ruby_nacl 0.1.0

data/ext/ruby_nacl/NaCl/curvecp/curvecpclient.c

@@ -0,0 +1,476 @@
+#include <signal.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+#include <fcntl.h>
+#include <poll.h>
+#include <unistd.h>
+#include "e.h"
+#include "die.h"
+#include "load.h"
+#include "open.h"
+#include "byte.h"
+#include "socket.h"
+#include "uint64_pack.h"
+#include "uint64_unpack.h"
+#include "nanoseconds.h"
+#include "hexparse.h"
+#include "nameparse.h"
+#include "portparse.h"
+#include "writeall.h"
+#include "safenonce.h"
+#include "randommod.h"
+
+long long recent = 0;
+
+#define NUMIP 8
+long long hellowait[NUMIP] = {
+   1000000000
+,  1500000000
+,  2250000000
+,  3375000000
+,  5062500000
+,  7593750000
+, 11390625000
+, 17085937500
+} ;
+
+#include "crypto_box.h"
+#include "randombytes.h"
+#if crypto_box_PUBLICKEYBYTES != 32
+error!
+#endif
+#if crypto_box_NONCEBYTES != 24
+error!
+#endif
+#if crypto_box_BOXZEROBYTES != 16
+error!
+#endif
+#if crypto_box_ZEROBYTES != 32
+error!
+#endif
+#if crypto_box_BEFORENMBYTES != 32
+error!
+#endif
+
+int flagverbose = 1;
+
+#define USAGE "\
+curvecpclient: how to use:\n\
+curvecpclient:   -q (optional): no error messages\n\
+curvecpclient:   -Q (optional): print error messages (default)\n\
+curvecpclient:   -v (optional): print extra information\n\
+curvecpclient:   -c keydir (optional): use this public-key directory\n\
+curvecpclient:   sname: server's name\n\
+curvecpclient:   pk: server's public key\n\
+curvecpclient:   ip: server's IP address\n\
+curvecpclient:   port: server's UDP port\n\
+curvecpclient:   ext: server's extension\n\
+curvecpclient:   prog: run this client\n\
+"
+
+void die_usage(const char *s)
+{
+  if (s) die_4(100,USAGE,"curvecpclient: fatal: ",s,"\n");
+  die_1(100,USAGE);
+}
+
+void die_fatal(const char *trouble,const char *d,const char *fn)
+{
+  /* XXX: clean up? OS can do it much more reliably */
+  if (!flagverbose) die_0(111);
+  if (d) {
+    if (fn) die_9(111,"curvecpclient: fatal: ",trouble," ",d,"/",fn,": ",e_str(errno),"\n");
+    die_7(111,"curvecpclient: fatal: ",trouble," ",d,": ",e_str(errno),"\n");
+  }
+  if (errno) die_5(111,"curvecpclient: fatal: ",trouble,": ",e_str(errno),"\n");
+  die_3(111,"curvecpclient: fatal: ",trouble,"\n");
+}
+
+int multiipparse(unsigned char *y,const char *x)
+{
+  long long pos;
+  long long pos2;
+  long long ynum;
+  long long ypos;
+  long long j;
+  long long k;
+  long long d;
+  for (j = 0;j < 4 * NUMIP;++j) y[j] = 0;
+  ynum = 0;
+  while (ynum < 1000) {
+    ++ynum;
+    ypos = randommod(ynum);
+    for (k = 0;k < 4;++k) {
+      pos = ypos * 4 + k;
+      pos2 = (ynum - 1) * 4 + k;
+      if (pos >= 0 && pos < 4 * NUMIP && pos2 >= 0 && pos2 < 4 * NUMIP) y[pos2] = y[pos];
+      d = 0;
+      for (j = 0;j < 3 && x[j] >= '0' && x[j] <= '9';++j) d = d * 10 + (x[j] - '0');
+      if (j == 0) return 0;
+      x += j;
+      if (pos >= 0 && pos < 4 * NUMIP) y[pos] = d;
+      if (k < 3) {
+        if (*x != '.') return 0;
+        ++x;
+      }
+    }
+    if (!*x) break;
+    if (*x != ',') return 0;
+    ++x;
+  }
+  /* if fewer than 8 IP addresses, cycle through them: */
+  pos = 0;
+  pos2 = ynum * 4;
+  while (pos2 < 4 * NUMIP) {
+    if (pos >= 0 && pos < 4 * NUMIP && pos2 >= 0 && pos2 < 4 * NUMIP) y[pos2] = y[pos];
+    ++pos2;
+    ++pos;
+  }
+  return 1;
+}
+
+
