Refactor manifest: replace int with unsigned

rhizome.h

@@ -137,8 +137,8 @@ typedef struct rhizome_signature {
 #define MAX_MANIFEST_BYTES 8192
 typedef struct rhizome_manifest {
   int manifest_record_number;
-  int manifest_bytes;
-  int manifest_all_bytes;
+  unsigned manifest_bytes;
+  unsigned manifest_all_bytes;
   unsigned char manifestdata[MAX_MANIFEST_BYTES];
   unsigned char manifesthash[crypto_hash_sha512_BYTES];
 
@@ -151,27 +151,33 @@ typedef struct rhizome_manifest {
   /* Whether we have the secret for this manifest on hand */
   enum { SECRET_UNKNOWN = 0, EXISTING_BUNDLE_ID, NEW_BUNDLE_ID } haveSecret;
 
-  int var_count;
+  unsigned short var_count;
   char *vars[MAX_MANIFEST_VARS];
   char *values[MAX_MANIFEST_VARS];
 
-  int sig_count;
-  /* Parties who have signed this manifest (raw byte format) */
+  /* Parties who have signed this manifest (binary format, malloc(3)).
+   * Recognised signature types:
+   *    0x17 = crypto_sign_edwards25519sha512batch()
+   */
+  unsigned short sig_count;
   unsigned char *signatories[MAX_MANIFEST_VARS];
-  /*
-    0x17 = crypto_sign_edwards25519sha512batch()
-  */
-  unsigned char signatureTypes[MAX_MANIFEST_VARS];
+  uint8_t signatureTypes[MAX_MANIFEST_VARS];
+
+  /* Imperfections.
+   *  - Errors involve the correctness of fields that are mandatory for proper
+   *    operation of the transport and storage layer.  A manifest with errors > 0
+   *    must not be stored, transmitted or supplied via any API.
+   *  - Warnings indicate a manifest that cannot be fully understood by this
+   *    version of Rhizome (probably from a future or a very old past version
+   *    of Rhizome).  During add or import (local injection), the manifest
+   *    should not be imported.  During extract or export (local) a warning or
+   *    error message should be logged.
+   */
+  unsigned short errors;
+  unsigned short warnings;
 
-  // errors only involve the correctness of fields that are mandatory for 
-  // proper operation of the transport and storage layer
-  int errors;
-  // a warning indicates that the manifest cannot be perfectly understood by this version of rhizome
-  // during add, the manifest should not be finalised and imported
-  // during extract an error should be displayed.
-  int warnings;
   time_ms_t inserttime;
-  
+
   /* Set non-zero after variables have been packed and
      signature blocks appended.
      All fields below may not be valid until the manifest has been finalised */
@@ -399,7 +405,7 @@ int _sqlite_vexec_strbuf_retry(struct __sourceloc, sqlite_retry_state *retry, st
 #define sqlite_exec_strbuf_retry(rs,sb,sql,arg,...)     _sqlite_exec_strbuf_retry(__WHENCE__, (rs), (sb), (sql), arg, ##__VA_ARGS__)
 
 double rhizome_manifest_get_double(rhizome_manifest *m,char *var,double default_value);
-int rhizome_manifest_extract_signature(rhizome_manifest *m,int *ofs);
+int rhizome_manifest_extract_signature(rhizome_manifest *m, unsigned *ofs);
 int rhizome_update_file_priority(const char *fileid);
 int rhizome_find_duplicate(const rhizome_manifest *m, rhizome_manifest **found);
 int rhizome_manifest_to_bar(rhizome_manifest *m,unsigned char *bar);

rhizome_bundle.c

@@ -27,7 +27,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
 int rhizome_manifest_verify(rhizome_manifest *m)
 {
-  int end_of_text=0;
+  unsigned end_of_text=0;
 
   /* find end of manifest body and start of signatures */
   while(m->manifestdata[end_of_text]&&end_of_text<m->manifest_all_bytes)
@@ -39,10 +39,12 @@ int rhizome_manifest_verify(rhizome_manifest *m)
   crypto_hash_sha512(m->manifesthash,m->manifestdata,end_of_text);
   
