X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/82ba25cfeb78751b8218c72f1685998d28004efc..4a3882945f605704ede113a9fe98cd19a92363a7:/server/servutil.c diff --git a/server/servutil.c b/server/servutil.c index e4772c4c..703e448e 100644 --- a/server/servutil.c +++ b/server/servutil.c @@ -82,6 +82,180 @@ int seq_check(seqwin *s, uint32 q, const char *service) return (0); } +/*----- Rate limiting -----------------------------------------------------*/ + +/* --- @ratelim_init@ --- * + * + * Arguments: @ratelim *r@ = rate-limiting state to fill in + * @unsigned persec@ = credit to accumulate per second + * @unsigned max@ = maximum credit to retain + * + * Returns: --- + * + * Use: Initialize a rate-limiting state. + */ + +void ratelim_init(ratelim *r, unsigned persec, unsigned max) +{ + r->n = r->max = max; + r->persec = persec; + gettimeofday(&r->when, 0); +} + +/* --- @ratelim_withdraw@ --- * + * + * Arguments: @ratelim *r@ = rate-limiting state + * @unsigned n@ = credit to withdraw + * + * Returns: Zero if successful; @-1@ if there is unsufficient credit + * + * Use: Updates the state with any accumulated credit. Then, if + * there there are more than @n@ credits available, withdraw @n@ + * and return successfully; otherwise, report failure. + */ + +int ratelim_withdraw(ratelim *r, unsigned n) +{ + struct timeval now, delta; + unsigned long d; + + gettimeofday(&now, 0); + TV_SUB(&delta, &now, &r->when); + d = (unsigned long)r->persec*delta.tv_sec + + (unsigned long)r->persec*delta.tv_usec/MILLION; + if (d < r->max - r->n) r->n += d; + else r->n = r->max; + r->when = now; + + if (n > r->n) return (-1); + else { r->n -= n; return (0); } +} + +/*----- Crypto ------------------------------------------------------------*/ + +/* --- @ies_encrypt@ --- * + * + * Arguments: @kdata *kpub@ = recipient's public key + * @unsigned ty@ = message type octet + * @buf *b@ = input message buffer + * @buf *bb@ = output buffer for the ciphertext + * + * Returns: On error, returns a @KSERR_...@ code or breaks the buffer; + * on success, returns zero and the buffer is good. + * + * Use: Encrypts a message for a recipient, given their public key. + * This does not (by itself) provide forward secrecy or sender + * authenticity. The ciphertext is self-delimiting (unlike + * @ks_encrypt@). + */ + +int ies_encrypt(kdata *kpub, unsigned ty, buf *b, buf *bb) +{ + dhgrp *g = kpub->grp; + dhsc *u = g->ops->randsc(g); + dhge *U = g->ops->mul(g, u, 0), *Z = g->ops->mul(g, u, kpub->K); + bulkalgs *algs = kpub->algs.bulk; + octet *len; + bulkctx *bulk; + deriveargs a; + size_t n; + buf bk; + int rc = 0; + + IF_TRACING(T_CRYPTO, { + trace(T_CRYPTO, + "crypto: encrypting IES message (type 0x%02x) for recipient `%s'", + ty, kpub->tag); + trace_block(T_CRYPTO, "crypto: plaintext message", BCUR(b), BLEFT(b)); + }) + + a.hc = kpub->algs.h; a.what = "tripe:ecies-"; a.f = DF_OUT; + buf_init(&bk, buf_u, sizeof(buf_u)); a.k = BBASE(&bk); + g->ops->stge(g, &bk, U, DHFMT_HASH); a.x = a.y = BLEN(&bk); + g->ops->stge(g, &bk, Z, DHFMT_HASH); a.z = BLEN(&bk); + assert(BOK(&bk)); + T( trace_block(T_CRYPTO, "crypto: KEM clue", a.k, a.x); + trace_block(T_CRYPTO, "crypto: shared secret", a.k + a.y, a.z - a.y); ) + + len = BCUR(bb); buf_get(bb, 2); + bulk = algs->ops->genkeys(algs, &a); + bulk->ops = algs->ops; + g->ops->stge(g, bb, U, DHFMT_VAR); if (BBAD(bb)) goto end; + rc = bulk->ops->encrypt(bulk, ty, b, bb, 0); + if (rc || BBAD(bb)) goto end; + n = BCUR(bb) - len - 2; assert(n <= MASK16); STORE16(len, n); + +end: + bulk->ops->freectx(bulk); + g->ops->freesc(g, u); + g->ops->freege(g, U); + g->ops->freege(g, Z); + return (rc); +} + +/* --- @ies_decrypt@ --- * + * + * Arguments: @kdata *kpub@ = private key key + * @unsigned ty@ = message type octet + * @buf *b@ = input ciphertext buffer + * @buf *bb@ = output buffer for the message + * + * Returns: On error, returns a @KSERR_...