📄 secstore.c

📁 这是一个同样来自贝尔实验室的和UNIX有着渊源的操作系统, 其简洁的设计和实现易于我们学习和理解
💻 C
📖 第 1 页 / 共 2 页
字号:
12 下一页
/* * Various files from /sys/src/cmd/auth/secstore, just enough * to download a file at boot time. */#include <u.h>#include <libc.h>#include <mp.h>#include <libsec.h>#include "drawterm.h"static void*emalloc(ulong n){	return mallocz(n, 1);}enum{ CHK = 16};enum{ MAXFILESIZE = 10*1024*1024 };enum{// PW status bits	Enabled 	= (1<<0),	STA 		= (1<<1),	// extra SecurID step};static char testmess[] = "__secstore\tPAK\nC=%s\nm=0\n";intsecdial(char *secstore){	char *p, buf[80], *f[3];	int fd, nf;	p = secstore; /* take it from writehostowner, if set there */	if(*p == 0)	  /* else use the authserver */		p = "$auth";	/* translate $auth ourselves.	 * authaddr is something like il!host!566 or tcp!host!567.	 * extract host, accounting for a change of format to something	 * like il!host or tcp!host or host.	 */	if(strcmp(p, "$auth")==0){		if(authserver == nil)			return -1;		strecpy(buf, buf+sizeof buf, authserver);		nf = getfields(buf, f, nelem(f), 0, "!");		switch(nf){		default:			return -1;		case 1:			p = f[0];			break;		case 2:		case 3:			p = f[1];			break;		}	}	fd = dial(netmkaddr(p, "tcp", "5356"), 0, 0, 0);	if(fd >= 0)		return fd;	return -1;}inthavesecstore(char *addr, char *owner){	int m, n, fd;	uchar buf[500];	n = snprint((char*)buf, sizeof buf, testmess, owner);	hnputs(buf, 0x8000+n-2);	fd = secdial(addr);	if(fd < 0)		return 0;	if(write(fd, buf, n) != n || readn(fd, buf, 2) != 2){		close(fd);		return 0;	}	n = ((buf[0]&0x7f)<<8) + buf[1];	if(n+1 > sizeof buf){		werrstr("implausibly large count %d", n);		close(fd);		return 0;	}	m = readn(fd, buf, n);	close(fd);	if(m != n){		if(m >= 0)			werrstr("short read from secstore");		return 0;	}	buf[n] = 0;	if(strcmp((char*)buf, "!account expired") == 0){		werrstr("account expired");		return 0;	}	return strcmp((char*)buf, "!account exists") == 0;}// delimited, authenticated, encrypted connectionenum{ Maxmsg=4096 };	// messages > Maxmsg bytes are truncatedtypedef struct SConn SConn;extern SConn* newSConn(int);	// arg is open file descriptorstruct SConn{	void *chan;	int secretlen;	int (*secret)(SConn*, uchar*, int);// 	int (*read)(SConn*, uchar*, int); // <0 if error;  errmess in buffer	int (*write)(SConn*, uchar*, int);	void (*free)(SConn*);		// also closes file descriptor};// secret(s,b,dir) sets secret for digest, encrypt, using the secretlen//		bytes in b to form keys 	for the two directions;//	  set dir=0 in client, dir=1 in server// error convention: write !message in-band#define readstr secstore_readstrstatic void writerr(SConn*, char*);static int readstr(SConn*, char*);  // call with buf of size Maxmsg+1	// returns -1 upon error, with error message in buftypedef struct ConnState {	uchar secret[SHA1dlen];	ulong seqno;	RC4state rc4;} ConnState;typedef struct SS{	int fd;		// file descriptor for read/write of encrypted data	int alg;	// if nonzero, "alg sha rc4_128"	ConnState in, out;} SS;static intSC_secret(SConn *conn, uchar *sigma, int direction){	SS *ss = (SS*)(conn->chan);	int nsigma = conn->secretlen;	if(direction != 0){		hmac_sha1(sigma, nsigma, (uchar*)"one", 3, ss->out.secret, nil);		hmac_sha1(sigma, nsigma, (uchar*)"two", 3, ss->in.secret, nil);	}else{		hmac_sha1(sigma, nsigma, (uchar*)"two", 3, ss->out.secret, nil);		hmac_sha1(sigma, nsigma, (uchar*)"one", 3, ss->in.secret, nil);	}	setupRC4state(&ss->in.rc4, ss->in.secret, 16); // restrict to 