Mercurial > dropbear
comparison dropbearkey.c @ 839:33207ed1174b
Merge in ECC
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Mon, 21 Oct 2013 22:57:21 +0800 |
parents | 75509065db53 |
children | 5128e525c8fa |
comparison
equal
deleted
inserted
replaced
834:e378da7eae5d | 839:33207ed1174b |
---|---|
49 #include "buffer.h" | 49 #include "buffer.h" |
50 #include "dbutil.h" | 50 #include "dbutil.h" |
51 | 51 |
52 #include "genrsa.h" | 52 #include "genrsa.h" |
53 #include "gendss.h" | 53 #include "gendss.h" |
54 #include "ecdsa.h" | |
55 #include "crypto_desc.h" | |
56 #include "random.h" | |
54 | 57 |
55 static void printhelp(char * progname); | 58 static void printhelp(char * progname); |
56 | 59 |
57 #define RSA_SIZE (1024/8) /* 1024 bit */ | 60 #define RSA_DEFAULT_SIZE 1024 |
58 #define DSS_SIZE (1024/8) /* 1024 bit */ | 61 #define DSS_DEFAULT_SIZE 1024 |
59 | 62 |
60 static void buf_writefile(buffer * buf, const char * filename); | 63 static void buf_writefile(buffer * buf, const char * filename); |
61 static void printpubkey(sign_key * key, int keytype); | 64 static void printpubkey(sign_key * key, int keytype); |
62 static void justprintpub(const char* filename); | 65 static void justprintpub(const char* filename); |
63 | 66 |
70 " rsa\n" | 73 " rsa\n" |
71 #endif | 74 #endif |
72 #ifdef DROPBEAR_DSS | 75 #ifdef DROPBEAR_DSS |
73 " dss\n" | 76 " dss\n" |
74 #endif | 77 #endif |
78 #ifdef DROPBEAR_ECDSA | |
79 " ecdsa\n" | |
80 #endif | |
75 "-f filename Use filename for the secret key\n" | 81 "-f filename Use filename for the secret key\n" |
76 "-s bits Key size in bits, should be a multiple of 8 (optional)\n" | 82 "-s bits Key size in bits, should be a multiple of 8 (optional)\n" |
77 " (DSS has a fixed size of 1024 bits)\n" | 83 #ifdef DROPBEAR_DSS |
84 " DSS has a fixed size of 1024 bits\n" | |
85 #endif | |
86 #ifdef DROPBEAR_ECDSA | |
87 " ECDSA has sizes " | |
88 #ifdef DROPBEAR_ECC_256 | |
89 "256 " | |
90 #endif | |
91 #ifdef DROPBEAR_ECC_384 | |
92 "384 " | |
93 #endif | |
94 #ifdef DROPBEAR_ECC_521 | |
95 "521 " | |
96 #endif | |
97 "\n" | |
98 #endif | |
78 "-y Just print the publickey and fingerprint for the\n private key in <filename>.\n" | 99 "-y Just print the publickey and fingerprint for the\n private key in <filename>.\n" |
79 #ifdef DEBUG_TRACE | 100 #ifdef DEBUG_TRACE |
80 "-v verbose\n" | 101 "-v verbose\n" |
81 #endif | 102 #endif |
82 ,progname); | 103 ,progname); |
92 int i; | 113 int i; |
93 char ** next = 0; | 114 char ** next = 0; |
94 sign_key *key = NULL; | 115 sign_key *key = NULL; |
95 buffer *buf = NULL; | 116 buffer *buf = NULL; |
96 char * filename = NULL; | 117 char * filename = NULL; |
97 int keytype = -1; | 118 enum signkey_type keytype = DROPBEAR_SIGNKEY_NONE; |
98 char * typetext = NULL; | 119 char * typetext = NULL; |
99 char * sizetext = NULL; | 120 char * sizetext = NULL; |
