From: Margaret Wasserman Date: Wed, 9 Jan 2013 13:48:08 +0000 (-0500) Subject: Updated DH code, added code to tpqc to send DH info, removed extra gsscon messages. X-Git-Tag: 1.0~72 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=trust_router.git;a=commitdiff_plain;h=1ab941d0f15268275bb34327079ac0b83b0eb70e Updated DH code, added code to tpqc to send DH info, removed extra gsscon messages. --- diff --git a/common/tr_dh.c b/common/tr_dh.c index c13ba8d..a6b5867 100644 --- a/common/tr_dh.c +++ b/common/tr_dh.c @@ -92,6 +92,7 @@ DH *tr_create_dh_params(char *priv_key, dh->priv_key = BN_bin2bn(priv_key, keylen, NULL); DH_generate_key(dh); /* generates the public key */ + DH_check(dh, &dh_err); if (0 != dh_err) { fprintf(stderr, "Warning: dh_check failed with %d", dh_err); diff --git a/common/tr_msg.c b/common/tr_msg.c index 2aa99ea..d866933 100644 --- a/common/tr_msg.c +++ b/common/tr_msg.c @@ -33,19 +33,181 @@ */ #include +#include #include #include +#include +static json_t *tr_msg_encode_dh(DH *dh) +{ + json_t *jdh = NULL; + json_t *jbn = NULL; + + if ((!dh) || (!dh->p) || (!dh->g) || (!dh->pub_key)) + return NULL; + + jdh = json_object(); + + jbn = json_string(BN_bn2hex(dh->p)); + json_object_set_new(jdh, "dh_p", jbn); + + jbn = json_string(BN_bn2hex(dh->g)); + json_object_set_new(jdh, "dh_g", jbn); + + jbn = json_string(BN_bn2hex(dh->pub_key)); + json_object_set_new(jdh, "dh_pub_key", jbn); + + return jdh; +} + +static DH *tr_msg_decode_dh(json_t *jdh) +{ + DH *dh = NULL; + + return dh; +} + +json_t *tr_msg_encode_tpqreq(TPQ_REQ *req) +{ + json_t *jreq = NULL; + json_t *jstr = NULL; + + if ((!req) || (!req->rp_realm) || (!req->realm) || !(req->coi)) + return NULL; + + jreq = json_object(); + + jstr = json_string(req->rp_realm->buf); + json_object_set_new(jreq, "rp_realm", jstr); + + jstr = json_string(req->realm->buf); + json_object_set_new(jreq, "target_realm", jstr); + + jstr = json_string(req->coi->buf); + json_object_set_new(jreq, "community", jstr); + + json_object_set_new(jreq, "dh_info", tr_msg_encode_dh(req->tpqc_dh)); + + return jreq; +} + +TPQ_REQ *tr_msg_decode_tpqreq(json_t *jreq) +{ + TPQ_REQ *req = NULL; + + return req; +} + +json_t *tr_msg_encode_tpqresp(TPQ_RESP *resp) +{ + json_t *jresp = NULL; + + return jresp; +} + + +TPQ_RESP *tr_msg_decode_tpqresp(json_t *jresp) +{ + TPQ_RESP *resp = NULL; + + return resp; +} + +json_t *tr_msg_encode_tidrreq(TIDR_REQ *req) +{ + json_t *jreq = NULL; + + return jreq; + +} + +TIDR_REQ *tr_msg_decode_tidrreq(json_t *jreq) +{ + TIDR_REQ *req = NULL; + + return req; +} + +json_t *tr_msg_encode_tidrresp(TIDR_RESP *resp) +{ + json_t *jresp = NULL; + + return jresp; +} + +TIDR_RESP *tr_msg_decode_tidrresp(json_t *jresp) +{ + TIDR_RESP *resp = NULL; + + return resp; +} char *tr_msg_encode(TR_MSG *msg) { - return NULL; + json_t *jmsg; + json_t *jmsg_type; + + /* TBD -- add error handling */ + jmsg = json_object(); + + switch (msg->msg_type) + { + case TPQ_REQUEST: + jmsg_type = json_string("TPQRequest"); + json_object_set_new(jmsg, "msg_type", jmsg_type); + json_object_set_new(jmsg, "msg_body", tr_msg_encode_tpqreq(msg->tpq_req)); + break; + + case TPQ_RESPONSE: + jmsg_type = json_string("TPQResponse"); + json_object_set_new(jmsg, "msg_type", jmsg_type); + json_object_set_new(jmsg, "msg_body", tr_msg_encode_tpqresp(msg->tpq_resp)); + break; + + case