src/vsl_util.c

Go to the documentation of this file.

/*
 * Copyright 2006, Internet2
 * Legal conditions are in file LICENSE
 * (MD5 = c434f2e53b8089d8b4d0172c7ce07360).
 */

/**
 * @file   vsl_util.c
 * @author Nikolaus Rath
 * @brief  Utility functions for the security layer
 *
 **/

#include "vsl_api.h"
#include "vsl_util.h"
#include "vsl.h"
#include "../poly1305aes/aes.h"
#include "../poly1305aes/poly1305aes.h"
#include <openssl/md5.h>
#include <openssl/sha.h>
#include <sys/param.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

/**
 * Generate a random shared secret of length #VSL_KEYLEN
 *
 * @param[out] key generated key
 * @return
 *   - 0 on success
 **/
int gen_key (unsigned char* key) {
    int fd;
    if ( (fd = open(RANDDEV, 0)) < 0)
        LOGFAIL(VSL_ERRNO, "cannot open %s for reading: %s!\n",
                RANDDEV, strerror(errno));
    int ret;
    if ( (ret=read(fd, (void*)key, VSL_KEYLEN)) != VSL_KEYLEN) {
        close(fd);
        if (ret < 0)
            LOGFAIL(VSL_ERRNO, "cannot read from %s: %s!\n",
                    RANDDEV, strerror(errno));
        else
            LOGFATAL("cannot read enough random bytes!");
    }

    if ( close(fd) != 0)
        LOGFAIL(VSL_ERRNO, "cannot close %s: %s!\n",
                RANDDEV, strerror(errno));
    return(0);
}


/**
 * Initialize session keys (client mode) from a shared
 * secret.
 *
 * @param[in] sock VSL socket
 * @param[in] key shared secret to generate keys from
 *
 **/
void init_keys_c(vsl_sock* sock, const unsigned char* key) {
    LOG("Initializing client keys...");
    md5(key, VSL_ENC_KEYLEN, (unsigned char*) "SRVENC", 7, sock->enc_recv_key);
    md5(key, VSL_ENC_KEYLEN, (unsigned char*) "CLTENC", 7, sock->enc_send_key);
    sha256(key, VSL_AUTH_KEYLEN, (unsigned char*) "SRVAUT", 7, sock->auth_recv_key);
    sha256(key, VSL_AUTH_KEYLEN, (unsigned char*) "CLTAUT", 7, sock->auth_send_key);
    poly1305aes_clamp(sock->auth_send_key);
    poly1305aes_clamp(sock->auth_recv_key);
    LOG("enc send key is " KEY_STR ".", KEY_VEC(sock->enc_send_key));
    LOG("enc recv key is " KEY_STR ".", KEY_VEC(sock->enc_recv_key));
    LOG("auth send key is " KEY_STR ".", KEY_VEC(sock->auth_send_key));
    LOG("auth recv key is " KEY_STR ".", KEY_VEC(sock->auth_recv_key));
}



/**
 * Initialize session keys (server mode) from a shared
 * secret.
 *
 * @param[in] sock VSL socket
 * @param[in] key shared secret to generate keys from
 *
 **/
void init_keys_s(vsl_sock* sock, const unsigned char* key) {
    LOG("Initializing server keys...");
    md5(key, VSL_ENC_KEYLEN, (unsigned char*) "SRVENC", 7, sock->enc_send_key);
    md5(key, VSL_ENC_KEYLEN, (unsigned char*) "CLTENC", 7, sock->enc_recv_key);
    sha256(key, VSL_AUTH_KEYLEN, (unsigned char*) "SRVAUT", 7, sock->auth_send_key);
    sha256(key, VSL_AUTH_KEYLEN, (unsigned char*) "CLTAUT", 7, sock->auth_recv_key);
    poly1305aes_clamp(sock->auth_send_key);
    poly1305aes_clamp(sock->auth_recv_key);
    LOG("enc send key is " KEY_STR ".", KEY_VEC(sock->enc_send_key));
    LOG("enc recv key is " KEY_STR ".", KEY_VEC(sock->enc_recv_key));
    LOG("auth send key is " KEY_STR ".", KEY_VEC(sock->auth_send_key));
    LOG("auth recv key is " KEY_STR ".", KEY_VEC(sock->auth_recv_key));
}



/**
 * Generate a 16 byte MD5 hash of two char arrays
 *
 * @param[in] s1 first char array
 * @param[in] l1 length of first array
 * @param[in] s2 second char array
 * @param[in] l2 length of second array
 * @param[out] hash resulting hash (length 16 bytes)
 **/
void md5(const unsigned char* s1, int l1,
         const unsigned char* s2, int l2, unsigned char *hash) {
    unsigned char s[l1+l2];
    memcpy((void*)s, (void*) s1, l1);
    memcpy((void*)s + l1, (void*) s2, l2);
    MD5(s, l1+l2, hash);
}

/**
 * Generate a 32 byte SHA256 hash of two char arrays
 *
 * @param[in] s1 first char array
 * @param[in] l1 length of first array
 * @param[in] s2 second char array
 * @param[in] l2 length of second array
 * @param[out] hash resulting hash (length 32 bytes)
 **/
void sha256(const unsigned char* s1, int l1,
            const unsigned char* s2, int l2, unsigned char *hash) {
    unsigned char s[l1+l2];
    memcpy((void*)s, (void*) s1, l1);
    memcpy((void*)s + l1, (void*) s2, l2);
    SHA256(s, l1+l2, hash);
}


/**
 * Check whether the underlying vfer fd is blocking
 *
 * @param[in] socket VSL socket
 *
 **/
bool is_blocking (vsl_sock* socket) {
    int nonblocking = 0;
    int len = sizeof(int);
    int ret;
    if ( (ret=vfer_getsockopt(socket->vfd, VFERSO_NONBLOCK,
                              &nonblocking, &len)) != 0)
        LOGFATAL("can't get socket state: %s", vfer_errortext(ret));
    return(nonblocking == 0);
}

/**
 * Sets the underlying vfer fd to blocking or nonblocking
 *
 * @param[in] socket VSL socket
 * \param[in] mode whether to block or not
 *
 **/
void set_blocking (vsl_sock* socket, bool mode) {
    int val;
    int ret;
    if (mode)
        val = 0;
    else
        val = 1;
    if ( (ret = vfer_setsockopt(socket->vfd, VFERSO_NONBLOCK,
                                (void*) &val, sizeof(val))) != 0)
        LOGFATAL("can't set socket state: %s!", vfer_errortext(ret));
}

/**
 * Allocates a buffer and writes a sequence of variables into it. The
 * variables have to be given as pairs of a void pointer to the
 * variable and an size_t value describing the length of the variable in
 * bytes. The argument list has to be terminated with a \c NULL
 * pointer. The total length of the allocated buffer is written into
 * \a total.
 *
 * Example: \code
 * buf = write_objs(len,
 *                  (void*) &data1, sizeof(data1),
 *                  (void*) &data2, sizeof(data2));
 * \endcode
 * This example allocates a buffer of length <tt>sizeof(data1) +
 * sizeof(data2)</tt>, and writes the objects \c data1 and \c data2
 * into it.
 *
 * @param[out] total total allocated length
 * @param[in] ... list of alternating \c void* and \c size_t arguments,
 *                terminated by \c NULL.
 *
 * @return
 *    - pointer to the allocated buffer
 *    - NULL if allocation failed
 **/
unsigned char* write_objs(size_t* total, ... ) {
    void *obj;
    unsigned char *buf, *start;
    size_t len;

    va_list ap1;
    va_list ap2;

    va_start(ap1, total);
    va_copy(ap2, ap1);

    /* Collect Lengths */
    len = 0;
    while ( va_arg(ap1, void*) != NULL )
        len += va_arg(ap1, size_t);
    va_end(ap1);

