mirror of
https://github.com/servalproject/serval-dna.git
synced 2025-01-18 10:46:23 +00:00
Add identity_t type & rename signing key api to identity.
This commit is contained in:
Jeremy Lakeman
parent
dc7226b6a5
commit
b6256ea89a
6
crypto.c
6
crypto.c
@ -26,8 +26,8 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
// verify the signature at the end of a message, on return message_len will be reduced by the length of the signature.
|
||||
int crypto_verify_message(struct subscriber *subscriber, unsigned char *message, size_t *message_len)
|
||||
{
|
||||
if (!subscriber->sas_valid){
|
||||
keyring_send_sas_request(subscriber);
|
||||
if (!subscriber->id_valid){
|
||||
keyring_send_identity_request(subscriber);
|
||||
return WHY("SAS key not currently on record, cannot verify");
|
||||
}
|
||||
|
||||
@ -39,7 +39,7 @@ int crypto_verify_message(struct subscriber *subscriber, unsigned char *message,
|
||||
unsigned char hash[crypto_hash_sha512_BYTES];
|
||||
crypto_hash_sha512(hash,message,*message_len);
|
||||
|
||||
if (crypto_sign_verify_detached(&message[*message_len], hash, crypto_hash_sha512_BYTES, subscriber->sas_public))
|
||||
if (crypto_sign_verify_detached(&message[*message_len], hash, crypto_hash_sha512_BYTES, subscriber->id_public.binary))
|
||||
return WHY("Signature verification failed");
|
||||
|
||||
return 0;
|
||||
|
||||
@ -30,6 +30,11 @@ int cmp_sid_t(const sid_t *a, const sid_t *b)
|
||||
return memcmp(a, b, sizeof a->binary);
|
||||
}
|
||||
|
||||
int cmp_identity_t(const identity_t *a, const identity_t *b)
|
||||
{
|
||||
return memcmp(a, b, sizeof a->binary);
|
||||
}
|
||||
|
||||
int str_to_sid_t(sid_t *sidp, const char *hex)
|
||||
{
|
||||
return parse_sid_t(sidp, hex, -1, NULL); // checks for nul terminator
|
||||
@ -97,6 +102,33 @@ int strn_is_subscriber_id(const char *sid, size_t *lenp)
|
||||
return 0;
|
||||
}
|
||||
|
||||
int str_is_identity(const char *id)
|
||||
{
|
||||
return is_xstring(id, IDENTITY_STRLEN);
|
||||
}
|
||||
|
||||
int strn_is_identity(const char *id, size_t *lenp)
|
||||
{
|
||||
if (is_xsubstring(id, IDENTITY_STRLEN)){
|
||||
if (lenp)
|
||||
*lenp = SID_STRLEN;
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
int str_to_identity_t(identity_t *idp, const char *hex)
|
||||
{
|
||||
return parse_hex_t(idp, hex);
|
||||
}
|
||||
|
||||
int strn_to_identity_t(identity_t *idp, const char *hex, size_t hexlen)
|
||||
{
|
||||
const char *endp;
|
||||
return parse_hexn_t(idp, hex, hexlen, &endp);
|
||||
}
|
||||
|
||||
|
||||
int cmp_rhizome_bid_t(const rhizome_bid_t *a, const rhizome_bid_t *b)
|
||||
{
|
||||
return memcmp(a, b, sizeof a->binary);
|
||||
|
||||
@ -21,6 +21,8 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
int str_is_subscriber_id(const char *sid);
|
||||
int strn_is_subscriber_id(const char *sid, size_t *lenp);
|
||||
int str_is_identity(const char *sid);
|
||||
int strn_is_identity(const char *sid, size_t *lenp);
|
||||
int str_is_did(const char *did);
|
||||
int strn_is_did(const char *did, size_t *lenp);
|
||||
|
||||
|
||||
@ -143,7 +143,7 @@ public class KeyringCommon
|
||||
json.consume(JSONTokeniser.Token.COLON);
|
||||
SubscriberId sid = new SubscriberId(json.consume(String.class));
|
||||
json.consume(JSONTokeniser.Token.COMMA);
|
||||
json.consume("sign");
|
||||
json.consume("identity");
|
||||
json.consume(JSONTokeniser.Token.COLON);
|
||||
SigningKey sas = new SigningKey(json.consume(String.class));
|
||||
String did = null;
|
||||
|
||||
@ -49,7 +49,7 @@ public class KeyringIdentityList {
|
||||
this.httpConnector = connector;
|
||||
this.table = new JSONTableScanner()
|
||||
.addColumn("sid", SubscriberId.class)
|
||||
.addColumn("sign", SigningKey.class)
|
||||
.addColumn("identity", SigningKey.class)
|
||||
.addColumn("did", String.class, JSONTokeniser.Narrow.ALLOW_NULL)
|
||||
.addColumn("name", String.class, JSONTokeniser.Narrow.ALLOW_NULL);
|
||||
}
|
||||
@ -121,7 +121,7 @@ public class KeyringIdentityList {
|
||||
return new KeyringIdentity(
|
||||
rowCount++,
|
||||
new Subscriber((SubscriberId)row.get("sid"),
|
||||
(SigningKey) row.get("sign"),
|
||||
(SigningKey) row.get("identity"),
|
||||
true),
|
||||
(String)row.get("did"),
|
||||
(String)row.get("name")
|
||||
|
||||
163
keyring.c
163
keyring.c
@ -46,7 +46,7 @@ static int keyring_identity_mac(const keyring_identity *id, unsigned char *pkrsa
|
||||
static int keyring_commit_identity(keyring_file *k, keyring_identity *id);
|
||||
|
||||
struct combined_pk{
|
||||
uint8_t sign_key[crypto_sign_PUBLICKEYBYTES];
|
||||
identity_t sign_key;
|
||||
sid_t box_key;
|
||||
};
|
||||
|
||||
@ -231,60 +231,18 @@ keypair *keyring_find_did(keyring_iterator *it, const char *did)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const uint8_t * keyring_get_box(const keyring_identity *id)
|
||||
{
|
||||
keypair *kp = id->keypairs;
|
||||
while(kp){
|
||||
if (kp->type == KEYTYPE_CRYPTOBOX)
|
||||
return kp->private_key;
|
||||
if (kp->type == KEYTYPE_CRYPTOCOMBINED){
|
||||
struct combined_sk *secret = (struct combined_sk *)kp->private_key;
|
||||
return secret->box_key;
|
||||
}
|
||||
kp = kp->next;
|
||||
}
|
||||
return NULL;
|
||||
keyring_identity *keyring_find_identity_sid(keyring_file *k, const sid_t *sidp){
|
||||
keyring_identity *id = k->identities;
|
||||
while(id && (!id->box_pk || cmp_sid_t(id->box_pk,sidp)!=0))
|
||||
id = id->next;
|
||||
return id;
|
||||
}
|
||||
|
||||
int keyring_find_box(keyring_iterator *it, const sid_t *sidp, const uint8_t **sk)
|
||||
{
|
||||
keypair *kp;
|
||||
while((kp=keyring_next_key(it))){
|
||||
if (kp->type == KEYTYPE_CRYPTOBOX){
|
||||
if (memcmp(sidp->binary, kp->public_key, SID_SIZE) == 0){
|
||||
if (sk)
|
||||
*sk = kp->private_key;
|
||||
return 1;
|
||||
}
|
||||
}else if(kp->type == KEYTYPE_CRYPTOCOMBINED){
|
||||
struct combined_pk *pk = (struct combined_pk *)kp->public_key;
|
||||
if (memcmp(sidp->binary, pk->box_key.binary, SID_SIZE) == 0){
|
||||
if (sk){
|
||||
struct combined_sk *secret = (struct combined_sk *)kp->private_key;
|
||||
*sk = secret->box_key;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
keyring_identity *keyring_find_identity(keyring_file *k, const sid_t *sidp){
|
||||
keypair *kp;
|
||||
keyring_iterator it;
|
||||
keyring_iterator_start(k, &it);
|
||||
while((kp=keyring_next_key(&it))){
|
||||
if (kp->type == KEYTYPE_CRYPTOBOX){
|
||||
if (memcmp(sidp->binary, kp->public_key, SID_SIZE) == 0)
|
||||
return it.identity;
|
||||
}else if(kp->type == KEYTYPE_CRYPTOCOMBINED){
|
||||
struct combined_pk *pk = (struct combined_pk *)kp->public_key;
|
||||
if (memcmp(sidp->binary, pk->box_key.binary, SID_SIZE) == 0)
|
||||
return it.identity;
|
||||
}
|
||||
}
|
||||
return NULL;
|
||||
keyring_identity *keyring_find_identity(keyring_file *k, const identity_t *sign){
|
||||
keyring_identity *id = k->identities;
|
||||
while(id && (!id->box_pk || cmp_identity_t(id->sign_pk, sign)!=0))
|
||||
id = id->next;
|
||||
return id;
|
||||
}
|
||||
|
||||
static void add_subscriber(keyring_identity *id)
|
||||
@ -298,13 +256,13 @@ static void add_subscriber(keyring_identity *id)
|
||||
|
||||
if (id->sign_pk){
|
||||
// copy our signing key, so we can pass it to peers
|
||||
bcopy(id->sign_pk, id->subscriber->sas_public, sizeof id->subscriber->sas_public);
|
||||
id->subscriber->sas_valid = 1;
|
||||
bcopy(id->sign_pk, &id->subscriber->id_public, sizeof id->subscriber->id_public);
|
||||
id->subscriber->id_valid = 1;
|
||||
|
||||
keypair *kp = id->keypairs;
|
||||
while(kp){
|
||||
if (kp->type == KEYTYPE_CRYPTOCOMBINED){
|
||||
id->subscriber->sas_combined = 1;
|
||||
id->subscriber->id_combined = 1;
|
||||
break;
|
||||
}
|
||||
kp = kp->next;
|
||||
@ -367,35 +325,34 @@ void keyring_free(keyring_file *k)
|
||||
return;
|
||||
}
|
||||
|
||||
int keyring_release_identity(keyring_iterator *it)
|
||||
int keyring_release_identities_by_pin(keyring_file *f, const char *pin)
|
||||
{
|
||||
assert(it->identity);
|
||||
|
||||
keyring_identity **i=&it->file->identities;
|
||||
keyring_identity **i=&f->identities;
|
||||
while(*i){
|
||||
if ((*i)==it->identity){
|
||||
(*i) = it->identity->next;
|
||||
keyring_free_identity(it->identity);
|
||||
it->identity=(*i);
|
||||
if (it->identity)
|
||||
it->keypair = it->identity->keypairs;
|
||||
else
|
||||
it->keypair = NULL;
|
||||
return 0;
|
||||
keyring_identity *id = (*i);
|
||||
if (id->PKRPin && strcmp(id->PKRPin, pin) == 0){
|
||||
(*i) = id->next;
|
||||
keyring_free_identity(id);
|
||||
}else{
|
||||
i=&id->next;
|
||||
}
|
||||
i=&(*i)->next;
|
||||
}
|
||||
return WHY("Previous identity not found");
|
||||
return 0;
|
||||
}
|
||||
|
||||
int keyring_release_subscriber(keyring_file *k, const sid_t *sid)
|
||||
{
|
||||
keyring_iterator it;
|
||||
keyring_iterator_start(k, &it);
|
||||
|
||||
if (!keyring_find_sid(&it, sid))
|
||||
return WHYF("Keyring entry for %s not found", alloca_tohex_sid_t(*sid));
|
||||
return keyring_release_identity(&it);
|
||||
keyring_identity **i=&k->identities;
|
||||
while(*i){
|
||||
keyring_identity *id = (*i);
|
||||
if (cmp_sid_t(id->box_pk,sid)==0){
|
||||
(*i) = id->next;
|
||||
keyring_free_identity(id);
|
||||
return 0;
|
||||
}
|
||||
i=&id->next;
|
||||
}
|
||||
return WHYF("Keyring entry for %s not found", alloca_tohex_sid_t(*sid));
|
||||
}
|
||||
|
||||
void keyring_free_identity(keyring_identity *id)
|
||||
@ -532,7 +489,7 @@ static void create_cryptocombined(keypair *kp)
|
||||
{
|
||||
struct combined_pk *pk = (struct combined_pk *)kp->public_key;
|
||||
struct combined_sk *sk = (struct combined_sk *)kp->private_key;
|
||||
crypto_sign_ed25519_keypair(pk->sign_key, sk->sign_key);
|
||||
crypto_sign_ed25519_keypair(pk->sign_key.binary, sk->sign_key);
|
||||
crypto_sign_ed25519_sk_to_curve25519(sk->box_key, sk->sign_key);
|
||||
crypto_scalarmult_base(pk->box_key.binary, sk->box_key);
|
||||
}
|
||||
@ -553,7 +510,7 @@ static int unpack_cryptocombined(keypair *kp, struct rotbuf *rb, size_t key_leng
|
||||
struct combined_sk *sk = (struct combined_sk *)kp->private_key;
|
||||
assert(key_length == sizeof seed);
|
||||
rotbuf_getbuf(rb, seed, sizeof seed);
|
||||
crypto_sign_ed25519_seed_keypair(pk->sign_key, sk->sign_key, seed);
|
||||
crypto_sign_ed25519_seed_keypair(pk->sign_key.binary, sk->sign_key, seed);
|
||||
crypto_sign_ed25519_sk_to_curve25519(sk->box_key, sk->sign_key);
|
||||
crypto_scalarmult_base(pk->box_key.binary, sk->box_key);
|
||||
return 0;
|
||||
@ -1241,7 +1198,7 @@ static int keyring_finalise_identity(uint8_t *dirty, keyring_identity *id)
|
||||
if (dirty)
|
||||
*dirty = 1;
|
||||
}
|
||||
id->sign_pk = kp->public_key;
|
||||
id->sign_pk = (const identity_t *)kp->public_key;
|
||||
id->sign_sk = kp->private_key;
|
||||
break;
|
||||
case KEYTYPE_CRYPTOCOMBINED:{
|
||||
@ -1249,7 +1206,7 @@ static int keyring_finalise_identity(uint8_t *dirty, keyring_identity *id)
|
||||
struct combined_sk *sk = (struct combined_sk *)kp->private_key;
|
||||
id->box_pk = &pk->box_key;
|
||||
id->box_sk = sk->box_key;
|
||||
id->sign_pk = pk->sign_key;
|
||||
id->sign_pk = &pk->sign_key;
|
||||
id->sign_sk = sk->sign_key;
|
||||
break;
|
||||
}
|
||||
@ -1408,9 +1365,7 @@ static int keyring_commit_identity(keyring_file *k, keyring_identity *id)
|
||||
{
|
||||
keyring_finalise_identity(&k->dirty, id);
|
||||
// Do nothing if an identity with this sid already exists
|
||||
