diff options
| -rw-r--r-- | common-algo.c | 8 | ||||
| -rw-r--r-- | common-runopts.c | 3 | ||||
| -rw-r--r-- | dropbearkey.c | 30 | ||||
| -rw-r--r-- | ecdsa.h | 8 | ||||
| -rw-r--r-- | keyimport.c | 2 | ||||
| -rw-r--r-- | runopts.h | 3 | ||||
| -rw-r--r-- | signkey.c | 54 | ||||
| -rw-r--r-- | signkey.h | 14 |
8 files changed, 79 insertions, 43 deletions
diff --git a/common-algo.c b/common-algo.c index a8d9669..8076358 100644 --- a/common-algo.c +++ b/common-algo.c @@ -246,14 +246,14 @@ static struct dropbear_kex kex_ecdh_nistp521 = {NULL, 0, &ecc_curve_nistp521, &s algo_type sshkex[] = { #ifdef DROPBEAR_ECDH -#ifdef DROPBEAR_ECC_256 - {"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL}, +#ifdef DROPBEAR_ECC_521 + {"ecdh-sha2-nistp521", 0, &kex_ecdh_nistp521, 1, NULL}, #endif #ifdef DROPBEAR_ECC_384 {"ecdh-sha2-nistp384", 0, &kex_ecdh_nistp384, 1, NULL}, #endif -#ifdef DROPBEAR_ECC_521 - {"ecdh-sha2-nistp521", 0, &kex_ecdh_nistp521, 1, NULL}, +#ifdef DROPBEAR_ECC_256 + {"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL}, #endif #endif {"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL}, diff --git a/common-runopts.c b/common-runopts.c index 9c2d5d5..fe1089f 100644 --- a/common-runopts.c +++ b/common-runopts.c @@ -35,7 +35,8 @@ runopts opts; /* GLOBAL */ /* returns success or failure, and the keytype in *type. If we want * to restrict the type, type can contain a type to return */ -int readhostkey(const char * filename, sign_key * hostkey, int *type) { +int readhostkey(const char * filename, sign_key * hostkey, + enum signkey_type *type) { int ret = DROPBEAR_FAILURE; buffer *buf; diff --git a/dropbearkey.c b/dropbearkey.c index eecfbcc..57db3af 100644 --- a/dropbearkey.c +++ b/dropbearkey.c @@ -57,7 +57,7 @@ static void printhelp(char * progname); -#define RSA_DEFAULT_SIZE 1024 +#define RSA_DEFAULT_SIZE 2048 #define DSS_DEFAULT_SIZE 1024 static void buf_writefile(buffer * buf, const char * filename); @@ -185,7 +185,24 @@ int main(int argc, char ** argv) { exit(EXIT_FAILURE); } - keytype = signkey_type_from_name(typetext, strlen(typetext)); +#ifdef DROPBEAR_RSA + if (strcmp(typetext, "rsa") == 0) + { + keytype = DROPBEAR_SIGNKEY_RSA; + } +#endif +#ifdef DROPBEAR_DSS + if (strcmp(typetext, "dss") == 0) + { + keytype = DROPBEAR_SIGNKEY_DSS; + } +#endif +#ifdef DROPBEAR_ECDSA + if (strcmp(typetext, "ecdsa") == 0) + { + keytype = DROPBEAR_SIGNKEY_ECDSA_KEYGEN; + } +#endif if (keytype == DROPBEAR_SIGNKEY_NONE) { fprintf(stderr, "Unknown key type '%s'\n", typetext); @@ -221,10 +238,13 @@ int main(int argc, char ** argv) { (void)0; /* quiet, compiler. ecdsa handles checks itself */ } + } else { + /* default key size */ + switch (keytype) { #ifdef DROPBEAR_RSA case DROPBEAR_SIGNKEY_RSA: - bits = RSA_DEFAULT_SIZE; + bits = RSA_DEFAULT_SIZE; break; #endif #ifdef DROPBEAR_DSS @@ -269,7 +289,7 @@ int main(int argc, char ** argv) { { ecc_key *ecckey = gen_ecdsa_priv_key(bits); keytype = ecdsa_signkey_type(ecckey); - *signkey_ecc_key_ptr(key, keytype) = ecckey; + *signkey_key_ptr(key, keytype) = ecckey; } break; #endif @@ -299,7 +319,7 @@ static void justprintpub(const char* filename) { buffer *buf = NULL; sign_key *key = NULL; - int keytype; + enum signkey_type keytype; int ret; int err = DROPBEAR_FAILURE; @@ -7,12 +7,12 @@ #ifdef DROPBEAR_ECDSA -#if defined(DROPBEAR_ECC_256) -#define ECDSA_DEFAULT_SIZE 256 +#if defined(DROPBEAR_ECC_521) +#define ECDSA_DEFAULT_SIZE 521 #elif