comparison dropbearkey.c @ 794:d386defb5376 ecc

more ecdsa signkey work, not correct
author Matt Johnston <matt@ucc.asn.au>
date Sun, 28 Apr 2013 23:17:43 +0800
parents d1575fdc29a6
children 7f604f9b3756
comparison
equal deleted inserted replaced
793:70625eed40c9 794:d386defb5376
49 #include "buffer.h" 49 #include "buffer.h"
50 #include "dbutil.h" 50 #include "dbutil.h"
51 51
52 #include "genrsa.h" 52 #include "genrsa.h"
53 #include "gendss.h" 53 #include "gendss.h"
54 #include "ecdsa.h"
55 #include "crypto_desc.h"
54 56
55 static void printhelp(char * progname); 57 static void printhelp(char * progname);
56 58
57 #define RSA_SIZE (1024/8) /* 1024 bit */ 59 #define RSA_DEFAULT_SIZE 1024
58 #define DSS_SIZE (1024/8) /* 1024 bit */ 60 #define DSS_DEFAULT_SIZE 1024
59 61
60 static void buf_writefile(buffer * buf, const char * filename); 62 static void buf_writefile(buffer * buf, const char * filename);
61 static void printpubkey(sign_key * key, int keytype); 63 static void printpubkey(sign_key * key, int keytype);
62 static void justprintpub(const char* filename); 64 static void justprintpub(const char* filename);
63 65
70 " rsa\n" 72 " rsa\n"
71 #endif 73 #endif
72 #ifdef DROPBEAR_DSS 74 #ifdef DROPBEAR_DSS
73 " dss\n" 75 " dss\n"
74 #endif 76 #endif
77 #ifdef DROPBEAR_ECDSA
78 " ecdsa\n"
79 #endif
75 "-f filename Use filename for the secret key\n" 80 "-f filename Use filename for the secret key\n"
76 "-s bits Key size in bits, should be a multiple of 8 (optional)\n" 81 "-s bits Key size in bits, should be a multiple of 8 (optional)\n"
77 " (DSS has a fixed size of 1024 bits)\n" 82 #ifdef DROPBEAR_DSS
83 " DSS has a fixed size of 1024 bits\n"
84 #endif
85 #ifdef DROPBEAR_ECDSA
86 " ECDSA has sizes "
87 #ifdef DROPBEAR_ECC_256
88 "256 "
89 #endif
90 #ifdef DROPBEAR_ECC_384
91 "384 "
92 #endif
93 #ifdef DROPBEAR_ECC_521
94 "521 "
95 #endif
96 "\n"
97 #endif
78 "-y Just print the publickey and fingerprint for the\n private key in <filename>.\n" 98 "-y Just print the publickey and fingerprint for the\n private key in <filename>.\n"
79 #ifdef DEBUG_TRACE 99 #ifdef DEBUG_TRACE
80 "-v verbose\n" 100 "-v verbose\n"
81 #endif 101 #endif
82 ,progname); 102 ,progname);
92 int i; 112 int i;
93 char ** next = 0; 113 char ** next = 0;
94 sign_key *key = NULL; 114 sign_key *key = NULL;
95 buffer *buf = NULL; 115 buffer *buf = NULL;
96 char * filename = NULL; 116 char * filename = NULL;
97 int keytype = -1; 117 enum signkey_type keytype = DROPBEAR_SIGNKEY_NONE;
98 char * typetext = NULL; 118 char * typetext = NULL;
99 char * sizetext = NULL; 119 char * sizetext = NULL;
100 unsigned int bits; 120 unsigned int bits;
101 unsigned int keysize;
102 int printpub = 0; 121 int printpub = 0;
103 122
104 /* get the commandline options */ 123 /* get the commandline options */
105 for (i = 1; i < argc; i++) { 124 for (i = 1; i < argc; i++) {
106 if (argv[i] == NULL) { 125 if (argv[i] == NULL) {
160 fprintf(stderr, "Must specify key type\n"); 179 fprintf(stderr, "Must specify key type\n");
161 printhelp(argv[0]); 180 printhelp(argv[0]);
162 exit(EXIT_FAILURE); 181 exit(EXIT_FAILURE);
163 } 182 }
164 183
165 if (strlen(typetext) == 3) { 184 keytype = signkey_type_from_name(typetext, strlen(typetext));
166 #ifdef DROPBEAR_RSA 185
167 if (strncmp(typetext, "rsa", 3) == 0) { 186 if (keytype == DROPBEAR_SIGNKEY_NONE) {
168 keytype = DROPBEAR_SIGNKEY_RSA;
169 TRACE(("type is rsa"))
170 }
171 #endif
172 #ifdef DROPBEAR_DSS
