commit a93646993a3daf74bbbaa3cafa587e58ccb895b7
parent 2c6ad26a6f6d4078ecf44f5641c5f47056c67a6f
Author: lash <dev@holbrook.no>
Date: Sun, 2 Mar 2025 15:04:54 +0000
Add certificate sign interface
Diffstat:
5 files changed, 39 insertions(+), 19 deletions(-)
diff --git a/src/crypto/dummy.c b/src/crypto/dummy.c
@@ -83,10 +83,10 @@ LQSig* lq_privatekey_sign(LQPrivKey *pk, const char *msg, size_t msg_len, const
char *dst;
LQSig *sig;
- if (msg_len != 32) {
+ if (msg_len != LQ_DIGEST_LEN) {
return NULL;
}
- if (salt_len != 32) {
+ if (salt_len != LQ_SALT_LEN) {
return NULL;
}
diff --git a/src/lq/cert.c b/src/lq/cert.c
@@ -66,14 +66,15 @@ int lq_certificate_sign(LQCert *cert, LQPrivKey *pk) {
if (cert->response_sig == NULL) {
return ERR_ENCODING;
}
+ return ERR_OK;
}
if (cert->request == NULL) {
return ERR_INIT;
}
- if (cert->request->signature != NULL) {
+ if (cert->request_sig != NULL) {
return ERR_REQUEST;
}
- cert->request->sig = lq_msg_sign(cert->request, pk);
+ cert->request_sig = lq_msg_sign(cert->request, pk);
if (cert->request_sig == NULL) {
return ERR_ENCODING;
}
@@ -200,11 +201,11 @@ int lq_certificate_deserialize(LQCert **cert, char *in, size_t in_len) {
char tmp[4096];
asn1_node node;
asn1_node item;
- LQCtx *ctx;
+ LQCtx ctx;
LQCert *p;
// \todo ctx make it make sense here
- lq_set(ctx, 0, sizeof(LQCtx));
+ lq_set(&ctx, 0, sizeof(LQCtx));
lq_set(&node, 0, sizeof(node));
lq_set(&item, 0, sizeof(item));
r = asn1_array2tree(defs_asn1_tab, &node, err);
@@ -228,7 +229,7 @@ int lq_certificate_deserialize(LQCert **cert, char *in, size_t in_len) {
return ERR_READ;
}
- p = lq_certificate_new(NULL, ctx, NULL, NULL);
+ p = lq_certificate_new(NULL, &ctx, NULL, NULL);
lq_certificate_set_domain(p, tmp);
c = 4096;
diff --git a/src/lq/crypto.h b/src/lq/crypto.h
@@ -15,6 +15,11 @@
#define LQ_PRIVKEY_LEN 32
#endif
+#ifndef LQ_SALT_LEN
+#define LQ_SALT_LEN 32
+#endif
+
+
struct lq_privatekey_t {
int key_typ;
void *lokey;
diff --git a/src/lq/msg.c b/src/lq/msg.c
@@ -15,6 +15,8 @@ static LQPubKey nokey = {
.lolen = 0,
};
+static char nosalt[LQ_SALT_LEN];
+
LQMsg* lq_msg_new(const char *msg_data, size_t msg_len) {
LQMsg *msg;
@@ -30,20 +32,26 @@ LQMsg* lq_msg_new(const char *msg_data, size_t msg_len) {
}
LQSig* lq_msg_sign(LQMsg *msg, LQPrivKey *pk) {
- return lq_msg_sign_salted(msg, pk, 0, 0);
+ return lq_msg_sign_salted(msg, pk, nosalt, LQ_SALT_LEN);
}
LQSig* lq_msg_sign_salted(LQMsg *msg, LQPrivKey *pk, const char *salt, size_t salt_len) {
int r;
char *data;
char digest[LQ_DIGEST_LEN];
+ LQSig *sig;
data = lq_alloc(msg->len);
lq_cpy(data, msg->data, msg->len);
msg->pubkey = lq_publickey_from_privatekey(pk);
r = lq_digest(data, msg->len, (char*)digest);
- return lq_privatekey_sign(pk, msg->data, msg->len, salt, salt_len);
+ if (r != ERR_OK) {
+ return NULL;
+ }
+ sig = lq_privatekey_sign(pk, digest, LQ_DIGEST_LEN, salt, salt_len);
+
+ return sig;
}
void lq_msg_free(LQMsg *msg) {
diff --git a/src/test/test_cert.c b/src/test/test_cert.c
@@ -67,7 +67,9 @@ START_TEST(check_cert_symmetric_req_sig) {
req = lq_msg_new(data, strlen(data) + 1);
cert = lq_certificate_new(NULL, &ctx, req, NULL);
// \todo change interface to certificate sign
- cert->request_sig = lq_msg_sign(req, pk);
+ r = lq_certificate_sign(cert, pk);
+ ck_assert_int_eq(r, 0);
+
c = 4096;
r = lq_certificate_serialize(cert, buf, &c);
ck_assert_int_eq(r, 0);
@@ -93,9 +95,11 @@ START_TEST(check_cert_symmetric_rsp_onesig) {
lq_set(&ctx, 0, sizeof(LQCtx));
req = lq_msg_new(data, strlen(data) + 1);
rsp = lq_msg_new(data_two, strlen(data_two) + 1);
- cert = lq_certificate_new(NULL, &ctx, req, rsp);
- // \todo change interface to certificate sign
- cert->request_sig = lq_msg_sign(req, pk);
+ cert = lq_certificate_new(NULL, &ctx, req, NULL);
+ r = lq_certificate_sign(cert, pk);
+ ck_assert_int_eq(r, 0);
+ cert->response = rsp;
+
c = 4096;
r = lq_certificate_serialize(cert, buf, &c);
ck_assert_int_eq(r, 0);
@@ -112,7 +116,6 @@ START_TEST(check_cert_symmetric_rsp_bothsig) {
size_t c;
LQCert *cert;
LQMsg *req;
- LQMsg *rsp;
LQPrivKey *pk;
LQCtx ctx;
char buf[4096];
@@ -120,11 +123,14 @@ START_TEST(check_cert_symmetric_rsp_bothsig) {
pk = lq_privatekey_new(data, 32);
lq_set(&ctx, 0, sizeof(LQCtx));
req = lq_msg_new(data, strlen(data) + 1);
- rsp = lq_msg_new(data_two, strlen(data_two) + 1);
- cert = lq_certificate_new(NULL, &ctx, req, rsp);
- // \todo change interface to certificate sign
- cert->request_sig = lq_msg_sign(req, pk);
- cert->response_sig = lq_msg_sign(rsp, pk);
+ cert = lq_certificate_new(NULL, &ctx, req, NULL);
+ r = lq_certificate_sign(cert, pk);
+ ck_assert_int_eq(r, 0);
+
+ cert->response = lq_msg_new(data_two, strlen(data_two) + 1);
+ r = lq_certificate_sign(cert, pk);
+ ck_assert_int_eq(r, 0);
+
c = 4096;
r = lq_certificate_serialize(cert, buf, &c);
ck_assert_int_eq(r, 0);