This repository has been archived by the owner on Mar 24, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsignature.c
162 lines (149 loc) · 5.18 KB
/
signature.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
/*
* Copyright 2009 Christopher Breneman
*
* This file is part of ClueVPN.
*
* ClueVPN is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* ClueVPN is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with ClueVPN. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <arpa/inet.h>
#include "logger.h"
#include "signature.h"
#include "configfile.h"
EVP_PKEY *sig_pubkey = NULL;
EVP_PKEY *sig_privkey = NULL;
int sig_init() {
FILE *f;
sig_pubkey = NULL;
sig_privkey = NULL;
if(global_config.bnlpubkey) {
f = fopen(global_config.bnlpubkey, "r");
if(!f) {
logmsg(LOGGER_ERR, "Could not open BNL public key file");
return SIG_ERROR;
}
sig_pubkey = PEM_read_PUBKEY(f, &sig_pubkey, NULL, NULL);
if(!sig_pubkey) {
logmsg(LOGGER_ERR, "Error reading BNL public key: %s", ERR_error_string(ERR_get_error(), NULL));
return SIG_ERROR;
}
fclose(f);
}
if(global_config.bnlprivkey) {
f = fopen(global_config.bnlprivkey, "r");
if(!f) {
logmsg(LOGGER_ERR, "Could not open BNL private key file");
return SIG_ERROR;
}
sig_privkey = PEM_read_PrivateKey(f, &sig_privkey, NULL, NULL);
if(!sig_privkey) {
logmsg(LOGGER_ERR, "Error reading BNL private key: %s", ERR_error_string(ERR_get_error(), NULL));
return SIG_ERROR;
}
fclose(f);
}
return SIG_OK;
}
void sig_close() {
EVP_PKEY_free(sig_pubkey);
if(sig_privkey) EVP_PKEY_free(sig_privkey);
}
char *sig_getsigfromfile(char *filedata, unsigned int filelen, unsigned int *siglen) {
unsigned int datalen;
if(filelen < 8) return NULL;
datalen = ntohl(*(unsigned int *)filedata);
if(datalen + sizeof(datalen) + sizeof(*siglen) > filelen) return NULL;
*siglen = ntohl(*(unsigned int *)(filedata + sizeof(datalen) + datalen));
if(sizeof(datalen) + datalen + sizeof(*siglen) + *siglen != filelen) return NULL;
return filedata + sizeof(datalen) + datalen + sizeof(*siglen);
}
char *sig_getdatafromfile(char *filedata, unsigned int filelen, unsigned int *datalen) {
if(filelen < 8) return NULL;
*datalen = ntohl(*(unsigned int *)filedata);
if(sizeof(*datalen) + *datalen + sizeof(unsigned int) > filelen) return NULL;
return filedata + sizeof(*datalen);
}
int sig_verify(char *data, unsigned int datalen, char *sig, unsigned int siglen) {
EVP_MD_CTX ctx;
int r;
if(!sig_pubkey) {
logmsg(LOGGER_ERR, "Error signing BNL: No public key loaded");
return SIG_ERROR;
}
EVP_VerifyInit(&ctx, EVP_dss1());
if(EVP_VerifyUpdate(&ctx, data, datalen) != 1) {
logmsg(LOGGER_ERR, "Error verifying signature: %s", ERR_error_string(ERR_get_error(), NULL));
return SIG_ERROR;
}
r = EVP_VerifyFinal(&ctx, sig, siglen, sig_pubkey);
EVP_MD_CTX_cleanup(&ctx);
if(r == 1) return SIG_OK;
if(r == 0) return SIG_INCORRECT;
logmsg(LOGGER_ERR, "Error verifying signature: %s", ERR_error_string(ERR_get_error(), NULL));
return SIG_ERROR;
}
int sig_makesig(char *data, unsigned int datalen, char *sigbuf, unsigned int *siglen) {
EVP_MD_CTX ctx;
int r;
if(!sig_privkey) {
logmsg(LOGGER_ERR, "Error signing BNL: No private key loaded");
return SIG_ERROR;
}
EVP_SignInit(&ctx, EVP_dss1());
if(EVP_SignUpdate(&ctx, data, datalen) != 1) {
logmsg(LOGGER_ERR, "Error signing BNL: %s", ERR_error_string(ERR_get_error(), NULL));
return SIG_ERROR;
}
r = EVP_SignFinal(&ctx, sigbuf, siglen, sig_privkey);
EVP_MD_CTX_cleanup(&ctx);
if(r == 1) return SIG_OK;
logmsg(LOGGER_ERR, "Error signing BNL: %s", ERR_error_string(ERR_get_error(), NULL));
return SIG_ERROR;
}
int sig_makefile(char *data, unsigned int datalen, char *sig, unsigned int siglen, char *filebuf, unsigned int *filelen) {
*(unsigned int *)filebuf = htonl(datalen);
memcpy(filebuf + sizeof(int), data, datalen);
*(unsigned int *)(filebuf + sizeof(int) + datalen) = htonl(siglen);
memcpy(filebuf + sizeof(int) + datalen + sizeof(int), sig, siglen);
*filelen = sizeof(int) + datalen + sizeof(int) + siglen;
return SIG_OK;
}
int sig_signandmakefile(char *data, unsigned int datalen, char *filebuf, unsigned int *filelen) {
static char sigbuf[SIG_MAXSIGSIZE];
unsigned int siglen;
int r;
siglen = SIG_MAXSIGSIZE;
r = sig_makesig(data, datalen, sigbuf, &siglen);
if(r != SIG_OK) return SIG_ERROR;
r = sig_makefile(data, datalen, sigbuf, siglen, filebuf, filelen);
return r;
}
int sig_verifyandgetdata(char *filedata, unsigned int filelen, char **dataptr, unsigned int *datalenptr) {
char *sig, *data;
unsigned int siglen, datalen;
int r;
data = sig_getdatafromfile(filedata, filelen, &datalen);
if(!data) return SIG_ERROR;
if(dataptr) *dataptr = data;
if(datalenptr) *datalenptr = datalen;
sig = sig_getsigfromfile(filedata, filelen, &siglen);
if(!sig) return SIG_ERROR;
r = sig_verify(data, datalen, sig, siglen);
return r;
}