Import Upstream version 1.1~pre2
This commit is contained in:
parent
a04a7bcd67
commit
02de1cd2f1
172 changed files with 32291 additions and 25994 deletions
280
src/gcrypt/cipher.c
Normal file
280
src/gcrypt/cipher.c
Normal file
|
|
@ -0,0 +1,280 @@
|
|||
/*
|
||||
cipher.c -- Symmetric block cipher handling
|
||||
Copyright (C) 2007 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#include "system.h"
|
||||
|
||||
#include "cipher.h"
|
||||
#include "logger.h"
|
||||
#include "xalloc.h"
|
||||
|
||||
static struct {
|
||||
const char *name;
|
||||
int algo;
|
||||
int mode;
|
||||
int nid;
|
||||
} ciphertable[] = {
|
||||
{"none", GCRY_CIPHER_NONE, GCRY_CIPHER_MODE_NONE, 0},
|
||||
|
||||
{NULL, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_ECB, 92},
|
||||
{"blowfish", GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC, 91},
|
||||
{NULL, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CFB, 93},
|
||||
{NULL, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB, 94},
|
||||
|
||||
{NULL, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, 418},
|
||||
{"aes", GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, 419},
|
||||
{NULL, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CFB, 421},
|
||||
{NULL, GCRY_CIPHER_AES, GCRY_CIPHER_MODE_OFB, 420},
|
||||
|
||||
{NULL, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_ECB, 422},
|
||||
{"aes192", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC, 423},
|
||||
{NULL, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CFB, 425},
|
||||
{NULL, GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_OFB, 424},
|
||||
|
||||
{NULL, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_ECB, 426},
|
||||
{"aes256", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, 427},
|
||||
{NULL, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB, 429},
|
||||
{NULL, GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB, 428},
|
||||
};
|
||||
|
||||
static bool nametocipher(const char *name, int *algo, int *mode) {
|
||||
size_t i;
|
||||
|
||||
for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) {
|
||||
if(ciphertable[i].name && !strcasecmp(name, ciphertable[i].name)) {
|
||||
*algo = ciphertable[i].algo;
|
||||
*mode = ciphertable[i].mode;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
static bool nidtocipher(int nid, int *algo, int *mode) {
|
||||
size_t i;
|
||||
|
||||
for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) {
|
||||
if(nid == ciphertable[i].nid) {
|
||||
*algo = ciphertable[i].algo;
|
||||
*mode = ciphertable[i].mode;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
static bool ciphertonid(int algo, int mode, int *nid) {
|
||||
size_t i;
|
||||
|
||||
for(i = 0; i < sizeof ciphertable / sizeof *ciphertable; i++) {
|
||||
if(algo == ciphertable[i].algo && mode == ciphertable[i].mode) {
|
||||
*nid = ciphertable[i].nid;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
static bool cipher_open(cipher_t *cipher, int algo, int mode) {
|
||||
gcry_error_t err;
|
||||
|
||||
if(!ciphertonid(algo, mode, &cipher->nid)) {
|
||||
logger(LOG_DEBUG, "Cipher %d mode %d has no corresponding nid!", algo, mode);
|
||||
return false;
|
||||
}
|
||||
|
||||
if((err = gcry_cipher_open(&cipher->handle, algo, mode, 0))) {
|
||||
logger(LOG_DEBUG, "Unable to intialise cipher %d mode %d: %s", algo, mode, gcry_strerror(err));
|
||||
return false;
|
||||
}
|
||||
|
||||
cipher->keylen = gcry_cipher_get_algo_keylen(algo);
|
||||
cipher->blklen = gcry_cipher_get_algo_blklen(algo);
|
||||
cipher->key = xmalloc(cipher->keylen + cipher->blklen);
|
||||
cipher->padding = mode == GCRY_CIPHER_MODE_ECB || mode == GCRY_CIPHER_MODE_CBC;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool cipher_open_by_name(cipher_t *cipher, const char *name) {
|
||||
int algo, mode;
|
||||
|
||||
if(!nametocipher(name, &algo, &mode)) {
|
||||
logger(LOG_DEBUG, "Unknown cipher name '%s'!", name);
|
||||
return false;
|
||||
}
|
||||
|
||||
return cipher_open(cipher, algo, mode);
