forked from cory/tildefriends
Make the SSB network key configurable by command-line argument.
This commit is contained in:
parent
f0a871e1f8
commit
42994f8977
12
src/main.c
12
src/main.c
@ -166,7 +166,7 @@ static int _tf_command_import(const char* file, int argc, char* argv[])
|
|||||||
return EXIT_FAILURE;
|
return EXIT_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
tf_ssb_t* ssb = tf_ssb_create(NULL, NULL, db_path);
|
tf_ssb_t* ssb = tf_ssb_create(NULL, NULL, db_path, NULL);
|
||||||
if (optind < argc)
|
if (optind < argc)
|
||||||
{
|
{
|
||||||
for (int i = optind; i < argc; i++)
|
for (int i = optind; i < argc; i++)
|
||||||
@ -232,7 +232,7 @@ static int _tf_command_export(const char* file, int argc, char* argv[])
|
|||||||
return EXIT_FAILURE;
|
return EXIT_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
tf_ssb_t* ssb = tf_ssb_create(NULL, NULL, db_path);
|
tf_ssb_t* ssb = tf_ssb_create(NULL, NULL, db_path, NULL);
|
||||||
if (optind < argc)
|
if (optind < argc)
|
||||||
{
|
{
|
||||||
for (int i = optind; i < argc; i++)
|
for (int i = optind; i < argc; i++)
|
||||||
@ -270,6 +270,7 @@ static int _tf_command_export(const char* file, int argc, char* argv[])
|
|||||||
typedef struct tf_run_args_t
|
typedef struct tf_run_args_t
|
||||||
{
|
{
|
||||||
const char* script;
|
const char* script;
|
||||||
|
const char* network_key;
|
||||||
int ssb_port;
|
int ssb_port;
|
||||||
int http_port;
|
int http_port;
|
||||||
int https_port;
|
int https_port;
|
||||||
@ -296,6 +297,7 @@ static int _tf_run_task(const tf_run_args_t* args, int index)
|
|||||||
tf_task_set_trusted(task, true);
|
tf_task_set_trusted(task, true);
|
||||||
tf_printf("setting zip path to %s\n", args->zip);
|
tf_printf("setting zip path to %s\n", args->zip);
|
||||||
tf_task_set_zip_path(task, args->zip);
|
tf_task_set_zip_path(task, args->zip);
|
||||||
|
tf_task_set_ssb_network_key(task, args->network_key);
|
||||||
tf_task_set_ssb_port(task, args->ssb_port ? args->ssb_port + index : 0);
|
tf_task_set_ssb_port(task, args->ssb_port ? args->ssb_port + index : 0);
|
||||||
tf_task_set_http_port(task, args->http_port ? args->http_port + index : 0);
|
tf_task_set_http_port(task, args->http_port ? args->http_port + index : 0);
|
||||||
tf_task_set_https_port(task, args->https_port ? args->https_port + index : 0);
|
tf_task_set_https_port(task, args->https_port ? args->https_port + index : 0);
|
||||||
@ -419,6 +421,7 @@ static int _tf_command_run(const char* file, int argc, char* argv[])
|
|||||||
static const struct option k_options[] = {
|
static const struct option k_options[] = {
|
||||||
{ "script", required_argument, NULL, 's' },
|
{ "script", required_argument, NULL, 's' },
|
||||||
{ "ssb-port", required_argument, NULL, 'b' },
|
{ "ssb-port", required_argument, NULL, 'b' },
|
||||||
|
{ "ssb-network-key", required_argument, NULL, 'k' },
|
||||||
{ "http-port", required_argument, NULL, 'p' },
|
{ "http-port", required_argument, NULL, 'p' },
|
||||||
{ "https-port", required_argument, NULL, 'q' },
|
{ "https-port", required_argument, NULL, 'q' },
|
||||||
{ "db-path", required_argument, NULL, 'd' },
|
{ "db-path", required_argument, NULL, 'd' },
|
||||||
@ -429,7 +432,7 @@ static int _tf_command_run(const char* file, int argc, char* argv[])
|
|||||||
{ "verbose", no_argument, NULL, 'v' },
|
{ "verbose", no_argument, NULL, 'v' },
|
||||||
{ "help", no_argument, NULL, 'h' },
|
{ "help", no_argument, NULL, 'h' },
|
||||||
};
|
};
|
||||||
int c = getopt_long(argc, argv, "s:b:p:q:d:n:a:oz:vh", k_options, NULL);
|
int c = getopt_long(argc, argv, "s:b:k:p:q:d:n:a:oz:vh", k_options, NULL);
|
||||||
if (c == -1)
|
if (c == -1)
|
||||||
{
|
{
|
||||||
break;
|
break;
|
||||||
@ -445,6 +448,9 @@ static int _tf_command_run(const char* file, int argc, char* argv[])
|
|||||||
case 's':
|
case 's':
|
||||||
args.script = optarg;
|
args.script = optarg;
|
||||||
break;
|
break;
|
||||||
|
case 'k':
|
||||||
|
args.network_key = optarg;
|
||||||
|
break;
|
||||||
case 'b':
|
case 'b':
|
||||||
args.ssb_port = atoi(optarg);
|
args.ssb_port = atoi(optarg);
|
||||||
break;
|
break;
|
||||||
|
101
src/ssb.c
