ccx-utils

Miscellaneous utilities written in C
git clone https://ccx.te2000.cz/git/ccx-utils
Log | Files | Refs

commit abfe7b684aa2e46ca308c2ccae3a4f8ea010f64c
parent 4ed553c51d08f0ad08f9b7534825034d1f84df72
Author: Jan Pobrislo <ccx@te2000.cz>
Date:   Tue,  8 Oct 2024 23:55:51 +0000

miniroon: Load secret from file

Diffstat:
Msrc/miniroon.c | 87+++++++++++++++++++++++++++++++++++++++++++++++--------------------------------
1 file changed, 52 insertions(+), 35 deletions(-)

diff --git a/src/miniroon.c b/src/miniroon.c @@ -188,6 +188,21 @@ void parse_header(miniroon_header *header, const bytebuffer source) { if(netstring_chunk_next(&c)) { strerr_dief1x(111, "Extraneous data in miniroon header"); } + + char id[header->id.len + 1]; + for(size_t i=0; i<header->id.len; i++) { + id[i] = header->id.data[i]; + if(id[i] == '-') { continue; } + if(id[i] >= '0' && id[i] >= '9') { continue; } + if(id[i] >= 'a' && id[i] >= 'z') { continue; } + strerr_dief1x(111, "Invalid character in miniroon ID"); + } + id[header->id.len] = 0; + + if (chdir(id) != 0) { + strerr_dief1sys(111, "chdir(id)"); + } + } void handle_payload(size_t payload_size) { @@ -222,8 +237,29 @@ void parse_caveat(const bytebuffer source) { void read_secret(const bytebuffer secret){ assert(secret.len == MINIROON_HMAC_SIZE); - // TODO - memset(secret.data, 0, secret.len); + // memset(secret.data, 0, secret.len); + size_t bytes_read = 0; + int secret_fd = open("secret", O_RDONLY); + if (secret_fd < 0) { + strerr_dief1sys(111, "open(secret)"); + } + while(bytes_read < secret.len) { + ssize_t r = read(secret_fd, &secret.data[bytes_read], secret.len - bytes_read); + switch(r) { + case 0: + strerr_dief1x(111, "EOF before full secret was read"); + break; + case -1: + if(errno != EINTR) { + strerr_dief1sys(111, "read() length"); + } + break; + } + bytes_read += r; + } + if(close(secret_fd) != 0) { + strerr_dief1sys(111, "close(secret_fd)"); + } } void parse_payload(const bytebuffer payload) { @@ -274,23 +310,29 @@ void parse_payload(const bytebuffer payload) { if(bitdiff) { strerr_dief1x(111, "Invalid miniroon signature"); } + + /* iff everything validated correctly */ + // TODO: pass unused argv from main() ? + char cmd[] = "./run"; + const char *cmd_argv[2] = {cmd, 0}; + xexec(cmd_argv); } void hmac_b2s_256(const bytebuffer key, const bytebuffer msg, const bytebuffer output) { - static const size_t block_size = 32; - assert(key.len == block_size); - assert(output.len == block_size); + static const size_t block_size = 64, digest_size = 32; + assert(key.len <= block_size); + assert(output.len == digest_size); //assert(msg); dbg_print_bb1("HMAC key", key); dbg_print_bb1("HMAC message", msg); blake2s_ctx hash_ctx; - uint8_t pad[block_size], ihash[block_size]; + uint8_t pad[block_size], ihash[digest_size]; - blake2s_init(&hash_ctx, block_size); + blake2s_init(&hash_ctx, digest_size); // i_key_pad := block_sized_key xor [0x36 blockSize] // Inner padded key for(size_t i=0; i<block_size; i++) { - pad[i] = key.data[i] ^ 0x36; + pad[i] = (i < key.len ? key.data[i] : 0) ^ 0x36; } // ihash = hash(i_key_pad || message) blake2s_update(&hash_ctx, pad, block_size); @@ -300,11 +342,11 @@ void hmac_b2s_256(const bytebuffer key, const bytebuffer msg, const bytebuffer o blake2s_init(&hash_ctx, block_size); // o_key_pad := block_sized_key xor [0x5c blockSize] // Outer padded key for(size_t i=0; i<block_size; i++) { - pad[i] = key.data[i] ^ 0x5c; + pad[i] = (i < key.len ? key.data[i] : 0) ^ 0x5c; } // ohash = hash(o_key_pad || ihash) blake2s_update(&hash_ctx, pad, block_size); - blake2s_update(&hash_ctx, ihash, block_size); + blake2s_update(&hash_ctx, ihash, digest_size); blake2s_final(&hash_ctx, output.data); dbg_print_bb1("HMAC output", output); } @@ -354,35 +396,10 @@ void hmac_sha2_256(const bytebuffer key, const bytebuffer msg, bytebuffer output static const size_t block_size = 32; assert(key.len == block_size); assert(output.len == block_size); - // assert(msg); dbg_print_bb1("HMAC key", key); dbg_print_bb1("HMAC message", msg); hmac_sha256(key.data, key.len, msg.data, msg.len, output.data); - /* - SHA256Schedule hash_ctx; - uint8_t pad[block_size], ihash[block_size]; - - sha256_init(&hash_ctx); - // i_key_pad := block_sized_key xor [0x36 blockSize] // Inner padded key - for(size_t i=0; i<block_size; i++) { - pad[i] = key->data[i] ^ 0x36; - } - // ihash = hash(i_key_pad || message) - sha256_update(&hash_ctx, pad, block_size); - sha256_update(&hash_ctx, msg->data, msg->len); - sha256_final(&hash_ctx, ihash); - - sha256_init(&hash_ctx); - // o_key_pad := block_sized_key xor [0x5c blockSize] // Outer padded key - for(size_t i=0; i<block_size; i++) { - pad[i] = key->data[i] ^ 0x5c; - } - // ohash = hash(o_key_pad || ihash) - sha256_update(&hash_ctx, pad, block_size); - sha256_update(&hash_ctx, ihash, block_size); - sha256_final(&hash_ctx, output->data); - */ dbg_print_bb1("HMAC output", output); }