ExternalVendorCode/serval-dna
1
0
Fork 0
mirror of https://github.com/servalproject/serval-dna.git synced 2024-12-19 05:07:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

instrumented various rhizome functions.

Browse Source
This commit is contained in:
gardners 2012-06-26 16:02:49 +09:30
parent 19f7e32ba7
commit e542b41746
2 changed files with 53 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
rhizome_crypto.c
View File

@ -87,21 +87,22 @@ int rhizome_bk_xor(const unsigned char *authorSid, // binary
unsigned char bkin[crypto_sign_edwards25519sha512batch_SECRETKEYBYTES],
unsigned char bkout[crypto_sign_edwards25519sha512batch_SECRETKEYBYTES])
{
IN();
if (crypto_sign_edwards25519sha512batch_SECRETKEYBYTES > crypto_hash_sha512_BYTES)
return WHY("BK needs to be longer than it can be");
{ RETURN(WHY("BK needs to be longer than it can be")); }
int cn=0,in=0,kp=0;
if (!keyring_find_sid(keyring,&cn,&in,&kp,authorSid)) {
if (debug & DEBUG_RHIZOME) DEBUG("identity not in keyring");
return 1;
{ RETURN(1); }
}
kp = keyring_identity_find_keytype(keyring, cn, in, KEYTYPE_RHIZOME);
if (kp == -1) {
if (debug & DEBUG_RHIZOME) DEBUG("identity has no Rhizome Secret");
return 2;
RETURN(2);
}
int rs_len=keyring->contexts[cn]->identities[in]->keypairs[kp]->private_key_len;
if (rs_len<16||rs_len>1024)
return WHYF("invalid Rhizome Secret: length=%d", rs_len);
{ RETURN(WHYF("invalid Rhizome Secret: length=%d", rs_len)); }
unsigned char *rs=keyring->contexts[cn]->identities[in]->keypairs[kp]->private_key;
int combined_len=rs_len+crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES;
unsigned char buffer[combined_len];
@ -114,7 +115,7 @@ int rhizome_bk_xor(const unsigned char *authorSid, // binary
bkout[i]=bkin[i]^hash[i];
bzero(&buffer[0],combined_len);
bzero(&hash[0],crypto_hash_sha512_BYTES);
return 0;
RETURN(0);
}
/* See if the manifest has a BK entry, and if so, use it to obtain the
@ -131,18 +132,20 @@ int rhizome_bk_xor(const unsigned char *authorSid, // binary
*/
int rhizome_extract_privatekey(rhizome_manifest *m, const unsigned char *authorSid)
{
IN();
char desc[1024];
char *bk = rhizome_manifest_get(m, "BK", NULL, 0);
if (!bk) return WHY("missing BK field");
if (!bk) { RETURN(WHY("missing BK field")); }
unsigned char bkBytes[RHIZOME_BUNDLE_KEY_BYTES];
if (fromhexstr(bkBytes, bk, RHIZOME_BUNDLE_KEY_BYTES) == -1)
return WHYF("invalid BK field: %s", bk);
{ RETURN(WHYF("invalid BK field: %s", bk)); }
switch (rhizome_bk_xor(authorSid, m->cryptoSignPublic, bkBytes, m->cryptoSignSecret)) {
case -1:
return WHY("rhizome_bk_xor() failed");
RETURN(WHY("rhizome_bk_xor() failed"));
case 0:
return rhizome_verify_bundle_privatekey(m);
RETURN(rhizome_verify_bundle_privatekey(m));
}
return WHYF("Rhizome secret for %s not found. (Have you unlocked the identity?)", alloca_tohex_sid(authorSid));
RETURN(WHYF("Rhizome secret for %s not found. (Have you unlocked the identity?)", alloca_tohex_sid(authorSid)));
}
/*
@ -155,14 +158,15 @@ int rhizome_extract_privatekey(rhizome_manifest *m, const unsigned char *authorS
*/
int rhizome_is_self_signed(rhizome_manifest *m)
{
IN();
char *bk = rhizome_manifest_get(m, "BK", NULL, 0);
if (!bk) {
if (debug & DEBUG_RHIZOME) DEBUGF("missing BK field");
return 1;
RETURN(1);
}
unsigned char bkBytes[RHIZOME_BUNDLE_KEY_BYTES];
if (fromhexstr(bkBytes, bk, RHIZOME_BUNDLE_KEY_BYTES) == -1)
return WHYF("invalid BK field: %s", bk);
{ RETURN(WHYF("invalid BK field: %s", bk)); }
int cn = 0, in = 0, kp = 0;
for (; keyring_next_identity(keyring, &cn, &in, &kp); ++kp) {
const unsigned char *authorSid = keyring->contexts[cn]->identities[in]->keypairs[kp]->public_key;
@ -171,15 +175,15 @@ int rhizome_is_self_signed(rhizome_manifest *m)
if (rkp != -1) {
switch (rhizome_bk_xor(authorSid, m->cryptoSignPublic, bkBytes, m->cryptoSignSecret)) {
case -1:
return WHY("rhizome_bk_xor() failed");
RETURN(WHY("rhizome_bk_xor() failed"));
case 0:
if (rhizome_verify_bundle_privatekey(m) == 0)
return 0; // bingo