101
src/ssb.c
@ -42,8 +42,7 @@ static_assert(k_id_base64_len == sodium_base64_ENCODED_LEN(9 + crypto_box_PUBLIC
|
|||||||
static_assert(k_id_bin_len == crypto_box_PUBLICKEYBYTES, "k_id_bin_len");
|
static_assert(k_id_bin_len == crypto_box_PUBLICKEYBYTES, "k_id_bin_len");
|
||||||
static_assert(k_blob_id_len == (sodium_base64_ENCODED_LEN(crypto_hash_sha256_BYTES, sodium_base64_VARIANT_ORIGINAL) + 8), "k_blob_id_len");
|
static_assert(k_blob_id_len == (sodium_base64_ENCODED_LEN(crypto_hash_sha256_BYTES, sodium_base64_VARIANT_ORIGINAL) + 8), "k_blob_id_len");
|
||||||
|
|
||||||
const uint8_t k_ssb_network[] = { 0xd4, 0xa1, 0xcb, 0x88, 0xa6, 0x6f, 0x02, 0xf8, 0xdb, 0x63, 0x5c, 0xe2, 0x64, 0x41, 0xcc, 0x5d, 0xac, 0x1b, 0x08, 0x42, 0x0c, 0xea, 0xac, 0x23,
|
const char* k_ssb_network_string = "d4a1cb88a66f02f8db635ce26441cc5dac1b08420ceaac230839b755845a9ffb";
|
||||||
0x08, 0x39, 0xb7, 0x55, 0x84, 0x5a, 0x9f, 0xfb };
|
|
||||||
|
|
||||||
const char* k_ssb_type_names[] = {
|
const char* k_ssb_type_names[] = {
|
||||||
"binary",
|
"binary",
|
||||||
@ -203,6 +202,8 @@ typedef struct _tf_ssb_t
|
|||||||
uv_timer_t trace_timer;
|
uv_timer_t trace_timer;
|
||||||
uv_tcp_t server;
|
uv_tcp_t server;
|
||||||
|
|
||||||
|
uint8_t network_key[32];
|
||||||
|
|
||||||
uint8_t pub[crypto_sign_PUBLICKEYBYTES];
|
uint8_t pub[crypto_sign_PUBLICKEYBYTES];
|
||||||
uint8_t priv[crypto_sign_SECRETKEYBYTES];
|
uint8_t priv[crypto_sign_SECRETKEYBYTES];
|
||||||
|
|
||||||
@ -489,7 +490,7 @@ static void _tf_ssb_write(tf_ssb_connection_t* connection, void* data, size_t si
|
|||||||
static void _tf_ssb_connection_send_identity(tf_ssb_connection_t* connection, uint8_t* hmac, uint8_t* pubkey)
|
static void _tf_ssb_connection_send_identity(tf_ssb_connection_t* connection, uint8_t* hmac, uint8_t* pubkey)
|
||||||
{
|
{
|
||||||
memcpy(connection->serverepub, pubkey, sizeof(connection->serverepub));
|
memcpy(connection->serverepub, pubkey, sizeof(connection->serverepub));
|
||||||
if (crypto_auth_hmacsha512256_verify(hmac, connection->serverepub, 32, k_ssb_network) != 0)
|
if (crypto_auth_hmacsha512256_verify(hmac, connection->serverepub, 32, connection->ssb->network_key) != 0)
|
||||||
{
|
{
|
||||||
_tf_ssb_connection_close(connection, "invalid server hello");
|
_tf_ssb_connection_close(connection, "invalid server hello");
|
||||||
return;
|
return;
|
||||||
@ -519,10 +520,10 @@ static void _tf_ssb_connection_send_identity(tf_ssb_connection_t* connection, ui
|
|||||||
uint8_t hash[crypto_hash_sha256_BYTES];
|
uint8_t hash[crypto_hash_sha256_BYTES];
|
||||||
crypto_hash_sha256(hash, shared_secret_ab, sizeof(shared_secret_ab));
|
crypto_hash_sha256(hash, shared_secret_ab, sizeof(shared_secret_ab));
|
||||||
|
|
||||||
uint8_t msg[sizeof(k_ssb_network) + sizeof(connection->serverpub) + crypto_hash_sha256_BYTES];
|
uint8_t msg[sizeof(connection->ssb->network_key) + sizeof(connection->serverpub) + crypto_hash_sha256_BYTES];
|
||||||
memcpy(msg, k_ssb_network, sizeof(k_ssb_network));
|
memcpy(msg, connection->ssb->network_key, sizeof(connection->ssb->network_key));
|
||||||
memcpy(msg + sizeof(k_ssb_network), connection->serverpub, sizeof(connection->serverpub));
|
memcpy(msg + sizeof(connection->ssb->network_key), connection->serverpub, sizeof(connection->serverpub));
|
||||||
memcpy(msg + sizeof(k_ssb_network) + sizeof(connection->serverpub), hash, sizeof(hash));
|
memcpy(msg + sizeof(connection->ssb->network_key) + sizeof(connection->serverpub), hash, sizeof(hash));
|
||||||
|
|
||||||
unsigned long long siglen;
|
unsigned long long siglen;
|
||||||
if (crypto_sign_detached(connection->detached_signature_A, &siglen, msg, sizeof(msg), connection->ssb->priv) != 0)
|
if (crypto_sign_detached(connection->detached_signature_A, &siglen, msg, sizeof(msg), connection->ssb->priv) != 0)
|
||||||
@ -536,10 +537,10 @@ static void _tf_ssb_connection_send_identity(tf_ssb_connection_t* connection, ui
|
|||||||
memcpy(tosend + sizeof(connection->detached_signature_A), connection->ssb->pub, sizeof(connection->ssb->pub));
|
memcpy(tosend + sizeof(connection->detached_signature_A), connection->ssb->pub, sizeof(connection->ssb->pub));
