int shpam_shadow_setpass(shfs_ino_t *file, shseed_t *seed, shkey_t *sess_key)
{
shadow_t *ent;
shadow_t save;
shkey_t *seed_key;
int err;
seed_key = shkey_bin((char *)&seed->seed_uid, sizeof(seed->seed_uid));
ent = shpam_shadow(file, seed_key);
shkey_free(&seed_key);
if (!ent)
return (SHERR_NOENT);
memcpy(&save, ent, sizeof(shadow_t));
if (shtime64() >= save.sh_expire)
return (SHERR_KEYEXPIRED);
if (!shkey_cmp(&save.sh_sess, sess_key))
return (SHERR_KEYREJECTED);
seed_key = shkey_bin((char *)&seed->seed_uid, sizeof(seed->seed_uid));
err = shpam_shadow_session_expire(file, seed_key, sess_key);
shkey_free(&seed_key);
if (err)
return (err);
err = shpam_shadow_pass_append(file, seed);
if (err)
return (err);
return (0);
}
int sexe_event_remove(lua_State *L, int e_type, char *e_name)
{
sexe_event_t t_event;
sexe_event_t *e;
shkey_t *key;
int err;
memset(&t_event, 0, sizeof(t_event));
t_event.event_type = e_type;
strncpy(t_event.mod_name, e_name, sizeof(t_event.mod_name) - 1);
key = shkey_bin(&t_event, sizeof(sexe_event_t));
/* remove event's global callback */
lua_pushnil(L);
lua_setglobal(L, shkey_hex(key));
e = (sexe_event_t *)shmap_get_ptr(event_map, key);
if (e) {
shmap_unset(event_map, key);
free(e);
}
shkey_free(&key);
return (0);
}
/**
* @see shsig_shr_verify()
*/
static int _shcert_sign_verify_shr(shcert_t *cert, shcert_t *parent)
{
shkey_t *key;
unsigned char *enc_data;
size_t enc_len;
int err;
if (!parent)
return (SHERR_INVAL);
err = shencode((char *)&parent->cert_sub.ent_sig.sig_key, sizeof(shkey_t),
&enc_data, &enc_len, &parent->cert_iss.ent_sig.sig_key);
if (err)
return (err);
key = shkey_bin(enc_data, enc_len);
free(enc_data);
if (!shkey_cmp(key, &cert->cert_sub.ent_sig.sig_key)) {
/* encrypted key is not validated. */
shkey_free(&key);
return (SHERR_KEYREJECTED);
}
shkey_free(&key);
return (0);
}
int shpam_shadow_remove(shfs_ino_t *file, uint64_t uid, shkey_t *sess_key)
{
shadow_t *ent;
shadow_t save;
shkey_t *key;
int err;
if (!sess_key)
return (SHERR_NOKEY);
err = shpam_shadow_load(file, uid, &save);
if (err) {
return (err);
}
if (shtime_after(shtime(), save.sh_expire))
return (SHERR_KEYEXPIRED);
if (!shkey_cmp(&save.sh_sess, sess_key))
return (SHERR_KEYREJECTED);
key = shkey_bin((char *)&uid, sizeof(uid));
err = shfs_cred_remove(file, key);
shkey_free(&key);
if (err) {
return (err);
}
return (0);
}
int shpam_shadow_store(shfs_ino_t *file, shadow_t *shadow)
{
shadow_t save;
shkey_t *key;
int err;
if (!shadow)
return (SHERR_INVAL);
#if 0
/* ensure record already exists. */
err = shpam_shadow_load(file, shadow->sh_uid, NULL);
if (err)
return (err);
#endif
memcpy(&save, shadow, sizeof(shadow_t));
key = shkey_bin((char *)&save.sh_uid, sizeof(save.sh_uid));
err = shfs_cred_store(file, key, (unsigned char *)&save, sizeof(shadow_t));
shkey_free(&key);
if (err)
return (err);
return (0);
}
int shcert_init(shcert_t *cert, char *entity, uint64_t fee, int alg, int flags)
{
shpeer_t *peer;
shkey_t *key;
shcert_init_default(cert);
/* the relevant name or entity subject */
memset(cert->cert_sub.ent_name, '\0', sizeof(cert->cert_sub.ent_name));
if (entity)
strncpy(cert->cert_sub.ent_name, entity, sizeof(cert->cert_sub.ent_name) - 1);
/* certificate version */
cert->cert_ver = 3;
/* coin cost to license certificate. */
cert->cert_fee = fee;
/* certificate attributes */
cert->cert_flag = flags;
/* default key algorythm */
if (alg == SHKEY_ALG_ECDSA) {
/* specify key length */
shcert_sub_len(cert) = 21; /* 168-bit key */
/* define algorythm */
cert->cert_sub.ent_sig.sig_key.alg = SHKEY_ALG_ECDSA;
} else /* (alg == SHKEY_ALG_SHR) */ {
/* specify key length */
shcert_sub_len(cert) = 24; /* 192-bit key */
/* generate public key */
memset(shcert_sub_sig(cert), '\000', sizeof(shkey_t));
key = shkey_bin(cert, sizeof(shcert_t));
key->alg = SHKEY_ALG_ECDSA;
memcpy(shcert_sub_sig(cert), key, sizeof(shkey_t));
shkey_free(&key);
/* define algorythm */
cert->cert_sub.ent_sig.sig_key.alg = SHKEY_ALG_SHR;
}
return (0);
}
/**
* A 224-bit key, or less, derived from a binary segment.
