Mercurial > dropbear
comparison dropbearkey.c @ 794:d386defb5376 ecc
more ecdsa signkey work, not correct
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 28 Apr 2013 23:17:43 +0800 |
| parents | d1575fdc29a6 |
| children | 7f604f9b3756 |
comparison
equal
deleted
inserted
replaced
| 793:70625eed40c9 | 794:d386defb5376 |
|---|---|
| 49 #include "buffer.h" | 49 #include "buffer.h" |
| 50 #include "dbutil.h" | 50 #include "dbutil.h" |
| 51 | 51 |
| 52 #include "genrsa.h" | 52 #include "genrsa.h" |
| 53 #include "gendss.h" | 53 #include "gendss.h" |
| 54 #include "ecdsa.h" | |
| 55 #include "crypto_desc.h" | |
| 54 | 56 |
| 55 static void printhelp(char * progname); | 57 static void printhelp(char * progname); |
| 56 | 58 |
| 57 #define RSA_SIZE (1024/8) /* 1024 bit */ | 59 #define RSA_DEFAULT_SIZE 1024 |
| 58 #define DSS_SIZE (1024/8) /* 1024 bit */ | 60 #define DSS_DEFAULT_SIZE 1024 |
| 59 | 61 |
| 60 static void buf_writefile(buffer * buf, const char * filename); | 62 static void buf_writefile(buffer * buf, const char * filename); |
| 61 static void printpubkey(sign_key * key, int keytype); | 63 static void printpubkey(sign_key * key, int keytype); |
| 62 static void justprintpub(const char* filename); | 64 static void justprintpub(const char* filename); |
| 63 | 65 |
| 70 " rsa\n" | 72 " rsa\n" |
| 71 #endif | 73 #endif |
| 72 #ifdef DROPBEAR_DSS | 74 #ifdef DROPBEAR_DSS |
| 73 " dss\n" | 75 " dss\n" |
| 74 #endif | 76 #endif |
| 77 #ifdef DROPBEAR_ECDSA | |
| 78 " ecdsa\n" | |
| 79 #endif | |
| 75 "-f filename Use filename for the secret key\n" | 80 "-f filename Use filename for the secret key\n" |
| 76 "-s bits Key size in bits, should be a multiple of 8 (optional)\n" | 81 "-s bits Key size in bits, should be a multiple of 8 (optional)\n" |
| 77 " (DSS has a fixed size of 1024 bits)\n" | 82 #ifdef DROPBEAR_DSS |
| 83 " DSS has a fixed size of 1024 bits\n" | |
| 84 #endif | |
| 85 #ifdef DROPBEAR_ECDSA | |
| 86 " ECDSA has sizes " | |
| 87 #ifdef DROPBEAR_ECC_256 | |
| 88 "256 " | |
| 89 #endif | |
| 90 #ifdef DROPBEAR_ECC_384 | |
| 91 "384 " | |
| 92 #endif | |
| 93 #ifdef DROPBEAR_ECC_521 | |
| 94 "521 " | |
| 95 #endif | |
| 96 "\n" | |
| 97 #endif | |
| 78 "-y Just print the publickey and fingerprint for the\n private key in <filename>.\n" | 98 "-y Just print the publickey and fingerprint for the\n private key in <filename>.\n" |
| 79 #ifdef DEBUG_TRACE | 99 #ifdef DEBUG_TRACE |
| 80 "-v verbose\n" | 100 "-v verbose\n" |
| 81 #endif | 101 #endif |
| 82 ,progname); | 102 ,progname); |
| 92 int i; | 112 int i; |
| 93 char ** next = 0; | 113 char ** next = 0; |
| 94 sign_key *key = NULL; | 114 sign_key *key = NULL; |
| 95 buffer *buf = NULL; | 115 buffer *buf = NULL; |
| 96 char * filename = NULL; | 116 char * filename = NULL; |
| 97 int keytype = -1; | 117 enum signkey_type keytype = DROPBEAR_SIGNKEY_NONE; |
| 98 char * typetext = NULL; | 118 char * typetext = NULL; |
| 99 char * sizetext = NULL; | 119 char * sizetext = NULL; |
| 100 unsigned int bits; | 120 unsigned int bits; |
| 101 unsigned int keysize; | |
| 102 int printpub = 0; | 121 int printpub = 0; |
| 103 | 122 |
| 104 /* get the commandline options */ | 123 /* get the commandline options */ |
| 105 for (i = 1; i < argc; i++) { | 124 for (i = 1; i < argc; i++) { |
| 106 if (argv[i] == NULL) { | 125 if (argv[i] == NULL) { |
| 160 fprintf(stderr, "Must specify key type\n"); | 179 fprintf(stderr, "Must specify key type\n"); |
| 161 printhelp(argv[0]); | 180 printhelp(argv[0]); |
| 162 exit(EXIT_FAILURE); | 181 exit(EXIT_FAILURE); |
| 163 } | 182 } |
| 164 | 183 |
| 165 if (strlen(typetext) == 3) { | 184 keytype = signkey_type_from_name(typetext, strlen(typetext)); |
| 166 #ifdef DROPBEAR_RSA | 185 |
| 167 if (strncmp(typetext, "rsa", 3) == 0) { | 186 if (keytype == DROPBEAR_SIGNKEY_NONE) { |
| 168 keytype = DROPBEAR_SIGNKEY_RSA; | |
| 169 TRACE(("type is rsa")) | |
| 170 } | |
| 171 #endif | |
