From f712d7a28192cbfcde5845d0c2e78fefd7386273 Mon Sep 17 00:00:00 2001
From: Daniel Borkmann <dborkman@redhat.com>
Date: Tue, 4 Jun 2013 14:05:28 +0200
Subject: keypair: Add routines to generate and verify a keypair

This is needed in order to replace curvetun's routines.

Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
---
 keypair.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)
 create mode 100644 keypair.c

(limited to 'keypair.c')

diff --git a/keypair.c b/keypair.c
new file mode 100644
index 0000000..e61482c
--- /dev/null
+++ b/keypair.c
@@ -0,0 +1,71 @@
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <stdio.h>
+
+#include "rnd.h"
+#include "die.h"
+#include "str.h"
+#include "crypto.h"
+#include "ioops.h"
+#include "config.h"
+#include "keypair.h"
+
+void generate_keypair(void)
+{
+	struct passwd *pw = getpwuid(getuid());
+	unsigned char publickey[crypto_box_pub_key_size];
+	unsigned char secretkey[crypto_box_sec_key_size];
+	char file[128];
+
+	xmemset(publickey, 0, sizeof(publickey));
+	xmemset(secretkey, 0, sizeof(secretkey));
+
+	printf("Reading from %s (this may take a while) ...\n",
+	       HIG_ENTROPY_SOURCE);
+
+	gen_key_bytes(secretkey, sizeof(secretkey));
+	crypto_scalarmult_curve25519_base(publickey, secretkey);
+
+	slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PUBKEY);
+	write_blob_or_die(file, publickey, sizeof(publickey));
+	printf("Public key written to %s!\n", file);
+
+	slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PRIVKEY);
+	write_blob_or_die(file, secretkey, sizeof(secretkey));
+	printf("Secret key written to %s!\n", file);
+
+	xmemset(publickey, 0, sizeof(publickey));
+	xmemset(secretkey, 0, sizeof(secretkey));
+}
+
+void verify_keypair(void)
+{
+	int result;
+	struct passwd *pw = getpwuid(getuid());
+	unsigned char publickey[crypto_box_pub_key_size];
+	unsigned char publicres[crypto_box_pub_key_size];
+	unsigned char secretkey[crypto_box_sec_key_size];
+	char file[128];
+
+	xmemset(publickey, 0, sizeof(publickey));
+	xmemset(publicres, 0, sizeof(publicres));
+	xmemset(secretkey, 0, sizeof(secretkey));
+
+	slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PUBKEY);
+	read_blob_or_die(file, publickey, sizeof(publickey));
+
+	slprintf(file, sizeof(file), "%s/%s", pw->pw_dir, FILE_PRIVKEY);
+	read_blob_or_die(file, secretkey, sizeof(secretkey));
+
+	crypto_scalarmult_curve25519_base(publicres, secretkey);
+	result = crypto_verify_32(publicres, publickey);
+
+	xmemset(publickey, 0, sizeof(publickey));
+	xmemset(publicres, 0, sizeof(publicres));
+	xmemset(secretkey, 0, sizeof(secretkey));
+
+	if (result)
+		panic("Keypair is corrupt! You need to regenerate!\n");
+}
-- 
cgit v1.2.3-54-g00ecf