dropbear: signkey.c annotate

annotate signkey.c @ 1930:299f4f19ba19

Add /usr/sbin and /sbin to default root PATH When dropbear is used in a very restricted environment (such as in a initrd), the default user shell is often also very restricted and doesn't take care of setting the PATH so the user ends up with the PATH set by dropbear. Unfortunately, dropbear always sets "/usr/bin:/bin" as default PATH even for the root user which should have /usr/sbin and /sbin too. For a concrete instance of this problem, see the "Remote Unlocking" section in this tutorial: https://paxswill.com/blog/2013/11/04/encrypted-raspberry-pi/ It speaks of a bug in the initramfs script because it's written "blkid" instead of "/sbin/blkid"... this is just because the scripts from the initramfs do not expect to have a PATH without the sbin directories and because dropbear is not setting the PATH appropriately for the root user. I'm thus suggesting to use the attached patch to fix this misbehaviour (I did not test it, but it's easy enough). It might seem anecdotic but multiple Kali users have been bitten by this. From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903403

author	Raphael Hertzog <hertzog@debian.org>
date	Mon, 09 Jul 2018 16:27:53 +0200
parents	3f4cdf839a1a
children

rev	line source
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 * Dropbear - a SSH2 server
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 * Copyright (c) 2002,2003 Matt Johnston
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5 * All rights reserved.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7 * Permission is hereby granted, free of charge, to any person obtaining a copy
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 * of this software and associated documentation files (the "Software"), to deal
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 * in the Software without restriction, including without limitation the rights
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 * copies of the Software, and to permit persons to whom the Software is
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12 * furnished to do so, subject to the following conditions:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 * The above copyright notice and this permission notice shall be included in
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 * all copies or substantial portions of the Software.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 * SOFTWARE. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25 #include "includes.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26 #include "dbutil.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 #include "signkey.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28 #include "buffer.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29 #include "ssh.h"
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	30 #include "ecdsa.h"
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	31 #include "sk-ecdsa.h"
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	32 #include "sk-ed25519.h"
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	33 #include "rsa.h"
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	34 #include "dss.h"
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	35 #include "ed25519.h"
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	36
1273 139935236c72 const variables Francois Perrad <francois.perrad@gadz.org> parents: 1249 diff changeset	37 static const char * const signkey_names[DROPBEAR_SIGNKEY_NUM_NAMED] = {
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	38 #if DROPBEAR_RSA
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	39 "ssh-rsa",
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	40 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	41 #if DROPBEAR_DSS
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	42 "ssh-dss",
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	43 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	44 #if DROPBEAR_ECDSA
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	45 "ecdsa-sha2-nistp256",
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	46 "ecdsa-sha2-nistp384",
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	47 "ecdsa-sha2-nistp521",
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	48 #if DROPBEAR_SK_ECDSA
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	49 "[email protected]",
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	50 #endif /* DROPBEAR_SK_ECDSA */
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 855 diff changeset	51 #endif /* DROPBEAR_ECDSA */
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	52 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	53 "ssh-ed25519",
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	54 #if DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	55 "[email protected]",
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	56 #endif /* DROPBEAR_SK_ED25519 */
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	57 #endif /* DROPBEAR_ED25519 */
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	58 /* "rsa-sha2-256" is special-cased below since it is only a signature name, not key type */
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	59 };
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	60
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	61 /* malloc a new sign_key and set the dss and rsa keys to NULL */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	62 sign_key * new_sign_key() {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	63
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	64 sign_key * ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	65
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	66 ret = (sign_key*)m_malloc(sizeof(sign_key));
551 c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	67 ret->type = DROPBEAR_SIGNKEY_NONE;
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	68 ret->source = SIGNKEY_SOURCE_INVALID;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	69 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	70 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	71
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	72 /* Returns key name corresponding to the type. Exits fatally
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	73 * if the type is invalid */
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	74 const char* signkey_name_from_type(enum signkey_type type, unsigned int *namelen) {
