hreese/exim-encrypt-dlfunc
1
0
Fork 0
mirror of https://gitlab.kit.edu/kit/scc/sys/mail/exim-encrypt-dlfunc.git synced 2025-12-06 10:13:56 +01:00
Code Issues Releases Wiki Activity

Streamlined key generation. Added \0-check for keys.

Browse Source
This commit is contained in:
Heiko Reese
2021-08-16 10:35:57 +02:00
parent 1e2ec834d2
commit 8e9a92ce3e
2 changed files with 104 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
*.raw
*_exim.conf

115
src/genkey.c
View File

@ -1,5 +1,18 @@
#include <stdbool.h>
#include <stdio.h>
#include <sodium.h> #include <sodium.h>
bool key_contains_zero(unsigned char *key, unsigned int keylen)
{
bool has_zero = false;
for (int i = 0; i < keylen; i++) {
if (key[i] == 0) {
has_zero = true;
}
}
return has_zero;
}
void void
dump_key_as_c_code(FILE * f, const char *name, unsigned char *key, dump_key_as_c_code(FILE * f, const char *name, unsigned char *key,
unsigned int keylen) unsigned int keylen)
@ -15,43 +28,115 @@ dump_key_as_c_code(FILE * f, const char *name, unsigned char *key,
fprintf(f, "const unsigned int %s_length = %d;\n", name, keylen); fprintf(f, "const unsigned int %s_length = %d;\n", name, keylen);
} }
void
dump_key_as_exim_config(FILE * f, const char *name, unsigned char *key,
unsigned int keylen)
{
fprintf(f, "%s = \"", name);
for (int i = 0; i < keylen; i++) {
fprintf(f, "\\x%02x", key[i]);
}
fprintf(f, "\"\n");
}
void void
write_key_files(const char *filebase, const char *varname, write_key_files(const char *filebase, const char *varname,
unsigned char *key, unsigned int keylen) unsigned char *key, unsigned int keylen)
{ {
char header_filename[4096]; char header_filename[4096];
char exim_filename[4096];
char raw_filename[4096]; char raw_filename[4096];
FILE *f;
sprintf(header_filename, "%s.h", filebase); sprintf(header_filename, "%s.h", filebase);
sprintf(exim_filename, "%s_exim.conf", filebase);
sprintf(raw_filename, "%s.raw", filebase); sprintf(raw_filename, "%s.raw", filebase);
/*
// open header file // open header file
FILE *hfile = fopen(header_filename, "w+"); f = fopen(header_filename, "w+");
if (hfile == NULL) { if (f == NULL) {
fprintf(stderr, "Unable to open %s for writing", fprintf(stderr, "Unable to open %s for writing",
header_filename); header_filename);
exit(129); exit(129);
} }
// write key as C code // write key as C header
dump_key_as_c_code(hfile, varname, key, keylen); dump_key_as_c_code(f, varname, key, keylen);
// close header file // close header file
fclose(hfile); fclose(f);
*/
// open exim config snippet file
f = fopen(exim_filename, "w+");
if (f == NULL) {
fprintf(stderr, "Unable to open %s for writing", exim_filename);
exit(129);
}
// write key as exim config
dump_key_as_exim_config(f, varname, key, keylen);
fprintf(stderr, " Wrote »%s«\n", exim_filename);
// close exim file
fclose(f);
// open raw file // open raw file
FILE *rfile = fopen(raw_filename, "w+"); f = fopen(raw_filename, "w+");
if (rfile == NULL) { if (f == NULL) {
fprintf(stderr, "Unable to open %s for writing", raw_filename); fprintf(stderr, "Unable to open %s for writing", raw_filename);
exit(129); exit(129);
} }
// write key // write key
fwrite(key, sizeof(key[0]), keylen, rfile); fwrite(key, sizeof(key[0]), keylen, f);
fprintf(stderr, " Wrote »%s«\n", raw_filename);
// close raw file // close raw file
fclose(rfile); fclose(f);
} }
void create_cryptobox_keys(const char *filebase, const char *varname)
{
unsigned char recipient_pk[crypto_box_PUBLICKEYBYTES];
unsigned char recipient_sk[crypto_box_SECRETKEYBYTES];
while (key_contains_zero(recipient_pk, crypto_box_PUBLICKEYBYTES) &
key_contains_zero(recipient_sk, crypto_box_SECRETKEYBYTES)) {
crypto_box_keypair(recipient_pk, recipient_sk);
}
char pk_filename[4096];
char pk_varname[4096];
char sk_filename[4096];
char sk_varname[4096];
sprintf(pk_filename, "%s_pk", filebase);
sprintf(pk_varname, "%s_pk", varname);
sprintf(sk_filename, "%s_sk", filebase);
sprintf(sk_varname, "%s_sk", varname);
write_key_files(pk_filename, pk_varname,
recipient_pk, crypto_box_PUBLICKEYBYTES);
write_key_files(sk_filename, sk_varname,
recipient_sk, crypto_box_SECRETKEYBYTES);
}
void create_secretboy_key(const char *filebase, const char *varname) {
unsigned char key[crypto_secretbox_KEYBYTES];
while (key_contains_zero(key, crypto_secretbox_KEYBYTES)) {
crypto_secretbox_keygen(key);
}
char key_filename[4096];
char key_varname[4096];
sprintf(key_filename, "%s_secretbox", filebase);
sprintf(key_varname, "%s_key", varname);
write_key_files(key_filename, key_varname, key, crypto_secretbox_KEYBYTES);
}
int main(void) int main(void)
{ {
if (sodium_init() < 0) { if (sodium_init() < 0) {
@ -59,14 +144,10 @@ int main(void)
exit(128); exit(128);
} }
unsigned char recipient_pk[crypto_box_PUBLICKEYBYTES]; fputs("=== Creating cryptobox key pair ===\n", stderr);
unsigned char recipient_sk[crypto_box_SECRETKEYBYTES]; create_cryptobox_keys("cryptobox_recipient", "cryptobox_recipient");
crypto_box_keypair(recipient_pk, recipient_sk); fputs("=== Creating secretbox key ===\n", stderr);
create_secretboy_key("secretbox", "secretbox");
write_key_files("recipient_pk", "recipient_pk", recipient_pk,
crypto_box_PUBLICKEYBYTES);
write_key_files("recipient_sk", "recipient_sk", recipient_sk,
crypto_box_SECRETKEYBYTES);
exit(EXIT_SUCCESS); exit(EXIT_SUCCESS);
} }