commit 58a8777908b56e21dcd4eabfc10eb92de259a0e7
parent 0414cb5bbd9e6f1e7400cc7fab862b8154ba9ac9
Author: Jan Pobrislo <ccx@te2000.cz>
Date: Wed, 4 Dec 2024 04:56:55 +0000
Environment variable caveat implementation
Diffstat:
19 files changed, 559 insertions(+), 147 deletions(-)
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
*.o
*.sw[op]
build
+tags
diff --git a/genhash b/genhash
@@ -0,0 +1,7 @@
+#!/bin/sh -xe
+base=$1
+shift
+exec triehash --multi-byte=0 --code="${base}.c" --header="${base}.h" \
+ --enum-name="${base}_key" \
+ --function-name="${base}_hash" \
+ "$@"
diff --git a/src/Makefile b/src/Makefile
@@ -10,15 +10,18 @@ endef
obj_read:=miniroon-read.o bytebuffer.o netstring.o miniroon-header.o
$(eval $(call miniroon_link,read))
-obj_verify:=miniroon-verify.o bytebuffer.o netstring.o hmac_sha2_256.o miniroon-header.o
+obj_verify:=miniroon-verify.o bytebuffer.o netstring.o hmac_sha2_256.o miniroon-header.o envmap.o caveats.o miniroon_caveat_name_perfhash.o caveat_env_is.o caveat_env_absent.o caveat_env_fnmatch.o
$(eval $(call miniroon_link,verify))
tools:=$(patsubst %,build/miniroon-%,$(miniroon_tool_names))
tools: $(tools)
.PHONY: tools
+%_perfhash.c %_perfhash.h: %_perfhash.txt ../genhash
+ ../genhash '$*_perfhash' '$<'
+
clean:
- rm -r build $(tools)
+ rm -r $(tools) build
.PHONY: clean
build/%.o: %.c ../cc build/.exists
diff --git a/src/caveat_env_absent.c b/src/caveat_env_absent.c
@@ -0,0 +1,45 @@
+#include <assert.h>
+#include <string.h>
+
+#include "verify_common.h"
+#define caveat_name "env-absent"
+#include "caveats_impl.h"
+
+
+void miniroon_caveat_prepare_env_absent(netstring_chunk *c, miniroon_caveats_state *state) {
+ bytebuffer name;
+
+ if(!netstring_chunk_next(c)) {
+ caveat_die1("missing variable name");
+ }
+ name = c->inner;
+
+ if(netstring_chunk_next(c)) {
+ caveat_die1("unexpected argument");
+ }
+
+ char name_0[name.len + 1];
+ memcpy(name_0, name.data, name.len);
+ name_0[name.len] = 0;
+
+ miniroon_env_entry *entry = miniroon_env_map_find(&state->emap, name);
+ if(entry == NULL) {
+ caveat_die3("variable '", name_0, "' not in allowlist");
+ }
+ switch(entry->state) {
+ case ENV_NO_CHANGE:
+ entry->state = ENV_SET;
+ break;
+ case ENV_REMOVE:
+ break;
+ default:
+ caveat_die2("conflicting state for variable: ", name_0);
+ break;
+ }
+}
+
+void miniroon_caveat_validate_env_absent(netstring_chunk *c, miniroon_caveats_state *state) {
+}
+
+/* vim: sts=2 sw=2 et
+*/
diff --git a/src/caveat_env_fnmatch.c b/src/caveat_env_fnmatch.c
@@ -0,0 +1,87 @@
+#include <assert.h>
+#include <string.h>
+#include <fnmatch.h>
+
+#include "verify_common.h"
+#define caveat_name "env-glob"
+#include "caveats_impl.h"
+
+
+void miniroon_caveat_prepare_env_fnmatch(netstring_chunk *c, miniroon_caveats_state *state) {
+ bytebuffer name, pattern;
+
+ if(!netstring_chunk_next(c)) {
+ caveat_die1("missing variable name");
+ }
+ name = c->inner;
+
+ if(!netstring_chunk_next(c)) {
+ caveat_die1("missing variable pattern");
+ }
+ pattern = c->inner;
+
+ if(netstring_chunk_next(c)) {
+ caveat_die1("unexpected argument");
+ }
+
+ char name_0[name.len + 1];
