From f712d7a28192cbfcde5845d0c2e78fefd7386273 Mon Sep 17 00:00:00 2001 From: Daniel Borkmann Date: Tue, 4 Jun 2013 14:05:28 +0200 Subject: keypair: Add routines to generate and verify a keypair This is needed in order to replace curvetun's routines. Signed-off-by: Daniel Borkmann --- config.h | 10 ++++++++ crypto.h | 1 + curvetun/Makefile | 1 + keypair.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ keypair.h | 7 ++++++ 5 files changed, 90 insertions(+) create mode 100644 config.h create mode 100644 keypair.c create mode 100644 keypair.h diff --git a/config.h b/config.h new file mode 100644 index 0000000..a73edd5 --- /dev/null +++ b/config.h @@ -0,0 +1,10 @@ +#ifndef CONFIG_H +#define CONFIG_H + +#define FILE_CLIENTS ".curvetun/clients" +#define FILE_SERVERS ".curvetun/servers" +#define FILE_PRIVKEY ".curvetun/priv.key" +#define FILE_PUBKEY ".curvetun/pub.key" +#define FILE_USERNAM ".curvetun/username" + +#endif /* CONFIG_H */ diff --git a/crypto.h b/crypto.h index 2c3fac3..d06da00 100644 --- a/crypto.h +++ b/crypto.h @@ -15,5 +15,6 @@ #define crypto_box_afternm crypto_box_curve25519xsalsa20poly1305_afternm #define crypto_box_open_afternm crypto_box_curve25519xsalsa20poly1305_open_afternm #define crypto_box_pub_key_size crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES +#define crypto_box_sec_key_size crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES #endif /* CRYPTO_H */ diff --git a/curvetun/Makefile b/curvetun/Makefile index 8ae6291..f13c8c7 100644 --- a/curvetun/Makefile +++ b/curvetun/Makefile @@ -16,6 +16,7 @@ curvetun-objs = xmalloc.o \ rnd.o \ curve.o \ cookie.o \ + keypair.o \ ioexact.o \ ioops.o \ cpusched.o \ diff --git a/keypair.c b/keypair.c new file mode 100644 index 0000000..e61482c --- /dev/null +++ b/keypair.c @@ -0,0 +1,71 @@ +#include +#include +#include +#include +#include + +#include "rnd.h" +#include "die.h" +#include "str.h" +#include "crypto.h" +#include "ioops.h" +#include "config.h" +#include "keypair.h" + +void generate_keypair(void) +{ + struct passwd *pw = getpwuid(getuid()); + unsigned char publickey[crypto_box_pub_key_size]; + unsigned char secretkey[crypto_box_sec_key_size]; + char file[128]; + + xmemset(publickey, 0, sizeof(publickey)); + xmemset(secretkey, 0, sizeof(secretkey)); + + printf("Reading from %s (this may take a while) ...\n", + HIG_ENTROPY_SOURCE); + + gen_key_bytes(secretkey, sizeof(secretkey)); + crypto_scalarmult_curve25519_base(publickey, secretkey); + + slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PUBKEY); + write_blob_or_die(file, publickey, sizeof(publickey)); + printf("Public key written to %s!\n", file); + + slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PRIVKEY); + write_blob_or_die(file, secretkey, sizeof(secretkey)); + printf("Secret key written to %s!\n", file); + + xmemset(publickey, 0, sizeof(publickey)); + xmemset(secretkey, 0, sizeof(secretkey)); +} + +void verify_keypair(void) +{ + int result; + struct passwd *pw = getpwuid(getuid()); + unsigned char publickey[crypto_box_pub_key_size]; + unsigned char publicres[crypto_box_pub_key_size]; + unsigned char secretkey[crypto_box_sec_key_size]; + char file[128]; + + xmemset(publickey, 0, sizeof(publickey)); + xmemset(publicres, 0, sizeof(publicres)); + xmemset(secretkey, 0, sizeof(secretkey)); + + slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PUBKEY); + read_blob_or_die(file, publickey, sizeof(publickey)); + + slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PRIVKEY); + read_blob_or_die(file, secretkey, sizeof(secretkey)); + + crypto_scalarmult_curve25519_base(publicres, secretkey); + result = crypto_verify_32(publicres, publickey); + + xmemset(publickey, 0, sizeof(publickey)); + xmemset(publicres, 0, sizeof(publicres)); + xmemset(secretkey, 0, sizeof(secretkey)); + + if (result) + panic("Keypair is corrupt! You need to regenerate!\n"); +} diff --git a/keypair.h b/keypair.h new file mode 100644 index 0000000..f65a88c --- /dev/null +++ b/keypair.h @@ -0,0 +1,7 @@ +#ifndef KEYPAIR_H +#define KEYPAIR_H + +extern void generate_keypair(void); +extern void verify_keypair(void); + +#endif /* KEYPAIR_H */ -- cgit v1.2.3-54-g00ecf