8#include <botan/roughtime.h>
10#include <botan/base64.h>
11#include <botan/hash.h>
12#include <botan/internal/socket_udp.h>
13#include <botan/pubkey.h>
27template<
bool B,
class T =
void >
28using enable_if_t =
typename std::enable_if<B,T>::type;
31struct is_array : std::false_type {};
33template<
class T, std::
size_t N>
34struct is_array<
std::array<T,N>>:std::true_type{};
37T impl_from_little_endian(
const uint8_t* t,
const size_t i)
39 static_assert(
sizeof(
T) <=
sizeof(int64_t),
"");
40 return T(
static_cast<int64_t
>(t[i]) << i * 8) + (i == 0 ?
T(0) : impl_from_little_endian<
T>(t, i - 1));
44T from_little_endian(
const uint8_t* t)
46 return impl_from_little_endian<T>(t,
sizeof(
T) - 1);
49template<typename T, enable_if_t<is_array<T>::value>* =
nullptr>
50T copy(
const uint8_t* t)
52 return typecast_copy<T>(t);
55template<typename T, enable_if_t<!is_array<T>::value>* =
nullptr>
56T copy(
const uint8_t* t)
58 return from_little_endian<T>(t);
62std::map<std::string, std::vector<uint8_t>> unpack_roughtime_packet(
T bytes)
65 {
throw Roughtime::Roughtime_Error(
"Map length is under minimum of 8 bytes"); }
66 const auto buf = bytes.data();
67 const uint32_t num_tags = buf[0];
68 const uint32_t start_content = num_tags * 8;
69 if(start_content > bytes.size())
70 {
throw Roughtime::Roughtime_Error(
"Map length too small to contain all tags"); }
71 uint32_t start = start_content;
72 std::map<std::string, std::vector<uint8_t>> tags;
73 for(uint32_t i=0; i<num_tags; ++i)
75 const size_t end = ((i+1) == num_tags) ? bytes.size() : start_content + from_little_endian<uint32_t>(buf + 4 + i*4);
76 if(end > bytes.size())
77 {
throw Roughtime::Roughtime_Error(
"Tag end index out of bounds"); }
79 {
throw Roughtime::Roughtime_Error(
"Tag offset must be more than previous tag offset"); }
81 const char label[] = {label_ptr[0], label_ptr[1], label_ptr[2], label_ptr[3], 0};
83 std::vector<uint8_t> val(buf + start, buf + end);
84 auto ret = tags.insert(std::make_pair(std::string(label), val));
86 {
throw Roughtime::Roughtime_Error(std::string(
"Map has duplicated tag: ") + label); }
87 start =
static_cast<uint32_t
>(end);
93T get(
const std::map<std::string, std::vector<uint8_t>>& map,
const std::string& label)
95 const auto& tag = map.find(label);
97 {
throw Roughtime::Roughtime_Error(
"Tag " + label +
" not found"); }
98 if(tag->second.size() !=
sizeof(
T))
99 {
throw Roughtime::Roughtime_Error(
"Tag " + label +
" has unexpected size"); }
100 return copy<T>(tag->second.data());
103const std::vector<uint8_t>& get_v(
const std::map<std::string, std::vector<uint8_t>>& map,
const std::string& label)
105 const auto& tag = map.find(label);
107 {
throw Roughtime::Roughtime_Error(
"Tag " + label +
" not found"); }
111bool verify_signature(
const std::array<uint8_t, 32>& pk,
const std::vector<uint8_t>& payload,
112 const std::array<uint8_t, 64>& signature)
114 const char context[] =
"RoughTime v1 response signature";
115 Ed25519_PublicKey key(std::vector<uint8_t>(pk.data(), pk.data()+pk.size()));
116 PK_Verifier verifier(key,
"Pure");
118 verifier.update(payload);
119 return verifier.check_signature(signature.data(), signature.size());
122std::array<uint8_t, 64> hashLeaf(
const std::array<uint8_t, 64>& leaf)
124 std::array<uint8_t, 64> ret;
127 hash->update(leaf.data(), leaf.size());
128 hash->final(ret.data());
132void hashNode(std::array<uint8_t, 64>&
hash,
const std::array<uint8_t, 64>& node,
bool reverse)
138 h->update(node.data(), node.size());
139 h->update(
hash.data(),
hash.size());
143 h->update(
hash.data(),
hash.size());
144 h->update(node.data(), node.size());
146 h->final(
hash.data());
149template<
size_t N,
typename T>
150std::array<uint8_t, N> vector_to_array(std::vector<uint8_t,T> vec)
153 {
throw std::logic_error(
"Invalid vector size"); }
154 return typecast_copy<std::array<uint8_t, N>>(vec.data());
162 if(nonce.size() != 64)
164 m_nonce = typecast_copy<std::array<uint8_t, 64>>(nonce.data());
168 rng.
