1
0

Sign_admin.c 5.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128
  1. /* vim: set expandtab ts=4 sw=4: */
  2. /*
  3. * You may redistribute this program and/or modify it under the terms of
  4. * the GNU General Public License as published by the Free Software Foundation,
  5. * either version 3 of the License, or (at your option) any later version.
  6. *
  7. * This program is distributed in the hope that it will be useful,
  8. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  9. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  10. * GNU General Public License for more details.
  11. *
  12. * You should have received a copy of the GNU General Public License
  13. * along with this program. If not, see <https://www.gnu.org/licenses/>.
  14. */
  15. #include "crypto/Sign_admin.h"
  16. #include "admin/Admin.h"
  17. #include "benc/String.h"
  18. #include "crypto/Key.h"
  19. #include "crypto/Sign.h"
  20. #include "dht/Address.h"
  21. #include "memory/Allocator.h"
  22. #include "util/Base32.h"
  23. #include "util/Identity.h"
  24. #include "wire/Message.h"
  25. struct Context {
  26. uint8_t signingKeypair[64];
  27. uint8_t pubSigningKey[64];
  28. struct Random* rand;
  29. struct Allocator* alloc;
  30. struct Admin* admin;
  31. Identity
  32. };
  33. static void checkSig(Dict* args, void* vctx, String* txid, struct Allocator* requestAlloc)
  34. {
  35. struct Context* ctx = Identity_check((struct Context*) vctx);
  36. String* msgHash = Dict_getStringC(args, "msgHash");
  37. String* signature = Dict_getStringC(args, "signature");
  38. Dict* out = Dict_new(requestAlloc);
  39. uint8_t publicSigningKey[32];
  40. uint8_t sigBytes[64];
  41. char* underscore = CString_strchr(signature->bytes, '_');
  42. if (msgHash->len > 64) {
  43. Dict_putStringCC(out, "error", "msgHash too long, max 64 bytes", requestAlloc);
  44. } else if (underscore == NULL) {
  45. Dict_putStringCC(out, "error",
  46. "malformed signature, missing separator", requestAlloc);
  47. } else if (Base32_decode(
  48. publicSigningKey, 32, signature->bytes, (int)(underscore - signature->bytes)) != 32)
  49. {
  50. Dict_putStringCC(out, "error",
  51. "malformed signature, failed to decode pubkey", requestAlloc);
  52. } else if (Base32_decode(
  53. sigBytes, 64, &underscore[1], CString_strlen(&underscore[1])) != 64)
  54. {
  55. Dict_putStringCC(out, "error",
  56. "malformed signature, failed to decode signature", requestAlloc);
  57. } else {
  58. Message_t* msg = Message_new(0, msgHash->len + 64, requestAlloc);
  59. Err_assert(Message_epush(msg, msgHash->bytes, msgHash->len));
  60. Err_assert(Message_epush(msg, sigBytes, 64));
  61. uint8_t curve25519key[32];
  62. if (Sign_verifyMsg(publicSigningKey, msg)) {
  63. Dict_putStringCC(out, "error", "invalid signature", requestAlloc);
  64. } else if (Sign_publicSigningKeyToCurve25519(curve25519key, publicSigningKey)) {
  65. Dict_putStringCC(out, "error", "not a valid curve25519 key", requestAlloc);
  66. } else {
  67. struct Address addr = {0};
  68. Address_forKey(&addr, curve25519key);
  69. uint8_t ipv6[40];
  70. Address_printIp(ipv6, &addr);
  71. String* k = Key_stringify(curve25519key, requestAlloc);
  72. Dict_putStringC(out, "pubkey", k, requestAlloc);
  73. Dict_putStringCC(out, "ipv6", ipv6, requestAlloc);
  74. Dict_putStringCC(out, "error", "none", requestAlloc);
  75. }
  76. }
  77. Admin_sendMessage(out, txid, ctx->admin);
  78. }
  79. static void sign(Dict* args, void* vctx, String* txid, struct Allocator* requestAlloc)
  80. {
  81. struct Context* ctx = Identity_check((struct Context*) vctx);
  82. String* msgHash = Dict_getStringC(args, "msgHash");
  83. Dict* out = Dict_new(requestAlloc);
  84. if (msgHash->len > 64) {
  85. Dict_putStringCC(out, "error", "msgHash too long, max 64 bytes", requestAlloc);
  86. } else {
  87. Message_t* msg = Message_new(0, msgHash->len + 64, requestAlloc);
  88. Err_assert(Message_epush(msg, msgHash->bytes, msgHash->len));
  89. Sign_signMsg(ctx->signingKeypair, msg, ctx->rand);
  90. uint8_t signB64[128];
  91. Assert_true(Base32_encode(signB64, 128, Message_bytes(msg), 64) > 0);
  92. String* sig = String_printf(requestAlloc, "%s_%s", ctx->pubSigningKey, signB64);
  93. Dict_putStringC(out, "signature", sig, requestAlloc);
  94. Dict_putStringCC(out, "error", "none", requestAlloc);
  95. }
  96. Admin_sendMessage(out, txid, ctx->admin);
  97. }
  98. void Sign_admin_register(uint8_t* privateKey,
  99. struct Admin* admin,
  100. struct Random* rand,
  101. struct Allocator* alloc)
  102. {
  103. struct Context* ctx = Allocator_calloc(alloc, sizeof(struct Context), 1);
  104. Sign_signingKeyPairFromCurve25519(ctx->signingKeypair, privateKey);
  105. uint8_t sPubKey[32];
  106. Sign_publicKeyFromKeyPair(sPubKey, ctx->signingKeypair);
  107. Assert_true(Base32_encode(ctx->pubSigningKey, 64, sPubKey, 32) > 0);
  108. ctx->alloc = alloc;
  109. ctx->rand = rand;
  110. ctx->admin = admin;
  111. Identity_set(ctx);
  112. Admin_registerFunction("Sign_checkSig", checkSig, ctx, false,
  113. ((struct Admin_FunctionArg[]) {
  114. { .name = "msgHash", .required = true, .type = "String" },
  115. { .name = "signature", .required = true, .type = "String" },
  116. }), admin);
  117. Admin_registerFunction("Sign_sign", sign, ctx, true,
  118. ((struct Admin_FunctionArg[]) {
  119. { .name = "msgHash", .required = true, .type = "String" },
  120. }), admin);
  121. }