1 /*
2  * Copyright 2010 CurveDNS Project. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without modification, are
5  * permitted provided that the following conditions are met:
6  *
7  *   1. Redistributions of source code must retain the above copyright notice, this list of
8  *      conditions and the following disclaimer.
9  *
10  *    2. Redistributions in binary form must reproduce the above copyright notice, this list
11  *       of conditions and the following disclaimer in the documentation and/or other materials
12  *       provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY CurveDNS Project ``AS IS'' AND ANY EXPRESS OR IMPLIED
15  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
16  * FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL CurveDNS Project OR
17  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
18  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
19  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
20  * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
21  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
22  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23  *
24  * The views and conclusions contained in the software and documentation are those of the
25  * authors and should not be interpreted as representing official policies, either expressed
26  * or implied, of CurveDNS Project.
27  *
28  */
29 
30 /*
31  * $Id: curvedns-keygen.c 26 2010-12-28 08:20:42Z hvt $
32  * $Author: hvt $
33  * $Date: 2010-12-28 09:20:42 +0100 (Tue, 28 Dec 2010) $
34  * $Revision: 26 $
35  */
36 
37 #include <stdio.h>
38 #include <stdlib.h>
39 #include <stdint.h>
40 #include <string.h>
41 #include <sys/stat.h>
42 #include <sys/types.h>
43 
44 #include "sodium.h"
45 #include "debug.h"
46 #include "misc.h"
47 
48 extern int global_urandom_fd;
49 
50 char hexpublic[65], hexprivate[65];
51 uint8_t public[32], private[32], dnspublic[55];
52 
53 // Implicitly called by crypto_box_keypair, urandom fd is file descriptor of /dev/urandom
54 // Opening etc. is handled by misc_crypto_random_init()
randombytes(unsigned char * x,unsigned long long xlen)55 void randombytes(unsigned char *x, unsigned long long xlen) {
56 	int i;
57 
58 	while (xlen > 0) {
59 		if (xlen < 1048576) i = xlen; else i = 1048576;
60 
61 		i = read(global_urandom_fd, x, i);
62 		if (i < 1) {
63 			sleep(1);
64 			continue;
65 		}
66 
67 		x += i;
68 		xlen -= i;
69 	}
70 }
71 
curvedns_env(char * path,char * name)72 int curvedns_env(char *path, char *name) {
73 	char fullname[256], fullpath[256];
74 	FILE *f;
75 	struct stat st;
76 
77 	if (strlen(name) > 200) {
78 		fprintf(stderr, "Authoritative name server name too long.\n");
79 		return 1;
80 	}
81 	if (snprintf(fullname, sizeof(fullname), "%s.%s", dnspublic, name) < 0) return 1;
82 
83 	if (snprintf(fullpath, sizeof(fullpath), "%s/env", path) < 0) return 1;
84 	if (stat(fullpath, &st) < 0) {
85 		if (errno != ENOENT) return 1;
86 		mkdir(fullpath, 0700);
87 	} else {
88 		if (!S_ISDIR(st.st_mode)) {
89 			fprintf(stderr, "%s is not a directory, manually remove this first\n", fullpath);
90 			return 1;
91 		}
92 	}
93 
94 	if (snprintf(fullpath, sizeof(fullpath), "%s/env/CURVEDNS_PRIVATE_KEY", path) < 0) return 1;
95 	if (stat(fullpath, &st) == 0) {
96 		fprintf(stderr, "A private key file already exists, manually remove that first.\n");
97 		return 1;
98 	}
99 	f = fopen(fullpath, "w");
100 	if (!f) {
101 		fprintf(stderr, "Unable to open %s for writing.\n", fullpath);
102 		return 1;
103 	}
104 	fprintf(f, "%s\n", hexprivate);
105 	fclose(f);
106 	if (chmod(fullpath, 0400) != 0) return 1;
107 
108 	printf("Authoritative name server name:\n%s\n", fullname);
109 	printf("DNS public key:\n%s\n", dnspublic);
110 	printf("Hex public key:\n%s\n", hexpublic);
111 	printf("Hex secret key:\n%s\n", hexprivate);
112 	printf("\n");
113 	printf("The private key was written to %s, so it can be used inside the CurveDNS environment.\n", fullpath);
114 
115 	return 0;
116 }
117 
main(int argc,char * argv[])118 int main(int argc, char *argv[]) {
119 	unsigned dnspublic_len = sizeof(dnspublic) - 3;
120 
121 	if (!misc_crypto_random_init()) {
122 		debug_log(DEBUG_FATAL, "unable to ensure randomness\n");
123 		return 1;
124 	}
125 
126 	// Generate the actual keypair:
127 	crypto_box_keypair(public, private);
128 
129 	// The DNSCurve (base32)-encoding of the PUBLIC key:
130 	memcpy(dnspublic, "uz5", 3);
131 	if (!misc_base32_encode(dnspublic + 3, &dnspublic_len, public, 32)) {
132 		perror("base32_encode");
133 		return 1;
134 	}
135 
136 	// The hex encoding of the PUBLIC key:
137 	if (!misc_hex_encode(public, 32, hexpublic, 64)) {
138 		perror("hex_encode");
139 		return 1;
140 	}
141 
142 	// The hex encoding of the PRIVATE key:
143 	if (!misc_hex_encode(private, 32, hexprivate, 64)) {
144 		perror("hex_encode");
145 		return 1;
146 	}
147 
148 	dnspublic[54] = 0;
149 	hexpublic[64] = 0;
150 	hexprivate[64] = 0;
151 
152 	if (argc == 1) {
153 		printf("DNS public key:\t%s\n", dnspublic);
154 		printf("Hex public key:\t%s\n", hexpublic);
155 		printf("Hex secret key:\t%s\n", hexprivate);
156 	} else if (argc != 3) {
157 		fprintf(stderr, "Usage: %s <path of CurveDNS installation> <authoritative name server name>\n", argv[0]);
158 		return 1;
159 	} else {
160 		return curvedns_env(argv[1], argv[2]);
161 	}
162 
163 	return 0;
164 }
165