diff options
| -rw-r--r-- | ct_servmgmt.c | 8 | ||||
| -rw-r--r-- | ct_usermgmt.c | 8 | ||||
| -rw-r--r-- | curve.c | 52 | ||||
| -rw-r--r-- | curve.h | 4 | ||||
| -rw-r--r-- | xmalloc.h | 6 |
5 files changed, 29 insertions, 49 deletions
diff --git a/ct_servmgmt.c b/ct_servmgmt.c index 38eb9c5..f069ab9 100644 --- a/ct_servmgmt.c +++ b/ct_servmgmt.c @@ -60,7 +60,6 @@ enum parse_states { static int parse_line(char *line, char *homedir) { - int ret; char *str; enum parse_states s = PARSE_ALIAS; struct server_store *elem; @@ -101,12 +100,7 @@ static int parse_line(char *line, char *homedir) return -EINVAL; memcpy(elem->publickey, pkey, sizeof(elem->publickey)); memcpy(elem->auth_token, pkey, sizeof(elem->auth_token)); - ret = curve25519_proto_init(&elem->proto_inf, - elem->publickey, - sizeof(elem->publickey), - homedir, 1); - if (ret) - return -EIO; + curve25519_proto_init(&elem->proto_inf, elem->publickey, sizeof(elem->publickey)); s = PARSE_DONE; break; case PARSE_DONE: diff --git a/ct_usermgmt.c b/ct_usermgmt.c index 201c0c7..c303cd5 100644 --- a/ct_usermgmt.c +++ b/ct_usermgmt.c @@ -194,7 +194,6 @@ enum parse_states { static int parse_line(char *line, char *homedir) { - int ret; char *str; enum parse_states s = PARSE_USERNAME; struct user_store *elem; @@ -219,12 +218,7 @@ static int parse_line(char *line, char *homedir) if (__check_duplicate_pubkey(pkey, sizeof(pkey))) return -EINVAL; memcpy(elem->publickey, pkey, sizeof(elem->publickey)); - ret = curve25519_proto_init(&elem->proto_inf, - elem->publickey, - sizeof(elem->publickey), - homedir, 1); - if (ret) - return -EIO; + curve25519_proto_init(&elem->proto_inf, elem->publickey, sizeof(elem->publickey)); s = PARSE_DONE; break; case PARSE_DONE: @@ -12,6 +12,7 @@ #include <syslog.h> #include <limits.h> #include <string.h> +#include <pwd.h> #include <sys/types.h> #include <sys/time.h> #include <sys/stat.h> @@ -60,59 +61,44 @@ void curve25519_free(void *curvep) { struct curve25519_struct *curve = curvep; - memset(curve->enc, 0, curve->enc_size); - memset(curve->dec, 0, curve->dec_size); - - xfree(curve->enc); - xfree(curve->dec); + xzfree(curve->enc, curve->enc_size); + xzfree(curve->dec, curve->dec_size); spinlock_destroy(&curve->enc_lock); spinlock_destroy(&curve->dec_lock); } -int curve25519_proto_init(struct curve25519_proto *proto, unsigned char *pubkey_remote, - size_t len, char *home, int server) +void curve25519_proto_init(struct curve25519_proto *proto, + unsigned char *pubkey_remote, size_t len) { - int fd; - ssize_t ret; - char path[PATH_MAX]; - unsigned char secretkey_own[crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES]; - unsigned char publickey_own[crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES]; + int result; + char file[128]; + struct passwd *pw = getpwuid(getuid()); + unsigned char secretkey_own[crypto_box_sec_key_size]; + unsigned char publickey_own[crypto_box_pub_key_size]; fmemset(secretkey_own, 0, sizeof(secretkey_own)); fmemset(publickey_own, 0, sizeof(publickey_own)); - if (!pubkey_remote || len != sizeof(publickey_own)) - return -EINVAL; - - slprintf(path, sizeof(path), "%s/%s", home, FILE_PRIVKEY); - fd = open_or_die(path, O_RDONLY); + if (unlikely(!pubkey_remote || len != sizeof(publickey_own))) + panic("Invalid argument on curve25519_proto_init!\n"); - ret = read(fd, secretkey_own, sizeof(secretkey_own)); - if (ret != sizeof(secretkey_own)) { - xmemset(secretkey_own, 0, sizeof(secretkey_own)); - panic("Cannot read private key!\n"); - } - - close(fd); + slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PRIVKEY); + read_blob_or_die(file, secretkey_own, sizeof(secretkey_own)); crypto_scalarmult_curve25519_base(publickey_own, secretkey_own); + result = crypto_verify_32(publickey_own, pubkey_remote); - if (!crypto_verify_32(publickey_own, pubkey_remote)) { - xmemset(secretkey_own, 0, sizeof(secretkey_own)); - xmemset(publickey_own, 0, sizeof(publickey_own)); - panic("PANIC: remote end has same public key as you have!!!\n"); - } + if (result == 0) + panic("Remote end has same public key as you have!\n"); crypto_box_beforenm(proto->key, pubkey_remote, secretkey_own); - xmemset(proto->enonce, 0, sizeof(proto->enonce)); - xmemset(proto->dnonce, 0, sizeof(proto->dnonce)); + fmemset(proto->enonce, 0, sizeof(proto->enonce)); + fmemset(proto->dnonce, 0, sizeof(proto->dnonce)); xmemset(secretkey_own, 0, sizeof(secretkey_own)); xmemset(publickey_own, 0, sizeof(publickey_own)); - - return 0; } ssize_t curve25519_encode(struct curve25519_struct *curve, struct curve25519_proto *proto, @@ -23,9 +23,9 @@ struct curve25519_struct { extern void curve25519_selftest(void); extern void curve25519_alloc_or_maybe_die(struct curve25519_struct *curve); extern void curve25519_free(void *curve); +extern void curve25519_proto_init(struct curve25519_proto *proto, unsigned char *pubkey_remote, size_t len); extern int curve25519_pubkey_hexparse_32(unsigned char *bin, size_t blen, const char *ascii, size_t alen); -extern int curve25519_proto_init(struct curve25519_proto *proto, unsigned char *pubkey_remote, size_t len, - char *home, int server); + extern ssize_t curve25519_encode(struct curve25519_struct *curve, struct curve25519_proto *proto, unsigned char *plaintext, size_t size, unsigned char **chipertext); extern ssize_t curve25519_decode(struct curve25519_struct *curve, struct curve25519_proto *proto, @@ -24,6 +24,12 @@ static inline void __xfree(void *ptr) free(ptr); } +#define xzfree(ptr, size) \ +do { \ + xmemset(ptr, 0, size); \ + xfree(ptr); \ +} while (0) + #define xfree(ptr) \ do { \ __xfree(ptr); \ |