Commit Graph

89 Commits

Author SHA1 Message Date
Andrew Bettison
cf43635789 Improve Rhizome HTTP RESTful interface
Add RHIZOME_BUNDLE_STATUS_READONLY enum value

Tighten up switch statements on bundle and payload status enums (no
default labels)

Rename some recently added enum entries

Return bundle status and payload status in HTTP responses

Add test for failing to decrypt a foreign encrypted bundle payload,
fix bug that caused an assertion failure

Add tests for fetching a non-existent manifest and fetching bundles
whose payload blob is not in the store
2014-07-10 06:29:51 +09:30
Andrew Bettison
00dc3bf27e Fix Rhizome manifest parsing bug
If an over-large manifest was supplied, signature extraction went
into a tight loop
2014-04-29 15:08:02 +09:30
Jeremy Lakeman
1a543484bd Fix rhizome key generation for meshms 2014-01-22 15:51:06 +10:30
Andrew Bettison
aa3497df4f Refactor rhizome_crypt_xor_block() and add debug 2013-12-30 16:30:43 +10:30
Andrew Bettison
72040517e1 New enum rhizome_payload_status
Refactor a lot of Rhizome bundle storage code to use the new "enum
rhizome_payload_status" instead of mysterious int values to represent
the outcome of the operation.
2013-12-30 16:30:35 +10:30
Andrew Bettison
8a1ce7f373 Use manifest 'has_id' consistently 2013-12-20 11:29:26 +10:30
Andrew Bettison
476a538ef7 Fix -Wsign-compare warnings in keyring: unsigned cn,in,kp 2013-12-10 16:34:35 +10:30
Andrew Bettison
30b2059608 Fix -Wunused-parameter warnings
New UNUSED(param) macro suppresses the warning for a specific parameter

In some cases, removed the unused parameters.  In others, used the
parameter in a DEBUGF() or assert() statement to document the intent.
2013-12-09 18:22:18 +10:30
Jeremy Lakeman
b63f1f0114 Fix formatting issues 2013-12-06 12:10:08 +10:30
Andrew Bettison
8db5f9c14a Merge branch 'anyservice' into 'development'
Allows any valid "service" manifest field in the "rhizome add file"
command

Many improvements in Rhizome manifest parsing; stricter manifest syntax
rules (no comment or blank lines, field names must be alphanumeric
identifiers), faster preliminary manifest inspection when receiving
manifest advertisements or syncing manifests

The 'development' branch introduces "struct socket_address" which
coincidentally fixed the recently encountered Linux kernel 3.12
recvmsg(2) EINVAL problem, so that 'rhizomeprotocol' tests which fail on
the 'anyservice' branch will pass after this merge
2013-12-01 05:44:01 +10:30
Andrew Bettison
0dd1b302b5 Rewrite Rhizome manifest parsing
Move validation checks into new function rhizome_manifest_validate()

Remove rhizome_manifest 'errors' field

Replace rhizome_manifest 'warnings' with 'malformed'

Replace rhizome_manifest 'manifest_bytes' with 'manifest_body_bytes' and
refactor to use 'manifest_all_bytes' in all manifest i/o

Refactor rhizome_manifest_verify() and reverse sense of return value to
match rhizome_manifest_validate()

New function rhizome_manifest_inspect() -- lightweight manifest parser
used when receiving Rhizome advertisements

New 'rhizomeops' test case for invalid manifest "service" field values,
now passes
2013-12-01 05:13:34 +10:30
Jeremy Lakeman
99d5d9fa1f Refactor dataformats into separate header 2013-11-27 13:11:42 +10:30
Andrew Bettison
973bb9c897 Merge branch 'naf4' into 'development' 2013-11-13 17:59:01 +10:30
Jeremy Lakeman
4434b1b65d Create keyring.h and move definitions there 2013-11-13 11:55:12 +10:30
Andrew Bettison
13634f8748 Add ROWID field to struct rhizome_manifest
New ".rowid" output field from rhizome add, import, extract, export
operations.  (Also added missing ".inserttime" and "date" fields to
some operations.)

Use new "rhizome add file" .rowid output field to check output of of
/restful/rhizome/bundlelist.json
2013-11-11 18:18:08 +10:30
Andrew Bettison
45442d3eb4 Rewrite bundle author authentication
Replaced 'int has_author' manifest element with new 'enum authorship'
element to record the result of author authentication, to avoid
repeating expensive crypto operations.

Separated the handling of bundle secret arguments from author lookup and
authentication.  The new rhizome_apply_bundle_secret(m,bsk) is now
called at the top level to set the manifest secret key (if it
validates), and thereafter there is no need to pass the 'bsk' argument
to any other functions, as they can simply check the 'haveSecret' field
of the manifest.

Removed rhizome_extract_privatekey() which combined author lookup and
bundle secret validation, and replaced it with functions that only deal
with the author: rhizome_lookup_author() and rhizome_authenticate_author().

Renamed other functions to make their purpose and effect clearer.

Formalised the semantics of only storing AUTHENTICATED author SIDs in
the 'author' column of the MANIFESTS table, which necessitated a change
to a 'rhizomeops' test case: when adding a file using a BK-less
manifest, the author column is set to null, so the Rhizome list output
does not show the bundle as ".fromhere" and does not give an author for
that bundle.
2013-11-06 23:58:17 +10:30
Andrew Bettison
bacba19dc1 Refactor manifest: specific setter functions
Replace generic rhizome_manifest_set() and rhizome_manifest_set_ll()
with per-field setter functions, eg, rhizome_manifest_set_filesize().
Struct rhizome_manifest elements for all known fields, to replace the
use of rhizome_manifest_get() and rhizome_manifest_get_ll() everywhere:
sender, recipient, service, name, date, bundle_key.

Add boolean validity flags for binary blob types, to avoid having to compare
with many bytes of all-zero to detect presence, eg, has_sender, has_recipient,
has_author, has_bundle_key.  These maintained by the setter functions.

Rename existing manifest struct elements to be the same as their field
names: fileLength -> filesize, journalTail -> tail.

More use of unsigned int, size_t and uint64_t for payload sizes, offsets, byte
counts, etc. especially in rhizome_store.c and meshms.c.  More uniform use of
size_t to dimension memory buffers.  Fix some printf(3) style format strings
for 64-bit correctness on 32-bit systems.  Use new constant RHIZOME_SIZE_UNSET
instead of -1 to indicate unknown dimension, and explicitly assert its absence
before comparisons and arithmetic, for safety.

Replace some 'int' loop variables with 'unsigned' where appropriate.

Fix bugs discovered in MeshMS bundle private/public key generation and
bundle secret key handling for export/extract commands.

Instrument the first MeshMS test case to aid debugging.

New debug config flag: debug.manifest logs all modifications to all manifest
fields by setter functions.

Rename debug config flag: debug.rhizome_bind -> debug.rhizome_sql_bind.
2013-11-04 19:17:49 +10:30
Andrew Bettison
c2b78f7b29 Refactor manifest: replace int with unsigned 2013-10-30 14:14:38 +10:30
Andrew Bettison
416b82b6c0 Refactor manifest: change haveSecret to enum 2013-10-30 13:14:26 +10:30
Andrew Bettison
48921802f5 Use size_t in Rhizome store functions 2013-10-25 00:20:53 +10:30
Andrew Bettison
a95ef79139 Use sid_t everywhere
Remove stowSid() at last

Change API of tohex() and strbuf_tohex(), to pass string length instead of
binary byte count.  This allows odd numbers of hex digits to be produced.

Remove alloca_tohex_sid(); replace with alloca_tohex_sid_t()

New alloca_tohex_sid_t_trunc() macro
2013-10-09 18:54:21 +10:30
Andrew Bettison
7b427d48ee A few more uses of rhizome_bid_t
Now the TEXT_TOUPPER SQL bind action is only used for filehash hex
strings; all Bundle ID parameters are bound using RHIZOME_BID_T.
2013-10-04 04:50:37 +09:30
Andrew Bettison
ab31420faf rhizome_bid_t
Consistent type for internal binary representation of Rhizome Bundle ID
(aka Manifest ID)
2013-10-03 23:16:45 +09:30
Andrew Bettison
7e3a552011 Issue #69: refactor all Rhizome SQL queries to use binding
Remove all uses of sprintf(3) and its ilk to form SQL query commands.
Use the new sqlite_bind() and sqlite_prepare_bind() functions instead.
2013-10-03 15:15:30 +09:30
Andrew Bettison
06d7620314 Add "rhizome add file" --force-new option
Overrides the default behaviour of de-duplicating added manifests

