simplify pin entry by breaking up into groups and auto-completion (#7088)

10 files changed, 129 insertions, 15 deletions

diff --git a/src/authorization/anastasis_authorization_plugin_email.c b/src/authorization/anastasis_authorization_plugin_email.c
index d968252..2284988 100644
--- a/src/authorization/anastasis_authorization_plugin_email.c
+++ b/src/authorization/anastasis_authorization_plugin_email.c
@@ -378,7 +378,7 @@ email_process (struct ANASTASIS_AUTHORIZATION_State *as,
                      get_message (as->ctx->messages,
                                   connection,
                                   "body"),
-                     (unsigned long long) as->code,
+                     ANASTASIS_pin2s (as->code),
                      ANASTASIS_CRYPTO_uuid2s (&as->truth_uuid));
 
     {
diff --git a/src/authorization/anastasis_authorization_plugin_post.c b/src/authorization/anastasis_authorization_plugin_post.c
index 4692317..4f901d2 100644
--- a/src/authorization/anastasis_authorization_plugin_post.c
+++ b/src/authorization/anastasis_authorization_plugin_post.c
@@ -452,7 +452,7 @@ post_process (struct ANASTASIS_AUTHORIZATION_State *as,
                      get_message (as->ctx->messages,
                                   connection,
                                   "body"),
-                     (unsigned long long) as->code,
+                     ANASTASIS_pin2s (as->code),
                      ANASTASIS_CRYPTO_uuid2s (&as->truth_uuid));
     {
       const char *off = as->msg;
diff --git a/src/authorization/anastasis_authorization_plugin_sms.c b/src/authorization/anastasis_authorization_plugin_sms.c
index 2fed576..98152ef 100644
--- a/src/authorization/anastasis_authorization_plugin_sms.c
+++ b/src/authorization/anastasis_authorization_plugin_sms.c
@@ -374,8 +374,8 @@ sms_process (struct ANASTASIS_AUTHORIZATION_State *as,
     GNUNET_assert (NULL != pipe_stdin);
     GNUNET_DISK_pipe_close (p);
     GNUNET_asprintf (&as->msg,
-                     "A-%llu\nAnastasis\n: %s",
-                     (unsigned long long) as->code,
+                     "%s\nAnastasis\n: %s",
+                     ANASTASIS_pin2s (as->code),
                      ANASTASIS_CRYPTO_uuid2s (&as->truth_uuid));
     {
       const char *off = as->msg;
diff --git a/src/authorization/authorization-email-messages.json b/src/authorization/authorization-email-messages.json
index 5a2e048..5e4ddb3 100644
--- a/src/authorization/authorization-email-messages.json
+++ b/src/authorization/authorization-email-messages.json
@@ -3,8 +3,8 @@
     "instructions_i18n" : {
         "de_DE" : "Ein Authorisierungscode wurde an %.*s@DOMAIN geschickt"
     },
-    "body" : "Your Anastasis recovery code is:\nA-%llu\n\nThis is for challenge %s.\n",
+    "body" : "Your Anastasis recovery code is:\n%s\n\nThis is for challenge %s.\n",
     "body_i18n" : {
-        "de_DE" : "Ihr Anastasis Autorisierungscode ist:\nA-%llu\n\nDies ist der Code für den Vorgang %s.\n"
+        "de_DE" : "Ihr Anastasis Autorisierungscode ist:\n%s\n\nDies ist der Code für den Vorgang %s.\n"
     }
 }
diff --git a/src/authorization/authorization-post-messages.json b/src/authorization/authorization-post-messages.json
index d2ac83a..c48c8ab 100644
--- a/src/authorization/authorization-post-messages.json
+++ b/src/authorization/authorization-post-messages.json
@@ -3,5 +3,5 @@
     "instructions_i18n" : {
         "de_DE" : "Ein Authorisierungscode wurde an eine Addresse mit der Postleitzahl %s geschickt"
     },
-    "body" : "Dear Customer\n\nThe Anastasis recovery code you need to\nrecover your data is A-%llu.\nThis is for challenge %s.\n\nBest regards\n\nYour Anastasis provider"
+    "body" : "Dear Customer\n\nThe Anastasis recovery code you need to\nrecover your data is %s.\nThis is for challenge %s.\n\nBest regards\n\nYour Anastasis provider"
 }
diff --git a/src/include/anastasis_util_lib.h b/src/include/anastasis_util_lib.h
index 07b021b..602e1cc 100644
--- a/src/include/anastasis_util_lib.h
+++ b/src/include/anastasis_util_lib.h
@@ -30,6 +30,17 @@
 
 
 /**
+ * Maximum value allowed for PINs. Limited to 10^15 < 2^52 to ensure the
+ * numeric value survives a conversion to float by JavaScript.
+ *
+ * NOTE: Do not change this value, we map it to a string like
+ * 42353-256-6521-241 and that mapping fails if the number
+ * does not have exactly 15 digits!
+ */
+#define ANASTASIS_PIN_MAX_VALUE 1000000000000000
+
+
+/**
  * Return default project data used by Anastasis.
  */
 const struct GNUNET_OS_ProjectData *
@@ -86,4 +97,26 @@ void
 ANASTASIS_wait_child_cancel (struct ANASTASIS_ChildWaitHandle *cwh);
 
