More changes to encryption negotiation

This commit is contained in:
John Jones 2017-02-09 12:50:28 -05:00
parent e55f81490d
commit 910c07e951
6 changed files with 51 additions and 43 deletions

View file

@ -258,13 +258,13 @@ int libp2p_crypto_rsa_rsa_private_key_free(struct RsaPrivateKey* private_key) {
* @param result the resultant signature. Note: should be pre-allocated and be the size of the private key (i.e. 2048 bit key can store a sig in 256 bytes)
* @returns true(1) on success, otherwise false(0)
*/
int libp2p_crypto_rsa_sign(struct RsaPrivateKey* private_key, const char* message, size_t message_length, unsigned char* result) {
unsigned char hash[32];
int libp2p_crypto_rsa_sign(struct RsaPrivateKey* private_key, const char* message, size_t message_length, unsigned char** result, size_t* result_size) {
unsigned char hash[32] = {0};
int retVal = 0;
char* pers = "libp2p crypto rsa sign";
mbedtls_pk_context private_context;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_pk_context private_context = {0};
mbedtls_entropy_context entropy = {0};
mbedtls_ctr_drbg_context ctr_drbg = {0};
unsigned char* der = NULL;
int der_allocated = 0;
@ -298,18 +298,18 @@ int libp2p_crypto_rsa_sign(struct RsaPrivateKey* private_key, const char* messag
goto exit;
*result_size = ctx->len;
*result = (unsigned char*)malloc(*result_size);
// sign
/*
int retVal = mbedtls_rsa_rsassa_pkcs1_v15_sign(ctx,
retVal = mbedtls_rsa_rsassa_pkcs1_v15_sign(ctx,
mbedtls_ctr_drbg_random,
&ctr_drbg,
MBEDTLS_RSA_PRIVATE,
MBEDTLS_MD_SHA256,
32,
output,
result );
*/
retVal = mbedtls_rsa_private(ctx, mbedtls_ctr_drbg_random, &ctr_drbg, hash, result);
hash,
*result );
//retVal = mbedtls_rsa_private(ctx, mbedtls_ctr_drbg_random, &ctr_drbg, hash, result);
if (retVal != 0) {
retVal = 0;
goto exit;

View file

@ -58,7 +58,7 @@ struct RsaPrivateKey* libp2p_crypto_rsa_rsa_private_key_new();
* @param result the resultant signature. Note: should be pre-allocated and be the size of the private key (i.e. 2048)
* @returns true(1) on successs, otherwise false(0)
*/
int libp2p_crypto_rsa_sign(struct RsaPrivateKey* private_key, const char* message, size_t message_length, unsigned char* result);
int libp2p_crypto_rsa_sign(struct RsaPrivateKey* private_key, const char* message, size_t message_length, unsigned char** result, size_t* result_size);
int libp2p_crypto_rsa_verify(struct RsaPublicKey* public_key, const unsigned char* message, size_t message_length, const unsigned char* signature);

View file

@ -48,12 +48,15 @@ int libp2p_record_make_put_record (char** record, size_t *rec_size, struct RsaPr
free (pkh);
len += l;
if (sign) {
char sign_buf[2048];
if (!libp2p_crypto_rsa_sign (sk, (unsigned char*) p, len, (unsigned char*) sign_buf) ||
char *sign_buf;
size_t sign_length;
if (!libp2p_crypto_rsa_sign (sk, (unsigned char*) p, len, (unsigned char**)sign_buf, &sign_length) ||
!protobuf_encode_string (4, WIRETYPE_LENGTH_DELIMITED, sign_buf, p+len, RECORD_BUFSIZE-len, &l)) {
free(sign_buf);
free (p);
return -1;
}
free(sign_buf);
len += l;
}
}

