From 910c07e9513ca0564454c2c285e788266de12b65 Mon Sep 17 00:00:00 2001 From: John Jones Date: Thu, 9 Feb 2017 12:50:28 -0500 Subject: [PATCH] More changes to encryption negotiation --- crypto/rsa.c | 22 +++++++++---------- include/libp2p/crypto/rsa.h | 2 +- record/record.c | 7 +++++-- secio/secio.c | 42 ++++++++++++++++++------------------- test/crypto/test_rsa.h | 13 +++++++++--- test/test_secio.h | 8 +++---- 6 files changed, 51 insertions(+), 43 deletions(-) diff --git a/crypto/rsa.c b/crypto/rsa.c index 4033fe4..c912d38 100644 --- a/crypto/rsa.c +++ b/crypto/rsa.c @@ -258,13 +258,13 @@ int libp2p_crypto_rsa_rsa_private_key_free(struct RsaPrivateKey* private_key) { * @param result the resultant signature. Note: should be pre-allocated and be the size of the private key (i.e. 2048 bit key can store a sig in 256 bytes) * @returns true(1) on success, otherwise false(0) */ -int libp2p_crypto_rsa_sign(struct RsaPrivateKey* private_key, const char* message, size_t message_length, unsigned char* result) { - unsigned char hash[32]; +int libp2p_crypto_rsa_sign(struct RsaPrivateKey* private_key, const char* message, size_t message_length, unsigned char** result, size_t* result_size) { + unsigned char hash[32] = {0}; int retVal = 0; char* pers = "libp2p crypto rsa sign"; - mbedtls_pk_context private_context; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_pk_context private_context = {0}; + mbedtls_entropy_context entropy = {0}; + mbedtls_ctr_drbg_context ctr_drbg = {0}; unsigned char* der = NULL; int der_allocated = 0; @@ -298,18 +298,18 @@ int libp2p_crypto_rsa_sign(struct RsaPrivateKey* private_key, const char* messag goto exit; + *result_size = ctx->len; + *result = (unsigned char*)malloc(*result_size); // sign - /* - int retVal = mbedtls_rsa_rsassa_pkcs1_v15_sign(ctx, + retVal = mbedtls_rsa_rsassa_pkcs1_v15_sign(ctx, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256, 32, - output, - result ); - */ - retVal = mbedtls_rsa_private(ctx, mbedtls_ctr_drbg_random, &ctr_drbg, hash, result); + hash, + *result ); + //retVal = mbedtls_rsa_private(ctx, mbedtls_ctr_drbg_random, &ctr_drbg, hash, result); if (retVal != 0) { retVal = 0; goto exit; diff --git a/include/libp2p/crypto/rsa.h b/include/libp2p/crypto/rsa.h index f7a513b..2012897 100644 --- a/include/libp2p/crypto/rsa.h +++ b/include/libp2p/crypto/rsa.h @@ -58,7 +58,7 @@ struct RsaPrivateKey* libp2p_crypto_rsa_rsa_private_key_new(); * @param result the resultant signature. Note: should be pre-allocated and be the size of the private key (i.e. 2048) * @returns true(1) on successs, otherwise false(0) */ -int libp2p_crypto_rsa_sign(struct RsaPrivateKey* private_key, const char* message, size_t message_length, unsigned