dropbear: failsafe: handle all supported key types

dropbear may be configured and compiled with support for different host key types

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>

1 files changed, 55 insertions, 3 deletions

diff --git a/package/network/services/dropbear/files/dropbear.failsafe b/package/network/services/dropbear/files/dropbear.failsafe
index 97bd12d58a..417265babe 100755
--- a/package/network/services/dropbear/files/dropbear.failsafe
+++ b/package/network/services/dropbear/files/dropbear.failsafe
@@ -1,9 +1,61 @@
 #!/bin/sh
 
+_dropbear()
+{
+	/usr/sbin/dropbear "$@" </dev/null >/dev/null 2>&1
+}
+
+_dropbearkey()
+{
+	/usr/bin/dropbearkey "$@" </dev/null >/dev/null 2>&1
+}
+
+_ensurekey()
+{
+	_dropbearkey -y -f "$1" && return
+	rm -f "$1"
+	_dropbearkey -f "$@" || {
+		rm -f "$1"
+		return 1
+	}
+}
+
+ktype_all='ed25519 ecdsa rsa'
+
 failsafe_dropbear () {
-	dropbearkey -t rsa -s 1024 -f /tmp/dropbear_rsa_failsafe_host_key
-	dropbearkey -t ed25519 -f /tmp/dropbear_ed25519_failsafe_host_key
-	dropbear -r /tmp/dropbear_rsa_failsafe_host_key -r /tmp/dropbear_ed25519_failsafe_host_key <> /dev/null 2>&1
+	local kargs kcount ktype tkey
+
+	kargs=
+	kcount=0
+	for ktype in ${ktype_all} ; do
+		tkey="/tmp/dropbear_failsafe_${ktype}_host_key"
+
+		case "${ktype}" in
+		ed25519) _ensurekey "${tkey}" -t ed25519 ;;
+		ecdsa)   _ensurekey "${tkey}" -t ecdsa -s 256 ;;
+		rsa)     _ensurekey "${tkey}" -t rsa   -s 1024 ;;
+		*)
+			echo "unknown key type: ${ktype}" >&2
+			continue
+		;;
+		esac
+
+		[ -s "${tkey}" ] || {
+			rm -f "${tkey}"
+			continue
+		}
+
+		chmod 0400 "${tkey}"
+		kargs="${kargs}${kargs:+ }-r ${tkey}"
+		kcount=$((kcount+1))
+	done
+
+	[ "${kcount}" != 0 ] || {
+		echo 'DROPBEAR IS BROKEN' >&2
+		return 1
+	}
+
+	_dropbear ${kargs}
 }
 
 boot_hook_add failsafe failsafe_dropbear