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	75 if (type >= DROPBEAR_SIGNKEY_NUM_NAMED) {
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	76 dropbear_exit("Bad key type %d", type);
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	77 }
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	78
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	79 if (namelen) {
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	80 *namelen = strlen(signkey_names[type]);
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	81 }
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	82 return signkey_names[type];
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	83 }
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	84
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	85 /* Returns DROPBEAR_SIGNKEY_NONE if none match */
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	86 enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen) {
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	87 int i;
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	88 for (i = 0; i < DROPBEAR_SIGNKEY_NUM_NAMED; i++) {
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	89 const char *fixed_name = signkey_names[i];
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	90 if (namelen == strlen(fixed_name)
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	91 && memcmp(fixed_name, name, namelen) == 0) {
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	92
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	93 #if DROPBEAR_ECDSA
795 7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	94 /* Some of the ECDSA key sizes are defined even if they're not compiled in */
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	95 if (0
1499 2d450c1056e3 options: Complete the transition to numeric toggles (`#if') Michael Witten <mfwitten@gmail.com> parents: 1459 diff changeset	96 #if !DROPBEAR_ECC_256
795 7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	97 \|\| i == DROPBEAR_SIGNKEY_ECDSA_NISTP256
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	98 #endif
1499 2d450c1056e3 options: Complete the transition to numeric toggles (`#if') Michael Witten <mfwitten@gmail.com> parents: 1459 diff changeset	99 #if !DROPBEAR_ECC_384
795 7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	100 \|\| i == DROPBEAR_SIGNKEY_ECDSA_NISTP384
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	101 #endif
1499 2d450c1056e3 options: Complete the transition to numeric toggles (`#if') Michael Witten <mfwitten@gmail.com> parents: 1459 diff changeset	102 #if !DROPBEAR_ECC_521
795 7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	103 \|\| i == DROPBEAR_SIGNKEY_ECDSA_NISTP521
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	104 #endif
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	105 ) {
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	106 TRACE(("attempt to use ecdsa type %d not compiled in", i))
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	107 return DROPBEAR_SIGNKEY_NONE;
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	108 }
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	109 #endif
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	110
1255 55d485943eb0 cast return type to enum Matt Johnston <matt@ucc.asn.au> parents: 1249 diff changeset	111 return (enum signkey_type)i;
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	112 }
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	113 }
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	114
551 c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	115 TRACE(("signkey_type_from_name unexpected key type."))
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	116
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	117 return DROPBEAR_SIGNKEY_NONE;
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	118 }
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	119
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	120 /* Special case for rsa-sha2-256. This could be generalised if more
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	121 signature names are added that aren't 1-1 with public key names */
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	122 const char* signature_name_from_type(enum signature_type type, unsigned int *namelen) {
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	123 #if DROPBEAR_RSA_SHA256
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	124 if (type == DROPBEAR_SIGNATURE_RSA_SHA256) {
1676 d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	125 if (namelen) {
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	126 *namelen = strlen(SSH_SIGNATURE_RSA_SHA256);
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	127 }
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	128 return SSH_SIGNATURE_RSA_SHA256;
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	129 }
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	130 #endif
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	131 #if DROPBEAR_RSA_SHA1
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	132 if (type == DROPBEAR_SIGNATURE_RSA_SHA1) {
1676 d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	133 if (namelen) {
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	134 *namelen = strlen(SSH_SIGNKEY_RSA);
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	135 }
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	136 return SSH_SIGNKEY_RSA;
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	137 }
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	138 #endif
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	139 return signkey_name_from_type((enum signkey_type)type, namelen);
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	140 }
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	141
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	142 /* Returns DROPBEAR_SIGNATURE_NONE if none match */
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	143 enum signature_type signature_type_from_name(const char* name, unsigned int namelen) {
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	144 #if DROPBEAR_RSA_SHA256
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	145 if (namelen == strlen(SSH_SIGNATURE_RSA_SHA256)
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	146 && memcmp(name, SSH_SIGNATURE_RSA_SHA256, namelen) == 0) {
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	147 return DROPBEAR_SIGNATURE_RSA_SHA256;
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	148 }
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	149 #endif
