From 7ed3ab27d3a27beb04bc9b5da4d33d3140617bdb Mon Sep 17 00:00:00 2001 From: _ <> Date: Mon, 18 Jan 2021 22:13:48 +0000 Subject: [PATCH] update: switch to msgpack. I didn't know nlohmann already had that, it's way better for this case --- bare_minimum_crypto/cpp/bmc_test.cpp | 22 +++++++------------ .../cpp/expiring_signature.cpp | 2 +- bare_minimum_crypto/cpp/expiring_signature.h | 3 ++- bare_minimum_crypto/cpp/receiver.cpp | 22 +++++++++---------- bare_minimum_crypto/cpp/receiver.h | 2 +- 5 files changed, 23 insertions(+), 28 deletions(-) diff --git a/bare_minimum_crypto/cpp/bmc_test.cpp b/bare_minimum_crypto/cpp/bmc_test.cpp index 6b892fa..a624280 100644 --- a/bare_minimum_crypto/cpp/bmc_test.cpp +++ b/bare_minimum_crypto/cpp/bmc_test.cpp @@ -59,15 +59,15 @@ public: {"payload_b64", payload_b64}, }; - const auto cert_s = j.dump (); + const auto cert = json::to_msgpack (j); vector sig; sig.resize (crypto_sign_BYTES); - crypto_sign_detached (sig.data (), nullptr, (const uint8_t *)cert_s.data (), cert_s.size (), sk.data ()); + crypto_sign_detached (sig.data (), nullptr, cert.data (), cert.size (), sk.data ()); return ExpiringSignature { - cert_s, + cert, sig, }; } @@ -129,12 +129,6 @@ int happy_path () { } } - { - cerr << "Cert:" << endl; - cerr << cert.cert_s << endl; - cerr << base64_encode (cert.sig) << endl; - } - // The receiver verifies the data by the root public key, // even though the receiver has never seen the sub-key. @@ -142,16 +136,16 @@ int happy_path () { const json j { {"cert", { - {"sig_b64", base64_encode (cert.sig)}, - {"payload_s", cert.cert_s}, + {"sig", json::binary (cert.sig)}, + {"cert", json::binary (cert.cert)}, }}, {"data", { - {"sig_b64", base64_encode (signed_data.sig)}, - {"payload_s", signed_data.cert_s}, + {"sig", json::binary (signed_data.sig)}, + {"cert", json::binary (signed_data.cert)}, }}, }; - auto verified_opt = Receiver::verify_cert_and_data (root_pubkey, j.dump ()); + auto verified_opt = Receiver::verify_cert_and_data (root_pubkey, json::to_msgpack (j)); if (! verified_opt) { cerr << "Receiver couldn't verify cert and data" << endl; return 1; diff --git a/bare_minimum_crypto/cpp/expiring_signature.cpp b/bare_minimum_crypto/cpp/expiring_signature.cpp index 0b0448b..85efdbc 100644 --- a/bare_minimum_crypto/cpp/expiring_signature.cpp +++ b/bare_minimum_crypto/cpp/expiring_signature.cpp @@ -4,7 +4,7 @@ namespace BareMinimumCrypto { // C++ nonsense bool ExpiringSignature::operator == (const ExpiringSignature & o) const { return - cert_s == o.cert_s && + cert == o.cert && sig == o.sig ; } diff --git a/bare_minimum_crypto/cpp/expiring_signature.h b/bare_minimum_crypto/cpp/expiring_signature.h index ae66f00..e02f833 100644 --- a/bare_minimum_crypto/cpp/expiring_signature.h +++ b/bare_minimum_crypto/cpp/expiring_signature.h @@ -10,7 +10,8 @@ namespace BareMinimumCrypto { using namespace std; struct ExpiringSignature { - string cert_s; + // Payload is contained in here + vector cert; vector sig; bool operator == (const ExpiringSignature & o) const; diff --git a/bare_minimum_crypto/cpp/receiver.cpp b/bare_minimum_crypto/cpp/receiver.cpp index 14da2f5..7c066ca 100644 --- a/bare_minimum_crypto/cpp/receiver.cpp +++ b/bare_minimum_crypto/cpp/receiver.cpp @@ -29,14 +29,14 @@ namespace BareMinimumCrypto::Receiver { if (crypto_sign_verify_detached ( sig.sig.data (), - (const uint8_t *)sig.cert_s.data (), - sig.cert_s.size (), + sig.cert.data (), + sig.cert.size (), pubkey.data () ) != 0) { return nullopt; } - const json j = json::parse (sig.cert_s); + const json j = json::from_msgpack (sig.cert); const TimeRange tr { j ["not_before"], @@ -91,33 +91,33 @@ namespace BareMinimumCrypto::Receiver { optional > try_verify_cert_and_data ( const vector & root_pubkey, - const string & json_string, + const vector & msgpack, Instant now ) { - const json j = json::parse (json_string); + const auto j = json::from_msgpack (msgpack); ExpiringSignature cert; - cert.sig = *base64_decode (j ["cert"]["sig_b64"]); - cert.cert_s = j ["cert"]["payload_s"]; + cert.sig = j ["cert"]["sig"].get_binary (); + cert.cert = j ["cert"]["cert"].get_binary (); auto subkey_opt = verify_signed_data (root_pubkey, cert, now); const auto subkey = std::move (*subkey_opt); ExpiringSignature data; - data.sig = *base64_decode (j ["data"]["sig_b64"]); - data.cert_s = j ["data"]["payload_s"]; + data.sig = j ["data"]["sig"].get_binary (); + data.cert = j ["data"]["cert"].get_binary (); return verify_signed_data (subkey, data, now); } optional > verify_cert_and_data ( const vector & root_pubkey, - const string & json_string + const vector & msgpack ) { try { - return try_verify_cert_and_data (root_pubkey, json_string, Instant::now ()); + return try_verify_cert_and_data (root_pubkey, msgpack, Instant::now ()); } catch (json::exception &) { return nullopt; diff --git a/bare_minimum_crypto/cpp/receiver.h b/bare_minimum_crypto/cpp/receiver.h index e5cf525..a7398af 100644 --- a/bare_minimum_crypto/cpp/receiver.h +++ b/bare_minimum_crypto/cpp/receiver.h @@ -32,6 +32,6 @@ namespace BareMinimumCrypto::Receiver { optional > verify_cert_and_data ( const vector & root_pubkey, - const string & json_string + const vector & msgpack ); }