[tripe] / keymgmt.c

/* -*-c-*-
 *
 * $Id: keymgmt.c,v 1.4 2004/04/03 12:35:13 mdw Exp $
 *
 * Key loading and storing
 *
 * (c) 2001 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------* 
 *
 * This file is part of Trivial IP Encryption (TrIPE).
 *
 * TrIPE is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 * 
 * TrIPE is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with TrIPE; if not, write to the Free Software Foundation,
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

/*----- Revision history --------------------------------------------------* 
 *
 * $Log: keymgmt.c,v $
 * Revision 1.4  2004/04/03 12:35:13  mdw
 * Support elliptic curve key exchange.
 *
 * Revision 1.3  2001/06/22 19:40:36  mdw
 * Support expiry of other peers' public keys.
 *
 * Revision 1.2  2001/06/19 22:07:09  mdw
 * Cosmetic fixes.
 *
 * Revision 1.1  2001/02/03 20:26:37  mdw
 * Initial checkin.
 *
 */

/*----- Header files ------------------------------------------------------*/

#include "tripe.h"

/*----- Global variables --------------------------------------------------*/

group *gg;
mp *kpriv;

/*----- Static variables --------------------------------------------------*/

static key_file *kf_pub;
static const char *kr_priv, *kr_pub, *tag_priv;
static fwatch w_priv, w_pub;

/*----- Key groups --------------------------------------------------------*/

typedef struct kgops {
  const char *ty;
  const char *(*loadpriv)(key_data *, group **, mp **, dstr *);
  const char *(*loadpub)(key_data *, group **, ge **, dstr *);
} kgops;

/* --- Diffie-Hellman --- */

static const char *kgdh_priv(key_data *kd, group **g, mp **x, dstr *t)
{
  key_packstruct kps[DH_PRIVFETCHSZ];
  key_packdef *kp;
  dh_priv dp;
  const char *e;
  int rc;

  kp = key_fetchinit(dh_privfetch, kps, &dp);
  if ((rc = key_unpack(kp, kd, t)) != 0) {
    e = key_strerror(rc);
    goto done;
  }
  *g = group_prime(&dp.dp);
  *x = MP_COPY(dp.x);
  e = 0;
done:
  key_fetchdone(kp);
  return (e);
}

static const char *kgdh_pub(key_data *kd, group **g, ge **p, dstr *t)
{
  key_packstruct kps[DH_PUBFETCHSZ];
  key_packdef *kp;
  dh_pub dp;
  const char *e;
  int rc;

  kp = key_fetchinit(dh_pubfetch, kps, &dp);
  if ((rc = key_unpack(kp, kd, t)) != 0) {
    e = key_strerror(rc);
    goto done;
  }
  *g = group_prime(&dp.dp);
  *p = G_CREATE(*g);
  if (G_FROMINT(*g, *p, dp.y)) {
    e = "bad public value";
    goto done;
  }
  e = 0;
done:
  key_fetchdone(kp);
  return (e);
}

static const kgops kgdh_ops = { "tripe-dh", kgdh_priv, kgdh_pub };

/* --- Elliptic curve --- */

static const char *kgec_priv(key_data *kd, group **g, mp **x, dstr *t)
{
  key_packstruct kps[EC_PRIVFETCHSZ];
  key_packdef *kp;
  ec_priv ep;
  ec_info ei;
  const char *e;
  int rc;

  kp = key_fetchinit(ec_privfetch, kps, &ep);
  if ((rc = key_unpack(kp, kd, t)) != 0) {
    e = key_strerror(rc);
    goto done;
  }
  if ((e = ec_getinfo(&ei, ep.cstr)) != 0)
    goto done;
  *g = group_ec(&ei);
  *x = MP_COPY(ep.x);
  e = 0;
done:
  key_fetchdone(kp);
  return (e);
}

static const char *kgec_pub(key_data *kd, group **g, ge **p, dstr *t)
{
  key_packstruct kps[EC_PUBFETCHSZ];
  key_packdef *kp;
  ec_pub ep;
  ec_info ei;
  const char *e;
  int rc;

  kp = key_fetchinit(ec_pubfetch, kps, &ep);
  if ((rc = key_unpack(kp, kd, t)) != 0) {
    e = key_strerror(rc);
    goto done;
  }
  if ((e = ec_getinfo(&ei, ep.cstr)) != 0)
    goto done;
  *g = group_ec(&ei);
  *p = G_CREATE(*g);
  if (G_FROMEC(*g, *p, &ep.p)) {
    e = "bad public point";
    goto done;
  }
  e = 0;
done:
  key_fetchdone(kp);
  return (e);
}

static const kgops kgec_ops = { "tripe-ec", kgec_priv, kgec_pub };

/* --- Table of supported key types --- */

static const kgops *kgtab[] = { &kgdh_ops, &kgec_ops, 0 };

/*----- Main code ---------------------------------------------------------*/

/* --- @keymoan@ --- *
 *
 * Arguments:   @const char *file@ = name of the file
 *              @int line@ = line number in file
 *              @const char *msg@ = error message
 *              @void *p@ = argument pointer
 *
 * Returns:     ---
 *
 * Use:         Reports an error message about loading a key file.
 */

static void keymoan(const char *file, int line, const char *msg, void *p)
  { a_warn("%s:%i: error: %s", file, line, msg); }

/* --- @loadpriv@ --- *
 *
 * Arguments:   @dstr *d@ = string to write errors in
 *
 * Returns:     Zero if OK, nonzero on error.
 *
 * Use:         Loads the private key from its keyfile.
 */

static int loadpriv(dstr *d)
{
  key_file kf;
  key *k;
  key_data *kd;
  dstr t = DSTR_INIT;
  group *g = 0;
  mp *x = 0;
  int rc = -1;
  const kgops **ko;
  const char *e;

  /* --- Open the private key file --- */

  if (key_open(&kf, kr_priv, KOPEN_READ, keymoan, 0)) {
    dstr_putf(d, "error reading private keyring `%s': %s",
              kr_priv, strerror(errno));
    goto done_0;
  }

  /* --- Find the private key --- */

  if (key_qtag(&kf, tag_priv, &t, &k, &kd)) {
    dstr_putf(d, "private key `%s' not found in keyring `%s'",
              tag_priv, kr_priv);
    goto done_1;
  }

  /* --- Look up the key type in the table --- */

  for (ko = kgtab; *ko; ko++) {
    if (strcmp((*ko)->ty, k->type) == 0)
      goto tymatch;
  }
  dstr_putf(d, "private key `%s' has unknown type `%s'", t.buf, k->type);
  goto done_1;
tymatch:;

  /* --- Load the key --- */

  if ((e = (*ko)->loadpriv(kd, &g, &x, &t)) != 0) {
    dstr_putf(d, "error reading private key `%s': %s", t.buf, e);
    goto done_1;
  }

  /* --- Check that the key is sensible --- */

  if ((e = G_CHECK(g, &rand_global)) != 0) {
    dstr_putf(d, "bad group in private key `%s': %s", t.buf, e);
    goto done_1;
  }

  /* --- Good, we're happy --- *
   *
   * Dodginess!  We change the group over here, but don't free any old group
   * elements.  This assumes that the new group is basically the same as the
   * old one, and will happily adopt the existing elements.  If it isn't,
   * then we lose badly.  Check this, then.
   */

  if (gg) {
    if (!group_samep(g, gg)) {
      dstr_putf(d, "private key `%s' has different group", t.buf);
      goto done_1;
    }
    G_DESTROYGROUP(gg);
  }
  if (kpriv)
    mp_drop(kpriv);

  /* --- Dump out the group --- */

  IF_TRACING(T_KEYMGMT, {
    trace(T_KEYMGMT, "keymgmt: extracted private key `%s'", t.buf);
    IF_TRACING(T_CRYPTO, {
      trace(T_CRYPTO, "crypto: r = %s", mpstr(g->r));
      trace(T_CRYPTO, "crypto: h = %s", mpstr(g->h));
      trace(T_CRYPTO, "crypto: x = %s", mpstr(x));
    })
  })

  /* --- Success! --- */

  gg = g; g = 0;
  kpriv = x; x = 0;
  rc = 0;

  /* --- Tidy up --- */

done_1:
  key_close(&kf);
done_0:
  dstr_destroy(&t);
  if (x) mp_drop(x);
  if (g) G_DESTROYGROUP(g);
  return (rc);
}

/* --- @loadpub@ --- *
 *
 * Arguments:   @dstr *d@ = string to write errors to
 *
 * Returns:     Zero if OK, nonzero on error.
 *
 * Use:         Reloads the public keyring.
 */

static int loadpub(dstr *d)
{
  key_file *kf = CREATE(key_file);

  if (key_open(kf, kr_pub, KOPEN_READ, keymoan, 0)) {
    dstr_putf(d, "error reading public keyring `%s': %s",
              kr_pub, strerror(errno));
    DESTROY(kf);
    return (-1);
  }
  kf_pub = kf;
  T( trace(T_KEYMGMT, "keymgmt: loaded public keyring `%s'", kr_pub); )
  return (0);
}