TIDR_REQUEST: + jmsg_type = json_string("TIDRequest"); + json_object_set_new(jmsg, "msg_type", jmsg_type); + json_object_set_new(jmsg, "msg_body", tr_msg_encode_tidrreq(msg->tidr_req)); + break; + + case TIDR_RESPONSE: + jmsg_type = json_string("TIDResponse"); + json_object_set_new(jmsg, "msg_type", jmsg_type); + json_object_set_new(jmsg, "msg_body", tr_msg_encode_tidrresp(msg->tidr_resp)); + break; + + /* TBD -- Add TR message types */ + + default: + json_decref(jmsg); + return NULL; + } + + return(json_dumps(jmsg, 0)); } TR_MSG *tr_msg_decode(char *jmsg) { - return NULL; + TR_MSG *msg; + + if (!(msg = malloc(sizeof(TR_MSG *)))) { + fprintf (stderr, "tr_msg_decode(): Error allocating TR_MSG structure.\n"); + return NULL; + } + + return msg; +} + +void tr_msg_free_encoded(char *jmsg) +{ + if (jmsg) + free (jmsg); } +void tr_msg_free_decoded(TR_MSG *msg) +{ + if (msg) + free (msg); +} diff --git a/common/tr_name.c b/common/tr_name.c index 7136f49..b5e1526 100644 --- a/common/tr_name.c +++ b/common/tr_name.c @@ -43,7 +43,7 @@ TR_NAME *tr_new_name (char *name) if (new = malloc(sizeof(TR_NAME))) { new->len = strlen(name); - if (new->buf = malloc(new->len+1)) { + if (new->buf = malloc((new->len)+1)) { strcpy(new->buf, name); } } diff --git a/gsscon/gsscon_active.c b/gsscon/gsscon_active.c index ff153c2..dff1da2 100755 --- a/gsscon/gsscon_active.c +++ b/gsscon/gsscon_active.c @@ -218,7 +218,7 @@ int gsscon_active_authenticate (int inSocket, OM_uint32 requestedFlags = (GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG); - printf ("Calling gss_init_sec_context...\n"); + // printf ("Calling gss_init_sec_context...\n"); majorStatus = gss_init_sec_context (&minorStatus, clientCredentials, &gssContext, diff --git a/gsscon/gsscon_common.c b/gsscon/gsscon_common.c index d3cc833..fe559de 100755 --- a/gsscon/gsscon_common.c +++ b/gsscon/gsscon_common.c @@ -174,8 +174,8 @@ int gsscon_read_token (int inSocket, } if (!err) { - printf ("Read token:\n"); - PrintBuffer (token, tokenLength); + // printf ("Read token:\n"); + // PrintBuffer (token, tokenLength); *outTokenLength = tokenLength; *outTokenValue = token; @@ -210,8 +210,9 @@ int gsscon_write_token (int inSocket, } if (!err) { - printf ("Wrote token:\n"); - PrintBuffer (inTokenValue, inTokenLength); + // printf ("Wrote token:\n"); + // PrintBuffer (inTokenValue, inTokenLength); + } else { gsscon_print_error (err, "gsscon_write_token() failed"); } @@ -271,8 +272,8 @@ int gsscon_read_encrypted_token (int inSocket, if (!err) { memcpy (unencryptedToken, outputBuffer.value, outputBuffer.length); - printf ("Unencrypted token:\n"); - PrintBuffer (unencryptedToken, outputBuffer.length); + // printf ("Unencrypted token:\n"); + // PrintBuffer (unencryptedToken, outputBuffer.length); *outTokenLength = outputBuffer.length; *outTokenValue = unencryptedToken; @@ -327,8 +328,8 @@ int gsscon_write_encrypted_token (int inSocket, } if (!err) { - printf ("Unencrypted token:\n"); - PrintBuffer (inToken, inTokenLength); + // printf ("Unencrypted token:\n"); + // PrintBuffer (inToken, inTokenLength); err = gsscon_write_token (inSocket, outputBuffer.value, outputBuffer.length); } diff --git a/gsscon/gsscon_passive.c b/gsscon/gsscon_passive.c index 753ba03..7fb1ce9 100755 --- a/gsscon/gsscon_passive.c +++ b/gsscon/gsscon_passive.c @@ -121,7 +121,7 @@ int gsscon_passive_authenticate (int inSocket, * EOF, and the user wouldn't know what went wrong. */ - printf ("Calling gss_accept_sec_context...