production/code_guide/encryption__tentacle_8cpp_source.html

 /*****************************************************************************\

 *                                                                             *

 *  Name   : encryption_tentacle                                               *

 *  Author : Chris Koeritz                                                     *

 *                                                                             *

 *******************************************************************************

 * Copyright (c) 2004-$now By Author.  This program is free software; you can  *

 * redistribute it and/or modify it under the terms of the GNU General Public  *

 * License as published by the Free Software Foundation; either version 2 of   *

 * the License or (at your option) any later version.  This is online at:      *

 *     http://www.fsf.org/copyleft/gpl.html                                    *

 * Please send any updates to: fred@gruntose.com                               *

 \*****************************************************************************/


 #include "encryption_tentacle.h"

 #include "encryption_wrapper.h"

 #include "key_repository.h"


 #include <crypto/blowfish_crypto.h>

 #include <crypto/rsa_crypto.h>

 #include <loggers/program_wide_logger.h>

 #include <structures/symbol_table.h>

 #include <textual/byte_formatter.h>


 using namespace basis;

 using namespace crypto;

 using namespace loggers;

 using namespace structures;

 using namespace textual;


 namespace octopi {


 #undef LOG

 #define LOG(s) CLASS_EMERGENCY_LOG(program_wide_logger::get(), s)


 #define DEBUG_ENCRYPTION_TENTACLE

   // uncomment for noisier code.


 encryption_tentacle::encryption_tentacle()

 : tentacle_helper<encryption_infoton>

     (encryption_infoton::encryption_classifier(), false),

   _server_side(true),

   _keys(new key_repository),

   _rsa_private(NULL_POINTER)

 {

 }


 encryption_tentacle::encryption_tentacle(const byte_array &private_key)

 : tentacle_helper<encryption_infoton>

     (encryption_infoton::encryption_classifier(), false),

   _server_side(false),

   _keys(new key_repository),

   _rsa_private(new rsa_crypto(private_key))

 {

 }


 encryption_tentacle::encryption_tentacle(int key_size)

 : tentacle_helper<encryption_infoton>

     (encryption_infoton::encryption_classifier(), false),

   _server_side(false),

   _keys(new key_repository),

   _rsa_private(new rsa_crypto(key_size))

 {

 }


 encryption_tentacle::~encryption_tentacle()

 {

   WHACK(_rsa_private);

   WHACK(_keys);

 }


 key_repository &encryption_tentacle::keys() const { return *_keys; }


 const rsa_crypto &encryption_tentacle::private_key() const

 { return *_rsa_private; }


 outcome encryption_tentacle::reconstitute(const string_array &classifier,

     byte_array &packed_form, infoton * &reformed)

 {

   if (classifier != encryption_infoton::encryption_classifier())

     return NO_HANDLER;


   return reconstituter(classifier, packed_form, reformed,

       (encryption_infoton *)NULL_POINTER);

 }


 void encryption_tentacle::expunge(const octopus_entity &formal(to_remove))

 {

 //we need a better approach.  it seems there are places where an entity

 //can get reused and it still expects its key to be present.

 }


 outcome encryption_tentacle::consume(infoton &to_chow,

     const octopus_request_id &item_id, byte_array &transformed)

 {

   FUNCDEF("consume");

   transformed.reset();

   encryption_infoton *inf = dynamic_cast<encryption_infoton *>(&to_chow);

   if (!inf) {

     // this package is not explicitly an encryption infoton.  we need to

     // decrypt it using what we already know.


     encryption_wrapper *wrap = dynamic_cast<encryption_wrapper *>(&to_chow);

     if (!wrap) {

 #ifdef DEBUG_ENCRYPTION_TENTACLE

 //      LOG(astring("got a stray infoton that was not encrypted: ")

 //          + to_chow.text_form());

 #endif

       // this signals that we were expecting an encrypted package.

       return ENCRYPTION_MISMATCH;

     }


     octenc_key_record record;

     octenc_key_record *rec = _keys->lock(item_id._entity);

     if (!rec) {

 #ifdef DEBUG_ENCRYPTION_TENTACLE

       LOG(astring("no key stored for entity ")

           + item_id._entity.mangled_form()

           + "; rejecting packet.");

 #endif

       return DISALLOWED;

     }

     record = *rec;

     _keys->unlock(rec);


     byte_array decro;

     bool decrypts_properly = record._key.decrypt(wrap->_wrapped, decro);

     if (decrypts_properly) {

       // this package seems to be intact.  we need to reconstitute the

       // original infoton.

       transformed = decro;  // set the decrypted blob.

       return PARTIAL;

     }


 #ifdef DEBUG_ENCRYPTION_TENTACLE

     LOG(astring("denying client ") + item_id._entity.mangled_form()

         + " due to erroneous decryption");

 #endif


     // the infoton's client is not authorized; it needs to be dropped.

     return DISALLOWED;

   }


   // reaching here means this is explicitly an encryption startup request.


   if (!_server_side) {

     // client's side must track the key we were given for decryption.  we'll

     // use that from now on.

     blowfish_crypto new_key(blowfish_crypto::minimum_key_size());  // bogus.

     outcome ret = inf->extract_response(*_rsa_private, new_key);

     if (ret != OKAY) {

 #ifdef DEBUG_ENCRYPTION_TENTACLE

       LOG(astring("client failed to process encrypted blowfish key for ")

           + item_id._entity.mangled_form());

 #endif

     } else {

       _keys->add(item_id._entity, new_key);  // add our key for this guy.

     }

     // we do not store a copy of the infoton; it's just done now.

     return ret;

   } else {

     // server's side need to process a key request and send it back using

     // the public key the requester provided.

     blowfish_crypto agreed_key(blowfish_crypto::minimum_key_size());

       // initialized with junk.

     outcome worked = inf->prepare_blowfish_key(agreed_key);

     if (worked != OKAY) {

 #ifdef DEBUG_ENCRYPTION_TENTACLE

       LOG(astring("server failed to encrypt blowfish key for ")

           + item_id._entity.mangled_form());

 #endif

     } else {

       _keys->add(item_id._entity, agreed_key);  // add our key for this guy.

     }

   }


   if (!store_product(dynamic_cast<infoton *>(inf->clone()), item_id))

     return NO_SPACE;

   return OKAY;

 }


 } //namespace.


blowfish_crypto.h

byte_formatter.h

basis::array::reset
void reset(int number=0, const contents *initial_contents=NULL_POINTER)
Resizes this array and sets the contents from an array of contents.
Definition: array.h:349

basis::astring
Provides a dynamically resizable ASCII character string.
Definition: astring.h:35

basis::byte_array
A very common template for a dynamic array of bytes.
Definition: byte_array.h:36

basis::outcome
Outcomes describe the state of completion for an operation.
Definition: outcome.h:31

crypto::blowfish_crypto
Provides BlowFish encryption on byte_arrays using the OpenSSL package.
Definition: blowfish_crypto.h:26

crypto::blowfish_crypto::decrypt
bool decrypt(const basis::byte_array &source, basis::byte_array &target) const
decrypts the "target" array from the encrypted "source" array.
Definition: blowfish_crypto.cpp:253

crypto::rsa_crypto
Supports public key encryption and decryption.
Definition: rsa_crypto.h:33

octopi::encryption_infoton
Encapsulates the chit-chat necessary to establish an encrypted connection.
Definition: encryption_infoton.h:33

octopi::encryption_infoton::extract_response
basis::outcome extract_response(const crypto::rsa_crypto &private_key, crypto::blowfish_crypto &new_key) const
used by the client to extract the shared blowfish key from the server.
Definition: encryption_infoton.cpp:143

octopi::encryption_infoton::prepare_blowfish_key
basis::outcome prepare_blowfish_key(crypto::blowfish_crypto &new_key)
performs the server side's job on the current key.
Definition: encryption_infoton.cpp:106

octopi::encryption_infoton::clone
virtual clonable * clone() const
must be provided to allow creation of a copy of this object.
Definition: encryption_infoton.cpp:64

octopi::encryption_infoton::encryption_classifier
static const structures::string_array & encryption_classifier()
returns the classifier for this type of infoton.

octopi::encryption_tentacle::expunge
virtual void expunge(const octopus_entity &to_remove)
throws out any keys we were maintaining for this entity.
Definition: encryption_tentacle.cpp:89

octopi::encryption_tentacle::keys
key_repository & keys() const
provides access to our list of keys.
Definition: encryption_tentacle.cpp:74

octopi::encryption_tentacle::private_key
const crypto::rsa_crypto & private_key() const
provides access to the key held here.
Definition: encryption_tentacle.cpp:76

octopi::encryption_tentacle::consume
virtual basis::outcome consume(infoton &to_chow, const octopus_request_id &item_id, basis::byte_array &transformed)
the base class handles the processing of the request in "to_chow".
Definition: encryption_tentacle.cpp:96

octopi::encryption_tentacle::encryption_tentacle
encryption_tentacle()
this tentacle will implement the server side.
Definition: encryption_tentacle.cpp:41

octopi::encryption_tentacle::~encryption_tentacle
virtual ~encryption_tentacle()
Definition: encryption_tentacle.cpp:68

octopi::encryption_tentacle::reconstitute
virtual basis::outcome reconstitute(const structures::string_array &classifier, basis::byte_array &packed_form, infoton *&reformed)
recreates a "reformed" infoton from a packed form.
Definition: encryption_tentacle.cpp:79

octopi::encryption_wrapper
Wraps an encrypted infoton when the octopus is in an encrypted mode.
Definition: encryption_wrapper.h:30

octopi::encryption_wrapper::_wrapped
basis::byte_array _wrapped
the encrypted data that's held here.
Definition: encryption_wrapper.h:32

octopi::infoton
An infoton is an individual request parcel with accompanying information.
Definition: infoton.h:32

octopi::key_repository
Definition: key_repository.h:48

octopi::key_repository::unlock
void unlock(octenc_key_record *to_unlock)
drops the lock on the key record in "to_unlock".
Definition: key_repository.cpp:57

octopi::key_repository::add
basis::outcome add(const octopus_entity &ent, const crypto::blowfish_crypto &key)
adds a "key" for the "ent". this will fail if one is already listed.
Definition: key_repository.cpp:63

octopi::key_repository::lock
octenc_key_record * lock(const octopus_entity &ent)
locates the key for "ent", if it's stored.
Definition: key_repository.cpp:35

octopi::octenc_key_record
Tracks the keys that have been assigned for a secure channel.
Definition: key_repository.h:34

octopi::octenc_key_record::_key
crypto::blowfish_crypto _key
used for communicating with an entity.
Definition: key_repository.h:37

octopi::octopus_entity
Provides a way of identifying users of an octopus object.
Definition: entity_defs.h:35

octopi::octopus_entity::mangled_form
basis::astring mangled_form() const
returns the combined string form of the identifier.
Definition: entity_defs.cpp:121

octopi::octopus_request_id
Identifies requests made on an octopus by users.
Definition: entity_defs.h:114

octopi::octopus_request_id::_entity
octopus_entity _entity
the entity.
Definition: entity_defs.h:116

octopi::tentacle_helper
provides prefab implementations for parts of the tentacle object.
Definition: tentacle_helper.h:68

octopi::tentacle::store_product
bool store_product(infoton *product, const octopus_request_id &original_id)
used by tentacles to store the objects they produce from infotons.
Definition: tentacle.cpp:118

octopi::tentacle::PARTIAL
@ PARTIAL
processing of request is partially done.
Definition: tentacle.h:74

octopi::tentacle::ENCRYPTION_MISMATCH
@ ENCRYPTION_MISMATCH
there is a disconnect regarding encryption.
Definition: tentacle.h:75

octopi::tentacle::NO_HANDLER
@ NO_HANDLER
no handler for that type of infoton.
Definition: tentacle.h:73

octopi::tentacle::NO_SPACE
@ NO_SPACE
Definition: tentacle.h:69

octopi::tentacle::DISALLOWED
@ DISALLOWED
Definition: tentacle.h:71

octopi::tentacle::OKAY
@ OKAY
Definition: tentacle.h:65

structures::string_array
An array of strings with some additional helpful methods.
Definition: string_array.h:32

formal
#define formal(parameter)
This macro just eats what it's passed; it marks unused formal parameters.
Definition: definitions.h:48

NULL_POINTER
#define NULL_POINTER
The value representing a pointer to nothing.
Definition: definitions.h:32

LOG
#define LOG(s)
Definition: encryption_tentacle.cpp:34

encryption_tentacle.h

encryption_wrapper.h

FUNCDEF
#define FUNCDEF(func_in)
FUNCDEF sets the name of a function (and plugs it into the callstack).
Definition: enhance_cpp.h:57

key_repository.h

basis
The guards collection helps in testing preconditions and reporting errors.
Definition: array.h:30

basis::WHACK
void WHACK(contents *&ptr)
deletion with clearing of the pointer.
Definition: functions.h:121

crypto
Definition: blowfish_crypto.cpp:34

loggers
A logger that sends to the console screen using the standard output device.
Definition: combo_logger.cpp:36

octopi
Definition: entity_data_bin.cpp:37

octopi::reconstituter
basis::outcome reconstituter(const structures::string_array &classifier, basis::byte_array &packed_form, infoton *&reformed, contents *formal(junk))
< reconstituter should work for most infotons to restore flattened infotons.
Definition: tentacle_helper.h:44

structures
A dynamic container class that holds any kind of object via pointers.
Definition: amorph.h:55

textual
Definition: byte_formatter.cpp:38

program_wide_logger.h

rsa_crypto.h

symbol_table.h