dropbearkey: save a public key file

When generating a key a user can specify a comment. The OpenSSH keygen stores the comment into a identity key file. But the DropBear uses a smaller key format without the comment. With the change a public key will be stored to a file with the comment.
mkj · Dec 16, 2023 · f15efc4 · f15efc4
1 parent 38df497
commit f15efc4
Showing 1 changed file with 30 additions and 7 deletions.
diff --git a/src/dropbearkey.c b/src/dropbearkey.c
@@ -64,8 +64,8 @@
 static void printhelp(char * progname);
 
 
-static void printpubkey(sign_key * key, int keytype, const char * comment);
-static int printpubfile(const char* filename, const char * comment);
+static void printpubkey(sign_key * key, int keytype, const char * comment, const char * filename_pub);
+static int printpubfile(const char* filename, const char * comment, const char * filename_pub);
 static int print_pubkey_file(const char* filename_pub);
 
 /* Print a help message */
@@ -238,7 +238,7 @@ int main(int argc, char ** argv) {
 			exit(ret);
 		}
 		fprintf(stderr, "Pub key %s not found, extract from key\n", filename_pub);
-		ret = printpubfile(filename, NULL);
+		ret = printpubfile(filename, NULL, NULL);
 		exit(ret);
 	}
 
@@ -301,13 +301,13 @@ int main(int argc, char ** argv) {
 		dropbear_exit("Failed to generate key.\n");
 	}
 
-	printpubfile(filename, comment);
+	printpubfile(filename, comment, filename_pub);
 
 	return EXIT_SUCCESS;
 }
 #endif
 
-static int printpubfile(const char* filename, const char* comment) {
+static int printpubfile(const char* filename, const char* comment, const char * filename_pub) {
 
 	buffer *buf = NULL;
 	sign_key *key = NULL;
@@ -333,7 +333,7 @@ static int printpubfile(const char* filename, const char* comment) {
 		goto out;
 	}
 
-	printpubkey(key, keytype, comment);
+	printpubkey(key, keytype, comment, filename_pub);
 
 	err = DROPBEAR_SUCCESS;
 
@@ -347,7 +347,7 @@ static int printpubfile(const char* filename, const char* comment) {
 	return err;
 }
 
-static void printpubkey(sign_key * key, int keytype, const char * comment) {
+static void printpubkey(sign_key * key, int keytype, const char * comment, const char * filename_pub) {
 
 	buffer * buf = NULL;
 	unsigned char base64key[MAX_PUBKEY_SIZE*2];
@@ -359,6 +359,14 @@ static void printpubkey(sign_key * key, int keytype, const char * comment) {
 	struct passwd * pw = NULL;
 	char * username = NULL;
 	char hostname[100];
+	int pubkey_fd = -1;
+
+	if (filename_pub) {
+		pubkey_fd = open(filename_pub, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
+		if (pubkey_fd < 0) {
+			dropbear_log(LOG_ERR, "Save public key to %s failed: %s", filename_pub, strerror(errno));
+		}
+	}
 
 	buf = buf_new(MAX_PUBKEY_SIZE);
 	buf_put_pub_key(buf, key, keytype);
@@ -380,6 +388,10 @@ static void printpubkey(sign_key * key, int keytype, const char * comment) {
 	if (comment) {
 		printf("%s %s %s\n",
 				typestring, base64key, comment);
+		if (pubkey_fd >= 0) {
+			dprintf(pubkey_fd, "%s %s %s\n",
+					typestring, base64key, comment);
+		}
 	} else {
 		/* a user@host comment is informative */
 		username = "";
@@ -393,13 +405,24 @@ static void printpubkey(sign_key * key, int keytype, const char * comment) {
 
 		printf("%s %s %s@%s\n",
 				typestring, base64key, username, hostname);
+		if (pubkey_fd >= 0) {
+			dprintf(pubkey_fd,"%s %s %s@%s\n",
+					typestring, base64key, username, hostname);
+		}
 	}
 
 	fp = sign_key_fingerprint(buf_getptr(buf, len), len);
 	printf("Fingerprint: %s\n", fp);
 
 	m_free(fp);
 	buf_free(buf);
+
+	if (pubkey_fd >= 0) {
+		if (fsync(pubkey_fd) != 0) {
+			dropbear_log(LOG_ERR, "fsync of %s failed: %s", filename_pub, strerror(errno));
+		}
+		m_close(pubkey_fd);
+	}
 }
 
 static int print_pubkey_file(const char * filename_pub) {