defined(DROPBEAR_ECC_384) #define ECDSA_DEFAULT_SIZE 384 -#elif defined(DROPBEAR_ECC_521) -#define ECDSA_DEFAULT_SIZE 521 +#elif defined(DROPBEAR_ECC_256) +#define ECDSA_DEFAULT_SIZE 256 #else #define ECDSA_DEFAULT_SIZE 0 #endif diff --git a/keyimport.c b/keyimport.c index f513e8a..f3fe96a 100644 --- a/keyimport.c +++ b/keyimport.c @@ -763,7 +763,7 @@ static sign_key *openssh_read(const char *filename, char *passphrase) goto error; } - *signkey_ecc_key_ptr(retkey, retkey->type) = ecc; + *signkey_key_ptr(retkey, retkey->type) = ecc; } #endif // DROPBEAR_ECDSA @@ -56,7 +56,8 @@ typedef struct runopts { extern runopts opts; -int readhostkey(const char * filename, sign_key * hostkey, int *type); +int readhostkey(const char * filename, sign_key * hostkey, + enum signkey_type *type); void load_all_hostkeys(); typedef struct svr_runopts { @@ -103,26 +103,39 @@ enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen) return DROPBEAR_SIGNKEY_NONE; } -#ifdef DROPBEAR_ECDSA -ecc_key ** -signkey_ecc_key_ptr(sign_key *key, enum signkey_type ecc_type) { - switch (ecc_type) { +/* Returns a pointer to the key part specific to "type" */ +void ** +signkey_key_ptr(sign_key *key, enum signkey_type type) { + switch (type) { +#ifdef DROPBEAR_ECC_256 case DROPBEAR_SIGNKEY_ECDSA_NISTP256: - return &key->ecckey256; + return (void**)&key->ecckey256; +#endif +#ifdef DROPBEAR_ECC_384 case DROPBEAR_SIGNKEY_ECDSA_NISTP384: - return &key->ecckey384; + return (void**)&key->ecckey384; +#endif +#ifdef DROPBEAR_ECC_521 case DROPBEAR_SIGNKEY_ECDSA_NISTP521: - return &key->ecckey521; + return (void**)&key->ecckey521; +#endif +#ifdef DROPBEAR_RSA + case DROPBEAR_SIGNKEY_RSA: + return (void**)&key->rsakey; +#endif +#ifdef DROPBEAR_DSS + case DROPBEAR_SIGNKEY_DSS: + return (void**)&key->dsskey; +#endif default: return NULL; } } -#endif /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail. * type should be set by the caller to specify the type to read, and * on return is set to the type read (useful when type = _ANY) */ -int buf_get_pub_key(buffer *buf, sign_key *key, int *type) { +int buf_get_pub_key(buffer *buf, sign_key *key, enum signkey_type *type) { unsigned char* ident; unsigned int len; @@ -169,7 +182,7 @@ int buf_get_pub_key(buffer *buf, sign_key *key, int *type) { #endif #ifdef DROPBEAR_ECDSA { - ecc_key **eck = signkey_ecc_key_ptr(key, keytype); + ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype); if (eck) { if (*eck) { ecc_free(*eck); @@ -192,7 +205,7 @@ int buf_get_pub_key(buffer *buf, sign_key *key, int *type) { /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail. * type should be set by the caller to specify the type to read, and * on return is set to the type read (useful when type = _ANY) */ -int buf_get_priv_key(buffer *buf, sign_key *key, int *type) { +int buf_get_priv_key(buffer *buf, sign_key *key, enum signkey_type *type) { unsigned char* ident; unsigned int len; @@ -237,7 +250,7 @@ int buf_get_priv_key(buffer *buf, sign_key *key, int *type) { #endif #ifdef DROPBEAR_ECDSA { - ecc_key **eck = signkey_ecc_key_ptr(key, keytype); + ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype); if (eck) { if (*eck) { ecc_free(*eck); @@ -258,7 +271,7 @@ int buf_get_priv_key(buffer *buf, sign_key *key, int *type) { } /* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */ -void buf_put_pub_key(buffer* buf, sign_key *key, int type) { +void buf_put_pub_key(buffer* buf, sign_key *key, enum signkey_type type) { buffer *pubkeys; @@ -276,8 +289,11 @@ void buf_put_pub_key(buffer* buf, sign_key *key, int type) { } #endif #ifdef DROPBEAR_ECDSA + if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP256 + || type == DROPBEAR_SIGNKEY_ECDSA_NISTP384 + || type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) { - ecc_key **eck = signkey_ecc_key_ptr(key, type); + ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type); if (eck) { buf_put_ecdsa_pub_key(pubkeys, *eck); } @@ -293,7 +309,7 @@ void buf_put_pub_key(buffer* buf, sign_key *key, int type) { } /* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */ -void buf_put_priv_key(buffer* buf, sign_key *key, int type) { +void buf_put_priv_key(buffer* buf, sign_key *key, enum signkey_type type) { TRACE(("enter buf_put_priv_key")) TRACE(("type is %d", type)) @@ -314,7 +330,7 @@ void buf_put_priv_key(buffer* buf, sign_key *key, int type) { #endif #ifdef DROPBEAR_ECDSA { - ecc_key **eck = signkey_ecc_key_ptr(key, type); + ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type); if (eck) { buf_put_ecdsa_priv_key(buf, *eck); TRACE(("leave buf_put_priv_key: ecdsa done")) @@ -452,7 +468,7 @@ char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen) { #endif } -void buf_put_sign(buffer* buf, sign_key *key, int type, +void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type, buffer *data_buf) { buffer *sigblob; sigblob = buf_new(MAX_PUBKEY_SIZE); @@ -469,7 +485,7 @@ void buf_put_sign(buffer* buf, sign_key *key, int type, #endif #ifdef DROPBEAR_ECDSA { - ecc_key **eck = signkey_ecc_key_ptr(key, type); + ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type); if (eck) { buf_put_ecdsa_sign(sigblob, *eck, data_buf); } @@ -520,7 +536,7 @@ int buf_verify(buffer * buf, sign_key *key, buffer *data_buf) { #endif #ifdef DROPBEAR_ECDSA { - ecc_key **eck = signkey_ecc_key_ptr(key, type); + ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type); if (eck) { return buf_ecdsa_verify(buf, *eck, data_buf); } @@ -85,12 +85,12 @@ typedef struct SIGN_key sign_key; sign_key * new_sign_key(); const char* signkey_name_from_type(enum signkey_type type, unsigned int *namelen); enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen); -int buf_get_pub_key(buffer *buf, sign_key *key, int *type); -int buf_get_priv_key(buffer* buf, sign_key *key, int *type); -void buf_put_pub_key(buffer* buf, sign_key *key, int type); -void buf_put_priv_key(buffer* buf, sign_key *key, int type); +int buf_get_pub_key(buffer *buf, sign_key *key, enum signkey_type *type); +int buf_get_priv_key(buffer* buf, sign_key *key, enum signkey_type *type); +void buf_put_pub_key(buffer* buf, sign_key *key, enum signkey_type type); +void buf_put_priv_key(buffer* buf, sign_key *key, enum signkey_type type); void sign_key_free(sign_key *key); -void buf_put_sign(buffer* buf, sign_key *key, int type, buffer *data_buf); +void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type, buffer *data_buf); #ifdef DROPBEAR_SIGNKEY_VERIFY int buf_verify(buffer * buf, sign_key *key, buffer *data_buf); char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen); @@ -99,8 +99,6 @@ int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen, const unsigned char* algoname, unsigned int algolen, buffer * line, char ** fingerprint); -#ifdef DROPBEAR_ECDSA -ecc_key ** signkey_ecc_key_ptr(sign_key *key, enum signkey_type ecc_type); -#endif +void** signkey_key_ptr(sign_key *key, enum signkey_type type); #endif /* _SIGNKEY_H_ */ |