+/* routing to the client: */
+unsigned char clientextension[16];
+long long clientextensionloadtime = 0;
+int udpfd = -1;
+
+void clientextension_init(void)
+{
+  if (recent >= clientextensionloadtime) {
+    clientextensionloadtime = recent + 30000000000LL;
+    if (load("/etc/curvecpextension",clientextension,16) == -1)
+      if (errno == ENOENT || errno == ENAMETOOLONG)
+        byte_zero(clientextension,16);
+  }
+}
+
+
+/* client security: */
+char *keydir = 0;
+unsigned char clientlongtermpk[32];
+unsigned char clientlongtermsk[32];
+unsigned char clientshorttermpk[32];
+unsigned char clientshorttermsk[32];
+crypto_uint64 clientshorttermnonce;
+unsigned char vouch[64];
+
+void clientshorttermnonce_update(void)
+{
+  ++clientshorttermnonce;
+  if (clientshorttermnonce) return;
+  errno = EPROTO;
+  die_fatal("nonce space expired",0,0);
+}
+
+/* routing to the server: */
+unsigned char serverip[4 * NUMIP];
+unsigned char serverport[2];
+unsigned char serverextension[16];
+
+/* server security: */
+unsigned char servername[256];
+unsigned char serverlongtermpk[32];
+unsigned char servershorttermpk[32];
+unsigned char servercookie[96];
+
+/* shared secrets: */
+unsigned char clientshortserverlong[32];
+unsigned char clientshortservershort[32];
+unsigned char clientlongserverlong[32];
+
+unsigned char allzero[128] = {0};
+
+unsigned char nonce[24];
+unsigned char text[2048];
+
+unsigned char packet[4096];
+unsigned char packetip[4];
+unsigned char packetport[2];
+crypto_uint64 packetnonce;
+int flagreceivedmessage = 0;
+crypto_uint64 receivednonce = 0;
+
+struct pollfd p[3];
+
+int fdwd = -1;
+
+int tochild[2] = {-1,-1};
+int fromchild[2] = {-1,-1};
+pid_t child = -1;
+int childstatus = 0;
+
+unsigned char childbuf[4096];
+long long childbuflen = 0;
+unsigned char childmessage[2048];
+long long childmessagelen = 0;
+
+int main(int argc,char **argv)
+{
+  long long hellopackets;
+  long long r;
+  long long nextaction;
+
+  signal(SIGPIPE,SIG_IGN);
+
+  if (!argv[0]) die_usage(0);
+  for (;;) {
+    char *x;
+    if (!argv[1]) break;
+    if (argv[1][0] != '-') break;
+    x = *++argv;
+    if (x[0] == '-' && x[1] == 0) break;
+    if (x[0] == '-' && x[1] == '-' && x[2] == 0) break;
+    while (*++x) {
+      if (*x == 'q') { flagverbose = 0; continue; }
+      if (*x == 'Q') { flagverbose = 1; continue; }
+      if (*x == 'v') { if (flagverbose == 2) flagverbose = 3; else flagverbose = 2; continue; }
+      if (*x == 'c') {
+        if (x[1]) { keydir = x + 1; break; }
+        if (argv[1]) { keydir = *++argv; break; }
+      }
+      die_usage(0);
+    }
+  }
+  if (!nameparse(servername,*++argv)) die_usage("sname must be at most 255 bytes, at most 63 bytes between dots");
+  if (!hexparse(serverlongtermpk,32,*++argv)) die_usage("pk must be exactly 64 hex characters");
+  if (!multiipparse(serverip,*++argv)) die_usage("ip must be a comma-separated series of IPv4 addresses");
+  if (!portparse(serverport,*++argv)) die_usage("port must be an integer between 0 and 65535");
+  if (!hexparse(serverextension,16,*++argv)) die_usage("ext must be exactly 32 hex characters");
+  if (!*++argv) die_usage("missing prog");
+
+  for (;;) {
+    r = open_read("/dev/null");
+    if (r == -1) die_fatal("unable to open /dev/null",0,0);
+    if (r > 9) { close(r); break; }
+  }
+
+  if (keydir) {
+    fdwd = open_cwd();
