heartbeat

Simple server monitor system using encrypted messages over udp
git clone https://noulin.net/git/heartbeat.git
Log | Files | Refs | README

sel.c (2297B)

      1 #include "sel.h"
      2 
      3 // detect entropy quality
      4 #include <fcntl.h>
      5 #include <unistd.h>
      6 #include <sys/ioctl.h>
      7 #include <linux/random.h>
      8 
      9 #include <iso646.h> /* and or not defines */
     10 
     11 int selInit(void) {
     12   // detect entropy quality
     13   int urandomfd;
     14   if ((urandomfd = open("/dev/urandom", O_RDONLY)) != -1) {
     15     int c;
     16     if (ioctl(urandomfd, RNDGETENTCNT, &c) == 0 && c < 160) {
     17       /* logN("This system doesn't provide enough entropy to quickly generate high-quality random numbers.\n" */
     18       /*     "Installing the rng-utils/rng-tools, jitterentropy or haveged packages may help.\n" */
     19       /*     "On virtualized Linux environments, also consider using virtio-rng.\n" */
     20       /*     "The service will not start until enough entropy has been collected.\n", stderr); */
     21       close(urandomfd);
     22       return 0;
     23     }
     24   }
     25   close(urandomfd);
     26   if (sodium_init() == -1) {
     27     /* logC("Panic! libsodium couldn't be initialized; it is not safe to use"); */
     28     return 0;
     29   }
     30   return 1;
     31 }
     32 
     33 void newKeysBuf(keyst *keys) {
     34   crypto_box_keypair(keys->publicKey, keys->secretKey);
     35   /* logD("Public key"); */
     36   /* loghex(keys->publicKey, sizeof(keys->publicKey)); */
     37   /* put; */
     38   /* logD("Secret key"); */
     39   /* loghex(keys->secretKey, sizeof(keys->secretKey)); */
     40   /* put; */
     41 }
     42 
     43 // return ciphertext (encrypted message) length
     44 int selPublicEncrypt(u8 *ciphertext/*result*/, size_t csize, const u8 *msg, size_t mlen, keyst *keys) {
     45   // csize is ciphertext buffer size
     46   // check is there is enough space in ciphertext
     47   if (csize < mlen + crypto_box_MACBYTES) return 0;
     48   if (crypto_box_easy(ciphertext, msg, mlen, keys->nonce, keys->remotePublicKey, keys->secretKey) != 0) return 0;
     49   return mlen + crypto_box_MACBYTES;
     50 }
     51 
     52 // return message length
     53 int selPublicDecrypt(u8 *msg/*result*/, size_t msize, const u8 *ciphertext, size_t clen, keyst *keys) {
     54   // msize is message buffer size
     55   // check ciphertext has minimal length, the message has to be at least one byte
     56   // check is there is enough space in message buffer
     57   if (clen <= crypto_box_MACBYTES or msize < clen - crypto_box_MACBYTES) return 0;
     58   if (crypto_box_open_easy(msg, ciphertext, clen, keys->nonce, keys->remotePublicKey, keys->secretKey) != 0) return 0;
     59   return clen - crypto_box_MACBYTES;
     60 }
     61 
     62 // vim: set expandtab ts=2 sw=2: