changeset 1438:4f8eb331174f

add configuration option for default RSA size. print key size with dropbearkey
author Matt Johnston <matt@ucc.asn.au>
date Sat, 24 Jun 2017 23:32:25 +0800
parents 60fc6476e044
children 8d24733026c5 93d2bf610d0b 517c67cbcd31
files default_options.h default_options.h.in dropbearkey.c gensignkey.c gensignkey.h options.h
diffstat 6 files changed, 32 insertions(+), 13 deletions(-) [+]
line wrap: on
line diff
--- a/default_options.h	Sat Jun 24 22:37:14 2017 +0800
+++ b/default_options.h	Sat Jun 24 23:32:25 2017 +0800
@@ -10,7 +10,7 @@
 used if it exists. Options defined there will override any options in this
 file (#ifndef guards added by ifndef_wrapper.sh).
 
-Options can also be defined with -DDROPBEAR_XXX Makefile CFLAGS
+Options can also be defined with -DDROPBEAR_XXX in Makefile CFLAGS
 
 IMPORTANT: Many options will require "make clean" after changes */
 
@@ -198,6 +198,13 @@
 #define DROPBEAR_ECDSA 1
 #endif
 
+/* RSA must be >=1024 */
+#ifndef DROPBEAR_DEFAULT_RSA_SIZE
+#define DROPBEAR_DEFAULT_RSA_SIZE 2048
+#endif
+/* DSS is always 1024 */
+/* ECDSA defaults to largest size configured, usually 521 */
+
 /* Add runtime flag "-R" to generate hostkeys as-needed when the first 
    connection using that key type occurs.
    This avoids the need to otherwise run "dropbearkey" and avoids some problems
--- a/default_options.h.in	Sat Jun 24 22:37:14 2017 +0800
+++ b/default_options.h.in	Sat Jun 24 23:32:25 2017 +0800
@@ -10,7 +10,7 @@
 used if it exists. Options defined there will override any options in this
 file (#ifndef guards added by ifndef_wrapper.sh).
 
-Options can also be defined with -DDROPBEAR_XXX Makefile CFLAGS
+Options can also be defined with -DDROPBEAR_XXX in Makefile CFLAGS
 
 IMPORTANT: Many options will require "make clean" after changes */
 
@@ -130,6 +130,11 @@
  * on x86-64 */
 #define DROPBEAR_ECDSA 1
 
+/* RSA must be >=1024 */
+#define DROPBEAR_DEFAULT_RSA_SIZE 2048
+/* DSS is always 1024 */
+/* ECDSA defaults to largest size configured, usually 521 */
+
 /* Add runtime flag "-R" to generate hostkeys as-needed when the first 
    connection using that key type occurs.
    This avoids the need to otherwise run "dropbearkey" and avoids some problems
--- a/dropbearkey.c	Sat Jun 24 22:37:14 2017 +0800
+++ b/dropbearkey.c	Sat Jun 24 23:32:25 2017 +0800
@@ -139,7 +139,7 @@
 	enum signkey_type keytype = DROPBEAR_SIGNKEY_NONE;
 	char * typetext = NULL;
 	char * sizetext = NULL;
-	unsigned int bits = 0;
+	unsigned int bits = 0, genbits;
 	int printpub = 0;
 
 	crypto_init();
@@ -240,7 +240,8 @@
 		check_signkey_bits(keytype, bits);;
 	}
 
-	fprintf(stderr, "Generating key, this may take a while...\n");
+	genbits = signkey_generate_get_bits(keytype, bits);
+	fprintf(stderr, "Generating %d bit %s key, this may take a while...\n", genbits, typetext);
 	if (signkey_generate(keytype, bits, filename, 0) == DROPBEAR_FAILURE)
 	{
 		dropbear_exit("Failed to generate key.\n");
--- a/gensignkey.c	Sat Jun 24 22:37:14 2017 +0800
+++ b/gensignkey.c	Sat Jun 24 23:32:25 2017 +0800
@@ -7,9 +7,6 @@
 #include "signkey.h"
 #include "dbrandom.h"
 
-#define RSA_DEFAULT_SIZE 2048
-#define DSS_DEFAULT_SIZE 1024
-
 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
 static int buf_writefile(buffer * buf, const char * filename) {
 	int ret = DROPBEAR_FAILURE;
@@ -55,11 +52,12 @@
 	switch (keytype) {
 #if DROPBEAR_RSA
 		case DROPBEAR_SIGNKEY_RSA:
-			return RSA_DEFAULT_SIZE;
+			return DROPBEAR_DEFAULT_RSA_SIZE;
 #endif
 #if DROPBEAR_DSS
 		case DROPBEAR_SIGNKEY_DSS:
-			return DSS_DEFAULT_SIZE;
+			/* DSS for SSH only defines 1024 bits */
+			return 1024;
 #endif
 #if DROPBEAR_ECDSA
 		case DROPBEAR_SIGNKEY_ECDSA_KEYGEN:
@@ -76,6 +74,14 @@
 	}
 }
 
+int signkey_generate_get_bits(enum signkey_type keytype, int bits) {
+	if (bits == 0)
+	{
+		bits = get_default_bits(keytype);
+	}
+	return bits;
+}
+
 /* if skip_exist is set it will silently return if the key file exists */
 int signkey_generate(enum signkey_type keytype, int bits, const char* filename, int skip_exist)
 {
@@ -83,10 +89,7 @@
 	buffer *buf = NULL;
 	char *fn_temp = NULL;
 	int ret = DROPBEAR_FAILURE;
-	if (bits == 0)
-	{
-		bits = get_default_bits(keytype);
-	}
+	bits = signkey_generate_get_bits(keytype, bits);
 
 	/* now we can generate the key */
 	key = new_sign_key();
--- a/gensignkey.h	Sat Jun 24 22:37:14 2017 +0800
+++ b/gensignkey.h	Sat Jun 24 23:32:25 2017 +0800
@@ -4,5 +4,6 @@
 #include "signkey.h"
 
 int signkey_generate(enum signkey_type type, int bits, const char* filename, int skip_exist);
+int signkey_generate_get_bits(enum signkey_type keytype, int bits);
 
 #endif
--- a/options.h	Sat Jun 24 22:37:14 2017 +0800
+++ b/options.h	Sat Jun 24 23:32:25 2017 +0800
@@ -2,6 +2,8 @@
 #define DROPBEAR_OPTIONS_H
 
 /* 
+            > > > Don't edit this file any more! < < <
+            
 Local compile-time configuration should be defined in localoptions.h
 See default_options.h.in for a description of the available options.
 */