-- Leo's gemini proxy
-- Connecting to git.thebackupbox.net:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
repo: urcd action: commit revision: path_from: revision_from: 89f852443eef4c522becda07c53c047c477023a0: path_to: revision_to:
commit 89f852443eef4c522becda07c53c047c477023a0 Author: root <root@localhost.(none)> Date: Mon Jul 21 02:04:30 2014 +0000 [CryptoServ] instructions in the README file diff --git a/.gitignore b/.gitignore
--- a/.gitignore +++ b/.gitignore @@ -34,6 +34,10 @@ urc-udpsend urc-udprecv libsodium-0.6.0.tar.gz libsodium-0.6.0 +ucspi-tcp-0.88.tar.gz ucspi-tcp-0.88.tar ucspi-tcp-0.88 -contrib/d3v11/cryptoserv/cryptoserv +cryptoservroot/ +cryptoserv +taia96n.so +taia96n.py diff --git a/README b/README
--- a/README +++ b/README @@ -287,6 +287,13 @@ hub2hub: ./bin/add-hublisten your.urcd.ano 1234 /service/urcd-hub0/socket/ ./bin/add-hubconnect peer.urcd.ano 4321 /service/urcd-hub0/socket/ +CryptoServ (requires NaCl): + # stdin.cryptoserv will create cryptoservroot/urcsigndb and + # cryptoservroot/urccryptoboxdir. you'll need to point + # env/URCCRYPTOBOXDIR and env/URCSIGNDB accordingly. + + ln -s stdin.cryptoserv stdin + urc2sd: #urc2sd follows a similar convention as urcd by using a format #that distinguishes signed messages from nonverified messages. diff --git a/contrib/d3v11/cryptoserv/Makefile b/contrib/d3v11/cryptoserv/Makefile deleted file mode 100644 index 54713c009304dfd46c17e7ed0246a31f24a21da0..0000000000000000000000000000000000000000 --- a/contrib/d3v11/cryptoserv/Makefile +++ /dev/null @@ -1,2 +0,0 @@ -all: - gcc cryptoserv.c -o cryptoserv -l nacl diff --git a/contrib/d3v11/cryptoserv/cryptoserv.c b/contrib/d3v11/cryptoserv/cryptoserv.c deleted file mode 100644 index 1d3bcde9a75a064366681a5fde4529fb0790dd2d..0000000000000000000000000000000000000000 --- a/contrib/d3v11/cryptoserv/cryptoserv.c +++ /dev/null @@ -1,146 +0,0 @@ -#include <nacl/crypto_scalarmult_curve25519.h> -#include <nacl/crypto_hash_sha256.h> -#include <nacl/crypto_verify_32.h> -#include <nacl/crypto_sign.h> -#include <nacl/crypto_box.h> -#include <sys/socket.h> -#include <sys/types.h> -#include <strings.h> -#include <unistd.h> -#include <sys/un.h> -#include <string.h> -#include <stdlib.h> -#include <stdio.h> -#include <fcntl.h> -#include <taia.h> -#include <pwd.h> - -#include "base16.h" - -#define USAGE "./cryptoserv /path/to/sockets/ /path/to/root/\n" - -#ifndef UNIX_PATH_MAX - #ifdef __NetBSD__ - #define UNIX_PATH_MAX 104 - #else - #define UNIX_PATH_MAX 108 - #endif -#endif - -int itoa(char *s, int n, int slen) -{ - if (snprintf(s,slen,"%d",n)<0) return -1; - return 0; -} - -void randombytes(char *bytes) { - crypto_hash_sha256(bytes,bytes,32); -} - -void upper( - unsigned char *buffer0, - unsigned char *buffer1, - int buffer1_len -) { - int i; - for(i=0;i<buffer1_len;++i) { - if ((buffer1[i]>96)&&(buffer1[i]<123)) { - buffer0[i] = buffer1[i] - 32; - } - else buffer0[i] = buffer1[i]; - } -} - -main(int argc, char *argv[]) -{ - - if (argc<3) { - write(2,USAGE,strlen(USAGE)); - exit(1); - } - - struct passwd *urcd = getpwnam("urcd"); - struct sockaddr_un s; - - unsigned char buffer2[1024*2] = {0}; - unsigned char buffer1[1024*2] = {0}; - unsigned char buffer0[1024*2] = {0}; - unsigned char hk[32+32+64+64]; - unsigned char sk[32+64]; - - int i = strlen(argv[1]); - int nicklen = 0; - int login = 0; - int sfd = -1; - int NICKLEN; - - bzero(&s,sizeof(s)); - s.sun_family = AF_UNIX; - memcpy(s.sun_path,argv[1],i); /* contains potential overflow */ - - if (((sfd=socket(AF_UNIX,SOCK_DGRAM,0))<0) - || (itoa(s.sun_path+i,getppid(),UNIX_PATH_MAX-i)<0) - || (connect(sfd,(struct sockaddr *)&s,sizeof(s))<0) - || (setsockopt(sfd,SOL_SOCKET,SO_REUSEADDR,&i,sizeof(i))<0)) - { - write(2,USAGE,strlen(USAGE)); - exit(2); - } - - i = open("env/NICKLEN",0); - if (i>0) - { - if (read(i,buffer0,1024)>0) NICKLEN = atoi(buffer0) & 255; - else NICKLEN = 32; - } else NICKLEN = 32; - close(i); - - if ((!urcd) - || (chdir(argv[2])) - || (chroot(argv[2])) - || (setgroups(0,'\x00')) - || (setgid(urcd->pw_gid)) - || (setuid(urcd->pw_uid))) - { - write(2,USAGE,strlen(USAGE)); - exit(3); - } - - fcntl(0,F_SETFL,fcntl(0,F_GETFL,0)&~O_NONBLOCK); - - memcpy(buffer2+2+12+4+8,":CryptoServ!urc@service PRIVMSG ",32); - - - while (1) - { - - for (i=0;i<1024;++i) - { - if (read(0,buffer0+i,1)<1) exit(4); - if (buffer0[i] == '\r') --i; - if (buffer0[i] == '\n') break; - } if (buffer0[i] != '\n') continue; - ++i; - - upper(buffer1,buffer0,i); - - if ((i>=7)&&(!memcmp("NICK ",buffer1,5))) { /* not reliable */ - nicklen=-5+i-1; - if (nicklen<=NICKLEN) { - memcpy(buffer2+2+12+4+8+32,buffer0+5,nicklen); - memcpy(buffer2+2+12+4+8+32+nicklen," :",2); - } - else nicklen = 0; - } else if (nicklen) { - if ((i>=20)&&(!memcmp("PRIVMSG CRYPTOSERV :",buffer1,20))) { - memcpy(buffer2+2+12+4+8+32+nicklen+2,"test\n",5); - write(sfd,buffer2,2+12+4+8+32+nicklen+2+5); - continue; - } - } - if (write(1,buffer0,i)<0) exit(5); - } -} - -// if ((i>=32) && (!memcmp(buffer1+20,"IDENTIFY ",9) -//crypto_scalarmult_curve25519_base(longtermpk,longtermsk); diff --git a/git-commit b/git-commit
--- a/git-commit +++ b/git-commit @@ -16,7 +16,8 @@ git add -f \ db \ contrib/ \ doc/ \ - DONATE + DONATE \ + stdin.cryptoserv TZ=UTC git commit --date="`date -u +'%s'`" test -x /usr/lib/git-core/git-update-server-info && /usr/lib/git-core/git-update-server-info diff --git a/contrib/d3v11/cryptoserv/base16.h b/src/base16.h similarity index 100% rename from contrib/d3v11/cryptoserv/base16.h rename to src/base16.h diff --git a/src/cryptoserv.c b/src/cryptoserv.c new file mode 100644 index 0000000000000000000000000000000000000000..f4740bc555c2417dc98afbcbbfbca16f75430ae1 --- /dev/null +++ b/src/cryptoserv.c @@ -0,0 +1,305 @@ +#include <nacl/crypto_scalarmult_curve25519.h> +#include <nacl/crypto_hash_sha512.h> +#include <nacl/crypto_verify_32.h> +#include <nacl/crypto_sign.h> +#include <nacl/crypto_box.h> +#include <sys/socket.