static int expbuf_read(struct expbuf_t *buf, int fd) { size_t sz; if (read_nbytes(fd, &sz, sizeof(sz)) != 0) return -1; expbuf_reserve(buf, sz); if (read_nbytes(fd, buf->end, sz) != 0) return -1; buf->end += sz; return 0; }
static void *daemon_conn_thread(void *_sock_fd) { int sock_fd = (int)((char *)_sock_fd - (char *)NULL); struct expbuf_t buf = {}; unsigned char auth_token[NEVERBLEED_AUTH_TOKEN_SIZE]; /* authenticate */ if (read_nbytes(sock_fd, &auth_token, sizeof(auth_token)) != 0) { warnf("failed to receive authencication token from client"); goto Exit; } if (memcmp(auth_token, daemon_auth_token, NEVERBLEED_AUTH_TOKEN_SIZE) != 0) { warnf("client authentication failed"); goto Exit; } while (1) { char *cmd; if (expbuf_read(&buf, sock_fd) != 0) { if (errno != 0) warnf("read error"); break; } if ((cmd = expbuf_shift_str(&buf)) == NULL) { errno = 0; warnf("failed to parse request"); break; } if (strcmp(cmd, "priv_enc") == 0) { if (priv_enc_stub(&buf) != 0) break; } else if (strcmp(cmd, "priv_dec") == 0) { if (priv_dec_stub(&buf) != 0) break; } else if (strcmp(cmd, "sign") == 0) { if (sign_stub(&buf) != 0) break; } else if (strcmp(cmd, "load_key") == 0) { if (load_key_stub(&buf) != 0) break; } else if (strcmp(cmd, "setuidgid") == 0) { if (setuidgid_stub(&buf) != 0) break; } else { warnf("unknown command:%s", cmd); break; } if (expbuf_write(&buf, sock_fd) != 0) { warnf(errno != 0 ? "write error" : "connection closed by client"); break; } expbuf_dispose(&buf); } Exit: expbuf_dispose(&buf); close(sock_fd); return NULL; }
int aes_handshake(int socket, unsigned char *key) { unsigned char expkey[4 * 4 * (10 + 1)]; unsigned char token[TOKEN_SIZE]; unsigned char enc[TOKEN_SIZE]; unsigned char response[TOKEN_SIZE]; int i; ExpandKey(key,expkey); for(i=0;i<TOKEN_SIZE;i++) { token[i] = rand()%255; } Encrypt(token, expkey, enc); //send token write(socket, enc, TOKEN_SIZE); //read response if(read_nbytes(socket, enc, TOKEN_SIZE) == 0) return 0; Decrypt(enc, expkey, response); //check response for(i=0;i<TOKEN_SIZE;i++) { if((response[i] ^ token_xor_key[i]) != token[i]) return 0; } return 1; }