Mercurial > dropbear

comparison dropbearkey.c @ 1659:d32bcb5c557d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add Ed25519 support (#91) * Add support for Ed25519 as a public key type Ed25519 is a elliptic curve signature scheme that offers better security than ECDSA and DSA and good performance. It may be used for both user and host keys. OpenSSH key import and fuzzer are not supported yet. Initially inspired by Peter Szabo. * Add curve25519 and ed25519 fuzzers * Add import and export of Ed25519 keys
author Vladislav Grishenko <themiron@users.noreply.github.com>
date Wed, 11 Mar 2020 21:09:45 +0500
parents bdd3802c8ac6
children 435cfb9ec96e
comparison
equal deleted inserted replaced
1658:7402218141d4 1659:d32bcb5c557d
41 * mp_int q 41 * mp_int q
42 * mp_int g 42 * mp_int g
43 * mp_int y 43 * mp_int y
44 * mp_int x 44 * mp_int x
45 * 45 *
46 * Ed25519:
47 * string "ssh-ed25519"
48 * string k (32 bytes) + A (32 bytes)
49 *
46 */ 50 */
47 #include "includes.h" 51 #include "includes.h"
48 #include "signkey.h" 52 #include "signkey.h"
49 #include "buffer.h" 53 #include "buffer.h"
50 #include "dbutil.h" 54 #include "dbutil.h"
51 55
52 #include "genrsa.h" 56 #include "genrsa.h"
53 #include "gendss.h" 57 #include "gendss.h"
58 #include "gened25519.h"
54 #include "ecdsa.h" 59 #include "ecdsa.h"
55 #include "crypto_desc.h" 60 #include "crypto_desc.h"
56 #include "dbrandom.h" 61 #include "dbrandom.h"
57 #include "gensignkey.h" 62 #include "gensignkey.h"
58 63
73 #if DROPBEAR_DSS 78 #if DROPBEAR_DSS
74 " dss\n" 79 " dss\n"
75 #endif 80 #endif
76 #if DROPBEAR_ECDSA 81 #if DROPBEAR_ECDSA
77 " ecdsa\n" 82 " ecdsa\n"
83 #endif
84 #if DROPBEAR_ED25519
85 " ed25519\n"
78 #endif 86 #endif
79 "-f filename Use filename for the secret key.\n" 87 "-f filename Use filename for the secret key.\n"
80 " ~/.ssh/id_dropbear is recommended for client keys.\n" 88 " ~/.ssh/id_dropbear is recommended for client keys.\n"
81 "-s bits Key size in bits, should be a multiple of 8 (optional)\n" 89 "-s bits Key size in bits, should be a multiple of 8 (optional)\n"
82 #if DROPBEAR_DSS 90 #if DROPBEAR_DSS
93 #if DROPBEAR_ECC_521 101 #if DROPBEAR_ECC_521
94 "521 " 102 "521 "
95 #endif 103 #endif
96 "\n" 104 "\n"
97 #endif 105 #endif
106 #if DROPBEAR_ED25519
107 " Ed25519 has a fixed size of 256 bits\n"
108 #endif
98 "-y Just print the publickey and fingerprint for the\n private key in <filename>.\n" 109 "-y Just print the publickey and fingerprint for the\n private key in <filename>.\n"
99 #if DEBUG_TRACE 110 #if DEBUG_TRACE
100 "-v verbose\n" 111 "-v verbose\n"
101 #endif 112 #endif
102 ,progname); 113 ,progname);
104 115
105 /* fails fatally */ 116 /* fails fatally */
106 static void check_signkey_bits(enum signkey_type type, int bits) 117 static void check_signkey_bits(enum signkey_type type, int bits)
107 { 118 {
108 switch (type) { 119 switch (type) {
120 #if DROPBEAR_ED25519
121 case DROPBEAR_SIGNKEY_ED25519:
122 if (bits != 256) {
123 dropbear_exit("Ed25519 keys have a fixed size of 256 bits\n");
124 exit(EXIT_FAILURE);
125 }
126 break;
127 #endif
109 #if DROPBEAR_RSA 128 #if DROPBEAR_RSA
110 case DROPBEAR_SIGNKEY_RSA: 129 case DROPBEAR_SIGNKEY_RSA:
111 if (bits < 512 || bits > 4096 || (bits % 8 != 0)) { 130 if (bits < 512 || bits > 4096 || (bits % 8 != 0)) {
112 dropbear_exit("Bits must satisfy 512 <= bits <= 4096, and be a" 131 dropbear_exit("Bits must satisfy 512 <= bits <= 4096, and be a"
113 " multiple of 8\n"); 132 " multiple of 8\n");
222 if (strcmp(typetext, "ecdsa") == 0) 241 if (strcmp(typetext, "ecdsa") == 0)
223 { 242 {
224 keytype = DROPBEAR_SIGNKEY_ECDSA_KEYGEN; 243 keytype = DROPBEAR_SIGNKEY_ECDSA_KEYGEN;
225 } 244 }
226 #endif 245 #endif
246 #if DROPBEAR_ED25519
247 if (strcmp(typetext, "ed25519") == 0)
248 {
249 keytype = DROPBEAR_SIGNKEY_ED25519;
250 }
251 #endif
227 252
228 if (keytype == DROPBEAR_SIGNKEY_NONE) { 253 if (keytype == DROPBEAR_SIGNKEY_NONE) {
229 fprintf(stderr, "Unknown key type '%s'\n", typetext); 254 fprintf(stderr, "Unknown key type '%s'\n", typetext);
230 printhelp(argv[0]); 255 printhelp(argv[0]);
231 exit(EXIT_FAILURE); 256 exit(EXIT_FAILURE);