openwrt/package/network/services/dropbear/files/dropbear.failsafe

#!/bin/sh

_dropbear()
{
	/usr/sbin/dropbear "$@" </dev/null >/dev/null 2>&1
}

_dropbearkey()
{
	/usr/bin/dropbearkey "$@" </dev/null >/dev/null 2>&1
}

_ensurekey()
{
	_dropbearkey -y -f "$1" && return
	rm -f "$1"
	_dropbearkey -f "$@" || {
		rm -f "$1"
		return 1
	}
}

ktype_all='ed25519 ecdsa rsa'

failsafe_dropbear () {
	local kargs kcount ktype tkey

	kargs=
	kcount=0
	for ktype in ${ktype_all} ; do
		tkey="/tmp/dropbear_failsafe_${ktype}_host_key"

		case "${ktype}" in
		ed25519) _ensurekey "${tkey}" -t ed25519 ;;
		ecdsa)   _ensurekey "${tkey}" -t ecdsa -s 256 ;;
		rsa)     _ensurekey "${tkey}" -t rsa   -s 1024 ;;
		*)
			echo "unknown key type: ${ktype}" >&2
			continue
		;;
		esac

		[ -s "${tkey}" ] || {
			rm -f "${tkey}"
			continue
		}

		chmod 0400 "${tkey}"
		kargs="${kargs}${kargs:+ }-r ${tkey}"
		kcount=$((kcount+1))
	done

	[ "${kcount}" != 0 ] || {
		echo 'DROPBEAR IS BROKEN' >&2
		return 1
	}

	_dropbear ${kargs}
}

boot_hook_add failsafe failsafe_dropbear