--- gvpe/src/gvpectrl.C	2013/07/05 10:04:22	1.13
+++ gvpe/src/gvpectrl.C	2016/11/02 06:58:35	1.23
@@ -2,7 +2,7 @@
     gvpectrl.C -- the main file for gvpectrl
     Copyright (C) 1998-2002 Ivo Timmermans <ivo@o2w.nl>
                   2000-2002 Guus Sliepen <guus@sliepen.eu.org>
-                  2003-2013 Marc Lehmann <gvpe@schmorp.de>
+                  2003-2016 Marc Lehmann <gvpe@schmorp.de>
  
     This file is part of GVPE.
 
@@ -74,18 +74,26 @@
 /* If nonzero, do not output anything but warnings/errors/very unusual conditions */
 static int quiet;
 
+/* If nonzero, generate single public/private keypair. */
+static const char *generate_key;
+
 /* If nonzero, generate public/private keypair for this net. */
 static int generate_keys;
 
+// output some debugging info, interna constants &c
+static int debug_info;
+
 static struct option const long_options[] =
 {
   {"config", required_argument, NULL, 'c'},
   {"kill", optional_argument, NULL, 'k'},
   {"help", no_argument, &show_help, 1},
   {"version", no_argument, &show_version, 1},
-  {"generate-keys", no_argument, NULL, 'g'},
+  {"generate-key", required_argument, NULL, 'g'},
+  {"generate-keys", no_argument, NULL, 'G'},
   {"quiet", no_argument, &quiet, 1},
   {"show-config", no_argument, &show_config, 's'},
+  {"debug-info", no_argument, &debug_info, 1},
   {NULL, 0, NULL, 0}
 };
 
@@ -100,7 +108,8 @@
       printf (_
               ("  -c, --config=DIR           Read configuration options from DIR.\n"
                "  -k, --kill[=SIGNAL]        Attempt to kill a running gvpe and exit.\n"
-               "  -g, --generate-keys        Generate public/private RSA keypair.\n"
+               "  -g, --generate-key=file    Generate public/private RSA keypair.\n"
+               "  -G, --generate-keys        Generate all public/private RSA keypairs.\n"
                "  -s, --show-config          Display the configuration information.\n"
                "  -q, --quiet                Be quite quiet.\n"
                "      --help                 Display this help and exit.\n"
@@ -117,7 +126,7 @@
   int r;
   int option_index = 0;
 
-  while ((r = getopt_long (argc, argv, "c:k::qgs", long_options, &option_index)) != EOF)
+  while ((r = getopt_long (argc, argv, "c:k::qg:Gs", long_options, &option_index)) != EOF)
     {
       switch (r)
         {
@@ -165,7 +174,11 @@
             break;
 
           case 'g':		/* generate public/private keypair */
-            generate_keys = RSA_KEYBITS;
+            generate_key = optarg;
+            break;
+
+          case 'G':		/* generate public/private keypairs */
+            generate_keys = 1;
             break;
 
           case 's':
@@ -233,15 +246,73 @@
  * generate public/private RSA keypairs for all hosts that don't have one.
  */
 static int
-keygen (int bits)
+keygen (const char *pub, const char *priv)
 {
-  FILE *f;
-  char *name = NULL;
-  char *fname;
 
-  asprintf (&fname, "%s/hostkeys", confbase);
-  mkdir (fname, 0700);
-  free (fname);
+  FILE *pubf = fopen (pub, "ab");
+  if (!pubf || fseek (pubf, 0, SEEK_END))
+    {
+      perror (pub);
+      exit (EXIT_FAILURE);
+    }
+
+  if (ftell (pubf))
+    {
+      fclose (pubf);
+      return 1;
+    }
+
+  FILE *privf = fopen (priv, "ab");
+
+  /* some libcs are buggy and require an extra seek to the end */
+  if (!privf || fseek (privf, 0, SEEK_END))
+    {
+      perror (priv);
+      exit (EXIT_FAILURE);
+    }
+
+  if (ftell (privf))
+    {
+      fclose (pubf);
+      fclose (privf);
+      return 1;
+    }
+
+  RSA *rsa = RSA_new ();
+  BIGNUM *e = BN_new ();
+  BN_set_bit (e, 0); BN_set_bit (e, 16); // 0x10001, 65537
+
+#if 0
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+  BN_GENCB cb_100;
+  BN_GENCB *cb = &cb_100;
+#else
+  BN_GENCB *cb = BN_GENCB_new ();
+  require (cb);
+#endif
+
+  BN_GENCB_set (cb, indicator, 0);
+  require (RSA_generate_key_ex (rsa, RSABITS, e, cb));
+#else
+  require (RSA_generate_key_ex (rsa, RSABITS, e, 0));
+#endif
+
+  require (PEM_write_RSAPublicKey (pubf, rsa));
+  require (PEM_write_RSAPrivateKey (privf, rsa, NULL, NULL, 0, NULL, NULL));
+
+  fclose (pubf);
+  fclose (privf);
+
+  BN_free (e);
+  RSA_free (rsa);
+
+  return 0;
+}
+
+static int
+keygen_all ()
+{
+  char *fname;
 
   asprintf (&fname, "%s/pubkey", confbase);
   mkdir (fname, 0700);
@@ -251,62 +322,49 @@
     {
       conf_node *node = *i;
 
-      asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename);
+      ::thisnode = node->nodename;
 
-      f = fopen (fname, "a");
+      char *pub  = conf.config_filename ("pubkey/%s", 0);
+      char *priv = conf.config_filename (conf.prikeyfile, "hostkey");
 
-      /* some libcs are buggy and require an extra seek to the end */
-      if (!f || fseek (f, 0, SEEK_END))
-        {
-          perror (fname);
-          exit (EXIT_FAILURE);
-        }
+      int status = keygen (pub, priv);
 
-      if (ftell (f))
+      if (status == 0)
         {
           if (!quiet)
-            fprintf (stderr, "'%s' already exists, skipping this node %d\n",
-                     fname, quiet);
-
-          fclose (f);
-          continue;
+            fprintf (stderr, _("generated %d bits key for %s.\n"), RSABITS, node->nodename);
         }
+      else if (status == 1)
+        fprintf (stderr, _("'%s' keypair already exists, skipping node %s.\n"), pub, node->nodename);
 
-      fprintf (stderr, _("generating %d bits key for %s:\n"), bits,
-               node->nodename);
-
-      RSA *rsa = RSA_new ();
-      BIGNUM *e = BN_new ();
-      BN_set_bit (e, 0); BN_set_bit (e, 16); // 0x10001, 65537
-      BN_GENCB cb;
-      BN_GENCB_set (&cb, indicator, 0);
-
-      require (RSA_generate_key_ex (rsa, bits, e, &cb));
+      free (priv);
+      free (pub);
+    }
 
-      fprintf (stderr, _("Done.\n"));
+  return 0;
+}
 
-      require (PEM_write_RSAPublicKey (f, rsa));
-      fclose (f);
-      free (fname);
+static int
+keygen_one (const char *pubname)
+{
+  char *privname;
 
-      asprintf (&fname, "%s/hostkeys/%s", confbase, node->nodename);
+  asprintf (&privname, "%s.privkey", pubname);
 
-      f = fopen (fname, "a");
-      if (!f)
-        {
-          perror (fname);
-          exit (EXIT_FAILURE);
-        }
+  int status = keygen (pubname, privname);
 
-      require (PEM_write_RSAPrivateKey (f, rsa, NULL, NULL, 0, NULL, NULL));
-      fclose (f);
-      free (fname);
-
-      BN_free (e);
-      RSA_free (rsa);
+  if (status == 0)
+    {
+      if (!quiet)
+        fprintf (stderr, _("generated %d bits key as %s.\n"), RSABITS, pubname);
+    }
+  else if (status == 1)
+    {
+      fprintf (stderr, _("'%s' keypair already exists, not generating key.\n"), pubname);
+      exit (EXIT_FAILURE);
     }
 
-  return 0;
+  free(privname);
 }
 
 int
@@ -343,10 +401,30 @@
     configuration_parser (conf, false, 0, 0);
   }
 
+  if (debug_info)
+    {
+      printf ("cipher_nid=%d\n", EVP_CIPHER_nid (CIPHER ()));
+      printf ("mac_nid=%d\n", EVP_MD_type (MAC_DIGEST ()));
+      printf ("auth_nid=%d\n", EVP_MD_type (AUTH_DIGEST ()));
+      printf ("sizeof_auth_data=%d\n", sizeof (auth_data));
+      printf ("sizeof_rsa_data=%d\n", sizeof (rsa_data));
+      printf ("sizeof_rsa_data_extra_auth=%d\n", sizeof (((rsa_data *)0)->extra_auth));
+      printf ("raw_overhead=%d\n", VPE_OVERHEAD);
+      printf ("vpn_overhead=%d\n", VPE_OVERHEAD + 6 + 6);
+      printf ("udp_overhead=%d\n", UDP_OVERHEAD + VPE_OVERHEAD + 6 + 6);
+      exit (EXIT_SUCCESS);
+    }
+
+  if (generate_key)
+    {
+      RAND_load_file (conf.seed_dev, SEED_SIZE);
+      exit (keygen_one (generate_key));
+    }
+
   if (generate_keys)
     {
-      RAND_load_file ("/dev/urandom", 1024);
-      exit (keygen (generate_keys));
+      RAND_load_file (conf.seed_dev, SEED_SIZE);
+      exit (keygen_all ());
     }
 
   if (kill_gvpe)
@@ -360,3 +438,4 @@
 
   usage (1);
 }
+