mirror of
https://github.com/clearml/dropbear
synced 2025-06-26 18:17:32 +00:00
add configuration option for default RSA size.
print key size with dropbearkey
This commit is contained in:
Matt Johnston
parent
364fb6019c
commit
a94338dc67
@ -10,7 +10,7 @@ Local customisation should be added to localoptions.h which is
|
|||||||
used if it exists. Options defined there will override any options in this
|
used if it exists. Options defined there will override any options in this
|
||||||
file (#ifndef guards added by ifndef_wrapper.sh).
|
file (#ifndef guards added by ifndef_wrapper.sh).
|
||||||
|
|
||||||
Options can also be defined with -DDROPBEAR_XXX Makefile CFLAGS
|
Options can also be defined with -DDROPBEAR_XXX in Makefile CFLAGS
|
||||||
|
|
||||||
IMPORTANT: Many options will require "make clean" after changes */
|
IMPORTANT: Many options will require "make clean" after changes */
|
||||||
|
|
||||||
@ -198,6 +198,13 @@ If you test it please contact the Dropbear author */
|
|||||||
#define DROPBEAR_ECDSA 1
|
#define DROPBEAR_ECDSA 1
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* RSA must be >=1024 */
|
||||||
|
#ifndef DROPBEAR_DEFAULT_RSA_SIZE
|
||||||
|
#define DROPBEAR_DEFAULT_RSA_SIZE 2048
|
||||||
|
#endif
|
||||||
|
/* DSS is always 1024 */
|
||||||
|
/* ECDSA defaults to largest size configured, usually 521 */
|
||||||
|
|
||||||
/* Add runtime flag "-R" to generate hostkeys as-needed when the first
|
/* Add runtime flag "-R" to generate hostkeys as-needed when the first
|
||||||
connection using that key type occurs.
|
connection using that key type occurs.
|
||||||
This avoids the need to otherwise run "dropbearkey" and avoids some problems
|
This avoids the need to otherwise run "dropbearkey" and avoids some problems
|
||||||
|
|||||||
@ -10,7 +10,7 @@ Local customisation should be added to localoptions.h which is
|
|||||||
used if it exists. Options defined there will override any options in this
|
used if it exists. Options defined there will override any options in this
|
||||||
file (#ifndef guards added by ifndef_wrapper.sh).
|
file (#ifndef guards added by ifndef_wrapper.sh).
|
||||||
|
|
||||||
Options can also be defined with -DDROPBEAR_XXX Makefile CFLAGS
|
Options can also be defined with -DDROPBEAR_XXX in Makefile CFLAGS
|
||||||
|
|
||||||
IMPORTANT: Many options will require "make clean" after changes */
|
IMPORTANT: Many options will require "make clean" after changes */
|
||||||
|
|
||||||
@ -130,6 +130,11 @@ If you test it please contact the Dropbear author */
|
|||||||
* on x86-64 */
|
* on x86-64 */
|
||||||
#define DROPBEAR_ECDSA 1
|
#define DROPBEAR_ECDSA 1
|
||||||
|
|
||||||
|
/* RSA must be >=1024 */
|
||||||
|
#define DROPBEAR_DEFAULT_RSA_SIZE 2048
|
||||||
|
/* DSS is always 1024 */
|
||||||
|
/* ECDSA defaults to largest size configured, usually 521 */
|
||||||
|
|
||||||
/* Add runtime flag "-R" to generate hostkeys as-needed when the first
|
/* Add runtime flag "-R" to generate hostkeys as-needed when the first
|
||||||
connection using that key type occurs.
|
connection using that key type occurs.