/* --- @km_interval@ --- *
 *
 * Arguments:   ---
 *
 * Returns:     Zero if OK, nonzero to force reloading of keys.
 *
 * Use:         Called on the interval timer to perform various useful jobs.
 */

int km_interval(void)
{
  dstr d = DSTR_INIT;
  key_file *kf;
  int reload = 0;

  /* --- Check the private key first --- */

  if (fwatch_update(&w_priv, kr_priv)) {
    T( trace(T_KEYMGMT, "keymgmt: private keyring updated: reloading..."); )
    DRESET(&d);
    if (loadpriv(&d))
      a_warn("%s -- ignoring changes", d.buf);
    else
      reload = 1;
  }

  /* --- Now check the public keys --- */

  if (fwatch_update(&w_pub, kr_pub)) {
    T( trace(T_KEYMGMT, "keymgmt: public keyring updated: reloading..."); )
    kf = kf_pub;
    DRESET(&d);
    if (loadpub(&d))
      a_warn("%s -- ignoring changes", d.buf);
    else {
      reload = 1;
      key_close(kf);
      DESTROY(kf);
    }
  }

  /* --- Done --- */

  return (reload);
}

/* --- @km_init@ --- *
 *
 * Arguments:   @const char *priv@ = private keyring file
 *              @const char *pub@ = public keyring file
 *              @const char *tag@ = tag to load
 *
 * Returns:     ---
 *
 * Use:         Initializes, and loads the private key.
 */

void km_init(const char *priv, const char *pub, const char *tag)
{
  dstr d = DSTR_INIT;

  kr_priv = priv;
  kr_pub = pub;
  tag_priv = tag;
  fwatch_init(&w_priv, kr_priv);
  fwatch_init(&w_pub, kr_pub);

  DRESET(&d);
  if (loadpriv(&d))
    die(EXIT_FAILURE, "%s", d.buf);
  if (loadpub(&d))
    die(EXIT_FAILURE, "%s", d.buf);
}

/* --- @km_getpubkey@ --- *
 *
 * Arguments:   @const char *tag@ = public key tag to load
 *              @ge *kpub@ = where to put the public key
 *              @time_t *t_exp@ = where to put the expiry time
 *
 * Returns:     Zero if OK, nonzero if it failed.
 *
 * Use:         Fetches a public key from the keyring.
 */

int km_getpubkey(const char *tag, ge *kpub, time_t *t_exp)
{
  key *k;
  key_data *kd;
  dstr t = DSTR_INIT;
  const kgops **ko;
  const char *e;
  group *g = 0;
  ge *p = 0;
  int rc = -1;

  /* --- Find the key --- */

  if (key_qtag(kf_pub, tag, &t, &k, &kd)) {
    a_warn("private key `%s' not found in keyring `%s'", tag_priv, kr_priv);
    goto done;
  }

  /* --- Look up the key type in the table --- */

  for (ko = kgtab; *ko; ko++) {
    if (strcmp((*ko)->ty, k->type) == 0)
      goto tymatch;
  }
  a_warn("public key `%s' has unknown type `%s'", t.buf, k->type);
  goto done;
tymatch:;

  /* --- Load the key --- */

  if ((e = (*ko)->loadpub(kd, &g, &p, &t)) != 0) {
    a_warn("error reading public key `%s': %s", t.buf, e);
    goto done;
  }

  /* --- Ensure that the group is correct --- *
   *
   * Dodginess!  We assume that if this works, our global group is willing to
   * adopt this public element.  Probably reasonable.
   */

  if (!group_samep(gg, g)) {
    a_warn("public key `%s' has incorrect group", t.buf);
    goto done;
  }

  /* --- Check the public group element --- */

  if (group_check(gg, p)) {
    a_warn("public key `%s' has bad public group element", t.buf);
    goto done;
  }

  /* --- Dump the public key --- */

  IF_TRACING(T_KEYMGMT, {
    trace(T_KEYMGMT, "keymgmt: extracted public key `%s'", t.buf);
    trace(T_CRYPTO, "crypto: p = %s", gestr(gg, p));
  })

  /* --- OK, accept the public key --- */

  *t_exp = k->exp;
  G_COPY(gg, kpub, p);
  rc = 0;

  /* --- Tidy up --- */

done:
  if (p) G_DESTROY(g, p);
  if (g) G_DESTROYGROUP(g);
  dstr_destroy(&t);
  return (rc);
}

/*----- That's all, folks -------------------------------------------------*/