summaryrefslogtreecommitdiff
path: root/src/lib/dev.c
diff options
context:
space:
mode:
authorDimitri Staessens <dimitri@ouroboros.rocks>2023-12-10 14:53:41 +0100
committerSander Vrijders <sander@ouroboros.rocks>2023-12-17 13:23:49 +0100
commit676bd51161e7584175b97cfb7ec2bebd6d951acc (patch)
treec2366c53bc477d4c74208b700cb0436539858181 /src/lib/dev.c
parent8e7321c82cf446579fe14c7c369a7779e43aeddf (diff)
downloadouroboros-676bd51161e7584175b97cfb7ec2bebd6d951acc.tar.gz
ouroboros-676bd51161e7584175b97cfb7ec2bebd6d951acc.zip
lib: Move public key handling from app to IRMd
The application was generating its public keypair for its ECDHE key exchange. This is now done by the IRMd, which will check the requested qosspec and then apply what is needed. The flow_alloc and flow_accept calls will just return the symmetric key to the application. This makes it easier when we add configurations with given public key pairs and other encryption algorithms, which can then all be configured globally in the IRMd instead of having all the options replicated and implemented in each and every application. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/lib/dev.c')
-rw-r--r--src/lib/dev.c87
1 files changed, 13 insertions, 74 deletions
diff --git a/src/lib/dev.c b/src/lib/dev.c
index 3d45f016..d1f827f3 100644
--- a/src/lib/dev.c
+++ b/src/lib/dev.c
@@ -759,13 +759,8 @@ int flow_accept(qosspec_t * qs,
irm_msg_t msg = IRM_MSG__INIT;
irm_msg_t * recv_msg;
int fd;
- void * pkp; /* public key pair */
- uint8_t s[SYMMKEYSZ]; /* secret key for flow */
- uint8_t buf[MSGBUFSZ];
int err = -EIRMD;
- ssize_t key_len;
-
- memset(s, 0, SYMMKEYSZ);
+ uint8_t * symmkey;
msg.code = IRM_MSG_CODE__IRM_FLOW_ACCEPT;
msg.has_pid = true;
@@ -778,23 +773,7 @@ int flow_accept(qosspec_t * qs,
msg.timeo_nsec = timeo->tv_nsec;
}
- key_len = crypt_dh_pkp_create(&pkp, buf);
- if (key_len < 0) {
- err = -ECRYPT;
- goto fail_crypt_pkp;
- }
- if (key_len > 0) {
- msg.has_pk = true;
- msg.pk.data = buf;
- msg.pk.len = (uint32_t) key_len;
- }
-
- pthread_cleanup_push(crypt_dh_pkp_destroy, pkp);
-
recv_msg = send_recv_irm_msg(&msg);
-
- pthread_cleanup_pop(false);
-
if (recv_msg == NULL)
goto fail_recv;
@@ -810,17 +789,11 @@ int flow_accept(qosspec_t * qs,
!recv_msg->has_mpl || recv_msg->qosspec == NULL)
goto fail_msg;
- if (recv_msg->pk.len != 0 &&
- crypt_dh_derive(pkp, recv_msg->pk.data,
- recv_msg->pk.len, s) < 0) {
- err = -ECRYPT;
- goto fail_msg;
- }
-
- crypt_dh_pkp_destroy(pkp);
+ symmkey = recv_msg->has_symmkey ? recv_msg->symmkey.data : NULL;
fd = flow_init(recv_msg->flow_id, recv_msg->pid,
- qos_spec_msg_to_s(recv_msg->qosspec), s,
+ qos_spec_msg_to_s(recv_msg->qosspec),
+ symmkey,
recv_msg->mpl);
irm_msg__free_unpacked(recv_msg, NULL);
@@ -828,7 +801,6 @@ int flow_accept(qosspec_t * qs,
if (fd < 0)
return fd;
-
pthread_rwlock_rdlock(&ai.lock);
if (qs != NULL)
@@ -841,8 +813,6 @@ int flow_accept(qosspec_t * qs,
fail_msg:
irm_msg__free_unpacked(recv_msg, NULL);
fail_recv:
- crypt_dh_pkp_destroy(pkp);
- fail_crypt_pkp:
return err;
}
@@ -850,15 +820,10 @@ int flow_alloc(const char * dst,
qosspec_t * qs,
const struct timespec * timeo)
{
- irm_msg_t msg = IRM_MSG__INIT;
- irm_msg_t * recv_msg;
- int fd;
- void * pkp = NULL; /* public key pair */
- uint8_t s[SYMMKEYSZ]; /* secret key for flow */
- uint8_t buf[MSGBUFSZ];
- int err = -EIRMD;
-
- memset(s, 0, SYMMKEYSZ);
+ irm_msg_t msg = IRM_MSG__INIT;
+ irm_msg_t * recv_msg;
+ int fd;
+ int err = -EIRMD;
#ifdef QOS_DISABLE_CRC
if (qs != NULL)
@@ -877,25 +842,10 @@ int flow_alloc(const char * dst,
msg.timeo_nsec = timeo->tv_nsec;
}
- if (qs != NULL && qs->cypher_s != 0) {
- ssize_t key_len;
-
- key_len = crypt_dh_pkp_create(&pkp, buf);
- if (key_len < 0) {
- err = -ECRYPT;
- goto fail_crypt_pkp;
- }
-
- msg.has_pk = true;
- msg.pk.data = buf;
- msg.pk.len = (uint32_t) key_len;
- }
-
recv_msg = send_recv_irm_msg(&msg);
qosspec_msg__free_unpacked(msg.qosspec, NULL);
-
if (recv_msg == NULL)
- goto fail_send;
+ goto fail_send_recv;
if (!recv_msg->has_result)
goto fail_result;
@@ -909,19 +859,10 @@ int flow_alloc(const char * dst,
!recv_msg->has_mpl)
goto fail_result;
- if (qs != NULL && qs->cypher_s != 0) {
- if (!recv_msg->has_pk || recv_msg->pk.len == 0) {
- err = -ECRYPT;
- goto fail_result;
- }
-
- if (crypt_dh_derive(pkp, recv_msg->pk.data,
- recv_msg->pk.len, s) < 0) {
+ if ((qs != NULL && qs->cypher_s != 0) &&
+ (!recv_msg->has_symmkey || recv_msg->symmkey.len != SYMMKEYSZ)) {
err = -ECRYPT;
goto fail_result;
- }
-
- crypt_dh_pkp_destroy(pkp);
}
/* TODO: Make sure qosspec is set in msg */
@@ -929,7 +870,7 @@ int flow_alloc(const char * dst,
*qs = qos_spec_msg_to_s(recv_msg->qosspec);
fd = flow_init(recv_msg->flow_id, recv_msg->pid,
- qs == NULL ? qos_raw : *qs, s,
+ qs == NULL ? qos_raw : *qs, recv_msg->symmkey.data,
recv_msg->mpl);
irm_msg__free_unpacked(recv_msg, NULL);
@@ -938,9 +879,7 @@ int flow_alloc(const char * dst,
fail_result:
irm_msg__free_unpacked(recv_msg, NULL);
- fail_send:
- crypt_dh_pkp_destroy(pkp);
- fail_crypt_pkp:
+ fail_send_recv:
return err;
}