/* - main - mostly argument parsing */ int main(int argc, char *argv[]) { const struct lsw_conf_options *oco = lsw_init_options(); int opt; int nbits = 0; int seedbits = DEFAULT_SEED_BITS; char *configdir = oco->confddir; /* where the NSS databases reside */ char *password = NULL; /* password for token authentication */ while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF) switch (opt) { case 'n': case 'p': fprintf(stderr, "%s: --noopt and --rounds options have been obsoleted - ignored\n", me); break; case 'v': /* verbose description */ verbose = 1; break; case 'r': fprintf(stderr, "%s: Warning: --random is obsoleted for --seeddev. It no longer specifies the random device used for obtaining random key material", me); /* FALLTHROUGH */ case 'S': /* nonstandard random device for seed */ device = optarg; break; case 'H': /* set hostname for output */ { size_t full_len = strlen(optarg); bool oflow = sizeof(outputhostname) - 1 < full_len; size_t copy_len = oflow ? sizeof(outputhostname) - 1 : full_len; memcpy(outputhostname, optarg, copy_len); outputhostname[copy_len] = '\0'; } break; case 'h': /* help */ printf("Usage:\t%s\n", usage); exit(0); break; case 'V': /* version */ printf("%s %s\n", me, ipsec_version_code()); exit(0); break; case 'c': /* nss configuration directory */ case 'd': /* -d is used for configdir with nss tools */ configdir = optarg; break; case 'P': /* token authentication password */ password = optarg; break; case 's': /* seed bits */ seedbits = atoi(optarg); if (PK11_IsFIPS()) { if (seedbits < DEFAULT_SEED_BITS) { fprintf(stderr, "%s: FIPS mode does not allow < %d seed bits\n", me, DEFAULT_SEED_BITS); exit(1); } } break; case '?': default: printf("Usage:\t%s\n", usage); exit(2); } if (outputhostname[0] == '\0') { if (gethostname(outputhostname, sizeof(outputhostname)) < 0) { fprintf(stderr, "%s: gethostname failed (%s)\n", me, strerror(errno)); exit(1); } } if (argv[optind] == NULL) { /* default: spread bits between 3072 - 4096 in multiple's of 16 */ srand(time(NULL)); nbits = 3072 + 16 * (rand() % 64); } else { unsigned long u; err_t ugh = ttoulb(argv[optind], 0, 10, INT_MAX, &u); if (ugh != NULL) { fprintf(stderr, "%s: keysize specification is malformed: %s\n", me, ugh); exit(1); } nbits = u; } if (nbits < MIN_KEYBIT ) { fprintf(stderr, "%s: requested RSA key size of %d is too small - use %d or more\n", me, nbits, MIN_KEYBIT); exit(1); } else if (nbits > MAXBITS) { fprintf(stderr, "%s: overlarge bit count (max %d)\n", me, MAXBITS); exit(1); } else if (nbits % (BITS_PER_BYTE * 2) != 0) { fprintf(stderr, "%s: bit count (%d) not multiple of %d\n", me, nbits, (int)BITS_PER_BYTE * 2); exit(1); } rsasigkey(nbits, seedbits, configdir, password); exit(0); }
/* - main - mostly argument parsing */ int main(int argc, char *argv[]) { log_to_stderr = FALSE; tool_init_log("ipsec rsasigkey"); int opt; int nbits = 0; int seedbits = DEFAULT_SEED_BITS; while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF) switch (opt) { case 'n': case 'p': fprintf(stderr, "%s: --noopt and --rounds options have been obsoleted - ignored\n", progname); break; case 'v': /* verbose description */ log_to_stderr = TRUE; break; case 'r': fprintf(stderr, "%s: Warning: --random is obsoleted for --seeddev. It no longer specifies the random device used for obtaining random key material", progname); /* FALLTHROUGH */ case 'S': /* nonstandard random device for seed */ device = optarg; break; case 'H': /* set hostname for output */ { size_t full_len = strlen(optarg); bool oflow = sizeof(outputhostname) - 1 < full_len; size_t copy_len = oflow ? sizeof(outputhostname) - 1 : full_len; memcpy(outputhostname, optarg, copy_len); outputhostname[copy_len] = '\0'; } break; case 'h': /* help */ printf("Usage:\t%s\n", usage); exit(0); break; case 'V': /* version */ printf("%s %s\n", progname, ipsec_version_code()); exit(0); break; case 'c': /* obsoleted by --nssdir|-d */ case 'd': /* -d is used for nssdirdir with nss tools */ lsw_conf_nssdir(optarg); break; case 'P': /* token authentication password */ lsw_conf_nsspassword(optarg); break; case 's': /* seed bits */ seedbits = atoi(optarg); if (PK11_IsFIPS()) { if (seedbits < DEFAULT_SEED_BITS) { fprintf(stderr, "%s: FIPS mode does not allow < %d seed bits\n", progname, DEFAULT_SEED_BITS); exit(1); } } break; case '?': default: printf("Usage:\t%s\n", usage); exit(2); } if (outputhostname[0] == '\0') { if (gethostname(outputhostname, sizeof(outputhostname)) < 0) { fprintf(stderr, "%s: gethostname failed (%s)\n", progname, strerror(errno)); exit(1); } } /* * RSA-PSS requires keysize to be a multiple of 8 bits * (see PCS#1 v2.1). * We require a multiple of 16. (??? why?) */ if (argv[optind] == NULL) { /* default keysize: a multiple of 16 in [3072,4096) */ srand(time(NULL)); nbits = 3072 + 16 * (rand() % (1024 / 16)); } else { unsigned long u; err_t ugh = ttoulb(argv[optind], 0, 10, INT_MAX, &u); if (ugh != NULL) { fprintf(stderr, "%s: keysize specification is malformed: %s\n", progname, ugh); exit(1); } nbits = u; } if (nbits < MIN_KEYBIT ) { fprintf(stderr, "%s: requested RSA key size (%d) is too small - use %d or more\n", progname, nbits, MIN_KEYBIT); exit(1); } else if (nbits > MAXBITS) { fprintf(stderr, "%s: requested RSA key size (%d) is too large - (max %d)\n", progname, nbits, MAXBITS); exit(1); } else if (nbits % (BITS_PER_BYTE * 2) != 0) { fprintf(stderr, "%s: requested RSA key size (%d) is not a multiple of %d\n", progname, nbits, (int)BITS_PER_BYTE * 2); exit(1); } /* * Don't fetch the config options until after they have been * processed, and really are "constant". */ const struct lsw_conf_options *oco = lsw_init_options(); rsasigkey(nbits, seedbits, oco); exit(0); }
/* - main - mostly argument parsing */ int main(int argc, char *argv[]) { int opt; extern int optind; extern char *optarg; int errflg = 0; int i; int nbits; char *oldkeyfile = NULL; while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF) switch (opt) { case 'v': /* verbose description */ verbose = 1; break; case 'r': /* nonstandard /dev/random */ device = optarg; break; case 'p': /* number of prime-check rounds */ nrounds = atoi(optarg); if (nrounds <= 0) { fprintf(stderr, "%s: rounds must be > 0\n", me); exit(2); } break; case 'o': /* reformat old key */ oldkeyfile = optarg; break; case 'H': /* set hostname for output */ strcpy(outputhostname, optarg); break; case 'n': /* don't optimize the private key */ do_lcm = 0; break; case 'h': /* help */ printf("Usage:\t%s\n", usage); printf("\tor\n"); printf("\t%s\n", usage2); exit(0); break; case 'V': /* version */ printf("%s %s\n", me, ipsec_version_code()); exit(0); break; case '?': default: errflg = 1; break; } if (errflg || optind != ((oldkeyfile != NULL) ? argc : argc-1)) { printf("Usage:\t%s\n", usage); printf("\tor\n"); printf("\t%s\n", usage2); exit(2); } if (outputhostname[0] == '\0') { i = gethostname(outputhostname, sizeof(outputhostname)); if (i < 0) { fprintf(stderr, "%s: gethostname failed (%s)\n", me, strerror(errno)); exit(1); } } if (oldkeyfile == NULL) { assert(argv[optind] != NULL); nbits = atoi(argv[optind]); } else nbits = getoldkey(oldkeyfile); if (nbits <= 0) { fprintf(stderr, "%s: invalid bit count (%d)\n", me, nbits); exit(1); } else if (nbits > MAXBITS) { fprintf(stderr, "%s: overlarge bit count (max %d)\n", me, MAXBITS); exit(1); } else if (nbits % (CHAR_BIT*2) != 0) { /* *2 for nbits/2-bit primes */ fprintf(stderr, "%s: bit count (%d) not multiple of %d\n", me, nbits, (int)CHAR_BIT*2); exit(1); } rsasigkey(nbits, (oldkeyfile == NULL) ? 0 : 1); exit(0); }