int shpam_shadow_setpass(shfs_ino_t *file, shseed_t *seed, shkey_t *sess_key) { shadow_t *ent; shadow_t save; shkey_t *seed_key; int err; seed_key = shkey_bin((char *)&seed->seed_uid, sizeof(seed->seed_uid)); ent = shpam_shadow(file, seed_key); shkey_free(&seed_key); if (!ent) return (SHERR_NOENT); memcpy(&save, ent, sizeof(shadow_t)); if (shtime64() >= save.sh_expire) return (SHERR_KEYEXPIRED); if (!shkey_cmp(&save.sh_sess, sess_key)) return (SHERR_KEYREJECTED); seed_key = shkey_bin((char *)&seed->seed_uid, sizeof(seed->seed_uid)); err = shpam_shadow_session_expire(file, seed_key, sess_key); shkey_free(&seed_key); if (err) return (err); err = shpam_shadow_pass_append(file, seed); if (err) return (err); return (0); }
int sexe_event_remove(lua_State *L, int e_type, char *e_name) { sexe_event_t t_event; sexe_event_t *e; shkey_t *key; int err; memset(&t_event, 0, sizeof(t_event)); t_event.event_type = e_type; strncpy(t_event.mod_name, e_name, sizeof(t_event.mod_name) - 1); key = shkey_bin(&t_event, sizeof(sexe_event_t)); /* remove event's global callback */ lua_pushnil(L); lua_setglobal(L, shkey_hex(key)); e = (sexe_event_t *)shmap_get_ptr(event_map, key); if (e) { shmap_unset(event_map, key); free(e); } shkey_free(&key); return (0); }
/** * @see shsig_shr_verify() */ static int _shcert_sign_verify_shr(shcert_t *cert, shcert_t *parent) { shkey_t *key; unsigned char *enc_data; size_t enc_len; int err; if (!parent) return (SHERR_INVAL); err = shencode((char *)&parent->cert_sub.ent_sig.sig_key, sizeof(shkey_t), &enc_data, &enc_len, &parent->cert_iss.ent_sig.sig_key); if (err) return (err); key = shkey_bin(enc_data, enc_len); free(enc_data); if (!shkey_cmp(key, &cert->cert_sub.ent_sig.sig_key)) { /* encrypted key is not validated. */ shkey_free(&key); return (SHERR_KEYREJECTED); } shkey_free(&key); return (0); }
int shpam_shadow_remove(shfs_ino_t *file, uint64_t uid, shkey_t *sess_key) { shadow_t *ent; shadow_t save; shkey_t *key; int err; if (!sess_key) return (SHERR_NOKEY); err = shpam_shadow_load(file, uid, &save); if (err) { return (err); } if (shtime_after(shtime(), save.sh_expire)) return (SHERR_KEYEXPIRED); if (!shkey_cmp(&save.sh_sess, sess_key)) return (SHERR_KEYREJECTED); key = shkey_bin((char *)&uid, sizeof(uid)); err = shfs_cred_remove(file, key); shkey_free(&key); if (err) { return (err); } return (0); }
int shpam_shadow_store(shfs_ino_t *file, shadow_t *shadow) { shadow_t save; shkey_t *key; int err; if (!shadow) return (SHERR_INVAL); #if 0 /* ensure record already exists. */ err = shpam_shadow_load(file, shadow->sh_uid, NULL); if (err) return (err); #endif memcpy(&save, shadow, sizeof(shadow_t)); key = shkey_bin((char *)&save.sh_uid, sizeof(save.sh_uid)); err = shfs_cred_store(file, key, (unsigned char *)&save, sizeof(shadow_t)); shkey_free(&key); if (err) return (err); return (0); }
int shcert_init(shcert_t *cert, char *entity, uint64_t fee, int alg, int flags) { shpeer_t *peer; shkey_t *key; shcert_init_default(cert); /* the relevant name or entity subject */ memset(cert->cert_sub.ent_name, '\0', sizeof(cert->cert_sub.ent_name)); if (entity) strncpy(cert->cert_sub.ent_name, entity, sizeof(cert->cert_sub.ent_name) - 1); /* certificate version */ cert->cert_ver = 3; /* coin cost to license certificate. */ cert->cert_fee = fee; /* certificate attributes */ cert->cert_flag = flags; /* default key algorythm */ if (alg == SHKEY_ALG_ECDSA) { /* specify key length */ shcert_sub_len(cert) = 21; /* 168-bit key */ /* define algorythm */ cert->cert_sub.ent_sig.sig_key.alg = SHKEY_ALG_ECDSA; } else /* (alg == SHKEY_ALG_SHR) */ { /* specify key length */ shcert_sub_len(cert) = 24; /* 192-bit key */ /* generate public key */ memset(shcert_sub_sig(cert), '\000', sizeof(shkey_t)); key = shkey_bin(cert, sizeof(shcert_t)); key->alg = SHKEY_ALG_ECDSA; memcpy(shcert_sub_sig(cert), key, sizeof(shkey_t)); shkey_free(&key); /* define algorythm */ cert->cert_sub.ent_sig.sig_key.alg = SHKEY_ALG_SHR; } return (0); }
/** * A 224-bit key, or less, derived from a binary segment. * @returns An allocated share key. Use shkey_free() to de-allocate. */ shkey_t *shkey(int alg, unsigned char *data, size_t data_len) { shkey_t *ret_key; ret_key = NULL; if (SHALG(alg, SHALG_SHR160)) { ret_key = (shkey_t *)calloc(1, sizeof(shkey_t)); if (!ret_key) return (NULL); /* SHERR_NOMEM */ shkey_shr160_hash(ret_key, data, data_len); } else if (SHALG(alg, SHALG_SHR224)) { ret_key = shkey_shr224(data, data_len); } else { ret_key = shkey_bin(data, data_len); } return (ret_key); }
shkey_t *shgeo_tag(shgeo_t *geo, int prec) { shnum_t nlat; shnum_t nlon; double lat; double lon; char buf[32]; shgeo_loc(geo, &nlat, &nlon, NULL); lat = (double)shnum_prec_dim(nlat, prec); lon = (double)shnum_prec_dim(nlon, prec); memset(buf, 0, sizeof(buf)); memcpy(buf, &lat, sizeof(double)); memcpy(buf + sizeof(double), &lon, sizeof(double)); return (shkey_bin(buf, sizeof(double) * 2)); }
int shpam_shadow_load(shfs_ino_t *file, uint64_t uid, shadow_t *ret_shadow) { shadow_t shadow; shkey_t *key; int err; memset(&shadow, 0, sizeof(shadow_t)); key = shkey_bin((char *)&uid, sizeof(uid)); err = shfs_cred_load(file, key, (unsigned char *)&shadow, sizeof(shadow)); shkey_free(&key); if (err) return (err); if (ret_shadow) memcpy(ret_shadow, &shadow, sizeof(shadow_t)); return (0); }
int tx_init(shpeer_t *cli_peer, tx_t *tx, int tx_op) { shkey_t *key; txop_t *op; int tx_len; int err; if (!tx) return (SHERR_INVAL); op = get_tx_op(tx_op); if (!op) return (SHERR_INVAL); if (op->op_size == 0) return (0); tx->tx_op = tx_op; if (op->op_init) { err = op->op_init(cli_peer, tx); if (err) return (err); } if (tx->tx_flag & TXF_WARD) { err = txward_init(tx); if (err) return (err); } err = local_transid_generate(tx_op, tx); if (err) return (err); /* scrypt error */ /* generate transaction key */ memcpy(&tx->tx_key, ashkey_blank(), sizeof(tx->tx_key)); key = shkey_bin((char *)tx, op->op_keylen ? op->op_keylen : op->op_size); memcpy(&tx->tx_key, key, sizeof(tx->tx_key)); shkey_free(&key); return (0); }
