git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
clevis
1
0
Fork 0
Files Pull Requests 0
Tree: a539f02c81
Branches Tags
clevis
/
src
/
pins
/
sss
/
sss.c

sss.c 8.9 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399 
  1. /* vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80: */
    2. 

  2. /*
    3. 

  3.  * Copyright (c) 2015 Red Hat, Inc.
    4. 

  4.  * Author: Nathaniel McCallum <npmccallum@redhat.com>
    5. 

  5.  *
    6. 

  6.  * This program is free software: you can redistribute it and/or modify
    7. 

  7.  * it under the terms of the GNU General Public License as published by
    8. 

  8.  * the Free Software Foundation, either version 3 of the License, or
    9. 

  9.  * (at your option) any later version.
    10. 

  10.  *
    11. 

  11.  * This program is distributed in the hope that it will be useful,
    12. 

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14.  * GNU General Public License for more details.
    15. 

  15.  *
    16. 

  16.  * You should have received a copy of the GNU General Public License
    17. 

  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    18. 

  18.  *
    19. 

  19.  * Additional permission under GPLv3 section 7:
    20. 

  20.  *
    21. 

  21.  * In the following paragraph, "GPL" means the GNU General Public
    22. 

  22.  * License, version 3 or any later version, and "Non-GPL Code" means
    23. 

  23.  * code that is governed neither by the GPL nor a license
    24. 

  24.  * compatible with the GPL.
    25. 

  25.  *
    26. 

  26.  * You may link the code of this Program with Non-GPL Code and convey
    27. 

  27.  * linked combinations including the two, provided that such Non-GPL
    28. 

  28.  * Code only links to the code of this Program through those well
    29. 

  29.  * defined interfaces identified in the file named EXCEPTION found in
    30. 

  30.  * the source code files (the "Approved Interfaces"). The files of
    31. 

  31.  * Non-GPL Code may instantiate templates or use macros or inline
    32. 

  32.  * functions from the Approved Interfaces without causing the resulting
    33. 

  33.  * work to be covered by the GPL. Only the copyright holders of this
    34. 

  34.  * Program may make changes or additions to the list of Approved
    35. 

  35.  * Interfaces.
    36. 

  36.  */
    37. 

  37. 

  38. #define _GNU_SOURCE
    39. 

  39. #include "sss.h"
    40. 

  40. #include <jose/b64.h>
    41. 

  41. #include <openssl/bn.h>
    42. 

  42. 

  43. #include <stdbool.h>
    44. 

  44. #include <stddef.h>
    45. 

  45. #include <stdint.h>
    46. 

  46. #include <string.h>
    47. 

  47. 

  48. #include <sys/types.h>
    49. 

  49. #include <sys/wait.h>
    50. 

  50. #include <fcntl.h>
    51. 

  51. #include <unistd.h>
    52. 

  52. #include <signal.h>
    53. 

  53. 

  54. #define BIGNUM_auto __attribute__((cleanup(BN_cleanup))) BIGNUM
    55. 

  55. #define BN_CTX_auto __attribute__((cleanup(BN_CTX_cleanup))) BN_CTX
    56. 

  56. 

  57. static BIGNUM *
    58. 

  58. bn_decode(const uint8_t buf[], size_t len)
    59. 

  59. {
    60. 

  60.     return BN_bin2bn(buf, len, NULL);
    61. 

  61. }
    62. 

  62. 

  63. static BIGNUM *
    64. 

  64. bn_decode_json(const json_t *json)
    65. 

  65. {
    66. 

  66.     uint8_t *buf = NULL;
    67. 

  67.     BIGNUM *bn = NULL;
    68. 

  68.     size_t len;
    69. 

  69. 

  70.     len = jose_b64_dec(json, NULL, 0);
    71. 

  71.     if (len == SIZE_MAX)
    72. 

  72.         return NULL;
    73. 

  73. 

  74.     buf = malloc(len);
    75. 

  75.     if (!buf)
    76. 

  76.         return NULL;
    77. 

  77. 

  78.     if (jose_b64_dec(json, buf, len) != len) {
    79. 

  79.         free(buf);
    80. 

  80.         return NULL;
    81. 

  81.     }
    82. 

  82. 

  83.     bn = bn_decode(buf, len);
    84. 

  84.     free(buf);
    85. 

  85.     return bn;
    86. 

  86. }
    87. 

  87. 

  88. static bool
    89. 

  89. bn_encode(const BIGNUM *bn, uint8_t buf[], size_t len)
    90. 

  90. {
    91. 

  91.     int bytes = 0;
    92. 

  92. 

