X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/blobdiff_plain/e04c2d50fd96f3f31bc96851c55c6efecc10469c..4a3882945f605704ede113a9fe98cd19a92363a7:/server/servutil.c

diff --git a/server/servutil.c b/server/servutil.c
index 06b409ec..703e448e 100644
--- a/server/servutil.c
+++ b/server/servutil.c
@@ -1,6 +1,4 @@
 /* -*-c-*-
- *
- * $Id$
  *
  * Various handy server-only utilities
  *
@@ -11,19 +9,18 @@
  *
  * This file is part of Trivial IP Encryption (TrIPE).
  *
- * TrIPE is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
+ * TrIPE is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at your
+ * option) any later version.
  *
- * TrIPE is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
+ * TrIPE is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
  *
  * You should have received a copy of the GNU General Public License
- * along with TrIPE; if not, write to the Free Software Foundation,
- * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ * along with TrIPE.  If not, see <https://www.gnu.org/licenses/>.
  */
 
 /*----- Header files ------------------------------------------------------*/
@@ -32,64 +29,9 @@
 
 /*----- Global variables --------------------------------------------------*/
 
-octet buf_i[PKBUFSZ], buf_o[PKBUFSZ], buf_t[PKBUFSZ];
-
-/*----- Main code ---------------------------------------------------------*/
-
-/* --- @mpstr@ --- *
- *
- * Arguments:	@mp *m@ = a multiprecision integer
- *
- * Returns:	A pointer to the integer's textual representation.
- *
- * Use:		Converts a multiprecision integer to a string.  Corrupts
- *		@buf_t@.
- */
-
-const char *mpstr(mp *m)
-{
-  if (mp_writestring(m, (char *)buf_t, sizeof(buf_t), 10))
-    return ("<failed>");
-  return ((const char *)buf_t);
-}
-
-/* --- @gestr@ --- *
- *
- * Arguments:	@group *g@ = a group
- *		@ge *x@ = a group element
- *
- * Returns:	A pointer to the element's textual representation.
- *
- * Use:		Converts a group element to a string.  Corrupts
- *		@buf_t@.
- */
+octet buf_i[PKBUFSZ], buf_o[PKBUFSZ], buf_t[PKBUFSZ], buf_u[PKBUFSZ];
 
-const char *gestr(group *g, ge *x)
-{
-  if (group_writestring(g, x, (char *)buf_t, sizeof(buf_t)))
-    return ("<failed>");
-  return ((const char *)buf_t);
-}
-
-/* --- @timestr@ --- *
- *
- * Arguments:	@time_t t@ = a time to convert
- *
- * Returns:	A pointer to a textual representation of the time.
- *
- * Use:		Converts a time to a textual representation.  Corrupts
- *		@buf_t@.
- */
-
-const char *timestr(time_t t)
-{
-  struct tm *tm;
-  if (!t)
-    return ("NEVER");
-  tm = localtime(&t);
-  strftime((char *)buf_t, sizeof(buf_t), "%Y-%m-%dT%H:%M:%S", tm);
-  return ((const char *)buf_t);
-}
+/*----- Sequence numbers --------------------------------------------------*/
 
 /* --- @seq_reset@ --- *
  *
@@ -140,4 +82,289 @@ int seq_check(seqwin *s, uint32 q, const char *service)
   return (0);
 }
 
+/*----- Rate limiting -----------------------------------------------------*/
+
+/* --- @ratelim_init@ --- *
+ *
+ * Arguments:	@ratelim *r@ = rate-limiting state to fill in
+ *		@unsigned persec@ = credit to accumulate per second
+ *		@unsigned max@ = maximum credit to retain
+ *
+ * Returns:	---
+ *
+ * Use:		Initialize a rate-limiting state.
+ */
+
+void ratelim_init(ratelim *r, unsigned persec, unsigned max)
+{
+  r->n = r->max = max;
+  r->persec = persec;
+  gettimeofday(&r->when, 0);
+}
+
+/* --- @ratelim_withdraw@ --- *
+ *
+ * Arguments:	@ratelim *r@ = rate-limiting state
+ *		@unsigned n@ = credit to withdraw
+ *
+ * Returns:	Zero if successful; @-1@ if there is unsufficient credit
+ *
+ * Use:		Updates the state with any accumulated credit.  Then, if
+ *		there there are more than @n@ credits available, withdraw @n@
+ *		and return successfully; otherwise, report failure.
+ */
+
+int ratelim_withdraw(ratelim *r, unsigned n)
+{
+  struct timeval now, delta;
+  unsigned long d;
+
+  gettimeofday(&now, 0);
+  TV_SUB(&delta, &now, &r->when);
+  d = (unsigned long)r->persec*delta.tv_sec +
+    (unsigned long)r->persec*delta.tv_usec/MILLION;
+  if (d < r->max - r->n) r->n += d;
+  else r->n = r->max;
+  r->when = now;
+
+  if (n > r->n) return (-1);
+  else { r->n -= n; return (0); }
+}
+
+/*----- Crypto ------------------------------------------------------------*/
+
+/* --- @ies_encrypt@ --- *
+ *
+ * Arguments:	@kdata *kpub@ = recipient's public key
+ *		@unsigned ty@ = message type octet
+ *		@buf *b@ = input message buffer
+ *		@buf *bb@ = output buffer for the ciphertext
+ *
+ * Returns:	On error, returns a @KSERR_...@ code or breaks the buffer;
+ *		on success, returns zero and the buffer is good.
+ *
+ * Use:		Encrypts a message for a recipient, given their public key.
+ *		This does not (by itself) provide forward secrecy or sender
+ *		authenticity.  The ciphertext is self-delimiting (unlike
+ *		@ks_encrypt@).
+ */
+
+int ies_encrypt(kdata *kpub, unsigned ty, buf *b, buf *bb)
+{
+  dhgrp *g = kpub->grp;
+  dhsc *u = g->ops->randsc(g);
+  dhge *U = g->ops->mul(g, u, 0), *Z = g->ops->mul(g, u, kpub->K);
+  bulkalgs *algs = kpub->algs.bulk;
+  octet *len;
+  bulkctx *bulk;
+  deriveargs a;
+  size_t n;
+  buf bk;
+  int rc = 0;
+
+  IF_TRACING(T_CRYPTO, {
+    trace(T_CRYPTO,
+	  "crypto: encrypting IES message (type 0x%02x) for recipient `%s'",
+	  ty, kpub->tag);
+    trace_block(T_CRYPTO, "crypto: plaintext message", BCUR(b), BLEFT(b));
+  })
+
+  a.hc = kpub->algs.h; a.what = "tripe:ecies-"; a.f = DF_OUT;
+  buf_init(&bk, buf_u, sizeof(buf_u)); a.k = BBASE(&bk);
+  g->ops->stge(g, &bk, U, DHFMT_HASH); a.x = a.y = BLEN(&bk);
+  g->ops->stge(g, &bk, Z, DHFMT_HASH); a.z = BLEN(&bk);
+  assert(BOK(&bk));
+  T( trace_block(T_CRYPTO, "crypto: KEM clue", a.k, a.x);
+     trace_block(T_CRYPTO, "crypto: shared secret", a.k + a.y, a.z - a.y); )
+
+  len = BCUR(bb); buf_get(bb, 2);
+  bulk = algs->ops->genkeys(algs, &a);
+  bulk->ops = algs->ops;
+  g->ops->stge(g, bb, U, DHFMT_VAR); if (BBAD(bb)) goto end;
+  rc = bulk->ops->encrypt(bulk, ty, b, bb, 0);
+  if (rc || BBAD(bb)) goto end;
+  n = BCUR(bb) - len - 2; assert(n <= MASK16); STORE16(len, n);
+
+end:
+  bulk->ops->freectx(bulk);
+  g->ops->freesc(g, u);
+  g->ops->freege(g, U);
+  g->ops->freege(g, Z);
+  return (rc);
+}
+
+/* --- @ies_decrypt@ --- *
+ *
+ * Arguments:	@kdata *kpub@ = private key key
+ *		@unsigned ty@ = message type octet
+ *		@buf *b@ = input ciphertext buffer
+ *		@buf *bb@ = output buffer for the message
+ *
+ * Returns:	On error, returns a @KSERR_...@ code; on success, returns
+ *		zero and the buffer is good.
+ *
+ * Use:		Decrypts a message encrypted using @ies_encrypt@, given our
+ *		private key.
+ */
+
+int ies_decrypt(kdata *kpriv, unsigned ty, buf *b, buf *bb)
+{
+  dhgrp *g = kpriv->grp;
+  bulkalgs *algs = kpriv->algs.bulk;
+  bulkctx *bulk = 0;
+  T( const octet *m; )
+  dhge *U = 0, *Z = 0;
+  deriveargs a;
+  uint32 seq;
+  buf bk, bc;
+  int rc;
+
+  IF_TRACING(T_CRYPTO, {
+    trace(T_CRYPTO,
+	  "crypto: decrypting IES message (type 0x%02x) to recipient `%s'",
+	  ty, kpriv->tag);
+    trace_block(T_CRYPTO, "crypto: ciphertext message", BCUR(b), BLEFT(b));
+  })
+
+  if (buf_getbuf16(b, &bc) ||
+      (U = g->ops->ldge(g, &bc, DHFMT_VAR)) == 0 ||
+      g->ops->checkge(g, U))
+    { rc = KSERR_MALFORMED; goto end; }
+  Z = g->ops->mul(g, kpriv->k, U);
+
+  a.hc = kpriv->algs.h; a.what = "tripe:ecies-"; a.f = DF_IN;
+  buf_init(&bk, buf_u, sizeof(buf_u)); a.k = BBASE(&bk); a.x = 0;
+  g->ops->stge(g, &bk, U, DHFMT_HASH); a.y = BLEN(&bk);
+  g->ops->stge(g, &bk, Z, DHFMT_HASH); a.z = BLEN(&bk);
+  T( trace_block(T_CRYPTO, "crypto: KEM clue", a.k + a.x, a.y - a.x);
+     trace_block(T_CRYPTO, "crypto: shared secret", a.k + a.y, a.z - a.y); )
+  assert(BOK(&bk));
+
+  bulk = algs->ops->genkeys(algs, &a);
+  bulk->ops = algs->ops;
+  T( m = BCUR(bb); )
+  rc = bulk->ops->decrypt(bulk, ty, &bc, bb, &seq);
+  if (rc) goto end;
+  if (seq) { rc = KSERR_SEQ; goto end; }
+  assert(BOK(bb));
+  T( trace_block(T_CRYPTO, "crypto: decrypted message", m, BCUR(bb) - m); )
+
+end:
+  if (bulk) bulk->ops->freectx(bulk);
+  g->ops->freege(g, U);
+  g->ops->freege(g, Z);
+  return (rc);
+}
+
+/*----- Random odds and sods ----------------------------------------------*/
+
+/* --- @timestr@ --- *
+ *
+ * Arguments:	@time_t t@ = a time to convert
+ *
+ * Returns:	A pointer to a textual representation of the time.
+ *
+ * Use:		Converts a time to a textual representation.  Corrupts
+ *		@buf_u@.
+ */
+
+const char *timestr(time_t t)
+{
+  struct tm *tm;
+  if (!t)
+    return ("NEVER");
+  tm = localtime(&t);
+  strftime((char *)buf_u, sizeof(buf_u), "%Y-%m-%dT%H:%M:%S", tm);
+  return ((const char *)buf_u);
+}
+
+/* --- @mystrieq@ --- *
+ *
+ * Arguments:	@const char *x, *y@ = two strings
+ *
+ * Returns:	True if @x@ and @y are equal, up to case.
+ */
+
+int mystrieq(const char *x, const char *y)
+{
+  for (;;) {
+    if (!*x && !*y) return (1);
+    if (tolower((unsigned char)*x) != tolower((unsigned char)*y))
+      return (0);
+    x++; y++;
+  }
+}
+
+/*----- Address handling --------------------------------------------------*/
+
+const struct addrfam aftab[] = {
+#ifdef HAVE_LIBADNS
+#  define DEF(af, qf) { AF_##af, #af, adns_qf_##qf },
+#else
+#  define DEF(af, qf) { AF_##af, #af },
+#endif
+  ADDRFAM(DEF)
+#undef DEF
+};
+
+/* --- @afix@ --- *
+ *
+ * Arguments:	@int af@ = an address family code
+ *
+ * Returns:	The index of the address family's record in @aftab@, or @-1@.
+ */
+
+int afix(int af)
+{
+  int i;
+
+  for (i = 0; i < NADDRFAM; i++)
+    if (af == aftab[i].af) return (i);
+  return (-1);
+}
+
+/* --- @addrsz@ --- *
+ *
+ * Arguments:	@const addr *a@ = a network address
+ *
+ * Returns:	The size of the address, for passing into the sockets API.
+ */
+
+socklen_t addrsz(const addr *a)
+{
+  switch (a->sa.sa_family) {
+    case AF_INET: return (sizeof(a->sin));
+    case AF_INET6: return (sizeof(a->sin6));
+    default: abort();
+  }
+}
+
+/* --- @getport@, @setport@ --- *
+ *
+ * Arguments:	@addr *a@ = a network address
+ *		@unsigned port@ = port number to set
+ *
+ * Returns:	---
+ *
+ * Use:		Retrieves or sets the port number in an address structure.
+ */
+
+unsigned getport(addr *a)
+{
+  switch (a->sa.sa_family) {
+    case AF_INET: return (ntohs(a->sin.sin_port)); break;
+    case AF_INET6: return (ntohs(a->sin6.sin6_port)); break;
+    default: abort();
+  }
+}
+
+void setport(addr *a, unsigned port)
+{
+  switch (a->sa.sa_family) {
+    case AF_INET: a->sin.sin_port = htons(port); break;
+    case AF_INET6: a->sin6.sin6_port = htons(port); break;
+    default: abort();
+  }
+}
+
 /*----- That's all, folks -------------------------------------------------*/