commit dc13429642077530d8440ec3c5221227446f3c2c
parent 8a228e775f432e750b8a54f49881c97608ba644e
Author: lash <dev@holbrook.no>
Date: Fri, 26 Apr 2024 07:30:11 +0100
Implement ledger item sign with gpg store
Diffstat:
4 files changed, 122 insertions(+), 78 deletions(-)
diff --git a/src/ledger.c b/src/ledger.c
@@ -11,6 +11,7 @@
#include "strip.h"
#include "content.h"
#include "endian.h"
+#include "gpg.h"
extern const asn1_static_node schema_entry_asn1_tab[];
@@ -620,16 +621,18 @@ int kee_ledger_item_serialize(struct kee_ledger_item_t *item, char *out, size_t
return 0;
}
-static int kee_ledger_digest(struct kee_ledger_t *ledger, char *out, size_t out_len) {
+static int kee_ledger_digest(struct kee_ledger_t *ledger, char *out) {
int r;
char out_data[1024];
+ size_t c;
- r = kee_ledger_serialize(ledger, out_data, &out_len);
+ c = 1024;
+ r = kee_ledger_serialize(ledger, out_data, &c);
if (r) {
return r;
}
- r = calculate_digest_algo(out_data, out_len, out, GCRY_MD_SHA512);
+ r = calculate_digest_algo(out_data, c, out, GCRY_MD_SHA512);
if (r) {
return ERR_FAIL;
}
@@ -637,39 +640,41 @@ static int kee_ledger_digest(struct kee_ledger_t *ledger, char *out, size_t out_
return ERR_OK;
}
-//int kee_ledger_sign(struct kee_ledger_t *ledger, char *out, size_t *out_len) {
-// char *p;
-// kee_ledger_item_t *item;
-// char *signature_request;
-// size_t c
-// size_t l;
-// enum kee_item_serialize_mode_e mode;
-//
-// p = out;
-// c = *out_len;
-// l = *out_len;
-// *out_len = 0;
-//
-// item = ledger->last_item;
-//
-// if (item->initiator == BOB) {
+int kee_ledger_sign(struct kee_ledger_t *ledger, struct gpg_store *gpg, char *out, size_t *out_len, const char *passphrase) {
+ int r;
+ char *p;
+ struct kee_ledger_item_t *item;
+ char *signature_request;
+ size_t c;
+ size_t l;
+ enum kee_item_serialize_mode_e mode;
+
+ p = out;
+ c = *out_len;
+ l = *out_len;
+ *out_len = 0;
+
+ item = ledger->last_item;
+
+ if (item->initiator == BOB) {
// mode = KEE_LEDGER_ITEM_SERIALIZE_RESPONSE;
-// } else {
-// signature_request = item->alice_signature;
-// }
-//
-// if (memcmp(signature_request, zero_content, 64)) {
-// return ERR_ALREADY_SIGNED;
-// }
-//
-// r = kee_ledger_digest(ledger, p, &c);
-// if (r) {
-// return ERR_FAIL;
-// }
-// p = out + c;
-// l -= c;
-// c = l;
-//
+ signature_request = item->alice_signature;
+ } else {
+ signature_request = item->bob_signature;
+ }
+
+ if (memcmp(signature_request, zero_content, SIGNATURE_LENGTH)) {
+ return ERR_ALREADY_SIGNED;
+ }
+
+ r = kee_ledger_digest(ledger, p);
+ if (r) {
+ return ERR_FAIL;
+ }
+ c = DIGEST_LENGTH;
+ p = out + c;
+ l -= c;
+
// r = kee_ledger_serialize(ledger, p, &c);
// if (r) {
// return ERR_FAIL;
@@ -677,12 +682,17 @@ static int kee_ledger_digest(struct kee_ledger_t *ledger, char *out, size_t out_
// p = out + c;
// l -= c;
// c = l;
-//
-// r = kee_ledger_item_serialize(ledger, p, &c, KEE_LEDGER_ITEM_SERIALIZE_REQUEST);
-// if (r) {
-// return ERR_FAIL;
-// }
-//
-//
-// return ERR_OK;
-//}
+
+ c = l;
+ r = kee_ledger_item_serialize(ledger->last_item, p, &c, KEE_LEDGER_ITEM_SERIALIZE_REQUEST);
+ if (r) {
+ return ERR_FAIL;
+ }
+
+ r = gpg_store_sign(gpg, p, c, passphrase);
+ if (r) {
+ return ERR_FAIL;
+ }
+
+ return ERR_OK;
+}
diff --git a/src/ledger.h b/src/ledger.h
@@ -5,6 +5,7 @@
#include "content.h"
#include "cadiz.h"
+#include "gpg.h"
enum kee_initiator_e {
ALICE,
@@ -59,6 +60,7 @@ void kee_ledger_free(struct kee_ledger_t *ledger);
void kee_ledger_item_free(struct kee_ledger_item_t *item);
void kee_ledger_resolve(struct kee_ledger_t *ledger, Cadiz *cadiz);
void kee_ledger_reset_cache(struct kee_ledger_t *ledger);
+int kee_ledger_sign(struct kee_ledger_t *ledger, struct gpg_store *gpg, char *out, size_t *out_len, const char *passphrase);
void kee_ledger_item_init(struct kee_ledger_item_t *item);
int kee_ledger_item_serialize(struct kee_ledger_item_t *item, char *out, size_t *out_len, enum kee_item_serialize_mode_e mode);
diff --git a/src/tests/ledger.c b/src/tests/ledger.c
@@ -11,19 +11,46 @@ const char *test_item_data_b = "3082011d0440c2b795d9d3183bcc9d6ae1ae2960c302d736
int main() {
+ char *p;
int r;
size_t c;
+ struct gpg_store gpg;
struct kee_ledger_t ledger;
struct kee_ledger_item_t *ledger_item_a;
struct kee_ledger_item_t *ledger_item_b;
Cadiz cadiz;
char data[1024];
+ char path[1024];
+ char out[1024];
+ const char *version;
+ gcry_sexp_t alice;
cadiz.locator = "./testdata_resource";
kee_ledger_init(&ledger);
kee_ledger_reset_cache(&ledger);
+ version = gcry_check_version(NULL);
+ if (version == 0x0) {
+ return 1;
+ }
+ gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
+ gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+
+ /// \todo factor out key creation tost utils
+ strcpy(path, "/tmp/keetest_key_XXXXXX");
+ p = mkdtemp(path);
+ if (p == NULL) {
+ return 1;
+ }
+ gpg_store_init(&gpg, p);
+ gpg.k = &alice;
+ r = gpg_key_create(&gpg, "1234"); // alice
+ if (r) {
+ return 1;
+ }
+ memcpy(ledger.pubkey_alice, gpg.public_key, PUBKEY_LENGTH);
+
c = hex2bin(test_ledger_data, (unsigned char*)data);
r = kee_ledger_parse(&ledger, data, c);
if (r) {
@@ -57,6 +84,12 @@ int main() {
return 1;
}
+ c = 1024;
+ r = kee_ledger_sign(&ledger, &gpg, out, &c, "1234");
+ if (r) {
+ return 1;
+ }
+
kee_ledger_free(&ledger);
return 0;
diff --git a/src/tests/sign.c b/src/tests/sign.c
@@ -23,7 +23,6 @@ int test_sign() {
struct gpg_store gpg;
struct kee_ledger_t ledger;
struct kee_ledger_item_t item;
- struct kee_ledger_item_t *item_parsed;
struct kee_content_t content;
struct kee_content_t content_item;
char item_sum[64];
@@ -133,39 +132,39 @@ int test_sign() {
if (r) {
return 1;
}
- memcpy(item.bob_signature, gpg.last_signature, SIGNATURE_LENGTH);
-
- out_item_len = 4096;
- r = kee_ledger_item_serialize(&item, out_item, &out_item_len, KEE_LEDGER_ITEM_SERIALIZE_RESPONSE);
- if (r) {
- return 1;
- }
- r = calculate_digest_algo(out_item, out_item_len, item_sum, GCRY_MD_SHA512);
- if (r) {
- return 1;
- }
- gpg.k = &alice;
- r = gpg_store_sign_with(&gpg, out_item, out_item_len, "1234", alice_fingerprint);
- if (r) {
- return 1;
- }
- r = gpg_store_verify(gpg.last_signature, item_sum, ledger.pubkey_alice);
- if (r) {
- return 1;
- }
- memcpy(item.alice_signature, gpg.last_signature, SIGNATURE_LENGTH);
-
- out_item_len = 4096;
- r = kee_ledger_item_serialize(&item, out_item, &out_item_len, KEE_LEDGER_ITEM_SERIALIZE_FINAL);
- if (r) {
- return 1;
- }
- *(out_item+out_item_len) = 1;
-
- item_parsed = kee_ledger_parse_item(&ledger, out_item, out_item_len + 1);
- if (item_parsed == NULL) {
- return 1;
- }
+// memcpy(item.bob_signature, gpg.last_signature, SIGNATURE_LENGTH);
+//
+// out_item_len = 4096;
+// r = kee_ledger_item_serialize(&item, out_item, &out_item_len, KEE_LEDGER_ITEM_SERIALIZE_RESPONSE);
+// if (r) {
+// return 1;
+// }
+// r = calculate_digest_algo(out_item, out_item_len, item_sum, GCRY_MD_SHA512);
+// if (r) {
+// return 1;
+// }
+// gpg.k = &alice;
+// r = gpg_store_sign_with(&gpg, out_item, out_item_len, "1234", alice_fingerprint);
+// if (r) {
+// return 1;
+// }
+// r = gpg_store_verify(gpg.last_signature, item_sum, ledger.pubkey_alice);
+// if (r) {
+// return 1;
+// }
+// memcpy(item.alice_signature, gpg.last_signature, SIGNATURE_LENGTH);
+//
+// out_item_len = 4096;
+// r = kee_ledger_item_serialize(&item, out_item, &out_item_len, KEE_LEDGER_ITEM_SERIALIZE_FINAL);
+// if (r) {
+// return 1;
+// }
+// *(out_item+out_item_len) = 1;
+//
+// item_parsed = kee_ledger_parse_item(&ledger, out_item, out_item_len + 1);
+// if (item_parsed == NULL) {
+// return 1;
+// }
free(out_item);
free(out);
