Mercurial > dropbear
annotate gensignkey.c @ 1857:6022df862942
Use DSCP for IP QoS traffic classes
The previous TOS values are deprecated and not used by modern traffic
classifiers. This sets AF21 for "interactive" traffic (with a tty).
Non-tty traffic sets AF11 - that indicates high throughput but is not
lowest priority (which would be CS1 or LE).
This differs from the CS1 used by OpenSSH, it lets interactive git over SSH
have higher priority than background least effort traffic. Dropbear's settings
here should be suitable with the diffservs used by CAKE qdisc.
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 25 Jan 2022 17:32:20 +0800 |
| parents | c795520269f9 |
| children | 8b4274d34fe8 |
| rev | line source |
|---|---|
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 #include "includes.h" |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 #include "dbutil.h" |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 #include "buffer.h" |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 #include "ecdsa.h" |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 #include "genrsa.h" |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 #include "gendss.h" |
|
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
7 #include "gened25519.h" |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 #include "signkey.h" |
|
858
220f55d540ae
rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
9 #include "dbrandom.h" |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 |
| 857 | 11 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ |
|
1663
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
12 static int buf_writefile(buffer * buf, const char * filename, int skip_exist) { |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 int ret = DROPBEAR_FAILURE; |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 int fd = -1; |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 fd = open(filename, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 if (fd < 0) { |
|
1663
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
18 /* If generating keys on connection (skip_exist) it's OK to get EEXIST |
|
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
19 - we probably just lost a race with another connection to generate the key */ |
|
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
20 if (skip_exist && errno == EEXIST) { |
|
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
21 ret = DROPBEAR_SUCCESS; |
|
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
22 } else { |
|
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
23 dropbear_log(LOG_ERR, "Couldn't create new file %s: %s", |
|
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
24 filename, strerror(errno)); |
|
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
25 } |
|
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
26 |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 goto out; |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 } |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 /* write the file now */ |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 while (buf->pos != buf->len) { |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 int len = write(fd, buf_getptr(buf, buf->len - buf->pos), |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 buf->len - buf->pos); |
| 888 | 34 if (len == -1 && errno == EINTR) { |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 continue; |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 } |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 if (len <= 0) { |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 dropbear_log(LOG_ERR, "Failed writing file %s: %s", |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 filename, strerror(errno)); |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
40 goto out; |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 } |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 buf_incrpos(buf, len); |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 } |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 ret = DROPBEAR_SUCCESS; |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 out: |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 if (fd >= 0) { |
|
983
2b62f26cf808
Open directories O_RDONLY for fsync, add debugging if it fails
Matt Johnston <matt@ucc.asn.au>
parents:
982
diff
changeset
|
49 if (fsync(fd) != 0) { |
|
2b62f26cf808
Open directories O_RDONLY for fsync, add debugging if it fails
Matt Johnston <matt@ucc.asn.au>
parents:
982
diff
changeset
|
50 dropbear_log(LOG_ERR, "fsync of %s failed: %s", filename, strerror(errno)); |
|
2b62f26cf808
Open directories O_RDONLY for fsync, add debugging if it fails
Matt Johnston <matt@ucc.asn.au>
parents:
982
diff
changeset
|
51 } |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 m_close(fd); |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 } |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 return ret; |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 } |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
56 |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
57 /* returns 0 on failure */ |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
58 static int get_default_bits(enum signkey_type keytype) |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 { |
| 1250 | 60 switch (keytype) { |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
61 #if DROPBEAR_RSA |
| 1250 | 62 case DROPBEAR_SIGNKEY_RSA: |
|
1438
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
63 return DROPBEAR_DEFAULT_RSA_SIZE; |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
64 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
65 #if DROPBEAR_DSS |
| 1250 | 66 case DROPBEAR_SIGNKEY_DSS: |
|
1438
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
67 /* DSS for SSH only defines 1024 bits */ |
|
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
68 return 1024; |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
70 #if DROPBEAR_ECDSA |
| 1250 | 71 case DROPBEAR_SIGNKEY_ECDSA_KEYGEN: |
| 72 return ECDSA_DEFAULT_SIZE; | |
| 73 case DROPBEAR_SIGNKEY_ECDSA_NISTP521: | |
| 74 return 521; | |
| 75 case DROPBEAR_SIGNKEY_ECDSA_NISTP384: | |
| 76 return 384; | |
| 77 case DROPBEAR_SIGNKEY_ECDSA_NISTP256: | |
| 78 return 256; | |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
79 #endif |
|
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
80 #if DROPBEAR_ED25519 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
81 case DROPBEAR_SIGNKEY_ED25519: |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
82 return 256; |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
83 #endif |
| 1250 | 84 default: |
| 85 return 0; | |
| 86 } | |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
87 } |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
88 |
|
1438
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
89 int signkey_generate_get_bits(enum signkey_type keytype, int bits) { |
|
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
90 if (bits == 0) |
|
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
91 { |
|
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
92 bits = get_default_bits(keytype); |
|
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
93 } |
|
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
94 return bits; |
|
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
95 } |
|
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
96 |
|
1329
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
97 /* if skip_exist is set it will silently return if the key file exists */ |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
98 int signkey_generate(enum signkey_type keytype, int bits, const char* filename, int skip_exist) |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
99 { |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
