static bool
userinfo2str (strbuf &sb, const sfsauth_userinfo *ui)
{
str audit = single_char_sub (ui->audit, ':', ".");
if (!namerx.match (ui->name) ||
(ui->owner && !namerx.match (*ui->owner)) ||
!nobadrx.match (ui->privs) ||
badcharrx.search (ui->pwauth) ||
badcharrx.search (audit))
return false;
sb << ui->name;
sb.fmt (":%u:%u:%u:", ui->id, ui->vers, ui->gid);
if (ui->owner)
sb << *ui->owner;
sb << ":";
ptr<sfspub> pk = sfscrypt.alloc (ui->pubkey);
if (!pk)
return false;
pk->export_pubkey (sb);
sb << ":" << ui->privs << ":" << ui->pwauth << ":";
str priv = str2wstr (armor64 (ui->privkey.base (), ui->privkey.size()));
sb << priv << ":";
sfs_2schnorr_priv::export_keyhalf (ui->srvprivkey, sb);
// sb << ":" << ui->refresh << ":" << ui->timeout;
sb << ":" << audit;
return true;
}
str
authclnt::siglogline (const sfsauth2_sign_arg &arg, const str &uname)
{
str req = xdr2str (arg);
if (!req) return NULL;
req = armor64 (req);
str tm = single_char_sub (timestr (), ':', ".");
strbuf line;
line << "SIGN:" << uname << ":" << client_name << ":" << tm << ":"
<< req << "\n";
return line;
}
void write_skfile (const char *skfname, void *raw_sk, size_t raw_sklen)
{
int fdsk = 0;
char *s = NULL;
int status = 0;
/* armor the raw symmetric key in raw_sk using armor64 */
s = armor64(raw_sk,raw_sklen);
/* now let's write the armored symmetric key to skfname */
if ((fdsk = open(skfname, O_WRONLY|O_TRUNC|O_CREAT, 0600)) == -1)
{
perror(getprogname());
/* scrub the buffers that are holding the keys before exiting */
memset(raw_sk,0,raw_sklen*sizeof(char));
free(raw_sk);
raw_sk = NULL;
memset(s,0,strlen(s));
free(s);
s = NULL;
exit(-1);
}
else
{
status = write(fdsk, s, strlen (s));
if (status != -1)
{
status = write(fdsk, "\n", 1);
}
/* scrub local buffer containing armored keys */
memset(s,0,strlen(s));
free(s);
s = NULL;
close(fdsk);
if (status == -1)
{
printf("%s: trouble writing symmetric key to file %s\n", getprogname(), skfname);
perror(getprogname());
/* scrub the buffers that are holding the keys before exiting */
memset(raw_sk,0,raw_sklen*sizeof(char));
free(raw_sk);
raw_sk = NULL;
memset(s,0,strlen(s));
free(s);
s = NULL;
exit(-1);
}
}
}
void
write_skfile (const char *skfname, void *raw_sk, size_t raw_sklen)
{
int fdsk = 0;
char *s = NULL;
int status = 0;
/* armor the raw symmetric key in raw_sk using armor64 */
/* YOUR CODE HERE */
s = (char*)malloc(raw_sklen * sizeof(char));
s = armor64(raw_sk, raw_sklen);
/* now let's write the armored symmetric key to skfname */
if ((fdsk = open (skfname, O_WRONLY|O_TRUNC|O_CREAT, 0600)) == -1) {
perror (getprogname ());
free (s);
/* scrub the buffer that's holding the key before exiting */
/* YOUR CODE HERE */
bzero(raw_sk, raw_sklen);
free(raw_sk);
exit (-1);
}
else {
status = write (fdsk, s, strlen (s));
if (status != -1) {
status = write (fdsk, "\n", 1);
}
free (s);
close (fdsk);
/* do not scrub the key buffer under normal circumstances
(it's up to the caller) */
if (status == -1) {
printf ("%s: trouble writing symmetric key to file %s\n",
getprogname (), skfname);
perror (getprogname ());
/* scrub the buffer that's holding the key before exiting */
/* YOUR CODE HERE */
bzero(raw_sk, raw_sklen);
free(raw_sk);
exit (-1);
}
}
}
void
nidh (dckey *priv, dckey *pub, char *priv_id, char *pub_id, char *label)
{
rawpub rpub;
rawpriv rpriv;
int reserve;
/* Let's name it that! */
/* step 0: check that the private and public keys are compatible,
