X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_auth.c;h=4359fb542a6a927445972a7261b72d54d20ea653;hp=b9f845b6fac4c226219e7e8ff4d49b38c47337c4;hb=04d33be4bd102de67bb6dba5c449e12fea0db4d2;hpb=b0a676988a8da3120e64ef0e1a4ea4c28b1511e1

diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index b9f845b6..4359fb54 100644
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: protocol_auth.c,v 1.3 2002/04/13 11:07:12 zarq Exp $
+    $Id: protocol_auth.c,v 1.4 2002/04/28 12:46:26 zarq Exp $
 */
 
 #include "config.h"
@@ -32,9 +32,15 @@
 #include <xalloc.h>
 #include <avl_tree.h>
 
+#ifdef USE_OPENSSL
 #include <openssl/sha.h>
 #include <openssl/rand.h>
 #include <openssl/evp.h>
+#endif
+
+#ifdef USE_GCRYPT
+#include <gcrypt.h>
+#endif
 
 #ifndef HAVE_RAND_PSEUDO_BYTES
 #define RAND_pseudo_bytes RAND_bytes
@@ -142,6 +148,7 @@ int send_metakey(connection_t *c)
   char buffer[MAX_STRING_SIZE];
   int len, x;
 cp
+#ifdef USE_OPENSSL
   len = RSA_size(c->rsa_key);
 
   /* Allocate buffers for the meta key */
@@ -155,6 +162,12 @@ cp
   /* Copy random data to the buffer */
 
   RAND_bytes(c->outkey, len);
+#endif
+
+#ifdef USE_GCRYPT
+  len = 123; /* FIXME: RSA key length */
+  c->outkey = gcry_random_bytes(len, GCRY_WEAK_RANDOM);
+#endif
 
   /* The message we send must be smaller than the modulus of the RSA key.
      By definition, for a key of k bits, the following formula holds:
@@ -182,25 +195,32 @@ cp
      with a length equal to that of the modulus of the RSA key.
   */
 
+#ifdef USE_OPENSSL
   if(RSA_public_encrypt(len, c->outkey, buffer, c->rsa_key, RSA_NO_PADDING) != len)
     {
       syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname);
       return -1;
     }
+#endif
 cp
   /* Convert the encrypted random data to a hexadecimal formatted string */
 
+#ifdef USE_OPENSSL
   bin2hex(buffer, buffer, len);
+#endif
   buffer[len*2] = '\0';
 
   /* Send the meta key */
 
+#ifdef USE_OPENSSL
   x = send_request(c, "%d %d %d %d %d %s", METAKEY,
                    c->outcipher?c->outcipher->nid:0, c->outdigest?c->outdigest->type:0,
 		   c->outmaclength, c->outcompression, buffer);
+#endif
 
   /* Further outgoing requests are encrypted with the key we just generated */
 
+#ifdef USE_OPENSSL
   if(c->outcipher)
     {
       EVP_EncryptInit(c->outctx, c->outcipher,
@@ -209,6 +229,7 @@ cp
 
       c->status.encryptout = 1;
     }
+#endif
 cp
   return x;
 }
@@ -225,7 +246,9 @@ cp
        return -1;
     }
 cp
+#ifdef USE_OPENSSL
   len = RSA_size(myself->connection->rsa_key);
+#endif
 
   /* Check if the length of the meta key is all right */
 
@@ -240,20 +263,24 @@ cp
   if(!c->inkey)
     c->inkey = xmalloc(len);
 
+#ifdef USE_OPENSSL
   if(!c->inctx)
     c->inctx = xmalloc(sizeof(*c->inctx));
+#endif
 
   /* Convert the challenge from hexadecimal back to binary */
 cp
   hex2bin(buffer,buffer,len);
 
   /* Decrypt the meta key */
-cp  
+cp
+#ifdef USE_OPENSSL
   if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len)	/* See challenge() */
     {
       syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname);
       return -1;
     }
+#endif
 
   if(debug_lvl >= DEBUG_SCARY_THINGS)
     {
@@ -268,6 +295,7 @@ cp
 
   if(cipher)
     {
+#ifdef USE_OPENSSL
       c->incipher = EVP_get_cipherbynid(cipher);
       if(!c->incipher)
 	{
@@ -280,6 +308,7 @@ cp
                       c->inkey + len - c->incipher->key_len - c->incipher->iv_len);
 
       c->status.decryptin = 1;
+#endif
     }
   else
     {
@@ -290,6 +319,7 @@ cp
 
   if(digest)
     {
+#ifdef USE_OPENSSL
       c->indigest = EVP_get_digestbynid(digest);
       if(!c->indigest)
 	{
@@ -302,6 +332,7 @@ cp
 	  syslog(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname);
 	  return -1;
 	}
+#endif
     }
   else
     {
@@ -322,7 +353,9 @@ int send_challenge(connection_t *c)
 cp
   /* CHECKME: what is most reasonable value for len? */
 
+#ifdef USE_OPENSSL
   len = RSA_size(c->rsa_key);
+#endif
 
   /* Allocate buffers for the challenge */
 
@@ -331,7 +364,9 @@ cp
 cp
   /* Copy random data to the buffer */
 
+#ifdef USE_OPENSSL
   RAND_bytes(c->hischallenge, len);
+#endif
 
 cp
   /* Convert to hex */
@@ -358,7 +393,9 @@ cp
        return -1;
     }
 
+#ifdef USE_OPENSSL
   len = RSA_size(myself->connection->rsa_key);
+#endif
 
   /* Check if the length of the challenge is all right */
 
@@ -386,6 +423,7 @@ cp
 
 int send_chal_reply(connection_t *c)
 {
+#ifdef USE_OPENSSL
   char hash[EVP_MAX_MD_SIZE*2+1];
   EVP_MD_CTX ctx;
 cp
@@ -404,10 +442,15 @@ cp
 
 cp
   return send_request(c, "%d %s", CHAL_REPLY, hash);
+#endif
+#ifdef USE_GCRYPT
+  return 0;
+#endif
 }
 
 int chal_reply_h(connection_t *c)
 {
+#ifdef USE_OPENSSL
   char hishash[MAX_STRING_SIZE];
   char myhash[EVP_MAX_MD_SIZE];
   EVP_MD_CTX ctx;
@@ -454,6 +497,8 @@ cp
      Send an acknowledgement with the rest of the information needed.
    */
 
+#endif
+
   c->allow_request = ACK;
 cp
   return send_ack(c);