|
||||||
uint8_t nonce[crypto_secretbox_NONCEBYTES] = { 0 };
|
uint8_t nonce[crypto_secretbox_NONCEBYTES] = { 0 };
|
||||||
|
|
||||||
uint8_t tohash[sizeof(k_ssb_network) + sizeof(shared_secret_ab) + sizeof(shared_secret_aB)];
|
uint8_t tohash[sizeof(connection->ssb->network_key) + sizeof(shared_secret_ab) + sizeof(shared_secret_aB)];
|
||||||
memcpy(tohash, k_ssb_network, sizeof(k_ssb_network));
|
memcpy(tohash, connection->ssb->network_key, sizeof(connection->ssb->network_key));
|
||||||
memcpy(tohash + sizeof(k_ssb_network), shared_secret_ab, sizeof(shared_secret_ab));
|
memcpy(tohash + sizeof(connection->ssb->network_key), shared_secret_ab, sizeof(shared_secret_ab));
|
||||||
memcpy(tohash + sizeof(k_ssb_network) + sizeof(shared_secret_ab), shared_secret_aB, sizeof(shared_secret_aB));
|
memcpy(tohash + sizeof(connection->ssb->network_key) + sizeof(shared_secret_ab), shared_secret_aB, sizeof(shared_secret_aB));
|
||||||
uint8_t hash2[crypto_hash_sha256_BYTES];
|
uint8_t hash2[crypto_hash_sha256_BYTES];
|
||||||
crypto_hash_sha256(hash2, tohash, sizeof(tohash));
|
crypto_hash_sha256(hash2, tohash, sizeof(tohash));
|
||||||
|
|
||||||
@ -1136,11 +1137,11 @@ static void _tf_ssb_connection_verify_identity(tf_ssb_connection_t* connection,
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t tohash[sizeof(k_ssb_network) + sizeof(shared_secret_ab) + sizeof(shared_secret_aB) + sizeof(shared_secret_Ab)];
|
uint8_t tohash[sizeof(connection->ssb->network_key) + sizeof(shared_secret_ab) + sizeof(shared_secret_aB) + sizeof(shared_secret_Ab)];
|
||||||
memcpy(tohash, k_ssb_network, sizeof(k_ssb_network));
|
memcpy(tohash, connection->ssb->network_key, sizeof(connection->ssb->network_key));
|
||||||
memcpy(tohash + sizeof(k_ssb_network), shared_secret_ab, sizeof(shared_secret_ab));
|
memcpy(tohash + sizeof(connection->ssb->network_key), shared_secret_ab, sizeof(shared_secret_ab));
|
||||||
memcpy(tohash + sizeof(k_ssb_network) + sizeof(shared_secret_ab), shared_secret_aB, sizeof(shared_secret_aB));
|
memcpy(tohash + sizeof(connection->ssb->network_key) + sizeof(shared_secret_ab), shared_secret_aB, sizeof(shared_secret_aB));
|
||||||
memcpy(tohash + sizeof(k_ssb_network) + sizeof(shared_secret_ab) + sizeof(shared_secret_aB), shared_secret_Ab, sizeof(shared_secret_Ab));
|
memcpy(tohash + sizeof(connection->ssb->network_key) + sizeof(shared_secret_ab) + sizeof(shared_secret_aB), shared_secret_Ab, sizeof(shared_secret_Ab));
|
||||||
uint8_t hash2[crypto_hash_sha256_BYTES];
|
uint8_t hash2[crypto_hash_sha256_BYTES];
|
||||||
crypto_hash_sha256(hash2, tohash, sizeof(tohash));
|
crypto_hash_sha256(hash2, tohash, sizeof(tohash));
|
||||||
|
|
||||||
@ -1164,11 +1165,11 @@ static void _tf_ssb_connection_verify_identity(tf_ssb_connection_t* connection,
|
|||||||
uint8_t hash3[crypto_hash_sha256_BYTES];
|
uint8_t hash3[crypto_hash_sha256_BYTES];
|
||||||
crypto_hash_sha256(hash3, shared_secret_ab, sizeof(shared_secret_ab));
|
crypto_hash_sha256(hash3, shared_secret_ab, sizeof(shared_secret_ab));
|
||||||
|
|
||||||
uint8_t msg[sizeof(k_ssb_network) + sizeof(connection->detached_signature_A) + sizeof(connection->ssb->pub) + sizeof(hash3)];
|
uint8_t msg[sizeof(connection->ssb->network_key) + sizeof(connection->detached_signature_A) + sizeof(connection->ssb->pub) + sizeof(hash3)];
|
||||||
memcpy(msg, k_ssb_network, sizeof(k_ssb_network));
|
memcpy(msg, connection->ssb->network_key, sizeof(connection->ssb->network_key));
|
||||||
memcpy(msg + sizeof(k_ssb_network), connection->detached_signature_A, sizeof(connection->detached_signature_A));
|
memcpy(msg + sizeof(connection->ssb->network_key), connection->detached_signature_A, sizeof(connection->detached_signature_A));
|
||||||
memcpy(msg + sizeof(k_ssb_network) + sizeof(connection->detached_signature_A), connection->ssb->pub, sizeof(connection->ssb->pub));
|
memcpy(msg + sizeof(connection->ssb->network_key) + sizeof(connection->detached_signature_A), connection->ssb->pub, sizeof(connection->ssb->pub));
|
||||||
memcpy(msg + sizeof(k_ssb_network) + sizeof(connection->detached_signature_A) + sizeof(connection->ssb->pub), hash3, sizeof(hash3));