+    if (fdwd == -1) die_fatal("unable to open current working directory",0,0);
+    if (chdir(keydir) == -1) die_fatal("unable to change to directory",keydir,0);
+    if (load("publickey",clientlongtermpk,sizeof clientlongtermpk) == -1) die_fatal("unable to read public key from",keydir,0);
+    if (load(".expertsonly/secretkey",clientlongtermsk,sizeof clientlongtermsk) == -1) die_fatal("unable to read secret key from",keydir,0);
+  } else {
+    crypto_box_keypair(clientlongtermpk,clientlongtermsk);
+  }
+
+  crypto_box_keypair(clientshorttermpk,clientshorttermsk);
+  clientshorttermnonce = randommod(281474976710656LL);
+  crypto_box_beforenm(clientshortserverlong,serverlongtermpk,clientshorttermsk);
+  crypto_box_beforenm(clientlongserverlong,serverlongtermpk,clientlongtermsk);
+
+  udpfd = socket_udp();
+  if (udpfd == -1) die_fatal("unable to create socket",0,0);
+
+  for (hellopackets = 0;hellopackets < NUMIP;++hellopackets) {
+    recent = nanoseconds();
+
+    /* send a Hello packet: */
+
+    clientextension_init();
+
+    clientshorttermnonce_update();
+    byte_copy(nonce,16,"CurveCP-client-H");
+    uint64_pack(nonce + 16,clientshorttermnonce);
+
+    byte_copy(packet,8,"QvnQ5XlH");
+    byte_copy(packet + 8,16,serverextension);
+    byte_copy(packet + 24,16,clientextension);
+    byte_copy(packet + 40,32,clientshorttermpk);
+    byte_copy(packet + 72,64,allzero);
+    byte_copy(packet + 136,8,nonce + 16);
+    crypto_box_afternm(text,allzero,96,nonce,clientshortserverlong);
+    byte_copy(packet + 144,80,text + 16);
+
+    socket_send(udpfd,packet,224,serverip + 4 * hellopackets,serverport);
+
+    nextaction = recent + hellowait[hellopackets] + randommod(hellowait[hellopackets]);
+
+    for (;;) {
+      long long timeout = nextaction - recent;
+      if (timeout <= 0) break;
+      p[0].fd = udpfd;
+      p[0].events = POLLIN;
+      if (poll(p,1,timeout / 1000000 + 1) < 0) p[0].revents = 0;
+
+      do { /* try receiving a Cookie packet: */
+        if (!p[0].revents) break;
+        r = socket_recv(udpfd,packet,sizeof packet,packetip,packetport);
+        if (r != 200) break;
+        if (!(byte_isequal(packetip,4,serverip + 4 * hellopackets) &
+              byte_isequal(packetport,2,serverport) &
+              byte_isequal(packet,8,"RL3aNMXK") &
+              byte_isequal(packet + 8,16,clientextension) &
+              byte_isequal(packet + 24,16,serverextension)
+           )) break;
+        byte_copy(nonce,8,"CurveCPK");
+        byte_copy(nonce + 8,16,packet + 40);
+        byte_zero(text,16);
+        byte_copy(text + 16,144,packet + 56);
+        if (crypto_box_open_afternm(text,text,160,nonce,clientshortserverlong)) break;
+        byte_copy(servershorttermpk,32,text + 32);
+        byte_copy(servercookie,96,text + 64);
+        byte_copy(serverip,4,serverip + 4 * hellopackets);
+        goto receivedcookie;
+      } while (0);
+
+      recent = nanoseconds();
+    }
+  }
+
+  errno = ETIMEDOUT; die_fatal("no response from server",0,0);
+
+  receivedcookie:
+
+  crypto_box_beforenm(clientshortservershort,servershorttermpk,clientshorttermsk);
+
+  byte_copy(nonce,8,"CurveCPV");
+  if (keydir) {
+    if (safenonce(nonce + 8,0) == -1) die_fatal("nonce-generation disaster",0,0);
+  } else {
+    randombytes(nonce + 8,16);
+  }
+
+  byte_zero(text,32);
+  byte_copy(text + 32,32,clientshorttermpk);