@ code; on success, returns + * zero and the buffer is good. + * + * Use: Decrypts a message encrypted using @ies_encrypt@, given our + * private key. + */ + +int ies_decrypt(kdata *kpriv, unsigned ty, buf *b, buf *bb) +{ + dhgrp *g = kpriv->grp; + bulkalgs *algs = kpriv->algs.bulk; + bulkctx *bulk = 0; + T( const octet *m; ) + dhge *U = 0, *Z = 0; + deriveargs a; + uint32 seq; + buf bk, bc; + int rc; + + IF_TRACING(T_CRYPTO, { + trace(T_CRYPTO, + "crypto: decrypting IES message (type 0x%02x) to recipient `%s'", + ty, kpriv->tag); + trace_block(T_CRYPTO, "crypto: ciphertext message", BCUR(b), BLEFT(b)); + }) + + if (buf_getbuf16(b, &bc) || + (U = g->ops->ldge(g, &bc, DHFMT_VAR)) == 0 || + g->ops->checkge(g, U)) + { rc = KSERR_MALFORMED; goto end; } + Z = g->ops->mul(g, kpriv->k, U); + + a.hc = kpriv->algs.h; a.what = "tripe:ecies-"; a.f = DF_IN; + buf_init(&bk, buf_u, sizeof(buf_u)); a.k = BBASE(&bk); a.x = 0; + g->ops->stge(g, &bk, U, DHFMT_HASH); a.y = BLEN(&bk); + g->ops->stge(g, &bk, Z, DHFMT_HASH); a.z = BLEN(&bk); + T( trace_block(T_CRYPTO, "crypto: KEM clue", a.k + a.x, a.y - a.x); + trace_block(T_CRYPTO, "crypto: shared secret", a.k + a.y, a.z - a.y); ) + assert(BOK(&bk)); + + bulk = algs->ops->genkeys(algs, &a); + bulk->ops = algs->ops; + T( m = BCUR(bb); ) + rc = bulk->ops->decrypt(bulk, ty, &bc, bb, &seq); + if (rc) goto end; + if (seq) { rc = KSERR_SEQ; goto end; } + assert(BOK(bb)); + T( trace_block(T_CRYPTO, "crypto: decrypted message", m, BCUR(bb) - m); ) + +end: + if (bulk) bulk->ops->freectx(bulk); + g->ops->freege(g, U); + g->ops->freege(g, Z); + return (rc); +} + /*----- Random odds and sods ----------------------------------------------*/ /* --- @timestr@ --- * @@ -121,4 +295,76 @@ int mystrieq(const char *x, const char *y) } } +/*----- Address handling --------------------------------------------------*/ + +const struct addrfam aftab[] = { +#ifdef HAVE_LIBADNS +# define DEF(af, qf) { AF_##af, #af, adns_qf_##qf }, +#else +# define DEF(af, qf) { AF_##af, #af }, +#endif + ADDRFAM(DEF) +#undef DEF +}; + +/* --- @afix@ --- * + * + * Arguments: @int af@ = an address family code + * + * Returns: The index of the address family's record in @aftab@, or @-1@. + */ + +int afix(int af) +{ + int i; + + for (i = 0; i < NADDRFAM; i++) + if (af == aftab[i].af) return (i); + return (-1); +} + +/* --- @addrsz@ --- * + * + * Arguments: @const addr *a@ = a network address + * + * Returns: The size of the address, for passing into the sockets API. + */ + +socklen_t addrsz(const addr *a) +{ + switch (a->sa.sa_family) { + case AF_INET: return (sizeof(a->sin)); + case AF_INET6: return (sizeof(a->sin6)); + default: abort(); + } +} + +/* --- @getport@, @setport@ --- * + * + * Arguments: @addr *a@ = a network address + * @unsigned port@ = port number to set + * + * Returns: --- + * + * Use: Retrieves or sets the port number in an address structure. + */ + +unsigned getport(addr *a) +{ + switch (a->sa.sa_family) { + case AF_INET: return (ntohs(a->sin.sin_port)); break; + case AF_INET6: return (ntohs(a->sin6.sin6_port)); break; + default: abort(); + } +} + +void setport(addr *a, unsigned port) +{ + switch (a->sa.sa_family) { + case AF_INET: a->sin.sin_port = htons(port); break; + case AF_INET6: a->sin6.sin6_port = htons(port); break; + default: abort(); + } +} + /*----- That's all, folks -------------------------------------------------*/