+ memcpy(name_0, name.data, name.len);
+ name_0[name.len] = 0;
+
+ miniroon_env_entry *entry = miniroon_env_map_find(&state->emap, name);
+ if(entry == NULL) {
+ caveat_die3("variable '", name_0, "' not in allowlist");
+ }
+}
+
+void miniroon_caveat_validate_env_fnmatch(netstring_chunk *c, miniroon_caveats_state *state) {
+ bytebuffer name, pattern;
+
+ if(!netstring_chunk_next(c)) {
+ caveat_die1("missing variable name");
+ }
+ name = c->inner;
+
+ if(!netstring_chunk_next(c)) {
+ caveat_die1("missing variable pattern");
+ }
+ pattern = c->inner;
+
+ if(netstring_chunk_next(c)) {
+ caveat_die1("unexpected argument");
+ }
+
+ char name_0[name.len + 1];
+ memcpy(name_0, name.data, name.len);
+ name_0[name.len] = 0;
+
+ miniroon_env_entry *entry = miniroon_env_map_find(&state->emap, name);
+ if(entry == NULL) {
+ caveat_die3("variable '", name_0, "' not in allowlist");
+ }
+
+ if(entry->state != ENV_SET) {
+ caveat_die3("required variable '", name_0, "' not provided: ");
+ }
+ assert(entry->value.len);
+ assert(entry->value.data);
+
+ char pattern_0[pattern.len + 1];
+ memcpy(pattern_0, pattern.data, pattern.len);
+ pattern_0[pattern.len] = 0;
+
+ switch(fnmatch(pattern_0, entry->value.data, 0)) {
+ case 0:
+ return; /* OK */
+ case FNM_NOMATCH:
+ caveat_die3("variable '", name_0, "' does not match required pattern");
+ break;
+ default:
+ caveat_die2("failure matching required pattern: ", name_0);
+ break;
+ }
+
+}
+
+/* vim: sts=2 sw=2 et
+*/
diff --git a/src/caveat_env_is.c b/src/caveat_env_is.c
@@ -0,0 +1,58 @@
+#include <assert.h>
+#include <string.h>
+
+#include "verify_common.h"
+#define caveat_name "env-is"
+#include "caveats_impl.h"
+
+void miniroon_caveat_prepare_env_is(netstring_chunk *c, miniroon_caveats_state *state){
+ bytebuffer name, value;
+
+ if(!netstring_chunk_next(c)) {
+ caveat_die1("missing variable name");
+ }
+ name = c->inner;
+
+ if(!netstring_chunk_next(c)) {
+ caveat_die1("missing variable value");
+ }
+ value = c->inner;
+
+ if(netstring_chunk_next(c)) {
+ caveat_die1("unexpected argument");
+ }
+
+ char name_0[name.len + 1];
+ memcpy(name_0, name.data, name.len);
+ name_0[name.len] = 0;
+
+ miniroon_env_entry *entry = miniroon_env_map_find(&state->emap, name);
+ if(entry == NULL) {
+ caveat_die3("variable '", name_0, "'not in allowlist");
+ }
+ switch(entry->state) {
+ case ENV_NO_CHANGE:
+ for(size_t i=0; i<value.len; i++) {
+ if(value.data[i] == '\0') {
+ caveat_die2("invalid value - null bytes not allowed in environment variable: ", name_0);
+ }
+ }
+ entry->state = ENV_SET;
+ entry->value = value;
+ break;
+ case ENV_SET:
+ if(bbcmp(entry->value, value) != 0) {
+ caveat_die2("conflicting values for variable", name_0);
+ }
+ break;
+ default:
+ caveat_die2("conflicting state for variable: ", name_0);
+ break;
+ }
+}
+
+void miniroon_caveat_validate_env_is(netstring_chunk *c, miniroon_caveats_state *state) {
+}
+
+/* vim: sts=2 sw=2 et
+*/
diff --git a/src/caveats.c b/src/caveats.c
@@ -0,0 +1,68 @@
+#include <assert.h>
+
+#include "verify_common.h"
+
+#include "caveats.h"
+#include "caveats_impl.h"
+#include "netstring.h"
