/*
- * Copyright (c) 2012, JANET(UK)
+ * Copyright (c) 2012, 2014, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
#include <openssl/dh.h>
#include <trust_router/tr_dh.h>
+#include <openssl/bn.h>
+#include <openssl/sha.h>
+#include <talloc.h>
+#include <assert.h>
+
unsigned char tr_2048_dhprime[2048/8] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+int tr_dh_pub_hash(TID_REQ *request,
+ unsigned char **out_digest,
+ size_t *out_len)
+{
+ const BIGNUM *pub = request->tidc_dh->pub_key;
+ unsigned char *bn_bytes = talloc_zero_size(request, BN_num_bytes(pub));
+ unsigned char *digest = talloc_zero_size(request, SHA_DIGEST_LENGTH+1);
+ assert(bn_bytes && digest);
+ BN_bn2bin(pub, bn_bytes);
+ SHA1(bn_bytes, BN_num_bytes(pub), digest);
+ *out_digest = digest;
+ *out_len = SHA_DIGEST_LENGTH;
+ return 0;
+}
#include <openssl/dh.h>
#include <openssl/bn.h>
#include <trust_router/tr_versioning.h>
+#include <trust_router/tid.h>
+
TR_EXPORT DH *tr_create_dh_params(unsigned char *key, size_t len);
TR_EXPORT DH *tr_create_matching_dh(unsigned char *key, size_t len, DH *in_dh);
TR_EXPORT void tr_destroy_dh_params(DH *dh);
TR_EXPORT int tr_compute_dh_key(unsigned char **pbuf, BIGNUM *pub_key, DH *priv_dh);
+int TR_EXPORT tr_dh_pub_hash(TID_REQ *request,
+ unsigned char **out_digest,
+ size_t *out_llen);
+
TR_EXPORT void tr_bin_to_hex(const unsigned char * bin, size_t binlen,
char * hex_out, size_t hex_len);
-create table if not exists psk_keys (keyid text primary key, key blob);
+create table if not exists psk_keys (keyid text primary key, key blob, client_dh_pub raw(20));
.quit
#include <stdlib.h>
#include <sqlite3.h>
+#include <tr_debug.h>
#include <trust_router/tid.h>
#include <trust_router/tr_dh.h>
#include <openssl/rand.h>
unsigned char *s_keybuf = NULL;
int s_keylen = 0;
char key_id[12];
+ unsigned char *pub_digest;
+ size_t pub_digest_len;
fprintf(stdout, "tids_req_handler: Request received! target_realm = %s, community = %s\n", req->realm->buf, req->comm->buf);
fprintf(stderr, "tids_req_handler(): Key computation failed.");
return -1;
}
+ if (0 != tr_dh_pub_hash(req,
+ &pub_digest, &pub_digest_len)) {
+ tr_debug("Unable to digest client public key\n");
+ return -1;
+ }
+
if (NULL != insert_stmt) {
int sqlite3_result;
sqlite3_bind_text(insert_stmt, 1, key_id, -1, SQLITE_TRANSIENT);
sqlite3_bind_blob(insert_stmt, 2, s_keybuf, s_keylen, SQLITE_TRANSIENT);
+ sqlite3_bind_blob(insert_stmt, 3, pub_digest, pub_digest_len, SQLITE_TRANSIENT);
sqlite3_result = sqlite3_step(insert_stmt);
if (SQLITE_DONE != sqlite3_result)
printf("sqlite3: failed to write to database\n");
fprintf(stdout, "Error opening database %s\n", argv[4]);
exit(1);
}
- sqlite3_prepare_v2(db, "insert into psk_keys (keyid, key) values(?, ?)",
+ sqlite3_prepare_v2(db, "insert into psk_keys (keyid, key, client_dh_pub) values(?, ?, ?)",
-1, &insert_stmt, NULL);
/* Create a TID server instance */