|
||||
}
|
||||
|
||||
bool cipher_open_by_nid(cipher_t *cipher, int nid) {
|
||||
int algo, mode;
|
||||
|
||||
if(!nidtocipher(nid, &algo, &mode)) {
|
||||
logger(LOG_DEBUG, "Unknown cipher ID %d!", nid);
|
||||
return false;
|
||||
}
|
||||
|
||||
return cipher_open(cipher, algo, mode);
|
||||
}
|
||||
|
||||
bool cipher_open_blowfish_ofb(cipher_t *cipher) {
|
||||
return cipher_open(cipher, GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB);
|
||||
}
|
||||
|
||||
void cipher_close(cipher_t *cipher) {
|
||||
if(cipher->handle) {
|
||||
gcry_cipher_close(cipher->handle);
|
||||
cipher->handle = NULL;
|
||||
}
|
||||
|
||||
if(cipher->key) {
|
||||
free(cipher->key);
|
||||
cipher->key = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
size_t cipher_keylength(const cipher_t *cipher) {
|
||||
return cipher->keylen + cipher->blklen;
|
||||
}
|
||||
|
||||
void cipher_get_key(const cipher_t *cipher, void *key) {
|
||||
memcpy(key, cipher->key, cipher->keylen + cipher->blklen);
|
||||
}
|
||||
|
||||
bool cipher_set_key(cipher_t *cipher, void *key, bool encrypt) {
|
||||
memcpy(cipher->key, key, cipher->keylen + cipher->blklen);
|
||||
|
||||
gcry_cipher_setkey(cipher->handle, cipher->key, cipher->keylen);
|
||||
gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool cipher_set_key_from_rsa(cipher_t *cipher, void *key, size_t len, bool encrypt) {
|
||||
memcpy(cipher->key, key + len - cipher->keylen, cipher->keylen + cipher->blklen);
|
||||
memcpy(cipher->key + cipher->keylen, key + len - cipher->keylen - cipher->blklen, cipher->blklen);
|
||||
|
||||
gcry_cipher_setkey(cipher->handle, cipher->key, cipher->keylen);
|
||||
gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool cipher_regenerate_key(cipher_t *cipher, bool encrypt) {
|
||||
gcry_create_nonce(cipher->key, cipher->keylen + cipher->blklen);
|
||||
|
||||
gcry_cipher_setkey(cipher->handle, cipher->key, cipher->keylen);
|
||||
gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) {
|
||||
gcry_error_t err;
|
||||
uint8_t pad[cipher->blklen];
|
||||
|
||||
if(cipher->padding) {
|
||||
if(!oneshot)
|
||||
return false;
|
||||
|
||||
size_t reqlen = ((inlen + cipher->blklen) / cipher->blklen) * cipher->blklen;
|
||||
|
||||
if(*outlen < reqlen) {
|
||||
logger(LOG_ERR, "Error while encrypting: not enough room for padding");
|
||||
return false;
|
||||
}
|
||||
|
||||
uint8_t padbyte = reqlen - inlen;
|
||||
inlen = reqlen - cipher->blklen;
|
||||
|
||||
for(int i = 0; i < cipher->blklen; i++)
|
||||
if(i < cipher->blklen - padbyte)
|
||||
pad[i] = ((uint8_t *)indata)[inlen + i];
|
||||
else
|
||||
pad[i] = padbyte;
|
||||
}
|
||||
|
||||
if(oneshot)
|
||||
gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
|
||||
|
||||
if((err = gcry_cipher_encrypt(cipher->handle, outdata, *outlen, indata, inlen))) {
|
||||
logger(LOG_ERR, "Error while encrypting: %s", gcry_strerror(err));
|
||||
return false;
|
||||
}
|
||||
|
||||
if(cipher->padding) {
|
||||
if((err = gcry_cipher_encrypt(cipher->handle, outdata + inlen, cipher->blklen, pad, cipher->blklen))) {
|
||||
logger(LOG_ERR, "Error while encrypting: %s", gcry_strerror(err));
|
||||
return false;
|
||||
}
|
||||
|
||||
inlen += cipher->blklen;
|
||||
}
|
||||
|
||||
*outlen = inlen;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool cipher_decrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) {
|
||||
gcry_error_t err;
|
||||
|
||||
if(oneshot)
|
||||
gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
|
||||
|
||||
if((err = gcry_cipher_decrypt(cipher->handle, outdata, *outlen, indata, inlen))) {
|
||||
logger(LOG_ERR, "Error while decrypting: %s", gcry_strerror(err));
|
||||
return false;
|
||||
}
|
||||
|
||||
if(cipher->padding) {
|
||||
if(!oneshot)
|
||||
return false;
|
||||
|
||||
uint8_t padbyte = ((uint8_t *)outdata)[inlen - 1];
|
||||
|
||||
if(padbyte == 0 || padbyte > cipher->blklen || padbyte > inlen) {
|
||||
logger(LOG_ERR, "Error while decrypting: invalid padding");
|
||||
return false;
|
||||
}
|
||||
|
||||
size_t origlen = inlen - padbyte;
|
||||
|
||||
for(int i = inlen - 1; i >= origlen; i--)
|
||||
if(((uint8_t *)outdata)[i] != padbyte) {
|
||||
logger(LOG_ERR, "Error while decrypting: invalid padding");
|
||||
return false;
|
||||
}
|
||||
|
||||
*outlen = origlen;
|
||||
} else
|
||||
*outlen = inlen;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
int cipher_get_nid(const cipher_t *cipher) {
|
||||
return cipher->nid;
|
||||
}
|
||||
|
||||
bool cipher_active(const cipher_t *cipher) {
|
||||
return cipher->nid != 0;
|
||||
}
|
||||
52
src/gcrypt/cipher.h
Normal file
52
src/gcrypt/cipher.h
Normal file
|
|
@ -0,0 +1,52 @@
|
|||
/*
|
||||
cipher.h -- header file cipher.c
|
||||
Copyright (C) 2007 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#ifndef __TINC_CIPHER_H__
|
||||
#define __TINC_CIPHER_H__
|
||||
|
||||
#include <gcrypt.h>
|
||||
|
||||
#define CIPHER_MAX_BLOCK_SIZE 32
|
||||
#define CIPHER_MAX_IV_SIZE 16
|
||||
#define CIPHER_MAX_KEY_SIZE 32
|
||||
|
||||
typedef struct cipher {
|
||||
gcry_cipher_hd_t handle;
|
||||
char *key;
|
||||
int nid;
|
||||
uint16_t keylen;
|
||||
uint16_t blklen;
|
||||
bool padding;
|
||||
} cipher_t;
|
||||
|
||||
extern bool cipher_open_by_name(struct cipher *, const char *);
|
||||
extern bool cipher_open_by_nid(struct cipher *, int);
|
||||
extern bool cipher_open_blowfish_ofb(struct cipher *);
|
||||
extern void cipher_close(struct cipher *);
|
||||
extern size_t cipher_keylength(const struct cipher *);
|
||||
extern void cipher_get_key(const struct cipher *, void *);
|
||||
extern bool cipher_set_key(struct cipher *, void *, bool);
|
||||
extern bool cipher_set_key_from_rsa(struct cipher *, void *, size_t, bool);
|
||||
extern bool cipher_regenerate_key(struct cipher *, bool);
|
||||
extern bool cipher_encrypt(struct cipher *, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot);
|
||||
extern bool cipher_decrypt(struct cipher *, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot);
|
||||
extern int cipher_get_nid(const struct cipher *);
|
||||
extern bool cipher_active(const struct cipher *);
|
||||
|
||||
#endif
|
||||
34
src/gcrypt/crypto.c
Normal file
34
src/gcrypt/crypto.c
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
/*
|
||||
crypto.c -- Cryptographic miscellaneous functions and initialisation
|
||||
Copyright (C) 2007 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#include "system.h"
|
||||
|
||||
#include <gcrypt.h>
|
||||
|
||||
#include "crypto.h"
|
||||
|
||||
void crypto_init() {
|
||||
}
|
||||
|
||||
void crypto_exit() {
|
||||
}
|
||||
|
||||
void randomize(void *out, size_t outlen) {
|
||||
gcry_create_nonce(out, outlen);
|
||||
}
|
||||
27
src/gcrypt/crypto.h
Normal file
27
src/gcrypt/crypto.h
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
/*
|
||||
crypto.h -- header for crypto.c
|
||||
Copyright (C) 2007 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#ifndef __TINC_CRYPTO_H__
|
||||
#define __TINC_CRYPTO_H__
|
||||
|
||||
extern void crypto_init();
|
||||
extern void crypto_exit();
|
||||
extern void randomize(void *, size_t);
|
||||
|
||||
#endif
|
||||
173
src/gcrypt/digest.c
Normal file
173
src/gcrypt/digest.c
Normal file
|
|
@ -0,0 +1,173 @@
|
|||
/*
|
||||
digest.c -- Digest handling
|
||||
Copyright (C) 2007 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#include "system.h"
|
||||
|
||||
#include "digest.h"
|
||||
#include "logger.h"
|
||||
|
||||
static struct {
|
||||
const char *name;
|
||||
int algo;
|
||||
int nid;
|
||||
} digesttable[] = {
|
||||
{"none", GCRY_MD_NONE, 0},
|
||||
{"sha1", GCRY_MD_SHA1, 64},
|
||||
{"sha256", GCRY_MD_SHA256, 672},
|
||||
{"sha384", GCRY_MD_SHA384, 673},
|
||||
{"sha512", GCRY_MD_SHA512, 674},
|
||||
};
|
||||
|
||||
static bool nametodigest(const char *name, int *algo) {
|
||||
int i;
|
||||
|
||||
for(i = 0; i < sizeof digesttable / sizeof *digesttable; i++) {
|
||||
if(digesttable[i].name && !strcasecmp(name, digesttable[i].name)) {
|
||||
*algo = digesttable[i].algo;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
static bool nidtodigest(int nid, int *algo) {
|
||||
int i;
|
||||
|
||||
for(i = 0; i < sizeof digesttable / sizeof *digesttable; i++) {
|
||||
if(nid == digesttable[i].nid) {
|
||||
*algo = digesttable[i].algo;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
static bool digesttonid(int algo, int *nid) {
|
||||
int i;
|
||||
|
||||
for(i = 0; i < sizeof digesttable / sizeof *digesttable; i++) {
|
||||
if(algo == digesttable[i].algo) {
|
||||
*nid = digesttable[i].nid;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
static bool digest_open(digest_t *digest, int algo, int maclength) {
|
||||
if(!digesttonid(algo, &digest->nid)) {
|
||||
logger(LOG_DEBUG, "Digest %d has no corresponding nid!", algo);
|
||||
return false;
|
||||
}
|
||||
|
||||
unsigned int len = gcry_md_get_algo_dlen(algo);
|
||||
|
||||
if(maclength > len || maclength < 0)
|
||||
digest->maclength = len;
|
||||
else
|
||||
digest->maclength = maclength;
|
||||
|
||||
digest->algo = algo;
|
||||
digest->hmac = NULL;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool digest_open_by_name(digest_t *digest, const char *name, int maclength) {
|
||||
int algo;
|
||||
|
||||
if(!nametodigest(name, &algo)) {
|
||||
logger(LOG_DEBUG, "Unknown digest name '%s'!", name);
|
||||
return false;
|
||||
}
|
||||
|
||||
return digest_open(digest, algo, maclength);
|
||||
}
|
||||
|
||||
bool digest_open_by_nid(digest_t *digest, int nid, int maclength) {
|
||||
int algo;
|
||||
|
||||
if(!nidtodigest(nid, &algo)) {
|
||||
logger(LOG_DEBUG, "Unknown digest ID %d!", nid);
|
||||
return false;
|
||||
}
|
||||
|
||||
return digest_open(digest, algo, maclength);
|
||||
}
|
||||
|
||||
bool digest_open_sha1(digest_t *digest, int maclength) {
|
||||
return digest_open(digest, GCRY_MD_SHA1, maclength);
|
||||
}
|
||||
|
||||
void digest_close(digest_t *digest) {
|
||||
if(digest->hmac)
|
||||
gcry_md_close(digest->hmac);
|
||||
digest->hmac = NULL;
|
||||
}
|
||||
|
||||
bool digest_set_key(digest_t *digest, const void *key, size_t len) {
|
||||
if(!digest->hmac)
|
||||
gcry_md_open(&digest->hmac, digest->algo, GCRY_MD_FLAG_HMAC);
|
||||
if(!digest->hmac)
|
||||
return false;
|
||||
|
||||
return !gcry_md_setkey(digest->hmac, key, len);
|
||||
}
|
||||
|
||||
bool digest_create(digest_t *digest, const void *indata, size_t inlen, void *outdata) {
|
||||
unsigned int len = gcry_md_get_algo_dlen(digest->algo);
|
||||
|
||||
if(digest->hmac) {
|
||||
char *tmpdata;
|
||||
gcry_md_reset(digest->hmac);
|
||||
gcry_md_write(digest->hmac, indata, inlen);
|
||||
tmpdata = gcry_md_read(digest->hmac, digest->algo);
|
||||
if(!tmpdata)
|
||||
return false;
|
||||
memcpy(outdata, tmpdata, digest->maclength);
|
||||
} else {
|
||||
char tmpdata[len];
|
||||
gcry_md_hash_buffer(digest->algo, tmpdata, indata, inlen);
|
||||
memcpy(outdata, tmpdata, digest->maclength);
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool digest_verify(digest_t *digest, const void *indata, size_t inlen, const void *cmpdata) {
|
||||
unsigned int len = digest->maclength;
|
||||
char outdata[len];
|
||||
|
||||
return digest_create(digest, indata, inlen, outdata) && !memcmp(cmpdata, outdata, len);
|
||||
}
|
||||
|
||||
int digest_get_nid(const digest_t *digest) {
|
||||
return digest->nid;
|
||||
}
|
||||
|
||||
size_t digest_length(const digest_t *digest) {
|
||||
return digest->maclength;
|
||||
}
|
||||
|
||||
bool digest_active(const digest_t *digest) {
|
||||
return digest->algo != GCRY_MD_NONE;
|
||||
}
|
||||
45
src/gcrypt/digest.h
Normal file
45
src/gcrypt/digest.h
Normal file
|
|
@ -0,0 +1,45 @@
|
|||
/*
|
||||
digest.h -- header file digest.c
|
||||
Copyright (C) 2007 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#ifndef __TINC_DIGEST_H__
|
||||
#define __TINC_DIGEST_H__
|
||||
|
||||
#include <gcrypt.h>
|
||||
|
||||
#define DIGEST_MAX_SIZE 64
|
||||
|
||||
typedef struct digest {
|
||||
int algo;
|
||||
int nid;
|
||||
int maclength;
|
||||
gcry_md_hd_t hmac;
|
||||
} digest_t;
|
||||
|
||||
extern bool digest_open_by_name(struct digest *, const char *name, int maclength);
|
||||
extern bool digest_open_by_nid(struct digest *, int nid, int maclength);
|
||||
extern bool digest_open_sha1(struct digest *, int maclength);
|
||||
extern void digest_close(struct digest *);
|
||||
extern bool digest_create(struct digest *, const void *indata, size_t inlen, void *outdata);
|
||||
extern bool digest_verify(struct digest *, const void *indata, size_t inlen, const void *digestdata);
|
||||
extern bool digest_set_key(struct digest *, const void *key, size_t len);
|
||||
extern int digest_get_nid(const struct digest *);
|
||||
extern size_t digest_length(const struct digest *);
|
||||
extern bool digest_active(const struct digest *);
|
||||
|
||||
#endif
|
||||
302
src/gcrypt/rsa.c
Normal file
302
src/gcrypt/rsa.c
Normal file
|
|
@ -0,0 +1,302 @@
|
|||
/*
|
||||
rsa.c -- RSA key handling
|
||||
Copyright (C) 2007 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#include "system.h"
|
||||
|
||||
#include <gcrypt.h>
|
||||
|
||||
#include "logger.h"
|
||||
#include "rsa.h"
|
||||
|
||||
// Base64 decoding table
|
||||
|
||||
static const uint8_t b64d[128] = {
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f,
|
||||
0x34, 0x35, 0x36, 0x37, 0x38, 0x39,
|
||||
0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
|
||||
0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
|
||||
0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
|
||||
0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12,
|
||||
0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
|
||||
0x19, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
|
||||
0x1f, 0x20, 0x21, 0x22, 0x23, 0x24,
|
||||
0x25, 0x26, 0x27, 0x28, 0x29, 0x2a,
|
||||
0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
|
||||
0x31, 0x32, 0x33, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff
|
||||
};
|
||||
|
||||
// PEM encoding/decoding functions
|
||||
|
||||
static bool pem_decode(FILE *fp, const char *header, uint8_t *buf, size_t size, size_t *outsize) {
|
||||
bool decode = false;
|
||||
char line[1024];
|
||||
uint16_t word = 0;
|
||||
int shift = 10;
|
||||
size_t i, j = 0;
|
||||
|
||||
while(!feof(fp)) {
|
||||
if(!fgets(line, sizeof line, fp))
|
||||
return false;
|
||||
|
||||
if(!decode && !strncmp(line, "-----BEGIN ", 11)) {
|
||||
if(!strncmp(line + 11, header, strlen(header)))
|
||||
decode = true;
|
||||
continue;
|
||||
}
|
||||
|
||||
if(decode && !strncmp(line, "-----END", 8)) {
|
||||
break;
|
||||
}
|
||||
|
||||
if(!decode)
|
||||
continue;
|
||||
|
||||
for(i = 0; line[i] >= ' '; i++) {
|
||||
if((signed char)line[i] < 0 || b64d[(int)line[i]] == 0xff)
|
||||
break;
|
||||
word |= b64d[(int)line[i]] << shift;
|
||||
shift -= 6;
|
||||
if(shift <= 2) {
|
||||
if(j > size) {
|
||||
errno = ENOMEM;
|
||||
return false;
|
||||
}
|
||||
|
||||
buf[j++] = word >> 8;
|
||||
word <<= 8;
|
||||
shift += 8;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(outsize)
|
||||
*outsize = j;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
// BER decoding functions
|
||||
|
||||
static int ber_read_id(unsigned char **p, size_t *buflen) {
|
||||
if(*buflen <= 0)
|
||||
return -1;
|
||||
|
||||
if((**p & 0x1f) == 0x1f) {
|
||||
int id = 0;
|
||||
bool more;
|
||||
while(*buflen > 0) {
|
||||
id <<= 7;
|
||||
id |= **p & 0x7f;
|
||||
more = *(*p)++ & 0x80;
|
||||
(*buflen)--;
|
||||
if(!more)
|
||||
break;
|
||||
}
|
||||
return id;
|
||||
} else {
|
||||
(*buflen)--;
|
||||
return *(*p)++ & 0x1f;
|
||||
}
|
||||
}
|
||||
|
||||
static size_t ber_read_len(unsigned char **p, size_t *buflen) {
|
||||
if(*buflen <= 0)
|
||||
return -1;
|
||||
|
||||
if(**p & 0x80) {
|
||||
size_t result = 0;
|
||||
int len = *(*p)++ & 0x7f;
|
||||
(*buflen)--;
|
||||
if(len > *buflen)
|
||||
return 0;
|
||||
|
||||
while(len--) {
|
||||
result <<= 8;
|
||||
result |= *(*p)++;
|
||||
(*buflen)--;
|
||||
}
|
||||
|
||||
return result;
|
||||
} else {
|
||||
(*buflen)--;
|
||||
return *(*p)++;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static bool ber_read_sequence(unsigned char **p, size_t *buflen, size_t *result) {
|
||||
int tag = ber_read_id(p, buflen);
|
||||
size_t len = ber_read_len(p, buflen);
|
||||
|
||||
if(tag == 0x10) {
|
||||
if(result)
|
||||
*result = len;
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
static bool ber_read_mpi(unsigned char **p, size_t *buflen, gcry_mpi_t *mpi) {
|
||||
int tag = ber_read_id(p, buflen);
|
||||
size_t len = ber_read_len(p, buflen);
|
||||
gcry_error_t err = 0;
|
||||
|
||||
if(tag != 0x02 || len > *buflen)
|
||||
return false;
|
||||
|
||||
if(mpi)
|
||||
err = gcry_mpi_scan(mpi, GCRYMPI_FMT_USG, *p, len, NULL);
|
||||
|
||||
*p += len;
|
||||
*buflen -= len;
|
||||
|
||||
return mpi ? !err : true;
|
||||
}
|
||||
|
||||
bool rsa_set_hex_public_key(rsa_t *rsa, char *n, char *e) {
|
||||
gcry_error_t err = 0;
|
||||
|
||||
err = gcry_mpi_scan(&rsa->n, GCRYMPI_FMT_HEX, n, 0, NULL)
|
||||
?: gcry_mpi_scan(&rsa->e, GCRYMPI_FMT_HEX, e, 0, NULL);
|
||||
|
||||
if(err) {
|
||||
logger(LOG_ERR, "Error while reading RSA public key: %s", gcry_strerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool rsa_set_hex_private_key(rsa_t *rsa, char *n, char *e, char *d) {
|
||||
gcry_error_t err = 0;
|
||||
|
||||
err = gcry_mpi_scan(&rsa->n, GCRYMPI_FMT_HEX, n, 0, NULL)
|
||||
?: gcry_mpi_scan(&rsa->e, GCRYMPI_FMT_HEX, e, 0, NULL)
|
||||
?: gcry_mpi_scan(&rsa->d, GCRYMPI_FMT_HEX, d, 0, NULL);
|
||||
|
||||
if(err) {
|
||||
logger(LOG_ERR, "Error while reading RSA public key: %s", gcry_strerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
// Read PEM RSA keys
|
||||
|
||||
bool rsa_read_pem_public_key(rsa_t *rsa, FILE *fp) {
|
||||
uint8_t derbuf[8096], *derp = derbuf;
|
||||
size_t derlen;
|
||||
|
||||
if(!pem_decode(fp, "RSA PUBLIC KEY", derbuf, sizeof derbuf, &derlen)) {
|
||||
logger(LOG_ERR, "Unable to read RSA public key: %s", strerror(errno));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if(!ber_read_sequence(&derp, &derlen, NULL)
|
||||
|| !ber_read_mpi(&derp, &derlen, &rsa->n)
|
||||
|| !ber_read_mpi(&derp, &derlen, &rsa->e)
|
||||
|| derlen) {
|
||||
logger(LOG_ERR, "Error while decoding RSA public key");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool rsa_read_pem_private_key(rsa_t *rsa, FILE *fp) {
|
||||
uint8_t derbuf[8096], *derp = derbuf;
|
||||
size_t derlen;
|
||||
|
||||
if(!pem_decode(fp, "RSA PRIVATE KEY", derbuf, sizeof derbuf, &derlen)) {
|
||||
logger(LOG_ERR, "Unable to read RSA private key: %s", strerror(errno));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if(!ber_read_sequence(&derp, &derlen, NULL)
|
||||
|| !ber_read_mpi(&derp, &derlen, NULL)
|
||||
|| !ber_read_mpi(&derp, &derlen, &rsa->n)
|
||||
|| !ber_read_mpi(&derp, &derlen, &rsa->e)
|
||||
|| !ber_read_mpi(&derp, &derlen, &rsa->d)
|
||||
|| !ber_read_mpi(&derp, &derlen, NULL) // p
|
||||
|| !ber_read_mpi(&derp, &derlen, NULL) // q
|
||||
|| !ber_read_mpi(&derp, &derlen, NULL)
|
||||
|| !ber_read_mpi(&derp, &derlen, NULL)
|
||||
|| !ber_read_mpi(&derp, &derlen, NULL) // u
|
||||
|| derlen) {
|
||||
logger(LOG_ERR, "Error while decoding RSA private key");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
size_t rsa_size(rsa_t *rsa) {
|
||||
return (gcry_mpi_get_nbits(rsa->n) + 7) / 8;
|
||||
}
|
||||
|
||||
/* Well, libgcrypt has functions to handle RSA keys, but they suck.
|
||||
* So we just use libgcrypt's mpi functions, and do the math ourselves.
|
||||
*/
|
||||
|
||||
// TODO: get rid of this macro, properly clean up gcry_ structures after use
|
||||
#define check(foo) { gcry_error_t err = (foo); if(err) {logger(LOG_ERR, "gcrypt error %s/%s at %s:%d", gcry_strsource(err), gcry_strerror(err), __FILE__, __LINE__); return false; }}
|
||||
|
||||
bool rsa_public_encrypt(rsa_t *rsa, void *in, size_t len, void *out) {
|
||||
gcry_mpi_t inmpi;
|
||||
check(gcry_mpi_scan(&inmpi, GCRYMPI_FMT_USG, in, len, NULL));