1681 435cfb9ec96e send and handle SSH_MSG_EXT_INFO only at the correct point Matt Johnston <matt@ucc.asn.au> parents: 1676 diff changeset	150 #if DROPBEAR_RSA_SHA1
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	151 if (namelen == strlen(SSH_SIGNKEY_RSA)
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	152 && memcmp(name, SSH_SIGNKEY_RSA, namelen) == 0) {
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	153 return DROPBEAR_SIGNATURE_RSA_SHA1;
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	154 }
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	155 #endif
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	156 return (enum signature_type)signkey_type_from_name(name, namelen);
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	157 }
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	158
1676 d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	159 /* Returns the signature type from a key type. Must not be called
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	160 with RSA keytype */
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	161 enum signature_type signature_type_from_signkey(enum signkey_type keytype) {
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	162 #if DROPBEAR_RSA
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	163 assert(keytype != DROPBEAR_SIGNKEY_RSA);
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	164 #endif
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	165 assert(keytype < DROPBEAR_SIGNKEY_NUM_NAMED);
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	166 return (enum signature_type)keytype;
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	167 }
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	168
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	169 enum signkey_type signkey_type_from_signature(enum signature_type sigtype) {
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	170 #if DROPBEAR_RSA_SHA256
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	171 if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA256) {
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	172 return DROPBEAR_SIGNKEY_RSA;
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	173 }
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	174 #endif
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	175 #if DROPBEAR_RSA_SHA1
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	176 if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA1) {
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	177 return DROPBEAR_SIGNKEY_RSA;
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	178 }
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	179 #endif
1684 d5d25ce2a2ed cast to fix warning Matt Johnston <matt@ucc.asn.au> parents: 1681 diff changeset	180 assert((int)sigtype < (int)DROPBEAR_SIGNKEY_NUM_NAMED);
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	181 return (enum signkey_type)sigtype;
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	182 }
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	183
1423 c1c3d5943bfc Fix null pointer dereference found by libfuzzer Matt Johnston <matt@ucc.asn.au> parents: 1409 diff changeset	184 /* Returns a pointer to the key part specific to "type".
c1c3d5943bfc Fix null pointer dereference found by libfuzzer Matt Johnston <matt@ucc.asn.au> parents: 1409 diff changeset	185 Be sure to check both (ret != NULL) and (ret != NULL) /
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	186 void **
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	187 signkey_key_ptr(sign_key *key, enum signkey_type type) {
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	188 switch (type) {
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	189 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	190 case DROPBEAR_SIGNKEY_ED25519:
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	191 #if DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	192 case DROPBEAR_SIGNKEY_SK_ED25519:
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	193 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	194 return (void**)&key->ed25519key;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	195 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	196 #if DROPBEAR_ECDSA
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	197 #if DROPBEAR_ECC_256
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	198 case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	199 #if DROPBEAR_SK_ECDSA
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	200 case DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256:
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	201 #endif
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	202 return (void**)&key->ecckey256;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	203 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	204 #if DROPBEAR_ECC_384
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	205 case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	206 return (void**)&key->ecckey384;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	207 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	208 #if DROPBEAR_ECC_521
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	209 case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	210 return (void**)&key->ecckey521;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	211 #endif
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 864 diff changeset	212 #endif /* DROPBEAR_ECDSA */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	213 #if DROPBEAR_RSA
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	214 case DROPBEAR_SIGNKEY_RSA:
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	215 return (void**)&key->rsakey;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	216 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	217 #if DROPBEAR_DSS
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	218 case DROPBEAR_SIGNKEY_DSS:
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	219 return (void**)&key->dsskey;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	220 #endif
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	221 default:
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	222 return NULL;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	223 }
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	224 }
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	225
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	226 /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail.
