15 #include "dtoolbase.h"
16 #include "prcKeyRegistry.h"
19 #include "panda_getopt.h"
20 #include "preprocess_argv.h"
24 #ifdef PRC_PUBLIC_KEYS_INCLUDE
25 #include PRC_PUBLIC_KEYS_INCLUDE
28 #include "openssl/rsa.h"
29 #include "openssl/err.h"
30 #include "openssl/pem.h"
31 #include "openssl/rand.h"
32 #include "openssl/bio.h"
37 bool _got_pass_phrase;
51 cerr <<
"Error occurred in SSL routines.\n";
53 static bool strings_loaded =
false;
54 if (!strings_loaded) {
55 ERR_load_crypto_strings();
56 strings_loaded =
true;
59 unsigned long e = ERR_get_error();
61 static const size_t buffer_len = 256;
62 char buffer[buffer_len];
63 ERR_error_string_n(e, buffer, buffer_len);
64 cerr << buffer <<
"\n";
76 output_c_string(ostream &out,
const string &string_name,
77 int index, BIO *mbio) {
79 size_t data_size = BIO_get_mem_data(mbio, &data_ptr);
81 out <<
"static const char * const " << string_name
82 << index <<
"_data =\n"
86 for (
size_t i = 0; i < data_size; i++) {
87 if (data_ptr[i] ==
'\n') {
97 if (isprint(data_ptr[i])) {
101 out <<
"\\x" << hex << setw(2) << setfill(
'0')
102 << (
unsigned int)(
unsigned char)data_ptr[i] << dec;
106 out <<
"\";\nstatic const unsigned int " << string_name << index
107 <<
"_length = " << data_size <<
";\n";
116 RSA *rsa = RSA_generate_key(1024, 7, NULL, NULL);
118 if (rsa == (RSA *)NULL) {
123 EVP_PKEY *pkey = EVP_PKEY_new();
124 EVP_PKEY_assign_RSA(pkey, rsa);
137 write_public_keys(
Filename outfile) {
139 cerr <<
"Rewriting " << outfile <<
"\n";
142 if (!outfile.open_write(out)) {
143 cerr <<
"Unable to open " << outfile <<
" for writing.\n";
149 "// This file was generated by make-prc-key. It defines the public keys\n"
150 "// that will be used to validate signed prc files.\n"
152 "#include \"prcKeyRegistry.h\"\n"
155 PrcKeyRegistry *pkr = PrcKeyRegistry::get_global_ptr();
157 BIO *mbio = BIO_new(BIO_s_mem());
159 int num_keys = pkr->get_num_keys();
161 for (i = 0; i < num_keys; i++) {
162 EVP_PKEY *pkey = pkr->get_key(i);
164 if (pkey != (EVP_PKEY *)NULL) {
165 if (!PEM_write_bio_PUBKEY(mbio, pkey)) {
170 output_c_string(out,
"prc_pubkey", i, mbio);
179 out <<
"static PrcKeyRegistry::KeyDef const prc_pubkeys[" << num_keys <<
"] = {\n";
181 for (i = 0; i < num_keys; i++) {
182 EVP_PKEY *pkey = pkr->get_key(i);
183 time_t generated_time = pkr->get_generated_time(i);
185 if (pkey != (EVP_PKEY *)NULL) {
186 out <<
" { prc_pubkey" << i <<
"_data, prc_pubkey" << i
187 <<
"_length, " << generated_time <<
" },\n";
189 out <<
" { NULL, 0, 0 },\n";
194 <<
"static const int num_prc_pubkeys = " << num_keys <<
";\n\n";
204 write_private_key(EVP_PKEY *pkey,
Filename outfile,
int n, time_t now,
207 cerr <<
"Rewriting " << outfile <<
"\n";
210 if (!outfile.open_write(out)) {
211 cerr <<
"Unable to open " << outfile <<
" for writing.\n";
217 "// This file was generated by make-prc-key. It can be compiled against\n"
218 "// dtool to produce a program that will sign a prc file using key number " << n <<
".\n\n";
220 BIO *mbio = BIO_new(BIO_s_mem());
223 if (pp != NULL && *pp ==
'\0') {
227 PEM_write_bio_PKCS8PrivateKey(mbio, pkey, NULL, NULL, 0, NULL, NULL);
232 PEM_write_bio_PKCS8PrivateKey(mbio, pkey, EVP_des_ede3_cbc(),
233 NULL, 0, NULL, (
void *)pp);
241 output_c_string(out,
"prc_privkey", n, mbio);
247 "#define KEY_NUMBER " << n <<
"\n"
248 "#define KEY_DATA prc_privkey" << n <<
"_data\n"
249 "#define KEY_LENGTH prc_privkey" << n <<
"_length\n"
250 "#define PROGNAME \"" << outfile.get_basename_wo_extension() <<
"\"\n"
251 "#define GENERATED_TIME " << now <<
"\n\n"
253 "#include \"signPrcFile_src.cxx\"\n\n";
263 "\nmake-prc-key [opts] 1[,\"pass_phrase\"] [2[,\"pass phrase\"] 3 ...]\n\n"
265 "This program generates one or more new keys to be used for signing\n"
266 "a prc file. The key itself is a completely arbitrary random bit\n"
267 "sequence. It is divided into a public and a private key; the public\n"
268 "key is not secret and will be compiled into libdtool, while the private\n"
269 "key should be safeguarded and will be written into a .cxx file that\n"
270 "can be compiled as a standalone application.\n\n"
272 "The output is a public and private key pair for each trust level. The\n"
273 "form of the output for both public and private keys will be compilable\n"
274 "C++ code; see -a and -b, below, for a complete description.\n\n"
276 "After the options, the remaining arguments list the individual trust\n"
277 "level keys to generate. For each integer specified, a different key\n"
278 "will be created. There should be one key for each trust level\n"
279 "required; a typical application will only need one or two keys.\n\n"
283 " -a pub_outfile.cxx\n"
284 " Specifies the name and location of the public key output file\n"
285 " to generate. This file must then be named by the Config.pp\n"
286 " variable PRC_PUBLIC_KEYS_FILENAME so that it will be compiled\n"
287 " in with libdtool and available to verify signatures. If this\n"
288 " option is omitted, the previously-compiled value is used.\n\n"
290 " -b priv_outfile#.cxx\n"
291 " Specifies the name and location of the private key output file(s)\n"
292 " to generate. A different output file will be generated for each\n"
293 " different trust level; the hash mark '#' appearing in the file\n"
294 " name will be filled in with the corresponding numeric trust level.\n"
295 " The hash mark may be omitted if you only require one trust level.\n"
296 " When compiled against dtool, each of these files will generate\n"
297 " a program that can be used to sign a prc file with the corresponding\n"
300 " -p \"[pass phrase]\"\n"
301 " Uses the indicated pass phrase to encrypt the private key.\n"
302 " This specifies an overall pass phrase; you may also specify\n"
303 " a different pass phrase for each key by using the key,\"pass phrase\"\n"
306 " If a pass phrase is not specified on the command line, you will be\n"
307 " prompted interactively. Every user of the signing programs\n"
308 " (outfile_sign1.cxx, etc.) will need to know the pass phrase\n"
309 " in order to sign prc files.\n\n"
311 " If this is specified as the empty string (\"\"), then the key\n"
312 " will not be encrypted, and anyone can run the signing\n"
313 " programs without having to supply a pass phrase.\n\n";
321 main(
int argc,
char **argv) {
324 const char *optstr =
"a:b:p:h";
327 bool got_pub_outfile =
false;
329 bool got_priv_outfile =
false;
331 bool got_pass_phrase =
false;
333 preprocess_argv(argc, argv);
334 int flag = getopt(argc, argv, optstr);
336 while (flag != EOF) {
339 pub_outfile = optarg;
340 got_pub_outfile =
true;
344 priv_outfile = optarg;
345 got_priv_outfile =
true;
349 pass_phrase = optarg;
350 got_pass_phrase =
true;
360 flag = getopt(argc, argv, optstr);
371 if (got_pub_outfile) {
373 cerr <<
"Public key output file '" << pub_outfile
374 <<
"' should have a .cxx extension.\n";
378 #ifdef PRC_PUBLIC_KEYS_INCLUDE
379 PrcKeyRegistry::get_global_ptr()->record_keys(prc_pubkeys, num_prc_pubkeys);
380 pub_outfile = PRC_PUBLIC_KEYS_FILENAME;
383 if (pub_outfile.empty()) {
384 cerr <<
"No -a specified, and no PRC_PUBLIC_KEYS_FILENAME variable\n"
385 <<
"compiled in.\n\n";
390 if (got_priv_outfile) {
392 cerr <<
"Private key output file '" << priv_outfile
393 <<
"' should have a .cxx extension.\n";
398 cerr <<
"You must use the -b option to specify the private key output filenames.\n";
403 for (
int i = 1; i < argc; i++) {
406 key._number = strtol(argv[i], &endptr, 0);
407 key._got_pass_phrase = got_pass_phrase;
408 key._pass_phrase = pass_phrase;
410 if (*endptr ==
',') {
412 key._got_pass_phrase =
true;
413 key._pass_phrase = endptr + 1;
414 }
else if (*endptr) {
415 cerr <<
"Parameter '" << argv[i] <<
"' should be an integer.\n";
418 if (key._number <= 0) {
419 cerr <<
"Key numbers must be greater than 0; you specified "
420 << key._number <<
".\n";
423 key_numbers.push_back(key);
430 OpenSSL_add_all_algorithms();
432 time_t now = time(NULL);
435 string prefix, suffix;
438 size_t hash = name.find(
'#');
439 if (hash == string::npos) {
445 prefix = name.substr(0, hash);
446 suffix = name.substr(hash + 1) +
".cxx";
450 KeyNumbers::iterator ki;
451 for (ki = key_numbers.begin(); ki != key_numbers.end(); ++ki) {
452 int n = (*ki)._number;
453 const char *pp = NULL;
454 if ((*ki)._got_pass_phrase) {
455 pp = (*ki)._pass_phrase.c_str();
458 EVP_PKEY *pkey = generate_key();
459 PrcKeyRegistry::get_global_ptr()->set_key(n, pkey, now);
462 if (got_hash || n != 1) {
466 strm << prefix << n << suffix;
472 strm << prefix << suffix;
475 write_private_key(pkey, strm.str(), n, now, pp);
478 write_public_keys(pub_outfile);
string get_fullpath_wo_extension() const
Returns the full filename–directory and basename parts–except for the extension.
void set_text()
Indicates that the filename represents a text file.
This is our own Panda specialization on the default STL vector.
The name of a file, such as a texture file or an Egg file.
string get_extension() const
Returns the file extension.