diff options
| author | Daniel Borkmann <dborkman@redhat.com> | 2013-06-04 14:05:28 +0200 |
|---|---|---|
| committer | Daniel Borkmann <dborkman@redhat.com> | 2013-06-04 14:08:17 +0200 |
| commit | f712d7a28192cbfcde5845d0c2e78fefd7386273 (patch) | |
| tree | 1b190d1617389ada0bf3c94f77d73d6f612a9021 /keypair.c | |
| parent | c19bbb5083376a7941e2ea4607ee5e90ecfb5cde (diff) | |
keypair: Add routines to generate and verify a keypair
This is needed in order to replace curvetun's routines.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Diffstat (limited to 'keypair.c')
| -rw-r--r-- | keypair.c | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/keypair.c b/keypair.c new file mode 100644 index 0000000..e61482c --- /dev/null +++ b/keypair.c @@ -0,0 +1,71 @@ +#include <string.h> +#include <unistd.h> +#include <sys/types.h> +#include <pwd.h> +#include <stdio.h> + +#include "rnd.h" +#include "die.h" +#include "str.h" +#include "crypto.h" +#include "ioops.h" +#include "config.h" +#include "keypair.h" + +void generate_keypair(void) +{ + struct passwd *pw = getpwuid(getuid()); + unsigned char publickey[crypto_box_pub_key_size]; + unsigned char secretkey[crypto_box_sec_key_size]; + char file[128]; + + xmemset(publickey, 0, sizeof(publickey)); + xmemset(secretkey, 0, sizeof(secretkey)); + + printf("Reading from %s (this may take a while) ...\n", + HIG_ENTROPY_SOURCE); + + gen_key_bytes(secretkey, sizeof(secretkey)); + crypto_scalarmult_curve25519_base(publickey, secretkey); + + slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PUBKEY); + write_blob_or_die(file, publickey, sizeof(publickey)); + printf("Public key written to %s!\n", file); + + slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PRIVKEY); + write_blob_or_die(file, secretkey, sizeof(secretkey)); + printf("Secret key written to %s!\n", file); + + xmemset(publickey, 0, sizeof(publickey)); + xmemset(secretkey, 0, sizeof(secretkey)); +} + +void verify_keypair(void) +{ + int result; + struct passwd *pw = getpwuid(getuid()); + unsigned char publickey[crypto_box_pub_key_size]; + unsigned char publicres[crypto_box_pub_key_size]; + unsigned char secretkey[crypto_box_sec_key_size]; + char file[128]; + + xmemset(publickey, 0, sizeof(publickey)); + xmemset(publicres, 0, sizeof(publicres)); + xmemset(secretkey, 0, sizeof(secretkey)); + + slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PUBKEY); + read_blob_or_die(file, publickey, sizeof(publickey)); + + slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PRIVKEY); + read_blob_or_die(file, secretkey, sizeof(secretkey)); + + crypto_scalarmult_curve25519_base(publicres, secretkey); + result = crypto_verify_32(publicres, publickey); + + xmemset(publickey, 0, sizeof(publickey)); + xmemset(publicres, 0, sizeof(publicres)); + xmemset(secretkey, 0, sizeof(secretkey)); + + if (result) + panic("Keypair is corrupt! You need to regenerate!\n"); +} |