Mix/Src/keymgt.c

/* Mixmaster version 3  --  (C) 1999 Anonymizer Inc.

   Mixmaster may be redistributed and modified under certain conditions.
   This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF
   ANY KIND, either express or implied. See the file COPYRIGHT for
   details.

   Key management
   $Id: keymgt.c,v 1.2 2001/11/02 21:25:34 rabbi Exp $ */


#include "mix3.h"
#include <string.h>
#include <assert.h>

static int getv2seckey(byte keyid[], BUFFER *key);
static int getv3seckey(byte keyid[], BUFFER *key);
static int getv2pubkey(byte keyid[], BUFFER *key);
static int getv3pubkey(byte keyid[], BUFFER *key);

int db_getseckey(byte keyid[], BUFFER *key)
{
  if (getv3seckey(keyid, key) == -1 && getv2seckey(keyid, key) == -1)
    return (-1);
  else
    return (0);
}

int db_getpubkey(byte keyid[], BUFFER *key)
{
  if (getv3pubkey(keyid, key) == -1 && getv2pubkey(keyid, key) == -1)
    return (-1);
  else
    return (0);
}

static int getv3seckey(byte keyid[], BUFFER *key)
{
  return -1;                    /*  XXX */
}

static int getv3pubkey(byte keyid[], BUFFER *key)
{
  return -1;                    /*  XXX */
}

#ifdef USE_RSA
static int getv2seckey(byte keyid[], BUFFER *key)
{
  FILE *keyring;
  BUFFER *iv, *pass, *temp;
  char idstr[33];
  char line[LINELEN];
  int err = 0;

  pass = buf_new();
  iv = buf_new();
  temp = buf_new();
  id_encode(keyid, idstr);
  strcat(idstr, "\n");
  if ((keyring = mix_openfile(SECRING, "r")) == NULL) {
    errlog(ERRORMSG, "No secret key file!\n");
    err = -1;
    goto end;
  }
  for (;;) {
    if (fgets(line, sizeof(line), keyring) == NULL)
      break;
    if (strleft(line, begin_key)) {
      if (fgets(line, sizeof(line), keyring) == NULL)
        break;
      if (!streq(line, idstr))
        continue;
      fgets(line, sizeof(line), keyring);
      fgets(line, sizeof(line), keyring);
      buf_sets(iv, line);
      decode(iv, iv);
      for (;;) {
        if (fgets(line, sizeof(line), keyring) == NULL)
          break;
        if (strleft(line, end_key))
          break;
        buf_append(key, line, strlen(line) - 1);
      }
      break;
    }
  }
  fclose(keyring);

  if (key->length == 0) {
    errlog(ERRORMSG, "No such key: %s", idstr);
    err = -1;
  } else {
    err = decode(key, key);
    if (err == -1)
      errlog(ERRORMSG, "Corrupt secret key.\n");
  }
  if (err == -1)
    goto end;
  buf_sets(pass, PASSPHRASE);
  digest_md5(pass, pass);
  buf_crypt(key, pass, iv, DECRYPT);

  err = check_seckey(key, keyid);
  if (err == -1)
    errlog(ERRORMSG, "Corrupt secret key. Bad passphrase?\n");
end:
  buf_free(pass);
  buf_free(iv);
  buf_free(temp);
  return (err);
}

static int getv2pubkey(byte keyid[], BUFFER *key)
{
  FILE *keyring;
  BUFFER *b, *temp, *iv;
  char idstr[33];
  char line[LINELEN];
  int err = 0;

  b = buf_new();
  iv = buf_new();
  temp = buf_new();
  id_encode(keyid, idstr);
  strcat(idstr, "\n");
  if ((keyring = mix_openfile(PUBRING, "r")) == NULL) {
    errlog(ERRORMSG, "Can't open %s!\n", PUBRING);
    err = -1;
    goto end;
  }
  for (;;) {
    if (fgets(line, sizeof(line), keyring) == NULL)
      break;
    if (strleft(line, begin_key)) {
      if (fgets(line, sizeof(line), keyring) == NULL)
        break;
      if (!streq(line, idstr))
        continue;
      fgets(line, sizeof(line), keyring);       /* ignore length */
      for (;;) {
        if (fgets(line, sizeof(line), keyring) == NULL)
          goto done;
        if (strleft(line, end_key))
          goto done;
        buf_append(key, line, strlen(line) - 1);
      }
      break;
    }
  }
done:
  fclose(keyring);

  if (key->length == 0) {
    errlog(ERRORMSG, "No such public key: %s", idstr);
    err = -1;
    goto end;
  }
  err = decode(key, key);
  if (err != -1)
    err = check_pubkey(key, keyid);
  if (err == -1)
    errlog(ERRORMSG, "Corrupt public key %s", idstr);
end:
  buf_free(b);
  buf_free(iv);
  buf_free(temp);
  return (err);
}

#else
static int getv2seckey(byte keyid[], BUFFER *key)
{
  return -1;
}

static int getv2pubkey(byte keyid[], BUFFER *key)
{
  return -1;
}
#endif

int key(BUFFER *out)
{
  int err = -1;
  FILE *f;

  buf_sets(out, "Subject: Remailer key for ");
  buf_appends(out, SHORTNAME);
  buf_appends(out, "\n\n");

  keymgt(0);

  conf_premail(out);
  buf_nl(out);

  if (PGP) {
    if ((f = mix_openfile(PGPKEY, "r")) != NULL) {
      buf_appends(out, "Here is the PGP key:\n\n");
      buf_read(out, f);
      buf_nl(out);
      fclose(f);
      err = 0;
    }
  }
  if (MIX) {
    if ((f = mix_openfile(KEYFILE, "r")) != NULL) {
      buf_appends(out, "Here is the Mixmaster key:\n\n");
      buf_appends(out, "=-=-=-=-=-=-=-=-=-=-=-=\n");
      buf_read(out, f);
      buf_nl(out);
      fclose(f);
      err = 0;
    }
  }
  if (err == -1 && UNENCRYPTED) {
    buf_appends(out, "The remailer accepts unencrypted messages.\n");
    err = 0;
  }
  if (err == -1)
    errlog(ERRORMSG, "Cannot create remailer keys!");

  return (err);
}

int adminkey(BUFFER *out)
{
        int err = -1;
        FILE *f;

        buf_sets( out, "Subject: Admin key for the " );
        buf_appends( out, SHORTNAME );
        buf_appends( out, " remailer\n\n" );

        if ( (f = mix_openfile( ADMKEYFILE, "r" )) != NULL ) {
                buf_read( out, f );
                buf_nl( out );
                fclose( f );
                err = 0;
        }

        if ( err == -1 )
                errlog( ERRORMSG, "Can not read admin key file!\n" );

        return err;
}

#ifdef USE_RSA
int v2keymgt(force)
{
  /* scan secring, write the pubkey. function will be rewritten
     for advanced key management in v3 */

  FILE *keyring, *f;
  char line[LINELEN];
  byte k1[16];
  BUFFER *b, *temp, *iv, *pass, *pk;
  int err = 0;
  int found = 0;

  b = buf_new();
  temp = buf_new();
  iv = buf_new();
  pass = buf_new();
  pk = buf_new();

  if (force == 2)
    v2createkey();
  else if ((f = mix_openfile(SECRING, "r")) == NULL)
    v2createkey();

