Merge pull request #31 from GoDjango-Development/development

Development

include/cmd.h

@@ -185,6 +185,10 @@
 #define CMD_RUNBASH "RUNBASH"
 /* Folder jailing and recursively creation system enforcement. */
 #define CMD_FLYCONTEXT "FLYCONTEXT"
+/* Turn ON AES Encryption. */
+#define CMD_GOAES "GOAES"
+/* Turn ON TFProtocol default encryption. */
+#define CMD_TFPCRYPTO "TFPCRYPTO"
 
 /* Lock filename. */
 extern char lcknam[PATH_MAX];
@@ -359,5 +363,9 @@ void cmd_lsrv2down(int mode);
 void cmd_runbash(void);
 /* Folder jailing and recursively creation system enforcement. */
 void cmd_flycontext(void);
+/* Turn ON AES Encryption. */
+void cmd_goaes(void);
+/* Turn ON TFProtocol default encryption. */
+void cmd_tfpcrypto(void);
 
 #endif

include/crypto.h

@@ -6,6 +6,7 @@
 
 #include <openssl/ssl.h>
 #include <inttypes.h>
+#include <openssl/aes.h>
 
 /* Session key max length in bytes. Must be less than the RSA key length
     modulus minus used padding. In this case is 2048 / 8 - 42 = 214 bytes. */
@@ -14,6 +15,12 @@
 #define KEYMIN 16
 /* RSA key lenght modulus. */
 #define RSA_KEYLEN 2048 / 8
+/* Block cihper key length. */
+#define BLK_KEYSZ 32
+/* Block cipher initialization vector size. */
+#define BLK_IVSZ 16
+/* Block cihper key length. */
+#define BLK_SIZE 16
 
 /* The posible states of encrypt system. */
 enum cryptst { CRYPT_OFF, CRYPT_ON };
@@ -33,6 +40,21 @@ struct crypto {
     enum pack pack;
 };
 
+/* Structure to store block encryption key and iv. 
+    It uses symmetric encryption. */
+struct blkcipher {
+    /* Encryption key. */
+    unsigned char key[BLK_KEYSZ];
+    /* Initialization vector. */
+    unsigned char iv[BLK_IVSZ];
+    /* Encrypted/Decrypted data. */
+    unsigned char data[BLK_SIZE];
+    /* Encrypted/Decrypted data tmp. */
+    unsigned char tmpbuf[BLK_SIZE];
+    /* Cipher Context */
+    EVP_CIPHER_CTX *ctx;
+};
+
 /* Initialize function pointers and random key. */
 void initcrypto(struct crypto *cryp);
 /* Encrypt random key with a rsa public key. 2048 bit and 
@@ -45,5 +67,16 @@ int derankey(struct crypto *crypt, char *privrsa);
 void swapkey(struct crypto *crypt, char *newkey, int keylen);
 /* Duplicate crypt structure. */
 int dup_crypt(struct crypto *to, struct crypto *from);
+/* Initialize blkcipher structure. */
+int blkinit_en(struct blkcipher *cipher);
+int blkinit_de(struct blkcipher *cipher);
+/* Finalize Block Cipher structure. */
+void blkfin(struct blkcipher *cipher);
+/* Block Cipher encryption function. */
+int blkencrypt(struct blkcipher *cipher, void *cidata, void *pldata, int pllen);
+int blkend_en(struct blkcipher *cipher, void *cidata, int cilen);
+/* Block Cipher decryption function. */
+int blkdecrypt(struct blkcipher *cipher, void *pldata, void *cidata, int cilen);
+int blkend_de(struct blkcipher *cipher, void *pldata, int pllen);
 
 #endif

include/err.h

@@ -137,5 +137,7 @@
 #define CMD_ERUNBASH "64: Failed running RUNBASH command."
 /* Unable to use the FlyContext System. */
 #define CMD_EFLYCONTEXT "65: Unable to use the FlyContext System."
+/* Unable to start AES encryption system. */
+#define CMD_EAES "66: Unable to start AES encryption system."
 
 #endif

include/tfproto.h

@@ -71,8 +71,13 @@ struct comm {
 extern struct crypto cryp_rx;
 extern struct crypto cryp_tx;
 extern struct crypto cryp_org;
+/* Cryptography structures for aes cipher block crypt and decrypt. */
+extern struct blkcipher cipher_rx;
+extern struct blkcipher cipher_tx;
 /* Secure FileSystem identity token. */
 extern char fsid[LINE_MAX];
+/* Define if block cipher should be used. */
+extern int blkstatus;
 
 /* Initialize internal data and run mainloop function */
 void begincomm(int sock, struct sockaddr_in6 *rmaddr, socklen_t *rmaddrsz);
@@ -100,5 +105,11 @@ int64_t writebuf_exfd(int fd, char *buf, int64_t len, int enc);
 int secfs_proc(const char *src);
 /* Get identity permission. */
 unsigned int getfsidperm(const char *path, const char *id);
+/* Enable Block Cipher layer. */
+int setblkon(void);
+/* Disable Block Cipher layer. */
+void setblkoff(void);
+/* Actually starts AES cipher. */
+void startblk(void);
 
