Add '--key-size' option to twadmin generate-keys mode, so you can use 1024 or 2048 bit El Gamal keys. Until now was always 1024 bit only.

src/twadmin/keygeneration.cpp

@@ -42,13 +42,6 @@
 #include "twadminstrings.h"
 #include "core/usernotify.h"
 
-
-#ifndef _DEBUG
-const cElGamalSig::KeySize TRIPWIRE_PUBLIC_KEYSIZE = cElGamalSig::KEY1024;
-#else
-const cElGamalSig::KeySize TRIPWIRE_PUBLIC_KEYSIZE = cElGamalSig::KEY1024;
-#endif
-
 struct tGK
 {
     bool    doneFlag;
@@ -76,7 +69,7 @@ struct tGK
     }
 };
 
-static void GeneratePublicPrivateKeys(void* pParams)
+static void GeneratePublicPrivateKeys(void* pParams, const cElGamalSig::KeySize key_size)
 {
     tGK* pGK = (tGK*)pParams;
 
@@ -99,7 +92,7 @@ static void GeneratePublicPrivateKeys(void* pParams)
         
         try
         {
-            keyfile.GenerateKeys(TRIPWIRE_PUBLIC_KEYSIZE, pGK->passphrase, pGK->passphraseLen);
+            keyfile.GenerateKeys(key_size, pGK->passphrase, pGK->passphraseLen);
         }
         catch(eKeyFile&)
         {
@@ -136,7 +129,7 @@ static void GeneratePublicPrivateKeys(void* pParams)
     return;
 }
 
-bool GenerateKey(const TCHAR* keyPath, wc16_string passphrase)
+bool GenerateKey(const TCHAR* keyPath, wc16_string passphrase, const cElGamalSig::KeySize key_size)
 {
 #ifndef WORDS_BIGENDIAN
     passphrase.swapbytes();
@@ -160,7 +153,7 @@ bool GenerateKey(const TCHAR* keyPath, wc16_string passphrase)
     gk.keyPath = keyPath;
 
 #if IS_UNIX
-    GeneratePublicPrivateKeys(&gk);
+    GeneratePublicPrivateKeys(&gk, key_size);
 #endif
 
     if (gk.retValue != tGK::OK)

src/twadmin/keygeneration.h

@@ -44,7 +44,9 @@
 #include "core/wchar16.h"
 #endif
 
-bool GenerateKey(const TCHAR* keyPath, wc16_string passphrase);
+#include "twcrypto/crypto.h"
+
+bool GenerateKey(const TCHAR* keyPath, wc16_string passphrase, const cElGamalSig::KeySize key_size);
 
 #endif
 

src/twadmin/twadmincl.cpp

@@ -1625,6 +1625,7 @@ private:
     wc16_string mLocalPassphrase;
     bool        mGenerateSite;  // A Site key has been specified.
     bool        mGenerateLocal; // A Local key has been specified.
+    cElGamalSig::KeySize mKeySize;
 };
 
 cTWAModeGenerateKeys::cTWAModeGenerateKeys()
@@ -1633,6 +1634,7 @@ cTWAModeGenerateKeys::cTWAModeGenerateKeys()
     mSiteProvided = false;
     mGenerateSite = false;
     mGenerateLocal = false;
+    mKeySize = cElGamalSig::KEY1024;
 }
 
 cTWAModeGenerateKeys::~cTWAModeGenerateKeys()
@@ -1648,6 +1650,8 @@ void cTWAModeGenerateKeys::InitCmdLineParser(cCmdLineParser& parser)
     parser.AddArg(cTWAdminCmdLine::LOCAL_KEY_FILE,      TSTRING(_T("L")),   TSTRING(_T("local-keyfile")),       cCmdLineParser::PARAM_ONE);
     parser.AddArg(cTWAdminCmdLine::SITEPASSPHRASE,      TSTRING(_T("Q")),   TSTRING(_T("site-passphrase")),     cCmdLineParser::PARAM_ONE);
     parser.AddArg(cTWAdminCmdLine::LOCALPASSPHRASE,     TSTRING(_T("P")),   TSTRING(_T("local-passphrase")),    cCmdLineParser::PARAM_ONE);
+    parser.AddArg(cTWAdminCmdLine::KEY_SIZE,            TSTRING(_T("K")),   TSTRING(_T("key-size")),
+        cCmdLineParser::PARAM_ONE);
 }
 
