1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-22 09:29:52 +03:00

Cedar/Command: Add GenX25519 and GetPublicX25519 commands

GenX25519 command - Create new X25519 keypair
Help for command "GenX25519"

Purpose:
  Create new X25519 keypair

Description:
  Use this to create a new X25519 keypair, which can be used for WireGuard.
  Both the private and public key will be shown.
  The public key can be shared and is used to identify a peer.
  Also, it can always be retrieved from the private key using the GetPublicX25519 command.
  The private key should be kept in a secure place and never be shared.
  It cannot be recovered once lost.

Usage:
  GenX25519

==========================================================================================

GetPublicX25519 command - Retrieve public X25519 key from a private one
Help for command "GetPublicX25519"

Purpose:
  Retrieve public X25519 key from a private one

Description:
  Use this if you have a private X25519 key and want to get its corresponding public key.

Usage:
  GetPublicX25519 [private]

Parameters:
  private - The private X25519 key you want to get the corresponding public key of.
This commit is contained in:
Davide Beatrici 2021-07-07 08:43:41 +02:00
parent 9dbbfcd388
commit c310163244
9 changed files with 250 additions and 0 deletions

View File

@ -38,6 +38,8 @@
#include "Mayaqua/Tick64.h"
#include "Mayaqua/Unix.h"
#include "Mayaqua/Crypto/Key.h"
#include <stdlib.h>
#ifdef OS_UNIX
@ -843,6 +845,8 @@ void PtMain(PT *pt)
CMD cmd[] =
{
{"About", PsAbout},
{"GenX25519", PtGenX25519},
{"GetPublicX25519", PtGetPublicX25519},
{"MakeCert", PtMakeCert},
{"MakeCert2048", PtMakeCert2048},
{"TrafficClient", PtTrafficClient},
@ -2661,6 +2665,131 @@ UINT PtTrafficClient(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
return ret;
}
UINT PtGenX25519(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{
UINT ret = ERR_INTERNAL_ERROR;
LIST *o = ParseCommandList(c, cmd_name, str, NULL, 0);
if (o == NULL)
{
return ret;
}
EVP_PKEY *opaque = CryptoKeyOpaqueNew(KEY_X25519);
CRYPTO_KEY_RAW *private = NULL, *public = NULL;
const bool ok = CryptoKeyOpaqueToRaw(opaque, &private, &public);
CryptoKeyOpaqueFree(opaque);
if (ok == false)
{
goto FINAL;
}
char *base64 = Base64FromBin(NULL, private->Data, private->Size);
if (base64 == NULL)
{
goto FINAL;
}
wchar_t buf[MAX_SIZE];
UniFormat(buf, sizeof(buf), L"\n%s%S", _UU("CMD_GenX25519_PRIVATE_KEY"), base64);
Free(base64);
c->Write(c, buf);
base64 = Base64FromBin(NULL, public->Data, public->Size);
if (base64 == NULL)
{
goto FINAL;
}
UniFormat(buf, sizeof(buf), L"%s%S\n\n", _UU("CMD_GenX25519_PUBLIC_KEY"), base64);
Free(base64);
c->Write(c, buf);
ret = ERR_NO_ERROR;
FINAL:
CryptoKeyRawFree(private);
CryptoKeyRawFree(public);
FreeParamValueList(o);
if (ret != ERR_NO_ERROR)
{
CmdPrintError(c, ret);
}
return ret;
}
UINT PtGetPublicX25519(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{
const PARAM args[] =
{
{"[private]", CmdPrompt, _UU("CMD_GetPublicX25519_PRIVATE_KEY"), CmdEvalNotEmpty, NULL}
};
LIST *o = ParseCommandList(c, cmd_name, str, args, sizeof(args) / sizeof(args[0]));
if (o == NULL)
{
return ERR_INVALID_PARAMETER;
}
UINT ret = ERR_INVALID_PARAMETER;
UINT size;
char *base64 = GetParamStr(o, "[private]");
void *bin = Base64ToBin(&size, base64, StrLen(base64));
if (bin == NULL)
{
goto FINAL;
}
CRYPTO_KEY_RAW *private = CryptoKeyRawNew(bin, size, KEY_X25519);
Free(bin);
if (private == NULL)
{
goto FINAL;
}
ret = ERR_INTERNAL_ERROR;
CRYPTO_KEY_RAW *public = CryptoKeyRawPublic(private);
CryptoKeyRawFree(private);
if (public == NULL)
{
goto FINAL;
}
base64 = Base64FromBin(NULL, public->Data, public->Size);
CryptoKeyRawFree(public);
if (base64 == NULL)
{
goto FINAL;
}
wchar_t buf[MAX_SIZE];
UniFormat(buf, sizeof(buf), L"\n%s%S\n\n", _UU("CMD_GetPublicX25519_PUBLIC_KEY"), base64);
Free(base64);
c->Write(c, buf);
ret = ERR_NO_ERROR;
FINAL:
FreeParamValueList(o);
if (ret != ERR_NO_ERROR)
{
CmdPrintError(c, ret);
}
return ret;
}
// Certificate easy creation tool (1024 bit)
UINT PtMakeCert(CONSOLE *c, char *cmd_name, wchar_t *str, void *param)
{

View File

@ -307,6 +307,8 @@ UINT PtConnect(CONSOLE *c, wchar_t *cmdline);
PT *NewPt(CONSOLE *c, wchar_t *cmdline);
void FreePt(PT *pt);
void PtMain(PT *pt);
UINT PtGenX25519(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PtGetPublicX25519(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PtMakeCert(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PtMakeCert2048(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);
UINT PtTrafficClient(CONSOLE *c, char *cmd_name, wchar_t *str, void *param);

View File

@ -7003,6 +7003,23 @@ CMD_RemoteDisable_Args RemoteDisable
###################################################
# GenX25519 命令
CMD_GenX25519 Create new X25519 keypair
CMD_GenX25519_Help Use this to create a new X25519 keypair, which can be used for WireGuard. \nBoth the private and public key will be shown. \nThe public key can be shared and is used to identify a peer. \nAlso, it can always be retrieved from the private key using the GetPublicX25519 command. \nThe private key should be kept in a secure place and never be shared. \nIt cannot be recovered once lost.
CMD_GenX25519_ARGS GenX25519
CMD_GenX25519_PRIVATE_KEY Private key:
CMD_GenX25519_PUBLIC_KEY Public key:
# GetPublicX25519 命令
CMD_GetPublicX25519 Retrieve public X25519 key from a private one
CMD_GetPublicX25519_Help Use this if you have a private X25519 key and want to get its corresponding public key.
CMD_GetPublicX25519_ARGS GetPublicX25519 [private]
CMD_GetPublicX25519_[private] The private X25519 key you want to get the corresponding public key of.
CMD_GetPublicX25519_PRIVATE_KEY Private key:
CMD_GetPublicX25519_PUBLIC_KEY Public key:
# MakeCert 命令
CMD_MakeCert 创建新的 X.509 证书和密钥 (1024 位)
CMD_MakeCert_Help 创建新的 X.509 证书和密钥,将其保存为一个文件。\n证书公共密钥和秘密密钥的生成算法使用 RSA 1024 位。\n作为证书类型可以创建由根证书 (自签名证书) 和其他证书签名的某个证书。要创建由其他证书签名的证书,需要与用于签名的证书 (X.509格式文件) 相对应的密钥文件 (Base 64 编码)。\n\n创建的证书可以指定名称 (CN),所属机构 (O),组织单位 (OU),国家 (C),州 (ST),当地 (L),序列号,有效期限。\n创建的证书以 X.509 格式的文件,密钥文件以 RSA 1024 位的 Base 64 编码文件,被分别保存。\n\nMakeCert 指令是一个工具,它提供创建证书所需的最低功能。如果想创建一个真正的证书,建议使用 OpenSSL 等免费软件和出售的 CA (认证机构) 软件。\n\n※注意: 此指令可以从 SoftEther VPN 命令行管理工具调用。虽然目前以管理模式连接到 VPN Server 和 VPN Client 时可以运行,但要实际运行 RSA 演算,生成证书数据的,是运行此指令的计算机,和以管理模式连接的链接目标计算机没有任何关系。

View File

@ -6989,6 +6989,23 @@ CMD_RemoteDisable_Args RemoteDisable
###################################################
# GenX25519 command
CMD_GenX25519 Create new X25519 keypair
CMD_GenX25519_Help Use this to create a new X25519 keypair, which can be used for WireGuard. \nBoth the private and public key will be shown. \nThe public key can be shared and is used to identify a peer. \nAlso, it can always be retrieved from the private key using the GetPublicX25519 command. \nThe private key should be kept in a secure place and never be shared. \nIt cannot be recovered once lost.
CMD_GenX25519_ARGS GenX25519
CMD_GenX25519_PRIVATE_KEY Private key:
CMD_GenX25519_PUBLIC_KEY Public key:
# GetPublicX25519 command
CMD_GetPublicX25519 Retrieve public X25519 key from a private one
CMD_GetPublicX25519_Help Use this if you have a private X25519 key and want to get its corresponding public key.
CMD_GetPublicX25519_ARGS GetPublicX25519 [private]
CMD_GetPublicX25519_[private] The private X25519 key you want to get the corresponding public key of.
CMD_GetPublicX25519_PRIVATE_KEY Private key:
CMD_GetPublicX25519_PUBLIC_KEY Public key:
# MakeCert command
CMD_MakeCert Create New X.509 Certificate and Private Key (1024 bit)
CMD_MakeCert_Help Use this to create a new X.509 certificate and private key and save it as a file. \nThe algorithm used to create the public key and private key of the certificate is RSA 1024 bit. \nYou can choose to create a root certificate (self-signed certificate) or a certificate signed by another certificate. To create a certificate that is signed by another certificate, you require a private key file (base 64 encoded) that is compatible with the certificate that uses the signature (X.509 format file). \n\nWhen creating a certificate, you can specify the following: Name (CN), Organization (O), Organization Unit (OU), Country (C), State (ST), Locale (L), Serial Number, and Expiration Date. \nThe created certificate will be saved as an X.509 format file and the private key file will be saved in a Base 64 encoded RSA 1024 bit format file. \n\nThe MakeCert command is a tool that provides the most rudimentary function for creating certificates. If you want to create a more substantial certificate, we recommend that you use either free software such as OpenSSL, or commercial CA (certificate authority) software. \n\nNote: This command can be called from the SoftEther VPN Command Line Management Utility. You can also execute this command while connected to the current VPN Server or VPN Client in Administration Mode but, what actually performs the RSA computation, generates the certificate data and saves it to file is the computer on which the command is running, and all this is executed in a context that has absolutely no relationship to the computer that is the destination of the Administration Mode connection.

View File

@ -6999,6 +6999,23 @@ CMD_RemoteDisable_Args RemoteDisable
###################################################
# GenX25519 コマンド
CMD_GenX25519 Create new X25519 keypair
CMD_GenX25519_Help Use this to create a new X25519 keypair, which can be used for WireGuard. \nBoth the private and public key will be shown. \nThe public key can be shared and is used to identify a peer. \nAlso, it can always be retrieved from the private key using the GetPublicX25519 command. \nThe private key should be kept in a secure place and never be shared. \nIt cannot be recovered once lost.
CMD_GenX25519_ARGS GenX25519
CMD_GenX25519_PRIVATE_KEY Private key:
CMD_GenX25519_PUBLIC_KEY Public key:
# GetPublicX25519 コマンド
CMD_GetPublicX25519 Retrieve public X25519 key from a private one
CMD_GetPublicX25519_Help Use this if you have a private X25519 key and want to get its corresponding public key.
CMD_GetPublicX25519_ARGS GetPublicX25519 [private]
CMD_GetPublicX25519_[private] The private X25519 key you want to get the corresponding public key of.
CMD_GetPublicX25519_PRIVATE_KEY Private key:
CMD_GetPublicX25519_PUBLIC_KEY Public key:
# MakeCert コマンド
CMD_MakeCert 新しい X.509 証明書と秘密鍵の作成 (1024 bit)
CMD_MakeCert_Help 新しい X.509 証明書と秘密鍵を作成し、ファイルとして保存します。\n証明書の公開鍵と秘密鍵の生成アルゴリズムには、RSA 1024 bit が使用されます。\n証明書の種類として、ルート証明書 (自己署名証明書) と他の証明書によって署名された証明書のどちらでも作成することができます。他の証明書によって署名された証明書を作成するためには、署名に使用する証明書 (X.509 形式のファイル) と対応する秘密鍵ファイル (Base 64 エンコード) が必要です。\n\n作成する証明書には、名前 (CN)、所属機関 (O)、組織単位 (OU)、国 (C)、都道府県 (ST)、ローカル (L)、シリアル番号、有効期限を指定することができます。\n作成された証明書は X.509 形式のファイルとして、秘密鍵ファイルは RSA 1024 bit 形式の Base 64 エンコードされたファイルとしてそれぞれ保存されます。\n\nMakeCert コマンドは、証明書を作成するための必要最低限の機能を用意したツールです。本格的な証明書を作成したい場合は、OpenSSL などのフリーソフトや、市販の CA (証明機関) ソフトウェアを使用することを推奨します。\n\n※注意: このコマンドは SoftEther VPN コマンドライン管理ユーティリティから呼び出すことが可能です。現在 VPN Server や VPN Client に管理モードで接続している場合も実行できますが、実際に RSA 演算を行い、証明書データを生成しファイルに保存するのはこのコマンドを実行しているコンピュータであり、管理モードで接続先のコンピュータとは一切関係ないコンテキストで実行されます。

View File

@ -6973,6 +6973,23 @@ CMD_RemoteDisable_Args RemoteDisable
################################################## #
# GenX25519 명령
CMD_GenX25519 Create new X25519 keypair
CMD_GenX25519_Help Use this to create a new X25519 keypair, which can be used for WireGuard. \nBoth the private and public key will be shown. \nThe public key can be shared and is used to identify a peer. \nAlso, it can always be retrieved from the private key using the GetPublicX25519 command. \nThe private key should be kept in a secure place and never be shared. \nIt cannot be recovered once lost.
CMD_GenX25519_ARGS GenX25519
CMD_GenX25519_PRIVATE_KEY Private key:
CMD_GenX25519_PUBLIC_KEY Public key:
# GetPublicX25519 명령
CMD_GetPublicX25519 Retrieve public X25519 key from a private one
CMD_GetPublicX25519_Help Use this if you have a private X25519 key and want to get its corresponding public key.
CMD_GetPublicX25519_ARGS GetPublicX25519 [private]
CMD_GetPublicX25519_[private] The private X25519 key you want to get the corresponding public key of.
CMD_GetPublicX25519_PRIVATE_KEY Private key:
CMD_GetPublicX25519_PUBLIC_KEY Public key:
# MakeCert 명령
CMD_MakeCert 새로운 X.509 인증서와 개인 키를 생성 (1024 bit)
CMD_MakeCert_Help 새로운 X.509 인증서와 개인 키를 생성하고 파일로 저장합니다. \n 인증서의 공개 키와 비밀 키 생성 알고리즘은 RSA 1024 bit가 사용됩니다. \n 인증서 유형으로 루트 인증서 (자기 서명 증명서) 및 기타 인증서로 서명 된 인증서의 어디라도 만들 수 있습니다. 다른 인증서로 서명 된 인증서를 생성하기 위해서는 서명에 사용할 인증서 (X.509 형식의 파일)과 해당 개인 키 파일 (Base 64 인코딩)가 필요합니다. \n \n 만든 인증서에는 이름 (CN), 소속 기관 (O) 조직 단위 (OU) 국가 (C),도 (ST) 로컬 (L), 일련 번호, 유효 기간을 지정할 수 있습니다. \n 생성 된 인증서는 X.509 형식의 파일로 개인 키 파일은 RSA 1024 bit 형식의 Base 64로 인코딩 된 파일로 각각 저장됩니다. \n \nMakeCert 명령은 인증서를 만들기위한 최소한의 기능을 제공하는 도구입니다. 본격적인 인증서를 작성하려면 OpenSSL 등의 무료 소프트웨어와 상용 CA (인증 기관) 소프트웨어를 사용하는 것을 권장합니다. \n \n ※주의:이 명령은 SoftEther VPN 명령 줄 관리 유틸리티에서 호출 할 수 있습니다. 현재 VPN Server와 VPN Client에서 관리 모드로 접속하는 경우도 실행할 수 있지만 실제로 RSA 연산을 수행하고 인증서 데이터를 생성하고 파일에 저장하는 것은이 명령을 실행하는 컴퓨터입니다 관리 모드에 연결된 컴퓨터와도 관계없는 컨텍스트에서 실행됩니다.

View File

@ -6728,6 +6728,23 @@ CMD_RemoteDisable_Args RemoteDisable
###################################################
# GenX25519 command
CMD_GenX25519 Create new X25519 keypair
CMD_GenX25519_Help Use this to create a new X25519 keypair, which can be used for WireGuard. \nBoth the private and public key will be shown. \nThe public key can be shared and is used to identify a peer. \nAlso, it can always be retrieved from the private key using the GetPublicX25519 command. \nThe private key should be kept in a secure place and never be shared. \nIt cannot be recovered once lost.
CMD_GenX25519_ARGS GenX25519
CMD_GenX25519_PRIVATE_KEY Private key:
CMD_GenX25519_PUBLIC_KEY Public key:
# GetPublicX25519 command
CMD_GetPublicX25519 Retrieve public X25519 key from a private one
CMD_GetPublicX25519_Help Use this if you have a private X25519 key and want to get its corresponding public key.
CMD_GetPublicX25519_ARGS GetPublicX25519 [private]
CMD_GetPublicX25519_[private] The private X25519 key you want to get the corresponding public key of.
CMD_GetPublicX25519_PRIVATE_KEY Private key:
CMD_GetPublicX25519_PUBLIC_KEY Public key:
# MakeCert command
CMD_MakeCert Create New X.509 Certificate and Private Key (1024 bit)
CMD_MakeCert_Help Use this to create a new X.509 certificate and private key and save it as a file. \nThe algorithm used to create the public key and private key of the certificate is RSA 1024 bit. \nYou can choose to create a root certificate (self-signed certificate) or a certificate signed by another certificate. To create a certificate that is signed by another certificate, you require a private key file (base 64 encoded) that is compatible with the certificate that uses the signature (X.509 format file). \n\nWhen creating a certificate, you can specify the following: Name (CN), Organization (O), Organization Unit (OU), Country (C), State (ST), Locale (L), Serial Number, and Expiration Date. \nThe created certificate will be saved as an X.509 format file and the private key file will be saved in a Base 64 encoded RSA 1024 bit format file. \n\nThe MakeCert command is a tool that provides the most rudimentary function for creating certificates. If you want to create a more substantial certificate, we recommend that you use either free software such as OpenSSL, or commercial CA (certificate authority) software. \n\nNote: This command can be called from the SoftEther VPN Command Line Management Utility. You can also execute this command while connected to the current VPN Server or VPN Client in Administration Mode but, what actually performs the RSA computation, generates the certificate data and saves it to file is the computer on which the command is running, and all this is executed in a context that has absolutely no relationship to the computer that is the destination of the Administration Mode connection.

View File

@ -6976,6 +6976,23 @@ CMD_RemoteDisable_Args RemoteDisable
###################################################
# GenX25519 command
CMD_GenX25519 Create new X25519 keypair
CMD_GenX25519_Help Use this to create a new X25519 keypair, which can be used for WireGuard. \nBoth the private and public key will be shown. \nThe public key can be shared and is used to identify a peer. \nAlso, it can always be retrieved from the private key using the GetPublicX25519 command. \nThe private key should be kept in a secure place and never be shared. \nIt cannot be recovered once lost.
CMD_GenX25519_ARGS GenX25519
CMD_GenX25519_PRIVATE_KEY Private key:
CMD_GenX25519_PUBLIC_KEY Public key:
# GetPublicX25519 command
CMD_GetPublicX25519 Retrieve public X25519 key from a private one
CMD_GetPublicX25519_Help Use this if you have a private X25519 key and want to get its corresponding public key.
CMD_GetPublicX25519_ARGS GetPublicX25519 [private]
CMD_GetPublicX25519_[private] The private X25519 key you want to get the corresponding public key of.
CMD_GetPublicX25519_PRIVATE_KEY Private key:
CMD_GetPublicX25519_PUBLIC_KEY Public key:
# MakeCert command
CMD_MakeCert Create New X.509 Certificate and Private Key (1024 bit)
CMD_MakeCert_Help Use this to create a new X.509 certificate and private key and save it as a file. \nThe algorithm used to create the public key and private key of the certificate is RSA 1024 bit. \nYou can choose to create a root certificate (self-signed certificate) or a certificate signed by another certificate. To create a certificate that is signed by another certificate, you require a private key file (base 64 encoded) that is compatible with the certificate that uses the signature (X.509 format file). \n\nWhen creating a certificate, you can specify the following: Name (CN), Organization (O), Organization Unit (OU), Country (C), State (ST), Locale (L), Serial Number, and Expiration Date. \nThe created certificate will be saved as an X.509 format file and the private key file will be saved in a Base 64 encoded RSA 1024 bit format file. \n\nThe MakeCert command is a tool that provides the most rudimentary function for creating certificates. If you want to create a more substantial certificate, we recommend that you use either free software such as OpenSSL, or commercial CA (certificate authority) software. \n\nNote: This command can be called from the SoftEther VPN Command Line Management Utility. You can also execute this command while connected to the current VPN Server or VPN Client in Administration Mode but, what actually performs the RSA computation, generates the certificate data and saves it to file is the computer on which the command is running, and all this is executed in a context that has absolutely no relationship to the computer that is the destination of the Administration Mode connection.

View File

@ -7005,6 +7005,23 @@ CMD_RemoteDisable_Args RemoteDisable
###################################################
# GenX25519 命令
CMD_GenX25519 Create new X25519 keypair
CMD_GenX25519_Help Use this to create a new X25519 keypair, which can be used for WireGuard. \nBoth the private and public key will be shown. \nThe public key can be shared and is used to identify a peer. \nAlso, it can always be retrieved from the private key using the GetPublicX25519 command. \nThe private key should be kept in a secure place and never be shared. \nIt cannot be recovered once lost.
CMD_GenX25519_ARGS GenX25519
CMD_GenX25519_PRIVATE_KEY Private key:
CMD_GenX25519_PUBLIC_KEY Public key:
# GetPublicX25519 命令
CMD_GetPublicX25519 Retrieve public X25519 key from a private one
CMD_GetPublicX25519_Help Use this if you have a private X25519 key and want to get its corresponding public key.
CMD_GetPublicX25519_ARGS GetPublicX25519 [private]
CMD_GetPublicX25519_[private] The private X25519 key you want to get the corresponding public key of.
CMD_GetPublicX25519_PRIVATE_KEY Private key:
CMD_GetPublicX25519_PUBLIC_KEY Public key:
# MakeCert 命令
CMD_MakeCert 創建新的 X.509 證書和金鑰 (1024 位)
CMD_MakeCert_Help 創建新的 X.509 證書和金鑰,將其保存為一個檔。\n證書公共金鑰和秘密金鑰的生成演算法使用 RSA 1024 位元。\n作為證書類型可以創建由根證書 (自簽章憑證) 和其他證書簽名的某個證書。要創建由其他證書簽名的證書,需要與用於簽名的證書 (X.509格式檔) 相對應的金鑰檔 (Base 64 編碼)。\n\n創建的證書可以指定名稱 (CN),所屬機構 (O),組織單位 (OU),國家 (C),州 (ST),當地 (L),序號,有效期限。\n創建的證書以 X.509 格式的檔,金鑰檔以 RSA 1024 位元的 Base 64 編碼檔,被分別保存。\n\nMakeCert 指令是一個工具,它提供創建證書所需的最低功能。如果想創建一個真正的證書,建議使用 OpenSSL 等免費軟體和出售的 CA (認證機構) 軟體。\n\n※注意: 此指令可以從 SoftEther VPN 命令列管理工具調用。雖然目前以管理模式連接到 VPN Server 和 VPN Client 時可以運行,但要實際運行 RSA 演算,生成證書資料的,是運行此指令的電腦,和以管理模式連接的連結目的電腦沒有任何關係。