#include "config.h"
+#include <sys/types.h>
+
#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
int str_hex_to_bin(unsigned char *bin, unsigned char *hex)
{
int i = 0, j = 0, l = strlen(hex);
-
+cp
if(l&1)
{
i = j = 1;
}
for(; i < l; i+=2, j++)
bin[j] = (char_hex_to_bin(hex[i]) << 4) + char_hex_to_bin(hex[i+1]);
-
+cp
return j&1?j+1:j;
}
int size;
extern char *confbase;
char *pp;
-
+cp
if((cfg = get_config_val(passphrasesdir)) == NULL)
{
filename = xmalloc(strlen(confbase)+13+strlen(which));
}
fscanf(f, "%d ", &size);
- size >>= 2; /* nibbles->bits */
+ if(size < 1 || size > (1<<15))
+ {
+ syslog(LOG_ERR, "Illegal passphrase in %s; size would be %d", filename, size);
+ return -1;
+ }
+ size >>= 2; /* bits->nibbles */
pp = xmalloc(size+2);
fgets(pp, size+1, f);
fclose(f);
*out = xmalloc(size);
+cp
return str_hex_to_bin(*out, pp);
}
int read_my_passphrase(void)
{
+cp
if((mypassphraselen = read_passphrase("local", &mypassphrase)) < 0)
return -1;
-
+cp
return 0;
}
int i;
char *s;
config_t const *cfg;
-
+cp
if((cfg = get_config_val(keyexpire)) == NULL)
my_key_expiry = (time_t)(time(NULL) + 3600);
else
s[2 * PRIVATE_KEY_LENGTH] = '\0';
mpz_set_str(my_private_key, s, 16);
-
+cp
return 0;
}
void calculate_public_key(void)
{
+cp
mpz_powm(my_public_key, generator, my_private_key, shared_prime);
my_public_key_base36 = mpz_get_str(NULL, 36, my_public_key);
+cp
}
unsigned char static_key[] = { 0x9c, 0xbf, 0x36, 0xa9, 0xce, 0x20, 0x1b, 0x8b, 0x67, 0x56, 0x21, 0x5d, 0x27, 0x1b, 0xd8, 0x7a };
int security_init(void)
{
+cp
mpz_init(my_private_key);
mpz_init(my_public_key);
mpz_init_set_str(shared_prime, ENCR_PRIME, 0);
return -1;
calculate_public_key();
-
+cp
return 0;
}
char *tmp;
int len;
mpz_t ak, our_shared_key;
-
+cp
mpz_init_set_str(ak, almost_key, 36);
mpz_init(our_shared_key);
mpz_powm(our_shared_key, ak, my_private_key, shared_prime);
tmp = mpz_get_str(NULL, 16, our_shared_key);
len = str_hex_to_bin(text_key, tmp);
- cipher_set_key(&encryption_key, len, &text_key[0]);
+ cipher_set_key(&encryption_key, len, text_key);
key_inited = 1;
encryption_keylen = len;
free(tmp);
mpz_clear(ak);
mpz_clear(our_shared_key);
+cp
}
{
char key[1000];
char tmp[1000];
- int len;
+ unsigned char phrase[1000];
+ int keylen;
+ int i;
BF_KEY bf_key;
- mpz_get_str(&tmp[0], 16, my_public_key);
- len = str_hex_to_bin(key, tmp);
+cp
+ mpz_get_str(tmp, 16, my_public_key);
+ keylen = str_hex_to_bin(key, tmp);
+
+ cipher_set_key(&bf_key, keylen, key);
- cipher_set_key(&bf_key, len, &key[0]);
+ low_crypt_key(mypassphrase, phrase, &bf_key, mypassphraselen, BF_ENCRYPT);
+ pp->len = ((mypassphraselen - 1) | 7) + 1;
+ pp->phrase = xmalloc((pp->len << 1) + 1);
+
+ for(i = 0; i < pp->len; i++)
+ snprintf(&(pp->phrase)[i << 1], 3, "%02x", (int)phrase[i]);
- low_crypt_key(mypassphrase, pp->phrase, &bf_key, mypassphraselen, BF_ENCRYPT);
- pp->len = ((mypassphraselen - 1) | 7) + 5;
+ pp->phrase[(pp->len << 1) + 1] = '\0';
if(key_inited)
- cipher_set_key(&encryption_key, encryption_keylen, &text_key[0]);
+ cipher_set_key(&encryption_key, encryption_keylen, text_key);
+cp
}
int verify_passphrase(conn_list_t *cl, unsigned char *his_pubkey)
{
char key[1000];
- char tmp[1000];
- int len;
+ char *tmp;
+ unsigned char phrase[1000];
+ int keylen, pplen;
mpz_t pk;
unsigned char *out;
BF_KEY bf_key;
char which[sizeof("123.123.123.123")+1];
char *meuk;
-
+cp
mpz_init_set_str(pk, his_pubkey, 36);
- mpz_get_str(&tmp[0], 16, pk);
- len = str_hex_to_bin(key, tmp);
- out = xmalloc(cl->pp->len+3);
+ tmp = mpz_get_str(NULL, 16, pk);
+ keylen = str_hex_to_bin(key, tmp);
+ out = xmalloc((cl->pp->len >> 1) + 3);
+ pplen = str_hex_to_bin(phrase, cl->pp->phrase);
- cipher_set_key(&bf_key, len, &key[0]);
- low_crypt_key(cl->pp->phrase, out, &bf_key, cl->pp->len, BF_DECRYPT);
+ cipher_set_key(&bf_key, keylen, key);
+ low_crypt_key(phrase, out, &bf_key, pplen, BF_DECRYPT);
if(key_inited)
- cipher_set_key(&encryption_key, encryption_keylen, &text_key[0]);
+ cipher_set_key(&encryption_key, encryption_keylen, text_key);
- sprintf(&which[0], IP_ADDR_S, IP_ADDR_V(cl->vpn_ip));
- if((len = read_passphrase(which, &meuk)) < 0)
+ sprintf(which, IP_ADDR_S, IP_ADDR_V(cl->vpn_ip));
+ if((pplen = read_passphrase(which, &meuk)) < 0)
return -1;
- if(memcmp(meuk, out, len))
+ if(memcmp(meuk, out, pplen))
return -1;
-
+cp
return 0;
}
{
mpz_t tmp, res;
char *r;
-
+cp
mpz_init_set_str(tmp, pk, 36);
mpz_init(res);
mpz_powm(res, tmp, my_private_key, shared_prime);
mpz_clear(res);
mpz_clear(tmp);
-
+cp
return r;
}
*/
void free_key(enc_key_t *k)
{
+cp
if(!k)
return;
if(k->key)
free(k->key);
}
free(k);
+cp
}
void recalculate_encryption_keys(void)
{
conn_list_t *p;
char *ek;
-
+cp
for(p = conn_list; p != NULL; p = p->next)
{
if(!p->public_key || !p->public_key->key)
+ /* We haven't received a key from this host (yet). */
continue;
ek = make_shared_key(p->public_key->key);
- if(!p->key)
- {
- p->key = xmalloc(sizeof(enc_key_t));
- p->key->key = NULL;
- }
- if(p->key->key)
- free(p->key->key);
+ free_key(p->key);
+ p->key = xmalloc(sizeof(*p->key));
p->key->length = strlen(ek);
p->key->expiry = p->public_key->expiry;
p->key->key = xmalloc(strlen(ek) + 1);
strcpy(p->key->key, ek);
}
+cp
}
void regenerate_keys(void)
{
+cp
generate_private_key();
calculate_public_key();
send_key_changed2();
recalculate_encryption_keys();
+cp
}
projects / tinc / blobdiff