From d09e20a8a46a17524df0b737d85e9684006a4c74 Mon Sep 17 00:00:00 2001 From: Uros Majstorovic Date: Thu, 7 Apr 2022 18:07:00 +0200 Subject: cookie gen/verify added --- ecp/src/ecp/common.mk | 3 ++- ecp/src/ecp/core.c | 61 ++++++++++++++++++++++++++++++++++++++++++--- ecp/src/ecp/core.h | 2 ++ ecp/src/ecp/cr.h | 4 +++ ecp/src/ecp/crypto/Makefile | 2 -- ecp/src/ecp/crypto/crypto.c | 23 +++++++++++++++++ ecp/src/ecp/crypto/crypto.h | 9 +++++++ 7 files changed, 98 insertions(+), 6 deletions(-) (limited to 'ecp/src') diff --git a/ecp/src/ecp/common.mk b/ecp/src/ecp/common.mk index fbc935a..a07b5c5 100644 --- a/ecp/src/ecp/common.mk +++ b/ecp/src/ecp/common.mk @@ -2,11 +2,12 @@ platform ?= posix pwd := $(abspath $(dir $(firstword $(MAKEFILE_LIST)))) src_dir := $(abspath $(dir $(lastword $(MAKEFILE_LIST)))/..) +ssl_dir = $(abspath $(src_dir)/../../ext/libressl) platform_dir = $(abspath $(src_dir)/platform/$(platform)) include $(platform_dir)/platform.mk include $(platform_dir)/features.mk -CFLAGS += -I$(src_dir)/ecp -I$(platform_dir) +CFLAGS += -I$(src_dir)/ecp -I$(ssl_dir)/include -I$(platform_dir) ifeq ($(with_dirsrv),yes) with_dir = yes diff --git a/ecp/src/ecp/core.c b/ecp/src/ecp/core.c index d836ff4..a0251c8 100644 --- a/ecp/src/ecp/core.c +++ b/ecp/src/ecp/core.c @@ -288,12 +288,18 @@ static ECPConnection *conn_table_search(ECPSocket *sock, unsigned char c_idx, ec } int ecp_sock_init(ECPSocket *sock, ECPContext *ctx, ECPDHKey *key) { + int rv; + memset(sock, 0, sizeof(ECPSocket)); sock->ctx = ctx; sock->key_curr = 0; if (key) sock->key_perma = *key; - return ecp_dhkey_gen(&sock->key[sock->key_curr]); + rv = ecp_dhkey_gen(&sock->key[sock->key_curr]); + if (rv) return rv; + + rv = ecp_bc_key_gen(&sock->minkey); + return rv; } int ecp_sock_create(ECPSocket *sock, ECPContext *ctx, ECPDHKey *key) { @@ -342,6 +348,22 @@ void ecp_sock_close(ECPSocket *sock) { ecp_tr_close(sock); } +int ecp_sock_minkey_new(ECPSocket *sock) { + int rv; + +#ifdef ECP_WITH_PTHREAD + pthread_mutex_lock(&sock->mutex); +#endif + + rv = ecp_bc_key_gen(&sock->minkey); + +#ifdef ECP_WITH_PTHREAD + pthread_mutex_unlock(&sock->mutex); +#endif + + return rv; +} + int ecp_sock_dhkey_new(ECPSocket *sock) { ECPDHKey new_key; int rv; @@ -432,12 +454,45 @@ void ecp_sock_get_nonce(ECPSocket *sock, ecp_nonce_t *nonce) { } int ecp_cookie_gen(ECPSocket *sock, unsigned char *cookie, unsigned char *public_buf) { - memcpy(cookie, public_buf, ECP_SIZE_COOKIE); + ecp_bc_ctx_t bc_ctx; + int i; + +#ifdef ECP_WITH_PTHREAD + pthread_mutex_lock(&sock->mutex); +#endif + + bc_ctx = sock->minkey; + +#ifdef ECP_WITH_PTHREAD + pthread_mutex_unlock(&sock->mutex); +#endif + + for (i=0; imutex); +#endif + + bc_ctx = sock->minkey; + +#ifdef ECP_WITH_PTHREAD + pthread_mutex_unlock(&sock->mutex); +#endif + + for (i=0; ictx_enc); + if (rv < 0) return ECP_ERR; + + rv = AES_set_decrypt_key(_key, ECP_SIZE_BC_KEY * 8, &key->ctx_dec); + if (rv < 0) return ECP_ERR; + + return ECP_OK; +} + +void ecp_bc_encrypt_block(unsigned char *in, unsigned char *out, ecp_bc_ctx_t *key) { + AES_encrypt(in, out, &key->ctx_enc); +} + +void ecp_bc_decrypt_block(unsigned char *in, unsigned char *out, ecp_bc_ctx_t *key) { + AES_decrypt(in, out, &key->ctx_dec); +} diff --git a/ecp/src/ecp/crypto/crypto.h b/ecp/src/ecp/crypto/crypto.h index 863b25b..9e55c53 100644 --- a/ecp/src/ecp/crypto/crypto.h +++ b/ecp/src/ecp/crypto/crypto.h @@ -1,3 +1,5 @@ +#include + #define CURVE25519_SIZE_KEY 32 #define CHACHA20_SIZE_KEY 32 #define POLY1305_SIZE_TAG 16 @@ -13,6 +15,9 @@ #define ECP_SIZE_ECDSA_SEC 64 #define ECP_SIZE_ECDSA_SIG 32 +#define ECP_SIZE_BC_KEY 16 +#define ECP_SIZE_BC_BLOCK 16 + typedef uint8_t ecp_ecdh_public_t[ECP_SIZE_ECDH_PUB]; typedef uint8_t ecp_ecdh_private_t[ECP_SIZE_ECDH_SEC]; typedef uint8_t ecp_aead_key_t[ECP_SIZE_AEAD_KEY]; @@ -20,6 +25,10 @@ typedef uint8_t ecp_aead_nonce_t[ECP_SIZE_AEAD_NONCE]; typedef uint8_t ecp_ecdsa_public_t[ECP_SIZE_ECDSA_PUB]; typedef uint8_t ecp_ecdsa_private_t[ECP_SIZE_ECDSA_SEC]; typedef uint8_t ecp_ecdsa_signature_t[ECP_SIZE_ECDSA_SIG]; +typedef struct { + AES_KEY ctx_enc; + AES_KEY ctx_dec; +} ecp_bc_ctx_t; int aead_chacha20_poly1305_seal(unsigned char key[32], unsigned char tag_len, -- cgit v1.2.3