rsa_dyn.c

mobile ip 在linux下的一种实现

/* $Id: rsa_dyn.c,v 1.9 2000/07/21 15:17:48 ban Exp $
 * Dynamics RSA function interface
 *
 * Dynamic hierarchial IP tunnel
 * Copyright (C) 1998-2000, Dynamics group
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation. See README and COPYING for
 * more details.
 */

#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>

#include "rsa_dyn.h"
#include "jmrsa.h"


static rsa_secret_key host_secret_key;
static unsigned char *rsa_public_key_buf;
static unsigned int rsa_public_key_buf_len;

int rsa_initialize(char const *key_file)
{
	FILE *f;
	int res;

	if (key_file == NULL)
		return -1;

	f = fopen(key_file, "rb");
	if (f == NULL)
		return -1;

	res = rsa_read_file_sec(f, &host_secret_key);
	fclose(f);

	if (res == 0) {
		rsa_public_key pub;

		rsa_secret_public(&host_secret_key, &pub);
		rsa_public_key_buf =
			rsa_public_key_buffer(&pub,
					      &rsa_public_key_buf_len);
		if (rsa_public_key_buf == NULL)
			res = 1;
		rsa_clear_pub(&pub);
	} else
		rsa_clear_sec(&host_secret_key);

	return res;
}

unsigned char* rsa_encrypt_session_key(unsigned char const *session_key,
				       int sk_len,
				       unsigned char const *public_key,
				       unsigned int public_key_len,
				       unsigned int *encrypted_len)
{
	int res, i;
	rsa_public_key pub;
	mpz_t sk, tmp;
	unsigned char *encrypted_key;

	if (session_key == NULL || public_key == NULL || public_key_len < 4)
		return NULL;

	res = rsa_buffer_public_key(public_key, public_key_len, &pub);
	if (res < 0 || res > public_key_len)
		return NULL;

	mpz_init(sk);
	mpz_init(tmp);

	/* load the session key to sk */
	mpz_set_ui(sk, 0);
	for (i = 0; i < sk_len; i++) {
		mpz_set_ui(tmp, session_key[i]);
		mpz_mul_2exp(tmp, tmp, 8*(sk_len - 1 - i));
		mpz_add(sk, sk, tmp);
	}

	rsa_encrypt(&pub, sk, tmp);

	*encrypted_len = (mpz_sizeinbase(tmp, 2) + 7) / 8 + 2;
	encrypted_key = (unsigned char*) malloc(*encrypted_len);
	if (encrypted_key != NULL) {
		if (jm_mpz_to_buf(tmp, encrypted_key) != *encrypted_len) {
			fprintf(stderr, "Internal error in mpz->char* "
				"conversion.\n");
			free(encrypted_key);
			encrypted_key = NULL;
		}
	}

	mpz_clear(sk);
	mpz_clear(tmp);
	rsa_clear_pub(&pub);

	return encrypted_key;
}

int rsa_decrypt_session_key(unsigned char const *encrypted_key,
			    unsigned int encrypted_key_len,
			    unsigned char *session_key, int sk_len)
{
	mpz_t in, out;
	int res;

	if (encrypted_key == NULL || session_key == NULL)
		return -1;

	mpz_init(in);
	res = jm_buf_to_mpz(encrypted_key, encrypted_key_len, in);
	if (res < 0 || res > encrypted_key_len) {
		mpz_clear(in);
		return -1;
	}

	mpz_init(out);

	rsa_decrypt(&host_secret_key, in, out);

	res = 0;

	if (mpz_cmp_ui(out, 0) < 0)
		res = -1;

	mpz_set_ui(in, 1);
	mpz_mul_2exp(in, in, 8 * sk_len);

	if (mpz_cmp(out, in) >= 0)
		res = -1;

	if (res == 0) {
		int i;
		for (i = sk_len - 1; i >= 0; i--) {
			mpz_tdiv_r_2exp(in, out, 8);
			session_key[i] = mpz_get_ui(in);
			mpz_tdiv_q_2exp(out, out, 8);
		}
	}

	mpz_clear(in);
	mpz_clear(out);
	return res;
}

unsigned int rsa_get_public_key_len(void)
{
	return rsa_public_key_buf_len;
}

unsigned char const *rsa_get_public_key(void)
{
	return rsa_public_key_buf;
}


/* key generation */
int rsa_make_key(char const *key_file, int bits)
{
	rsa_secret_key sec;
	FILE *f;
	mode_t old_umask;
	struct stat st;

	if (key_file == NULL)
		return -1;

	if (bits < 128 || bits > 65535) {
		fprintf(stderr, "Invalid key length %i. Possible lengths: "
			"128-65535 bits. Use at least 768 bits to get some "
			"security.\n", bits);
		return -1;
	}

	/* try to remove the file to be overwritten in order to make a new
	   file */
	unlink(key_file);

        old_umask = umask(0077);
	f = fopen(key_file, "wb");
	umask(old_umask);
	if (f == NULL) {
		fprintf(stderr, "Cannot make key file %s.\n", key_file);
		return -1;
	}

	if (stat(key_file, &st) != 0) {
		fprintf(stderr, "Cannot stat key file %s.\n", key_file);
		fclose(f);
		return -1;
	}

	if ((st.st_mode & 0777) != 0600 || st.st_uid != getuid()) {
		fprintf(stderr, "Could not make correct access permissions "
			"for the key file %s.\n", key_file);
		fprintf(stderr, "mode=%i, uid=%i (getuid=>%i)\n", st.st_mode,
			st.st_uid, getuid());
		return -1;
	}


	fprintf(stderr, "Generating keys...\n");
	fprintf(stderr, "If the process seems to stop, please move the mouse "
		"or write something\non the keyboard to generate enough "
		"random data for the keys.\n");
	if (rsa_generate_key(bits, &sec) != 0) {
		fprintf(stderr, "Key generation failed.\n");
		fclose(f);
		return -1;
	}

	rsa_write_file_sec(f, &sec);
	fclose(f);

	return 0;
}

void rsa_debug_print_host_key(void)
{
	rsa_debug_print_sec(&host_secret_key);
}