#include "xalloc.h"
#include "protocol.h"
#include "control_common.h"
+#include "ecdsagen.h"
#include "rsagen.h"
#include "utils.h"
#include "tincctl.h"
" restart Restart tincd.\n"
" reload Reload configuration of running tincd.\n"
" pid Show PID of currently running tincd.\n"
- " generate-keys [bits] Generate a new public/private keypair.\n"
+ " generate-keys [bits] Generate new RSA and ECDSA public/private keypairs.\n"
+ " generate-rsa-keys [bits] Generate a new RSA public/private keypair.\n"
+ " generate-ecdsa-keys Generate a new ECDSA public/private keypair.\n"
" dump Dump a list of one of the following things:\n"
" nodes - all known nodes in the VPN\n"
" edges - all known connections in the VPN\n"
return r;
}
+/*
+ Generate a public/private ECDSA keypair, and ask for a file to store
+ them in.
+*/
+static bool ecdsa_keygen() {
+ ecdsa_t key;
+ FILE *f;
+ char *filename;
+
+ fprintf(stderr, "Generating ECDSA keypair:\n");
+
+ if(!ecdsa_generate(&key)) {
+ fprintf(stderr, "Error during key generation!\n");
+ return false;
+ } else
+ fprintf(stderr, "Done.\n");
+
+ xasprintf(&filename, "%s/ecdsa_key.priv", confbase);
+ f = ask_and_open(filename, "private ECDSA key", "a");
+
+ if(!f)
+ return false;
+
+#ifdef HAVE_FCHMOD
+ /* Make it unreadable for others. */
+ fchmod(fileno(f), 0600);
+#endif
+
+ if(ftell(f))
+ fprintf(stderr, "Appending key to existing contents.\nMake sure only one key is stored in the file.\n");
+
+ ecdsa_write_pem_private_key(&key, f);
+
+ fclose(f);
+ free(filename);
+
+ if(name)
+ xasprintf(&filename, "%s/hosts/%s", confbase, name);
+ else
+ xasprintf(&filename, "%s/ecdsa_key.pub", confbase);
+
+ f = ask_and_open(filename, "public ECDSA key", "a");
+
+ if(!f)
+ return false;
+
+ if(ftell(f))
+ fprintf(stderr, "Appending key to existing contents.\nMake sure only one key is stored in the file.\n");
+
+ char *pubkey = ecdsa_get_base64_public_key(&key);
+ fprintf(f, "ECDSAPublicKey = %s\n", pubkey);
+ free(pubkey);
+
+ fclose(f);
+ free(filename);
+
+ return true;
+}
+
/*
Generate a public/private RSA keypair, and ask for a file to store
them in.
*/
-static bool keygen(int bits) {
+static bool rsa_keygen(int bits) {
rsa_t key;
FILE *f;
char *filename;
bool sendline(int fd, char *format, ...) {
static char buffer[4096];
char *p = buffer;
- size_t blen = 0;
+ int blen = 0;
va_list ap;
va_start(ap, format);
blen = vsnprintf(buffer, sizeof buffer, format, ap);
va_end(ap);
- if(blen < 0 || blen >= sizeof buffer)
+ if(blen < 1 || blen >= sizeof buffer)
return false;
buffer[blen] = '\n';
int result = send(fd, p, blen, 0);
if(result == -1 && errno == EINTR)
continue;
- else if(result <= 0);
+ else if(result <= 0)
return false;
p += result;
blen -= result;
make_names();
if(show_version) {
- printf("%s version %s (built %s %s, protocol %d)\n", PACKAGE,
- VERSION, __DATE__, __TIME__, PROT_CURRENT);
+ printf("%s version %s (built %s %s, protocol %d.%d)\n", PACKAGE,
+ VERSION, __DATE__, __TIME__, PROT_MAJOR, PROT_MINOR);
printf("Copyright (C) 1998-2009 Ivo Timmermans, Guus Sliepen and others.\n"
"See the AUTHORS file for a complete list.\n\n"
"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n"
// First handle commands that don't involve connecting to a running tinc daemon.
+ if(!strcasecmp(argv[optind], "generate-rsa-keys")) {
+ return !rsa_keygen(optind > argc ? atoi(argv[optind + 1]) : 2048);
+ }
+
+ if(!strcasecmp(argv[optind], "generate-ecdsa-keys")) {
+ return !ecdsa_keygen();
+ }
+
if(!strcasecmp(argv[optind], "generate-keys")) {
- return !keygen(optind > argc ? atoi(argv[optind + 1]) : 2048);
+ return !(rsa_keygen(optind > argc ? atoi(argv[optind + 1]) : 2048) && ecdsa_keygen());
}
if(!strcasecmp(argv[optind], "start")) {
struct addrinfo *res = NULL;
if(getaddrinfo(host, port, &hints, &res) || !res) {
- fprintf(stderr, "Cannot resolve %s port %s: %s", host ?: "localhost", port, strerror(errno));
+ fprintf(stderr, "Cannot resolve %s port %s: %s", host, port, strerror(errno));
return 1;
}
#endif
if(connect(fd, res->ai_addr, res->ai_addrlen) < 0) {
- fprintf(stderr, "Cannot connect to %s port %s: %s\n", host ?: "localhost", port, sockstrerror(sockerrno));
+ fprintf(stderr, "Cannot connect to %s port %s: %s\n", host, port, sockstrerror(sockerrno));
return 1;
}