 bool cTWAModeGenerateKeys::Init(const cConfigFile* cf, const cCmdLineParser& parser)
@@ -1679,6 +1683,14 @@ bool cTWAModeGenerateKeys::Init(const cConfigFile* cf, const cCmdLineParser& par
         case cTWAdminCmdLine::LOCAL_KEY_FILE:
             mGenerateLocal = true;
             break;
+        case cTWAdminCmdLine::KEY_SIZE:
+            if(iter.ParamAt(0) == "2048")
+                mKeySize = cElGamalSig::KEY2048;
+            else if(iter.ParamAt(0) == "1024")
+                mKeySize = cElGamalSig::KEY1024;
+            else
+                throw eBadCmdLine(TSS_GetString(cTWAdmin, twadmin::STR_ERR2_INVALID_KEY_SIZE));
+            break;
         }
     }
 
@@ -1810,7 +1822,7 @@ int cTWAModeGenerateKeys::Execute(cErrorQueue* pQueue)
         // backup current file if it exists
         cFileUtil::BackupFile(mSiteKeyFile);
 
-        if (GenerateKey(mSiteKeyFile.c_str(), mSitePassphrase) == false)
+        if (GenerateKey(mSiteKeyFile.c_str(), mSitePassphrase, mKeySize) == false)
             return 1;
     }
 
@@ -1856,7 +1868,7 @@ int cTWAModeGenerateKeys::Execute(cErrorQueue* pQueue)
         // backup current file if it exists
         cFileUtil::BackupFile(mLocalKeyFile);
 
-        if (GenerateKey(mLocalKeyFile.c_str(), mLocalPassphrase) == false)
+        if (GenerateKey(mLocalKeyFile.c_str(), mLocalPassphrase, mKeySize) == false)
             return 1;
     }
 

src/twadmin/twadmincl.h

@@ -119,6 +119,7 @@ public:
         LOCALPASSPHRASE,
         SITEPASSPHRASEOLD,
         LOCALPASSPHRASEOLD,
+        KEY_SIZE,
 
         PARAMS, // the final params
 

src/twadmin/twadminstrings.cpp

@@ -182,6 +182,7 @@ TSS_BeginStringtable( cTWAdmin )
                 _T("  -S sitekey           --site-keyfile sitekey\n")
                 _T("  -P passphrase        --local-passphrase passphrase\n")
                 _T("  -Q passphrase        --site-passphrase passphrase\n")
+                _T("  -K size              --key-size size [1024 or 2048]\n")                    
                 _T("\n")
                 _T("The -v and -s options are mutually exclusive.\n")
                 _T("Exactly one of -S or -L must be specified.\n")
@@ -301,5 +302,7 @@ TSS_BeginStringtable( cTWAdmin )
     TSS_StringEntry( twadmin::STR_ERR2_CREATE_CFG_SITEKEY_MISMATCH2, _T("\" does not match the keyfile specified in the new config file text \"") ),
     TSS_StringEntry( twadmin::STR_ERR2_CREATE_CFG_SITEKEY_MISMATCH3, _T("\".") ),
 
+    TSS_StringEntry( twadmin::STR_ERR2_INVALID_KEY_SIZE,             _T("Invalid key size specified. Valid sizes are 1024 & 2048 bits.") ),
+
 TSS_EndStringtable( cTWAdmin )
 

src/twadmin/twadminstrings.h

@@ -152,7 +152,9 @@ TSS_BeginStringIds( twadmin )
     STR_ERR2_CREATE_CFG_MISSING_KEYFILE,
     STR_ERR2_CREATE_CFG_SITEKEY_MISMATCH1,
     STR_ERR2_CREATE_CFG_SITEKEY_MISMATCH2,
-    STR_ERR2_CREATE_CFG_SITEKEY_MISMATCH3
+    STR_ERR2_CREATE_CFG_SITEKEY_MISMATCH3,
+
+    STR_ERR2_INVALID_KEY_SIZE
 
 TSS_EndStringIds( twadmin )