| 1 | /* |
1 | /* |
| 2 | gvpectrl.C -- the main file for gvpectrl |
2 | gvpectrl.C -- the main file for gvpectrl |
| 3 | Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl> |
3 | Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl> |
| 4 | 2000-2002 Guus Sliepen <guus@sliepen.eu.org> |
4 | 2000-2002 Guus Sliepen <guus@sliepen.eu.org> |
| 5 | 2003-2013 Marc Lehmann <gvpe@schmorp.de> |
5 | 2003-2016 Marc Lehmann <gvpe@schmorp.de> |
| 6 | |
6 | |
| 7 | This file is part of GVPE. |
7 | This file is part of GVPE. |
| 8 | |
8 | |
| 9 | GVPE is free software; you can redistribute it and/or modify it |
9 | GVPE is free software; you can redistribute it and/or modify it |
| 10 | under the terms of the GNU General Public License as published by the |
10 | under the terms of the GNU General Public License as published by the |
| … | |
… | |
| 72 | static int show_config; |
72 | static int show_config; |
| 73 | |
73 | |
| 74 | /* If nonzero, do not output anything but warnings/errors/very unusual conditions */ |
74 | /* If nonzero, do not output anything but warnings/errors/very unusual conditions */ |
| 75 | static int quiet; |
75 | static int quiet; |
| 76 | |
76 | |
|
|
77 | /* If nonzero, generate single public/private keypair. */ |
|
|
78 | static const char *generate_key; |
|
|
79 | |
| 77 | /* If nonzero, generate public/private keypair for this net. */ |
80 | /* If nonzero, generate public/private keypair for this net. */ |
| 78 | static int generate_keys; |
81 | static int generate_keys; |
|
|
82 | |
|
|
83 | // output some debugging info, interna constants &c |
|
|
84 | static int debug_info; |
| 79 | |
85 | |
| 80 | static struct option const long_options[] = |
86 | static struct option const long_options[] = |
| 81 | { |
87 | { |
| 82 | {"config", required_argument, NULL, 'c'}, |
88 | {"config", required_argument, NULL, 'c'}, |
| 83 | {"kill", optional_argument, NULL, 'k'}, |
89 | {"kill", optional_argument, NULL, 'k'}, |
| 84 | {"help", no_argument, &show_help, 1}, |
90 | {"help", no_argument, &show_help, 1}, |
| 85 | {"version", no_argument, &show_version, 1}, |
91 | {"version", no_argument, &show_version, 1}, |
|
|
92 | {"generate-key", required_argument, NULL, 'g'}, |
| 86 | {"generate-keys", no_argument, NULL, 'g'}, |
93 | {"generate-keys", no_argument, NULL, 'G'}, |
| 87 | {"quiet", no_argument, &quiet, 1}, |
94 | {"quiet", no_argument, &quiet, 1}, |
| 88 | {"show-config", no_argument, &show_config, 's'}, |
95 | {"show-config", no_argument, &show_config, 's'}, |
|
|
96 | {"debug-info", no_argument, &debug_info, 1}, |
| 89 | {NULL, 0, NULL, 0} |
97 | {NULL, 0, NULL, 0} |
| 90 | }; |
98 | }; |
| 91 | |
99 | |
| 92 | static void |
100 | static void |
| 93 | usage (int status) |
101 | usage (int status) |
| … | |
… | |
| 98 | { |
106 | { |
| 99 | printf (_("Usage: %s [option]...\n\n"), get_identity ()); |
107 | printf (_("Usage: %s [option]...\n\n"), get_identity ()); |
| 100 | printf (_ |
108 | printf (_ |
| 101 | (" -c, --config=DIR Read configuration options from DIR.\n" |
109 | (" -c, --config=DIR Read configuration options from DIR.\n" |
| 102 | " -k, --kill[=SIGNAL] Attempt to kill a running gvpe and exit.\n" |
110 | " -k, --kill[=SIGNAL] Attempt to kill a running gvpe and exit.\n" |
|
|
111 | " -g, --generate-key=file Generate public/private RSA keypair.\n" |
| 103 | " -g, --generate-keys Generate public/private RSA keypair.\n" |
112 | " -G, --generate-keys Generate all public/private RSA keypairs.\n" |
| 104 | " -s, --show-config Display the configuration information.\n" |
113 | " -s, --show-config Display the configuration information.\n" |
| 105 | " -q, --quiet Be quite quiet.\n" |
114 | " -q, --quiet Be quite quiet.\n" |
| 106 | " --help Display this help and exit.\n" |
115 | " --help Display this help and exit.\n" |
| 107 | " --version Output version information and exit.\n\n")); |
116 | " --version Output version information and exit.\n\n")); |
| 108 | printf (_("Report bugs to <gvpe@schmorp.de>.\n")); |
117 | printf (_("Report bugs to <gvpe@schmorp.de>.\n")); |
| … | |
… | |
| 115 | parse_options (int argc, char **argv, char **envp) |
124 | parse_options (int argc, char **argv, char **envp) |
| 116 | { |
125 | { |
| 117 | int r; |
126 | int r; |
| 118 | int option_index = 0; |
127 | int option_index = 0; |
| 119 | |
128 | |
| 120 | while ((r = getopt_long (argc, argv, "c:k::qgs", long_options, &option_index)) != EOF) |
129 | while ((r = getopt_long (argc, argv, "c:k::qg:Gs", long_options, &option_index)) != EOF) |
| 121 | { |
130 | { |
| 122 | switch (r) |
131 | switch (r) |
| 123 | { |
132 | { |
| 124 | case 0: /* long option */ |
133 | case 0: /* long option */ |
| 125 | break; |
134 | break; |
| … | |
… | |
| 163 | kill_gvpe = SIGTERM; |
172 | kill_gvpe = SIGTERM; |
| 164 | |
173 | |
| 165 | break; |
174 | break; |
| 166 | |
175 | |
| 167 | case 'g': /* generate public/private keypair */ |
176 | case 'g': /* generate public/private keypair */ |
|
|
177 | generate_key = optarg; |
|
|
178 | break; |
|
|
179 | |
|
|
180 | case 'G': /* generate public/private keypairs */ |
| 168 | generate_keys = RSA_KEYBITS; |
181 | generate_keys = 1; |
| 169 | break; |
182 | break; |
| 170 | |
183 | |
| 171 | case 's': |
184 | case 's': |
| 172 | show_config = 1; |
185 | show_config = 1; |
| 173 | break; |
186 | break; |
| … | |
… | |
| 231 | |
244 | |
| 232 | /* |
245 | /* |
| 233 | * generate public/private RSA keypairs for all hosts that don't have one. |
246 | * generate public/private RSA keypairs for all hosts that don't have one. |
| 234 | */ |
247 | */ |
| 235 | static int |
248 | static int |
| 236 | keygen (int bits) |
249 | keygen (const char *pub, const char *priv) |
| 237 | { |
250 | { |
| 238 | FILE *f; |
251 | |
| 239 | char *name = NULL; |
252 | FILE *pubf = fopen (pub, "ab"); |
|
|
253 | if (!pubf || fseek (pubf, 0, SEEK_END)) |
|
|
254 | { |
|
|
255 | perror (pub); |
|
|
256 | exit (EXIT_FAILURE); |
|
|
257 | } |
|
|
258 | |
|
|
259 | if (ftell (pubf)) |
|
|
260 | { |
|
|
261 | fclose (pubf); |
|
|
262 | return 1; |
|
|
263 | } |
|
|
264 | |
|
|
265 | FILE *privf = fopen (priv, "ab"); |
|
|
266 | |
|
|
267 | /* some libcs are buggy and require an extra seek to the end */ |
|
|
268 | if (!privf || fseek (privf, 0, SEEK_END)) |
|
|
269 | { |
|
|
270 | perror (priv); |
|
|
271 | exit (EXIT_FAILURE); |
|
|
272 | } |
|
|
273 | |
|
|
274 | if (ftell (privf)) |
|
|
275 | { |
|
|
276 | fclose (pubf); |
|
|
277 | fclose (privf); |
|
|
278 | return 1; |
|
|
279 | } |
|
|
280 | |
|
|
281 | RSA *rsa = RSA_new (); |
|
|
282 | BIGNUM *e = BN_new (); |
|
|
