changeset 845:774ad9b112ef

merge yet again
author Matt Johnston <matt@ucc.asn.au>
date Fri, 01 Nov 2013 00:21:59 +0800
parents 68facbc41273 (current diff) 7f8f8f2b7a35 (diff)
children b298bb438625 6c69e7df3621 ccc76acaf4c7
files ecdsa.h keyimport.c
diffstat 8 files changed, 79 insertions(+), 43 deletions(-) [+]
line wrap: on
line diff
--- a/common-algo.c	Fri Nov 01 00:19:25 2013 +0800
+++ b/common-algo.c	Fri Nov 01 00:21:59 2013 +0800
@@ -246,14 +246,14 @@
 
 algo_type sshkex[] = {
 #ifdef DROPBEAR_ECDH
-#ifdef DROPBEAR_ECC_256
-	{"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL},
+#ifdef DROPBEAR_ECC_521
+	{"ecdh-sha2-nistp521", 0, &kex_ecdh_nistp521, 1, NULL},
 #endif
 #ifdef DROPBEAR_ECC_384
 	{"ecdh-sha2-nistp384", 0, &kex_ecdh_nistp384, 1, NULL},
 #endif
-#ifdef DROPBEAR_ECC_521
-	{"ecdh-sha2-nistp521", 0, &kex_ecdh_nistp521, 1, NULL},
+#ifdef DROPBEAR_ECC_256
+	{"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL},
 #endif
 #endif
 	{"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},
--- a/common-runopts.c	Fri Nov 01 00:19:25 2013 +0800
+++ b/common-runopts.c	Fri Nov 01 00:21:59 2013 +0800
@@ -35,7 +35,8 @@
 
 /* returns success or failure, and the keytype in *type. If we want
  * to restrict the type, type can contain a type to return */
-int readhostkey(const char * filename, sign_key * hostkey, int *type) {
+int readhostkey(const char * filename, sign_key * hostkey, 
+	enum signkey_type *type) {
 
 	int ret = DROPBEAR_FAILURE;
 	buffer *buf;
--- a/dropbearkey.c	Fri Nov 01 00:19:25 2013 +0800
+++ b/dropbearkey.c	Fri Nov 01 00:21:59 2013 +0800
@@ -57,7 +57,7 @@
 
 static void printhelp(char * progname);
 
-#define RSA_DEFAULT_SIZE 1024
+#define RSA_DEFAULT_SIZE 2048
 #define DSS_DEFAULT_SIZE 1024
 
 static void buf_writefile(buffer * buf, const char * filename);
@@ -185,7 +185,24 @@
 		exit(EXIT_FAILURE);
 	}
 
-	keytype = signkey_type_from_name(typetext, strlen(typetext));
+#ifdef DROPBEAR_RSA
+	if (strcmp(typetext, "rsa") == 0)
+	{
+		keytype = DROPBEAR_SIGNKEY_RSA;
+	}
+#endif
+#ifdef DROPBEAR_DSS
+	if (strcmp(typetext, "dss") == 0)
+	{
+		keytype = DROPBEAR_SIGNKEY_DSS;
+	}
+#endif
+#ifdef DROPBEAR_ECDSA
+	if (strcmp(typetext, "ecdsa") == 0)
+	{
+		keytype = DROPBEAR_SIGNKEY_ECDSA_KEYGEN;
+	}
+#endif
 
 	if (keytype == DROPBEAR_SIGNKEY_NONE) {
 		fprintf(stderr, "Unknown key type '%s'\n", typetext);
@@ -221,10 +238,13 @@
 				(void)0; /* quiet, compiler. ecdsa handles checks itself */
         }
 
+    } else {
+    	/* default key size */
+
         switch (keytype) {
 #ifdef DROPBEAR_RSA
             case DROPBEAR_SIGNKEY_RSA:
-                bits = RSA_DEFAULT_SIZE;
+				bits = RSA_DEFAULT_SIZE;
                 break;
 #endif
 #ifdef DROPBEAR_DSS
@@ -269,7 +289,7 @@
 			{
 				ecc_key *ecckey = gen_ecdsa_priv_key(bits);
 				keytype = ecdsa_signkey_type(ecckey);
-				*signkey_ecc_key_ptr(key, keytype) = ecckey;
+				*signkey_key_ptr(key, keytype) = ecckey;
 			}
 			break;
 #endif
@@ -299,7 +319,7 @@
 
 	buffer *buf = NULL;
 	sign_key *key = NULL;
-	int keytype;
+	enum signkey_type keytype;
 	int ret;
 	int err = DROPBEAR_FAILURE;
 