shkey_t *shfs_index_key(shfs_idx_t *idx, uint64_t crc, shfs_dirent_t *ent_p) { shkey_t *key; int h_num = (crc % 256); if (!idx->hash[h_num]) { key = shkey_bin(&crc, sizeof(uint64_t)); idx->hash_ino[h_num] = shfs_inode(idx->file, shkey_hex(key), SHINODE_INDEX); shkey_free(&key); return (NULL); } for (i = 0; i < idx->hash_max[h_num]; i++) { if ((idx->key[h_num] + i) == crc) { return (idx->hash[h_num] + i); } } return (NULL); }
int shpam_shadow_create(shfs_ino_t *file, uint64_t uid, shadow_t *ret_shadow) { shadow_t shadow; shadow_t *sh_list; shbuf_t *buff; shkey_t *id_key; shkey_t *key; int sh_list_max; int idx; int err; if (!file->tree) return (SHERR_INVAL); /* In order to prevent this from allowing already created shadow entries from existing prior the SHERR_NOTUNIQ error code is returned when "err == 0". Currently, this is not considered an error in order to allow pre-established IDs from the sharenet (shared) to be created. */ err = shpam_shadow_load(file, uid, NULL); if (err != 0 && err != SHERR_NOENT) return (err); memset(&shadow, 0, sizeof(shadow_t)); // memcpy(&shadow.sh_sess, ashkey_blank(), sizeof(shkey_t)); shadow.sh_uid = uid; id_key = shpam_ident_gen(uid, &file->tree->peer); memcpy(&shadow.sh_id, id_key, sizeof(shadow.sh_id)); shkey_free(&id_key); key = shkey_bin((char *)&uid, sizeof(uid)); err = shfs_cred_store(file, key, (unsigned char *)&shadow, sizeof(shadow_t)); shkey_free(&key); if (err) return (err); if (ret_shadow) memcpy(ret_shadow, &shadow, sizeof(shadow_t)); return (0); }
int confirm_tx_key(txop_t *op, tx_t *tx) { shkey_t *c_key = &tx->tx_key; shkey_t *key; shbuf_t *buff; tx_t *k_tx; size_t len; int confirm; if (!op || !tx) return (SHERR_INVAL); if (op->op_size == 0) return (0); /* allocate working copy */ len = MAX(sizeof(tx_t), op->op_keylen ? op->op_keylen : op->op_size); buff = shbuf_init(); shbuf_cat(buff, (char *)tx, len); /* blank out tx key */ k_tx = (tx_t *)shbuf_data(buff); memset(&k_tx->tx_key, '\000', sizeof(k_tx->tx_key)); /* verify generated tx key matches. */ key = shkey_bin(shbuf_data(buff), shbuf_size(buff)); confirm = shkey_cmp(c_key, key); shkey_free(&key); shbuf_free(&buff); if (!confirm) { return (SHERR_INVAL); } return (0); }
shkey_t *shkey_cert(shkey_t *key, uint64_t crc, shtime_t stamp) { unsigned char shabuf[64]; unsigned char keybuf[64]; char *ptr; uint32_t *sha_ar; int i; if (!key) return (NULL); memset(shabuf, '@', 64); memcpy(shabuf, &crc, sizeof(uint64_t)); memcpy(shabuf + 8, &stamp, sizeof(shtime_t)); memcpy(shabuf + 16, key, sizeof(shkey_t)); sha_ar = (uint32_t *)shabuf; for (i = 0; i < 16; i++) { sha_ar[i] = htonl(sha_ar[i]); } memset(keybuf, 0, sizeof(keybuf)); sh_sha256(shabuf, sizeof(shabuf), keybuf); return (shkey_bin(keybuf, sizeof(keybuf))); }
shkey_t *get_bond_key(shkey_t *sender, shkey_t *receiver, shkey_t *ref) { static shkey_t ret_key; shkey_t keys[3]; shkey_t *key; if (!sender) sender = shpeer_kpriv(sharedaemon_peer()); else if (!receiver) receiver = shpeer_kpriv(sharedaemon_peer()); if (!ref) ref = ashkey_blank(); memcpy(&keys[0], sender, sizeof(shkey_t)); memcpy(&keys[1], receiver, sizeof(shkey_t)); memcpy(&keys[2], ref, sizeof(shkey_t)); key = shkey_bin(keys, sizeof(shkey_t) * 3); memcpy(&ret_key, key, sizeof(ret_key)); shkey_free(&key); return (&ret_key); }
