… | |
… | |
75 | static int quiet; |
75 | static int quiet; |
76 | |
76 | |
77 | /* If nonzero, generate public/private keypair for this net. */ |
77 | /* If nonzero, generate public/private keypair for this net. */ |
78 | static int generate_keys; |
78 | static int generate_keys; |
79 | |
79 | |
|
|
80 | // output some debugging info, interna constants &c |
|
|
81 | static int debug_info; |
|
|
82 | |
80 | static struct option const long_options[] = |
83 | static struct option const long_options[] = |
81 | { |
84 | { |
82 | {"config", required_argument, NULL, 'c'}, |
85 | {"config", required_argument, NULL, 'c'}, |
83 | {"kill", optional_argument, NULL, 'k'}, |
86 | {"kill", optional_argument, NULL, 'k'}, |
84 | {"help", no_argument, &show_help, 1}, |
87 | {"help", no_argument, &show_help, 1}, |
85 | {"version", no_argument, &show_version, 1}, |
88 | {"version", no_argument, &show_version, 1}, |
86 | {"generate-keys", no_argument, NULL, 'g'}, |
89 | {"generate-keys", no_argument, NULL, 'g'}, |
87 | {"quiet", no_argument, &quiet, 1}, |
90 | {"quiet", no_argument, &quiet, 1}, |
88 | {"show-config", no_argument, &show_config, 's'}, |
91 | {"show-config", no_argument, &show_config, 's'}, |
|
|
92 | {"debug-info", no_argument, &debug_info, 1}, |
89 | {NULL, 0, NULL, 0} |
93 | {NULL, 0, NULL, 0} |
90 | }; |
94 | }; |
91 | |
95 | |
92 | static void |
96 | static void |
93 | usage (int status) |
97 | usage (int status) |
… | |
… | |
163 | kill_gvpe = SIGTERM; |
167 | kill_gvpe = SIGTERM; |
164 | |
168 | |
165 | break; |
169 | break; |
166 | |
170 | |
167 | case 'g': /* generate public/private keypair */ |
171 | case 'g': /* generate public/private keypair */ |
168 | generate_keys = RSA_KEYBITS; |
172 | generate_keys = RSABITS; |
169 | break; |
173 | break; |
170 | |
174 | |
171 | case 's': |
175 | case 's': |
172 | show_config = 1; |
176 | show_config = 1; |
173 | break; |
177 | break; |
… | |
… | |
233 | * generate public/private RSA keypairs for all hosts that don't have one. |
237 | * generate public/private RSA keypairs for all hosts that don't have one. |
234 | */ |
238 | */ |
235 | static int |
239 | static int |
236 | keygen (int bits) |
240 | keygen (int bits) |
237 | { |
241 | { |
238 | FILE *f; |
242 | FILE *f, *pubf; |
239 | char *name = NULL; |
|
|
240 | char *fname; |
243 | char *fname; |
241 | |
|
|
242 | asprintf (&fname, "%s/hostkeys", confbase); |
|
|
243 | mkdir (fname, 0700); |
|
|
244 | free (fname); |
|
|
245 | |
244 | |
246 | asprintf (&fname, "%s/pubkey", confbase); |
245 | asprintf (&fname, "%s/pubkey", confbase); |
247 | mkdir (fname, 0700); |
246 | mkdir (fname, 0700); |
248 | free (fname); |
247 | free (fname); |
249 | |
248 | |
250 | for (configuration::node_vector::iterator i = conf.nodes.begin (); i != conf.nodes.end (); ++i) |
249 | for (configuration::node_vector::iterator i = conf.nodes.begin (); i != conf.nodes.end (); ++i) |
251 | { |
250 | { |
252 | conf_node *node = *i; |
251 | conf_node *node = *i; |
253 | |
252 | |
254 | asprintf (&fname, "%s/pubkey/%s", confbase, node->nodename); |
253 | ::thisnode = node->nodename; |
255 | |
254 | |
|
|
255 | fname = conf.config_filename (conf.prikeyfile, "hostkey"); |
|
|
256 | |
256 | f = fopen (fname, "a"); |
257 | f = fopen (fname, "ab"); |
257 | |
258 | |
258 | /* some libcs are buggy and require an extra seek to the end */ |
259 | /* some libcs are buggy and require an extra seek to the end */ |
259 | if (!f || fseek (f, 0, SEEK_END)) |
260 | if (!f || fseek (f, 0, SEEK_END)) |
260 | { |
