Mercurial > dropbear
annotate gensignkey.c @ 1863:b550845e500b
Use venv for test_aslr
Otherwise we can't find the psutil dependency
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sun, 30 Jan 2022 13:37:20 +0800 |
parents | c795520269f9 |
children | 8b4274d34fe8 |
rev | line source |
---|---|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 #include "includes.h" |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 #include "dbutil.h" |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 #include "buffer.h" |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 #include "ecdsa.h" |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 #include "genrsa.h" |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 #include "gendss.h" |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
7 #include "gened25519.h" |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 #include "signkey.h" |
858
220f55d540ae
rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
9 #include "dbrandom.h" |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 |
857 | 11 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ |
1663
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
12 static int buf_writefile(buffer * buf, const char * filename, int skip_exist) { |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 int ret = DROPBEAR_FAILURE; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 int fd = -1; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 fd = open(filename, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 if (fd < 0) { |
1663
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
18 /* If generating keys on connection (skip_exist) it's OK to get EEXIST |
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
19 - we probably just lost a race with another connection to generate the key */ |
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
20 if (skip_exist && errno == EEXIST) { |
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
21 ret = DROPBEAR_SUCCESS; |
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
22 } else { |
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
23 dropbear_log(LOG_ERR, "Couldn't create new file %s: %s", |
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
24 filename, strerror(errno)); |
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
25 } |
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
26 |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 goto out; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 } |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 /* write the file now */ |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 while (buf->pos != buf->len) { |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 int len = write(fd, buf_getptr(buf, buf->len - buf->pos), |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 buf->len - buf->pos); |
888 | 34 if (len == -1 && errno == EINTR) { |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 continue; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 } |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 if (len <= 0) { |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 dropbear_log(LOG_ERR, "Failed writing file %s: %s", |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 filename, strerror(errno)); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
40 goto out; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 } |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 buf_incrpos(buf, len); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 } |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 ret = DROPBEAR_SUCCESS; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 out: |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 if (fd >= 0) { |
983
2b62f26cf808
Open directories O_RDONLY for fsync, add debugging if it fails
Matt Johnston <matt@ucc.asn.au>
parents:
982
diff
changeset
|
49 if (fsync(fd) != 0) { |
2b62f26cf808
Open directories O_RDONLY for fsync, add debugging if it fails
Matt Johnston <matt@ucc.asn.au>
parents:
982
diff
changeset
|
50 dropbear_log(LOG_ERR, "fsync of %s failed: %s", filename, strerror(errno)); |
2b62f26cf808
Open directories O_RDONLY for fsync, add debugging if it fails
Matt Johnston <matt@ucc.asn.au>
parents:
982
diff
changeset
|
51 } |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 m_close(fd); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 } |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 return ret; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 } |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
56 |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
57 /* returns 0 on failure */ |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
58 static int get_default_bits(enum signkey_type keytype) |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 { |
1250 | 60 switch (keytype) { |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
61 #if DROPBEAR_RSA |
1250 | 62 case DROPBEAR_SIGNKEY_RSA: |
1438
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
63 return DROPBEAR_DEFAULT_RSA_SIZE; |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
64 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
65 #if DROPBEAR_DSS |
1250 | 66 case DROPBEAR_SIGNKEY_DSS: |
1438
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
67 /* DSS for SSH only defines 1024 bits */ |
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
68 return 1024; |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
70 #if DROPBEAR_ECDSA |
1250 | 71 case DROPBEAR_SIGNKEY_ECDSA_KEYGEN: |
72 return ECDSA_DEFAULT_SIZE; | |
73 case DROPBEAR_SIGNKEY_ECDSA_NISTP521: | |
74 return 521; | |
75 case DROPBEAR_SIGNKEY_ECDSA_NISTP384: | |
76 return 384; | |
77 case DROPBEAR_SIGNKEY_ECDSA_NISTP256: | |
78 return 256; | |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
79 #endif |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
80 #if DROPBEAR_ED25519 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
81 case DROPBEAR_SIGNKEY_ED25519: |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
82 return 256; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
83 #endif |
1250 | 84 default: |
85 return 0; | |
86 } | |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
87 } |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
88 |
1438
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
89 int signkey_generate_get_bits(enum signkey_type keytype, int bits) { |
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
90 if (bits == 0) |
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
91 { |
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
92 bits = get_default_bits(keytype); |
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
93 } |
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
94 return bits; |
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
95 } |
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
96 |
1329
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
97 /* if skip_exist is set it will silently return if the key file exists */ |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
98 int signkey_generate(enum signkey_type keytype, int bits, const char* filename, int skip_exist) |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
99 { |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
100 sign_key * key = NULL; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
101 buffer *buf = NULL; |
1329
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
102 char *fn_temp = NULL; |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
103 int ret = DROPBEAR_FAILURE; |
1438
4f8eb331174f
add configuration option for default RSA size.