|
memcpy(msg + sizeof(connection->ssb->network_key) + sizeof(connection->detached_signature_A) + sizeof(connection->ssb->pub), hash3, sizeof(hash3));
|
||||||
if (crypto_sign_verify_detached(m, msg, sizeof(msg), connection->serverpub) != 0)
|
if (crypto_sign_verify_detached(m, msg, sizeof(msg), connection->serverpub) != 0)
|
||||||
{
|
{
|
||||||
_tf_ssb_connection_close(connection, "unable to verify server identity");
|
_tf_ssb_connection_close(connection, "unable to verify server identity");
|
||||||
@ -1176,7 +1177,7 @@ static void _tf_ssb_connection_verify_identity(tf_ssb_connection_t* connection,
|
|||||||
}
|
}
|
||||||
|
|
||||||
uint8_t nonce2[crypto_auth_hmacsha512256_BYTES];
|
uint8_t nonce2[crypto_auth_hmacsha512256_BYTES];
|
||||||
if (crypto_auth_hmacsha512256(nonce2, connection->epub, sizeof(connection->epub), k_ssb_network) != 0)
|
if (crypto_auth_hmacsha512256(nonce2, connection->epub, sizeof(connection->epub), connection->ssb->network_key) != 0)
|
||||||
{
|
{
|
||||||
_tf_ssb_connection_close(connection, "unable to compute client recv nonce");
|
_tf_ssb_connection_close(connection, "unable to compute client recv nonce");
|
||||||
return;
|
return;
|
||||||
@ -1184,7 +1185,7 @@ static void _tf_ssb_connection_verify_identity(tf_ssb_connection_t* connection,
|
|||||||
memcpy(connection->nonce, nonce2, sizeof(connection->nonce));
|
memcpy(connection->nonce, nonce2, sizeof(connection->nonce));
|
||||||
|
|
||||||
uint8_t nonce3[crypto_auth_hmacsha512256_BYTES];
|
uint8_t nonce3[crypto_auth_hmacsha512256_BYTES];
|
||||||
if (crypto_auth_hmacsha512256(nonce3, connection->serverepub, sizeof(connection->serverepub), k_ssb_network) != 0)
|
if (crypto_auth_hmacsha512256(nonce3, connection->serverepub, sizeof(connection->serverepub), connection->ssb->network_key) != 0)
|
||||||
{
|
{
|
||||||
_tf_ssb_connection_close(connection, "unable to compute client send nonce");
|
_tf_ssb_connection_close(connection, "unable to compute client send nonce");
|
||||||
return;
|
return;
|
||||||
@ -1290,11 +1291,11 @@ static void _tf_ssb_connection_verify_client_identity(tf_ssb_connection_t* conne
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
static_assert(sizeof(k_ssb_network) == crypto_auth_KEYBYTES, "network key size");
|
static_assert(sizeof(connection->ssb->network_key) == crypto_auth_KEYBYTES, "network key size");
|
||||||
uint8_t tohash[sizeof(k_ssb_network) + sizeof(shared_secret_ab) + sizeof(shared_secret_aB)];
|
uint8_t tohash[sizeof(connection->ssb->network_key) + sizeof(shared_secret_ab) + sizeof(shared_secret_aB)];
|
||||||
memcpy(tohash, k_ssb_network, sizeof(k_ssb_network));
|
memcpy(tohash, connection->ssb->network_key, sizeof(connection->ssb->network_key));
|
||||||
memcpy(tohash + sizeof(k_ssb_network), shared_secret_ab, sizeof(shared_secret_ab));
|
memcpy(tohash + sizeof(connection->ssb->network_key), shared_secret_ab, sizeof(shared_secret_ab));
|
||||||
memcpy(tohash + sizeof(k_ssb_network) + sizeof(shared_secret_ab), shared_secret_aB, sizeof(shared_secret_aB));
|
memcpy(tohash + sizeof(connection->ssb->network_key) + sizeof(shared_secret_ab), shared_secret_aB, sizeof(shared_secret_aB));
|
||||||
uint8_t hash2[crypto_hash_sha256_BYTES];
|
uint8_t hash2[crypto_hash_sha256_BYTES];
|
||||||
crypto_hash_sha256(hash2, tohash, sizeof(tohash));
|
crypto_hash_sha256(hash2, tohash, sizeof(tohash));
|
||||||
|
|
||||||
@ -1335,10 +1336,10 @@ static void _tf_ssb_connection_verify_client_identity(tf_ssb_connection_t* conne
|
|||||||
uint8_t hash3[crypto_hash_sha256_BYTES];
|
uint8_t hash3[crypto_hash_sha256_BYTES];
|
||||||
crypto_hash_sha256(hash3, shared_secret_ab, sizeof(shared_secret_ab));
|
crypto_hash_sha256(hash3, shared_secret_ab, sizeof(shared_secret_ab));
|
||||||
|
|
||||||
uint8_t msg[sizeof(k_ssb_network) + sizeof(connection->ssb->pub) + sizeof(hash3)];
|
uint8_t msg[sizeof(connection->ssb->network_key) + sizeof(connection->ssb->pub) + sizeof(hash3)];
|
||||||
memcpy(msg, k_ssb_network, sizeof(k_ssb_network));
|
memcpy(msg, connection->ssb->network_key, sizeof(connection->ssb->network_key));
|
||||||
