along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- $Id: net_setup.c,v 1.2 2002/04/09 15:26:00 zarq Exp $
+ $Id: net_setup.c,v 1.4 2002/04/28 12:46:26 zarq Exp $
*/
#include "config.h"
#include <signal.h>
#include <sys/time.h>
#include <sys/types.h>
-#include <syslog.h>
#include <unistd.h>
#include <sys/ioctl.h>
/* SunOS really wants sys/socket.h BEFORE net/if.h,
#include <sys/socket.h>
#include <net/if.h>
+#ifdef USE_OPENSSL
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>
+#endif
+
+#ifdef USE_GCRYPT
+#include <gcrypt.h>
+#endif
#include <utils.h>
#include <xalloc.h>
#include "route.h"
#include "device.h"
#include "event.h"
+#include "logging.h"
#include "system.h"
int read_rsa_public_key(connection_t *c)
{
+ char *key;
+#ifdef USE_OPENSSL
FILE *fp;
char *fname;
- char *key;
cp
if(!c->rsa_key)
c->rsa_key = RSA_new();
-
+#endif
+cp
+
/* First, check for simple PublicKey statement */
if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key))
{
+#ifdef USE_OPENSSL
BN_hex2bn(&c->rsa_key->n, key);
BN_hex2bn(&c->rsa_key->e, "FFFF");
+#endif
+#ifdef USE_GCRYPT
+ int rc = gcry_sexp_build(&c->rsa_key, NULL, "(public-key(rsa(n%s)(e%s)))",
+ key, "FFFF");
+ if(!rc)
+ {
+ syslog(LOG_ERR, _("gcry_sexp_build error: %d (%s)"),
+ rc, gcry_strerror(-1));
+ return -1;
+ }
+#endif
free(key);
return 0;
}
+#ifdef USE_OPENSSL
/* Else, check for PublicKeyFile statement and read it */
if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname))
syslog(LOG_ERR, _("No public key for %s specified!"), c->name);
return -1;
}
+#endif
+#ifdef USE_GCRYPT
+ syslog(LOG_ERR, _("Only PublicKey statements are supported when using gcrypt for now."));
+ return -1;
+#endif
}
int read_rsa_private_key(void)
{
+#ifdef USE_OPENSSL
FILE *fp;
- char *fname, *key;
+ char *fname;
+#endif
+ char *key;
cp
if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key))
{
+#ifdef USE_OPENSSL
myself->connection->rsa_key = RSA_new();
BN_hex2bn(&myself->connection->rsa_key->d, key);
BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
+#endif
+#ifdef USE_GCRYPT
+ int rc = gcry_sexp_build(&myself->connection->rsa_key, NULL,
+ "(public-key(rsa(n%s)(e%s)))",
+ key, "FFFF");
+ if(!rc)
+ {
+ syslog(LOG_ERR, _("gcry_sexp_build error: %d (%s)"),
+ rc, gcry_strerror(-1));
+ return -1;
+ }
+#endif
free(key);
return 0;
}
+#ifdef USE_OPENSSL
if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname))
asprintf(&fname, "%s/rsa_key.priv", confbase);
free(fname);
return -1;
+#endif
+#ifdef USE_GCRYPT
+ syslog(LOG_ERR, _("Only PrivateKey statements are supported when using gcrypt for now."));
+ return -1;
+#endif
}
/*
{
if(!strcasecmp(cipher, "none"))
{
+#ifdef USE_OPENSSL
myself->cipher = NULL;
+#endif
+#ifdef USE_GCRYPT
+ myself->cipher = gcry_cipher_open(GCRY_CIPHER_NONE, GCRY_CIPHER_MODE_NONE, 0);
+#endif
}
else
{
+#ifdef USE_OPENSSL
if(!(myself->cipher = EVP_get_cipherbyname(cipher)))
+#endif
+#ifdef USE_GCRYPT
+ /* FIXME */
+ myself->cipher = gcry_cipher_open(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, 0);
+ if(0)
+#endif
{
syslog(LOG_ERR, _("Unrecognized cipher type!"));
return -1;
}
}
else
- myself->cipher = EVP_bf_cbc();
+ {
+#ifdef USE_OPENSSL
+ myself->cipher = EVP_bf_cbc();
+#endif
+#ifdef USE_GCRYPT
+ myself->cipher = gcry_cipher_open(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, 0);
+#endif
+ }
+#ifdef USE_OPENSSL
if(myself->cipher)
myself->keylength = myself->cipher->key_len + myself->cipher->iv_len;
+#endif
+#ifdef USE_GCRYPT
+ if(myself->cipher)
+ myself->keylength = 16; /* FIXME */
+#endif
else
myself->keylength = 1;
+#ifdef USE_OPENSSL
myself->connection->outcipher = EVP_bf_ofb();
+#endif
+#ifdef USE_GCRYPT
+ /* FIXME: CHANGE this to something like aes - but openssl
+ compatibility mode for now */
+ myself->connection->outcipher = gcry_cipher_open(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB, 0);
+#endif
+#ifdef USE_OPENSSL
myself->key = (char *)xmalloc(myself->keylength);
RAND_pseudo_bytes(myself->key, myself->keylength);
+#endif
+#ifdef USE_GCYRPT
+ myself->key = gcry_random_bytes(myself->keylength, GCRY_WEAK_RANDOM);
+#endif
if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
keylifetime = 3600;
{
if(!strcasecmp(digest, "none"))
{
+#ifdef USE_OPENSSL
myself->digest = NULL;
+#endif
+#ifdef USE_GCRYPT
+ myself->digest = gcry_md_open(GCRY_MD_NONE, GCRY_MD_FLAG_HMAC);
+#endif
}
else
{
+#ifdef USE_OPENSSL
if(!(myself->digest = EVP_get_digestbyname(digest)))
+#endif
+#ifdef USE_GCRYPT
+ /* FIXME */
+ if(!(myself->digest = gcry_md_open(GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC)))
+#endif
{
syslog(LOG_ERR, _("Unrecognized digest type!"));
return -1;
}
}
else
+#ifdef USE_OPENSSL
myself->digest = EVP_sha1();
+#endif
+#ifdef USE_GCRYPT
+ myself->digest = gcry_md_open(GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
+#endif
+#ifdef USE_OPENSSL
myself->connection->outdigest = EVP_sha1();
+#endif
+#ifdef USE_GCRYPT
+ myself->connection->outdigest = gcry_md_open(GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
+#endif
if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->maclength))
{
if(myself->digest)
{
+#ifdef USE_OPENSSL
if(myself->maclength > myself->digest->md_size)
{
syslog(LOG_ERR, _("MAC length exceeds size of digest!"));
syslog(LOG_ERR, _("Bogus MAC length!"));
return -1;
}
+#endif
+#ifdef USE_GCRYPT
+ /* FIXME */
+ myself->maclength = 12;
+#endif
}
}
else