Add '--key-size' option to twadmin generate-keys mode, so you can use 1024 or 2048 bit El Gamal keys. Until now was always 1024 bit only.

This commit is contained in:
Brian Cox 2016-11-25 17:10:14 -08:00
parent f9aa5de896
commit 77a8152d71
6 changed files with 28 additions and 15 deletions

View File

@ -42,13 +42,6 @@
#include "twadminstrings.h" #include "twadminstrings.h"
#include "core/usernotify.h" #include "core/usernotify.h"
#ifndef _DEBUG
const cElGamalSig::KeySize TRIPWIRE_PUBLIC_KEYSIZE = cElGamalSig::KEY1024;
#else
const cElGamalSig::KeySize TRIPWIRE_PUBLIC_KEYSIZE = cElGamalSig::KEY1024;
#endif
struct tGK struct tGK
{ {
bool doneFlag; bool doneFlag;
@ -76,7 +69,7 @@ struct tGK
} }
}; };
static void GeneratePublicPrivateKeys(void* pParams) static void GeneratePublicPrivateKeys(void* pParams, const cElGamalSig::KeySize key_size)
{ {
tGK* pGK = (tGK*)pParams; tGK* pGK = (tGK*)pParams;
@ -99,7 +92,7 @@ static void GeneratePublicPrivateKeys(void* pParams)
try try
{ {
keyfile.GenerateKeys(TRIPWIRE_PUBLIC_KEYSIZE, pGK->passphrase, pGK->passphraseLen); keyfile.GenerateKeys(key_size, pGK->passphrase, pGK->passphraseLen);
} }
catch(eKeyFile&) catch(eKeyFile&)
{ {
@ -136,7 +129,7 @@ static void GeneratePublicPrivateKeys(void* pParams)
return; return;
} }
bool GenerateKey(const TCHAR* keyPath, wc16_string passphrase) bool GenerateKey(const TCHAR* keyPath, wc16_string passphrase, const cElGamalSig::KeySize key_size)
{ {
#ifndef WORDS_BIGENDIAN #ifndef WORDS_BIGENDIAN
passphrase.swapbytes(); passphrase.swapbytes();
@ -160,7 +153,7 @@ bool GenerateKey(const TCHAR* keyPath, wc16_string passphrase)
gk.keyPath = keyPath; gk.keyPath = keyPath;
#if IS_UNIX #if IS_UNIX
GeneratePublicPrivateKeys(&gk); GeneratePublicPrivateKeys(&gk, key_size);
#endif #endif
if (gk.retValue != tGK::OK) if (gk.retValue != tGK::OK)

View File

@ -44,7 +44,9 @@
#include "core/wchar16.h" #include "core/wchar16.h"
#endif #endif
bool GenerateKey(const TCHAR* keyPath, wc16_string passphrase); #include "twcrypto/crypto.h"
bool GenerateKey(const TCHAR* keyPath, wc16_string passphrase, const cElGamalSig::KeySize key_size);
#endif #endif

View File

@ -1625,6 +1625,7 @@ private:
wc16_string mLocalPassphrase; wc16_string mLocalPassphrase;
bool mGenerateSite; // A Site key has been specified. bool mGenerateSite; // A Site key has been specified.
bool mGenerateLocal; // A Local key has been specified. bool mGenerateLocal; // A Local key has been specified.
cElGamalSig::KeySize mKeySize;
}; };
cTWAModeGenerateKeys::cTWAModeGenerateKeys() cTWAModeGenerateKeys::cTWAModeGenerateKeys()
@ -1633,6 +1634,7 @@ cTWAModeGenerateKeys::cTWAModeGenerateKeys()
mSiteProvided = false; mSiteProvided = false;
mGenerateSite = false; mGenerateSite = false;
mGenerateLocal = false; mGenerateLocal = false;
mKeySize = cElGamalSig::KEY1024;
} }
cTWAModeGenerateKeys::~cTWAModeGenerateKeys() cTWAModeGenerateKeys::~cTWAModeGenerateKeys()
@ -1648,6 +1650,8 @@ void cTWAModeGenerateKeys::InitCmdLineParser(cCmdLineParser& parser)
parser.AddArg(cTWAdminCmdLine::LOCAL_KEY_FILE, TSTRING(_T("L")), TSTRING(_T("local-keyfile")), cCmdLineParser::PARAM_ONE); parser.AddArg(cTWAdminCmdLine::LOCAL_KEY_FILE, TSTRING(_T("L")), TSTRING(_T("local-keyfile")), cCmdLineParser::PARAM_ONE);
parser.AddArg(cTWAdminCmdLine::SITEPASSPHRASE, TSTRING(_T("Q")), TSTRING(_T("site-passphrase")), cCmdLineParser::PARAM_ONE); parser.AddArg(cTWAdminCmdLine::SITEPASSPHRASE, TSTRING(_T("Q")), TSTRING(_T("site-passphrase")), cCmdLineParser::PARAM_ONE);
parser.AddArg(cTWAdminCmdLine::LOCALPASSPHRASE, TSTRING(_T("P")), TSTRING(_T("local-passphrase")), cCmdLineParser::PARAM_ONE); parser.AddArg(cTWAdminCmdLine::LOCALPASSPHRASE, TSTRING(_T("P")), TSTRING(_T("local-passphrase")), cCmdLineParser::PARAM_ONE);
parser.AddArg(cTWAdminCmdLine::KEY_SIZE, TSTRING(_T("K")), TSTRING(_T("key-size")),
cCmdLineParser::PARAM_ONE);
} }
bool cTWAModeGenerateKeys::Init(const cConfigFile* cf, const cCmdLineParser& parser) bool cTWAModeGenerateKeys::Init(const cConfigFile* cf, const cCmdLineParser& parser)
@ -1679,6 +1683,14 @@ bool cTWAModeGenerateKeys::Init(const cConfigFile* cf, const cCmdLineParser& par
case cTWAdminCmdLine::LOCAL_KEY_FILE: case cTWAdminCmdLine::LOCAL_KEY_FILE:
mGenerateLocal = true; mGenerateLocal = true;
break; break;
case cTWAdminCmdLine::KEY_SIZE:
if(iter.ParamAt(0) == "2048")
mKeySize = cElGamalSig::KEY2048;
else if(iter.ParamAt(0) == "1024")
mKeySize = cElGamalSig::KEY1024;
else
throw eBadCmdLine(TSS_GetString(cTWAdmin, twadmin::STR_ERR2_INVALID_KEY_SIZE));
break;
} }
} }
@ -1810,7 +1822,7 @@ int cTWAModeGenerateKeys::Execute(cErrorQueue* pQueue)
// backup current file if it exists // backup current file if it exists
cFileUtil::BackupFile(mSiteKeyFile); cFileUtil::BackupFile(mSiteKeyFile);
if (GenerateKey(mSiteKeyFile.c_str(), mSitePassphrase) == false) if (GenerateKey(mSiteKeyFile.c_str(), mSitePassphrase, mKeySize) == false)
return 1; return 1;
} }
@ -1856,7 +1868,7 @@ int cTWAModeGenerateKeys::Execute(cErrorQueue* pQueue)
// backup current file if it exists // backup current file if it exists
cFileUtil::BackupFile(mLocalKeyFile); cFileUtil::BackupFile(mLocalKeyFile);
if (GenerateKey(mLocalKeyFile.c_str(), mLocalPassphrase) == false) if (GenerateKey(mLocalKeyFile.c_str(), mLocalPassphrase, mKeySize) == false)
return 1; return 1;
} }

