/src/dropbear/src/gensignkey.c

Source (jump to first uncovered line)
#include "includes.h"
#include "dbutil.h"
#include "buffer.h"
#include "ecdsa.h"
#include "genrsa.h"
#include "gendss.h"
#include "gened25519.h"
#include "signkey.h"
#include "dbrandom.h"

/* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
static int buf_writefile(buffer * buf, const char * filename, int skip_exist) {
  int ret = DROPBEAR_FAILURE;
  int fd = -1;

  fd = open(filename, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
  if (fd < 0) {
    /* If generating keys on connection (skip_exist) it's OK to get EEXIST
    - we probably just lost a race with another connection to generate the key */
    if (skip_exist && errno == EEXIST) {
      ret = DROPBEAR_SUCCESS;
    } else {
      dropbear_log(LOG_ERR, "Couldn't create new file %s: %s",
        filename, strerror(errno));
    }

    goto out;
  }

  /* write the file now */
  while (buf->pos != buf->len) {
    int len = write(fd, buf_getptr(buf, buf->len - buf->pos),
        buf->len - buf->pos);
    if (len == -1 && errno == EINTR) {
      continue;
    }
    if (len <= 0) {
      dropbear_log(LOG_ERR, "Failed writing file %s: %s",
        filename, strerror(errno));
      goto out;
    }
    buf_incrpos(buf, len);
  }

  ret = DROPBEAR_SUCCESS;

out:
  if (fd >= 0) {
    if (fsync(fd) != 0) {
      dropbear_log(LOG_ERR, "fsync of %s failed: %s", filename, strerror(errno));
    }
    m_close(fd);
  }
  return ret;
}

/* returns 0 on failure */
static int get_default_bits(enum signkey_type keytype)
{
  switch (keytype) {
#if DROPBEAR_RSA
    case DROPBEAR_SIGNKEY_RSA:
      return DROPBEAR_DEFAULT_RSA_SIZE;
#endif
#if DROPBEAR_DSS
    case DROPBEAR_SIGNKEY_DSS:
      /* DSS for SSH only defines 1024 bits */
      return 1024;
#endif
#if DROPBEAR_ECDSA
    case DROPBEAR_SIGNKEY_ECDSA_KEYGEN:
      return ECDSA_DEFAULT_SIZE;
    case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
      return 521;
    case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
      return 384;
    case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
      return 256;
#endif
#if DROPBEAR_ED25519
    case DROPBEAR_SIGNKEY_ED25519:
      return 256;
#endif
    default:
      return 0;
  }
}

int signkey_generate_get_bits(enum signkey_type keytype, int bits) {
  if (bits == 0)
  {
    bits = get_default_bits(keytype);
  }
  return bits;
}

/* if skip_exist is set it will silently return if the key file exists */
int signkey_generate(enum signkey_type keytype, int bits, const char* filename, int skip_exist)
{
  sign_key * key = NULL;
  buffer *buf = NULL;
  char *fn_temp = NULL;
  int ret = DROPBEAR_FAILURE;
  bits = signkey_generate_get_bits(keytype, bits);

  /* now we can generate the key */
  key = new_sign_key();

  seedrandom();

  switch(keytype) {
#if DROPBEAR_RSA
    case DROPBEAR_SIGNKEY_RSA:
      key->rsakey = gen_rsa_priv_key(bits);
      break;
#endif
#if DROPBEAR_DSS
    case DROPBEAR_SIGNKEY_DSS:
      key->dsskey = gen_dss_priv_key(bits);
      break;
#endif
#if DROPBEAR_ECDSA
    case DROPBEAR_SIGNKEY_ECDSA_KEYGEN:
    case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
    case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
    case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
      {
        ecc_key *ecckey = gen_ecdsa_priv_key(bits);
        keytype = ecdsa_signkey_type(ecckey);
        *signkey_key_ptr(key, keytype) = ecckey;
      }
      break;
#endif
#if DROPBEAR_ED25519
    case DROPBEAR_SIGNKEY_ED25519:
      key->ed25519key = gen_ed25519_priv_key(bits);
      break;
#endif
    default:
      dropbear_exit("Internal error");
  }

  seedrandom();

  buf = buf_new(MAX_PRIVKEY_SIZE); 

