production/code_guide/encryption__tentacle_8cpp_source.html

/*****************************************************************************\

*                                                                             *

*  Name   : encryption_tentacle                                               *

*  Author : Chris Koeritz                                                     *

*                                                                             *

*******************************************************************************

* Copyright (c) 2004-$now By Author.  This program is free software; you can  *

* redistribute it and/or modify it under the terms of the GNU General Public  *

* License as published by the Free Software Foundation; either version 2 of   *

* the License or (at your option) any later version.  This is online at:      *

*     http://www.fsf.org/copyleft/gpl.html                                    *

* Please send any updates to: fred@gruntose.com                               *

\*****************************************************************************/


#include "encryption_tentacle.h"

#include "encryption_wrapper.h"

#include "key_repository.h"


#include <crypto/blowfish_crypto.h>

#include <crypto/rsa_crypto.h>

#include <loggers/program_wide_logger.h>

#include <structures/symbol_table.h>

#include <textual/byte_formatter.h>


using namespace basis;

using namespace crypto;

using namespace loggers;

using namespace structures;

using namespace textual;


namespace octopi {


#undef LOG

#define LOG(s) CLASS_EMERGENCY_LOG(program_wide_logger::get(), s)


#define DEBUG_ENCRYPTION_TENTACLE

  // uncomment for noisier code.


encryption_tentacle::encryption_tentacle()

: tentacle_helper<encryption_infoton>

    (encryption_infoton::encryption_classifier(), false),

  _server_side(true),

  _keys(new key_repository),

  _rsa_private(NULL_POINTER)

{

}


encryption_tentacle::encryption_tentacle(const byte_array &private_key)

: tentacle_helper<encryption_infoton>

    (encryption_infoton::encryption_classifier(), false),

  _server_side(false),

  _keys(new key_repository),

  _rsa_private(new rsa_crypto(private_key))

{

}


encryption_tentacle::encryption_tentacle(int key_size)

: tentacle_helper<encryption_infoton>

    (encryption_infoton::encryption_classifier(), false),

  _server_side(false),

  _keys(new key_repository),

  _rsa_private(new rsa_crypto(key_size))

{

}


encryption_tentacle::~encryption_tentacle()

{

  WHACK(_rsa_private);

  WHACK(_keys);

}


key_repository &encryption_tentacle::keys() const { return *_keys; }


const rsa_crypto &encryption_tentacle::private_key() const

{ return *_rsa_private; }


outcome encryption_tentacle::reconstitute(const string_array &classifier,

    byte_array &packed_form, infoton * &reformed)

{

  if (classifier != encryption_infoton::encryption_classifier())

    return NO_HANDLER;


  return reconstituter(classifier, packed_form, reformed,

      (encryption_infoton *)NULL_POINTER);

}


void encryption_tentacle::expunge(const octopus_entity &formal(to_remove))

{

//we need a better approach.  it seems there are places where an entity

//can get reused and it still expects its key to be present.

}


outcome encryption_tentacle::consume(infoton &to_chow,

    const octopus_request_id &item_id, byte_array &transformed)

{

  FUNCDEF("consume");

  transformed.reset();

  encryption_infoton *inf = dynamic_cast<encryption_infoton *>(&to_chow);

  if (!inf) {

    // this package is not explicitly an encryption infoton.  we need to

    // decrypt it using what we already know.


    encryption_wrapper *wrap = dynamic_cast<encryption_wrapper *>(&to_chow);

    if (!wrap) {

#ifdef DEBUG_ENCRYPTION_TENTACLE

//      LOG(astring("got a stray infoton that was not encrypted: ")

//          + to_chow.text_form());

#endif

      // this signals that we were expecting an encrypted package.

      return ENCRYPTION_MISMATCH;

    }


    octenc_key_record record;

    octenc_key_record *rec = _keys->lock(item_id._entity);

    if (!rec) {

#ifdef DEBUG_ENCRYPTION_TENTACLE

      LOG(astring("no key stored for entity ")

          + item_id._entity.mangled_form()

          + "; rejecting packet.");

#endif

      return DISALLOWED;

    }

    record = *rec;

    _keys->unlock(rec);


    byte_array decro;

    bool decrypts_properly = record._key.decrypt(wrap->_wrapped, decro);

    if (decrypts_properly) {

      // this package seems to be intact.  we need to reconstitute the

      // original infoton.

      transformed = decro;  // set the decrypted blob.

      return PARTIAL;

    }


#ifdef DEBUG_ENCRYPTION_TENTACLE

    LOG(astring("denying client ") + item_id._entity.mangled_form()

        + " due to erroneous decryption");

#endif


    // the infoton's client is not authorized; it needs to be dropped.

    return DISALLOWED;

  }


  // reaching here means this is explicitly an encryption startup request.


  if (!_server_side) {

    // client's side must track the key we were given for decryption.  we'll

    // use that from now on.

    blowfish_crypto new_key(blowfish_crypto::minimum_key_size());  // bogus.

    outcome ret = inf->extract_response(*_rsa_private, new_key);

    if (ret != OKAY) {

#ifdef DEBUG_ENCRYPTION_TENTACLE

      LOG(astring("client failed to process encrypted blowfish key for ")

          + item_id._entity.mangled_form());

#endif

    } else {

      _keys->add(item_id._entity, new_key);  // add our key for this guy.

    }

    // we do not store a copy of the infoton; it's just done now.

    return ret;

  } else {

    // server's side need to process a key request and send it back using

    // the public key the requester provided.

    blowfish_crypto agreed_key(blowfish_crypto::minimum_key_size());

      // initialized with junk.

    outcome worked = inf->prepare_blowfish_key(agreed_key);

    if (worked != OKAY) {

#ifdef DEBUG_ENCRYPTION_TENTACLE

      LOG(astring("server failed to encrypt blowfish key for ")

          + item_id._entity.mangled_form());

#endif

    } else {

      _keys->add(item_id._entity, agreed_key);  // add our key for this guy.

    }

  }


  if (!store_product(dynamic_cast<infoton *>(inf->clone()), item_id))

    return NO_SPACE;

  return OKAY;

}


} //namespace.


blowfish_crypto.h

LOG
#define LOG(s)
Definition bookmark_tree.cpp:50

byte_formatter.h

basis::array::reset
void reset(int number=0, const contents *initial_contents=NULL_POINTER)
Resizes this array and sets the contents from an array of contents.
Definition array.h:349

basis::astring
Provides a dynamically resizable ASCII character string.
Definition astring.h:35

basis::byte_array
A very common template for a dynamic array of bytes.
Definition byte_array.h:36

basis::outcome
Outcomes describe the state of completion for an operation.
Definition outcome.h:31

crypto::blowfish_crypto
Provides BlowFish encryption on byte_arrays using the OpenSSL package.
Definition blowfish_crypto.h:26

crypto::blowfish_crypto::minimum_key_size
static int minimum_key_size()
returns the minimum key size (in bits) supported here.
Definition blowfish_crypto.cpp:144

crypto::blowfish_crypto::decrypt
bool decrypt(const basis::byte_array &source, basis::byte_array &target) const
decrypts the "target" array from the encrypted "source" array.
Definition blowfish_crypto.cpp:285

crypto::rsa_crypto
Supports public key encryption and decryption.
Definition rsa_crypto.h:33

octopi::encryption_infoton
Encapsulates the chit-chat necessary to establish an encrypted connection.
Definition encryption_infoton.h:33

octopi::encryption_infoton::extract_response
basis::outcome extract_response(const crypto::rsa_crypto &private_key, crypto::blowfish_crypto &new_key) const
used by the client to extract the shared blowfish key from the server.
Definition encryption_infoton.cpp:143

octopi::encryption_infoton::prepare_blowfish_key
basis::outcome prepare_blowfish_key(crypto::blowfish_crypto &new_key)
performs the server side's job on the current key.
Definition encryption_infoton.cpp:106

octopi::encryption_infoton::clone
virtual clonable * clone() const
must be provided to allow creation of a copy of this object.
Definition encryption_infoton.cpp:64

octopi::encryption_infoton::encryption_classifier
static const structures::string_array & encryption_classifier()
returns the classifier for this type of infoton.

octopi::encryption_tentacle::expunge
virtual void expunge(const octopus_entity &to_remove)
throws out any keys we were maintaining for this entity.
Definition encryption_tentacle.cpp:89

octopi::encryption_tentacle::keys
key_repository & keys() const
provides access to our list of keys.
Definition encryption_tentacle.cpp:74

octopi::encryption_tentacle::private_key
const crypto::rsa_crypto & private_key() const
provides access to the key held here.
Definition encryption_tentacle.cpp:76

octopi::encryption_tentacle::consume
virtual basis::outcome consume(infoton &to_chow, const octopus_request_id &item_id, basis::byte_array &transformed)
the base class handles the processing of the request in "to_chow".
Definition encryption_tentacle.cpp:96

octopi::encryption_tentacle::encryption_tentacle
encryption_tentacle()
this tentacle will implement the server side.
Definition encryption_tentacle.cpp:41

octopi::encryption_tentacle::~encryption_tentacle
virtual ~encryption_tentacle()
Definition encryption_tentacle.cpp:68

octopi::encryption_tentacle::reconstitute
virtual basis::outcome reconstitute(const structures::string_array &classifier, basis::byte_array &packed_form, infoton *&reformed)
recreates a "reformed" infoton from a packed form.
Definition encryption_tentacle.cpp:79

octopi::encryption_wrapper
Wraps an encrypted infoton when the octopus is in an encrypted mode.
Definition encryption_wrapper.h:30

octopi::encryption_wrapper::_wrapped
basis::byte_array _wrapped
the encrypted data that's held here.
Definition encryption_wrapper.h:32

octopi::infoton
An infoton is an individual request parcel with accompanying information.
Definition infoton.h:32

octopi::key_repository
Definition key_repository.h:48

octopi::key_repository::unlock
void unlock(octenc_key_record *to_unlock)
drops the lock on the key record in "to_unlock".
Definition key_repository.cpp:57

octopi::key_repository::add
basis::outcome add(const octopus_entity &ent, const crypto::blowfish_crypto &key)
adds a "key" for the "ent". this will fail if one is already listed.
Definition key_repository.cpp:63

octopi::key_repository::lock
octenc_key_record * lock(const octopus_entity &ent)
locates the key for "ent", if it's stored.
Definition key_repository.cpp:35

octopi::octenc_key_record
Tracks the keys that have been assigned for a secure channel.
Definition key_repository.h:34

octopi::octenc_key_record::_key
crypto::blowfish_crypto _key
used for communicating with an entity.
Definition key_repository.h:37

octopi::octopus_entity
Provides a way of identifying users of an octopus object.
Definition entity_defs.h:35

octopi::octopus_entity::mangled_form
basis::astring mangled_form() const
returns the combined string form of the identifier.
Definition entity_defs.cpp:121

octopi::octopus_request_id
Identifies requests made on an octopus by users.
Definition entity_defs.h:114

octopi::octopus_request_id::_entity
octopus_entity _entity
the entity.
Definition entity_defs.h:116

octopi::tentacle_helper
provides prefab implementations for parts of the tentacle object.
Definition tentacle_helper.h:68

octopi::tentacle::PARTIAL
@ PARTIAL
processing of request is partially done.
Definition tentacle.h:74

octopi::tentacle::ENCRYPTION_MISMATCH
@ ENCRYPTION_MISMATCH
there is a disconnect regarding encryption.
Definition tentacle.h:75

octopi::tentacle::NO_HANDLER
@ NO_HANDLER
no handler for that type of infoton.
Definition tentacle.h:73

octopi::tentacle::NO_SPACE
@ NO_SPACE
Definition tentacle.h:69

octopi::tentacle::DISALLOWED
@ DISALLOWED
Definition tentacle.h:71

octopi::tentacle::OKAY
@ OKAY
Definition tentacle.h:65

octopi::tentacle::store_product
bool store_product(infoton *product, const octopus_request_id &original_id)
used by tentacles to store the objects they produce from infotons.
Definition tentacle.cpp:118

structures::string_array
An array of strings with some additional helpful methods.
Definition string_array.h:32

formal
#define formal(parameter)
This macro just eats what it's passed; it marks unused formal parameters.
Definition definitions.h:48

NULL_POINTER
#define NULL_POINTER
The value representing a pointer to nothing.
Definition definitions.h:32

encryption_tentacle.h

encryption_wrapper.h

FUNCDEF
#define FUNCDEF(func_in)
FUNCDEF sets the name of a function (and plugs it into the callstack).
Definition enhance_cpp.h:54

key_repository.h

basis
The guards collection helps in testing preconditions and reporting errors.
Definition array.h:30

basis::WHACK
void WHACK(contents *&ptr)
deletion with clearing of the pointer.
Definition functions.h:121

crypto
Definition blowfish_crypto.cpp:35

loggers
A logger that sends to the console screen using the standard output device.
Definition combo_logger.cpp:36

octopi
Definition entity_data_bin.cpp:37

octopi::reconstituter
basis::outcome reconstituter(const structures::string_array &classifier, basis::byte_array &packed_form, infoton *&reformed, contents *formal(junk))
< reconstituter should work for most infotons to restore flattened infotons.
Definition tentacle_helper.h:44

structures
A dynamic container class that holds any kind of object via pointers.
Definition amorph.h:55

textual
Definition byte_formatter.cpp:38

program_wide_logger.h

rsa_crypto.h

symbol_table.h