path: root/src/rspamadm/keypair.c

/*-
 * Copyright 2016 Vsevolod Stakhov
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
#include "config.h"
#include "rspamadm.h"
#include "cryptobox.h"
#include "printf.h"
#include "http.h"
#include "ucl.h"
#include "libcryptobox/keypair.h"
#include "libutil/str_util.h"

static gboolean hex_encode = FALSE;
static gboolean raw = FALSE;
static gboolean openssl = FALSE;
static gboolean ucl = FALSE;
static gboolean sign = FALSE;

static void rspamadm_keypair (gint argc, gchar **argv);
static const char *rspamadm_keypair_help (gboolean full_help);

struct rspamadm_command keypair_command = {
		.name = "keypair",
		.flags = 0,
		.help = rspamadm_keypair_help,
		.run = rspamadm_keypair
};

static GOptionEntry entries[] = {
		{"hex",  'x', 0, G_OPTION_ARG_NONE,   &hex_encode,
				"Use hex encoding",                         NULL},
		{"raw", 'r', 0, G_OPTION_ARG_NONE, &raw,
				"Print just keys, no description", NULL},
		{"openssl", 'o', 0, G_OPTION_ARG_NONE, &openssl,
				"Generate openssl nistp256 keypair not curve25519 one", NULL},
		{"sign", 's', 0, G_OPTION_ARG_NONE, &sign,
				"Generate keypair for digital signing", NULL},
		{"ucl", 'u', 0, G_OPTION_ARG_NONE, &ucl,
				"Generate ucl config", NULL},
		{NULL,       0,   0, G_OPTION_ARG_NONE, NULL, NULL, NULL}
};

static const char *
rspamadm_keypair_help (gboolean full_help)
{
	const char *help_str;

	if (full_help) {
		help_str = "Create key pairs for httpcrypt\n\n"
				"Usage: rspamadm keypair [-x -r]\n"
				"Where options are:\n\n"
				"-x: encode with hex instead of base32\n"
				"-r: print raw base32/hex\n"
				"-o: generate openssl nistp256 keypair\n"
				"-s: generate keypair suitable for signatures\n"
				"-u: generate ucl config for keypair\n"
				"--help: shows available options and commands";
	}
	else {
		help_str = "Create encryption key pairs";
	}

	return help_str;
}

static void
rspamadm_keypair (gint argc, gchar **argv)
{
	GOptionContext *context;
	GError *error = NULL;
	struct rspamd_cryptobox_keypair *kp;
	gint how = 0;
	ucl_object_t *ucl_out;
	struct ucl_emitter_functions *ucl_emit_subr;
	GString *out;
	enum rspamd_cryptobox_keypair_type type = RSPAMD_KEYPAIR_KEX;
	enum rspamd_cryptobox_mode mode = RSPAMD_CRYPTOBOX_MODE_25519;

	context = g_option_context_new (
			"keypair - create encryption keys");
	g_option_context_set_summary (context,
			"Summary:\n  Rspamd administration utility version "
					RVERSION
					"\n  Release id: "
					RID);
	g_option_context_add_main_entries (context, entries, NULL);

	if (!g_option_context_parse (context, &argc, &argv, &error)) {
		fprintf (stderr, "option parsing failed: %s\n", error->message);
		g_error_free (error);
		exit (1);
	}

	if (openssl) {
		mode = RSPAMD_CRYPTOBOX_MODE_NIST;
	}
	if (hex_encode) {
		how |= RSPAMD_KEYPAIR_HEX;
	}
	else {
		how |= RSPAMD_KEYPAIR_BASE32;
	}

	if (sign) {
		type = RSPAMD_KEYPAIR_SIGN;
	}

	kp = rspamd_keypair_new (type, mode);

	if (ucl) {
		ucl_out = rspamd_keypair_to_ucl (kp, hex_encode);
		ucl_emit_subr = ucl_object_emit_file_funcs (stdout);
		ucl_object_emit_full (ucl_out, UCL_EMIT_CONFIG, ucl_emit_subr);
		ucl_object_emit_funcs_free (ucl_emit_subr);
		ucl_object_unref (ucl_out);
	}
	else {
		how |= RSPAMD_KEYPAIR_PUBKEY | RSPAMD_KEYPAIR_PRIVKEY;

		if (!raw) {
			how |= RSPAMD_KEYPAIR_HUMAN|RSPAMD_KEYPAIR_ID;
		}

		out = rspamd_keypair_print (kp, how);
		rspamd_printf ("%v", out);
		g_string_free (out, TRUE);
	}

	rspamd_keypair_unref (kp);
}