|
||||
|
||||
gcry_mpi_t outmpi = gcry_mpi_new(len * 8);
|
||||
gcry_mpi_powm(outmpi, inmpi, rsa->e, rsa->n);
|
||||
|
||||
int pad = len - (gcry_mpi_get_nbits(outmpi) + 7) / 8;
|
||||
while(pad--)
|
||||
*(char *)out++ = 0;
|
||||
|
||||
check(gcry_mpi_print(GCRYMPI_FMT_USG, out,len, NULL, outmpi));
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool rsa_private_decrypt(rsa_t *rsa, void *in, size_t len, void *out) {
|
||||
gcry_mpi_t inmpi;
|
||||
check(gcry_mpi_scan(&inmpi, GCRYMPI_FMT_USG, in, len, NULL));
|
||||
|
||||
gcry_mpi_t outmpi = gcry_mpi_new(len * 8);
|
||||
gcry_mpi_powm(outmpi, inmpi, rsa->d, rsa->n);
|
||||
|
||||
int pad = len - (gcry_mpi_get_nbits(outmpi) + 7) / 8;
|
||||
while(pad--)
|
||||
*(char *)out++ = 0;
|
||||
|
||||
check(gcry_mpi_print(GCRYMPI_FMT_USG, out,len, NULL, outmpi));
|
||||
|
||||
return true;
|
||||
}
|
||||
39
src/gcrypt/rsa.h
Normal file
39
src/gcrypt/rsa.h
Normal file
|
|
@ -0,0 +1,39 @@
|
|||
/*
|
||||
rsa.h -- RSA key handling
|
||||
Copyright (C) 2007 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#ifndef __TINC_RSA_H__
|
||||
#define __TINC_RSA_H__
|
||||
|
||||
#include <gcrypt.h>
|
||||
|
||||
typedef struct rsa {
|
||||
gcry_mpi_t n;
|
||||
gcry_mpi_t e;
|
||||
gcry_mpi_t d;
|
||||
} rsa_t;
|
||||
|
||||
extern bool rsa_set_hex_public_key(rsa_t *rsa, char *n, char *e);
|
||||
extern bool rsa_set_hex_private_key(rsa_t *rsa, char *n, char *e, char *d);
|
||||
extern bool rsa_read_pem_public_key(rsa_t *rsa, FILE *fp);
|
||||
extern bool rsa_read_pem_private_key(rsa_t *rsa, FILE *fp);
|
||||
extern size_t rsa_size(rsa_t *rsa);
|
||||
extern bool rsa_public_encrypt(rsa_t *rsa, void *in, size_t len, void *out);
|
||||
extern bool rsa_private_decrypt(rsa_t *rsa, void *in, size_t len, void *out);
|
||||
|
||||
#endif
|
||||
220
src/gcrypt/rsagen.c
Normal file
220
src/gcrypt/rsagen.c
Normal file
|
|
@ -0,0 +1,220 @@
|
|||
/*
|
||||
rsagen.c -- RSA key generation and export
|
||||
Copyright (C) 2008 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#include "system.h"
|
||||
|
||||
#include <gcrypt.h>
|
||||
|
||||
#include "rsagen.h"
|
||||
|
||||
#if 0
|
||||
// Base64 encoding table
|
||||
|
||||
static const char b64e[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
|
||||
|
||||
// PEM encoding
|
||||
|
||||
static bool pem_encode(FILE *fp, const char *header, uint8_t *buf, size_t size) {
|
||||
bool decode = false;
|
||||
char line[1024];
|
||||
uint32_t word = 0;
|
||||
int shift = 0;
|
||||
size_t i, j = 0;
|
||||
|
||||
fprintf(fp, "-----BEGIN %s-----\n", header);
|
||||
|
||||
for(i = 0; i < size; i += 3) {
|
||||
if(i <= size - 3) {
|
||||
word = buf[i] << 16 | buf[i + 1] << 8 | buf[i + 2];
|
||||
} else {
|
||||
word = buf[i] << 16;
|
||||
if(i == size - 2)
|
||||
word |= buf[i + 1] << 8;
|
||||
}
|
||||
|
||||
line[j++] = b64e[(word >> 18) ];
|
||||
line[j++] = b64e[(word >> 12) & 0x3f];
|
||||
line[j++] = b64e[(word >> 6) & 0x3f];
|
||||
line[j++] = b64e[(word ) & 0x3f];
|
||||
|
||||
if(j >= 64) {
|
||||
line[j++] = '\n';
|
||||
line[j] = 0;
|
||||
fputs(line, fp);
|
||||
j = 0;
|
||||
}
|
||||
}
|
||||
|
||||
if(size % 3 > 0) {
|
||||
if(size % 3 > 1)
|
||||
line[j++] = '=';
|
||||
line[j++] = '=';
|
||||
}
|
||||
|
||||
if(j) {
|
||||
line[j++] = '\n';
|
||||
line[j] = 0;
|
||||
fputs(line, fp);
|
||||
}
|
||||
|
||||
fprintf(fp, "-----END %s-----\n", header);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
// BER encoding functions
|
||||
|
||||
static bool ber_write_id(uint8_t **p, size_t *buflen, int id) {
|
||||
if(*buflen <= 0)
|
||||
return false;
|
||||
|
||||
if(id >= 0x1f) {
|
||||
while(id) {
|
||||
if(*buflen <= 0)
|
||||
return false;
|
||||
|
||||
(*buflen)--;
|
||||
**p = id & 0x7f;
|
||||
id >>= 7;
|
||||
if(id)
|
||||
**p |= 0x80;
|
||||
(*p)++;
|
||||
}
|
||||
} else {
|
||||
(*buflen)--;
|
||||
*(*p)++ = id;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool ber_write_len(uint8_t **p, size_t *buflen, size_t len) {
|
||||
do {
|
||||
if(*buflen <= 0)
|
||||
return false;
|
||||
|
||||
(*buflen)--;
|
||||
**p = len & 0x7f;
|
||||
len >>= 7;
|
||||
if(len)
|
||||
**p |= 0x80;
|
||||
(*p)++;
|
||||
} while(len);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool ber_write_sequence(uint8_t **p, size_t *buflen, uint8_t *seqbuf, size_t seqlen) {
|
||||
if(!ber_write_id(p, buflen, 0x10) || !ber_write_len(p, buflen, seqlen) || *buflen < seqlen)
|
||||
return false;
|
||||
|
||||
memcpy(*p, seqbuf, seqlen);
|
||||
*p += seqlen;
|
||||
*buflen -= seqlen;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool ber_write_mpi(uint8_t **p, size_t *buflen, gcry_mpi_t mpi) {
|
||||
uint8_t tmpbuf[1024];
|
||||
size_t tmplen = sizeof tmpbuf;
|
||||
gcry_error_t err;
|
||||
|
||||
err = gcry_mpi_aprint(GCRYMPI_FMT_USG, &tmpbuf, &tmplen, mpi);
|
||||
if(err)
|
||||
return false;
|
||||
|
||||
if(!ber_write_id(p, buflen, 0x02) || !ber_write_len(p, buflen, tmplen) || *buflen < tmplen)
|
||||
return false;
|
||||
|
||||
memcpy(*p, tmpbuf, tmplen);
|
||||
*p += tmplen;
|
||||
*buflen -= tmplen;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
// Write PEM RSA keys
|
||||
|
||||
bool rsa_write_pem_public_key(rsa_t *rsa, FILE *fp) {
|
||||
uint8_t derbuf1[8096];
|
||||
uint8_t derbuf2[8096];
|
||||
uint8_t *derp1 = derbuf1;
|
||||
uint8_t *derp2 = derbuf2;
|
||||
size_t derlen1 = sizeof derbuf1;
|
||||
size_t derlen2 = sizeof derbuf2;
|
||||
|
||||
if(!ber_write_mpi(&derp1, &derlen1, &rsa->n)
|
||||
|| !ber_write_mpi(&derp1, &derlen1, &rsa->e)
|
||||
|| !ber_write_sequence(&derp2, &derlen2, derbuf1, derlen1)) {
|
||||
logger(LOG_ERR, "Error while encoding RSA public key");
|
||||
return false;
|
||||
}
|
||||
|
||||
if(!pem_encode(fp, "RSA PUBLIC KEY", derbuf2, derlen2)) {
|
||||
logger(LOG_ERR, "Unable to write RSA public key: %s", strerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool rsa_write_pem_private_key(rsa_t *rsa, FILE *fp) {
|
||||
uint8_t derbuf1[8096];
|
||||
uint8_t derbuf2[8096];
|
||||
uint8_t *derp1 = derbuf1;
|
||||
uint8_t *derp2 = derbuf2;
|
||||
size_t derlen1 = sizeof derbuf1;
|
||||
size_t derlen2 = sizeof derbuf2;
|
||||
|
||||
if(!ber_write_mpi(&derp1, &derlen1, &bits)
|
||||
|| ber_write_mpi(&derp1, &derlen1, &rsa->n) // modulus
|
||||
|| ber_write_mpi(&derp1, &derlen1, &rsa->e) // public exponent
|
||||
|| ber_write_mpi(&derp1, &derlen1, &rsa->d) // private exponent
|
||||
|| ber_write_mpi(&derp1, &derlen1, &p)
|
||||
|| ber_write_mpi(&derp1, &derlen1, &q)
|
||||
|| ber_write_mpi(&derp1, &derlen1, &exp1)
|
||||
|| ber_write_mpi(&derp1, &derlen1, &exp2)
|
||||
|| ber_write_mpi(&derp1, &derlen1, &coeff))
|
||||
logger(LOG_ERR, "Error while encoding RSA private key");
|
||||
return false;
|
||||
}
|
||||
|
||||
if(!pem_encode(fp, "RSA PRIVATE KEY", derbuf2, derlen2)) {
|
||||
logger(LOG_ERR, "Unable to write RSA private key: %s", strerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
#endif
|
||||
|
||||
bool rsa_write_pem_public_key(rsa_t *rsa, FILE *fp) {
|
||||
return false;
|
||||
}
|
||||
|
||||
bool rsa_write_pem_private_key(rsa_t *rsa, FILE *fp) {
|
||||
return false;
|
||||
}
|
||||
|
||||
bool rsa_generate(rsa_t *rsa, size_t bits, unsigned long exponent) {
|
||||
fprintf(stderr, "Generating RSA keys with libgcrypt not implemented yet\n");
|
||||
return false;
|
||||
}
|
||||
29
src/gcrypt/rsagen.h
Normal file
29
src/gcrypt/rsagen.h
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
/*
|
||||
rsagen.h -- RSA key generation and export
|
||||
Copyright (C) 2008 Guus Sliepen <guus@tinc-vpn.org>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#ifndef __TINC_RSAGEN_H__
|
||||
#define __TINC_RSAGEN_H__
|
||||
|
||||
#include "rsa.h"
|
||||
|
||||
extern bool rsa_generate(rsa_t *rsa, size_t bits, unsigned long exponent);
|
||||
extern bool rsa_write_pem_public_key(rsa_t *rsa, FILE *fp);
|
||||
extern bool rsa_write_pem_private_key(rsa_t *rsa, FILE *fp);
|
||||
|
||||
#endif
|
||||
Loading…
Add table
Add a link
Reference in a new issue