+#include "miniroon_caveat_name_perfhash.h"
+typedef enum miniroon_caveat_name_perfhash_key miniroon_caveat_type;
+
+void miniroon_caveats_state_init(miniroon_caveats_state *state) {
+ miniroon_env_map_init(&state->emap);
+};
+
+
+miniroon_caveat_type caveat_get_type(netstring_chunk *c, const bytebuffer caveat) {
+ netstring_chunk_init(c, caveat);
+ if(!netstring_chunk_next(c)) {
+ strerr_dief1x(111, "Mising caveat name");
+ }
+ dbg_print_bb1("Caveat ID", c->inner);
+ return miniroon_caveat_name_perfhash_hash(c->inner.data, c->inner.len);
+}
+
+void miniroon_caveat_prepare(const bytebuffer caveat, miniroon_caveats_state *state) {
+ netstring_chunk c;
+ switch(caveat_get_type(&c, caveat)) {
+ case MINIROON_CAVEAT_UNDEFINED:
+ strerr_dief1x(111, "Unrecognized caveat type");
+ break;
+ case MINIROON_CAVEAT_ENV_IS:
+ miniroon_caveat_prepare_env_is(&c, state);
+ break;
+ case MINIROON_CAVEAT_ENV_ABSENT:
+ miniroon_caveat_prepare_env_absent(&c, state);
+ break;
+ case MINIROON_CAVEAT_ENV_FNMATCH:
+ miniroon_caveat_prepare_env_fnmatch(&c, state);
+ break;
+ default:
+ strerr_dief1x(111, "Unimplemented caveat type");
+ break;
+ }
+}
+
+void miniroon_caveat_validate(const bytebuffer caveat, miniroon_caveats_state *state) {
+ netstring_chunk c;
+ switch(caveat_get_type(&c, caveat)) {
+ case MINIROON_CAVEAT_UNDEFINED:
+ strerr_dief1x(111, "Unrecognized caveat type");
+ break;
+ case MINIROON_CAVEAT_ENV_IS:
+ miniroon_caveat_validate_env_is(&c, state);
+ break;
+ case MINIROON_CAVEAT_ENV_ABSENT:
+ miniroon_caveat_validate_env_absent(&c, state);
+ break;
+ case MINIROON_CAVEAT_ENV_FNMATCH:
+ miniroon_caveat_validate_env_fnmatch(&c, state);
+ break;
+ default:
+ strerr_dief1x(111, "Unimplemented caveat type");
+ break;
+ }
+}
+
+/* vim: sts=2 sw=2 et
+*/
diff --git a/src/caveats.h b/src/caveats.h
@@ -0,0 +1,14 @@
+#ifndef MINIROON_CAVEATS_H
+#define MINIROON_CAVEATS_H
+
+#include "envmap.h"
+
+typedef struct miniroon_caveats_state_s {
+ miniroon_env_map emap;
+} miniroon_caveats_state;
+
+void miniroon_caveats_state_init(miniroon_caveats_state *state);
+void miniroon_caveat_prepare(const bytebuffer caveat, miniroon_caveats_state *state);
+void miniroon_caveat_validate(const bytebuffer caveat, miniroon_caveats_state *state);
+
+#endif
diff --git a/src/caveats_impl.h b/src/caveats_impl.h
@@ -0,0 +1,25 @@
+#ifndef MINIROON_CAVEATS_IMPL_H
+#define MINIROON_CAVEATS_IMPL_H
+
+#include "caveats.h"
+#include "netstring.h"
+
+void miniroon_caveat_prepare_env_is(netstring_chunk *c, miniroon_caveats_state *state);
+void miniroon_caveat_validate_env_is(netstring_chunk *c, miniroon_caveats_state *state);
+
+void miniroon_caveat_prepare_env_absent(netstring_chunk *c, miniroon_caveats_state *state);
+void miniroon_caveat_validate_env_absent(netstring_chunk *c, miniroon_caveats_state *state);
+
+void miniroon_caveat_prepare_env_fnmatch(netstring_chunk *c, miniroon_caveats_state *state);
+void miniroon_caveat_validate_env_fnmatch(netstring_chunk *c, miniroon_caveats_state *state);
+
+#ifndef caveat_name
+#define caveat_name "(undefined)"
+#endif
+