   /* Read signature blocks from file. */
-  int ofs=end_of_text;  
+  unsigned ofs = end_of_text;  
   while(ofs<m->manifest_all_bytes) {
-    if (config.debug.rhizome) DEBUGF("ofs=0x%x, m->manifest_bytes=0x%x", ofs,m->manifest_all_bytes);
-    if (rhizome_manifest_extract_signature(m,&ofs)) break;
+    if (config.debug.rhizome)
+      DEBUGF("ofs=0x%x, m->manifest_bytes=0x%x", ofs,m->manifest_all_bytes);
+    if (rhizome_manifest_extract_signature(m, &ofs))
+      break;
   }
   
   if (m->sig_count==0) {
@@ -114,10 +116,10 @@ int rhizome_manifest_parse(rhizome_manifest *m)
   int have_filesize = 0;
   int have_filehash = 0;
   
-  int ofs = 0;
+  unsigned ofs = 0;
   while (ofs < m->manifest_bytes && m->manifestdata[ofs]) {
     char line[1024];
-    int limit = ofs + sizeof line - 1;
+    unsigned limit = ofs + sizeof line - 1;
     if (limit > m->manifest_bytes)
       limit = m->manifest_bytes;
     char *p = line;
@@ -273,7 +275,7 @@ int rhizome_manifest_parse(rhizome_manifest *m)
     ++ofs;
 
   /* Remember where the text ends */
-  int end_of_text=ofs;
+  unsigned end_of_text = ofs;
   m->manifest_bytes = end_of_text;
 
   // verify that all required fields are consistent.
@@ -319,7 +321,7 @@ int rhizome_manifest_parse(rhizome_manifest *m)
 
   if (m->errors || m->warnings) {
     if (config.debug.rejecteddata)
-      dump("manifest body",m->manifestdata,m->manifest_bytes);
+      dump("manifest body", m->manifestdata, (size_t) m->manifest_bytes);
   }
 
   RETURN(0);
@@ -391,10 +393,9 @@ int rhizome_hash_file(rhizome_manifest *m, const char *path, rhizome_filehash_t
 
 char *rhizome_manifest_get(const rhizome_manifest *m, const char *var, char *out, int maxlen)
 {
-  int i,j;
-
-  if (!m) return NULL;
-
+  if (!m)
+    return NULL;
+  unsigned i,j;
   for(i=0;i<m->var_count;i++)
     if (!strcmp(m->vars[i],var)) {
       if (out) {
@@ -412,7 +413,7 @@ int64_t rhizome_manifest_get_ll(rhizome_manifest *m, const char *var)
 {
   if (!m)
     return -1;
-  int i;
+  unsigned i;
   for (i = 0; i < m->var_count; ++i)
     if (!strcmp(m->vars[i], var)) {
       int64_t val;
@@ -423,10 +424,8 @@ int64_t rhizome_manifest_get_ll(rhizome_manifest *m, const char *var)
 
 double rhizome_manifest_get_double(rhizome_manifest *m,char *var,double default_value)
 {
-  int i;
-
   if (!m) return default_value;
-
+  unsigned i;
   for(i=0;i<m->var_count;i++)
     if (!strcmp(m->vars[i],var))
       return strtod(m->values[i],NULL);
@@ -438,7 +437,7 @@ double rhizome_manifest_get_double(rhizome_manifest *m,char *var,double default_
 int rhizome_manifest_del(rhizome_manifest *m, const char *var)
 {
   int ret = 0;
-  int i;
+  unsigned i;
   for (i = 0; i < m->var_count; ++i)
     if (strcmp(m->vars[i], var) == 0) {
       free(m->vars[i]); 
@@ -459,7 +458,7 @@ int rhizome_manifest_set(rhizome_manifest *m, const char *var, const char *value
 {
   if (!m)
     return WHY("m == NULL");
-  int i;
+  unsigned i;
   for(i=0;i<m->var_count;i++)
     if (!strcmp(m->vars[i],var)) {
       free(m->values[i]); 
@@ -492,7 +491,7 @@ struct __sourceloc manifest_free_whence[MAX_RHIZOME_MANIFESTS];
 static void _log_manifest_trace(struct __sourceloc __whence, const char *operation)
 {
   int count_free = 0;
-  int i;
+  unsigned i;
   for (i = 0; i != MAX_RHIZOME_MANIFESTS; ++i)
     if (manifest_free[i])
       ++count_free;
@@ -503,7 +502,7 @@ rhizome_manifest *_rhizome_new_manifest(struct __sourceloc __whence)
 {
   if (manifest_first_free<0) {
     /* Setup structures */
-    int i;
+    unsigned i;
     for(i=0;i<MAX_RHIZOME_MANIFESTS;i++) {
       manifest_alloc_whence[i]=__NOWHERE__;
       manifest_free_whence[i]=__NOWHERE__;
@@ -515,7 +514,7 @@ rhizome_manifest *_rhizome_new_manifest(struct __sourceloc __whence)
   /* No free manifests */
   if (manifest_first_free>=MAX_RHIZOME_MANIFESTS)
     {
-      int i;
+      unsigned i;
       WHYF("%s(): no free manifest records, this probably indicates a memory leak", __FUNCTION__);
       WHYF("   Slot# | Last allocated by");
       for(i=0;i<MAX_RHIZOME_MANIFESTS;i++) {
@@ -554,7 +553,6 @@ rhizome_manifest *_rhizome_new_manifest(struct __sourceloc __whence)
 void _rhizome_manifest_free(struct __sourceloc __whence, rhizome_manifest *m)
 {
   if (!m) return;
-  int i;
   int mid=m->manifest_record_number;
 