  if (force == 0 && (f = mix_openfile(KEYFILE, "r")) != NULL) {
    fclose(f);
    goto end;
  }
  keyring = mix_openfile(SECRING, "r");
  if (keyring != NULL) {
    for (;;) {
      if (fgets(line, sizeof(line), keyring) == NULL)
        break;
      if (strleft(line, begin_key)) {
        if (fgets(line, sizeof(line), keyring) == NULL)
          break;
        id_decode(line, k1);
        fgets(line, sizeof(line), keyring);
        if (fgets(line, sizeof(line), keyring) == NULL)
          break;
        buf_sets(iv, line);
        decode(iv, iv);
        buf_reset(b);
        for (;;) {
          if (fgets(line, sizeof(line), keyring) == NULL)
            break;
          if (strleft(line, end_key))
            break;
          buf_append(b, line, strlen(line) - 1);
        }
        if (decode(b, b) == -1)
          break;
        buf_sets(temp, PASSPHRASE);
        digest_md5(temp, pass);
        buf_crypt(b, pass, iv, DECRYPT);
        if (seckeytopub(pk, b, k1) == 0)
          found = 1;
        break;
      }
    }
    fclose(keyring);
  }
  if (found) {
    id_encode(k1, line);
    if ((f = mix_openfile(KEYFILE, "w")) != NULL) {
      fprintf(f, "%s %s %s %s %s%s\n", SHORTNAME,
              REMAILERADDR, line, VERSION,
              MIDDLEMAN ? "M" : "",
              NEWS[0] == '\0' ? "C" : (strchr(NEWS, '@') ? "CNm" : "CNp"));
      fprintf(f, "\n%s\n", begin_key);
      fprintf(f, "%s\n258\n", line);
      encode(pk, 40);
      buf_write(pk, f);
      fprintf(f, "%s\n\n", end_key);
      fclose(f);
    }
  } else
    err = -1;

end:
  buf_free(b);
  buf_free(temp);
  buf_free(iv);
  buf_free(pass);
  buf_free(pk);

  return (err);
}
#endif

int keymgt(int force)
{
  /* force = 0: write key file if there is none
     force = 1: update key file
     force = 2: generate new key */
  int err = 0;