--- a/ecdsa.h	Fri Nov 01 00:19:25 2013 +0800
+++ b/ecdsa.h	Fri Nov 01 00:21:59 2013 +0800
@@ -7,12 +7,12 @@
 
 #ifdef DROPBEAR_ECDSA
 
-#if defined(DROPBEAR_ECC_256)
-#define ECDSA_DEFAULT_SIZE 256
+#if defined(DROPBEAR_ECC_521)
+#define ECDSA_DEFAULT_SIZE 521
 #elif defined(DROPBEAR_ECC_384)
 #define ECDSA_DEFAULT_SIZE 384
-#elif defined(DROPBEAR_ECC_521)
-#define ECDSA_DEFAULT_SIZE 521
+#elif defined(DROPBEAR_ECC_256)
+#define ECDSA_DEFAULT_SIZE 256
 #else
 #define ECDSA_DEFAULT_SIZE 0
 #endif
--- a/keyimport.c	Fri Nov 01 00:19:25 2013 +0800
+++ b/keyimport.c	Fri Nov 01 00:21:59 2013 +0800
@@ -763,7 +763,7 @@
 			goto error;
 		}
 
-		*signkey_ecc_key_ptr(retkey, retkey->type) = ecc;
+		*signkey_key_ptr(retkey, retkey->type) = ecc;
 	}
 #endif // DROPBEAR_ECDSA
 
--- a/runopts.h	Fri Nov 01 00:19:25 2013 +0800
+++ b/runopts.h	Fri Nov 01 00:21:59 2013 +0800
@@ -56,7 +56,8 @@
 
 extern runopts opts;
 
-int readhostkey(const char * filename, sign_key * hostkey, int *type);
+int readhostkey(const char * filename, sign_key * hostkey, 
+	enum signkey_type *type);
 void load_all_hostkeys();
 
 typedef struct svr_runopts {
--- a/signkey.c	Fri Nov 01 00:19:25 2013 +0800
+++ b/signkey.c	Fri Nov 01 00:21:59 2013 +0800
@@ -103,26 +103,39 @@
 	return DROPBEAR_SIGNKEY_NONE;
 }
 
-#ifdef DROPBEAR_ECDSA
-ecc_key **
-signkey_ecc_key_ptr(sign_key *key, enum signkey_type ecc_type) {
-	switch (ecc_type) {
+/* Returns a pointer to the key part specific to "type" */
+void **
+signkey_key_ptr(sign_key *key, enum signkey_type type) {
+	switch (type) {
+#ifdef DROPBEAR_ECC_256
 		case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
-			return &key->ecckey256;
+			return (void**)&key->ecckey256;
+#endif
+#ifdef DROPBEAR_ECC_384
 		case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
-			return &key->ecckey384;
+			return (void**)&key->ecckey384;
+#endif
+#ifdef DROPBEAR_ECC_521
 		case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
-			return &key->ecckey521;
+			return (void**)&key->ecckey521;
+#endif
+#ifdef DROPBEAR_RSA
+		case DROPBEAR_SIGNKEY_RSA:
+			return (void**)&key->rsakey;
+#endif
+#ifdef DROPBEAR_DSS
+		case DROPBEAR_SIGNKEY_DSS:
+			return (void**)&key->dsskey;
+#endif
 		default:
 			return NULL;
 	}
 }
-#endif
 
 /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail.
  * type should be set by the caller to specify the type to read, and
  * on return is set to the type read (useful when type = _ANY) */
-int buf_get_pub_key(buffer *buf, sign_key *key, int *type) {
+int buf_get_pub_key(buffer *buf, sign_key *key, enum signkey_type *type) {
 
 	unsigned char* ident;
 	unsigned int len;
@@ -169,7 +182,7 @@
 #endif
 #ifdef DROPBEAR_ECDSA
 	{
-		ecc_key **eck = signkey_ecc_key_ptr(key, keytype);
+		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype);
 		if (eck) {
 			if (*eck) {
 				ecc_free(*eck);
@@ -192,7 +205,7 @@
 /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail.
  * type should be set by the caller to specify the type to read, and
  * on return is set to the type read (useful when type = _ANY) */
-int buf_get_priv_key(buffer *buf, sign_key *key, int *type) {
+int buf_get_priv_key(buffer *buf, sign_key *key, enum signkey_type *type) {
 
 	unsigned char* ident;
 	unsigned int len;
@@ -237,7 +250,7 @@
 #endif
 #ifdef DROPBEAR_ECDSA
 	{
-		ecc_key **eck = signkey_ecc_key_ptr(key, keytype);
+		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype);
 		if (eck) {
 			if (*eck) {
 				ecc_free(*eck);
@@ -258,7 +271,7 @@
 }
 
