libqaeda

Unnamed repository; edit this file 'description' to name the repository.
Info | Log | Files | Refs | README | LICENSE
commit 5af518a9176615113a5d55accb9f7f785789fd5d
parent e9926a4d1a7dcaf8d3891c80ff4933dd7b3d1404
Author: lash <dev@holbrook.no>
Date:   Sat,  5 Apr 2025 00:21:15 +0100

Reciprocal cert signatures implemented with verify

Diffstat:

Msrc/lq/cert.c | 25+++++++++++++++++++++----


Msrc/test/test_cert.c | 8++------


2 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/src/lq/cert.c b/src/lq/cert.c
@@ -162,22 +162,39 @@ int lq_certificate_verify(LQCert *cert) {
 	LQCert cert_valid;
 
 	if (cert->request_sig == NULL) {
-		return debug_logerr(LLOG_DEBUG, ERR_NONSENSE, "no request signature");
+		return debug_logerr(LLOG_DEBUG, ERR_NONSENSE, "no signatures");
 	}
 
 	lq_cpy(&cert_valid, cert, sizeof(LQCert));
 	cert_valid.request_sig = NULL;
 	cert_valid.response = NULL;
 	cert_valid.response_sig = NULL;
-
 	r = state_digest(&cert_valid, out, 0);
 	if (r != ERR_OK) {
-		return r;
+		return debug_logerr(LLOG_DEBUG, r, "cert state request");
 	}
 
 	r = lq_msg_verify_extra(cert->request, cert->request_sig, NULL, out, LQ_DIGEST_LEN);
 	if (r != ERR_OK) {
-		return r;
+		return debug_logerr(LLOG_DEBUG, r, "cert verify request");
+	}
+
+	if (cert->response_sig == NULL) {
+		debug(LLOG_DEBUG, "cert", "skip empty response signature");
+		return ERR_OK;
+	}
+
+	cert_valid.request_sig = cert->request_sig;
+	cert_valid.response = cert->response;
+	r = state_digest(&cert_valid, out, 0);
+	if (r != ERR_OK) {
+		return debug_logerr(LLOG_DEBUG, r, "cert state response");
+	}
+	cert_valid.response_sig = cert->response_sig;
+
+	r = lq_msg_verify_extra(cert_valid.response, cert_valid.response_sig, NULL, out, LQ_DIGEST_LEN);
+	if (r != ERR_OK) {
+		return debug_logerr(LLOG_DEBUG, r, "cert verify response");
 	}
 
 	return ERR_OK;
diff --git a/src/test/test_cert.c b/src/test/test_cert.c
@@ -49,11 +49,6 @@ START_TEST(check_cert_sig_req) {
 	r = lq_certificate_request(cert, req, pk);
 	ck_assert_int_eq(r, 0);
 
-	//res = lq_msg_new("barbaz", 7);
-	//ck_assert_ptr_nonnull(res);
-	//r = lq_certificate_respond(cert, res, pk_bob);
-	//ck_assert_int_eq(r, 0);
-
 	r = lq_certificate_verify(cert);
 	ck_assert_int_eq(r, 0);
 
@@ -79,6 +74,7 @@ START_TEST(check_cert_sig_res) {
 	ck_assert_ptr_nonnull(pk_bob);
 	r = lq_privatekey_unlock(pk_bob, passphrase, strlen(passphrase));
 	ck_assert_int_eq(r, 0);
+
 	cert = lq_certificate_new(NULL);
 	ck_assert_ptr_nonnull(cert);
 
@@ -243,7 +239,7 @@ Suite * common_suite(void) {
 	s = suite_create("cert");
 	tc = tcase_create("sign");
 	tcase_add_test(tc, check_cert_sig_req);
-//	tcase_add_test(tc, check_cert_sig_res);
+	tcase_add_test(tc, check_cert_sig_res);
 	suite_add_tcase(s, tc);
 
 	tc = tcase_create("serialize");