}
n = sbb.iov.iov_len;
PARA_INFO_LOG("<-- [challenge] (%zu bytes)\n", n);
- ret = priv_decrypt(ct->key_file, crypt_buf,
+ ret = apc_priv_decrypt(ct->key_file, crypt_buf,
sbb.iov.iov_base, n);
free(sbb.iov.iov_base);
if (ret < 0)
goto out;
ct->challenge_hash = para_malloc(HASH_SIZE);
- hash_function((char *)crypt_buf, CHALLENGE_SIZE, ct->challenge_hash);
- ct->scc.send = sc_new(crypt_buf + CHALLENGE_SIZE, SESSION_KEY_LEN);
- ct->scc.recv = sc_new(crypt_buf + CHALLENGE_SIZE + SESSION_KEY_LEN,
+ hash_function((char *)crypt_buf, APC_CHALLENGE_SIZE, ct->challenge_hash);
+ ct->scc.send = sc_new(crypt_buf + APC_CHALLENGE_SIZE, SESSION_KEY_LEN);
+ ct->scc.recv = sc_new(crypt_buf + APC_CHALLENGE_SIZE + SESSION_KEY_LEN,
SESSION_KEY_LEN);
hash_to_asc(ct->challenge_hash, buf);
PARA_INFO_LOG("--> %s\n", buf);
__noreturn void handle_connect(int fd)
{
int ret;
- unsigned char rand_buf[CHALLENGE_SIZE + 2 * SESSION_KEY_LEN];
+ unsigned char rand_buf[APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN];
unsigned char challenge_hash[HASH_SIZE];
char *command = NULL, *buf = para_malloc(HANDSHAKE_BUFSIZE) /* must be on the heap */;
size_t numbytes;
goto net_err;
if (cc->u) {
get_random_bytes_or_die(rand_buf, sizeof(rand_buf));
- ret = pub_encrypt(cc->u->pubkey, rand_buf, sizeof(rand_buf),
+ ret = apc_pub_encrypt(cc->u->pubkey, rand_buf, sizeof(rand_buf),
(unsigned char *)buf);
if (ret < 0)
goto net_err;
get_random_bytes_or_die((unsigned char *)buf, numbytes);
}
PARA_DEBUG_LOG("sending %d byte challenge + session key (%zu bytes)\n",
- CHALLENGE_SIZE, numbytes);
+ APC_CHALLENGE_SIZE, numbytes);
ret = send_sb(&cc->scc, buf, numbytes, SBD_CHALLENGE, false);
buf = NULL;
if (ret < 0)
if (!cc->u)
goto net_err;
/*
- * The correct response is the hash of the first CHALLENGE_SIZE bytes
+ * The correct response is the hash of the first APC_CHALLENGE_SIZE bytes
* of the random data.
*/
ret = -E_BAD_AUTH;
if (numbytes != HASH_SIZE)
goto net_err;
- hash_function((char *)rand_buf, CHALLENGE_SIZE, challenge_hash);
+ hash_function((char *)rand_buf, APC_CHALLENGE_SIZE, challenge_hash);
if (memcmp(challenge_hash, buf, HASH_SIZE))
goto net_err;
/* auth successful */
alarm(0);
PARA_INFO_LOG("good auth for %s\n", cc->u->name);
/* init stream cipher keys with the second part of the random buffer */
- cc->scc.recv = sc_new(rand_buf + CHALLENGE_SIZE, SESSION_KEY_LEN);
- cc->scc.send = sc_new(rand_buf + CHALLENGE_SIZE + SESSION_KEY_LEN,
+ cc->scc.recv = sc_new(rand_buf + APC_CHALLENGE_SIZE, SESSION_KEY_LEN);
+ cc->scc.send = sc_new(rand_buf + APC_CHALLENGE_SIZE + SESSION_KEY_LEN,
SESSION_KEY_LEN);
ret = send_sb(&cc->scc, NULL, 0, SBD_PROCEED, false);
if (ret < 0)
/** \file crypt.h Public crypto interface. */
+/*
+ * Asymmetric pubkey cryptosystem (apc).
+ *
+ * This is just RSA, but this fact is a hidden implementation detail.
+ */
+
/** The size of the challenge sent to the client. */
-#define CHALLENGE_SIZE 64
+#define APC_CHALLENGE_SIZE 64
/** Opaque structure for public and private keys. */
struct asymmetric_key;
*
* \return The size of the encrypted data on success, negative on errors.
*/
-int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
+int apc_pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
unsigned len, unsigned char *outbuf);
/**
*
* \return The size of the recovered plaintext on success, negative on errors.
*/
-int priv_decrypt(const char *key_file, unsigned char *outbuf,
+int apc_priv_decrypt(const char *key_file, unsigned char *outbuf,
unsigned char *inbuf, int inlen);
/**
*
* \return The size of the key on success, negative on errors.
*/
-int get_public_key(const char *key_file, struct asymmetric_key **result);
+int apc_get_pubkey(const char *key_file, struct asymmetric_key **result);
/**
* Deallocate a public key.
*
* \param key Pointer to the key structure to free.
*
- * This should be called for keys obtained by get_public_key() if the key is no
+ * This should be called for keys obtained by \ref apc_get_pubkey() if the key is no
* longer needed.
*/
-void free_public_key(struct asymmetric_key *key);
+void apc_free_pubkey(struct asymmetric_key *key);
/**
return ret;
}
-int get_public_key(const char *key_file, struct asymmetric_key **result)
+int apc_get_pubkey(const char *key_file, struct asymmetric_key **result)
{
unsigned char *blob, *p, *end;
int ret;
return ret;
}
-void free_public_key(struct asymmetric_key *key)
+void apc_free_pubkey(struct asymmetric_key *key)
{
if (!key)
return;
return 1;
}
-int priv_decrypt(const char *key_file, unsigned char *outbuf,
+int apc_priv_decrypt(const char *key_file, unsigned char *outbuf,
unsigned char *inbuf, int inlen)
{
gcry_error_t gret;
return ret;
}
-int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
+int apc_pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
unsigned len, unsigned char *outbuf)
{
gcry_error_t gret;
return ret;
}
-int get_public_key(const char *key_file, struct asymmetric_key **result)
+int apc_get_pubkey(const char *key_file, struct asymmetric_key **result)
{
unsigned char *blob;
size_t decoded_size;
return ret;
}
-void free_public_key(struct asymmetric_key *key)
+void apc_free_pubkey(struct asymmetric_key *key)
{
if (!key)
return;
free(key);
}
-int priv_decrypt(const char *key_file, unsigned char *outbuf,
+int apc_priv_decrypt(const char *key_file, unsigned char *outbuf,
unsigned char *inbuf, int inlen)
{
struct asymmetric_key *priv;
return ret;
}
-int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
+int apc_pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
unsigned len, unsigned char *outbuf)
{
int ret, flen = len; /* RSA_public_encrypt expects a signed int */
if (strcmp(w, "user"))
continue;
PARA_DEBUG_LOG("found entry for user %s\n", n);
- ret = get_public_key(k, &pubkey);
+ ret = apc_get_pubkey(k, &pubkey);
if (ret < 0) {
PARA_NOTICE_LOG("skipping entry for user %s: %s\n", n,
para_strerror(-ret));
continue;
}
/*
- * In order to encrypt len := CHALLENGE_SIZE + 2 * SESSION_KEY_LEN
+ * In order to encrypt len := APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN
* bytes using RSA_public_encrypt() with EME-OAEP padding mode,
* RSA_size(rsa) must be greater than len + 41. So ignore keys
* which are too short. For details see RSA_public_encrypt(3).
*/
- if (ret <= CHALLENGE_SIZE + 2 * SESSION_KEY_LEN + 41) {
+ if (ret <= APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN + 41) {
PARA_WARNING_LOG("public key %s too short (%d)\n",
k, ret);
- free_public_key(pubkey);
+ apc_free_pubkey(pubkey);
continue;
}
u = para_malloc(sizeof(*u));
list_for_each_entry_safe(u, tmp, &user_list, node) {
list_del(&u->node);
free(u->name);
- free_public_key(u->pubkey);
+ apc_free_pubkey(u->pubkey);
free(u);
}
} else
projects / paraslash.git / commitdiff