3 * $Id: keymgmt.c,v 1.4 2004/04/03 12:35:13 mdw Exp $
5 * Key loading and storing
7 * (c) 2001 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of Trivial IP Encryption (TrIPE).
14 * TrIPE is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * TrIPE is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with TrIPE; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 /*----- Revision history --------------------------------------------------*
32 * Revision 1.4 2004/04/03 12:35:13 mdw
33 * Support elliptic curve key exchange.
35 * Revision 1.3 2001/06/22 19:40:36 mdw
36 * Support expiry of other peers' public keys.
38 * Revision 1.2 2001/06/19 22:07:09 mdw
41 * Revision 1.1 2001/02/03 20:26:37 mdw
46 /*----- Header files ------------------------------------------------------*/
50 /*----- Global variables --------------------------------------------------*/
55 /*----- Static variables --------------------------------------------------*/
57 static key_file *kf_pub;
58 static const char *kr_priv, *kr_pub, *tag_priv;
59 static fwatch w_priv, w_pub;
61 /*----- Key groups --------------------------------------------------------*/
63 typedef struct kgops {
65 const char *(*loadpriv)(key_data *, group **, mp **, dstr *);
66 const char *(*loadpub)(key_data *, group **, ge **, dstr *);
69 /* --- Diffie-Hellman --- */
71 static const char *kgdh_priv(key_data *kd, group **g, mp **x, dstr *t)
73 key_packstruct kps[DH_PRIVFETCHSZ];
79 kp = key_fetchinit(dh_privfetch, kps, &dp);
80 if ((rc = key_unpack(kp, kd, t)) != 0) {
84 *g = group_prime(&dp.dp);
92 static const char *kgdh_pub(key_data *kd, group **g, ge **p, dstr *t)
94 key_packstruct kps[DH_PUBFETCHSZ];
100 kp = key_fetchinit(dh_pubfetch, kps, &dp);
101 if ((rc = key_unpack(kp, kd, t)) != 0) {
102 e = key_strerror(rc);
105 *g = group_prime(&dp.dp);
107 if (G_FROMINT(*g, *p, dp.y)) {
108 e = "bad public value";
117 static const kgops kgdh_ops = { "tripe-dh", kgdh_priv, kgdh_pub };
119 /* --- Elliptic curve --- */
121 static const char *kgec_priv(key_data *kd, group **g, mp **x, dstr *t)
123 key_packstruct kps[EC_PRIVFETCHSZ];
130 kp = key_fetchinit(ec_privfetch, kps, &ep);
131 if ((rc = key_unpack(kp, kd, t)) != 0) {
132 e = key_strerror(rc);
135 if ((e = ec_getinfo(&ei, ep.cstr)) != 0)
145 static const char *kgec_pub(key_data *kd, group **g, ge **p, dstr *t)
147 key_packstruct kps[EC_PUBFETCHSZ];
154 kp = key_fetchinit(ec_pubfetch, kps, &ep);
155 if ((rc = key_unpack(kp, kd, t)) != 0) {
156 e = key_strerror(rc);
159 if ((e = ec_getinfo(&ei, ep.cstr)) != 0)
163 if (G_FROMEC(*g, *p, &ep.p)) {
164 e = "bad public point";
173 static const kgops kgec_ops = { "tripe-ec", kgec_priv, kgec_pub };
175 /* --- Table of supported key types --- */
177 static const kgops *kgtab[] = { &kgdh_ops, &kgec_ops, 0 };
179 /*----- Main code ---------------------------------------------------------*/
181 /* --- @keymoan@ --- *
183 * Arguments: @const char *file@ = name of the file
184 * @int line@ = line number in file
185 * @const char *msg@ = error message
186 * @void *p@ = argument pointer
190 * Use: Reports an error message about loading a key file.
193 static void keymoan(const char *file, int line, const char *msg, void *p)
194 { a_warn("%s:%i: error: %s", file, line, msg); }
196 /* --- @loadpriv@ --- *
198 * Arguments: @dstr *d@ = string to write errors in
200 * Returns: Zero if OK, nonzero on error.
202 * Use: Loads the private key from its keyfile.
205 static int loadpriv(dstr *d)
217 /* --- Open the private key file --- */
219 if (key_open(&kf, kr_priv, KOPEN_READ, keymoan, 0)) {
220 dstr_putf(d, "error reading private keyring `%s': %s",
221 kr_priv, strerror(errno));
225 /* --- Find the private key --- */
227 if (key_qtag(&kf, tag_priv, &t, &k, &kd)) {
228 dstr_putf(d, "private key `%s' not found in keyring `%s'",
233 /* --- Look up the key type in the table --- */
235 for (ko = kgtab; *ko; ko++) {
236 if (strcmp((*ko)->ty, k->type) == 0)
239 dstr_putf(d, "private key `%s' has unknown type `%s'", t.buf, k->type);
243 /* --- Load the key --- */
245 if ((e = (*ko)->loadpriv(kd, &g, &x, &t)) != 0) {
246 dstr_putf(d, "error reading private key `%s': %s", t.buf, e);
250 /* --- Check that the key is sensible --- */
252 if ((e = G_CHECK(g, &rand_global)) != 0) {
253 dstr_putf(d, "bad group in private key `%s': %s", t.buf, e);
257 /* --- Good, we're happy --- *
259 * Dodginess! We change the group over here, but don't free any old group
260 * elements. This assumes that the new group is basically the same as the
261 * old one, and will happily adopt the existing elements. If it isn't,
262 * then we lose badly. Check this, then.
