mirror of
https://github.com/haiwen/ccnet-server.git
synced 2025-06-19 10:21:54 +00:00
198 lines
5.5 KiB
C
198 lines
5.5 KiB
C
/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
|
|
|
/*
|
|
|
|
After we get a peer's pubkey, we generate a session key (symmetric) to
|
|
encrypt important data.
|
|
|
|
receive-skey-v2 [--enc-channel]
|
|
A -------------------------------------------> B
|
|
|
|
SC_SESSION_KEY
|
|
<-------------------------------
|
|
|
|
SC_SESSION_KEY <key> (encrypted with B's pubkey)
|
|
---------------------------->
|
|
|
|
SC_OK_ENCRYPT Or SC_NO_ENCRYPT
|
|
<------------------------------------------
|
|
*/
|
|
|
|
#include <openssl/sha.h>
|
|
#include <openssl/rand.h>
|
|
|
|
#include "session.h"
|
|
#include "common.h"
|
|
#include "processor.h"
|
|
#include "peer-mgr.h"
|
|
#include "peer.h"
|
|
#include "log.h"
|
|
#include "rsa.h"
|
|
|
|
#include "sendsessionkey-v2-proc.h"
|
|
|
|
#define SC_SESSION_KEY "300"
|
|
#define SS_SESSION_KEY "session key"
|
|
#define SC_ALREADY_HAS_KEY "301"
|
|
#define SS_ALREADY_HAS_KEY "already has your session key"
|
|
#define SC_NO_ENCRYPT "303"
|
|
#define SS_NO_ENCRYPT "Donot encrypt channel"
|
|
#define SC_BAD_KEY "400"
|
|
#define SS_BAD_KEY "bad session key"
|
|
|
|
|
|
enum {
|
|
INIT = 0,
|
|
REQUEST_SENT,
|
|
SESSION_KEY_SENT,
|
|
};
|
|
|
|
typedef struct {
|
|
char key[40];
|
|
int state;
|
|
} CcnetSendskey2ProcPriv;
|
|
|
|
#define GET_PRIV(o) \
|
|
(G_TYPE_INSTANCE_GET_PRIVATE ((o), CCNET_TYPE_SENDSKEY2_PROC, CcnetSendskey2ProcPriv))
|
|
|
|
#define USE_PRIV \
|
|
CcnetSendskey2ProcPriv *priv = GET_PRIV(processor);
|
|
|
|
|
|
G_DEFINE_TYPE (CcnetSendskey2Proc, ccnet_sendskey2_proc, CCNET_TYPE_PROCESSOR)
|
|
|
|
static int start (CcnetProcessor *processor, int argc, char **argv);
|
|
static void handle_response (CcnetProcessor *processor,
|
|
char *code, char *code_msg,
|
|
char *content, int clen);
|
|
|
|
static void
|
|
release_resource(CcnetProcessor *processor)
|
|
{
|
|
CCNET_PROCESSOR_CLASS (ccnet_sendskey2_proc_parent_class)->release_resource (processor);
|
|
}
|
|
|
|
|
|
static void
|
|
ccnet_sendskey2_proc_class_init (CcnetSendskey2ProcClass *klass)
|
|
{
|
|
CcnetProcessorClass *proc_class = CCNET_PROCESSOR_CLASS (klass);
|
|
|
|
proc_class->name = "send-skey2";
|
|
proc_class->start = start;
|
|
proc_class->handle_response = handle_response;
|
|
proc_class->release_resource = release_resource;
|
|
|
|
g_type_class_add_private (klass, sizeof (CcnetSendskey2ProcPriv));
|
|
}
|
|
|
|
static void
|
|
ccnet_sendskey2_proc_init (CcnetSendskey2Proc *processor)
|
|
{
|
|
}
|
|
|
|
|
|
static int
|
|
start (CcnetProcessor *processor, int argc, char **argv)
|
|
{
|
|
USE_PRIV;
|
|
if (argc != 0) {
|
|
ccnet_processor_done (processor, FALSE);