\n"); + // printf ("Calling gss_accept_sec_context...\n"); majorStatus = gss_accept_sec_context (&minorStatus, &gssContext, GSS_C_NO_CREDENTIAL, diff --git a/include/tpq.h b/include/tpq.h index c5967e0..2e88399 100644 --- a/include/tpq.h +++ b/include/tpq.h @@ -46,6 +46,7 @@ typedef struct tpq_req { struct tpq_req *next_req; int conn; + TR_NAME *rp_realm; TR_NAME *realm; TR_NAME *coi; DH *tpqc_dh; /* Client's public dh information */ @@ -80,7 +81,7 @@ typedef int (TPQS_REQ_FUNC)(TPQS_INSTANCE *, TPQ_REQ *, TPQ_RESP *, void *); TPQC_INSTANCE *tpqc_create (void); int tpqc_open_connection (TPQC_INSTANCE *tpqc, char *server, gss_ctx_id_t *gssctx); -int tpqc_send_request (TPQC_INSTANCE *tpqc, int conn, gss_ctx_id_t gssctx, char *realm, char *coi, TPQC_RESP_FUNC *resp_handler, void *cookie); +int tpqc_send_request (TPQC_INSTANCE *tpqc, int conn, gss_ctx_id_t gssctx, char *rp_realm, char *realm, char *coi, TPQC_RESP_FUNC *resp_handler, void *cookie); void tpqc_destroy (TPQC_INSTANCE *tpqc); TPQS_INSTANCE *tpqs_create (); diff --git a/include/tr_msg.h b/include/tr_msg.h index 8943559..7d8a5fa 100644 --- a/include/tr_msg.h +++ b/include/tr_msg.h @@ -36,7 +36,7 @@ #define TR_MSG_H #include -// #include +#include #include enum msg_type { @@ -51,14 +51,16 @@ enum msg_type { typedef struct tr_msg { enum msg_type msg_type; union { - TPQ_REQ msg_req; - TPQ_RESP msg_resp; - // TIDR_REQ tidr_req; - // TIDR_RESP tidr_resp; + TPQ_REQ *tpq_req; + TPQ_RESP *tpq_resp; + TIDR_REQ *tidr_req; + TIDR_RESP *tidr_resp; }; } TR_MSG; char *tr_msg_encode(TR_MSG *msg); TR_MSG *tr_msg_decode(char *jmsg); +void tr_msg_free_encoded(char *jmsg); +void tr_msg_free_decoded(TR_MSG *msg); #endif diff --git a/tpq/example/tpqc_main.c b/tpq/example/tpqc_main.c index 8eb6ab3..0739221 100644 --- a/tpq/example/tpqc_main.c +++ b/tpq/example/tpqc_main.c @@ -42,7 +42,7 @@ static int tpqc_response_received = 0; void tpqc_print_usage (const char *name) { - printf("Usage: %s \n", name); + printf("Usage: %s \n", name); } void tpqc_resp_handler (TPQC_INSTANCE * tpqc, @@ -62,6 +62,7 @@ int main (int argc, TPQC_INSTANCE *tpqc; TPQ_REQ *treq; char *server = NULL; + char *rp_realm = NULL; char *realm = NULL; char *coi = NULL; void *cookie = NULL; @@ -70,16 +71,19 @@ int main (int argc, gss_ctx_id_t gssctx; /* Parse command-line arguments */ - if (argc != 4) { + if (argc != 5) { tpqc_print_usage(argv[0]); exit(1); } /* TBD -- validity checking, dealing with quotes, etc. */ server = (char *)argv[1]; - realm = (char *)argv[2]; - coi = (char *)argv[3]; + rp_realm = (char *) argv[2]; + realm = (char *)argv[3]; + coi = (char *)argv[4]; + printf("TPQC Client:\nServer = %s, rp_realm = %s, target_realm = %s, community = %s\n", server, rp_realm, realm, coi); + /* Create a TPQ client instance */ tpqc = tpqc_create(); @@ -91,7 +95,7 @@ int main (int argc, }; /* Send a TPQ request */ - if (0 > (rc = tpqc_send_request(tpqc, conn, gssctx, realm, coi, + if (0 > (rc = tpqc_send_request(tpqc, conn, gssctx, rp_realm, realm, coi, &tpqc_resp_handler, NULL))) { /* Handle error */ printf("Error in tpqc_send_request, rc = %d.