annotate gensignkey.c @ 1857:6022df862942

Use DSCP for IP QoS traffic classes The previous TOS values are deprecated and not used by modern traffic classifiers. This sets AF21 for "interactive" traffic (with a tty). Non-tty traffic sets AF11 - that indicates high throughput but is not lowest priority (which would be CS1 or LE). This differs from the CS1 used by OpenSSH, it lets interactive git over SSH have higher priority than background least effort traffic. Dropbear's settings here should be suitable with the diffservs used by CAKE qdisc.
author Matt Johnston <matt@ucc.asn.au>
date Tue, 25 Jan 2022 17:32:20 +0800
parents c795520269f9
children 8b4274d34fe8
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 #include "includes.h"
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 #include "dbutil.h"
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
3 #include "buffer.h"
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
4 #include "ecdsa.h"
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5 #include "genrsa.h"
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
6 #include "gendss.h"
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
7 #include "gened25519.h"
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
8 #include "signkey.h"
858
220f55d540ae rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
9 #include "dbrandom.h"
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 855
diff changeset
11 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
1663
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
12 static int buf_writefile(buffer * buf, const char * filename, int skip_exist) {
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 int ret = DROPBEAR_FAILURE;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 int fd = -1;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
16 fd = open(filename, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 if (fd < 0) {
1663
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
18 /* If generating keys on connection (skip_exist) it's OK to get EEXIST
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
19 - we probably just lost a race with another connection to generate the key */
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
20 if (skip_exist && errno == EEXIST) {
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
21 ret = DROPBEAR_SUCCESS;
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
22 } else {
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
23 dropbear_log(LOG_ERR, "Couldn't create new file %s: %s",
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
24 filename, strerror(errno));
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
25 }
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
26
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
27 goto out;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 }
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
29
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
30 /* write the file now */
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31 while (buf->pos != buf->len) {
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32 int len = write(fd, buf_getptr(buf, buf->len - buf->pos),
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
33 buf->len - buf->pos);
888
6e6ae84d3dba Fix check for EINTR
Matt Johnston <matt@ucc.asn.au>
parents: 858
diff changeset
34 if (len == -1 && errno == EINTR) {
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
35 continue;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
36 }
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
37 if (len <= 0) {
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
38 dropbear_log(LOG_ERR, "Failed writing file %s: %s",
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
39 filename, strerror(errno));
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
40 goto out;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
41 }
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
42 buf_incrpos(buf, len);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
43 }
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
44
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
45 ret = DROPBEAR_SUCCESS;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
46
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
47 out:
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48 if (fd >= 0) {
983
2b62f26cf808 Open directories O_RDONLY for fsync, add debugging if it fails
Matt Johnston <matt@ucc.asn.au>
parents: 982
diff changeset
49 if (fsync(fd) != 0) {
2b62f26cf808 Open directories O_RDONLY for fsync, add debugging if it fails
Matt Johnston <matt@ucc.asn.au>
parents: 982
diff changeset
50 dropbear_log(LOG_ERR, "fsync of %s failed: %s", filename, strerror(errno));
2b62f26cf808 Open directories O_RDONLY for fsync, add debugging if it fails
Matt Johnston <matt@ucc.asn.au>
parents: 982
diff changeset
51 }
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
52 m_close(fd);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
53 }
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
54 return ret;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
55 }
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
56
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
57 /* returns 0 on failure */
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
58 static int get_default_bits(enum signkey_type keytype)
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
59 {
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
60 switch (keytype) {
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
61 #if DROPBEAR_RSA
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
62 case DROPBEAR_SIGNKEY_RSA:
1438
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
63 return DROPBEAR_DEFAULT_RSA_SIZE;
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
64 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
65 #if DROPBEAR_DSS
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
66 case DROPBEAR_SIGNKEY_DSS:
1438
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
67 /* DSS for SSH only defines 1024 bits */
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
68 return 1024;
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
69 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
70 #if DROPBEAR_ECDSA
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
71 case DROPBEAR_SIGNKEY_ECDSA_KEYGEN:
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
72 return ECDSA_DEFAULT_SIZE;
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
73 case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
74 return 521;
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
75 case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
76 return 384;
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
77 case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
78 return 256;
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
79 #endif
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
80 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
81 case DROPBEAR_SIGNKEY_ED25519:
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
82 return 256;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
83 #endif
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
84 default:
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
85 return 0;
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 983
diff changeset
86 }
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
87 }
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
88
1438
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
89 int signkey_generate_get_bits(enum signkey_type keytype, int bits) {
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
90 if (bits == 0)
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
91 {
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
92 bits = get_default_bits(keytype);
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
93 }
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
94 return bits;
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
95 }
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
96
1329
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
97 /* if skip_exist is set it will silently return if the key file exists */
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
98 int signkey_generate(enum signkey_type keytype, int bits, const char* filename, int skip_exist)
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
99 {
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
100 sign_key * key = NULL;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
101 buffer *buf = NULL;
1329
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
102 char *fn_temp = NULL;
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
103 int ret = DROPBEAR_FAILURE;
1438
4f8eb331174f add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents: 1343
diff changeset
104 bits = signkey_generate_get_bits(keytype, bits);
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
105
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
106 /* now we can generate the key */
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
107 key = new_sign_key();
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
108
852
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 847
diff changeset
109 seedrandom();
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 847
diff changeset
110
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
111 switch(keytype) {
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
112 #if DROPBEAR_RSA
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
113 case DROPBEAR_SIGNKEY_RSA:
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
114 key->rsakey = gen_rsa_priv_key(bits);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
115 break;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
116 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
117 #if DROPBEAR_DSS
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
118 case DROPBEAR_SIGNKEY_DSS:
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
119 key->dsskey = gen_dss_priv_key(bits);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
120 break;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
121 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
122 #if DROPBEAR_ECDSA
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
123 case DROPBEAR_SIGNKEY_ECDSA_KEYGEN:
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
124 case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
125 case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
126 case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
127 {
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
128 ecc_key *ecckey = gen_ecdsa_priv_key(bits);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
129 keytype = ecdsa_signkey_type(ecckey);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
130 *signkey_key_ptr(key, keytype) = ecckey;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
131 }
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
132 break;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
133 #endif
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
134 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
135 case DROPBEAR_SIGNKEY_ED25519:
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
136 key->ed25519key = gen_ed25519_priv_key(bits);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
137 break;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1658
diff changeset
138 #endif
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
139 default:
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
140 dropbear_exit("Internal error");
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
141 }
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
142
852
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 847
diff changeset
143 seedrandom();
7540c0822374 Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents: 847
diff changeset
144
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
145 buf = buf_new(MAX_PRIVKEY_SIZE);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
146
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
147 buf_put_priv_key(buf, key, keytype);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
148 sign_key_free(key);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
149 key = NULL;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
150 buf_setpos(buf, 0);
1329
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
151
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
152 fn_temp = m_malloc(strlen(filename) + 30);
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
153 snprintf(fn_temp, strlen(filename)+30, "%s.tmp%d", filename, getpid());
1663
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
154 ret = buf_writefile(buf, fn_temp, 0);
1329
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
155
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
156 if (ret == DROPBEAR_FAILURE) {
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
157 goto out;
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
158 }
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
159
1329
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
160 if (link(fn_temp, filename) < 0) {
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
161 /* If generating keys on connection (skipexist) it's OK to get EEXIST
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
162 - we probably just lost a race with another connection to generate the key */
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
163 if (!(skip_exist && errno == EEXIST)) {
1663
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
164 if (errno == EPERM || errno == EACCES) {
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
165 /* Non-atomic fallback when hard-links not allowed or unsupported */
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
166 buf_setpos(buf, 0);
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
167 ret = buf_writefile(buf, filename, skip_exist);
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
168 } else {
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
169 dropbear_log(LOG_ERR, "Failed moving key file to %s: %s", filename,
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
170 strerror(errno));
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
171 ret = DROPBEAR_FAILURE;
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
172 }
c795520269f9 Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents: 1659
diff changeset
173
1329
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
174 goto out;
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
175 }
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
176 }
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
177
1658
7402218141d4 bring back fsync_parent_dir
Matt Johnston <matt@ucc.asn.au>
parents: 1438
diff changeset
178 /* ensure directory update is flushed to disk, otherwise we can end up
7402218141d4 bring back fsync_parent_dir
Matt Johnston <matt@ucc.asn.au>
parents: 1438
diff changeset
179 with zero-byte hostkey files if the power goes off */
7402218141d4 bring back fsync_parent_dir
Matt Johnston <matt@ucc.asn.au>
parents: 1438
diff changeset
180 fsync_parent_dir(filename);
7402218141d4 bring back fsync_parent_dir
Matt Johnston <matt@ucc.asn.au>
parents: 1438
diff changeset
181
1329
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
182 out:
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
183 if (buf) {
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
184 buf_burn(buf);
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
185 buf_free(buf);
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
186 }
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
187
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
188 if (fn_temp) {
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
189 unlink(fn_temp);
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
190 m_free(fn_temp);
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
191 }
185c14fa504d Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
192
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
193 return ret;
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
194 }