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <strings.h> +#include <unistd.h> +#include <sys/un.h> +#include <string.h> +#include <stdlib.h> +#include <stdio.h> +#include <fcntl.h> +#include <pwd.h> + +#include "base16.h" + +#define USAGE "./cryptoserv /path/to/sockets/ /path/to/root/\n" + +#ifndef UNIX_PATH_MAX + #ifdef __NetBSD__ + #define UNIX_PATH_MAX 104 + #else + #define UNIX_PATH_MAX 108 + #endif +#endif + +int itoa(char *s, int n, int slen) +{ + if (snprintf(s,slen,"%d",n)<0) return -1; + return 0; +} + +void randombytes(char *bytes) {} /* do nothing */ + +void lower( + unsigned char *buffer0, + unsigned char *buffer1, + int buffer1_len +) { + int i; + for(i=0;i<buffer1_len;++i) { + if ((buffer1[i]>64)&&(buffer1[i]<91)) { + buffer0[i] = buffer1[i] + 32; + } + else buffer0[i] = buffer1[i]; + } +} + +main(int argc, char *argv[]) +{ + + if (argc<3) { + write(2,USAGE,strlen(USAGE)); + exit(1); + } + + struct passwd *urcd = getpwnam("urcd"); + struct sockaddr_un s; + + unsigned char buffer2[1024*2] = {0}; + unsigned char buffer1[1024*2] = {0}; + unsigned char buffer0[1024*2] = {0}; + unsigned char identifiednick[256]; + unsigned char path[512]; + unsigned char hex[192]; + unsigned char pk0[32]; + unsigned char pk1[32]; + unsigned char sk[64]; + + long starttime; + + int i = strlen(argv[1]); + int identifiednicklen; + int identified = 0; + int informed = 0; + int nicklen = 0; + int sfd = -1; + int NICKLEN; + int fd; + + bzero(&s,sizeof(s)); + s.sun_family = AF_UNIX; + memcpy(s.sun_path,argv[1],i); /* contains potential overflow */ + + if (((sfd=socket(AF_UNIX,SOCK_DGRAM,0))<0) + || (itoa(s.sun_path+i,getppid(),UNIX_PATH_MAX-i)<0) + || (connect(sfd,(struct sockaddr *)&s,sizeof(s))<0) + || (setsockopt(sfd,SOL_SOCKET,SO_REUSEADDR,&i,sizeof(i))<0)) + { + write(2,USAGE,strlen(USAGE)); + exit(2); + } + + i = open("env/NICKLEN",0); + if (i>0) + { + if (read(i,buffer0,1024)>0) NICKLEN = atoi(buffer0) & 255; + else NICKLEN = 32; + } else NICKLEN = 32; + close(i); + + if ((!urcd) + || (chdir(argv[2])) + || (chroot(argv[2])) + || (setgroups(0,'\x00')) + || (setgid(urcd->pw_gid)) + || (setuid(urcd->pw_uid))) + { + write(2,USAGE,strlen(USAGE)); + exit(3); + } + + starttime = time((long *)0); + + fcntl(0,F_SETFL,fcntl(0,F_GETFL,0)&~O_NONBLOCK); + + memcpy(buffer2+2+12+4+8,":CryptoServ!urc@service PRIVMSG ",32); + + + while (1) + { + + for (i=0;i<1024;++i) + { + if (read(0,buffer0+i,1)<1) exit(4); + if (buffer0[i] == '\r') --i; + if (buffer0[i] == '\n') break; + } if (buffer0[i] != '\n') continue; + ++i; + + lower(buffer1,buffer0,i); + + /// NICK + if ((i>=7)&&(!memcmp("nick ",buffer1,5))) { /* not reliable */ + nicklen=-5+i-1; + if (nicklen<=NICKLEN) { + memcpy(buffer2+2+12+4+8+32,buffer1+5,nicklen); + memcpy(buffer2+2+12+4+8+32+nicklen," :",2); + } + else nicklen = 0; + } else if (nicklen) { + if ((i>=20)&&(!memcmp("privmsg cryptoserv :",buffer1,20))) { + + /// IDENTIFY + if ((i>=20+9+1+1)&&(!memcmp("identify ",buffer1+20,9))) { + bzero(path,512); + memcpy(path,"urcsigndb/",10); + memcpy(path+10,buffer2+2+12+4+8+32,nicklen); + if (((fd=open(path,O_RDONLY))<0) || (read(fd,hex,64)<64) || (base16_decode(pk0,hex,64)<32)) { + memcpy(buffer2+2+12+4+8+32+nicklen+2,"URCSIGN Account does not exist.