diff options
| author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2025-06-28 11:27:50 +0200 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2025-07-04 10:12:15 +0200 |
| commit | 84134b93c1fc1c670f52ab199dcda6fc9c42626f (patch) | |
| tree | 92375d0d9d656b7ccfb003ba7cf30c54171cd847 /include | |
| parent | d2295c1c228f05beaf3ec8abe44a4ae114742076 (diff) | |
| download | ouroboros-84134b93c1fc1c670f52ab199dcda6fc9c42626f.tar.gz ouroboros-84134b93c1fc1c670f52ab199dcda6fc9c42626f.zip | |
lib: Add authentication functions
Adds functions needed for authentication using X509 certificates,
implemented using OpenSSL.
Refactors some library internals, and adds some unit tests for them.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'include')
| -rw-r--r-- | include/ouroboros/crypt.h | 87 | ||||
| -rw-r--r-- | include/ouroboros/sockets.h.in | 12 | ||||
| -rw-r--r-- | include/ouroboros/test.h | 22 | ||||
| -rw-r--r-- | include/ouroboros/tpm.h | 4 | ||||
| -rw-r--r-- | include/ouroboros/utils.h | 3 |
5 files changed, 100 insertions, 28 deletions
diff --git a/include/ouroboros/crypt.h b/include/ouroboros/crypt.h index 28fe63b2..b510a3b2 100644 --- a/include/ouroboros/crypt.h +++ b/include/ouroboros/crypt.h @@ -26,31 +26,84 @@ #include <ouroboros/shm_du_buff.h> #include <ouroboros/utils.h> +#define IVSZ 16 #define SYMMKEYSZ 32 +#define MSGBUFSZ 2048 -struct crypt_info { - uint16_t flags; - void * ctx; - uint8_t key[SYMMKEYSZ]; -}; +struct auth_ctx; +struct crypt_ctx; -int crypt_dh_pkp_create(void ** pkp, - uint8_t * pk); +struct crypt_ctx * crypt_create_ctx(uint16_t flags, + const uint8_t * key); -void crypt_dh_pkp_destroy(void * pkp); +void crypt_destroy_ctx(struct crypt_ctx * ctx); -int crypt_dh_derive(void * pkp, - buffer_t pk, - uint8_t * s); +int crypt_dh_pkp_create(void ** pkp, + uint8_t * pk); -int crypt_encrypt(struct crypt_info * info, - struct shm_du_buff * sdb); +void crypt_dh_pkp_destroy(void * pkp); -int crypt_decrypt(struct crypt_info * info, - struct shm_du_buff * sdb); +int crypt_dh_derive(void * pkp, + buffer_t pk, + uint8_t * s); -int crypt_init(struct crypt_info * info); +int crypt_encrypt(struct crypt_ctx * ctx, + buffer_t in, + buffer_t * out); -void crypt_fini(struct crypt_info * info); +int crypt_decrypt(struct crypt_ctx * ctx, + buffer_t in, + buffer_t * out); + +int crypt_load_crt_file(const char * path, + void ** crt); + +int crypt_load_crt_str(const char * str, + void ** crt); + +int crypt_get_pubkey_crt(void * crt, + void ** pk); + +void crypt_free_crt(void * crt); + +int crypt_load_privkey_file(const char * path, + void ** key); + +int crypt_load_privkey_str(const char * str, + void ** key); + +int crypt_load_pubkey_str(const char * str, + void ** key); + +int crypt_cmp_key(const void * key1, + const void * key2); + +void crypt_free_key(void * key); + +int crypt_crt_str(void * crt, + char * buf); + +int crypt_check_crt_name(void * crt, + const char * name); + +struct auth_ctx * auth_create_ctx(void); + +void auth_destroy_ctx(struct auth_ctx * ctx); + +int auth_add_crt_to_store(struct auth_ctx * ctx, + void * crt); + +void auth_destroy_ctx(struct auth_ctx * ctx); + +int auth_verify_crt(struct auth_ctx * ctx, + void * crt); + +int