static int priv_encdec_proxy(const char *cmd, int flen, const unsigned char *from, unsigned char *_to, RSA *rsa, int padding)
{
struct st_neverbleed_rsa_exdata_t *exdata;
struct st_neverbleed_thread_data_t *thdata;
struct expbuf_t buf = {};
size_t ret;
unsigned char *to;
size_t tolen;
get_privsep_data(rsa, &exdata, &thdata);
expbuf_push_str(&buf, cmd);
expbuf_push_bytes(&buf, from, flen);
expbuf_push_num(&buf, exdata->key_index);
expbuf_push_num(&buf, padding);
if (expbuf_write(&buf, thdata->fd) != 0)
dief(errno != 0 ? "write error" : "connection closed by daemon");
expbuf_dispose(&buf);
if (expbuf_read(&buf, thdata->fd) != 0)
dief(errno != 0 ? "read error" : "connection closed by daemon");
if (expbuf_shift_num(&buf, &ret) != 0 || (to = expbuf_shift_bytes(&buf, &tolen)) == NULL) {
errno = 0;
dief("failed to parse response");
}
memcpy(_to, to, tolen);
expbuf_dispose(&buf);
return (int)ret;
}
static int sign_proxy(int type, const unsigned char *m, unsigned int m_len, unsigned char *_sigret, unsigned *_siglen,
const RSA *rsa)
{
struct st_neverbleed_rsa_exdata_t *exdata;
struct st_neverbleed_thread_data_t *thdata;
struct expbuf_t buf = {};
size_t ret, siglen;
unsigned char *sigret;
get_privsep_data(rsa, &exdata, &thdata);
expbuf_push_str(&buf, "sign");
expbuf_push_num(&buf, type);
expbuf_push_bytes(&buf, m, m_len);
expbuf_push_num(&buf, exdata->key_index);
if (expbuf_write(&buf, thdata->fd) != 0)
dief(errno != 0 ? "write error" : "connection closed by daemon");
expbuf_dispose(&buf);
if (expbuf_read(&buf, thdata->fd) != 0)
dief(errno != 0 ? "read error" : "connection closed by daemon");
if (expbuf_shift_num(&buf, &ret) != 0 || (sigret = expbuf_shift_bytes(&buf, &siglen)) == NULL) {
errno = 0;
dief("failed to parse response");
}
memcpy(_sigret, sigret, siglen);
*_siglen = (unsigned)siglen;
expbuf_dispose(&buf);
return (int)ret;
}
static int sign_stub(struct expbuf_t *buf)
{
unsigned char *m, sigret[4096];
size_t type, m_len, key_index;
RSA *rsa;
unsigned siglen = 0;
int ret;
if (expbuf_shift_num(buf, &type) != 0 || (m = expbuf_shift_bytes(buf, &m_len)) == NULL ||
expbuf_shift_num(buf, &key_index) != 0) {
errno = 0;
warnf("%s: failed to parse request", __FUNCTION__);
return -1;
}
if ((rsa = daemon_get_rsa(key_index)) == NULL) {
errno = 0;
warnf("%s: invalid key index:%zu", __FUNCTION__, key_index);
return -1;
}
ret = RSA_sign((int)type, m, (unsigned)m_len, sigret, &siglen, rsa);
expbuf_dispose(buf);
expbuf_push_num(buf, ret);
expbuf_push_bytes(buf, sigret, ret == 1 ? siglen : 0);
return 0;
}
static int priv_encdec_stub(const char *name,
int (*func)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding),
struct expbuf_t *buf)
{
unsigned char *from, to[4096];
size_t flen;
size_t key_index, padding;
RSA *rsa;
int ret;
if ((from = expbuf_shift_bytes(buf, &flen)) == NULL || expbuf_shift_num(buf, &key_index) != 0 ||
expbuf_shift_num(buf, &padding) != 0) {
errno = 0;
warnf("%s: failed to parse request", name);
return -1;
}
if ((rsa = daemon_get_rsa(key_index)) == NULL) {
errno = 0;
warnf("%s: invalid key index:%zu\n", name, key_index);
return -1;
}
ret = func((int)flen, from, to, rsa, (int)padding);
expbuf_dispose(buf);
expbuf_push_num(buf, ret);
expbuf_push_bytes(buf, to, ret > 0 ? ret : 0);
return 0;
}
