diff options
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/crypt.c | 4 | ||||
-rw-r--r-- | src/lib/dev.c | 87 | ||||
-rw-r--r-- | src/lib/pb/irm.proto | 3 |
3 files changed, 17 insertions, 77 deletions
diff --git a/src/lib/crypt.c b/src/lib/crypt.c index c5d6101a..2f0404a2 100644 --- a/src/lib/crypt.c +++ b/src/lib/crypt.c @@ -154,8 +154,8 @@ static int __openssl_ecdh_gen_key(void ** kp) static ssize_t openssl_ecdh_pkp_create(void ** pkp, uint8_t * pk) { - uint8_t * pos; - ssize_t len; + uint8_t * pos; + ssize_t len; assert(pkp != NULL); assert(*pkp == NULL); diff --git a/src/lib/dev.c b/src/lib/dev.c index 3d45f016..d1f827f3 100644 --- a/src/lib/dev.c +++ b/src/lib/dev.c @@ -759,13 +759,8 @@ int flow_accept(qosspec_t * qs, irm_msg_t msg = IRM_MSG__INIT; irm_msg_t * recv_msg; int fd; - void * pkp; /* public key pair */ - uint8_t s[SYMMKEYSZ]; /* secret key for flow */ - uint8_t buf[MSGBUFSZ]; int err = -EIRMD; - ssize_t key_len; - - memset(s, 0, SYMMKEYSZ); + uint8_t * symmkey; msg.code = IRM_MSG_CODE__IRM_FLOW_ACCEPT; msg.has_pid = true; @@ -778,23 +773,7 @@ int flow_accept(qosspec_t * qs, msg.timeo_nsec = timeo->tv_nsec; } - key_len = crypt_dh_pkp_create(&pkp, buf); - if (key_len < 0) { - err = -ECRYPT; - goto fail_crypt_pkp; - } - if (key_len > 0) { - msg.has_pk = true; - msg.pk.data = buf; - msg.pk.len = (uint32_t) key_len; - } - - pthread_cleanup_push(crypt_dh_pkp_destroy, pkp); - recv_msg = send_recv_irm_msg(&msg); - - pthread_cleanup_pop(false); - if (recv_msg == NULL) goto fail_recv; @@ -810,17 +789,11 @@ int flow_accept(qosspec_t * qs, !recv_msg->has_mpl || recv_msg->qosspec == NULL) goto fail_msg; - if (recv_msg->pk.len != 0 && - crypt_dh_derive(pkp, recv_msg->pk.data, - recv_msg->pk.len, s) < 0) { - err = -ECRYPT; - goto fail_msg; - } - - crypt_dh_pkp_destroy(pkp); + symmkey = recv_msg->has_symmkey ? recv_msg->symmkey.data : NULL; fd = flow_init(recv_msg->flow_id, recv_msg->pid, - qos_spec_msg_to_s(recv_msg->qosspec), s, + qos_spec_msg_to_s(recv_msg->qosspec), + symmkey, recv_msg->mpl); irm_msg__free_unpacked(recv_msg, NULL); @@ -828,7 +801,6 @@ int flow_accept(qosspec_t * qs, if (fd < 0) return fd; - pthread_rwlock_rdlock(&ai.lock); if (qs != NULL) @@ -841,8 +813,6 @@ int flow_accept(qosspec_t * qs, fail_msg: irm_msg__free_unpacked(recv_msg, NULL); fail_recv: - crypt_dh_pkp_destroy(pkp); - fail_crypt_pkp: return err; } @@ -850,15 +820,10 @@ int flow_alloc(const char * dst, qosspec_t * qs, const struct timespec * timeo) { - irm_msg_t msg = IRM_MSG__INIT; - irm_msg_t * recv_msg; - int fd; - void * pkp = NULL; /* public key pair */ - uint8_t s[SYMMKEYSZ]; /* secret key for flow */ - uint8_t buf[MSGBUFSZ]; - int err = -EIRMD; - - memset(s, 0, SYMMKEYSZ); + irm_msg_t msg = IRM_MSG__INIT; + irm_msg_t * recv_msg; + int fd; + int err = -EIRMD; #ifdef QOS_DISABLE_CRC if (qs != NULL) @@ -877,25 +842,10 @@ int flow_alloc(const char * dst, msg.timeo_nsec = timeo->tv_nsec; } - if (qs != NULL && qs->cypher_s != 0) { - ssize_t key_len; - - key_len = crypt_dh_pkp_create(&pkp, buf); - if (key_len < 0) { - err = -ECRYPT; - goto fail_crypt_pkp; - } - - msg.has_pk = true; - msg.pk.data = buf; - msg.pk.len = (uint32_t) key_len; - } - recv_msg = send_recv_irm_msg(&msg); qosspec_msg__free_unpacked(msg.qosspec, NULL); - if (recv_msg == NULL) - goto fail_send; + goto fail_send_recv; if (!recv_msg->has_result) goto fail_result; @@ -909,19 +859,10 @@ int flow_alloc(const char * dst, !recv_msg->has_mpl) goto fail_result; - if (qs != NULL && qs->cypher_s != 0) { - if (!recv_msg->has_pk || recv_msg->pk.len == 0) { - err = -ECRYPT; - goto fail_result; - } - - if (crypt_dh_derive(pkp, recv_msg->pk.data, - recv_msg->pk.len, s) < 0) { + if ((qs != NULL && qs->cypher_s != 0) && + (!recv_msg->has_symmkey || recv_msg->symmkey.len != SYMMKEYSZ)) { err = -ECRYPT; goto fail_result; - } - - crypt_dh_pkp_destroy(pkp); } /* TODO: Make sure qosspec is set in msg */ @@ -929,7 +870,7 @@ int flow_alloc(const char * dst, *qs = qos_spec_msg_to_s(recv_msg->qosspec); fd = flow_init(recv_msg->flow_id, recv_msg->pid, - qs == NULL ? qos_raw : *qs, s, + qs == NULL ? qos_raw : *qs, recv_msg->symmkey.data, recv_msg->mpl); irm_msg__free_unpacked(recv_msg, NULL); @@ -938,9 +879,7 @@ int flow_alloc(const char * dst, fail_result: irm_msg__free_unpacked(recv_msg, NULL); - fail_send: - crypt_dh_pkp_destroy(pkp); - fail_crypt_pkp: + fail_send_recv: return err; } diff --git a/src/lib/pb/irm.proto b/src/lib/pb/irm.proto index 94db28a4..366e462c 100644 --- a/src/lib/pb/irm.proto +++ b/src/lib/pb/irm.proto @@ -92,5 +92,6 @@ message irm_msg { optional sint32 mpl = 19; optional string comp = 20; optional bytes pk = 21; /* piggyback */ - optional sint32 result = 22; + optional bytes symmkey = 22; + optional sint32 result = 23; } |