* @returns An allocated share key. Use shkey_free() to de-allocate.
*/
shkey_t *shkey(int alg, unsigned char *data, size_t data_len)
{
shkey_t *ret_key;
ret_key = NULL;
if (SHALG(alg, SHALG_SHR160)) {
ret_key = (shkey_t *)calloc(1, sizeof(shkey_t));
if (!ret_key) return (NULL); /* SHERR_NOMEM */
shkey_shr160_hash(ret_key, data, data_len);
} else if (SHALG(alg, SHALG_SHR224)) {
ret_key = shkey_shr224(data, data_len);
} else {
ret_key = shkey_bin(data, data_len);
}
return (ret_key);
}
shkey_t *shgeo_tag(shgeo_t *geo, int prec)
{
shnum_t nlat;
shnum_t nlon;
double lat;
double lon;
char buf[32];
shgeo_loc(geo, &nlat, &nlon, NULL);
lat = (double)shnum_prec_dim(nlat, prec);
lon = (double)shnum_prec_dim(nlon, prec);
memset(buf, 0, sizeof(buf));
memcpy(buf, &lat, sizeof(double));
memcpy(buf + sizeof(double), &lon, sizeof(double));
return (shkey_bin(buf, sizeof(double) * 2));
}
int shpam_shadow_load(shfs_ino_t *file, uint64_t uid, shadow_t *ret_shadow)
{
shadow_t shadow;
shkey_t *key;
int err;
memset(&shadow, 0, sizeof(shadow_t));
key = shkey_bin((char *)&uid, sizeof(uid));
err = shfs_cred_load(file, key, (unsigned char *)&shadow, sizeof(shadow));
shkey_free(&key);
if (err)
return (err);
if (ret_shadow)
memcpy(ret_shadow, &shadow, sizeof(shadow_t));
return (0);
}
int tx_init(shpeer_t *cli_peer, tx_t *tx, int tx_op)
{
shkey_t *key;
txop_t *op;
int tx_len;
int err;
if (!tx)
return (SHERR_INVAL);
op = get_tx_op(tx_op);
if (!op)
return (SHERR_INVAL);
if (op->op_size == 0)
return (0);
tx->tx_op = tx_op;
if (op->op_init) {
err = op->op_init(cli_peer, tx);
if (err)
return (err);
}
if (tx->tx_flag & TXF_WARD) {
err = txward_init(tx);
if (err)
return (err);
}
err = local_transid_generate(tx_op, tx);
if (err)
return (err); /* scrypt error */
/* generate transaction key */
memcpy(&tx->tx_key, ashkey_blank(), sizeof(tx->tx_key));
key = shkey_bin((char *)tx, op->op_keylen ? op->op_keylen : op->op_size);
memcpy(&tx->tx_key, key, sizeof(tx->tx_key));
shkey_free(&key);
return (0);
}
shkey_t *shfs_index_key(shfs_idx_t *idx, uint64_t crc, shfs_dirent_t *ent_p)
{
shkey_t *key;
int h_num = (crc % 256);
if (!idx->hash[h_num]) {
key = shkey_bin(&crc, sizeof(uint64_t));
idx->hash_ino[h_num] = shfs_inode(idx->file, shkey_hex(key), SHINODE_INDEX);
shkey_free(&key);
return (NULL);
}
for (i = 0; i < idx->hash_max[h_num]; i++) {
if ((idx->key[h_num] + i) == crc) {
return (idx->hash[h_num] + i);
}
}
return (NULL);
}
int shpam_shadow_create(shfs_ino_t *file, uint64_t uid, shadow_t *ret_shadow)
{
shadow_t shadow;
shadow_t *sh_list;
shbuf_t *buff;
shkey_t *id_key;
shkey_t *key;
int sh_list_max;
int idx;
int err;
if (!file->tree)
return (SHERR_INVAL);
/* In order to prevent this from allowing already created shadow entries from existing prior the SHERR_NOTUNIQ error code is returned when "err == 0". Currently, this is not considered an error in order to allow pre-established IDs from the sharenet (shared) to be created. */
err = shpam_shadow_load(file, uid, NULL);
if (err != 0 && err != SHERR_NOENT)
return (err);
memset(&shadow, 0, sizeof(shadow_t));
// memcpy(&shadow.sh_sess, ashkey_blank(), sizeof(shkey_t));
shadow.sh_uid = uid;
id_key = shpam_ident_gen(uid, &file->tree->peer);
memcpy(&shadow.sh_id, id_key, sizeof(shadow.sh_id));
shkey_free(&id_key);
key = shkey_bin((char *)&uid, sizeof(uid));
err = shfs_cred_store(file, key, (unsigned char *)&shadow, sizeof(shadow_t));
shkey_free(&key);
if (err)
return (err);
if (ret_shadow)
memcpy(ret_shadow, &shadow, sizeof(shadow_t));
return (0);
}
int confirm_tx_key(txop_t *op, tx_t *tx)
{
shkey_t *c_key = &tx->tx_key;
shkey_t *key;
shbuf_t *buff;
tx_t *k_tx;
size_t len;
int confirm;
if (!op || !tx)
return (SHERR_INVAL);
if (op->op_size == 0)
return (0);
/* allocate working copy */
len = MAX(sizeof(tx_t), op->op_keylen ? op->op_keylen : op->op_size);
buff = shbuf_init();
shbuf_cat(buff, (char *)tx, len);
/* blank out tx key */
k_tx = (tx_t *)shbuf_data(buff);
memset(&k_tx->tx_key, '\000', sizeof(k_tx->tx_key));
/* verify generated tx key matches. */
key = shkey_bin(shbuf_data(buff), shbuf_size(buff));
confirm = shkey_cmp(c_key, key);
shkey_free(&key);
shbuf_free(&buff);
if (!confirm) {
return (SHERR_INVAL);
}
return (0);
}
shkey_t *shkey_cert(shkey_t *key, uint64_t crc, shtime_t stamp)
{
unsigned char shabuf[64];
unsigned char keybuf[64];
char *ptr;
uint32_t *sha_ar;
int i;
if (!key)
return (NULL);
memset(shabuf, '@', 64);
memcpy(shabuf, &crc, sizeof(uint64_t));
memcpy(shabuf + 8, &stamp, sizeof(shtime_t));
memcpy(shabuf + 16, key, sizeof(shkey_t));
sha_ar = (uint32_t *)shabuf;
for (i = 0; i < 16; i++) {
sha_ar[i] = htonl(sha_ar[i]);
}
memset(keybuf, 0, sizeof(keybuf));
sh_sha256(shabuf, sizeof(shabuf), keybuf);
return (shkey_bin(keybuf, sizeof(keybuf)));
}
shkey_t *get_bond_key(shkey_t *sender, shkey_t *receiver, shkey_t *ref)
{
static shkey_t ret_key;
shkey_t keys[3];
shkey_t *key;
if (!sender)
sender = shpeer_kpriv(sharedaemon_peer());
else if (!receiver)
receiver = shpeer_kpriv(sharedaemon_peer());
if (!ref)
ref = ashkey_blank();
memcpy(&keys[0], sender, sizeof(shkey_t));
memcpy(&keys[1], receiver, sizeof(shkey_t));
memcpy(&keys[2], ref, sizeof(shkey_t));
key = shkey_bin(keys, sizeof(shkey_t) * 3);
memcpy(&ret_key, key, sizeof(ret_key));
shkey_free(&key);
return (&ret_key);
}
char *sexe_event_init(int e_type, const char *e_name)
{
static char key_str[256];
sexe_event_t *e;
shkey_t *key;
if (!event_map) {
event_map = shmap_init();
}
e = (sexe_event_t *)calloc(1, sizeof(sexe_event_t));
if (!e)
return (SHERR_NOMEM);
e->event_type = e_type;
strncpy(e->mod_name, e_name, sizeof(e->mod_name) - 1);
