diff options
Diffstat (limited to 'appl')
| -rw-r--r-- | appl/cmd/auth/mkfile | 1 | ||||
| -rw-r--r-- | appl/cmd/auth/secstore.b | 28 | ||||
| -rw-r--r-- | appl/lib/secstore.b | 42 |
3 files changed, 70 insertions, 1 deletions
diff --git a/appl/cmd/auth/mkfile b/appl/cmd/auth/mkfile index 71d31533..40eaf557 100644 --- a/appl/cmd/auth/mkfile +++ b/appl/cmd/auth/mkfile @@ -17,6 +17,7 @@ TARG=\ mkauthinfo.dis\ passwd.dis\ rsagen.dis\ + secstore.dis\ signer.dis\ verify.dis\ diff --git a/appl/cmd/auth/secstore.b b/appl/cmd/auth/secstore.b index e26e132d..3bebd29b 100644 --- a/appl/cmd/auth/secstore.b +++ b/appl/cmd/auth/secstore.b @@ -199,7 +199,25 @@ Auth: secstore->erasekey(file); file = nil; verb('x', fname); - 'r' or * => + 'r' => + checkname(fname, 1); + fd := sys->open(fname, sys->OREAD); + if(fd == nil) + error(sys->sprint("open %q: %r", fname)); + (ok, dir) := sys->fstat(fd); + if(ok != 0) + error(sys->sprint("stat %q: %r", fname)); + if(int dir.length > Maxfilesize) + error(sys->sprint("length %bd > Maxfilesize %d", dir.length, Maxfilesize)); + file = array[int dir.length] of byte; + if(sys->readn(fd, file, len file) != len file) + error(sys->sprint("short read: %r")); + if(putfile(conn, fname, file, filekey) < 0) + error(sys->sprint("putfile: %r")); + secstore->erasekey(file); + file = nil; + verb('r', fname); + * => error(sys->sprint("op %c not implemented", op)); } } @@ -242,6 +260,14 @@ getfile(conn: ref Dial->Connection, fname: string, key: array of byte): array of return f; } +putfile(conn: ref Dial->Connection, fname: string, data, key: array of byte): int +{ + data = secstore->encrypt(data, key); + if(data == nil) + return -1; + return secstore->putfile(conn, fname, data); +} + erase() { if(secstore != nil){ diff --git a/appl/lib/secstore.b b/appl/lib/secstore.b index f6cb1b15..21ee45c8 100644 --- a/appl/lib/secstore.b +++ b/appl/lib/secstore.b @@ -17,6 +17,7 @@ include "keyring.m"; include "security.m"; ssl: SSL; + random: Random; include "encoding.m"; base64: Encoding; @@ -29,6 +30,7 @@ init() sys = load Sys Sys->PATH; kr = load Keyring Keyring->PATH; ssl = load SSL SSL->PATH; + random = load Random Random->PATH; base64 = load Encoding Encoding->BASE64PATH; dialler = load Dial Dial->PATH; initPAKparams(); @@ -183,6 +185,28 @@ remove(conn: ref Dial->Connection, name: string): int return 0; } +putfile(conn: ref Dial->Connection, name: string, data: array of byte): int +{ + if(len data > Maxfilesize){ + sys->werrstr("file too long"); + return -1; + } + fd := conn.dfd; + if(sys->fprint(fd, "PUT %s\n", name) < 0) + return -1; + if(sys->fprint(fd, "%d", len data) < 0) + return -1; + for(o := 0; o < len data;){ + n := len data-o; + if(n > Maxmsg) + n = Maxmsg; + if(sys->write(fd, data[o:o+n], n) != n) + return -1; + o += n; + } + return 0; +} + bye(conn: ref Dial->Connection) { if(conn != nil){ @@ -236,6 +260,24 @@ decrypt(file: array of byte, key: array of byte): array of byte return file[AESbsize: length-Checklen]; } +encrypt(file: array of byte, key: array of byte): array of byte +{ + dat := array[AESbsize+len file+Checklen] of byte; + iv := random->randombuf(random->NotQuiteRandom, AESbsize); + if(len iv != AESbsize) + return nil; + dat[:] = iv; + dat[len iv:] = file; + dat[len iv+len file:] = array of byte Checkpat; + state := kr->aessetup(key, iv); + if(state == nil){ + sys->werrstr("can't set AES state"); + return nil; + } + kr->aescbc(state, dat[AESbsize:], len dat-AESbsize, Keyring->Encrypt); + return dat; +} + lines(file: array of byte): list of array of byte { rl: list of array of byte; |