[ViewVC] Diff of: cvs/gvpe/src/gvpectrl.C

Comparing gvpe/src/gvpectrl.C (file contents):
Revision 1.20 by root, Wed Jun 29 22:37:50 2016 UTC vs.
Revision 1.21 by root, Wed Nov 2 05:58:53 2016 UTC

…		…
72	static int show_config;	72	static int show_config;
73		73
74	/* If nonzero, do not output anything but warnings/errors/very unusual conditions */	74	/* If nonzero, do not output anything but warnings/errors/very unusual conditions */
75	static int quiet;	75	static int quiet;
76		76
		77	/* If nonzero, generate single public/private keypair. */
		78	static const char *generate_key;
		79
77	/* If nonzero, generate public/private keypair for this net. */	80	/* If nonzero, generate public/private keypair for this net. */
78	static int generate_keys;	81	static int generate_keys;
79		82
80	// output some debugging info, interna constants &c	83	// output some debugging info, interna constants &c
81	static int debug_info;	84	static int debug_info;
…		…
84	{	87	{
85	{"config", required_argument, NULL, 'c'},	88	{"config", required_argument, NULL, 'c'},
86	{"kill", optional_argument, NULL, 'k'},	89	{"kill", optional_argument, NULL, 'k'},
87	{"help", no_argument, &show_help, 1},	90	{"help", no_argument, &show_help, 1},
88	{"version", no_argument, &show_version, 1},	91	{"version", no_argument, &show_version, 1},
		92	{"generate-key", required_argument, NULL, 'g'},
89	{"generate-keys", no_argument, NULL, 'g'},	93	{"generate-keys", no_argument, NULL, 'G'},
90	{"quiet", no_argument, &quiet, 1},	94	{"quiet", no_argument, &quiet, 1},
91	{"show-config", no_argument, &show_config, 's'},	95	{"show-config", no_argument, &show_config, 's'},
92	{"debug-info", no_argument, &debug_info, 1},	96	{"debug-info", no_argument, &debug_info, 1},
93	{NULL, 0, NULL, 0}	97	{NULL, 0, NULL, 0}
94	};	98	};
…		…
102	{	106	{
103	printf (_("Usage: %s [option]...\n\n"), get_identity ());	107	printf (_("Usage: %s [option]...\n\n"), get_identity ());
104	printf (_	108	printf (_
105	(" -c, --config=DIR Read configuration options from DIR.\n"	109	(" -c, --config=DIR Read configuration options from DIR.\n"
106	" -k, --kill[=SIGNAL] Attempt to kill a running gvpe and exit.\n"	110	" -k, --kill[=SIGNAL] Attempt to kill a running gvpe and exit.\n"
		111	" -g, --generate-key=file Generate public/private RSA keypair.\n"
107	" -g, --generate-keys Generate public/private RSA keypair.\n"	112	" -G, --generate-keys Generate all public/private RSA keypairs.\n"
108	" -s, --show-config Display the configuration information.\n"	113	" -s, --show-config Display the configuration information.\n"
109	" -q, --quiet Be quite quiet.\n"	114	" -q, --quiet Be quite quiet.\n"
110	" --help Display this help and exit.\n"	115	" --help Display this help and exit.\n"
111	" --version Output version information and exit.\n\n"));	116	" --version Output version information and exit.\n\n"));
112	printf (_("Report bugs to <gvpe@schmorp.de>.\n"));	117	printf (_("Report bugs to <gvpe@schmorp.de>.\n"));
…		…
119	parse_options (int argc, char argv, char envp)	124	parse_options (int argc, char argv, char envp)
120	{	125	{
121	int r;	126	int r;
122	int option_index = 0;	127	int option_index = 0;
123		128
124	while ((r = getopt_long (argc, argv, "c:k::qgs", long_options, &option_index)) != EOF)	129	while ((r = getopt_long (argc, argv, "c:k::qg:Gs", long_options, &option_index)) != EOF)
125	{	130	{
126	switch (r)	131	switch (r)
127	{	132	{
128	case 0: /* long option */	133	case 0: /* long option */
129	break;	134	break;
…		…
167	kill_gvpe = SIGTERM;	172	kill_gvpe = SIGTERM;
168		173
169	break;	174	break;
170		175
171	case 'g': /* generate public/private keypair */	176	case 'g': /* generate public/private keypair */
		177	generate_key = optarg;
		178	break;
		179
		180	case 'G': /* generate public/private keypairs */
172	generate_keys = RSABITS;	181	generate_keys = 1;
173	break;	182	break;
174		183
175	case 's':	184	case 's':
176	show_config = 1;	185	show_config = 1;
177	break;	186	break;
…		…
235		244
236	/*	245	/*
237	* generate public/private RSA keypairs for all hosts that don't have one.	246	* generate public/private RSA keypairs for all hosts that don't have one.
238	*/	247	*/
239	static int	248	static int
240	keygen (int bits)	249	keygen (const char pub, const char priv)
241	{	250	{
242	FILE f, pubf;	251
		252	FILE *pubf = fopen (pub, "ab");
		253	if (!pubf \|\| fseek (pubf, 0, SEEK_END))
		254	{
		255	perror (pub);
		256	exit (EXIT_FAILURE);
		257	}
		258
		259	if (ftell (pubf))
		260	{
		261	fclose (pubf);
		262	return 1;
		263	}
		264
		265	FILE *privf = fopen (priv, "ab");
		266
		267	/* some libcs are buggy and require an extra seek to the end */
		268	if (!privf \|\| fseek (privf, 0, SEEK_END))
		269	{
		270	perror (priv);
		271	exit (EXIT_FAILURE);
		272	}
		273
		274	if (ftell (privf))
		275	{
		276	fclose (pubf);
		277	fclose (privf);
		278	return 1;
		279	}
		280
		281	RSA *rsa = RSA_new ();
		282	BIGNUM *e = BN_new ();
		283	BN_set_bit (e, 0); BN_set_bit (e, 16); // 0x10001, 65537
		284
		285	#if 0
		286	#if OPENSSL_VERSION_NUMBER < 0x10100000
		287	BN_GENCB cb_100;
		288	BN_GENCB *cb = &cb_100;
		289	#else
		290	BN_GENCB *cb = BN_GENCB_new ();
		291	require (cb);
		292	#endif
		293
		294	BN_GENCB_set (cb, indicator, 0);
		295	require (RSA_generate_key_ex (rsa, RSABITS, e, cb));
		296	#else
		297	require (RSA_generate_key_ex (rsa, RSABITS, e, 0));
		298	#endif
		299
		300	require (PEM_write_RSAPublicKey (pubf, rsa));
		301	require (PEM_write_RSAPrivateKey (privf, rsa, NULL, NULL, 0, NULL, NULL));
		302
		303	fclose (pubf);
		304	fclose (privf);
		305
		306	BN_free (e);
		307	RSA_free (rsa);
		308
		309	return 0;
		310	}
		311
		312	static int
		313	keygen_all ()
		314	{
243	char *fname;	315	char *fname;
244		316
245	asprintf (&fname, "%s/pubkey", confbase);	317	asprintf (&fname, "%s/pubkey", confbase);
246	mkdir (fname, 0700);	318	mkdir (fname, 0700);
247	free (fname);	319	free (fname);
…		…
250	{	322	{
251	conf_node node = i;	323	conf_node node = i;
252		324
253	::thisnode = node->nodename;	325	::thisnode = node->nodename;
254		326
		327	char *pub = conf.config_filename ("pubkey/%s", 0);
255	fname = conf.config_filename (conf.prikeyfile, "hostkey");	328	char *priv = conf.config_filename (conf.prikeyfile, "hostkey");
256		329
257	f = fopen (fname, "ab");	330	int status = keygen (pub, priv);
258		331
259	/* some libcs are buggy and require an extra seek to the end */	332	if (status == 0)
260	if (!f \|\| fseek (f, 0, SEEK_END))
261	{
262	perror (fname);
263	exit (EXIT_FAILURE);
264	}
265
266	if (ftell (f))
267	{	333	{
268	if (!quiet)	334	if (!quiet)
269	fprintf (stderr, "'%s' already exists, skipping node %s\n", fname, node->nodename);	335	fprintf (stderr, _("generated %d bits key for %s.\n"), RSABITS, node->nodename);
270
271	free (fname);
272	fclose (f);
273	continue;
274	}	336	}
		337	else if (status == 1)
		338	fprintf (stderr, _("'%s' keypair already exists, skipping node %s.\n"), pub, node->nodename);
275		339
276	free (fname);	340	free (priv);
277
278	fprintf (stderr, _("generating %d bits key for %s:\n"), bits, node->nodename);
279
280	RSA *rsa = RSA_new ();
281	BIGNUM *e = BN_new ();
282	BN_set_bit (e, 0); BN_set_bit (e, 16); // 0x10001, 65537
283
284	#if OPENSSL_VERSION_NUMBER < 0x10100000
285	BN_GENCB cb_100;
286	BN_GENCB *cb = &cb_100;
287	#else
288	BN_GENCB *cb = BN_GENCB_new ();
289	require (cb);
290	#endif
291
292	BN_GENCB_set (cb, indicator, 0);
293	require (RSA_generate_key_ex (rsa, bits, e, cb));
294
295	fprintf (stderr, _("Done.\n"));
296
297	fname = conf.config_filename ("pubkey/%s", 0);
298	pubf = fopen (fname, "wb");
299	if (!pubf)
300	{
301	perror (fname);
302	exit (EXIT_FAILURE);
303	}
304
305	free (fname);
306
307	require (PEM_write_RSAPublicKey (pubf, rsa));
308	fclose (pubf);	341	free (pub);
309
310	require (PEM_write_RSAPrivateKey (f, rsa, NULL, NULL, 0, NULL, NULL));
311	fclose (f);
312
313	BN_free (e);
314	RSA_free (rsa);
315	}	342	}
316		343
317	return 0;	344	return 0;
		345	}
		346
		347	static int
		348	keygen_one (const char *pubname)
		349	{
		350	char *privname;
		351
		352	asprintf (&privname, "%s.key", pubname);
		353
		354	int status = keygen (pubname, privname);
		355
		356	if (status == 0)
		357	{
		358	if (!quiet)
		359	fprintf (stderr, _("generated %d bits key as %s.\n"), RSABITS, pubname);
		360	}
		361	else if (status == 1)
		362	{
		363	fprintf (stderr, _("'%s' keypair already exists, not generating key.\n"), pubname);
		364	exit (EXIT_FAILURE);
		365	}
		366
		367	free(privname);
318	}	368	}
319		369
320	int	370	int
321	main (int argc, char argv, char envp)	371	main (int argc, char argv, char envp)
322	{	372	{
…		…
363	printf ("vpn_overhead=%d\n", VPE_OVERHEAD + 6 + 6);	413	printf ("vpn_overhead=%d\n", VPE_OVERHEAD + 6 + 6);
364	printf ("udp_overhead=%d\n", UDP_OVERHEAD + VPE_OVERHEAD + 6 + 6);	414	printf ("udp_overhead=%d\n", UDP_OVERHEAD + VPE_OVERHEAD + 6 + 6);
365	exit (EXIT_SUCCESS);	415	exit (EXIT_SUCCESS);
366	}	416	}
367		417
		418	if (generate_key)
		419	{
		420	RAND_load_file (conf.seed_dev, SEED_SIZE);
		421	exit (keygen_one (generate_key));
		422	}
		423
368	if (generate_keys)	424	if (generate_keys)
369	{	425	{
370	RAND_load_file (conf.seed_dev, SEED_SIZE);	426	RAND_load_file (conf.seed_dev, SEED_SIZE);
371	exit (keygen (generate_keys));	427	exit (keygen_all ());
372	}	428	}
373		429
374	if (kill_gvpe)	430	if (kill_gvpe)
375	exit (kill_other (kill_gvpe));	431	exit (kill_other (kill_gvpe));
376		432

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing gvpe/src/gvpectrl.C (file contents): Revision 1.20 by root, Wed Jun 29 22:37:50 2016 UTC vs. Revision 1.21 by root, Wed Nov 2 05:58:53 2016 UTC

Diff Legend

Comparing gvpe/src/gvpectrl.C (file contents):
Revision 1.20 by root, Wed Jun 29 22:37:50 2016 UTC vs.
Revision 1.21 by root, Wed Nov 2 05:58:53 2016 UTC