Mercurial > dropbear
comparison gensignkey.c @ 1438:4f8eb331174f
add configuration option for default RSA size.
print key size with dropbearkey
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sat, 24 Jun 2017 23:32:25 +0800 |
| parents | bbc0a0ee3843 |
| children | 7402218141d4 |
comparison
equal
deleted
inserted
replaced
| 1436:60fc6476e044 | 1438:4f8eb331174f |
|---|---|
| 4 #include "ecdsa.h" | 4 #include "ecdsa.h" |
| 5 #include "genrsa.h" | 5 #include "genrsa.h" |
| 6 #include "gendss.h" | 6 #include "gendss.h" |
| 7 #include "signkey.h" | 7 #include "signkey.h" |
| 8 #include "dbrandom.h" | 8 #include "dbrandom.h" |
| 9 | |
| 10 #define RSA_DEFAULT_SIZE 2048 | |
| 11 #define DSS_DEFAULT_SIZE 1024 | |
| 12 | 9 |
| 13 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ | 10 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ |
| 14 static int buf_writefile(buffer * buf, const char * filename) { | 11 static int buf_writefile(buffer * buf, const char * filename) { |
| 15 int ret = DROPBEAR_FAILURE; | 12 int ret = DROPBEAR_FAILURE; |
| 16 int fd = -1; | 13 int fd = -1; |
| 53 static int get_default_bits(enum signkey_type keytype) | 50 static int get_default_bits(enum signkey_type keytype) |
| 54 { | 51 { |
| 55 switch (keytype) { | 52 switch (keytype) { |
| 56 #if DROPBEAR_RSA | 53 #if DROPBEAR_RSA |
| 57 case DROPBEAR_SIGNKEY_RSA: | 54 case DROPBEAR_SIGNKEY_RSA: |
| 58 return RSA_DEFAULT_SIZE; | 55 return DROPBEAR_DEFAULT_RSA_SIZE; |
| 59 #endif | 56 #endif |
| 60 #if DROPBEAR_DSS | 57 #if DROPBEAR_DSS |
| 61 case DROPBEAR_SIGNKEY_DSS: | 58 case DROPBEAR_SIGNKEY_DSS: |
| 62 return DSS_DEFAULT_SIZE; | 59 /* DSS for SSH only defines 1024 bits */ |
| 60 return 1024; | |
| 63 #endif | 61 #endif |
| 64 #if DROPBEAR_ECDSA | 62 #if DROPBEAR_ECDSA |
| 65 case DROPBEAR_SIGNKEY_ECDSA_KEYGEN: | 63 case DROPBEAR_SIGNKEY_ECDSA_KEYGEN: |
| 66 return ECDSA_DEFAULT_SIZE; | 64 return ECDSA_DEFAULT_SIZE; |
| 67 case DROPBEAR_SIGNKEY_ECDSA_NISTP521: | 65 case DROPBEAR_SIGNKEY_ECDSA_NISTP521: |
| 74 default: | 72 default: |
| 75 return 0; | 73 return 0; |
| 76 } | 74 } |
| 77 } | 75 } |
| 78 | 76 |
| 77 int signkey_generate_get_bits(enum signkey_type keytype, int bits) { | |
| 78 if (bits == 0) | |
| 79 { | |
| 80 bits = get_default_bits(keytype); | |
| 81 } | |
| 82 return bits; | |
| 83 } | |
| 84 | |
| 79 /* if skip_exist is set it will silently return if the key file exists */ | 85 /* if skip_exist is set it will silently return if the key file exists */ |
| 80 int signkey_generate(enum signkey_type keytype, int bits, const char* filename, int skip_exist) | 86 int signkey_generate(enum signkey_type keytype, int bits, const char* filename, int skip_exist) |
| 81 { | 87 { |
| 82 sign_key * key = NULL; | 88 sign_key * key = NULL; |
| 83 buffer *buf = NULL; | 89 buffer *buf = NULL; |
| 84 char *fn_temp = NULL; | 90 char *fn_temp = NULL; |
| 85 int ret = DROPBEAR_FAILURE; | 91 int ret = DROPBEAR_FAILURE; |
| 86 if (bits == 0) | 92 bits = signkey_generate_get_bits(keytype, bits); |
| 87 { | |
| 88 bits = get_default_bits(keytype); | |
| 89 } | |
| 90 | 93 |
| 91 /* now we can generate the key */ | 94 /* now we can generate the key */ |
| 92 key = new_sign_key(); | 95 key = new_sign_key(); |
| 93 | 96 |
| 94 seedrandom(); | 97 seedrandom(); |