keyring_iterator it;
|
||||
keyring_iterator_start(k, &it);
|
||||
if (keyring_find_sid(&it, id->box_pk))
|
||||
if (keyring_find_identity_sid(k, id->box_pk))
|
||||
return 0;
|
||||
set_slot(k, id->slot, 1);
|
||||
|
||||
@ -1709,9 +1664,9 @@ int keyring_sign_message(struct keyring_identity *identity, unsigned char *conte
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int keyring_store_sas(struct internal_mdp_header *header, struct overlay_buffer *payload)
|
||||
static int keyring_store_id(struct internal_mdp_header *header, struct overlay_buffer *payload)
|
||||
{
|
||||
if (header->source->sas_valid){
|
||||
if (header->source->id_valid){
|
||||
DEBUGF(keyring, "Ignoring SID:SAS mapping for %s, already have one", alloca_tohex_sid_t(header->source->sid));
|
||||
return 0;
|
||||
}
|
||||
@ -1719,34 +1674,34 @@ static int keyring_store_sas(struct internal_mdp_header *header, struct overlay_
|
||||
|
||||
DEBUGF(keyring, "Received SID:SAS mapping, %zd bytes", len);
|
||||
|
||||
if (ob_remaining(payload) < SAS_SIZE + crypto_sign_BYTES)
|
||||
if (ob_remaining(payload) < IDENTITY_SIZE + crypto_sign_BYTES)
|
||||
return WHY("Truncated key mapping announcement?");
|
||||
|
||||
const uint8_t *sas_public = ob_get_bytes_ptr(payload, SAS_SIZE);
|
||||
const uint8_t *id_public = ob_get_bytes_ptr(payload, IDENTITY_SIZE);
|
||||
const uint8_t *compactsignature = ob_get_bytes_ptr(payload, crypto_sign_BYTES);
|
||||
|
||||
if (crypto_sign_verify_detached(compactsignature, header->source->sid.binary, SID_SIZE, sas_public))
|
||||
if (crypto_sign_verify_detached(compactsignature, header->source->sid.binary, SID_SIZE, id_public))
|
||||
return WHY("SID:SAS mapping verification signature does not verify");
|
||||
|
||||
// test if the sas key can be used to derive the sid
|
||||
// test if the signing key can be used to derive the sid
|
||||
sid_t sid;
|
||||
if (crypto_sign_ed25519_pk_to_curve25519(sid.binary, sas_public)==0
|
||||
if (crypto_sign_ed25519_pk_to_curve25519(sid.binary, id_public)==0
|
||||
&& memcmp(&sid, &header->source->sid, sizeof sid) == 0)
|
||||
header->source->sas_combined=1;
|
||||
header->source->id_combined=1;
|
||||
|
||||
/* now store it */
|
||||
bcopy(sas_public, header->source->sas_public, SAS_SIZE);
|
||||
header->source->sas_valid=1;
|
||||
header->source->sas_last_request=-1;
|
||||
bcopy(id_public, &header->source->id_public, IDENTITY_SIZE);
|
||||
header->source->id_valid=1;
|
||||
header->source->id_last_request=-1;
|
||||
|
||||
DEBUGF(keyring, "Stored SID:SAS mapping, SID=%s to SAS=%s",
|
||||
alloca_tohex_sid_t(header->source->sid),
|
||||
alloca_tohex_sas(header->source->sas_public)
|
||||
alloca_tohex_identity_t(&header->source->id_public)
|
||||
);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int keyring_respond_sas(struct internal_mdp_header *header)
|
||||
static int keyring_respond_id(struct internal_mdp_header *header)
|
||||
{
|
||||
keyring_identity *id = header->destination->identity;
|
||||
|
||||
@ -1761,7 +1716,7 @@ static int keyring_respond_sas(struct internal_mdp_header *header)
|
||||
ob_limitsize(response_payload, sizeof buff);
|
||||
|
||||
ob_append_byte(response_payload, KEYTYPE_CRYPTOSIGN);
|
||||
ob_append_bytes(response_payload, id->sign_pk, crypto_sign_PUBLICKEYBYTES);
|
||||
ob_append_bytes(response_payload, id->sign_pk->binary, crypto_sign_PUBLICKEYBYTES);
|
||||
uint8_t *sig = ob_append_space(response_payload, crypto_sign_BYTES);
|
||||
|
||||
if (crypto_sign_detached(sig, NULL, header->destination->sid.binary, SID_SIZE, id->sign_sk))
|
||||
@ -1929,8 +1884,8 @@ static int keyring_mapping_request(struct internal_mdp_header *header, struct ov
|
||||
switch(ob_get(payload)){
|
||||
case KEYTYPE_CRYPTOSIGN:
|
||||
if (ob_remaining(payload)==0)
|
||||
return keyring_respond_sas(header);
|
||||
return keyring_store_sas(header, payload);
|
||||
return keyring_respond_id(header);
|
||||
return keyring_store_id(header, payload);
|
||||
break;
|
||||
case UNLOCK_REQUEST:
|
||||
{
|
||||
@ -1947,13 +1902,13 @@ static int keyring_mapping_request(struct internal_mdp_header *header, struct ov
|
||||
return WHY("Not implemented");
|
||||
}
|
||||
|
||||
int keyring_send_sas_request(struct subscriber *subscriber){
|
||||
if (subscriber->sas_valid)
|
||||
int keyring_send_identity_request(struct subscriber *subscriber){
|
||||
if (subscriber->id_valid)
|
||||
return 0;
|
||||
|
||||
time_ms_t now = gettime_ms();
|
||||
|
||||
if (now < subscriber->sas_last_request + 100){
|
||||
if (now < subscriber->id_last_request + 100){
|
||||
DEBUG(keyring, "Too soon to ask for SAS mapping again");
|
||||
return 0;
|
||||
}
|
||||
@ -1974,7 +1929,7 @@ int keyring_send_sas_request(struct subscriber *subscriber){
|
||||
ob_append_byte(payload, KEYTYPE_CRYPTOSIGN);
|
||||
|
||||
DEBUGF(keyring, "Sending SAS resolution request");
|
||||
subscriber->sas_last_request=now;
|
||||
subscriber->id_last_request=now;
|
||||
ob_flip(payload);
|
||||
int ret = overlay_send_frame(&header, payload);
|
||||
ob_free(payload);
|
||||
|
||||
12
keyring.h
12
keyring.h
@ -51,7 +51,7 @@ typedef struct keyring_identity {
|
||||
const uint8_t *box_sk;
|
||||
const sid_t *box_pk;
|
||||
const uint8_t *sign_sk;
|
||||
const uint8_t *sign_pk;
|
||||
const identity_t *sign_pk;
|
||||
struct keyring_identity *next;
|
||||
keypair *keypairs;
|
||||
} keyring_identity;
|
||||
@ -89,12 +89,12 @@ keypair * keyring_next_key(keyring_iterator *it);
|
||||
keypair * keyring_next_keytype(keyring_iterator *it, unsigned keytype);
|
||||
keypair *keyring_identity_keytype(const keyring_identity *id, unsigned keytype);
|
||||
keypair *keyring_find_did(keyring_iterator *it, const char *did);
|
