diff options
| author | Ermal <eri@pfsense.org> | 2012-11-06 21:28:03 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2012-11-06 21:28:03 +0000 |
| commit | 9539590cc1094ed44908fe289ff23d1893f64bd7 (patch) | |
| tree | 6f40186a6eadfe94e38e8f0f7d562df7e0ef9d2a /usr/local/www | |
| parent | a8e925c323d1655cb514299ee13f0b7f38ef22b9 (diff) | |
| download | pfsense-9539590cc1094ed44908fe289ff23d1893f64bd7.zip pfsense-9539590cc1094ed44908fe289ff23d1893f64bd7.tar.gz | |
Use a random exponent for the RSA generation of keys. Its is questionable if its needed to be saved as a value?
Diffstat (limited to 'usr/local/www')
| -rw-r--r-- | usr/local/www/services_captiveportal_vouchers.php | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/usr/local/www/services_captiveportal_vouchers.php b/usr/local/www/services_captiveportal_vouchers.php index 2bfeaa7..b41a4bc 100644 --- a/usr/local/www/services_captiveportal_vouchers.php +++ b/usr/local/www/services_captiveportal_vouchers.php @@ -94,10 +94,21 @@ if (!isset($config['voucher'][$cpzone]['checksumbits'])) $config['voucher'][$cpzone]['checksumbits'] = 5; if (!isset($config['voucher'][$cpzone]['magic'])) $config['voucher'][$cpzone]['magic'] = rand(); // anything slightly random will do +if (!isset($config['voucher'][$cpzone]['exponent'])) { + while (true) { + while (($exponent = rand()) % 30000 < 5000) + continue; + $exponent = ($exponent * 2) + 1; // Make it odd number + if ($exponent <= 65537) + break; + } + $config['voucher'][$cpzone]['exponent'] = $exponent; + unset($exponent); +} if (!isset($config['voucher'][$cpzone]['publickey'])) { /* generate a random 64 bit RSA key pair using the voucher binary */ - $fd = popen("/usr/local/bin/voucher -g 64", "r"); + $fd = popen("/usr/local/bin/voucher -g 64 -e " . $config['voucher'][$cpzone]['exponent'], "r"); if ($fd !== false) { $output = fread($fd, 16384); pclose($fd); @@ -162,6 +173,7 @@ $pconfig['rollbits'] = $config['voucher'][$cpzone]['rollbits']; $pconfig['ticketbits'] = $config['voucher'][$cpzone]['ticketbits']; $pconfig['checksumbits'] = $config['voucher'][$cpzone]['checksumbits']; $pconfig['magic'] = $config['voucher'][$cpzone]['magic']; +$pconfig['exponent'] = $config['voucher'][$cpzone]['exponent']; $pconfig['publickey'] = base64_decode($config['voucher'][$cpzone]['publickey']); $pconfig['privatekey'] = base64_decode($config['voucher'][$cpzone]['privatekey']); $pconfig['msgnoaccess'] = $config['voucher'][$cpzone]['msgnoaccess']; @@ -236,6 +248,7 @@ if ($_POST) { $newvoucher['ticketbits'] = $_POST['ticketbits']; $newvoucher['checksumbits'] = $_POST['checksumbits']; $newvoucher['magic'] = $_POST['magic']; + $newvoucher['exponent'] = $_POST['exponent']; $newvoucher['publickey'] = base64_encode($_POST['publickey']); $newvoucher['privatekey'] = base64_encode($_POST['privatekey']); $newvoucher['msgnoaccess'] = $_POST['msgnoaccess']; @@ -306,6 +319,8 @@ EOF; $config['voucher'][$cpzone]['checksumbits'] = $toreturn['voucher']['checksumbits']; if($toreturn['voucher']['magic']) $config['voucher'][$cpzone]['magic'] = $toreturn['voucher']['magic']; + if($toreturn['voucher']['exponent']) + $config['voucher'][$cpzone]['exponent'] = $toreturn['voucher']['exponent']; if($toreturn['voucher']['publickey']) $config['voucher'][$cpzone]['publickey'] = $toreturn['voucher']['publickey']; if($toreturn['voucher']['privatekey']) @@ -599,6 +614,7 @@ function enable_change(enable_change) { <td width="22%" valign="top"> </td> <td width="78%"> <input type="hidden" name="zone" id="zone" value="<?=$cpzone;?>" /> + <input type="hidden" name="exponent" id="exponent" value="<?=$pconfig['exponent'];?>" /> <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>" onClick="enable_change(true); before_save();"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()"> </td> |
