moth/src/in.tokend.c

#include <sys/types.h>
#include <errno.h>
#include <time.h>
#include <unistd.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>
#include <stddef.h>
#include <string.h>
#include <ctype.h>
#include "common.h"
#include "arc4.h"

#define itokenlen 3

char const consonants[] = "bcdfghklmnprstvz";
char const vowels[]     = "aeiouy";

#define bubblebabble_len(n) (6*(((n)/2)+1))

/** Compute bubble babble for input buffer.
 *
 * The generated output will be of length 6*((inlen/2)+1), including the
 * trailing NULL.
 *
 * Test vectors:
 *     `' (empty string) `xexax'
 *     `1234567890'      `xesef-disof-gytuf-katof-movif-baxux'
 *     `Pineapple'       `xigak-nyryk-humil-bosek-sonax'
 */
void
bubblebabble(char *out, char const *in, const size_t inlen)
{
  size_t pos  = 0;
  int    seed = 1;
  size_t i    = 0;

  out[pos++] = 'x';
  while (1) {
    unsigned char c;

    if (i == inlen) {
      out[pos++] = vowels[seed % 6];
      out[pos++] = 'x';
      out[pos++] = vowels[seed / 6];
      break;
    }

    c = in[i++];
    out[pos++] = vowels[(((c >> 6) & 3) + seed) % 6];
    out[pos++] = consonants[(c >> 2) & 15];
    out[pos++] = vowels[((c & 3) + (seed / 6)) % 6];
    if (i == inlen) {
      break;
    }
    seed = ((seed * 5) + (c * 7) + in[i]) % 36;

    c = in[i++];
    out[pos++] = consonants[(c >> 4) & 15];
    out[pos++] = '-';
    out[pos++] = consonants[c & 15];
  }

  out[pos++] = 'x';
  out[pos] = '\0';
}

int
main(int argc, char *argv[])
{
  char    service[50];
  size_t  servicelen;
  char    token[80];
  size_t  tokenlen;
  uint8_t key[256];
  size_t  keylen;

  /* Seed the random number generator.  This ought to be unpredictable
     enough for a contest. */
  srand((int)time(NULL) * (int)getpid());

  /* Read service name. */
  {
    ssize_t len;

    len = read(0, service, sizeof(service));
    for (servicelen = 0;
         (servicelen < len) && isalnum(service[servicelen]);
         servicelen += 1);
  }

  /* Read in that service's key. */
  {
    int fd;
    int ret;

    fd = open(srv_path("token.keys/%*s", servicelen, service), O_RDONLY);
    if (-1 == fd) {
      write(1, "!nosvc", 6);
      return 0;
    }

    ret = read(fd, &key, sizeof(key));
    if (-1 == ret) {
      write(1, "!read", 5);
      return 0;
    }
    keylen = (size_t)ret;

    close(fd);
  }

  /* Create the token. */
  {
    uint8_t crap[itokenlen];
    char    digest[bubblebabble_len(itokenlen)];
    int     i;

    /* Digest some random junk. */
    for (i = 0; i < itokenlen; i += 1) {
      crap[i] = (uint8_t)random();
    }
    bubblebabble(digest, (char *)crap, itokenlen);

    /* Append digest to service name. */
    tokenlen = (size_t)snprintf(token, sizeof(token),
                               "%*s:%s",
                                servicelen, service, digest);
  }

  /* Write that token out now. */
  {
    int fd;
    int ret;

    do {
      fd = open(srv_path("tokens.db"), O_WRONLY | O_CREAT, 0666);
      if (-1 == fd) break;

      ret = lockf(fd, F_LOCK, 0);
      if (-1 == ret) break;

      ret = lseek(fd, 0, SEEK_END);
      if (-1 == ret) break;

      ret = write(fd, token, tokenlen);
      if (-1 == ret) break;

      ret = write(fd, "\n", 1);
      if (-1 == ret) break;

      ret = close(fd);
      if (-1 == ret) break;
    } while (0);

    if ((-1 == fd) || (-1 == ret)) {
      printf("!%s", strerror(errno));
      return 0;
    }
  }

  /* Encrypt the token. */
  {
    arc4_crypt_buffer(key, keylen, (uint8_t *)token, tokenlen);
  }

  /* Send it back.  If there's an error here, it's okay.  Better to have
     unclaimed tokens than unclaimable ones. */
  write(1, token, tokenlen);

  return 0;
}
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00			`#include <sys/types.h>`
More error checking in in.tokend 2010-09-03 15:59:08 -06:00			`#include <errno.h>`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00			`#include <time.h>`
			`#include <unistd.h>`
Stop using FILE *; make tokens go into a log instead of one per file 2010-09-03 15:51:54 -06:00			`#include <fcntl.h>`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00			`#include <stdint.h>`
			`#include <stdlib.h>`
			`#include <stdio.h>`
			`#include <stddef.h>`
-Werror 2010-09-16 12:21:16 -06:00			`#include <string.h>`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00			`#include <ctype.h>`
Many changes, unit test * Everything in /srv/ctf now, set $CTF_BASE to override that * CGI now accepts parms in argv * Fix bug with uninitialized CGI vars 2010-09-13 12:23:39 -06:00			`#include "common.h"`
Move from xxtea to arc4 arc4 has known attacks, but you need a lot of data first. More data that we'll have tokens. 2010-09-16 23:18:16 -06:00			`#include "arc4.h"`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00
			`#define itokenlen 3`

			`char const consonants[] = "bcdfghklmnprstvz";`
			`char const vowels[] = "aeiouy";`

			`#define bubblebabble_len(n) (6*(((n)/2)+1))`

			`/** Compute bubble babble for input buffer.`
			`*`
			`* The generated output will be of length 6*((inlen/2)+1), including the`
			`* trailing NULL.`
			`*`
			`* Test vectors:`
			* `' (empty string) `xexax'
			* `1234567890' `xesef-disof-gytuf-katof-movif-baxux'
			* `Pineapple' `xigak-nyryk-humil-bosek-sonax'
			`*/`
			`void`
			`bubblebabble(char out, char const in, const size_t inlen)`
			`{`
			`size_t pos = 0;`
			`int seed = 1;`
			`size_t i = 0;`

			`out[pos++] = 'x';`
			`while (1) {`
			`unsigned char c;`

			`if (i == inlen) {`
			`out[pos++] = vowels[seed % 6];`
			`out[pos++] = 'x';`
			`out[pos++] = vowels[seed / 6];`
			`break;`
			`}`

			`c = in[i++];`
			`out[pos++] = vowels[(((c >> 6) & 3) + seed) % 6];`
			`out[pos++] = consonants[(c >> 2) & 15];`
			`out[pos++] = vowels[((c & 3) + (seed / 6)) % 6];`
			`if (i == inlen) {`
			`break;`
			`}`
			`seed = ((seed * 5) + (c * 7) + in[i]) % 36;`

			`c = in[i++];`
			`out[pos++] = consonants[(c >> 4) & 15];`
			`out[pos++] = '-';`
			`out[pos++] = consonants[c & 15];`
			`}`

			`out[pos++] = 'x';`
			`out[pos] = '\0';`
			`}`

			`int`
			`main(int argc, char *argv[])`
			`{`
Move from xxtea to arc4 arc4 has known attacks, but you need a lot of data first. More data that we'll have tokens. 2010-09-16 23:18:16 -06:00			`char service[50];`
			`size_t servicelen;`
			`char token[80];`
			`size_t tokenlen;`
			`uint8_t key[256];`
			`size_t keylen;`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00
Working in.tokend 2010-09-03 15:26:51 -06:00			`/* Seed the random number generator. This ought to be unpredictable`
			`enough for a contest. */`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00			`srand((int)time(NULL) * (int)getpid());`

Working in.tokend 2010-09-03 15:26:51 -06:00			`/* Read service name. */`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00			`{`
I found %*s in printf! Converting... 2010-09-16 17:11:55 -06:00			`ssize_t len;`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00
Move from xxtea to arc4 arc4 has known attacks, but you need a lot of data first. More data that we'll have tokens. 2010-09-16 23:18:16 -06:00			`len = read(0, service, sizeof(service));`
I found %*s in printf! Converting... 2010-09-16 17:11:55 -06:00			`for (servicelen = 0;`
			`(servicelen < len) && isalnum(service[servicelen]);`
			`servicelen += 1);`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00			`}`

Working in.tokend 2010-09-03 15:26:51 -06:00			`/* Read in that service's key. */`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00			`{`
Move from xxtea to arc4 arc4 has known attacks, but you need a lot of data first. More data that we'll have tokens. 2010-09-16 23:18:16 -06:00			`int fd;`
			`int ret;`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00
Move from xxtea to arc4 arc4 has known attacks, but you need a lot of data first. More data that we'll have tokens. 2010-09-16 23:18:16 -06:00			`fd = open(srv_path("token.keys/%*s", servicelen, service), O_RDONLY);`
Stop using FILE *; make tokens go into a log instead of one per file 2010-09-03 15:51:54 -06:00			`if (-1 == fd) {`
			`write(1, "!nosvc", 6);`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00			`return 0;`
			`}`

Move from xxtea to arc4 arc4 has known attacks, but you need a lot of data first. More data that we'll have tokens. 2010-09-16 23:18:16 -06:00			`ret = read(fd, &key, sizeof(key));`
			`if (-1 == ret) {`
			`write(1, "!read", 5);`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00			`return 0;`
			`}`
Move from xxtea to arc4 arc4 has known attacks, but you need a lot of data first. More data that we'll have tokens. 2010-09-16 23:18:16 -06:00			`keylen = (size_t)ret;`

			`close(fd);`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00			`}`

Working in.tokend 2010-09-03 15:26:51 -06:00			`/* Create the token. */`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00			`{`
			`uint8_t crap[itokenlen];`
Working in.tokend 2010-09-03 15:26:51 -06:00			`char digest[bubblebabble_len(itokenlen)];`
			`int i;`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00
Working in.tokend 2010-09-03 15:26:51 -06:00			`/* Digest some random junk. */`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00			`for (i = 0; i < itokenlen; i += 1) {`
			`crap[i] = (uint8_t)random();`
			`}`
-Werror 2010-09-16 12:21:16 -06:00			`bubblebabble(digest, (char *)crap, itokenlen);`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00
Add posters, enhance cgi.c 2010-09-07 14:18:39 -06:00			`/* Append digest to service name. */`
I found %*s in printf! Converting... 2010-09-16 17:11:55 -06:00			`tokenlen = (size_t)snprintf(token, sizeof(token),`
			`"%*s:%s",`
			`servicelen, service, digest);`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00			`}`

Working in.tokend 2010-09-03 15:26:51 -06:00			`/* Write that token out now. */`
			`{`
Results of code review 2010-09-14 18:04:33 -06:00			`int fd;`
			`int ret;`
Working in.tokend 2010-09-03 15:26:51 -06:00
More error checking in in.tokend 2010-09-03 15:59:08 -06:00			`do {`
Results of code review 2010-09-14 18:04:33 -06:00			`fd = open(srv_path("tokens.db"), O_WRONLY \| O_CREAT, 0666);`
More error checking in in.tokend 2010-09-03 15:59:08 -06:00			`if (-1 == fd) break;`

			`ret = lockf(fd, F_LOCK, 0);`
			`if (-1 == ret) break;`

			`ret = lseek(fd, 0, SEEK_END);`
			`if (-1 == ret) break;`

			`ret = write(fd, token, tokenlen);`
			`if (-1 == ret) break;`

			`ret = write(fd, "\n", 1);`
			`if (-1 == ret) break;`

			`ret = close(fd);`
			`if (-1 == ret) break;`
			`} while (0);`

Results of code review 2010-09-14 18:04:33 -06:00			`if ((-1 == fd) \|\| (-1 == ret)) {`
More error checking in in.tokend 2010-09-03 15:59:08 -06:00			`printf("!%s", strerror(errno));`
Working in.tokend 2010-09-03 15:26:51 -06:00			`return 0;`
			`}`
			`}`

Move from xxtea to arc4 arc4 has known attacks, but you need a lot of data first. More data that we'll have tokens. 2010-09-16 23:18:16 -06:00			`/* Encrypt the token. */`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00			`{`
Move from xxtea to arc4 arc4 has known attacks, but you need a lot of data first. More data that we'll have tokens. 2010-09-16 23:18:16 -06:00			`arc4_crypt_buffer(key, keylen, (uint8_t *)token, tokenlen);`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00			`}`

Working in.tokend 2010-09-03 15:26:51 -06:00			`/* Send it back. If there's an error here, it's okay. Better to have`
			`unclaimed tokens than unclaimable ones. */`
Move from xxtea to arc4 arc4 has known attacks, but you need a lot of data first. More data that we'll have tokens. 2010-09-16 23:18:16 -06:00			`write(1, token, tokenlen);`
Start at in.tokend (not writing files yet) 2010-09-02 17:10:11 -06:00
			`return 0;`
			`}`