Mercurial > dropbear
comparison svr-kex.c @ 846:b298bb438625 keyondemand
refactor key generation, make it generate as required.
Needs UI in server command line options
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 07 Nov 2013 00:18:52 +0800 |
parents | 7dcb46da72d9 |
children | f4bb964c8678 |
comparison
equal
deleted
inserted
replaced
845:774ad9b112ef | 846:b298bb438625 |
---|---|
33 #include "packet.h" | 33 #include "packet.h" |
34 #include "bignum.h" | 34 #include "bignum.h" |
35 #include "random.h" | 35 #include "random.h" |
36 #include "runopts.h" | 36 #include "runopts.h" |
37 #include "ecc.h" | 37 #include "ecc.h" |
38 #include "gensignkey.h" | |
38 | 39 |
39 static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs); | 40 static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs); |
40 | 41 |
41 /* Handle a diffie-hellman key exchange initialisation. This involves | 42 /* Handle a diffie-hellman key exchange initialisation. This involves |
42 * calculating a session key reply value, and corresponding hash. These | 43 * calculating a session key reply value, and corresponding hash. These |
72 | 73 |
73 send_msg_newkeys(); | 74 send_msg_newkeys(); |
74 ses.requirenext[0] = SSH_MSG_NEWKEYS; | 75 ses.requirenext[0] = SSH_MSG_NEWKEYS; |
75 ses.requirenext[1] = 0; | 76 ses.requirenext[1] = 0; |
76 TRACE(("leave recv_msg_kexdh_init")) | 77 TRACE(("leave recv_msg_kexdh_init")) |
78 } | |
79 | |
80 static void svr_ensure_hostkey() { | |
81 | |
82 const char* fn = NULL; | |
83 char *fn_temp = NULL; | |
84 enum signkey_type type = ses.newkeys->algo_hostkey; | |
85 void **hostkey = signkey_key_ptr(svr_opts.hostkey, type); | |
86 int ret = DROPBEAR_FAILURE; | |
87 | |
88 if (hostkey && *hostkey) { | |
89 return; | |
90 } | |
91 | |
92 switch (type) | |
93 { | |
94 #ifdef DROPBEAR_RSA | |
95 case DROPBEAR_SIGNKEY_RSA: | |
96 fn = RSA_PRIV_FILENAME; | |
97 break; | |
98 #endif | |
99 #ifdef DROPBEAR_DSS | |
100 case DROPBEAR_SIGNKEY_DSS: | |
101 fn = DSS_PRIV_FILENAME; | |
102 break; | |
103 #endif | |
104 #ifdef DROPBEAR_ECDSA | |
105 case DROPBEAR_SIGNKEY_ECDSA_NISTP256: | |
106 case DROPBEAR_SIGNKEY_ECDSA_NISTP384: | |
107 case DROPBEAR_SIGNKEY_ECDSA_NISTP521: | |
108 fn = ECDSA_PRIV_FILENAME; | |
109 break; | |
110 #endif | |
111 default: | |
112 (void)0; | |
113 } | |
114 | |
115 if (readhostkey(fn, svr_opts.hostkey, &type) == DROPBEAR_SUCCESS) { | |
116 return; | |
117 } | |
118 | |
119 fn_temp = m_malloc(strlen(fn) + 20); | |
120 snprintf(fn_temp, strlen(fn)+20, "%s.tmp%d", fn, getpid()); | |
121 | |
122 if (signkey_generate(type, 0, fn_temp) == DROPBEAR_FAILURE) { | |
123 goto out; | |
124 } | |
125 | |
126 if (link(fn_temp, fn) < 0) { | |
127 if (errno != EEXIST) { | |
128 dropbear_log(LOG_ERR, "Failed moving key file to %s", fn); | |
129 /* XXX fallback to non-atomic copy for some filesystems? */ | |
130 goto out; | |
131 } | |
132 } | |
133 | |
134 ret = readhostkey(fn, svr_opts.hostkey, &type); | |
135 | |
136 out: | |
137 if (fn_temp) { | |
138 unlink(fn_temp); | |
139 m_free(fn_temp); | |
140 } | |
141 | |
142 if (ret == DROPBEAR_FAILURE) | |
143 { | |
144 dropbear_exit("Couldn't read or generate hostkey"); | |
145 } | |
146 | |
147 // directory for keys. | |
148 | |
149 // Create lockfile first, or wait if it exists. PID! | |
150 // Generate key | |
151 // write it, load to memory | |
152 // atomic rename, done. | |
153 | |
77 } | 154 } |
78 | 155 |
79 /* Generate our side of the diffie-hellman key exchange value (dh_f), and | 156 /* Generate our side of the diffie-hellman key exchange value (dh_f), and |
80 * calculate the session key using the diffie-hellman algorithm. Following | 157 * calculate the session key using the diffie-hellman algorithm. Following |
81 * that, the session hash is calculated, and signed with RSA or DSS. The | 158 * that, the session hash is calculated, and signed with RSA or DSS. The |
86 static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) { | 163 static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) { |
87 TRACE(("enter send_msg_kexdh_reply")) | 164 TRACE(("enter send_msg_kexdh_reply")) |
88 | 165 |
89 /* we can start creating the kexdh_reply packet */ | 166 /* we can start creating the kexdh_reply packet */ |
90 CHECKCLEARTOWRITE(); | 167 CHECKCLEARTOWRITE(); |
168 | |
169 svr_ensure_hostkey(); | |
170 | |
91 buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_REPLY); | 171 buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_REPLY); |
92 buf_put_pub_key(ses.writepayload, svr_opts.hostkey, | 172 buf_put_pub_key(ses.writepayload, svr_opts.hostkey, |
93 ses.newkeys->algo_hostkey); | 173 ses.newkeys->algo_hostkey); |
94 | 174 |
95 if (IS_NORMAL_DH(ses.newkeys->algo_kex)) { | 175 if (IS_NORMAL_DH(ses.newkeys->algo_kex)) { |