\n",32); + write(sfd,buffer2,2+12+4+8+32+nicklen+2+32); + close(fd); + continue; + }close(fd); + crypto_hash_sha512(sk,buffer0+20+9,-20-9+i-1); + crypto_sign_keypair(pk1,sk); + if (memcmp(pk0,pk1,32)) { + memcpy(buffer2+2+12+4+8+32+nicklen+2,"Invalid passwd.\n",16); + write(sfd,buffer2,2+12+4+8+32+nicklen+2+8); + continue; + } + bzero(path,512); + memcpy(path,"urccryptoboxdir/",16); + memcpy(path+16,buffer2+2+12+4+8+32,nicklen); + if (((fd=open(path,O_RDONLY))<0) || (read(fd,hex,64)<64) || (base16_decode(pk0,hex,64)<32)) { + memcpy(buffer2+2+12+4+8+32+nicklen+2,"URCCRYPTOBOX Account does not exist.\n",37); + write(sfd,buffer2,2+12+4+8+32+nicklen+2+37); + close(fd); + continue; + }close(fd); + crypto_scalarmult_curve25519_base(pk1,sk); + if (memcmp(pk0,pk1,32)) { + memcpy(buffer2+2+12+4+8+32+nicklen+2,"Invalid passwd.\n",16); + write(sfd,buffer2,2+12+4+8+32+nicklen+2+8); + continue; + } + base16_encode(hex,sk,32); + base16_encode(hex+64,sk,64); + memcpy(buffer0,"PASS ",5); + memcpy(buffer0+5,hex,192); + memcpy(buffer0+5+192,"\n",1); + if (write(1,buffer0,5+192+1)<=0) exit(5); + memcpy(buffer2+2+12+4+8+32+nicklen+2,"success\n",8); + write(sfd,buffer2,2+12+4+8+32+nicklen+2+8); + memcpy(identifiednick,buffer2+2+12+4+8+32,nicklen); + identifiednicklen = nicklen; + identified = 1; + continue; + } + + /// REGISTER + if ((i>=20+9+1+1)&&(!memcmp("register ",buffer1+20,9))) { + if ((identified) || (time((long *)0)-starttime<128)) { + goto HELP; + } + crypto_hash_sha512(sk,buffer0+20+9,-20-9+i-1); + REGISTER: + crypto_sign_keypair(pk0,sk); + bzero(path,512); + memcpy(path,"urcsigndb/",10); + if (identified) memcpy(path+10,identifiednick,identifiednicklen); + else memcpy(path+10,buffer2+2+12+4+8+32,nicklen); + fd = open(path,O_CREAT); + fchmod(fd,S_IRUSR|S_IWUSR); + close(fd); + if ((fd=open(path,O_WRONLY))<0) { + memcpy(buffer2+2+12+4+8+32+nicklen+2,"failure\n",8); + write(sfd,buffer2,2+12+4+8+32+nicklen+2+8); + close(fd); + continue; + } + base16_encode(hex,pk0,32); + if (write(fd,hex,64)<64) exit(6); + close(fd); + crypto_scalarmult_curve25519_base(pk0,sk); + bzero(path,512); + memcpy(path,"urccryptoboxdir/",16); + if (identified) memcpy(path+16,identifiednick,identifiednicklen); + else memcpy(path+16,buffer2+2+12+4+8+32,nicklen); + fd = open(path,O_CREAT); + fchmod(fd,S_IRUSR|S_IWUSR); + close(fd); + if ((fd=open(path,O_WRONLY))<0) { + memcpy(buffer2+2+12+4+8+32+nicklen+2,"failure\n",8); + write(sfd,buffer2,2+12+4+8+32+nicklen+2+8); + close(fd); + continue; + } + base16_encode(hex,pk0,32); + if (write(fd,hex,64)<64) exit(7); + close(fd); + base16_encode(hex,sk,32); + base16_encode(hex+64,sk,64); + memcpy(buffer0,"PASS ",5); + memcpy(buffer0+5,hex,192); + memcpy(buffer0+5+192,"\n",1); + if (write(1,buffer0,5+192+1)<=0) exit(8); + memcpy(buffer2+2+12+4+8+32+nicklen+2,"success\n",8); + write(sfd,buffer2,2+12+4+8+32+nicklen+2+8); + if (!identified) { + memcpy(identifiednick,buffer2+2+12+4+8+32,nicklen); + identifiednicklen = nicklen; + identified = 1; + } + continue; + } + + /// SET PASSWORD + if ((i>=20+13+1+1)&&(!memcmp("set password ",buffer1+20,13))) { + if (!identified) goto HELP; + crypto_hash_sha512(sk,buffer0+20+13,-20-13+i-1); + goto REGISTER; + } + + /// DROP + if ((i>=20+4)&&(!memcmp("drop",buffer1+20,4))) { + if (!identified) goto HELP; + bzero(path,512); + memcpy(path,"urccryptoboxdir/",16); + memcpy(path+16,identifiednick,identifiednicklen); + if (remove(path)<0) { + memcpy(buffer2+2+12+4+8+32+nicklen+2,"failure\n",8); + write(sfd,buffer2,2+12+4+8+32+nicklen+2+8); + } + bzero(path,512); + memcpy(path,"urcsigndb/",10); + memcpy(path+10,identifiednick,identifiednicklen); + if (remove(path)<0) { + memcpy(buffer2+2+12+4+8+32+nicklen+2,"failure\n",8); + write(sfd,buffer2,2+12+4+8+32+nicklen+2+8); + continue; + } + memcpy(buffer2+2+12+4+8+32+nicklen+2,"success\n",8); + write(sfd,buffer2,2+12+4+8+32+nicklen+2+8); + starttime = time((long *)0); + identified = 0; + continue; + } + + /// HELP + if ((i>=20+4)&&(!memcmp("help",buffer1+20,4))) { + HELP: + informed = 1; + memcpy(buffer2+2+12+4+8+32+nicklen+2,"Usage:\n",7); + write(sfd,buffer2,2+12+4+8+32+nicklen+2+7); + memcpy(buffer2+2+12+4+8+32+nicklen+2,"`REGISTER <passwd>' after 128 seconds to create an account.\n",60); + write(sfd,buffer2,2+12+4+8+32+nicklen+2+60); + memcpy(buffer2+2+12+4+8+32+nicklen+2,"`IDENTIFY <passwd>' to login to your account and activate URCSIGN and URCCRYPTOBOX.\n",84); + write(sfd,buffer2,2+12+4+8+32+nicklen+2+84); + memcpy(buffer2+2+12+4+8+32+nicklen+2,"`SET PASSWORD <passwd>' changes your password after you REGISTER/IDENTIFY.\n",75); + write(sfd,buffer2,2+12+4+8+32+nicklen+2+75); + memcpy(buffer2+2+12+4+8+32+nicklen+2,"`DROP' removes your account after you REGISTER/IDENTIFY.\n",57); + write(sfd,buffer2,2+12+4+8+32+nicklen+2+57); + } + + if (!informed) goto HELP; + } + } + if (write(1,buffer0,i)<=0) exit(9); + } +} diff --git a/src/urcd.pyx b/src/urcd.pyx
--- a/src/urcd.pyx +++ b/src/urcd.pyx @@ -134,7 +134,7 @@ urccryptoboxpfsdb = dict() urccryptoboxpassdb = dict() if URCCRYPTOBOXDIR: for dst in os.listdir(URCCRYPTOBOXDIR): - if dst in os.listdir(URCCRYPTOBOXPFS): + if URCCRYPTOBOXPFS and dst in os.listdir(URCCRYPTOBOXPFS): pk,sk=crypto_box_keypair() urccryptoboxpfsdb[dst.lower()] = {"pubkey":pk,"seckey":sk,"tmpkey":randombytes(32)} del pk, sk diff --git a/stdin.cryptoserv b/stdin.cryptoserv new file mode 100755 index 0000000000000000000000000000000000000000..4034fcc0c0e1cd44786f1c6f0cf42605adc974ed --- /dev/null +++ b/stdin.cryptoserv @@ -0,0 +1,9 @@ +#!/bin/sh -e + +mkdir -p cryptoservroot/ +mkdir -p cryptoservroot/urcsigndb/ +mkdir -p cryptoservroot/urccryptoboxdir/ + +chown urcd cryptoservroot/* + +exec ./cryptoserv "`cat env/path`" "`pwd`"/cryptoservroot/
-----END OF PAGE-----
-- Response ended
-- Page fetched on Sun Jun 2 16:40:40 2024