| 172 #ifdef DROPBEAR_DSS | |
| 173 if (strncmp(typetext, "dss", 3) == 0) { | |
| 174 keytype = DROPBEAR_SIGNKEY_DSS; | |
| 175 TRACE(("type is dss")) | |
| 176 } | |
| 177 #endif | |
| 178 } | |
| 179 if (keytype == -1) { | |
| 180 fprintf(stderr, "Unknown key type '%s'\n", typetext); | 187 fprintf(stderr, "Unknown key type '%s'\n", typetext); |
| 181 printhelp(argv[0]); | 188 printhelp(argv[0]); |
| 182 exit(EXIT_FAILURE); | 189 exit(EXIT_FAILURE); |
| 183 } | 190 } |
| 184 | 191 |
| 195 } else if (bits < 512 || bits > 4096 || (bits % 8 != 0)) { | 202 } else if (bits < 512 || bits > 4096 || (bits % 8 != 0)) { |
| 196 fprintf(stderr, "Bits must satisfy 512 <= bits <= 4096, and be a" | 203 fprintf(stderr, "Bits must satisfy 512 <= bits <= 4096, and be a" |
| 197 " multiple of 8\n"); | 204 " multiple of 8\n"); |
| 198 exit(EXIT_FAILURE); | 205 exit(EXIT_FAILURE); |
| 199 } | 206 } |
| 200 | |
| 201 keysize = bits / 8; | |
| 202 } else { | 207 } else { |
| 203 if (keytype == DROPBEAR_SIGNKEY_DSS) { | 208 if (keytype == DROPBEAR_SIGNKEY_DSS) { |
| 204 keysize = DSS_SIZE; | 209 bits = DSS_DEFAULT_SIZE; |
| 205 } else if (keytype == DROPBEAR_SIGNKEY_RSA) { | 210 } else if (keytype == DROPBEAR_SIGNKEY_RSA) { |
| 206 keysize = RSA_SIZE; | 211 bits = RSA_DEFAULT_SIZE; |
| 212 } else if (keytype == DROPBEAR_SIGNKEY_ECDSA_KEYGEN) { | |
| 213 bits = ECDSA_DEFAULT_SIZE; | |
| 207 } else { | 214 } else { |
| 208 exit(EXIT_FAILURE); /* not reached */ | 215 exit(EXIT_FAILURE); /* not reached */ |
| 209 } | 216 } |
| 210 } | 217 } |
| 211 | 218 |
| 212 | 219 |
| 213 fprintf(stderr, "Will output %d bit %s secret key to '%s'\n", keysize*8, | 220 fprintf(stderr, "Will output %d bit %s secret key to '%s'\n", bits, |
| 214 typetext, filename); | 221 typetext, filename); |
| 215 | 222 |
| 216 /* don't want the file readable by others */ | 223 /* don't want the file readable by others */ |
| 217 umask(077); | 224 umask(077); |
| 225 | |
| 226 crypto_init(); | |
| 227 seedrandom(); | |
| 228 | |
| 218 | 229 |
| 219 /* now we can generate the key */ | 230 /* now we can generate the key */ |
| 220 key = new_sign_key(); | 231 key = new_sign_key(); |
| 221 | 232 |
| 222 fprintf(stderr, "Generating key, this may take a while...\n"); | 233 fprintf(stderr, "Generating key, this may take a while...\n"); |
| 223 switch(keytype) { | 234 switch(keytype) { |
| 224 #ifdef DROPBEAR_RSA | 235 #ifdef DROPBEAR_RSA |
| 225 case DROPBEAR_SIGNKEY_RSA: | 236 case DROPBEAR_SIGNKEY_RSA: |
| 226 key->rsakey = gen_rsa_priv_key(keysize); /* 128 bytes = 1024 bit */ | 237 key->rsakey = gen_rsa_priv_key(bits); |
| 227 break; | 238 break; |
| 228 #endif | 239 #endif |
| 229 #ifdef DROPBEAR_DSS | 240 #ifdef DROPBEAR_DSS |
| 230 case DROPBEAR_SIGNKEY_DSS: | 241 case DROPBEAR_SIGNKEY_DSS: |
| 231 key->dsskey = gen_dss_priv_key(keysize); /* 128 bytes = 1024 bit */ | 242 key->dsskey = gen_dss_priv_key(bits); |
| 243 break; | |
| 244 #endif | |
| 245 #ifdef DROPBEAR_ECDSA | |
| 246 case DROPBEAR_SIGNKEY_ECDSA_KEYGEN: | |
| 247 key->ecckey = gen_ecdsa_priv_key(bits); | |
| 232 break; | 248 break; |
| 233 #endif | 249 #endif |
| 234 default: | 250 default: |
| 235 fprintf(stderr, "Internal error, bad key type\n"); | 251 fprintf(stderr, "Internal error, bad key type\n"); |
| 236 exit(EXIT_FAILURE); | 252 exit(EXIT_FAILURE); |
| 318 | 334 |
| 319 if (err != CRYPT_OK) { | 335 if (err != CRYPT_OK) { |
| 320 fprintf(stderr, "base64 failed"); | 336 fprintf(stderr, "base64 failed"); |
| 321 } | 337 } |
| 322 | 338 |
| 323 typestring = signkey_name_from_type(keytype, &err); | 339 typestring = signkey_name_from_type(keytype, NULL); |
| 324 | 340 |
| 325 fp = sign_key_fingerprint(buf_getptr(buf, len), len); | 341 fp = sign_key_fingerprint(buf_getptr(buf, len), len); |
| 326 | 342 |
| 327 /* a user@host comment is informative */ | 343 /* a user@host comment is informative */ |
| 328 username = ""; | 344 username = ""; |