ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/gvpe/src/gvpectrl.C
(Generate patch)

Comparing gvpe/src/gvpectrl.C (file contents):
Revision 1.13 by root, Fri Jul 5 10:04:22 2013 UTC vs.
Revision 1.22 by root, Wed Nov 2 06:54:13 2016 UTC

72static int show_config; 72static int show_config;
73 73
74/* If nonzero, do not output anything but warnings/errors/very unusual conditions */ 74/* If nonzero, do not output anything but warnings/errors/very unusual conditions */
75static int quiet; 75static int quiet;
76 76
77/* If nonzero, generate single public/private keypair. */
78static const char *generate_key;
79
77/* If nonzero, generate public/private keypair for this net. */ 80/* If nonzero, generate public/private keypair for this net. */
78static int generate_keys; 81static int generate_keys;
82
83// output some debugging info, interna constants &c
84static int debug_info;
79 85
80static struct option const long_options[] = 86static struct option const long_options[] =
81{ 87{
82 {"config", required_argument, NULL, 'c'}, 88 {"config", required_argument, NULL, 'c'},
83 {"kill", optional_argument, NULL, 'k'}, 89 {"kill", optional_argument, NULL, 'k'},
84 {"help", no_argument, &show_help, 1}, 90 {"help", no_argument, &show_help, 1},
85 {"version", no_argument, &show_version, 1}, 91 {"version", no_argument, &show_version, 1},
92 {"generate-key", required_argument, NULL, 'g'},
86 {"generate-keys", no_argument, NULL, 'g'}, 93 {"generate-keys", no_argument, NULL, 'G'},
87 {"quiet", no_argument, &quiet, 1}, 94 {"quiet", no_argument, &quiet, 1},
88 {"show-config", no_argument, &show_config, 's'}, 95 {"show-config", no_argument, &show_config, 's'},
96 {"debug-info", no_argument, &debug_info, 1},
89 {NULL, 0, NULL, 0} 97 {NULL, 0, NULL, 0}
90}; 98};
91 99
92static void 100static void
93usage (int status) 101usage (int status)
98 { 106 {
99 printf (_("Usage: %s [option]...\n\n"), get_identity ()); 107 printf (_("Usage: %s [option]...\n\n"), get_identity ());
100 printf (_ 108 printf (_
101 (" -c, --config=DIR Read configuration options from DIR.\n" 109 (" -c, --config=DIR Read configuration options from DIR.\n"
102 " -k, --kill[=SIGNAL] Attempt to kill a running gvpe and exit.\n" 110 " -k, --kill[=SIGNAL] Attempt to kill a running gvpe and exit.\n"
111 " -g, --generate-key=file Generate public/private RSA keypair.\n"
103 " -g, --generate-keys Generate public/private RSA keypair.\n" 112 " -G, --generate-keys Generate all public/private RSA keypairs.\n"
104 " -s, --show-config Display the configuration information.\n" 113 " -s, --show-config Display the configuration information.\n"
105 " -q, --quiet Be quite quiet.\n" 114 " -q, --quiet Be quite quiet.\n"
106 " --help Display this help and exit.\n" 115 " --help Display this help and exit.\n"
107 " --version Output version information and exit.\n\n")); 116 " --version Output version information and exit.\n\n"));
108 printf (_("Report bugs to <gvpe@schmorp.de>.\n")); 117 printf (_("Report bugs to <gvpe@schmorp.de>.\n"));
115parse_options (int argc, char **argv, char **envp) 124parse_options (int argc, char **argv, char **envp)
116{ 125{
117 int r; 126 int r;
118 int option_index = 0; 127 int option_index = 0;
119 128
120 while ((r = getopt_long (argc, argv, "c:k::qgs", long_options, &option_index)) != EOF) 129 while ((r = getopt_long (argc, argv, "c:k::qg:Gs", long_options, &option_index)) != EOF)
121 { 130 {
122 switch (r) 131 switch (r)
123 { 132 {
124 case 0: /* long option */ 133 case 0: /* long option */
125 break; 134 break;
163 kill_gvpe = SIGTERM; 172 kill_gvpe = SIGTERM;
164 173
165 break; 174 break;
166 175
167 case 'g': /* generate public/private keypair */ 176 case 'g': /* generate public/private keypair */
177 generate_key = optarg;
178 break;
179
180 case 'G': /* generate public/private keypairs */
168 generate_keys = RSA_KEYBITS; 181 generate_keys = 1;
169 break; 182 break;
170 183
171 case 's': 184 case 's':
172 show_config = 1; 185 show_config = 1;
173 break; 186 break;
231 244
232/* 245/*
233 * generate public/private RSA keypairs for all hosts that don't have one. 246 * generate public/private RSA keypairs for all hosts that don't have one.
