From: Matthias Kruk Date: Wed, 16 Jun 2021 23:05:23 +0000 (+0900) Subject: include/ipc: Change IPC message format so that all data is signed X-Git-Url: https://git.corax.cc/?a=commitdiff_plain;h=fbe07ff1240eab39880b88f5ca14ba934f321d59;p=toolbox include/ipc: Change IPC message format so that all data is signed In the current IPC message format, only the data field is signed, causing changes to the other fields to go unnoticed by the signature verification. This commit adds a new message format in that the IPC message is wrapped in an envelope, making sure that all data is authenticated by the signature. --- diff --git a/spec/ipc_data.schema.json b/spec/ipc_data.schema.json new file mode 100644 index 0000000..fb5f0bb --- /dev/null +++ b/spec/ipc_data.schema.json @@ -0,0 +1,49 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://m10k.eu/toolbox/ipc.msg.json", + "title": "Toolbox IPC Base message", + "description": "The base type for toolbox IPC messages", + "type": "object", + + "properties": { + "version": { + "description": "The message format version", + "type": "integer" + }, + + "source": { + "description": "The endpoint that sent the message", + "type": "string" + }, + + "destination": { + "description": "The endpoint that the message is intended for", + "type": "string" + }, + + "timestamp": { + "description": "The UNIX timestamp when the message was sent", + "type": "integer" + }, + + "user": { + "description": "The login name of the sender", + "type": "string" + }, + + "data": { + "description": "The base64 encoded content of the message", + "type": "string", + "pattern": "^[0-9a-zA-Z+/]+[=]*$" + } + }, + + "required": [ + "version", + "source", + "destination", + "timestamp", + "user", + "data" + ] +} diff --git a/spec/ipc_envelope.schema.json b/spec/ipc_envelope.schema.json new file mode 100644 index 0000000..82a431c --- /dev/null +++ b/spec/ipc_envelope.schema.json @@ -0,0 +1,26 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://m10k.eu/toolbox/ipc.envelope.json", + "title": "Toolbox IPC message envelope", + "description": "The envelope that toolbox IPC messages are sent in", + "type": "object", + + "properties": { + "message": { + "description": "The message", + "type": "string", + "pattern": "^[0-9a-zA-Z+/]+[=]*$" + }, + + "signature": { + "description": "The base64 encoded signature of the encoded data", + "type": "string", + "pattern": "^[0-9a-zA-Z+/]+[=]*$" + } + }, + + "required": [ + "message", + "signature" + ] +} diff --git a/spec/ipc_msg.schema.json b/spec/ipc_msg.schema.json deleted file mode 100644 index 0b21932..0000000 --- a/spec/ipc_msg.schema.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2020-12/schema", - "$id": "https://m10k.eu/toolbox/ipc.msg.json", - "title": "Toolbox IPC Base message", - "description": "The base type for toolbox IPC messages", - "type": "object", - - "properties": { - "version": { - "description": "The message format version", - "type": "integer" - }, - - "source": { - "description": "The endpoint that sent the message", - "type": "string" - }, - - "destination": { - "description": "The endpoint that the message is intended for", - "type": "string" - }, - - "timestamp": { - "description": "The UNIX timestamp when the message was sent", - "type": "integer" - }, - - "user": { - "description": "The login name of the sender", - "type": "string" - }, - - "data": { - "description": "The base64 encoded content of the message", - "type": "string", - "pattern": "^[0-9a-zA-Z+/]+[=]*$" - }, - - "signature": { - "description": "The base64 encoded signature of the encoded data", - "type": "string", - "pattern": "^[0-9a-zA-Z+/]+[=]*$" - } - }, - - "required": [ - "version", - "source", - "destination", - "timestamp", - "user", - "data", - "signature" - ] -}