  93.     if (!bn)
    94. 

  94.         return false;
    95. 

  95. 

  96.     if (len == 0)
    97. 

  97.         len = BN_num_bytes(bn);
    98. 

  98. 

  99.     bytes = BN_num_bytes(bn);
    100. 

  100.     if (bytes < 0 || bytes > (int) len)
    101. 

  101.         return false;
    102. 

  102. 

  103.     memset(buf, 0, len);
    104. 

  104.     return BN_bn2bin(bn, &buf[len - bytes]) > 0;
    105. 

  105. }
    106. 

  106. 

  107. static json_t *
    108. 

  108. bn_encode_json(const BIGNUM *bn, size_t len)
    109. 

  109. {
    110. 

  110.     uint8_t *buf = NULL;
    111. 

  111.     json_t *out = NULL;
    112. 

  112. 

  113.     if (!bn)
    114. 

  114.         return NULL;
    115. 

  115. 

  116.     if (len == 0)
    117. 

  117.         len = BN_num_bytes(bn);
    118. 

  118. 

  119.     if ((int) len < BN_num_bytes(bn))
    120. 

  120.         return NULL;
    121. 

  121. 

  122.     buf = malloc(len);
    123. 

  123.     if (!buf)
    124. 

  124.         return NULL;
    125. 

  125. 

  126.     if (!bn_encode(bn, buf, len)) {
    127. 

  127.         free(buf);
    128. 

  128.         return NULL;
    129. 

  129.     }
    130. 

  130. 

  131.     out = jose_b64_enc(buf, len);
    132. 

  132.     free(buf);
    133. 

  133.     return out;
    134. 

  134. }
    135. 

  135. 

  136. static void
    137. 

  137. BN_CTX_cleanup(BN_CTX **ctx)
    138. 

  138. {
    139. 

  139.     if (ctx)
    140. 

  140.         BN_CTX_free(*ctx);
    141. 

  141. }
    142. 

  142. 

  143. static void
    144. 

  144. BN_cleanup(BIGNUM **bnp)
    145. 

  145. {
    146. 

  146.     if (bnp)
    147. 

  147.         BN_clear_free(*bnp);
    148. 

  148. }
    149. 

  149. 

  150. json_t *
    151. 

  151. sss_generate(size_t key_bytes, size_t threshold)
    152. 

  152. {
    153. 

  153.     BIGNUM_auto *p = NULL;
    154. 

  154.     BIGNUM_auto *e = NULL;
    155. 

  155.     json_t *sss = NULL;
    156. 

  156. 

  157.     if (key_bytes == 0 || threshold < 1)
    158. 

  158.         return NULL;
    159. 

  159. 

  160.     p = BN_new();
    161. 

  161.     e = BN_new();
    162. 

  162.     if (!p || !e)
    163. 

  163.         goto error;
    164. 

  164. 

  165.     if (!BN_generate_prime_ex(p, key_bytes * 8, 1, NULL, NULL, NULL))
    166. 

  166.         goto error;
    167. 

  167. 

  168.     sss = json_pack("{s:i,s:[],s:o}", "t", threshold, "e", "p",
    169. 

  169.                     bn_encode_json(p, key_bytes));
    170. 

  170.     if (!sss)
    171. 

  171.         goto error;
    172. 

  172. 

  173.     for (size_t i = 0; i < threshold; i++) {
    174. 

  174.         if (BN_rand_range(e, p) <= 0)
    175. 

  175.             goto error;
    176. 

  176. 

  177.         if (json_array_append_new(json_object_get(sss, "e"),
    178. 

  178.                                   bn_encode_json(e, key_bytes)))
    179. 

  179.             goto error;
    180. 

  180.     }
    181. 

  181. 

  182.     return sss;
    183. 

  183. 

  184. error:
    185. 

  185.     json_decref(sss);
    186. 

  186.     return NULL;
    187. 

  187. }
    188. 

  188. 

  189. uint8_t *
    190. 

  190. sss_point(const json_t *sss, size_t *len)
    191. 

  191. {
    192. 

  192.     BN_CTX_auto *ctx = NULL;
    193. 

  193.     BIGNUM_auto *tmp = NULL;
    194. 

  194.     BIGNUM_auto *xx = NULL;
    195. 

  195.     BIGNUM_auto *yy = NULL;
    196. 

  196.     BIGNUM_auto *pp = NULL;
    197. 

  197.     uint8_t *key = NULL;
    198. 

  198.     json_t *e = NULL;
    199. 

  199.     json_t *p = NULL;
    200. 

  200.     json_int_t t = 0;
    201. 

  201. 