|
|
return -1;
|
|
}
|
|
|
|
gboolean encrypt_channel = ccnet_session_should_encrypt_channel (
|
|
processor->session);
|
|
|
|
if (encrypt_channel)
|
|
ccnet_processor_send_request (processor, "receive-skey2 --enc-channel");
|
|
else
|
|
ccnet_processor_send_request (processor, "receive-skey2");
|
|
|
|
priv->state = REQUEST_SENT;
|
|
|
|
return 0;
|
|
}
|
|
|
|
/* random bytes -> sha1 -> pubkey_encrypt -> transmit to peer */
|
|
static unsigned char *
|
|
generate_session_key (CcnetProcessor *processor, int *len_p)
|
|
{
|
|
USE_PRIV;
|
|
CcnetPeer *peer = processor->peer;
|
|
unsigned char sha1[20];
|
|
unsigned char *enc_out = NULL;
|
|
unsigned char random_buf[40];
|
|
SHA_CTX s;
|
|
|
|
RAND_pseudo_bytes (random_buf, sizeof(random_buf));
|
|
|
|
SHA1_Init (&s);
|
|
SHA1_Update (&s, random_buf, sizeof(random_buf));
|
|
SHA1_Final (sha1, &s);
|
|
|
|
rawdata_to_hex (sha1, priv->key, 20);
|
|
|
|
enc_out = public_key_encrypt (peer->pubkey, (unsigned char *)priv->key,
|
|
40, len_p);
|
|
|
|
if (*len_p <= 0) {
|
|
g_free (enc_out);
|
|
return NULL;
|
|
}
|
|
|
|
return enc_out;
|
|
}
|
|
|
|
static void
|
|
handle_response (CcnetProcessor *processor,
|
|
char *code, char *code_msg,
|
|
char *content, int clen)
|
|
{
|
|
USE_PRIV;
|
|
if (strcmp(code, SC_SESSION_KEY) == 0 && priv->state == REQUEST_SENT) {
|
|
unsigned char *enc_out = NULL;
|
|
int len = 0;
|
|
|
|
enc_out = generate_session_key(processor, &len);
|
|
if (enc_out) {
|
|
ccnet_processor_send_update (processor,
|
|
SC_SESSION_KEY,
|
|
SS_SESSION_KEY,
|
|
(char *)enc_out, len);
|
|
g_free (enc_out);
|
|
priv->state = SESSION_KEY_SENT;
|
|
|
|
} else {
|
|
ccnet_warning ("failed to generate session key for peer %.10s\n",
|
|
processor->peer->id);
|
|
ccnet_processor_done (processor, FALSE);
|
|
}
|
|
|
|
} else if (strcmp(code, SC_OK) == 0 && priv->state == SESSION_KEY_SENT) {
|
|
processor->peer->session_key = g_strndup(priv->key, 40);
|
|
|
|
if (ccnet_session_should_encrypt_channel (processor->session))
|
|
ccnet_peer_prepare_channel_encryption (processor->peer);
|
|
|
|
ccnet_peer_manager_on_peer_session_key_sent (processor->peer->manager,
|
|
processor->peer);
|
|
|
|
ccnet_processor_done (processor, TRUE);
|
|
|
|
} else if (strcmp(code, SC_ALREADY_HAS_KEY) == 0) {
|
|
/* already has session key, skip */
|
|
ccnet_processor_done (processor, TRUE);
|
|
|
|
} else if (strcmp(code, SC_NO_ENCRYPT) == 0) {
|
|
processor->peer->session_key = g_strndup(priv->key, 40);
|
|
ccnet_peer_manager_on_peer_session_key_sent (processor->peer->manager,
|
|
processor->peer);
|
|
ccnet_processor_done (processor, TRUE);
|
|
} else {
|
|
ccnet_warning ("[send session key] bad response %s:%s\n",
|
|
code, code_msg);
|
|
ccnet_processor_done (processor, FALSE);
|
|
}
|
|
}
|