Check-in [92cd8b5e93]
Not logged in

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Don't recheck key signatures every time you open your secret keys
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 92cd8b5e93d802f5f5162742bd2c8c5e07349eaf
User & Date: bernd 2019-05-27 16:58:07
Context
2019-05-28
23:09
engage password field when folding nick check-in: 8aa207a195 user: bernd tags: trunk
2019-05-27
16:58
Don't recheck key signatures every time you open your secret keys check-in: 92cd8b5e93 user: bernd tags: trunk
2019-05-23
15:35
Fix gui on android check-in: 6017e64a28 user: bernd tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to crypt.fs.

   561    561       2dup enddate@ 64>r 2dup startdate@ 64>r
   562    562       ticks fuzzedtime# 64+ 64r> 64r>
   563    563       64dup 64#-1 64<> IF  fuzzedtime# 64-2* 64+  THEN
   564    564       early/late?
   565    565       msg( dup IF  <err> ." sig out of date: " ticks .ticks ."  sigdate: "
   566    566       >r 2dup startdate@ .ticks 2dup enddate@ .ticks r> <default> cr  THEN ) ;
   567    567   : verify-sig ( addr u pk -- addr u flag )  >r
   568         -    check-date dup 0= IF  drop
   569         -	2dup + sigonlysize# - r> ed-verify 0= sig-wrong and
          568  +    check-date dup 0= IF  drop +cmd
          569  +	2dup + sigonlysize# - r> ed-verify 0= sig-wrong and +sig
   570    570   	EXIT  THEN
   571    571       rdrop ;
   572    572   : quick-verify-sig ( addr u pk -- addr u flag )  >r
   573         -    check-date dup 0= IF  drop
          573  +    check-date dup 0= IF  drop +cmd
   574    574   	2dup + sigonlysize# -
   575    575   	r@ dup last# >r search-key? r> to last#
   576    576   	dup 0= IF  nip nip rdrop  EXIT  THEN
   577    577   	swap .ke-sksig sec@ drop swap 2swap
   578         -	ed-quick-verify 0= sig-wrong and
          578  +	ed-quick-verify 0= sig-wrong and +sigquick
   579    579       THEN
   580    580       rdrop ;
   581    581   
   582    582   : date-sig? ( addr u pk -- addr u flag )
   583    583       >r >date r> verify-sig ;
   584    584   : pk-sig? ( addr u -- addr u' flag )
   585    585       dup sigpksize# u< IF  sig-unsigned  EXIT  THEN
................................................................................
   603    603   : pk@ ( -- pk u )
   604    604       my-key? .ke-pk $@ ;
   605    605   : sk@ ( -- sk u )
   606    606       my-key? .ke-sk sec@ ;
   607    607   : sksig@ ( -- sksig u )
   608    608       my-key? .ke-sksig sec@ ;
   609    609   : .sig ( -- )
   610         -    sigdate +date sigdate datesize# type
          610  +    +sig sigdate +date sigdate datesize# type
   611    611       sig-params ed-sign type keysize emit ;
   612    612   : .pk ( -- )  pk@ key| type ;
   613    613   : pk-sig ( addr u -- sig u )
   614    614       c:0key c:hash [: .pk .sig ;] $tmp ;
   615    615   
   616    616   : +sig$ ( addr u -- hostaddr host-u ) [: type .sig ;] $tmp ;
   617    617   : gen-host ( addr u -- addr' u' )

Changes to debugging.fs.

   120    120   timer: +desta
   121    121   timer: +inmove
   122    122   timer: +next
   123    123   timer: +reset
   124    124   timer: +event
   125    125   timer: +calc
   126    126   timer: +cryptsu
          127  +timer: +sig
          128  +timer: +sigquick
   127    129   timer: +enc
   128    130   timer: +rec
   129    131   timer: +send
   130    132   timer: +wait
   131    133   timer: +cmd
   132    134   timer: +dest
   133    135   timer: +ack

Changes to ed25519-donna.fs.

   117    117       sigbuf $40 >hash             \ z=hash(r,pk,message)
   118    118       sct1 hashtmp 64b>sc25519     \ sct1 is z
   119    119       sct2 sk raw>sc25519          \ sct2 is sk
   120    120       sct1 sct1 sct2 sc25519*
   121    121       sct1 sct1 sct3 sc25519+      \ s=z*sk+k
   122    122       sigbuf $20 + sct1 sc25519>32b
   123    123       clean-ed25519 sigbuf $40 ;   \ r,s
          124  +
          125  +UValue no-ed-check?
          126  +0 to no-ed-check?
   124    127   
   125    128   : ed-check? { sig pk -- flag }
   126    129       \G check a message: the keccak state contains the hash of the message.
   127    130       \G The unpacked pk is in get0, so this word can be used for batch checking.
   128    131       \G sig and pk need to be aligned properly, ed-verify does that alignment
          132  +    no-ed-check? IF  true  EXIT  THEN
   129    133       sig hashtmp $20 move  pk hashtmp $20 + $20 move
   130    134       hashtmp $40 c:shorthash hashtmp $40 c:hash@ \ z=hash(r+pk+message)
   131    135       sct2 hashtmp 64b>sc25519       \ sct2 is z
   132    136       sct3 sig $20 + raw>sc25519     \ sct3 is s
   133    137       get1 get0 sct2 sct3 ge25519*+  \ base*s-pk*z
   134    138       sigbuf $40 + get1 ge25519-pack \ =r
   135    139       sig sigbuf $40 + 32b= ;

Changes to keys.fs.