266 if (!group_samep(g, gg)) {
267 dstr_putf(d, "private key `%s' has different group", t.buf);
275 /* --- Dump out the group --- */
277 IF_TRACING(T_KEYMGMT, {
278 trace(T_KEYMGMT, "keymgmt: extracted private key `%s'", t.buf);
279 IF_TRACING(T_CRYPTO, {
280 trace(T_CRYPTO, "crypto: r = %s", mpstr(g->r));
281 trace(T_CRYPTO, "crypto: h = %s", mpstr(g->h));
282 trace(T_CRYPTO, "crypto: x = %s", mpstr(x));
286 /* --- Success! --- */
292 /* --- Tidy up --- */
299 if (g) G_DESTROYGROUP(g);
303 /* --- @loadpub@ --- *
305 * Arguments: @dstr *d@ = string to write errors to
307 * Returns: Zero if OK, nonzero on error.
309 * Use: Reloads the public keyring.
312 static int loadpub(dstr *d)
314 key_file *kf = CREATE(key_file);
316 if (key_open(kf, kr_pub, KOPEN_READ, keymoan, 0)) {
317 dstr_putf(d, "error reading public keyring `%s': %s",
318 kr_pub, strerror(errno));
323 T( trace(T_KEYMGMT, "keymgmt: loaded public keyring `%s'", kr_pub); )
327 /* --- @km_interval@ --- *
331 * Returns: Zero if OK, nonzero to force reloading of keys.
333 * Use: Called on the interval timer to perform various useful jobs.
336 int km_interval(void)
342 /* --- Check the private key first --- */
344 if (fwatch_update(&w_priv, kr_priv)) {
345 T( trace(T_KEYMGMT, "keymgmt: private keyring updated: reloading..."); )
348 a_warn("%s -- ignoring changes", d.buf);
353 /* --- Now check the public keys --- */
355 if (fwatch_update(&w_pub, kr_pub)) {
356 T( trace(T_KEYMGMT, "keymgmt: public keyring updated: reloading..."); )
360 a_warn("%s -- ignoring changes", d.buf);
373 /* --- @km_init@ --- *
375 * Arguments: @const char *priv@ = private keyring file
376 * @const char *pub@ = public keyring file
377 * @const char *tag@ = tag to load
381 * Use: Initializes, and loads the private key.
384 void km_init(const char *priv, const char *pub, const char *tag)
391 fwatch_init(&w_priv, kr_priv);
392 fwatch_init(&w_pub, kr_pub);
396 die(EXIT_FAILURE, "%s", d.buf);
398 die(EXIT_FAILURE, "%s", d.buf);
401 /* --- @km_getpubkey@ --- *
403 * Arguments: @const char *tag@ = public key tag to load
404 * @ge *kpub@ = where to put the public key
405 * @time_t *t_exp@ = where to put the expiry time
407 * Returns: Zero if OK, nonzero if it failed.
409 * Use: Fetches a public key from the keyring.
412 int km_getpubkey(const char *tag, ge *kpub, time_t *t_exp)
423 /* --- Find the key --- */
425 if (key_qtag(kf_pub, tag, &t, &k, &kd)) {
426 a_warn("private key `%s' not found in keyring `%s'", tag_priv, kr_priv);
430 /* --- Look up the key type in the table --- */
432 for (ko = kgtab; *ko; ko++) {
433 if (strcmp((*ko)->ty, k->type) == 0)
436 a_warn("public key `%s' has unknown type `%s'", t.buf, k->type);
440 /* --- Load the key --- */
442 if ((e = (*ko)->loadpub(kd, &g, &p, &t)) != 0) {
443 a_warn("error reading public key `%s': %s", t.buf, e);
447 /* --- Ensure that the group is correct --- *
449 * Dodginess! We assume that if this works, our global group is willing to
450 * adopt this public element. Probably reasonable.
453 if (!group_samep(gg, g)) {
454 a_warn("public key `%s' has incorrect group", t.buf);
458 /* --- Check the public group element --- */
460 if (group_check(gg, p)) {
461 a_warn("public key `%s' has bad public group element", t.buf);
465 /* --- Dump the public key --- */
467 IF_TRACING(T_KEYMGMT, {
468 trace(T_KEYMGMT, "keymgmt: extracted public key `%s'", t.buf);
469 trace(T_CRYPTO, "crypto: p = %s", gestr(gg, p));
472 /* --- OK, accept the public key --- */
478 /* --- Tidy up --- */
481 if (p) G_DESTROY(g, p);
482 if (g) G_DESTROYGROUP(g);
487 /*----- That's all, folks -------------------------------------------------*/