/* -*-c-*-
*
- * $Id$
- *
* Various handy server-only utilities
*
* (c) 2001 Straylight/Edgeware
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
* This file is part of Trivial IP Encryption (TrIPE).
*
- * TrIPE is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * TrIPE is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
+ * TrIPE is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at your
+ * option) any later version.
+ *
+ * TrIPE is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
* You should have received a copy of the GNU General Public License
- * along with TrIPE; if not, write to the Free Software Foundation,
- * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ * along with TrIPE. If not, see <https://www.gnu.org/licenses/>.
*/
/*----- Header files ------------------------------------------------------*/
/*----- Global variables --------------------------------------------------*/
-octet buf_i[PKBUFSZ], buf_o[PKBUFSZ], buf_t[PKBUFSZ];
-
-/*----- Main code ---------------------------------------------------------*/
-
-/* --- @mpstr@ --- *
- *
- * Arguments: @mp *m@ = a multiprecision integer
- *
- * Returns: A pointer to the integer's textual representation.
- *
- * Use: Converts a multiprecision integer to a string. Corrupts
- * @buf_t@.
- */
-
-const char *mpstr(mp *m)
-{
- if (mp_writestring(m, (char *)buf_t, sizeof(buf_t), 10))
- return ("<failed>");
- return ((const char *)buf_t);
-}
+octet buf_i[PKBUFSZ], buf_o[PKBUFSZ], buf_t[PKBUFSZ], buf_u[PKBUFSZ];
-/* --- @gestr@ --- *
- *
- * Arguments: @group *g@ = a group
- * @ge *x@ = a group element
- *
- * Returns: A pointer to the element's textual representation.
- *
- * Use: Converts a group element to a string. Corrupts
- * @buf_t@.
- */
-
-const char *gestr(group *g, ge *x)
-{
- if (group_writestring(g, x, (char *)buf_t, sizeof(buf_t)))
- return ("<failed>");
- return ((const char *)buf_t);
-}
-
-/* --- @timestr@ --- *
- *
- * Arguments: @time_t t@ = a time to convert
- *
- * Returns: A pointer to a textual representation of the time.
- *
- * Use: Converts a time to a textual representation. Corrupts
- * @buf_t@.
- */
-
-const char *timestr(time_t t)
-{
- struct tm *tm;
- if (!t)
- return ("NEVER");
- tm = localtime(&t);
- strftime((char *)buf_t, sizeof(buf_t), "%Y-%m-%dT%H:%M:%S", tm);
- return ((const char *)buf_t);
-}
+/*----- Sequence numbers --------------------------------------------------*/
/* --- @seq_reset@ --- *
*
return (0);
}
+/*----- Rate limiting -----------------------------------------------------*/
+
+/* --- @ratelim_init@ --- *
+ *
+ * Arguments: @ratelim *r@ = rate-limiting state to fill in
+ * @unsigned persec@ = credit to accumulate per second
+ * @unsigned max@ = maximum credit to retain
+ *
+ * Returns: ---
+ *
+ * Use: Initialize a rate-limiting state.
+ */
+
+void ratelim_init(ratelim *r, unsigned persec, unsigned max)
+{
+ r->n = r->max = max;
+ r->persec = persec;
+ gettimeofday(&r->when, 0);
+}
+
+/* --- @ratelim_withdraw@ --- *
+ *
+ * Arguments: @ratelim *r@ = rate-limiting state
+ * @unsigned n@ = credit to withdraw
+ *
+ * Returns: Zero if successful; @-1@ if there is unsufficient credit
+ *
+ * Use: Updates the state with any accumulated credit. Then, if
+ * there there are more than @n@ credits available, withdraw @n@
+ * and return successfully; otherwise, report failure.
+ */
+
+int ratelim_withdraw(ratelim *r, unsigned n)
+{
+ struct timeval now, delta;
+ unsigned long d;
+
+ gettimeofday(&now, 0);
+ TV_SUB(&delta, &now, &r->when);
+ d = (unsigned long)r->persec*delta.tv_sec +
+ (unsigned long)r->persec*delta.tv_usec/MILLION;
+ if (d < r->max - r->n) r->n += d;
+ else r->n = r->max;
+ r->when = now;
+
+ if (n > r->n) return (-1);
+ else { r->n -= n; return (0); }
+}
+
+/*----- Crypto ------------------------------------------------------------*/
+
+/* --- @ies_encrypt@ --- *
+ *
+ * Arguments: @kdata *kpub@ = recipient's public key
+ * @unsigned ty@ = message type octet
+ * @buf *b@ = input message buffer
+ * @buf *bb@ = output buffer for the ciphertext
+ *
+ * Returns: On error, returns a @KSERR_...@ code or breaks the buffer;
+ * on success, returns zero and the buffer is good.
+ *
+ * Use: Encrypts a message for a recipient, given their public key.
+ * This does not (by itself) provide forward secrecy or sender
+ * authenticity. The ciphertext is self-delimiting (unlike
+ * @ks_encrypt@).
+ */
+
+int ies_encrypt(kdata *kpub, unsigned ty, buf *b, buf *bb)
+{
+ dhgrp *g = kpub->grp;
+ dhsc *u = g->ops->randsc(g);
+ dhge *U = g->ops->mul(g, u, 0), *Z = g->ops->mul(g, u, kpub->K);
+ bulkalgs *algs = kpub->algs.bulk;
+ octet *len;
+ bulkctx *bulk;
+ deriveargs a;
+ size_t n;
+ buf bk;
+ int rc = 0;
+
+ IF_TRACING(T_CRYPTO, {
+ trace(T_CRYPTO,
+ "crypto: encrypting IES message (type 0x%02x) for recipient `%s'",
+ ty, kpub->tag);
+ trace_block(T_CRYPTO, "crypto: plaintext message", BCUR(b), BLEFT(b));
+ })
+
+ a.hc = kpub->algs.h; a.what = "tripe:ecies-"; a.f = DF_OUT;
+ buf_init(&bk, buf_u, sizeof(buf_u)); a.k = BBASE(&bk);
+ g->ops->stge(g, &bk, U, DHFMT_HASH); a.x = a.y = BLEN(&bk);
+ g->ops->stge(g, &bk, Z, DHFMT_HASH); a.z = BLEN(&bk);
+ assert(BOK(&bk));
+ T( trace_block(T_CRYPTO, "crypto: KEM clue", a.k, a.x);
+ trace_block(T_CRYPTO, "crypto: shared secret", a.k + a.y, a.z - a.y); )
+
+ len = BCUR(bb); buf_get(bb, 2);
+ bulk = algs->ops->genkeys(algs, &a);
+ bulk->ops = algs->ops;
+ g->ops->stge(g, bb, U, DHFMT_VAR); if (BBAD(bb)) goto end;
+ rc = bulk->ops->encrypt(bulk, ty, b, bb, 0);
+ if (rc || BBAD(bb)) goto end;
+ n = BCUR(bb) - len - 2; assert(n <= MASK16); STORE16(len, n);
+
+end:
+ bulk->ops->freectx(bulk);
+ g->ops->freesc(g, u);
+ g->ops->freege(g, U);
+ g->ops->freege(g, Z);
+ return (rc);
+}
+
+/* --- @ies_decrypt@ --- *
+ *
+ * Arguments: @kdata *kpub@ = private key key
+ * @unsigned ty@ = message type octet
+ * @buf *b@ = input ciphertext buffer
+ * @buf *bb@ = output buffer for the message
+ *
+ * Returns: On error, returns a @KSERR_...@ code; on success, returns
+ * zero and the buffer is good.
+ *
+ * Use: Decrypts a message encrypted using @ies_encrypt@, given our
+ * private key.
