pki: ssh_pki_generate

for both gcrypt and openssl

3 files changed, 93 insertions, 0 deletions

diff --git a/src/pki.c b/src/pki.c
index d0e52c44..c6f0e5f8 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -790,6 +790,49 @@ int ssh_pki_import_pubkey_file(const char *filename, ssh_key *pkey)
 }
 
 /**
+ * @brief Generates a keypair.
+ * @param[in] type      Type of key to create
+ * @param[in] parameter Parameter to the creation of key:
+ *                      rsa : length of the key in bits (e.g. 1024, 2048, 4096)
+ *                      dsa : length of the key in bits (e.g. 1024, 2048, 3072)
+ *                      ecdsa : not implemented
+ * @param[out] pkey     A pointer to store the private key. You need to free the
+ *                      memory.
+ * @return              SSH_OK on success, SSH_ERROR on error.
+ * @warning             Generating a key pair may take some time.
+ */
+
+int ssh_pki_generate(enum ssh_keytypes_e type, int parameter,
+        ssh_key *pkey){
+    int rc;
+    ssh_key key = ssh_key_new();
+    switch(type){
+        case SSH_KEYTYPE_RSA:
+        case SSH_KEYTYPE_RSA1:
+            rc = pki_key_generate_rsa(key, parameter);
+            if(rc == SSH_ERROR)
+                goto error;
+            break;
+        case SSH_KEYTYPE_DSS:
+            rc = pki_key_generate_dss(key, parameter);
+            if(rc == SSH_ERROR)
+                goto error;
+            break;
+        case SSH_KEYTYPE_ECDSA:
+        case SSH_KEYTYPE_UNKNOWN:
+            goto error;
+    }
+    key->type = type;
+    key->type_c = ssh_key_type_to_char(type);
+    key->flags = SSH_KEY_FLAG_PRIVATE | SSH_KEY_FLAG_PUBLIC;
+    *pkey = key;
+    return SSH_OK;
+error:
+    ssh_key_free(key);
+    return SSH_ERROR;
+}
+
+/**
  * @brief Create a public key from a private key.
  *
  * @param[in]  privkey  The private key to get the public key from.
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 130b5e5b..850ea668 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -244,6 +244,29 @@ fail:
     return NULL;
 }
 
+int pki_key_generate_rsa(ssh_key key, int parameter){
+    key->rsa = RSA_generate_key(parameter, 65537, NULL, NULL);
+    if(key->rsa == NULL)
+        return SSH_ERROR;
+    return SSH_OK;
+}
+
+int pki_key_generate_dss(ssh_key key, int parameter){
+    int rc;
+    key->dsa = DSA_generate_parameters(parameter, NULL, 0, NULL, NULL,
+            NULL, NULL);
+    if(key->dsa == NULL){
+        return SSH_ERROR;
+    }
+    rc = DSA_generate_key(key->dsa);
+    if (rc != 1){
+        DSA_free(key->dsa);
+        key->dsa=NULL;
+        return SSH_ERROR;
+    }
+    return SSH_OK;
+}
+
 ssh_key pki_private_key_from_base64(const char *b64_key,
                                     const char *passphrase,
                                     ssh_auth_callback auth_fn,
diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c
index 6f3cd957..2bb99d24 100644
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -966,6 +966,33 @@ fail:
     return NULL;
 }
 
+static int pki_key_generate(ssh_key key, int parameter, const char *type_s, int type){
+    gcry_sexp_t parms;
+    int rc;
+    rc = gcry_sexp_build(&parms,
+            NULL,
+            "(genkey(%s(nbits %d)(transient-key)))",
+            type_s,
+            parameter);
+    if (rc != 0)
+        return SSH_ERROR;
+    if(type == SSH_KEYTYPE_RSA)
+        rc = gcry_pk_genkey(&key->rsa, parms);
+    else
+        rc = gcry_pk_genkey(&key->dsa, parms);
+    gcry_sexp_release(parms);
+    if (rc != 0)
+        return SSH_ERROR;
+    return SSH_OK;
+}
+
+int pki_key_generate_rsa(ssh_key key, int parameter){
+    return pki_key_generate(key, parameter, "rsa", SSH_KEYTYPE_RSA);
+}
+int pki_key_generate_dss(ssh_key key, int parameter){
+    return pki_key_generate(key, parameter, "dsa", SSH_KEYTYPE_DSS);
+}
+
 ssh_string pki_publickey_to_blob(const ssh_key key)
 {
     ssh_buffer buffer;