/* * netsniff-ng - the packet sniffing beast * Copyright 2011 - 2013 Daniel Borkmann. * Subject to the GPL, version 2. */ #include #include #include #include #include #include #include #include #include #include #include #include #include "built_in.h" #include "xmalloc.h" #include "curve.h" #include "ioops.h" #include "rnd.h" #include "die.h" #include "str.h" #include "curvetun.h" #include "locking.h" #include "crypto.h" #include "config.h" static void curve25519_init(struct curve25519_struct *curve) { curve->enc_size = curve->dec_size = TUNBUFF_SIZ; curve->enc = xmalloc_aligned(curve->enc_size, 16); curve->dec = xmalloc_aligned(curve->dec_size, 16); spinlock_init(&curve->enc_lock); spinlock_init(&curve->dec_lock); } static void curve25519_destroy(struct curve25519_struct *curve) { spinlock_destroy(&curve->enc_lock); spinlock_destroy(&curve->dec_lock); xzfree(curve->enc, curve->enc_size); xzfree(curve->dec, curve->dec_size); } struct curve25519_struct *curve25519_tfm_alloc(void) { struct curve25519_struct *tfm; tfm = xzmalloc_aligned(sizeof(*tfm), 16); curve25519_init(tfm); return tfm; } void curve25519_tfm_free(struct curve25519_struct *tfm) { curve25519_destroy(tfm); xzfree(tfm, sizeof(*tfm)); } void curve25519_tfm_free_void(void *tfm) { curve25519_tfm_free(tfm); } void curve25519_proto_init(struct curve25519_proto *proto, unsigned char *pubkey_remote, size_t len) { int result; char file[128]; struct passwd *pw = getpwuid(getuid()); unsigned char secretkey_own[crypto_box_sec_key_size]; unsigned char publickey_own[crypto_box_pub_key_size]; fmemset(secretkey_own, 0, sizeof(secretkey_own)); fmemset(publickey_own, 0, sizeof(publickey_own)); if (unlikely(!pubkey_remote || len != sizeof(publickey_own))) panic("Invalid argument on curve25519_proto_init!\n"); slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PRIVKEY); read_blob_or_die(file, secretkey_own, sizeof(secretkey_own)); crypto_scalarmult_curve25519_base(publickey_own, secretkey_own); result = crypto_verify_32(publickey_own, pubkey_remote); if (result == 0) panic("Remote end has same public key as you have!\n"); crypto_box_beforenm(proto->key, pubkey_remote, secretkey_own); fmemset(proto->enonce, 0, sizeof(proto->enonce)); fmemset(proto->dnonce, 0, sizeof(proto->dnonce)); xmemset(secretkey_own, 0, sizeof(secretkey_own)); xmemset(publickey_own, 0, sizeof(publickey_own)); } ssize_t curve25519_encode(struct curve25519_struct *curve, struct curve25519_proto *proto, unsigned char *plaintext, size_t size, unsigned char **ciphertext) { int ret, i; ssize_t done = size; struct taia packet_taia; spinlock_lock(&curve->enc_lock); if (unlikely(size > curve->enc_size)) { done = -ENOMEM; goto out; } taia_now(&packet_taia); taia_pack(NONCE_EDN_OFFSET(proto->enonce), &packet_taia); fmemset(curve->enc, 0, curve->enc_size); ret = crypto_box_afternm(curve->enc, plaintext, size, proto->enonce, proto->key); if (unlikely(ret)) { done = -EIO; goto out; } fmemcpy(NONCE_PKT_OFFSET(curve->enc), NONCE_EDN_OFFSET(proto->enonce), NONCE_LENGTH); for (i = 0; i < NONCE_RND_LENGTH; ++i) curve->enc[i] = (uint8_t) secrand(); (*ciphertext) = curve->enc; out: spinlock_unlock(&curve->enc_lock); return done; } ssize_t curve25519_decode(struct curve25519_struct *curve, struct curve25519_proto *proto, unsigned char *ciphertext, size_t size, unsigned char **plaintext, struct taia *arrival_taia) { int ret; ssize_t done = size; struct taia packet_taia, tmp_taia; spinlock_lock(&curve->dec_lock); if (unlikely(size > curve->dec_size || size < NONCE_ALL_LENGTH)) { done = size < NONCE_ALL_LENGTH ? 0 : -ENOMEM; goto out; } if (arrival_taia == NULL) { taia_now(&tmp_taia); arrival_taia = &tmp_taia; } taia_unpack(NONCE_PKT_OFFSET(ciphertext), &packet_taia); if (taia_looks_good(arrival_taia, &packet_taia) == 0) { done = 0; goto out; } fmemcpy(NONCE_EDN_OFFSET(proto->dnonce), NONCE_PKT_OFFSET(ciphertext), NONCE_LENGTH); fmemset(curve->dec, 0, curve->dec_size); ret = crypto_box_open_afternm(curve->dec, ciphertext, size, proto->dnonce, proto->key); if (unlikely(ret)) { done = -EIO; goto out; } (*plaintext) = curve->dec; out: spinlock_unlock(&curve->dec_lock); return done; } int curve25519_pubkey_hexparse_32(unsigned char *bin, size_t blen, const char *ascii, size_t alen) { int ret = sscanf(ascii, "%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:" "%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:" "%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:" "%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx", &bin[0], &bin[1], &bin[2], &bin[3], &bin[4], &bin[5], &bin[6], &bin[7], &bin[8], &bin[9], &bin[10], &bin[11], &bin[12], &bin[13], &bin[14], &bin[15], &bin[16], &bin[17], &bin[18], &bin[19], &bin[20], &bin[21], &bin[22], &bin[23], &bin[24], &bin[25], &bin[26], &bin[27], &bin[28], &bin[29], &bin[30], &bin[31]); return ret == 32; } ch) treee0454dae2c92873d193e8f9d8afeb920e3b0576a /Documentation parentd57d39431924d1628ac9b93a2de7f806fc80680a (diff)parentfc723957801465c4a911d0a509709f0f8b91aa8a (diff)
Merge tag 'acpi-4.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI updates from Rafael Wysocki: "The new features here are ACPI 6.1 support (and some previously missing bits of ACPI 6.0 support) in ACPICA and two new drivers, a driver for the ACPI Generic Event Device (GED) feature introduced by ACPI 6.1 and the INT3406 thermal driver for display thermal management. Also the value returned by the _HRV (hardware revision) ACPI object will be exported to user space via sysfs now. In addition to that, ACPI on ARM64 will not depend on EXPERT any more. The rest is mostly fixes and cleanups and some code reorganization. Specifics: - In-kernel ACPICA code update to the upstream release 20160422 adding support for ACPI 6.1 along with some previously missing bits of ACPI 6.0 support, making a fair amount of fixes and cleanups and reducing divergences between the upstream ACPICA and the in-kernel code (Bob Moore, Lv Zheng, Al Stone, Aleksey Makarov, Will Miles) - ACPI Generic Event Device (GED) support and a fix for it (Sinan Kaya, Paul Gortmaker) - INT3406 thermal driver for display thermal management and ACPI backlight support code reorganization related to it (Aaron Lu, Arnd Bergmann) - Support for exporting the value returned by the _HRV (hardware revision) ACPI object via sysfs (Betty Dall) - Removal of the EXPERT dependency for ACPI on ARM64 (Mark Brown) - Rework of the handling of ACPI _OSI mechanism allowing the _OSI("Darwin") support to be overridden from the kernel command line among other things (Lv Zheng, Chen Yu) - Rework of the ACPI tables override mechanism to prepare it for the introduction of overlays support going forward (Lv Zheng, Rafael Wysocki) - Fixes related to the ECDT support and module-level execution of AML (Lv Zheng) - ACPI PCI interrupts management update to make it work better on ARM64 mostly (Sinan Kaya) - ACPI SRAT handling update to make the code process all entires in the table order regardless of the entry type (Lukasz Anaczkowski) - EFI power off support for full-hardware ACPI platforms that don't support ACPI S5 (Chen Yu) - Fixes and cleanups related to the ACPI core's sysfs interface (Dan Carpenter, Betty Dall) - acpi_dev_present() API rework to reduce possible confusion related to it (Lukas Wunner) - Removal of CLK_IS_ROOT from two ACPI drivers (Stephen Boyd)" * tag 'acpi-4.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (82 commits) ACPI / video: mark acpi_video_get_levels() inline Thermal / ACPI / video: add INT3406 thermal driver ACPI / GED: make evged.c explicitly non-modular ACPI / tables: Fix DSDT override mechanism ACPI / sysfs: fix error code in get_status() ACPICA: Update version to 20160422 ACPICA: Move all ASCII utilities to a common file ACPICA: ACPI 2.0, Hardware: Add access_width/bit_offset support for acpi_hw_write() ACPICA: ACPI 2.0, Hardware: Add access_width/bit_offset support in acpi_hw_read() ACPICA: Executer: Introduce a set of macros to handle bit width mask generation ACPICA: Hardware: Add optimized access bit width support ACPICA: Utilities: Add ACPI_IS_ALIGNED() macro ACPICA: Renamed some #defined flag constants for clarity ACPICA: ACPI 6.0, tools/iasl: Add support for new resource descriptors ACPICA: ACPI 6.0: Update _BIX support for new package element ACPICA: ACPI 6.1: Support for new PCCT subtable ACPICA: Refactor evaluate_object to reduce nesting ACPICA: Divergence: remove unwanted spaces for typedef ACPI,PCI,IRQ: remove SCI penalize function ACPI,PCI,IRQ: remove redundant code in acpi_irq_penalty_init() ..
Diffstat (limited to 'Documentation')