Preliminary work for Rollie to add in Curve25519 crypto layer.

ciphers.c

@@ -19,8 +19,74 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
 #include "mphlr.h"
 
+int current_sid_set=0;
+unsigned char current_sid[SID_SIZE];
+
+int packetSetMySid(char *sid)
+{
+  /* Set SID identity if not the first SID in the HLR */
+
+ 
+  return setReason("Not implemented");
+}
+
+int packetGetPrivateKeyForSid()
+{
+ /* Add all local SIDs to our cache */
+  int ofs=0;
+  while(findHlr(hlr,&ofs,NULL,NULL)) {
+    // XXX If the SIDs match, then this is it */
+    if (!current_sid) {
+      /* we are using the first sid in the HLR */
+    } else {
+      /* Compare current SID with SID of this HLR record */
+      /* XXX get PIN field which contains the private key or ciphered private key.
+	 Use code from ACTION_GET case in server.c as a guide */
+    }
+    if (nextHlr(hlr,&ofs)) break;
+  }
+
+  return setReason("Not implemented");
+}
+
+int packetClearPrivateKeys()
+{
+}
+
 int packetDecipher(unsigned char *packet,int len,int cipher)
 {
-  if (cipher) return setReason("Unknown packet cipher");
+  // Not encrypting for now 
+  return 0;
+
+  switch(cipher) {
+  case 0: /* plain text */
+  case CRYPT_PUBLIC: /*make it public, with no other requirements == plain text */
+    return 0;
+  case CRYPT_SIGNED:
+  case CRYPT_PUBLIC|CRYPT_SIGNED:
+    /* Sign but don't encrypt, i.e., crypto_sign() */
+    return 0;
+  case CRYPT_CIPHERED:
+    /* encrypt, but don't sign.
+       Down the track we will use crypto_stream(), but we need a shared secret for the conversation.
+    */
+    return 0;
+  case CRYPT_CIPHERED|CRYPT_SIGNED:
+    /* encrypt and sign, i.e., crypto_box() */
+    return 0;
+  default:
+    return setReason("Unknown packet cipher");
+  }
+}
+
+int packetEncipher(unsigned char *packet,int len,int cryptoflags)
+{
+  // Not encrypting for now
+  return 0;
+
+  if (cryptoflags) 
+    {
+      return setReason("Unknown packet cipher"); 
+    }
   else return 0; /* plain text */
 }

client.c

@@ -216,11 +216,11 @@ int requestNewHLR(char *did,char *pin,char *sid,struct sockaddr *recvaddr)
   bzero(&responses,sizeof(responses));
 
   /* Prepare the request packet */
-  if (packetMakeHeader(packet,8000,&packet_len,NULL)) return -1;
+  if (packetMakeHeader(packet,8000,&packet_len,NULL,CRYPT_PUBLIC)) return -1;
   bcopy(&packet[OFS_TRANSIDFIELD],transaction_id,TRANSID_SIZE);
   if (packetSetDid(packet,8000,&packet_len,did)) return -1;
   if (packetAddHLRCreateRequest(packet,8000,&packet_len)) return -1;
-  if (packetFinalise(packet,8000,&packet_len)) return -1;
+  if (packetFinalise(packet,8000,&packet_len,CRYPT_PUBLIC)) return -1;
 
   /* Send it to peers, starting with ourselves, one at a time until one succeeds.
      XXX - This could take a while if we have long timeouts for each. */
@@ -420,13 +420,13 @@ int writeItem(char *sid,int var_id,int instance,unsigned char *value,
       return 0;
     }
 
-  /* Prepare the request packet */
-  if (packetMakeHeader(packet,8000,&packet_len,NULL)) return -1;
+  /* Prepare the request packet to write the variable */
+  if (packetMakeHeader(packet,8000,&packet_len,NULL,CRYPT_SIGNED|CRYPT_CIPHERED)) return -1;
   bcopy(&packet[OFS_TRANSIDFIELD],transaction_id,TRANSID_SIZE);
   if (packetSetSid(packet,8000,&packet_len,sid)) return -1;
   if (packetAddVariableWrite(packet,8000,&packet_len,var_id,instance,
 			     value,value_start,value_length,flags)) return -1;
-  if (packetFinalise(packet,8000,&packet_len)) return -1;
+  if (packetFinalise(packet,8000,&packet_len,CRYPT_SIGNED|CRYPT_CIPHERED)) return -1;
 
