X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fencr.c;h=5753de231cc71a82c552618f849fd45fc1d56c0a;hp=e78ed5ec62a859e04f432e2bb728c04f2f12ac6e;hb=77be52422d8c28735f787b1c233b4cec73d4db56;hpb=98de35c742498878a27fb29becd3b7154525a60f diff --git a/src/encr.c b/src/encr.c index e78ed5ec..5753de23 100644 --- a/src/encr.c +++ b/src/encr.c @@ -1,6 +1,7 @@ /* encr.c -- everything that deals with encryption - Copyright (C) 1998,99 Ivo Timmermans + Copyright (C) 1998,1999,2000 Ivo Timmermans + 2000 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -15,10 +16,14 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: encr.c,v 1.12 2000/05/31 18:23:06 zarq Exp $ */ #include "config.h" +#include + #include #include #include @@ -45,6 +50,8 @@ #include "net.h" #include "protocol.h" +#include "system.h" + #define ENCR_GENERATOR "0xd" #define ENCR_PRIME "0x7fffffffffffffffffffffffffffffff" /* Mersenne :) */ @@ -68,7 +75,7 @@ int char_hex_to_bin(int c) int str_hex_to_bin(unsigned char *bin, unsigned char *hex) { int i = 0, j = 0, l = strlen(hex); - +cp if(l&1) { i = j = 1; @@ -76,7 +83,7 @@ int str_hex_to_bin(unsigned char *bin, unsigned char *hex) } for(; i < l; i+=2, j++) bin[j] = (char_hex_to_bin(hex[i]) << 4) + char_hex_to_bin(hex[i+1]); - +cp return j&1?j+1:j; } @@ -88,7 +95,7 @@ int read_passphrase(char *which, char **out) int size; extern char *confbase; char *pp; - +cp if((cfg = get_config_val(passphrasesdir)) == NULL) { filename = xmalloc(strlen(confbase)+13+strlen(which)); @@ -102,25 +109,32 @@ int read_passphrase(char *which, char **out) if((f = fopen(filename, "rb")) == NULL) { - syslog(LOG_ERR, "Could not open %s: %m", filename); + syslog(LOG_ERR, _("Could not open %s: %m"), filename); return -1; } fscanf(f, "%d ", &size); - size >>= 2; /* nibbles->bits */ + if(size < 1 || size > (1<<15)) + { + syslog(LOG_ERR, _("Illegal passphrase in %s; size would be %d"), filename, size); + return -1; + } + size >>= 2; /* bits->nibbles */ pp = xmalloc(size+2); fgets(pp, size+1, f); fclose(f); *out = xmalloc(size); +cp return str_hex_to_bin(*out, pp); } int read_my_passphrase(void) { +cp if((mypassphraselen = read_passphrase("local", &mypassphrase)) < 0) return -1; - +cp return 0; } @@ -130,17 +144,17 @@ int generate_private_key(void) int i; char *s; config_t const *cfg; - +cp if((cfg = get_config_val(keyexpire)) == NULL) my_key_expiry = (time_t)(time(NULL) + 3600); else my_key_expiry = (time_t)(time(NULL) + cfg->data.val); - syslog(LOG_NOTICE, "Generating %d bits keys.", PRIVATE_KEY_BITS); + syslog(LOG_NOTICE, _("Generating %d bits keys."), PRIVATE_KEY_BITS); if((f = fopen("/dev/urandom", "r")) == NULL) { - syslog(LOG_ERR, "Opening /dev/urandom failed: %m"); + syslog(LOG_ERR, _("Opening /dev/urandom failed: %m")); return -1; } @@ -152,20 +166,23 @@ int generate_private_key(void) s[2 * PRIVATE_KEY_LENGTH] = '\0'; mpz_set_str(my_private_key, s, 16); - +cp return 0; } void calculate_public_key(void) { +cp mpz_powm(my_public_key, generator, my_private_key, shared_prime); my_public_key_base36 = mpz_get_str(NULL, 36, my_public_key); +cp } unsigned char static_key[] = { 0x9c, 0xbf, 0x36, 0xa9, 0xce, 0x20, 0x1b, 0x8b, 0x67, 0x56, 0x21, 0x5d, 0x27, 0x1b, 0xd8, 0x7a }; int security_init(void) { +cp mpz_init(my_private_key); mpz_init(my_public_key); mpz_init_set_str(shared_prime, ENCR_PRIME, 0); @@ -180,7 +197,7 @@ int security_init(void) return -1; calculate_public_key(); - +cp return 0; } @@ -189,7 +206,7 @@ void set_shared_key(char *almost_key) char *tmp; int len; mpz_t ak, our_shared_key; - +cp mpz_init_set_str(ak, almost_key, 36); mpz_init(our_shared_key); mpz_powm(our_shared_key, ak, my_private_key, shared_prime); @@ -197,16 +214,17 @@ void set_shared_key(char *almost_key) tmp = mpz_get_str(NULL, 16, our_shared_key); len = str_hex_to_bin(text_key, tmp); - cipher_set_key(&encryption_key, len, &text_key[0]); + cipher_set_key(&encryption_key, len, text_key); key_inited = 1; encryption_keylen = len; if(debug_lvl > 2) - syslog(LOG_INFO, "Encryption key set to %s", tmp); + syslog(LOG_INFO, _("Encryption key set to %s"), tmp); free(tmp); mpz_clear(ak); mpz_clear(our_shared_key); +cp } @@ -214,49 +232,61 @@ void encrypt_passphrase(passphrase_t *pp) { char key[1000]; char tmp[1000]; - int len; + unsigned char phrase[1000]; + int keylen; + int i; BF_KEY bf_key; - mpz_get_str(&tmp[0], 16, my_public_key); - len = str_hex_to_bin(key, tmp); +cp + mpz_get_str(tmp, 16, my_public_key); + keylen = str_hex_to_bin(key, tmp); - cipher_set_key(&bf_key, len, &key[0]); + cipher_set_key(&bf_key, keylen, key); - low_crypt_key(mypassphrase, pp->phrase, &bf_key, mypassphraselen, BF_ENCRYPT); - pp->len = ((mypassphraselen - 1) | 7) + 5; + low_crypt_key(mypassphrase, phrase, &bf_key, mypassphraselen, BF_ENCRYPT); + pp->len = ((mypassphraselen - 1) | 7) + 1; + pp->phrase = xmalloc((pp->len << 1) + 1); + + for(i = 0; i < pp->len; i++) + snprintf(&(pp->phrase)[i << 1], 3, "%02x", (int)phrase[i]); + + pp->phrase[(pp->len << 1) + 1] = '\0'; if(key_inited) - cipher_set_key(&encryption_key, encryption_keylen, &text_key[0]); + cipher_set_key(&encryption_key, encryption_keylen, text_key); +cp } int verify_passphrase(conn_list_t *cl, unsigned char *his_pubkey) { char key[1000]; - char tmp[1000]; - int len; + char *tmp; + unsigned char phrase[1000]; + int keylen, pplen; mpz_t pk; unsigned char *out; BF_KEY bf_key; char which[sizeof("123.123.123.123")+1]; char *meuk; - +cp mpz_init_set_str(pk, his_pubkey, 36); - mpz_get_str(&tmp[0], 16, pk); - len = str_hex_to_bin(key, tmp); - out = xmalloc(cl->pp->len+3); + tmp = mpz_get_str(NULL, 16, pk); + keylen = str_hex_to_bin(key, tmp); + out = xmalloc((cl->pp->len >> 1) + 3); + pplen = str_hex_to_bin(phrase, cl->pp->phrase); - cipher_set_key(&bf_key, len, &key[0]); - low_crypt_key(cl->pp->phrase, out, &bf_key, cl->pp->len, BF_DECRYPT); + cipher_set_key(&bf_key, keylen, key); + low_crypt_key(phrase, out, &bf_key, pplen, BF_DECRYPT); if(key_inited) - cipher_set_key(&encryption_key, encryption_keylen, &text_key[0]); + cipher_set_key(&encryption_key, encryption_keylen, text_key); - sprintf(&which[0], IP_ADDR_S, IP_ADDR_V(cl->vpn_ip)); - if((len = read_passphrase(which, &meuk)) < 0) + sprintf(which, IP_ADDR_S, IP_ADDR_V(cl->vpn_ip)); + if((pplen = read_passphrase(which, &meuk)) < 0) return -1; - if(memcmp(meuk, out, len)) + if(memcmp(meuk, out, pplen)) return -1; - +cp return 0; } @@ -264,7 +294,7 @@ char *make_shared_key(char *pk) { mpz_t tmp, res; char *r; - +cp mpz_init_set_str(tmp, pk, 36); mpz_init(res); mpz_powm(res, tmp, my_private_key, shared_prime); @@ -273,7 +303,7 @@ char *make_shared_key(char *pk) mpz_clear(res); mpz_clear(tmp); - +cp return r; } @@ -282,6 +312,7 @@ char *make_shared_key(char *pk) */ void free_key(enc_key_t *k) { +cp if(!k) return; if(k->key) @@ -290,13 +321,14 @@ void free_key(enc_key_t *k) free(k->key); } free(k); +cp } void recalculate_encryption_keys(void) { conn_list_t *p; char *ek; - +cp for(p = conn_list; p != NULL; p = p->next) { if(!p->public_key || !p->public_key->key) @@ -304,18 +336,21 @@ void recalculate_encryption_keys(void) continue; ek = make_shared_key(p->public_key->key); free_key(p->key); - p->key = xmalloc(sizeof(enc_key_t)); + p->key = xmalloc(sizeof(*p->key)); p->key->length = strlen(ek); p->key->expiry = p->public_key->expiry; p->key->key = xmalloc(strlen(ek) + 1); strcpy(p->key->key, ek); } +cp } void regenerate_keys(void) { +cp generate_private_key(); calculate_public_key(); - send_key_changed2(); + send_key_changed_all(); recalculate_encryption_keys(); +cp }