X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fencr.c;h=e90542c6c5b45ddcc3cd5983a0db4c26af778327;hp=31e0b9449ec0a67926c3ce135f2a61cc3ba17d36;hb=d335c6d0d7328fd86154dc60b22deb7953ab0228;hpb=ca6abd41ea0cdf2ca6491c3945fb3c62fd40ab98 diff --git a/src/encr.c b/src/encr.c index 31e0b944..e90542c6 100644 --- a/src/encr.c +++ b/src/encr.c @@ -1,6 +1,7 @@ /* encr.c -- everything that deals with encryption - Copyright (C) 1998,99 Ivo Timmermans + Copyright (C) 1998,1999,2000 Ivo Timmermans + 2000 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -15,10 +16,14 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: encr.c,v 1.12.4.4 2000/08/18 11:17:09 guus Exp $ */ #include "config.h" +#include + #include #include #include @@ -45,6 +50,8 @@ #include "net.h" #include "protocol.h" +#include "system.h" + #define ENCR_GENERATOR "0xd" #define ENCR_PRIME "0x7fffffffffffffffffffffffffffffff" /* Mersenne :) */ @@ -54,8 +61,8 @@ int key_inited = 0, encryption_keylen; mpz_t my_private_key, my_public_key, generator, shared_prime; int my_key_expiry = (time_t)(-1); -static char* mypassphrase; -static int mypassphraselen; +char* mypassphrase; +int mypassphraselen; int char_hex_to_bin(int c) { @@ -91,33 +98,34 @@ int read_passphrase(char *which, char **out) cp if((cfg = get_config_val(passphrasesdir)) == NULL) { - filename = xmalloc(strlen(confbase)+13+strlen(which)); - sprintf(filename, "%spassphrases/%s", confbase, which); + asprintf(&filename, "%spassphrases/%s", confbase, which); } else { - filename = xmalloc(strlen(cfg->data.ptr)+2+strlen(which)); - sprintf(filename, "%s/%s", (char*)cfg->data.ptr, which); + asprintf(&filename, "%s/%s", (char*)cfg->data.ptr, which); } if((f = fopen(filename, "rb")) == NULL) { - syslog(LOG_ERR, "Could not open %s: %m", filename); + if(debug_lvl > 1) + syslog(LOG_ERR, _("Could not open %s: %m"), filename); return -1; } fscanf(f, "%d ", &size); if(size < 1 || size > (1<<15)) { - syslog(LOG_ERR, "Illegal passphrase in %s; size would be %d", filename, size); + syslog(LOG_ERR, _("Illegal passphrase in %s; size would be %d"), filename, size); return -1; } - size >>= 2; /* bits->nibbles */ - pp = xmalloc(size+2); - fgets(pp, size+1, f); + + /* Hmz... hackish... strange +1 and +2 stuff... I really like more comments on those alignment thingies! */ + + pp = xmalloc(size/4 + 1); /* Allocate enough for fgets */ + fgets(pp, size/4 + 1, f); /* Read passhrase and reserve one byte for end-of-string */ fclose(f); - *out = xmalloc(size); + *out = xmalloc(size/8 + 2); /* Allocate enough bytes, +1 for rounding if bits%8 != 0, +1 for 2-byte alignment */ cp return str_hex_to_bin(*out, pp); } @@ -143,11 +151,12 @@ cp else my_key_expiry = (time_t)(time(NULL) + cfg->data.val); - syslog(LOG_NOTICE, "Generating %d bits keys.", PRIVATE_KEY_BITS); + if(debug_lvl > 1) + syslog(LOG_NOTICE, _("Generating %d bits keys"), PRIVATE_KEY_BITS); if((f = fopen("/dev/urandom", "r")) == NULL) { - syslog(LOG_ERR, "Opening /dev/urandom failed: %m"); + syslog(LOG_ERR, _("Opening /dev/urandom failed: %m")); return -1; } @@ -212,7 +221,7 @@ cp encryption_keylen = len; if(debug_lvl > 2) - syslog(LOG_INFO, "Encryption key set to %s", tmp); + syslog(LOG_INFO, _("Encryption key set to %s"), tmp); free(tmp); mpz_clear(ak); @@ -225,16 +234,25 @@ void encrypt_passphrase(passphrase_t *pp) { char key[1000]; char tmp[1000]; - int len; + unsigned char phrase[1000]; + int keylen; + int i; BF_KEY bf_key; + cp mpz_get_str(tmp, 16, my_public_key); - len = str_hex_to_bin(key, tmp); + keylen = str_hex_to_bin(key, tmp); + + cipher_set_key(&bf_key, keylen, key); - cipher_set_key(&bf_key, len, key); + low_crypt_key(mypassphrase, phrase, &bf_key, mypassphraselen, BF_ENCRYPT); + pp->len = ((mypassphraselen - 1) | 7) + 1; + pp->phrase = xmalloc((pp->len << 1) + 1); + + for(i = 0; i < pp->len; i++) + snprintf(&(pp->phrase)[i << 1], 3, "%02x", (int)phrase[i]); - low_crypt_key(mypassphrase, pp->phrase, &bf_key, mypassphraselen, BF_ENCRYPT); - pp->len = ((mypassphraselen - 1) | 7) + 5; + pp->phrase[(pp->len << 1) + 1] = '\0'; if(key_inited) cipher_set_key(&encryption_key, encryption_keylen, text_key); @@ -244,29 +262,31 @@ cp int verify_passphrase(conn_list_t *cl, unsigned char *his_pubkey) { char key[1000]; - char tmp[1000]; - int len; + char *tmp; + unsigned char phrase[1000]; + int keylen, pplen; mpz_t pk; unsigned char *out; BF_KEY bf_key; - char which[sizeof("123.123.123.123")+1]; + char *which; char *meuk; cp - mpz_init_set_str(pk, his_pubkey, 16); - mpz_get_str(tmp, 16, pk); - len = str_hex_to_bin(key, tmp); - out = xmalloc(strlen(cl->pp) + 3); - - cipher_set_key(&bf_key, len, key); - low_crypt_key(cl->pp, out, &bf_key, strlen(cl->pp), BF_DECRYPT); + mpz_init_set_str(pk, his_pubkey, 36); + tmp = mpz_get_str(NULL, 16, pk); + keylen = str_hex_to_bin(key, tmp); + out = xmalloc((cl->pp->len >> 1) + 3); + pplen = str_hex_to_bin(phrase, cl->pp->phrase); + + cipher_set_key(&bf_key, keylen, key); + low_crypt_key(phrase, out, &bf_key, pplen, BF_DECRYPT); if(key_inited) cipher_set_key(&encryption_key, encryption_keylen, text_key); - sprintf(which, IP_ADDR_S, IP_ADDR_V(cl->vpn_ip)); - if((len = read_passphrase(which, &meuk)) < 0) + asprintf(&which, IP_ADDR_S, IP_ADDR_V(cl->vpn_ip)); + if((pplen = read_passphrase(which, &meuk)) < 0) return -1; - if(memcmp(meuk, out, len)) + if(memcmp(meuk, out, pplen)) return -1; cp return 0; @@ -332,7 +352,7 @@ void regenerate_keys(void) cp generate_private_key(); calculate_public_key(); - send_key_changed2(); + send_key_changed_all(); recalculate_encryption_keys(); cp }