Another night's work - move to ECDH + AES256 from RSA pubkey

2013-08-08 00:48:02 +01:00
parent c77557b6ee
commit 118b7b8125
10 changed files with 364 additions and 148 deletions
--- a/pass-1/rlocs.h
+++ b/pass-1/rlocs.h
@@ -1,15 +1,30 @@
 #ifndef _RLOCS_H_
 #define _RLOCS_H_

+#include "util.h"
+
 #include <json/json_object.h>
 #include <netinet/in.h>

-#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/sha.h>

 // For now. We can dynamically allocate later.
 #define MAX_RLOCS 64
 #define MAX_EID_MAPPINGS 256

+
+struct key_context {
+    int in_use;    
+    char secret[SHA256_DIGEST_LENGTH];
+    EVP_CIPHER_CTX ctx;
+
+    /* Probably don't need these
+    struct rloc *rloc_x;
+    struct rloc *rloc_y;
+    */
+};
+
 struct rloc {
    short family;
    union {
@@ -17,7 +32,9 @@ struct rloc {
        struct in6_addr ip6;
    } addr;
    
-    RSA* key;
+    EVP_PKEY *key;
+    // We use this to index our rloc for shared keys
+    int context_id;
 };


@@ -36,7 +53,7 @@ struct ip6_eid_map_entry {
 };

 struct rlocs {
-    json_object* config;
+    json_object *config;
    
    size_t num_entries;
    struct rloc entries[MAX_RLOCS];
@@ -46,6 +63,16 @@ struct rlocs {
    
    size_t num_ip6_map_entries;
    struct ip6_eid_map_entry ip6_mappings[MAX_EID_MAPPINGS];
+
+    /* Don't do this, kids.
+     * 2D array - [wrapping_rloc->id][unwrapping_rloc->id]
+     * Obviously, half of the contexts would be identical. So some rules:
+     * - if you're wrapping a packet, you are x. they are y
+     * - if you're unwrapping a packet, you are y. they are x.
+     * Half of the allocated memory goes unused, but we can worry about dynamic
+     * allocation at the same time as MAX_RLOCS and MAX_EID_MAPPINGS
+     */ 
+    struct key_context key_contexts[MAX_RLOCS][MAX_RLOCS];    
 };


@@ -62,8 +89,8 @@ int rloc_add_private_key( struct rloc *rloc, char *filename );
 void rlocs_debug_output( struct rlocs *reg );

 /* Returns -1 on error, or number of bytes written */
-ssize_t rloc_encrypt( struct rloc *rloc, unsigned char *data, size_t data_len, unsigned char *dest, size_t dest_len );
-ssize_t rloc_decrypt( struct rloc *rloc, unsigned char *data, size_t data_len, unsigned char *dest, size_t dest_len );
+ssize_t rlocs_encrypt( struct rlocs *reg, struct rloc *x, struct rloc *y, unsigned char *data, size_t data_len, unsigned char *dest, size_t dest_len );
+ssize_t rlocs_decrypt( struct rlocs *reg, struct rloc *x, struct rloc *y, unsigned char *data, size_t data_len, unsigned char *dest, size_t dest_len );

 void rlocs_free( struct rlocs *registry );