mirror of
https://gitlab.kit.edu/kit/scc/sys/mail/exim-encrypt-dlfunc.git
synced 2025-12-06 12:03:55 +01:00
Streamlined key generation. Added \0-check for keys.
This commit is contained in:
Heiko Reese
123
src/genkey.c
123
src/genkey.c
@ -1,5 +1,18 @@
|
||||
#include <stdbool.h>
|
||||
#include <stdio.h>
|
||||
#include <sodium.h>
|
||||
|
||||
bool key_contains_zero(unsigned char *key, unsigned int keylen)
|
||||
{
|
||||
bool has_zero = false;
|
||||
for (int i = 0; i < keylen; i++) {
|
||||
if (key[i] == 0) {
|
||||
has_zero = true;
|
||||
}
|
||||
}
|
||||
return has_zero;
|
||||
}
|
||||
|
||||
void
|
||||
dump_key_as_c_code(FILE * f, const char *name, unsigned char *key,
|
||||
unsigned int keylen)
|
||||
@ -15,43 +28,115 @@ dump_key_as_c_code(FILE * f, const char *name, unsigned char *key,
|
||||
fprintf(f, "const unsigned int %s_length = %d;\n", name, keylen);
|
||||
}
|
||||
|
||||
void
|
||||
dump_key_as_exim_config(FILE * f, const char *name, unsigned char *key,
|
||||
unsigned int keylen)
|
||||
{
|
||||
fprintf(f, "%s = \"", name);
|
||||
for (int i = 0; i < keylen; i++) {
|
||||
fprintf(f, "\\x%02x", key[i]);
|
||||
}
|
||||
fprintf(f, "\"\n");
|
||||
}
|
||||
|
||||
void
|
||||
write_key_files(const char *filebase, const char *varname,
|
||||
unsigned char *key, unsigned int keylen)
|
||||
{
|
||||
char header_filename[4096];
|
||||
char exim_filename[4096];
|
||||
char raw_filename[4096];
|
||||
FILE *f;
|
||||
|
||||
sprintf(header_filename, "%s.h", filebase);
|
||||
sprintf(exim_filename, "%s_exim.conf", filebase);
|
||||
sprintf(raw_filename, "%s.raw", filebase);
|
||||
|
||||
// open header file
|
||||
FILE *hfile = fopen(header_filename, "w+");
|
||||
if (hfile == NULL) {
|
||||
fprintf(stderr, "Unable to open %s for writing",
|
||||
header_filename);
|
||||
/*
|
||||
// open header file
|
||||
f = fopen(header_filename, "w+");
|
||||
if (f == NULL) {
|
||||
fprintf(stderr, "Unable to open %s for writing",
|
||||
header_filename);
|
||||
exit(129);
|
||||
}
|
||||
// write key as C header
|
||||
dump_key_as_c_code(f, varname, key, keylen);
|
||||
|
||||
// close header file
|
||||
fclose(f);
|
||||
*/
|
||||
|
||||
// open exim config snippet file
|
||||
f = fopen(exim_filename, "w+");
|
||||
if (f == NULL) {
|
||||
fprintf(stderr, "Unable to open %s for writing", exim_filename);
|
||||
exit(129);
|
||||
}
|
||||
// write key as C code
|
||||
dump_key_as_c_code(hfile, varname, key, keylen);
|
||||
// write key as exim config
|
||||
dump_key_as_exim_config(f, varname, key, keylen);
|
||||
fprintf(stderr, " Wrote »%s«\n", exim_filename);
|
||||
|
||||
// close header file
|
||||
fclose(hfile);
|
||||
// close exim file
|
||||
fclose(f);
|
||||
|
||||
// open raw file
|
||||
FILE *rfile = fopen(raw_filename, "w+");
|
||||
if (rfile == NULL) {
|
||||
f = fopen(raw_filename, "w+");
|
||||
if (f == NULL) {
|
||||
fprintf(stderr, "Unable to open %s for writing", raw_filename);
|
||||
exit(129);
|
||||
}
|
||||
// write key
|
||||
fwrite(key, sizeof(key[0]), keylen, rfile);
|
||||
fwrite(key, sizeof(key[0]), keylen, f);
|
||||
fprintf(stderr, " Wrote »%s«\n", raw_filename);
|
||||
|
||||
// close raw file
|
||||
fclose(rfile);
|
||||
fclose(f);
|
||||
|
||||
}
|
||||
|
||||
void create_cryptobox_keys(const char *filebase, const char *varname)
|
||||
{
|
||||
unsigned char recipient_pk[crypto_box_PUBLICKEYBYTES];
|
||||
unsigned char recipient_sk[crypto_box_SECRETKEYBYTES];
|
||||
|
||||
while (key_contains_zero(recipient_pk, crypto_box_PUBLICKEYBYTES) &
|
||||
key_contains_zero(recipient_sk, crypto_box_SECRETKEYBYTES)) {
|
||||
crypto_box_keypair(recipient_pk, recipient_sk);
|
||||
}
|
||||
|
||||
char pk_filename[4096];
|
||||
char pk_varname[4096];
|
||||
char sk_filename[4096];
|
||||
char sk_varname[4096];
|
||||
|
||||
sprintf(pk_filename, "%s_pk", filebase);
|
||||
sprintf(pk_varname, "%s_pk", varname);
|
||||
sprintf(sk_filename, "%s_sk", filebase);
|
||||
sprintf(sk_varname, "%s_sk", varname);
|
||||
|
||||
write_key_files(pk_filename, pk_varname,
|
||||
recipient_pk, crypto_box_PUBLICKEYBYTES);
|
||||
write_key_files(sk_filename, sk_varname,
|
||||
recipient_sk, crypto_box_SECRETKEYBYTES);
|
||||
|
||||
}
|
||||
|
||||
void create_secretboy_key(const char *filebase, const char *varname) {
|
||||
unsigned char key[crypto_secretbox_KEYBYTES];
|
||||
while (key_contains_zero(key, crypto_secretbox_KEYBYTES)) {
|
||||
crypto_secretbox_keygen(key);
|
||||
}
|
||||
|
||||
char key_filename[4096];
|
||||
char key_varname[4096];
|
||||
|
||||
sprintf(key_filename, "%s_secretbox", filebase);
|
||||
sprintf(key_varname, "%s_key", varname);
|
||||
|
||||
write_key_files(key_filename, key_varname, key, crypto_secretbox_KEYBYTES);
|
||||
}
|
||||
|
||||
int main(void)
|
||||
{
|
||||
if (sodium_init() < 0) {
|
||||
@ -59,14 +144,10 @@ int main(void)
|
||||
exit(128);
|
||||
}
|
||||
|
||||
unsigned char recipient_pk[crypto_box_PUBLICKEYBYTES];
|
||||
unsigned char recipient_sk[crypto_box_SECRETKEYBYTES];
|
||||
crypto_box_keypair(recipient_pk, recipient_sk);
|
||||
|
||||
write_key_files("recipient_pk", "recipient_pk", recipient_pk,
|
||||
crypto_box_PUBLICKEYBYTES);
|
||||
write_key_files("recipient_sk", "recipient_sk", recipient_sk,
|
||||
crypto_box_SECRETKEYBYTES);
|
||||
fputs("=== Creating cryptobox key pair ===\n", stderr);
|
||||
create_cryptobox_keys("cryptobox_recipient", "cryptobox_recipient");
|
||||
fputs("=== Creating secretbox key ===\n", stderr);
|
||||
create_secretboy_key("secretbox", "secretbox");
|
||||
|
||||
exit(EXIT_SUCCESS);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user