    /* Allocate memory */
    if ( (start = malloc(len)) == NULL)
        return NULL;
    buf = start;
    *total = len;

    /* Copy elements */
    while ( (obj = va_arg(ap2, void*)) != NULL ) {
        len = va_arg(ap2, size_t);
        memcpy(buf, obj, len);
        buf += len;
    }

    va_end(ap2);
    return(start);
}


/**
 * Decomposes a buffer into a number of separate variables.
 *
 * The variables have to be given as pairs of a void pointer to the
 * variable and an size_t value describing the length of the variable in
 * bytes. The argument list has to be terminated with a \c NULL
 * pointer. For each pair <tt> void* dat, size_t len</tt>, the next \a
 * len bytes of \a src are copied into \a dat. After the last object
 * was copied, a pointer to the remainder of \a src is returned.
 *
 * Example: \code
 * remainder = read_objs(src,
 *                       (void*) &data1, sizeof(data1),
 *                       (void*) &data2, sizeof(data2));
 * \endcode
 *
 * @param[in] src source buffer
 * @param[in] max length of source buffer
 * @param[out] ... list of alternating \c void* and \c size_t arguments,
 *                terminated by \c NULL.
 *
 * @return
 *    - pointer into to uncopied remainder  of \a src
 *    - \c NULL the length of the varables was bigger than the source
 *      buffer
 **/
unsigned char* read_objs(unsigned char* src, size_t max, ... ) {
    void *buf;
    size_t len;
    va_list ap;

    va_start(ap, max);

    /* Read objects */
    while ( (buf = va_arg(ap, void*)) != NULL ) {
        len = va_arg(ap, size_t);
        max -= len;
        if (max < 0) {
            // clean the argument list before returning
            while ( va_arg(ap, void*) != NULL )
                (void) va_arg(ap, size_t);
            va_end(ap);
            return NULL;
        }
        memcpy(buf, src, len);
        src += len;
    }

    va_end(ap);
    return(src);
}


/**
 * Convert uint64 from host byte order to network byte order.
 *
 * \param[in] val value to convert
 * \return
 *   \a val in network byte order
 **/
#if __BYTE_ORDER == __BIG_ENDIAN || BYTE_ORDER == BIG_ENDIAN
inline uint64_t htonll(uint64_t val) {
    return val;
}
#elif __BYTE_ORDER == __LITTLE_ENDIAN || BYTE_ORDER == LITTLE_ENDIAN
inline uint64_t htonll(uint64_t val) {
     uint32_t high = (uint32_t) (val >> 32);
     uint32_t low = (uint32_t) val;
     return ( (uint64_t) htonl(high) + ((uint64_t) htonl(low) << 32));
}
#else
#error "Can't detect byte order"
#endif


/**
 * Convert uint64 from host network order to host byte order.
 *
 * \param[in] val value to convert
 * \return
 *   \a val in network byte order
 **/
#if __BYTE_ORDER == __BIG_ENDIAN || BYTE_ORDER == BIG_ENDIAN
inline uint64_t ntohll(uint64_t val) {
    return val;
}
#elif __BYTE_ORDER == __LITTLE_ENDIAN || BYTE_ORDER == LITTLE_ENDIAN
inline uint64_t ntohll(uint64_t val) {
     uint32_t high = (uint32_t) (val >> 32);
     uint32_t low = (uint32_t) val;
     return ( (uint64_t) ntohl(high) + ((uint64_t) ntohl(low) << 32));
}
#else
#error "Can't detect byte order"
#endif


/**
 * Encrypts data in AES CTR mode. The counter is modified in place.
 * The first 8 bytes of the counter must contain the nonce and
 * the last 8 bytes should be initialised to zero.
 *
 * Note that the function cannot be called multiple times without
 * reinitalizing the counter before each invocation.
 *
 * @param ctr counter
 * \param[in] key encryption key, length #VSL_ENC_KEYLEN
 * \param buf buffer to encrypt
 * \param[in] len length of buffer
 *
 **/
void aes_ctr (unsigned char* ctr,
              const unsigned char* key,
              unsigned char* buf,
              const size_t len) {
    int blocks = len / 16;
    int bytes = len % 16;

    int i;
    unsigned char c[16];
    for (i=1; i <= blocks; i++) {
        aes(c, key, ctr);
        xor16(buf, c);
        ctr_inc(ctr);
        buf += 16;
    }