283 | BN_set_bit (e, 0); BN_set_bit (e, 16); // 0x10001, 65537 |
|
|
284 | |
|
|
285 | #if 0 |
|
|
286 | #if OPENSSL_VERSION_NUMBER < 0x10100000 |
|
|
287 | BN_GENCB cb_100; |
|
|
288 | BN_GENCB *cb = &cb_100; |
|
|
289 | #else |
|
|
290 | BN_GENCB *cb = BN_GENCB_new (); |
|
|
291 | require (cb); |
|
|
292 | #endif |
|
|
293 | |
|
|
294 | BN_GENCB_set (cb, indicator, 0); |
|
|
295 | require (RSA_generate_key_ex (rsa, RSABITS, e, cb)); |
|
|
296 | #else |
|
|
297 | require (RSA_generate_key_ex (rsa, RSABITS, e, 0)); |
|
|
298 | #endif |
|
|
299 | |
|
|
300 | require (PEM_write_RSAPublicKey (pubf, rsa)); |
|
|
301 | require (PEM_write_RSAPrivateKey (privf, rsa, NULL, NULL, 0, NULL, NULL)); |
|
|
302 | |
|
|
303 | fclose (pubf); |
|
|
304 | fclose (privf); |
|
|
305 | |
|
|
306 | BN_free (e); |
|
|
307 | RSA_free (rsa); |
|
|
308 | |
|
|
309 | return 0; |
|
|
310 | } |
|
|
311 | |
|
|
312 | static int |
|
|
313 | keygen_all () |
|
|
314 | { |
| 240 | char *fname; |
315 | char *fname; |
| 241 | |
|
|
| 242 | asprintf (&fname, "%s/hostkeys", confbase); |
|
|
| 243 | mkdir (fname, 0700); |
|
|
| 244 | free (fname); |
|
|
| 245 | |
316 | |
| 246 | asprintf (&fname, "%s/pubkey", confbase); |
317 | asprintf (&fname, "%s/pubkey", confbase); |
| 247 | mkdir (fname, 0700); |
318 | mkdir (fname, 0700); |
| 248 | free (fname); |
319 | free (fname); |
| 249 | |
320 | |
| 250 | for (configuration::node_vector::iterator i = conf.nodes.begin (); i != conf.nodes.end (); ++i) |
321 | for (configuration::node_vector::iterator i = conf.nodes.begin (); i != conf.nodes.end (); ++i) |
| 251 | { |
322 | { |
| 252 | conf_node *node = *i; |
323 | conf_node *node = *i; |
| 253 | |
324 | |
| 254 | asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename); |
325 | ::thisnode = node->nodename; |
| 255 | |
326 | |
| 256 | f = fopen (fname, "a"); |
327 | char *pub = conf.config_filename ("pubkey/%s", 0); |
|
|
328 | char *priv = conf.config_filename (conf.prikeyfile, "hostkey"); |
| 257 | |
329 | |
| 258 | /* some libcs are buggy and require an extra seek to the end */ |
330 | int status = keygen (pub, priv); |
| 259 | if (!f || fseek (f, 0, SEEK_END)) |
|
|
| 260 | { |
|
|
| 261 | perror (fname); |
|
|
| 262 | exit (EXIT_FAILURE); |
|
|
| 263 | } |
|
|
| 264 | |
331 | |
| 265 | if (ftell (f)) |
332 | if (status == 0) |
| 266 | { |
333 | { |
| 267 | if (!quiet) |
334 | if (!quiet) |
| 268 | fprintf (stderr, "'%s' already exists, skipping this node %d\n", |
335 | fprintf (stderr, _("generated %d bits key for %s.\n"), RSABITS, node->nodename); |
| 269 | fname, quiet); |
|
|
| 270 | |
|
|
| 271 | fclose (f); |
|
|
| 272 | continue; |
|
|
| 273 | } |
336 | } |
|
|
337 | else if (status == 1) |
|
|
338 | fprintf (stderr, _("'%s' keypair already exists, skipping node %s.\n"), pub, node->nodename); |
| 274 | |
339 | |
| 275 | fprintf (stderr, _("generating %d bits key for %s:\n"), bits, |
|
|
| 276 | node->nodename); |
|
|
| 277 | |
|
|
| 278 | RSA *rsa = RSA_new (); |
|
|
| 279 | BIGNUM *e = BN_new (); |
|
|
| 280 | BN_set_bit (e, 0); BN_set_bit (e, 16); // 0x10001, 65537 |
|
|
| 281 | BN_GENCB cb; |
|
|
| 282 | BN_GENCB_set (&cb, indicator, 0); |
|
|
| 283 | |
|
|
| 284 | require (RSA_generate_key_ex (rsa, bits, e, &cb)); |
|
|
| 285 | |
|
|
| 286 | fprintf (stderr, _("Done.\n")); |
|
|
| 287 | |
|
|
| 288 | require (PEM_write_RSAPublicKey (f, rsa)); |
|
|
| 289 | fclose (f); |
|
|
| 290 | free (fname); |
340 | free (priv); |
| 291 | |
|
|
| 292 | asprintf (&fname, "%s/hostkeys/%s", confbase, node->nodename); |
|
|
| 293 | |
|
|
| 294 | f = fopen (fname, "a"); |
|
|
| 295 | if (!f) |
|
|
| 296 | { |
|
|
| 297 | perror (fname); |
|
|
| 298 | exit (EXIT_FAILURE); |
|
|
| 299 | } |
|
|
| 300 | |
|
|
| 301 | require (PEM_write_RSAPrivateKey (f, rsa, NULL, NULL, 0, NULL, NULL)); |
|
|
| 302 | fclose (f); |
|
|
| 303 | free (fname); |
|
|
| 304 | |
|
|
| 305 | BN_free (e); |
341 | free (pub); |
| 306 | RSA_free (rsa); |
|
|
| 307 | } |
342 | } |
| 308 | |
343 | |
| 309 | return 0; |
344 | return 0; |
|
|
345 | } |
|
|
346 | |
|
|
347 | static int |
|
|
348 | keygen_one (const char *pubname) |
|
|
349 | { |
|
|
350 | char *privname; |
|
|
351 | |
|
|
352 | asprintf (&privname, "%s.privkey", pubname); |
|
|
353 | |
|
|
354 | int status = keygen (pubname, privname); |
|
|
355 | |
|
|
356 | if (status == 0) |
|
|
357 | { |
|
|
358 | if (!quiet) |
|
|
359 | fprintf (stderr, _("generated %d bits key as %s.\n"), RSABITS, pubname); |
|
|
360 | } |
|
|
361 | else if (status == 1) |
|
|
362 | { |
|
|
363 | fprintf (stderr, _("'%s' keypair already exists, not generating key.\n"), pubname); |
|
|
364 | exit (EXIT_FAILURE); |
|
|
365 | } |
|
|
366 | |
|
|
367 | free(privname); |
| 310 | } |
368 | } |
| 311 | |
369 | |
| 312 | int |
370 | int |
| 313 | main (int argc, char **argv, char **envp) |
371 | main (int argc, char **argv, char **envp) |
| 314 | { |
372 | { |
| … | |
… | |
| 341 | |
399 | |
| 342 | { |
400 | { |
| 343 | configuration_parser (conf, false, 0, 0); |
401 | configuration_parser (conf, false, 0, 0); |
| 344 | } |
402 | } |
| 345 | |
403 | |
|
|
404 | if (debug_info) |
|
|
405 | { |
|
|
406 | printf ("cipher_nid=%d\n", EVP_CIPHER_nid (CIPHER ())); |
|
|
407 | printf ("mac_nid=%d\n", EVP_MD_type (MAC_DIGEST ())); |
|
|
408 | printf ("auth_nid=%d\n", EVP_MD_type (AUTH_DIGEST ())); |
|
|
409 | printf ("sizeof_auth_data=%d\n", sizeof (auth_data)); |
|
|
410 | printf ("sizeof_rsa_data=%d\n", sizeof (rsa_data)); |
|
|
411 | printf ("sizeof_rsa_data_extra_auth=%d\n", sizeof (((rsa_data *)0)->extra_auth)); |
|
|
412 | printf ("raw_overhead=%d\n", VPE_OVERHEAD); |
|
|
413 | printf ("vpn_overhead=%d\n", VPE_OVERHEAD + 6 + 6); |
|
|
414 | printf ("udp_overhead=%d\n", UDP_OVERHEAD + VPE_OVERHEAD + 6 + 6); |
|
|
415 | exit (EXIT_SUCCESS); |
|
|
416 | } |
|
|
417 | |
|
|
418 | if (generate_key) |
|
|
419 | { |
|
|
420 | RAND_load_file (conf.seed_dev, SEED_SIZE); |
|
|
421 | exit (keygen_one (generate_key)); |
|
|
422 | } |
|
|
423 | |
| 346 | if (generate_keys) |
424 | if (generate_keys) |
| 347 | { |
425 | { |
| 348 | RAND_load_file ("/dev/urandom", 1024); |
426 | RAND_load_file (conf.seed_dev, SEED_SIZE); |
| 349 | exit (keygen (generate_keys)); |
427 | exit (keygen_all ()); |
| 350 | } |
428 | } |
| 351 | |
429 | |
| 352 | if (kill_gvpe) |
430 | if (kill_gvpe) |
| 353 | exit (kill_other (kill_gvpe)); |
431 | exit (kill_other (kill_gvpe)); |
| 354 | |
432 | |
| … | |
… | |
| 358 | exit (EXIT_SUCCESS); |
436 | exit (EXIT_SUCCESS); |
| 359 | } |
437 | } |
| 360 | |
438 | |
| 361 | usage (1); |
439 | usage (1); |
| 362 | } |
440 | } |
|
|
441 | |
