update: switch to msgpack. I didn't know nlohmann already had that, it's way better for this case

main
_ 2021-01-18 22:13:48 +00:00
parent 9de30a0dca
commit 7ed3ab27d3
5 changed files with 23 additions and 28 deletions

View File

@ -59,15 +59,15 @@ public:
{"payload_b64", payload_b64}, {"payload_b64", payload_b64},
}; };
const auto cert_s = j.dump (); const auto cert = json::to_msgpack (j);
vector <uint8_t> sig; vector <uint8_t> sig;
sig.resize (crypto_sign_BYTES); sig.resize (crypto_sign_BYTES);
crypto_sign_detached (sig.data (), nullptr, (const uint8_t *)cert_s.data (), cert_s.size (), sk.data ()); crypto_sign_detached (sig.data (), nullptr, cert.data (), cert.size (), sk.data ());
return ExpiringSignature { return ExpiringSignature {
cert_s, cert,
sig, sig,
}; };
} }
@ -129,12 +129,6 @@ int happy_path () {
} }
} }
{
cerr << "Cert:" << endl;
cerr << cert.cert_s << endl;
cerr << base64_encode (cert.sig) << endl;
}
// The receiver verifies the data by the root public key, // The receiver verifies the data by the root public key,
// even though the receiver has never seen the sub-key. // even though the receiver has never seen the sub-key.
@ -142,16 +136,16 @@ int happy_path () {
const json j { const json j {
{"cert", { {"cert", {
{"sig_b64", base64_encode (cert.sig)}, {"sig", json::binary (cert.sig)},
{"payload_s", cert.cert_s}, {"cert", json::binary (cert.cert)},
}}, }},
{"data", { {"data", {
{"sig_b64", base64_encode (signed_data.sig)}, {"sig", json::binary (signed_data.sig)},
{"payload_s", signed_data.cert_s}, {"cert", json::binary (signed_data.cert)},
}}, }},
}; };
auto verified_opt = Receiver::verify_cert_and_data (root_pubkey, j.dump ()); auto verified_opt = Receiver::verify_cert_and_data (root_pubkey, json::to_msgpack (j));
if (! verified_opt) { if (! verified_opt) {
cerr << "Receiver couldn't verify cert and data" << endl; cerr << "Receiver couldn't verify cert and data" << endl;
return 1; return 1;

View File

@ -4,7 +4,7 @@ namespace BareMinimumCrypto {
// C++ nonsense // C++ nonsense
bool ExpiringSignature::operator == (const ExpiringSignature & o) const { bool ExpiringSignature::operator == (const ExpiringSignature & o) const {
return return
cert_s == o.cert_s && cert == o.cert &&
sig == o.sig sig == o.sig
; ;
} }

View File

@ -10,7 +10,8 @@ namespace BareMinimumCrypto {
using namespace std; using namespace std;
struct ExpiringSignature { struct ExpiringSignature {
string cert_s; // Payload is contained in here
vector <uint8_t> cert;
vector <uint8_t> sig; vector <uint8_t> sig;
bool operator == (const ExpiringSignature & o) const; bool operator == (const ExpiringSignature & o) const;

View File

@ -29,14 +29,14 @@ namespace BareMinimumCrypto::Receiver {
if (crypto_sign_verify_detached ( if (crypto_sign_verify_detached (
sig.sig.data (), sig.sig.data (),
(const uint8_t *)sig.cert_s.data (), sig.cert.data (),
sig.cert_s.size (), sig.cert.size (),
pubkey.data () pubkey.data ()
) != 0) { ) != 0) {
return nullopt; return nullopt;
} }
const json j = json::parse (sig.cert_s); const json j = json::from_msgpack (sig.cert);
const TimeRange tr { const TimeRange tr {
j ["not_before"], j ["not_before"],
@ -91,33 +91,33 @@ namespace BareMinimumCrypto::Receiver {
optional <vector <uint8_t>> try_verify_cert_and_data ( optional <vector <uint8_t>> try_verify_cert_and_data (
const vector <uint8_t> & root_pubkey, const vector <uint8_t> & root_pubkey,
const string & json_string, const vector <uint8_t> & msgpack,
Instant now Instant now
) { ) {
const json j = json::parse (json_string); const auto j = json::from_msgpack (msgpack);
ExpiringSignature cert; ExpiringSignature cert;
cert.sig = *base64_decode (j ["cert"]["sig_b64"]); cert.sig = j ["cert"]["sig"].get_binary ();
cert.cert_s = j ["cert"]["payload_s"]; cert.cert = j ["cert"]["cert"].get_binary ();
auto subkey_opt = verify_signed_data (root_pubkey, cert, now); auto subkey_opt = verify_signed_data (root_pubkey, cert, now);
const auto subkey = std::move (*subkey_opt); const auto subkey = std::move (*subkey_opt);
ExpiringSignature data; ExpiringSignature data;
data.sig = *base64_decode (j ["data"]["sig_b64"]); data.sig = j ["data"]["sig"].get_binary ();
data.cert_s = j ["data"]["payload_s"]; data.cert = j ["data"]["cert"].get_binary ();
return verify_signed_data (subkey, data, now); return verify_signed_data (subkey, data, now);
} }
optional <vector <uint8_t>> verify_cert_and_data ( optional <vector <uint8_t>> verify_cert_and_data (
const vector <uint8_t> & root_pubkey, const vector <uint8_t> & root_pubkey,
const string & json_string const vector <uint8_t> & msgpack
) { ) {
try { try {
return try_verify_cert_and_data (root_pubkey, json_string, Instant::now ()); return try_verify_cert_and_data (root_pubkey, msgpack, Instant::now ());
} }
catch (json::exception &) { catch (json::exception &) {
return nullopt; return nullopt;

View File

@ -32,6 +32,6 @@ namespace BareMinimumCrypto::Receiver {
optional <vector <uint8_t>> verify_cert_and_data ( optional <vector <uint8_t>> verify_cert_and_data (
const vector <uint8_t> & root_pubkey, const vector <uint8_t> & root_pubkey,
const string & json_string const vector <uint8_t> & msgpack
); );
} }