#ifdef USE_RSA
  if (MIX && (err = v2keymgt(force)) == -1)
    err = -1;
#endif
#ifdef USE_PGP
  if (PGP && (err = pgp_keymgt(force)) == -1)
    err = -1;
#endif
  return (err);
}
1	/* Mixmaster version 3 -- (C) 1999 Anonymizer Inc.
2
3	Mixmaster may be redistributed and modified under certain conditions.
4	This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF
5	ANY KIND, either express or implied. See the file COPYRIGHT for
6	details.
7
8	Key management
9	$Id: keymgt.c,v 1.2 2001/11/02 21:25:34 rabbi Exp $ */
10
11
12	#include "mix3.h"
13	#include <string.h>
14	#include <assert.h>
15
16	static int getv2seckey(byte keyid[], BUFFER *key);
17	static int getv3seckey(byte keyid[], BUFFER *key);
18	static int getv2pubkey(byte keyid[], BUFFER *key);
19	static int getv3pubkey(byte keyid[], BUFFER *key);
20
21	int db_getseckey(byte keyid[], BUFFER *key)
22	{
23	if (getv3seckey(keyid, key) == -1 && getv2seckey(keyid, key) == -1)
24	return (-1);
25	else
26	return (0);
27	}
28
29	int db_getpubkey(byte keyid[], BUFFER *key)
30	{
31	if (getv3pubkey(keyid, key) == -1 && getv2pubkey(keyid, key) == -1)
32	return (-1);
33	else
34	return (0);
35	}
36
37	static int getv3seckey(byte keyid[], BUFFER *key)
38	{
39	return -1; /* XXX */
40	}
41
42	static int getv3pubkey(byte keyid[], BUFFER *key)
43	{
44	return -1; /* XXX */
45	}
46
47	#ifdef USE_RSA
48	static int getv2seckey(byte keyid[], BUFFER *key)
49	{
50	FILE *keyring;
51	BUFFER iv, pass, *temp;
52	char idstr[33];
53	char line[LINELEN];
54	int err = 0;
55
56	pass = buf_new();
57	iv = buf_new();
58	temp = buf_new();
59	id_encode(keyid, idstr);
60	strcat(idstr, "\n");
61	if ((keyring = mix_openfile(SECRING, "r")) == NULL) {
62	errlog(ERRORMSG, "No secret key file!\n");
63	err = -1;
64	goto end;
65	}
66	for (;;) {
67	if (fgets(line, sizeof(line), keyring) == NULL)
68	break;
69	if (strleft(line, begin_key)) {
70	if (fgets(line, sizeof(line), keyring) == NULL)
71	break;
72	if (!streq(line, idstr))
73	continue;
74	fgets(line, sizeof(line), keyring);
75	fgets(line, sizeof(line), keyring);
76	buf_sets(iv, line);
77	decode(iv, iv);
78	for (;;) {
79	if (fgets(line, sizeof(line), keyring) == NULL)
80	break;
81	if (strleft(line, end_key))
82	break;
83	buf_append(key, line, strlen(line) - 1);
84	}
85	break;
86	}
87	}
88	fclose(keyring);
89
90	if (key->length == 0) {
91	errlog(ERRORMSG, "No such key: %s", idstr);
92	err = -1;
93	} else {
94	err = decode(key, key);
95	if (err == -1)
96	errlog(ERRORMSG, "Corrupt secret key.\n");
97	}
98	if (err == -1)
99	goto end;
100	buf_sets(pass, PASSPHRASE);
101	digest_md5(pass, pass);
102	buf_crypt(key, pass, iv, DECRYPT);
103
104	err = check_seckey(key, keyid);
105	if (err == -1)
106	errlog(ERRORMSG, "Corrupt secret key. Bad passphrase?\n");
107	end:
108	buf_free(pass);
109	buf_free(iv);
110	buf_free(temp);
111	return (err);
112	}
113
114	static int getv2pubkey(byte keyid[], BUFFER *key)
115	{
116	FILE *keyring;
117	BUFFER b, temp, *iv;
118	char idstr[33];
119	char line[LINELEN];
120	int err = 0;
121
122	b = buf_new();
123	iv = buf_new();
124	temp = buf_new();
125	id_encode(keyid, idstr);
126	strcat(idstr, "\n");
127	if ((keyring = mix_openfile(PUBRING, "r")) == NULL) {
128	errlog(ERRORMSG, "Can't open %s!\n", PUBRING);
129	err = -1;
130	goto end;
131	}
132	for (;;) {
133	if (fgets(line, sizeof(line), keyring) == NULL)
134	break;
135	if (strleft(line, begin_key)) {
136	if (fgets(line, sizeof(line), keyring) == NULL)
137	break;
138	if (!streq(line, idstr))
139	continue;
140	fgets(line, sizeof(line), keyring); /* ignore length */
141	for (;;) {
142	if (fgets(line, sizeof(line), keyring) == NULL)
143	goto done;
144	if (strleft(line, end_key))
145	goto done;
146	buf_append(key, line, strlen(line) - 1);
147	}
148	break;
149	}
150	}
151	done:
152	fclose(keyring);
153
154	if (key->length == 0) {
155	errlog(ERRORMSG, "No such public key: %s", idstr);
156	err = -1;
157	goto end;
158	}
159	err = decode(key, key);
160	if (err != -1)
161	err = check_pubkey(key, keyid);
162	if (err == -1)
163	errlog(ERRORMSG, "Corrupt public key %s", idstr);
164	end:
165	buf_free(b);