100 unsigned int bits; | 121 unsigned int bits; |
101 unsigned int keysize; | |
102 int printpub = 0; | 122 int printpub = 0; |
123 | |
124 crypto_init(); | |
125 seedrandom(); | |
103 | 126 |
104 /* get the commandline options */ | 127 /* get the commandline options */ |
105 for (i = 1; i < argc; i++) { | 128 for (i = 1; i < argc; i++) { |
106 if (argv[i] == NULL) { | 129 if (argv[i] == NULL) { |
107 continue; /* Whack */ | 130 continue; /* Whack */ |
160 fprintf(stderr, "Must specify key type\n"); | 183 fprintf(stderr, "Must specify key type\n"); |
161 printhelp(argv[0]); | 184 printhelp(argv[0]); |
162 exit(EXIT_FAILURE); | 185 exit(EXIT_FAILURE); |
163 } | 186 } |
164 | 187 |
165 if (strlen(typetext) == 3) { | 188 keytype = signkey_type_from_name(typetext, strlen(typetext)); |
166 #ifdef DROPBEAR_RSA | 189 |
167 if (strncmp(typetext, "rsa", 3) == 0) { | 190 if (keytype == DROPBEAR_SIGNKEY_NONE) { |
168 keytype = DROPBEAR_SIGNKEY_RSA; | |
169 TRACE(("type is rsa")) | |
170 } | |
171 #endif | |
172 #ifdef DROPBEAR_DSS | |
173 if (strncmp(typetext, "dss", 3) == 0) { | |
174 keytype = DROPBEAR_SIGNKEY_DSS; | |
175 TRACE(("type is dss")) | |
176 } | |
177 #endif | |
178 } | |
179 if (keytype == -1) { | |
180 fprintf(stderr, "Unknown key type '%s'\n", typetext); | 191 fprintf(stderr, "Unknown key type '%s'\n", typetext); |
181 printhelp(argv[0]); | 192 printhelp(argv[0]); |
182 exit(EXIT_FAILURE); | 193 exit(EXIT_FAILURE); |
183 } | 194 } |
184 | 195 |
186 if (sscanf(sizetext, "%u", &bits) != 1) { | 197 if (sscanf(sizetext, "%u", &bits) != 1) { |
187 fprintf(stderr, "Bits must be an integer\n"); | 198 fprintf(stderr, "Bits must be an integer\n"); |
188 exit(EXIT_FAILURE); | 199 exit(EXIT_FAILURE); |
189 } | 200 } |
190 | 201 |
191 if (keytype == DROPBEAR_SIGNKEY_DSS && bits != 1024) { | 202 // TODO: put RSA and DSS size checks into genrsa.c etc |
192 fprintf(stderr, "DSS keys have a fixed size of 1024 bits\n"); | 203 switch (keytype) { |
193 exit(EXIT_FAILURE); | 204 #ifdef DROPBEAR_RSA |
194 } else if (bits < 512 || bits > 4096 || (bits % 8 != 0)) { | 205 case DROPBEAR_SIGNKEY_RSA: |
195 fprintf(stderr, "Bits must satisfy 512 <= bits <= 4096, and be a" | 206 if (bits < 512 || bits > 4096 || (bits % 8 != 0)) { |
196 " multiple of 8\n"); | 207 fprintf(stderr, "Bits must satisfy 512 <= bits <= 4096, and be a" |
197 exit(EXIT_FAILURE); | 208 " multiple of 8\n"); |
198 } | 209 exit(EXIT_FAILURE); |
199 | 210 } |
200 keysize = bits / 8; | 211 break; |
201 } else { | 212 #endif |
202 if (keytype == DROPBEAR_SIGNKEY_DSS) { | 213 #ifdef DROPEAR_DSS |
203 keysize = DSS_SIZE; | 214 case DROPBEAR_SIGNKEY_DSS: |
204 } else if (keytype == DROPBEAR_SIGNKEY_RSA) { | 215 if (bits != 1024) { |
205 keysize = RSA_SIZE; | 216 fprintf(stderr, "DSS keys have a fixed size of 1024 bits\n"); |
206 } else { | 217 exit(EXIT_FAILURE); |