  buf_put_priv_key(buf, key, keytype);
  sign_key_free(key);
  key = NULL;
  buf_setpos(buf, 0);

  fn_temp = m_malloc(strlen(filename) + 30);
  snprintf(fn_temp, strlen(filename)+30, "%s.tmp%d", filename, getpid());
  ret = buf_writefile(buf, fn_temp, 0);

  if (ret == DROPBEAR_FAILURE) {
    goto out;
  }

  if (link(fn_temp, filename) < 0) {
    /* If generating keys on connection (skipexist) it's OK to get EEXIST 
    - we probably just lost a race with another connection to generate the key */
    if (!(skip_exist && errno == EEXIST)) {
      if (errno == EPERM || errno == EACCES) {
        /* Non-atomic fallback when hard-links not allowed or unsupported */
        buf_setpos(buf, 0);
        ret = buf_writefile(buf, filename, skip_exist);
      } else {
        dropbear_log(LOG_ERR, "Failed moving key file to %s: %s", filename,
          strerror(errno));
        ret = DROPBEAR_FAILURE;
      }

      goto out;
    }
  }

  /* ensure directory update is flushed to disk, otherwise we can end up
  with zero-byte hostkey files if the power goes off */
  fsync_parent_dir(filename);

out:
  if (buf) {
    buf_burn_free(buf);
  }
  
  if (fn_temp) {
    unlink(fn_temp);
    m_free(fn_temp);
  }

  return ret;
}

Line	Count	Source (jump to first uncovered line)
1		#include "includes.h"
2		#include "dbutil.h"
3		#include "buffer.h"
4		#include "ecdsa.h"
5		#include "genrsa.h"
6		#include "gendss.h"
7		#include "gened25519.h"
8		#include "signkey.h"
9		#include "dbrandom.h"
10
11		/* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
12	0	static int buf_writefile(buffer * buf, const char * filename, int skip_exist) {
13	0	int ret = DROPBEAR_FAILURE;
14	0	int fd = -1;
15
16	0	fd = open(filename, O_RDWR \| O_CREAT \| O_EXCL, S_IRUSR \| S_IWUSR);
17	0	if (fd < 0) {
18		/* If generating keys on connection (skip_exist) it's OK to get EEXIST
19		- we probably just lost a race with another connection to generate the key */
20	0	if (skip_exist && errno == EEXIST) {
21	0	ret = DROPBEAR_SUCCESS;
22	0	} else {
23	0	dropbear_log(LOG_ERR, "Couldn't create new file %s: %s",
24	0	filename, strerror(errno));
25	0	}
26
27	0	goto out;
28	0	}
29
30		/* write the file now */
31	0	while (buf->pos != buf->len) {
32	0	int len = write(fd, buf_getptr(buf, buf->len - buf->pos),
33	0	buf->len - buf->pos);
34	0	if (len == -1 && errno == EINTR) {
35	0	continue;
36	0	}
37	0	if (len <= 0) {
38	0	dropbear_log(LOG_ERR, "Failed writing file %s: %s",
39	0	filename, strerror(errno));
40	0	goto out;
41	0	}
42	0	buf_incrpos(buf, len);
43	0	}
44
45	0	ret = DROPBEAR_SUCCESS;
46
47	0	out:
48	0	if (fd >= 0) {
49	0	if (fsync(fd) != 0) {
50	0	dropbear_log(LOG_ERR, "fsync of %s failed: %s", filename, strerror(errno));
51	0	}
52	0	m_close(fd);
53	0	}
54	0	return ret;
55	0	}
56
57		/* returns 0 on failure */
58		static int get_default_bits(enum signkey_type keytype)
59	0	{
60	0	switch (keytype) {
61	0	#if DROPBEAR_RSA
62	0	case DROPBEAR_SIGNKEY_RSA:
63	0	return DROPBEAR_DEFAULT_RSA_SIZE;
64	0	#endif
65	0	#if DROPBEAR_DSS
66	0	case DROPBEAR_SIGNKEY_DSS:
67		/* DSS for SSH only defines 1024 bits */
68	0	return 1024;
69	0	#endif
70	0	#if DROPBEAR_ECDSA
71	0	case DROPBEAR_SIGNKEY_ECDSA_KEYGEN:
72	0	return ECDSA_DEFAULT_SIZE;
73	0	case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
74	0	return 521;
75	0	case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
76	0	return 384;
77	0	case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
78	0	return 256;
79	0	#endif
80	0	#if DROPBEAR_ED25519
81	0	case DROPBEAR_SIGNKEY_ED25519:
82	0	return 256;
83	0	#endif
84	0	default:
85	0	return 0;
86	0	}
87	0	}
88
89	0	int signkey_generate_get_bits(enum signkey_type keytype, int bits) {
90	0	if (bits == 0)
91	0	{
92	0	bits = get_default_bits(keytype);
93	0	}
94	0	return bits;
95	0	}
96
97		/* if skip_exist is set it will silently return if the key file exists */
98		int signkey_generate(enum signkey_type keytype, int bits, const char* filename, int skip_exist)
99	0	{
100	0	sign_key * key = NULL;
101	0	buffer *buf = NULL;
102	0	char *fn_temp = NULL;
103	0	int ret = DROPBEAR_FAILURE;
104	0	bits = signkey_generate_get_bits(keytype, bits);
105
106		/* now we can generate the key */
107	0	key = new_sign_key();
108
109	0	seedrandom();
110
111	0	switch(keytype) {
112	0	#if DROPBEAR_RSA
113	0	case DROPBEAR_SIGNKEY_RSA:
114	0	key->rsakey = gen_rsa_priv_key(bits);
115	0	break;
116	0	#endif
117	0	#if DROPBEAR_DSS
118	0	case DROPBEAR_SIGNKEY_DSS:
119	0	key->dsskey = gen_dss_priv_key(bits);
120	0	break;
121	0	#endif
122	0	#if DROPBEAR_ECDSA
123	0	case DROPBEAR_SIGNKEY_ECDSA_KEYGEN:
124	0	case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
125	0	case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
126	0	case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
127	0	{
128	0	ecc_key *ecckey = gen_ecdsa_priv_key(bits);
129	0	keytype = ecdsa_signkey_type(ecckey);
130	0	*signkey_key_ptr(key, keytype) = ecckey;
131	0	}
132	0	break;
133	0	#endif
134	0	#if DROPBEAR_ED25519
135	0	case DROPBEAR_SIGNKEY_ED25519:
136	0	key->ed25519key = gen_ed25519_priv_key(bits);
137	0	break;
138	0	#endif
139	0	default:
140	0	dropbear_exit("Internal error");
141	0	}
142
143	0	seedrandom();
144
145	0	buf = buf_new(MAX_PRIVKEY_SIZE);
146
147	0	buf_put_priv_key(buf, key, keytype);
148	0	sign_key_free(key);
149	0	key = NULL;
150	0	buf_setpos(buf, 0);
151
152	0	fn_temp = m_malloc(strlen(filename) + 30);
153	0	snprintf(fn_temp, strlen(filename)+30, "%s.tmp%d", filename, getpid());
154	0	ret = buf_writefile(buf, fn_temp, 0);
155
156	0	if (ret == DROPBEAR_FAILURE) {
157	0	goto out;
158	0	}
159
160	0	if (link(fn_temp, filename) < 0) {
161		/* If generating keys on connection (skipexist) it's OK to get EEXIST
162		- we probably just lost a race with another connection to generate the key */
163	0	if (!(skip_exist && errno == EEXIST)) {
164	0	if (errno == EPERM \|\| errno == EACCES) {
165		/* Non-atomic fallback when hard-links not allowed or unsupported */
166	0	buf_setpos(buf, 0);
167	0	ret = buf_writefile(buf, filename, skip_exist);
168	0	} else {
169	0	dropbear_log(LOG_ERR, "Failed moving key file to %s: %s", filename,
170	0	strerror(errno));
171	0	ret = DROPBEAR_FAILURE;
172	0	}
173
174	0	goto out;
175	0	}
176	0	}
177
178		/* ensure directory update is flushed to disk, otherwise we can end up
179		with zero-byte hostkey files if the power goes off */
180	0	fsync_parent_dir(filename);
181
182	0	out:
183	0	if (buf) {
184	0	buf_burn_free(buf);
185	0	}
186
187	0	if (fn_temp) {
188	0	unlink(fn_temp);
189	0	m_free(fn_temp);
190	0	}
191
192	0	return ret;
193	0	}

Coverage Report

Created: 2024-09-08 06:28