 #endif

src/cmd.c

@@ -21,6 +21,7 @@
 #include <pwd.h>
 #include <grp.h>
 #include <sys/time.h>
+#include <tfproto.h>
 
 /* H-P command signal for command operation release. */
 #define HPFFIN -127
@@ -410,6 +411,10 @@ void cmd_parse(void)
         cmd_runbash();
     else if (!strcmp(cmd, CMD_FLYCONTEXT))
         cmd_flycontext();
+    else if (!strcmp(cmd, CMD_GOAES))
+        cmd_goaes();
+    else if (!strcmp(cmd, CMD_TFPCRYPTO))
+        cmd_tfpcrypto();
     else if (strstr(cmd, CMD_XS))
         run_xmods(cmd);
     else
@@ -3805,3 +3810,24 @@ void cmd_flycontext(void)
     tfproto.flycontext = 0;
     cmd_ok();
 }
+
+void cmd_goaes(void)
+{
+    if (readbuf_ex(cipher_tx.key, sizeof cipher_tx.key) == -1)
+        return;
+    if (readbuf_ex(cipher_tx.iv, sizeof cipher_tx.iv) == -1)
+        return;
+    memcpy(cipher_rx.key, cipher_tx.key, sizeof cipher_tx.key);
+    memcpy(cipher_rx.iv, cipher_tx.iv, sizeof cipher_tx.iv);
+    if (!setblkon()) {
+        cmd_ok();
+        startblk();
+    } else
+        cmd_fail(CMD_EAES);
+}
+
+void cmd_tfpcrypto(void)
+{
+    cmd_ok();
+    setblkoff();
+}

src/crypto.c

@@ -7,6 +7,7 @@
 #include <unistd.h>
 #include <time.h>
 #include <string.h>
+#include <malloc.h>
 
 #define MOD_VALUE 256
 
@@ -98,7 +99,7 @@ int derankey(struct crypto *crypt, char *privrsa)
     if (!rsa)
         return -1;
     pevpkey = EVP_PKEY_new();
-    if ( !pevpkey)
+    if (!pevpkey)
         return -1;
     if (!EVP_PKEY_assign_RSA(pevpkey, rsa))
         return -1;
@@ -144,3 +145,66 @@ int dup_crypt(struct crypto *to, struct crypto *from)
     memcpy(to->rndkey, from->rndkey, from->rndlen);
     return 0;
 }
+
+int blkinit_en(struct blkcipher *cipher)
+{
+    memset(cipher, 0, sizeof(struct blkcipher));
+    if (!(cipher->ctx = EVP_CIPHER_CTX_new()))
+        return -1;
+    if (EVP_EncryptInit_ex(cipher->ctx, EVP_aes_256_cbc(), NULL, cipher->key,
+        cipher->iv) != 1)
+        return -1;
+    return 0;
+}
+
+int blkinit_de(struct blkcipher *cipher)
+{
+    memset(cipher, 0, sizeof(struct blkcipher));
+    if (!(cipher->ctx = EVP_CIPHER_CTX_new()))
+        return -1;
+    if (EVP_DecryptInit_ex(cipher->ctx, EVP_aes_256_cbc(), NULL, cipher->key,
+        cipher->iv) != 1)
+        return -1;
+    return 0;
+}
+
+void blkfin(struct blkcipher *cipher)
+{
+    EVP_CIPHER_CTX_free(cipher->ctx);
+}
+
+int blkencrypt(struct blkcipher *cipher, void *cidata, void *pldata, int pllen)
+{
+    int cilen = 0;
+    if (EVP_EncryptInit_ex(cipher->ctx, NULL, NULL, NULL, NULL) != 1)
+        return -1;
+    if (EVP_EncryptUpdate(cipher->ctx, cidata, &cilen, pldata, pllen) != 1)
+        return -1;
+    return cilen;
+}
+
+int blkdecrypt(struct blkcipher *cipher, void *pldata, void *cidata, int cilen)
+{
+    int pllen = 0;
+    if (EVP_DecryptInit_ex(cipher->ctx, NULL, NULL, NULL, NULL) != 1)
+        return -1;
+    if (EVP_DecryptUpdate(cipher->ctx, pldata, &pllen, cidata, cilen) != 1)
+        return -1;
+    return pllen;
+}
+
+int blkend_de(struct blkcipher *cipher, void *pldata, int pllen)
+{
+    int exlen = 0;
+    if (EVP_DecryptFinal_ex(cipher->ctx, pldata + pllen, &exlen) != 1)
+        return -1;
+    return pllen + exlen;
+}
+
+int blkend_en(struct blkcipher *cipher, void *cidata, int cilen)
+{
+    int exlen = 0;
+    if (EVP_EncryptFinal_ex(cipher->ctx, cidata + cilen, &exlen) != 1)
+        return -1;
+    return cilen + exlen;
+}

src/main.c

@@ -27,7 +27,7 @@ static void mkdaemon(void);
 pid_t rlwait_pid = -1;
 
 int main(int argc, char **argv)
-{
+{ 
     if (argc >= 3)
         dmode = 1;
     if (argc < 2) {