ob_append_byte(b, SID_SIZE);
ob_append_bytes(b, subscriber->sid.binary, SID_SIZE);
@ -428,13 +428,13 @@ static int decode_sid_from_signkey(struct overlay_buffer *b, struct subscriber *
if (crypto_sign_ed25519_pk_to_curve25519(sid.binary, id))
return WHY("Failed to convert sign key to sid");
struct subscriber *s = find_subscriber(sid.binary, SID_SIZE, 1);
if (s && !s->sas_combined){
bcopy(id, s->sas_public, crypto_sign_PUBLICKEYBYTES);
s->sas_valid=1;
s->sas_combined=1;
if (s && !s->id_combined){
bcopy(id, s->id_public.binary, crypto_sign_PUBLICKEYBYTES);
s->id_valid=1;
s->id_combined=1;
DEBUGF(subscriber, "Stored combined SID:SAS mapping, SID=%s SAS=%s",
alloca_tohex_sid_t(s->sid),
alloca_tohex_sas(s->sas_public)
alloca_tohex_identity_t(&s->id_public)
);
}
if (subscriber)

View File

@ -82,10 +82,10 @@ struct subscriber{
time_ms_t last_explained;
// public signing key details for remote peers
uint8_t sas_public[SAS_SIZE];
time_ms_t sas_last_request;
uint8_t sas_valid:1;
uint8_t sas_combined:1;
identity_t id_public;
time_ms_t id_last_request;
uint8_t id_valid:1;
uint8_t id_combined:1;
// should we send the full address once?
uint8_t send_full:1;

View File

@ -70,9 +70,9 @@ int set_reachable(struct subscriber *subscriber,
}
}
/* Pre-emptively send a sas request */
if (!subscriber->sas_valid && reachable&REACHABLE)
keyring_send_sas_request(subscriber);
/* Pre-emptively send a public signing key request */
if (!subscriber->id_valid && reachable&REACHABLE)
keyring_send_identity_request(subscriber);
CALL_TRIGGER(link_change, subscriber, old_value);

View File

@ -1068,8 +1068,8 @@ static void send_route(struct subscriber *subscriber, struct socket_address *cli
struct overlay_buffer *b = ob_static(payload, sizeof payload);
ob_limitsize(b, sizeof payload);
ob_append_bytes(b, subscriber->sid.binary, SID_SIZE);
ob_append_bytes(b, subscriber->sas_public, SAS_SIZE);
ob_append_byte(b, subscriber->sas_valid | (subscriber->sas_combined<<1));
ob_append_bytes(b, subscriber->id_public.binary, IDENTITY_SIZE);
ob_append_byte(b, subscriber->id_valid | (subscriber->id_combined<<1));
ob_append_byte(b, subscriber->reachable);
if (subscriber->reachable & REACHABLE){
ob_append_byte(b, subscriber->hop_count);
@ -1179,15 +1179,7 @@ static int mdp_process_identity_request(struct socket_address *client, struct md
const char *pin = ob_get_str_ptr(payload);
if (!pin)
break;
keyring_iterator it;
keyring_iterator_start(keyring, &it);
keyring_next_identity(&it);
while(it.identity){
if (it.identity->PKRPin && strcmp(it.identity->PKRPin, pin) == 0)
keyring_release_identity(&it);
else
keyring_next_identity(&it);
}
keyring_release_identities_by_pin(keyring, pin);
}
}
break;