+  crypto_box_afternm(text,text,64,nonce,clientlongserverlong);
+  byte_copy(vouch,16,nonce + 8);
+  byte_copy(vouch + 16,48,text + 16);
+
+  /* server is responding, so start child: */
+
+  if (open_pipe(tochild) == -1) die_fatal("unable to create pipe",0,0);
+  if (open_pipe(fromchild) == -1) die_fatal("unable to create pipe",0,0);
+  
+  child = fork();
+  if (child == -1) die_fatal("unable to fork",0,0);
+  if (child == 0) {
+    if (keydir) if (fchdir(fdwd) == -1) die_fatal("unable to chdir to original directory",0,0);
+    close(8);
+    if (dup(tochild[0]) != 8) die_fatal("unable to dup",0,0);
+    close(9);
+    if (dup(fromchild[1]) != 9) die_fatal("unable to dup",0,0);
+    /* XXX: set up environment variables */
+    signal(SIGPIPE,SIG_DFL);
+    execvp(*argv,argv);
+    die_fatal("unable to run",*argv,0);
+  }
+
+  close(fromchild[1]);
+  close(tochild[0]);
+
+
+  for (;;) {
+    p[0].fd = udpfd;
+    p[0].events = POLLIN;
+    p[1].fd = fromchild[0];
+    p[1].events = POLLIN;
+
+    if (poll(p,2,-1) < 0) {
+      p[0].revents = 0;
+      p[1].revents = 0;
+    }
+
+    do { /* try receiving a Message packet: */
+      if (!p[0].revents) break;
+      r = socket_recv(udpfd,packet,sizeof packet,packetip,packetport);
+      if (r < 80) break;
+      if (r > 1152) break;
+      if (r & 15) break;
+      packetnonce = uint64_unpack(packet + 40);
+      if (flagreceivedmessage && packetnonce <= receivednonce) break;
+      if (!(byte_isequal(packetip,4,serverip + 4 * hellopackets) &
+            byte_isequal(packetport,2,serverport) &
+            byte_isequal(packet,8,"RL3aNMXM") &
+            byte_isequal(packet + 8,16,clientextension) &
+            byte_isequal(packet + 24,16,serverextension)
+         )) break;
+      byte_copy(nonce,16,"CurveCP-server-M");
+      byte_copy(nonce + 16,8,packet + 40);
+      byte_zero(text,16);
+      byte_copy(text + 16,r - 48,packet + 48);
+      if (crypto_box_open_afternm(text,text,r - 32,nonce,clientshortservershort)) break;
+
+      if (!flagreceivedmessage) {
+        flagreceivedmessage = 1;
+	randombytes(clientlongtermpk,sizeof clientlongtermpk);
+	randombytes(vouch,sizeof vouch);
+	randombytes(servername,sizeof servername);
+	randombytes(servercookie,sizeof servercookie);
+      }
+
+      receivednonce = packetnonce;
+      text[31] = (r - 64) >> 4;
+      /* child is responsible for reading all data immediately, so we won't block: */
+      if (writeall(tochild[1],text + 31,r - 63) == -1) goto done;
+    } while (0);
+
+    do { /* try receiving data from child: */
+      long long i;
+      if (!p[1].revents) break;
+      r = read(fromchild[0],childbuf,sizeof childbuf);
+      if (r == -1) if (errno == EINTR || errno == EWOULDBLOCK || errno == EAGAIN) break;
+      if (r <= 0) goto done;
+      childbuflen = r;
+      for (i = 0;i < childbuflen;++i) {
+	if (childmessagelen < 0) goto done;
+	if (childmessagelen >= sizeof childmessage) goto done;
+        childmessage[childmessagelen++] = childbuf[i];
+	if (childmessage[0] & 128) goto done;
+	if (childmessagelen == 1 + 16 * (unsigned long long) childmessage[0]) {
+	  clientextension_init();
+	  clientshorttermnonce_update();
+          uint64_pack(nonce + 16,clientshorttermnonce);
+	  if (flagreceivedmessage) {
+	    r = childmessagelen - 1;
+	    if (r < 16) goto done;