+#define caveat_die1(a) strerr_dief4x(111, "caveat `", caveat_name, "`: ", a);
+#define caveat_die2(a,b) strerr_dief5x(111, "caveat `", caveat_name, "`: ", a, b);
+#define caveat_die3(a,b,c) strerr_dief6x(111, "caveat `", caveat_name, "`: ", a, b, c);
+#define caveat_die4(a,b,c,d) strerr_dief7x(111, "caveat `", caveat_name, "`: ", a, b, c, d);
+
+#endif
diff --git a/src/envmap.c b/src/envmap.c
@@ -0,0 +1,54 @@
+#include <string.h> /* memset() */
+#include <unistd.h> /* write() */
+#include <assert.h>
+
+#include "envmap.h"
+
+extern char **environ;
+
+void miniroon_env_map_zero(miniroon_env_map *emap) {
+ memset(emap, 0, sizeof(miniroon_env_map));
+}
+
+void miniroon_env_map_add(miniroon_env_map *emap, const bytebuffer name) {
+ assert(miniroon_env_map_find(emap, name) == NULL);
+ assert(emap->env_count < MAX_ENV_ALLOW); // TODO: proper check
+ emap->env[emap->env_count++].name = name;
+}
+
+miniroon_env_entry * miniroon_env_map_find(miniroon_env_map *emap, const bytebuffer name) {
+ for(size_t i=0; i < emap->env_count; i++) {
+ if(bbcmp(emap->env[i].name, name) == 0) {
+ return &emap->env[i];
+ }
+ }
+ return NULL;
+}
+
+void miniroon_env_map_init(miniroon_env_map *emap) {
+ miniroon_env_map_zero(emap);
+ char **env = environ;
+ char *var;
+ while(var = *(env++)) {
+
+ write(2, "env >", 5);
+ write(2, var, strlen(var));
+ write(2, "<\n", 2);
+
+ for(size_t i=0; var[i]; i++) {
+ if(var[i] == '-') { continue; }
+ if(var[i] >= '0' && var[i] <= '9') { continue; }
+ if(var[i] >= 'A' && var[i] <= 'z') { continue; }
+ if(var[i] == '=') {
+ if(var[i+1]) { break; }
+ write(2, "env [allowed]\n", 14);
+ bytebuffer bb = {var, i};
+ miniroon_env_map_add(emap, bb);
+ }
+ }
+
+ }
+}
+
+/* vim: sts=2 sw=2 et
+*/
diff --git a/src/envmap.h b/src/envmap.h
@@ -0,0 +1,29 @@
+#ifndef MINIROON_ENVMAP_H
+#define MINIROON_ENVMAP_H
+
+#include "bytebuffer.h"
+
+#define MAX_ENV_ALLOW 256
+
+typedef struct miniroon_env_entry_s {
+ bytebuffer name;
+ bytebuffer value;
+ enum miniroon_env_state {
+ ENV_NO_CHANGE = 0,
+ ENV_SET = 1,
+ ENV_REMOVE = 2
+ } state;
+} miniroon_env_entry;
+
+typedef struct miniroon_env_map_s {
+ miniroon_env_entry env[MAX_ENV_ALLOW];
+ size_t env_count;
+} miniroon_env_map;
+
+void miniroon_env_map_zero(miniroon_env_map *emap);
+void miniroon_env_map_init(miniroon_env_map *emap);
+void miniroon_env_map_add(miniroon_env_map *emap, const bytebuffer name);
+miniroon_env_entry * miniroon_env_map_find(miniroon_env_map *emap, const bytebuffer name);
+
+#endif
+
diff --git a/src/gen-miniroon.py b/src/gen-miniroon.py
@@ -12,7 +12,8 @@ class NetString(bytes):
return cls(to_ns(data))
if isinstance(data, str):
return cls(to_ns(data.encode('ascii')))
- return cls(to_ns(b''.join(cls.from_any(i) for i in data)))
+ assert not isinstance(data, dict)
+ return cls(to_ns(to_ns_list(data)))
def to_ns(b):
@@ -20,6 +21,11 @@ def to_ns(b):
return NetString(b'%d:%s,' % (len(b), b))
+def to_ns_list(data):
+ assert not isinstance(data, (dict, bytes, str))
+ return b''.join(NetString.from_any(i) for i in data)
+
+
def miniroon_hmac(key, msg):
print('miniroon_hmac%r' % ((key, msg),), file=sys.stderr)
