Permalink
Browse files

introduce libauth - authenticating tcpcrypt streams at an app layer i…

…n a generic

way
  • Loading branch information...
1 parent 892aee3 commit 0e07772316061ad67b8770e7d98d5dd099c9c7c7 Andrea Bittau committed Jul 22, 2011
Showing with 1,172 additions and 1 deletion.
  1. +16 −0 libauth/Makefile
  2. +118 −0 libauth/auth.c
  3. +32 −0 libauth/auth.h
  4. +408 −0 libauth/auth_dane.c
  5. +16 −0 libauth/auth_dane.h
  6. +265 −0 libauth/chasetrace.c
  7. +64 −0 libauth/os.c
  8. +11 −0 libauth/os.h
  9. +239 −0 libauth/test.c
  10. +2 −0 user/include/tcpcrypt/tcpcrypt.h
  11. +1 −1 user/lib/sockopt.c
View
@@ -0,0 +1,16 @@
+OBJS = auth.o auth_dane.o os.o chasetrace.o
+CFLAGS = -Wall -g -MD -I../user/include/tcpcrypt
+
+all: test libauth.so
+
+test: test.o libauth.so
+ $(CC) $(CFLAGS) -o test test.o \
+ -L. -L../user/lib -lauth -lcrypto -lldns -ltcpcrypt
+
+libauth.so: $(OBJS)
+ $(CC) $(CFLAGS) -shared -o libauth.so $(OBJS)
+
+clean:
+ rm -f test *.o libauth.so *.d
+
+-include *.d
View
@@ -0,0 +1,118 @@
+#include <err.h>
+#include <stdio.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <tcpcrypt.h>
+#include <string.h>
+#include <netdb.h>
+#include <unistd.h>
+
+#include "auth.h"
+#include "auth_dane.h"
+#include "os.h"
+
+struct auth_module {
+ int am_type;
+ accept_cb am_accept;
+ connect_cb am_connect;
+};
+
+static struct auth_module _modules[24];
+
+static struct auth_module *auth_get(int type)
+{
+ if (type >= (sizeof(_modules) / sizeof(*_modules)))
+ errx(1, "auth_register()");
+
+ return &_modules[type];
+}
+
+static struct auth_module *auth_getx(int type)
+{
+ struct auth_module *m = auth_get(type);
+
+ if (!m->am_accept)
+ errx(1, "auth_getx()");
+
+ return m;
+}
+
+void auth_register(int type, accept_cb a, connect_cb c)
+{
+ struct auth_module *m = auth_get(type);
+
+ m->am_type = type;
+ m->am_accept = a;
+ m->am_connect = c;
+}
+
+int auth_connect(int s, struct auth_info *ai)
+{
+ struct auth_module *m = auth_getx(ai->ai_type);
+
+ if (!tcpcrypt_get_app_support(s))
+ return -1;
+
+ return m->am_connect(s, ai);
+}
+
+int auth_accept(int s, struct auth_info *ai)
+{
+ struct auth_module *m = auth_getx(ai->ai_type);
+
+ if (!tcpcrypt_get_app_support(s))
+ return -1;
+
+ return m->am_accept(s, ai);
+}
+
+int auth_enable(int s)
+{
+ return tcpcrypt_set_app_support(s, 1);
+}
+
+int connectbyname(char *host, int port)
+{
+ int s;
+ struct sockaddr_in s_in;
+ struct hostent *he;
+ struct auth_info_dane ai;
+
+ memset(&s_in, 0, sizeof(s_in));
+ s_in.sin_family = PF_INET;
+ s_in.sin_port = htons(port);
+
+ he = gethostbyname(host);
+ if (!he)
+ return -1;
+
+ if (!he->h_addr_list[0])
+ return -1;
+
+ memcpy(&s_in.sin_addr.s_addr, he->h_addr_list[0],
+ sizeof(s_in.sin_addr.s_addr));
+
+ if ((s = socket(PF_INET, SOCK_STREAM, 0)) == -1)
+ return -1;
+
+ if (auth_enable(s) == -1)
+ goto __bad;
+
+ if (connect(s, (struct sockaddr*) &s_in, sizeof(s_in)) == -1)
+ goto __bad;
+
+ memset(&ai, 0, sizeof(ai));
+
+ ai.ai_type = AUTH_DANE;
+ ai.ai_hostname = host;
+ ai.ai_port = port;
+
+ if (auth_connect(s, (struct auth_info*) &ai) != 0)
+ goto __bad;
+
+ return s;
+__bad:
+ close(s);
+ return -1;
+}
View
@@ -0,0 +1,32 @@
+#ifndef __TCPCRYPT_AUTH__
+#define __TCPCRYPT_AUTH__
+
+#include <stdint.h>
+
+#define AUTH_MAGIC 0x69
+
+struct auth_hdr {
+ uint8_t ah_magic;
+ uint8_t ah_type;
+ uint16_t ah_len;
+ uint8_t ah_data[0];
+} __attribute__ ((packed));
+
+struct auth_info {
+ unsigned int ai_type;
+ unsigned char ai_data[64];
+};
+
+extern int auth_connect(int s, struct auth_info *ai);
+extern int auth_accept(int s, struct auth_info *ai);
+extern int auth_enable(int s);
+
+extern int connectbyname(char *host, int port);
+
+/* auth modules APIs */
+typedef int (*accept_cb)(int s, struct auth_info *ai);
+typedef int (*connect_cb)(int s, struct auth_info *ai);
+
+extern void auth_register(int type, accept_cb accept, connect_cb connect);
+
+#endif /* __TCPCRYPT_AUTH__ */
Oops, something went wrong.

0 comments on commit 0e07772

Please sign in to comment.