memcpy(msg + sizeof(k_ssb_network), connection->ssb->pub, sizeof(connection->ssb->pub));
|
memcpy(msg + sizeof(connection->ssb->network_key), connection->ssb->pub, sizeof(connection->ssb->pub));
|
||||||
memcpy(msg + sizeof(k_ssb_network) + sizeof(connection->ssb->pub), hash3, sizeof(hash3));
|
memcpy(msg + sizeof(connection->ssb->network_key) + sizeof(connection->ssb->pub), hash3, sizeof(hash3));
|
||||||
if (crypto_sign_verify_detached(detached_signature_A, msg, sizeof(msg), connection->serverpub) != 0)
|
if (crypto_sign_verify_detached(detached_signature_A, msg, sizeof(msg), connection->serverpub) != 0)
|
||||||
{
|
{
|
||||||
_tf_ssb_connection_close(connection, "unable to verify client identity");
|
_tf_ssb_connection_close(connection, "unable to verify client identity");
|
||||||
@ -1346,7 +1347,7 @@ static void _tf_ssb_connection_verify_client_identity(tf_ssb_connection_t* conne
|
|||||||
}
|
}
|
||||||
|
|
||||||
uint8_t nonce2[crypto_auth_hmacsha512256_BYTES];
|
uint8_t nonce2[crypto_auth_hmacsha512256_BYTES];
|
||||||
if (crypto_auth_hmacsha512256(nonce2, connection->epub, sizeof(connection->epub), k_ssb_network) != 0)
|
if (crypto_auth_hmacsha512256(nonce2, connection->epub, sizeof(connection->epub), connection->ssb->network_key) != 0)
|
||||||
{
|
{
|
||||||
_tf_ssb_connection_close(connection, "unable to compute initial recv nonce as server");
|
_tf_ssb_connection_close(connection, "unable to compute initial recv nonce as server");
|
||||||
return;
|
return;
|
||||||
@ -1354,7 +1355,7 @@ static void _tf_ssb_connection_verify_client_identity(tf_ssb_connection_t* conne
|
|||||||
memcpy(connection->nonce, nonce2, sizeof(connection->nonce));
|
memcpy(connection->nonce, nonce2, sizeof(connection->nonce));
|
||||||
|
|
||||||
uint8_t nonce3[crypto_auth_hmacsha512256_BYTES];
|
uint8_t nonce3[crypto_auth_hmacsha512256_BYTES];
|
||||||
if (crypto_auth_hmacsha512256(nonce3, connection->serverepub, sizeof(connection->serverepub), k_ssb_network) != 0)
|
if (crypto_auth_hmacsha512256(nonce3, connection->serverepub, sizeof(connection->serverepub), connection->ssb->network_key) != 0)
|
||||||
{
|
{
|
||||||
_tf_ssb_connection_close(connection, "unable to compute initial send nonce as server");
|
_tf_ssb_connection_close(connection, "unable to compute initial send nonce as server");
|
||||||
return;
|
return;
|
||||||
@ -1362,11 +1363,11 @@ static void _tf_ssb_connection_verify_client_identity(tf_ssb_connection_t* conne
|
|||||||
memcpy(connection->send_nonce, nonce3, sizeof(connection->send_nonce));
|
memcpy(connection->send_nonce, nonce3, sizeof(connection->send_nonce));
|
||||||
|
|
||||||
int detached_signature_A_size = 64;
|
int detached_signature_A_size = 64;
|
||||||
uint8_t sign_b[sizeof(k_ssb_network) + detached_signature_A_size + sizeof(connection->serverpub) + sizeof(hash3)];
|
uint8_t sign_b[sizeof(connection->ssb->network_key) + detached_signature_A_size + sizeof(connection->serverpub) + sizeof(hash3)];
|
||||||
memcpy(sign_b, k_ssb_network, sizeof(k_ssb_network));
|
memcpy(sign_b, connection->ssb->network_key, sizeof(connection->ssb->network_key));
|
||||||
memcpy(sign_b + sizeof(k_ssb_network), detached_signature_A, detached_signature_A_size);
|
memcpy(sign_b + sizeof(connection->ssb->network_key), detached_signature_A, detached_signature_A_size);
|
||||||
memcpy(sign_b + sizeof(k_ssb_network) + detached_signature_A_size, connection->serverpub, sizeof(connection->serverpub));
|
memcpy(sign_b + sizeof(connection->ssb->network_key) + detached_signature_A_size, connection->serverpub, sizeof(connection->serverpub));
|
||||||
memcpy(sign_b + sizeof(k_ssb_network) + detached_signature_A_size + sizeof(connection->serverpub), hash3, sizeof(hash3));
|
memcpy(sign_b + sizeof(connection->ssb->network_key) + detached_signature_A_size + sizeof(connection->serverpub), hash3, sizeof(hash3));
|
||||||
|
|
||||||
uint8_t detached_signature_B[crypto_sign_BYTES];
|
uint8_t detached_signature_B[crypto_sign_BYTES];
|
||||||
unsigned long long siglen;
|
unsigned long long siglen;
|
||||||
@ -1390,11 +1391,11 @@ static void _tf_ssb_connection_verify_client_identity(tf_ssb_connection_t* conne
