diff options
author | Matt Johnston <matt@ucc.asn.au> | 2013-11-07 00:18:52 +0800 |
---|---|---|
committer | Matt Johnston <matt@ucc.asn.au> | 2013-11-07 00:18:52 +0800 |
commit | 4363b8b32deb69b30b756a34a720e67d1c3708fe (patch) | |
tree | 937e39973fac54852e28816847fc97729a588dcf /svr-kex.c | |
parent | cfac8435a73cddbc54a70ab07418b0bdb900fc10 (diff) |
refactor key generation, make it generate as required.
Needs UI in server command line options
--HG--
branch : keyondemand
Diffstat (limited to 'svr-kex.c')
-rw-r--r-- | svr-kex.c | 80 |
1 files changed, 80 insertions, 0 deletions
@@ -35,6 +35,7 @@ #include "random.h" #include "runopts.h" #include "ecc.h" +#include "gensignkey.h" static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs); @@ -75,6 +76,82 @@ void recv_msg_kexdh_init() { ses.requirenext[1] = 0; TRACE(("leave recv_msg_kexdh_init")) } + +static void svr_ensure_hostkey() { + + const char* fn = NULL; + char *fn_temp = NULL; + enum signkey_type type = ses.newkeys->algo_hostkey; + void **hostkey = signkey_key_ptr(svr_opts.hostkey, type); + int ret = DROPBEAR_FAILURE; + + if (hostkey && *hostkey) { + return; + } + + switch (type) + { +#ifdef DROPBEAR_RSA + case DROPBEAR_SIGNKEY_RSA: + fn = RSA_PRIV_FILENAME; + break; +#endif +#ifdef DROPBEAR_DSS + case DROPBEAR_SIGNKEY_DSS: + fn = DSS_PRIV_FILENAME; + break; +#endif +#ifdef DROPBEAR_ECDSA + case DROPBEAR_SIGNKEY_ECDSA_NISTP256: + case DROPBEAR_SIGNKEY_ECDSA_NISTP384: + case DROPBEAR_SIGNKEY_ECDSA_NISTP521: + fn = ECDSA_PRIV_FILENAME; + break; +#endif + default: + (void)0; + } + + if (readhostkey(fn, svr_opts.hostkey, &type) == DROPBEAR_SUCCESS) { + return; + } + + fn_temp = m_malloc(strlen(fn) + 20); + snprintf(fn_temp, strlen(fn)+20, "%s.tmp%d", fn, getpid()); + + if (signkey_generate(type, 0, fn_temp) == DROPBEAR_FAILURE) { + goto out; + } + + if (link(fn_temp, fn) < 0) { + if (errno != EEXIST) { + dropbear_log(LOG_ERR, "Failed moving key file to %s", fn); + /* XXX fallback to non-atomic copy for some filesystems? */ + goto out; + } + } + + ret = readhostkey(fn, svr_opts.hostkey, &type); + +out: + if (fn_temp) { + unlink(fn_temp); + m_free(fn_temp); + } + + if (ret == DROPBEAR_FAILURE) + { + dropbear_exit("Couldn't read or generate hostkey"); + } + + // directory for keys. + + // Create lockfile first, or wait if it exists. PID! + // Generate key + // write it, load to memory + // atomic rename, done. + +} /* Generate our side of the diffie-hellman key exchange value (dh_f), and * calculate the session key using the diffie-hellman algorithm. Following @@ -88,6 +165,9 @@ static void send_msg_kexdh_reply(mp_int *dh_e, buffer *ecdh_qs) { /* we can start creating the kexdh_reply packet */ CHECKCLEARTOWRITE(); + + svr_ensure_hostkey(); + buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_REPLY); buf_put_pub_key(ses.writepayload, svr_opts.hostkey, ses.newkeys->algo_hostkey); |