   630    630   Variable key-version
   631    631   : key-version$ "1" ;
   632    632   key-version$ evaluate Constant key-version#
   633    633   
   634    634   : new-pet? ( addr u -- addr u flag )
   635    635       0 ke-pets[] [: rot >r 2over str= r> or ;] $[]map 0= ;
   636    636   
          637  +: ?sk ( addr u -- addr u )
          638  +    over keypad sk>pk \ generate pubkey
          639  +    keypad ke-pk $@ drop keysize tuck str= 0= !!wrong-key!! ;
          640  +
   637    641   scope{ net2o-base
   638    642   
   639    643   cmd-table $@ inherit-table key-entry-table
   640    644   \g 
   641    645   \g ### key storage commands ###
   642    646   \g
   643    647   $2 net2o: slit ( #lit -- ) \g deprecated slit version
................................................................................
   646    650       $> s>unumber? IF  drop  ELSE  2drop 0  THEN  dup key-version !
   647    651       key-version# u< save-keys-again or! ;
   648    652   $11 net2o: privkey ( $:string -- )
   649    653       \g private key
   650    654       \ does not need to be signed, the secret key verifies itself
   651    655       !!unsigned? $40 !!>=order?
   652    656       keypack c@ $F and ke-pwlevel !
   653         -    $> over keypad sk>pk \ generate pubkey
   654         -    keypad ke-pk $@ drop keysize tuck str= 0= !!wrong-key!!
   655         -    ke-sk sec! +seckey "\0" ke-groups $! 0 groups[] $[]@ drop @ ke-mask ! ;
          657  +    $> ?sk ke-sk sec! +seckey
          658  +    "\0" ke-groups $! 0 groups[] $[]@ drop @ ke-mask ! ;
   656    659   +net2o: keytype ( n -- )           !!signed?   1 !!>order? 64>n ke-type ! ;
   657    660       \g key type (0: anon, 1: user, 2: group)
   658    661   +net2o: keynick ( $:string -- )    !!signed?   2 !!>order? $> ke-nick $!
   659    662       \g key nick
   660    663       nick! ;
   661    664   +net2o: keyprofile ( $:string -- ) !!signed?   4 !!>order? $> ke-prof $! ;
   662    665       \g key profile (hash of a resource)
................................................................................
  1020   1023   \ read key file
  1021   1024   
  1022   1025   : try-decrypt-key ( key u1 -- addr u2 flag )
  1023   1026       keypack keypack-d keypack-all# move
  1024   1027       keypack-d keypack-all# 2swap
  1025   1028       dup $20 = IF  decrypt$  ELSE
  1026   1029   	keypack c@ $F and config:pw-maxlevel# @ <=
  1027         -	IF  decrypt-pw$  ELSE  2drop false  THEN
         1030  +	IF  +cmd decrypt-pw$ +cryptsu  ELSE  2drop false  THEN
  1028   1031       THEN ;
  1029   1032   
  1030   1033   : try-decrypt ( flag -- addr u / 0 0 ) { flag }
  1031   1034       keys $[]# 0 ?DO
  1032   1035   	I keys sec[]@ dup keysize = flag xor IF
  1033   1036   	    try-decrypt-key IF
  1034   1037   		I keys $[] @ dup >storekey ! defaultkey !
................................................................................
  1078   1081   : read-key-loop ( -- )
  1079   1082       import#self import-type !  secret-keys# >r
  1080   1083       ?key-sfd read-keys-loop
  1081   1084       secret-keys# r> = IF  migrate-key-loop  THEN
  1082   1085       save-keys-again @ IF  save-seckeys      THEN ;
  1083   1086   : read-pkey-loop ( -- )
  1084   1087       lastkey@ drop defaultkey ! \ at least one default key available
         1088  +    true to no-ed-check?
  1085   1089       -1 config:pw-level#
  1086         -    [: import#new import-type !
  1087         -      ?key-pfd read-keys-loop
  1088         -      save-keys-again @ IF  save-keys  THEN ;] !wrapper ;
         1090  +    [: import#new import-type !  ?key-pfd read-keys-loop
         1091  +	save-keys-again @ IF  save-keys  THEN ;] !wrapper
         1092  +    false to no-ed-check? ;
  1089   1093   
  1090   1094   : read-keys ( -- )
  1091   1095       read-key-loop read-pkey-loop import#new import-type ! ;
  1092   1096   
  1093   1097   : read-pk2key$ ( addr u -- )
  1094   1098       \g read a nested key into sample-key
  1095   1099       sample-key >o c-state off  sim-nick! on

Changes to n2o.fs.

   799    799       ?dup-IF  <err> ." error: " error$ type cr <default>  THEN ;
   800    800   
   801    801   }scope
   802    802   
   803    803   : start-n2o ( -- )
   804    804       [IFDEF] cov+ load-cov [THEN]
   805    805       cmd-args ++debug %droprate %droprate \ read in all debugging stuff
          806  +    profile( init-timer )
   806    807       argc @ 1 > IF next-cmd ELSE n2o:help THEN
   807    808       [IFDEF] cov+ save-cov annotate-cov cov% [THEN]
          809  +    profile( .times )
   808    810       n2o:bye ;
   809    811   
   810    812   ' start-n2o is process-args
   811    813