client: add CMAC support to keygen command
Allow a CMAC cipher to be specified in the keygen command. Ignore the specified length as the key length is determined by the cipher.
This commit is contained in:
Miroslav Lichvar
parent
57957ab6cf
commit
510aa8b050
3 changed files with 26 additions and 13 deletions
30
client.c
30
client.c
|
|
@ -33,6 +33,7 @@
|
|||
|
||||
#include "array.h"
|
||||
#include "candm.h"
|
||||
#include "cmac.h"
|
||||
#include "logging.h"
|
||||
#include "memory.h"
|
||||
#include "nameserv.h"
|
||||
|
|
@ -2852,28 +2853,39 @@ process_cmd_retries(const char *line)
|
|||
static int
|
||||
process_cmd_keygen(char *line)
|
||||
{
|
||||
char hash_name[17];
|
||||
unsigned char key[512];
|
||||
unsigned int i, length, id = 1, bits = 160;
|
||||
char type[17];
|
||||
unsigned int i, cmac_length, length, id = 1, bits = 160;
|
||||
|
||||
#ifdef FEAT_SECHASH
|
||||
snprintf(hash_name, sizeof (hash_name), "SHA1");
|
||||
snprintf(type, sizeof (type), "SHA1");
|
||||
#else
|
||||
snprintf(hash_name, sizeof (hash_name), "MD5");
|
||||
snprintf(type, sizeof (type), "MD5");
|
||||
#endif
|
||||
|
||||
if (sscanf(line, "%u %16s %u", &id, hash_name, &bits))
|
||||
if (sscanf(line, "%u %16s %u", &id, type, &bits))
|
||||
;
|
||||
|
||||
length = CLAMP(10, (bits + 7) / 8, sizeof (key));
|
||||
if (HSH_GetHashId(hash_name) < 0) {
|
||||
LOG(LOGS_ERR, "Unknown hash function %s", hash_name);
|
||||
#ifdef HAVE_CMAC
|
||||
cmac_length = CMC_GetKeyLength(type);
|
||||
#else
|
||||
cmac_length = 0;
|
||||
#endif
|
||||
|
||||
if (HSH_GetHashId(type) >= 0) {
|
||||
length = (bits + 7) / 8;
|
||||
} else if (cmac_length > 0) {
|
||||
length = cmac_length;
|
||||
} else {
|
||||
LOG(LOGS_ERR, "Unknown hash function or cipher %s", type);
|
||||
return 0;
|
||||
}
|
||||
|
||||
length = CLAMP(10, length, sizeof (key));
|
||||
|
||||
UTI_GetRandomBytesUrandom(key, length);
|
||||
|
||||
printf("%u %s HEX:", id, hash_name);
|
||||
printf("%u %s HEX:", id, type);
|
||||
for (i = 0; i < length; i++)
|
||||
printf("%02hhX", key[i]);
|
||||
printf("\n");
|
||||
|
|
|
|||
1
configure
vendored
1
configure
vendored
|
|
@ -886,6 +886,7 @@ if [ $feat_sechash = "1" ] && [ "x$HASH_LINK" = "x" ] && [ $try_nettle = "1" ];
|
|||
then
|
||||
add_def HAVE_CMAC
|
||||
EXTRA_OBJECTS="$EXTRA_OBJECTS cmac_nettle.o"
|
||||
EXTRA_CLI_OBJECTS="$EXTRA_CLI_OBJECTS cmac_nettle.o"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -1188,10 +1188,10 @@ generated from the _/dev/urandom_ device and it is printed to standard output.
|
|||
+
|
||||
The command has three optional arguments. The first argument is the key number
|
||||
(by default 1), which will be specified with the *key* option of the *server*
|
||||
or *peer* directives in the configuration file. The second argument is the hash
|
||||
function (by default SHA1 or MD5 if SHA1 is not available) and the third
|
||||
argument is the number of bits the key should have, between 80 and 4096 bits
|
||||
(by default 160 bits).
|
||||
or *peer* directives in the configuration file. The second argument is the name
|
||||
of the hash function or cipher (by default SHA1, or MD5 if SHA1 is not
|
||||
available). The third argument is the length of the key in bits if a hash
|
||||
function was selected, between 80 and 4096 bits (by default 160 bits).
|
||||
+
|
||||
An example is:
|
||||
+
|
||||
|
|
|
|||
Loading…
Reference in a new issue