   /* XXX should be able to target to the peer holding the SID, if we have it.
      In any case, we */
@@ -483,8 +483,9 @@ int peerAddress(char *did,char *sid,int flags)
 
   for(i=0;i<TRANSID_SIZE;i++) transaction_id[i]=random()&0xff;
 
-  /* Prepare the request packet */
-  if (packetMakeHeader(packet,8000,&packet_len,transaction_id)) 
+  /* Prepare the request packet: this is broadcast, so make it public.
+   As these can get sent out quite often, don't waste time and energy signing. */
+  if (packetMakeHeader(packet,8000,&packet_len,transaction_id,CRYPT_PUBLIC)) 
     {
       if (debug) fprintf(stderr,"%s() failed at line %d\n",__FUNCTION__,__LINE__);
       return -1;
@@ -511,7 +512,7 @@ int peerAddress(char *did,char *sid,int flags)
     if (debug) fprintf(stderr,"%s() failed at line %d\n",__FUNCTION__,__LINE__);
     return -1;
   }
-  if (packetFinalise(packet,8000,&packet_len)) {
+  if (packetFinalise(packet,8000,&packet_len,CRYPT_PUBLIC)) {
     if (debug) fprintf(stderr,"%s() failed at line %d\n",__FUNCTION__,__LINE__);
     return -1;
   }
@@ -564,8 +565,8 @@ int requestItem(char *did,char *sid,char *item,int instance,unsigned char *buffe
 
   bzero(&responses,sizeof(responses));
 
-  /* Prepare the request packet */
-  if (packetMakeHeader(packet,8000,&packet_len,transaction_id)) 
+  /* Prepare the request packet. Don't let anyone else see what we are asking for. */
+  if (packetMakeHeader(packet,8000,&packet_len,transaction_id,CRYPT_SIGNED|CRYPT_CIPHERED)) 
     {
       if (debug) fprintf(stderr,"requestItem() failed at line %d\n",__LINE__);
       return -1;
@@ -592,7 +593,7 @@ int requestItem(char *did,char *sid,char *item,int instance,unsigned char *buffe
     if (debug) fprintf(stderr,"requestItem() failed at line %d\n",__LINE__);
     return -1;
   }
-  if (packetFinalise(packet,8000,&packet_len)) {
+  if (packetFinalise(packet,8000,&packet_len,CRYPT_SIGNED|CRYPT_CIPHERED)) {
     if (debug) fprintf(stderr,"requestItem() failed at line %d\n",__LINE__);
     return -1;
   }
@@ -699,7 +700,7 @@ int requestItem(char *did,char *sid,char *item,int instance,unsigned char *buffe
 			      /* Send accumulated request direct to the responder */
 			      if (packet_len>=MAX_DATA_BYTES)
 				{
-				  if (packetFinalise(packet,8000,&packet_len)) {
+				  if (packetFinalise(packet,8000,&packet_len,CRYPT_CIPHERED|CRYPT_SIGNED)) {
 				    if (debug) fprintf(stderr,"requestItem() failed at line %d\n",__LINE__);
 				    return -1;
 				  }
@@ -709,7 +710,8 @@ int requestItem(char *did,char *sid,char *item,int instance,unsigned char *buffe
 			      /* Prepare a new request packet if one is not currently being built */
 			      if (!packet_len)
 				{
-				  if (packetMakeHeader(packet,8000,&packet_len,transaction_id)) {
+				  /* We are requesting data, so ask for privacy */
+				  if (packetMakeHeader(packet,8000,&packet_len,transaction_id,CRYPT_CIPHERED|CRYPT_SIGNED)) {
 				    if (debug) fprintf(stderr,"requestItem() failed at line %d\n",__LINE__);
 				    return -1;
 				  }
@@ -730,7 +732,7 @@ int requestItem(char *did,char *sid,char *item,int instance,unsigned char *buffe
 			/* Send accumulated request direct to the responder */
 			if (packet_len)
 			  {
-			    if (packetFinalise(packet,8000,&packet_len)) {
+			    if (packetFinalise(packet,8000,&packet_len,CRYPT_SIGNED|CRYPT_CIPHERED)) {
 			      if (debug) fprintf(stderr,"requestItem() failed at line %d\n",__LINE__);
 			      return -1;
 			    }