key = shkey_bin(e, sizeof(sexe_event_t));
memcpy(&e->reg_key, key, sizeof(shkey_t));
shmap_set_ptr(event_map, key, e);
strncpy(key_str, shkey_hex(key), sizeof(key_str) - 1);
shkey_free(&key);
return (key_str);
}
shkey_t *shkey_str(char *kvalue)
{
if (!kvalue)
return (shkey_bin(NULL, 0));
return (shkey_bin(kvalue, strlen(kvalue)));
}
/**
* @see shsig_shr_sign()
*/
int shcert_sign(shcert_t *cert, shcert_t *parent)
{
shkey_t *key;
unsigned char *enc_data;
size_t enc_len;
int err;
if (!parent)
return (SHERR_INVAL);
if (!(parent->cert_flag & SHCERT_CERT_SIGN)) {
/* parent certificate lacks ability to sign. */
return (SHERR_INVAL);
}
/* assign issuer's 128-bit serial number (regardless of algorythm) */
memcpy(cert->cert_iss.ent_ser, parent->cert_sub.ent_ser, 16);
if (cert->cert_sub.ent_sig.sig_key.alg == SHKEY_ALG_ECDSA) {
shkey_t *pub_key = &cert->cert_sub.ent_sig.sig_key;
shkey_t *priv_key;
shkey_t *seed_key;
shpeer_t *peer;
char sig_r[256];
char sig_s[256];
char *hex_data;
unsigned char data[256];
int data_len;
/* fill in parent signature */
memcpy(&cert->cert_iss.ent_sig, &parent->cert_sub.ent_sig, sizeof(shsig_t));
peer = shpeer_init(NULL, NULL);
seed_key = shpeer_kpriv(peer);
priv_key = shecdsa_key_priv(shkey_hex(seed_key));
shpeer_free(&peer);
pub_key = shecdsa_key_pub(priv_key);
memcpy(&cert->cert_sub.ent_sig.sig_key, pub_key, sizeof(shkey_t));
if ((parent->cert_flag & SHCERT_CERT_NONREPUDIATION)) {
/* must be derived from owner to preserve authenticy. */
if (!shkey_cmp(&cert->cert_sub.ent_sig.sig_key,
&cert->cert_iss.ent_sig.sig_key)) {
return (SHERR_ACCESS);
}
}
hex_data = shkey_hex(&cert->cert_iss.ent_sig.sig_key);
data_len = strlen(hex_data) / 2;
memset(data, 0, sizeof(data));
hex2bin(data, hex_data, data_len);
shecdsa_sign(priv_key, sig_r, sig_s, data, data_len);
strcpy(cert->cert_sub.ent_sig.key.ecdsa.sig_r, sig_r);
strcpy(cert->cert_sub.ent_sig.key.ecdsa.sig_s, sig_s);
cert->cert_sub.ent_len = data_len;
shkey_free(&pub_key);
shkey_free(&priv_key);
} else {
err = shencode((char *)&parent->cert_sub.ent_sig.sig_key, sizeof(shkey_t),
&enc_data, &enc_len, &parent->cert_iss.ent_sig.sig_key);
if (err)
return (err);
key = shkey_bin(enc_data, enc_len);
free(enc_data);
memcpy(&cert->cert_sub.ent_sig.sig_key, key, sizeof(shkey_t));
cert->cert_sub.ent_len = enc_len;
shkey_free(&key);
}
cert->cert_flag |= SHCERT_CERT_CHAIN;
cert->cert_flag |= parent->cert_flag; /* inherit parent's attributes */
cert->cert_sub.ent_sig.sig_key.alg = parent->cert_sub.ent_sig.sig_key.alg;
strcpy(cert->cert_iss.ent_name, parent->cert_sub.ent_name);
cert->cert_iss.ent_sig.sig_stamp = parent->cert_sub.ent_sig.sig_stamp;
cert->cert_iss.ent_sig.sig_expire = parent->cert_sub.ent_sig.sig_expire;
cert->cert_iss.ent_len = parent->cert_sub.ent_len;
return (0);
}