char* result); +int libp2p_crypto_rsa_sign(struct RsaPrivateKey* private_key, const char* message, size_t message_length, unsigned char** result, size_t* result_size); int libp2p_crypto_rsa_verify(struct RsaPublicKey* public_key, const unsigned char* message, size_t message_length, const unsigned char* signature); diff --git a/record/record.c b/record/record.c index f2a8a2d..c8733af 100644 --- a/record/record.c +++ b/record/record.c @@ -48,12 +48,15 @@ int libp2p_record_make_put_record (char** record, size_t *rec_size, struct RsaPr free (pkh); len += l; if (sign) { - char sign_buf[2048]; - if (!libp2p_crypto_rsa_sign (sk, (unsigned char*) p, len, (unsigned char*) sign_buf) || + char *sign_buf; + size_t sign_length; + if (!libp2p_crypto_rsa_sign (sk, (unsigned char*) p, len, (unsigned char**)sign_buf, &sign_length) || !protobuf_encode_string (4, WIRETYPE_LENGTH_DELIMITED, sign_buf, p+len, RECORD_BUFSIZE-len, &l)) { + free(sign_buf); free (p); return -1; } + free(sign_buf); len += l; } } diff --git a/secio/secio.c b/secio/secio.c index 01664c6..ce382ca 100644 --- a/secio/secio.c +++ b/secio/secio.c @@ -188,7 +188,7 @@ int libp2p_secio_select_best(int order, const char* local_list, int local_list_s */ int libp2p_secio_verify_signature(struct PublicKey* public_key, const unsigned char* in, size_t in_length, unsigned char* signature) { if (public_key->type == KEYTYPE_RSA) { - struct RsaPublicKey rsa_key; + struct RsaPublicKey rsa_key = {0}; rsa_key.der = (char*)public_key->data; rsa_key.der_length = public_key->data_size; return libp2p_crypto_rsa_verify(&rsa_key, in, in_length, signature); @@ -199,13 +199,10 @@ int libp2p_secio_verify_signature(struct PublicKey* public_key, const unsigned c int libp2p_secio_sign(struct PrivateKey* private_key, const char* in, size_t in_length, unsigned char** signature, size_t* signature_size) { if (private_key->type == KEYTYPE_RSA) { - struct RsaPrivateKey rsa_key; + struct RsaPrivateKey rsa_key = {0}; rsa_key.der = (char*)private_key->data; rsa_key.der_length = private_key->data_size; - // SHA2-256 signatures are 32 bytes - *signature_size = 32; - *signature = (unsigned char*)malloc(*signature_size); - return libp2p_crypto_rsa_sign(&rsa_key, in, in_length, *signature); + return libp2p_crypto_rsa_sign(&rsa_key, in, in_length, signature, signature_size); } // TODO: Implement this method for non-RSA return 0; @@ -432,10 +429,6 @@ int libp2p_secio_read(struct SecureSession* session, unsigned char** results, si return 0; } } - if (read == 0) { - fprintf(stderr, "Reading numbers: [%02x]", size[read]); - } - fprintf(stderr, " [%02x]", size[read]); if (read == 0 && size[0] == 10) { // a spurious \n // write over this value by not adding