diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/Makefile.am | 2 | ||||
| -rw-r--r-- | src/checksum/checksum_builder.c | 4 | ||||
| -rw-r--r-- | src/libstrongswan/credentials/keys/key_encoding.h | 3 | ||||
| -rw-r--r-- | src/pki/.gitignore | 1 | ||||
| -rw-r--r-- | src/pki/Makefile.am | 9 | ||||
| -rw-r--r-- | src/pki/pki.c | 189 |
6 files changed, 207 insertions, 1 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index ebdaa6a63..d2ac5f655 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -25,7 +25,7 @@ if USE_UPDOWN endif if USE_TOOLS - SUBDIRS += openac scepclient + SUBDIRS += openac scepclient pki endif if USE_DUMM diff --git a/src/checksum/checksum_builder.c b/src/checksum/checksum_builder.c index a713eb526..ff20fe369 100644 --- a/src/checksum/checksum_builder.c +++ b/src/checksum/checksum_builder.c @@ -89,6 +89,10 @@ int main(int argc, char* argv[]) { name = strdup("scepclient\","); } + else if (strstr(path, "pki")) + { + name = strdup("pki\","); + } else { fprintf(stderr, "don't know how to handle '%s', ignored", path); diff --git a/src/libstrongswan/credentials/keys/key_encoding.h b/src/libstrongswan/credentials/keys/key_encoding.h index ea97a1f2d..27a120e89 100644 --- a/src/libstrongswan/credentials/keys/key_encoding.h +++ b/src/libstrongswan/credentials/keys/key_encoding.h @@ -75,6 +75,9 @@ enum key_encoding_type_t { /** PKCS#1/ASN.1 key encoding */ KEY_PUB_ASN1_DER, KEY_PRIV_ASN1_DER, + /** PEM oncoded PKCS#1 key */ + KEY_PUB_PEM, + KEY_PRIV_PEM, /** PGP key encoding */ KEY_PUB_PGP, KEY_PRIV_PGP, diff --git a/src/pki/.gitignore b/src/pki/.gitignore new file mode 100644 index 000000000..5a8ef6ad3 --- /dev/null +++ b/src/pki/.gitignore @@ -0,0 +1 @@ +pki diff --git a/src/pki/Makefile.am b/src/pki/Makefile.am new file mode 100644 index 000000000..3aa885cff --- /dev/null +++ b/src/pki/Makefile.am @@ -0,0 +1,9 @@ +ipsec_PROGRAMS = pki + +pki_SOURCES = pki.c +pki_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = \ + -DPLUGINDIR=\"${plugindir}\" \ + -DPLUGINS=\""${libstrongswan_plugins}\"" \ + -DSTRONGSWAN_CONF=\"${strongswan_conf}\" diff --git a/src/pki/pki.c b/src/pki/pki.c new file mode 100644 index 000000000..0b3e8cf8d --- /dev/null +++ b/src/pki/pki.c @@ -0,0 +1,189 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include <getopt.h> +#include <stdlib.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <unistd.h> +#include <errno.h> +#include <stdio.h> +#include <stddef.h> +#include <string.h> + +#include <library.h> +#include <credentials/keys/private_key.h> + +static int usage(char *error) +{ + FILE *out = stdout; + + if (error) + { + out = stderr; + fprintf(out, "%s\n\n", error); + } + fprintf(out, "strongSwan %s PKI tool\n", VERSION); + fprintf(out, "usage:\n"); + fprintf(out, "pki --help\n"); + fprintf(out, " show this usage information\n"); + fprintf(out, "pki --gen [--type rsa|ecdsa] [--size bits] [--form der|pem|pgp\n"); + fprintf(out, " generate a new private key\n"); + return !!error; +} + +/** + * Generate a private key + */ +static int gen(int argc, char *argv[]) +{ + key_encoding_type_t form = KEY_PRIV_ASN1_DER; + key_type_t type = KEY_RSA; + u_int size = 0; + private_key_t *key; + chunk_t encoding; + + struct option long_opts[] = { + { "type", required_argument, NULL, 't' }, + { "size", required_argument, NULL, 's' }, + { "form", required_argument, NULL, 'f' }, + { 0,0,0,0 } + }; + while (TRUE) + { + switch (getopt_long(argc, argv, "", long_opts, NULL)) + { + case 't': + if (streq(optarg, "rsa")) + { + type = KEY_RSA; + } + else if (streq(optarg, "ecdsa")) + { + type = KEY_ECDSA; + } + else + { + return usage("invalid key type"); + } + continue; + case 'f': + if (streq(optarg, "der")) + { + form = KEY_PRIV_ASN1_DER; + } + else if (streq(optarg, "pem")) + { + form = KEY_PRIV_PEM; + } + else if (streq(optarg, "pgp")) + { + form = KEY_PRIV_PGP; + } + else + { + return usage("invalid key format"); + } + continue; + case 's': + size = atoi(optarg); + if (!size) + { + return usage("invalid key size"); + } + continue; + case EOF: + break; + default: + return usage("invalid --gen option"); + } + break; + } + /* default key sizes */ + if (!size) + { + switch (type) + { + case KEY_RSA: + size = 2048; + break; + case KEY_ECDSA: + size = 384; + break; + default: + break; + } + } + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, + BUILD_KEY_SIZE, size, BUILD_END); + if (!key) + { + fprintf(stderr, "private key generation failed\n"); + return 1; + } + if (!key->get_encoding(key, form, &encoding)) + { + fprintf(stderr, "private key encoding failed\n"); + key->destroy(key); + return 1; + } + key->destroy(key); + if (fwrite(encoding.ptr, encoding.len, 1, stdout) != 1) + { + fprintf(stderr, "writing private key failed\n"); + free(encoding.ptr); + return 1; + } + free(encoding.ptr); + return 0; +} + +/** + * Library initialization and operation parsing + */ +int main(int argc, char *argv[]) +{ + struct option long_opts[] = { + { "help", no_argument, NULL, 'h' }, + { "gen", no_argument, NULL, 'g' }, + { 0,0,0,0 } + }; + + atexit(library_deinit); + if (!library_init(STRONGSWAN_CONF)) + { + exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); + } + if (lib->integrity && + !lib->integrity->check_file(lib->integrity, "pki", argv[0])) + { + fprintf(stderr, "integrity check of pki failed\n"); + exit(SS_RC_DAEMON_INTEGRITY); + } + lib->plugins->load(lib->plugins, PLUGINDIR, + lib->settings->get_str(lib->settings, "pki.load", PLUGINS)); + + switch (getopt_long(argc, argv, "", long_opts, NULL)) + { + case 'h': + return usage(NULL); + case 'g': + return gen(argc, argv); + default: + return usage("invalid operation"); + } +} + |