Merge

common-algo.c

@@ -246,14 +246,14 @@ static struct dropbear_kex kex_ecdh_nistp521 = {NULL, 0, &ecc_curve_nistp521, &s
 
 algo_type sshkex[] = {
 #ifdef DROPBEAR_ECDH
-#ifdef DROPBEAR_ECC_256
+#ifdef DROPBEAR_ECC_521
-	{"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL},
+	{"ecdh-sha2-nistp521", 0, &kex_ecdh_nistp521, 1, NULL},
 #endif
 #ifdef DROPBEAR_ECC_384
 	{"ecdh-sha2-nistp384", 0, &kex_ecdh_nistp384, 1, NULL},
 #endif
-#ifdef DROPBEAR_ECC_521
+#ifdef DROPBEAR_ECC_256
-	{"ecdh-sha2-nistp521", 0, &kex_ecdh_nistp521, 1, NULL},
+	{"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL},
 #endif
 #endif
 	{"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},

common-runopts.c

@@ -35,7 +35,8 @@ runopts opts; /* GLOBAL */
 
 /* returns success or failure, and the keytype in *type. If we want
  * to restrict the type, type can contain a type to return */
-int readhostkey(const char * filename, sign_key * hostkey, int *type) {
+int readhostkey(const char * filename, sign_key * hostkey, 
+	enum signkey_type *type) {
 
 	int ret = DROPBEAR_FAILURE;
 	buffer *buf;

dropbearkey.c

@@ -57,7 +57,7 @@
 
 static void printhelp(char * progname);
 
-#define RSA_DEFAULT_SIZE 1024
+#define RSA_DEFAULT_SIZE 2048
 #define DSS_DEFAULT_SIZE 1024
 
 static void buf_writefile(buffer * buf, const char * filename);
@@ -185,7 +185,24 @@ int main(int argc, char ** argv) {
 		exit(EXIT_FAILURE);
 	}
 
-	keytype = signkey_type_from_name(typetext, strlen(typetext));
+#ifdef DROPBEAR_RSA
+	if (strcmp(typetext, "rsa") == 0)
+	{
+		keytype = DROPBEAR_SIGNKEY_RSA;
+	}
+#endif
+#ifdef DROPBEAR_DSS
+	if (strcmp(typetext, "dss") == 0)
+	{
+		keytype = DROPBEAR_SIGNKEY_DSS;
+	}
+#endif
+#ifdef DROPBEAR_ECDSA
+	if (strcmp(typetext, "ecdsa") == 0)
+	{
+		keytype = DROPBEAR_SIGNKEY_ECDSA_KEYGEN;
+	}
+#endif
 
 	if (keytype == DROPBEAR_SIGNKEY_NONE) {
 		fprintf(stderr, "Unknown key type '%s'\n", typetext);
@@ -221,6 +238,9 @@ int main(int argc, char ** argv) {
 				(void)0; /* quiet, compiler. ecdsa handles checks itself */
         }
 
+    } else {
+    	/* default key size */
+
         switch (keytype) {
 #ifdef DROPBEAR_RSA
             case DROPBEAR_SIGNKEY_RSA:
@@ -269,7 +289,7 @@ int main(int argc, char ** argv) {
 			{
 				ecc_key *ecckey = gen_ecdsa_priv_key(bits);
 				keytype = ecdsa_signkey_type(ecckey);
-				*signkey_ecc_key_ptr(key, keytype) = ecckey;
+				*signkey_key_ptr(key, keytype) = ecckey;
 			}
 			break;
 #endif
@@ -299,7 +319,7 @@ static void justprintpub(const char* filename) {
 
 	buffer *buf = NULL;
 	sign_key *key = NULL;
-	int keytype;
+	enum signkey_type keytype;
 	int ret;
 	int err = DROPBEAR_FAILURE;
 

ecdsa.h

@@ -7,12 +7,12 @@
 
 #ifdef DROPBEAR_ECDSA
 
-#ifdef DROPBEAR_ECC_256
+#if defined(DROPBEAR_ECC_521)
-#define ECDSA_DEFAULT_SIZE 256
-#elif DROPBEAR_ECC_384
-#define ECDSA_DEFAULT_SIZE 384
-#elif DROPBEAR_ECC_521
 #define ECDSA_DEFAULT_SIZE 521
+#elif defined(DROPBEAR_ECC_384)
+#define ECDSA_DEFAULT_SIZE 384
+#elif defined(DROPBEAR_ECC_256)
+#define ECDSA_DEFAULT_SIZE 256
 #else
 #define ECDSA_DEFAULT_SIZE 0
 #endif

keyimport.c

@@ -774,7 +774,7 @@ static sign_key *openssh_read(const char *filename, char *passphrase)
 			goto error;
 		}
 
-		*signkey_ecc_key_ptr(retkey, retkey->type) = ecc;
+		*signkey_key_ptr(retkey, retkey->type) = ecc;
 	}
 #endif // DROPBEAR_ECDSA
 

runopts.h

@@ -56,7 +56,8 @@ typedef struct runopts {
 
 extern runopts opts;
 
-int readhostkey(const char * filename, sign_key * hostkey, int *type);
+int readhostkey(const char * filename, sign_key * hostkey, 
+	enum signkey_type *type);
 void load_all_hostkeys();
 
 typedef struct svr_runopts {

signkey.c

@@ -103,26 +103,39 @@ enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen)
 	return DROPBEAR_SIGNKEY_NONE;
 }
 
-#ifdef DROPBEAR_ECDSA
+/* Returns a pointer to the key part specific to "type" */
-ecc_key **
+void **
-signkey_ecc_key_ptr(sign_key *key, enum signkey_type ecc_type) {
+signkey_key_ptr(sign_key *key, enum signkey_type type) {
-	switch (ecc_type) {
+	switch (type) {
+#ifdef DROPBEAR_ECC_256
 		case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
-			return &key->ecckey256;
+			return (void**)&key->ecckey256;
+#endif
+#ifdef DROPBEAR_ECC_384
 		case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
-			return &key->ecckey384;
+			return (void**)&key->ecckey384;
+#endif
+#ifdef DROPBEAR_ECC_521
 		case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
-			return &key->ecckey521;
+			return (void**)&key->ecckey521;
+#endif
+#ifdef DROPBEAR_RSA
+		case DROPBEAR_SIGNKEY_RSA:
+			return (void**)&key->rsakey;
+#endif
+#ifdef DROPBEAR_DSS
+		case DROPBEAR_SIGNKEY_DSS:
+			return (void**)&key->dsskey;
+#endif
 		default:
 			return NULL;
 	}
 }
-#endif
 
 /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail.
  * type should be set by the caller to specify the type to read, and
  * on return is set to the type read (useful when type = _ANY) */
-int buf_get_pub_key(buffer *buf, sign_key *key, int *type) {
+int buf_get_pub_key(buffer *buf, sign_key *key, enum signkey_type *type) {
 
 	unsigned char* ident;
 	unsigned int len;
@@ -169,7 +182,7 @@ int buf_get_pub_key(buffer *buf, sign_key *key, int *type) {
 #endif
 #ifdef DROPBEAR_ECDSA
 	{
-		ecc_key **eck = signkey_ecc_key_ptr(key, keytype);
+		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype);
 		if (eck) {
 			if (*eck) {
 				ecc_free(*eck);
@@ -192,7 +205,7 @@ int buf_get_pub_key(buffer *buf, sign_key *key, int *type) {
 /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail.
  * type should be set by the caller to specify the type to read, and
  * on return is set to the type read (useful when type = _ANY) */
-int buf_get_priv_key(buffer *buf, sign_key *key, int *type) {
+int buf_get_priv_key(buffer *buf, sign_key *key, enum signkey_type *type) {
 
 	unsigned char* ident;
 	unsigned int len;
@@ -237,7 +250,7 @@ int buf_get_priv_key(buffer *buf, sign_key *key, int *type) {
 #endif
 #ifdef DROPBEAR_ECDSA
 	{
-		ecc_key **eck = signkey_ecc_key_ptr(key, keytype);
+		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype);
 		if (eck) {
 			if (*eck) {
 				ecc_free(*eck);
@@ -258,7 +271,7 @@ int buf_get_priv_key(buffer *buf, sign_key *key, int *type) {
 }
 
 /* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */
-void buf_put_pub_key(buffer* buf, sign_key *key, int type) {
+void buf_put_pub_key(buffer* buf, sign_key *key, enum signkey_type type) {
 
 	buffer *pubkeys;
 