View File

@ -38,19 +38,6 @@ static const char *rhizome_manifest_get(const rhizome_manifest *m, const char *v
return NULL;
}
#if 0
static uint64_t rhizome_manifest_get_ui64(rhizome_manifest *m, const char *var)
{
unsigned i;
for (i = 0; i < m->var_count; ++i)
if (strcmp(m->vars[i], var) == 0) {
uint64_t val;
return str_to_uint64(m->values[i], 10, &val, NULL) ? val : -1;
}
return -1;
}
#endif
/* Remove the field with the given label from the manifest
*
* @author Andrew Bettison <andrew@servalproject.com>
@ -1493,15 +1480,13 @@ struct rhizome_bundle_result rhizome_fill_manifest(rhizome_manifest *m, const ch
int rhizome_lookup_author(rhizome_manifest *m)
{
IN();
keyring_iterator it;
switch (m->authorship) {
case AUTHOR_LOCAL:
case AUTHOR_AUTHENTIC:
RETURN(1);
case AUTHOR_NOT_CHECKED:
DEBUGF(rhizome, "manifest %p lookup author=%s", m, alloca_tohex_sid_t(m->author));
keyring_iterator_start(keyring, &it);
if (keyring_find_sid(&it, &m->author)) {
if (keyring_find_identity_sid(keyring, &m->author)) {
DEBUGF(rhizome, "found author");
m->authorship = AUTHOR_LOCAL;
RETURN(1);
@ -1510,8 +1495,7 @@ int rhizome_lookup_author(rhizome_manifest *m)
case ANONYMOUS:
if (m->has_sender) {
DEBUGF(rhizome, "manifest %p lookup sender=%s", m, alloca_tohex_sid_t(m->sender));
keyring_iterator_start(keyring, &it);
if (keyring_find_sid(&it, &m->sender)) {
if (keyring_find_identity_sid(keyring, &m->sender)) {
DEBUGF(rhizome, "found sender");
rhizome_manifest_set_author(m, &m->sender);
m->authorship = AUTHOR_LOCAL;

View File

@ -197,7 +197,7 @@ static enum rhizome_bundle_authorship try_author(rhizome_manifest *m, const keyr
return AUTHOR_UNKNOWN;
if (!id){
id = keyring_find_identity(keyring, sid);
id = keyring_find_identity_sid(keyring, sid);
if (!id)
return AUTHOR_UNKNOWN;
}
@ -329,7 +329,7 @@ int rhizome_manifest_add_bundle_key(rhizome_manifest *m)
*/
if (!m->author_identity){
m->author_identity = keyring_find_identity(keyring, &m->author);
m->author_identity = keyring_find_identity_sid(keyring, &m->author);
if (!m->author_identity){
m->authorship = AUTHOR_UNKNOWN;
break;
@ -574,7 +574,7 @@ int rhizome_derive_payload_key(rhizome_manifest *m)
{
const keyring_identity *id=NULL;
id = keyring_find_identity(keyring, &m->recipient);
id = keyring_find_identity_sid(keyring, &m->recipient);
if (id){
if (m->has_sender){
other_pk = &m->sender;
@ -585,7 +585,7 @@ int rhizome_derive_payload_key(rhizome_manifest *m)
other_pk = NULL;
}
} else if (m->has_sender){
id = keyring_find_identity(keyring, &m->sender);
id = keyring_find_identity_sid(keyring, &m->sender);
// TODO error if sender != author?
} else if (m->haveSecret){
id = m->author_identity;