234 */ 247 */
235static int 248static int
236keygen (int bits) 249keygen (const char *pub, const char *priv)
237{ 250{
238 FILE *f; 251
239 char *name = NULL; 252 FILE *pubf = fopen (pub, "ab");
253 if (!pubf || fseek (pubf, 0, SEEK_END))
254 {
255 perror (pub);
256 exit (EXIT_FAILURE);
257 }
258
259 if (ftell (pubf))
260 {
261 fclose (pubf);
262 return 1;
263 }
264
265 FILE *privf = fopen (priv, "ab");
266
267 /* some libcs are buggy and require an extra seek to the end */
268 if (!privf || fseek (privf, 0, SEEK_END))
269 {
270 perror (priv);
271 exit (EXIT_FAILURE);
272 }
273
274 if (ftell (privf))
275 {
276 fclose (pubf);
277 fclose (privf);
278 return 1;
279 }
280
281 RSA *rsa = RSA_new ();
282 BIGNUM *e = BN_new ();
283 BN_set_bit (e, 0); BN_set_bit (e, 16); // 0x10001, 65537
284
285#if 0
286#if OPENSSL_VERSION_NUMBER < 0x10100000
287 BN_GENCB cb_100;
288 BN_GENCB *cb = &cb_100;
289#else
290 BN_GENCB *cb = BN_GENCB_new ();
291 require (cb);
292#endif
293
294 BN_GENCB_set (cb, indicator, 0);
295 require (RSA_generate_key_ex (rsa, RSABITS, e, cb));
296#else
297 require (RSA_generate_key_ex (rsa, RSABITS, e, 0));
298#endif
299
300 require (PEM_write_RSAPublicKey (pubf, rsa));
301 require (PEM_write_RSAPrivateKey (privf, rsa, NULL, NULL, 0, NULL, NULL));
302
303 fclose (pubf);
304 fclose (privf);
305
306 BN_free (e);
307 RSA_free (rsa);
308
309 return 0;
310}
311
312static int
313keygen_all ()
314{
240 char *fname; 315 char *fname;
241
242 asprintf (&fname, "%s/hostkeys", confbase);
243 mkdir (fname, 0700);
244 free (fname);
245 316
246 asprintf (&fname, "%s/pubkey", confbase); 317 asprintf (&fname, "%s/pubkey", confbase);
247 mkdir (fname, 0700); 318 mkdir (fname, 0700);
248 free (fname); 319 free (fname);
249 320
250 for (configuration::node_vector::iterator i = conf.nodes.begin (); i != conf.nodes.end (); ++i) 321 for (configuration::node_vector::iterator i = conf.nodes.begin (); i != conf.nodes.end (); ++i)
251 { 322 {
252 conf_node *node = *i; 323 conf_node *node = *i;
253 324
254 asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename); 325 ::thisnode = node->nodename;
255 326
256 f = fopen (fname, "a"); 327 char *pub = conf.config_filename ("pubkey/%s", 0);
328 char *priv = conf.config_filename (conf.prikeyfile, "hostkey");
257 329
258 /* some libcs are buggy and require an extra seek to the end */ 330 int status = keygen (pub, priv);
259 if (!f || fseek (f, 0, SEEK_END))
260 {
261 perror (fname);
262 exit (EXIT_FAILURE);
263 }
264 331
265 if (ftell (f)) 332 if (status == 0)
266 { 333 {
267 if (!quiet) 334 if (!quiet)
268 fprintf (stderr, "'%s' already exists, skipping this node %d\n", 335 fprintf (stderr, _("generated %d bits key for %s.\n"), RSABITS, node->nodename);
269 fname, quiet);
270
271 fclose (f);
272 continue;
273 } 336 }
337 else if (status == 1)
338 fprintf (stderr, _("'%s' keypair already exists, skipping node %s.\n"), pub, node->nodename);
274 339
275 fprintf (stderr, _("generating %d bits key for %s:\n"), bits,
276 node->nodename);
277
278 RSA *rsa = RSA_new ();
279 BIGNUM *e = BN_new ();
280 BN_set_bit (e, 0); BN_set_bit (e, 16); // 0x10001, 65537
281 BN_GENCB cb;
282 BN_GENCB_set (&cb, indicator, 0);
283
284 require (RSA_generate_key_ex (rsa, bits, e, &cb));
285
286 fprintf (stderr, _("Done.\n"));
287
288 require (PEM_write_RSAPublicKey (f, rsa));
289 fclose (f);
290 free (fname); 340 free (priv);
291
292 asprintf (&fname, "%s/hostkeys/%s", confbase, node->nodename);
293
294 f = fopen (fname, "a");
295 if (!f)
296 {
297 perror (fname);
298 exit (EXIT_FAILURE);
299 }
300
301 require (PEM_write_RSAPrivateKey (f, rsa, NULL, NULL, 0, NULL, NULL));
302 fclose (f);
303 free (fname);
304
305 BN_free (e); 341 free (pub);
306 RSA_free (rsa);
307 } 342 }
308 343
309 return 0; 344 return 0;
345}
346
347static int
348keygen_one (const char *pubname)
349{
350 char *privname;
351
352 asprintf (&privname, "%s.privkey", pubname);
353
354 int status = keygen (pubname, privname);
355
356 if (status == 0)
357 {
358 if (!quiet)
359 fprintf (stderr, _("generated %d bits key as %s.\n"), RSABITS, pubname);
360 }
361 else if (status == 1)
362 {
363 fprintf (stderr, _("'%s' keypair already exists, not generating key.\n"), pubname);
364 exit (EXIT_FAILURE);
365 }
366
367 free(privname);
310} 368}
311 369
312int 370int
313main (int argc, char **argv, char **envp) 371main (int argc, char **argv, char **envp)
314{ 372{
341 399
342 { 400 {
343 configuration_parser (conf, false, 0, 0); 401 configuration_parser (conf, false, 0, 0);
344 } 402 }
345 403
404 if (debug_info)
405 {
406 printf ("cipher_nid=%d\n", EVP_CIPHER_nid (CIPHER ()));
407 printf ("mac_nid=%d\n", EVP_MD_type (MAC_DIGEST ()));
408 printf ("auth_nid=%d\n", EVP_MD_type (AUTH_DIGEST ()));
409 printf ("sizeof_auth_data=%d\n", sizeof (auth_data));
410 printf ("sizeof_rsa_data=%d\n", sizeof (rsa_data));
411 printf ("sizeof_rsa_data_extra_auth=%d\n", sizeof (((rsa_data *)0)->extra_auth));
412 printf ("raw_overhead=%d\n", VPE_OVERHEAD);
413 printf ("vpn_overhead=%d\n", VPE_OVERHEAD + 6 + 6);
414 printf ("udp_overhead=%d\n", UDP_OVERHEAD + VPE_OVERHEAD + 6 + 6);
415 exit (EXIT_SUCCESS);
416 }
417
418 if (generate_key)
419 {
420 RAND_load_file (conf.seed_dev, SEED_SIZE);
421 exit (keygen_one (generate_key));
422 }
423
346 if (generate_keys) 424 if (generate_keys)
347 { 425 {
348 RAND_load_file ("/dev/urandom", 1024); 426 RAND_load_file (conf.seed_dev, SEED_SIZE);
349 exit (keygen (generate_keys)); 427 exit (keygen_all ());
350 } 428 }
351 429
352 if (kill_gvpe) 430 if (kill_gvpe)
353 exit (kill_other (kill_gvpe)); 431 exit (kill_other (kill_gvpe));
354 432
358 exit (EXIT_SUCCESS); 436 exit (EXIT_SUCCESS);
359 } 437 }
360 438
361 usage (1); 439 usage (1);
362} 440}
441

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines