commit 06b4fc1f2b888a66eb39633b7b20143883ac8779
parent dc13429642077530d8440ec3c5221227446f3c2c
Author: lash <dev@holbrook.no>
Date: Fri, 26 Apr 2024 08:09:01 +0100
Implement counter-sign for ledger item
Diffstat:
3 files changed, 35 insertions(+), 14 deletions(-)
diff --git a/src/ledger.c b/src/ledger.c
@@ -640,11 +640,11 @@ static int kee_ledger_digest(struct kee_ledger_t *ledger, char *out) {
return ERR_OK;
}
-int kee_ledger_sign(struct kee_ledger_t *ledger, struct gpg_store *gpg, char *out, size_t *out_len, const char *passphrase) {
+int kee_ledger_sign(struct kee_ledger_t *ledger, struct kee_ledger_item_t *item, struct gpg_store *gpg, char *out, size_t *out_len, const char *passphrase) {
int r;
char *p;
- struct kee_ledger_item_t *item;
- char *signature_request;
+ char *signature_check;
+ char *signature_target;
size_t c;
size_t l;
enum kee_item_serialize_mode_e mode;
@@ -654,16 +654,12 @@ int kee_ledger_sign(struct kee_ledger_t *ledger, struct gpg_store *gpg, char *ou
l = *out_len;
*out_len = 0;
- item = ledger->last_item;
-
+ mode = KEE_LEDGER_ITEM_SERIALIZE_REQUEST;
if (item->initiator == BOB) {
-// mode = KEE_LEDGER_ITEM_SERIALIZE_RESPONSE;
- signature_request = item->alice_signature;
- } else {
- signature_request = item->bob_signature;
+ mode = KEE_LEDGER_ITEM_SERIALIZE_RESPONSE;
}
- if (memcmp(signature_request, zero_content, SIGNATURE_LENGTH)) {
+ if (memcmp(item->alice_signature, zero_content, SIGNATURE_LENGTH)) {
return ERR_ALREADY_SIGNED;
}
@@ -684,15 +680,16 @@ int kee_ledger_sign(struct kee_ledger_t *ledger, struct gpg_store *gpg, char *ou
// c = l;
c = l;
- r = kee_ledger_item_serialize(ledger->last_item, p, &c, KEE_LEDGER_ITEM_SERIALIZE_REQUEST);
+ r = kee_ledger_item_serialize(item, p, &c, mode);
if (r) {
return ERR_FAIL;
}
- r = gpg_store_sign(gpg, p, c, passphrase);
+ r = gpg_store_sign_with(gpg, p, c, passphrase, gpg->fingerprint);
if (r) {
return ERR_FAIL;
}
+ memcpy(item->alice_signature, gpg->last_signature, 32);
return ERR_OK;
}
diff --git a/src/ledger.h b/src/ledger.h
@@ -60,7 +60,7 @@ void kee_ledger_free(struct kee_ledger_t *ledger);
void kee_ledger_item_free(struct kee_ledger_item_t *item);
void kee_ledger_resolve(struct kee_ledger_t *ledger, Cadiz *cadiz);
void kee_ledger_reset_cache(struct kee_ledger_t *ledger);
-int kee_ledger_sign(struct kee_ledger_t *ledger, struct gpg_store *gpg, char *out, size_t *out_len, const char *passphrase);
+int kee_ledger_sign(struct kee_ledger_t *ledger, struct kee_ledger_item_t *item, struct gpg_store *gpg, char *out, size_t *out_len, const char *passphrase);
void kee_ledger_item_init(struct kee_ledger_item_t *item);
int kee_ledger_item_serialize(struct kee_ledger_item_t *item, char *out, size_t *out_len, enum kee_item_serialize_mode_e mode);
diff --git a/src/tests/ledger.c b/src/tests/ledger.c
@@ -24,6 +24,8 @@ int main() {
char out[1024];
const char *version;
gcry_sexp_t alice;
+ gcry_sexp_t bob;
+ char fingerprint_bob[FINGERPRINT_LENGTH];
cadiz.locator = "./testdata_resource";
@@ -44,6 +46,14 @@ int main() {
return 1;
}
gpg_store_init(&gpg, p);
+ gpg.k = &bob;
+ r = gpg_key_create(&gpg, "1234"); // bob
+ if (r) {
+ return 1;
+ }
+ memcpy(ledger.pubkey_bob, gpg.public_key, PUBKEY_LENGTH);
+ memcpy(fingerprint_bob, gpg.fingerprint, FINGERPRINT_LENGTH);
+
gpg.k = &alice;
r = gpg_key_create(&gpg, "1234"); // alice
if (r) {
@@ -85,11 +95,25 @@ int main() {
}
c = 1024;
- r = kee_ledger_sign(&ledger, &gpg, out, &c, "1234");
+ r = kee_ledger_sign(&ledger, ledger.last_item, &gpg, out, &c, "1234");
if (r) {
return 1;
}
+ // counter-sign
+ gpg.k = &bob;
+ r = gpg_key_load(&gpg, "1234", KEE_GPG_FIND_FINGERPRINT, fingerprint_bob);
+ if (r) {
+ return 1;
+ }
+ memcpy(ledger.last_item->bob_signature, ledger.last_item->alice_signature, SIGNATURE_LENGTH);
+ memset(ledger.last_item->alice_signature, 0, SIGNATURE_LENGTH);
+ c = 1024;
+ r = kee_ledger_sign(&ledger, ledger.last_item, &gpg, out, &c, "1234");
+ if (r) {
+ return 1;
+ }
+
kee_ledger_free(&ledger);
return 0;