#return hmac.digest(key, msg, 'blake2s')
@@ -28,16 +34,24 @@ def miniroon_hmac(key, msg):
def make_miniroon(name, action='invoke-once', secret=b'\0'*32, caveats=(), version='capv0'):
hdr = b''.join(NetString.from_any(i) for i in (version, name, action))
+ caveats_ns = [to_ns_list(c) for c in caveats]
sig = miniroon_hmac(secret, hdr)
- for c in caveats:
+ for c in caveats_ns:
sig = miniroon_hmac(sig, c)
return NetString.from_any([
hdr,
- caveats,
+ caveats_ns,
sig,
])
if __name__ == '__main__':
import os
- os.write(1, make_miniroon(name='ccx'))
+ # os.write(1, make_miniroon(name='ccx'))
+ os.write(1, make_miniroon(name='ccx', caveats=[
+ ('env-is', 'var1', 'hello'),
+ ('env-absent', 'var2'),
+ ('env-glob', 'var3', '_*'),
+ # ('x-glob', 'var3', '_*'),
+ ('env-is', 'var3', '_hello'),
+ ]))
diff --git a/src/miniroon-verify.c b/src/miniroon-verify.c
@@ -16,31 +16,12 @@
#include <skalibs/stralloc.h>
#include <skalibs/env.h>
+#include "verify_common.h"
#include "bytebuffer.h"
#include "netstring.h"
#include "hmac_sha2_256.h"
#include "miniroon-header.h"
-
-#define USAGE "miniroon-verify macaroon-fd macaroon-length"
-#define PROG "miniroon-verify"
-
-#define MAX_CAVEATS 256
-#define MAX_ENV_ALLOW 256
-
-typedef struct miniroon_env_entry_s {
- bytebuffer name;
- bytebuffer value;
- enum miniroon_env_state {
- ENV_NO_CHANGE = 0,
- ENV_SET = 1,
- ENV_REMOVE = 2
- } state;
-} miniroon_env_entry;
-
-typedef struct miniroon_env_map_s {
- miniroon_env_entry env[MAX_ENV_ALLOW];
- size_t env_count;
-} miniroon_env_map;
+#include "caveats.h"
typedef struct miniroon_data_s {
miniroon_header hdr;
@@ -49,9 +30,6 @@ typedef struct miniroon_data_s {
} miniroon_data;
/* declarations */
-void miniroon_env_map_init(miniroon_env_map *emap);
-void miniroon_env_map_add(miniroon_env_map *emap, const bytebuffer name);
-miniroon_env_entry * miniroon_env_map_find(miniroon_env_map *emap, const bytebuffer name);
void miniroon_data_init(miniroon_data *data);
void process_payload(const bytebuffer payload);
void validate_caveats(miniroon_data *data);
@@ -95,53 +73,19 @@ void read_secret(const bytebuffer secret){
}
}
-void miniroon_env_map_init(miniroon_env_map *emap) {
- memset(emap, 0, sizeof(miniroon_env_map));
-}
-
-void miniroon_env_map_add(miniroon_env_map *emap, const bytebuffer name) {
- assert(miniroon_env_map_find(emap, name) == NULL);
- assert(emap->env_count < MAX_ENV_ALLOW); // TODO: proper check
- emap->env[emap->env_count++].name = name;
-}
-
-miniroon_env_entry * miniroon_env_map_find(miniroon_env_map *emap, const bytebuffer name) {
- for(size_t i=0; i < emap->env_count; i++) {
- if(bbcmp(emap->env[i].name, name) == 0) {
- return &emap->env[i];
- }
- }
- return NULL;
-}
void validate_caveats(miniroon_data *md) {
- miniroon_env_map emap;
- miniroon_env_map_init(&emap);
+ miniroon_caveats_state state;
+ miniroon_caveats_state_init(&state);
// stralloc env_modif;
- char **env = environ;
- char *var;
- while(var = *(env++)) {
-
- write(2, "env >", 5);
- write(2, var, strlen(var));
- write(2, "<\n", 2);
-
- for(size_t i=0; var[i]; i++) {
- if(var[i] == '-') { continue; }
