# # # patch "automate.cc" # from [f5346015ff3be6ba43e294b9dc2a8d07884a9ff3] # to [11dc2a4d6f555a968665f7af2e366f257f512de3] # # patch "database.cc" # from [0cfd4588fec0a128a97e4aa393d42313622f17ea] # to [f7485d52c7eaf3eb9aea993ff5f0fa19641f7ea0] # # patch "database.hh" # from [350c0e0a3aee21669e46bf151a194ddec467052e] # to [52aca5e21d51c9df75f502cc598035e6f97126b5] # # patch "git_export.cc" # from [2d2c9e39825bb7b6e4fa6992b99c3121d95bb5dc] # to [07d295bfe25f63a2181e146a6ec0ca282b344493] # # patch "netcmd.cc" # from [0c56fd7f8c57093b24b03fad157db98ddd60aed6] # to [303dbc50dc5e0ab9e0eb381d1faad7fbab1c592c] # # patch "netcmd.hh" # from [7ae6803e6f436b4fcf76f26c29a6f1b62234545a] # to [4decd554ca4929c866998c3069b4bd2b0417661c] # # patch "netsync.cc" # from [fb07ceb02260250d7f15255ff362e79bddba60bd] # to [7b48f2ea1e68a9d4e9a9e647b80e89492eb03cc6] # # patch "options_list.hh" # from [e401fd89ec9c48336dcd009a59424b8eb3b39b97] # to [655c32bd3e97758d8cf2fad476ad2874c97a8dca] # ============================================================ --- automate.cc f5346015ff3be6ba43e294b9dc2a8d07884a9ff3 +++ automate.cc 11dc2a4d6f555a968665f7af2e366f257f512de3 @@ -1736,7 +1736,7 @@ CMD_AUTOMATE(tags, N_("[BRANCH_PATTERN]" basic_io::stanza stz; stz.push_str_pair(symbol("tag"), tag->name()); stz.push_binary_pair(symbol("revision"), tag->ident.inner()); - stz.push_str_pair(symbol("signer"), tag->key()); + stz.push_binary_pair(symbol("signer"), tag->key.inner()); stz.push_str_multi(symbol("branches"), branch_names); prt.print_stanza(stz); } @@ -1797,7 +1797,7 @@ CMD_AUTOMATE(genkey, N_("KEYID PASSPHRAS utf8 passphrase = idx(args, 1); - id hash; + key_id hash; keys.create_key_pair(db, ident, &passphrase, &hash); basic_io::printer prt; @@ -1809,7 +1809,7 @@ CMD_AUTOMATE(genkey, N_("KEYID PASSPHRAS privlocs.push_back("keystore"); stz.push_str_pair(syms::name, ident()); - stz.push_binary_pair(syms::hash, hash); + stz.push_binary_pair(syms::hash, hash.inner()); stz.push_str_multi(syms::public_location, publocs); stz.push_str_multi(syms::private_location, privlocs); prt.print_stanza(stz); @@ -2104,15 +2104,15 @@ CMD_AUTOMATE(cert, N_("REVISION-ID NAME database db(app); key_store keys(app); + project_t project(db); hexenc hrid(idx(args, 0)(), origin::user); revision_id rid(decode_hexenc_as(hrid(), origin::user)); E(db.revision_exists(rid), origin::user, F("no such revision '%s'") % hrid); - cache_user_key(app.opts, app.lua, db, keys); + cache_user_key(app.opts, app.lua, db, keys, project); - project_t project(db); project.put_cert(keys, rid, typecast_vocab(idx(args, 1)), typecast_vocab(idx(args, 2))); ============================================================ --- database.cc 0cfd4588fec0a128a97e4aa393d42313622f17ea +++ database.cc f7485d52c7eaf3eb9aea993ff5f0fa19641f7ea0 @@ -2936,14 +2936,14 @@ void } void -database::get_pubkey(id const & hash, +database::get_pubkey(key_id const & hash, key_name & id, rsa_pub_key & pub) { results res; imp->fetch(res, 2, one_row, query("SELECT id, keydata FROM public_keys WHERE hash = ?") - % blob(hash())); + % blob(hash.inner()())); id = key_name(res[0][0], origin::database); pub = rsa_pub_key(res[0][1], origin::database); } @@ -3343,14 +3343,14 @@ database::get_revision_cert_nobranch_ind outdated_indicator database::get_revision_cert_nobranch_index(vector< pair > > & idx) + pair > > & idx) { // share some storage id::symtab id_syms; results res; imp->fetch(res, 3, any_rows, - query("SELECT hash, id, keypair " + query("SELECT hash, id, keypair_id " "FROM 'revision_certs' WHERE name != 'branch'")); idx.clear(); @@ -3359,7 +3359,7 @@ database::get_revision_cert_nobranch_ind { idx.push_back(make_pair(revision_id((*i)[0], origin::database), make_pair(revision_id((*i)[1], origin::database), - key_name((*i)[2], origin::database)))); + key_id((*i)[2], origin::database)))); } return imp->cert_stamper.get_indicator(); } ============================================================ --- database.hh 350c0e0a3aee21669e46bf151a194ddec467052e +++ database.hh 52aca5e21d51c9df75f502cc598035e6f97126b5 @@ -237,7 +237,7 @@ public: bool public_key_exists(key_id const & hash); bool public_key_exists(key_name const & ident); - void get_pubkey(id const & hash, + void get_pubkey(key_id const & hash, key_name & ident, rsa_pub_key & pub); @@ -269,7 +269,7 @@ public: // this variant has to be rather coarse and fast, for netsync's use outdated_indicator get_revision_cert_nobranch_index(std::vector< std::pair > > & idx); + std::pair > > & idx); // Only used by database_check.cc outdated_indicator get_revision_certs(std::vector & certs); ============================================================ --- git_export.cc 2d2c9e39825bb7b6e4fa6992b99c3121d95bb5dc +++ git_export.cc 07d295bfe25f63a2181e146a6ec0ca282b344493 @@ -254,7 +254,7 @@ export_changes(database & db, if (author != authors.end()) { author_name = trim(author->value()); - author_key = trim(author->key()); + author_key = trim(author->key.inner()()); } // all monotone keys and authors that don't follow the "Name " ============================================================ --- netcmd.cc 0c56fd7f8c57093b24b03fad157db98ddd60aed6 +++ netcmd.cc 303dbc50dc5e0ab9e0eb381d1faad7fbab1c592c @@ -303,7 +303,7 @@ netcmd::read_auth_cmd(protocol_role & ro netcmd::read_auth_cmd(protocol_role & role, globish & include_pattern, globish & exclude_pattern, - id & client, + key_id & client, id & nonce1, rsa_oaep_sha_data & hmac_key_encrypted, rsa_sha1_signature & signature) const @@ -325,10 +325,10 @@ netcmd::read_auth_cmd(protocol_role & ro extract_variable_length_string(payload, pattern_string, pos, "auth(hmac) netcmd, exclude_pattern"); exclude_pattern = globish(pattern_string, origin::network); - client = id(extract_substring(payload, pos, - constants::merkle_hash_length_in_bytes, - "auth(hmac) netcmd, client identifier"), - origin::network); + client = key_id(extract_substring(payload, pos, + constants::merkle_hash_length_in_bytes, + "auth(hmac) netcmd, client identifier"), + origin::network); nonce1 = id(extract_substring(payload, pos, constants::merkle_hash_length_in_bytes, "auth(hmac) netcmd, nonce1"), @@ -348,18 +348,18 @@ netcmd::write_auth_cmd(protocol_role rol netcmd::write_auth_cmd(protocol_role role, globish const & include_pattern, globish const & exclude_pattern, - id const & client, + key_id const & client, id const & nonce1, rsa_oaep_sha_data const & hmac_key_encrypted, rsa_sha1_signature const & signature) { cmd_code = auth_cmd; - I(client().size() == constants::merkle_hash_length_in_bytes); + I(client.inner()().size() == constants::merkle_hash_length_in_bytes); I(nonce1().size() == constants::merkle_hash_length_in_bytes); payload += static_cast(role); insert_variable_length_string(include_pattern(), payload); insert_variable_length_string(exclude_pattern(), payload); - payload += client(); + payload += client.inner()(); payload += nonce1(); insert_variable_length_string(hmac_key_encrypted(), payload); insert_variable_length_string(signature(), payload); ============================================================ --- netcmd.hh 7ae6803e6f436b4fcf76f26c29a6f1b62234545a +++ netcmd.hh 4decd554ca4929c866998c3069b4bd2b0417661c @@ -138,14 +138,14 @@ public: void read_auth_cmd(protocol_role & role, globish & include_pattern, globish & exclude_pattern, - id & client, + key_id & client, id & nonce1, rsa_oaep_sha_data & hmac_key_encrypted, rsa_sha1_signature & signature) const; void write_auth_cmd(protocol_role role, globish const & include_pattern, globish const & exclude_pattern, - id const & client, + key_id const & client, id const & nonce1, rsa_oaep_sha_data const & hmac_key_encrypted, rsa_sha1_signature const & signature); ============================================================ --- netsync.cc fb07ceb02260250d7f15255ff362e79bddba60bd +++ netsync.cc 7b48f2ea1e68a9d4e9a9e647b80e89492eb03cc6 @@ -631,8 +631,8 @@ session: key_store & keys; lua_hooks & lua; bool use_transport_auth; - key_name const & signing_key; - vector const & keys_to_push; + key_id const & signing_key; + vector keys_to_push; netcmd cmd; bool armed; @@ -641,7 +641,7 @@ private: private: bool received_remote_key; - key_name remote_peer_key_name; + key_id remote_peer_key_id; netsync_session_key session_key; chained_hmac read_hmac; chained_hmac write_hmac; @@ -665,12 +665,12 @@ private: // These are read from the server, written to the local database vector written_revisions; - vector written_keys; + vector written_keys; vector written_certs; // These are sent to the server vector sent_revisions; - vector sent_keys; + vector sent_keys; vector sent_certs; id saved_nonce; @@ -769,7 +769,7 @@ private: void queue_auth_cmd(protocol_role role, globish const & include_pattern, globish const & exclude_pattern, - id const & client, + key_id const & client, id const & nonce1, id const & nonce2, rsa_sha1_signature const & signature); @@ -795,7 +795,7 @@ private: bool process_auth_cmd(protocol_role role, globish const & their_include_pattern, globish const & their_exclude_pattern, - id const & client, + key_id const & client, id const & nonce1, rsa_sha1_signature const & signature); bool process_refine_cmd(refinement_type ty, merkle_node const & node); @@ -856,10 +856,8 @@ session::session(options & opts, lua(lua), use_transport_auth(opts.use_transport_auth), signing_key(keys.signing_key), - keys_to_push(opts.keys_to_push), armed(false), received_remote_key(false), - remote_peer_key_name(""), session_key(constants::netsync_key_initializer), read_hmac(netsync_session_key(constants::netsync_key_initializer), use_transport_auth), @@ -886,7 +884,15 @@ session::session(options & opts, rev_refiner(revision_item, voice, *this), rev_enumerator(project, *this), initiated_by_server(initiated_by_server) -{} +{ + for (vector::const_iterator i = opts.keys_to_push.begin(); + i != opts.keys_to_push.end(); ++i) + { + key_id ident; + project.lookup_key_by_name(*i, ident); + keys_to_push.push_back(ident); + } +} session::~session() { @@ -920,7 +926,7 @@ session::~session() { //Keys - for (vector::iterator i = written_keys.begin(); + for (vector::iterator i = written_keys.begin(); i != written_keys.end(); ++i) { lua.hook_note_netsync_pubkey_received(*i, session_id); @@ -931,7 +937,7 @@ session::~session() i != written_revisions.end(); ++i) { vector & ctmp(rev_written_certs[*i]); - set > > certs; + set > > certs; for (vector::const_iterator j = ctmp.begin(); j != ctmp.end(); ++j) certs.insert(make_pair(j->key, make_pair(j->name, j->value))); @@ -971,7 +977,7 @@ session::~session() } //Keys - for (vector::iterator i = sent_keys.begin(); + for (vector::iterator i = sent_keys.begin(); i != sent_keys.end(); ++i) { lua.hook_note_netsync_pubkey_sent(*i, session_id); @@ -982,7 +988,7 @@ session::~session() i != sent_revisions.end(); ++i) { vector & ctmp(rev_sent_certs[*i]); - set > > certs; + set > > certs; for (vector::const_iterator j = ctmp.begin(); j != ctmp.end(); ++j) certs.insert(make_pair(j->key, make_pair(j->name, j->value))); @@ -1431,7 +1437,7 @@ session::queue_anonymous_cmd(protocol_ro netcmd cmd; rsa_oaep_sha_data hmac_key_encrypted; if (use_transport_auth) - project.db.encrypt_rsa(remote_peer_key_name, nonce2(), hmac_key_encrypted); + project.db.encrypt_rsa(remote_peer_key_id, nonce2(), hmac_key_encrypted); cmd.write_anonymous_cmd(role, include_pattern, exclude_pattern, hmac_key_encrypted); write_netcmd_and_try_flush(cmd); @@ -1442,7 +1448,7 @@ session::queue_auth_cmd(protocol_role ro session::queue_auth_cmd(protocol_role role, globish const & include_pattern, globish const & exclude_pattern, - id const & client, + key_id const & client, id const & nonce1, id const & nonce2, rsa_sha1_signature const & signature) @@ -1450,7 +1456,7 @@ session::queue_auth_cmd(protocol_role ro netcmd cmd; rsa_oaep_sha_data hmac_key_encrypted; I(use_transport_auth); - project.db.encrypt_rsa(remote_peer_key_name, nonce2(), hmac_key_encrypted); + project.db.encrypt_rsa(remote_peer_key_id, nonce2(), hmac_key_encrypted); cmd.write_auth_cmd(role, include_pattern, exclude_pattern, client, nonce1, hmac_key_encrypted, signature); write_netcmd_and_try_flush(cmd); @@ -1587,12 +1593,12 @@ session::process_hello_cmd(key_name cons if (use_transport_auth) { - id their_key_hash; + key_id their_key_hash; key_hash_code(their_keyname, their_key, their_key_hash); var_value printable_key_hash; { hexenc encoded_key_hash; - encode_hexenc(their_key_hash, encoded_key_hash); + encode_hexenc(their_key_hash.inner(), encoded_key_hash); printable_key_hash = typecast_vocab(encoded_key_hash); } L(FL("server key has name %s, hash %s") @@ -1629,23 +1635,8 @@ session::process_hello_cmd(key_name cons project.db.set_var(their_key_key, printable_key_hash); } - if (project.db.public_key_exists(their_keyname)) + if (!project.db.public_key_exists(their_key_hash)) { - rsa_pub_key tmp; - project.db.get_key(their_keyname, tmp); - - E(keys_match(their_keyname, tmp, their_keyname, their_key), - origin::network, - F("the server sent a key with the key id '%s'\n" - "which is already in use in your database. you may want to execute\n" - " %s dropkey %s\n" - "on your local database before you run this command again,\n" - "assuming that key currently present in your database does NOT have\n" - "a private counterpart (or in other words, is one of YOUR keys)") - % their_keyname % prog_name % their_keyname); - } - else - { // this should now always return true since we just checked // for the existence of this particular key I(project.db.put_key(their_keyname, their_key)); @@ -1663,7 +1654,7 @@ session::process_hello_cmd(key_name cons // save their identity this->received_remote_key = true; - this->remote_peer_key_name = their_keyname; + this->remote_peer_key_id = their_key_hash; } // clients always include in the synchronization set, every branch that the @@ -1681,7 +1672,7 @@ session::process_hello_cmd(key_name cons if (!initiated_by_server) setup_client_tickers(); - if (use_transport_auth && signing_key() != "") + if (use_transport_auth && signing_key.inner()() != "") { // get our key pair load_key_pair(keys, signing_key); @@ -1691,15 +1682,9 @@ session::process_hello_cmd(key_name cons rsa_sha1_signature sig; keys.make_signature(project.db, signing_key, nonce(), sig); - // get the hash identifier for our pubkey - rsa_pub_key our_pub; - project.db.get_key(signing_key, our_pub); - id our_key_hash_raw; - key_hash_code(signing_key, our_pub, our_key_hash_raw); - // make a new nonce of our own and send off the 'auth' queue_auth_cmd(this->role, our_include_pattern, our_exclude_pattern, - our_key_hash_raw, nonce, mk_nonce(), sig); + signing_key, nonce, mk_nonce(), sig); } else { @@ -1792,7 +1777,7 @@ session::process_anonymous_cmd(protocol_ rebuild_merkle_trees(ok_branches); - this->remote_peer_key_name = key_name(""); + this->remote_peer_key_id = key_id(); this->authenticated = true; return true; } @@ -1823,7 +1808,7 @@ session::process_auth_cmd(protocol_role session::process_auth_cmd(protocol_role their_role, globish const & their_include_pattern, globish const & their_exclude_pattern, - id const & client, + key_id const & client, id const & nonce1, rsa_sha1_signature const & signature) { @@ -1907,7 +1892,7 @@ session::process_auth_cmd(protocol_role { if (their_matcher((*i)())) { - if (!lua.hook_get_netsync_read_permitted((*i)(), their_id)) + if (!lua.hook_get_netsync_read_permitted((*i)(), client)) { error(not_permitted, (F("denied '%s' read permission for '%s' excluding '%s' because of branch '%s'") @@ -1935,7 +1920,7 @@ session::process_auth_cmd(protocol_role % their_id % their_include_pattern % their_exclude_pattern).str()); } - if (!lua.hook_get_netsync_write_permitted(their_id)) + if (!lua.hook_get_netsync_write_permitted(client)) { this->saved_nonce = id(""); error(not_permitted, @@ -1952,12 +1937,12 @@ session::process_auth_cmd(protocol_role this->received_remote_key = true; // Check the signature. - if (project.db.check_signature(their_id, nonce1(), signature) == cert_ok) + if (project.db.check_signature(client, nonce1(), signature) == cert_ok) { // Get our private key and sign back. L(FL("client signature OK, accepting authentication")); this->authenticated = true; - this->remote_peer_key_name = their_id; + this->remote_peer_key_id = client; assume_corresponding_role(their_role); return true; @@ -2135,7 +2120,7 @@ session::data_exists(netcmd_item_type ty { case key_item: return key_refiner.local_item_exists(item) - || project.db.public_key_exists(item); + || project.db.public_key_exists(key_id(item)); case file_item: return project.db.file_version_exists(file_id(item)); case revision_item: @@ -2158,12 +2143,10 @@ session::load_data(netcmd_item_type type { string typestr; netcmd_item_type_to_string(type, typestr); - hexenc hitem; - encode_hexenc(item, hitem); if (!data_exists(type, item)) throw bad_decode(F("%s with hash '%s' does not exist in our database") - % typestr % hitem()); + % typestr % item); switch (type) { @@ -2179,10 +2162,10 @@ session::load_data(netcmd_item_type type { key_name keyid; rsa_pub_key pub; - project.db.get_pubkey(item, keyid, pub); - L(FL("public key '%s' is also called '%s'") % hitem() % keyid); + project.db.get_pubkey(key_id(item), keyid, pub); + L(FL("public key '%s' is also called '%s'") % item % keyid); write_pubkey(keyid, pub, out); - sent_keys.push_back(keyid); + sent_keys.push_back(key_id(item)); } break; @@ -2284,9 +2267,9 @@ session::process_data_cmd(netcmd_item_ty key_name keyid; rsa_pub_key pub; read_pubkey(dat, keyid, pub); - id tmp; + key_id tmp; key_hash_code(keyid, pub, tmp); - if (! (tmp == item)) + if (! (tmp.inner() == item)) { throw bad_decode(F("hash check failed for public key '%s' (%s);" " wanted '%s' got '%s'") @@ -2294,7 +2277,7 @@ session::process_data_cmd(netcmd_item_ty % tmp); } if (project.db.put_key(keyid, pub)) - written_keys.push_back(keyid); + written_keys.push_back(key_id(item)); else error(partial_transfer, (F("Received duplicate key %s") % keyid).str()); @@ -2482,22 +2465,18 @@ session::dispatch_payload(netcmd const & protocol_role role; rsa_sha1_signature signature; globish their_include_pattern, their_exclude_pattern; - id client, nonce1, nonce2; + key_id client; + id nonce1, nonce2; rsa_oaep_sha_data hmac_key_encrypted; cmd.read_auth_cmd(role, their_include_pattern, their_exclude_pattern, client, nonce1, hmac_key_encrypted, signature); - hexenc their_key_hash; - encode_hexenc(client, their_key_hash); - hexenc hnonce1; - encode_hexenc(nonce1, hnonce1); - L(FL("received 'auth(hmac)' netcmd from client '%s' for pattern '%s' " "exclude '%s' in %s mode with nonce1 '%s'\n") - % their_key_hash % their_include_pattern % their_exclude_pattern + % client % their_include_pattern % their_exclude_pattern % (role == source_and_sink_role ? _("source and sink") : (role == source_role ? _("source") : _("sink"))) - % hnonce1); + % nonce1); set_session_key(hmac_key_encrypted); @@ -2588,10 +2567,11 @@ session::begin_service() void session::begin_service() { + key_name name; keypair kp; if (use_transport_auth) - keys.get_key_pair(signing_key, kp); - queue_hello_cmd(signing_key, kp.pub, mk_nonce()); + keys.get_key_pair(signing_key, name, kp); + queue_hello_cmd(name, kp.pub, mk_nonce()); } void @@ -3366,7 +3346,7 @@ session::rebuild_merkle_trees(set revision_ids; - set inserted_keys; + set inserted_keys; { for (set::const_iterator i = branchnames.begin(); @@ -3424,7 +3404,7 @@ session::rebuild_merkle_trees(set > > cert_idx; + pair > > cert_idx; cert_idx idx; project.db.get_revision_cert_nobranch_index(idx); @@ -3436,7 +3416,7 @@ session::rebuild_merkle_trees(setfirst; revision_id const & ident = i->second.first; - key_name const & key = i->second.second; + key_id const & key = i->second.second; rev_enumerator.note_cert(ident, hash.inner()); @@ -3451,7 +3431,7 @@ session::rebuild_merkle_trees(set::const_iterator key + for (vector::const_iterator key = keys_to_push.begin(); key != keys_to_push.end(); ++key) { @@ -3459,9 +3439,10 @@ session::rebuild_merkle_trees(set::const_iterator key = inserted_keys.begin(); + for (set::const_iterator key = inserted_keys.begin(); key != inserted_keys.end(); key++) { if (project.db.public_key_exists(*key)) { - rsa_pub_key pub; - project.db.get_key(*key, pub); - key_id keyhash; - key_hash_code(*key, pub, keyhash); - if (global_sanity.debug_p()) - L(FL("noting key '%s' = '%s' to send") - % *key - % keyhash); + L(FL("noting key '%s' to send") + % *key); - key_refiner.note_local_item(keyhash.inner()); + key_refiner.note_local_item(key->inner()); ++keys_ticker; } } ============================================================ --- options_list.hh e401fd89ec9c48336dcd009a59424b8eb3b39b97 +++ options_list.hh 655c32bd3e97758d8cf2fad476ad2874c97a8dca @@ -407,7 +407,7 @@ OPTION(globals, key_dir, true, "keydir", } #endif -OPTVAR(key_to_push, std::vector, keys_to_push, ) +OPTVAR(key_to_push, std::vector, keys_to_push, ) OPTION(key_to_push, key_to_push, true, "key-to-push", gettext_noop("push the specified key even if it hasn't signed anything")) #ifdef option_bodies