From ff1f1ff093400d0ef2187119b0a97f0ac798b8d6 Mon Sep 17 00:00:00 2001
From: Jeremy Lakeman <Jeremy.Lakeman@gmail.com>
Date: Thu, 24 Oct 2013 11:43:03 +1030
Subject: [PATCH] Allow tag primitives to be used outside of keyring entries

---
 commandline.c |  4 ++--
 keyring.c     | 56 ++++++++++++++++++++++++++++++++++-----------------
 keyring.h     |  9 +++++----
 overlay_mdp.c |  9 +++++----
 tests/keyring |  2 ++
 5 files changed, 51 insertions(+), 29 deletions(-)

diff --git a/commandline.c b/commandline.c
index 88934b05..39a01c10 100644
--- a/commandline.c
+++ b/commandline.c
@@ -1975,8 +1975,8 @@ static void cli_output_identity(struct cli_context *context, const keyring_ident
 	{
 	  const char *name;
 	  const unsigned char *value;
-	  int length;
-	  if (keyring_unpack_tag(kp, &name, &value, &length)==0){
+	  size_t length;
+	  if (keyring_unpack_tag(kp->public_key, kp->public_key_len, &name, &value, &length)==0){
 	    cli_field_name(context, name, ":");
 	    cli_put_string(context, alloca_toprint_quoted(-1, value, length, NULL), "\n");
 	  }
diff --git a/keyring.c b/keyring.c
index 7dcdffd4..f64cab09 100644
--- a/keyring.c
+++ b/keyring.c
@@ -1493,29 +1493,45 @@ int keyring_find_did(const keyring_file *k, int *cn, int *in, int *kp, const cha
   return 0;
 }
 
-int keyring_unpack_tag(keypair *key, const char **name, const unsigned char **value, int *length)
+int keyring_unpack_tag(const unsigned char *packed, size_t packed_len, const char **name, const unsigned char **value, size_t *length)
 {
-  int i;
-  for (i=0;i<key->public_key_len-1;i++){
-    if (key->public_key[i]==0){
-      *name = (const char*)key->public_key;
-      *value = &key->public_key[i+1];
-      *length = key->public_key_len - (i+1);
+  size_t i;
+  for (i=0;i<packed_len-1;i++){
+    if (packed[i]==0){
+      *name = (const char*)packed;
+      if (value)
+	*value = &packed[i+1];
+      if (length)
+	*length = packed_len - (i+1);
       return 0;
     }
   }
   return WHY("Did not find NULL values in tag");
 }
 
-int keyring_set_public_tag(keyring_identity *id, const char *name, const unsigned char *value, int length)
+int keyring_pack_tag(unsigned char *packed, size_t *packed_len, const char *name, const unsigned char *value, size_t length)
+{
+  size_t name_len=strlen(name)+1;
+  if (packed && *packed_len <name_len+length)
+    return -1;
+  *packed_len=name_len+length;
+  if (packed){
+    bcopy(name, packed, name_len);
+    bcopy(value, &packed[name_len], length);
+  }
+  return 0;
+}
+
+int keyring_set_public_tag(keyring_identity *id, const char *name, const unsigned char *value, size_t length)
 {
   int i;
   for(i=0;i<id->keypair_count;i++){
     const char *tag_name;
     const unsigned char *tag_value;
-    int tag_length;
+    size_t tag_length;
     if (id->keypairs[i]->type==KEYTYPE_PUBLIC_TAG &&
-      keyring_unpack_tag(id->keypairs[i], &tag_name, &tag_value, &tag_length)==0 &&
+      keyring_unpack_tag(id->keypairs[i]->public_key, id->keypairs[i]->public_key_len, 
+	  &tag_name, &tag_value, &tag_length)==0 &&
       strcmp(tag_name, name)==0) {
       if (config.debug.keyring)
 	DEBUG("Found existing public tag");
@@ -1538,36 +1554,38 @@ int keyring_set_public_tag(keyring_identity *id, const char *name, const unsigne
   if (id->keypairs[i]->public_key)
     free(id->keypairs[i]->public_key);
   
-  int name_len=strlen(name)+1;
-  id->keypairs[i]->public_key_len = name_len+length;
+  if (keyring_pack_tag(NULL, &id->keypairs[i]->public_key_len, name, value, length))
+    return -1;
   id->keypairs[i]->public_key = emalloc(id->keypairs[i]->public_key_len);
   if (!id->keypairs[i]->public_key)
     return -1;
-  bcopy(name, id->keypairs[i]->public_key, name_len);
-  bcopy(value, &id->keypairs[i]->public_key[name_len], length);
+  if (keyring_pack_tag(id->keypairs[i]->public_key, &id->keypairs[i]->public_key_len, name, value, length))
+    return -1;
+  
   if (config.debug.keyring)
     dump("New tag", id->keypairs[i]->public_key, id->keypairs[i]->public_key_len);
   return 0;
 }
 
-int keyring_find_public_tag(const keyring_file *k, int *cn, int *in, int *kp, const char *name, const unsigned char **value, int *length)
+int keyring_find_public_tag(const keyring_file *k, int *cn, int *in, int *kp, const char *name, const unsigned char **value, size_t *length)
 {
   for(;keyring_next_keytype(k,cn,in,kp,KEYTYPE_PUBLIC_TAG);++(*kp)) {
     keypair *keypair=k->contexts[*cn]->identities[*in]->keypairs[*kp];
     const char *tag_name;
-    if (!keyring_unpack_tag(keypair, &tag_name, value, length) &&
+    if (!keyring_unpack_tag(keypair->public_key, keypair->public_key_len, &tag_name, value, length) &&
       strcmp(name, tag_name)==0){
       return 1;
     }
   }
-  *value=NULL;
+  if (value)
+    *value=NULL;
   return 0;
 }
 
