X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fencr.c;h=cde6a991b195650c14be0669776851174bdfd9aa;hp=899a46b0718bb8dad51bc94a04123aa0e000204c;hb=74b0cbecce5194dc5c594cc4e2aa3e97c14ea6c1;hpb=1243156a5e03a666b36bc4400f1402243a85c9a7

diff --git a/src/encr.c b/src/encr.c
index 899a46b0..cde6a991 100644
--- a/src/encr.c
+++ b/src/encr.c
@@ -19,6 +19,8 @@
 
 #include "config.h"
 
+#include <sys/types.h>
+
 #include <ctype.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -68,7 +70,7 @@ int char_hex_to_bin(int c)
 int str_hex_to_bin(unsigned char *bin, unsigned char *hex)
 {
   int i = 0, j = 0, l = strlen(hex);
-
+cp
   if(l&1)
     {
       i = j = 1;
@@ -76,7 +78,7 @@ int str_hex_to_bin(unsigned char *bin, unsigned char *hex)
     }
   for(; i < l; i+=2, j++)
     bin[j] = (char_hex_to_bin(hex[i]) << 4) + char_hex_to_bin(hex[i+1]);
-
+cp
   return j&1?j+1:j;
 }
 
@@ -88,7 +90,7 @@ int read_passphrase(char *which, char **out)
   int size;
   extern char *confbase;
   char *pp;
-
+cp
   if((cfg = get_config_val(passphrasesdir)) == NULL)
     {
       filename = xmalloc(strlen(confbase)+13+strlen(which));
@@ -107,20 +109,27 @@ int read_passphrase(char *which, char **out)
     }
 
   fscanf(f, "%d ", &size);
-  size >>= 2; /* nibbles->bits */
+  if(size < 1 || size > (1<<15))
+    {
+      syslog(LOG_ERR, "Illegal passphrase in %s; size would be %d", filename, size);
+      return -1;
+    }
+  size >>= 2; /* bits->nibbles */
   pp = xmalloc(size+2);
   fgets(pp, size+1, f);
   fclose(f);
 
   *out = xmalloc(size);
+cp
   return str_hex_to_bin(*out, pp);
 }
 
 int read_my_passphrase(void)
 {
+cp
   if((mypassphraselen = read_passphrase("local", &mypassphrase)) < 0)
     return -1;
-
+cp
   return 0;
 }
 
@@ -130,7 +139,7 @@ int generate_private_key(void)
   int i;
   char *s;
   config_t const *cfg;
-
+cp
   if((cfg = get_config_val(keyexpire)) == NULL)
     my_key_expiry = (time_t)(time(NULL) + 3600);
   else
@@ -152,20 +161,23 @@ int generate_private_key(void)
   s[2 * PRIVATE_KEY_LENGTH] = '\0';
 
   mpz_set_str(my_private_key, s, 16);
-
+cp
   return 0;
 }
 
 void calculate_public_key(void)
 {
+cp
   mpz_powm(my_public_key, generator, my_private_key, shared_prime);
   my_public_key_base36 = mpz_get_str(NULL, 36, my_public_key);
+cp
 }
 
 unsigned char static_key[] = { 0x9c, 0xbf, 0x36, 0xa9, 0xce, 0x20, 0x1b, 0x8b, 0x67, 0x56, 0x21, 0x5d, 0x27, 0x1b, 0xd8, 0x7a };
 
 int security_init(void)
 {
+cp
   mpz_init(my_private_key);
   mpz_init(my_public_key);
   mpz_init_set_str(shared_prime, ENCR_PRIME, 0);
@@ -180,7 +192,7 @@ int security_init(void)
     return -1;
 
   calculate_public_key();
-
+cp
   return 0;
 }
 
@@ -189,7 +201,7 @@ void set_shared_key(char *almost_key)
   char *tmp;
   int len;
   mpz_t ak, our_shared_key;
-
+cp
   mpz_init_set_str(ak, almost_key, 36);
   mpz_init(our_shared_key);
   mpz_powm(our_shared_key, ak, my_private_key, shared_prime);
@@ -197,7 +209,7 @@ void set_shared_key(char *almost_key)
   tmp = mpz_get_str(NULL, 16, our_shared_key);
   len = str_hex_to_bin(text_key, tmp);
 
-  cipher_set_key(&encryption_key, len, &text_key[0]);
+  cipher_set_key(&encryption_key, len, text_key);
   key_inited = 1;
   encryption_keylen = len;
 
@@ -207,6 +219,7 @@ void set_shared_key(char *almost_key)
   free(tmp);
   mpz_clear(ak);
   mpz_clear(our_shared_key);
+cp
 }
 
 
@@ -214,49 +227,61 @@ void encrypt_passphrase(passphrase_t *pp)
 {
   char key[1000];
   char tmp[1000];
-  int len;
+  unsigned char phrase[1000];
+  int keylen;
+  int i;
   BF_KEY bf_key;
   
