/*
encr.c -- everything that deals with encryption
- Copyright (C) 1998,99 Ivo Timmermans <zarq@iname.com>
+ Copyright (C) 1998,1999,2000 Ivo Timmermans <itimmermans@bigfoot.com>
+ 2000 Guus Sliepen <guus@sliepen.warande.net>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+ $Id: encr.c,v 1.12.4.4 2000/08/18 11:17:09 guus Exp $
*/
#include "config.h"
+#include <sys/types.h>
+
#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include "net.h"
#include "protocol.h"
+#include "system.h"
+
#define ENCR_GENERATOR "0xd"
#define ENCR_PRIME "0x7fffffffffffffffffffffffffffffff" /* Mersenne :) */
mpz_t my_private_key, my_public_key, generator, shared_prime;
int my_key_expiry = (time_t)(-1);
-static char* mypassphrase;
-static int mypassphraselen;
+char* mypassphrase;
+int mypassphraselen;
int char_hex_to_bin(int c)
{
cp
if((cfg = get_config_val(passphrasesdir)) == NULL)
{
- filename = xmalloc(strlen(confbase)+13+strlen(which));
- sprintf(filename, "%spassphrases/%s", confbase, which);
+ asprintf(&filename, "%spassphrases/%s", confbase, which);
}
else
{
- filename = xmalloc(strlen(cfg->data.ptr)+2+strlen(which));
- sprintf(filename, "%s/%s", (char*)cfg->data.ptr, which);
+ asprintf(&filename, "%s/%s", (char*)cfg->data.ptr, which);
}
if((f = fopen(filename, "rb")) == NULL)
{
- syslog(LOG_ERR, "Could not open %s: %m", filename);
+ if(debug_lvl > 1)
+ syslog(LOG_ERR, _("Could not open %s: %m"), filename);
return -1;
}
fscanf(f, "%d ", &size);
if(size < 1 || size > (1<<15))
{
- syslog(LOG_ERR, "Illegal passphrase in %s; size would be %d", filename, size);
+ syslog(LOG_ERR, _("Illegal passphrase in %s; size would be %d"), filename, size);
return -1;
}
- size >>= 2; /* bits->nibbles */
- pp = xmalloc(size+2);
- fgets(pp, size+1, f);
+
+ /* Hmz... hackish... strange +1 and +2 stuff... I really like more comments on those alignment thingies! */
+
+ pp = xmalloc(size/4 + 1); /* Allocate enough for fgets */
+ fgets(pp, size/4 + 1, f); /* Read passhrase and reserve one byte for end-of-string */
fclose(f);
- *out = xmalloc(size);
+ *out = xmalloc(size/8 + 2); /* Allocate enough bytes, +1 for rounding if bits%8 != 0, +1 for 2-byte alignment */
cp
return str_hex_to_bin(*out, pp);
}
else
my_key_expiry = (time_t)(time(NULL) + cfg->data.val);
- syslog(LOG_NOTICE, "Generating %d bits keys.", PRIVATE_KEY_BITS);
+ if(debug_lvl > 1)
+ syslog(LOG_NOTICE, _("Generating %d bits keys"), PRIVATE_KEY_BITS);
if((f = fopen("/dev/urandom", "r")) == NULL)
{
- syslog(LOG_ERR, "Opening /dev/urandom failed: %m");
+ syslog(LOG_ERR, _("Opening /dev/urandom failed: %m"));
return -1;
}
encryption_keylen = len;
if(debug_lvl > 2)
- syslog(LOG_INFO, "Encryption key set to %s", tmp);
+ syslog(LOG_INFO, _("Encryption key set to %s"), tmp);
free(tmp);
mpz_clear(ak);
{
char key[1000];
char tmp[1000];
- int len;
+ unsigned char phrase[1000];
+ int keylen;
+ int i;
BF_KEY bf_key;
+
cp
mpz_get_str(tmp, 16, my_public_key);
- len = str_hex_to_bin(key, tmp);
+ keylen = str_hex_to_bin(key, tmp);
+
+ cipher_set_key(&bf_key, keylen, key);
- cipher_set_key(&bf_key, len, key);
+ low_crypt_key(mypassphrase, phrase, &bf_key, mypassphraselen, BF_ENCRYPT);
+ pp->len = ((mypassphraselen - 1) | 7) + 1;
+ pp->phrase = xmalloc((pp->len << 1) + 1);
+
+ for(i = 0; i < pp->len; i++)
+ snprintf(&(pp->phrase)[i << 1], 3, "%02x", (int)phrase[i]);
- low_crypt_key(mypassphrase, pp->phrase, &bf_key, mypassphraselen, BF_ENCRYPT);
- pp->len = ((mypassphraselen - 1) | 7) + 5;
+ pp->phrase[(pp->len << 1) + 1] = '\0';
if(key_inited)
cipher_set_key(&encryption_key, encryption_keylen, text_key);
int verify_passphrase(conn_list_t *cl, unsigned char *his_pubkey)
{
char key[1000];
- char tmp[1000];
- int len;
+ char *tmp;
+ unsigned char phrase[1000];
+ int keylen, pplen;
mpz_t pk;
unsigned char *out;
BF_KEY bf_key;
- char which[sizeof("123.123.123.123")+1];
+ char *which;
char *meuk;
cp
- mpz_init_set_str(pk, his_pubkey, 16);
- mpz_get_str(tmp, 16, pk);
- len = str_hex_to_bin(key, tmp);
- out = xmalloc(strlen(cl->pp) + 3);
-
- cipher_set_key(&bf_key, len, key);
- low_crypt_key(cl->pp, out, &bf_key, strlen(cl->pp), BF_DECRYPT);
+ mpz_init_set_str(pk, his_pubkey, 36);
+ tmp = mpz_get_str(NULL, 16, pk);
+ keylen = str_hex_to_bin(key, tmp);
+ out = xmalloc((cl->pp->len >> 1) + 3);
+ pplen = str_hex_to_bin(phrase, cl->pp->phrase);
+
+ cipher_set_key(&bf_key, keylen, key);
+ low_crypt_key(phrase, out, &bf_key, pplen, BF_DECRYPT);
if(key_inited)
cipher_set_key(&encryption_key, encryption_keylen, text_key);
- sprintf(which, IP_ADDR_S, IP_ADDR_V(cl->vpn_ip));
- if((len = read_passphrase(which, &meuk)) < 0)
+ asprintf(&which, IP_ADDR_S, IP_ADDR_V(cl->vpn_ip));
+ if((pplen = read_passphrase(which, &meuk)) < 0)
return -1;
- if(memcmp(meuk, out, len))
+ if(memcmp(meuk, out, pplen))
return -1;
cp
return 0;
cp
generate_private_key();
calculate_public_key();
- send_key_changed2();
+ send_key_changed_all();
recalculate_encryption_keys();
cp
}
projects / tinc / blobdiff