RETURN(0); // bingo
break;
}
}
}
return 2; // not self signed
RETURN(2); // not self signed
}
/* Verify the validity of the manifest's sccret key.
@ -189,6 +193,7 @@ int rhizome_is_self_signed(rhizome_manifest *m)
*/
int rhizome_verify_bundle_privatekey(rhizome_manifest *m)
{
IN();
#ifdef HAVE_CRYPTO_SIGN_NACL_GE25519_H
# include "crypto_sign_edwards25519sha512batch_ref/ge25519.h"
#else
@ -207,31 +212,32 @@ int rhizome_verify_bundle_privatekey(rhizome_manifest *m)
bzero(&scsk,sizeof(scsk));
if (memcmp(pk, m->cryptoSignPublic, crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES) == 0) {
m->haveSecret = 1;
return 0; // valid
RETURN(0); // valid
}
m->haveSecret = 0;
if (debug & DEBUG_RHIZOME) {
DEBUGF(" stored public key = %s*", alloca_tohex(m->cryptoSignPublic, 8));
DEBUGF("computed public key = %s*", alloca_tohex(pk, 8));
}
return 1; // invalid
RETURN(1); // invalid
#else //!ge25519
/* XXX Need to test key by signing and testing signature validity. */
/* For the time being barf so that the caller does not think we have a validated BK
when in fact we do not. */
m->haveSecret=0;
return WHY("ge25519 function not available");
RETURN(WHY("ge25519 function not available"));
#endif //!ge25519
}
rhizome_signature *rhizome_sign_hash(rhizome_manifest *m, const unsigned char *authorSid)
{
IN();
unsigned char *hash=m->manifesthash;
unsigned char *publicKeyBytes=m->cryptoSignPublic;
if (!m->haveSecret && rhizome_extract_privatekey(m, authorSid)) {
WHY("Cannot find secret key to sign manifest data.");
return NULL;
RETURN(NULL);
}
/* Signature is formed by running crypto_sign_edwards25519sha512batch() on the
@ -245,7 +251,7 @@ rhizome_signature *rhizome_sign_hash(rhizome_manifest *m, const unsigned char *a
&hash[0],mLen,m->cryptoSignSecret);
if (r) {
WHY("crypto_sign() failed.");
return NULL;
RETURN(NULL);
}
rhizome_signature *out=calloc(sizeof(rhizome_signature),1);
@ -261,23 +267,24 @@ rhizome_signature *rhizome_sign_hash(rhizome_manifest *m, const unsigned char *a
out->signature[0]=out->signatureLength;
return out;
RETURN(out);
}
int rhizome_manifest_extract_signature(rhizome_manifest *m,int *ofs)
{
IN();
unsigned char sigBuf[256];
unsigned char verifyBuf[256];
unsigned char publicKey[256];
if (!m) return WHY("NULL pointer passed in as manifest");
if (!m) { RETURN(WHY("NULL pointer passed in as manifest")); }
if ((*ofs)>=m->manifest_all_bytes) return 0;
if ((*ofs)>=m->manifest_all_bytes) { RETURN(0); }
int len=m->manifestdata[*ofs];
if (!len) {
(*ofs)=m->manifest_bytes;
m->errors++;
return WHY("Zero byte signature blocks are not allowed, assuming signature section corrupt.");
RETURN(WHY("Zero byte signature blocks are not allowed, assuming signature section corrupt."));
}
/* Each signature type is required to have a different length to detect it.
@ -301,7 +308,7 @@ int rhizome_manifest_extract_signature(rhizome_manifest *m,int *ofs)
if (r) {
(*ofs)+=len;
m->errors++;
return WHY("Error in signature block (verification failed).");
RETURN(WHY("Error in signature block (verification failed)."));
} else {
/* Signature block passes, so add to list of signatures */
m->signatureTypes[m->sig_count]=len;
@ -309,7 +316,7 @@ int rhizome_manifest_extract_signature(rhizome_manifest *m,int *ofs)
=malloc(crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES);
if(!m->signatories[m->sig_count]) {
(*ofs)+=len;
return WHY("malloc() failed when reading signature block");
RETURN(WHY("malloc() failed when reading signature block"));
}
bcopy(&publicKey[0],m->signatories[m->sig_count],
crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES);
@ -320,7 +327,7 @@ int rhizome_manifest_extract_signature(rhizome_manifest *m,int *ofs)
default:
(*ofs)+=len;
m->errors++;
return WHY("Encountered illegal or malformed signature block");
RETURN(WHY("Encountered illegal or malformed signature block"));
}
else
{
@ -330,5 +337,5 @@ int rhizome_manifest_extract_signature(rhizome_manifest *m,int *ofs)
}
(*ofs)+=len;
return 0;
RETURN(0);
}