207 exit(EXIT_FAILURE); /* not reached */ | 218 } |
208 } | 219 #endif |
209 } | 220 default: |
210 | 221 (void)0; /* quiet, compiler. ecdsa handles checks itself */ |
211 | 222 } |
212 fprintf(stderr, "Will output %d bit %s secret key to '%s'\n", keysize*8, | 223 |
224 switch (keytype) { | |
225 #ifdef DROPBEAR_RSA | |
226 case DROPBEAR_SIGNKEY_RSA: | |
227 bits = RSA_DEFAULT_SIZE; | |
228 break; | |
229 #endif | |
230 #ifdef DROPBEAR_DSS | |
231 case DROPBEAR_SIGNKEY_DSS: | |
232 bits = DSS_DEFAULT_SIZE; | |
233 break; | |
234 #endif | |
235 #ifdef DROPBEAR_ECDSA | |
236 case DROPBEAR_SIGNKEY_ECDSA_KEYGEN: | |
237 bits = ECDSA_DEFAULT_SIZE; | |
238 break; | |
239 #endif | |
240 default: | |
241 exit(EXIT_FAILURE); /* not reached */ | |
242 } | |
243 } | |
244 | |
245 | |
246 fprintf(stderr, "Will output %d bit %s secret key to '%s'\n", bits, | |
213 typetext, filename); | 247 typetext, filename); |
214 | 248 |
215 /* don't want the file readable by others */ | 249 /* don't want the file readable by others */ |
216 umask(077); | 250 umask(077); |
217 | 251 |
220 | 254 |
221 fprintf(stderr, "Generating key, this may take a while...\n"); | 255 fprintf(stderr, "Generating key, this may take a while...\n"); |
222 switch(keytype) { | 256 switch(keytype) { |
223 #ifdef DROPBEAR_RSA | 257 #ifdef DROPBEAR_RSA |
224 case DROPBEAR_SIGNKEY_RSA: | 258 case DROPBEAR_SIGNKEY_RSA: |
225 key->rsakey = gen_rsa_priv_key(keysize); /* 128 bytes = 1024 bit */ | 259 key->rsakey = gen_rsa_priv_key(bits); |
226 break; | 260 break; |
227 #endif | 261 #endif |
228 #ifdef DROPBEAR_DSS | 262 #ifdef DROPBEAR_DSS |
229 case DROPBEAR_SIGNKEY_DSS: | 263 case DROPBEAR_SIGNKEY_DSS: |
230 key->dsskey = gen_dss_priv_key(keysize); /* 128 bytes = 1024 bit */ | 264 key->dsskey = gen_dss_priv_key(bits); |
265 break; | |
266 #endif | |
267 #ifdef DROPBEAR_ECDSA | |
268 case DROPBEAR_SIGNKEY_ECDSA_KEYGEN: | |
269 { | |
270 ecc_key *ecckey = gen_ecdsa_priv_key(bits); | |
271 keytype = ecdsa_signkey_type(ecckey); | |
272 *signkey_ecc_key_ptr(key, keytype) = ecckey; | |
273 } | |
231 break; | 274 break; |
232 #endif | 275 #endif |
233 default: | 276 default: |
234 fprintf(stderr, "Internal error, bad key type\n"); | 277 fprintf(stderr, "Internal error, bad key type\n"); |
235 exit(EXIT_FAILURE); | 278 exit(EXIT_FAILURE); |
317 | 360 |
318 if (err != CRYPT_OK) { | 361 if (err != CRYPT_OK) { |
319 fprintf(stderr, "base64 failed"); | 362 fprintf(stderr, "base64 failed"); |
320 } | 363 } |
321 | 364 |
322 typestring = signkey_name_from_type(keytype, &err); | 365 typestring = signkey_name_from_type(keytype, NULL); |
323 | 366 |
324 fp = sign_key_fingerprint(buf_getptr(buf, len), len); | 367 fp = sign_key_fingerprint(buf_getptr(buf, len), len); |
325 | 368 |
326 /* a user@host comment is informative */ | 369 /* a user@host comment is informative */ |
327 username = ""; | 370 username = ""; |