- if(var[i] >= '0' && var[i] <= '9') { continue; }
- if(var[i] >= 'A' && var[i] <= 'z') { continue; }
- if(var[i] == '=') {
- if(var[i+1]) { break; }
- bytebuffer bb = {var, i};
- miniroon_env_map_add(&emap, bb);
- }
- }
-
+ for(size_t i=0; i < md->caveat_count; i++) {
+ dbg_print_bb1("Validate caveat", md->caveats[i]);
+ miniroon_caveat_prepare(md->caveats[i], &state);
}
-
for(size_t i=0; i < md->caveat_count; i++) {
dbg_print_bb1("Validate caveat", md->caveats[i]);
+ miniroon_caveat_validate(md->caveats[i], &state);
}
}
diff --git a/src/miniroon_caveat_name_perfhash.c b/src/miniroon_caveat_name_perfhash.c
@@ -0,0 +1,107 @@
+#include "miniroon_caveat_name_perfhash.h"
+static enum miniroon_caveat_name_perfhash_key miniroon_caveat_name_perfhash_hash6(const char *string)
+{
+ switch(string[0]) {
+ case 'e':
+ switch(string[1]) {
+ case 'n':
+ switch(string[2]) {
+ case 'v':
+ switch(string[3]) {
+ case '-':
+ switch(string[4]) {
+ case 'i':
+ switch(string[5]) {
+ case 's':
+ return MINIROON_CAVEAT_ENV_IS;
+ }
+ break;
+ case 'r':
+ switch(string[5]) {
+ case 'e':
+ return MINIROON_CAVEAT_ENV_REGMATCH;
+ }
+ }
+ }
+ }
+ }
+ }
+ return MINIROON_CAVEAT_UNDEFINED;
+}
+static enum miniroon_caveat_name_perfhash_key miniroon_caveat_name_perfhash_hash8(const char *string)
+{
+ switch(string[0]) {
+ case 'e':
+ switch(string[1]) {
+ case 'n':
+ switch(string[2]) {
+ case 'v':
+ switch(string[3]) {
+ case '-':
+ switch(string[4]) {
+ case 'g':
+ switch(string[5]) {
+ case 'l':
+ switch(string[6]) {
+ case 'o':
+ switch(string[7]) {
+ case 'b':
+ return MINIROON_CAVEAT_ENV_FNMATCH;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ return MINIROON_CAVEAT_UNDEFINED;
+}
+static enum miniroon_caveat_name_perfhash_key miniroon_caveat_name_perfhash_hash10(const char *string)
+{
+ switch(string[0]) {
+ case 'e':
+ switch(string[1]) {
+ case 'n':
+ switch(string[2]) {
+ case 'v':
+ switch(string[3]) {
+ case '-':
+ switch(string[4]) {
+ case 'a':
+ switch(string[5]) {
+ case 'b':
+ switch(string[6]) {
+ case 's':
+ switch(string[7]) {
+ case 'e':
+ switch(string[8]) {
+ case 'n':
+ switch(string[9]) {
+ case 't':
+ return MINIROON_CAVEAT_ENV_ABSENT;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ return MINIROON_CAVEAT_UNDEFINED;
+}
+enum miniroon_caveat_name_perfhash_key miniroon_caveat_name_perfhash_hash(const char *string, size_t length)
+{
+ switch (length) {
+ case 6:
+ return miniroon_caveat_name_perfhash_hash6(string);
+ case 8:
+ return miniroon_caveat_name_perfhash_hash8(string);
+ case 10:
+ return miniroon_caveat_name_perfhash_hash10(string);
+ default:
+ return MINIROON_CAVEAT_UNDEFINED;
+ }
+}
diff --git a/src/miniroon_caveat_name_perfhash.h b/src/miniroon_caveat_name_perfhash.h
@@ -0,0 +1,13 @@
+#ifndef TRIE_HASH_miniroon_caveat_name_perfhash_hash
+#define TRIE_HASH_miniroon_caveat_name_perfhash_hash
+#include <stddef.h>
+#include <stdint.h>
+enum miniroon_caveat_name_perfhash_key {
+ MINIROON_CAVEAT_ENV_ABSENT = 2,
+ MINIROON_CAVEAT_ENV_FNMATCH = 4,
+ MINIROON_CAVEAT_ENV_IS = 1,
+ MINIROON_CAVEAT_ENV_REGMATCH = 3,
+ MINIROON_CAVEAT_UNDEFINED = 0,
+};
