Beispiel #1
0
int serval_verify_client(const char *sid_str,
	   const size_t sid_len,
	   const unsigned char *msg,
	   const size_t msg_len,
	   const char *sig,
	   const size_t sig_len,
 	   const char *keyring_path,
 	   const size_t keyring_len) {
  
  int verdict = 0;
  char sas_str[2*SAS_SIZE+1] = {0};
  unsigned char packedSid[SID_SIZE] = {0};
  
  CHECK(sid_len == 2*SID_SIZE,"Invalid SID length");
  CHECK(sig_len == 2*SIGNATURE_BYTES,"Invalid signature length");
  
  CHECK(str_is_subscriber_id(sid_str) != 0,"Invalid SID");
  stowSid(packedSid,0,sid_str);
  
  CHECK(serval_init_keyring(packedSid,
			 SID_SIZE,
			 keyring_path,
			 keyring_len,
			 &keyring,
			 NULL,
			 NULL), "Failed to initialize Serval keyring");
      
  struct subscriber *sub = find_subscriber(packedSid, SID_SIZE, 1); // get Serval identity described by given SID
  
  CHECK(sub,"Failed to fetch Serval subscriber");
  
  CHECK(keyring_send_sas_request_client(sub),"SAS request failed");
  
  CHECK(sub->sas_valid,"Could not validate the signing key!");
  CHECK(sub->sas_public[0],"Could not validate the signing key!");
  CHECK(tohex(sas_str,sub->sas_public,SAS_SIZE),"Failed to convert signing key");
  
  verdict = cmd_serval_verify(sas_str,2*SAS_SIZE,
			   msg,msg_len,sig,sig_len);
  
error:
  return verdict;
}
Beispiel #2
0
/* Used by serval-client */
int
serval_verify_client(svl_crypto_ctx *ctx)
{
  CHECK(ctx && ctx->sid[0] && ctx->msg && ctx->signature[0] && ctx->keyring_path,
	"Invalid ctx");
  
  CHECK(serval_init_keyring(ctx), "Failed to initialize Serval keyring");
      
  struct subscriber *sub = find_subscriber(ctx->sid, SID_SIZE, 1); // get Serval identity described by given SID
  
  CHECK(sub, "Failed to fetch Serval subscriber");
  
  CHECK(keyring_send_sas_request_client(sub), "SAS request failed");
  
  CHECK(sub->sas_valid, "Could not validate the signing key!");
  CHECK(sub->sas_public[0], "Could not validate the signing key!");
  
  memcpy(ctx->sas_public,sub->sas_public,crypto_sign_PUBLICKEYBYTES);
  
  return cmd_serval_verify(ctx);
error:
  return 0;
}
Beispiel #3
0
int serval_crypto_handler(co_obj_t *self, co_obj_t **output, co_obj_t *params) {
  CLEAR_ERR();
  
  int list_len = co_list_length(params), keypath = 0;
  
  CHECK_ERR(IS_LIST(params) && list_len >= 2,"Invalid params");
  
  if (!strncmp("--keyring=",co_obj_data_ptr(co_list_get_last(params)),10)) {
    keypath = 1;
    --list_len;
  }
  
  if (co_str_cmp_str(co_list_element(params,0),"sign") == 0) {
    
    CHECK_ERR(list_len == 2 || list_len == 3,"Invalid arguments");
    char sig_buf[2*SIGNATURE_BYTES + 1] = {0};
    if (list_len == 3) {
      CHECK_ERR(cmd_serval_sign(_LIST_ELEMENT(params,1),
			co_str_len(co_list_element(params,1)) - 1,
			(unsigned char*)_LIST_ELEMENT(params,2),
			co_str_len(co_list_element(params,2)) - 1,
			sig_buf,
			2*SIGNATURE_BYTES + 1,
			keypath ? _LIST_ELEMENT(params,3) + 10 : NULL, // strlen("--length=") == 10
			keypath ? co_str_len(co_list_element(params,3)) - 11 : 0),"Failed to create signature");
    } else if (list_len == 2) {
      CHECK_ERR(cmd_serval_sign(NULL,
			0,
			(unsigned char*)_LIST_ELEMENT(params,1),
			co_str_len(co_list_element(params,1)) - 1,
			sig_buf,
			2*SIGNATURE_BYTES + 1,
			keypath ? _LIST_ELEMENT(params,2) + 10 : NULL, // strlen("--length=") == 10
			keypath ? co_str_len(co_list_element(params,2)) - 11 : 0),"Failed to create signature");
    }
    CMD_OUTPUT("result",co_str8_create(sig_buf,2*SIGNATURE_BYTES+1,0));
    
  } else if (co_str_cmp_str(co_list_element(params,0),"verify") == 0) {
    
    CHECK_ERR(!keypath,"Keyring option not available for verification");
    CHECK_ERR(list_len == 4,"Invalid arguments");
    int verdict = cmd_serval_verify(_LIST_ELEMENT(params,1),
				  co_str_len(co_list_element(params,1)) - 1,
				  (unsigned char*)_LIST_ELEMENT(params,3),
				  co_str_len(co_list_element(params,3)) - 1,
				  _LIST_ELEMENT(params,2),
				  co_str_len(co_list_element(params,2)) - 1);
// 				  keypath ? _LIST_ELEMENT(params,4) + 10 : NULL, // strlen("--length=") == 10
// 				  keypath ? co_str_len(co_list_element(params,4)) - 10 : 0);
    if (verdict == 1) {
      DEBUG("signature verified");
      CMD_OUTPUT("result",co_bool_create(true,0));  // successfully verified
    } else if (verdict == 0) {
      DEBUG("signature NOT verified");
      CMD_OUTPUT("result",co_bool_create(false,0));
    }
    
  }
  
  return 1;
error:
  INS_ERROR();
  return 0;
}
Beispiel #4
0
int
serval_crypto_handler(co_obj_t *self, co_obj_t **output, co_obj_t *params)
{
  CLEAR_ERR();
  
  svl_crypto_ctx *ctx = NULL;
  int list_len = co_list_length(params);
  int keypath = 0;
  
  CHECK_ERR(IS_LIST(params) && list_len >= 2, "Invalid params");
  
  if (!strncmp("--keyring=", co_obj_data_ptr(co_list_get_last(params)), 10)) {
    keypath = 1;
    --list_len;
  }
  
  ctx = svl_crypto_ctx_new();
  
  if (co_str_cmp_str(co_list_element(params, 0), "sign") == 0) {
    
    CHECK_ERR(list_len == 2 || list_len == 3, "Invalid arguments");
    
    if (list_len == 3) {
      char *sid_str = _LIST_ELEMENT(params, 1);
      size_t sid_len = co_str_len(co_list_element(params, 1)) - 1;
      CHECK_ERR(sid_len == (2 * SID_SIZE) && str_is_subscriber_id(sid_str) == 1,
		"Invalid SID");
      stowSid(ctx->sid, 0, sid_str);
      ctx->msg = (unsigned char*)_LIST_ELEMENT(params, 2);
      ctx->msg_len = co_str_len(co_list_element(params, 2)) - 1;
      if (keypath) {
	ctx->keyring_path = _LIST_ELEMENT(params, 3) + 10;
	ctx->keyring_len = co_str_len(co_list_element(params, 3)) - 11;
	CHECK_ERR(ctx->keyring_len < PATH_MAX,"Keyring path too long");
      }
    
    } else if (list_len == 2) {
      
      ctx->msg = (unsigned char*)_LIST_ELEMENT(params, 1);
      ctx->msg_len = co_str_len(co_list_element(params, 1)) - 1;
      if (keypath) {
	ctx->keyring_path = _LIST_ELEMENT(params, 2) + 10;
	ctx->keyring_len = co_str_len(co_list_element(params, 2)) - 11;
	CHECK_ERR(ctx->keyring_len < PATH_MAX,"Keyring path too long");
      }

    }
    CHECK_ERR(cmd_serval_sign(ctx), "Failed to create signature");
    
    // convert ctx->signature, ctx->sas_public, and ctx->sid to hex: 
    char sid_str[(2 * SID_SIZE) + 1] = {0};
    strncpy(sid_str, alloca_tohex(ctx->sid, SID_SIZE), 2 * SID_SIZE);
    char sas_str[(2 * crypto_sign_PUBLICKEYBYTES) + 1] = {0};
    strncpy(sas_str, alloca_tohex(ctx->sas_public, crypto_sign_PUBLICKEYBYTES), 2 * crypto_sign_PUBLICKEYBYTES);
    char sig_str[(2 * SIGNATURE_BYTES) + 1] = {0};
    strncpy(sig_str, alloca_tohex(ctx->signature, SIGNATURE_BYTES), 2 * SIGNATURE_BYTES);
    CMD_OUTPUT("SID", co_str8_create(sid_str, (2 * SID_SIZE) + 1, 0));
    CMD_OUTPUT("SAS", co_str8_create(sas_str, (2 * crypto_sign_PUBLICKEYBYTES) + 1, 0));
    CMD_OUTPUT("signature", co_str8_create(sig_str, (2 * SIGNATURE_BYTES) + 1, 0));
    
  } else if (co_str_cmp_str(co_list_element(params, 0), "verify") == 0) {
    
    CHECK_ERR(!keypath, "Keyring option not available for verification");
    CHECK_ERR(list_len == 4, "Invalid arguments");
    // convert SAS and signature from hex to bin
    CHECK_ERR(fromhexstr(ctx->signature, _LIST_ELEMENT(params, 2), SIGNATURE_BYTES) == 0, "Invalid signature");
    CHECK_ERR(fromhexstr(ctx->sas_public, _LIST_ELEMENT(params, 1), crypto_sign_PUBLICKEYBYTES) == 0, "Invalid SAS key");
    ctx->msg = (unsigned char*)_LIST_ELEMENT(params, 3);
    ctx->msg_len = co_str_len(co_list_element(params, 3)) - 1;

    int verdict = cmd_serval_verify(ctx);
    if (verdict == 1) {
      DEBUG("signature verified");
      CMD_OUTPUT("result", co_bool_create(true, 0));  // successfully verified
      CMD_OUTPUT("verified",co_str8_create("true",sizeof("true"),0));
    } else if (verdict == 0) {
      DEBUG("signature NOT verified");
      CMD_OUTPUT("result", co_bool_create(false, 0));
      CMD_OUTPUT("verified",co_str8_create("false",sizeof("false"),0));
    }
    
  }
  
error:
  INS_ERROR();
  if (ctx)
    svl_crypto_ctx_free(ctx);
  return 1;
}