  202.     if (json_unpack((json_t *) sss, "{s:I,s:o,s:o}",
    203. 

  203.                     "t", &t, "p", &p, "e", &e) != 0)
    204. 

  204.         return NULL;
    205. 

  205. 

  206.     ctx = BN_CTX_new();
    207. 

  207.     pp = bn_decode_json(p);
    208. 

  208.     xx = BN_new();
    209. 

  209.     yy = BN_new();
    210. 

  210.     tmp = BN_new();
    211. 

  211.     if (!ctx || !pp || !xx || !yy || !tmp)
    212. 

  212.         return NULL;
    213. 

  213. 

  214.     if (BN_rand_range(xx, pp) <= 0)
    215. 

  215.         return NULL;
    216. 

  216. 

  217.     if (BN_zero(yy) <= 0)
    218. 

  218.         return NULL;
    219. 

  219. 

  220.     for (size_t i = 0; i < json_array_size(e); i++) {
    221. 

  221.         BIGNUM_auto *ee = NULL;
    222. 

  222. 

  223.         ee = bn_decode_json(json_array_get(e, i));
    224. 

  224.         if (!ee)
    225. 

  225.             return NULL;
    226. 

  226. 

  227.         if (BN_cmp(pp, ee) <= 0)
    228. 

  228.             return NULL;
    229. 

  229. 

  230.         /* y += e[i] * x^i */
    231. 

  231. 

  232.         if (BN_set_word(tmp, i) <= 0)
    233. 

  233.             return NULL;
    234. 

  234. 

  235.         if (BN_mod_exp(tmp, xx, tmp, pp, ctx) <= 0)
    236. 

  236.             return NULL;
    237. 

  237. 

  238.         if (BN_mod_mul(tmp, ee, tmp, pp, ctx) <= 0)
    239. 

  239.             return NULL;
    240. 

  240. 

  241.         if (BN_mod_add(yy, yy, tmp, pp, ctx) <= 0)
    242. 

  242.             return NULL;
    243. 

  243.     }
    244. 

  244. 

  245.     *len = jose_b64_dec(p, NULL, 0);
    246. 

  246.     if (*len == SIZE_MAX)
    247. 

  247.         return NULL;
    248. 

  248.     key = malloc(*len * 2);
    249. 

  249.     if (!key)
    250. 

  250.         return NULL;
    251. 

  251. 

  252.     if (!bn_encode(xx, key, *len) || !bn_encode(yy, &key[*len], *len)) {
    253. 

  253.         memset(key, 0, *len * 2);
    254. 

  254.         free(key);
    255. 

  255.         return NULL;
    256. 

  256.     }
    257. 

  257. 

  258.     *len *= 2;
    259. 

  259.     return key;
    260. 

  260. }
    261. 

  261. 

  262. json_t *
    263. 

  263. sss_recover(const json_t *p, size_t npnts, const uint8_t *pnts[])
    264. 

  264. {
    265. 

  265.     BN_CTX_auto *ctx = BN_CTX_new();
    266. 

  266.     BIGNUM_auto *pp = bn_decode_json(p);
    267. 

  267.     BIGNUM_auto *acc = BN_new();
    268. 

  268.     BIGNUM_auto *tmp = BN_new();
    269. 

  269.     BIGNUM_auto *k = BN_new();
    270. 

  270.     size_t len = 0;
    271. 

  271. 

  272.     if (!ctx || !pp || !acc || !tmp || !k)
    273. 

  273.         return NULL;
    274. 

  274. 

  275.     if (BN_zero(k) <= 0)
    276. 

  276.         return NULL;
    277. 

  277. 

  278.     len = jose_b64_dec(p, NULL, 0);
    279. 

  279.     if (len == SIZE_MAX)
    280. 

  280.         return NULL;
    281. 

  281. 

  282.     for (size_t i = 0; i < npnts; i++) {
    283. 

  283.         BIGNUM_auto *xo = NULL; /* Outer X */
    284. 

  284.         BIGNUM_auto *yo = NULL; /* Outer Y */
    285. 

  285. 

  286.         xo = bn_decode(pnts[i], len);
    287. 

  287.         yo = bn_decode(&pnts[i][len], len);
    288. 

  288.         if (!xo || !yo)
    289. 

  289.             return NULL;
    290. 

  290. 

  291.         if (BN_one(acc) <= 0)
    292. 

  292.             return NULL;
    293. 

  293. 

  294.         for (size_t j = 0; j < npnts; j++) {
    295. 

  295.             BIGNUM_auto *xi = NULL; /* Inner X */
    296. 

  296. 