-int keyring_find_public_tag_value(const keyring_file *k, int *cn, int *in, int *kp, const char *name, const unsigned char *value, int length)
+int keyring_find_public_tag_value(const keyring_file *k, int *cn, int *in, int *kp, const char *name, const unsigned char *value, size_t length)
 {
   const unsigned char *stored_value;
-  int stored_length;
+  size_t stored_length;
   for(;keyring_find_public_tag(k, cn, in, kp, name, &stored_value, &stored_length);++(*kp)) {
     if (stored_length == length && memcmp(value, stored_value, length)==0)
       return 1;
diff --git a/keyring.h b/keyring.h
index 86fe87fd..85492447 100644
--- a/keyring.h
+++ b/keyring.h
@@ -100,9 +100,10 @@ int keyring_mapping_request(keyring_file *k, struct overlay_frame *frame, overla
 int keyring_send_unlock(struct subscriber *subscriber);
 void keyring_release_subscriber(keyring_file *k, const sid_t *sid);
 
-int keyring_set_public_tag(keyring_identity *id, const char *name, const unsigned char *value, int length);
-int keyring_find_public_tag(const keyring_file *k, int *cn, int *in, int *kp, const char *name, const unsigned char **value, int *length);
-int keyring_find_public_tag_value(const keyring_file *k, int *cn, int *in, int *kp, const char *name, const unsigned char *value, int length);
-int keyring_unpack_tag(keypair *key, const char **name, const unsigned char **value, int *length);
+int keyring_set_public_tag(keyring_identity *id, const char *name, const unsigned char *value, size_t length);
+int keyring_find_public_tag(const keyring_file *k, int *cn, int *in, int *kp, const char *name, const unsigned char **value, size_t *length);
+int keyring_find_public_tag_value(const keyring_file *k, int *cn, int *in, int *kp, const char *name, const unsigned char *value, size_t length);
+int keyring_unpack_tag(const unsigned char *packed, size_t packed_len, const char **name, const unsigned char **value, size_t *length);
+int keyring_pack_tag(unsigned char *packed, size_t *packed_len, const char *name, const unsigned char *value, size_t length);
 
 #endif // __SERVALD_KEYRING_H
diff --git a/overlay_mdp.c b/overlay_mdp.c
index a7ff340d..d5dfccf2 100644
--- a/overlay_mdp.c
+++ b/overlay_mdp.c
@@ -964,7 +964,7 @@ static int mdp_reply2(const struct mdp_client *client, const struct mdp_header *
 #define mdp_reply_ok(A,B)  mdp_reply2(A,B,MDP_FLAG_OK,NULL,0)
 
 static int mdp_process_identity_request(struct mdp_client *client, struct mdp_header *header, 
-  const unsigned char *payload, int payload_len)
+  const unsigned char *payload, size_t payload_len)
 {
   if (payload_len<sizeof(struct mdp_identity_request)){
     mdp_reply_error(client, header);
@@ -980,7 +980,7 @@ static int mdp_process_identity_request(struct mdp_client *client, struct mdp_he
 	case TYPE_PIN:
 	  {
 	    const char *pin = (char *)payload;
-	    int ofs=0;
+	    size_t ofs=0;
 	    while(ofs < payload_len){
 	      if (!payload[ofs++]){
 		int cn, in;
@@ -1019,7 +1019,7 @@ static int mdp_process_identity_request(struct mdp_client *client, struct mdp_he
 	}
 	int unlock_count=0;
 	const char *pin = (char *)payload;
-	int ofs=0;
+	size_t ofs=0;
 	while(ofs < payload_len){
 	  if (!payload[ofs++]){
 	    unlock_count += keyring_enter_pin(keyring, pin);
@@ -1057,11 +1057,12 @@ static void mdp_poll2(struct sched_ent *alarm)
     struct mdp_header *header = (struct mdp_header *)buffer;
     
     unsigned char *payload = &buffer[sizeof(struct mdp_header)];
-    int payload_len = len - sizeof(struct mdp_header);
+    size_t payload_len = len - sizeof(struct mdp_header);
     
     if (is_sid_t_any(header->remote.sid)){
       // process local commands
       switch(header->remote.port){
+	// lock and unlock identities
 	case MDP_IDENTITY:
 	  if (config.debug.mdprequests)
 	    DEBUGF("Processing MDP_IDENTITY from %s", alloca_sockaddr(client.addr, client.addrlen));
diff --git a/tests/keyring b/tests/keyring
index 7c6d438b..475fa8ea 100755
--- a/tests/keyring
+++ b/tests/keyring
@@ -91,6 +91,8 @@ test_SetTag() {
     assertStdoutGrep --matches=1 "^tag1:Third Value\$"
     assertStdoutGrep --matches=1 "^tag2:Second Value\$"
     assertStdoutLineCount '==' 3
+    executeOk_servald keyring dump --secret
+    tfw_cat --stdout
 }
 
 doc_Pinless="No keyring PIN with PIN-less identities"