From f0bb1392a9d54f03b675ccc9da5d65e30be82778 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sun, 29 Sep 2019 14:34:00 +0100 Subject: [PATCH] sigscheme: Interface for signature schemes There are no implementations yet. This is split out like this for review of the api. We use struct buffer_if to feed key data into the scheme, in both cases. This will be convenient for implementations, The loadpub caller will have the data from base91s, probably. The loadpriv caller will have it from a file, but we read the file in the common code. The API we are introducing now expects each private key buffer to be fed to the sig schemes one by one until they it finds one that likes it. This is in fact not necessary; it was needed in an earlier design which does not otherwise survive in the published git history. This rather suboptimal API will be changed later. Signed-off-by: Ian Jackson --- modules.c | 4 ++++ secnet.h | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/modules.c b/modules.c index 24c1459..f63a149 100644 --- a/modules.c +++ b/modules.c @@ -38,3 +38,7 @@ void init_builtin_modules(dict_t *dict) sha1_module(dict); log_module(dict); } + +const struct sigscheme_info sigschemes[]={ + { 0 } +}; diff --git a/secnet.h b/secnet.h index 77ba017..ba3e45d 100644 --- a/secnet.h +++ b/secnet.h @@ -55,6 +55,10 @@ struct hash_if; struct comm_if; struct comm_addr; struct priomsg; +struct log_if; +struct buffer_if; +struct sigpubkey_if; +struct sigprivkey_if; typedef char *string_t; typedef const char *cstring_t; @@ -390,6 +394,42 @@ extern init_module log_module; /***** END of module support *****/ +/***** SIGNATURE SCHEMES *****/ + +struct sigscheme_info; + +typedef bool_t sigscheme_loadpub(const struct sigscheme_info *algo, + struct buffer_if *pubkeydata, + struct sigpubkey_if **sigpub_r, + struct log_if *log); + /* pubkeydata is (supposedly) for this algorithm. + * loadpub should log an error if it fails. + * pubkeydata may be modified (but not freed) */ + +typedef bool_t sigscheme_loadpriv(const struct sigscheme_info *algo, + struct buffer_if *privkeydata, + struct sigprivkey_if **sigpriv_r, + struct log_if *log); + /* privkeydata may contain data for any algorithm, not necessarily + * this one! If it is not for this algorithm, return False and do + * not log anything (other than at M_DEBUG). If it *is* for this + * algorithm but is wrong, log at M_ERROR. + * On entry privkeydata->base==start. loadpriv may modify base and + * size, but not anything else. So it may use unprepend and + * unappend. */ + +struct sigscheme_info { + const char *name; + const uint8_t algid; + sigscheme_loadpub *loadpub; + sigscheme_loadpriv *loadpriv; +}; + +extern const struct sigscheme_info rsa1_sigscheme; +extern const struct sigscheme_info sigschemes[]; /* sentinel has name==0 */ + +/***** END of signature schemes *****/ + /***** CLOSURE TYPES and interface definitions *****/ #define CL_PURE 0 -- 2.30.2