libsxmp/sxt/core.c

/*
 * Secure eXtended Message Passing framework
 * Secure eXtended Transport layer implementation: (libsxt)
 * - very similar to SSH2/TLS
 * - using already proven and tested crypto algos
 * - better than TLS for message passing
 *
 * (c) Alexander Vdolainen 2016 <avdolainen@zoho.com>
 *
 * libsxmp is free software: you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as published
 * by the Free Software Foundation, either version 2.1 of the License, or
 * (at your option) any later version.
 *
 * libsxmp is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 * See the GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.";
 *
 */

#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <pthread.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <fcntl.h>

#ifdef WIN32
#include <Winsock2.h>
#define EBADE 1
#define NETDB_SUCCESS 0
#else
#include <sys/select.h>
#include <netdb.h>
#include <unistd.h>
#include <uuid/uuid.h>
#endif


#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/engine.h>
#include <openssl/rand.h>

#include <tdata/list.h>
#include <ndbuf/ndbuf.h>

#include <sxt/errno.h>
#include <sxt/ciphers.h>
#include <sxt/lcrypt.h>
#include <sxt/safebuf.h>
#include <sxt/sxtkey.h>
#include <sxt/socket.h>
#include <sxt/sxt.h>

int sxt_init(void)
{
    /* init SSL library */
  SSL_library_init();

  OpenSSL_add_all_algorithms();

  return lcrypt_init_ciphers();
}

int sxt_finish(void)
{
  EVP_cleanup();
  CRYPTO_cleanup_all_ex_data();
  return 0;
}

int sxt_reseed(void)
{
  return lcrypt_reseed();
}

int sxt_get_random(void *data, int len, int pseudo)
{
  if(pseudo) return RAND_bytes(data, len);
  else {
#if OPENSSL_API_COMPAT < 0x10100000L
    RAND_pseudo_bytes(data, len);
#else
    RAND_bytes(data, len);
#endif
  }

  return 1;
}

int sxt_genbeer(sxtsession_t *session, sxtsafebuffer_t *o)
{
  char *beer;

  if(!o || !session) return SXT_EINVAL;
  if(!session->linkset) return SXT_EINVAL;

  if(!(beer = malloc(128))) return SXT_ENOMEM;
  else memset(beer, 0, 128);

  snprintf(beer, 128, "sxtbeer-%s-%d-%lu-%s", SXTBEER_TYPE, SXTPROTO_VERSION,
           session->linkset->hash,
           session->linkset->strctx ? session->linkset->strctx : "nil");

  sxtsafebuffer_setdata(o, beer, strlen(beer));

  return SXT_SUCCESS;
}

int sxt_scanbeer(sxtsession_t *session, const char *rbuf, size_t rlen)
{
  char *buf = (char *)rbuf, *tbuf;
  char tuple[32];
  uint64_t hash = 0;
  int i, st, version, len = 0;

  if(!session || !rbuf) return SXT_EINVAL;
  if(!rlen || !session->peerbeer) return SXT_EINVAL;

  memset(tuple, 0, 32);

  for(i = 0, tbuf = NULL, st = 0; i < rlen; i++, buf++) {
    switch(st) {
    case 0: /* first tuple */
      if(!tbuf) tbuf = buf;
      if(*buf == '-') {
        if(i != strlen("sxtbeer")) return SXT_EPROTO;
        if(strncmp(tbuf, "sxtbeer", i)) return SXT_EPROTO; /* that's wine! */
        st++;
        tbuf = NULL;
      }
      break;
    case 1:
      if(!tbuf) tbuf = buf;
      if(*buf == '-') {
        len = strlen(tbuf) - strlen(buf);
        if(len < 1 || len >= 32) return SXT_EPROTO;
        memcpy(tuple, tbuf, len);
        /* currently one type supported */
        if(strcmp(tuple, SXTBEER_TYPE)) return SXT_EPROTO;

        memset(tuple, 0, 32);
        tbuf = NULL; st++;
      }
      break;
    case 2:
      if(!tbuf) tbuf = buf;
      if(*buf == '-') {
        len = strlen(tbuf) - strlen(buf);
        if(len < 1 || len >= 32) return SXT_EPROTO;
        memcpy(tuple, tbuf, len);

        version = atoi(tuple);
        /* first version supported only */
        if(version != SXTPROTO_VERSION) return SXT_EPROTO;

        memset(tuple, 0, 32);
        tbuf = NULL; st++;
      }
      break;
    case 3: /* hash value */
      if(!tbuf) tbuf = buf;
      if(*buf == '-') {
        len = strlen(tbuf) - strlen(buf);
        if(len < 1 || len >= 32) return SXT_EPROTO;
        memcpy(tuple, tbuf, len);

        hash = strtoul(tuple, NULL, 0);
        memset(tuple, 0, 32);
        tbuf = NULL; st++;
      }
      break;
    case 4: /* the rest of buffer is some custom plate */
      if(!tbuf) {
        tbuf = buf;
        len = i;
        memset(tuple, 0, 32);
      }
      break;
    }
  }

  /* ok check for validity */
  if(st < 3) return SXT_EPROTO;
  if(!tbuf) return SXT_EPROTO;
  else len = rlen - len;

  if(len >= 32 || len < 1) return SXT_EPROTO;
  else memcpy(tuple, tbuf, len);

  session->sxt_version = version;
  session->peer_swhash = hash;

  if(sxtsafebuffer_length(session->peerbeer) < 128)
    return SXT_ENOMEM; /* no room for peer beer */

  snprintf((char *)sxtsafebuffer_getdata(session->peerbeer), 128,
           "sxtbeer-%s-%d-%lu-%s", SXTBEER_TYPE, session->sxt_version,
           session->peer_swhash, tuple);

  return SXT_SUCCESS;
}

/* wrappers */
SHA512CTX sha512_init(void){
  SHA512CTX c = malloc(sizeof(*c));
  if (c == NULL) {
    return NULL;
  }
  SHA512_Init(c);

  return c;
}

void sha512_update(SHA512CTX c, const void *data, unsigned long len){
  SHA512_Update(c,data,len);
}

void sha512_final(unsigned char *md, SHA512CTX c) {
  SHA512_Final(md, c);
  if(c) free(c);
}