it @@ -444,13 +437,11 @@ int libp2p_secio_read(struct SecureSession* session, unsigned char** results, si read += read_this_time; } } while (left > 0); - // now read the number of bytes we've found, minus the 4 that we just read - fprintf(stderr, " Before ntohl: %u", buffer_size); buffer_size = ntohl(buffer_size); - fprintf(stderr, " After: %u\n", buffer_size); if (buffer_size == 0) return 0; + // now read the number of bytes we've found, minus the 4 that we just read left = buffer_size; read = 0; read_this_time = 0; @@ -492,18 +483,18 @@ int libp2p_secio_handshake(struct SecureSession* local_session, struct RsaPrivat struct Propose* propose_out = NULL; struct Propose* propose_in = NULL; struct PublicKey* public_key = NULL; - unsigned char order_hash_in[32]; - unsigned char order_hash_out[32]; - int order; + unsigned char order_hash_in[32] = {0}; + unsigned char order_hash_out[32] = {0}; + int order = 0;; struct Exchange* exchange_in = NULL; struct Exchange* exchange_out = NULL; - unsigned char* exchange_out_protobuf; - size_t exchange_out_protobuf_size; + unsigned char* exchange_out_protobuf = NULL; + size_t exchange_out_protobuf_size = 0; struct Libp2pVector* char_buffer = NULL; struct StretchedKey* k1 = NULL, *k2 = NULL; - struct PrivateKey priv; - struct PublicKey pub_key; - struct SecureSession remote_session; + struct PrivateKey priv = {0}; + struct PublicKey pub_key = {0}; + struct SecureSession remote_session = {0}; char* remote_peer_id = NULL; struct EphemeralPrivateKey* e_private_key = NULL; @@ -529,6 +520,7 @@ int libp2p_secio_handshake(struct SecureSession* local_session, struct RsaPrivat goto exit; } + // Build the proposal to be sent to the new connection: propose_out = libp2p_secio_propose_new(); libp2p_secio_propose_set_property((void**)&propose_out->rand, &propose_out->rand_size, local_session->nonce, 16); @@ -572,7 +564,7 @@ int libp2p_secio_handshake(struct SecureSession* local_session, struct RsaPrivat if (bytes_written < propose_out_size) goto exit; - // try to get the propose object from the server + // now receive the proposal from the new connection bytes_written = libp2p_secio_read(local_session, &propose_in_bytes, &propose_in_size); if (bytes_written <= 0) goto exit; @@ -643,10 +635,14 @@ int libp2p_secio_handshake(struct SecureSession* local_session, struct RsaPrivat if (exchange_out_protobuf == NULL) goto exit; libp2p_secio_exchange_protobuf_encode(exchange_out, exchange_out_protobuf, exchange_out_protobuf_size, &bytes_written); + exchange_out_protobuf_size = bytes_written; libp2p_secio_exchange_free(exchange_out); exchange_out = NULL; bytes_written = libp2p_secio_write(local_session, exchange_out_protobuf, exchange_out_protobuf_size); + if (exchange_out_protobuf_size != bytes_written) + goto exit; free(exchange_out_protobuf); + exchange_out_protobuf = NULL; // receive Exchange packet bytes_written = libp2p_secio_read(local_session, &results, &results_size); @@ -715,6 +711,8 @@ int libp2p_secio_handshake(struct SecureSession* local_session, struct RsaPrivat libp2p_secio_exchange_free(exchange_out); if (e_private_key != NULL) libp2p_crypto_ephemeral_key_free(e_private_key); + if (exchange_out_protobuf != NULL) + free(exchange_out_protobuf); libp2p_secio_propose_free(propose_out); libp2p_secio_propose_free(propose_in); diff --git a/test/crypto/test_rsa.h b/test/crypto/test_rsa.h index 3ba0f1c..0ca7475 100644 --- a/test/crypto/test_rsa.h +++ b/test/crypto/test_rsa.h @@ -192,15 +192,22 @@ int test_crypto_rsa_signing() { val++; } - char result[256]; + unsigned char *result = NULL; + size_t result_size; // sign the buffer - if (libp2p_crypto_rsa_sign(&private_key, bytes, num_bytes, &result[0]) == 0) + if (libp2p_crypto_rsa_sign(&private_key, bytes, num_bytes, &result, &result_size) == 0) { + if (result != NULL) + free(result); return 0; + } // verify the signature - if (libp2p_crypto_rsa_verify(&public_key, bytes, num_bytes, &result[0]) == 0) + if (libp2p_crypto_rsa_verify(&public_key, bytes, num_bytes, result) == 0) { + free(result); return 0; + } + free(result); return 1; } diff --git a/test/test_secio.h b/test/test_secio.h index be1557d..95dce24 100644 --- a/test/test_secio.h +++ b/test/test_secio.h @@ -7,14 +7,14 @@ int test_secio_handshake() { int retVal = 0; size_t decode_base64_size = 0; - unsigned char* decode_base64; + unsigned char* decode_base64 = NULL; // this is a base64 encoded private key. It makes it easier to test if it is in base64 form // these were pulled from the GO version of ipfs - char* orig_priv_key = "CAASqgkwggSmAgEAAoIBAQD0a4RI+bF/ov7IVOGSJ8dQfnK1DwM0gwVuJAd+3LXxIZEPZzsKIKia0TojDbTdLvOJ23wsaojTF/4bSzBK5otdAz8YSgez4vTRUV5pUqvCkK0dSJJ1DHTdrFUwvzlXuKbwNbvWyzjmKfeaE9a9YLzhrUIUTRvKyqhZXr++vMy3hw4fdtGUTJWeiqmoIuJWIZ1748Ff6LjcP7TdG7OvY4q+U9ilEJYdF4aM+TJY193zKp0GNWohunuVrtOUnL9VQaSSDbvGdFS1Mg9iCN6kRBQTHVQvFzvuEw/Y2LvoPH3yFG1zj6bDLWfOBhegy/6Zi6fi4E1UfgJNFN1sjWF+gZoHAgMBAAECggEBALTqBD9zuoMsJYQo99IT6X7WKZeE5i1vMYzF1Fp9iZpS6ylIkrW7WLFHXs3lblMtVoxazn2d2WrOXoLbU4KNROhy57fVy//FZMqufMBetc3NAqYjOmyy7KnLzj7Hu+0HO2GflEq3n4UV2TTNrGv+d7BfawLV1FV1TcjgzfKjkq/gMDCTPMgfT7lcF4TGSqv6Pgudp8RRn/R7EKOx+I8/XkJsZWP3XJ0zj4ciqDmKrX2j7wZMT8CH/8wfyg4NGk1+TN4xBB2CXgulIWJg5yhzu+JgbGnHEL/Ga+i40XJe+RnlKDpjQ+ZFyrOkmHpIldasjWNGFeKwLjzrDQfyDRwex5ECgYEA+fFGJ+zbi2YJwHDO/44PmvcoCWpho0ah7y+O5/LEVROTYEoNRqodLet+z+LMKDq/o2qTNaYJLiDGMBZzhqyJIFR5ZJ5MhgLloY1gL8s0a7KMWDbh7giiWSu5zqhB3Du8Tom+8bYZUxOL4zhzCGrFitRqiEIIjy1/c5qyRQZaZx8CgYEA+lf6tdO6kKiAOxm7sdZ3rEl4UGFY+tEqgivKwurLRIor0XDfhCKr1hCfsZggpR8SMLfjCuNEgKbceofcKMa8OtyDbMPRz0mYNkCELTUYA+r8Ib/LvleQApMcLn+TDNwEnGlglSrrF33RVAUK+i/WfSXUvZRVpLQpRmdAqHjJeBkCgYEA0+Zz/iFXOGW32slJFWxRWqYz8VeZk52saGY/l/I/9Yj1J2tgugo7VtUS3BiB0ZGNK3SNfaxYmBz9KYO/Sew5DYnQqTdz1SHboQ2FAMAcnznutlNBVFdJnKPvkX8g5yBV05gApFgoPECUFn2jOP2coMjZ0M97Bjgil9YNUWvDdS0CgYEA4beFs3+tzVRAGgl/tD7dNBgiRMchBTSmkSuO6+PrVmcGTxboUSk5qg7fDa9Ob9LuAcMrENwNHbpVPJ1WoeVePewpC14bxDxk4zWUd3ZRquaqYnud5obor4mYdUxNd+DAv447qQNDaLDmlkzdsuqDB9+eSzh9Z72RIYtjPwN5E7ECgYEAsbqkMZXfK1tTRfduX+7KOlPMfcSr29X6nuDglcna4dHec6FAOzp3xL2722nnFt6gygc7pErrm0m0Wd/6BMTb4T3+GYwkDiMjM2CsTZYjpzrUri/VfRR509rScxHVR0/1PTFWN0K0+VZbEAyXDbbs4opq40tW0dWtcKxaNlimMw8="; - char* orig_peer_id = "QmbTyKkUuv6yaSpTuCFq1Ft6Q3g4wTtFJk1BLGMPRdAEP8"; + char* orig_priv_key = "CAASpwkwggSjAgEAAoIBAQCwfp3DpbTP/nD1R+1PcP7nDOV9MEDiLUoNf9cBVhWGefJT0ES81do1COwLXiD/k7gAHJu197F7AfFYKt+NQu6jpCDC/uRtK0M0MpeDGI0LV1oz0rKLTN79zQwKDHFimWCmNyOZRLfR3PF5TgLc0qiFOZw9WwYNJkohu6k6yVMDJiy3l/+K5Vdw9VVyz7mRulXdDvEMxccraKaTvjLAUNFjiqm5Zs3hrcZszuuP2RhcpZU40kuWDtyN9TAEge0NfhS5Fj7GtgQsHWJ4RxTdebHkQmX49ltI/nIw9TxGIVcA50g7eF/3a3zZtkh48JadbHiT2Mfr6SPXl0328gyg7v7tAgMBAAECggEABGlFvCwaFtC/NgI0NjYWyOOToMth88U6AphdYVUreI73tYyRCz81EvpEHAygOoMQqEAOzD+CmhZ0V8XKjJdNq51gjD8eqnPYXCefjdFBRTVLtdvgRocHU8SaNm4VL2ex+LWMGDqVdZNWHbgLbkV9nMbR1t69ifqZA7rTAfsiLgPtneu4kGjrO1nr+uFC0srch2o0stmiqxmcGOrkD9x2kXkw33O8wTSyBp3+STlTOehePuUqEho9BXdT7b2nXC8MNdTCekG9f3oUeKsK9pxH7ZlG3yUOBoM0mEm/N7BrPfJnQbogomUapWOpssWKSz0LCpKuy4El3mFpua0jmd3nAQKBgQDWvVHj44gSecjsrWH/QpMIn8W/ISXfJRxJKrdVBRC5Ey0h3wdLnF6Olz4kuD7KurPOWNR+IKaLzOWxZdX79aQn+oY8lB+UCM+0w1TWJeSWBUYATPtUU4xpKdD6YZ8ksOdgZ4hbn9VD49uu/SJUPVNGV+eHibnvdR+/sFJuHTAb4QKBgQDSaBd1V7z5R6NK8373QNMDHZnSa2qH8uAGvoSuajYGgcpAzDY3aueQFpQS66scrZK6zLQyOQgtyrIg/hKbeP+vV5LGBirzOtAH7Kko5BYeY/SCXOkHBsHhuPGyghqWl6KR2Vj8cjJZFCAiUvoqf3Ws0vW58kp/KgDCnlKGmgQkjQKBgDPYi7/4vG6xhqhWCDYIDdXkNWs7BpjErfqgXJkjWvFERv5Jicpgm5fTvkZBUa/CugzU96DoIy3Xr5FQJATsPtEENIrFvIYSRou/KWl2xqTN6yPBcmDetyTg2rrI/RJvv71P4eU1RtlYVz79kN9D2yo9qQHZZ9H/tkWivZQmaeohAoGAIafa0L9HEAzAdvW6AmzRE/eBKmJaOQLFiO6ipI+CssnCA1lm9rhX7/lcmCYwSbcN+GlUDZCH2WNJ2PMrIMlbBL4aUSidaCipLAtUB6FsVFIiw1N/Rsty6ds+dhJPlHUO4QuGK2NM4GjStwrUz0VyGkHoYmT6O5sJYhgXFUa/kOUCgYEAv1VGeX6EPsFgp+FKM1Q/8MYi7PPpSUI2fqMhnwe36u7UdNYa3Ismmo/ipfCw7DdX5qRcUh44PodTp4Zwp67Bd2KRzEAZmMvIurzclQB7VWUT7pB7yfbO9bjBUVbPTagjiqb30zq9A4kt+B/0MSPxa/Kh8EkgI02Jqh2Q97Ij4sc="; + char* orig_peer_id = "QmYm3WdMQqqQuEyCWmRVNEjtXjhGhyRRNshdvqV7YLGvpA"; size_t orig_peer_id_size = strlen(orig_peer_id); struct RsaPrivateKey* rsa_private_key = NULL; - unsigned char hashed[32]; + unsigned char hashed[32] = {0}; size_t final_id_size = 1600; unsigned char final_id[final_id_size];