int
symCryptInit(void)
{
int fd;
size_t rv;
if (isZero(&redsideSalts, sizeof(redsideSalts))) {
fd = open(getSaltsPath(), O_RDONLY, 0600);
if (fd >= 0) {
rv = read(fd, &redsideSalts, sizeof(redsideSalts));
rv = read(fd, passwordHash, CC_SHA256_BLOCK_BYTES+kPwdSaltLen);
rv = close(fd);
}
if (isZero(&redsideSalts, sizeof(redsideSalts))) {
redsideSalts.keySaltLen = kCryptoSaltLen;
getSalt(redsideSalts.keySalt, kCryptoSaltMax);
redsideSalts.hmacSaltLen = kCryptoSaltLen;
getSalt(redsideSalts.hmacSalt, kCryptoSaltMax);
fd = open(getSaltsPath(), O_RDWR|O_CREAT, 0600);
if (fd >= 0) {
rv = write(fd, &redsideSalts, sizeof(redsideSalts));
rv = close(fd);
} else {
printf("cannot save key salts\n");
}
}
}
return(0);
}
void
getPassword(void)
{
char buf[kMaxPasswordLen+kPwdSaltLen];
size_t bufLen;
unsigned char hash[CC_SHA256_BLOCK_BYTES];
uint8_t salt[kPwdSaltLen];
int fd;
off_t rv;
if (!isZero(passwordHash, sizeof(passwordHash))) {
if (isZero(password, sizeof(password))) {
do {
readpassphrase("password: "******"incorrect password\n");
sleep(1);
}
} while (memcmp(hash, passwordHash, CC_SHA256_BLOCK_BYTES));
}
} else {
do {
readpassphrase("password: "******"password is too short\n\n");
continue;
}
readpassphrase("repeat password: "******"passwords do not match\n\n");
} while (strcmp(password, buf));
getSalt(salt, kPwdSaltLen);
bufLen = strlen(buf);
memcpy(&buf[bufLen], salt, kPwdSaltLen);
memset(passwordHash, 0, CC_SHA256_BLOCK_BYTES);
CC_SHA512(buf, (int)bufLen+kPwdSaltLen, passwordHash);
memcpy(&passwordHash[CC_SHA256_BLOCK_BYTES], salt, kPwdSaltLen);
fd = open(getSaltsPath(), O_RDWR|O_CREAT, 0600);
if (fd >= 0) {
rv = lseek(fd, sizeof(redsideSalts), SEEK_SET);
rv = write(fd, passwordHash, CC_SHA256_BLOCK_BYTES+kPwdSaltLen);
rv = close(fd);
} else {
printf("cannot save password hash\n");
}
}
}
/*
* @param(IN) passwd password string in clear text
* @return PR_TRUE if matchs keyfile, PR_FALSE otherwise
*/
PRBool FileRealmUser::sshaVerify(const char* passwd)
{
PRBool b = PR_FALSE;
int saltSize=0;
char *pSalt = getSalt(this->hash, saltSize);
NSString pB64Hashed;
sshaPasswd(pSalt,saltSize,passwd,pB64Hashed);
if (pB64Hashed==hash)
b = PR_TRUE;
if (pSalt)
FREE(pSalt);
return b;
}
// use the cached _passphrase if it exists, otherwise we need to prompt
int passwordCallback(char* password, int maxPasswordSize, int rwFlag, void* u) {
// just return a hardcoded pwd for now
auto wallet = DependencyManager::get<Wallet>();
auto passphrase = wallet->getPassphrase();
if (passphrase && !passphrase->isEmpty()) {
QString saltedPassphrase(*passphrase);
saltedPassphrase.append(wallet->getSalt());
strcpy(password, saltedPassphrase.toUtf8().constData());
return static_cast<int>(passphrase->size());
} else {
// this shouldn't happen - so lets log it to tell us we have
// a problem with the flow...
qCCritical(commerce) << "no cached passphrase while decrypting!";
return 0;
}
}
void ExtensionSecurityBlock::decrypt(dtn::data::Bundle& bundle, const SecurityKey &key, const dtn::security::ExtensionSecurityBlock& block)
{
// load the rsa key
RSA *rsa_key = key.getRSA();
// get key, convert with reinterpret_cast
unsigned char keydata[ibrcommon::AES128Stream::key_size_in_bytes];
if (!getKey(block._ciphersuite_params, keydata, ibrcommon::AES128Stream::key_size_in_bytes, rsa_key))
{
IBRCOMMON_LOGGER_ex(critical) << "could not get symmetric key decrypted" << IBRCOMMON_LOGGER_ENDL;
throw ibrcommon::Exception("could not extract the key");
}
// get salt, convert with stringstream
u_int32_t salt = getSalt(block._ciphersuite_params);
SecurityBlock::decryptBlock(bundle, block, salt, keydata);
}
void createUser(char* username, char* password, int randomDataFd, int outputFd)
{
unsigned char salt[SALT_LEN];
unsigned char digest[SHA256_DIGEST_LENGTH];
unsigned char hmac[SHA256_DIGEST_LENGTH];
ssize_t nByte;
getSalt(salt, randomDataFd);
getDigest(digest, salt, password);
getHMAC(hmac, digest);
nByte = write(outputFd, username, strlen(username));
nByte = write(outputFd, "|", 1);
nByte = write(outputFd, salt, SALT_LEN);
nByte = write(outputFd, "|", 1);
nByte = write(outputFd, digest, SHA256_DIGEST_LENGTH);
nByte = write(outputFd, "|", 1);
nByte = write(outputFd, hmac, SHA256_DIGEST_LENGTH);
nByte = write(outputFd, "\n", 1);
printf("User %s is created!\n", username);
printf("---------------------------------------------------------\n");
}
bool ServerThread::verify(const QString & name, const QString & password)
{
if(!database->existsUser(name.toStdString()))
{
return false;
}
auto info = database->getUserByName(name.toStdString());
QString s(password);
s = s + info.getSalt();
unsigned char hash[32];
sha2((unsigned char*) s.toUtf8().constData(), s.length(), hash, 0);
char * base = getAscii85((char*) hash, 32);
QString hashed(base);
free(base);
if(hashed != info.getPass())
{
return false;
}
return true;
}
void Wallet::sendChallengeOwnershipResponses() {
if (_pendingChallenges.size() == 0 || getSalt().length() == 0) {
return;
}
auto nodeList = DependencyManager::get<NodeList>();
EC_KEY* ec = readKeys(keyFilePath());
for (const auto& packet: _pendingChallenges) {
// With EC keys, we receive a nonce from the metaverse server, which is signed
// here with the private key and returned. Verification is done at server.
QString sig;
bool challengeOriginatedFromClient = packet->getType() == PacketType::ChallengeOwnershipRequest;
int status;
int idByteArraySize;
int textByteArraySize;
int challengingNodeUUIDByteArraySize;
packet->readPrimitive(&idByteArraySize);
packet->readPrimitive(&textByteArraySize); // returns a cast char*, size
if (challengeOriginatedFromClient) {
packet->readPrimitive(&challengingNodeUUIDByteArraySize);
}
// "encryptedText" is now a series of random bytes, a nonce
QByteArray id = packet->read(idByteArraySize);
QByteArray text = packet->read(textByteArraySize);
QByteArray challengingNodeUUID;
if (challengeOriginatedFromClient) {
challengingNodeUUID = packet->read(challengingNodeUUIDByteArraySize);
}
if (ec) {
ERR_clear_error();
sig = signWithKey(text, ""); // base64 signature, QByteArray cast (on return) to QString FIXME should pass ec as string so we can tell which key to sign with
status = 1;
} else {
qCDebug(commerce) << "During entity ownership challenge, creating the EC-signed nonce failed.";
status = -1;
}
QByteArray textByteArray;
if (status > -1) {
textByteArray = sig.toUtf8();
}
textByteArraySize = textByteArray.size();
int idSize = id.size();
// setup the packet
const SharedNodePointer sendingNode = nodeList->nodeWithLocalID(packet->getSourceID());
if (!sendingNode.isNull()) {
if (challengeOriginatedFromClient) {
auto textPacket = NLPacket::create(PacketType::ChallengeOwnershipReply,
idSize + textByteArraySize + challengingNodeUUIDByteArraySize + 3 * sizeof(int),
true);
textPacket->writePrimitive(idSize);
textPacket->writePrimitive(textByteArraySize);
textPacket->writePrimitive(challengingNodeUUIDByteArraySize);
textPacket->write(id);
textPacket->write(textByteArray);
textPacket->write(challengingNodeUUID);
qCDebug(commerce) << "Sending ChallengeOwnershipReply Packet containing signed text" << textByteArray << "for id" << id;
nodeList->sendPacket(std::move(textPacket), *sendingNode);
} else {
auto textPacket = NLPacket::create(PacketType::ChallengeOwnership, idSize + textByteArraySize + 2 * sizeof(int), true);
textPacket->writePrimitive(idSize);
textPacket->writePrimitive(textByteArraySize);
textPacket->write(id);
textPacket->write(textByteArray);
qCDebug(commerce) << "Sending ChallengeOwnership Packet containing signed text" << textByteArray << "for id" << id;
nodeList->sendPacket(std::move(textPacket), *sendingNode);
}
} else {
qCDebug(commerce) << "Challenging Node Local ID" << packet->getSourceID() << "disconnected before response";
}
if (status == -1) {
qCDebug(commerce) << "During entity ownership challenge, signing the text failed.";
long error = ERR_get_error();
if (error != 0) {
const char* error_str = ERR_error_string(error, NULL);
qCWarning(entities) << "EC error:" << error_str;
}
}
}
EC_KEY_free(ec);
_pendingChallenges.clear();
}
void RTI2Reader::Dump()
{
std::cout << "header.tag: " << header.tag << std::endl;
std::cout << "header.minor: " << (uint32)header.minor << std::endl;
std::cout << "header.startPointBits: " << (uint32)header.startPointBits
<< std::endl;
std::cout << "header.endPointBits: " << (uint32)header.endPointBits
<< std::endl;
std::cout << "header.checkPointBits: " << (uint32)header.checkPointBits
<< std::endl;
std::cout << "header.fileIndex: " << (uint32)header.fileIndex << std::endl;
std::cout << "header.files: " << (uint32)header.files << std::endl;
std::cout << "header.minimumStartPoint: "
<< (uint64)header.minimumStartPoint << std::endl;
std::cout << "header.chainLength: "
<< (uint32)header.chainLength << std::endl;
std::cout << "header.tableIndex: "
<< (uint16)header.tableIndex << std::endl;
std::cout << "header.algorithm: "
<< (uint32)header.algorithm << std::endl;
std::cout << "header.reductionFunction: "
<< (uint32)header.reductionFunction << std::endl;
if ( getSalt().size() > 0 )
std::cout << "header.salt: " << getSalt() << std::endl;
std::cout << "subKeySpaces Count: " << subKeySpaces.size() << std::endl;
for ( uint32 i = 0; i < subKeySpaces.size(); i++ )
{
std::cout << "subKeySpace " << i + 1 << std::endl;
std::cout << "Number of hybrid sets: "
<< (uint32)subKeySpaces[i].hybridSets << std::endl;
for ( uint32 j = 0; j < (uint32)subKeySpaces[i].hybridSets; j++ )
{
std::cout << "Hybrid set " << j + 1 << std::endl;
std::cout << "Password length: "
<< (uint32)subKeySpaces[i].passwordLength[j] << std::endl;
std::cout << "charSetFlags: "
<< (uint32)subKeySpaces[i].charSetFlags[j] << std::endl;
if ( subKeySpaces[i].charSetFlags[j] & 1 )
{
std::cout << "characterSet1: ";
for ( uint32 k = 0; k < subKeySpaces[i].perPositionCharacterSets[j].characterSet1.size(); k++ )
{
std::cout << subKeySpaces[i].perPositionCharacterSets[j].characterSet1[k];
}
std::cout << std::endl;
}
}
}
std::cout << "header.checkPointBits: " << (uint32)header.checkPointBits
<< std::endl;
if ( (uint32)header.checkPointBits > 0 )
{
std::cout << "checkPointPositions:";
for ( uint32 i = 0; i < (uint32)header.checkPointBits; i++ )
{
std::cout << " " << checkPointPositions[i];
}
std::cout << std::endl;
}
std::cout << "index.firstPrefix: " << index.firstPrefix << std::endl;
std::cout << "index.prefixIndex.size(): "
<< index.prefixIndex.size() << std::endl;
/*
for ( uint32 i = 0; i < index.prefixIndex.size(); i++ )
{
std::cout << "index.prefixIndex[" << i << "]: "
<< index.prefixIndex[i] << std::endl;
}
*/
// XXX data
}
int
encryptInit(int (*writerFunc)(void *, size_t),
int (*seekerFunc)(size_t))
{
CCCryptorStatus status;
int rv;
writer = writerFunc;
seeker = seekerFunc;
strm.zalloc = Z_NULL;
strm.zfree = Z_NULL;
strm.opaque = Z_NULL;
rv = deflateInit(&strm, Z_DEFAULT_COMPRESSION);
if (rv != Z_OK) {
printf("zlib init error\n");
return(-1);
}
getPassword();
if (isZero(encKey, kCCKeySizeAES256) || isZero(hmacKey, kCCKeySizeAES256)) {
header.keySaltLen = redsideSalts.keySaltLen;
memcpy(header.keySalt, redsideSalts.keySalt, header.keySaltLen);
/* AES KEY DERIVATION */
rv = CCKeyDerivationPBKDF(kCCPBKDF2,
password, strlen(password),
header.keySalt, header.keySaltLen,
kCCPRFHmacAlgSHA512,
kIterations,
encKey, kCCKeySizeAES256);
if (rv < 0) {
printf("Key derivation: error: %d\n", rv);
exit(1);
}
header.hmacSaltLen = redsideSalts.hmacSaltLen;
memcpy(header.hmacSalt, redsideSalts.hmacSalt, header.hmacSaltLen);
/* HMAC KEY DERIVATION */
rv = CCKeyDerivationPBKDF(kCCPBKDF2,
password, strlen(password),
header.hmacSalt, header.hmacSaltLen,
kCCPRFHmacAlgSHA512,
kIterations,
hmacKey, kCCKeySizeAES256);
if (rv < 0) {
printf("HMAC Key derivation: error: %d\n", rv);
exit(1);
}
}
if (isZero(header.iv, sizeof(header.iv)))
getSalt(header.iv, sizeof(header.iv));
CCHmacInit(&hmacContext, kCCHmacAlgSHA512, hmacKey, kCCKeySizeAES256);
CCHmacInit(&hmacContextPlain, kCCHmacAlgSHA512, hmacKey, kCCKeySizeAES256);
status = CCCryptorCreate(kCCEncrypt,
kCCAlgorithmAES128,
kCCOptionPKCS7Padding,
encKey, kCCKeySizeAES256,
header.iv,
&cryptorRef);
if (status != kCCSuccess) {
printf("cryptor init error\n");
return(-1);
}
seeker(sizeof(header));
return(0);
}
void PayloadConfidentialBlock::decrypt(dtn::data::Bundle& bundle, const dtn::security::SecurityKey &long_key)
{
// list of block to delete if the process is successful
std::list<const dtn::data::Block*> erasure_list;
// load the RSA key
RSA *rsa_key = long_key.getRSA();
try {
// array for the current symmetric AES key
unsigned char key[ibrcommon::AES128Stream::key_size_in_bytes];
// correlator of the first PCB
dtn::data::Number correlator = 0;
bool decrypt_related = false;
// iterate through all blocks
for (dtn::data::Bundle::iterator it = bundle.begin(); it != bundle.end(); ++it)
{
try {
dynamic_cast<const PayloadIntegrityBlock&>(**it);
// add this block to the erasure list for later deletion
erasure_list.push_back(&**it);
} catch (const std::bad_cast&) { };
try {
const PayloadConfidentialBlock &pcb = dynamic_cast<const PayloadConfidentialBlock&>(**it);
// get salt and key
uint32_t salt = getSalt(pcb._ciphersuite_params);
// decrypt related blocks
if (decrypt_related)
{
// try to decrypt the block
try {
decryptBlock(bundle, it, salt, key);
// success! add this block to the erasue list
erasure_list.push_back(&**it);
} catch (const ibrcommon::Exception&) {
IBRCOMMON_LOGGER_TAG("PayloadConfidentialBlock", critical) << "tag verfication failed, reversing decryption..." << IBRCOMMON_LOGGER_ENDL;
decryptBlock(bundle, it, salt, key);
// abort the decryption and discard the bundle?
throw ibrcommon::Exception("decrypt of correlated block reversed, tag verfication failed");
}
}
// if security destination does match the key, then try to decrypt the payload
else if (pcb.isSecurityDestination(bundle, long_key.reference) &&
(pcb._ciphersuite_id == SecurityBlock::PCB_RSA_AES128_PAYLOAD_PIB_PCB))
{
// try to decrypt the symmetric AES key
if (!getKey(pcb._ciphersuite_params, key, ibrcommon::AES128Stream::key_size_in_bytes, rsa_key))
{
IBRCOMMON_LOGGER_TAG("PayloadConfidentialBlock", critical) << "could not get symmetric key decrypted" << IBRCOMMON_LOGGER_ENDL;
throw ibrcommon::Exception("decrypt failed - could not get symmetric key decrypted");
}
// try to decrypt the payload
if (!decryptPayload(bundle, key, salt))
{
// reverse decryption
IBRCOMMON_LOGGER_TAG("PayloadConfidentialBlock", critical) << "tag verfication failed, reversing decryption..." << IBRCOMMON_LOGGER_ENDL;
decryptPayload(bundle, key, salt);
throw ibrcommon::Exception("decrypt reversed - tag verfication failed");
}
// success! add this block to the erasue list
erasure_list.push_back(&**it);
// check if first PCB has a correlator
if (pcb._ciphersuite_flags & CONTAINS_CORRELATOR)
{
// ... and decrypt all correlated block with the same key
decrypt_related = true;
// store the correlator
correlator = pcb._correlator;
}
else
{
// no correlated blocks should exists
// stop here with decryption
break;
}
}
else
{
// exit here, because we can not decrypt the first PCB.
throw ibrcommon::Exception("unable to decrypt the first PCB");
}
} catch (const std::bad_cast&) { };
}
// delete all block in the erasure list
for (std::list<const dtn::data::Block* >::const_iterator it = erasure_list.begin(); it != erasure_list.end(); ++it)
{
bundle.remove(**it);
}
} catch (const std::exception&) {
long_key.free(rsa_key);
throw;
}
long_key.free(rsa_key);
}
