Check-in [92cd8b5e93]
Not logged in

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Don't recheck key signatures every time you open your secret keys
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 92cd8b5e93d802f5f5162742bd2c8c5e07349eaf
User & Date: bernd 2019-05-27 16:58:07
Context
2019-05-28
23:09
engage password field when folding nick check-in: 8aa207a195 user: bernd tags: trunk
2019-05-27
16:58
Don't recheck key signatures every time you open your secret keys check-in: 92cd8b5e93 user: bernd tags: trunk
2019-05-23
15:35
Fix gui on android check-in: 6017e64a28 user: bernd tags: trunk
Changes
Hide Diffs Unified Diffs Show Whitespace Changes Patch

Changes to crypt.fs.

561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
...
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
    2dup enddate@ 64>r 2dup startdate@ 64>r
    ticks fuzzedtime# 64+ 64r> 64r>
    64dup 64#-1 64<> IF  fuzzedtime# 64-2* 64+  THEN
    early/late?
    msg( dup IF  <err> ." sig out of date: " ticks .ticks ."  sigdate: "
    >r 2dup startdate@ .ticks 2dup enddate@ .ticks r> <default> cr  THEN ) ;
: verify-sig ( addr u pk -- addr u flag )  >r
    check-date dup 0= IF  drop
	2dup + sigonlysize# - r> ed-verify 0= sig-wrong and
	EXIT  THEN
    rdrop ;
: quick-verify-sig ( addr u pk -- addr u flag )  >r
    check-date dup 0= IF  drop
	2dup + sigonlysize# -
	r@ dup last# >r search-key? r> to last#
	dup 0= IF  nip nip rdrop  EXIT  THEN
	swap .ke-sksig sec@ drop swap 2swap
	ed-quick-verify 0= sig-wrong and
    THEN
    rdrop ;

: date-sig? ( addr u pk -- addr u flag )
    >r >date r> verify-sig ;
: pk-sig? ( addr u -- addr u' flag )
    dup sigpksize# u< IF  sig-unsigned  EXIT  THEN
................................................................................
: pk@ ( -- pk u )
    my-key? .ke-pk $@ ;
: sk@ ( -- sk u )
    my-key? .ke-sk sec@ ;
: sksig@ ( -- sksig u )
    my-key? .ke-sksig sec@ ;
: .sig ( -- )
    sigdate +date sigdate datesize# type
    sig-params ed-sign type keysize emit ;
: .pk ( -- )  pk@ key| type ;
: pk-sig ( addr u -- sig u )
    c:0key c:hash [: .pk .sig ;] $tmp ;

: +sig$ ( addr u -- hostaddr host-u ) [: type .sig ;] $tmp ;
: gen-host ( addr u -- addr' u' )







|
|



|




|







 







|







561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
...
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
    2dup enddate@ 64>r 2dup startdate@ 64>r
    ticks fuzzedtime# 64+ 64r> 64r>
    64dup 64#-1 64<> IF  fuzzedtime# 64-2* 64+  THEN
    early/late?
    msg( dup IF  <err> ." sig out of date: " ticks .ticks ."  sigdate: "
    >r 2dup startdate@ .ticks 2dup enddate@ .ticks r> <default> cr  THEN ) ;
: verify-sig ( addr u pk -- addr u flag )  >r
    check-date dup 0= IF  drop +cmd
	2dup + sigonlysize# - r> ed-verify 0= sig-wrong and +sig
	EXIT  THEN
    rdrop ;
: quick-verify-sig ( addr u pk -- addr u flag )  >r
    check-date dup 0= IF  drop +cmd
	2dup + sigonlysize# -
	r@ dup last# >r search-key? r> to last#
	dup 0= IF  nip nip rdrop  EXIT  THEN
	swap .ke-sksig sec@ drop swap 2swap
	ed-quick-verify 0= sig-wrong and +sigquick
    THEN
    rdrop ;

: date-sig? ( addr u pk -- addr u flag )
    >r >date r> verify-sig ;
: pk-sig? ( addr u -- addr u' flag )
    dup sigpksize# u< IF  sig-unsigned  EXIT  THEN
................................................................................
: pk@ ( -- pk u )
    my-key? .ke-pk $@ ;
: sk@ ( -- sk u )
    my-key? .ke-sk sec@ ;
: sksig@ ( -- sksig u )
    my-key? .ke-sksig sec@ ;
: .sig ( -- )
    +sig sigdate +date sigdate datesize# type
    sig-params ed-sign type keysize emit ;
: .pk ( -- )  pk@ key| type ;
: pk-sig ( addr u -- sig u )
    c:0key c:hash [: .pk .sig ;] $tmp ;

: +sig$ ( addr u -- hostaddr host-u ) [: type .sig ;] $tmp ;
: gen-host ( addr u -- addr' u' )

Changes to debugging.fs.

120
121
122
123
124
125
126


127
128
129
130
131
132
133
timer: +desta
timer: +inmove
timer: +next
timer: +reset
timer: +event
timer: +calc
timer: +cryptsu


timer: +enc
timer: +rec
timer: +send
timer: +wait
timer: +cmd
timer: +dest
timer: +ack







>
>







120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
timer: +desta
timer: +inmove
timer: +next
timer: +reset
timer: +event
timer: +calc
timer: +cryptsu
timer: +sig
timer: +sigquick
timer: +enc
timer: +rec
timer: +send
timer: +wait
timer: +cmd
timer: +dest
timer: +ack

Changes to ed25519-donna.fs.

117
118
119
120
121
122
123



124
125
126
127
128

129
130
131
132
133
134
135
    sigbuf $40 >hash             \ z=hash(r,pk,message)
    sct1 hashtmp 64b>sc25519     \ sct1 is z
    sct2 sk raw>sc25519          \ sct2 is sk
    sct1 sct1 sct2 sc25519*
    sct1 sct1 sct3 sc25519+      \ s=z*sk+k
    sigbuf $20 + sct1 sc25519>32b
    clean-ed25519 sigbuf $40 ;   \ r,s




: ed-check? { sig pk -- flag }
    \G check a message: the keccak state contains the hash of the message.
    \G The unpacked pk is in get0, so this word can be used for batch checking.
    \G sig and pk need to be aligned properly, ed-verify does that alignment

    sig hashtmp $20 move  pk hashtmp $20 + $20 move
    hashtmp $40 c:shorthash hashtmp $40 c:hash@ \ z=hash(r+pk+message)
    sct2 hashtmp 64b>sc25519       \ sct2 is z
    sct3 sig $20 + raw>sc25519     \ sct3 is s
    get1 get0 sct2 sct3 ge25519*+  \ base*s-pk*z
    sigbuf $40 + get1 ge25519-pack \ =r
    sig sigbuf $40 + 32b= ;







>
>
>





>







117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
    sigbuf $40 >hash             \ z=hash(r,pk,message)
    sct1 hashtmp 64b>sc25519     \ sct1 is z
    sct2 sk raw>sc25519          \ sct2 is sk
    sct1 sct1 sct2 sc25519*
    sct1 sct1 sct3 sc25519+      \ s=z*sk+k
    sigbuf $20 + sct1 sc25519>32b
    clean-ed25519 sigbuf $40 ;   \ r,s

UValue no-ed-check?
0 to no-ed-check?

: ed-check? { sig pk -- flag }
    \G check a message: the keccak state contains the hash of the message.
    \G The unpacked pk is in get0, so this word can be used for batch checking.
    \G sig and pk need to be aligned properly, ed-verify does that alignment
    no-ed-check? IF  true  EXIT  THEN
    sig hashtmp $20 move  pk hashtmp $20 + $20 move
    hashtmp $40 c:shorthash hashtmp $40 c:hash@ \ z=hash(r+pk+message)
    sct2 hashtmp 64b>sc25519       \ sct2 is z
    sct3 sig $20 + raw>sc25519     \ sct3 is s
    get1 get0 sct2 sct3 ge25519*+  \ base*s-pk*z
    sigbuf $40 + get1 ge25519-pack \ =r
    sig sigbuf $40 + 32b= ;

Changes to keys.fs.

630
631
632
633
634
635
636




637
638
639
640
641
642
643
...
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
....
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
....
1078
1079
1080
1081
1082
1083
1084

1085
1086
1087
1088

1089
1090
1091
1092
1093
1094
1095
Variable key-version
: key-version$ "1" ;
key-version$ evaluate Constant key-version#

: new-pet? ( addr u -- addr u flag )
    0 ke-pets[] [: rot >r 2over str= r> or ;] $[]map 0= ;





scope{ net2o-base

cmd-table $@ inherit-table key-entry-table
\g 
\g ### key storage commands ###
\g
$2 net2o: slit ( #lit -- ) \g deprecated slit version
................................................................................
    $> s>unumber? IF  drop  ELSE  2drop 0  THEN  dup key-version !
    key-version# u< save-keys-again or! ;
$11 net2o: privkey ( $:string -- )
    \g private key
    \ does not need to be signed, the secret key verifies itself
    !!unsigned? $40 !!>=order?
    keypack c@ $F and ke-pwlevel !
    $> over keypad sk>pk \ generate pubkey
    keypad ke-pk $@ drop keysize tuck str= 0= !!wrong-key!!
    ke-sk sec! +seckey "\0" ke-groups $! 0 groups[] $[]@ drop @ ke-mask ! ;
+net2o: keytype ( n -- )           !!signed?   1 !!>order? 64>n ke-type ! ;
    \g key type (0: anon, 1: user, 2: group)
+net2o: keynick ( $:string -- )    !!signed?   2 !!>order? $> ke-nick $!
    \g key nick
    nick! ;
+net2o: keyprofile ( $:string -- ) !!signed?   4 !!>order? $> ke-prof $! ;
    \g key profile (hash of a resource)
................................................................................
\ read key file

: try-decrypt-key ( key u1 -- addr u2 flag )
    keypack keypack-d keypack-all# move
    keypack-d keypack-all# 2swap
    dup $20 = IF  decrypt$  ELSE
	keypack c@ $F and config:pw-maxlevel# @ <=
	IF  decrypt-pw$  ELSE  2drop false  THEN
    THEN ;

: try-decrypt ( flag -- addr u / 0 0 ) { flag }
    keys $[]# 0 ?DO
	I keys sec[]@ dup keysize = flag xor IF
	    try-decrypt-key IF
		I keys $[] @ dup >storekey ! defaultkey !
................................................................................
: read-key-loop ( -- )
    import#self import-type !  secret-keys# >r
    ?key-sfd read-keys-loop
    secret-keys# r> = IF  migrate-key-loop  THEN
    save-keys-again @ IF  save-seckeys      THEN ;
: read-pkey-loop ( -- )
    lastkey@ drop defaultkey ! \ at least one default key available

    -1 config:pw-level#
    [: import#new import-type !
      ?key-pfd read-keys-loop
      save-keys-again @ IF  save-keys  THEN ;] !wrapper ;


: read-keys ( -- )
    read-key-loop read-pkey-loop import#new import-type ! ;

: read-pk2key$ ( addr u -- )
    \g read a nested key into sample-key
    sample-key >o c-state off  sim-nick! on







>
>
>
>







 







|
<
|







 







|







 







>

|
<
|
>







630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
...
650
651
652
653
654
655
656
657

658
659
660
661
662
663
664
665
....
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
....
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090

1091
1092
1093
1094
1095
1096
1097
1098
1099
Variable key-version
: key-version$ "1" ;
key-version$ evaluate Constant key-version#

: new-pet? ( addr u -- addr u flag )
    0 ke-pets[] [: rot >r 2over str= r> or ;] $[]map 0= ;