Matt Johnston <matt@ucc.asn.au>
parents:
1343
diff
changeset
|
104 bits = signkey_generate_get_bits(keytype, bits); |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
105 |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
106 /* now we can generate the key */ |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
107 key = new_sign_key(); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
108 |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
109 seedrandom(); |
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
110 |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
111 switch(keytype) { |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
112 #if DROPBEAR_RSA |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
113 case DROPBEAR_SIGNKEY_RSA: |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
114 key->rsakey = gen_rsa_priv_key(bits); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
115 break; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
116 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
117 #if DROPBEAR_DSS |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
118 case DROPBEAR_SIGNKEY_DSS: |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
119 key->dsskey = gen_dss_priv_key(bits); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
120 break; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
121 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
122 #if DROPBEAR_ECDSA |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
123 case DROPBEAR_SIGNKEY_ECDSA_KEYGEN: |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
124 case DROPBEAR_SIGNKEY_ECDSA_NISTP521: |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
125 case DROPBEAR_SIGNKEY_ECDSA_NISTP384: |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
126 case DROPBEAR_SIGNKEY_ECDSA_NISTP256: |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
127 { |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
128 ecc_key *ecckey = gen_ecdsa_priv_key(bits); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 keytype = ecdsa_signkey_type(ecckey); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
130 *signkey_key_ptr(key, keytype) = ecckey; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
131 } |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
132 break; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
133 #endif |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
134 #if DROPBEAR_ED25519 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
135 case DROPBEAR_SIGNKEY_ED25519: |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
136 key->ed25519key = gen_ed25519_priv_key(bits); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
137 break; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1658
diff
changeset
|
138 #endif |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
139 default: |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
140 dropbear_exit("Internal error"); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
141 } |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
142 |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
143 seedrandom(); |
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
144 |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
145 buf = buf_new(MAX_PRIVKEY_SIZE); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
146 |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
147 buf_put_priv_key(buf, key, keytype); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
148 sign_key_free(key); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
149 key = NULL; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
150 buf_setpos(buf, 0); |
1329
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
151 |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
152 fn_temp = m_malloc(strlen(filename) + 30); |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
153 snprintf(fn_temp, strlen(filename)+30, "%s.tmp%d", filename, getpid()); |
1663
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
154 ret = buf_writefile(buf, fn_temp, 0); |
1329
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
155 |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
156 if (ret == DROPBEAR_FAILURE) { |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
157 goto out; |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
158 } |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
159 |
1329
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
160 if (link(fn_temp, filename) < 0) { |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
161 /* If generating keys on connection (skipexist) it's OK to get EEXIST |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
162 - we probably just lost a race with another connection to generate the key */ |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
163 if (!(skip_exist && errno == EEXIST)) { |
1663
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
164 if (errno == EPERM || errno == EACCES) { |
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
165 /* Non-atomic fallback when hard-links not allowed or unsupported */ |
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
166 buf_setpos(buf, 0); |
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
167 ret = buf_writefile(buf, filename, skip_exist); |
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
168 } else { |
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
169 dropbear_log(LOG_ERR, "Failed moving key file to %s: %s", filename, |
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
170 strerror(errno)); |
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
171 ret = DROPBEAR_FAILURE; |
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
172 } |
c795520269f9
Fallback for key gen without hard link support (#89)
Matt Robinson <git@nerdoftheherd.com>
parents:
1659
diff
changeset
|
173 |
1329
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
174 goto out; |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
175 } |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
176 } |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
177 |
1658
7402218141d4
bring back fsync_parent_dir
Matt Johnston <matt@ucc.asn.au>
parents:
1438
diff
changeset
|
178 /* ensure directory update is flushed to disk, otherwise we can end up |
7402218141d4
bring back fsync_parent_dir
Matt Johnston <matt@ucc.asn.au>
parents:
1438
diff
changeset
|
179 with zero-byte hostkey files if the power goes off */ |
7402218141d4
bring back fsync_parent_dir
Matt Johnston <matt@ucc.asn.au>
parents:
1438
diff
changeset
|
180 fsync_parent_dir(filename); |
7402218141d4
bring back fsync_parent_dir
Matt Johnston <matt@ucc.asn.au>
parents:
1438
diff
changeset
|
181 |
1329
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
182 out: |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
183 if (buf) { |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
184 buf_burn(buf); |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
185 buf_free(buf); |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
186 } |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
187 |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
188 if (fn_temp) { |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
189 unlink(fn_temp); |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
190 m_free(fn_temp); |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
191 } |
185c14fa504d
Use atomic key generation in all cases
Matt Johnston <matt@ucc.asn.au>
parents:
1295
diff
changeset
|
192 |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
193 return ret; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
194 } |