include/ipc: Change IPC message format so that all data is signed

In the current IPC message format, only the data field is signed,
causing changes to the other fields to go unnoticed by the signature
verification.
This commit adds a new message format in that the IPC message is
wrapped in an envelope, making sure that all data is authenticated
by the signature.

diff --git a/spec/ipc_data.schema.json b/spec/ipc_data.schema.json
new file mode 100644 (file)
index 0000000..fb5f0bb
--- /dev/null
+++ b/spec/ipc_data.schema.json
@@ -0,0 +1,49 @@
+{
+    "$schema": "https://json-schema.org/draft/2020-12/schema",
+    "$id": "https://m10k.eu/toolbox/ipc.msg.json",
+    "title": "Toolbox IPC Base message",
+    "description": "The base type for toolbox IPC messages",
+    "type": "object",
+
+    "properties": {
+       "version": {
+           "description": "The message format version",
+           "type": "integer"
+       },
+
+       "source": {
+           "description": "The endpoint that sent the message",
+           "type": "string"
+       },
+
+       "destination": {
+           "description": "The endpoint that the message is intended for",
+           "type": "string"
+       },
+
+       "timestamp": {
+           "description": "The UNIX timestamp when the message was sent",
+           "type": "integer"
+       },
+
+       "user": {
+           "description": "The login name of the sender",
+           "type": "string"
+       },
+
+       "data": {
+           "description": "The base64 encoded content of the message",
+           "type": "string",
+           "pattern": "^[0-9a-zA-Z+/]+[=]*$"
+       }
+    },
+
+    "required": [
+       "version",
+       "source",
+       "destination",
+       "timestamp",
+       "user",
+       "data"
+    ]
+}

diff --git a/spec/ipc_envelope.schema.json b/spec/ipc_envelope.schema.json
new file mode 100644 (file)
index 0000000..82a431c
--- /dev/null
+++ b/spec/ipc_envelope.schema.json
@@ -0,0 +1,26 @@
+{
+    "$schema": "https://json-schema.org/draft/2020-12/schema",
+    "$id": "https://m10k.eu/toolbox/ipc.envelope.json",
+    "title": "Toolbox IPC message envelope",
+    "description": "The envelope that toolbox IPC messages are sent in",
+    "type": "object",
+
+    "properties": {
+       "message": {
+           "description": "The message",
+           "type": "string",
+           "pattern": "^[0-9a-zA-Z+/]+[=]*$"
+       },
+
+       "signature": {
+           "description": "The base64 encoded signature of the encoded data",
+           "type": "string",
+           "pattern": "^[0-9a-zA-Z+/]+[=]*$"
+       }
+    },
+
+    "required": [
+       "message",
+       "signature"
+    ]
+}

diff --git a/spec/ipc_msg.schema.json b/spec/ipc_msg.schema.json
deleted file mode 100644 (file)
index 0b21932..0000000
--- a/spec/ipc_msg.schema.json
+++ /dev/null
@@ -1,56 +0,0 @@
-{
-    "$schema": "https://json-schema.org/draft/2020-12/schema",
-    "$id": "https://m10k.eu/toolbox/ipc.msg.json",
-    "title": "Toolbox IPC Base message",
-    "description": "The base type for toolbox IPC messages",
-    "type": "object",
-
-    "properties": {
-       "version": {
-           "description": "The message format version",
-           "type": "integer"
-       },
-
-       "source": {
-           "description": "The endpoint that sent the message",
-           "type": "string"
-       },
-
-       "destination": {
-           "description": "The endpoint that the message is intended for",
-           "type": "string"
-       },
-
-       "timestamp": {
-           "description": "The UNIX timestamp when the message was sent",
-           "type": "integer"
-       },
-
-       "user": {
-           "description": "The login name of the sender",
-           "type": "string"
-       },
-
-       "data": {
-           "description": "The base64 encoded content of the message",
-           "type": "string",
-           "pattern": "^[0-9a-zA-Z+/]+[=]*$"
-       },
-
-       "signature": {
-           "description": "The base64 encoded signature of the encoded data",
-           "type": "string",
-           "pattern": "^[0-9a-zA-Z+/]+[=]*$"
-       }
-    },
-
-    "required": [
-       "version",
-       "source",
-       "destination",
-       "timestamp",
-       "user",
-       "data",
-       "signature"
-    ]
-}