More changes to encryption negotiation
This commit is contained in:
John Jones
parent
e55f81490d
commit
910c07e951
6 changed files with 51 additions and 43 deletions
22
crypto/rsa.c
22
crypto/rsa.c
|
|
@ -258,13 +258,13 @@ int libp2p_crypto_rsa_rsa_private_key_free(struct RsaPrivateKey* private_key) {
|
|||
* @param result the resultant signature. Note: should be pre-allocated and be the size of the private key (i.e. 2048 bit key can store a sig in 256 bytes)
|
||||
* @returns true(1) on success, otherwise false(0)
|
||||
*/
|
||||
int libp2p_crypto_rsa_sign(struct RsaPrivateKey* private_key, const char* message, size_t message_length, unsigned char* result) {
|
||||
unsigned char hash[32];
|
||||
int libp2p_crypto_rsa_sign(struct RsaPrivateKey* private_key, const char* message, size_t message_length, unsigned char** result, size_t* result_size) {
|
||||
unsigned char hash[32] = {0};
|
||||
int retVal = 0;
|
||||
char* pers = "libp2p crypto rsa sign";
|
||||
mbedtls_pk_context private_context;
|
||||
mbedtls_entropy_context entropy;
|
||||
mbedtls_ctr_drbg_context ctr_drbg;
|
||||
mbedtls_pk_context private_context = {0};
|
||||
mbedtls_entropy_context entropy = {0};
|
||||
mbedtls_ctr_drbg_context ctr_drbg = {0};
|
||||
unsigned char* der = NULL;
|
||||
int der_allocated = 0;
|
||||
|
||||
|
|
@ -298,18 +298,18 @@ int libp2p_crypto_rsa_sign(struct RsaPrivateKey* private_key, const char* messag
|
|||
goto exit;
|
||||
|
||||
|
||||
*result_size = ctx->len;
|
||||
*result = (unsigned char*)malloc(*result_size);
|
||||
// sign
|
||||
/*
|
||||
int retVal = mbedtls_rsa_rsassa_pkcs1_v15_sign(ctx,
|
||||
retVal = mbedtls_rsa_rsassa_pkcs1_v15_sign(ctx,
|
||||
mbedtls_ctr_drbg_random,
|
||||
&ctr_drbg,
|
||||
MBEDTLS_RSA_PRIVATE,
|
||||
MBEDTLS_MD_SHA256,
|
||||
32,
|
||||
output,
|
||||
result );
|
||||
*/
|
||||
retVal = mbedtls_rsa_private(ctx, mbedtls_ctr_drbg_random, &ctr_drbg, hash, result);
|
||||
hash,
|
||||
*result );
|
||||
//retVal = mbedtls_rsa_private(ctx, mbedtls_ctr_drbg_random, &ctr_drbg, hash, result);
|
||||
if (retVal != 0) {
|
||||
retVal = 0;
|
||||
goto exit;
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ struct RsaPrivateKey* libp2p_crypto_rsa_rsa_private_key_new();
|
|||
* @param result the resultant signature. Note: should be pre-allocated and be the size of the private key (i.e. 2048)
|
||||
* @returns true(1) on successs, otherwise false(0)
|
||||
*/
|
||||
int libp2p_crypto_rsa_sign(struct RsaPrivateKey* private_key, const char* message, size_t message_length, unsigned char* result);
|
||||
int libp2p_crypto_rsa_sign(struct RsaPrivateKey* private_key, const char* message, size_t message_length, unsigned char** result, size_t* result_size);
|
||||
|
||||
int libp2p_crypto_rsa_verify(struct RsaPublicKey* public_key, const unsigned char* message, size_t message_length, const unsigned char* signature);
|
||||
|
||||
|
|
|
|||
|
|
@ -48,12 +48,15 @@ int libp2p_record_make_put_record (char** record, size_t *rec_size, struct RsaPr
|
|||
free (pkh);
|
||||
len += l;
|
||||
if (sign) {
|
||||
char sign_buf[2048];
|
||||
if (!libp2p_crypto_rsa_sign (sk, (unsigned char*) p, len, (unsigned char*) sign_buf) ||
|
||||
char *sign_buf;
|
||||
size_t sign_length;
|
||||
if (!libp2p_crypto_rsa_sign (sk, (unsigned char*) p, len, (unsigned char**)sign_buf, &sign_length) ||
|
||||
!protobuf_encode_string (4, WIRETYPE_LENGTH_DELIMITED, sign_buf, p+len, RECORD_BUFSIZE-len, &l)) {
|
||||
free(sign_buf);
|
||||
free (p);
|
||||
return -1;
|
||||
}
|
||||
free(sign_buf);
|
||||
len += l;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -188,7 +188,7 @@ int libp2p_secio_select_best(int order, const char* local_list, int local_list_s
|
|||
*/
|
||||
int libp2p_secio_verify_signature(struct PublicKey* public_key, const unsigned char* in, size_t in_length, unsigned char* signature) {
|
||||
if (public_key->type == KEYTYPE_RSA) {
|
||||
struct RsaPublicKey rsa_key;
|
||||
struct RsaPublicKey rsa_key = {0};
|
||||
rsa_key.der = (char*)public_key->data;
|
||||
rsa_key.der_length = public_key->data_size;
|
||||
return libp2p_crypto_rsa_verify(&rsa_key, in, in_length, signature);
|
||||
|
|
@ -199,13 +199,10 @@ int libp2p_secio_verify_signature(struct PublicKey* public_key, const unsigned c
|
|||
|
||||
int libp2p_secio_sign(struct PrivateKey* private_key, const char* in, size_t in_length, unsigned char** signature, size_t* signature_size) {
|
||||
if (private_key->type == KEYTYPE_RSA) {
|
||||
struct RsaPrivateKey rsa_key;
|
||||
struct RsaPrivateKey rsa_key = {0};
|
||||
rsa_key.der = (char*)private_key->data;
|
||||
rsa_key.der_length = private_key->data_size;
|
||||
// SHA2-256 signatures are 32 bytes
|
||||
*signature_size = 32;
|
||||
*signature = (unsigned char*)malloc(*signature_size);
|
||||
return libp2p_crypto_rsa_sign(&rsa_key, in, in_length, *signature);
|
||||
return libp2p_crypto_rsa_sign(&rsa_key, in, in_length, signature, signature_size);
|
||||
}
|
||||
// TODO: Implement this method for non-RSA
|
||||
return 0;
|
||||
|
|
@ -432,10 +429,6 @@ int libp2p_secio_read(struct SecureSession* session, unsigned char** results, si
|
|||
return 0;
|
||||
}
|
||||
}
|
||||
if (read == 0) {
|
||||
fprintf(stderr, "Reading numbers: [%02x]", size[read]);
|
||||
}
|
||||
fprintf(stderr, " [%02x]", size[read]);
|
||||
if (read == 0 && size[0] == 10) {
|
||||
// a spurious \n
|
||||
// write over this value by not adding it
|
||||
|
|
@ -444,13 +437,11 @@ int libp2p_secio_read(struct SecureSession* session, unsigned char** results, si
|
|||
read += read_this_time;
|
||||
}
|
||||
} while (left > 0);
|
||||
// now read the number of bytes we've found, minus the 4 that we just read
