update: switch to msgpack. I didn't know nlohmann already had that, it's way better for this case
_
parent
9de30a0dca
commit
7ed3ab27d3
|
|
@ -59,15 +59,15 @@ public:
|
|||
{"payload_b64", payload_b64},
|
||||
};
|
||||
|
||||
const auto cert_s = j.dump ();
|
||||
const auto cert = json::to_msgpack (j);
|
||||
|
||||
vector <uint8_t> sig;
|
||||
sig.resize (crypto_sign_BYTES);
|
||||
|
||||
crypto_sign_detached (sig.data (), nullptr, (const uint8_t *)cert_s.data (), cert_s.size (), sk.data ());
|
||||
crypto_sign_detached (sig.data (), nullptr, cert.data (), cert.size (), sk.data ());
|
||||
|
||||
return ExpiringSignature {
|
||||
cert_s,
|
||||
cert,
|
||||
sig,
|
||||
};
|
||||
}
|
||||
|
|
@ -129,12 +129,6 @@ int happy_path () {
|
|||
}
|
||||
}
|
||||
|
||||
{
|
||||
cerr << "Cert:" << endl;
|
||||
cerr << cert.cert_s << endl;
|
||||
cerr << base64_encode (cert.sig) << endl;
|
||||
}
|
||||
|
||||
// The receiver verifies the data by the root public key,
|
||||
// even though the receiver has never seen the sub-key.
|
||||
|
||||
|
|
@ -142,16 +136,16 @@ int happy_path () {
|
|||
|
||||
const json j {
|
||||
{"cert", {
|
||||
{"sig_b64", base64_encode (cert.sig)},
|
||||
{"payload_s", cert.cert_s},
|
||||
{"sig", json::binary (cert.sig)},
|
||||
{"cert", json::binary (cert.cert)},
|
||||
}},
|
||||
{"data", {
|
||||
{"sig_b64", base64_encode (signed_data.sig)},
|
||||
{"payload_s", signed_data.cert_s},
|
||||
{"sig", json::binary (signed_data.sig)},
|
||||
{"cert", json::binary (signed_data.cert)},
|
||||
}},
|
||||
};
|
||||
|
||||
auto verified_opt = Receiver::verify_cert_and_data (root_pubkey, j.dump ());
|
||||
auto verified_opt = Receiver::verify_cert_and_data (root_pubkey, json::to_msgpack (j));
|
||||
if (! verified_opt) {
|
||||
cerr << "Receiver couldn't verify cert and data" << endl;
|
||||
return 1;
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ namespace BareMinimumCrypto {
|
|||
// C++ nonsense
|
||||
bool ExpiringSignature::operator == (const ExpiringSignature & o) const {
|
||||
return
|
||||
cert_s == o.cert_s &&
|
||||
cert == o.cert &&
|
||||
sig == o.sig
|
||||
;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,7 +10,8 @@ namespace BareMinimumCrypto {
|
|||
using namespace std;
|
||||
|
||||
struct ExpiringSignature {
|
||||
string cert_s;
|
||||
// Payload is contained in here
|
||||
vector <uint8_t> cert;
|
||||
vector <uint8_t> sig;
|
||||
|
||||
bool operator == (const ExpiringSignature & o) const;
|
||||
|
|
|
|||
|
|
@ -29,14 +29,14 @@ namespace BareMinimumCrypto::Receiver {
|
|||
|
||||
if (crypto_sign_verify_detached (
|
||||
sig.sig.data (),
|
||||
(const uint8_t *)sig.cert_s.data (),
|
||||
sig.cert_s.size (),
|
||||
sig.cert.data (),
|
||||
sig.cert.size (),
|
||||
pubkey.data ()
|
||||
) != 0) {
|
||||
return nullopt;
|
||||
}
|
||||
|
||||
const json j = json::parse (sig.cert_s);
|
||||
const json j = json::from_msgpack (sig.cert);
|
||||
|
||||
const TimeRange tr {
|
||||
j ["not_before"],
|
||||
|
|
@ -91,33 +91,33 @@ namespace BareMinimumCrypto::Receiver {
|
|||
|
||||
optional <vector <uint8_t>> try_verify_cert_and_data (
|
||||
const vector <uint8_t> & root_pubkey,
|
||||
const string & json_string,
|
||||
const vector <uint8_t> & msgpack,
|
||||
Instant now
|
||||
) {
|
||||
const json j = json::parse (json_string);
|
||||
const auto j = json::from_msgpack (msgpack);
|
||||
|
||||
ExpiringSignature cert;
|
||||
|
||||
cert.sig = *base64_decode (j ["cert"]["sig_b64"]);
|
||||
cert.cert_s = j ["cert"]["payload_s"];
|
||||
cert.sig = j ["cert"]["sig"].get_binary ();
|
||||
cert.cert = j ["cert"]["cert"].get_binary ();
|
||||
|
||||
auto subkey_opt = verify_signed_data (root_pubkey, cert, now);
|
||||
const auto subkey = std::move (*subkey_opt);
|
||||
|
||||
ExpiringSignature data;
|
||||
|
||||
data.sig = *base64_decode (j ["data"]["sig_b64"]);
|
||||
data.cert_s = j ["data"]["payload_s"];
|
||||
data.sig = j ["data"]["sig"].get_binary ();
|
||||
data.cert = j ["data"]["cert"].get_binary ();
|
||||
|
||||
return verify_signed_data (subkey, data, now);
|
||||
}
|
||||
|
||||
optional <vector <uint8_t>> verify_cert_and_data (
|
||||
const vector <uint8_t> & root_pubkey,
|
||||
const string & json_string
|
||||
const vector <uint8_t> & msgpack
|
||||
) {
|
||||
try {
|
||||
return try_verify_cert_and_data (root_pubkey, json_string, Instant::now ());
|
||||
return try_verify_cert_and_data (root_pubkey, msgpack, Instant::now ());
|
||||
}
|
||||
catch (json::exception &) {
|
||||
return nullopt;
|
||||
|
|
|
|||
|
|
@ -32,6 +32,6 @@ namespace BareMinimumCrypto::Receiver {
|
|||
|
||||
optional <vector <uint8_t>> verify_cert_and_data (
|
||||
const vector <uint8_t> & root_pubkey,
|
||||
const string & json_string
|
||||
const vector <uint8_t> & msgpack
|
||||
);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue