projects / tinc / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Moving files, first attempt at gcrypt compatibility, more interface
[tinc] / src / net_setup.c
diff --git a/src/net_setup.c b/src/net_setup.c
index 9591c94..8a8c0bc 100644 (file)
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: net_setup.c,v 1.2 2002/04/09 15:26:00 zarq Exp $
+    $Id: net_setup.c,v 1.4 2002/04/28 12:46:26 zarq Exp $
 */
 
 #include "config.h"
 */
 
 #include "config.h"
@@ -36,7 +36,6 @@
 #include <signal.h>
 #include <sys/time.h>
 #include <sys/types.h>
 #include <signal.h>
 #include <sys/time.h>
 #include <sys/types.h>
-#include <syslog.h>
 #include <unistd.h>
 #include <sys/ioctl.h>
 /* SunOS really wants sys/socket.h BEFORE net/if.h,
 #include <unistd.h>
 #include <sys/ioctl.h>
 /* SunOS really wants sys/socket.h BEFORE net/if.h,
@@ -45,9 +44,15 @@
 #include <sys/socket.h>
 #include <net/if.h>
 
 #include <sys/socket.h>
 #include <net/if.h>
 
+#ifdef USE_OPENSSL
 #include <openssl/pem.h>
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
 #include <openssl/pem.h>
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
+#endif
+
+#ifdef USE_GCRYPT
+#include <gcrypt.h>
+#endif
 
 #include <utils.h>
 #include <xalloc.h>
 
 #include <utils.h>
 #include <xalloc.h>
@@ -67,6 +72,7 @@
 #include "route.h"
 #include "device.h"
 #include "event.h"
 #include "route.h"
 #include "device.h"
 #include "event.h"
+#include "logging.h"
 
 #include "system.h"
 
 
 #include "system.h"
 
@@ -74,23 +80,39 @@ char *myport;
 
 int read_rsa_public_key(connection_t *c)
 {
 
 int read_rsa_public_key(connection_t *c)
 {
+  char *key;
+#ifdef USE_OPENSSL
   FILE *fp;
   char *fname;
   FILE *fp;
   char *fname;
-  char *key;
 cp
   if(!c->rsa_key)
     c->rsa_key = RSA_new();
 cp
   if(!c->rsa_key)
     c->rsa_key = RSA_new();
-
+#endif
+cp
+  
   /* First, check for simple PublicKey statement */
 
   if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key))
     {
   /* First, check for simple PublicKey statement */
 
   if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key))
     {
+#ifdef USE_OPENSSL
       BN_hex2bn(&c->rsa_key->n, key);
       BN_hex2bn(&c->rsa_key->e, "FFFF");
       BN_hex2bn(&c->rsa_key->n, key);
       BN_hex2bn(&c->rsa_key->e, "FFFF");
+#endif
+#ifdef USE_GCRYPT
+      int rc = gcry_sexp_build(&c->rsa_key, NULL, "(public-key(rsa(n%s)(e%s)))",
+                              key, "FFFF");
+      if(!rc)
+       {
+         syslog(LOG_ERR, _("gcry_sexp_build error: %d (%s)"),
+                rc, gcry_strerror(-1));
+         return -1;
+       }
+#endif
       free(key);
       return 0;
     }
 
       free(key);
       return 0;
     }
 
+#ifdef USE_OPENSSL
   /* Else, check for PublicKeyFile statement and read it */
 
   if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname))
   /* Else, check for PublicKeyFile statement and read it */
 
   if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname))
@@ -140,22 +162,44 @@ cp
       syslog(LOG_ERR, _("No public key for %s specified!"), c->name);
       return -1;
     }
       syslog(LOG_ERR, _("No public key for %s specified!"), c->name);
       return -1;
     }
+#endif
+#ifdef USE_GCRYPT
+  syslog(LOG_ERR, _("Only PublicKey statements are supported when using gcrypt for now."));
+  return -1;
+#endif
 }
 
 int read_rsa_private_key(void)
 {
 }
 
 int read_rsa_private_key(void)
 {
+#ifdef USE_OPENSSL
   FILE *fp;
   FILE *fp;
-  char *fname, *key;
+  char *fname;
+#endif
+  char *key;
 cp
   if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key))
     {
 cp
   if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key))
     {
+#ifdef USE_OPENSSL
       myself->connection->rsa_key = RSA_new();
       BN_hex2bn(&myself->connection->rsa_key->d, key);
       BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
       myself->connection->rsa_key = RSA_new();
       BN_hex2bn(&myself->connection->rsa_key->d, key);
       BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
+#endif
+#ifdef USE_GCRYPT
+      int rc = gcry_sexp_build(&myself->connection->rsa_key, NULL,
+                              "(public-key(rsa(n%s)(e%s)))",
+                              key, "FFFF");
+      if(!rc)
+       {
+         syslog(LOG_ERR, _("gcry_sexp_build error: %d (%s)"),
+                rc, gcry_strerror(-1));
+         return -1;
+       }
+#endif
       free(key);
       return 0;
     }
 
       free(key);
       return 0;
     }
 
+#ifdef USE_OPENSSL
   if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname))
     asprintf(&fname, "%s/rsa_key.priv", confbase);
 
   if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname))
     asprintf(&fname, "%s/rsa_key.priv", confbase);
 
@@ -182,6 +226,11 @@ cp
 
   free(fname);
   return -1;
 
   free(fname);
   return -1;
+#endif
+#ifdef USE_GCRYPT
+  syslog(LOG_ERR, _("Only PrivateKey statements are supported when using gcrypt for now."));
+  return -1;
+#endif
 }
 
 /*
 }
 
 /*
@@ -338,11 +387,23 @@ cp
     {
       if(!strcasecmp(cipher, "none"))
         {
     {
       if(!strcasecmp(cipher, "none"))
         {
+#ifdef USE_OPENSSL
           myself->cipher = NULL;
           myself->cipher = NULL;
+#endif
+#ifdef USE_GCRYPT
+         myself->cipher = gcry_cipher_open(GCRY_CIPHER_NONE, GCRY_CIPHER_MODE_NONE, 0);
+#endif
         }
       else
         {
         }
       else
         {
+#ifdef USE_OPENSSL
           if(!(myself->cipher = EVP_get_cipherbyname(cipher)))
           if(!(myself->cipher = EVP_get_cipherbyname(cipher)))
+#endif
+#ifdef USE_GCRYPT
+         /* FIXME */
+         myself->cipher = gcry_cipher_open(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, 0);
+         if(0)
+#endif
             {
               syslog(LOG_ERR, _("Unrecognized cipher type!"));
               return -1;
             {
               syslog(LOG_ERR, _("Unrecognized cipher type!"));
               return -1;
@@ -350,17 +411,42 @@ cp
         }
     }
   else
         }
     }
   else
-    myself->cipher = EVP_bf_cbc();
+    {
+#ifdef USE_OPENSSL
+      myself->cipher = EVP_bf_cbc();
+#endif
+#ifdef USE_GCRYPT
+      myself->cipher = gcry_cipher_open(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, 0);
+#endif
+    }
 
 
+#ifdef USE_OPENSSL
   if(myself->cipher)
     myself->keylength = myself->cipher->key_len + myself->cipher->iv_len;
   if(myself->cipher)
     myself->keylength = myself->cipher->key_len + myself->cipher->iv_len;
+#endif
+#ifdef USE_GCRYPT
+  if(myself->cipher)
+    myself->keylength = 16;  /* FIXME */
+#endif
   else
     myself->keylength = 1;
 
   else
     myself->keylength = 1;
 
+#ifdef USE_OPENSSL
   myself->connection->outcipher = EVP_bf_ofb();
   myself->connection->outcipher = EVP_bf_ofb();
+#endif
+#ifdef USE_GCRYPT
+  /* FIXME: CHANGE this to something like aes - but openssl
+     compatibility mode for now */
+  myself->connection->outcipher = gcry_cipher_open(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB, 0);
+#endif
 
 
+#ifdef USE_OPENSSL
   myself->key = (char *)xmalloc(myself->keylength);
   RAND_pseudo_bytes(myself->key, myself->keylength);
   myself->key = (char *)xmalloc(myself->keylength);
   RAND_pseudo_bytes(myself->key, myself->keylength);
+#endif
+#ifdef USE_GCYRPT
+  myself->key = gcry_random_bytes(myself->keylength, GCRY_WEAK_RANDOM);
+#endif
 
   if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
     keylifetime = 3600;
 
   if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
     keylifetime = 3600;
@@ -373,11 +459,22 @@ cp
     {
       if(!strcasecmp(digest, "none"))
         {
     {
       if(!strcasecmp(digest, "none"))
         {
+#ifdef USE_OPENSSL
           myself->digest = NULL;
           myself->digest = NULL;
+#endif
+#ifdef USE_GCRYPT
+         myself->digest = gcry_md_open(GCRY_MD_NONE, GCRY_MD_FLAG_HMAC);
+#endif
         }
       else
         {
         }
       else
         {
+#ifdef USE_OPENSSL
           if(!(myself->digest = EVP_get_digestbyname(digest)))
           if(!(myself->digest = EVP_get_digestbyname(digest)))
+#endif
+#ifdef USE_GCRYPT
+         /* FIXME */
+         if(!(myself->digest = gcry_md_open(GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC)))
+#endif
             {
               syslog(LOG_ERR, _("Unrecognized digest type!"));
               return -1;
             {
               syslog(LOG_ERR, _("Unrecognized digest type!"));
               return -1;
@@ -385,14 +482,25 @@ cp
         }
     }
   else
         }
     }
   else
+#ifdef USE_OPENSSL
     myself->digest = EVP_sha1();
     myself->digest = EVP_sha1();
+#endif
+#ifdef USE_GCRYPT
+    myself->digest = gcry_md_open(GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
+#endif
 
 
+#ifdef USE_OPENSSL
   myself->connection->outdigest = EVP_sha1();
   myself->connection->outdigest = EVP_sha1();
+#endif
+#ifdef USE_GCRYPT
+  myself->connection->outdigest = gcry_md_open(GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
+#endif
 
   if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->maclength))
     {
       if(myself->digest)
         {
 
   if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->maclength))
     {
       if(myself->digest)
         {
+#ifdef USE_OPENSSL
           if(myself->maclength > myself->digest->md_size)
             {
               syslog(LOG_ERR, _("MAC length exceeds size of digest!"));
           if(myself->maclength > myself->digest->md_size)
             {
               syslog(LOG_ERR, _("MAC length exceeds size of digest!"));
@@ -403,6 +511,11 @@ cp
               syslog(LOG_ERR, _("Bogus MAC length!"));
               return -1;
             }
               syslog(LOG_ERR, _("Bogus MAC length!"));
               return -1;
             }
+#endif
+#ifdef USE_GCRYPT
+         /* FIXME */
+         myself->maclength = 12;
+#endif
         }
     }
   else
         }
     }
   else
tinc, the VPN daemon