/*
- main - mostly argument parsing
*/
int main(int argc, char *argv[])
{
const struct lsw_conf_options *oco = lsw_init_options();
int opt;
int nbits = 0;
int seedbits = DEFAULT_SEED_BITS;
char *configdir = oco->confddir; /* where the NSS databases reside */
char *password = NULL; /* password for token authentication */
while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF)
switch (opt) {
case 'n':
case 'p':
fprintf(stderr, "%s: --noopt and --rounds options have been obsoleted - ignored\n",
me);
break;
case 'v': /* verbose description */
verbose = 1;
break;
case 'r':
fprintf(stderr, "%s: Warning: --random is obsoleted for --seeddev. It no longer specifies the random device used for obtaining random key material",
me);
/* FALLTHROUGH */
case 'S': /* nonstandard random device for seed */
device = optarg;
break;
case 'H': /* set hostname for output */
{
size_t full_len = strlen(optarg);
bool oflow = sizeof(outputhostname) - 1 < full_len;
size_t copy_len = oflow ? sizeof(outputhostname) - 1 : full_len;
memcpy(outputhostname, optarg, copy_len);
outputhostname[copy_len] = '\0';
}
break;
case 'h': /* help */
printf("Usage:\t%s\n", usage);
exit(0);
break;
case 'V': /* version */
printf("%s %s\n", me, ipsec_version_code());
exit(0);
break;
case 'c': /* nss configuration directory */
case 'd': /* -d is used for configdir with nss tools */
configdir = optarg;
break;
case 'P': /* token authentication password */
password = optarg;
break;
case 's': /* seed bits */
seedbits = atoi(optarg);
if (PK11_IsFIPS()) {
if (seedbits < DEFAULT_SEED_BITS) {
fprintf(stderr, "%s: FIPS mode does not allow < %d seed bits\n",
me, DEFAULT_SEED_BITS);
exit(1);
}
}
break;
case '?':
default:
printf("Usage:\t%s\n", usage);
exit(2);
}
if (outputhostname[0] == '\0') {
if (gethostname(outputhostname, sizeof(outputhostname)) < 0) {
fprintf(stderr, "%s: gethostname failed (%s)\n",
me,
strerror(errno));
exit(1);
}
}
if (argv[optind] == NULL) {
/* default: spread bits between 3072 - 4096 in multiple's of 16 */
srand(time(NULL));
nbits = 3072 + 16 * (rand() % 64);
} else {
unsigned long u;
err_t ugh = ttoulb(argv[optind], 0, 10, INT_MAX, &u);
if (ugh != NULL) {
fprintf(stderr, "%s: keysize specification is malformed: %s\n",
me, ugh);
exit(1);
}
nbits = u;
}
if (nbits < MIN_KEYBIT ) {
fprintf(stderr, "%s: requested RSA key size of %d is too small - use %d or more\n",
me, nbits, MIN_KEYBIT);
exit(1);
} else if (nbits > MAXBITS) {
fprintf(stderr, "%s: overlarge bit count (max %d)\n", me,
MAXBITS);
exit(1);
} else if (nbits % (BITS_PER_BYTE * 2) != 0) {
fprintf(stderr, "%s: bit count (%d) not multiple of %d\n", me,
nbits, (int)BITS_PER_BYTE * 2);
exit(1);
}
rsasigkey(nbits, seedbits, configdir, password);
exit(0);
}
/*
- main - mostly argument parsing
*/
int main(int argc, char *argv[])
{
log_to_stderr = FALSE;
tool_init_log("ipsec rsasigkey");
int opt;
int nbits = 0;
int seedbits = DEFAULT_SEED_BITS;
while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF)
switch (opt) {
case 'n':
case 'p':
fprintf(stderr, "%s: --noopt and --rounds options have been obsoleted - ignored\n",
progname);
break;
case 'v': /* verbose description */
log_to_stderr = TRUE;
break;
case 'r':
fprintf(stderr, "%s: Warning: --random is obsoleted for --seeddev. It no longer specifies the random device used for obtaining random key material",
progname);
/* FALLTHROUGH */
case 'S': /* nonstandard random device for seed */
device = optarg;
break;
case 'H': /* set hostname for output */
{
size_t full_len = strlen(optarg);
bool oflow = sizeof(outputhostname) - 1 < full_len;
size_t copy_len = oflow ? sizeof(outputhostname) - 1 : full_len;
memcpy(outputhostname, optarg, copy_len);
outputhostname[copy_len] = '\0';
}
break;
case 'h': /* help */
printf("Usage:\t%s\n", usage);
exit(0);
break;
case 'V': /* version */
printf("%s %s\n", progname, ipsec_version_code());
exit(0);
break;
case 'c': /* obsoleted by --nssdir|-d */
case 'd': /* -d is used for nssdirdir with nss tools */
lsw_conf_nssdir(optarg);
break;
case 'P': /* token authentication password */
lsw_conf_nsspassword(optarg);
break;
case 's': /* seed bits */
seedbits = atoi(optarg);
if (PK11_IsFIPS()) {
if (seedbits < DEFAULT_SEED_BITS) {
fprintf(stderr, "%s: FIPS mode does not allow < %d seed bits\n",
progname, DEFAULT_SEED_BITS);
exit(1);
}
}
break;
case '?':
default:
printf("Usage:\t%s\n", usage);
exit(2);
}
if (outputhostname[0] == '\0') {
if (gethostname(outputhostname, sizeof(outputhostname)) < 0) {
fprintf(stderr, "%s: gethostname failed (%s)\n",
progname,
strerror(errno));
exit(1);
}
}
/*
* RSA-PSS requires keysize to be a multiple of 8 bits
* (see PCS#1 v2.1).
* We require a multiple of 16. (??? why?)
*/
if (argv[optind] == NULL) {
/* default keysize: a multiple of 16 in [3072,4096) */
srand(time(NULL));
nbits = 3072 + 16 * (rand() % (1024 / 16));
} else {
unsigned long u;
err_t ugh = ttoulb(argv[optind], 0, 10, INT_MAX, &u);
if (ugh != NULL) {
fprintf(stderr,
"%s: keysize specification is malformed: %s\n",
progname, ugh);
exit(1);
}
nbits = u;
}
if (nbits < MIN_KEYBIT ) {
fprintf(stderr,
"%s: requested RSA key size (%d) is too small - use %d or more\n",
progname, nbits, MIN_KEYBIT);
exit(1);
} else if (nbits > MAXBITS) {
fprintf(stderr,
"%s: requested RSA key size (%d) is too large - (max %d)\n",
progname, nbits, MAXBITS);
exit(1);
} else if (nbits % (BITS_PER_BYTE * 2) != 0) {
fprintf(stderr,
"%s: requested RSA key size (%d) is not a multiple of %d\n",
progname, nbits, (int)BITS_PER_BYTE * 2);
exit(1);
}
/*
* Don't fetch the config options until after they have been
* processed, and really are "constant".
*/
const struct lsw_conf_options *oco = lsw_init_options();
rsasigkey(nbits, seedbits, oco);
exit(0);
}
/*
- main - mostly argument parsing
*/
int main(int argc, char *argv[])
{
int opt;
extern int optind;
extern char *optarg;
int errflg = 0;
int i;
int nbits;
char *oldkeyfile = NULL;
while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF)
switch (opt) {
case 'v': /* verbose description */
verbose = 1;
break;
case 'r': /* nonstandard /dev/random */
device = optarg;
break;
case 'p': /* number of prime-check rounds */
nrounds = atoi(optarg);
if (nrounds <= 0) {
fprintf(stderr, "%s: rounds must be > 0\n", me);
exit(2);
}
break;
case 'o': /* reformat old key */
oldkeyfile = optarg;
break;
case 'H': /* set hostname for output */
strcpy(outputhostname, optarg);
break;
case 'n': /* don't optimize the private key */
do_lcm = 0;
break;
case 'h': /* help */
printf("Usage:\t%s\n", usage);
printf("\tor\n");
printf("\t%s\n", usage2);
exit(0);
break;
case 'V': /* version */
printf("%s %s\n", me, ipsec_version_code());
exit(0);
break;
case '?':
default:
errflg = 1;
break;
}
if (errflg || optind != ((oldkeyfile != NULL) ? argc : argc-1)) {
printf("Usage:\t%s\n", usage);
printf("\tor\n");
printf("\t%s\n", usage2);
exit(2);
}
if (outputhostname[0] == '\0') {
i = gethostname(outputhostname, sizeof(outputhostname));
if (i < 0) {
fprintf(stderr, "%s: gethostname failed (%s)\n",
me,
strerror(errno));
exit(1);
}
}
if (oldkeyfile == NULL) {
assert(argv[optind] != NULL);
nbits = atoi(argv[optind]);
} else
nbits = getoldkey(oldkeyfile);
if (nbits <= 0) {
fprintf(stderr, "%s: invalid bit count (%d)\n", me, nbits);
exit(1);
} else if (nbits > MAXBITS) {
fprintf(stderr, "%s: overlarge bit count (max %d)\n", me,
MAXBITS);
exit(1);
} else if (nbits % (CHAR_BIT*2) != 0) { /* *2 for nbits/2-bit primes */
fprintf(stderr, "%s: bit count (%d) not multiple of %d\n", me,
nbits, (int)CHAR_BIT*2);
exit(1);
}
rsasigkey(nbits, (oldkeyfile == NULL) ? 0 : 1);
exit(0);
}