View file

@ -188,7 +188,7 @@ int libp2p_secio_select_best(int order, const char* local_list, int local_list_s
*/
int libp2p_secio_verify_signature(struct PublicKey* public_key, const unsigned char* in, size_t in_length, unsigned char* signature) {
if (public_key->type == KEYTYPE_RSA) {
struct RsaPublicKey rsa_key;
struct RsaPublicKey rsa_key = {0};
rsa_key.der = (char*)public_key->data;
rsa_key.der_length = public_key->data_size;
return libp2p_crypto_rsa_verify(&rsa_key, in, in_length, signature);
@ -199,13 +199,10 @@ int libp2p_secio_verify_signature(struct PublicKey* public_key, const unsigned c
int libp2p_secio_sign(struct PrivateKey* private_key, const char* in, size_t in_length, unsigned char** signature, size_t* signature_size) {
if (private_key->type == KEYTYPE_RSA) {
struct RsaPrivateKey rsa_key;
struct RsaPrivateKey rsa_key = {0};
rsa_key.der = (char*)private_key->data;
rsa_key.der_length = private_key->data_size;
// SHA2-256 signatures are 32 bytes
*signature_size = 32;
*signature = (unsigned char*)malloc(*signature_size);
return libp2p_crypto_rsa_sign(&rsa_key, in, in_length, *signature);
return libp2p_crypto_rsa_sign(&rsa_key, in, in_length, signature, signature_size);
}
// TODO: Implement this method for non-RSA
return 0;
@ -432,10 +429,6 @@ int libp2p_secio_read(struct SecureSession* session, unsigned char** results, si
return 0;
}
}
if (read == 0) {
fprintf(stderr, "Reading numbers: [%02x]", size[read]);
}
fprintf(stderr, " [%02x]", size[read]);
if (read == 0 && size[0] == 10) {
// a spurious \n
// write over this value by not adding it
@ -444,13 +437,11 @@ int libp2p_secio_read(struct SecureSession* session, unsigned char** results, si
read += read_this_time;
}
} while (left > 0);
// now read the number of bytes we've found, minus the 4 that we just read
fprintf(stderr, " Before ntohl: %u", buffer_size);
buffer_size = ntohl(buffer_size);
fprintf(stderr, " After: %u\n", buffer_size);
if (buffer_size == 0)
return 0;
// now read the number of bytes we've found, minus the 4 that we just read
left = buffer_size;
read = 0;
read_this_time = 0;
@ -492,18 +483,18 @@ int libp2p_secio_handshake(struct SecureSession* local_session, struct RsaPrivat
struct Propose* propose_out = NULL;
struct Propose* propose_in = NULL;
struct PublicKey* public_key = NULL;
unsigned char order_hash_in[32];
unsigned char order_hash_out[32];
int order;
unsigned char order_hash_in[32] = {0};
unsigned char order_hash_out[32] = {0};
int order = 0;;
struct Exchange* exchange_in = NULL;
struct Exchange* exchange_out = NULL;
unsigned char* exchange_out_protobuf;
size_t exchange_out_protobuf_size;
unsigned char* exchange_out_protobuf = NULL;
size_t exchange_out_protobuf_size = 0;
struct Libp2pVector* char_buffer = NULL;
struct StretchedKey* k1 = NULL, *k2 = NULL;
struct PrivateKey priv;
struct PublicKey pub_key;
struct SecureSession remote_session;
struct PrivateKey priv = {0};
struct PublicKey pub_key = {0};
struct SecureSession remote_session = {0};
char* remote_peer_id = NULL;
struct EphemeralPrivateKey* e_private_key = NULL;
@ -529,6 +520,7 @@ int libp2p_secio_handshake(struct SecureSession* local_session, struct RsaPrivat
goto exit;
}
// Build the proposal to be sent to the new connection:
propose_out = libp2p_secio_propose_new();
libp2p_secio_propose_set_property((void**)&propose_out->rand, &propose_out->rand_size, local_session->nonce, 16);
@ -572,7 +564,7 @@ int libp2p_secio_handshake(struct SecureSession* local_session, struct RsaPrivat
if (bytes_written < propose_out_size)
goto exit;
// try to get the propose object from the server
// now receive the proposal from the new connection
bytes_written = libp2p_secio_read(local_session, &propose_in_bytes, &propose_in_size);
if (bytes_written <= 0)
goto exit;
@ -643,10 +635,14 @@ int libp2p_secio_handshake(struct SecureSession* local_session, struct RsaPrivat
if (exchange_out_protobuf == NULL)
goto exit;
libp2p_secio_exchange_protobuf_encode(exchange_out, exchange_out_protobuf, exchange_out_protobuf_size, &bytes_written);
exchange_out_protobuf_size = bytes_written;
libp2p_secio_exchange_free(exchange_out);
exchange_out = NULL;
bytes_written = libp2p_secio_write(local_session, exchange_out_protobuf, exchange_out_protobuf_size);
if (exchange_out_protobuf_size != bytes_written)
goto exit;
free(exchange_out_protobuf);
exchange_out_protobuf = NULL;
// receive Exchange packet
bytes_written = libp2p_secio_read(local_session, &results, &results_size);
@ -715,6 +711,8 @@ int libp2p_secio_handshake(struct SecureSession* local_session, struct RsaPrivat
libp2p_secio_exchange_free(exchange_out);
if (e_private_key != NULL)
libp2p_crypto_ephemeral_key_free(e_private_key);
if (exchange_out_protobuf != NULL)
free(exchange_out_protobuf);
libp2p_secio_propose_free(propose_out);
libp2p_secio_propose_free(propose_in);