randomize(m_nonce.data(), m_nonce.size());
173 std::array<uint8_t, request_min_size> buf = {{2, 0, 0, 0, 64, 0, 0, 0,
'N',
'O',
'N',
'C',
'P',
'A',
'D', 0xff}};
175 std::memset(buf.data() + 16 + nonce.
get_nonce().size(), 0, buf.size() - 16 - nonce.
get_nonce().size());
182 const auto response_v = unpack_roughtime_packet(response);
183 const auto cert = unpack_roughtime_packet(get_v(response_v,
"CERT"));
184 const auto cert_dele = get<std::array<uint8_t, 72>>(cert,
"DELE");
185 const auto cert_sig = get<std::array<uint8_t, 64>>(cert,
"SIG");
186 const auto cert_dele_v = unpack_roughtime_packet(cert_dele);
187 const auto srep = get_v(response_v,
"SREP");
188 const auto srep_v = unpack_roughtime_packet(srep);
190 const auto cert_dele_pubk = get<std::array<uint8_t, 32>>(cert_dele_v,
"PUBK");
191 const auto sig = get<std::array<uint8_t, 64>>(response_v,
"SIG");
192 if(!verify_signature(cert_dele_pubk, srep, sig))
195 const auto indx = get<uint32_t>(response_v,
"INDX");
196 const auto path = get_v(response_v,
"PATH");
197 const auto srep_root = get<std::array<uint8_t, 64>>(srep_v,
"ROOT");
198 const auto size = path.size();
199 const auto levels = size/64;
202 {
throw Roughtime_Error(
"Merkle tree path size must be multiple of 64 bytes"); }
203 if(indx >= (1u << levels))
209 while(level < levels)
211 hashNode(
hash,
typecast_copy<std::array<uint8_t, 64>>(path.data() + level*64), index&1);
216 if(srep_root !=
hash)
219 const auto cert_dele_maxt =
sys_microseconds64(get<microseconds64>(cert_dele_v,
"MAXT"));
220 const auto cert_dele_mint =
sys_microseconds64(get<microseconds64>(cert_dele_v,
"MINT"));
222 const auto srep_radi = get<microseconds32>(srep_v,
"RADI");
223 if(srep_midp < cert_dele_mint)
225 if(srep_midp > cert_dele_maxt)
227 return {cert_dele, cert_sig, srep_midp, srep_radi};
232 const char context[] =
"RoughTime v1 delegation signature--";
235 verifier.
update(m_cert_dele.data(), m_cert_dele.size());
242 std::array<uint8_t, 64> ret;
243 const auto blind_arr = blind.
get_nonce();
245 hash->update(previous_response);
247 hash->update(blind_arr.data(), blind_arr.size());
248 hash->final(ret.data());
255 std::stringstream ss(str);
256 const std::string ERROR_MESSAGE =
"Line does not have 4 space separated fields";
257 for(std::string s; std::getline(ss, s);)
259 size_t start = 0, end = 0;
260 end = s.find(
' ', start);
261 if(end == std::string::npos)
265 const auto publicKeyType = s.substr(start, end-start);
266 if(publicKeyType !=
"ed25519")
267 {
throw Not_Implemented(
"Only ed25519 publicKeyType is implemented"); }
270 end = s.find(
' ', start);
271 if(end == std::string::npos)
278 end = s.find(
' ', start);
279 if(end == std::string::npos)
283 if((end - start) != 88)
291 end = s.find(
' ', start);
292 if(end != std::string::npos)
298 m_links.push_back({response, serverPublicKey, nonceOrBlind});
304 for(
unsigned i = 0; i < m_links.size(); ++i)
306 const auto& l = m_links[i];
307 const auto nonce = i ?
