DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

handle key generation before config parsing

Browse Source
This commit is contained in:
Michael Rash 2015-05-20 09:47:51 -07:00
parent ceb1713976
commit de3bca2f9e
1 changed files with 62 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
server/config_init.c
View File

@ -215,14 +215,25 @@ generate_keys(fko_srv_options_t *options)
FILE *key_gen_file_ptr = NULL;
int res;
/* Set defaults and validate for --key-gen mode
*/
if(options->key_len == 0)
options->key_len = FKO_DEFAULT_KEY_LEN;
if(options->hmac_key_len == 0)
options->hmac_key_len = FKO_DEFAULT_HMAC_KEY_LEN;
if(options->hmac_type == 0)
options->hmac_type = FKO_DEFAULT_HMAC_MODE;
/* Zero out the key buffers */
memset(key_base64, 0x00, sizeof(key_base64));
memset(hmac_key_base64, 0x00, sizeof(hmac_key_base64));
/* Generate the key through libfko */
res = fko_key_gen(key_base64, FKO_DEFAULT_KEY_LEN,
hmac_key_base64, FKO_DEFAULT_HMAC_KEY_LEN,
FKO_DEFAULT_HMAC_MODE);
res = fko_key_gen(key_base64, options->key_len,
hmac_key_base64, options->hmac_key_len,
options->hmac_type);
if(res != FKO_SUCCESS)
{
@ -235,21 +246,19 @@ generate_keys(fko_srv_options_t *options)
{
if ((key_gen_file_ptr = fopen(options->key_gen_file, "w")) == NULL)
{
log_msg(LOG_INFO, "Unable to create key gen file: %s: %s",
log_msg(LOG_ERR, "Unable to create key gen file: %s: %s",
options->key_gen_file, strerror(errno));
clean_exit(options, NO_FW_CLEANUP, EXIT_FAILURE);
}
fprintf(key_gen_file_ptr, "KEY_BASE64: %s\nHMAC_KEY_BASE64: %s\n",
key_base64, hmac_key_base64);
fclose(key_gen_file_ptr);
log_msg(LOG_INFO,
"[+] Wrote Rijndael and HMAC keys to: %s",
fprintf(stdout, "[+] Wrote Rijndael and HMAC keys to: %s",
options->key_gen_file);
}
else
{
log_msg(LOG_INFO,
"KEY_BASE64: %s\nHMAC_KEY_BASE64: %s",
fprintf(stdout, "KEY_BASE64: %s\nHMAC_KEY_BASE64: %s\n",
key_base64, hmac_key_base64);
}
clean_exit(options, NO_FW_CLEANUP, EXIT_SUCCESS);
@ -936,20 +945,6 @@ validate_options(fko_srv_options_t *opts)
clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
if(opts->key_gen)
{
/* Set defaults and validate for --key-gen mode
*/
if(opts->key_len == 0)
opts->key_len = FKO_DEFAULT_KEY_LEN;
if(opts->hmac_key_len == 0)
opts->hmac_key_len = FKO_DEFAULT_HMAC_KEY_LEN;
if(opts->hmac_type == 0)
opts->hmac_type = FKO_DEFAULT_HMAC_MODE;
}
return;
}
@ -996,8 +991,9 @@ config_init(fko_srv_options_t *opts, int argc, char **argv)
/* First, scan the command-line args for -h/--help or an alternate
* configuration file. If we find an alternate config file, use it,
* otherwise use the default. We also grab any override config files
* as well.
* otherwise use the default. We also grab any override config files
* as well. In addition, we handle key generation here since this is
* independent of configuration parsing.
*/
while ((cmd_arg = getopt_long(argc, argv,
GETOPTS_OPTION_STRING, cmd_opts, &index)) != -1) {
@ -1020,6 +1016,45 @@ config_init(fko_srv_options_t *opts, int argc, char **argv)
if(got_override_config > 0)
break;
case 'k':
opts->key_gen = 1;
break;
case KEY_GEN_FILE:
opts->key_gen = 1;
strlcpy(opts->key_gen_file, optarg, sizeof(opts->key_gen_file));
break;
case KEY_LEN: /* used in --key-gen mode only */
opts->key_len = strtol_wrapper(optarg, 1,
MAX_KEY_LEN, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
log_msg(LOG_ERR,
"Invalid key length '%s', must be in [%d-%d]",
optarg, 1, MAX_KEY_LEN);
clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
break;
case HMAC_DIGEST_TYPE: /* used in --key-gen mode only */
if((opts->hmac_type = hmac_digest_strtoint(optarg)) < 0)
{
log_msg(LOG_ERR,
"* Invalid hmac digest type: %s, use {md5,sha1,sha256,sha384,sha512}",
optarg);
clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
break;
case HMAC_KEY_LEN: /* used in --key-gen mode only */
opts->hmac_key_len = strtol_wrapper(optarg, 1,
MAX_KEY_LEN, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
log_msg(LOG_ERR,
"Invalid hmac key length '%s', must be in [%d-%d]",
optarg, 1, MAX_KEY_LEN);
clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
break;
/* Look for override configuration file arg.
*/
case 'O':
@ -1033,6 +1068,9 @@ config_init(fko_srv_options_t *opts, int argc, char **argv)
}
}
if(opts->key_gen)
generate_keys(opts);
/* If no alternate configuration file was specified, we use the
* default.
*/
@ -1198,44 +1236,6 @@ config_init(fko_srv_options_t *opts, int argc, char **argv)
case IPT_DISABLE_CHECK_SUPPORT:
opts->ipt_disable_check_support = 1;
break;
case 'k':
opts->key_gen = 1;
break;
case KEY_GEN_FILE:
opts->key_gen = 1;
strlcpy(opts->key_gen_file, optarg, sizeof(opts->key_gen_file));
break;
case KEY_LEN: /* used in --key-gen mode only */
opts->key_len = strtol_wrapper(optarg, 1,
MAX_KEY_LEN, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
log_msg(LOG_ERR,
"Invalid key length '%s', must be in [%d-%d]",
optarg, 1, MAX_KEY_LEN);
clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
break;
case HMAC_DIGEST_TYPE: /* used in --key-gen mode only */
if((opts->hmac_type = hmac_digest_strtoint(optarg)) < 0)
{
log_msg(LOG_ERR,
"* Invalid hmac digest type: %s, use {md5,sha1,sha256,sha384,sha512}",
optarg);
clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
break;
case HMAC_KEY_LEN: /* used in --key-gen mode only */
opts->hmac_key_len = strtol_wrapper(optarg, 1,
MAX_KEY_LEN, NO_EXIT_UPON_ERR, &is_err);
if(is_err != FKO_SUCCESS)
{
log_msg(LOG_ERR,
"Invalid hmac key length '%s', must be in [%d-%d]",
optarg, 1, MAX_KEY_LEN);
clean_exit(opts, NO_FW_CLEANUP, EXIT_FAILURE);
}
break;
case 'K':
opts->kill = 1;
break;
@ -1296,9 +1296,6 @@ config_init(fko_srv_options_t *opts, int argc, char **argv)
*/
validate_options(opts);
if(opts->key_gen)
generate_keys(opts);
return;
}