VERSION="0.1.18"
-max_version = 1
+max_version = 2
from sys import version_info
if version_info.major == 2: # for python2
import io
open=lambda f,m='r': io.open(f,m,encoding='utf-8')
-max={'rsa_bits':8200,'name':33,'dh_bits':8200}
+max={'rsa_bits':8200,'name':33,'dh_bits':8200,'algname':127}
def debugrepr(*args):
if debug_level > 0:
ok=self._re_ok(Tainted.bad_base91,what,4096)
return self._rtn(ok)
+class ArgActionLambda(argparse.Action):
+ def __init__(self, fn, **kwargs):
+ self.fn=fn
+ argparse.Action.__init__(self,**kwargs)
+ def __call__(self,ap,ns,values,option_string):
+ self.fn(values,ns,ap,option_string)
+
def parse_args():
global service
global inputfile
def __str__(self):
return '%d'%(self.n)
+class serial (basetype):
+ def __init__(self,w):
+ self.i=w[1].hexid(4,'serial')
+ def __str__(self):
+ return self.i
+ def forsites(self,version,copy,fs):
+ if version < 2: return []
+ return copy
+
class address (basetype):
"A DNS name and UDP port number"
def __init__(self,w):
def __str__(self):
return '"%s"; port %d'%(self.adr,self.port)
-class rsakey (basetype):
+class pubkey (basetype):
+ "Some kind of publie key"
+ def __init__(self,w):
+ self.a=w[1].name('algname')
+ self.d=w[2].base91();
+ def __str__(self):
+ return 'make-public("%s","%s")'%(self.a,self.d)
+ def forsites(self,version,xcopy,fs):
+ if version < 2: return []
+ return ['pub', self.a, self.d]
+
+class rsakey (pubkey):
"An RSA public key"
def __init__(self,w):
self.l=w[1].number(0,max['rsa_bits'],'rsa len')
self.e=w[2].bignum_10('rsa','rsa e')
self.n=w[3].bignum_10('rsa','rsa n')
if len(w) >= 5: w[4].email()
+ self.a='rsa1'
+ self.d=base91s_encode(b'%d %s %s' %
+ (self.l,
+ self.e.encode('ascii'),
+ self.n.encode('ascii')))
+ # ^ this allows us to use the pubkey.forsites()
+ # method for output in versions>=2
def __str__(self):
return 'rsa-public("%s","%s")'%(self.e,self.n)
+ # this specialisation means we can generate files
+ # compatible with old secnet executables
+ def forsites(self,version,xcopy,fs):
+ if version < 2:
+ return ['pubkey', str(self.l), self.e, self.n]
+ return pubkey.forsites(self,version,xcopy,fs)
+
+class rsakey_newfmt(rsakey):
+ "An old-style RSA public key in new-style sites format"
+ # This is its own class simply to have its own constructor.
+ def __init__(self,w):
+ self.a=w[1].name()
+ assert(self.a == 'rsa1')
+ self.d=w[2].base91()
+ try:
+ w_inner=list(map(Tainted,
+ ['X-PUB-RSA1'] +
+ base91s_decode(self.d)
+ .decode('ascii')
+ .split(' ')))
+ except UnicodeDecodeError:
+ complain('rsa1 key in new format has bad base91')
+ #print(repr(w_inner), file=sys.stderr)
+ rsakey.__init__(self,w_inner)
+def somepubkey(w):
+ if w[0]=='pubkey':
+ return rsakey(w)
+ elif w[0]=='pub' and w[1]=='rsa1':
+ return rsakey_newfmt(w)
+ elif w[0]=='pub':
+ return pubkey(w)
+ else:
+ assert(False)
# Possible properties of configuration nodes
keywords={
'renegotiate-time':(num,"Time after key setup to begin renegotiation (ms)"),
'restrict-nets':(networks,"Allowable networks"),
'networks':(networks,"Claimed networks"),
- 'pubkey':(listof(rsakey),"RSA public site key"),
+ 'pub':(listof(somepubkey),"new style public site key"),
+ 'pubkey':(listof(somepubkey),"RSA public site key",'pub'),
'peer':(single_ipaddr,"Tunnel peer IP address"),
'address':(address,"External contact address and port"),
'mobile':(boolean,"Site is mobile"),
'address':sp,
'networks':None,
'peer':None,
+ 'pub':None,
'pubkey':None,
'mobile':sp,
})
'networks':"Networks claimed by the site",
'hash':"hash function",
'peer':"Gateway address of the site",
- 'pubkey':"RSA public key of the site",
+ 'pub':"public key of the site",
}
def __init__(self,w):
level.__init__(self,w)
self.indent(w,ind+2)
w.write("name \"%s\";\n"%(np,))
self.indent(w,ind+2)
- w.write("key %s;\n"%str(self.properties["pubkey"].list[0]))
+ w.write("key %s;\n"%str(self.properties["pub"].list[0]))
self.output_props(w,ind+2)
self.indent(w,ind+2)
w.write("link netlink {\n");