jehanne/sys/src/cmd/auth/secstore/SConn.c

/*
 * This file is part of the UCB release of Plan 9. It is subject to the license
 * terms in the LICENSE file found in the top-level directory of this
 * distribution and at http://akaros.cs.berkeley.edu/files/Plan9License. No
 * part of the UCB release of Plan 9, including this file, may be copied,
 * modified, propagated, or distributed except according to the terms contained
 * in the LICENSE file.
 */
/* Portions of this file are Copyright (C) 2015-2018 Giacomo Tesio <giacomo@tesio.it>
 * See /doc/license/gpl-2.0.txt for details about the licensing.
 */
/* Portions of this file are Copyright (C) 9front's team.
 * See /doc/license/9front-mit for details about the licensing.
 * See http://git.9front.org/plan9front/plan9front/HEAD/info.html for a list of authors.
 */
#define PORTABLE_SYSCALLS
#include <u.h>
#include <lib9.h>
#include <mp.h>
#include <libsec.h>
#include "SConn.h"

extern int verbose;

typedef struct ConnState {
	uint8_t secret[SHA1dlen];
	uint32_t seqno;
	RC4state rc4;
} ConnState;

typedef struct SS{
	int fd;		// file descriptor for read/write of encrypted data
	int alg;	// if nonzero, "alg sha rc4_128"
	ConnState in, out;
} SS;

static int
SC_secret(SConn *conn, uint8_t *sigma, int direction)
{
	SS *ss = (SS*)(conn->chan);
	int nsigma = conn->secretlen;

	if(direction != 0){
		hmac_sha1(sigma, nsigma, (uint8_t*)"one", 3, ss->out.secret, nil);
		hmac_sha1(sigma, nsigma, (uint8_t*)"two", 3, ss->in.secret, nil);
	}else{
		hmac_sha1(sigma, nsigma, (uint8_t*)"two", 3, ss->out.secret, nil);
		hmac_sha1(sigma, nsigma, (uint8_t*)"one", 3, ss->in.secret, nil);
	}
	setupRC4state(&ss->in.rc4, ss->in.secret, 16); // restrict to 128 bits
	setupRC4state(&ss->out.rc4, ss->out.secret, 16);
	ss->alg = 1;
	return 0;
}

static void
hash(uint8_t secret[SHA1dlen], uint8_t *data, int len, int seqno, uint8_t d[SHA1dlen])
{
	DigestState sha;
	uint8_t seq[4];

	seq[0] = seqno>>24;
	seq[1] = seqno>>16;
	seq[2] = seqno>>8;
	seq[3] = seqno;
	memset(&sha, 0, sizeof sha);
	sha1(secret, SHA1dlen, nil, &sha);
	sha1(data, len, nil, &sha);
	sha1(seq, 4, d, &sha);
}

static int
verify(uint8_t secret[SHA1dlen], uint8_t *data, int len, int seqno, uint8_t d[SHA1dlen])
{
	DigestState sha;
	uint8_t seq[4];
	uint8_t digest[SHA1dlen];

	seq[0] = seqno>>24;
	seq[1] = seqno>>16;
	seq[2] = seqno>>8;
	seq[3] = seqno;
	memset(&sha, 0, sizeof sha);
	sha1(secret, SHA1dlen, nil, &sha);
	sha1(data, len, nil, &sha);
	sha1(seq, 4, digest, &sha);
	return memcmp(d, digest, SHA1dlen);
}

static int
SC_read(SConn *conn, uint8_t *buf, int n)
{
	SS *ss = (SS*)(conn->chan);
	uint8_t count[2], digest[SHA1dlen];
	int len, nr;

	if(jehanne_read(ss->fd, count, 2) != 2 || (count[0]&0x80) == 0){
		snprint((char*)buf,n,"!SC_read invalid count");
		return -1;
	}
	len = (count[0]&0x7f)<<8 | count[1];	// SSL-style count; no pad
	if(ss->alg){
		len -= SHA1dlen;
		if(len <= 0 || readn(ss->fd, digest, SHA1dlen) != SHA1dlen){
			snprint((char*)buf,n,"!SC_read missing sha1");
			return -1;
		}
		if(len > n || readn(ss->fd, buf, len) != len){
			snprint((char*)buf,n,"!SC_read missing data");
			return -1;
		}
		rc4(&ss->in.rc4, digest, SHA1dlen);
		rc4(&ss->in.rc4, buf, len);
		if(verify(ss->in.secret, buf, len, ss->in.seqno, digest) != 0){
			snprint((char*)buf,n,"!SC_read integrity check failed");
			return -1;
		}
	}else{
		if(len <= 0 || len > n){
			snprint((char*)buf,n,"!SC_read implausible record length");
			return -1;
		}
		if( (nr = readn(ss->fd, buf, len)) != len){
			snprint((char*)buf,n,"!SC_read expected %d bytes, but got %d", len, nr);
			return -1;
		}
	}
	ss->in.seqno++;
	return len;
}

static int
SC_write(SConn *conn, uint8_t *buf, int n)
{
	SS *ss = (SS*)(conn->chan);
	uint8_t count[2], digest[SHA1dlen], enc[Maxmsg+1];
	int len;

	if(n <= 0 || n > Maxmsg+1){
		werrstr("!SC_write invalid n %d", n);
		return -1;
	}
	len = n;
	if(ss->alg)
		len += SHA1dlen;
	count[0] = 0x80 | len>>8;
	count[1] = len;
	if(jehanne_write(ss->fd, count, 2) != 2){
		werrstr("!SC_write invalid count");
		return -1;
	}
	if(ss->alg){
		hash(ss->out.secret, buf, n, ss->out.seqno, digest);
		rc4(&ss->out.rc4, digest, SHA1dlen);
		memcpy(enc, buf, n);
		rc4(&ss->out.rc4, enc, n);
		if(jehanne_write(ss->fd, digest, SHA1dlen) != SHA1dlen ||
				write(ss->fd, enc, n) != n){
			werrstr("!SC_write error on send");
			return -1;
		}
	}else{
		if(jehanne_write(ss->fd, buf, n) != n){
			werrstr("!SC_write error on send");
			return -1;
		}
	}
	ss->out.seqno++;
	return n;
}

static void
SC_free(SConn *conn)
{
	SS *ss = (SS*)(conn->chan);

	close(ss->fd);
	free(ss);
	free(conn);
}

SConn*
newSConn(int fd)
{
	SS *ss;
	SConn *conn;

	ss = (SS*)emalloc(sizeof(*ss));
	conn = (SConn*)emalloc(sizeof(*conn));
	ss->fd  = fd;
	ss->alg = 0;
	conn->chan = (void*)ss;
	conn->secretlen = SHA1dlen;
	conn->free = SC_free;
	conn->secret = SC_secret;
	conn->read = SC_read;
	conn->write = SC_write;
	return conn;
}

void
writerr(SConn *conn, char *s)
{
	char buf[Maxmsg];

	snprint(buf, Maxmsg, "!%s", s);
	conn->write(conn, (uint8_t*)buf, strlen(buf));
}

int
readstr(SConn *conn, char *s)
{
	int n;

	n = conn->read(conn, (uint8_t*)s, Maxmsg);
	if(n >= 0){
		s[n] = 0;
		if(s[0] == '!'){
			memmove(s, s+1, n);
			n = -1;
		}
	}else{
		strcpy(s, "connection read error");
	}
	return n;
}
More explicit Copyright in files 2018-01-06 01:08:25 +01:00			`/*`
			`* This file is part of the UCB release of Plan 9. It is subject to the license`
			`* terms in the LICENSE file found in the top-level directory of this`
			`* distribution and at http://akaros.cs.berkeley.edu/files/Plan9License. No`
			`* part of the UCB release of Plan 9, including this file, may be copied,`
			`* modified, propagated, or distributed except according to the terms contained`
			`* in the LICENSE file.`
			`*/`
			`/* Portions of this file are Copyright (C) 2015-2018 Giacomo Tesio <giacomo@tesio.it>`
			`* See /doc/license/gpl-2.0.txt for details about the licensing.`
			`*/`
			`/* Portions of this file are Copyright (C) 9front's team.`
			`* See /doc/license/9front-mit for details about the licensing.`
copyright: update 9front's url (they moved from hg to git) 2021-12-06 17:39:58 +01:00			`* See http://git.9front.org/plan9front/plan9front/HEAD/info.html for a list of authors.`
More explicit Copyright in files 2018-01-06 01:08:25 +01:00			`*/`
decouple Jehanne from 9P2000 (as much as needed) Jehanne is going to use a new file protocol, but Plan 9 is really coupled with 9P2000. Renamed fcall.h as 9P2000.h and introduced specific constants such as NP_OREAD, NP_OWRITE and so on, so that we can use different values in the kernel and new protocol. Renamed devmnt to devninep, since it's actually a device serving 9P2000 file systems. Also, fixed 9P2000 support in Jehanne, that was broken with the introduction of OSTAT. 2016-12-01 00:09:42 +01:00			`#define PORTABLE_SYSCALLS`
first usable version of kernel and commands After an year of hard work, this is a first "usable" version of Jehanne. 2016-11-25 17:18:40 +01:00			`#include <u.h>`
libc: introduce "jehanne_" namespace With this commit all functions declared in libc.h have been renamed with the "jehanne_" prefix. This is done for several reason: - it removes conflicts during symbol resolution when linking standard C libraries like newlib or musl - it allows programs depending on a standard C library to directly link to a library depending on our non standard libc (eg libsec). To ease transiction two files are provided: - sys/include/lib9.h that can be included instead of <libc.h> to use the old names (via a simple set of macros) - sys/src/lib/c/lib9.c that can be compiled with a program where the macro provided by lib9.h are too dumb (see for example rc or grep). In the kernel port/lib.h has been modified accordingly and some of the functions it directly provides has been renamed too (eg malloc in qmalloc.c and print in devcons.c). 2017-04-19 23:33:14 +02:00			`#include <lib9.h>`
first usable version of kernel and commands After an year of hard work, this is a first "usable" version of Jehanne. 2016-11-25 17:18:40 +01:00			`#include <mp.h>`
			`#include <libsec.h>`
			`#include "SConn.h"`