||||
keyring_identity *keyring_find_identity(keyring_file *k, const sid_t *sidp);
|
||||
int keyring_find_box(keyring_iterator *it, const sid_t *sidp, const uint8_t **sk);
|
||||
#define keyring_find_sid(I, S) keyring_find_box(I, S, NULL)
|
||||
keyring_identity *keyring_find_identity_sid(keyring_file *k, const sid_t *sidp);
|
||||
keyring_identity *keyring_find_identity(keyring_file *k, const identity_t *sign);
|
||||
|
||||
void keyring_free(keyring_file *k);
|
||||
int keyring_release_identity(keyring_iterator *it);
|
||||
int keyring_release_identities_by_pin(keyring_file *f, const char *pin);
|
||||
int keyring_release_subscriber(keyring_file *k, const sid_t *sid);
|
||||
|
||||
#define KEYTYPE_CRYPTOBOX 0x01 // must be lowest
|
||||
#define KEYTYPE_CRYPTOSIGN 0x02
|
||||
@ -119,7 +119,7 @@ keyring_file *keyring_open_instance_cli(const struct cli_parsed *parsed);
|
||||
int keyring_enter_pin(keyring_file *k, const char *pin);
|
||||
int keyring_set_did(keyring_identity *id, const char *did, const char *name);
|
||||
int keyring_sign_message(struct keyring_identity *identity, unsigned char *content, size_t buffer_len, size_t *content_len);
|
||||
int keyring_send_sas_request(struct subscriber *subscriber);
|
||||
int keyring_send_identity_request(struct subscriber *subscriber);
|
||||
|
||||
int keyring_commit(keyring_file *k);
|
||||
keyring_identity *keyring_inmemory_identity();
|
||||
|
||||
@ -123,6 +123,7 @@ static int app_keyring_list(const struct cli_parsed *parsed, struct cli_context
|
||||
|
||||
const char *names[]={
|
||||
"sid",
|
||||
"identity",
|
||||
"did",
|
||||
"name"
|
||||
};
|
||||
@ -137,6 +138,7 @@ static int app_keyring_list(const struct cli_parsed *parsed, struct cli_context
|
||||
const char *name = NULL;
|
||||
keyring_identity_extract(id, &did, &name);
|
||||
cli_put_string(context, alloca_tohex_sid_t(*id->box_pk), ":");
|
||||
cli_put_string(context, alloca_tohex_identity_t(id->sign_pk), ":");
|
||||
cli_put_string(context, did, ":");
|
||||
cli_put_string(context, name, "\n");
|
||||
rowcount++;
|
||||
@ -152,6 +154,10 @@ static void cli_output_identity(struct cli_context *context, const keyring_ident
|
||||
cli_field_name(context, "sid", ":");
|
||||
cli_put_string(context, alloca_tohex_sid_t(*id->box_pk), "\n");
|
||||
}
|
||||
if (id->sign_pk){
|
||||
cli_field_name(context, "identity", ":");
|
||||
cli_put_string(context, alloca_tohex_identity_t(id->sign_pk), "\n");
|
||||
}
|
||||
keypair *kp=id->keypairs;
|
||||
while(kp){
|
||||
switch(kp->type){
|
||||
@ -201,9 +207,13 @@ static int app_keyring_list2(const struct cli_parsed *parsed, struct cli_context
|
||||
while((id = keyring_next_identity(&it))){
|
||||
unsigned fields=0;
|
||||
// count the number of fields that we will output
|
||||
keypair *kp=it.identity->keypairs;
|
||||
keypair *kp=id->keypairs;
|
||||
if (id->box_pk)
|
||||
fields++;
|
||||
if (id->sign_pk)
|
||||
fields++;
|
||||
while(kp){
|
||||
if (kp->type==KEYTYPE_CRYPTOBOX || kp->type==KEYTYPE_PUBLIC_TAG)
|
||||
if (kp->type==KEYTYPE_PUBLIC_TAG)
|
||||
fields++;
|
||||
if (kp->type==KEYTYPE_DID){
|
||||
if (strlen((char*)kp->private_key))
|
||||
@ -274,20 +284,19 @@ static int app_keyring_set_did(const struct cli_parsed *parsed, struct cli_conte
|
||||
if (!(keyring = keyring_open_instance_cli(parsed)))
|
||||
return -1;
|
||||
|
||||
keyring_iterator it;
|
||||
keyring_iterator_start(keyring, &it);
|
||||
keyring_identity *id = keyring_find_identity_sid(keyring, &sid);
|
||||
|
||||
int r=0;
|
||||
if (!keyring_find_sid(&it, &sid))
|
||||
if (!id)
|
||||
r=WHY("No matching SID");
|
||||
else{
|
||||
if (keyring_set_did(it.identity, did, name))
|
||||
if (keyring_set_did(id, did, name))
|
||||
r=WHY("Could not set DID");
|
||||
else{
|
||||
if (keyring_commit(keyring))
|
||||
r=WHY("Could not write updated keyring record");
|
||||
else{
|
||||
cli_output_identity(context, it.identity);
|
||||
cli_output_identity(context, id);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -315,20 +324,19 @@ static int app_keyring_set_tag(const struct cli_parsed *parsed, struct cli_conte
|
||||
if (str_to_sid_t(&sid, sidhex) == -1)
|
||||
return WHY("str_to_sid_t() failed");
|
||||
|
||||
keyring_iterator it;
|
||||
keyring_iterator_start(keyring, &it);
|
||||
keyring_identity *id = keyring_find_identity_sid(keyring, &sid);
|
||||
int r=0;
|
||||
if (!keyring_find_sid(&it, &sid))
|
||||
if (!id)
|
||||
r=WHY("No matching SID");
|
||||
else{
|
||||
int length = strlen(value);
|
||||
if (keyring_set_public_tag(it.identity, tag, (const unsigned char*)value, length))
|
||||
if (keyring_set_public_tag(id, tag, (const unsigned char*)value, length))
|
||||
r=WHY("Could not set tag value");
|
||||
else{
|
||||
if (keyring_commit(keyring))
|
||||
r=WHY("Could not write updated keyring record");
|
||||
else{
|
||||
cli_output_identity(context, it.identity);
|
||||
cli_output_identity(context, id);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -98,10 +98,10 @@ static int http_request_keyring_response_identity(struct httpd_request *r, uint1
|
||||
json_sid.type = JSON_STRING_NULTERM;
|
||||
json_sid.u.string.content = alloca_tohex_sid_t(*id->box_pk);
|
||||
|
||||
json_id_kv[1].key = "sign";
|
||||
json_id_kv[1].key = "identity";
|
||||
json_id_kv[1].value = &json_sas;
|
||||
json_sas.type = JSON_STRING_NULTERM;
|
||||
json_sas.u.string.content = alloca_tohex_sas(id->sign_pk);
|
||||
json_sas.u.string.content = alloca_tohex_identity_t(id->sign_pk);
|
||||
|
||||
if (did) {
|
||||
json_id_kv[json_id.u.object.itemc].key = "did";
|
||||
@ -152,7 +152,7 @@ static int restful_keyring_identitylist_json_content_chunk(struct http_request *
|
||||
// identities.
|
||||
const char *headers[] = {
|
||||
"sid",
|
||||
"sign",
|
||||
"identity",
|
||||
"did",
|
||||
"name"
|
||||
};
|
||||
@ -183,7 +183,7 @@ static int restful_keyring_identitylist_json_content_chunk(struct http_request *
|
||||
strbuf_puts(b, "\n[");
|
||||
strbuf_json_string(b, alloca_tohex_sid_t(*r->u.sidlist.it.identity->box_pk));
|
||||
strbuf_puts(b, ",");
|
||||
strbuf_json_string(b, alloca_tohex_sas(r->u.sidlist.it.identity->sign_pk));
|
||||
strbuf_json_string(b, alloca_tohex_identity_t(r->u.sidlist.it.identity->sign_pk));
|
||||
strbuf_puts(b, ",");
|
||||
strbuf_json_string(b, did);
|
||||
strbuf_puts(b, ",");
|
||||
@ -238,13 +238,12 @@ static int restful_keyring_set(httpd_request *r, const char *remainder)
|
||||
const char *name = http_request_get_query_param(&r->http, "name");
|
||||
if (pin)
|
||||
keyring_enter_pin(keyring, pin);
|
||||
keyring_iterator it;
|
||||
keyring_iterator_start(keyring, &it);
|
||||
if (!keyring_find_sid(&it, &r->sid1))
|
||||
keyring_identity *id = keyring_find_identity_sid(keyring, &r->sid1);
|
||||
if (!id)
|
||||
return http_request_keyring_response(r, 404, "Identity not found");
|
||||
if (keyring_set_did(it.identity, did ? did : "", name ? name : "") == -1)
|
||||
if (keyring_set_did(id, did ? did : "", name ? name : "") == -1)
|
||||
return http_request_keyring_response(r, 500, "Could not set identity DID/Name");
|
||||
if (keyring_commit(keyring) == -1)
|
||||
return http_request_keyring_response(r, 500, "Could not store new identity");
|
||||
return http_request_keyring_response_identity(r, 200, CONTENT_TYPE_JSON, it.identity);
|
||||
return http_request_keyring_response_identity(r, 200, CONTENT_TYPE_JSON, id);
|
||||
}
|
||||
|
||||
8
meshms.c
8
meshms.c
@ -535,7 +535,7 @@ enum meshms_status meshms_conversations_list(const keyring_identity *id, const s
|
||||
if (!my_sid){
|
||||
my_sid = id->box_pk;
|
||||
}else if(!id){
|
||||
id = keyring_find_identity(keyring, my_sid);
|
||||
id = keyring_find_identity_sid(keyring, my_sid);
|
||||
if (!id){
|
||||
status = MESHMS_STATUS_SID_LOCKED;
|
||||
goto end;
|
||||
@ -585,7 +585,7 @@ enum meshms_status meshms_message_iterator_open(struct meshms_message_iterator *
|
||||
enum meshms_status status = MESHMS_STATUS_ERROR;
|
||||
bzero(iter, sizeof *iter);
|
||||
|
||||
keyring_identity *id = keyring_find_identity(keyring, me);
|
||||
keyring_identity *id = keyring_find_identity_sid(keyring, me);
|
||||
if (!id){
|
||||
status = MESHMS_STATUS_SID_LOCKED;
|
||||
WHY("Identity not found");
|
||||
@ -748,7 +748,7 @@ enum meshms_status meshms_send_message(const sid_t *sender, const sid_t *recipie
|
||||
struct meshms_conversations *conv = NULL;
|
||||
enum meshms_status status = MESHMS_STATUS_ERROR;
|
||||
|
||||
keyring_identity *id = keyring_find_identity(keyring, sender);
|
||||
keyring_identity *id = keyring_find_identity_sid(keyring, sender);
|
||||
if (!id)
|
||||
return MESHMS_STATUS_SID_LOCKED;
|
||||
|
||||
@ -780,7 +780,7 @@ enum meshms_status meshms_mark_read(const sid_t *sender, const sid_t *recipient,
|
||||
enum meshms_status status = MESHMS_STATUS_ERROR;
|
||||
struct meshms_conversations *conv = NULL;
|
||||
|
||||
keyring_identity *id = keyring_find_identity(keyring, sender);
|
||||
keyring_identity *id = keyring_find_identity_sid(keyring, sender);
|
||||
if (!id){
|
||||
status = MESHMS_STATUS_SID_LOCKED;
|
||||
goto end;
|
||||
|
||||
@ -499,7 +499,7 @@ static int app_route_print(const struct cli_parsed *parsed, struct cli_context *
|
||||
break;
|
||||
|
||||
// ignore signing key details for now
|
||||
ob_skip(buff, SAS_SIZE+1);
|
||||
ob_skip(buff, IDENTITY_SIZE+1);
|
||||
if (ob_overrun(buff))
|
||||
break;
|
||||
|
||||
|
||||
@ -350,10 +350,10 @@ static int add_explain_response(struct subscriber *subscriber, void *context)
|
||||
DEBUGF(subscriber, "Explaining sid=%s", alloca_tohex_sid_t(subscriber->sid));
|
||||
ob_checkpoint(b);
|
||||
|
||||
if (subscriber->sas_combined && response->sender && response->sender->sas_combined){
|
||||
if (subscriber->id_combined && response->sender && response->sender->id_combined){
|
||||
// TODO better condition for when we should send this?
|
||||
ob_append_byte(b, OA_CODE_SIGNKEY);
|
||||
ob_append_bytes(b, subscriber->sas_public, crypto_sign_PUBLICKEYBYTES);
|
||||
ob_append_bytes(b, subscriber->id_public.binary, crypto_sign_PUBLICKEYBYTES);
|
||||
}else{
|
||||
ob_append_byte(b, SID_SIZE);
|
||||
ob_append_bytes(b, subscriber->sid.binary, SID_SIZE);
|
||||
@ -428,13 +428,13 @@ static int decode_sid_from_signkey(struct overlay_buffer *b, struct subscriber *
|
||||
if (crypto_sign_ed25519_pk_to_curve25519(sid.binary, id))
|
||||
return WHY("Failed to convert sign key to sid");
|
||||
struct subscriber *s = find_subscriber(sid.binary, SID_SIZE, 1);
|
||||
if (s && !s->sas_combined){
|
||||
bcopy(id, s->sas_public, crypto_sign_PUBLICKEYBYTES);
|
||||
s->sas_valid=1;
|
||||
s->sas_combined=1;
|
||||
if (s && !s->id_combined){
|
||||
bcopy(id, s->id_public.binary, crypto_sign_PUBLICKEYBYTES);
|
||||
s->id_valid=1;
|
||||
s->id_combined=1;
|
||||
DEBUGF(subscriber, "Stored combined SID:SAS mapping, SID=%s SAS=%s",
|
||||
alloca_tohex_sid_t(s->sid),
|
||||
alloca_tohex_sas(s->sas_public)
|
||||
alloca_tohex_identity_t(&s->id_public)
|
||||
);
|
||||
}
|
||||
if (subscriber)
|
||||
|
||||
@ -82,10 +82,10 @@ struct subscriber{
|
||||
time_ms_t last_explained;
|
||||
|
||||
// public signing key details for remote peers
|
||||
uint8_t sas_public[SAS_SIZE];
|
||||
time_ms_t sas_last_request;
|
||||
uint8_t sas_valid:1;
|
||||
uint8_t sas_combined:1;
|
||||
identity_t id_public;
|
||||
time_ms_t id_last_request;
|
||||
uint8_t id_valid:1;
|
||||
uint8_t id_combined:1;
|
||||
|
||||
// should we send the full address once?
