Import release 0.1.13

[secnet.git] / rsa.c

diff --git a/rsa.c b/rsa.c
index d1107a952ef1a0e0ce9198a66ee17e0a6e61c31e..2b4c7293f48071806a7ce4bcde40349a029a823e 100644 (file)
--- a/rsa.c
+++ b/rsa.c
@@ -1,29 +1,3 @@
-/***************************************************************************
- *
- *              Part II Project, "A secure, private IP network"
- *              Stephen Early <sde1000@cam.ac.uk>
- *   
- *
- *     $RCSfile: rsa.c,v $
- *
- *  Description: RSA signature making and checking functions
- *
- *    Copyright: (C) Stephen Early 1995
- *
- *    $Revision: 1.1 $
- *
- *        $Date: 1996/05/16 18:40:14 $
- *
- *       $State: Exp $
- *
- ***************************************************************************/
-
-/* $Log: rsa.c,v $
- * Revision 1.1  1996/05/16 18:40:14  sde1000
- * Initial revision
- *
- */
-
 #include <stdio.h>
 #include <gmp.h>
 #include "secnet.h"
@@ -62,6 +36,10 @@ static string_t rsa_sign(void *sst, uint8_t *data, uint32_t datalen)
 
     msize=mpz_sizeinbase(&st->n, 16);
 
+    if (datalen*2+4>=msize) {
+       fatal("rsa_sign: message too big\n");
+    }
+
     strcpy(buff,"0001");
 
     for (i=0; i<datalen; i++) {
@@ -69,7 +47,7 @@ static string_t rsa_sign(void *sst, uint8_t *data, uint32_t datalen)
        buff[5+i*2]=hexchars[data[i]&0xf];
     }
     buff[4+datalen*2]=0;
-
+    
     for (i=datalen*2+4; i<msize; i++)
        buff[i]='f';
 
@@ -228,8 +206,15 @@ static list_t *rsapriv_apply(closure_t *self, struct cloc loc, dict_t *context,
 
     f=fopen(filename,"rb");
     if (!f) {
-       fatal_perror("rsa-private (%s:%d): cannot open file \"%s\"",
-                    loc.file,loc.line,filename);
+       if (just_check_config) {
+           Message(M_WARNING,"rsa-private (%s:%d): cannot open keyfile "
+                   "\"%s\"; assuming it's valid while we check the "
+                   "rest of the configuration\n",loc.file,loc.line,filename);
+           goto assume_valid;
+       } else {
+           fatal_perror("rsa-private (%s:%d): cannot open file \"%s\"",
+                        loc.file,loc.line,filename);
+       }
     }
 
     /* Check that the ID string is correct */
@@ -310,23 +295,30 @@ static list_t *rsapriv_apply(closure_t *self, struct cloc loc, dict_t *context,
 
     /* Now do trial signature/check to make sure it's a real keypair:
        sign the comment string! */
-    mpz_init(&sig);
-    mpz_init(&plain);
-    mpz_init(&check);
-    read_mpbin(&plain,c,strlen(c));
-    mpz_powm(&sig, &plain, &st->d, &st->n);
-    mpz_powm(&check, &sig, &e, &st->n);
-    if (mpz_cmp(&plain,&check)!=0) {
-       cfgfatal(loc,"rsa-private","file \"%s\" does not contain a "
-                "valid RSA key!\n",filename);
+    i=list_elem(args,1);
+    if (i && i->type==t_bool && i->data.bool==False) {
+       Message(M_INFO,"rsa-private (%s:%d): skipping RSA key validity "
+               "check\n",loc.file,loc.line);
+    } else {
+       mpz_init(&sig);
+       mpz_init(&plain);
+       mpz_init(&check);
+       read_mpbin(&plain,c,strlen(c));
+       mpz_powm(&sig, &plain, &st->d, &st->n);
+       mpz_powm(&check, &sig, &e, &st->n);
+       if (mpz_cmp(&plain,&check)!=0) {
+           cfgfatal(loc,"rsa-private","file \"%s\" does not contain a "
+                    "valid RSA key!\n",filename);
+       }
+       mpz_clear(&sig);
+       mpz_clear(&plain);
+       mpz_clear(&check);
     }
-    mpz_clear(&sig);
-    mpz_clear(&plain);
-    mpz_clear(&check);
 
     free(c);
     mpz_clear(&e);
 
+assume_valid:
     return new_closure(&st->cl);
 }