jehanne/sys/src/lib/authsrv/form1.c

#include <u.h>
#include <lib9.h>
#include <authsrv.h>
#include <libsec.h>

/*
 * new ticket format: the reply protector/type is replaced by a
 * 8 byte signature and a 4 byte counter forming the 12 byte
 * nonce for chacha20/poly1305 encryption. a 16 byte poly1305 
 * authentication tag is appended for message authentication.
 * the counter is needed for the AuthPass message which uses
 * the same key for several messages.
 */

static struct {
	char	num;
	char	sig[8];
} form1sig[] = {
	AuthPass,	"form1 PR",	/* password change request encrypted with ticket key */
	AuthTs,		"form1 Ts",	/* ticket encrypted with server's key */
	AuthTc, 	"form1 Tc",	/* ticket encrypted with client's key */
	AuthAs,		"form1 As",	/* server generated authenticator */
	AuthAc,		"form1 Ac",	/* client generated authenticator */
	AuthTp,		"form1 Tp",	/* ticket encrypted with client's key for password change */
	AuthHr,		"form1 Hr",	/* http reply */
};

int
form1check(char *ap, int n)
{
	if(n < 8)
		return -1;

	for(n=0; n<nelem(form1sig); n++)
		if(memcmp(form1sig[n].sig, ap, 8) == 0)
			return form1sig[n].num;

	return -1;
}

int
form1B2M(char *ap, int n, uint8_t key[32])
{
	static uint32_t counter;
	Chachastate s;
	uint8_t *p;
	int i;

	for(i=nelem(form1sig)-1; i>=0; i--)
		if(form1sig[i].num == *ap)
			break;
	if(i < 0)
		abort();

	p = (uint8_t*)ap + 12;
	memmove(p, ap+1, --n);

	/* nonce[12] = sig[8] | counter[4] */
	memmove(ap, form1sig[i].sig, 8);
	i = counter++;
	ap[8] = i, ap[9] = i>>8, ap[10] = i>>16, ap[11] = i>>24;

	setupChachastate(&s, key, 32, (uint8_t*)ap, 12, 20);
	ccpoly_encrypt(p, n, nil, 0, p+n, &s);
	return 12+16 + n;
}

int
form1M2B(char *ap, int n, uint8_t key[32])
{
	Chachastate s;
	uint8_t *p;
	int num;

	num = form1check(ap, n);
	if(num < 0)
		return -1;
	n -= 12+16;
	if(n <= 0)
		return -1;

	p = (uint8_t*)ap + 12;
	setupChachastate(&s, key, 32, (uint8_t*)ap, 12, 20);
	if(ccpoly_decrypt(p, n, nil, 0, p+n, &s))
		return -1;

	memmove(ap+1, p, n);
	ap[0] = num;
	return n+1;
}
first usable version of kernel and commands After an year of hard work, this is a first "usable" version of Jehanne. 2016-11-25 17:18:40 +01:00			`#include <u.h>`
libc: introduce "jehanne_" namespace With this commit all functions declared in libc.h have been renamed with the "jehanne_" prefix. This is done for several reason: - it removes conflicts during symbol resolution when linking standard C libraries like newlib or musl - it allows programs depending on a standard C library to directly link to a library depending on our non standard libc (eg libsec). To ease transiction two files are provided: - sys/include/lib9.h that can be included instead of <libc.h> to use the old names (via a simple set of macros) - sys/src/lib/c/lib9.c that can be compiled with a program where the macro provided by lib9.h are too dumb (see for example rc or grep). In the kernel port/lib.h has been modified accordingly and some of the functions it directly provides has been renamed too (eg malloc in qmalloc.c and print in devcons.c). 2017-04-19 23:33:14 +02:00			`#include <lib9.h>`
first usable version of kernel and commands After an year of hard work, this is a first "usable" version of Jehanne. 2016-11-25 17:18:40 +01:00			`#include <authsrv.h>`
			`#include <libsec.h>`

			`/*`
			`* new ticket format: the reply protector/type is replaced by a`
			`* 8 byte signature and a 4 byte counter forming the 12 byte`
			`* nonce for chacha20/poly1305 encryption. a 16 byte poly1305`
			`* authentication tag is appended for message authentication.`
			`* the counter is needed for the AuthPass message which uses`
			`* the same key for several messages.`
			`*/`

			`static struct {`
			`char num;`
			`char sig[8];`
			`} form1sig[] = {`
			`AuthPass, "form1 PR", /* password change request encrypted with ticket key */`
			`AuthTs, "form1 Ts", /* ticket encrypted with server's key */`
			`AuthTc, "form1 Tc", /* ticket encrypted with client's key */`
			`AuthAs, "form1 As", /* server generated authenticator */`
			`AuthAc, "form1 Ac", /* client generated authenticator */`
			`AuthTp, "form1 Tp", /* ticket encrypted with client's key for password change */`
			`AuthHr, "form1 Hr", /* http reply */`
			`};`

			`int`
			`form1check(char *ap, int n)`
			`{`
			`if(n < 8)`
			`return -1;`

			`for(n=0; n<nelem(form1sig); n++)`
			`if(memcmp(form1sig[n].sig, ap, 8) == 0)`
			`return form1sig[n].num;`

			`return -1;`
			`}`

			`int`
			`form1B2M(char *ap, int n, uint8_t key[32])`
			`{`
			`static uint32_t counter;`
			`Chachastate s;`
			`uint8_t *p;`
			`int i;`

			`for(i=nelem(form1sig)-1; i>=0; i--)`
			`if(form1sig[i].num == *ap)`
			`break;`
			`if(i < 0)`
			`abort();`

			`p = (uint8_t*)ap + 12;`
			`memmove(p, ap+1, --n);`

			`/* nonce[12] = sig[8] \| counter[4] */`
			`memmove(ap, form1sig[i].sig, 8);`
			`i = counter++;`
			`ap[8] = i, ap[9] = i>>8, ap[10] = i>>16, ap[11] = i>>24;`

			`setupChachastate(&s, key, 32, (uint8_t*)ap, 12, 20);`
			`ccpoly_encrypt(p, n, nil, 0, p+n, &s);`
			`return 12+16 + n;`
			`}`

			`int`
			`form1M2B(char *ap, int n, uint8_t key[32])`
			`{`
			`Chachastate s;`
			`uint8_t *p;`
			`int num;`

			`num = form1check(ap, n);`
			`if(num < 0)`
			`return -1;`
			`n -= 12+16;`
			`if(n <= 0)`
			`return -1;`

			`p = (uint8_t*)ap + 12;`
			`setupChachastate(&s, key, 32, (uint8_t*)ap, 12, 20);`
			`if(ccpoly_decrypt(p, n, nil, 0, p+n, &s))`
			`return -1;`

			`memmove(ap+1, p, n);`
			`ap[0] = num;`
			`return n+1;`
			`}`