New 'rhizomeops' test case: AddForceDuplicate
2013-09-30 16:48:18 +09:30
Jeremy Lakeman
5383b5e3be Fix signature verification cache 2013-09-24 14:34:51 +09:30
Jeremy Lakeman
e98592a7c1 Don't update the database author if we already know it 2013-08-27 15:11:56 +09:30
Jeremy Lakeman
94381bab49 Fix non-journal, non-block based payload encryption 2013-07-26 15:13:22 +09:30
Jeremy Lakeman
7634e1fcfb Add command to mark messages as read 2013-07-26 14:36:11 +09:30
Jeremy Lakeman
0c237db66a Add API to create bundles with deterministic ID's 2013-07-25 14:46:34 +09:30
Jeremy Lakeman
422671c906 Add API to generate public key from private key 2013-07-25 14:40:59 +09:30
Jeremy Lakeman
6dc5fde6b6 Fix xor encryption for journal bundles and unaligned read/write ops 2013-07-19 22:26:37 +09:30
Jeremy Lakeman
ef583bdfaa Fix meaning of rhizome crypto debug message 2013-06-27 16:50:58 +09:30
gardners
2252fdcaa7 created tool for automatically finding IN()s without matching
OUT()s or where return() is used instead of RETURN().
Added OUT() to end of all functions using IN() that lacked it to
make it easier to statically analyse this invariant.
Fixed several return instead of RETURNs detected through use of
this tool. #49
2013-02-20 16:18:56 +10:30
gardners
80168e3530 Improve debug logging
- add debug.trace to help track down segfaults
- warn about alarms without names (which are then hard to track down).
2013-02-20 15:36:30 +10:30
Jeremy Lakeman
b47d27dfe6 Log an error when a bundle secret can't be verified 2013-01-11 14:29:41 +10:30
Jeremy Lakeman
fd96c5bd76 Add bsk to correct command 2013-01-04 12:01:39 +10:30
Jeremy Lakeman
28a05baa54 Enable encryption of rhizome payloads 2013-01-03 16:12:24 +10:30
Jeremy Lakeman
dc43b83c80 Tidy up rhizome secret handling to improve reusability 2013-01-03 12:14:13 +10:30
Jeremy Lakeman
2967d1e00f Don't check for duplicates if an existing id has been supplied 2013-01-03 11:18:30 +10:30
Jeremy Lakeman
66deb575d3 Add offset to nonce instead of replacing byte values 2013-01-02 15:05:22 +10:30
Jeremy Lakeman
6c7ba438a3 Refactor rhizome extract manifest into more useful methods 2013-01-02 11:15:03 +10:30
Jeremy Lakeman
72bc597e92 Add encryption support to writing of rhizome content 2012-12-27 09:39:10 +10:30
Andrew Bettison
5985df751d Overhaul debug flags
Replace debugflags_t and DEBUG_XXX bit masks with config schema "debug.xxx"
entries.

No more support for "debug.all".
2012-12-11 15:59:46 +10:30
Jeremy Lakeman
6599835331 Squelch debug log message 2012-11-16 13:20:32 +10:30
Andrew Bettison
4450116472 Refactor string functions, add str_fromprint()
Move lots of non-Serval-specific string functions from "serval.h"/dataformats.c
to "str.h"/str.c.

Add str_fromprint() function that reverses the effect of toprint(): interprets
escape sequences in the source string "\n\t\r\0\xHH\\" and replaces them with a
single char in the destination string.
2012-11-07 16:42:45 +10:30
gardners
b23b28b16d Changed rhizome manifest signature block type code semantics to
allow signature blocks of 256 bytes, and to allow multiple
signature types with same length. #34
2012-10-29 16:07:42 +10:30
gardners
a40fcfec66 cleaned up NaCl build to just compile using make. #17 2012-10-18 17:26:52 +10:30
gardners
55c9cff8cd added code to replace old-format SAS with new crypto_sign implementation
type on next use (so that people upgrading automatically get a new valid
SAS instead of continuing to try to use an invalid one -- this is only
a reasonable course of action since we have made no formal releases of
the code). #17
2012-10-18 17:26:49 +10:30
gardners
499c4018bf Imported ref10/ implementation of crypto_sign from supercop-20120525
as recommended a while back by Dan Bernstein as offering the fastest
implementation of the crypto_sign() primitives for ARM.
Indeed this implementation IS faster. See comparison below for a
Rock 500 handset (800MHz(?) ARM6, no NEON):

Original ref/ implementation on an R500 stock rom (non-rooted)::
mean signature generation time = 96.80ms
mean signature verification time = 272.20ms

ref10/ implementations on an R500 stock rom (non-rooted):
mean signature generation time = 4.00ms
mean signature verification time = 13.00ms

Approximately 20x speed up, just like that :)
2012-10-18 17:26:48 +10:30