version 1.3, 2004/05/28 10:20:03
|
version 1.6, 2004/06/17 10:15:46
|
Line 41 use strict;
|
Line 41 use strict;
|
|
|
# CPAN/standard modules |
# CPAN/standard modules |
|
|
use English; |
|
use Crypt::IDEA; |
use Crypt::IDEA; |
use Fcntl; |
use Fcntl; |
|
|
Line 57 my $fileindex = 0; # Per process lonc u
|
Line 56 my $fileindex = 0; # Per process lonc u
|
my $lastError; # Reason for last failure. |
my $lastError; # Reason for last failure. |
|
|
|
|
|
# Debugging: |
|
|
|
my $DEBUG = 0; |
|
|
|
sub Debug { |
|
my $msg = shift; |
|
print STDERR "$msg\n"; |
|
} |
|
|
# Initialization |
# Initialization |
|
|
$perlvar = LONCAPA::Configuration::read_conf('loncapa.conf'); |
$perlvar = LONCAPA::Configuration::read_conf('loncapa.conf'); |
Line 64 $perlvar = LONCAPA::Configuration::read_
|
Line 72 $perlvar = LONCAPA::Configuration::read_
|
|
|
#------------------------------------------------------------------------ |
#------------------------------------------------------------------------ |
# |
# |
# Name BuildKey |
# Name CreateCipherKey |
# Description: Create an encryption key. |
# Description: Create an encryption key. |
# Returns: The key. |
# Returns: The key. |
# |
# |
Line 74 sub CreateCipherKey {
|
Line 82 sub CreateCipherKey {
|
my $binaryKey; |
my $binaryKey; |
my $cipherkey; |
my $cipherkey; |
|
|
# we'll use the output of /dev/random to produce our key. |
# we'll use the output of /dev/urandom to produce our key. |
# On a system with decent entropy, this ought to be much more |
# On a system with decent entropy, this ought to be much more |
# random than all the playing that used to be done to get a key. |
# random than all the playing that used to be done to get a key. |
# |
# On a system with not so decent entropy we'll still get an ok key. |
|
# My concern with /dev/random is that we may block for an indefinite |
|
# time period...where for us decent keys are probably good enough. |
|
|
$keylength = IDEA::keysize(); |
$keylength = IDEA::keysize(); |
open(RANDOM, "</dev/random"); |
open(RANDOM, "</dev/urandom"); |
sysread(RANDOM, $binaryKey, $keylength); |
sysread(RANDOM, $binaryKey, $keylength); |
close RANDOM; |
close RANDOM; |
|
|
Line 112 sub CreateKeyFile {
|
Line 122 sub CreateKeyFile {
|
# |
# |
$fileindex++; |
$fileindex++; |
my $CertificateDir = $perlvar->{lonCertificateDirectory}; |
my $CertificateDir = $perlvar->{lonCertificateDirectory}; |
my $Filename = $CertificateDir.$pathsep.".$fileindex.".$PID; |
my $Filename = $CertificateDir.$pathsep.".$fileindex.".$$; |
|
|
# If this file already exists, this is a recoverable error... we just |
# If this file already exists, this is a recoverable error... we just |
# delete the earlier incarnation of the file. |
# delete the earlier incarnation of the file. |
Line 135 sub CreateKeyFile {
|
Line 145 sub CreateKeyFile {
|
# the file is created with the appropriate locked down permissions. |
# the file is created with the appropriate locked down permissions. |
|
|
if(! sysopen(KEYFILE, $Filename, O_CREAT | O_EXCL | O_WRONLY, 0600)) { |
if(! sysopen(KEYFILE, $Filename, O_CREAT | O_EXCL | O_WRONLY, 0600)) { |
$lastError = "Creation of key file failed ".$ERRNO; |
$lastError = "Creation of key file failed ".$!; |
return undef; |
return undef; |
} |
} |
# Create the key, write it to the file and close the file: |
# Create the key, write it to the file and close the file: |
Line 144 sub CreateKeyFile {
|
Line 154 sub CreateKeyFile {
|
print KEYFILE "$key\n"; |
print KEYFILE "$key\n"; |
close KEYFILE; |
close KEYFILE; |
|
|
return \($key, $Filename); |
return ($key, $Filename); |
|
|
|
|
} |
} |
Line 166 sub CreateKeyFile {
|
Line 176 sub CreateKeyFile {
|
# |
# |
sub ReadKeyFile { |
sub ReadKeyFile { |
my $Filename = shift; |
my $Filename = shift; |
|
Debug("ReadKeyFile: $Filename"); |
|
|
|
|
if(! open(KEYFILE, "<$Filename")) { |
if(! open(KEYFILE, "<$Filename")) { |
|
Debug(" Open of $Filename failed\n"); |
$lastError = "Key file open failed"; |
$lastError = "Key file open failed"; |
return undef |
return undef |
} |
} |
my $key = <KEYFILE>; |
my $key = <KEYFILE>; |
chomp; |
chomp($key); |
|
Debug(" Read key: $key"); |
close KEYFILE; |
close KEYFILE; |
unlink $Filename; |
unlink $Filename; |
# |
# |
Line 180 sub ReadKeyFile {
|
Line 194 sub ReadKeyFile {
|
# permissions: |
# permissions: |
# |
# |
if(-e $Filename) { |
if(-e $Filename) { |
|
Debug("File did not get deleted"); |
$lastError = "Key file still exists after unlink"; |
$lastError = "Key file still exists after unlink"; |
return undef; |
return undef; |
} |
} |
Line 190 sub ReadKeyFile {
|
Line 205 sub ReadKeyFile {
|
# replacing our file... of course if they read this comment they'll |
# replacing our file... of course if they read this comment they'll |
# be too smart to put an incorrectly sized file |
# be too smart to put an incorrectly sized file |
# |
# |
if(length($key) != IDEA::keysize*2) { |
my $keylen = length($key); |
|
my $rightlen= IDEA::keysize()*2; |
|
if($keylen != $rightlen) { |
|
Debug("Key is incorrect length is $keylen sb $rightlen"); |
$lastError = "Key file has incorrect length"; |
$lastError = "Key file has incorrect length"; |
return undef; |
return undef; |
} |
} |
|
Debug("Returning key: $key to caller"); |
return $key; |
return $key; |
} |
} |