   if (m!=&manifests[mid]) {
@@ -574,15 +572,17 @@ void _rhizome_manifest_free(struct __sourceloc __whence, rhizome_manifest *m)
     exit(-1);
   }
 
-  /* Free variable and signature blocks.
-     XXX These should be moved to malloc-free storage eventually */
-  for(i=0;i<m->var_count;i++)
-    { free(m->vars[i]); free(m->values[i]); 
-      m->vars[i]=NULL; m->values[i]=NULL; }
-  for(i=0;i<m->sig_count;i++)
-    { free(m->signatories[i]);
-      m->signatories[i]=NULL;
-    }
+  /* Free variable and signature blocks. */
+  unsigned i;
+  for(i=0;i<m->var_count;i++) {
+    free(m->vars[i]);
+    free(m->values[i]); 
+    m->vars[i] = m->values[i] = NULL;
+  }
+  for(i=0;i<m->sig_count;i++) {
+    free(m->signatories[i]);
+    m->signatories[i] = NULL;
+  }
 
   if (m->dataFileName) {
     if (m->dataFileUnlinkOnFree && unlink(m->dataFileName) == -1)
@@ -605,8 +605,8 @@ void _rhizome_manifest_free(struct __sourceloc __whence, rhizome_manifest *m)
    Signatures etc will be added later. */
 int rhizome_manifest_pack_variables(rhizome_manifest *m)
 {
-  int i,ofs=0;
-
+  unsigned i;
+  unsigned ofs = 0;
   for(i=0;i<m->var_count;i++)
     {
       if ((ofs+strlen(m->vars[i])+1+strlen(m->values[i])+1+1)>MAX_MANIFEST_BYTES)
@@ -690,7 +690,7 @@ int rhizome_manifest_add_group(rhizome_manifest *m,char *groupid)
 
 int rhizome_manifest_dump(rhizome_manifest *m, const char *msg)
 {
-  int i;
+  unsigned i;
   WHYF("Dumping manifest %s:", msg);
   for(i=0;i<m->var_count;i++)
     WHYF("[%s]=[%s]\n", m->vars[i], m->values[i]);

rhizome_crypto.c

@@ -504,18 +504,19 @@ int rhizome_manifest_lookup_signature_validity(unsigned char *hash,unsigned char
   OUT();
 }
 
-int rhizome_manifest_extract_signature(rhizome_manifest *m,int *ofs)
+int rhizome_manifest_extract_signature(rhizome_manifest *m, unsigned *ofs)
 {
   IN();
   if (!m)
     RETURN(WHY("NULL pointer passed in as manifest"));
   if (config.debug.rhizome)
-    DEBUGF("m->manifest_all_bytes=%d m->manifest_bytes=%d *ofs=%d", m->manifest_all_bytes, m->manifest_bytes, *ofs);
+    DEBUGF("m->manifest_all_bytes=%u m->manifest_bytes=%u *ofs=%u", m->manifest_all_bytes, m->manifest_bytes, *ofs);
 
-  if ((*ofs)>=m->manifest_all_bytes) { RETURN(0); }
+  if ((*ofs) >= m->manifest_all_bytes)
+    RETURN(0);
 
-  int sigType=m->manifestdata[*ofs];
-  int len=(sigType&0x3f)*4+4+1;
+  uint8_t sigType = m->manifestdata[*ofs];
+  uint8_t len = (sigType << 2) + 4 + 1;
 
   /* Each signature type is required to have a different length to detect it.
      At present only crypto_sign_edwards25519sha512batch() signatures are

rhizome_database.c

@@ -1384,7 +1384,7 @@ int rhizome_store_bundle(rhizome_manifest *m)
   if (m->group_count > 0) {
     if ((stmt = sqlite_prepare(&retry, "INSERT OR REPLACE INTO GROUPMEMBERSHIPS (manifestid, groupid) VALUES (?, ?);")) == NULL)
       goto rollback;
-    int i;
+    unsigned i;
     for (i=0;i<m->group_count;i++){
       if (sqlite_bind(&retry, stmt, RHIZOME_BID_T, &m->cryptoSignPublic, TEXT, m->groups[i]) == -1)
 	goto rollback;

rhizome_direct_http.c

@@ -661,15 +661,15 @@ void rhizome_direct_http_dispatch(rhizome_direct_sync_request *r)
 	  "\r\n";
 	/* Work out what the content length should be */
 	if (config.debug.rhizome_tx)
-	  DEBUGF("manifest_all_bytes=%d, manifest_bytes=%d", m->manifest_all_bytes,m->manifest_bytes);
-	int content_length
-	  =strlen(template2)-2 /* minus 2 for the "%s" that gets replaced */
-	  +strlen(boundary)
-	  +m->manifest_all_bytes
-	  +strlen(template3)-2 /* minus 2 for the "%s" that gets replaced */
-	  +strlen(boundary)
-	  +m->fileLength
-	  +strlen("\r\n--")+strlen(boundary)+strlen("--\r\n");
+	  DEBUGF("manifest_all_bytes=%u, manifest_bytes=%u", m->manifest_all_bytes, m->manifest_bytes);
+	size_t content_length =
+	    strlen(template2) - 2 /* minus 2 for the "%s" that gets replaced */
+	  + strlen(boundary)
+	  + m->manifest_all_bytes
+	  + strlen(template3) - 2 /* minus 2 for the "%s" that gets replaced */
+	  + strlen(boundary)
+	  + m->fileLength
+	  + strlen("\r\n--") + strlen(boundary) + strlen("--\r\n");
 
 	int len=snprintf(buffer,8192,template,content_length,boundary);
 	len+=snprintf(&buffer[len],8192-len,template2,boundary);

rhizome_fetch.c

@@ -73,7 +73,7 @@ struct rhizome_fetch_slot {
 
   /* HTTP streaming reception of manifests */
   char manifest_buffer[1024];
-  int manifest_bytes;
+  unsigned manifest_bytes;
 
   /* MDP transport specific elements */
   rhizome_bid_t bid;
@@ -459,7 +459,7 @@ static int rhizome_import_received_bundle(struct rhizome_manifest *m)
   m->finalised = 1;
   m->manifest_bytes = m->manifest_all_bytes; // store the signatures too
   if (config.debug.rhizome_rx) {
-    DEBUGF("manifest len=%d has %d signatories. Associated file = %"PRId64" bytes", 
+    DEBUGF("manifest len=%u has %u signatories. Associated file = %"PRId64" bytes", 
 	   m->manifest_bytes, m->sig_count, m->fileLength);
     dump("manifest", m->manifestdata, m->manifest_all_bytes);
   }
@@ -1318,7 +1318,7 @@ int rhizome_write_complete(struct rhizome_fetch_slot *slot)
   RETURN(-1);
 }
 
-int rhizome_write_content(struct rhizome_fetch_slot *slot, unsigned char *buffer, int bytes)
+int rhizome_write_content(struct rhizome_fetch_slot *slot, unsigned char *buffer, size_t bytes)
 {
   IN();
   
@@ -1333,8 +1333,9 @@ int rhizome_write_content(struct rhizome_fetch_slot *slot, unsigned char *buffer
 
   if (!slot->manifest){
     /* We are reading a manifest.  Read it into a buffer. */
-    int count=bytes;
-    if (count+slot->manifest_bytes>1024) count=1024-slot->manifest_bytes;
+    unsigned count = bytes;
+    if (count + slot->manifest_bytes > 1024)
+      count = 1024 - slot->manifest_bytes;
     bcopy(buffer,&slot->manifest_buffer[slot->manifest_bytes],count);
     slot->manifest_bytes+=count;
     slot->write_state.file_offset+=count;