			`extern int verbose;`

			`typedef struct ConnState {`
			`uint8_t secret[SHA1dlen];`
			`uint32_t seqno;`
			`RC4state rc4;`
			`} ConnState;`

			`typedef struct SS{`
			`int fd; // file descriptor for read/write of encrypted data`
			`int alg; // if nonzero, "alg sha rc4_128"`
			`ConnState in, out;`
			`} SS;`

			`static int`
			`SC_secret(SConn conn, uint8_t sigma, int direction)`
			`{`
			`SS ss = (SS)(conn->chan);`
			`int nsigma = conn->secretlen;`

			`if(direction != 0){`
			`hmac_sha1(sigma, nsigma, (uint8_t*)"one", 3, ss->out.secret, nil);`
			`hmac_sha1(sigma, nsigma, (uint8_t*)"two", 3, ss->in.secret, nil);`
			`}else{`
			`hmac_sha1(sigma, nsigma, (uint8_t*)"two", 3, ss->out.secret, nil);`
			`hmac_sha1(sigma, nsigma, (uint8_t*)"one", 3, ss->in.secret, nil);`
			`}`
			`setupRC4state(&ss->in.rc4, ss->in.secret, 16); // restrict to 128 bits`
			`setupRC4state(&ss->out.rc4, ss->out.secret, 16);`
			`ss->alg = 1;`
			`return 0;`
			`}`

			`static void`
			`hash(uint8_t secret[SHA1dlen], uint8_t *data, int len, int seqno, uint8_t d[SHA1dlen])`
			`{`
			`DigestState sha;`
			`uint8_t seq[4];`

			`seq[0] = seqno>>24;`
			`seq[1] = seqno>>16;`
			`seq[2] = seqno>>8;`
			`seq[3] = seqno;`
			`memset(&sha, 0, sizeof sha);`
			`sha1(secret, SHA1dlen, nil, &sha);`
			`sha1(data, len, nil, &sha);`
			`sha1(seq, 4, d, &sha);`
			`}`

			`static int`
			`verify(uint8_t secret[SHA1dlen], uint8_t *data, int len, int seqno, uint8_t d[SHA1dlen])`
			`{`
			`DigestState sha;`
			`uint8_t seq[4];`
			`uint8_t digest[SHA1dlen];`

			`seq[0] = seqno>>24;`
			`seq[1] = seqno>>16;`
			`seq[2] = seqno>>8;`
			`seq[3] = seqno;`
			`memset(&sha, 0, sizeof sha);`
			`sha1(secret, SHA1dlen, nil, &sha);`
			`sha1(data, len, nil, &sha);`
			`sha1(seq, 4, digest, &sha);`
			`return memcmp(d, digest, SHA1dlen);`
			`}`

			`static int`
			`SC_read(SConn conn, uint8_t buf, int n)`
			`{`
			`SS ss = (SS)(conn->chan);`
			`uint8_t count[2], digest[SHA1dlen];`
			`int len, nr;`

