1 /*
2 * Copyright 2010 CurveDNS Project. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without modification, are
5 * permitted provided that the following conditions are met:
6 *
7 * 1. Redistributions of source code must retain the above copyright notice, this list of
8 * conditions and the following disclaimer.
9 *
10 * 2. Redistributions in binary form must reproduce the above copyright notice, this list
11 * of conditions and the following disclaimer in the documentation and/or other materials
12 * provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY CurveDNS Project ``AS IS'' AND ANY EXPRESS OR IMPLIED
15 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
16 * FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL CurveDNS Project OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
18 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
19 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
20 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
21 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
22 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 *
24 * The views and conclusions contained in the software and documentation are those of the
25 * authors and should not be interpreted as representing official policies, either expressed
26 * or implied, of CurveDNS Project.
27 *
28 */
29
30 /*
31 * $Id: curvedns-keygen.c 26 2010-12-28 08:20:42Z hvt $
32 * $Author: hvt $
33 * $Date: 2010-12-28 09:20:42 +0100 (Tue, 28 Dec 2010) $
34 * $Revision: 26 $
35 */
36
37 #include <stdio.h>
38 #include <stdlib.h>
39 #include <stdint.h>
40 #include <string.h>
41 #include <sys/stat.h>
42 #include <sys/types.h>
43
44 #include "sodium.h"
45 #include "debug.h"
46 #include "misc.h"
47
48 extern int global_urandom_fd;
49
50 char hexpublic[65], hexprivate[65];
51 uint8_t public[32], private[32], dnspublic[55];
52
53 // Implicitly called by crypto_box_keypair, urandom fd is file descriptor of /dev/urandom
54 // Opening etc. is handled by misc_crypto_random_init()
randombytes(unsigned char * x,unsigned long long xlen)55 void randombytes(unsigned char *x, unsigned long long xlen) {
56 int i;
57
58 while (xlen > 0) {
59 if (xlen < 1048576) i = xlen; else i = 1048576;
60
61 i = read(global_urandom_fd, x, i);
62 if (i < 1) {
63 sleep(1);
64 continue;
65 }
66
67 x += i;
68 xlen -= i;
69 }
70 }
71
curvedns_env(char * path,char * name)72 int curvedns_env(char *path, char *name) {
73 char fullname[256], fullpath[256];
74 FILE *f;
75 struct stat st;
76
77 if (strlen(name) > 200) {
78 fprintf(stderr, "Authoritative name server name too long.\n");
79 return 1;
80 }
81 if (snprintf(fullname, sizeof(fullname), "%s.%s", dnspublic, name) < 0) return 1;
82
83 if (snprintf(fullpath, sizeof(fullpath), "%s/env", path) < 0) return 1;
84 if (stat(fullpath, &st) < 0) {
85 if (errno != ENOENT) return 1;
86 mkdir(fullpath, 0700);
87 } else {
88 if (!S_ISDIR(st.st_mode)) {
89 fprintf(stderr, "%s is not a directory, manually remove this first\n", fullpath);
90 return 1;
91 }
92 }
93
94 if (snprintf(fullpath, sizeof(fullpath), "%s/env/CURVEDNS_PRIVATE_KEY", path) < 0) return 1;
95 if (stat(fullpath, &st) == 0) {
96 fprintf(stderr, "A private key file already exists, manually remove that first.\n");
97 return 1;
98 }
99 f = fopen(fullpath, "w");
100 if (!f) {
101 fprintf(stderr, "Unable to open %s for writing.\n", fullpath);
102 return 1;
103 }
104 fprintf(f, "%s\n", hexprivate);
105 fclose(f);
106 if (chmod(fullpath, 0400) != 0) return 1;
107
108 printf("Authoritative name server name:\n%s\n", fullname);
109 printf("DNS public key:\n%s\n", dnspublic);
110 printf("Hex public key:\n%s\n", hexpublic);
111 printf("Hex secret key:\n%s\n", hexprivate);
112 printf("\n");
113 printf("The private key was written to %s, so it can be used inside the CurveDNS environment.\n", fullpath);
114
115 return 0;
116 }
117
main(int argc,char * argv[])118 int main(int argc, char *argv[]) {
119 unsigned dnspublic_len = sizeof(dnspublic) - 3;
120
121 if (!misc_crypto_random_init()) {
122 debug_log(DEBUG_FATAL, "unable to ensure randomness\n");
123 return 1;
124 }
125
126 // Generate the actual keypair:
127 crypto_box_keypair(public, private);
128
129 // The DNSCurve (base32)-encoding of the PUBLIC key:
130 memcpy(dnspublic, "uz5", 3);
131 if (!misc_base32_encode(dnspublic + 3, &dnspublic_len, public, 32)) {
132 perror("base32_encode");
133 return 1;
134 }
135
136 // The hex encoding of the PUBLIC key:
137 if (!misc_hex_encode(public, 32, hexpublic, 64)) {
138 perror("hex_encode");
139 return 1;
140 }
141
142 // The hex encoding of the PRIVATE key:
143 if (!misc_hex_encode(private, 32, hexprivate, 64)) {
144 perror("hex_encode");
145 return 1;
146 }
147
148 dnspublic[54] = 0;
149 hexpublic[64] = 0;
150 hexprivate[64] = 0;
151
152 if (argc == 1) {
153 printf("DNS public key:\t%s\n", dnspublic);
154 printf("Hex public key:\t%s\n", hexpublic);
155 printf("Hex secret key:\t%s\n", hexprivate);
156 } else if (argc != 3) {
157 fprintf(stderr, "Usage: %s <path of CurveDNS installation> <authoritative name server name>\n", argv[0]);
158 return 1;
159 } else {
160 return curvedns_env(argv[1], argv[2]);
161 }
162
163 return 0;
164 }
165