+enum miniroon_caveat_name_perfhash_key miniroon_caveat_name_perfhash_hash(const char *string, size_t length);
+#endif /* TRIE_HASH_miniroon_caveat_name_perfhash_hash */
diff --git a/src/miniroon_caveat_name_perfhash.txt b/src/miniroon_caveat_name_perfhash.txt
@@ -0,0 +1,5 @@
+MINIROON_CAVEAT_UNDEFINED ~ = 0
+MINIROON_CAVEAT_ENV_IS ~ env-is
+MINIROON_CAVEAT_ENV_ABSENT ~ env-absent
+MINIROON_CAVEAT_ENV_REGMATCH ~ env-re
+MINIROON_CAVEAT_ENV_FNMATCH ~ env-glob
diff --git a/src/miniroon_caveats.c b/src/miniroon_caveats.c
@@ -1,74 +0,0 @@
-#ifndef TRIE_HASH_PerfectHash
-#define TRIE_HASH_PerfectHash
-#include <stddef.h>
-#include <stdint.h>
-enum PerfectKey {
- MINIROON_CAVEAT_ENV_MATCH = 2,
- MINIROON_CAVEAT_ENV_REMOVE = 1,
- MINIROON_CAVEAT_ENV_SET = 0,
- Unknown = -1,
-};
-static enum PerfectKey PerfectHash(const char *string, size_t length);
-#ifdef __GNUC__
-typedef uint16_t __attribute__((aligned (1))) triehash_uu16;
-typedef char static_assert16[__alignof__(triehash_uu16) == 1 ? 1 : -1];
-typedef uint32_t __attribute__((aligned (1))) triehash_uu32;
-typedef char static_assert32[__alignof__(triehash_uu32) == 1 ? 1 : -1];
-typedef uint64_t __attribute__((aligned (1))) triehash_uu64;
-typedef char static_assert64[__alignof__(triehash_uu64) == 1 ? 1 : -1];
-#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
-#define onechar(c, s, l) (((uint64_t)(c)) << (s))
-#else
-#define onechar(c, s, l) (((uint64_t)(c)) << (l-8-s))
-#endif
-#if (!defined(__ARM_ARCH) || defined(__ARM_FEATURE_UNALIGNED)) && !defined(TRIE_HASH_NO_MULTI_BYTE)
-#define TRIE_HASH_MULTI_BYTE
-#endif
-#endif /*GNUC */
-#ifdef TRIE_HASH_MULTI_BYTE
-static enum PerfectKey PerfectHash2(const char *string)
-{
- switch(string[0]) {
- case 0| onechar('E', 0, 8):
- switch(string[1]) {
- case 0| onechar('M', 0, 8):
- return MINIROON_CAVEAT_ENV_MATCH;
- break;
- case 0| onechar('R', 0, 8):
- return MINIROON_CAVEAT_ENV_REMOVE;
- break;
- case 0| onechar('S', 0, 8):
- return MINIROON_CAVEAT_ENV_SET;
- }
- }
- return Unknown;
-}
-#else
-static enum PerfectKey PerfectHash2(const char *string)
-{
- switch(string[0]) {
- case 'E':
- switch(string[1]) {
- case 'M':
- return MINIROON_CAVEAT_ENV_MATCH;
- break;
- case 'R':
- return MINIROON_CAVEAT_ENV_REMOVE;
- break;
- case 'S':
- return MINIROON_CAVEAT_ENV_SET;
- }
- }
- return Unknown;
-}
-#endif /* TRIE_HASH_MULTI_BYTE */
-static enum PerfectKey PerfectHash(const char *string, size_t length)
-{
- switch (length) {
- case 2:
- return PerfectHash2(string);
- default:
- return Unknown;
- }
-}
-#endif /* TRIE_HASH_PerfectHash */
diff --git a/src/miniroon_caveats.txt b/src/miniroon_caveats.txt
@@ -1,3 +0,0 @@
-MINIROON_CAVEAT_ENV_SET ~ ES
-MINIROON_CAVEAT_ENV_REMOVE ~ ER
-MINIROON_CAVEAT_ENV_MATCH ~ EM
diff --git a/src/verify_common.h b/src/verify_common.h
@@ -0,0 +1,15 @@
+#ifndef MINIROON_VERIFY_COMMON_H
+#define MINIROON_VERIFY_COMMON_H
+
+#ifdef PROG
+#error PROG already defined
+#endif /* PROG */
+
+#include <skalibs/strerr.h>
+
+#define USAGE "miniroon-verify macaroon-fd macaroon-length"
+#define PROG "miniroon-verify"
+
+#define MAX_CAVEATS 256
+
+#endif