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t key_buf[sizeof(k_ssb_network) + sizeof(shared_secret_ab) + sizeof(shared_secret_aB) + sizeof(shared_secret_Ab)];
|
uint8_t key_buf[sizeof(connection->ssb->network_key) + sizeof(shared_secret_ab) + sizeof(shared_secret_aB) + sizeof(shared_secret_Ab)];
|
||||||
memcpy(key_buf, k_ssb_network, sizeof(k_ssb_network));
|
memcpy(key_buf, connection->ssb->network_key, sizeof(connection->ssb->network_key));
|
||||||
memcpy(key_buf + sizeof(k_ssb_network), shared_secret_ab, sizeof(shared_secret_ab));
|
memcpy(key_buf + sizeof(connection->ssb->network_key), shared_secret_ab, sizeof(shared_secret_ab));
|
||||||
memcpy(key_buf + sizeof(k_ssb_network) + sizeof(shared_secret_ab), shared_secret_aB, sizeof(shared_secret_aB));
|
memcpy(key_buf + sizeof(connection->ssb->network_key) + sizeof(shared_secret_ab), shared_secret_aB, sizeof(shared_secret_aB));
|
||||||
memcpy(key_buf + sizeof(k_ssb_network) + sizeof(shared_secret_ab) + sizeof(shared_secret_aB), shared_secret_Ab, sizeof(shared_secret_Ab));
|
memcpy(key_buf + sizeof(connection->ssb->network_key) + sizeof(shared_secret_ab) + sizeof(shared_secret_aB), shared_secret_Ab, sizeof(shared_secret_Ab));
|
||||||
|
|
||||||
uint8_t key_hash[crypto_hash_sha256_BYTES];
|
uint8_t key_hash[crypto_hash_sha256_BYTES];
|
||||||
crypto_hash_sha256(key_hash, key_buf, sizeof(key_buf));
|
crypto_hash_sha256(key_hash, key_buf, sizeof(key_buf));
|
||||||
@ -1941,7 +1942,7 @@ static void _tf_ssb_connection_on_tcp_recv_internal(tf_ssb_connection_t* connect
|
|||||||
uint8_t* hmac = hello;
|
uint8_t* hmac = hello;
|
||||||
memcpy(connection->serverepub, hello + crypto_box_PUBLICKEYBYTES, crypto_box_PUBLICKEYBYTES);
|
memcpy(connection->serverepub, hello + crypto_box_PUBLICKEYBYTES, crypto_box_PUBLICKEYBYTES);
|
||||||
static_assert(sizeof(connection->serverepub) == crypto_box_PUBLICKEYBYTES, "serverepub size");
|
static_assert(sizeof(connection->serverepub) == crypto_box_PUBLICKEYBYTES, "serverepub size");
|
||||||
if (crypto_auth_hmacsha512256_verify(hmac, connection->serverepub, 32, k_ssb_network) != 0)
|
if (crypto_auth_hmacsha512256_verify(hmac, connection->serverepub, 32, connection->ssb->network_key) != 0)
|
||||||
{
|
{
|
||||||
_tf_ssb_connection_close(connection, "crypto_auth_hmacsha512256_verify failed");
|
_tf_ssb_connection_close(connection, "crypto_auth_hmacsha512256_verify failed");
|
||||||
}
|
}
|
||||||
@ -1998,7 +1999,7 @@ static void _tf_ssb_connection_client_send_hello(tf_ssb_connection_t* connection
|
|||||||
}
|
}
|
||||||
|
|
||||||
uint8_t a[crypto_auth_hmacsha512256_BYTES];
|
uint8_t a[crypto_auth_hmacsha512256_BYTES];
|
||||||
if (crypto_auth_hmacsha512256(a, connection->epub, sizeof(connection->epub), k_ssb_network) != 0)
|
if (crypto_auth_hmacsha512256(a, connection->epub, sizeof(connection->epub), connection->ssb->network_key) != 0)
|
||||||
{
|
{
|
||||||
_tf_ssb_connection_close(connection, "failed to create hello message");
|
_tf_ssb_connection_close(connection, "failed to create hello message");
|
||||||
return;
|
return;
|
||||||
@ -2106,11 +2107,17 @@ void tf_ssb_get_stats(tf_ssb_t* ssb, tf_ssb_stats_t* out_stats)
|
|||||||
ssb->rpc_out = 0;
|
ssb->rpc_out = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
tf_ssb_t* tf_ssb_create(uv_loop_t* loop, JSContext* context, const char* db_path)
|
tf_ssb_t* tf_ssb_create(uv_loop_t* loop, JSContext* context, const char* db_path, const char* network_key)
|
||||||
{
|
{
|
||||||
tf_ssb_t* ssb = tf_malloc(sizeof(tf_ssb_t));
|
tf_ssb_t* ssb = tf_malloc(sizeof(tf_ssb_t));
|
||||||
memset(ssb, 0, sizeof(*ssb));
|
memset(ssb, 0, sizeof(*ssb));
|
||||||
|
|
||||||
|
const char* actual_key = network_key ? network_key : k_ssb_network_string;
|
||||||
|
if (sodium_hex2bin(ssb->network_key, sizeof(ssb->network_key), actual_key, strlen(actual_key), ": ", NULL, NULL))
|
||||||
|
{
|
||||||
|
tf_printf("Error parsing network key: %s.", actual_key);
|
||||||
|
}
|
||||||
|
|
||||||
char buffer[8] = { 0 };
|
char buffer[8] = { 0 };
|
||||||
size_t buffer_size = sizeof(buffer);
|
size_t buffer_size = sizeof(buffer);
|
||||||