|
||||
uint8_t send_full:1;
|
||||
|
||||
@ -70,9 +70,9 @@ int set_reachable(struct subscriber *subscriber,
|
||||
}
|
||||
}
|
||||
|
||||
/* Pre-emptively send a sas request */
|
||||
if (!subscriber->sas_valid && reachable&REACHABLE)
|
||||
keyring_send_sas_request(subscriber);
|
||||
/* Pre-emptively send a public signing key request */
|
||||
if (!subscriber->id_valid && reachable&REACHABLE)
|
||||
keyring_send_identity_request(subscriber);
|
||||
|
||||
CALL_TRIGGER(link_change, subscriber, old_value);
|
||||
|
||||
|
||||
@ -1068,8 +1068,8 @@ static void send_route(struct subscriber *subscriber, struct socket_address *cli
|
||||
struct overlay_buffer *b = ob_static(payload, sizeof payload);
|
||||
ob_limitsize(b, sizeof payload);
|
||||
ob_append_bytes(b, subscriber->sid.binary, SID_SIZE);
|
||||
ob_append_bytes(b, subscriber->sas_public, SAS_SIZE);
|
||||
ob_append_byte(b, subscriber->sas_valid | (subscriber->sas_combined<<1));
|
||||
ob_append_bytes(b, subscriber->id_public.binary, IDENTITY_SIZE);
|
||||
ob_append_byte(b, subscriber->id_valid | (subscriber->id_combined<<1));
|
||||
ob_append_byte(b, subscriber->reachable);
|
||||
if (subscriber->reachable & REACHABLE){
|
||||
ob_append_byte(b, subscriber->hop_count);
|
||||
@ -1179,15 +1179,7 @@ static int mdp_process_identity_request(struct socket_address *client, struct md
|
||||
const char *pin = ob_get_str_ptr(payload);
|
||||
if (!pin)
|
||||
break;
|
||||
keyring_iterator it;
|
||||
keyring_iterator_start(keyring, &it);
|
||||
keyring_next_identity(&it);
|
||||
while(it.identity){
|
||||
if (it.identity->PKRPin && strcmp(it.identity->PKRPin, pin) == 0)
|
||||
keyring_release_identity(&it);
|
||||
else
|
||||
keyring_next_identity(&it);
|
||||
}
|
||||
keyring_release_identities_by_pin(keyring, pin);
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
@ -38,19 +38,6 @@ static const char *rhizome_manifest_get(const rhizome_manifest *m, const char *v
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#if 0
|
||||
static uint64_t rhizome_manifest_get_ui64(rhizome_manifest *m, const char *var)
|
||||
{
|
||||
unsigned i;
|
||||
for (i = 0; i < m->var_count; ++i)
|
||||
if (strcmp(m->vars[i], var) == 0) {
|
||||
uint64_t val;
|
||||
return str_to_uint64(m->values[i], 10, &val, NULL) ? val : -1;
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Remove the field with the given label from the manifest
|
||||
*
|
||||
* @author Andrew Bettison <andrew@servalproject.com>
|
||||
@ -1493,15 +1480,13 @@ struct rhizome_bundle_result rhizome_fill_manifest(rhizome_manifest *m, const ch
|
||||
int rhizome_lookup_author(rhizome_manifest *m)
|
||||
{
|
||||
IN();
|
||||
keyring_iterator it;
|
||||
switch (m->authorship) {
|
||||
case AUTHOR_LOCAL:
|
||||
case AUTHOR_AUTHENTIC:
|
||||
RETURN(1);
|
||||
case AUTHOR_NOT_CHECKED:
|
||||
DEBUGF(rhizome, "manifest %p lookup author=%s", m, alloca_tohex_sid_t(m->author));
|
||||
keyring_iterator_start(keyring, &it);
|
||||
if (keyring_find_sid(&it, &m->author)) {
|
||||
if (keyring_find_identity_sid(keyring, &m->author)) {
|
||||
DEBUGF(rhizome, "found author");
|
||||
m->authorship = AUTHOR_LOCAL;
|
||||
RETURN(1);
|
||||
@ -1510,8 +1495,7 @@ int rhizome_lookup_author(rhizome_manifest *m)
|
||||
case ANONYMOUS:
|
||||
if (m->has_sender) {
|
||||
DEBUGF(rhizome, "manifest %p lookup sender=%s", m, alloca_tohex_sid_t(m->sender));
|
||||
keyring_iterator_start(keyring, &it);
|
||||
if (keyring_find_sid(&it, &m->sender)) {
|
||||
if (keyring_find_identity_sid(keyring, &m->sender)) {
|
||||
DEBUGF(rhizome, "found sender");
|
||||
rhizome_manifest_set_author(m, &m->sender);
|
||||
m->authorship = AUTHOR_LOCAL;
|
||||
|
||||
@ -197,7 +197,7 @@ static enum rhizome_bundle_authorship try_author(rhizome_manifest *m, const keyr
|
||||
return AUTHOR_UNKNOWN;
|
||||
|
||||
if (!id){
|
||||
id = keyring_find_identity(keyring, sid);
|
||||
id = keyring_find_identity_sid(keyring, sid);
|
||||
if (!id)
|
||||
return AUTHOR_UNKNOWN;
|
||||
}
|
||||
@ -329,7 +329,7 @@ int rhizome_manifest_add_bundle_key(rhizome_manifest *m)
|
||||
*/
|
||||
|
||||
if (!m->author_identity){
|
||||
m->author_identity = keyring_find_identity(keyring, &m->author);
|
||||
m->author_identity = keyring_find_identity_sid(keyring, &m->author);
|
||||
if (!m->author_identity){
|
||||
m->authorship = AUTHOR_UNKNOWN;
|
||||
break;
|
||||
@ -574,7 +574,7 @@ int rhizome_derive_payload_key(rhizome_manifest *m)
|
||||
|
||||
{
|
||||
const keyring_identity *id=NULL;
|
||||
id = keyring_find_identity(keyring, &m->recipient);
|
||||
id = keyring_find_identity_sid(keyring, &m->recipient);
|
||||
if (id){
|
||||
if (m->has_sender){
|
||||
other_pk = &m->sender;
|
||||
@ -585,7 +585,7 @@ int rhizome_derive_payload_key(rhizome_manifest *m)
|
||||
other_pk = NULL;
|
||||
}
|
||||
} else if (m->has_sender){
|
||||
id = keyring_find_identity(keyring, &m->sender);
|
||||
id = keyring_find_identity_sid(keyring, &m->sender);
|
||||
// TODO error if sender != author?
|
||||
} else if (m->haveSecret){
|
||||
id = m->author_identity;
|
||||
|
||||
@ -32,15 +32,20 @@ typedef char bool_t;
|
||||
/* Serval ID (aka Subscriber ID)
|
||||
*/
|
||||
|
||||
#define SID_SIZE 32 // == crypto_sign_PUBLICKEYBYTES
|
||||
#define SAS_SIZE 32 // == crypto_sign_PUBLICKEYBYTES
|
||||
#define SID_SIZE 32 // == crypto_box_PUBLICKEYBYTES
|
||||
#define IDENTITY_SIZE 32 // == crypto_sign_PUBLICKEYBYTES
|
||||
|
||||
#define SID_STRLEN (SID_SIZE*2)
|
||||
#define IDENTITY_STRLEN (IDENTITY_SIZE*2)
|
||||
|
||||
typedef struct sid_binary {
|
||||
unsigned char binary[SID_SIZE];
|
||||
} sid_t;
|
||||
|
||||
typedef struct identity_binary {
|
||||
unsigned char binary[IDENTITY_SIZE];
|
||||
} identity_t;
|
||||
|
||||
#define SID_TYPE_ANY (0)
|
||||
#define SID_TYPE_INTERNAL (1)
|
||||
#define SID_TYPE_BROADCAST (0xFF)
|
||||
@ -55,7 +60,7 @@ typedef struct sid_binary {
|
||||
// is the SID entirely 0x00?