char *sexe_event_init(int e_type, const char *e_name) { static char key_str[256]; sexe_event_t *e; shkey_t *key; if (!event_map) { event_map = shmap_init(); } e = (sexe_event_t *)calloc(1, sizeof(sexe_event_t)); if (!e) return (SHERR_NOMEM); e->event_type = e_type; strncpy(e->mod_name, e_name, sizeof(e->mod_name) - 1); key = shkey_bin(e, sizeof(sexe_event_t)); memcpy(&e->reg_key, key, sizeof(shkey_t)); shmap_set_ptr(event_map, key, e); strncpy(key_str, shkey_hex(key), sizeof(key_str) - 1); shkey_free(&key); return (key_str); }
shkey_t *shkey_str(char *kvalue) { if (!kvalue) return (shkey_bin(NULL, 0)); return (shkey_bin(kvalue, strlen(kvalue))); }
/** * @see shsig_shr_sign() */ int shcert_sign(shcert_t *cert, shcert_t *parent) { shkey_t *key; unsigned char *enc_data; size_t enc_len; int err; if (!parent) return (SHERR_INVAL); if (!(parent->cert_flag & SHCERT_CERT_SIGN)) { /* parent certificate lacks ability to sign. */ return (SHERR_INVAL); } /* assign issuer's 128-bit serial number (regardless of algorythm) */ memcpy(cert->cert_iss.ent_ser, parent->cert_sub.ent_ser, 16); if (cert->cert_sub.ent_sig.sig_key.alg == SHKEY_ALG_ECDSA) { shkey_t *pub_key = &cert->cert_sub.ent_sig.sig_key; shkey_t *priv_key; shkey_t *seed_key; shpeer_t *peer; char sig_r[256]; char sig_s[256]; char *hex_data; unsigned char data[256]; int data_len; /* fill in parent signature */ memcpy(&cert->cert_iss.ent_sig, &parent->cert_sub.ent_sig, sizeof(shsig_t)); peer = shpeer_init(NULL, NULL); seed_key = shpeer_kpriv(peer); priv_key = shecdsa_key_priv(shkey_hex(seed_key)); shpeer_free(&peer); pub_key = shecdsa_key_pub(priv_key); memcpy(&cert->cert_sub.ent_sig.sig_key, pub_key, sizeof(shkey_t)); if ((parent->cert_flag & SHCERT_CERT_NONREPUDIATION)) { /* must be derived from owner to preserve authenticy. */ if (!shkey_cmp(&cert->cert_sub.ent_sig.sig_key, &cert->cert_iss.ent_sig.sig_key)) { return (SHERR_ACCESS); } } hex_data = shkey_hex(&cert->cert_iss.ent_sig.sig_key); data_len = strlen(hex_data) / 2; memset(data, 0, sizeof(data)); hex2bin(data, hex_data, data_len); shecdsa_sign(priv_key, sig_r, sig_s, data, data_len); strcpy(cert->cert_sub.ent_sig.key.ecdsa.sig_r, sig_r); strcpy(cert->cert_sub.ent_sig.key.ecdsa.sig_s, sig_s); cert->cert_sub.ent_len = data_len; shkey_free(&pub_key); shkey_free(&priv_key); } else { err = shencode((char *)&parent->cert_sub.ent_sig.sig_key, sizeof(shkey_t), &enc_data, &enc_len, &parent->cert_iss.ent_sig.sig_key); if (err) return (err); key = shkey_bin(enc_data, enc_len); free(enc_data); memcpy(&cert->cert_sub.ent_sig.sig_key, key, sizeof(shkey_t)); cert->cert_sub.ent_len = enc_len; shkey_free(&key); } cert->cert_flag |= SHCERT_CERT_CHAIN; cert->cert_flag |= parent->cert_flag; /* inherit parent's attributes */ cert->cert_sub.ent_sig.sig_key.alg = parent->cert_sub.ent_sig.sig_key.alg; strcpy(cert->cert_iss.ent_name, parent->cert_sub.ent_name); cert->cert_iss.ent_sig.sig_stamp = parent->cert_sub.ent_sig.sig_stamp; cert->cert_iss.ent_sig.sig_expire = parent->cert_sub.ent_sig.sig_expire; cert->cert_iss.ent_len = parent->cert_sub.ent_len; return (0); }