34
rhizome_packetformats.c
View File

@ -23,6 +23,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
int rhizome_manifest_to_bar(rhizome_manifest *m,unsigned char *bar)
{
IN();
/* BAR = Bundle Advertisement Record.
Basically a 32byte precis of a given manifest, that includes version, time-to-live
and geographic bounding box information that is used to help manage flooding of
@ -38,7 +39,7 @@ int rhizome_manifest_to_bar(rhizome_manifest *m,unsigned char *bar)
16 bits - max longitude (-180 - +180).
*/
if (!m) return WHY("null manifest passed in");
if (!m) { RETURN(WHY("null manifest passed in")); }
int i;
@ -66,13 +67,14 @@ int rhizome_manifest_to_bar(rhizome_manifest *m,unsigned char *bar)
v=(maxLat+90)*(65535/180); bar[28]=(v>>8)&0xff; bar[29]=(v>>0)&0xff;
v=(maxLong+180)*(65535/360); bar[30]=(v>>8)&0xff; bar[31]=(v>>0)&0xff;
return 0;
RETURN(0);
}
int bundles_available=-1;
int bundle_offset[2]={0,0};
int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
{
IN();
int voice_mode=0;
/* behave differently during voice mode.
@ -87,7 +89,7 @@ int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
*/
long long now=overlay_gettime_ms();
if (now<rhizome_voice_timeout) voice_mode=1;
if (voice_mode) if (random()&3) return 0;
if (voice_mode) if (random()&3) { RETURN(0); }
int pass;
int bytes=e->sizeLimit-e->length;
@ -99,12 +101,12 @@ int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
int bytes_available=bytes-overhead-1 /* one byte held for expanding RFS */;
int bundles_advertised=0;
if (slots<1) return WHY("No room for node advertisements");
if (slots<1) { RETURN(WHY("No room for node advertisements")); }
if (!rhizome_db) return WHY("Rhizome not enabled");
if (!rhizome_db) { RETURN(WHY("Rhizome not enabled")); }
if (ob_append_byte(e,OF_TYPE_RHIZOME_ADVERT))
return WHY("could not add rhizome bundle advertisement header");
{ RETURN(WHY("could not add rhizome bundle advertisement header")); }
ob_append_byte(e,1); /* TTL */
int rfs_offset=e->length; /* remember where the RFS byte gets stored
so that we can patch it later */
@ -141,7 +143,7 @@ int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
/* Get number of bundles available if required */
long long tmp = 0;
if (sqlite_exec_int64(&tmp, "SELECT COUNT(BAR) FROM MANIFESTS;") != 1)
return WHY("Could not count BARs for advertisement");
{ RETURN(WHY("Could not count BARs for advertisement")); }
bundles_available = (int) tmp;
if (bundles_available==-1||(bundle_offset[0]>=bundles_available))
bundle_offset[0]=0;
@ -177,7 +179,7 @@ int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
sqlite3_close(rhizome_db); rhizome_db=NULL;
WHY(query);
WHY(sqlite3_errmsg(rhizome_db));
return WHY("Could not prepare sql statement for fetching BARs for advertisement.");
RETURN(WHY("Could not prepare sql statement for fetching BARs for advertisement."));
}
while((bytes_used<bytes_available)&&(sqlite3_step(statement)==SQLITE_ROW)&&
(e->length+RHIZOME_BAR_BYTES<=e->sizeLimit))
@ -316,12 +318,13 @@ int overlay_rhizome_add_advertisements(int interface_number,overlay_buffer *e)
e->length++;
}
return 0;
RETURN(0);
}
int overlay_rhizome_saw_advertisements(int i,overlay_frame *f, long long now)
{
if (!f) return -1;
IN();
if (!f) { RETURN(-1); }
int ofs=0;
int ad_frame_type=f->payload->bytes[ofs++];
int manifest_length;
@ -354,19 +357,19 @@ int overlay_rhizome_saw_advertisements(int i,overlay_frame *f, long long now)
m = rhizome_new_manifest();
if (!m) {
WHY("Out of manifests");
return 0;
RETURN(0);
}
if (rhizome_read_manifest_file(m, (char *)&f->payload->bytes[ofs],
manifest_length) == -1) {
WHY("Error importing manifest body");
rhizome_manifest_free(m);
return 0;
RETURN(0);
}
char manifest_id_prefix[RHIZOME_MANIFEST_ID_STRLEN + 1];
if (rhizome_manifest_get(m, "id", manifest_id_prefix, sizeof manifest_id_prefix) == NULL) {
WHY("Manifest does not contain 'id' field");
rhizome_manifest_free(m);
return 0;
RETURN(0);
}
/* trim manifest ID to a prefix for ease of debugging
(that is the only use of this */
@ -385,7 +388,7 @@ int overlay_rhizome_saw_advertisements(int i,overlay_frame *f, long long now)
offering the same manifest */
WARN("Ignoring manifest announcment with no signature");
rhizome_manifest_free(m);
return 0;
RETURN(0);
}
int importManifest=0;
if (rhizome_ignore_manifest_check(m,(struct sockaddr_in *)f->recvaddr))
@ -448,6 +451,5 @@ int overlay_rhizome_saw_advertisements(int i,overlay_frame *f, long long now)
ofs+=manifest_length;
}
}
return 0;
RETURN(0);
}