server.h File Reference

Functions unique to the server. More...

#include <stdio.h>
#include <stdlib.h>
#include <memory.h>
#include <errno.h>
#include <openssl/rsa.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <mysql.h>
#include "WFU.h"

Go to the source code of this file.

Data Structures
struct	user_information
	Structure that stores the user information. More...
struct	key_information
	Structure that stores the information about a key. More...
Functions
int	WFU_server_dispatch (SSL *ssl, char *client_ip)
	The core server component.
int	WFU_server_verify_uvid (SSL *ssl, MYSQL *mysql)
	Server component of verify_uvid.
char *	WFU_server_authenticate (SSL *ssl)
	Server authentication component.
int	WFU_server_public_key (SSL *ssl)
	Server public key component.
int	WFU_server_store_keys (SSL *ssl, MYSQL *mysql, struct user_information *user_info)
	Server key storage component.
int	WFU_server_reclaim_keys (SSL *ssl, MYSQL *mysql)
	Server key retrieval component.
int	WFU_server_query_salt (SSL *ssl, MYSQL *mysql)
	Server salt query component.
int	WFU_server_query_user (SSL *ssl, MYSQL *mysql)
	Server user query component.
int	WFU_server_test_ssl (SSL *ssl)
	An SSL testing function for development only.
MYSQL *	WFU_mysql_connect ()
	Create a connection to the MySQL database.
void	WFU_mysql_close (MYSQL *mysql)
	Closes the connection to the MySQL database.
int	WFU_select_last_insert_id (MYSQL *mysql)
	Returns the value of the last autoincrement value.
user_information *	WFU_user_exists (MYSQL *mysql, char *user_name)
	Test to see whether a user exists with the given username.
user_information *	WFU_create_user (MYSQL *mysql, char *user_name)
	Create a user account with the given user_name.
void	WFU_free_user_information (struct user_information *user_info)
	Releases the memory used by the user_information structure.
int	WFU_insert_key (MYSQL *mysql, struct user_information *user_info, struct wfu_uvid *uvid, struct wfu_data *keys)
	Store the escrow information in the MySQL database.
wfu_data *	WFU_get_key (MYSQL *mysql, int key_pk)
	Retrieve the key data given a key escrow number.
wfu_data *	WFU_uvid2salt (struct wfu_uvid *uvid)
	Extract the salt from a uvid structure.
wfu_data *	WFU_uvid2time (struct wfu_uvid *uvid)
	Extract the time from a uvid structure.
key_information *	WFU_verify_uvid (MYSQL *mysql, struct user_information *user_info, struct wfu_uvid *uvid)
	Verify whether the uvid is indexed.
wfu_line_array *	WFU_query_salt (MYSQL *mysql, struct wfu_data *salt_data)
	Will return a list of key information for the volumes having the specified salt.
wfu_line_array *	WFU_query_user (MYSQL *mysql, struct user_information *user_info)
	Will return a list of key information for the volumes associated with the given user information.

---

Detailed Description

Functions unique to the server.

---

Function Documentation

struct user_information* WFU_create_user (  MYSQL *  mysql, char *  user_name )

Create a user account with the given user_name. The user informaiton for the account will be returned. If the user_name already belongs to an account, the function returns the user_information just as the function WFU_user_exists(). Parameters: mysql  The MySQL connection. user_name  The username to test. Return values: NULL  indicates a system failure. Pointer  If the user is found or is created, then a user_information structure is returned with the user information. Note: Use WFU_free_user_information() to free the memory returned from this function.

void WFU_free_user_information (  struct user_information *  user_info  )

Releases the memory used by the user_information structure. Parameters: user_info  is a dynanmically created user_information structure.

struct wfu_data* WFU_get_key (  MYSQL *  mysql, int  key_pk )

Retrieve the key data given a key escrow number. This will query the USER_KEY table for a row with the specified primary key value. It will return the escrow data from that row. A NULL will be returned if the row is not found. Parameters: mysql  The MySQL database connection. key_pk  The primary_key (key escrow number) Return values: NULL  indicates failure. Pointer  A wfu_data structure containing the encrypted escrow data. Note: The escrow data is stored as a LONGBLOB.

int WFU_insert_key (  MYSQL *  mysql, struct user_information *  user_info, struct wfu_uvid *  uvid, struct wfu_data *  keys )

Store the escrow information in the MySQL database. A row will be added to the USER_KEY table with a foreign key referencing the user_id. The uvid will be split into the salt and timestamp. The salt, timestamp and encrypted key information will be stored in this row. Additionally, the current time will be stored. Parameters: mysql  The MySQL database connection. user_info  The user information. uvid  The Unique Volume IDentifier. keys  The data to be escrowed. Return values: 0  indicates failure. >0  The key escrow value for this entry. This is actually the primary key value for this row. See also: WFU_user_exists(), WFU_lib_prepare_uvid(), WFU_uvid2salt(), WFU_uvid2time() Note: The escrow data is stored as a LONGBLOB.

void WFU_mysql_close (  MYSQL *  mysql  )

Closes the connection to the MySQL database. Parameters: mysql  The MySQL connection.

MYSQL* WFU_mysql_connect (   )

Create a connection to the MySQL database. Return values: NULL  indicates an error. Pointer  is a pointer to the MYSQL structure.

struct wfu_line_array* WFU_query_salt (  MYSQL *  mysql, struct wfu_data *  salt_data )

Will return a list of key information for the volumes having the specified salt. The function will constructs a list of possible escrow entries associated with this salt. Each entry of the list includes the escrow date, key escrow number and username. This function will return a pointer to a wfu_line_array structure containing this list. Parameters: mysql  The MySQL database connection. salt_data  The salt information. Return values: NULL  indicates failure or that no rows were found. Pointer  A wfu_line_array structure containing the text information.

struct wfu_line_array* WFU_query_user (  MYSQL *  mysql, struct user_information *  user_info )

Will return a list of key information for the volumes associated with the given user information. The function will constructs a list of possible escrow entries associated with this user. Each entry of the list includes the escrow date, key escrow number and username. This function will return a pointer to a wfu_line_array structure containing this list. Parameters: mysql  The MySQL database connection. user_info  The user_info information. Return values: NULL  indicates failure or that no rows were found. Pointer  A wfu_line_array structure containing the text information. See also: WFU_user_exists()

int WFU_select_last_insert_id (  MYSQL *  mysql  )

Returns the value of the last autoincrement value. Return values: The  last autoincrement value.

char* WFU_server_authenticate (  SSL *  ssl  )

Server authentication component. This is the server function that handles the request from WFU_client_authenticate(). The parameters for the request are read from the SSL connection and check against the LDAP server. An answer is send to the client. If successful, the return value contains information about the user. Parameters: ssl  The SSL connection. See also: WFU_server_ldap_authenticate(). Return values: NULL  indicates login failure and/or system error. pointer  Upon success, the function returns a pointer to the username. Note: The wfu_error_no may contain the following, however, the return value is most significant. Errors may also be forwarded from WFU_server_ldap_authenticate(). WFU_ERR_PROT_VIOLATION, WFU_ERR_SSL_RW upon problems with SSL. WFU_ERR_LOGIN upon login failure. WFU_ERR_PARAMETER indicates a problem with the function parameters. Protocol: ====================================================== client_authenticate.c server_authenticate.c --------------------- --------------------------- LOGIN -> <- YES ERROR [code] [len][username] -> [len][password] -> <- YES NO ERROR [code]

int WFU_server_dispatch (  SSL *  ssl, char *  client_ip )

The core server component. This function manages the server actions. Commands are read from the network and this function determins which routine, if any, should handle the request. Parameters: ssl  The SSL connection. client_ip  The character representation of the client's IP number. Return values: 0  This return value really has no meaning.

int WFU_server_public_key (  SSL *  ssl  )

Server public key component. This is the server function that handles the request from WFU_client_public_key(). The user must be authenticated. Parameters: ssl  The SSL connection. Return values: 1  indicates failure. 0  indicates success. Protocol: ====================================================== client_public_key.c server_public_key.c --------------------- --------------------------- REQ_PUBLIC_KEY -> <- YES [len][modulus] [len][exponent] ERROR [code] Note: The wfu_error_no may contain the following, however, the return value is most significant. WFU_ERR_CRYPT upon failure obtaining the public key. WFU_ERR_PROT_VIOLATION, WFU_ERR_SSL_RW upon problems with SSL. WFU_ERR_PARAMETER indicates a problem with the function parameters.

int WFU_server_query_salt (  SSL *  ssl, MYSQL *  mysql )

Server salt query component. This is the server function that handles the WFU_restore_query_salt() request. The function reads the salt data from the network and constructs a list of possible escrow entries associated with this salt. Each entry of the list includes the escrow date, key escrow number and username associated with the salt. Parameters: ssl  The SSL connection. mysql  The MySQL database connection. Return values: -1  indicates failure. >=0  Upon success, the function returns the number of entries that match the salt. See also: WFU_query_salt() Note: This function depends on the WFU_server_dispatch() to ensure that the user and client are authorized. Protocol: ============================================================ restore_query_salt.c server_query_salt.c -------------------- ---------------------------------- SALT_QUERY -> <- YES ERROR [code] [salt] -> <- SALT_LIST [count] // number of [len][line] [len][line] [len][line] ... ERROR [code] Note: The wfu_error_no may contain the following, however, the return value is most significant. WFU_ERR_PROT_VIOLATION, WFU_ERR_SSL_RW upon problems with SSL. WFU_ERR_PARAMETER indicates a problem with the function parameters.

int WFU_server_query_user (  SSL *  ssl, MYSQL *  mysql )

Server user query component. This is the server function that handles the WFU_restore_query_user() request. The function reads the username from the network and constructs a list of possible escrow entries associated with this user. Each entry of the list includes the escrow date, key escrow number and username. Parameters: ssl  The SSL connection. mysql  The MySQL database connection. Return values: -1  indicates failure. >=0  Upon success, the function returns the number of entries that match the username. See also: WFU_query_user() Note: This function depends on the WFU_server_dispatch() to ensure that the user and client are authorized. Protocol: ============================================================ restore_query_user.c server_query_user.c -------------------- ---------------------------------- USER_QUERY -> <- YES ERROR [code] [username] -> <- USER_LIST [count] // number of [len][line] [len][line] [len][line] ... ERROR [code] Note: The wfu_error_no may contain the following, however, the return value is most significant. WFU_ERR_USER No such user. WFU_ERR_PROT_VIOLATION, WFU_ERR_SSL_RW upon problems with SSL. WFU_ERR_PARAMETER indicates a problem with the function parameters.

int WFU_server_reclaim_keys (  SSL *  ssl, MYSQL *  mysql )

Server key retrieval component. This is the server function that handles the WFU_restore_reclaim_keys() request. The key escrow number is read from the SSL connection, the data is retrieved from the database and returned to the client. The server cannot decrypt the key information. The client must perform the decryption. Parameters: ssl  The SSL connection. mysql  The MySQL database connection. Return values: 0  indicates failure. >0  Upon success, the function returns the key escrow number given to this data. See also: WFU_get_key() Note: This function depends on the WFU_server_dispatch() to ensure that the user and client are authorized. Protocol: =========================================================== restore_reclaim_keys.c server_reclaim_keys.c ---------------------- --------------------------------- FS_KEYS_REQ -> <- YES ERROR [code] [number] -> <- SND_KEYS [len][encrypted_data] ERROR [code] Note: The wfu_error_no may contain the following, however, the return value is most significant. WFU_ERR_KEY_NOT_FOUND The requested key was not found. WFU_ERR_PROT_VIOLATION, WFU_ERR_SSL_RW upon problems with SSL. WFU_ERR_PARAMETER indicates a problem with the function parameters.

int WFU_server_store_keys (  SSL *  ssl, MYSQL *  mysql, struct user_information *  user_info )

Server key storage component. This is the server function that handles the WFU_client_store_keys() request. This function accepts the user's information as a parameter, therefore the user must be authenticated prior to this call. The uvid and encrypted data will be read from the SSL connection. The data will be stored under the user_id using the mysql connection. (The username in the uvid structure is ignored.) Parameters: ssl  The SSL connection. mysql  The MySQL database connection. user_info  The information of the user. Return values: 0  indicates failure. >0  Upon success, the function returns the key escrow number given to this data. See also: WFU_verify_uvid(), WFU_insert_key() Note: The server calls WFU_verify_uvid() before attempting to store the data. The key escrow number will be returned to the client. Protocol: ==================================================== client_store_keys.c server_store_keys.c --------------------- --------------------------- SND_KEYS -> <- YES ERROR [code] [len][key data] -> [len][volume id] -> <- YES [pk] ERROR [code] Note: The wfu_error_no may contain the following, however, the return value is most significant. WFU_ERR_KEY_REDUNDANT the storage of this data would be redundant. WFU_ERR_KEY_STORAGE key storage failed. WFU_ERR_NULL_PTR upon failure obtaining the key information. WFU_ERR_PARAMETER indicates a problem with the function parameters. WFU_ERR_PROT_VIOLATION, WFU_ERR_SSL_RW upon problems with SSL.

int WFU_server_verify_uvid (  SSL *  ssl, MYSQL *  mysql )

Server component of verify_uvid. This is the server function that handles the request from WFU_client_verify_uvid(). The parameters for the request are read from the SSL connection and check against MYSQL database connection. An answer is send to the client. Parameters: ssl  The SSL connection. mysql  The MYSQL connection. Return values: -1  indicates a system error >0  Upon success, the function returns a positive number. This number indicates the key escrow number for this operation. Note: The wfu_error_no may contain the following, however, the return value is most significant. Errors may also be forwarded from WFU_server_ldap_authenticate(). WFU_ERR_PROT_VIOLATION, WFU_ERR_SSL_RW upon problems with SSL. WFU_ERR_PARAMETER indicates a problem with the function parameters. Protocol: ============================================================ client_verify_uvid.c server_verify_uvid.c --------------------- -------------------------------- VERIFY_UVID -> <- YES ERROR [code] [len][wfu_uvid] -> <- YES [pk] // key is stored YES [0] // key is NOT stored ERROR [code] // error

struct user_information* WFU_user_exists (  MYSQL *  mysql, char *  user_name )

Test to see whether a user exists with the given username. If the username does exists, then the user information will be returned. NULL will be returned if the user is not found. Parameters: mysql  The MySQL connection. user_name  The username to test. Return values: NULL  indicates the user does not exists. Pointer  If the user is found, then a user_information structure is returned with the user information. Note: Use WFU_free_user_information() to free the memory returned from this function.

struct wfu_data* WFU_uvid2salt (  struct wfu_uvid *  uvid  )

Extract the salt from a uvid structure. The salt will be packaged in a wfu_data structure and returned. Parameters: uvid  The Unique Volume IDentifier Return values: NULL  indicates failure. Pointer  A pointer to the wfu_data structure containing the salt.

struct wfu_data* WFU_uvid2time (  struct wfu_uvid *  uvid  )

Extract the time from a uvid structure. The time will be packaged in a wfu_data structure and returned. Parameters: uvid  The Unique Volume IDentifier Return values: NULL  indicates failure. Pointer  A pointer to the wfu_data structure containing the time.

struct key_information* WFU_verify_uvid (  MYSQL *  mysql, struct user_information *  user_info, struct wfu_uvid *  uvid )

Verify whether the uvid is indexed. The time and salt will be extracted from the uvid structure. The the user_id will be extracted from the user_info structure. The function will query the USER_KEY table for a row with this time, salt and user_id. If a row is found, the key_information structure for this row will be returned. Parameters: mysql  The MySQL database connection. user_info  The user information. uvid  The Unique Volume IDentifier. Return values: NULL  indicates failure or that no row was found. Pointer  A key_information structure containing data.

---