diff options
Diffstat (limited to 'src/iperf_auth.c')
-rw-r--r-- | src/iperf_auth.c | 79 |
1 files changed, 67 insertions, 12 deletions
diff --git a/src/iperf_auth.c b/src/iperf_auth.c index 9965e19..46211e0 100644 --- a/src/iperf_auth.c +++ b/src/iperf_auth.c @@ -1,5 +1,5 @@ /* - * iperf, Copyright (c) 2014-2018, The Regents of the University of + * iperf, Copyright (c) 2014-2020, The Regents of the University of * California, through Lawrence Berkeley National Laboratory (subject * to receipt of any required approvals from the U.S. Dept. of * Energy). All rights reserved. @@ -43,6 +43,9 @@ #include <openssl/pem.h> #include <openssl/sha.h> #include <openssl/buffer.h> +#include <openssl/err.h> + +const char *auth_text_format = "user: %s\npwd: %s\nts: %ld"; void sha256(const char *string, char outputBuffer[65]) { @@ -151,7 +154,6 @@ int Base64Decode(const char* b64message, unsigned char** buffer, size_t* length) return (0); //success } - EVP_PKEY *load_pubkey_from_file(const char *file) { BIO *key = NULL; EVP_PKEY *pkey = NULL; @@ -159,7 +161,7 @@ EVP_PKEY *load_pubkey_from_file(const char *file) { if (file) { key = BIO_new_file(file, "r"); pkey = PEM_read_bio_PUBKEY(key, NULL, NULL, NULL); - + BIO_free(key); } return (pkey); @@ -173,6 +175,7 @@ EVP_PKEY *load_pubkey_from_base64(const char *buffer) { BIO* bio = BIO_new(BIO_s_mem()); BIO_write(bio, key, key_len); EVP_PKEY *pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); + BIO_free(bio); return (pkey); } @@ -189,6 +192,17 @@ EVP_PKEY *load_privkey_from_file(const char *file) { return (pkey); } +EVP_PKEY *load_privkey_from_base64(const char *buffer) { + unsigned char *key = NULL; + size_t key_len; + Base64Decode(buffer, &key, &key_len); + + BIO* bio = BIO_new(BIO_s_mem()); + BIO_write(bio, key, key_len); + EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); + BIO_free(bio); + return (pkey); +} int test_load_pubkey_from_file(const char *file){ EVP_PKEY *key = load_pubkey_from_file(file); @@ -227,6 +241,11 @@ int encrypt_rsa_message(const char *plaintext, EVP_PKEY *public_key, unsigned ch OPENSSL_free(rsa_buffer); BIO_free(bioBuff); + if (encryptedtext_len < 0) { + /* We probably shoudln't be printing stuff like this */ + fprintf(stderr, "%s\n", ERR_error_string(ERR_get_error(), NULL)); + } + return encryptedtext_len; } @@ -249,17 +268,36 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt OPENSSL_free(rsa_buffer); BIO_free(bioBuff); + if (plaintext_len < 0) { + /* We probably shoudln't be printing stuff like this */ + fprintf(stderr, "%s\n", ERR_error_string(ERR_get_error(), NULL)); + } + return plaintext_len; } int encode_auth_setting(const char *username, const char *password, EVP_PKEY *public_key, char **authtoken){ time_t t = time(NULL); time_t utc_seconds = mktime(localtime(&t)); - char text[150]; - sprintf (text, "user: %s\npwd: %s\nts: %ld", username, password, utc_seconds); + + /* + * Compute a pessimistic/conservative estimate of storage required. + * It's OK to allocate too much storage but too little is bad. + */ + const int text_len = strlen(auth_text_format) + strlen(username) + strlen(password) + 32; + char *text = (char *) calloc(text_len, sizeof(char)); + if (text == NULL) { + return -1; + } + snprintf(text, text_len, auth_text_format, username, password, utc_seconds); + unsigned char *encrypted = NULL; int encrypted_len; encrypted_len = encrypt_rsa_message(text, public_key, &encrypted); + free(text); + if (encrypted_len < 0) { + return -1; + } Base64Encode(encrypted, encrypted_len, authtoken); OPENSSL_free(encrypted); @@ -274,19 +312,36 @@ int decode_auth_setting(int enable_debug, char *authtoken, EVP_PKEY *private_key unsigned char *plaintext = NULL; int plaintext_len; plaintext_len = decrypt_rsa_message(encrypted_b64, encrypted_len_b64, private_key, &plaintext); - plaintext[plaintext_len] = '\0'; free(encrypted_b64); + if (plaintext_len < 0) { + return -1; + } + plaintext[plaintext_len] = '\0'; + + char *s_username, *s_password; + s_username = (char *) calloc(plaintext_len, sizeof(char)); + if (s_username == NULL) { + return -1; + } + s_password = (char *) calloc(plaintext_len, sizeof(char)); + if (s_password == NULL) { + free(s_username); + return -1; + } + + int rc = sscanf((char *) plaintext, auth_text_format, s_username, s_password, ts); + if (rc != 3) { + free(s_password); + free(s_username); + return -1; + } - char s_username[20], s_password[20]; - sscanf ((char *)plaintext,"user: %s\npwd: %s\nts: %ld", s_username, s_password, ts); if (enable_debug) { printf("Auth Token Content:\n%s\n", plaintext); printf("Auth Token Credentials:\n--> %s %s\n", s_username, s_password); } - *username = (char *) calloc(21, sizeof(char)); - *password = (char *) calloc(21, sizeof(char)); - strncpy(*username, s_username, 20); - strncpy(*password, s_password, 20); + *username = s_username; + *password = s_password; OPENSSL_free(plaintext); return (0); } |