: ?sk ( addr u -- addr u )
    over keypad sk>pk \ generate pubkey
    keypad ke-pk $@ drop keysize tuck str= 0= !!wrong-key!! ;

scope{ net2o-base

cmd-table $@ inherit-table key-entry-table
\g 
\g ### key storage commands ###
\g
$2 net2o: slit ( #lit -- ) \g deprecated slit version
................................................................................
    $> s>unumber? IF  drop  ELSE  2drop 0  THEN  dup key-version !
    key-version# u< save-keys-again or! ;
$11 net2o: privkey ( $:string -- )
    \g private key
    \ does not need to be signed, the secret key verifies itself
    !!unsigned? $40 !!>=order?
    keypack c@ $F and ke-pwlevel !
    $> ?sk ke-sk sec! +seckey

    "\0" ke-groups $! 0 groups[] $[]@ drop @ ke-mask ! ;
+net2o: keytype ( n -- )           !!signed?   1 !!>order? 64>n ke-type ! ;
    \g key type (0: anon, 1: user, 2: group)
+net2o: keynick ( $:string -- )    !!signed?   2 !!>order? $> ke-nick $!
    \g key nick
    nick! ;
+net2o: keyprofile ( $:string -- ) !!signed?   4 !!>order? $> ke-prof $! ;
    \g key profile (hash of a resource)
................................................................................
\ read key file

: try-decrypt-key ( key u1 -- addr u2 flag )
    keypack keypack-d keypack-all# move
    keypack-d keypack-all# 2swap
    dup $20 = IF  decrypt$  ELSE
	keypack c@ $F and config:pw-maxlevel# @ <=
	IF  +cmd decrypt-pw$ +cryptsu  ELSE  2drop false  THEN
    THEN ;

: try-decrypt ( flag -- addr u / 0 0 ) { flag }
    keys $[]# 0 ?DO
	I keys sec[]@ dup keysize = flag xor IF
	    try-decrypt-key IF
		I keys $[] @ dup >storekey ! defaultkey !
................................................................................
: read-key-loop ( -- )
    import#self import-type !  secret-keys# >r
    ?key-sfd read-keys-loop
    secret-keys# r> = IF  migrate-key-loop  THEN
    save-keys-again @ IF  save-seckeys      THEN ;
: read-pkey-loop ( -- )
    lastkey@ drop defaultkey ! \ at least one default key available
    true to no-ed-check?
    -1 config:pw-level#
    [: import#new import-type !  ?key-pfd read-keys-loop

	save-keys-again @ IF  save-keys  THEN ;] !wrapper
    false to no-ed-check? ;

: read-keys ( -- )
    read-key-loop read-pkey-loop import#new import-type ! ;

: read-pk2key$ ( addr u -- )
    \g read a nested key into sample-key
    sample-key >o c-state off  sim-nick! on

Changes to n2o.fs.

799
800
801
802
803
804
805

806
807

808
809
810
811
    ?dup-IF  <err> ." error: " error$ type cr <default>  THEN ;

}scope

: start-n2o ( -- )
    [IFDEF] cov+ load-cov [THEN]
    cmd-args ++debug %droprate %droprate \ read in all debugging stuff

    argc @ 1 > IF next-cmd ELSE n2o:help THEN
    [IFDEF] cov+ save-cov annotate-cov cov% [THEN]

    n2o:bye ;

' start-n2o is process-args








>


>




799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
    ?dup-IF  <err> ." error: " error$ type cr <default>  THEN ;

}scope

: start-n2o ( -- )
    [IFDEF] cov+ load-cov [THEN]
    cmd-args ++debug %droprate %droprate \ read in all debugging stuff
    profile( init-timer )
    argc @ 1 > IF next-cmd ELSE n2o:help THEN
    [IFDEF] cov+ save-cov annotate-cov cov% [THEN]
    profile( .times )
    n2o:bye ;

' start-n2o is process-args