Mercurial > dropbear

comparison dropbearkey.c @ 839:33207ed1174b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merge in ECC
author Matt Johnston <matt@ucc.asn.au>
date Mon, 21 Oct 2013 22:57:21 +0800
parents 75509065db53
children 5128e525c8fa
comparison
equal deleted inserted replaced
834:e378da7eae5d 839:33207ed1174b
49 #include "buffer.h" 49 #include "buffer.h"
50 #include "dbutil.h" 50 #include "dbutil.h"
51 51
52 #include "genrsa.h" 52 #include "genrsa.h"
53 #include "gendss.h" 53 #include "gendss.h"
54 #include "ecdsa.h"
55 #include "crypto_desc.h"
56 #include "random.h"
54 57
55 static void printhelp(char * progname); 58 static void printhelp(char * progname);
56 59
57 #define RSA_SIZE (1024/8) /* 1024 bit */ 60 #define RSA_DEFAULT_SIZE 1024
58 #define DSS_SIZE (1024/8) /* 1024 bit */ 61 #define DSS_DEFAULT_SIZE 1024
59 62
60 static void buf_writefile(buffer * buf, const char * filename); 63 static void buf_writefile(buffer * buf, const char * filename);
61 static void printpubkey(sign_key * key, int keytype); 64 static void printpubkey(sign_key * key, int keytype);
62 static void justprintpub(const char* filename); 65 static void justprintpub(const char* filename);
63 66
70 " rsa\n" 73 " rsa\n"
71 #endif 74 #endif
72 #ifdef DROPBEAR_DSS 75 #ifdef DROPBEAR_DSS
73 " dss\n" 76 " dss\n"
74 #endif 77 #endif
78 #ifdef DROPBEAR_ECDSA
79 " ecdsa\n"
80 #endif
75 "-f filename Use filename for the secret key\n" 81 "-f filename Use filename for the secret key\n"
76 "-s bits Key size in bits, should be a multiple of 8 (optional)\n" 82 "-s bits Key size in bits, should be a multiple of 8 (optional)\n"
77 " (DSS has a fixed size of 1024 bits)\n" 83 #ifdef DROPBEAR_DSS
84 " DSS has a fixed size of 1024 bits\n"
85 #endif
86 #ifdef DROPBEAR_ECDSA
87 " ECDSA has sizes "
88 #ifdef DROPBEAR_ECC_256
89 "256 "
90 #endif
91 #ifdef DROPBEAR_ECC_384
92 "384 "
93 #endif
94 #ifdef DROPBEAR_ECC_521
95 "521 "
96 #endif
97 "\n"
98 #endif
78 "-y Just print the publickey and fingerprint for the\n private key in <filename>.\n" 99 "-y Just print the publickey and fingerprint for the\n private key in <filename>.\n"
79 #ifdef DEBUG_TRACE 100 #ifdef DEBUG_TRACE
80 "-v verbose\n" 101 "-v verbose\n"
81 #endif 102 #endif
82 ,progname); 103 ,progname);
92 int i; 113 int i;
93 char ** next = 0; 114 char ** next = 0;
94 sign_key *key = NULL; 115 sign_key *key = NULL;
95 buffer *buf = NULL; 116 buffer *buf = NULL;
96 char * filename = NULL; 117 char * filename = NULL;
97 int keytype = -1; 118 enum signkey_type keytype = DROPBEAR_SIGNKEY_NONE;
98 char * typetext = NULL; 119 char * typetext = NULL;
99 char * sizetext = NULL; 120 char * sizetext = NULL;
100 unsigned int bits; 121 unsigned int bits;
101 unsigned int keysize;
102 int printpub = 0; 122 int printpub = 0;
123
124 crypto_init();
125 seedrandom();
103 126
104 /* get the commandline options */ 127 /* get the commandline options */
105 for (i = 1; i < argc; i++) { 128 for (i = 1; i < argc; i++) {
106 if (argv[i] == NULL) { 129 if (argv[i] == NULL) {
107 continue; /* Whack */ 130 continue; /* Whack */
160 fprintf(stderr, "Must specify key type\n"); 183 fprintf(stderr, "Must specify key type\n");
161 printhelp(argv[0]); 184 printhelp(argv[0]);
162 exit(EXIT_FAILURE); 185 exit(EXIT_FAILURE);
163 } 186 }
164 187
165 if (strlen(typetext) == 3) { 188 keytype = signkey_type_from_name(typetext, strlen(typetext));
166 #ifdef DROPBEAR_RSA 189
167 if (strncmp(typetext, "rsa", 3) == 0) { 190 if (keytype == DROPBEAR_SIGNKEY_NONE) {
168 keytype = DROPBEAR_SIGNKEY_RSA;
169 TRACE(("type is rsa"))
170 }
171 #endif
172 #ifdef DROPBEAR_DSS
173 if (strncmp(typetext, "dss", 3) == 0) {
174 keytype = DROPBEAR_SIGNKEY_DSS;
175 TRACE(("type is dss"))
176 }
177 #endif
178 }
179 if (keytype == -1) {
180 fprintf(stderr, "Unknown key type '%s'\n", typetext); 191 fprintf(stderr, "Unknown key type '%s'\n", typetext);
181 printhelp(argv[0]); 192 printhelp(argv[0]);
182 exit(EXIT_FAILURE); 193 exit(EXIT_FAILURE);
183 } 194 }
184 195
186 if (sscanf(sizetext, "%u", &bits) != 1) { 197 if (sscanf(sizetext, "%u", &bits) != 1) {
187 fprintf(stderr, "Bits must be an integer\n"); 198 fprintf(stderr, "Bits must be an integer\n");
188 exit(EXIT_FAILURE); 199 exit(EXIT_FAILURE);
189 } 200 }
190 201
191 if (keytype == DROPBEAR_SIGNKEY_DSS && bits != 1024) { 202 // TODO: put RSA and DSS size checks into genrsa.c etc
192 fprintf(stderr, "DSS keys have a fixed size of 1024 bits\n"); 203 switch (keytype) {
193 exit(EXIT_FAILURE); 204 #ifdef DROPBEAR_RSA
194 } else if (bits < 512 || bits > 4096 || (bits % 8 != 0)) { 205 case DROPBEAR_SIGNKEY_RSA:
195 fprintf(stderr, "Bits must satisfy 512 <= bits <= 4096, and be a" 206 if (bits < 512 || bits > 4096 || (bits % 8 != 0)) {
196 " multiple of 8\n"); 207 fprintf(stderr, "Bits must satisfy 512 <= bits <= 4096, and be a"
197 exit(EXIT_FAILURE); 208 " multiple of 8\n");
198 } 209 exit(EXIT_FAILURE);
199 210 }
200 keysize = bits / 8; 211 break;
201 } else { 212 #endif
202 if (keytype == DROPBEAR_SIGNKEY_DSS) { 213 #ifdef DROPEAR_DSS
203 keysize = DSS_SIZE; 214 case DROPBEAR_SIGNKEY_DSS:
204 } else if (keytype == DROPBEAR_SIGNKEY_RSA) { 215 if (bits != 1024) {
205 keysize = RSA_SIZE; 216 fprintf(stderr, "DSS keys have a fixed size of 1024 bits\n");
206 } else { 217 exit(EXIT_FAILURE);
207 exit(EXIT_FAILURE); /* not reached */ 218 }
208 } 219 #endif
209 } 220 default:
210 221 (void)0; /* quiet, compiler. ecdsa handles checks itself */
211 222 }
212 fprintf(stderr, "Will output %d bit %s secret key to '%s'\n", keysize*8, 223
224 switch (keytype) {
225 #ifdef DROPBEAR_RSA
226 case DROPBEAR_SIGNKEY_RSA:
227 bits = RSA_DEFAULT_SIZE;
228 break;
229 #endif
230 #ifdef DROPBEAR_DSS
231 case DROPBEAR_SIGNKEY_DSS:
232 bits = DSS_DEFAULT_SIZE;
233 break;
234 #endif
235 #ifdef DROPBEAR_ECDSA
236 case DROPBEAR_SIGNKEY_ECDSA_KEYGEN:
237 bits = ECDSA_DEFAULT_SIZE;
238 break;
239 #endif
240 default:
241 exit(EXIT_FAILURE); /* not reached */
242 }
243 }
244
245
246 fprintf(stderr, "Will output %d bit %s secret key to '%s'\n", bits,
213 typetext, filename); 247 typetext, filename);
214 248
215 /* don't want the file readable by others */ 249 /* don't want the file readable by others */
216 umask(077); 250 umask(077);
217 251
220 254
221 fprintf(stderr, "Generating key, this may take a while...\n"); 255 fprintf(stderr, "Generating key, this may take a while...\n");
222 switch(keytype) { 256 switch(keytype) {
223 #ifdef DROPBEAR_RSA 257 #ifdef DROPBEAR_RSA
224 case DROPBEAR_SIGNKEY_RSA: 258 case DROPBEAR_SIGNKEY_RSA:
225 key->rsakey = gen_rsa_priv_key(keysize); /* 128 bytes = 1024 bit */ 259 key->rsakey = gen_rsa_priv_key(bits);
226 break; 260 break;
227 #endif 261 #endif
228 #ifdef DROPBEAR_DSS 262 #ifdef DROPBEAR_DSS
229 case DROPBEAR_SIGNKEY_DSS: 263 case DROPBEAR_SIGNKEY_DSS:
230 key->dsskey = gen_dss_priv_key(keysize); /* 128 bytes = 1024 bit */ 264 key->dsskey = gen_dss_priv_key(bits);
265 break;
266 #endif
267 #ifdef DROPBEAR_ECDSA
268 case DROPBEAR_SIGNKEY_ECDSA_KEYGEN:
269 {
270 ecc_key *ecckey = gen_ecdsa_priv_key(bits);
271 keytype = ecdsa_signkey_type(ecckey);
272 *signkey_ecc_key_ptr(key, keytype) = ecckey;
273 }
231 break; 274 break;
232 #endif 275 #endif
233 default: 276 default:
234 fprintf(stderr, "Internal error, bad key type\n"); 277 fprintf(stderr, "Internal error, bad key type\n");
235 exit(EXIT_FAILURE); 278 exit(EXIT_FAILURE);
317 360
318 if (err != CRYPT_OK) { 361 if (err != CRYPT_OK) {
319 fprintf(stderr, "base64 failed"); 362 fprintf(stderr, "base64 failed");
320 } 363 }
321 364
322 typestring = signkey_name_from_type(keytype, &err); 365 typestring = signkey_name_from_type(keytype, NULL);
323 366
324 fp = sign_key_fingerprint(buf_getptr(buf, len), len); 367 fp = sign_key_fingerprint(buf_getptr(buf, len), len);
325 368
326 /* a user@host comment is informative */ 369 /* a user@host comment is informative */
327 username = ""; 370 username = "";