    // Last block
    if (bytes != 0) {
        unsigned char b[16];
        aes(c, key, ctr);
        memcpy( (void*)b, (void*)buf, bytes);
        xor16(b, c);
        memcpy( (void*)buf, (void*)b, bytes);
    }
}

/**
 * Increase the counter by one. Uses only the last 8 bytes, aborts in
 * case of an overflow. Works in Little Endian.
 *
 * \param ctr counter to increase
 *
 **/
inline void ctr_inc (unsigned char* ctr) {
    int i;
    for (i=15; i > 7; i--)
        if ( ctr[i] == 255 )
            ctr[i] = 0;
        else {
            ctr[i]++;
            break;
        }
    if ( i == 7 )
        LOGFATAL("counter overflow!");
}

/**
 * XOR 2 16 byte blocks. Argument 1 is modified in place.
 *
 * \param b1 first block
 * \param[in] b2 second block
 *
 * \todo Make this 16 byte xor faster
 */
inline void xor16 (unsigned char* b1, unsigned char* b2) {
    /* Safe, but slow */
    int i;
    for (i=0; i<16; i++)
        b1[i] ^= b2[i];

    /* This can break...
    *((uint64_t*)  &b1)    ^= *((uint64_t*)  &b2);
    *((uint64_t*) (&b1+8)) ^= *((uint64_t*) (&b2+8));
    */
}

/**
 * Transfer's exactly \a len (streaming socket) or between \a min
 * and \a len (datagram socket) bytes using the specified function
 * (either vfer_send() or vfer_recv()).
 *
 * \param[in] sock socket to use
 * \param[in] fn function to use
 * \param buf buffer to transmit
 * \param[in] min minimum amount to process for datagram sockets
 * \param[in] len length of \a buf
 *
 * \return
 *   - nr of bytes processed on success
 *  - #VFER_UNCONN sock is not connected
 *  - #VFER_INVAL invalid buf or len
 *  - #VFER_WOULDBLOCK socket is non-blocking and requested operation
 *    would block
 *
 **/
int transfer ( vsl_sock *sock, transmit_fn fn,
               unsigned char* buf, size_t min, size_t len) {

    // Check for nonblocking IO
    if ( !is_blocking(sock) &&
         vfer_is_stream(sock->vfd) )
        LOGFATAL("nonblocking IO not supported for streamed connections!");

    ssize_t processed = 0;
    size_t remainder = len;
    do {
        LOG("trying to process %zd bytes...", remainder);
        if ( (processed = (*fn)(sock->vfd, buf, remainder)) < 0 ) {
            if ( processed == VFER_WOULDBLOCK ||
                 processed == VFER_INVAL ||
                 processed == VFER_UNCONN)
                LOGFAIL(processed, "transmit function returned %s", vfer_errortext(processed));
            else
                LOGFATAL("processing failed: %s", vfer_errortext(processed));
        }
        else if (processed != remainder) {
            if ( vfer_is_stream(sock->vfd) ) {
                LOG("processed %zd bytes, trying more..", processed);
                buf += processed;
                remainder -= processed;
                continue;
            }
            else if (processed >= min)
                LOGFAIL(len - remainder, "processed %zd bytes, returning.", len - remainder);
            else
                LOGFATAL("fn processed %zd instead of %zd bytes!", processed, len);
        }
        break;
    } while(1);
    LOGFAIL(len, "processed %zd bytes, returning.", len);
}



/*
 * Local Variables:
 * compile-command: "cd ..; make tests file_xfer"
 * compilation-search-path: ("..")
 * End:
 */

---