128 bits	setupRC4state(&ss->out.rc4, ss->out.secret, 16);	ss->alg = 1;	return 0;}static voidhash(uchar secret[SHA1dlen], uchar *data, int len, int seqno, uchar d[SHA1dlen]){	DigestState sha;	uchar seq[4];	seq[0] = seqno>>24;	seq[1] = seqno>>16;	seq[2] = seqno>>8;	seq[3] = seqno;	memset(&sha, 0, sizeof sha);	sha1(secret, SHA1dlen, nil, &sha);	sha1(data, len, nil, &sha);	sha1(seq, 4, d, &sha);}static intverify(uchar secret[SHA1dlen], uchar *data, int len, int seqno, uchar d[SHA1dlen]){	DigestState sha;	uchar seq[4];	uchar digest[SHA1dlen];	seq[0] = seqno>>24;	seq[1] = seqno>>16;	seq[2] = seqno>>8;	seq[3] = seqno;	memset(&sha, 0, sizeof sha);	sha1(secret, SHA1dlen, nil, &sha);	sha1(data, len, nil, &sha);	sha1(seq, 4, digest, &sha);	return memcmp(d, digest, SHA1dlen);}static intSC_read(SConn *conn, uchar *buf, int n){	SS *ss = (SS*)(conn->chan);	uchar count[2], digest[SHA1dlen];	int len, nr;	if(read(ss->fd, count, 2) != 2 || (count[0]&0x80) == 0){		werrstr("!SC_read invalid count");		return -1;	}	len = (count[0]&0x7f)<<8 | count[1];	// SSL-style count; no pad	if(ss->alg){		len -= SHA1dlen;		if(len <= 0 || readn(ss->fd, digest, SHA1dlen) != SHA1dlen){			werrstr("!SC_read missing sha1");			return -1;		}		if(len > n || readn(ss->fd, buf, len) != len){			werrstr("!SC_read missing data");			return -1;		}		rc4(&ss->in.rc4, digest, SHA1dlen);		rc4(&ss->in.rc4, buf, len);		if(verify(ss->in.secret, buf, len, ss->in.seqno, digest) != 0){			werrstr("!SC_read integrity check failed");			return -1;		}	}else{		if(len <= 0 || len > n){			werrstr("!SC_read implausible record length");			return -1;		}		if( (nr = readn(ss->fd, buf, len)) != len){			werrstr("!SC_read expected %d bytes, but got %d", len, nr);			return -1;		}	}	ss->in.seqno++;	return len;}static intSC_write(SConn *conn, uchar *buf, int n){	SS *ss = (SS*)(conn->chan);	uchar count[2], digest[SHA1dlen];	int len;	if(n <= 0 || n > Maxmsg+1){		werrstr("!SC_write invalid n %d", n);		return -1;	}	len = n;	if(ss->alg)		len += SHA1dlen;	count[0] = 0x80 | len>>8;	count[1] = len;	if(write(ss->fd, count, 2) != 2){		werrstr("!SC_write invalid count");		return -1;	}	if(ss->alg){		hash(ss->out.secret, buf, n, ss->out.seqno, digest);		rc4(&ss->out.rc4, digest, SHA1dlen);		rc4(&ss->out.rc4, buf, n);		if(write(ss->fd, digest, SHA1dlen) != SHA1dlen ||				write(ss->fd, buf, n) != n){			werrstr("!SC_write error on send");			return -1;		}	}else{		if(write(ss->fd, buf, n) != n){			werrstr("!SC_write error on send");			return -1;		}	}	ss->out.seqno++;	return n;}static voidSC_free(SConn *conn){	SS *ss = (SS*)(conn->chan);	close(ss->fd);	free(ss);	free(conn);}SConn*newSConn(int fd){	SS *ss;	SConn *conn;	if(fd < 0)		return nil;	ss = (SS*)emalloc(sizeof(*ss));	conn = (SConn*)emalloc(sizeof(*conn));	ss->fd  = fd;	ss->alg = 0;	conn->chan = (void*)ss;	conn->secretlen = SHA1dlen;	conn->free = SC_free;	conn->secret = SC_secret;	conn->read = SC_read;	conn->write = SC_write;	return conn;}static voidwriterr(SConn *conn, char *s){	char buf[Maxmsg];	snprint(buf, Maxmsg, "!%s", s);	conn->write(conn, (uchar*)buf, strlen(buf));}static intreadstr(SConn *conn, char *s){	int n;	n = conn->read(conn, (uchar*)s, Maxmsg);	if(n >= 0){		s[n] = 0;		if(s[0] == '!'){			memmove(s, s+1, n);			n = -1;		}	}else{		strcpy(s, "read error");	}	return n;}static char*getfile(SConn *conn, uchar *key, int nkey){	char *buf;	int nbuf, n, nr, len;
12 下一页
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -