diff options
-rw-r--r-- | config.h | 10 | ||||
-rw-r--r-- | crypto.h | 1 | ||||
-rw-r--r-- | curvetun/Makefile | 1 | ||||
-rw-r--r-- | keypair.c | 71 | ||||
-rw-r--r-- | keypair.h | 7 |
5 files changed, 90 insertions, 0 deletions
diff --git a/config.h b/config.h new file mode 100644 index 0000000..a73edd5 --- /dev/null +++ b/config.h @@ -0,0 +1,10 @@ +#ifndef CONFIG_H +#define CONFIG_H + +#define FILE_CLIENTS ".curvetun/clients" +#define FILE_SERVERS ".curvetun/servers" +#define FILE_PRIVKEY ".curvetun/priv.key" +#define FILE_PUBKEY ".curvetun/pub.key" +#define FILE_USERNAM ".curvetun/username" + +#endif /* CONFIG_H */ @@ -15,5 +15,6 @@ #define crypto_box_afternm crypto_box_curve25519xsalsa20poly1305_afternm #define crypto_box_open_afternm crypto_box_curve25519xsalsa20poly1305_open_afternm #define crypto_box_pub_key_size crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES +#define crypto_box_sec_key_size crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES #endif /* CRYPTO_H */ diff --git a/curvetun/Makefile b/curvetun/Makefile index 8ae6291..f13c8c7 100644 --- a/curvetun/Makefile +++ b/curvetun/Makefile @@ -16,6 +16,7 @@ curvetun-objs = xmalloc.o \ rnd.o \ curve.o \ cookie.o \ + keypair.o \ ioexact.o \ ioops.o \ cpusched.o \ diff --git a/keypair.c b/keypair.c new file mode 100644 index 0000000..e61482c --- /dev/null +++ b/keypair.c @@ -0,0 +1,71 @@ +#include <string.h> +#include <unistd.h> +#include <sys/types.h> +#include <pwd.h> +#include <stdio.h> + +#include "rnd.h" +#include "die.h" +#include "str.h" +#include "crypto.h" +#include "ioops.h" +#include "config.h" +#include "keypair.h" + +void generate_keypair(void) +{ + struct passwd *pw = getpwuid(getuid()); + unsigned char publickey[crypto_box_pub_key_size]; + unsigned char secretkey[crypto_box_sec_key_size]; + char file[128]; + + xmemset(publickey, 0, sizeof(publickey)); + xmemset(secretkey, 0, sizeof(secretkey)); + + printf("Reading from %s (this may take a while) ...\n", + HIG_ENTROPY_SOURCE); + + gen_key_bytes(secretkey, sizeof(secretkey)); + crypto_scalarmult_curve25519_base(publickey, secretkey); + + slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PUBKEY); + write_blob_or_die(file, publickey, sizeof(publickey)); + printf("Public key written to %s!\n", file); + + slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PRIVKEY); + write_blob_or_die(file, secretkey, sizeof(secretkey)); + printf("Secret key written to %s!\n", file); + + xmemset(publickey, 0, sizeof(publickey)); + xmemset(secretkey, 0, sizeof(secretkey)); +} + +void verify_keypair(void) +{ + int result; + struct passwd *pw = getpwuid(getuid()); + unsigned char publickey[crypto_box_pub_key_size]; + unsigned char publicres[crypto_box_pub_key_size]; + unsigned char secretkey[crypto_box_sec_key_size]; + char file[128]; + + xmemset(publickey, 0, sizeof(publickey)); + xmemset(publicres, 0, sizeof(publicres)); + xmemset(secretkey, 0, sizeof(secretkey)); + + slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PUBKEY); + read_blob_or_die(file, publickey, sizeof(publickey)); + + slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PRIVKEY); + read_blob_or_die(file, secretkey, sizeof(secretkey)); + + crypto_scalarmult_curve25519_base(publicres, secretkey); + result = crypto_verify_32(publicres, publickey); + + xmemset(publickey, 0, sizeof(publickey)); + xmemset(publicres, 0, sizeof(publicres)); + xmemset(secretkey, 0, sizeof(secretkey)); + + if (result) + panic("Keypair is corrupt! You need to regenerate!\n"); +} diff --git a/keypair.h b/keypair.h new file mode 100644 index 0000000..f65a88c --- /dev/null +++ b/keypair.h @@ -0,0 +1,7 @@ +#ifndef KEYPAIR_H +#define KEYPAIR_H + +extern void generate_keypair(void); +extern void verify_keypair(void); + +#endif /* KEYPAIR_H */ |