@@ -276,8 +289,11 @@ void buf_put_pub_key(buffer* buf, sign_key *key, int type) {
 	}
 #endif
 #ifdef DROPBEAR_ECDSA
+	if (type == DROPBEAR_SIGNKEY_ECDSA_NISTP256
+		|| type == DROPBEAR_SIGNKEY_ECDSA_NISTP384
+		|| type == DROPBEAR_SIGNKEY_ECDSA_NISTP521)
 	{
-		ecc_key **eck = signkey_ecc_key_ptr(key, type);
+		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
 		if (eck) {
 			buf_put_ecdsa_pub_key(pubkeys, *eck);
 		}
@@ -293,7 +309,7 @@ void buf_put_pub_key(buffer* buf, sign_key *key, int type) {
 }
 
 /* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */
-void buf_put_priv_key(buffer* buf, sign_key *key, int type) {
+void buf_put_priv_key(buffer* buf, sign_key *key, enum signkey_type type) {
 
 	TRACE(("enter buf_put_priv_key"))
 	TRACE(("type is %d", type))
@@ -314,7 +330,7 @@ void buf_put_priv_key(buffer* buf, sign_key *key, int type) {
 #endif
 #ifdef DROPBEAR_ECDSA
 	{
-		ecc_key **eck = signkey_ecc_key_ptr(key, type);
+		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
 		if (eck) {
 			buf_put_ecdsa_priv_key(buf, *eck);
 			TRACE(("leave buf_put_priv_key: ecdsa done"))
@@ -452,7 +468,7 @@ char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen) {
 #endif
 }
 
-void buf_put_sign(buffer* buf, sign_key *key, int type, 
+void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type, 
 	buffer *data_buf) {
 	buffer *sigblob;
 	sigblob = buf_new(MAX_PUBKEY_SIZE);
@@ -469,7 +485,7 @@ void buf_put_sign(buffer* buf, sign_key *key, int type,
 #endif
 #ifdef DROPBEAR_ECDSA
 	{
-		ecc_key **eck = signkey_ecc_key_ptr(key, type);
+		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
 		if (eck) {
 			buf_put_ecdsa_sign(sigblob, *eck, data_buf);
 		}
@@ -520,7 +536,7 @@ int buf_verify(buffer * buf, sign_key *key, buffer *data_buf) {
 #endif
 #ifdef DROPBEAR_ECDSA
 	{
-		ecc_key **eck = signkey_ecc_key_ptr(key, type);
+		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
 		if (eck) {
 			return buf_ecdsa_verify(buf, *eck, data_buf);
 		}

signkey.h

@@ -85,12 +85,12 @@ typedef struct SIGN_key sign_key;
 sign_key * new_sign_key();
 const char* signkey_name_from_type(enum signkey_type type, unsigned int *namelen);
 enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen);
-int buf_get_pub_key(buffer *buf, sign_key *key, int *type);
+int buf_get_pub_key(buffer *buf, sign_key *key, enum signkey_type *type);
-int buf_get_priv_key(buffer* buf, sign_key *key, int *type);
+int buf_get_priv_key(buffer* buf, sign_key *key, enum signkey_type *type);
-void buf_put_pub_key(buffer* buf, sign_key *key, int type);
+void buf_put_pub_key(buffer* buf, sign_key *key, enum signkey_type type);
-void buf_put_priv_key(buffer* buf, sign_key *key, int type);
+void buf_put_priv_key(buffer* buf, sign_key *key, enum signkey_type type);
 void sign_key_free(sign_key *key);
-void buf_put_sign(buffer* buf, sign_key *key, int type, buffer *data_buf);
+void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type, buffer *data_buf);
 #ifdef DROPBEAR_SIGNKEY_VERIFY
 int buf_verify(buffer * buf, sign_key *key, buffer *data_buf);
 char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen);
@@ -99,8 +99,6 @@ int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen,
 					const unsigned char* algoname, unsigned int algolen, 
 					buffer * line, char ** fingerprint);
 
-#ifdef DROPBEAR_ECDSA
+void** signkey_key_ptr(sign_key *key, enum signkey_type type);
-ecc_key ** signkey_ecc_key_ptr(sign_key *key, enum signkey_type ecc_type);
-#endif
 
 #endif /* _SIGNKEY_H_ */