j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Moving files, first attempt at gcrypt compatibility, more interface

Browse source 
abstraction
This commit is contained in:
Ivo Timmermans 2002-04-28 12:46:26 +00:00
parent b0a676988a
commit 04d33be4bd
69 changed files with 10498 additions and 536 deletions
Download patch file Download diff file Expand all files Collapse all files

123
src/net_setup.c
View file

@ -17,7 +17,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
$Id: net_setup.c,v 1.3 2002/04/13 11:07:12 zarq Exp $
$Id: net_setup.c,v 1.4 2002/04/28 12:46:26 zarq Exp $
*/
#include "config.h"
@ -44,9 +44,15 @@
#include <sys/socket.h>
#include <net/if.h>
#ifdef USE_OPENSSL
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>
#endif
#ifdef USE_GCRYPT
#include <gcrypt.h>
#endif
#include <utils.h>
#include <xalloc.h>
@ -74,23 +80,39 @@ char *myport;
int read_rsa_public_key(connection_t *c)
{
char *key;
#ifdef USE_OPENSSL
FILE *fp;
char *fname;
char *key;
cp
if(!c->rsa_key)
c->rsa_key = RSA_new();
#endif
cp
/* First, check for simple PublicKey statement */
if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key))
{
#ifdef USE_OPENSSL
BN_hex2bn(&c->rsa_key->n, key);
BN_hex2bn(&c->rsa_key->e, "FFFF");
#endif
#ifdef USE_GCRYPT
int rc = gcry_sexp_build(&c->rsa_key, NULL, "(public-key(rsa(n%s)(e%s)))",
key, "FFFF");
if(!rc)
{
syslog(LOG_ERR, _("gcry_sexp_build error: %d (%s)"),
rc, gcry_strerror(-1));
return -1;
}
#endif
free(key);
return 0;
}
#ifdef USE_OPENSSL
/* Else, check for PublicKeyFile statement and read it */
if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname))
@ -140,22 +162,44 @@ cp
syslog(LOG_ERR, _("No public key for %s specified!"), c->name);
return -1;
}
#endif
#ifdef USE_GCRYPT
syslog(LOG_ERR, _("Only PublicKey statements are supported when using gcrypt for now."));
return -1;
#endif
}
int read_rsa_private_key(void)
{
#ifdef USE_OPENSSL
FILE *fp;
char *fname, *key;
char *fname;
#endif
char *key;
cp
if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key))
{
#ifdef USE_OPENSSL
myself->connection->rsa_key = RSA_new();
BN_hex2bn(&myself->connection->rsa_key->d, key);
BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
#endif
#ifdef USE_GCRYPT
int rc = gcry_sexp_build(&myself->connection->rsa_key, NULL,
"(public-key(rsa(n%s)(e%s)))",
key, "FFFF");
if(!rc)
{
syslog(LOG_ERR, _("gcry_sexp_build error: %d (%s)"),
rc, gcry_strerror(-1));
return -1;
}
#endif
free(key);
return 0;
}
#ifdef USE_OPENSSL
if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname))
asprintf(&fname, "%s/rsa_key.priv", confbase);
@ -182,6 +226,11 @@ cp
free(fname);
return -1;
#endif
#ifdef USE_GCRYPT
syslog(LOG_ERR, _("Only PrivateKey statements are supported when using gcrypt for now."));
return -1;
#endif
}
/*
@ -338,11 +387,23 @@ cp
{
if(!strcasecmp(cipher, "none"))
{
#ifdef USE_OPENSSL
myself->cipher = NULL;
#endif
#ifdef USE_GCRYPT
myself->cipher = gcry_cipher_open(GCRY_CIPHER_NONE, GCRY_CIPHER_MODE_NONE, 0);
#endif
}
else
{
#ifdef USE_OPENSSL
if(!(myself->cipher = EVP_get_cipherbyname(cipher)))
#endif
#ifdef USE_GCRYPT
/* FIXME */
myself->cipher = gcry_cipher_open(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, 0);
if(0)
#endif
{
syslog(LOG_ERR, _("Unrecognized cipher type!"));
return -1;
@ -350,17 +411,42 @@ cp
}
}
else
myself->cipher = EVP_bf_cbc();
{
#ifdef USE_OPENSSL
myself->cipher = EVP_bf_cbc();
#endif
#ifdef USE_GCRYPT
myself->cipher = gcry_cipher_open(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, 0);
#endif
}
#ifdef USE_OPENSSL
if(myself->cipher)
myself->keylength = myself->cipher->key_len + myself->cipher->iv_len;
#endif
#ifdef USE_GCRYPT
if(myself->cipher)
myself->keylength = 16; /* FIXME */
#endif
else
myself->keylength = 1;
#ifdef USE_OPENSSL
myself->connection->outcipher = EVP_bf_ofb();
#endif
#ifdef USE_GCRYPT
/* FIXME: CHANGE this to something like aes - but openssl
compatibility mode for now */
myself->connection->outcipher = gcry_cipher_open(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB, 0);
#endif
#ifdef USE_OPENSSL
myself->key = (char *)xmalloc(myself->keylength);
RAND_pseudo_bytes(myself->key, myself->keylength);
#endif
#ifdef USE_GCYRPT
myself->key = gcry_random_bytes(myself->keylength, GCRY_WEAK_RANDOM);
#endif
if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime))
keylifetime = 3600;
@ -373,11 +459,22 @@ cp
{
if(!strcasecmp(digest, "none"))
{
#ifdef USE_OPENSSL
myself->digest = NULL;
#endif
#ifdef USE_GCRYPT
myself->digest = gcry_md_open(GCRY_MD_NONE, GCRY_MD_FLAG_HMAC);
#endif
}
else
{
#ifdef USE_OPENSSL
if(!(myself->digest = EVP_get_digestbyname(digest)))
#endif
#ifdef USE_GCRYPT
/* FIXME */
if(!(myself->digest = gcry_md_open(GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC)))
#endif
{
syslog(LOG_ERR, _("Unrecognized digest type!"));
return -1;
@ -385,14 +482,25 @@ cp
}
}
else
#ifdef USE_OPENSSL
myself->digest = EVP_sha1();
#endif
#ifdef USE_GCRYPT
myself->digest = gcry_md_open(GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
#endif
#ifdef USE_OPENSSL
myself->connection->outdigest = EVP_sha1();
#endif
#ifdef USE_GCRYPT
myself->connection->outdigest = gcry_md_open(GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC);
#endif
if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->maclength))
{
if(myself->digest)
{
#ifdef USE_OPENSSL
if(myself->maclength > myself->digest->md_size)
{
syslog(LOG_ERR, _("MAC length exceeds size of digest!"));
@ -403,6 +511,11 @@ cp
syslog(LOG_ERR, _("Bogus MAC length!"));
return -1;
}
#endif
#ifdef USE_GCRYPT
/* FIXME */
myself->maclength = 12;
#endif
}
}
else