261 | { |
261 | perror (fname); |
262 | perror (fname); |
… | |
… | |
263 | } |
264 | } |
264 | |
265 | |
265 | if (ftell (f)) |
266 | if (ftell (f)) |
266 | { |
267 | { |
267 | if (!quiet) |
268 | if (!quiet) |
268 | fprintf (stderr, "'%s' already exists, skipping this node %d\n", |
269 | fprintf (stderr, "'%s' already exists, skipping node %s\n", fname, node->nodename); |
269 | fname, quiet); |
|
|
270 | |
270 | |
|
|
271 | free (fname); |
271 | fclose (f); |
272 | fclose (f); |
272 | continue; |
273 | continue; |
273 | } |
274 | } |
274 | |
275 | |
|
|
276 | free (fname); |
|
|
277 | |
275 | fprintf (stderr, _("generating %d bits key for %s:\n"), bits, |
278 | fprintf (stderr, _("generating %d bits key for %s:\n"), bits, node->nodename); |
276 | node->nodename); |
|
|
277 | |
279 | |
278 | RSA *rsa = RSA_new (); |
280 | RSA *rsa = RSA_new (); |
279 | BIGNUM *e = BN_new (); |
281 | BIGNUM *e = BN_new (); |
280 | BN_set_bit (e, 0); BN_set_bit (e, 16); // 0x10001, 65537 |
282 | BN_set_bit (e, 0); BN_set_bit (e, 16); // 0x10001, 65537 |
281 | BN_GENCB cb; |
283 | BN_GENCB cb; |
… | |
… | |
283 | |
285 | |
284 | require (RSA_generate_key_ex (rsa, bits, e, &cb)); |
286 | require (RSA_generate_key_ex (rsa, bits, e, &cb)); |
285 | |
287 | |
286 | fprintf (stderr, _("Done.\n")); |
288 | fprintf (stderr, _("Done.\n")); |
287 | |
289 | |
288 | require (PEM_write_RSAPublicKey (f, rsa)); |
290 | fname = conf.config_filename ("pubkey/%s", 0); |
289 | fclose (f); |
|
|
290 | free (fname); |
|
|
291 | |
|
|
292 | asprintf (&fname, "%s/hostkeys/%s", confbase, node->nodename); |
|
|
293 | |
|
|
294 | f = fopen (fname, "a"); |
291 | pubf = fopen (fname, "wb"); |
295 | if (!f) |
292 | if (!pubf) |
296 | { |
293 | { |
297 | perror (fname); |
294 | perror (fname); |
298 | exit (EXIT_FAILURE); |
295 | exit (EXIT_FAILURE); |
299 | } |
296 | } |
300 | |
297 | |
|
|
298 | free (fname); |
|
|
299 | |
|
|
300 | require (PEM_write_RSAPublicKey (pubf, rsa)); |
|
|
301 | fclose (pubf); |
|
|
302 | |
301 | require (PEM_write_RSAPrivateKey (f, rsa, NULL, NULL, 0, NULL, NULL)); |
303 | require (PEM_write_RSAPrivateKey (f, rsa, NULL, NULL, 0, NULL, NULL)); |
302 | fclose (f); |
304 | fclose (f); |
303 | free (fname); |
|
|
304 | |
305 | |
305 | BN_free (e); |
306 | BN_free (e); |
306 | RSA_free (rsa); |
307 | RSA_free (rsa); |
307 | } |
308 | } |
308 | |
309 | |
… | |
… | |
341 | |
342 | |
342 | { |
343 | { |
343 | configuration_parser (conf, false, 0, 0); |
344 | configuration_parser (conf, false, 0, 0); |
344 | } |
345 | } |
345 | |
346 | |
|
|
347 | if (debug_info) |
|
|
348 | { |
|
|
349 | printf ("cipher_nid=%d\n", EVP_CIPHER_nid (CIPHER ())); |
|
|
350 | printf ("mac_nid=%d\n", EVP_MD_type (MAC_DIGEST ())); |
|
|
351 | printf ("auth_nid=%d\n", EVP_MD_type (AUTH_DIGEST ())); |
|
|
352 | printf ("sizeof_auth_data=%d\n", sizeof (auth_data)); |
|
|
353 | printf ("sizeof_rsa_data=%d\n", sizeof (rsa_data)); |
|
|
354 | printf ("sizeof_rsa_data_pad=%d\n", sizeof (((rsa_data *)0)->pad)); |
|
|
355 | exit (EXIT_SUCCESS); |
|
|
356 | } |
|
|
357 | |
346 | if (generate_keys) |
358 | if (generate_keys) |
347 | { |
359 | { |
348 | RAND_load_file (conf.seed_dev, SEED_SIZE); |
360 | RAND_load_file (conf.seed_dev, SEED_SIZE); |
349 | exit (keygen (generate_keys)); |
361 | exit (keygen (generate_keys)); |
350 | } |
362 | } |
… | |
… | |
358 | exit (EXIT_SUCCESS); |
370 | exit (EXIT_SUCCESS); |
359 | } |
371 | } |
360 | |
372 | |
361 | usage (1); |
373 | usage (1); |
362 | } |
374 | } |
|
|
375 | |