mphlr.h

@@ -299,10 +299,10 @@ int dump(char *name,unsigned char *addr,int len);
 int packetOk(int interface,unsigned char *packet,int len,unsigned char *transaction_id,
 	     struct sockaddr *recvaddr,int recvaddrlen,int parseP);
 int process_packet(unsigned char *packet,int len,struct sockaddr *sender,int sender_len);
-int packetMakeHeader(unsigned char *packet,int packet_maxlen,int *packet_len,unsigned char *transaction_id);
+int packetMakeHeader(unsigned char *packet,int packet_maxlen,int *packet_len,unsigned char *transaction_id,int cryptoflags);
 int packetSetDid(unsigned char *packet,int packet_maxlen,int *packet_len,char *did);
 int packetSetSid(unsigned char *packet,int packet_maxlen,int *packet_len,char *sid);
-int packetFinalise(unsigned char *packet,int packet_maxlen,int *packet_len);
+int packetFinalise(unsigned char *packet,int packet_maxlen,int *packet_len,int cryptoflags);
 int packetAddHLRCreateRequest(unsigned char *packet,int packet_maxlen,int *packet_len);
 int extractResponses(struct in_addr sender,unsigned char *buffer,int len,struct response_set *responses);
 int packetAddVariableRequest(unsigned char *packet,int packet_maxlen,int *packet_len,

packetformats.c

@@ -123,7 +123,7 @@ int packetOkDNA(unsigned char *packet,int len,unsigned char *transaction_id,
 }
 
 int packetMakeHeader(unsigned char *packet,int packet_maxlen,int *packet_len,
-		     unsigned char *transaction_id)
+		     unsigned char *transaction_id,int cryptoflags)
 {
   int i;
 
@@ -197,7 +197,7 @@ int packetSetSid(unsigned char *packet,int packet_maxlen,int *packet_len,char *s
   return stowSid(packet,ofs,sid);
 }
 
-int packetFinalise(unsigned char *packet,int packet_maxlen,int *packet_len)
+int packetFinalise(unsigned char *packet,int packet_maxlen,int *packet_len,int cryptoflags)
 {
   /* Add any padding bytes and EOT to packet */
   int paddingBytes=rand()&0xf;
@@ -245,6 +245,8 @@ int packetFinalise(unsigned char *packet,int packet_maxlen,int *packet_len)
   packet[OFS_ROTATIONFIELD]=payloadRotation;
   if (debug>3) dump("rotated packet",packet,*packet_len);
 
+  if (cryptoflags) return packetEncipher(packet,packet_maxlen,packet_len);
+
   return 0;
 }
 

server.c

@@ -460,7 +460,7 @@ int respondSimple(char *sid,int action,unsigned char *action_text,int action_len
   }
 
   /* Prepare the request packet */
-  if (packetMakeHeader(packet,8000,packet_len,transaction_id)) return -1;
+  if (packetMakeHeader(packet,8000,packet_len,transaction_id,cryptoFlags)) return -1;
   if (sid&&sid[0]) 
     { if (packetSetSid(packet,8000,packet_len,sid)) 
 	return setReason("invalid SID in reply"); }
@@ -475,7 +475,7 @@ int respondSimple(char *sid,int action,unsigned char *action_text,int action_len
 
   if (debug>2) dump("Simple response octets",action_text,action_len);
 
-  if (packetFinalise(packet,8000,packet_len)) return -1;
+  if (packetFinalise(packet,8000,packet_len,cryptoFlags)) return -1;
 
   if (debug) fprintf(stderr,"Sending response of %d bytes.\n",*packet_len);