i.e., they use the same group parameters */
if ((-1 == get_rawpub (&rpub, pub))
|| (-1 == get_rawpriv (&rpriv, priv))) {
printf ("%s: trouble importing GMP values from ElGamal-like keys\n",
getprogname ());
printf ("priv:\n%s\n", dcexport_priv (priv));
printf ("pub:\n%s\n", dcexport_pub (pub));
exit (-1);
} else if (mpz_cmp (rpub.p, rpriv.p)
|| mpz_cmp (rpub.q, rpriv.q)
|| mpz_cmp (rpub.g, rpriv.g)) {
printf ("%s: the private and public keys are incompatible\n",
getprogname ());
printf ("priv:\n%s\n", dcexport_priv (priv));
printf ("pub:\n%s\n", dcexport_pub (pub));
exit (-1);
} else {
/* step 1a: compute the Diffie-Hellman secret
(use mpz_init, mpz_powm, mpz_clear; look at elgamal.c in
the libdcrypt source directory for sample usage
*/
char *Diffie_Hellman_Secret_String = 0;
{
mpz_t dhSecretInt;
mpz_init(dhSecretInt);
mpz_powm(dhSecretInt, rpub.y, rpriv.x, rpub.p);
reserve = cat_mpz(&Diffie_Hellman_Secret_String, dhSecretInt); /* EC need 0; MALLOC */
mpz_clear(dhSecretInt);
if (reserve) {
free(Diffie_Hellman_Secret_String);
printf("error allocating memory\n");
exit(1);
}
/* printf("Diffie_Hellman_Secret_String: %s\n",Diffie_Hellman_Secret_String); */
}
/* step 1b: order the IDs lexicographically */
char *firstId = NULL, *secondId = NULL;
if (strcmp (priv_id, pub_id) < 0) {
firstId = priv_id;
secondId = pub_id;
} else {
firstId = pub_id;
secondId = priv_id;
}
/* step 1c: hash DH secret and ordered id pair into a master key */
char key_master[20];
{
sha1_ctx shaCipherText;
sha1_init(&shaCipherText);
sha1_update(&shaCipherText, Diffie_Hellman_Secret_String, strlen(Diffie_Hellman_Secret_String));
char *id12;
size_t len1, len2;
len1 = strlen(firstId); len2 = strlen(secondId);
id12 = (char*)malloc(len1+len2+1); /* +1 for \0 */
strcpy(id12, firstId);
strcat(id12, secondId);
assert(strlen(id12) == len1+len2);
sha1_update(&shaCipherText, id12, len1+len2);
free(id12);
sha1_final(&shaCipherText, (void*)key_master);
/*20 bytes*/
}
/* step 2: derive the shared key from the label and the master key */
/*I will work with minimum requirement satisfaction model. Thanks to the open source community for providing me with enough reasoning for that.*/
char sizeofkey[32];
{
char sizeofkey_0[20];
size_t len0 = strlen(label)+7;
char *label0 = (char*)malloc(len0);
strcpy(label0, label);
strcat(label0, "AES-CTR");
hmac_sha1(key_master, 20, sizeofkey_0, label0, len0);
free(label0);
char sizeofkey_1[20];
size_t len1 = strlen(label)+9;
char *label1 = (char*)malloc(len1);
strcpy(label1, label);
strcat(label1, "CBC-MAC");
hmac_sha1(key_master, 20, sizeofkey_1, label1, len1);
free(label1);
strncpy(sizeofkey, sizeofkey_0, 16);
strncpy(sizeofkey+16, sizeofkey_1, 16);
}
/*
step 3: armor the shared key and write it to file.
Filename should be of the form <label>-<priv_id>.b64
size_t fn_len = strlen(label)+1+strlen(priv_id)+1+strlen(pub_id)+4+1;
*/
char *fn = (char *) malloc(32);
fn = armor64(sizeofkey, 32);
*(fn + 32) = '\0';
int fdsk;
fdsk = open (label, O_WRONLY|O_TRUNC|O_CREAT, 0600);
int status;
status = write (fdsk, fn, strlen (fn));
printf("value of status: %d\n", status);
status = write (fdsk, "\n", 1);
printf("value of status: %d\n", status);
free (fn);
close (fdsk);
}
}
bool
json_encoder_t::rpc_encode_opaque (str s)
{
str tmp = armor64 (s);
return rpc_encode (tmp);
}
str
key_to_str (const dsdc_key_t &k)
{
str in (k.base (), k.size ());
return armor64 (in);
}
