X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet_setup.c;h=8a8c0bc9dc3e447d90cb1de625ebdd5bb9077230;hp=9591c9415f8d6ae3e2d795b0d88d8afc2220d446;hb=04d33be4bd102de67bb6dba5c449e12fea0db4d2;hpb=462ab530e546f5732dfd51134751da6f6910d679 diff --git a/src/net_setup.c b/src/net_setup.c index 9591c941..8a8c0bc9 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.2 2002/04/09 15:26:00 zarq Exp $ + $Id: net_setup.c,v 1.4 2002/04/28 12:46:26 zarq Exp $ */ #include "config.h" @@ -36,7 +36,6 @@ #include #include #include -#include #include #include /* SunOS really wants sys/socket.h BEFORE net/if.h, @@ -45,9 +44,15 @@ #include #include +#ifdef USE_OPENSSL #include #include #include +#endif + +#ifdef USE_GCRYPT +#include +#endif #include #include @@ -67,6 +72,7 @@ #include "route.h" #include "device.h" #include "event.h" +#include "logging.h" #include "system.h" @@ -74,23 +80,39 @@ char *myport; int read_rsa_public_key(connection_t *c) { + char *key; +#ifdef USE_OPENSSL FILE *fp; char *fname; - char *key; cp if(!c->rsa_key) c->rsa_key = RSA_new(); - +#endif +cp + /* First, check for simple PublicKey statement */ if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key)) { +#ifdef USE_OPENSSL BN_hex2bn(&c->rsa_key->n, key); BN_hex2bn(&c->rsa_key->e, "FFFF"); +#endif +#ifdef USE_GCRYPT + int rc = gcry_sexp_build(&c->rsa_key, NULL, "(public-key(rsa(n%s)(e%s)))", + key, "FFFF"); + if(!rc) + { + syslog(LOG_ERR, _("gcry_sexp_build error: %d (%s)"), + rc, gcry_strerror(-1)); + return -1; + } +#endif free(key); return 0; } +#ifdef USE_OPENSSL /* Else, check for PublicKeyFile statement and read it */ if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname)) @@ -140,22 +162,44 @@ cp syslog(LOG_ERR, _("No public key for %s specified!"), c->name); return -1; } +#endif +#ifdef USE_GCRYPT + syslog(LOG_ERR, _("Only PublicKey statements are supported when using gcrypt for now.")); + return -1; +#endif } int read_rsa_private_key(void) { +#ifdef USE_OPENSSL FILE *fp; - char *fname, *key; + char *fname; +#endif + char *key; cp if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) { +#ifdef USE_OPENSSL myself->connection->rsa_key = RSA_new(); BN_hex2bn(&myself->connection->rsa_key->d, key); BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); +#endif +#ifdef USE_GCRYPT + int rc = gcry_sexp_build(&myself->connection->rsa_key, NULL, + "(public-key(rsa(n%s)(e%s)))", + key, "FFFF"); + if(!rc) + { + syslog(LOG_ERR, _("gcry_sexp_build error: %d (%s)"), + rc, gcry_strerror(-1)); + return -1; + } +#endif free(key); return 0; } +#ifdef USE_OPENSSL if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) asprintf(&fname, "%s/rsa_key.priv", confbase); @@ -182,6 +226,11 @@ cp free(fname); return -1; +#endif +#ifdef USE_GCRYPT + syslog(LOG_ERR, _("Only PrivateKey statements are supported when using gcrypt for now.")); + return -1; +#endif } /* @@ -338,11 +387,23 @@ cp { if(!strcasecmp(cipher, "none")) { +#ifdef USE_OPENSSL myself->cipher = NULL; +#endif +#ifdef USE_GCRYPT + myself->cipher = gcry_cipher_open(GCRY_CIPHER_NONE, GCRY_CIPHER_MODE_NONE, 0); +#endif } else { +#ifdef USE_OPENSSL if(!(myself->cipher = EVP_get_cipherbyname(cipher))) +#endif +#ifdef USE_GCRYPT + /* FIXME */ + myself->cipher = gcry_cipher_open(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, 0); + if(0) +#endif { syslog(LOG_ERR, _("Unrecognized cipher type!")); return -1; @@ -350,17 +411,42 @@ cp } } else - myself->cipher = EVP_bf_cbc(); + { +#ifdef USE_OPENSSL + myself->cipher = EVP_bf_cbc(); +#endif +#ifdef USE_GCRYPT + myself->cipher = gcry_cipher_open(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, 0); +#endif + } +#ifdef USE_OPENSSL if(myself->cipher) myself->keylength = myself->cipher->key_len + myself->cipher->iv_len; +#endif +#ifdef USE_GCRYPT + if(myself->cipher) + myself->keylength = 16; /* FIXME */ +#endif else myself->keylength = 1; +#ifdef USE_OPENSSL myself->connection->outcipher = EVP_bf_ofb(); +#endif +#ifdef USE_GCRYPT + /* FIXME: CHANGE this to something like aes - but openssl + compatibility mode for now */ + myself->connection->outcipher = gcry_cipher_open(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB, 0); +#endif +#ifdef USE_OPENSSL myself->key = (char *)xmalloc(myself->keylength); RAND_pseudo_bytes(myself->key, myself->keylength); +#endif +#ifdef USE_GCYRPT + myself->key = gcry_random_bytes(myself->keylength, GCRY_WEAK_RANDOM); +#endif if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) keylifetime = 3600; @@ -373,11 +459,22 @@ cp { if(!strcasecmp(digest, "none")) { +#ifdef USE_OPENSSL myself->digest = NULL; +#endif +#ifdef USE_GCRYPT + myself->digest = gcry_md_open(GCRY_MD_NONE, GCRY_MD_FLAG_HMAC); +#endif } else { +#ifdef USE_OPENSSL if(!(myself->digest = EVP_get_digestbyname(digest))) +#endif +#ifdef USE_GCRYPT + /* FIXME */ + if(!(myself->digest = gcry_md_open(GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC))) +#endif { syslog(LOG_ERR, _("Unrecognized digest type!")); return -1; @@ -385,14 +482,25 @@ cp } } else +#ifdef USE_OPENSSL myself->digest = EVP_sha1(); +#endif +#ifdef USE_GCRYPT + myself->digest = gcry_md_open(GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); +#endif +#ifdef USE_OPENSSL myself->connection->outdigest = EVP_sha1(); +#endif +#ifdef USE_GCRYPT + myself->connection->outdigest = gcry_md_open(GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC); +#endif if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->maclength)) { if(myself->digest) { +#ifdef USE_OPENSSL if(myself->maclength > myself->digest->md_size) { syslog(LOG_ERR, _("MAC length exceeds size of digest!")); @@ -403,6 +511,11 @@ cp syslog(LOG_ERR, _("Bogus MAC length!")); return -1; } +#endif +#ifdef USE_GCRYPT + /* FIXME */ + myself->maclength = 12; +#endif } } else