View file

@ -192,15 +192,22 @@ int test_crypto_rsa_signing() {
val++;
}
char result[256];
unsigned char *result = NULL;
size_t result_size;
// sign the buffer
if (libp2p_crypto_rsa_sign(&private_key, bytes, num_bytes, &result[0]) == 0)
if (libp2p_crypto_rsa_sign(&private_key, bytes, num_bytes, &result, &result_size) == 0) {
if (result != NULL)
free(result);
return 0;
}
// verify the signature
if (libp2p_crypto_rsa_verify(&public_key, bytes, num_bytes, &result[0]) == 0)
if (libp2p_crypto_rsa_verify(&public_key, bytes, num_bytes, result) == 0) {
free(result);
return 0;
}
free(result);
return 1;
}

View file

@ -7,14 +7,14 @@
int test_secio_handshake() {
int retVal = 0;
size_t decode_base64_size = 0;
unsigned char* decode_base64;
unsigned char* decode_base64 = NULL;
// this is a base64 encoded private key. It makes it easier to test if it is in base64 form
// these were pulled from the GO version of ipfs
char* orig_priv_key = "CAASqgkwggSmAgEAAoIBAQD0a4RI+bF/ov7IVOGSJ8dQfnK1DwM0gwVuJAd+3LXxIZEPZzsKIKia0TojDbTdLvOJ23wsaojTF/4bSzBK5otdAz8YSgez4vTRUV5pUqvCkK0dSJJ1DHTdrFUwvzlXuKbwNbvWyzjmKfeaE9a9YLzhrUIUTRvKyqhZXr++vMy3hw4fdtGUTJWeiqmoIuJWIZ1748Ff6LjcP7TdG7OvY4q+U9ilEJYdF4aM+TJY193zKp0GNWohunuVrtOUnL9VQaSSDbvGdFS1Mg9iCN6kRBQTHVQvFzvuEw/Y2LvoPH3yFG1zj6bDLWfOBhegy/6Zi6fi4E1UfgJNFN1sjWF+gZoHAgMBAAECggEBALTqBD9zuoMsJYQo99IT6X7WKZeE5i1vMYzF1Fp9iZpS6ylIkrW7WLFHXs3lblMtVoxazn2d2WrOXoLbU4KNROhy57fVy//FZMqufMBetc3NAqYjOmyy7KnLzj7Hu+0HO2GflEq3n4UV2TTNrGv+d7BfawLV1FV1TcjgzfKjkq/gMDCTPMgfT7lcF4TGSqv6Pgudp8RRn/R7EKOx+I8/XkJsZWP3XJ0zj4ciqDmKrX2j7wZMT8CH/8wfyg4NGk1+TN4xBB2CXgulIWJg5yhzu+JgbGnHEL/Ga+i40XJe+RnlKDpjQ+ZFyrOkmHpIldasjWNGFeKwLjzrDQfyDRwex5ECgYEA+fFGJ+zbi2YJwHDO/44PmvcoCWpho0ah7y+O5/LEVROTYEoNRqodLet+z+LMKDq/o2qTNaYJLiDGMBZzhqyJIFR5ZJ5MhgLloY1gL8s0a7KMWDbh7giiWSu5zqhB3Du8Tom+8bYZUxOL4zhzCGrFitRqiEIIjy1/c5qyRQZaZx8CgYEA+lf6tdO6kKiAOxm7sdZ3rEl4UGFY+tEqgivKwurLRIor0XDfhCKr1hCfsZggpR8SMLfjCuNEgKbceofcKMa8OtyDbMPRz0mYNkCELTUYA+r8Ib/LvleQApMcLn+TDNwEnGlglSrrF33RVAUK+i/WfSXUvZRVpLQpRmdAqHjJeBkCgYEA0+Zz/iFXOGW32slJFWxRWqYz8VeZk52saGY/l/I/9Yj1J2tgugo7VtUS3BiB0ZGNK3SNfaxYmBz9KYO/Sew5DYnQqTdz1SHboQ2FAMAcnznutlNBVFdJnKPvkX8g5yBV05gApFgoPECUFn2jOP2coMjZ0M97Bjgil9YNUWvDdS0CgYEA4beFs3+tzVRAGgl/tD7dNBgiRMchBTSmkSuO6+PrVmcGTxboUSk5qg7fDa9Ob9LuAcMrENwNHbpVPJ1WoeVePewpC14bxDxk4zWUd3ZRquaqYnud5obor4mYdUxNd+DAv447qQNDaLDmlkzdsuqDB9+eSzh9Z72RIYtjPwN5E7ECgYEAsbqkMZXfK1tTRfduX+7KOlPMfcSr29X6nuDglcna4dHec6FAOzp3xL2722nnFt6gygc7pErrm0m0Wd/6BMTb4T3+GYwkDiMjM2CsTZYjpzrUri/VfRR509rScxHVR0/1PTFWN0K0+VZbEAyXDbbs4opq40tW0dWtcKxaNlimMw8=";