166	buf_free(iv);
167	buf_free(temp);
168	return (err);
169	}
170
171	#else
172	static int getv2seckey(byte keyid[], BUFFER *key)
173	{
174	return -1;
175	}
176
177	static int getv2pubkey(byte keyid[], BUFFER *key)
178	{
179	return -1;
180	}
181	#endif
182
183	int key(BUFFER *out)
184	{
185	int err = -1;
186	FILE *f;
187
188	buf_sets(out, "Subject: Remailer key for ");
189	buf_appends(out, SHORTNAME);
190	buf_appends(out, "\n\n");
191
192	keymgt(0);
193
194	conf_premail(out);
195	buf_nl(out);
196
197	if (PGP) {
198	if ((f = mix_openfile(PGPKEY, "r")) != NULL) {
199	buf_appends(out, "Here is the PGP key:\n\n");
200	buf_read(out, f);
201	buf_nl(out);
202	fclose(f);
203	err = 0;
204	}
205	}
206	if (MIX) {
207	if ((f = mix_openfile(KEYFILE, "r")) != NULL) {
208	buf_appends(out, "Here is the Mixmaster key:\n\n");
209	buf_appends(out, "=-=-=-=-=-=-=-=-=-=-=-=\n");
210	buf_read(out, f);
211	buf_nl(out);
212	fclose(f);
213	err = 0;
214	}
215	}
216	if (err == -1 && UNENCRYPTED) {
217	buf_appends(out, "The remailer accepts unencrypted messages.\n");
218	err = 0;
219	}
220	if (err == -1)
221	errlog(ERRORMSG, "Cannot create remailer keys!");
222
223	return (err);
224	}
225
226	int adminkey(BUFFER *out)
227	{
228	int err = -1;
229	FILE *f;
230
231	buf_sets( out, "Subject: Admin key for the " );
232	buf_appends( out, SHORTNAME );
233	buf_appends( out, " remailer\n\n" );
234
235	if ( (f = mix_openfile( ADMKEYFILE, "r" )) != NULL ) {
236	buf_read( out, f );
237	buf_nl( out );
238	fclose( f );
239	err = 0;
240	}
241
242	if ( err == -1 )
243	errlog( ERRORMSG, "Can not read admin key file!\n" );
244
245	return err;
246	}
247
248	#ifdef USE_RSA
249	int v2keymgt(force)
250	{
251	/* scan secring, write the pubkey. function will be rewritten
252	for advanced key management in v3 */
253
254	FILE keyring, f;
255	char line[LINELEN];
256	byte k1[16];
257	BUFFER b, temp, iv, pass, *pk;
258	int err = 0;
259	int found = 0;
260
261	b = buf_new();
262	temp = buf_new();
263	iv = buf_new();
264	pass = buf_new();
265	pk = buf_new();
266
267	if (force == 2)
268	v2createkey();
269	else if ((f = mix_openfile(SECRING, "r")) == NULL)
270	v2createkey();
271
272	if (force == 0 && (f = mix_openfile(KEYFILE, "r")) != NULL) {
273	fclose(f);
274	goto end;
275	}
276	keyring = mix_openfile(SECRING, "r");
277	if (keyring != NULL) {
278	for (;;) {
279	if (fgets(line, sizeof(line), keyring) == NULL)
280	break;
281	if (strleft(line, begin_key)) {
282	if (fgets(line, sizeof(line), keyring) == NULL)
283	break;
284	id_decode(line, k1);
285	fgets(line, sizeof(line), keyring);
286	if (fgets(line, sizeof(line), keyring) == NULL)
287	break;
288	buf_sets(iv, line);
289	decode(iv, iv);
290	buf_reset(b);
291	for (;;) {
292	if (fgets(line, sizeof(line), keyring) == NULL)
293	break;
294	if (strleft(line, end_key))
295	break;
296	buf_append(b, line, strlen(line) - 1);
297	}
298	if (decode(b, b) == -1)
299	break;
300	buf_sets(temp, PASSPHRASE);
301	digest_md5(temp, pass);
302	buf_crypt(b, pass, iv, DECRYPT);
303	if (seckeytopub(pk, b, k1) == 0)
304	found = 1;
305	break;
306	}
307	}
308	fclose(keyring);
309	}
310	if (found) {
311	id_encode(k1, line);
312	if ((f = mix_openfile(KEYFILE, "w")) != NULL) {
313	fprintf(f, "%s %s %s %s %s%s\n", SHORTNAME,
314	REMAILERADDR, line, VERSION,
315	MIDDLEMAN ? "M" : "",
316	NEWS[0] == '\0' ? "C" : (strchr(NEWS, '@') ? "CNm" : "CNp"));
317	fprintf(f, "\n%s\n", begin_key);
318	fprintf(f, "%s\n258\n", line);
319	encode(pk, 40);
320	buf_write(pk, f);
321	fprintf(f, "%s\n\n", end_key);
322	fclose(f);
323	}
324	} else
325	err = -1;
326
327	end:
328	buf_free(b);
329	buf_free(temp);
330	buf_free(iv);
331	buf_free(pass);
332	buf_free(pk);
333
334	return (err);
335	}
336	#endif
337
338	int keymgt(int force)
339	{
340	/* force = 0: write key file if there is none
341	force = 1: update key file
342	force = 2: generate new key */
343	int err = 0;
344
345	#ifdef USE_RSA
346	if (MIX && (err = v2keymgt(force)) == -1)
347	err = -1;
348	#endif
349	#ifdef USE_PGP
350	if (PGP && (err = pgp_keymgt(force)) == -1)
351	err = -1;
352	#endif
353	return (err);
354	}