ssb->store_debug_messages = uv_os_getenv("TF_DEBUG_CLOSE", buffer, &buffer_size) == 0 && strcmp(buffer, "1") == 0;
|
ssb->store_debug_messages = uv_os_getenv("TF_DEBUG_CLOSE", buffer, &buffer_size) == 0 && strcmp(buffer, "1") == 0;
|
||||||
|
@ -85,7 +85,7 @@ typedef struct _tf_ssb_store_queue_t
|
|||||||
bool running;
|
bool running;
|
||||||
} tf_ssb_store_queue_t;
|
} tf_ssb_store_queue_t;
|
||||||
|
|
||||||
tf_ssb_t* tf_ssb_create(uv_loop_t* loop, JSContext* context, const char* db_path);
|
tf_ssb_t* tf_ssb_create(uv_loop_t* loop, JSContext* context, const char* db_path, const char* network_key);
|
||||||
void tf_ssb_destroy(tf_ssb_t* ssb);
|
void tf_ssb_destroy(tf_ssb_t* ssb);
|
||||||
|
|
||||||
void tf_ssb_start_periodic(tf_ssb_t* ssb);
|
void tf_ssb_start_periodic(tf_ssb_t* ssb);
|
||||||
|
@ -143,10 +143,10 @@ void tf_ssb_test_ssb(const tf_test_options_t* options)
|
|||||||
uv_loop_init(&loop);
|
uv_loop_init(&loop);
|
||||||
|
|
||||||
unlink("out/test_db0.sqlite");
|
unlink("out/test_db0.sqlite");
|
||||||
tf_ssb_t* ssb0 = tf_ssb_create(&loop, NULL, "file:out/test_db0.sqlite");
|
tf_ssb_t* ssb0 = tf_ssb_create(&loop, NULL, "file:out/test_db0.sqlite", NULL);
|
||||||
tf_ssb_register(tf_ssb_get_context(ssb0), ssb0);
|
tf_ssb_register(tf_ssb_get_context(ssb0), ssb0);
|
||||||
unlink("out/test_db1.sqlite");
|
unlink("out/test_db1.sqlite");
|
||||||
tf_ssb_t* ssb1 = tf_ssb_create(&loop, NULL, "file:out/test_db1.sqlite");
|
tf_ssb_t* ssb1 = tf_ssb_create(&loop, NULL, "file:out/test_db1.sqlite", NULL);
|
||||||
tf_ssb_register(tf_ssb_get_context(ssb1), ssb1);
|
tf_ssb_register(tf_ssb_get_context(ssb1), ssb1);
|
||||||
|
|
||||||
uv_idle_t idle0 = { .data = ssb0 };
|
uv_idle_t idle0 = { .data = ssb0 };
|
||||||
@ -352,13 +352,13 @@ void tf_ssb_test_rooms(const tf_test_options_t* options)
|
|||||||
uv_loop_init(&loop);
|
uv_loop_init(&loop);
|
||||||
|
|
||||||
unlink("out/test_db0.sqlite");
|
unlink("out/test_db0.sqlite");
|
||||||
tf_ssb_t* ssb0 = tf_ssb_create(&loop, NULL, "file:out/test_db0.sqlite");
|
tf_ssb_t* ssb0 = tf_ssb_create(&loop, NULL, "file:out/test_db0.sqlite", NULL);
|
||||||
tf_ssb_register(tf_ssb_get_context(ssb0), ssb0);
|
tf_ssb_register(tf_ssb_get_context(ssb0), ssb0);
|
||||||
unlink("out/test_db1.sqlite");
|
unlink("out/test_db1.sqlite");
|
||||||
tf_ssb_t* ssb1 = tf_ssb_create(&loop, NULL, "file:out/test_db1.sqlite");
|
tf_ssb_t* ssb1 = tf_ssb_create(&loop, NULL, "file:out/test_db1.sqlite", NULL);
|
||||||
tf_ssb_register(tf_ssb_get_context(ssb1), ssb1);
|
tf_ssb_register(tf_ssb_get_context(ssb1), ssb1);
|
||||||
unlink("out/test_db2.sqlite");
|
unlink("out/test_db2.sqlite");
|
||||||
tf_ssb_t* ssb2 = tf_ssb_create(&loop, NULL, "file:out/test_db2.sqlite");
|
tf_ssb_t* ssb2 = tf_ssb_create(&loop, NULL, "file:out/test_db2.sqlite", NULL);
|
||||||
tf_ssb_register(tf_ssb_get_context(ssb2), ssb2);
|
tf_ssb_register(tf_ssb_get_context(ssb2), ssb2);
|
||||||
|
|
||||||
uv_idle_t idle0 = { .data = ssb0 };
|
uv_idle_t idle0 = { .data = ssb0 };
|
||||||
@ -513,7 +513,7 @@ void tf_ssb_test_following(const tf_test_options_t* options)
|
|||||||
uv_loop_init(&loop);
|
uv_loop_init(&loop);
|
||||||
|
|
||||||
unlink("out/test_db0.sqlite");
|
unlink("out/test_db0.sqlite");
|
||||||
tf_ssb_t* ssb0 = tf_ssb_create(&loop, NULL, "file:out/test_db0.sqlite");
|
tf_ssb_t* ssb0 = tf_ssb_create(&loop, NULL, "file:out/test_db0.sqlite", NULL);
|
||||||
tf_ssb_generate_keys(ssb0);
|
tf_ssb_generate_keys(ssb0);
|
||||||
|
|
||||||
char id0[k_id_base64_len] = { "@" };
|
char id0[k_id_base64_len] = { "@" };
|
||||||
@ -588,7 +588,7 @@ void tf_ssb_test_bench(const tf_test_options_t* options)
|
|||||||
tf_trace_t* trace = tf_trace_create();
|
tf_trace_t* trace = tf_trace_create();
|
||||||
|
|
||||||
unlink("out/test_db0.sqlite");
|
unlink("out/test_db0.sqlite");
|
||||||
tf_ssb_t* ssb0 = tf_ssb_create(&loop, NULL, "file:out/test_db0.sqlite");
|
tf_ssb_t* ssb0 = tf_ssb_create(&loop, NULL, "file:out/test_db0.sqlite", NULL);
|
||||||
tf_ssb_set_trace(ssb0, trace);
|
tf_ssb_set_trace(ssb0, trace);
|
||||||
tf_ssb_generate_keys(ssb0);
|
tf_ssb_generate_keys(ssb0);
|
||||||
|
|
||||||