char* orig_peer_id = "QmbTyKkUuv6yaSpTuCFq1Ft6Q3g4wTtFJk1BLGMPRdAEP8";
char* orig_priv_key = "CAASpwkwggSjAgEAAoIBAQCwfp3DpbTP/nD1R+1PcP7nDOV9MEDiLUoNf9cBVhWGefJT0ES81do1COwLXiD/k7gAHJu197F7AfFYKt+NQu6jpCDC/uRtK0M0MpeDGI0LV1oz0rKLTN79zQwKDHFimWCmNyOZRLfR3PF5TgLc0qiFOZw9WwYNJkohu6k6yVMDJiy3l/+K5Vdw9VVyz7mRulXdDvEMxccraKaTvjLAUNFjiqm5Zs3hrcZszuuP2RhcpZU40kuWDtyN9TAEge0NfhS5Fj7GtgQsHWJ4RxTdebHkQmX49ltI/nIw9TxGIVcA50g7eF/3a3zZtkh48JadbHiT2Mfr6SPXl0328gyg7v7tAgMBAAECggEABGlFvCwaFtC/NgI0NjYWyOOToMth88U6AphdYVUreI73tYyRCz81EvpEHAygOoMQqEAOzD+CmhZ0V8XKjJdNq51gjD8eqnPYXCefjdFBRTVLtdvgRocHU8SaNm4VL2ex+LWMGDqVdZNWHbgLbkV9nMbR1t69ifqZA7rTAfsiLgPtneu4kGjrO1nr+uFC0srch2o0stmiqxmcGOrkD9x2kXkw33O8wTSyBp3+STlTOehePuUqEho9BXdT7b2nXC8MNdTCekG9f3oUeKsK9pxH7ZlG3yUOBoM0mEm/N7BrPfJnQbogomUapWOpssWKSz0LCpKuy4El3mFpua0jmd3nAQKBgQDWvVHj44gSecjsrWH/QpMIn8W/ISXfJRxJKrdVBRC5Ey0h3wdLnF6Olz4kuD7KurPOWNR+IKaLzOWxZdX79aQn+oY8lB+UCM+0w1TWJeSWBUYATPtUU4xpKdD6YZ8ksOdgZ4hbn9VD49uu/SJUPVNGV+eHibnvdR+/sFJuHTAb4QKBgQDSaBd1V7z5R6NK8373QNMDHZnSa2qH8uAGvoSuajYGgcpAzDY3aueQFpQS66scrZK6zLQyOQgtyrIg/hKbeP+vV5LGBirzOtAH7Kko5BYeY/SCXOkHBsHhuPGyghqWl6KR2Vj8cjJZFCAiUvoqf3Ws0vW58kp/KgDCnlKGmgQkjQKBgDPYi7/4vG6xhqhWCDYIDdXkNWs7BpjErfqgXJkjWvFERv5Jicpgm5fTvkZBUa/CugzU96DoIy3Xr5FQJATsPtEENIrFvIYSRou/KWl2xqTN6yPBcmDetyTg2rrI/RJvv71P4eU1RtlYVz79kN9D2yo9qQHZZ9H/tkWivZQmaeohAoGAIafa0L9HEAzAdvW6AmzRE/eBKmJaOQLFiO6ipI+CssnCA1lm9rhX7/lcmCYwSbcN+GlUDZCH2WNJ2PMrIMlbBL4aUSidaCipLAtUB6FsVFIiw1N/Rsty6ds+dhJPlHUO4QuGK2NM4GjStwrUz0VyGkHoYmT6O5sJYhgXFUa/kOUCgYEAv1VGeX6EPsFgp+FKM1Q/8MYi7PPpSUI2fqMhnwe36u7UdNYa3Ismmo/ipfCw7DdX5qRcUh44PodTp4Zwp67Bd2KRzEAZmMvIurzclQB7VWUT7pB7yfbO9bjBUVbPTagjiqb30zq9A4kt+B/0MSPxa/Kh8EkgI02Jqh2Q97Ij4sc=";
char* orig_peer_id = "QmYm3WdMQqqQuEyCWmRVNEjtXjhGhyRRNshdvqV7YLGvpA";
size_t orig_peer_id_size = strlen(orig_peer_id);
struct RsaPrivateKey* rsa_private_key = NULL;
unsigned char hashed[32];
unsigned char hashed[32] = {0};
size_t final_id_size = 1600;
unsigned char final_id[final_id_size];