diff --git a/goblins/ocapn/captp.rkt b/goblins/ocapn/captp.rkt index 64bd8b1..e1d946e 100644 --- a/goblins/ocapn/captp.rkt +++ b/goblins/ocapn/captp.rkt @@ -38,6 +38,7 @@ "structs-urls.rkt" (submod "structs-urls.rkt" marshall) "define-recordable-struct.rkt" + "crypto-converters.rkt" syrup @@ -1394,12 +1395,12 @@ ;; TODO: Shouldn't the netlayer actually interpret this message ;; before it gets here? Ie, at this stage, we're already ;; "confident" this is from the right location - [(mtp:op:start-session (and remote-encoded-pubkey - (list 'eddsa 'public 'ed25519 _)) + [(mtp:op:start-session remote-encoded-pubkey (? ocapn-machine? claimed-remote-location) remote-location-sig) + (pk 'got-to-start-session) (define remote-handoff-pubkey - (datum->pk-key remote-encoded-pubkey 'rkt-public)) + (datum->pk-key (gcrypt->racket/public-key remote-encoded-pubkey) 'rkt-public)) ;; TODO: I guess we didn't know by the time this was opened ;; what the remote location was going to be... that's part of the reason ;; for the start-session message... @@ -1411,7 +1412,7 @@ (unless (pk-verify remote-handoff-pubkey (syrup-encode (record* 'my-location claimed-remote-location) #:marshallers marshallers) - remote-location-sig) + (gcrypt->racket/signature remote-location-sig)) (error "Location not signed by handoff key")) ;; TODO: Now we need to do the dial back and verify that @@ -1484,9 +1485,9 @@ ;; Now we'll need to send our side of the start-session and get the ;; other side... which will be handled by the ^setup-completer above - (send-to-remote (mtp:op:start-session handoff-pubkey + (send-to-remote (mtp:op:start-session (racket->gcrypt/public-key handoff-pubkey) our-location - our-location-sig)) + (racket->gcrypt/signature our-location-sig))) ;; Return the meta-bootstrap-vow, which will be completed as above meta-bootstrap-vow] diff --git a/goblins/ocapn/crypto-converters.rkt b/goblins/ocapn/crypto-converters.rkt new file mode 100644 index 0000000..1557d0b --- /dev/null +++ b/goblins/ocapn/crypto-converters.rkt @@ -0,0 +1,48 @@ +#lang racket + +;;; Copyright 2022 Jessica Tallon +;;; +;;; Licensed under the Apache License, Version 2.0 (the "License"); +;;; you may not use this file except in compliance with the License. +;;; You may obtain a copy of the License at +;;; +;;; http://www.apache.org/licenses/LICENSE-2.0 +;;; +;;; Unless required by applicable law or agreed to in writing, software +;;; distributed under the License is distributed on an "AS IS" BASIS, +;;; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +;;; See the License for the specific language governing permissions and +;;; limitations under the License. + +(provide racket->gcrypt/public-key + gcrypt->racket/public-key + + racket->gcrypt/signature + gcrypt->racket/signature) + +(require racket/match) + +(define (racket->gcrypt/public-key public-key) + (match public-key + [(list 'eddsa 'public 'ed25519 data) + `(public-key (ecc (curve Ed25519) (flags eddsa) (q ,data)))] + [_ (error "Don't know how to encode key: ~a" public-key)])) + +(define (gcrypt->racket/public-key public-key) + (match public-key + [`(public-key (ecc (curve Ed25519) (flags eddsa) (q ,data))) + `(eddsa public ed25519 ,data)])) + +(define (racket->gcrypt/signature signature) + (let ((r (subbytes signature 0 32)) + (s (subbytes signature 32))) + `(sig-val (eddsa (r ,r) (s ,s))))) + +(define (gcrypt->racket/signature signature) + (match signature + [`(sig-val (eddsa (r ,r) (s ,s))) + (bytes-append r + (make-bytes (- 32 (bytes-length r)) 0) + s + (make-bytes (- 32 (bytes-length s)) 0))] + [_ (error "No matching signature: ~a" signature)]))