100 sign_key * key = NULL; |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
101 buffer *buf = NULL; |
|
1329
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
102 char *fn_temp = NULL; |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
103 int ret = DROPBEAR_FAILURE; |
|
1438
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
104 bits = signkey_generate_get_bits(keytype, bits); |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
105 |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
106 /* now we can generate the key */ |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
107 key = new_sign_key(); |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
108 |
|
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
109 seedrandom(); |
|
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
110 |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
111 switch(keytype) { |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
112 #if DROPBEAR_RSA |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
113 case DROPBEAR_SIGNKEY_RSA: |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
114 key->rsakey = gen_rsa_priv_key(bits); |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
115 break; |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
116 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
117 #if DROPBEAR_DSS |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
118 case DROPBEAR_SIGNKEY_DSS: |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
119 key->dsskey = gen_dss_priv_key(bits); |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
120 break; |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
121 #endif |
|
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
122 #if DROPBEAR_ECDSA |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
123 case DROPBEAR_SIGNKEY_ECDSA_KEYGEN: |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
124 case DROPBEAR_SIGNKEY_ECDSA_NISTP521: |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
125 case DROPBEAR_SIGNKEY_ECDSA_NISTP384: |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
126 case DROPBEAR_SIGNKEY_ECDSA_NISTP256: |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
127 { |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
128 ecc_key *ecckey = gen_ecdsa_priv_key(bits); |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 keytype = ecdsa_signkey_type(ecckey); |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
130 *signkey_key_ptr(key, keytype) = ecckey; |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
131 } |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
132 break; |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
133 #endif |
|
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
134 #if DROPBEAR_ED25519 |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
135 case DROPBEAR_SIGNKEY_ED25519: |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
136 key->ed25519key = gen_ed25519_priv_key(bits); |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
137 break; |
|
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
138 #endif |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
139 default: |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
140 dropbear_exit("Internal error"); |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
141 } |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
142 |
|
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
143 seedrandom(); |
|
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
144 |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
145 buf = buf_new(MAX_PRIVKEY_SIZE); |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
146 |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
147 buf_put_priv_key(buf, key, keytype); |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
148 sign_key_free(key); |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
149 key = NULL; |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
150 buf_setpos(buf, 0); |
|
1329
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
151 |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
152 fn_temp = m_malloc(strlen(filename) + 30); |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
153 snprintf(fn_temp, strlen(filename)+30, "%s.tmp%d", filename, getpid()); |
|
1663
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
154 ret = buf_writefile(buf, fn_temp, 0); |
|
1329
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
155 |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
156 if (ret == DROPBEAR_FAILURE) { |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
157 goto out; |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
158 } |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
159 |
|
1329
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
160 if (link(fn_temp, filename) < 0) { |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
161 /* If generating keys on connection (skipexist) it's OK to get EEXIST |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
162 - we probably just lost a race with another connection to generate the key */ |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
163 if (!(skip_exist && errno == EEXIST)) { |
|
1663
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
164 if (errno == EPERM || errno == EACCES) { |
|
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
165 /* Non-atomic fallback when hard-links not allowed or unsupported */ |
|
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
166 buf_setpos(buf, 0); |
|
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
167 ret = buf_writefile(buf, filename, skip_exist); |
|
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
168 } else { |
|
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
169 dropbear_log(LOG_ERR, "Failed moving key file to %s: %s", filename, |
|
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
170 strerror(errno)); |
|
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
171 ret = DROPBEAR_FAILURE; |
|
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
172 } |
|
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
173 |
|
1329
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
174 goto out; |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
175 } |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
176 } |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
177 |
|
1658
7402218141d4
bring back fsync_parent_dir
Matt Johnston <matt@ucc.asn.au>
parents:
1438
diff
changeset
|
178 /* ensure directory update is flushed to disk, otherwise we can end up |
|
7402218141d4
bring back fsync_parent_dir
Matt Johnston <matt@ucc.asn.au>
parents:
1438
diff
changeset
|
179 with zero-byte hostkey files if the power goes off */ |
|
7402218141d4
bring back fsync_parent_dir
Matt Johnston <matt@ucc.asn.au>
parents:
1438
diff
changeset
|
180 fsync_parent_dir(filename); |
|
7402218141d4
bring back fsync_parent_dir
Matt Johnston <matt@ucc.asn.au>
parents:
1438
diff
changeset
|
181 |
|
1329
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
182 out: |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
183 if (buf) { |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
184 buf_burn(buf); |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
185 buf_free(buf); |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
186 } |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
187 |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
188 if (fn_temp) { |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
189 unlink(fn_temp); |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
190 m_free(fn_temp); |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
191 } |
|
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
192 |
|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
193 return ret; |
|
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
194 } |