+	    if (r > 1088) goto done;
+            byte_copy(nonce,16,"CurveCP-client-M");
+	    byte_zero(text,32);
+	    byte_copy(text + 32,r,childmessage + 1);
+	    crypto_box_afternm(text,text,r + 32,nonce,clientshortservershort);
+	    byte_copy(packet,8,"QvnQ5XlM");
+	    byte_copy(packet + 8,16,serverextension);
+	    byte_copy(packet + 24,16,clientextension);
+	    byte_copy(packet + 40,32,clientshorttermpk);
+	    byte_copy(packet + 72,8,nonce + 16);
+	    byte_copy(packet + 80,r + 16,text + 16);
+            socket_send(udpfd,packet,r + 96,serverip,serverport);
+	  } else {
+	    r = childmessagelen - 1;
+	    if (r < 16) goto done;
+	    if (r > 640) goto done;
+	    byte_copy(nonce,16,"CurveCP-client-I");
+	    byte_zero(text,32);
+	    byte_copy(text + 32,32,clientlongtermpk);
+	    byte_copy(text + 64,64,vouch);
+	    byte_copy(text + 128,256,servername);
+	    byte_copy(text + 384,r,childmessage + 1);
+	    crypto_box_afternm(text,text,r + 384,nonce,clientshortservershort);
+	    byte_copy(packet,8,"QvnQ5XlI");
+	    byte_copy(packet + 8,16,serverextension);
+	    byte_copy(packet + 24,16,clientextension);
+	    byte_copy(packet + 40,32,clientshorttermpk);
+	    byte_copy(packet + 72,96,servercookie);
+	    byte_copy(packet + 168,8,nonce + 16);
+	    byte_copy(packet + 176,r + 368,text + 16);
+            socket_send(udpfd,packet,r + 544,serverip,serverport);
+	  }
+	  childmessagelen = 0;
+	}
+      }
+    } while (0);
+  }
+
+
+  done:
+
+  do {
+    r = waitpid(child,&childstatus,0);
+  } while (r == -1 && errno == EINTR);
+
+  if (!WIFEXITED(childstatus)) { errno = 0; die_fatal("process killed by signal",0,0); }
+  return WEXITSTATUS(childstatus);
+}

data/ext/ruby_nacl/NaCl/curvecp/curvecpmakekey.c

@@ -0,0 +1,57 @@
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include "die.h"
+#include "e.h"
+#include "savesync.h"
+#include "randombytes.h"
+#include "crypto_box.h"
+
+void die_usage(void)
+{
+  die_1(111,"curvecpmakekey: usage: curvecpmakekey keydir\n");
+}
+
+void die_fatal(const char *trouble,const char *d,const char *fn)
+{
+  if (fn) die_9(111,"curvecpmakekey: fatal: ",trouble," ",d,"/",fn,": ",e_str(errno),"\n");
+  die_7(111,"curvecpmakekey: fatal: ",trouble," ",d,": ",e_str(errno),"\n");
+}
+
+unsigned char pk[crypto_box_PUBLICKEYBYTES];
+unsigned char sk[crypto_box_SECRETKEYBYTES];
+unsigned char lock[1];
+unsigned char noncekey[32];
+unsigned char noncecounter[8];
+
+void create(const char *d,const char *fn,const unsigned char *x,long long xlen)
+{
+  if (savesync(fn,x,xlen) == -1) die_fatal("unable to create",d,fn);
+}
+
+int main(int argc,char **argv)
+{
+  char *d;
+
+  if (!argv[0]) die_usage();
+  if (!argv[1]) die_usage();
+  d = argv[1];
+
+  umask(022);
+  if (mkdir(d,0755) == -1) die_fatal("unable to create directory",d,0);
+  if (chdir(d) == -1) die_fatal("unable to chdir to directory",d,0);
+  if (mkdir(".expertsonly",0700) == -1) die_fatal("unable to create directory",d,".expertsonly");
+
+  crypto_box_keypair(pk,sk);
+  create(d,"publickey",pk,sizeof pk);
+
+  randombytes(noncekey,sizeof noncekey);
+
+  umask(077);
+  create(d,".expertsonly/secretkey",sk,sizeof sk);
+  create(d,".expertsonly/lock",lock,sizeof lock);
+  create(d,".expertsonly/noncekey",noncekey,sizeof noncekey);
+  create(d,".expertsonly/noncecounter",noncecounter,sizeof noncecounter);
+
+  return 0;
+}