1 /* @(#) $Id: ./src/os_crypto/shared/keys.c, 2011/09/08 dcid Exp $
4 /* Copyright (C) 2009 Trend Micro Inc.
7 * This program is a free software; you can redistribute it
8 * and/or modify it under the terms of the GNU General Public
9 * License (version 2) as published by the FSF - Free Software
12 * License details at the LICENSE file included with OSSEC or
13 * online at: http://www.ossec.net/en/licensing.html
18 #include "headers/shared.h"
19 #include "headers/sec.h"
21 #include "os_zlib/os_zlib.h"
22 #include "os_crypto/md5/md5_op.h"
23 #include "os_crypto/blowfish/bf_op.h"
27 /* __memclear: Clears keys entries.
29 void __memclear(char *id, char *name, char *ip, char *key, int size)
31 memset(id,'\0', size);
32 memset(name,'\0', size);
33 memset(key,'\0', size);
34 memset(ip,'\0', size);
38 /* __chash: Creates the final key.
40 void __chash(keystore *keys, char *id, char *name, char *ip, char *key)
46 char _finalstr[KEYSIZE];
49 /* Allocating for the whole structure */
50 keys->keyentries =(keyentry **)realloc(keys->keyentries,
51 (keys->keysize+2)*sizeof(keyentry *));
54 ErrorExit(MEM_ERROR, __local_name);
56 os_calloc(1, sizeof(keyentry), keys->keyentries[keys->keysize]);
59 /* Setting configured values for id */
60 os_strdup(id, keys->keyentries[keys->keysize]->id);
61 OSHash_Add(keys->keyhash_id,
62 keys->keyentries[keys->keysize]->id,
63 keys->keyentries[keys->keysize]);
67 os_calloc(1, sizeof(os_ip), keys->keyentries[keys->keysize]->ip);
68 if(OS_IsValidIP(ip, keys->keyentries[keys->keysize]->ip) == 0)
70 ErrorExit(INVALID_IP, __local_name, ip);
73 /* We need to remove the "/" from the cidr */
74 if((tmp_str = strchr(keys->keyentries[keys->keysize]->ip->ip, '/')) != NULL)
78 OSHash_Add(keys->keyhash_ip,
79 keys->keyentries[keys->keysize]->ip->ip,
80 keys->keyentries[keys->keysize]);
84 os_strdup(name, keys->keyentries[keys->keysize]->name);
86 /* Initializing the variables */
87 keys->keyentries[keys->keysize]->rcvd = 0;
88 keys->keyentries[keys->keysize]->local = 0;
89 keys->keyentries[keys->keysize]->keyid = keys->keysize;
90 keys->keyentries[keys->keysize]->global = 0;
91 keys->keyentries[keys->keysize]->fp = NULL;
95 /** Generating final symmetric key **/
97 /* MD5 from name, id and key */
98 OS_MD5_Str(name, filesum1);
99 OS_MD5_Str(id, filesum2);
102 /* Generating new filesum1 */
103 snprintf(_finalstr, sizeof(_finalstr)-1, "%s%s", filesum1, filesum2);
106 /* Using just half of the first md5 (name/id) */
107 OS_MD5_Str(_finalstr, filesum1);
112 /* Second md is just the key */
113 OS_MD5_Str(key, filesum2);
116 /* Generating final key */
117 memset(_finalstr,'\0', sizeof(_finalstr));
118 snprintf(_finalstr, 49, "%s%s", filesum2, filesum1);
121 /* Final key is 48 * 4 = 192bits */
122 os_strdup(_finalstr, keys->keyentries[keys->keysize]->key);
125 /* Cleaning final string from memory */
126 memset(_finalstr,'\0', sizeof(_finalstr));
137 /* int OS_CheckKeys():
138 * Checks if the authentication key file is present
144 if(File_DateofChange(KEYSFILE_PATH) < 0)
146 merror(NO_AUTHFILE, __local_name, KEYSFILE_PATH);
147 merror(NO_REM_CONN, __local_name);
151 fp = fopen(KEYSFILE_PATH, "r");
154 /* We can leave from here */
155 merror(FOPEN_ERROR, __local_name, KEYSFILE_PATH);
156 merror(NO_AUTHFILE, __local_name, KEYSFILE_PATH);
157 merror(NO_REM_CONN, __local_name);
164 /* Authentication keys are present */
169 /* void OS_ReadKeys(keystore *keys)
170 * Read the authentication keys.
172 void OS_ReadKeys(keystore *keys)
176 char buffer[OS_BUFFER_SIZE +1];
178 char name[KEYSIZE +1];
181 char key[KEYSIZE +1];
184 /* Checking if the keys file is present and we can read it. */
185 if((keys->file_change = File_DateofChange(KEYS_FILE)) < 0)
187 merror(NO_AUTHFILE, __local_name, KEYS_FILE);
188 ErrorExit(NO_REM_CONN, __local_name);
190 fp = fopen(KEYS_FILE,"r");
193 /* We can leave from here */
194 merror(FOPEN_ERROR, __local_name, KEYS_FILE);
195 ErrorExit(NO_REM_CONN, __local_name);
199 /* Initilizing hashes */
200 keys->keyhash_id = OSHash_Create();
201 keys->keyhash_ip = OSHash_Create();
202 if(!keys->keyhash_id || !keys->keyhash_ip)
204 ErrorExit(MEM_ERROR, __local_name);
208 /* Initializing structure */
209 keys->keyentries = NULL;
213 /* Zeroing the buffers */
214 __memclear(id, name, ip, key, KEYSIZE +1);
215 memset(buffer, '\0', OS_BUFFER_SIZE +1);
218 /* Reading each line.
219 * lines are divided as "id name ip key"
221 while(fgets(buffer, OS_BUFFER_SIZE, fp) != NULL)
226 if((buffer[0] == '#') || (buffer[0] == ' '))
232 tmp_str = strchr(buffer, ' ');
235 merror(INVALID_KEY, __local_name, buffer);
241 strncpy(id, valid_str, KEYSIZE -1);
251 tmp_str = strchr(tmp_str, ' ');
254 merror(INVALID_KEY, __local_name, buffer);
259 strncpy(name, valid_str, KEYSIZE -1);
262 /* Getting ip address */
264 tmp_str = strchr(tmp_str, ' ');
267 merror(INVALID_KEY, __local_name, buffer);
272 strncpy(ip, valid_str, KEYSIZE -1);
277 tmp_str = strchr(tmp_str, '\n');
283 strncpy(key, valid_str, KEYSIZE -1);
286 /* Generating the key hash */
287 __chash(keys, id, name, ip, key);
290 /* Clearing the memory */
291 __memclear(id, name, ip, key, KEYSIZE +1);
294 /* Checking for maximum agent size */
295 if(keys->keysize >= (MAX_AGENTS -2))
297 merror(AG_MAX_ERROR, __local_name, MAX_AGENTS -2);
298 ErrorExit(CONFIG_ERROR, __local_name, KEYS_FILE);
305 /* Closing key file. */
309 /* clear one last time before leaving */
310 __memclear(id, name, ip, key, KEYSIZE +1);
313 /* Checking if there is any agent available */
314 if(keys->keysize == 0)
316 ErrorExit(NO_REM_CONN, __local_name);
320 /* Adding additional entry for sender == keysize */
321 os_calloc(1, sizeof(keyentry), keys->keyentries[keys->keysize]);
329 * Frees the auth keys.
331 void OS_FreeKeys(keystore *keys)
338 _keysize = keys->keysize;
339 hashid = keys->keyhash_id;
340 haship = keys->keyhash_ip;
343 /* Zeroing the entries. */
345 keys->keyhash_id =NULL;
346 keys->keyhash_ip = NULL;
349 /* Sleeping to give time to other threads to stop using them. */
353 /* Freeing the hashes */
358 for(i = 0; i<= _keysize; i++)
360 if(keys->keyentries[i])
362 if(keys->keyentries[i]->ip)
364 free(keys->keyentries[i]->ip->ip);
365 free(keys->keyentries[i]->ip);
368 if(keys->keyentries[i]->id)
369 free(keys->keyentries[i]->id);
371 if(keys->keyentries[i]->key)
372 free(keys->keyentries[i]->key);
374 if(keys->keyentries[i]->name)
375 free(keys->keyentries[i]->name);
377 /* Closing counter */
378 if(keys->keyentries[i]->fp)
379 fclose(keys->keyentries[i]->fp);
381 free(keys->keyentries[i]);
382 keys->keyentries[i] = NULL;
386 /* Freeing structure */
387 free(keys->keyentries);
388 keys->keyentries = NULL;
393 /* int OS_CheckUpdateKeys(keystore *keys)
394 * Checks if key changed.
396 int OS_CheckUpdateKeys(keystore *keys)
398 if(keys->file_change != File_DateofChange(KEYS_FILE))
406 /* OS_UpdateKeys(keystore *keys)
407 * Update the keys if changed.
409 int OS_UpdateKeys(keystore *keys)
411 if(keys->file_change != File_DateofChange(KEYS_FILE))
413 merror(ENCFILE_CHANGED, __local_name);
414 debug1("%s: DEBUG: Freekeys", __local_name);
417 debug1("%s: DEBUG: OS_ReadKeys", __local_name);
420 verbose(ENC_READ, __local_name);
424 debug1("%s: DEBUG: OS_StartCounter", __local_name);
426 OS_StartCounter(keys);
427 debug1("%s: DEBUG: OS_UpdateKeys completed", __local_name);
436 * Checks if an IP address is allowed to connect.
438 int OS_IsAllowedIP(keystore *keys, char *srcip)
445 entry = OSHash_Get(keys->keyhash_ip, srcip);
448 return(entry->keyid);
455 /* int OS_IsAllowedName
456 * Checks if the agent name is valid.
458 int OS_IsAllowedName(keystore *keys, char *name)
462 for(i = 0; i < keys->keysize; i++)
464 if(strcmp(keys->keyentries[i]->name, name) == 0)
474 int OS_IsAllowedID(keystore *keys, char *id)
481 entry = OSHash_Get(keys->keyhash_id, id);
484 return(entry->keyid);
490 /* int OS_IsAllowedDynamicID -- Used for dynamic ip addresses.
492 int OS_IsAllowedDynamicID(keystore *keys, char *id, char *srcip)
499 entry = OSHash_Get(keys->keyhash_id, id);
502 if(OS_IPFound(srcip, entry->ip))
504 return(entry->keyid);