dh->priv_key = BN_bin2bn(priv_key, keylen, NULL);
DH_generate_key(dh); /* generates the public key */
+
DH_check(dh, &dh_err);
if (0 != dh_err) {
fprintf(stderr, "Warning: dh_check failed with %d", dh_err);
*/
#include <string.h>
+#include <openssl/dh.h>
#include <jansson.h>
#include <tr_msg.h>
+#include <tpq.h>
+static json_t *tr_msg_encode_dh(DH *dh)
+{
+ json_t *jdh = NULL;
+ json_t *jbn = NULL;
+
+ if ((!dh) || (!dh->p) || (!dh->g) || (!dh->pub_key))
+ return NULL;
+
+ jdh = json_object();
+
+ jbn = json_string(BN_bn2hex(dh->p));
+ json_object_set_new(jdh, "dh_p", jbn);
+
+ jbn = json_string(BN_bn2hex(dh->g));
+ json_object_set_new(jdh, "dh_g", jbn);
+
+ jbn = json_string(BN_bn2hex(dh->pub_key));
+ json_object_set_new(jdh, "dh_pub_key", jbn);
+
+ return jdh;
+}
+
+static DH *tr_msg_decode_dh(json_t *jdh)
+{
+ DH *dh = NULL;
+
+ return dh;
+}
+
+json_t *tr_msg_encode_tpqreq(TPQ_REQ *req)
+{
+ json_t *jreq = NULL;
+ json_t *jstr = NULL;
+
+ if ((!req) || (!req->rp_realm) || (!req->realm) || !(req->coi))
+ return NULL;
+
+ jreq = json_object();
+
+ jstr = json_string(req->rp_realm->buf);
+ json_object_set_new(jreq, "rp_realm", jstr);
+
+ jstr = json_string(req->realm->buf);
+ json_object_set_new(jreq, "target_realm", jstr);
+
+ jstr = json_string(req->coi->buf);
+ json_object_set_new(jreq, "community", jstr);
+
+ json_object_set_new(jreq, "dh_info", tr_msg_encode_dh(req->tpqc_dh));
+
+ return jreq;
+}
+
+TPQ_REQ *tr_msg_decode_tpqreq(json_t *jreq)
+{
+ TPQ_REQ *req = NULL;
+
+ return req;
+}
+
+json_t *tr_msg_encode_tpqresp(TPQ_RESP *resp)
+{
+ json_t *jresp = NULL;
+
+ return jresp;
+}
+
+
+TPQ_RESP *tr_msg_decode_tpqresp(json_t *jresp)
+{
+ TPQ_RESP *resp = NULL;
+
+ return resp;
+}
+
+json_t *tr_msg_encode_tidrreq(TIDR_REQ *req)
+{
+ json_t *jreq = NULL;
+
+ return jreq;
+
+}
+
+TIDR_REQ *tr_msg_decode_tidrreq(json_t *jreq)
+{
+ TIDR_REQ *req = NULL;
+
+ return req;
+}
+
+json_t *tr_msg_encode_tidrresp(TIDR_RESP *resp)
+{
+ json_t *jresp = NULL;
+
+ return jresp;
+}
+
+TIDR_RESP *tr_msg_decode_tidrresp(json_t *jresp)
+{
+ TIDR_RESP *resp = NULL;
+
+ return resp;
+}
char *tr_msg_encode(TR_MSG *msg)
{
- return NULL;
+ json_t *jmsg;
+ json_t *jmsg_type;
+
+ /* TBD -- add error handling */
+ jmsg = json_object();
+
+ switch (msg->msg_type)
+ {
+ case TPQ_REQUEST:
+ jmsg_type = json_string("TPQRequest");
+ json_object_set_new(jmsg, "msg_type", jmsg_type);
+ json_object_set_new(jmsg, "msg_body", tr_msg_encode_tpqreq(msg->tpq_req));
+ break;
+
+ case TPQ_RESPONSE:
+ jmsg_type = json_string("TPQResponse");
+ json_object_set_new(jmsg, "msg_type", jmsg_type);
+ json_object_set_new(jmsg, "msg_body", tr_msg_encode_tpqresp(msg->tpq_resp));
+ break;
+
+ case TIDR_REQUEST:
+ jmsg_type = json_string("TIDRequest");
+ json_object_set_new(jmsg, "msg_type", jmsg_type);
+ json_object_set_new(jmsg, "msg_body", tr_msg_encode_tidrreq(msg->tidr_req));
+ break;
+
+ case TIDR_RESPONSE:
+ jmsg_type = json_string("TIDResponse");
+ json_object_set_new(jmsg, "msg_type", jmsg_type);
+ json_object_set_new(jmsg, "msg_body", tr_msg_encode_tidrresp(msg->tidr_resp));
+ break;
+
+ /* TBD -- Add TR message types */
+
+ default:
+ json_decref(jmsg);
+ return NULL;
+ }
+
+ return(json_dumps(jmsg, 0));
}
TR_MSG *tr_msg_decode(char *jmsg)
{
- return NULL;
+ TR_MSG *msg;
+
+ if (!(msg = malloc(sizeof(TR_MSG *)))) {
+ fprintf (stderr, "tr_msg_decode(): Error allocating TR_MSG structure.\n");
+ return NULL;
+ }
+
+ return msg;
+}
+
+void tr_msg_free_encoded(char *jmsg)
+{
+ if (jmsg)
+ free (jmsg);
}
+void tr_msg_free_decoded(TR_MSG *msg)
+{
+ if (msg)
+ free (msg);
+}
if (new = malloc(sizeof(TR_NAME))) {
new->len = strlen(name);
- if (new->buf = malloc(new->len+1)) {
+ if (new->buf = malloc((new->len)+1)) {
strcpy(new->buf, name);
}
}
OM_uint32 requestedFlags = (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG |
GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG);
- printf ("Calling gss_init_sec_context...\n");
+ // printf ("Calling gss_init_sec_context...\n");
majorStatus = gss_init_sec_context (&minorStatus,
clientCredentials,
&gssContext,
}
if (!err) {
- printf ("Read token:\n");
- PrintBuffer (token, tokenLength);
+ // printf ("Read token:\n");
+ // PrintBuffer (token, tokenLength);
*outTokenLength = tokenLength;
*outTokenValue = token;
}
if (!err) {
- printf ("Wrote token:\n");
- PrintBuffer (inTokenValue, inTokenLength);
+ // printf ("Wrote token:\n");
+ // PrintBuffer (inTokenValue, inTokenLength);
+
} else {
gsscon_print_error (err, "gsscon_write_token() failed");
}
if (!err) {
memcpy (unencryptedToken, outputBuffer.value, outputBuffer.length);
- printf ("Unencrypted token:\n");
- PrintBuffer (unencryptedToken, outputBuffer.length);
+ // printf ("Unencrypted token:\n");
+ // PrintBuffer (unencryptedToken, outputBuffer.length);
*outTokenLength = outputBuffer.length;
*outTokenValue = unencryptedToken;
}
if (!err) {
- printf ("Unencrypted token:\n");
- PrintBuffer (inToken, inTokenLength);
+ // printf ("Unencrypted token:\n");
+ // PrintBuffer (inToken, inTokenLength);
err = gsscon_write_token (inSocket, outputBuffer.value, outputBuffer.length);
}
* EOF, and the user wouldn't know what went wrong.
*/
- printf ("Calling gss_accept_sec_context...\n");
+ // printf ("Calling gss_accept_sec_context...\n");
majorStatus = gss_accept_sec_context (&minorStatus,
&gssContext,
GSS_C_NO_CREDENTIAL,
typedef struct tpq_req {
struct tpq_req *next_req;
int conn;
+ TR_NAME *rp_realm;
TR_NAME *realm;
TR_NAME *coi;
DH *tpqc_dh; /* Client's public dh information */
TPQC_INSTANCE *tpqc_create (void);
int tpqc_open_connection (TPQC_INSTANCE *tpqc, char *server, gss_ctx_id_t *gssctx);
-int tpqc_send_request (TPQC_INSTANCE *tpqc, int conn, gss_ctx_id_t gssctx, char *realm, char *coi, TPQC_RESP_FUNC *resp_handler, void *cookie);
+int tpqc_send_request (TPQC_INSTANCE *tpqc, int conn, gss_ctx_id_t gssctx, char *rp_realm, char *realm, char *coi, TPQC_RESP_FUNC *resp_handler, void *cookie);
void tpqc_destroy (TPQC_INSTANCE *tpqc);
TPQS_INSTANCE *tpqs_create ();
#define TR_MSG_H
#include <tpq.h>
-// #include <tidr.h>
+#include <tidr.h>
#include <jansson.h>
enum msg_type {
typedef struct tr_msg {
enum msg_type msg_type;
union {
- TPQ_REQ msg_req;
- TPQ_RESP msg_resp;
- // TIDR_REQ tidr_req;
- // TIDR_RESP tidr_resp;
+ TPQ_REQ *tpq_req;
+ TPQ_RESP *tpq_resp;
+ TIDR_REQ *tidr_req;
+ TIDR_RESP *tidr_resp;
};
} TR_MSG;
char *tr_msg_encode(TR_MSG *msg);
TR_MSG *tr_msg_decode(char *jmsg);
+void tr_msg_free_encoded(char *jmsg);
+void tr_msg_free_decoded(TR_MSG *msg);
#endif
void tpqc_print_usage (const char *name)
{
- printf("Usage: %s <server> <realm> <coi>\n", name);
+ printf("Usage: %s <server> <RP-realm> <target-realm> <community>\n", name);
}
void tpqc_resp_handler (TPQC_INSTANCE * tpqc,
TPQC_INSTANCE *tpqc;
TPQ_REQ *treq;
char *server = NULL;
+ char *rp_realm = NULL;
char *realm = NULL;
char *coi = NULL;
void *cookie = NULL;
gss_ctx_id_t gssctx;
/* Parse command-line arguments */
- if (argc != 4) {
+ if (argc != 5) {
tpqc_print_usage(argv[0]);
exit(1);
}
/* TBD -- validity checking, dealing with quotes, etc. */
server = (char *)argv[1];
- realm = (char *)argv[2];
- coi = (char *)argv[3];
+ rp_realm = (char *) argv[2];
+ realm = (char *)argv[3];
+ coi = (char *)argv[4];
+ printf("TPQC Client:\nServer = %s, rp_realm = %s, target_realm = %s, community = %s\n", server, rp_realm, realm, coi);
+
/* Create a TPQ client instance */
tpqc = tpqc_create();
};
/* Send a TPQ request */
- if (0 > (rc = tpqc_send_request(tpqc, conn, gssctx, realm, coi,
+ if (0 > (rc = tpqc_send_request(tpqc, conn, gssctx, rp_realm, realm, coi,
&tpqc_resp_handler, NULL))) {
/* Handle error */
printf("Error in tpqc_send_request, rc = %d.\n", rc);
#include <gsscon.h>
#include <tr_dh.h>
#include <tpq.h>
+#include <tr_msg.h>
-char tmp_key[32] =
+/* char tmp_key[32] =
{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x19, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
+*/
+
int tmp_len = 32;
TPQC_INSTANCE *tpqc_create ()
else
return NULL;
- /* TBD -- Generate random private key */
- tpqc->priv_key = tmp_key;
- tpqc->priv_len = tmp_len;
-
- if (NULL == (tpqc->priv_dh = tr_create_dh_params(tpqc->priv_key, tpqc->priv_len))) {
+ if (NULL == (tpqc->priv_dh = tr_create_dh_params(NULL, 0))) {
free (tpqc);
return NULL;
}
int tpqc_send_request (TPQC_INSTANCE *tpqc,
int conn,
gss_ctx_id_t gssctx,
+ char *rp_realm,
char *realm,
char *coi,
TPQC_RESP_FUNC *resp_handler,
char *req_buf;
char *resp_buf;
size_t resp_buflen = 0;
+ TR_MSG *msg;
+ TPQ_REQ *tpq_req;
- /* Create a json TPQ request */
- if (NULL == (jreq = json_object())) {
- fprintf(stderr,"Error creating json object.\n");
+ /* Create and populate a TPQ msg structure */
+ if ((!(msg = malloc(sizeof(TR_MSG)))) ||
+ (!(tpq_req = malloc(sizeof(TPQ_REQ)))))
return -1;
- }
- if (0 > (err = json_object_set_new(jreq, "type", json_string("tpq_request")))) {
- fprintf(stderr, "Error adding type to request.\n");
- return -1;
- }
+ memset(tpq_req, 0, sizeof(tpq_req));
- /* Insert realm and coi into the json request */
- if (0 > (err = json_object_set_new(jreq, "realm", json_string(realm)))) {
- fprintf(stderr, "Error adding realm to request.\n");
- return -1;
- }
- if (0 > (err = json_object_set_new(jreq, "coi", json_string(coi)))) {
- fprintf(stderr, "Error adding coi to request.\n");
- return -1;
- }
+ msg->msg_type = TPQ_REQUEST;
- /* Generate half of a D-H exchange -- TBD */
- /* Insert D-H information into the request -- TBD */
+ msg->tpq_req = tpq_req;
- /* Encode the json request */
- if (NULL == (req_buf = json_dumps(jreq, 0))) {
- fprintf(stderr, "Error encoding json request.\n");
+ tpq_req->conn = conn;
+
+ /* TBD -- error handling */
+ tpq_req->rp_realm = tr_new_name(rp_realm);
+ tpq_req->realm = tr_new_name(realm);
+ tpq_req->coi = tr_new_name(coi);
+
+ tpq_req->tpqc_dh = tpqc->priv_dh;
+
+ tpq_req->resp_func = resp_handler;
+ tpq_req->cookie = cookie;
+
+ /* Encode the request into a json string */
+ if (!(req_buf = tr_msg_encode(msg))) {
+ printf("Error encoding TPQ request.\n");
return -1;
}
-
- printf("Encoded request:\n%s\n", req_buf);
-
+
+ printf ("Sending TPQ request:\n");
+ printf ("%s\n", req_buf);
+
/* Send the request over the connection */
if (err = gsscon_write_encrypted_token (conn, gssctx, req_buf,
- strlen(req_buf) + 1)) {
+ strlen(req_buf))) {
fprintf(stderr, "Error sending request over connection.\n");
return -1;
}
- free(req_buf);
-
- /* read the response from the connection */
+ /* TBD -- should queue request on instance, resps read in separate thread */
+ /* Read the response from the connection */
if (err = gsscon_read_encrypted_token(conn, gssctx, &resp_buf, &resp_buflen)) {
if (resp_buf)
/* Call the caller's response function */
(*resp_handler)(tpqc, NULL, cookie);
+ if (msg)
+ free(msg);
+ if (tpq_req)
+ free(tpq_req);
+ if (req_buf)
+ free(req_buf);
if (resp_buf)
free(resp_buf);
projects / trust_router.git / commitdiff