173 if (strncmp(typetext, "dss", 3) == 0) {
174 keytype = DROPBEAR_SIGNKEY_DSS;
175 TRACE(("type is dss"))
176 }
177 #endif
178 }
179 if (keytype == -1) {
180 fprintf(stderr, "Unknown key type '%s'\n", typetext); 187 fprintf(stderr, "Unknown key type '%s'\n", typetext);
181 printhelp(argv[0]); 188 printhelp(argv[0]);
182 exit(EXIT_FAILURE); 189 exit(EXIT_FAILURE);
183 } 190 }
184 191
195 } else if (bits < 512 || bits > 4096 || (bits % 8 != 0)) { 202 } else if (bits < 512 || bits > 4096 || (bits % 8 != 0)) {
196 fprintf(stderr, "Bits must satisfy 512 <= bits <= 4096, and be a" 203 fprintf(stderr, "Bits must satisfy 512 <= bits <= 4096, and be a"
197 " multiple of 8\n"); 204 " multiple of 8\n");
198 exit(EXIT_FAILURE); 205 exit(EXIT_FAILURE);
199 } 206 }
200
201 keysize = bits / 8;
202 } else { 207 } else {
203 if (keytype == DROPBEAR_SIGNKEY_DSS) { 208 if (keytype == DROPBEAR_SIGNKEY_DSS) {
204 keysize = DSS_SIZE; 209 bits = DSS_DEFAULT_SIZE;
205 } else if (keytype == DROPBEAR_SIGNKEY_RSA) { 210 } else if (keytype == DROPBEAR_SIGNKEY_RSA) {
206 keysize = RSA_SIZE; 211 bits = RSA_DEFAULT_SIZE;
212 } else if (keytype == DROPBEAR_SIGNKEY_ECDSA_KEYGEN) {
213 bits = ECDSA_DEFAULT_SIZE;
207 } else { 214 } else {
208 exit(EXIT_FAILURE); /* not reached */ 215 exit(EXIT_FAILURE); /* not reached */
209 } 216 }
210 } 217 }
211 218
212 219
213 fprintf(stderr, "Will output %d bit %s secret key to '%s'\n", keysize*8, 220 fprintf(stderr, "Will output %d bit %s secret key to '%s'\n", bits,
214 typetext, filename); 221 typetext, filename);
215 222
216 /* don't want the file readable by others */ 223 /* don't want the file readable by others */
217 umask(077); 224 umask(077);
225
226 crypto_init();
227 seedrandom();
228
218 229
219 /* now we can generate the key */ 230 /* now we can generate the key */
220 key = new_sign_key(); 231 key = new_sign_key();
221 232
222 fprintf(stderr, "Generating key, this may take a while...\n"); 233 fprintf(stderr, "Generating key, this may take a while...\n");
223 switch(keytype) { 234 switch(keytype) {
224 #ifdef DROPBEAR_RSA 235 #ifdef DROPBEAR_RSA
225 case DROPBEAR_SIGNKEY_RSA: 236 case DROPBEAR_SIGNKEY_RSA:
226 key->rsakey = gen_rsa_priv_key(keysize); /* 128 bytes = 1024 bit */ 237 key->rsakey = gen_rsa_priv_key(bits);
227 break; 238 break;
228 #endif 239 #endif
229 #ifdef DROPBEAR_DSS 240 #ifdef DROPBEAR_DSS
230 case DROPBEAR_SIGNKEY_DSS: 241 case DROPBEAR_SIGNKEY_DSS:
231 key->dsskey = gen_dss_priv_key(keysize); /* 128 bytes = 1024 bit */ 242 key->dsskey = gen_dss_priv_key(bits);
243 break;
244 #endif
245 #ifdef DROPBEAR_ECDSA
246 case DROPBEAR_SIGNKEY_ECDSA_KEYGEN:
247 key->ecckey = gen_ecdsa_priv_key(bits);
232 break; 248 break;
233 #endif 249 #endif
234 default: 250 default:
235 fprintf(stderr, "Internal error, bad key type\n"); 251 fprintf(stderr, "Internal error, bad key type\n");
236 exit(EXIT_FAILURE); 252 exit(EXIT_FAILURE);
318 334
319 if (err != CRYPT_OK) { 335 if (err != CRYPT_OK) {
320 fprintf(stderr, "base64 failed"); 336 fprintf(stderr, "base64 failed");
321 } 337 }
322 338
323 typestring = signkey_name_from_type(keytype, &err); 339 typestring = signkey_name_from_type(keytype, NULL);
324 340
325 fp = sign_key_fingerprint(buf_getptr(buf, len), len); 341 fp = sign_key_fingerprint(buf_getptr(buf, len), len);
326 342
327 /* a user@host comment is informative */ 343 /* a user@host comment is informative */
328 username = ""; 344 username = "";