Added more command line switches in order for the user to be able to specify the...
authorFranck Joncourt <franck@debian.org>
Tue, 5 Mar 2013 20:01:38 +0000 (21:01 +0100)
committerFranck Joncourt <franck@debian.org>
Tue, 5 Mar 2013 20:01:38 +0000 (21:01 +0100)
client/cmd_opts.h
client/config_init.c

index 0a4854c..7b74b3f 100644 (file)
@@ -54,6 +54,9 @@ enum {
     GPG_AGENT,
     SPA_ICMP_TYPE,
     SPA_ICMP_CODE,
+    KEY_RIJNDAEL,
+    KEY_RIJNDAEL_BASE64,
+    KEY_HMAC_BASE64,
     NOOP /* Just to be a marker for the end */
 };
 
@@ -87,6 +90,9 @@ static struct option cmd_opts[] =
     {"http-proxy",          1, NULL, 'H'},
     {"key-gen",             0, NULL, 'k'},
     {"key-gen-file",        1, NULL, 'K'},
+    {"key-rijndael",        1, NULL, KEY_RIJNDAEL },
+    {"key-rijndael-base64", 1, NULL, KEY_RIJNDAEL_BASE64 },
+    {"key-hmac-base64",     1, NULL, KEY_HMAC_BASE64 },
     {"icmp-type",           1, NULL, SPA_ICMP_TYPE },
     {"icmp-code",           1, NULL, SPA_ICMP_CODE },
     {"last-cmd",            0, NULL, 'l'},
index 47771cd..39a5529 100644 (file)
@@ -29,7 +29,9 @@
  ******************************************************************************
  */
 
-/* FIXME: Finish save capability. */
+/* FIXME: Finish save capability.
+ *        SPAC_ICMP_TYPE and ICMP_SPA_CODE are not stored in the stanza
+ */
 
 #include "fwknop_common.h"
 #include "netinet_common.h"
@@ -65,8 +67,8 @@ enum
     FWKNOP_CLI_ARG_ACCESS,
     FWKNOP_CLI_ARG_SPA_SERVER,
     FWKNOP_CLI_ARG_RAND_PORT,
-    FWKNOP_CLI_ARG_KEY,
-    FWKNOP_CLI_ARG_KEY_BASE64,
+    FWKNOP_CLI_ARG_KEY_RIJNDAEL,
+    FWKNOP_CLI_ARG_KEY_RIJNDAEL_BASE64,
     FWKNOP_CLI_ARG_KEY_HMAC_BASE64,
     FWKNOP_CLI_ARG_KEY_FILE,
     FWKNOP_CLI_ARG_NAT_ACCESS,
@@ -837,6 +839,15 @@ add_rc_param(FILE* fhandle, uint16_t arg_ndx, fko_cli_options_t *options)
         case FWKNOP_CLI_ARG_KEY_FILE :
             strlcpy(val, options->get_key_file, sizeof(val));
             break;
+        case FWKNOP_CLI_ARG_KEY_RIJNDAEL:
+            strlcpy(val, options->key, sizeof(val));
+            break;
+        case FWKNOP_CLI_ARG_KEY_RIJNDAEL_BASE64:
+            strlcpy(val, options->key_base64, sizeof(val));
+            break;
+        case FWKNOP_CLI_ARG_KEY_HMAC_BASE64:
+            strlcpy(val, options->hmac_key_base64, sizeof(val));
+            break;
         case FWKNOP_CLI_ARG_NAT_ACCESS :
             strlcpy(val, options->nat_access_str, sizeof(val));
             break;
@@ -1428,6 +1439,35 @@ config_init(fko_cli_options_t *options, int argc, char **argv)
                 options->key_gen = 1;
                 strlcpy(options->key_gen_file, optarg, MAX_PATH_LEN);
                 break;
+            case KEY_RIJNDAEL:
+                strlcpy(options->key, optarg, MAX_KEY_LEN);
+                options->have_key = 1;
+                cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_KEY_RIJNDAEL);
+                break;
+            case KEY_RIJNDAEL_BASE64:
+                if (! is_base64((unsigned char *) optarg, strlen(optarg)))
+                {
+                    fprintf(stderr,
+                        "Base64 encoded Rijndael argument '%s' doesn't look like base64-encoded data.\n",
+                        optarg);
+                    exit(EXIT_FAILURE);
+                }
+                strlcpy(options->key_base64, optarg, MAX_KEY_LEN);
+                options->have_base64_key = 1;
+                cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_KEY_RIJNDAEL_BASE64);
+                break;
+            case KEY_HMAC_BASE64:
+                if (! is_base64((unsigned char *) optarg, strlen(optarg)))
+                {
+                    fprintf(stderr,
+                        "Base64 encoded HMAC argument '%s' doesn't look like base64-encoded data.\n",
+                        optarg);
+                     exit(EXIT_FAILURE);
+                }
+                strlcpy(options->hmac_key_base64, optarg, MAX_KEY_LEN);
+                options->have_hmac_base64_key = 1;
+                cli_arg_bitmask |= FWKNOP_CLI_ARG_BM(FWKNOP_CLI_ARG_KEY_HMAC_BASE64);
+                break;
             case SPA_ICMP_TYPE:
                 options->spa_icmp_type = strtol_wrapper(optarg, 0,
                         MAX_ICMP_TYPE, NO_EXIT_UPON_ERR, &is_err);
@@ -1698,6 +1738,18 @@ usage(void)
       " -k, --key-gen               Generate SPA Rijndael + HMAC keys.\n"
       " -K, --key-gen-file          Write generated Rijndael + HMAC keys to a\n"
       "                             file\n"
+      "     --key-rijndael          Specify the Rijndael key. Since the password is\n"
+      "                             visible to utilities (like 'ps' under Unix) this\n"
+      "                             form should only be used where security is not\n"
+      "                             important.\n"
+      "     --key-base64-rijndael   Specify the base64 encoded Rijndael key. Since\n"
+      "                             the password is visible to utilities (like 'ps'\n"
+      "                             under Unix) this form should only be used where\n"
+      "                             security is not important.\n"
+      "     --key-base64-hmac       Specify the base64 encoded HMAC key. Since the\n"
+      "                             password is visible to utilities (like 'ps'\n"
+      "                             under Unix) this form should only be used where\n"
+      "                             security is not important.\n"
       " -r, --rand-port             Send the SPA packet over a randomly assigned\n"
       "                             port (requires a broader pcap filter on the\n"
       "                             server side than the default of udp 62201).\n"