nonce_from_blind(m_links[i-1].response(), l.nonce_or_blind()) : l.nonce_or_blind();
309 if(!response.validate(l.public_key()))
317 return m_links.empty()
323 if(max_chain_size <= 0)
326 while(m_links.size() >= max_chain_size)
328 if(m_links.size() == 1)
330 auto new_link_updated = new_link;
334 m_links.push_back(new_link_updated);
337 if(m_links.size() >= 2)
339 m_links[1].nonce_or_blind() =
342 m_links.erase(m_links.begin());
344 m_links.push_back(new_link);
350 s.reserve((7+1 + 88+1 + 44+1 + 480)*m_links.size());
351 for(
const auto& link : m_links)
357 s +=
Botan::base64_encode(link.nonce_or_blind().get_nonce().data(), link.nonce_or_blind().get_nonce().size());
367 std::chrono::milliseconds timeout)
369 const std::chrono::system_clock::time_point start_time = std::chrono::system_clock::now();
375 socket->write(encoded.data(), encoded.size());
377 if(std::chrono::system_clock::now() - start_time > timeout)
380 std::vector<uint8_t> buffer;
381 buffer.resize(360+64*10+1);
383 const auto n = socket->read(buffer.data(), buffer.size());
385 if(!n || std::chrono::system_clock::now() - start_time > timeout)
388 if(n == buffer.size())
397 std::vector<Server_Information> servers;
398 std::stringstream ss(str);
399 const std::string ERROR_MESSAGE =
"Line does not have at least 5 space separated fields";
400 for(std::string s; std::getline(ss, s);)
402 size_t start = 0, end = 0;
403 end = s.find(
' ', start);
404 if(end == std::string::npos)
408 const auto name = s.substr(start, end-start);
411 end = s.find(
' ', start);
412 if(end == std::string::npos)
416 const auto publicKeyType = s.substr(start, end-start);
417 if(publicKeyType !=
"ed25519")
418 {
throw Not_Implemented(
"Only ed25519 publicKeyType is implemented"); }
421 end = s.find(
' ', start);
423 if(end == std::string::npos)
427 const auto publicKeyBase64 = s.substr(start, end-start);
431 end = s.find(
' ', start);
432 if(end == std::string::npos)
436 const auto protocol = s.substr(start, end-start);
437 if(protocol !=
"udp")
440 const auto addresses = [&]()
442 std::vector<std::string> addr;
446 end = s.find(
' ', start);
447 const auto address = s.substr(start, (end == std::string::npos) ? std::string::npos : end-start);
450 addr.push_back(address);
451 if(end == std::string::npos)
456 if(addresses.size() == 0)
461 servers.push_back({
name, publicKey, std::move(addresses)});
static std::unique_ptr< HashFunction > create_or_throw(const std::string &algo_spec, const std::string &provider="")
bool check_signature(const uint8_t sig[], size_t length)
virtual void randomize(uint8_t output[], size_t length)=0
void append(const Link &new_link, size_t max_chain_size)
std::string to_string() const
Nonce next_nonce(const Nonce &blind) const
std::vector< Response > responses() const
const Nonce & nonce_or_blind() const
const std::array< uint8_t, 64 > & get_nonce() const
std::chrono::time_point< std::chrono::system_clock, microseconds64 > sys_microseconds64
static Response from_bits(const std::vector< uint8_t > &response, const Nonce &nonce)
bool validate(const Ed25519_PublicKey &pk) const
std::unique_ptr< SocketUDP > BOTAN_TEST_API open_socket_udp(const std::string &hostname, const std::string &service, std::chrono::microseconds timeout)
std::vector< uint8_t > online_request(const std::string &uri, const Nonce &nonce, std::chrono::milliseconds timeout)
std::vector< Server_Information > servers_from_str(const std::string &str)
Nonce nonce_from_blind(const std::vector< uint8_t > &previous_response, const Nonce &blind)
std::array< uint8_t, request_min_size > encode_request(const Nonce &nonce)
const unsigned request_min_size
size_t base64_encode(char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
size_t base64_decode(uint8_t out[], const char in[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
std::vector< T > unlock(const secure_vector< T > &in)
void typecast_copy(uint8_t out[], T in[], size_t N)
const char * cast_uint8_ptr_to_char(const uint8_t *b)
const uint8_t * cast_char_ptr_to_uint8(const char *s)