dropbearkey.c 7.56 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
/*
 * Dropbear - a SSH2 server
 * 
 * Copyright (c) 2002,2003 Matt Johnston
 * All rights reserved.
 * 
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 * 
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 * 
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE. */

/* The format of the keyfiles is basically a raw dump of the buffer. Data types
26
 * are specified in the transport rfc 4253 - string is a 32-bit len then the
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 * non-null-terminated string, mp_int is a 32-bit len then the bignum data.
 * The actual functions are buf_put_rsa_priv_key() and buf_put_dss_priv_key()

 * RSA:
 * string	"ssh-rsa"
 * mp_int	e
 * mp_int	n
 * mp_int	d
 * mp_int	p (newer versions only)
 * mp_int	q (newer versions only) 
 *
 * DSS:
 * string	"ssh-dss"
 * mp_int	p
 * mp_int	q
 * mp_int	g
 * mp_int	y
 * mp_int	x
 *
 */
#include "includes.h"
#include "signkey.h"
#include "buffer.h"
#include "dbutil.h"

#include "genrsa.h"
#include "gendss.h"
54
55
#include "ecdsa.h"
#include "crypto_desc.h"
56
#include "dbrandom.h"
57
#include "gensignkey.h"
58
59
60
61

static void printhelp(char * progname);


62
static void printpubkey(sign_key * key, int keytype);
63
static int printpubfile(const char* filename);
64
65
66
67
68

/* Print a help message */
static void printhelp(char * progname) {

	fprintf(stderr, "Usage: %s -t <type> -f <filename> [-s bits]\n"
69
					"-t type	Type of key to generate. One of:\n"
70
#if DROPBEAR_RSA
71
					"		rsa\n"
72
#endif
73
#if DROPBEAR_DSS
74
					"		dss\n"
75
#endif
76
#if DROPBEAR_ECDSA
77
					"		ecdsa\n"
78
#endif
79
80
					"-f filename    Use filename for the secret key.\n"
					"               ~/.ssh/id_dropbear is recommended for client keys.\n"
81
					"-s bits	Key size in bits, should be a multiple of 8 (optional)\n"
82
#if DROPBEAR_DSS
83
84
					"           DSS has a fixed size of 1024 bits\n"
#endif
85
#if DROPBEAR_ECDSA
86
					"           ECDSA has sizes "
87
#if DROPBEAR_ECC_256
88
89
					"256 "
#endif
90
#if DROPBEAR_ECC_384
91
92
					"384 "
#endif
93
#if DROPBEAR_ECC_521
94
95
96
97
					"521 "
#endif
					"\n"
#endif
98
					"-y		Just print the publickey and fingerprint for the\n		private key in <filename>.\n"
99
#if DEBUG_TRACE
100
101
102
					"-v		verbose\n"
#endif
					,progname);
103
104
}

105
106
107
/* fails fatally */
static void check_signkey_bits(enum signkey_type type, int bits)
{
Francois Perrad's avatar
Francois Perrad committed
108
	switch (type) {
109
#if DROPBEAR_RSA
Francois Perrad's avatar
Francois Perrad committed
110
111
112
113
114
115
		case DROPBEAR_SIGNKEY_RSA:
			if (bits < 512 || bits > 4096 || (bits % 8 != 0)) {
				dropbear_exit("Bits must satisfy 512 <= bits <= 4096, and be a"
				              " multiple of 8\n");
			}
			break;
116
117
#endif
#ifdef DROPEAR_DSS
Francois Perrad's avatar
Francois Perrad committed
118
119
120
121
122
		case DROPBEAR_SIGNKEY_DSS:
			if (bits != 1024) {
				dropbear_exit("DSS keys have a fixed size of 1024 bits\n");
				exit(EXIT_FAILURE);
			}
123
#endif
Francois Perrad's avatar
Francois Perrad committed
124
125
126
		default:
			(void)0; /* quiet, compiler. ecdsa handles checks itself */
	}
127
128
}

129
130
#if defined(DBMULTI_dropbearkey) || !DROPBEAR_MULTI
#if defined(DBMULTI_dropbearkey) && DROPBEAR_MULTI
131
132
133
134
135
136
137
138
int dropbearkey_main(int argc, char ** argv) {
#else
int main(int argc, char ** argv) {
#endif

	int i;
	char ** next = 0;
	char * filename = NULL;
139
	enum signkey_type keytype = DROPBEAR_SIGNKEY_NONE;
140
141
	char * typetext = NULL;
	char * sizetext = NULL;
142
	unsigned int bits = 0;
143
	int printpub = 0;
144

Matt Johnston's avatar
Matt Johnston committed
145
146
147
	crypto_init();
	seedrandom();

148
149
	/* get the commandline options */
	for (i = 1; i < argc; i++) {
150
151
152
		if (argv[i] == NULL) {
			continue; /* Whack */
		} 
153
154
		if (next) {
			*next = argv[i];
155
			next = NULL;
156
157
158
159
160
161
162
163
164
165
166
167
168
169
			continue;
		}

		if (argv[i][0] == '-') {
			switch (argv[i][1]) {
				case 'f':
					next = &filename;
					break;
				case 't':
					next = &typetext;
					break;
				case 's':
					next = &sizetext;
					break;
170
171
172
				case 'y':
					printpub = 1;
					break;
173
174
175
176
				case 'h':
					printhelp(argv[0]);
					exit(EXIT_SUCCESS);
					break;
177
#if DEBUG_TRACE
178
179
180
181
				case 'v':
					debug_trace = 1;
					break;
#endif
182
183
184
185
186
187
188
189
190
				default:
					fprintf(stderr, "Unknown argument %s\n", argv[i]);
					printhelp(argv[0]);
					exit(EXIT_FAILURE);
					break;
			}
		}
	}

