From 4d50f9f3485503099f5cb6e8486e9b98b72cb9be Mon Sep 17 00:00:00 2001
From: Guus Sliepen <guus@tinc-vpn.org>
Date: Tue, 30 Dec 2014 11:16:08 +0100
Subject: [PATCH] Add missing nolegacy/crypto.c and prf.c.

---
 src/nolegacy/crypto.c |  91 ++++++++++++++++++++++++++++++++++++
 src/nolegacy/prf.c    | 104 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 195 insertions(+)
 create mode 100644 src/nolegacy/crypto.c
 create mode 100644 src/nolegacy/prf.c

diff --git a/src/nolegacy/crypto.c b/src/nolegacy/crypto.c
new file mode 100644
index 00000000..96e4dda2
--- /dev/null
+++ b/src/nolegacy/crypto.c
@@ -0,0 +1,91 @@
+/*
+    crypto.c -- Cryptographic miscellaneous functions and initialisation
+    Copyright (C) 2007-2014 Guus Sliepen <guus@tinc-vpn.org>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
+#include "../system.h"
+
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+
+#include "../crypto.h"
+
+#ifndef HAVE_MINGW
+
+static int random_fd = -1;
+
+static void random_init(void) {
+	random_fd = open("/dev/urandom", O_RDONLY);
+	if(random_fd < 0)
+		random_fd = open("/dev/random", O_RDONLY);
+	if(random_fd < 0) {
+		fprintf(stderr, "Could not open source of random numbers: %s\n", strerror(errno));
+		abort();
+	}
+}
+
+static void random_exit(void) {
+	close(random_fd);
+}
+
+void randomize(void *out, size_t outlen) {
+	while(outlen) {
+		size_t len = read(random_fd, out, outlen);
+		if(len <= 0) {
+			if(errno == EAGAIN || errno == EINTR)
+				continue;
+			fprintf(stderr, "Could not read random numbers: %s\n", strerror(errno));
+			abort();
+		}
+		out += len;
+		outlen -= len;
+	}
+}
+
+#else
+
+#include <wincrypt.h>
+HCRYPTPROV prov;
+
+void random_init(void) {
+	if(!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
+		fprintf(stderr, "CryptAcquireContext() failed!\n");
+		abort();
+	}
+}
+
+void random_exit(void) {
+	CryptReleaseContext(prov, 0);
+}
+
+void randomize(void *out, size_t outlen) {
+	if(!CryptGenRandom(prov, outlen, out)) {
+		fprintf(stderr, "CryptGenRandom() failed\n");
+		abort();
+	}
+}
+
+#endif
+
+void crypto_init(void) {
+	random_init();
+}
+
+void crypto_exit(void) {
+	random_exit();
+}
diff --git a/src/nolegacy/prf.c b/src/nolegacy/prf.c
new file mode 100644
index 00000000..3c4c27ed
--- /dev/null
+++ b/src/nolegacy/prf.c
@@ -0,0 +1,104 @@
+/*
+    prf.c -- Pseudo-Random Function for key material generation
+    Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
+#include "../system.h"
+
+#include "../prf.h"
+#include "../ed25519/sha512.h"
+
+static void memxor(char *buf, char c, size_t len) {
+	for(size_t i = 0; i < len; i++)
+		buf[i] ^= c;
+}
+
+static const size_t mdlen = 64;
+
+static bool hmac_sha512(const char *key, size_t keylen, const char *msg, size_t msglen, char *out) {
+	char tmp[2 * mdlen];
+	sha512_context md;
+
+	if(keylen <= mdlen) {
+		memcpy(tmp, key, keylen);
+		memset(tmp + keylen, 0, mdlen - keylen);
+	} else {
+		if(sha512(key, keylen, tmp) != 0)
+			return false;
+	}
+
+	if(sha512_init(&md) != 0)
+		return false;
+
+	// ipad
+	memxor(tmp, 0x36, mdlen);
+	if(sha512_update(&md, tmp, mdlen) != 0)
+		return false;
+
+	// message
+	if(sha512_update(&md, msg, msglen) != 0)
+		return false;
+
+	if(sha512_final(&md, tmp + mdlen) != 0)
+		return false;
+
+	// opad
+	memxor(tmp, 0x36 ^ 0x5c, mdlen);
+	if(sha512(tmp, sizeof tmp, out) != 0)
+		return false;
+
+	return true;
+}
+
+
+/* Generate key material from a master secret and a seed, based on RFC 4346 section 5.
+   We use SHA512 instead of MD5 and SHA1.
+ */
+
+bool prf(const char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, size_t outlen) {
+	/* Data is what the "inner" HMAC function processes.
+	   It consists of the previous HMAC result plus the seed.
+	 */
+
+	char data[mdlen + seedlen];
+	memset(data, 0, mdlen);
+	memcpy(data + mdlen, seed, seedlen);
+
+	char hash[mdlen];
+
+	while(outlen > 0) {
+		/* Inner HMAC */
+		if(!hmac_sha512(data, sizeof data, secret, secretlen, data))
+			return false;
+
+		/* Outer HMAC */
+		if(outlen >= mdlen) {
+			if(!hmac_sha512(data, sizeof data, secret, secretlen, out))
+				return false;
+			out += mdlen;
+			outlen -= mdlen;
+		} else {
+			if(!hmac_sha512(data, sizeof data, secret, secretlen, hash))
+				return false;
+			memcpy(out, hash, outlen);
+			out += outlen;
+			outlen = 0;
+		}
+	}
+
+	return true;
+}
-- 
2.20.1