|
||||
#define is_sid_t_any(SID) is_all_matching((SID).binary, sizeof (*(sid_t*)0).binary, 0)
|
||||
|
||||
#define alloca_tohex_sid_t(sid) alloca_tohex((sid).binary, sizeof (*(sid_t*)0).binary)
|
||||
#define alloca_tohex_sid_t(sid) alloca_tohex((sid).binary, SID_SIZE)
|
||||
#define alloca_tohex_sid_t_trunc(sid,strlen) tohex((char *)alloca((strlen)+1), (strlen), (sid).binary)
|
||||
|
||||
int cmp_sid_t(const sid_t *a, const sid_t *b);
|
||||
@ -64,7 +69,11 @@ int strn_to_sid_t(sid_t *sid, const char *hex, size_t hexlen);
|
||||
int parse_sid_t(sid_t *sid, const char *hex, ssize_t hexlen, const char **endp);
|
||||
int sid_get_special_type(const sid_t *sid);
|
||||
|
||||
#define alloca_tohex_sas(sas) alloca_tohex((sas), SAS_SIZE)
|
||||
#define alloca_tohex_identity_t(identity) alloca_tohex((identity)->binary, IDENTITY_SIZE)
|
||||
|
||||
int cmp_identity_t(const identity_t *a, const identity_t *b);
|
||||
int str_to_identity_t(identity_t *sid, const char *hex);
|
||||
int strn_to_identity_t(identity_t *sid, const char *hex, size_t hexlen);
|
||||
|
||||
/* MDP port number
|
||||
*/
|
||||
|
||||
13
testdefs.sh
13
testdefs.sh
@ -36,6 +36,7 @@ HT=' '
|
||||
# Some useful regular expressions. These must work in grep(1) as basic
|
||||
# expressions, and also in sed(1).
|
||||
rexp_sid='[0-9a-fA-F]\{64\}'
|
||||
rexp_id='[0-9a-fA-F]\{64\}'
|
||||
rexp_did='[0-9+#]\{5,\}'
|
||||
|
||||
# Utility function for extracting information from the output of servald
|
||||
@ -679,18 +680,22 @@ create_single_identity() {
|
||||
esac
|
||||
done
|
||||
local sidvar=SID${instance_name}1
|
||||
local idvar=ID${instance_name}1
|
||||
local didvar=DID${instance_name}1
|
||||
local namevar=NAME${instance_name}1
|
||||
eval "$didvar=\"\${1-\$((5550000 + \$instance_number))}\""
|
||||
eval "$namevar=\"\${2-Agent \$instance_name Smith}\""
|
||||
create_identities "${servald_options[@]}" 1
|
||||
eval "SID$instance_name=\"\${!sidvar}\""
|
||||
eval "ID$instance_name=\"\${!idvar}\""
|
||||
eval "DID$instance_name=\"\${!didvar}\""
|
||||
eval "NAME$instance_name=\"\${!namevar}\""
|
||||
sidvar=SID${instance_name}
|
||||
idvar=ID${instance_name}
|
||||
didvar=DID${instance_name}
|
||||
namevar=NAME${instance_name}
|
||||
tfw_log "SID$instance_name=$(shellarg "${!sidvar}")"
|
||||
tfw_log "ID$instance_name=$(shellarg "${!idvar}")"
|
||||
tfw_log "DID$instance_name=$(shellarg "${!didvar}")"
|
||||
tfw_log "NAME$instance_name=$(shellarg "${!namevar}")"
|
||||
}
|
||||
@ -734,6 +739,7 @@ create_identities() {
|
||||
for ((i = 1; i <= N; ++i)); do
|
||||
local pinvar=PIN$instance_name$i
|
||||
local sidvar=SID$instance_name$i
|
||||
local idvar=ID$instance_name$i
|
||||
local didvar=DID$instance_name$i
|
||||
local namevar=NAME$instance_name$i
|
||||
local pin="${!pinvar}"
|
||||
@ -741,6 +747,7 @@ create_identities() {
|
||||
executeOk_servald keyring add "${servald_options[@]}" "$pin"
|
||||
assert [ -e "$SERVALINSTANCE_PATH/serval.keyring" ]
|
||||
extract_stdout_keyvalue $sidvar sid "$rexp_sid"
|
||||
extract_stdout_keyvalue $idvar identity "$rexp_id"
|
||||
tfw_log "$sidvar=${!sidvar}"
|
||||
# If the DID and/or NAME is already specified in the variables, then use
|
||||
# them, otherwise extract the DID and NAME automatically generated by
|
||||
@ -759,15 +766,17 @@ create_identities() {
|
||||
for ((i = 1; i <= N; ++i)); do
|
||||
for ((j = 1; j <= N; ++j)); do
|
||||
[ $i -ne $j ] && eval assert [ "\$SID$instance_name$i" != "\$SID$instance_name$j" ]
|
||||
[ $i -ne $j ] && eval assert [ "\$ID$instance_name$i" != "\$ID$instance_name$j" ]
|
||||
done
|
||||
done
|
||||
executeOk_servald keyring list "${servald_options[@]}"
|
||||
for ((i = 1; i <= N; ++i)); do
|
||||
local sidvar=SID$instance_name$i
|
||||
local idvar=ID$instance_name$i
|
||||
local didvar=DID$instance_name$i
|
||||
local namevar=NAME$instance_name$i
|
||||
local re_name=$(escape_grep_basic "${!namevar}")
|
||||
assertStdoutGrep --matches=1 "^${!sidvar}:${!didvar}:${re_name}\$"
|
||||
assertStdoutGrep --matches=1 "^${!sidvar}:${!idvar}:${!didvar}:${re_name}\$"
|
||||
done
|
||||
}
|
||||
|
||||
@ -776,7 +785,7 @@ create_identities() {
|
||||
assert_keyring_list() {
|
||||
unpack_stdout_list __X
|
||||
assert --stdout --stderr [ $__XNROWS -eq $1 ]
|
||||
assertStdoutGrep --stderr --matches=$1 "^$rexp_sid:\($rexp_did\)\?:.*\$"
|
||||
assertStdoutGrep --stderr --matches=$1 "^$rexp_sid:$rexp_id:\($rexp_did\)\?:.*\$"
|
||||
}
|
||||
|
||||
# Utility function, to be overridden as needed:
|
||||
|
||||
@ -61,15 +61,18 @@ doc_DidName="Create an identity & set the name and number"
|
||||
test_DidName() {
|
||||
executeOk_servald keyring add ''
|
||||
assertStdoutGrep --matches=1 "^sid:"
|
||||
assertStdoutLineCount '==' 1
|
||||
assertStdoutGrep --matches=1 "^identity:"
|
||||
assertStdoutLineCount '==' 2
|
||||
extract_stdout_keyvalue SID sid "$rexp_sid"
|
||||
extract_stdout_keyvalue ID identity "$rexp_id"
|
||||
executeOk_servald keyring set did "$SID" '123456' 'Display Name'
|
||||
assertStdoutGrep --matches=1 "^sid:$SID\$"
|
||||
assertStdoutGrep --matches=1 "^identity:$ID\$"
|
||||
assertStdoutGrep --matches=1 "^did:123456\$"
|
||||
assertStdoutGrep --matches=1 "^name:Display Name\$"
|
||||
assertStdoutLineCount '==' 3
|
||||
assertStdoutLineCount '==' 4
|
||||
executeOk_servald keyring list
|
||||
assertStdoutGrep --stderr --matches=1 "^$SID:123456:Display Name\$"
|
||||
assertStdoutGrep --stderr --matches=1 "^$SID:$ID:123456:Display Name\$"
|
||||
}
|
||||
|
||||
keyring_set_tag() {
|
||||
@ -82,17 +85,19 @@ doc_SetTag="Set a named tag against an identity"
|
||||
test_SetTag() {
|
||||
executeOk_servald keyring add ''
|
||||
assertStdoutGrep --matches=1 "^sid:"
|
||||
assertStdoutLineCount '==' 1
|
||||
extract_stdout_keyvalue SID sid "$rexp_sid"
|
||||
keyring_set_tag "$SID" 'tag1' 'First Value'
|
||||
assertStdoutGrep --matches=1 "^identity:"
|
||||
assertStdoutLineCount '==' 2
|
||||
extract_stdout_keyvalue SID sid "$rexp_sid"
|
||||
extract_stdout_keyvalue ID identity "$rexp_id"
|
||||
keyring_set_tag "$SID" 'tag1' 'First Value'
|
||||
assertStdoutLineCount '==' 3
|
||||
keyring_set_tag "$SID" 'tag2' 'Second Value'
|
||||
executeOk_servald keyring set tag "$SID" 'tag2' 'Second Value'
|
||||
assertStdoutGrep --matches=1 "^tag1:First Value\$"
|
||||
assertStdoutLineCount '==' 3
|
||||
assertStdoutLineCount '==' 4
|
||||
keyring_set_tag "$SID" 'tag1' 'Third Value'
|
||||
assertStdoutGrep --matches=1 "^tag2:Second Value\$"
|
||||
assertStdoutLineCount '==' 3
|
||||
assertStdoutLineCount '==' 4
|
||||
executeOk_servald keyring dump --secret
|
||||
tfw_cat --stdout
|
||||
}
|
||||
|
||||
@ -122,7 +122,7 @@ test_keyringAddDidName() {
|
||||
assertStdoutGrep --matches=1 "sid=${rexp_sid}, did=987654321, name=Joe Bloggs$"
|
||||
executeOk_servald keyring list
|
||||
assert_keyring_list 2
|
||||
assertStdoutGrep --stderr --matches=1 "^${rexp_sid}:987654321:Joe Bloggs\$"
|
||||
assertStdoutGrep --stderr --matches=1 "^${rexp_sid}:${rexp_id}:987654321:Joe Bloggs\$"
|
||||
}
|
||||
|
||||
doc_keyringSetDidName="Java API set DID and name"
|
||||
@ -136,7 +136,7 @@ test_keyringSetDidName() {
|
||||
assertStdoutGrep --matches=1 "sid=$SIDA1, did=987654321, name=Joe Bloggs$"
|
||||
executeOk_servald keyring list
|
||||
assert_keyring_list 2
|
||||
assertStdoutGrep --stderr --matches=1 "^$SIDA1:987654321:Joe Bloggs\$"
|
||||
assertStdoutGrep --stderr --matches=1 "^$SIDA1:$IDA1:987654321:Joe Bloggs\$"
|
||||
}
|
||||
|
||||
runTests "$@"
|
||||
|
||||
@ -144,10 +144,12 @@ test_keyringAdd() {
|
||||
tfw_preserve add.json
|
||||
assertStdoutIs '200'
|
||||
SID="$(jq -r '.identity.sid' add.json)"
|
||||
ID="$(jq -r '.identity.identity' add.json)"
|
||||
assert matches_rexp "^${rexp_sid}$" "$SID"
|
||||
assert matches_rexp "^${rexp_id}$" "$ID"
|
||||
executeOk_servald keyring list
|
||||
assert_keyring_list 3
|
||||
assertStdoutGrep --stderr --matches=1 "^$SID::\$"
|
||||
assertStdoutGrep --stderr --matches=1 "^$SID:$ID::\$"
|
||||
}
|
||||
|
||||
doc_keyringAddPin="HTTP RESTful add keyring identity with PIN"
|
||||
@ -166,12 +168,13 @@ test_keyringAddPin() {
|
||||
tfw_preserve add.json
|
||||
assertStdoutIs '200'
|
||||
SID="$(jq -r '.identity.sid' add.json)"
|
||||
ID="$(jq -r '.identity.identity' add.json)"
|
||||
executeOk_servald keyring list
|
||||
assert_keyring_list 2
|
||||
assertStdoutGrep --stderr --matches=0 "^$SID::\$"
|
||||
assertStdoutGrep --stderr --matches=0 "^$SID:$ID::\$"
|
||||
executeOk_servald keyring list --entry-pin=1234
|
||||
assert_keyring_list 3
|
||||
assertStdoutGrep --stderr --matches=1 "^$SID::\$"
|
||||
assertStdoutGrep --stderr --matches=1 "^$SID:$ID::\$"
|
||||
# Now the server has internalised the PIN, so the new identity appears in the
|
||||
# list
|
||||
executeOk curl \
|
||||
@ -204,7 +207,7 @@ test_keyringSetDidName() {
|
||||
assertJq set.json 'contains({"identity": {"sid": "'$SIDA1'", "did": "987654321", "name": "Joe Bloggs"}})'
|
||||
executeOk_servald keyring list
|
||||
assert_keyring_list 2
|
||||
assertStdoutGrep --stderr --matches=1 "^$SIDA1:987654321:Joe Bloggs\$"
|
||||
assertStdoutGrep --stderr --matches=1 "^$SIDA1:$IDA1:987654321:Joe Bloggs\$"
|
||||
}
|
||||
|
||||
doc_keyringSetDidNamePin="HTTP RESTful set DID and name with PIN"
|
||||
@ -247,7 +250,7 @@ test_keyringSetDidNamePin() {
|
||||
assertJq set3.json 'contains({"identity": {"sid": "'$SIDA1'", "did": "987654321", "name": "Joe Bloggs"}})'
|
||||
executeOk_servald keyring list --entry-pin=xyzabc
|
||||
assert_keyring_list 2
|
||||
assertStdoutGrep --stderr --matches=1 "^$SIDA1:987654321:Joe Bloggs\$"
|
||||
assertStdoutGrep --stderr --matches=1 "^$SIDA1:$IDA1:987654321:Joe Bloggs\$"
|
||||
# Finally, try again with no PIN, and make sure it succeeds (server has
|
||||
# internalised the PIN supplied in the last request)
|
||||
executeOk curl \
|
||||
@ -262,7 +265,7 @@ test_keyringSetDidNamePin() {
|
||||
assertJq set4.json 'contains({"identity": {"sid": "'$SIDA1'", "did": "321321321", "name": "Fred Nurks"}})'
|
||||
executeOk_servald keyring list --entry-pin=xyzabc
|
||||
assert_keyring_list 2
|
||||
assertStdoutGrep --stderr --matches=1 "^$SIDA1:321321321:Fred Nurks\$"
|
||||
assertStdoutGrep --stderr --matches=1 "^$SIDA1:$IDA1:321321321:Fred Nurks\$"
|
||||
}
|
||||
|
||||
runTests "$@"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user