Add encrypted key rotation feature api

diff --git a/src/conf.c b/src/conf.c
index 5db2c016e8c5bfcfcde876207961605a0600c2ad..a9e3e4d6f0d2171fb893fe87515df8d78ab4a391 100644 (file)
--- a/src/conf.c
+++ b/src/conf.c
@@ -206,6 +206,10 @@ static bool copytree(const char *src_dir_name, const void *src_key, const char *
                return false;
        }
 
+       char src_filename[PATH_MAX];
+       char dst_filename[PATH_MAX];
+       struct dirent *ent;
+
        DIR *src_dir = opendir(src_dir_name);
 
        if(!src_dir) {
@@ -213,29 +217,23 @@ static bool copytree(const char *src_dir_name, const void *src_key, const char *
                return false;
        }
 
-       struct dirent *ent;
+       // Delete if already exists and create a new destination directory
+       deltree(dst_dir_name);
+
+       if(mkdir(dst_dir_name, 0700)) {
+               logger(NULL, MESHLINK_ERROR, "Could not create directory %s\n", dst_filename);
+               return false;
+       }
 
        while((ent = readdir(src_dir))) {
                if(ent->d_name[0] == '.') {
                        continue;
                }
 
-               char src_filename[PATH_MAX];
-               char dst_filename[PATH_MAX];
-
                snprintf(dst_filename, sizeof(dst_filename), "%s" SLASH "%s", dst_dir_name, ent->d_name);
                snprintf(src_filename, sizeof(src_filename), "%s" SLASH "%s", src_dir_name, ent->d_name);
 
                if(ent->d_type == DT_DIR) {
-
-                       // Delete if already exists and create a new destination directory
-                       deltree(dst_filename);
-
-                       if(mkdir(dst_filename, 0700)) {
-                               logger(NULL, MESHLINK_ERROR, "Could create directory %s\n", dst_filename);
-                               return false;
-                       }
-
                        if(!copytree(src_filename, src_key, dst_filename, dst_key)) {
                                logger(NULL, MESHLINK_ERROR, "Copying %s to %s failed\n", src_filename, dst_filename);
                                return false;
@@ -244,7 +242,6 @@ static bool copytree(const char *src_dir_name, const void *src_key, const char *
                        if(!sync_path(dst_filename)) {
                                return false;
                        }
-
                } else if(ent->d_type == DT_REG) {
                        struct stat st;
                        config_t config;
@@ -318,15 +315,6 @@ bool config_copy(meshlink_handle_t *mesh, const char *src_dir_name, const void *
        snprintf(dst_filename, sizeof(dst_filename), "%s" SLASH "%s", mesh->confbase, dst_dir_name);
        snprintf(src_filename, sizeof(src_filename), "%s" SLASH "%s", mesh->confbase, src_dir_name);
 
-       if(main_config_exists(mesh, dst_dir_name)) {
-               deltree(dst_dir_name);
-       }
-
-       if(mkdir(dst_filename, 0700)) {
-               logger(NULL, MESHLINK_ERROR, "Could create directory %s\n", dst_filename);
-               return false;
-       }
-
        return copytree(src_filename, src_key, dst_filename, dst_key);
 }
 
@@ -583,10 +571,7 @@ bool config_read(meshlink_handle_t *mesh, const char *conf_subdir, const char *n
                return false;
        }
 
-       if(fclose(f)) {
-               logger(mesh, MESHLINK_ERROR, "Failed to close `%s': %s", path, strerror(errno));
-               return false;
-       }
+       fclose(f);
 
        return true;
 }
@@ -676,10 +661,7 @@ bool main_config_read(meshlink_handle_t *mesh, const char *conf_subdir, config_t
                return false;
        }
 
-       if(fclose(f)) {
-               logger(mesh, MESHLINK_ERROR, "Failed to close `%s': %s", path, strerror(errno));
-               return false;
-       }
+       fclose(f);
 
        return true;
 }
@@ -767,10 +749,7 @@ bool invitation_read(meshlink_handle_t *mesh, const char *conf_subdir, const cha
                return false;
        }
 
-       if(fclose(f)) {
-               logger(mesh, MESHLINK_ERROR, "Failed to close `%s': %s", path, strerror(errno));
-               return false;
-       }
+       fclose(f);
 
        unlink(used_path);
        return true;

diff --git a/src/meshlink.c b/src/meshlink.c
index 185f6689af767d6e3ab207816619962ede74e4fe..c5dc33aca3a091a6a2793266cb5aa58369bc6a70 100644 (file)
--- a/src/meshlink.c
+++ b/src/meshlink.c
@@ -1057,20 +1057,83 @@ bool meshlink_open_params_set_storage_key(meshlink_open_params_t *params, const
        return true;
 }
 
-bool meshlink_encrypted_key_rotate(meshlink_handle_t *mesh, const void *new_key, size_t new_keylen) {
+bool meshlink_encrypted_key_rotate(meshlink_handle_t *mesh, const char *new_key, size_t new_keylen) {
+       if(!mesh || !new_key || !new_keylen || !*new_key) {
+               logger(mesh, MESHLINK_ERROR, "Invalid arguments given!\n");
+               meshlink_errno = MESHLINK_EINVAL;
+               return false;
+       }
+
+       pthread_mutex_lock(&(mesh->mesh_mutex));
+
+       // Create hash for the new key
+       void *new_config_key;
+       new_config_key = xmalloc(CHACHA_POLY1305_KEYLEN);
+
+       if(!prf(new_key, new_keylen, "MeshLink configuration key", 26, new_config_key, CHACHA_POLY1305_KEYLEN)) {
+               logger(mesh, MESHLINK_ERROR, "Error creating new configuration key!\n");
+               meshlink_errno = MESHLINK_EINTERNAL;
+               pthread_mutex_unlock(&(mesh->mesh_mutex));
+               return false;
+       }
+
+       // Copy contents of the "current" confbase sub-directory to "new" confbase sub-directory with the new key
+
+       if(!config_copy(mesh, "current", mesh->config_key, "new", new_config_key)) {
+               logger(mesh, MESHLINK_ERROR, "Could not set up configuration in %s/old: %s\n", mesh->confbase, strerror(errno));
+               meshlink_errno = MESHLINK_ESTORAGE;
+               pthread_mutex_unlock(&(mesh->mesh_mutex));
+               return false;
+       }
 
-       // While copying old config files to new config files
        devtool_keyrotate_probe(1);
-       // After completed creating new config files in confbase/new/
+
+       main_config_unlock(mesh);
+
+       // Rename confbase/current/ to confbase/old
+
+       if(!config_rename(mesh, "current", "old")) {
+               logger(mesh, MESHLINK_ERROR, "Cannot rename %s/current to %s/old\n", mesh->confbase, mesh->confbase);
+               meshlink_errno = MESHLINK_ESTORAGE;
+               main_config_lock(mesh);
+               pthread_mutex_unlock(&(mesh->mesh_mutex));
+               return false;
+       }
+
        devtool_keyrotate_probe(2);
-       // Rename confbase/current to confbase/old/
-       devtool_keyrotate_probe(3);
+
        // Rename confbase/new/ to confbase/current
-       devtool_keyrotate_probe(4);
-       // Before deleting old sub-directory
-       devtool_keyrotate_probe(5);
 
-       return false;
+       if(!config_rename(mesh, "new", "current")) {
+               logger(mesh, MESHLINK_ERROR, "Cannot rename %s/new to %s/current\n", mesh->confbase, mesh->confbase);
+               meshlink_errno = MESHLINK_ESTORAGE;
+               main_config_lock(mesh);
+               pthread_mutex_unlock(&(mesh->mesh_mutex));
+               return false;
+       }
+
+       devtool_keyrotate_probe(3);
+
+       if(!main_config_lock(mesh)) {
+               pthread_mutex_unlock(&(mesh->mesh_mutex));
+               return false;
+       }
+
+       // Cleanup the "old" confbase sub-directory
+
+       if(!config_destroy(mesh->confbase, "old")) {
+               pthread_mutex_unlock(&(mesh->mesh_mutex));
+               return false;
+       }
+
+       // Change the mesh handle key with new key
+
+       free(mesh->config_key);
+       mesh->config_key = new_config_key;
+
+       pthread_mutex_unlock(&(mesh->mesh_mutex));
+
+       return true;
 }
 
 void meshlink_open_params_free(meshlink_open_params_t *params) {

diff --git a/test/blackbox/run_blackbox_tests/test_cases_key_rotation.c b/test/blackbox/run_blackbox_tests/test_cases_key_rotation.c
index 2768c80c6e3898ec08ece10794386e15a393fcfd..a42a54d5529e29e04500a25e07f5d0891d32722b 100644 (file)
--- a/test/blackbox/run_blackbox_tests/test_cases_key_rotation.c
+++ b/test/blackbox/run_blackbox_tests/test_cases_key_rotation.c
@@ -342,7 +342,7 @@ static void debug_probe(int stage) {
        // Terminate the node at the specified stage (by @ break_stage @ )
        if(stage == break_stage) {
                raise(SIGINT);
-       } else if((break_stage < 1) || (break_stage > 11)) {
+       } else if((break_stage < 1) || (break_stage > 3)) {
                fprintf(stderr, "INVALID stage break\n");
                raise(SIGABRT);
        }
@@ -381,7 +381,7 @@ static bool test_key_rotation_05(void) {
 
        // incrementally debug meshlink_encrypted_key_rotate API atomicity
 
-       for(break_stage = 1; break_stage <= 10; break_stage += 1) {
+       for(break_stage = 1; break_stage <= 3; break_stage += 1) {
                fprintf(stderr, "Debugging stage %d\n", break_stage);
                meshlink_destroy("encrypted_conf");
 
@@ -450,13 +450,9 @@ static bool test_key_rotation_05(void) {
 
                meshlink_destroy("encrypted_conf.1");
 
-               set_sync_flag(&status_changed_cond, false);
-               bar_reachable = false;
-
                meshlink_handle_t *mesh2 = meshlink_open("encrypted_conf.1", "bar", "bar", DEV_CLASS_BACKBONE);
                assert(mesh2);
 
-               meshlink_set_node_status_cb(mesh2, node_status_cb);
                meshlink_set_log_cb(mesh2, MESHLINK_DEBUG, log_cb);
                meshlink_enable_discovery(mesh2, false);