\n", rc); diff --git a/tpq/tpqc.c b/tpq/tpqc.c index 74cdcff..e7ab977 100644 --- a/tpq/tpqc.c +++ b/tpq/tpqc.c @@ -39,12 +39,15 @@ #include #include #include +#include -char tmp_key[32] = +/* char tmp_key[32] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x19, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; +*/ + int tmp_len = 32; TPQC_INSTANCE *tpqc_create () @@ -56,11 +59,7 @@ TPQC_INSTANCE *tpqc_create () else return NULL; - /* TBD -- Generate random private key */ - tpqc->priv_key = tmp_key; - tpqc->priv_len = tmp_len; - - if (NULL == (tpqc->priv_dh = tr_create_dh_params(tpqc->priv_key, tpqc->priv_len))) { + if (NULL == (tpqc->priv_dh = tr_create_dh_params(NULL, 0))) { free (tpqc); return NULL; } @@ -99,6 +98,7 @@ int tpqc_open_connection (TPQC_INSTANCE *tpqc, int tpqc_send_request (TPQC_INSTANCE *tpqc, int conn, gss_ctx_id_t gssctx, + char *rp_realm, char *realm, char *coi, TPQC_RESP_FUNC *resp_handler, @@ -110,49 +110,50 @@ int tpqc_send_request (TPQC_INSTANCE *tpqc, char *req_buf; char *resp_buf; size_t resp_buflen = 0; + TR_MSG *msg; + TPQ_REQ *tpq_req; - /* Create a json TPQ request */ - if (NULL == (jreq = json_object())) { - fprintf(stderr,"Error creating json object.\n"); + /* Create and populate a TPQ msg structure */ + if ((!(msg = malloc(sizeof(TR_MSG)))) || + (!(tpq_req = malloc(sizeof(TPQ_REQ))))) return -1; - } - if (0 > (err = json_object_set_new(jreq, "type", json_string("tpq_request")))) { - fprintf(stderr, "Error adding type to request.\n"); - return -1; - } + memset(tpq_req, 0, sizeof(tpq_req)); - /* Insert realm and coi into the json request */ - if (0 > (err = json_object_set_new(jreq, "realm", json_string(realm)))) { - fprintf(stderr, "Error adding realm to request.\n"); - return -1; - } - if (0 > (err = json_object_set_new(jreq, "coi", json_string(coi)))) { - fprintf(stderr, "Error adding coi to request.\n"); - return -1; - } + msg->msg_type = TPQ_REQUEST; - /* Generate half of a D-H exchange -- TBD */ - /* Insert D-H information into the request -- TBD */ + msg->tpq_req = tpq_req; - /* Encode the json request */ - if (NULL == (req_buf = json_dumps(jreq, 0))) { - fprintf(stderr, "Error encoding json request.\n"); + tpq_req->conn = conn; + + /* TBD -- error handling */ + tpq_req->rp_realm = tr_new_name(rp_realm); + tpq_req->realm = tr_new_name(realm); + tpq_req->coi = tr_new_name(coi); + + tpq_req->tpqc_dh = tpqc->priv_dh; + + tpq_req->resp_func = resp_handler; + tpq_req->cookie = cookie; + + /* Encode the request into a json string */ + if (!(req_buf = tr_msg_encode(msg))) { + printf("Error encoding TPQ request.\n"); return -1; } - - printf("Encoded request:\n%s\n", req_buf); - + + printf ("Sending TPQ request:\n"); + printf ("%s\n", req_buf); + /* Send the request over the connection */ if (err = gsscon_write_encrypted_token (conn, gssctx, req_buf, - strlen(req_buf) + 1)) { + strlen(req_buf))) { fprintf(stderr, "Error sending request over connection.\n"); return -1; } - free(req_buf); - - /* read the response from the connection */ + /* TBD -- should queue request on instance, resps read in separate thread */ + /* Read the response from the connection */ if (err = gsscon_read_encrypted_token(conn, gssctx, &resp_buf, &resp_buflen)) { if (resp_buf) @@ -167,6 +168,12 @@ int tpqc_send_request (TPQC_INSTANCE *tpqc, /* Call the caller's response function */ (*resp_handler)(tpqc, NULL, cookie); + if (msg) + free(msg); + if (tpq_req) + free(tpq_req); + if (req_buf) + free(req_buf); if (resp_buf) free(resp_buf);