@ -618,7 +618,7 @@ void tf_ssb_test_bench(const tf_test_options_t* options)
|
|||||||
tf_printf("insert = %f seconds\n", (end_time.tv_sec - start_time.tv_sec) + (end_time.tv_nsec - start_time.tv_nsec) / 1e9);
|
tf_printf("insert = %f seconds\n", (end_time.tv_sec - start_time.tv_sec) + (end_time.tv_nsec - start_time.tv_nsec) / 1e9);
|
||||||
|
|
||||||
unlink("out/test_db1.sqlite");
|
unlink("out/test_db1.sqlite");
|
||||||
tf_ssb_t* ssb1 = tf_ssb_create(&loop, NULL, "file:out/test_db1.sqlite");
|
tf_ssb_t* ssb1 = tf_ssb_create(&loop, NULL, "file:out/test_db1.sqlite", NULL);
|
||||||
tf_ssb_set_trace(ssb1, trace);
|
tf_ssb_set_trace(ssb1, trace);
|
||||||
tf_ssb_generate_keys(ssb1);
|
tf_ssb_generate_keys(ssb1);
|
||||||
uint8_t id0bin[k_id_bin_len];
|
uint8_t id0bin[k_id_bin_len];
|
||||||
@ -793,12 +793,12 @@ void tf_ssb_test_go_ssb_room(const tf_test_options_t* options)
|
|||||||
tf_trace_t* trace = tf_trace_create();
|
tf_trace_t* trace = tf_trace_create();
|
||||||
|
|
||||||
unlink("out/test_db0.sqlite");
|
unlink("out/test_db0.sqlite");
|
||||||
tf_ssb_t* ssb0 = tf_ssb_create(&loop, NULL, "file:out/test_db0.sqlite");
|
tf_ssb_t* ssb0 = tf_ssb_create(&loop, NULL, "file:out/test_db0.sqlite", NULL);
|
||||||
tf_ssb_set_trace(ssb0, trace);
|
tf_ssb_set_trace(ssb0, trace);
|
||||||
tf_ssb_generate_keys(ssb0);
|
tf_ssb_generate_keys(ssb0);
|
||||||
|
|
||||||
unlink("out/test_db1.sqlite");
|
unlink("out/test_db1.sqlite");
|
||||||
tf_ssb_t* ssb1 = tf_ssb_create(&loop, NULL, "file:out/test_db1.sqlite");
|
tf_ssb_t* ssb1 = tf_ssb_create(&loop, NULL, "file:out/test_db1.sqlite", NULL);
|
||||||
tf_ssb_set_trace(ssb1, trace);
|
tf_ssb_set_trace(ssb1, trace);
|
||||||
tf_ssb_generate_keys(ssb1);
|
tf_ssb_generate_keys(ssb1);
|
||||||
|
|
||||||
|
@ -150,6 +150,7 @@ typedef struct _tf_task_t
|
|||||||
int _import_count;
|
int _import_count;
|
||||||
JSValue _loadedFiles;
|
JSValue _loadedFiles;
|
||||||
|
|
||||||
|
const char* _network_key;
|
||||||
int _ssb_port;
|
int _ssb_port;
|
||||||
int _http_port;
|
int _http_port;
|
||||||
int _https_port;
|
int _https_port;
|
||||||
@ -1743,7 +1744,7 @@ void tf_task_activate(tf_task_t* task)
|
|||||||
tf_database_register(context);
|
tf_database_register(context);
|
||||||
tf_httpd_register(context);
|
tf_httpd_register(context);
|
||||||
|
|
||||||
task->_ssb = tf_ssb_create(&task->_loop, task->_context, task->_db_path);
|
task->_ssb = tf_ssb_create(&task->_loop, task->_context, task->_db_path, task->_network_key);
|
||||||
tf_ssb_set_trace(task->_ssb, task->_trace);
|
tf_ssb_set_trace(task->_ssb, task->_trace);
|
||||||
tf_ssb_register(context, task->_ssb);
|
tf_ssb_register(context, task->_ssb);
|
||||||
tf_ssb_set_hitch_callback(task->_ssb, _tf_task_record_hitch, task);
|
tf_ssb_set_hitch_callback(task->_ssb, _tf_task_record_hitch, task);
|
||||||
@ -1997,6 +1998,11 @@ tf_task_t* tf_task_get(JSContext* context)
|
|||||||
return JS_GetContextOpaque(context);
|
return JS_GetContextOpaque(context);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void tf_task_set_ssb_network_key(tf_task_t* task, const char* network_key)
|
||||||
|
{
|
||||||
|
task->_network_key = network_key;
|
||||||
|
}
|
||||||
|
|
||||||
void tf_task_set_ssb_port(tf_task_t* task, int port)
|
void tf_task_set_ssb_port(tf_task_t* task, int port)
|
||||||
{
|
{
|
||||||
task->_ssb_port = port;
|
task->_ssb_port = port;
|
||||||
|
@ -69,6 +69,13 @@ tf_task_t* tf_task_create();
|
|||||||
*/
|
*/
|
||||||
void tf_task_configure_from_fd(tf_task_t* task, int fd);
|
void tf_task_configure_from_fd(tf_task_t* task, int fd);
|
||||||
|
|
||||||
|
/**
|
||||||
|
** Set the SSB network key.
|
||||||
|
** @param task The task.
|
||||||
|
** @param network_key The network key.
|
||||||
|
*/
|
||||||
|
void tf_task_set_ssb_network_key(tf_task_t* task, const char* network_key);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
** Set the port number on which to run an SSB secure handshake server.
|
** Set the port number on which to run an SSB secure handshake server.
|
||||||
** @param task The task.
|
** @param task The task.
|
||||||
|
Loading…
Reference in New Issue
Block a user