diff options
| author | Vladislav Grishenko <themiron@users.noreply.github.com> | 2020-03-11 21:09:45 +0500 |
|---|---|---|
| committer | Vladislav Grishenko <themiron@users.noreply.github.com> | 2020-03-11 21:09:45 +0500 |
| commit | 23a22a4922ed9ee43d67b3c4bf983c9f88b16196 (patch) | |
| tree | 53f12c098591959f4b9cb2d22a0c0615e68f8214 /dropbearkey.c | |
| parent | 7b1b445e7a910d1e4ee99f1073f9771c0efbf42f (diff) | |
| download | dropbear-23a22a4922ed9ee43d67b3c4bf983c9f88b16196.tar.gz | |
Add Ed25519 support (#91)
* Add support for Ed25519 as a public key type
Ed25519 is a elliptic curve signature scheme that offers
better security than ECDSA and DSA and good performance. It may be
used for both user and host keys.
OpenSSH key import and fuzzer are not supported yet.
Initially inspired by Peter Szabo.
* Add curve25519 and ed25519 fuzzers
* Add import and export of Ed25519 keys
Diffstat (limited to 'dropbearkey.c')
| -rw-r--r-- | dropbearkey.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/dropbearkey.c b/dropbearkey.c index dd0e697..f881855 100644 --- a/dropbearkey.c +++ b/dropbearkey.c @@ -43,6 +43,10 @@ * mp_int y * mp_int x * + * Ed25519: + * string "ssh-ed25519" + * string k (32 bytes) + A (32 bytes) + * */ #include "includes.h" #include "signkey.h" @@ -51,6 +55,7 @@ #include "genrsa.h" #include "gendss.h" +#include "gened25519.h" #include "ecdsa.h" #include "crypto_desc.h" #include "dbrandom.h" @@ -76,6 +81,9 @@ static void printhelp(char * progname) { #if DROPBEAR_ECDSA " ecdsa\n" #endif +#if DROPBEAR_ED25519 + " ed25519\n" +#endif "-f filename Use filename for the secret key.\n" " ~/.ssh/id_dropbear is recommended for client keys.\n" "-s bits Key size in bits, should be a multiple of 8 (optional)\n" @@ -95,6 +103,9 @@ static void printhelp(char * progname) { #endif "\n" #endif +#if DROPBEAR_ED25519 + " Ed25519 has a fixed size of 256 bits\n" +#endif "-y Just print the publickey and fingerprint for the\n private key in <filename>.\n" #if DEBUG_TRACE "-v verbose\n" @@ -106,6 +117,14 @@ static void printhelp(char * progname) { static void check_signkey_bits(enum signkey_type type, int bits) { switch (type) { +#if DROPBEAR_ED25519 + case DROPBEAR_SIGNKEY_ED25519: + if (bits != 256) { + dropbear_exit("Ed25519 keys have a fixed size of 256 bits\n"); + exit(EXIT_FAILURE); + } + break; +#endif #if DROPBEAR_RSA case DROPBEAR_SIGNKEY_RSA: if (bits < 512 || bits > 4096 || (bits % 8 != 0)) { @@ -224,6 +243,12 @@ int main(int argc, char ** argv) { keytype = DROPBEAR_SIGNKEY_ECDSA_KEYGEN; } #endif +#if DROPBEAR_ED25519 + if (strcmp(typetext, "ed25519") == 0) + { + keytype = DROPBEAR_SIGNKEY_ED25519; + } +#endif if (keytype == DROPBEAR_SIGNKEY_NONE) { fprintf(stderr, "Unknown key type '%s'\n", typetext); |