diff options
| author | Joe Crayne <joe@jerkface.net> | 2020-05-03 15:22:03 -0400 |
|---|---|---|
| committer | Joe Crayne <joe@jerkface.net> | 2020-05-03 15:22:03 -0400 |
| commit | 7920977b5cadd936756865bceb39758f10e46346 (patch) | |
| tree | 5babcf94bd043ac61fa23efe95de1c460602984a | |
| parent | 24cdfd9a26ba1617765cad4ab36967d9cede714c (diff) | |
Added cryptonomic.net to --autosign and --import-if-authentic.
WARNING: UNTESTED. This was quick and dirty and affects security
critical code. Needs a little more attention.
| -rw-r--r-- | lib/Transforms.hs | 31 |
1 files changed, 25 insertions, 6 deletions
diff --git a/lib/Transforms.hs b/lib/Transforms.hs index 8adf6af..7e4d288 100644 --- a/lib/Transforms.hs +++ b/lib/Transforms.hs | |||
| @@ -29,7 +29,7 @@ import qualified Data.ByteString.Lazy.Char8 as Char8 | |||
| 29 | import qualified Data.Map.Strict as Map | 29 | import qualified Data.Map.Strict as Map |
| 30 | import qualified Data.ByteString.Char8 as S8 | 30 | import qualified Data.ByteString.Char8 as S8 |
| 31 | import Data.ByteArray.Encoding | 31 | import Data.ByteArray.Encoding |
| 32 | import qualified Crypto.Hash as Vincent | 32 | import qualified Crypto.Hash as C |
| 33 | import Data.ByteArray (convert) | 33 | import Data.ByteArray (convert) |
| 34 | import Data.ASN1.BinaryEncoding ( DER(..) ) | 34 | import Data.ASN1.BinaryEncoding ( DER(..) ) |
| 35 | import Data.ASN1.Types (toASN1, ASN1Object, fromASN1, ASN1(Start, End, IntVal), ASN1ConstructionType(Sequence) ) | 35 | import Data.ASN1.Types (toASN1, ASN1Object, fromASN1, ASN1(Start, End, IntVal), ASN1ConstructionType(Sequence) ) |
| @@ -39,6 +39,7 @@ import qualified Data.Text as T ( Text, unpack, pack, | |||
| 39 | strip, reverse, drop, break, dropAround, length, breakOn ) | 39 | strip, reverse, drop, break, dropAround, length, breakOn ) |
| 40 | import Data.Text.Encoding ( encodeUtf8 ) | 40 | import Data.Text.Encoding ( encodeUtf8 ) |
| 41 | import Data.Bits ((.|.), (.&.), Bits) | 41 | import Data.Bits ((.|.), (.&.), Bits) |
| 42 | import qualified SSHKey as SSH | ||
| 42 | 43 | ||
| 43 | 44 | ||
| 44 | data KeyRingRuntime = KeyRingRuntime | 45 | data KeyRingRuntime = KeyRingRuntime |
| @@ -523,7 +524,7 @@ derToBase32 :: L.ByteString -> String | |||
| 523 | derToBase32 = map toLower . base32 . sha1 | 524 | derToBase32 = map toLower . base32 . sha1 |
| 524 | where | 525 | where |
| 525 | sha1 :: L.ByteString -> S.ByteString | 526 | sha1 :: L.ByteString -> S.ByteString |
| 526 | sha1 x = convert (Vincent.hashlazy x :: Vincent.Digest Vincent.SHA1) | 527 | sha1 x = convert (C.hashlazy x :: C.Digest C.SHA1) |
| 527 | base32 = S8.unpack . convertToBase Base32 | 528 | base32 = S8.unpack . convertToBase Base32 |
| 528 | 529 | ||
| 529 | derRSA :: Packet -> Maybe L.ByteString | 530 | derRSA :: Packet -> Maybe L.ByteString |
| @@ -776,10 +777,13 @@ parseUID str = UserIDRecord { | |||
| 776 | 777 | ||
| 777 | selfAuthenticated :: OriginMapped Packet -> KeyData -> UidString -> Bool | 778 | selfAuthenticated :: OriginMapped Packet -> KeyData -> UidString -> Bool |
| 778 | selfAuthenticated k kd (UidString str) = | 779 | selfAuthenticated k kd (UidString str) = |
| 779 | and [ uid_topdomain parsed == "onion" | 780 | and [ uid_realname parsed `elem` ["","Anonymous"] |
| 780 | , uid_realname parsed `elem` ["","Anonymous"] | ||
| 781 | , uid_user parsed == "root" | 781 | , uid_user parsed == "root" |
| 782 | , fmap match torSubdom == Just True | 782 | , ( uid_topdomain parsed == "onion" |
| 783 | && fmap match torSubdom == Just True ) | ||
| 784 | || | ||
| 785 | ( uid_topdomain parsed == "ssh-rsa.cryptonomic.net" | ||
| 786 | && fmap match sshSubdom == Just True ) | ||
| 783 | ] | 787 | ] |
| 784 | where | 788 | where |
| 785 | parsed = parseUID str | 789 | parsed = parseUID str |
| @@ -787,8 +791,11 @@ selfAuthenticated k kd (UidString str) = | |||
| 787 | len = T.length (uid_subdomain parsed) | 791 | len = T.length (uid_subdomain parsed) |
| 788 | subdom0 = L.fromChunks [encodeUtf8 (uid_subdomain parsed)] | 792 | subdom0 = L.fromChunks [encodeUtf8 (uid_subdomain parsed)] |
| 789 | subdom = Char8.unpack subdom0 | 793 | subdom = Char8.unpack subdom0 |
| 794 | keys = map packet $ flattenTop "" True kd | ||
| 790 | torSubdom = fst <$> lookup (packet k) torbindings | 795 | torSubdom = fst <$> lookup (packet k) torbindings |
| 791 | torbindings = getTorKeys (map packet $ flattenTop "" True kd) | 796 | torbindings = getTorKeys keys |
| 797 | sshSubdom = fst <$> lookup (packet k) hostbindings | ||
| 798 | hostbindings = getHostKeys keys | ||
| 792 | 799 | ||
| 793 | getTorKeys :: [Packet] -> [(Packet, (String, Packet))] | 800 | getTorKeys :: [Packet] -> [(Packet, (String, Packet))] |
| 794 | getTorKeys pub = do | 801 | getTorKeys pub = do |
| @@ -798,6 +805,18 @@ getTorKeys pub = do | |||
| 798 | let torhash = fromMaybe "" $ derToBase32 <$> derRSA sub | 805 | let torhash = fromMaybe "" $ derToBase32 <$> derRSA sub |
| 799 | return (top,(torhash,sub)) | 806 | return (top,(torhash,sub)) |
| 800 | 807 | ||
| 808 | getHostKeys :: [Packet] -> [(Packet, (String, Packet))] | ||
| 809 | getHostKeys pub = do | ||
| 810 | xs <- groupBindings pub | ||
| 811 | (_,(top,sub),us,_,_) <- xs | ||
| 812 | guard ("ssh-host" `elem` us) | ||
| 813 | RSAKey (MPI n) (MPI e) <- maybeToList $ rsaKeyFromPacket sub | ||
| 814 | let blob = SSH.sshrsa e n | ||
| 815 | sha1 = C.hashlazy blob :: C.Digest C.SHA1 | ||
| 816 | subdomain = convertToBase Base16 sha1 | ||
| 817 | return (top,(S8.unpack subdomain,sub)) | ||
| 818 | |||
| 819 | |||
| 801 | groupBindings :: [Packet] -> [[(Word8, (Packet, Packet), [String], [SignatureSubpacket], [Packet])]] | 820 | groupBindings :: [Packet] -> [[(Word8, (Packet, Packet), [String], [SignatureSubpacket], [Packet])]] |
| 802 | groupBindings (accBindings . snd . getBindings -> bindings) = gs | 821 | groupBindings (accBindings . snd . getBindings -> bindings) = gs |
| 803 | where | 822 | where |