|
||||||
This avoids the need to otherwise run "dropbearkey" and avoids some problems
|
This avoids the need to otherwise run "dropbearkey" and avoids some problems
|
||||||
|
|||||||
@ -139,7 +139,7 @@ int main(int argc, char ** argv) {
|
|||||||
enum signkey_type keytype = DROPBEAR_SIGNKEY_NONE;
|
enum signkey_type keytype = DROPBEAR_SIGNKEY_NONE;
|
||||||
char * typetext = NULL;
|
char * typetext = NULL;
|
||||||
char * sizetext = NULL;
|
char * sizetext = NULL;
|
||||||
unsigned int bits = 0;
|
unsigned int bits = 0, genbits;
|
||||||
int printpub = 0;
|
int printpub = 0;
|
||||||
|
|
||||||
crypto_init();
|
crypto_init();
|
||||||
@ -240,7 +240,8 @@ int main(int argc, char ** argv) {
|
|||||||
check_signkey_bits(keytype, bits);;
|
check_signkey_bits(keytype, bits);;
|
||||||
}
|
}
|
||||||
|
|
||||||
fprintf(stderr, "Generating key, this may take a while...\n");
|
genbits = signkey_generate_get_bits(keytype, bits);
|
||||||
|
fprintf(stderr, "Generating %d bit %s key, this may take a while...\n", genbits, typetext);
|
||||||
if (signkey_generate(keytype, bits, filename, 0) == DROPBEAR_FAILURE)
|
if (signkey_generate(keytype, bits, filename, 0) == DROPBEAR_FAILURE)
|
||||||
{
|
{
|
||||||
dropbear_exit("Failed to generate key.\n");
|
dropbear_exit("Failed to generate key.\n");
|
||||||
|
|||||||
21
gensignkey.c
21
gensignkey.c
@ -7,9 +7,6 @@
|
|||||||
#include "signkey.h"
|
#include "signkey.h"
|
||||||
#include "dbrandom.h"
|
#include "dbrandom.h"
|
||||||
|
|
||||||
#define RSA_DEFAULT_SIZE 2048
|
|
||||||
#define DSS_DEFAULT_SIZE 1024
|
|
||||||
|
|
||||||
/* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
|
/* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
|
||||||
static int buf_writefile(buffer * buf, const char * filename) {
|
static int buf_writefile(buffer * buf, const char * filename) {
|
||||||
int ret = DROPBEAR_FAILURE;
|
int ret = DROPBEAR_FAILURE;
|
||||||
@ -55,11 +52,12 @@ static int get_default_bits(enum signkey_type keytype)
|
|||||||
switch (keytype) {
|
switch (keytype) {
|
||||||
#if DROPBEAR_RSA
|
#if DROPBEAR_RSA
|
||||||
case DROPBEAR_SIGNKEY_RSA:
|
case DROPBEAR_SIGNKEY_RSA:
|
||||||
return RSA_DEFAULT_SIZE;
|
return DROPBEAR_DEFAULT_RSA_SIZE;
|
||||||
#endif
|
#endif
|
||||||
#if DROPBEAR_DSS
|
#if DROPBEAR_DSS
|
||||||
case DROPBEAR_SIGNKEY_DSS:
|
case DROPBEAR_SIGNKEY_DSS:
|
||||||
return DSS_DEFAULT_SIZE;
|
/* DSS for SSH only defines 1024 bits */
|
||||||
|
return 1024;
|
||||||
#endif
|
#endif
|
||||||
#if DROPBEAR_ECDSA
|
#if DROPBEAR_ECDSA
|
||||||
case DROPBEAR_SIGNKEY_ECDSA_KEYGEN:
|
case DROPBEAR_SIGNKEY_ECDSA_KEYGEN:
|
||||||
@ -76,6 +74,14 @@ static int get_default_bits(enum signkey_type keytype)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int signkey_generate_get_bits(enum signkey_type keytype, int bits) {
|
||||||
|
if (bits == 0)
|
||||||
|
{
|
||||||
|
bits = get_default_bits(keytype);
|
||||||
|
}
|
||||||
|
return bits;
|
||||||
|
}
|
||||||
|
|
||||||
/* if skip_exist is set it will silently return if the key file exists */
|
/* if skip_exist is set it will silently return if the key file exists */
|
||||||
int signkey_generate(enum signkey_type keytype, int bits, const char* filename, int skip_exist)
|
int signkey_generate(enum signkey_type keytype, int bits, const char* filename, int skip_exist)
|
||||||
{
|
{
|
||||||
@ -83,10 +89,7 @@ int signkey_generate(enum signkey_type keytype, int bits, const char* filename,
|
|||||||
buffer *buf = NULL;
|
buffer *buf = NULL;
|
||||||
char *fn_temp = NULL;
|
char *fn_temp = NULL;
|
||||||
int ret = DROPBEAR_FAILURE;
|
int ret = DROPBEAR_FAILURE;
|
||||||
if (bits == 0)
|
bits = signkey_generate_get_bits(keytype, bits);
|
||||||
{
|
|
||||||
bits = get_default_bits(keytype);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* now we can generate the key */
|
/* now we can generate the key */
|
||||||
key = new_sign_key();
|
key = new_sign_key();
|
||||||
|
|||||||
@ -4,5 +4,6 @@
|
|||||||
#include "signkey.h"
|
#include "signkey.h"
|
||||||
|
|
||||||
int signkey_generate(enum signkey_type type, int bits, const char* filename, int skip_exist);
|
int signkey_generate(enum signkey_type type, int bits, const char* filename, int skip_exist);
|
||||||
|
int signkey_generate_get_bits(enum signkey_type keytype, int bits);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -2,6 +2,8 @@
|
|||||||
#define DROPBEAR_OPTIONS_H
|
#define DROPBEAR_OPTIONS_H
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
> > > Don't edit this file any more! < < <
|
||||||
|
|
||||||
Local compile-time configuration should be defined in localoptions.h
|
Local compile-time configuration should be defined in localoptions.h
|
||||||
See default_options.h.in for a description of the available options.
|
See default_options.h.in for a description of the available options.
|
||||||
*/
|
*/
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user