View File

@ -32,15 +32,20 @@ typedef char bool_t;
/* Serval ID (aka Subscriber ID)
*/
#define SID_SIZE 32 // == crypto_sign_PUBLICKEYBYTES
#define SAS_SIZE 32 // == crypto_sign_PUBLICKEYBYTES
#define SID_SIZE 32 // == crypto_box_PUBLICKEYBYTES
#define IDENTITY_SIZE 32 // == crypto_sign_PUBLICKEYBYTES
#define SID_STRLEN (SID_SIZE*2)
#define IDENTITY_STRLEN (IDENTITY_SIZE*2)
typedef struct sid_binary {
unsigned char binary[SID_SIZE];
} sid_t;
typedef struct identity_binary {
unsigned char binary[IDENTITY_SIZE];
} identity_t;
#define SID_TYPE_ANY (0)
#define SID_TYPE_INTERNAL (1)
#define SID_TYPE_BROADCAST (0xFF)
@ -55,7 +60,7 @@ typedef struct sid_binary {
// is the SID entirely 0x00?
#define is_sid_t_any(SID) is_all_matching((SID).binary, sizeof (*(sid_t*)0).binary, 0)
#define alloca_tohex_sid_t(sid) alloca_tohex((sid).binary, sizeof (*(sid_t*)0).binary)
#define alloca_tohex_sid_t(sid) alloca_tohex((sid).binary, SID_SIZE)
#define alloca_tohex_sid_t_trunc(sid,strlen) tohex((char *)alloca((strlen)+1), (strlen), (sid).binary)
int cmp_sid_t(const sid_t *a, const sid_t *b);
@ -64,7 +69,11 @@ int strn_to_sid_t(sid_t *sid, const char *hex, size_t hexlen);
int parse_sid_t(sid_t *sid, const char *hex, ssize_t hexlen, const char **endp);
int sid_get_special_type(const sid_t *sid);
#define alloca_tohex_sas(sas) alloca_tohex((sas), SAS_SIZE)
#define alloca_tohex_identity_t(identity) alloca_tohex((identity)->binary, IDENTITY_SIZE)
int cmp_identity_t(const identity_t *a, const identity_t *b);
int str_to_identity_t(identity_t *sid, const char *hex);
int strn_to_identity_t(identity_t *sid, const char *hex, size_t hexlen);
/* MDP port number
*/

View File

@ -36,6 +36,7 @@ HT=' '
# Some useful regular expressions. These must work in grep(1) as basic
# expressions, and also in sed(1).
rexp_sid='[0-9a-fA-F]\{64\}'
rexp_id='[0-9a-fA-F]\{64\}'
rexp_did='[0-9+#]\{5,\}'
# Utility function for extracting information from the output of servald
@ -679,18 +680,22 @@ create_single_identity() {
esac
done
local sidvar=SID${instance_name}1
local idvar=ID${instance_name}1
local didvar=DID${instance_name}1
local namevar=NAME${instance_name}1
eval "$didvar=\"\${1-\$((5550000 + \$instance_number))}\""
eval "$namevar=\"\${2-Agent \$instance_name Smith}\""
create_identities "${servald_options[@]}" 1
eval "SID$instance_name=\"\${!sidvar}\""
eval "ID$instance_name=\"\${!idvar}\""
eval "DID$instance_name=\"\${!didvar}\""
eval "NAME$instance_name=\"\${!namevar}\""
sidvar=SID${instance_name}
idvar=ID${instance_name}
didvar=DID${instance_name}
namevar=NAME${instance_name}
tfw_log "SID$instance_name=$(shellarg "${!sidvar}")"
tfw_log "ID$instance_name=$(shellarg "${!idvar}")"
tfw_log "DID$instance_name=$(shellarg "${!didvar}")"
tfw_log "NAME$instance_name=$(shellarg "${!namevar}")"
}
@ -734,6 +739,7 @@ create_identities() {
for ((i = 1; i <= N; ++i)); do
local pinvar=PIN$instance_name$i
local sidvar=SID$instance_name$i
local idvar=ID$instance_name$i
local didvar=DID$instance_name$i
local namevar=NAME$instance_name$i
local pin="${!pinvar}"
@ -741,6 +747,7 @@ create_identities() {
executeOk_servald keyring add "${servald_options[@]}" "$pin"
assert [ -e "$SERVALINSTANCE_PATH/serval.keyring" ]
extract_stdout_keyvalue $sidvar sid "$rexp_sid"
extract_stdout_keyvalue $idvar identity "$rexp_id"
tfw_log "$sidvar=${!sidvar}"
# If the DID and/or NAME is already specified in the variables, then use
# them, otherwise extract the DID and NAME automatically generated by
@ -759,15 +766,17 @@ create_identities() {
for ((i = 1; i <= N; ++i)); do
for ((j = 1; j <= N; ++j)); do
[ $i -ne $j ] && eval assert [ "\$SID$instance_name$i" != "\$SID$instance_name$j" ]
[ $i -ne $j ] && eval assert [ "\$ID$instance_name$i" != "\$ID$instance_name$j" ]
done
done
executeOk_servald keyring list "${servald_options[@]}"
for ((i = 1; i <= N; ++i)); do
local sidvar=SID$instance_name$i
local idvar=ID$instance_name$i
local didvar=DID$instance_name$i
local namevar=NAME$instance_name$i
local re_name=$(escape_grep_basic "${!namevar}")
assertStdoutGrep --matches=1 "^${!sidvar}:${!didvar}:${re_name}\$"
assertStdoutGrep --matches=1 "^${!sidvar}:${!idvar}:${!didvar}:${re_name}\$"
done
}
@ -776,7 +785,7 @@ create_identities() {
assert_keyring_list() {
unpack_stdout_list __X
assert --stdout --stderr [ $__XNROWS -eq $1 ]
assertStdoutGrep --stderr --matches=$1 "^$rexp_sid:\($rexp_did\)\?:.*\$"
assertStdoutGrep --stderr --matches=$1 "^$rexp_sid:$rexp_id:\($rexp_did\)\?:.*\$"
}
# Utility function, to be overridden as needed:

View File

@ -61,15 +61,18 @@ doc_DidName="Create an identity & set the name and number"
test_DidName() {
executeOk_servald keyring add ''
assertStdoutGrep --matches=1 "^sid:"
assertStdoutLineCount '==' 1
assertStdoutGrep --matches=1 "^identity:"
assertStdoutLineCount '==' 2
extract_stdout_keyvalue SID sid "$rexp_sid"
extract_stdout_keyvalue ID identity "$rexp_id"
executeOk_servald keyring set did "$SID" '123456' 'Display Name'
assertStdoutGrep --matches=1 "^sid:$SID\$"
assertStdoutGrep --matches=1 "^identity:$ID\$"
assertStdoutGrep --matches=1 "^did:123456\$"
assertStdoutGrep --matches=1 "^name:Display Name\$"
assertStdoutLineCount '==' 3
assertStdoutLineCount '==' 4
executeOk_servald keyring list
assertStdoutGrep --stderr --matches=1 "^$SID:123456:Display Name\$"
assertStdoutGrep --stderr --matches=1 "^$SID:$ID:123456:Display Name\$"
}
keyring_set_tag() {
@ -82,17 +85,19 @@ doc_SetTag="Set a named tag against an identity"
test_SetTag() {
executeOk_servald keyring add ''
assertStdoutGrep --matches=1 "^sid:"
assertStdoutLineCount '==' 1
extract_stdout_keyvalue SID sid "$rexp_sid"
keyring_set_tag "$SID" 'tag1' 'First Value'
assertStdoutGrep --matches=1 "^identity:"
assertStdoutLineCount '==' 2
extract_stdout_keyvalue SID sid "$rexp_sid"
extract_stdout_keyvalue ID identity "$rexp_id"
keyring_set_tag "$SID" 'tag1' 'First Value'
assertStdoutLineCount '==' 3
keyring_set_tag "$SID" 'tag2' 'Second Value'
executeOk_servald keyring set tag "$SID" 'tag2' 'Second Value'
assertStdoutGrep --matches=1 "^tag1:First Value\$"
assertStdoutLineCount '==' 3
assertStdoutLineCount '==' 4
keyring_set_tag "$SID" 'tag1' 'Third Value'
assertStdoutGrep --matches=1 "^tag2:Second Value\$"
assertStdoutLineCount '==' 3
assertStdoutLineCount '==' 4
executeOk_servald keyring dump --secret
tfw_cat --stdout
}

View File

@ -122,7 +122,7 @@ test_keyringAddDidName() {
assertStdoutGrep --matches=1 "sid=${rexp_sid}, did=987654321, name=Joe Bloggs$"
executeOk_servald keyring list
assert_keyring_list 2
assertStdoutGrep --stderr --matches=1 "^${rexp_sid}:987654321:Joe Bloggs\$"
assertStdoutGrep --stderr --matches=1 "^${rexp_sid}:${rexp_id}:987654321:Joe Bloggs\$"
}
doc_keyringSetDidName="Java API set DID and name"
@ -136,7 +136,7 @@ test_keyringSetDidName() {
assertStdoutGrep --matches=1 "sid=$SIDA1, did=987654321, name=Joe Bloggs$"
executeOk_servald keyring list
assert_keyring_list 2
assertStdoutGrep --stderr --matches=1 "^$SIDA1:987654321:Joe Bloggs\$"
assertStdoutGrep --stderr --matches=1 "^$SIDA1:$IDA1:987654321:Joe Bloggs\$"
}
runTests "$@"

View File

@ -144,10 +144,12 @@ test_keyringAdd() {
tfw_preserve add.json
assertStdoutIs '200'
SID="$(jq -r '.identity.sid' add.json)"
ID="$(jq -r '.identity.identity' add.json)"
assert matches_rexp "^${rexp_sid}$" "$SID"
assert matches_rexp "^${rexp_id}$" "$ID"
executeOk_servald keyring list
assert_keyring_list 3
assertStdoutGrep --stderr --matches=1 "^$SID::\$"
assertStdoutGrep --stderr --matches=1 "^$SID:$ID::\$"
}
doc_keyringAddPin="HTTP RESTful add keyring identity with PIN"
@ -166,12 +168,13 @@ test_keyringAddPin() {
tfw_preserve add.json
assertStdoutIs '200'
SID="$(jq -r '.identity.sid' add.json)"
ID="$(jq -r '.identity.identity' add.json)"
executeOk_servald keyring list
assert_keyring_list 2
assertStdoutGrep --stderr --matches=0 "^$SID::\$"
assertStdoutGrep --stderr --matches=0 "^$SID:$ID::\$"
executeOk_servald keyring list --entry-pin=1234
assert_keyring_list 3
assertStdoutGrep --stderr --matches=1 "^$SID::\$"
assertStdoutGrep --stderr --matches=1 "^$SID:$ID::\$"
# Now the server has internalised the PIN, so the new identity appears in the
# list
executeOk curl \
@ -204,7 +207,7 @@ test_keyringSetDidName() {
assertJq set.json 'contains({"identity": {"sid": "'$SIDA1'", "did": "987654321", "name": "Joe Bloggs"}})'
executeOk_servald keyring list
assert_keyring_list 2
assertStdoutGrep --stderr --matches=1 "^$SIDA1:987654321:Joe Bloggs\$"
assertStdoutGrep --stderr --matches=1 "^$SIDA1:$IDA1:987654321:Joe Bloggs\$"
}
doc_keyringSetDidNamePin="HTTP RESTful set DID and name with PIN"
@ -247,7 +250,7 @@ test_keyringSetDidNamePin() {
assertJq set3.json 'contains({"identity": {"sid": "'$SIDA1'", "did": "987654321", "name": "Joe Bloggs"}})'
executeOk_servald keyring list --entry-pin=xyzabc
assert_keyring_list 2
assertStdoutGrep --stderr --matches=1 "^$SIDA1:987654321:Joe Bloggs\$"
assertStdoutGrep --stderr --matches=1 "^$SIDA1:$IDA1:987654321:Joe Bloggs\$"
# Finally, try again with no PIN, and make sure it succeeds (server has
# internalised the PIN supplied in the last request)
executeOk curl \
@ -262,7 +265,7 @@ test_keyringSetDidNamePin() {
assertJq set4.json 'contains({"identity": {"sid": "'$SIDA1'", "did": "321321321", "name": "Fred Nurks"}})'
executeOk_servald keyring list --entry-pin=xyzabc
assert_keyring_list 2
assertStdoutGrep --stderr --matches=1 "^$SIDA1:321321321:Fred Nurks\$"
assertStdoutGrep --stderr --matches=1 "^$SIDA1:$IDA1:321321321:Fred Nurks\$"
}
runTests "$@"