--- /dev/null
+/*
+ crypto.c -- Cryptographic miscellaneous functions and initialisation
+ Copyright (C) 2007-2014 Guus Sliepen <guus@tinc-vpn.org>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
+#include "../system.h"
+
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+
+#include "../crypto.h"
+
+#ifndef HAVE_MINGW
+
+static int random_fd = -1;
+
+static void random_init(void) {
+ random_fd = open("/dev/urandom", O_RDONLY);
+ if(random_fd < 0)
+ random_fd = open("/dev/random", O_RDONLY);
+ if(random_fd < 0) {
+ fprintf(stderr, "Could not open source of random numbers: %s\n", strerror(errno));
+ abort();
+ }
+}
+
+static void random_exit(void) {
+ close(random_fd);
+}
+
+void randomize(void *out, size_t outlen) {
+ while(outlen) {
+ size_t len = read(random_fd, out, outlen);
+ if(len <= 0) {
+ if(errno == EAGAIN || errno == EINTR)
+ continue;
+ fprintf(stderr, "Could not read random numbers: %s\n", strerror(errno));
+ abort();
+ }
+ out += len;
+ outlen -= len;
+ }
+}
+
+#else
+
+#include <wincrypt.h>
+HCRYPTPROV prov;
+
+void random_init(void) {
+ if(!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
+ fprintf(stderr, "CryptAcquireContext() failed!\n");
+ abort();
+ }
+}
+
+void random_exit(void) {
+ CryptReleaseContext(prov, 0);
+}
+
+void randomize(void *out, size_t outlen) {
+ if(!CryptGenRandom(prov, outlen, out)) {
+ fprintf(stderr, "CryptGenRandom() failed\n");
+ abort();
+ }
+}
+
+#endif
+
+void crypto_init(void) {
+ random_init();
+}
+
+void crypto_exit(void) {
+ random_exit();
+}
--- /dev/null
+/*
+ prf.c -- Pseudo-Random Function for key material generation
+ Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
+#include "../system.h"
+
+#include "../prf.h"
+#include "../ed25519/sha512.h"
+
+static void memxor(char *buf, char c, size_t len) {
+ for(size_t i = 0; i < len; i++)
+ buf[i] ^= c;
+}
+
+static const size_t mdlen = 64;
+
+static bool hmac_sha512(const char *key, size_t keylen, const char *msg, size_t msglen, char *out) {
+ char tmp[2 * mdlen];
+ sha512_context md;
+
+ if(keylen <= mdlen) {
+ memcpy(tmp, key, keylen);
+ memset(tmp + keylen, 0, mdlen - keylen);
+ } else {
+ if(sha512(key, keylen, tmp) != 0)
+ return false;
+ }
+
+ if(sha512_init(&md) != 0)
+ return false;
+
+ // ipad
+ memxor(tmp, 0x36, mdlen);
+ if(sha512_update(&md, tmp, mdlen) != 0)
+ return false;
+
+ // message
+ if(sha512_update(&md, msg, msglen) != 0)
+ return false;
+
+ if(sha512_final(&md, tmp + mdlen) != 0)
+ return false;
+
+ // opad
+ memxor(tmp, 0x36 ^ 0x5c, mdlen);
+ if(sha512(tmp, sizeof tmp, out) != 0)
+ return false;
+
+ return true;
+}
+
+
+/* Generate key material from a master secret and a seed, based on RFC 4346 section 5.
+ We use SHA512 instead of MD5 and SHA1.
+ */
+
+bool prf(const char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, size_t outlen) {
+ /* Data is what the "inner" HMAC function processes.
+ It consists of the previous HMAC result plus the seed.
+ */
+
+ char data[mdlen + seedlen];
+ memset(data, 0, mdlen);
+ memcpy(data + mdlen, seed, seedlen);
+
+ char hash[mdlen];
+
+ while(outlen > 0) {
+ /* Inner HMAC */
+ if(!hmac_sha512(data, sizeof data, secret, secretlen, data))
+ return false;
+
+ /* Outer HMAC */
+ if(outlen >= mdlen) {
+ if(!hmac_sha512(data, sizeof data, secret, secretlen, out))
+ return false;
+ out += mdlen;
+ outlen -= mdlen;
+ } else {
+ if(!hmac_sha512(data, sizeof data, secret, secretlen, hash))
+ return false;
+ memcpy(out, hash, outlen);
+ out += outlen;
+ outlen = 0;
+ }
+ }
+
+ return true;
+}