 /* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */
-void buf_put_pub_key(buffer* buf, sign_key *key, int type) {
+void buf_put_pub_key(buffer* buf, sign_key *key, enum signkey_type type) {
 
 	buffer *pubkeys;
 
@@ -276,8 +289,11 @@
 	}
 #endif
 #ifdef DROPBEAR_ECDSA
+	if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP256
+		|| type == DROPBEAR_SIGNKEY_ECDSA_NISTP384
+		|| type == DROPBEAR_SIGNKEY_ECDSA_NISTP521)
 	{
-		ecc_key **eck = signkey_ecc_key_ptr(key, type);
+		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
 		if (eck) {
 			buf_put_ecdsa_pub_key(pubkeys, *eck);
 		}
@@ -293,7 +309,7 @@
 }
 
 /* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */
-void buf_put_priv_key(buffer* buf, sign_key *key, int type) {
+void buf_put_priv_key(buffer* buf, sign_key *key, enum signkey_type type) {
 
 	TRACE(("enter buf_put_priv_key"))
 	TRACE(("type is %d", type))
@@ -314,7 +330,7 @@
 #endif
 #ifdef DROPBEAR_ECDSA
 	{
-		ecc_key **eck = signkey_ecc_key_ptr(key, type);
+		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
 		if (eck) {
 			buf_put_ecdsa_priv_key(buf, *eck);
 			TRACE(("leave buf_put_priv_key: ecdsa done"))
@@ -452,7 +468,7 @@
 #endif
 }
 
-void buf_put_sign(buffer* buf, sign_key *key, int type, 
+void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type, 
 	buffer *data_buf) {
 	buffer *sigblob;
 	sigblob = buf_new(MAX_PUBKEY_SIZE);
@@ -469,7 +485,7 @@
 #endif
 #ifdef DROPBEAR_ECDSA
 	{
-		ecc_key **eck = signkey_ecc_key_ptr(key, type);
+		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
 		if (eck) {
 			buf_put_ecdsa_sign(sigblob, *eck, data_buf);
 		}
@@ -520,7 +536,7 @@
 #endif
 #ifdef DROPBEAR_ECDSA
 	{
-		ecc_key **eck = signkey_ecc_key_ptr(key, type);
+		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
 		if (eck) {
 			return buf_ecdsa_verify(buf, *eck, data_buf);
 		}
--- a/signkey.h	Fri Nov 01 00:19:25 2013 +0800
+++ b/signkey.h	Fri Nov 01 00:21:59 2013 +0800
@@ -85,12 +85,12 @@
 sign_key * new_sign_key();
 const char* signkey_name_from_type(enum signkey_type type, unsigned int *namelen);
 enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen);
-int buf_get_pub_key(buffer *buf, sign_key *key, int *type);
-int buf_get_priv_key(buffer* buf, sign_key *key, int *type);
-void buf_put_pub_key(buffer* buf, sign_key *key, int type);
-void buf_put_priv_key(buffer* buf, sign_key *key, int type);
+int buf_get_pub_key(buffer *buf, sign_key *key, enum signkey_type *type);
+int buf_get_priv_key(buffer* buf, sign_key *key, enum signkey_type *type);
+void buf_put_pub_key(buffer* buf, sign_key *key, enum signkey_type type);
+void buf_put_priv_key(buffer* buf, sign_key *key, enum signkey_type type);
 void sign_key_free(sign_key *key);
-void buf_put_sign(buffer* buf, sign_key *key, int type, buffer *data_buf);
+void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type, buffer *data_buf);
 #ifdef DROPBEAR_SIGNKEY_VERIFY
 int buf_verify(buffer * buf, sign_key *key, buffer *data_buf);
 char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen);
@@ -99,8 +99,6 @@
 					const unsigned char* algoname, unsigned int algolen, 
 					buffer * line, char ** fingerprint);
 
-#ifdef DROPBEAR_ECDSA
-ecc_key ** signkey_ecc_key_ptr(sign_key *key, enum signkey_type ecc_type);
-#endif
+void** signkey_key_ptr(sign_key *key, enum signkey_type type);
 
 #endif /* _SIGNKEY_H_ */