View File

@ -119,6 +119,7 @@ public:
LOCALPASSPHRASE, LOCALPASSPHRASE,
SITEPASSPHRASEOLD, SITEPASSPHRASEOLD,
LOCALPASSPHRASEOLD, LOCALPASSPHRASEOLD,
KEY_SIZE,
PARAMS, // the final params PARAMS, // the final params

View File

@ -182,6 +182,7 @@ TSS_BeginStringtable( cTWAdmin )
_T(" -S sitekey --site-keyfile sitekey\n") _T(" -S sitekey --site-keyfile sitekey\n")
_T(" -P passphrase --local-passphrase passphrase\n") _T(" -P passphrase --local-passphrase passphrase\n")
_T(" -Q passphrase --site-passphrase passphrase\n") _T(" -Q passphrase --site-passphrase passphrase\n")
_T(" -K size --key-size size [1024 or 2048]\n")
_T("\n") _T("\n")
_T("The -v and -s options are mutually exclusive.\n") _T("The -v and -s options are mutually exclusive.\n")
_T("Exactly one of -S or -L must be specified.\n") _T("Exactly one of -S or -L must be specified.\n")
@ -301,5 +302,7 @@ TSS_BeginStringtable( cTWAdmin )
TSS_StringEntry( twadmin::STR_ERR2_CREATE_CFG_SITEKEY_MISMATCH2, _T("\" does not match the keyfile specified in the new config file text \"") ), TSS_StringEntry( twadmin::STR_ERR2_CREATE_CFG_SITEKEY_MISMATCH2, _T("\" does not match the keyfile specified in the new config file text \"") ),
TSS_StringEntry( twadmin::STR_ERR2_CREATE_CFG_SITEKEY_MISMATCH3, _T("\".") ), TSS_StringEntry( twadmin::STR_ERR2_CREATE_CFG_SITEKEY_MISMATCH3, _T("\".") ),
TSS_StringEntry( twadmin::STR_ERR2_INVALID_KEY_SIZE, _T("Invalid key size specified. Valid sizes are 1024 & 2048 bits.") ),
TSS_EndStringtable( cTWAdmin ) TSS_EndStringtable( cTWAdmin )

View File

@ -152,7 +152,9 @@ TSS_BeginStringIds( twadmin )
STR_ERR2_CREATE_CFG_MISSING_KEYFILE, STR_ERR2_CREATE_CFG_MISSING_KEYFILE,
STR_ERR2_CREATE_CFG_SITEKEY_MISMATCH1, STR_ERR2_CREATE_CFG_SITEKEY_MISMATCH1,
STR_ERR2_CREATE_CFG_SITEKEY_MISMATCH2, STR_ERR2_CREATE_CFG_SITEKEY_MISMATCH2,
STR_ERR2_CREATE_CFG_SITEKEY_MISMATCH3 STR_ERR2_CREATE_CFG_SITEKEY_MISMATCH3,
STR_ERR2_INVALID_KEY_SIZE
TSS_EndStringIds( twadmin ) TSS_EndStringIds( twadmin )