void start_gen_radius_cert(void)
{
if (nvram_match("cert_running", "1") && pidof("openssl") > 0)
return; //already running
prep();
gen_cert("/jffs/etc/freeradius/certs/server.cnf", TYPE_SERVER, nvram_safe_get("radius_common"), nvram_safe_get("radius_passphrase"));
gen_cert("/jffs/etc/freeradius/certs/ca.cnf", TYPE_CA, nvram_safe_get("radius_common"), nvram_safe_get("radius_passphrase"));
nvram_set("cert_running", "1");
//this takes a long time (depending from the cpu speed)
system("cd /jffs/etc/freeradius/certs && ./bootstrap");
sysprintf("sed \"s/private_key_password = whatever/private_key_password = %s/g\" /etc/freeradius/eap.conf > /jffs/etc/freeradius/eap.conf", nvram_safe_get("radius_passphrase"));
nvram_set("cert_running", "0");
}
struct dtls_context *
create_dtls_context(const char *common)
{
if (common == NULL)
return NULL;
struct dtls_context *context = (struct dtls_context *)calloc(1, sizeof *context);
if (context == NULL)
return NULL;
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_CTX *ctx = SSL_CTX_new(DTLSv1_method());
if (ctx == NULL)
goto ctx_err;
context->ctx = ctx;
// ALL:NULL:eNULL:aNULL
if (SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH") != 1)
goto ctx_err;
SSL_CTX_set_read_ahead(ctx, 1); // for DTLS
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_peer_certificate_cb);
EVP_PKEY *key = gen_key();
if (key == NULL)
goto ctx_err;
SSL_CTX_use_PrivateKey(ctx, key);
X509 *cert = gen_cert(key, common, 365);
if (cert == NULL)
goto ctx_err;
SSL_CTX_use_certificate(ctx, cert);
if (SSL_CTX_check_private_key(ctx) != 1)
goto ctx_err;
unsigned int len;
unsigned char buf[BUFFER_SIZE];
X509_digest(cert, EVP_sha256(), buf, &len);
char *p = context->fingerprint;
for (int i = 0; i < len; ++i) {
snprintf(p, 4, "%02X:", buf[i]);
p += 3;
}
*(p - 1) = 0;
if (0) {
ctx_err:
SSL_CTX_free(ctx);
free(context);
context = NULL;
}
return context;
}
SSL_CTX *
InitCTX (void)
{
SSL_METHOD *method;
X509 *cert;
EVP_PKEY *key;
SSL_library_init ();
OpenSSL_add_all_algorithms (); /* Load cryptos, et.al. */
SSL_load_error_strings (); /* Bring in and register error messages */
method = SSLv3_server_method ();
ctx = SSL_CTX_new (method); /* Create new context */
if (ctx == NULL) {
#ifdef DEBUG
ERR_print_errors_fp (stderr);
#endif
abort ();
}
SSL_CTX_set_options (ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
SSL_CTX_set_cipher_list (ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
if (gen_cert (&cert, &key) == 0) {
#ifdef DEBUG
printf ("Error w/ gen_cert()\n");
#endif
exit (1);
}
if (SSL_CTX_use_certificate (ctx, cert) != 1) {
#ifdef DEBUG
fprintf (stderr, "SSL_CTX_use_certificate failed.\n");
#endif
exit (1);
}
if (SSL_CTX_use_PrivateKey (ctx, key) != 1) {
#ifdef DEBUG
fprintf (stderr, "SSL_CTX_use_PrivateKey failed.\n");
#endif
exit (1);
}
X509_free (cert);
EVP_PKEY_free (key);
return ctx;
}
int main(int argc, char *argv[])
{
char *cmd;
if (argc < 2)
usage(argv[0]);
//call nvram_get or nvram_set
if ((cmd = strrchr(argv[0], '/')) != NULL)
cmd++;
else
cmd = argv[0];
if (!strncmp(cmd, "nvram_get", 10))
return ra_nv_get(argc, argv);
else if (!strncmp(cmd, "nvram_set", 10))
return ra_nv_set(argc, argv);
if (argc == 2) {
if (!strncmp(argv[1], "rt2860_nvram_show", 18))
nvram_show(RT2860_NVRAM);
#if defined (CONFIG_RTDEV_MII) || defined (CONFIG_RTDEV_USB) || defined (CONFIG_RTDEV_PCI)|| \
defined (CONFIG_RT2561_AP) || defined (CONFIG_RT2561_AP_MODULE)
else if (!strncmp(argv[1], "rtdev_nvram_show", 17))
nvram_show(RTDEV_NVRAM);
#endif
#ifdef CONFIG_DUAL_IMAGE
else if (!strncmp(argv[1], "uboot_nvram_show", 17))
nvram_show(UBOOT_NVRAM);
#endif
#ifdef CONFIG_RT2860V2_STA_WPA_SUPPLICANT
else if (!strncmp(argv[1], "cert_nvram_show", 16))
nvram_show(CERT_NVRAM);
#endif
#ifdef CONFIG_RT2860V2_AP_WAPI
else if (!strncmp(argv[1], "wapi_nvram_show", 16))
nvram_show(WAPI_NVRAM);
#endif
else
usage(argv[0]);
} else if (argc == 3) {
/* TODO: <cmd> gen 2860ap */
if (!strncasecmp(argv[1], "gen", 4) ||
!strncasecmp(argv[1], "make_wireless_config", 21)) {
if (!strncmp(argv[2], "2860", 5) ||
!strncasecmp(argv[2], "rt2860", 7)) //b-compatible
gen_config(RT2860_NVRAM);
#if defined (CONFIG_RTDEV_MII) || defined (CONFIG_RTDEV_USB) || defined (CONFIG_RTDEV_PCI) || \
defined (CONFIG_RT2561_AP) || defined (CONFIG_RT2561_AP_MODULE)
else if (!strncasecmp(argv[2], "rtdev", 6))
gen_config(RTDEV_NVRAM);
#endif
#ifdef CONFIG_DUAL_IMAGE
else if (!strncasecmp(argv[2], "uboot", 6))
printf("No support of gen command of uboot parameter.\n");
#endif
#ifdef CONFIG_RT2860V2_STA_WPA_SUPPLICANT
else if (!strncmp(argv[2], "cert", 5))
gen_cert(CERT_NVRAM);
#endif
#ifdef CONFIG_RT2860V2_AP_WAPI
else if (!strncmp(argv[2], "wapi", 5))
gen_cert(WAPI_NVRAM);
#endif
else
usage(argv[0]);
} else if (!strncasecmp(argv[1], "show", 5)) {
if (!strncmp(argv[2], "2860", 5) ||
!strncasecmp(argv[2], "rt2860", 7)) //b-compatible
nvram_show(RT2860_NVRAM);
#if defined (CONFIG_RTDEV_MII) || defined (CONFIG_RTDEV_USB) || defined (CONFIG_RTDEV_PCI) || \
defined (CONFIG_RT2561_AP) || defined (CONFIG_RT2561_AP_MODULE)
else if (!strncasecmp(argv[2], "rtdev", 6))
nvram_show(RTDEV_NVRAM);
#endif
#ifdef CONFIG_DUAL_IMAGE
else if (!strncasecmp(argv[2], "uboot", 6))
nvram_show(UBOOT_NVRAM);
#endif
#ifdef CONFIG_RT2860V2_STA_WPA_SUPPLICANT
else if (!strncasecmp(argv[2], "cert", 5))
nvram_show(CERT_NVRAM);
#endif
#ifdef CONFIG_RT2860V2_AP_WAPI
else if (!strncasecmp(argv[2], "wapi", 5))
nvram_show(WAPI_NVRAM);
#endif
else
usage(argv[0]);
} else if(!strncasecmp(argv[1], "clear", 6)) {
if (!strncmp(argv[2], "2860", 5) ||
!strncasecmp(argv[2], "rt2860", 7)) //b-compatible
nvram_clear(RT2860_NVRAM);
#if defined (CONFIG_RTDEV_MII) || defined (CONFIG_RTDEV_USB) || defined (CONFIG_RTDEV_PCI) || \
defined (CONFIG_RT2561_AP) || defined (CONFIG_RT2561_AP_MODULE)
else if (!strncasecmp(argv[2], "rtdev", 6))
nvram_clear(RTDEV_NVRAM);
#endif
#ifdef CONFIG_DUAL_IMAGE
else if (!strncasecmp(argv[2], "uboot", 6))
nvram_clear(UBOOT_NVRAM);
#endif
#ifdef CONFIG_RT2860V2_STA_WPA_SUPPLICANT
else if (!strncasecmp(argv[2], "cert", 5))
nvram_clear(CERT_NVRAM);
#endif
#ifdef CONFIG_RT2860V2_AP_WAPI
else if (!strncasecmp(argv[2], "wapi", 5))
nvram_clear(WAPI_NVRAM);
#endif
else
usage(argv[0]);
} else
usage(argv[0]);
} else if (argc == 4) {
if (!strncasecmp(argv[1], "renew", 6)) {
if (!strncmp(argv[2], "2860", 5) ||
!strncasecmp(argv[2], "rt2860", 7)) //b-compatible
renew_nvram(RT2860_NVRAM, argv[3]);
#if defined (CONFIG_RTDEV_MII) || defined (CONFIG_RTDEV_USB) || defined (CONFIG_RTDEV_PCI) || \
defined (CONFIG_RT2561_AP) || defined (CONFIG_RT2561_AP_MODULE)
else if (!strncasecmp(argv[2], "rtdev", 6))
renew_nvram(RTDEV_NVRAM, argv[3]);
#endif
#ifdef CONFIG_DUAL_IMAGE
else if (!strncasecmp(argv[2], "uboot", 6))
printf("No support of renew command of uboot parameter.\n");
#endif
} else
usage(argv[0]);
} else
usage(argv[0]);
return 0;
}