191
192
193
194
195
196
197
	if (!filename) {
		fprintf(stderr, "Must specify a key filename\n");
		printhelp(argv[0]);
		exit(EXIT_FAILURE);
	}

	if (printpub) {
198
199
		int ret = printpubfile(filename);
		exit(ret);
200
201
	}

202
203
	/* check/parse args */
	if (!typetext) {
204
		fprintf(stderr, "Must specify key type\n");
205
206
207
208
		printhelp(argv[0]);
		exit(EXIT_FAILURE);
	}

209
#if DROPBEAR_RSA
210
211
212
213
214
	if (strcmp(typetext, "rsa") == 0)
	{
		keytype = DROPBEAR_SIGNKEY_RSA;
	}
#endif
215
#if DROPBEAR_DSS
216
217
218
219
220
	if (strcmp(typetext, "dss") == 0)
	{
		keytype = DROPBEAR_SIGNKEY_DSS;
	}
#endif
221
#if DROPBEAR_ECDSA
222
223
224
225
226
	if (strcmp(typetext, "ecdsa") == 0)
	{
		keytype = DROPBEAR_SIGNKEY_ECDSA_KEYGEN;
	}
#endif
227
228

	if (keytype == DROPBEAR_SIGNKEY_NONE) {
229
230
231
232
233
234
235
236
237
238
		fprintf(stderr, "Unknown key type '%s'\n", typetext);
		printhelp(argv[0]);
		exit(EXIT_FAILURE);
	}

	if (sizetext) {
		if (sscanf(sizetext, "%u", &bits) != 1) {
			fprintf(stderr, "Bits must be an integer\n");
			exit(EXIT_FAILURE);
		}
239
		
240
		check_signkey_bits(keytype, bits);;
241
	}
242
243

	fprintf(stderr, "Generating key, this may take a while...\n");
244
	if (signkey_generate(keytype, bits, filename, 0) == DROPBEAR_FAILURE)
245
246
247
	{
		dropbear_exit("Failed to generate key.\n");
	}
248

249
	printpubfile(filename);
250
251
252
253
254

	return EXIT_SUCCESS;
}
#endif

255
static int printpubfile(const char* filename) {
256
257
258

	buffer *buf = NULL;
	sign_key *key = NULL;
259
	enum signkey_type keytype;
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
	int ret;
	int err = DROPBEAR_FAILURE;

	buf = buf_new(MAX_PRIVKEY_SIZE);
	ret = buf_readfile(buf, filename);

	if (ret != DROPBEAR_SUCCESS) {
		fprintf(stderr, "Failed reading '%s'\n", filename);
		goto out;
	}

	key = new_sign_key();
	keytype = DROPBEAR_SIGNKEY_ANY;

	buf_setpos(buf, 0);
	ret = buf_get_priv_key(buf, key, &keytype);
	if (ret == DROPBEAR_FAILURE) {
		fprintf(stderr, "Bad key in '%s'\n", filename);
		goto out;
	}

	printpubkey(key, keytype);

	err = DROPBEAR_SUCCESS;

out:
	buf_burn(buf);
	buf_free(buf);
	buf = NULL;
Matt Johnston's avatar
Matt Johnston committed
289
290
291
292
	if (key) {
		sign_key_free(key);
		key = NULL;
	}
293
	return err;
294
295
296
297
298
299
300
301
302
303
304
}

static void printpubkey(sign_key * key, int keytype) {

	buffer * buf = NULL;
	unsigned char base64key[MAX_PUBKEY_SIZE*2];
	unsigned long base64len;
	int err;
	const char * typestring = NULL;
	char *fp = NULL;
	int len;
305
306
307
	struct passwd * pw = NULL;
	char * username = NULL;
	char hostname[100];
308
309
310
311
312
313
314
315
316
317
318
319
320
321

	buf = buf_new(MAX_PUBKEY_SIZE);
	buf_put_pub_key(buf, key, keytype);
	buf_setpos(buf, 4);

	len = buf->len - buf->pos;

	base64len = sizeof(base64key);
	err = base64_encode(buf_getptr(buf, len), len, base64key, &base64len);

	if (err != CRYPT_OK) {
		fprintf(stderr, "base64 failed");
	}

322
	typestring = signkey_name_from_type(keytype, NULL);
323
324
325

	fp = sign_key_fingerprint(buf_getptr(buf, len), len);

326
327
328
	/* a [email protected] comment is informative */
	username = "";
	pw = getpwuid(getuid());
329
	if (pw) {
330
331
332
333
334
335
336
337
		username = pw->pw_name;
	}

	gethostname(hostname, sizeof(hostname));
	hostname[sizeof(hostname)-1] = '\0';

	printf("Public key portion is:\n%s %s %[email protected]%s\nFingerprint: %s\n",
			typestring, base64key, username, hostname, fp);
338
339
340
341

	m_free(fp);
	buf_free(buf);
}