+ */
+
+int ies_decrypt(kdata *kpriv, unsigned ty, buf *b, buf *bb)
+{
+ dhgrp *g = kpriv->grp;
+ bulkalgs *algs = kpriv->algs.bulk;
+ bulkctx *bulk = 0;
+ T( const octet *m; )
+ dhge *U = 0, *Z = 0;
+ deriveargs a;
+ uint32 seq;
+ buf bk, bc;
+ int rc;
+
+ IF_TRACING(T_CRYPTO, {
+ trace(T_CRYPTO,
+ "crypto: decrypting IES message (type 0x%02x) to recipient `%s'",
+ ty, kpriv->tag);
+ trace_block(T_CRYPTO, "crypto: ciphertext message", BCUR(b), BLEFT(b));
+ })
+
+ if (buf_getbuf16(b, &bc) ||
+ (U = g->ops->ldge(g, &bc, DHFMT_VAR)) == 0 ||
+ g->ops->checkge(g, U))
+ { rc = KSERR_MALFORMED; goto end; }
+ Z = g->ops->mul(g, kpriv->k, U);
+
+ a.hc = kpriv->algs.h; a.what = "tripe:ecies-"; a.f = DF_IN;
+ buf_init(&bk, buf_u, sizeof(buf_u)); a.k = BBASE(&bk); a.x = 0;
+ g->ops->stge(g, &bk, U, DHFMT_HASH); a.y = BLEN(&bk);
+ g->ops->stge(g, &bk, Z, DHFMT_HASH); a.z = BLEN(&bk);
+ T( trace_block(T_CRYPTO, "crypto: KEM clue", a.k + a.x, a.y - a.x);
+ trace_block(T_CRYPTO, "crypto: shared secret", a.k + a.y, a.z - a.y); )
+ assert(BOK(&bk));
+
+ bulk = algs->ops->genkeys(algs, &a);
+ bulk->ops = algs->ops;
+ T( m = BCUR(bb); )
+ rc = bulk->ops->decrypt(bulk, ty, &bc, bb, &seq);
+ if (rc) goto end;
+ if (seq) { rc = KSERR_SEQ; goto end; }
+ assert(BOK(bb));
+ T( trace_block(T_CRYPTO, "crypto: decrypted message", m, BCUR(bb) - m); )
+
+end:
+ if (bulk) bulk->ops->freectx(bulk);
+ g->ops->freege(g, U);
+ g->ops->freege(g, Z);
+ return (rc);
+}
+
+/*----- Random odds and sods ----------------------------------------------*/
+
+/* --- @timestr@ --- *
+ *
+ * Arguments: @time_t t@ = a time to convert
+ *
+ * Returns: A pointer to a textual representation of the time.
+ *
+ * Use: Converts a time to a textual representation. Corrupts
+ * @buf_u@.
+ */
+
+const char *timestr(time_t t)
+{
+ struct tm *tm;
+ if (!t)
+ return ("NEVER");
+ tm = localtime(&t);
+ strftime((char *)buf_u, sizeof(buf_u), "%Y-%m-%dT%H:%M:%S", tm);
+ return ((const char *)buf_u);
+}
+
+/* --- @mystrieq@ --- *
+ *
+ * Arguments: @const char *x, *y@ = two strings
+ *
+ * Returns: True if @x@ and @y are equal, up to case.
+ */
+
+int mystrieq(const char *x, const char *y)
+{
+ for (;;) {
+ if (!*x && !*y) return (1);
+ if (tolower((unsigned char)*x) != tolower((unsigned char)*y))
+ return (0);
+ x++; y++;
+ }
+}
+
+/*----- Address handling --------------------------------------------------*/
+
+const struct addrfam aftab[] = {
+#ifdef HAVE_LIBADNS
+# define DEF(af, qf) { AF_##af, #af, adns_qf_##qf },
+#else
+# define DEF(af, qf) { AF_##af, #af },
+#endif
+ ADDRFAM(DEF)
+#undef DEF
+};
+
+/* --- @afix@ --- *
+ *
+ * Arguments: @int af@ = an address family code
+ *
+ * Returns: The index of the address family's record in @aftab@, or @-1@.
+ */
+
+int afix(int af)
+{
+ int i;
+
+ for (i = 0; i < NADDRFAM; i++)
+ if (af == aftab[i].af) return (i);
+ return (-1);
+}
+
+/* --- @addrsz@ --- *
+ *
+ * Arguments: @const addr *a@ = a network address
+ *
+ * Returns: The size of the address, for passing into the sockets API.
+ */
+
+socklen_t addrsz(const addr *a)
+{
+ switch (a->sa.sa_family) {
+ case AF_INET: return (sizeof(a->sin));
+ case AF_INET6: return (sizeof(a->sin6));
+ default: abort();
+ }
+}
+
+/* --- @getport@, @setport@ --- *
+ *
+ * Arguments: @addr *a@ = a network address
+ * @unsigned port@ = port number to set
+ *
+ * Returns: ---
+ *
+ * Use: Retrieves or sets the port number in an address structure.
+ */
+
+unsigned getport(addr *a)
+{
+ switch (a->sa.sa_family) {
+ case AF_INET: return (ntohs(a->sin.sin_port)); break;
+ case AF_INET6: return (ntohs(a->sin6.sin6_port)); break;
+ default: abort();
+ }
+}
+
+void setport(addr *a, unsigned port)
+{
+ switch (a->sa.sa_family) {
+ case AF_INET: a->sin.sin_port = htons(port); break;
+ case AF_INET6: a->sin6.sin6_port = htons(port); break;
+ default: abort();
+ }
+}
+
/*----- That's all, folks -------------------------------------------------*/