purge syscall macros 2019-11-26 02:25:23 +01:00			`if(jehanne_read(ss->fd, count, 2) != 2 \|\| (count[0]&0x80) == 0){`
first usable version of kernel and commands After an year of hard work, this is a first "usable" version of Jehanne. 2016-11-25 17:18:40 +01:00			`snprint((char*)buf,n,"!SC_read invalid count");`
			`return -1;`
			`}`
			`len = (count[0]&0x7f)<<8 \| count[1]; // SSL-style count; no pad`
			`if(ss->alg){`
			`len -= SHA1dlen;`
			`if(len <= 0 \|\| readn(ss->fd, digest, SHA1dlen) != SHA1dlen){`
			`snprint((char*)buf,n,"!SC_read missing sha1");`
			`return -1;`
			`}`
			`if(len > n \|\| readn(ss->fd, buf, len) != len){`
			`snprint((char*)buf,n,"!SC_read missing data");`
			`return -1;`
			`}`
			`rc4(&ss->in.rc4, digest, SHA1dlen);`
			`rc4(&ss->in.rc4, buf, len);`
			`if(verify(ss->in.secret, buf, len, ss->in.seqno, digest) != 0){`
			`snprint((char*)buf,n,"!SC_read integrity check failed");`
			`return -1;`
			`}`
			`}else{`
			`if(len <= 0 \|\| len > n){`
			`snprint((char*)buf,n,"!SC_read implausible record length");`
			`return -1;`
			`}`
			`if( (nr = readn(ss->fd, buf, len)) != len){`
			`snprint((char*)buf,n,"!SC_read expected %d bytes, but got %d", len, nr);`
			`return -1;`
			`}`
			`}`
			`ss->in.seqno++;`
			`return len;`
			`}`

			`static int`
			`SC_write(SConn conn, uint8_t buf, int n)`
			`{`
			`SS ss = (SS)(conn->chan);`
			`uint8_t count[2], digest[SHA1dlen], enc[Maxmsg+1];`
			`int len;`

			`if(n <= 0 \|\| n > Maxmsg+1){`
			`werrstr("!SC_write invalid n %d", n);`
			`return -1;`
			`}`
			`len = n;`
			`if(ss->alg)`
			`len += SHA1dlen;`
			`count[0] = 0x80 \| len>>8;`
			`count[1] = len;`
purge syscall macros 2019-11-26 02:25:23 +01:00			`if(jehanne_write(ss->fd, count, 2) != 2){`
first usable version of kernel and commands After an year of hard work, this is a first "usable" version of Jehanne. 2016-11-25 17:18:40 +01:00			`werrstr("!SC_write invalid count");`
			`return -1;`
			`}`
			`if(ss->alg){`
			`hash(ss->out.secret, buf, n, ss->out.seqno, digest);`
			`rc4(&ss->out.rc4, digest, SHA1dlen);`
			`memcpy(enc, buf, n);`
			`rc4(&ss->out.rc4, enc, n);`
purge syscall macros 2019-11-26 02:25:23 +01:00			`if(jehanne_write(ss->fd, digest, SHA1dlen) != SHA1dlen \|\|`
first usable version of kernel and commands After an year of hard work, this is a first "usable" version of Jehanne. 2016-11-25 17:18:40 +01:00			`write(ss->fd, enc, n) != n){`
			`werrstr("!SC_write error on send");`
			`return -1;`
			`}`
			`}else{`
purge syscall macros 2019-11-26 02:25:23 +01:00			`if(jehanne_write(ss->fd, buf, n) != n){`
first usable version of kernel and commands After an year of hard work, this is a first "usable" version of Jehanne. 2016-11-25 17:18:40 +01:00			`werrstr("!SC_write error on send");`
			`return -1;`
			`}`
			`}`
			`ss->out.seqno++;`
			`return n;`
			`}`

			`static void`
			`SC_free(SConn *conn)`
			`{`
			`SS ss = (SS)(conn->chan);`

			`close(ss->fd);`
			`free(ss);`
			`free(conn);`
			`}`

			`SConn*`
			`newSConn(int fd)`
			`{`
			`SS *ss;`
			`SConn *conn;`

			`ss = (SS)emalloc(sizeof(ss));`
			`conn = (SConn)emalloc(sizeof(conn));`
			`ss->fd = fd;`
			`ss->alg = 0;`
			`conn->chan = (void*)ss;`
			`conn->secretlen = SHA1dlen;`
			`conn->free = SC_free;`
			`conn->secret = SC_secret;`
			`conn->read = SC_read;`
			`conn->write = SC_write;`
			`return conn;`
			`}`

			`void`
			`writerr(SConn conn, char s)`
			`{`
			`char buf[Maxmsg];`

			`snprint(buf, Maxmsg, "!%s", s);`
			`conn->write(conn, (uint8_t*)buf, strlen(buf));`
			`}`

			`int`
			`readstr(SConn conn, char s)`
			`{`
			`int n;`

			`n = conn->read(conn, (uint8_t*)s, Maxmsg);`
			`if(n >= 0){`
			`s[n] = 0;`
			`if(s[0] == '!'){`
			`memmove(s, s+1, n);`
			`n = -1;`
			`}`
			`}else{`
			`strcpy(s, "connection read error");`
			`}`
			`return n;`
			`}`