From: Andre Noll Date: Thu, 28 Dec 2017 14:52:31 +0000 (+0100) Subject: crypt: Rename RSA functions. X-Git-Tag: v0.6.2~5^2~4 X-Git-Url: http://git.tue.mpg.de/?a=commitdiff_plain;h=a4c2c4f9c7cd;p=paraslash.git crypt: Rename RSA functions. This renames the functions and constants of the public crypto API which deal with RSA to have the common "apc" (asymmetric pubkey cryptosystem) prefix. This hides RSA as an implementation detail and makes it clear that the functions/constants are related to apc. Pure renaming, no semantic change. The only other changes are a new comment to crypt.h and a \ref statement in the doxygen comment of apc_free_pubkey(). --- diff --git a/client_common.c b/client_common.c index 97d29f8f..0d87a8d2 100644 --- a/client_common.c +++ b/client_common.c @@ -318,15 +318,15 @@ static int client_post_select(struct sched *s, void *context) } n = sbb.iov.iov_len; PARA_INFO_LOG("<-- [challenge] (%zu bytes)\n", n); - ret = priv_decrypt(ct->key_file, crypt_buf, + ret = apc_priv_decrypt(ct->key_file, crypt_buf, sbb.iov.iov_base, n); free(sbb.iov.iov_base); if (ret < 0) goto out; ct->challenge_hash = para_malloc(HASH_SIZE); - hash_function((char *)crypt_buf, CHALLENGE_SIZE, ct->challenge_hash); - ct->scc.send = sc_new(crypt_buf + CHALLENGE_SIZE, SESSION_KEY_LEN); - ct->scc.recv = sc_new(crypt_buf + CHALLENGE_SIZE + SESSION_KEY_LEN, + hash_function((char *)crypt_buf, APC_CHALLENGE_SIZE, ct->challenge_hash); + ct->scc.send = sc_new(crypt_buf + APC_CHALLENGE_SIZE, SESSION_KEY_LEN); + ct->scc.recv = sc_new(crypt_buf + APC_CHALLENGE_SIZE + SESSION_KEY_LEN, SESSION_KEY_LEN); hash_to_asc(ct->challenge_hash, buf); PARA_INFO_LOG("--> %s\n", buf); diff --git a/command.c b/command.c index 203fd47b..e934e23b 100644 --- a/command.c +++ b/command.c @@ -881,7 +881,7 @@ static int run_command(struct command_context *cc, struct iovec *iov) __noreturn void handle_connect(int fd) { int ret; - unsigned char rand_buf[CHALLENGE_SIZE + 2 * SESSION_KEY_LEN]; + unsigned char rand_buf[APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN]; unsigned char challenge_hash[HASH_SIZE]; char *command = NULL, *buf = para_malloc(HANDSHAKE_BUFSIZE) /* must be on the heap */; size_t numbytes; @@ -911,7 +911,7 @@ __noreturn void handle_connect(int fd) goto net_err; if (cc->u) { get_random_bytes_or_die(rand_buf, sizeof(rand_buf)); - ret = pub_encrypt(cc->u->pubkey, rand_buf, sizeof(rand_buf), + ret = apc_pub_encrypt(cc->u->pubkey, rand_buf, sizeof(rand_buf), (unsigned char *)buf); if (ret < 0) goto net_err; @@ -926,7 +926,7 @@ __noreturn void handle_connect(int fd) get_random_bytes_or_die((unsigned char *)buf, numbytes); } PARA_DEBUG_LOG("sending %d byte challenge + session key (%zu bytes)\n", - CHALLENGE_SIZE, numbytes); + APC_CHALLENGE_SIZE, numbytes); ret = send_sb(&cc->scc, buf, numbytes, SBD_CHALLENGE, false); buf = NULL; if (ret < 0) @@ -942,21 +942,21 @@ __noreturn void handle_connect(int fd) if (!cc->u) goto net_err; /* - * The correct response is the hash of the first CHALLENGE_SIZE bytes + * The correct response is the hash of the first APC_CHALLENGE_SIZE bytes * of the random data. */ ret = -E_BAD_AUTH; if (numbytes != HASH_SIZE) goto net_err; - hash_function((char *)rand_buf, CHALLENGE_SIZE, challenge_hash); + hash_function((char *)rand_buf, APC_CHALLENGE_SIZE, challenge_hash); if (memcmp(challenge_hash, buf, HASH_SIZE)) goto net_err; /* auth successful */ alarm(0); PARA_INFO_LOG("good auth for %s\n", cc->u->name); /* init stream cipher keys with the second part of the random buffer */ - cc->scc.recv = sc_new(rand_buf + CHALLENGE_SIZE, SESSION_KEY_LEN); - cc->scc.send = sc_new(rand_buf + CHALLENGE_SIZE + SESSION_KEY_LEN, + cc->scc.recv = sc_new(rand_buf + APC_CHALLENGE_SIZE, SESSION_KEY_LEN); + cc->scc.send = sc_new(rand_buf + APC_CHALLENGE_SIZE + SESSION_KEY_LEN, SESSION_KEY_LEN); ret = send_sb(&cc->scc, NULL, 0, SBD_PROCEED, false); if (ret < 0) diff --git a/crypt.h b/crypt.h index 22182d6c..3e5a8d31 100644 --- a/crypt.h +++ b/crypt.h @@ -2,8 +2,14 @@ /** \file crypt.h Public crypto interface. */ +/* + * Asymmetric pubkey cryptosystem (apc). + * + * This is just RSA, but this fact is a hidden implementation detail. + */ + /** The size of the challenge sent to the client. */ -#define CHALLENGE_SIZE 64 +#define APC_CHALLENGE_SIZE 64 /** Opaque structure for public and private keys. */ struct asymmetric_key; @@ -18,7 +24,7 @@ struct asymmetric_key; * * \return The size of the encrypted data on success, negative on errors. */ -int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf, +int apc_pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf, unsigned len, unsigned char *outbuf); /** @@ -33,7 +39,7 @@ int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf, * * \return The size of the recovered plaintext on success, negative on errors. */ -int priv_decrypt(const char *key_file, unsigned char *outbuf, +int apc_priv_decrypt(const char *key_file, unsigned char *outbuf, unsigned char *inbuf, int inlen); /** @@ -44,17 +50,17 @@ int priv_decrypt(const char *key_file, unsigned char *outbuf, * * \return The size of the key on success, negative on errors. */ -int get_public_key(const char *key_file, struct asymmetric_key **result); +int apc_get_pubkey(const char *key_file, struct asymmetric_key **result); /** * Deallocate a public key. * * \param key Pointer to the key structure to free. * - * This should be called for keys obtained by get_public_key() if the key is no + * This should be called for keys obtained by \ref apc_get_pubkey() if the key is no * longer needed. */ -void free_public_key(struct asymmetric_key *key); +void apc_free_pubkey(struct asymmetric_key *key); /** diff --git a/gcrypt.c b/gcrypt.c index 2398a605..b21cf722 100644 --- a/gcrypt.c +++ b/gcrypt.c @@ -366,7 +366,7 @@ free_blob: return ret; } -int get_public_key(const char *key_file, struct asymmetric_key **result) +int apc_get_pubkey(const char *key_file, struct asymmetric_key **result) { unsigned char *blob, *p, *end; int ret; @@ -421,7 +421,7 @@ free_blob: return ret; } -void free_public_key(struct asymmetric_key *key) +void apc_free_pubkey(struct asymmetric_key *key) { if (!key) return; @@ -439,7 +439,7 @@ static int decode_rsa(gcry_sexp_t sexp, unsigned char *outbuf, size_t *nbytes) return 1; } -int priv_decrypt(const char *key_file, unsigned char *outbuf, +int apc_priv_decrypt(const char *key_file, unsigned char *outbuf, unsigned char *inbuf, int inlen) { gcry_error_t gret; @@ -506,7 +506,7 @@ free_key: return ret; } -int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf, +int apc_pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf, unsigned len, unsigned char *outbuf) { gcry_error_t gret; diff --git a/openssl.c b/openssl.c index 99b3f7a6..70a13aaa 100644 --- a/openssl.c +++ b/openssl.c @@ -137,7 +137,7 @@ fail: return ret; } -int get_public_key(const char *key_file, struct asymmetric_key **result) +int apc_get_pubkey(const char *key_file, struct asymmetric_key **result) { unsigned char *blob; size_t decoded_size; @@ -164,7 +164,7 @@ out: return ret; } -void free_public_key(struct asymmetric_key *key) +void apc_free_pubkey(struct asymmetric_key *key) { if (!key) return; @@ -172,7 +172,7 @@ void free_public_key(struct asymmetric_key *key) free(key); } -int priv_decrypt(const char *key_file, unsigned char *outbuf, +int apc_priv_decrypt(const char *key_file, unsigned char *outbuf, unsigned char *inbuf, int inlen) { struct asymmetric_key *priv; @@ -207,7 +207,7 @@ out: return ret; } -int pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf, +int apc_pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf, unsigned len, unsigned char *outbuf) { int ret, flen = len; /* RSA_public_encrypt expects a signed int */ diff --git a/user_list.c b/user_list.c index e4866029..9db08715 100644 --- a/user_list.c +++ b/user_list.c @@ -44,22 +44,22 @@ static void populate_user_list(char *user_list_file) if (strcmp(w, "user")) continue; PARA_DEBUG_LOG("found entry for user %s\n", n); - ret = get_public_key(k, &pubkey); + ret = apc_get_pubkey(k, &pubkey); if (ret < 0) { PARA_NOTICE_LOG("skipping entry for user %s: %s\n", n, para_strerror(-ret)); continue; } /* - * In order to encrypt len := CHALLENGE_SIZE + 2 * SESSION_KEY_LEN + * In order to encrypt len := APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN * bytes using RSA_public_encrypt() with EME-OAEP padding mode, * RSA_size(rsa) must be greater than len + 41. So ignore keys * which are too short. For details see RSA_public_encrypt(3). */ - if (ret <= CHALLENGE_SIZE + 2 * SESSION_KEY_LEN + 41) { + if (ret <= APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN + 41) { PARA_WARNING_LOG("public key %s too short (%d)\n", k, ret); - free_public_key(pubkey); + apc_free_pubkey(pubkey); continue; } u = para_malloc(sizeof(*u)); @@ -110,7 +110,7 @@ void init_user_list(char *user_list_file) list_for_each_entry_safe(u, tmp, &user_list, node) { list_del(&u->node); free(u->name); - free_public_key(u->pubkey); + apc_free_pubkey(u->pubkey); free(u); } } else