|
||||
fprintf(stderr, " Before ntohl: %u", buffer_size);
|
||||
buffer_size = ntohl(buffer_size);
|
||||
fprintf(stderr, " After: %u\n", buffer_size);
|
||||
if (buffer_size == 0)
|
||||
return 0;
|
||||
|
||||
// now read the number of bytes we've found, minus the 4 that we just read
|
||||
left = buffer_size;
|
||||
read = 0;
|
||||
read_this_time = 0;
|
||||
|
|
@ -492,18 +483,18 @@ int libp2p_secio_handshake(struct SecureSession* local_session, struct RsaPrivat
|
|||
struct Propose* propose_out = NULL;
|
||||
struct Propose* propose_in = NULL;
|
||||
struct PublicKey* public_key = NULL;
|
||||
unsigned char order_hash_in[32];
|
||||
unsigned char order_hash_out[32];
|
||||
int order;
|
||||
unsigned char order_hash_in[32] = {0};
|
||||
unsigned char order_hash_out[32] = {0};
|
||||
int order = 0;;
|
||||
struct Exchange* exchange_in = NULL;
|
||||
struct Exchange* exchange_out = NULL;
|
||||
unsigned char* exchange_out_protobuf;
|
||||
size_t exchange_out_protobuf_size;
|
||||
unsigned char* exchange_out_protobuf = NULL;
|
||||
size_t exchange_out_protobuf_size = 0;
|
||||
struct Libp2pVector* char_buffer = NULL;
|
||||
struct StretchedKey* k1 = NULL, *k2 = NULL;
|
||||
struct PrivateKey priv;
|
||||
struct PublicKey pub_key;
|
||||
struct SecureSession remote_session;
|
||||
struct PrivateKey priv = {0};
|
||||
struct PublicKey pub_key = {0};
|
||||
struct SecureSession remote_session = {0};
|
||||
char* remote_peer_id = NULL;
|
||||
struct EphemeralPrivateKey* e_private_key = NULL;
|
||||
|
||||
|
|
@ -529,6 +520,7 @@ int libp2p_secio_handshake(struct SecureSession* local_session, struct RsaPrivat
|
|||
goto exit;
|
||||
}
|
||||
|
||||
// Build the proposal to be sent to the new connection:
|
||||
propose_out = libp2p_secio_propose_new();
|
||||
libp2p_secio_propose_set_property((void**)&propose_out->rand, &propose_out->rand_size, local_session->nonce, 16);
|
||||
|
||||
|
|
@ -572,7 +564,7 @@ int libp2p_secio_handshake(struct SecureSession* local_session, struct RsaPrivat
|
|||
if (bytes_written < propose_out_size)
|
||||
goto exit;
|
||||
|
||||
// try to get the propose object from the server
|
||||
// now receive the proposal from the new connection
|
||||
bytes_written = libp2p_secio_read(local_session, &propose_in_bytes, &propose_in_size);
|
||||
if (bytes_written <= 0)
|
||||
goto exit;
|
||||
|
|
@ -643,10 +635,14 @@ int libp2p_secio_handshake(struct SecureSession* local_session, struct RsaPrivat
|
|||
if (exchange_out_protobuf == NULL)
|
||||
goto exit;
|
||||
libp2p_secio_exchange_protobuf_encode(exchange_out, exchange_out_protobuf, exchange_out_protobuf_size, &bytes_written);
|
||||
exchange_out_protobuf_size = bytes_written;
|
||||
libp2p_secio_exchange_free(exchange_out);
|
||||
exchange_out = NULL;
|
||||
bytes_written = libp2p_secio_write(local_session, exchange_out_protobuf, exchange_out_protobuf_size);
|
||||
if (exchange_out_protobuf_size != bytes_written)
|
||||
goto exit;
|
||||
free(exchange_out_protobuf);
|
||||
exchange_out_protobuf = NULL;
|
||||
|
||||
// receive Exchange packet
|
||||
bytes_written = libp2p_secio_read(local_session, &results, &results_size);
|
||||
|
|
@ -715,6 +711,8 @@ int libp2p_secio_handshake(struct SecureSession* local_session, struct RsaPrivat
|
|||
libp2p_secio_exchange_free(exchange_out);
|
||||
if (e_private_key != NULL)
|
||||
libp2p_crypto_ephemeral_key_free(e_private_key);
|
||||
if (exchange_out_protobuf != NULL)
|
||||
free(exchange_out_protobuf);
|
||||
|
||||
libp2p_secio_propose_free(propose_out);
|
||||
libp2p_secio_propose_free(propose_in);
|
||||
|
|
|
|||
|
|
@ -192,15 +192,22 @@ int test_crypto_rsa_signing() {
|
|||
val++;
|
||||
}
|
||||
|
||||
char result[256];
|
||||
unsigned char *result = NULL;
|
||||
size_t result_size;
|
||||
|
||||
// sign the buffer
|
||||
if (libp2p_crypto_rsa_sign(&private_key, bytes, num_bytes, &result[0]) == 0)
|
||||
if (libp2p_crypto_rsa_sign(&private_key, bytes, num_bytes, &result, &result_size) == 0) {
|
||||
if (result != NULL)
|
||||
free(result);
|
||||
return 0;
|
||||
}
|
||||
|
||||
// verify the signature
|
||||
if (libp2p_crypto_rsa_verify(&public_key, bytes, num_bytes, &result[0]) == 0)
|
||||
if (libp2p_crypto_rsa_verify(&public_key, bytes, num_bytes, result) == 0) {
|
||||
free(result);
|
||||
return 0;
|
||||
}
|
||||
free(result);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,14 +7,14 @@
|
|||
int test_secio_handshake() {
|
||||
int retVal = 0;
|
||||
size_t decode_base64_size = 0;
|
||||
unsigned char* decode_base64;
|
||||
unsigned char* decode_base64 = NULL;
|
||||
// this is a base64 encoded private key. It makes it easier to test if it is in base64 form
|
||||
// these were pulled from the GO version of ipfs
|
||||
char* orig_priv_key = "CAASqgkwggSmAgEAAoIBAQD0a4RI+bF/ov7IVOGSJ8dQfnK1DwM0gwVuJAd+3LXxIZEPZzsKIKia0TojDbTdLvOJ23wsaojTF/4bSzBK5otdAz8YSgez4vTRUV5pUqvCkK0dSJJ1DHTdrFUwvzlXuKbwNbvWyzjmKfeaE9a9YLzhrUIUTRvKyqhZXr++vMy3hw4fdtGUTJWeiqmoIuJWIZ1748Ff6LjcP7TdG7OvY4q+U9ilEJYdF4aM+TJY193zKp0GNWohunuVrtOUnL9VQaSSDbvGdFS1Mg9iCN6kRBQTHVQvFzvuEw/Y2LvoPH3yFG1zj6bDLWfOBhegy/6Zi6fi4E1UfgJNFN1sjWF+gZoHAgMBAAECggEBALTqBD9zuoMsJYQo99IT6X7WKZeE5i1vMYzF1Fp9iZpS6ylIkrW7WLFHXs3lblMtVoxazn2d2WrOXoLbU4KNROhy57fVy//FZMqufMBetc3NAqYjOmyy7KnLzj7Hu+0HO2GflEq3n4UV2TTNrGv+d7BfawLV1FV1TcjgzfKjkq/gMDCTPMgfT7lcF4TGSqv6Pgudp8RRn/R7EKOx+I8/XkJsZWP3XJ0zj4ciqDmKrX2j7wZMT8CH/8wfyg4NGk1+TN4xBB2CXgulIWJg5yhzu+JgbGnHEL/Ga+i40XJe+RnlKDpjQ+ZFyrOkmHpIldasjWNGFeKwLjzrDQfyDRwex5ECgYEA+fFGJ+zbi2YJwHDO/44PmvcoCWpho0ah7y+O5/LEVROTYEoNRqodLet+z+LMKDq/o2qTNaYJLiDGMBZzhqyJIFR5ZJ5MhgLloY1gL8s0a7KMWDbh7giiWSu5zqhB3Du8Tom+8bYZUxOL4zhzCGrFitRqiEIIjy1/c5qyRQZaZx8CgYEA+lf6tdO6kKiAOxm7sdZ3rEl4UGFY+tEqgivKwurLRIor0XDfhCKr1hCfsZggpR8SMLfjCuNEgKbceofcKMa8OtyDbMPRz0mYNkCELTUYA+r8Ib/LvleQApMcLn+TDNwEnGlglSrrF33RVAUK+i/WfSXUvZRVpLQpRmdAqHjJeBkCgYEA0+Zz/iFXOGW32slJFWxRWqYz8VeZk52saGY/l/I/9Yj1J2tgugo7VtUS3BiB0ZGNK3SNfaxYmBz9KYO/Sew5DYnQqTdz1SHboQ2FAMAcnznutlNBVFdJnKPvkX8g5yBV05gApFgoPECUFn2jOP2coMjZ0M97Bjgil9YNUWvDdS0CgYEA4beFs3+tzVRAGgl/tD7dNBgiRMchBTSmkSuO6+PrVmcGTxboUSk5qg7fDa9Ob9LuAcMrENwNHbpVPJ1WoeVePewpC14bxDxk4zWUd3ZRquaqYnud5obor4mYdUxNd+DAv447qQNDaLDmlkzdsuqDB9+eSzh9Z72RIYtjPwN5E7ECgYEAsbqkMZXfK1tTRfduX+7KOlPMfcSr29X6nuDglcna4dHec6FAOzp3xL2722nnFt6gygc7pErrm0m0Wd/6BMTb4T3+GYwkDiMjM2CsTZYjpzrUri/VfRR509rScxHVR0/1PTFWN0K0+VZbEAyXDbbs4opq40tW0dWtcKxaNlimMw8=";
|
||||
char* orig_peer_id = "QmbTyKkUuv6yaSpTuCFq1Ft6Q3g4wTtFJk1BLGMPRdAEP8";
|
||||
char* orig_priv_key = "CAASpwkwggSjAgEAAoIBAQCwfp3DpbTP/nD1R+1PcP7nDOV9MEDiLUoNf9cBVhWGefJT0ES81do1COwLXiD/k7gAHJu197F7AfFYKt+NQu6jpCDC/uRtK0M0MpeDGI0LV1oz0rKLTN79zQwKDHFimWCmNyOZRLfR3PF5TgLc0qiFOZw9WwYNJkohu6k6yVMDJiy3l/+K5Vdw9VVyz7mRulXdDvEMxccraKaTvjLAUNFjiqm5Zs3hrcZszuuP2RhcpZU40kuWDtyN9TAEge0NfhS5Fj7GtgQsHWJ4RxTdebHkQmX49ltI/nIw9TxGIVcA50g7eF/3a3zZtkh48JadbHiT2Mfr6SPXl0328gyg7v7tAgMBAAECggEABGlFvCwaFtC/NgI0NjYWyOOToMth88U6AphdYVUreI73tYyRCz81EvpEHAygOoMQqEAOzD+CmhZ0V8XKjJdNq51gjD8eqnPYXCefjdFBRTVLtdvgRocHU8SaNm4VL2ex+LWMGDqVdZNWHbgLbkV9nMbR1t69ifqZA7rTAfsiLgPtneu4kGjrO1nr+uFC0srch2o0stmiqxmcGOrkD9x2kXkw33O8wTSyBp3+STlTOehePuUqEho9BXdT7b2nXC8MNdTCekG9f3oUeKsK9pxH7ZlG3yUOBoM0mEm/N7BrPfJnQbogomUapWOpssWKSz0LCpKuy4El3mFpua0jmd3nAQKBgQDWvVHj44gSecjsrWH/QpMIn8W/ISXfJRxJKrdVBRC5Ey0h3wdLnF6Olz4kuD7KurPOWNR+IKaLzOWxZdX79aQn+oY8lB+UCM+0w1TWJeSWBUYATPtUU4xpKdD6YZ8ksOdgZ4hbn9VD49uu/SJUPVNGV+eHibnvdR+/sFJuHTAb4QKBgQDSaBd1V7z5R6NK8373QNMDHZnSa2qH8uAGvoSuajYGgcpAzDY3aueQFpQS66scrZK6zLQyOQgtyrIg/hKbeP+vV5LGBirzOtAH7Kko5BYeY/SCXOkHBsHhuPGyghqWl6KR2Vj8cjJZFCAiUvoqf3Ws0vW58kp/KgDCnlKGmgQkjQKBgDPYi7/4vG6xhqhWCDYIDdXkNWs7BpjErfqgXJkjWvFERv5Jicpgm5fTvkZBUa/CugzU96DoIy3Xr5FQJATsPtEENIrFvIYSRou/KWl2xqTN6yPBcmDetyTg2rrI/RJvv71P4eU1RtlYVz79kN9D2yo9qQHZZ9H/tkWivZQmaeohAoGAIafa0L9HEAzAdvW6AmzRE/eBKmJaOQLFiO6ipI+CssnCA1lm9rhX7/lcmCYwSbcN+GlUDZCH2WNJ2PMrIMlbBL4aUSidaCipLAtUB6FsVFIiw1N/Rsty6ds+dhJPlHUO4QuGK2NM4GjStwrUz0VyGkHoYmT6O5sJYhgXFUa/kOUCgYEAv1VGeX6EPsFgp+FKM1Q/8MYi7PPpSUI2fqMhnwe36u7UdNYa3Ismmo/ipfCw7DdX5qRcUh44PodTp4Zwp67Bd2KRzEAZmMvIurzclQB7VWUT7pB7yfbO9bjBUVbPTagjiqb30zq9A4kt+B/0MSPxa/Kh8EkgI02Jqh2Q97Ij4sc=";
|
||||
char* orig_peer_id = "QmYm3WdMQqqQuEyCWmRVNEjtXjhGhyRRNshdvqV7YLGvpA";
|
||||
size_t orig_peer_id_size = strlen(orig_peer_id);
|
||||
struct RsaPrivateKey* rsa_private_key = NULL;
|
||||
unsigned char hashed[32];
|
||||
unsigned char hashed[32] = {0};
|
||||
size_t final_id_size = 1600;
|
||||
unsigned char final_id[final_id_size];
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue