tr_dh_pub_digest

author Sam Hartman <hartmans@debian.org>

Thu, 3 Jul 2014 20:38:57 +0000 (16:38 -0400)

committer Sam Hartman <hartmans@debian.org>

Thu, 3 Jul 2014 20:38:57 +0000 (16:38 -0400)
author Sam Hartman <hartmans@debian.org>
Thu, 3 Jul 2014 20:38:57 +0000 (16:38 -0400)
committer Sam Hartman <hartmans@debian.org>
Thu, 3 Jul 2014 20:38:57 +0000 (16:38 -0400)
diff --git a/common/tr_dh.c b/common/tr_dh.c

index 3c0d78b..0d11662 100644 (file)
--- a/common/tr_dh.c
+++ b/common/tr_dh.c
@@ -1,5 +1,5 @@
  /*
- * Copyright (c) 2012, JANET(UK)
+ * Copyright (c) 2012, 2014, JANET(UK)
   * All rights reserved.
   *
   * Redistribution and use in source and binary forms, with or without
@@ -34,6 +34,11 @@
  
  #include <openssl/dh.h>
  #include <trust_router/tr_dh.h>
+#include <openssl/bn.h>
+#include <openssl/sha.h>
+#include <talloc.h>
+#include <assert.h>
+
  
  unsigned char tr_2048_dhprime[2048/8] = {
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
@@ -197,3 +202,17 @@ int tr_compute_dh_key(unsigned char **pbuf,
  
  
  
+int tr_dh_pub_hash(TID_REQ *request,
+                  unsigned char **out_digest,
+                  size_t *out_len)
+{
+  const BIGNUM *pub = request->tidc_dh->pub_key;
+  unsigned char *bn_bytes = talloc_zero_size(request, BN_num_bytes(pub));
+  unsigned char *digest = talloc_zero_size(request, SHA_DIGEST_LENGTH+1);
+  assert(bn_bytes && digest);
+                                   BN_bn2bin(pub, bn_bytes);
+                                   SHA1(bn_bytes, BN_num_bytes(pub), digest);
+                                   *out_digest = digest;
+                                   *out_len = SHA_DIGEST_LENGTH;
+                                   return 0;
+}
diff --git a/include/trust_router/tr_dh.h b/include/trust_router/tr_dh.h

index 8965867..41751a9 100644 (file)
--- a/include/trust_router/tr_dh.h
+++ b/include/trust_router/tr_dh.h
@@ -38,12 +38,18 @@
  #include <openssl/dh.h>
  #include <openssl/bn.h>
  #include <trust_router/tr_versioning.h>
+#include <trust_router/tid.h>
+
  
  TR_EXPORT DH *tr_create_dh_params(unsigned char *key, size_t len);
  TR_EXPORT DH *tr_create_matching_dh(unsigned char *key, size_t len, DH *in_dh);
  TR_EXPORT void tr_destroy_dh_params(DH *dh);
  TR_EXPORT int tr_compute_dh_key(unsigned char **pbuf,  BIGNUM *pub_key, DH *priv_dh);
  
+int TR_EXPORT tr_dh_pub_hash(TID_REQ *request,
+                            unsigned char **out_digest,
+                            size_t *out_llen);
+
  
  TR_EXPORT void tr_bin_to_hex(const unsigned char * bin, size_t binlen,
                              char * hex_out, size_t hex_len);
diff --git a/schema.sql b/schema.sql

index 443328c..f829ffe 100644 (file)
--- a/schema.sql
+++ b/schema.sql
@@ -1,4 +1,4 @@
-create table if not exists psk_keys (keyid text primary key, key blob);
+create table if not exists psk_keys (keyid text primary key, key blob, client_dh_pub raw(20));
  .quit
  
  
diff --git a/tid/example/tids_main.c b/tid/example/tids_main.c

index 766c24f..c49cfa8 100644 (file)
--- a/tid/example/tids_main.c
+++ b/tid/example/tids_main.c
@@ -37,6 +37,7 @@
  #include <stdlib.h>
  #include <sqlite3.h>
  
+#include <tr_debug.h>
  #include <trust_router/tid.h>
  #include <trust_router/tr_dh.h>
  #include <openssl/rand.h>
@@ -71,6 +72,8 @@ static int tids_req_handler (TIDS_INSTANCE *tids,
    unsigned char *s_keybuf = NULL;
    int s_keylen = 0;
    char key_id[12];
+  unsigned char *pub_digest;
+  size_t pub_digest_len;
    
  
    fprintf(stdout, "tids_req_handler: Request received! target_realm = %s, community = %s\n", req->realm->buf, req->comm->buf);
@@ -129,10 +132,17 @@ static int tids_req_handler (TIDS_INSTANCE *tids,
      fprintf(stderr, "tids_req_handler(): Key computation failed.");
      return -1;
    }
+  if (0 != tr_dh_pub_hash(req,
+                         &pub_digest, &pub_digest_len)) {
+    tr_debug("Unable to digest client public key\n");
+    return -1;
+  }
+
    if (NULL != insert_stmt) {
      int sqlite3_result;
      sqlite3_bind_text(insert_stmt, 1, key_id, -1, SQLITE_TRANSIENT);
      sqlite3_bind_blob(insert_stmt, 2, s_keybuf, s_keylen, SQLITE_TRANSIENT);
+    sqlite3_bind_blob(insert_stmt, 3, pub_digest, pub_digest_len, SQLITE_TRANSIENT);
      sqlite3_result = sqlite3_step(insert_stmt);
      if (SQLITE_DONE != sqlite3_result)
        printf("sqlite3: failed to write to database\n");
@@ -177,7 +187,7 @@ int main (int argc,
      fprintf(stdout, "Error opening database %s\n", argv[4]);
      exit(1);
    }
-  sqlite3_prepare_v2(db, "insert into psk_keys (keyid, key) values(?, ?)",
+  sqlite3_prepare_v2(db, "insert into psk_keys (keyid, key, client_dh_pub) values(?, ?, ?)",
                      -1, &insert_stmt, NULL);
  
    /* Create a TID server instance */
author	Sam Hartman <hartmans@debian.org>
	Thu, 3 Jul 2014 20:38:57 +0000 (16:38 -0400)
committer	Sam Hartman <hartmans@debian.org>
	Thu, 3 Jul 2014 20:38:57 +0000 (16:38 -0400)
common/tr_dh.c		patch \| blob \| history
include/trust_router/tr_dh.h		patch \| blob \| history
schema.sql		patch \| blob \| history
tid/example/tids_main.c		patch \| blob \| history