auth_sign(void * pkp, + buffer_t msg, + buffer_t * sig); + +int auth_verify_sig(void * pk, + buffer_t msg, + buffer_t sig); #endif /* OUROBOROS_LIB_CRYPT_H */ diff --git a/include/ouroboros/sockets.h.in b/include/ouroboros/sockets.h.in index 095674a9..1a6974ac 100644 --- a/include/ouroboros/sockets.h.in +++ b/include/ouroboros/sockets.h.in @@ -27,16 +27,20 @@ #include <sys/types.h> -#define SOCK_PATH "/var/run/ouroboros/" +#ifndef OUROBOROS_TEST + #define SOCK_PATH "/var/run/ouroboros/" +#else + #define SOCK_PATH "/tmp/" +#endif #define SOCK_PATH_SUFFIX ".sock" #define IRM_SOCK_PATH SOCK_PATH "irm" SOCK_PATH_SUFFIX -#define IPCP_SOCK_PATH_PREFIX SOCK_PATH "ipcp" +#define IPCP_SOCK_PATH_PREFIX SOCK_PATH "ipcp." #define SOCK_BUF_SIZE @SOCK_BUF_SIZE@ -/* Returns the full socket path of an IPCP */ -char * ipcp_sock_path(pid_t pid); +char * sock_path(pid_t pid, + const char * path); int server_socket_open(char * file_name); diff --git a/include/ouroboros/test.h b/include/ouroboros/test.h index 096e145c..12214f15 100644 --- a/include/ouroboros/test.h +++ b/include/ouroboros/test.h @@ -23,11 +23,19 @@ #ifndef OUROBOROS_LIB_TEST_H #define OUROBOROS_LIB_TEST_H +#define OUROBOROS_TEST + #include <errno.h> #include <stdio.h> #include <string.h> #include <unistd.h> #include <sys/wait.h> +#include <sys/types.h> + + +#define TEST_RC_SUCCESS 0 +#define TEST_RC_SKIP 1 +#define TEST_RC_FAIL -1 #define TEST_START() \ do { \ @@ -40,6 +48,12 @@ fflush(stdout); \ } while (0) +#define TEST_SKIPPED() \ + do { \ + printf("%s skipped.\n", __func__); \ + fflush(stdout); \ + } while (0) + #define TEST_FAIL() \ do { \ printf("%s failed.\n", __func__); \ @@ -57,7 +71,7 @@ static int __attribute__((unused)) test_assert_fail(int(* testfunc)(void)) pid = fork(); if (pid == -1) { printf("Failed to fork: %s.\n", strerror(errno)); - return -1; + return TEST_RC_FAIL; } if (pid == 0) @@ -66,17 +80,17 @@ static int __attribute__((unused)) test_assert_fail(int(* testfunc)(void)) waitpid(pid, &wstatus, 0); #ifdef CONFIG_OUROBOROS_DEBUG if (WIFSIGNALED(wstatus) && (wstatus == 134 || wstatus == 6)) - return 0; + return TEST_RC_SUCCESS; printf("Process did not abort, status: %d.\n", wstatus); #else if (WIFEXITED(wstatus) && wstatus == 0) - return 0; + return TEST_RC_SUCCESS; printf("Process did not exit, status: %d.\n", wstatus); #endif - return -1; + return TEST_RC_FAIL; } #endif /* OUROBOROS_LIB_TEST_H */ diff --git a/include/ouroboros/tpm.h b/include/ouroboros/tpm.h index 445f9306..7188dc91 100644 --- a/include/ouroboros/tpm.h +++ b/include/ouroboros/tpm.h @@ -38,8 +38,8 @@ int tpm_start(struct tpm * tpm); void tpm_stop(struct tpm * tpm); -void tpm_dec(struct tpm * tpm); +void tpm_begin_work(struct tpm * tpm); -void tpm_inc(struct tpm * tpm); +void tpm_end_work(struct tpm * tpm); #endif /* OUROBOROS_LIB_TPM_H */ diff --git a/include/ouroboros/utils.h b/include/ouroboros/utils.h index 93fbf402..7f625c90 100644 --- a/include/ouroboros/utils.h +++ b/include/ouroboros/utils.h @@ -24,8 +24,9 @@ #define OUROBOROS_LIB_UTILS_H #include <stdint.h> -#include <unistd.h> +#include <stdlib.h> #include <string.h> +#include <unistd.h> #define MIN(a,b) (((a) < (b)) ? (a) : (b)) #define MAX(a,b) (((a) > (b)) ? (a) : (b)) |