summaryrefslogtreecommitdiff
path: root/src/lib/dev.c
diff options
context:
space:
mode:
authorDimitri Staessens <[email protected]>2023-09-29 13:15:00 +0200
committerSander Vrijders <[email protected]>2023-10-25 09:51:35 +0200
commitfd3381002564c87b85feb2d1947a588e8ca6fdf9 (patch)
treeb24d89230eb0eab26f18c0de4d714c09884b686e /src/lib/dev.c
parent3662d75fa3a2cbe52fd9008754b1b6222342308d (diff)
downloadouroboros-fd3381002564c87b85feb2d1947a588e8ca6fdf9.tar.gz
ouroboros-fd3381002564c87b85feb2d1947a588e8ca6fdf9.zip
lib: Make crypt.c independent source file
The cryptography functions were in a C source that was directly imported into dev.c, enabling ECDHE+AES256 symmetric key encryption on flows. Now crypt.c is an independent source file with associated crypt.h header, to prepare for security management and configuration in the IRMd. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
Diffstat (limited to 'src/lib/dev.c')
-rw-r--r--src/lib/dev.c30
1 files changed, 15 insertions, 15 deletions
diff --git a/src/lib/dev.c b/src/lib/dev.c
index ef909e1a..02f9d3f9 100644
--- a/src/lib/dev.c
+++ b/src/lib/dev.c
@@ -30,6 +30,7 @@
#include <ouroboros/hash.h>
#include <ouroboros/cacep.h>
+#include <ouroboros/crypt.h>
#include <ouroboros/errno.h>
#include <ouroboros/dev.h>
#include <ouroboros/ipcp-dev.h>
@@ -71,7 +72,6 @@
#define CRCLEN (sizeof(uint32_t))
#define SECMEMSZ 16384
-#define SYMMKEYSZ 32
#define MSGBUFSZ 2048
enum flow_state {
@@ -102,8 +102,7 @@ struct flow {
qosspec_t qs;
ssize_t part_idx;
- void * ctx;
- uint8_t key[SYMMKEYSZ];
+ struct crypt_info crypt;
pid_t pid;
@@ -256,7 +255,6 @@ static int proc_announce(char * prog)
return ret;
}
-#include "crypt.c"
#include "frct.c"
void * flow_tx(void * o)
@@ -429,8 +427,7 @@ static void flow_fini(int fd)
shm_flow_set_close(ai.flows[fd].set);
}
- if (ai.flows[fd].ctx != NULL)
- crypt_fini(ai.flows[fd].ctx);
+ crypt_fini(&ai.flows[fd].crypt);
list_del(&ai.flows[fd].next);
@@ -480,12 +477,15 @@ static int flow_init(int flow_id,
flow->snd_act = now;
flow->rcv_act = now;
- if (qs.cypher_s > 0) {
- if (crypt_init(&flow->ctx) < 0)
- goto fail_ctx;
+ flow->crypt.flags = qs.cypher_s; /* TODO: remove cypher_s from qos */
- memcpy(flow->key, s, SYMMKEYSZ);
- }
+ if (flow->crypt.flags > 0)
+ memcpy(flow->crypt.key, s ,SYMMKEYSZ);
+ else
+ memset(flow->crypt.key, 0, SYMMKEYSZ);
+
+ if (crypt_init(&flow->crypt) < 0)
+ goto fail_crypt;
assert(flow->frcti == NULL);
@@ -518,8 +518,8 @@ static int flow_init(int flow_id,
fail_flow_set_add:
frcti_destroy(flow->frcti);
fail_frcti:
- crypt_fini(flow->ctx);
- fail_ctx:
+ crypt_fini(&flow->crypt);
+ fail_crypt:
shm_flow_set_close(flow->set);
fail_set:
shm_rbuff_close(flow->tx_rb);
@@ -1299,7 +1299,7 @@ static int flow_tx_sdb(struct flow * flow,
if (frcti_snd(flow->frcti, sdb) < 0)
goto enomem;
- if (flow->qs.cypher_s > 0 && crypt_encrypt(flow, sdb) < 0)
+ if (crypt_encrypt(&flow->crypt, sdb) < 0)
goto enomem;
if (flow->qs.ber == 0 && add_crc(sdb) != 0)
@@ -1401,7 +1401,7 @@ static bool invalid_pkt(struct flow * flow,
if (flow->qs.ber == 0 && chk_crc(sdb) != 0)
return true;
- if (flow->qs.cypher_s > 0 && crypt_decrypt(flow, sdb) < 0)
+ if (crypt_decrypt(&flow->crypt, sdb) < 0)
return true;
return false;