-  mpz_get_str(&tmp[0], 16, my_public_key);
-  len = str_hex_to_bin(key, tmp);
+cp  
+  mpz_get_str(tmp, 16, my_public_key);
+  keylen = str_hex_to_bin(key, tmp);
+
+  cipher_set_key(&bf_key, keylen, key);
 
-  cipher_set_key(&bf_key, len, &key[0]);
+  low_crypt_key(mypassphrase, phrase, &bf_key, mypassphraselen, BF_ENCRYPT);
+  pp->len = ((mypassphraselen - 1) | 7) + 1;
+  pp->phrase = xmalloc((pp->len << 1) + 1);
+  
+  for(i = 0; i < pp->len; i++)
+    snprintf(&(pp->phrase)[i << 1], 3, "%02x", (int)phrase[i]);
 
-  low_crypt_key(mypassphrase, pp->phrase, &bf_key, mypassphraselen, BF_ENCRYPT);
-  pp->len = ((mypassphraselen - 1) | 7) + 5;
+  pp->phrase[(pp->len << 1) + 1] = '\0';
 
   if(key_inited)
-    cipher_set_key(&encryption_key, encryption_keylen, &text_key[0]);
+    cipher_set_key(&encryption_key, encryption_keylen, text_key);
+cp
 }
 
 int verify_passphrase(conn_list_t *cl, unsigned char *his_pubkey)
 {
   char key[1000];
-  char tmp[1000];
-  int len;
+  char *tmp;
+  unsigned char phrase[1000];
+  int keylen, pplen;
   mpz_t pk;
   unsigned char *out;
   BF_KEY bf_key;
   char which[sizeof("123.123.123.123")+1];
   char *meuk;
-
+cp
   mpz_init_set_str(pk, his_pubkey, 36);
-  mpz_get_str(&tmp[0], 16, pk);
-  len = str_hex_to_bin(key, tmp);
-  out = xmalloc(cl->pp->len+3);
+  tmp = mpz_get_str(NULL, 16, pk);
+  keylen = str_hex_to_bin(key, tmp);
+  out = xmalloc((cl->pp->len >> 1) + 3);
+  pplen = str_hex_to_bin(phrase, cl->pp->phrase);
 
-  cipher_set_key(&bf_key, len, &key[0]);
-  low_crypt_key(cl->pp->phrase, out, &bf_key, cl->pp->len, BF_DECRYPT);
+  cipher_set_key(&bf_key, keylen, key);
+  low_crypt_key(phrase, out, &bf_key, pplen, BF_DECRYPT);
   if(key_inited)
-    cipher_set_key(&encryption_key, encryption_keylen, &text_key[0]);
+    cipher_set_key(&encryption_key, encryption_keylen, text_key);
 
-  sprintf(&which[0], IP_ADDR_S, IP_ADDR_V(cl->vpn_ip));
-  if((len = read_passphrase(which, &meuk)) < 0)
+  sprintf(which, IP_ADDR_S, IP_ADDR_V(cl->vpn_ip));
+  if((pplen = read_passphrase(which, &meuk)) < 0)
     return -1;
 
-  if(memcmp(meuk, out, len))
+  if(memcmp(meuk, out, pplen))
     return -1;
-
+cp
   return 0;
 }
 
@@ -264,7 +289,7 @@ char *make_shared_key(char *pk)
 {
   mpz_t tmp, res;
   char *r;
-
+cp
   mpz_init_set_str(tmp, pk, 36);
   mpz_init(res);
   mpz_powm(res, tmp, my_private_key, shared_prime);
@@ -273,7 +298,7 @@ char *make_shared_key(char *pk)
 
   mpz_clear(res);
   mpz_clear(tmp);
-
+cp
   return r;
 }
 
@@ -282,6 +307,7 @@ char *make_shared_key(char *pk)
 */
 void free_key(enc_key_t *k)
 {
+cp
   if(!k)
     return;
   if(k->key)
@@ -290,36 +316,36 @@ void free_key(enc_key_t *k)
       free(k->key);
     }
   free(k);
+cp
 }
 
 void recalculate_encryption_keys(void)
 {
   conn_list_t *p;
   char *ek;
-
+cp
   for(p = conn_list; p != NULL; p = p->next)
     {
       if(!p->public_key || !p->public_key->key)
+	/* We haven't received a key from this host (yet). */
 	continue;
       ek = make_shared_key(p->public_key->key);
-      if(!p->key)
-	{
-	  p->key = xmalloc(sizeof(enc_key_t));
-	  p->key->key = NULL;
-	}
-      if(p->key->key)
-	free(p->key->key);
+      free_key(p->key);
+      p->key = xmalloc(sizeof(*p->key));
       p->key->length = strlen(ek);
       p->key->expiry = p->public_key->expiry;
       p->key->key = xmalloc(strlen(ek) + 1);
       strcpy(p->key->key, ek);
     }
+cp
 }
 
 void regenerate_keys(void)
 {
+cp
   generate_private_key();
   calculate_public_key();
   send_key_changed2();
   recalculate_encryption_keys();
+cp
 }