kdxcxs
/
n2n
mirror of https://github.com/ntop/n2n.git
1
0
Fork 0
Code Issues Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
946 Commits
7 Branches
7 Tags
23 MiB
 
 
 
 
 
 
Tree: ecedcdcb58
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ecedcdcb58'
${ noResults }
n2n/src/auth.c

179 lines
6.3 KiB
Raw Blame History

/*
* (C) 2007-21 - ntop.org and contributors
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>
*
*/
#include "auth.h"
// mapping six binary bits to printable ascii character
static uint8_t b2a[64] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, /* 0 ... 9, A ... F */
0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, /* G ... V */
0x57, 0x58, 0x59, 0x5a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, /* W ... Z, a ... l */
0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7a, 0x2b, 0x2d }; /* m ... z, + , - */
// mapping ascii 0x30 ...0x7f back to 6 bit binary, invalids are mapped to 0xff
static uint8_t a2b[256] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3e, 0xff, 0x3f, 0xff, 0xff, /* 0x20 ... 0x2f */
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0xff, 0xff, 0x3e, 0xff, 0x3f, 0xff, /* 0x30 ... 0x3f */
0xff, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, /* 0x40 ... 0x4f */
0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0xff, 0xff, 0xff, 0xff, 0xff, /* 0x50 ... 0x5f */
0xff, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, /* 0x60 ... 0x6f */
0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff, 0xff, 0xff, 0xff }; /* 0x70 ... 0x7f */
int bin_to_ascii (uint8_t *out, uint8_t *in, size_t in_len) {
// in buffer contains binary data of length in_len
// out buffer is already allocated and of size ceiling(in_len * 8 / 6) + 1
// out buffer will be filled with a string including trailing 0x00
size_t bit_count = 0;
size_t out_count = 0;
uint8_t buf1, buf2;
for(bit_count = 0; bit_count < 8 * in_len; bit_count += 6) {
buf1 = in[bit_count / 8];
buf1 <<= bit_count % 8;
buf2 = ((bit_count + 6) < (8 * in_len)) ? in[bit_count / 8 + 1] : 0;
buf2 >>= 8 - (bit_count % 8);
buf1 |= buf2;
buf1 >>= 2;
out[out_count++] = b2a[buf1];
}
out[out_count] = 0;
return 0;
}
int ascii_to_bin (uint8_t *out, uint8_t *in) {
// in buffer contains 0x00-terminated string to be decoded
// out buffer will contain decoded binary data
// out buffer is already allocated and of size floor(strlen(in) * 6 / 8)
size_t in_count, out_count, bit_count;
uint16_t buf = 0;
bit_count = 0;
out_count = 0;
for(in_count = 0; in_count < strlen(in); in_count++) {
buf <<= 6;
if((in[in_count] > 0x20) && (in[in_count] < 0x80)) {
if(a2b[in[in_count]] != 0xFF) {
buf |= a2b[in[in_count] - 0x20];
} else {
traceEvent(TRACE_NORMAL, "ascii_to_bin encountered the unknown character '%c'", in[in_count]);
}
} else {
traceEvent(TRACE_WARNING, "ascii_to_bin encountered a completely out-of-range character");
}
bit_count += 6;
if(bit_count / 8) {
bit_count -= 8;
out[out_count++] = ((uint8_t)(buf >> bit_count));
}
}
return 0;
}
int generate_private_key (n2n_private_public_key_t key, uint8_t *in) {
// hash the 0-terminated string input twice to generate private key
pearson_hash_256(key, in, strlen(in));
pearson_hash_256(key, key, sizeof(n2n_private_public_key_t));
return 0;
}
int generate_public_key (n2n_private_public_key_t pub, n2n_private_public_key_t prv) {
// generator point '9' on curve
static uint8_t gen[32] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 9 };
curve25519(pub, prv, gen);
return 0;
}
int generate_shared_secret (n2n_private_public_key_t shared, n2n_private_public_key_t prv, n2n_private_public_key_t pub) {
curve25519(shared, prv, pub);
pearson_hash_256(shared, shared, sizeof(n2n_private_public_key_t));
return 0;
}
int bind_private_key_to_username (n2n_private_public_key_t prv, uint8_t *username) {
uint8_t tmp[32];
size_t i;
pearson_hash_256(tmp, username, strlen(username));
memxor(prv, tmp, sizeof(n2n_private_public_key_t));
return 0;
}
// calculate SPECK ( plain = HASH³(time), key = HASH³(comm) ^ HASH³(fed) )
int calculate_dynamic_key (uint8_t out_key[N2N_AUTH_CHALLENGE_SIZE],
uint32_t key_time, n2n_community_t comm, n2n_community_t fed) {
uint8_t key[N2N_AUTH_CHALLENGE_SIZE];
uint8_t tmp[N2N_AUTH_CHALLENGE_SIZE];
speck_context_t *ctx;
// we know that N2N_AUTH_CHALLENGE_SIZE == 16, i.e. 128 bit that can take the hash value
pearson_hash_128(key, comm, sizeof(n2n_community_t));
pearson_hash_128(key, key, N2N_AUTH_CHALLENGE_SIZE);
pearson_hash_128(key, key, N2N_AUTH_CHALLENGE_SIZE);
pearson_hash_128(tmp, fed, sizeof(n2n_community_t));
pearson_hash_128(tmp, tmp, N2N_AUTH_CHALLENGE_SIZE);
pearson_hash_128(tmp, tmp, N2N_AUTH_CHALLENGE_SIZE);
memxor(key, tmp, N2N_AUTH_CHALLENGE_SIZE);
ctx = (speck_context_t*)calloc(1, sizeof(speck_context_t));
speck_init((speck_context_t**)&ctx, key, 128);
pearson_hash_128(tmp, (uint8_t*)&key_time, sizeof(key_time));
pearson_hash_128(tmp, tmp, N2N_AUTH_CHALLENGE_SIZE);
pearson_hash_128(out_key, tmp, N2N_AUTH_CHALLENGE_SIZE);
speck_128_encrypt(out_key, ctx);
free(ctx);
return 0;
}