 
+/**
+ * Convert input string @a as into @a pin.
+ *
+ * @param as input of the form 42355-256-2262-265
+ * @param[out] pin set to numeric pin
+ * @return false if @as is malformed
+ */
+bool
+ANASTASIS_scan_pin (const char *as,
+                    unsigned long long *pin);
+
+
+/**
+ * Convert numeric pin to human-readable number for display.
+ *
+ * @param pin number to convert
+ * @return static (!) buffer with the text to show
+ */
+const char *
+ANASTASIS_pin2s (uint64_t pin);
+
+
 #endif
diff --git a/src/lib/anastasis_recovery.c b/src/lib/anastasis_recovery.c
index 528bbd1..b85b0f6 100644
--- a/src/lib/anastasis_recovery.c
+++ b/src/lib/anastasis_recovery.c
@@ -1033,6 +1033,8 @@ ANASTASIS_recovery_serialize (const struct ANASTASIS_Recovery *r)
     cs = GNUNET_JSON_PACK (
       GNUNET_JSON_pack_data_auto ("uuid",
                                   &c->ci.uuid),
+      GNUNET_JSON_pack_string ("uuid-display",
+                               ANASTASIS_CRYPTO_uuid2s (&c->ci.uuid)),
       GNUNET_JSON_pack_data_auto ("truth_key",
                                   &c->truth_key),
       GNUNET_JSON_pack_data_auto ("salt",
diff --git a/src/stasis/plugin_anastasis_postgres.c b/src/stasis/plugin_anastasis_postgres.c
index 813da94..6bb7f32 100644
--- a/src/stasis/plugin_anastasis_postgres.c
+++ b/src/stasis/plugin_anastasis_postgres.c
@@ -38,12 +38,6 @@
  */
 #define MAX_RETRIES 3
 
-/**
- * Maximum value allowed for nonces. Limited to 2^52 to ensure the
- * numeric value survives a conversion to float by JavaScript.
- */
-#define NONCE_MAX_VALUE (1LLU << 52)
-
 
 /**
  * Type of the "cls" argument given to each of the functions in
@@ -2629,7 +2623,7 @@ postgres_create_challenge_code (
     }
 
     *code = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_NONCE,
-                                      NONCE_MAX_VALUE);
+                                      ANASTASIS_PIN_MAX_VALUE);
     *retransmission_date = GNUNET_TIME_UNIT_ZERO_TS;
     {
       struct GNUNET_PQ_QueryParam params[] = {
diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index 22c7a1c..4e64c0e 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -34,7 +34,8 @@ lib_LTLIBRARIES = \
 
 libanastasisutil_la_SOURCES = \
   anastasis_crypto.c \
-  os_installation.c
+  os_installation.c \
+  pin.c
 libanastasisutil_la_LIBADD = \
   -lgnunetutil \
   $(LIBGCRYPT_LIBS) \
diff --git a/src/util/pin.c b/src/util/pin.c
new file mode 100644
index 0000000..0285bb0
--- /dev/null
+++ b/src/util/pin.c
@@ -0,0 +1,84 @@
+/*
+     This file is part of GNU Anastasis.
+     Copyright (C) 2021 Anastasis SARL
+
+     Anastasis is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published
+     by the Free Software Foundation; either version 3, or (at your
+     option) any later version.
+
+     Anastasis is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     General Public License for more details.
+
+     You should have received a copy of the GNU General Public License
+     along with Anastasis; see the file COPYING.  If not, write to the
+     Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA 02110-1301, USA.
+*/
+
+/**
+ * @file anastasis/src/util/pin.c
+ * @brief pin conversion functions
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "anastasis_util_lib.h"
+
+
+bool
+ANASTASIS_scan_pin (const char *as,
+                    unsigned long long *pin)
+{
+  char dummy;
+  char s[16];
+
+  if ( (NULL != as) &&
+       (0 == strncasecmp ("A-", as, 2)) )
+    as += 2; /* skip "A-" prefix if present */
+  if (strlen (as) != 18)
+    return false;
+  if ( ('-' != as[5]) ||
+       ('-' != as[9]) ||
+       ('-' != as[14]) )
+    return false;
+  GNUNET_snprintf (s,
+                   sizeof (s),
+                   "%.5s%.3s%.4s%.3s",
+                   as,
+                   &as[6],
+                   &as[10],
+                   &as[15]);
+  if (1 != sscanf (s,
+                   "%llu%c",
+                   pin,
+                   &dummy))
+  {
+    GNUNET_break (0);
+    return false;
+  }
+  return true;
+}
+
+
+const char *
+ANASTASIS_pin2s (uint64_t pin)
+{
+  static char buf[22];
+  char tmp[16];
+
+  GNUNET_assert (pin < ANASTASIS_PIN_MAX_VALUE);
+  GNUNET_snprintf (tmp,
+                   sizeof (tmp),
+                   "%015llu",
+                   (unsigned long long) pin);
+  GNUNET_snprintf (buf,
+                   sizeof (buf),
+                   "A-%.5s-%.3s-%.4s-%.3s",
+                   tmp,
+                   &tmp[5],
+                   &tmp[8],
+                   &tmp[12]);
+  return buf;
+}