keypair: Add routines to generate and verify a keypair

This is needed in order to replace curvetun's routines.

Signed-off-by: Daniel Borkmann <dborkman@redhat.com>

5 files changed, 90 insertions, 0 deletions

diff --git a/config.h b/config.h
new file mode 100644
index 0000000..a73edd5
--- /dev/null
+++ b/config.h
@@ -0,0 +1,10 @@
+#ifndef CONFIG_H
+#define CONFIG_H
+
+#define FILE_CLIENTS	".curvetun/clients"
+#define FILE_SERVERS	".curvetun/servers"
+#define FILE_PRIVKEY	".curvetun/priv.key"
+#define FILE_PUBKEY	".curvetun/pub.key"
+#define FILE_USERNAM	".curvetun/username"
+
+#endif /* CONFIG_H */
diff --git a/crypto.h b/crypto.h
index 2c3fac3..d06da00 100644
--- a/crypto.h
+++ b/crypto.h
@@ -15,5 +15,6 @@
 #define crypto_box_afternm		crypto_box_curve25519xsalsa20poly1305_afternm
 #define crypto_box_open_afternm		crypto_box_curve25519xsalsa20poly1305_open_afternm
 #define crypto_box_pub_key_size		crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES
+#define crypto_box_sec_key_size		crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES
 
 #endif /* CRYPTO_H */
diff --git a/curvetun/Makefile b/curvetun/Makefile
index 8ae6291..f13c8c7 100644
--- a/curvetun/Makefile
+++ b/curvetun/Makefile
@@ -16,6 +16,7 @@ curvetun-objs =	xmalloc.o \
 		rnd.o \
 		curve.o \
 		cookie.o \
+		keypair.o \
 		ioexact.o \
 		ioops.o \
 		cpusched.o \
diff --git a/keypair.c b/keypair.c
new file mode 100644
index 0000000..e61482c
--- /dev/null
+++ b/keypair.c
@@ -0,0 +1,71 @@
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <stdio.h>
+
+#include "rnd.h"
+#include "die.h"
+#include "str.h"
+#include "crypto.h"
+#include "ioops.h"
+#include "config.h"
+#include "keypair.h"
+
+void generate_keypair(void)
+{
+	struct passwd *pw = getpwuid(getuid());
+	unsigned char publickey[crypto_box_pub_key_size];
+	unsigned char secretkey[crypto_box_sec_key_size];
+	char file[128];
+
+	xmemset(publickey, 0, sizeof(publickey));
+	xmemset(secretkey, 0, sizeof(secretkey));
+
+	printf("Reading from %s (this may take a while) ...\n",
+	       HIG_ENTROPY_SOURCE);
+
+	gen_key_bytes(secretkey, sizeof(secretkey));
+	crypto_scalarmult_curve25519_base(publickey, secretkey);
+
+	slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PUBKEY);
+	write_blob_or_die(file, publickey, sizeof(publickey));
+	printf("Public key written to %s!\n", file);
+
+	slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PRIVKEY);
+	write_blob_or_die(file, secretkey, sizeof(secretkey));
+	printf("Secret key written to %s!\n", file);
+
+	xmemset(publickey, 0, sizeof(publickey));
+	xmemset(secretkey, 0, sizeof(secretkey));
+}
+
+void verify_keypair(void)
+{
+	int result;
+	struct passwd *pw = getpwuid(getuid());
+	unsigned char publickey[crypto_box_pub_key_size];
+	unsigned char publicres[crypto_box_pub_key_size];
+	unsigned char secretkey[crypto_box_sec_key_size];
+	char file[128];
+
+	xmemset(publickey, 0, sizeof(publickey));
+	xmemset(publicres, 0, sizeof(publicres));
+	xmemset(secretkey, 0, sizeof(secretkey));
+
+	slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PUBKEY);
+	read_blob_or_die(file, publickey, sizeof(publickey));
+
+	slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PRIVKEY);
+	read_blob_or_die(file, secretkey, sizeof(secretkey));
+
+	crypto_scalarmult_curve25519_base(publicres, secretkey);
+	result = crypto_verify_32(publicres, publickey);
+
+	xmemset(publickey, 0, sizeof(publickey));
+	xmemset(publicres, 0, sizeof(publicres));
+	xmemset(secretkey, 0, sizeof(secretkey));
+
+	if (result)
+		panic("Keypair is corrupt! You need to regenerate!\n");
+}
diff --git a/keypair.h b/keypair.h
new file mode 100644
index 0000000..f65a88c
--- /dev/null
+++ b/keypair.h
@@ -0,0 +1,7 @@
+#ifndef KEYPAIR_H
+#define KEYPAIR_H
+
+extern void generate_keypair(void);
+extern void verify_keypair(void);
+
+#endif /* KEYPAIR_H */