  297.             if (i == j)
    298. 

  298.                 continue;
    299. 

  299. 

  300.             xi = bn_decode(pnts[j], len);
    301. 

  301.             if (!xi)
    302. 

  302.                 return NULL;
    303. 

  303. 

  304.             /* acc *= (0 - xi) / (xo - xi) */
    305. 

  305. 

  306.             if (BN_zero(tmp) <= 0)
    307. 

  307.                 return NULL;
    308. 

  308. 

  309.             if (BN_mod_sub(tmp, tmp, xi, pp, ctx) <= 0)
    310. 

  310.                 return NULL;
    311. 

  311. 

  312.             if (BN_mod_mul(acc, acc, tmp, pp, ctx) <= 0)
    313. 

  313.                 return NULL;
    314. 

  314. 

  315.             if (BN_mod_sub(tmp, xo, xi, pp, ctx) <= 0)
    316. 

  316.                 return NULL;
    317. 

  317. 

  318.             if (BN_mod_inverse(tmp, tmp, pp, ctx) != tmp)
    319. 

  319.                 return NULL;
    320. 

  320. 

  321.             if (BN_mod_mul(acc, acc, tmp, pp, ctx) <= 0)
    322. 

  322.                 return NULL;
    323. 

  323.         }
    324. 

  324. 

  325.         /* k += acc * y[i] */
    326. 

  326. 

  327.         if (BN_mod_mul(acc, acc, yo, pp, ctx) <= 0)
    328. 

  328.             return NULL;
    329. 

  329. 

  330.         if (BN_mod_add(k, k, acc, pp, ctx) <= 0)
    331. 

  331.             return NULL;
    332. 

  332.     }
    333. 

  333. 

  334.     return bn_encode_json(k, len);
    335. 

  335. }
    336. 

  336. 

  337. enum {
    338. 

  338.     PIPE_RD = 0,
    339. 

  339.     PIPE_WR = 1
    340. 

  340. };
    341. 

  341. 

  342. FILE *
    343. 

  343. call(char *const argv[], const void *buf, size_t len, pid_t *pid)
    344. 

  344. {
    345. 

  345.     int dump[2] = { -1, -1 };
    346. 

  346.     int load[2] = { -1, -1 };
    347. 

  347.     FILE *out = NULL;
    348. 

  348.     ssize_t wr = 0;
    349. 

  349. 

  350.     *pid = 0;
    351. 

  351. 

  352.     if (pipe2(dump, O_CLOEXEC) < 0)
    353. 

  353.         goto error;
    354. 

  354. 

  355.     if (pipe2(load, O_CLOEXEC) < 0)
    356. 

  356.         goto error;
    357. 

  357. 

  358.     *pid = fork();
    359. 

  359.     if (*pid < 0)
    360. 

  360.         goto error;
    361. 

  361. 

  362.     if (*pid == 0) {
    363. 

  363.         if (dup2(dump[PIPE_RD], STDIN_FILENO) < 0 ||
    364. 

  364.             dup2(load[PIPE_WR], STDOUT_FILENO) < 0)
    365. 

  365.             exit(EXIT_FAILURE);
    366. 

  366. 

  367.         execvp(argv[0], argv);
    368. 

  368.         exit(EXIT_FAILURE);
    369. 

  369.     }
    370. 

  370. 

  371.     for (const uint8_t *tmp = buf; len > 0; tmp += wr, len -= wr) {
    372. 

  372.         wr = write(dump[PIPE_WR], tmp, len);
    373. 

  373.         if (wr < 0)
    374. 

  374.             goto error;
    375. 

  375.     }
    376. 

  376. 

  377.     out = fdopen(load[PIPE_RD], "r");
    378. 

  378.     if (!out)
    379. 

  379.         goto error;
    380. 

  380. 

  381.     close(dump[PIPE_RD]);
    382. 

  382.     close(dump[PIPE_WR]);
    383. 

  383.     close(load[PIPE_WR]);
    384. 

  384.     return out;
    385. 

  385. 

  386. error:
    387. 

  387.     close(dump[PIPE_RD]);
    388. 

  388.     close(dump[PIPE_WR]);
    389. 

  389.     close(load[PIPE_RD]);
    390. 

  390.     close(load[PIPE_WR]);
    391. 

  391. 

  392.     if (*pid > 0) {
    393. 

  393.         kill(*pid, SIGTERM);
    394. 

  394.         waitpid(*pid, NULL, 0);
    395. 

  395.         *pid = 0;
    396. 

  396.     }
    397. 

  397. 

  398.     return NULL;
    399. 

  399. }
    400.