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	227 * type should be set by the caller to specify the type to read, and
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	228 * on return is set to the type read (useful when type = _ANY) */
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	229 int buf_get_pub_key(buffer buf, sign_key key, enum signkey_type *type) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	230
1094 c45d65392c1a Fix pointer differ in signess warnings [-Werror=pointer-sign] Gaël PORTAY <gael.portay@gmail.com> parents: 1058 diff changeset	231 char *ident;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	232 unsigned int len;
1032 0da8ba489c23 Move generic network routines to netio.c Matt Johnston <matt@ucc.asn.au> parents: 935 diff changeset	233 enum signkey_type keytype;
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	234 int ret = DROPBEAR_FAILURE;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	235
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	236 TRACE2(("enter buf_get_pub_key"))
34 e2a1eaa19f22 Client mostly works up to password auth Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	237
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1094 diff changeset	238 ident = buf_getstring(buf, &len);
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	239 keytype = signkey_type_from_name(ident, len);
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	240 m_free(ident);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	241
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	242 if (type != DROPBEAR_SIGNKEY_ANY && type != keytype) {
651 a48a1f6ab43e - Fix some format strings in TRACE()s Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	243 TRACE(("buf_get_pub_key bad type - got %d, expected %d", keytype, *type))
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	244 return DROPBEAR_FAILURE;
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	245 }
551 c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	246
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	247 TRACE2(("buf_get_pub_key keytype is %d", keytype))
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	248
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	249 *type = keytype;
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	250
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	251 /* Rewind the buffer back before "ssh-rsa" etc */
1754 064f5be2fc45 Add buf_decrpos() Matt Johnston <matt@ucc.asn.au> parents: 1684 diff changeset	252 buf_decrpos(buf, len + 4);
34 e2a1eaa19f22 Client mostly works up to password auth Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	253
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	254 #if DROPBEAR_DSS
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	255 if (keytype == DROPBEAR_SIGNKEY_DSS) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	256 dss_key_free(key->dsskey);
586 b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so Matt Johnston <matt@ucc.asn.au> parents: 560 diff changeset	257 key->dsskey = m_malloc(sizeof(*key->dsskey));
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	258 ret = buf_get_dss_pub_key(buf, key->dsskey);
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	259 if (ret == DROPBEAR_FAILURE) {
1409 c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	260 dss_key_free(key->dsskey);
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	261 key->dsskey = NULL;
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	262 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	263 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	264 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	265 #if DROPBEAR_RSA
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	266 if (keytype == DROPBEAR_SIGNKEY_RSA) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	267 rsa_key_free(key->rsakey);
586 b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so Matt Johnston <matt@ucc.asn.au> parents: 560 diff changeset	268 key->rsakey = m_malloc(sizeof(*key->rsakey));
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	269 ret = buf_get_rsa_pub_key(buf, key->rsakey);
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	270 if (ret == DROPBEAR_FAILURE) {
1409 c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	271 rsa_key_free(key->rsakey);
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	272 key->rsakey = NULL;
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	273 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	274 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	275 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	276 #if DROPBEAR_ECDSA
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	277 if (signkey_is_ecdsa(keytype)
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	278 #if DROPBEAR_SK_ECDSA
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	279 \|\| keytype == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	280 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	281 ) {
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	282 ecc_key eck = (ecc_key)signkey_key_ptr(key, keytype);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	283 if (eck) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	284 if (*eck) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	285 ecc_free(*eck);
1058 063c38ea622b Fix some memory leaks in ecc code Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	286 m_free(*eck);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	287 *eck = NULL;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	288 }
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	289 *eck = buf_get_ecdsa_pub_key(buf);
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	290 if (*eck) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	291 ret = DROPBEAR_SUCCESS;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	292 }
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	293 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	294 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	295 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	296 #if DROPBEAR_ED25519
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	297 if (keytype == DROPBEAR_SIGNKEY_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	298 #if DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	299 \|\| keytype == DROPBEAR_SIGNKEY_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	300 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	301 ) {
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	302 ed25519_key_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	303 key->ed25519key = m_malloc(sizeof(*key->ed25519key));
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	304 ret = buf_get_ed25519_pub_key(buf, key->ed25519key, keytype);
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	305 if (ret == DROPBEAR_FAILURE) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	306 m_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	307 key->ed25519key = NULL;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	308 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	309 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	310 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	311
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	312 #if DROPBEAR_SK_ECDSA \|\| DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	313 if (0
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	314 #if DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	315 \|\| keytype == DROPBEAR_SIGNKEY_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	316 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	317 #if DROPBEAR_SK_ECDSA
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	318 \|\| keytype == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	319 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	320 ) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	321 key->sk_app = buf_getstring(buf, &key->sk_applen);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	322 }
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	323 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	324
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	325 TRACE2(("leave buf_get_pub_key"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	326
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	327 return ret;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	328 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	329
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	330 /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail.
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	331 * type should be set by the caller to specify the type to read, and
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	332 * on return is set to the type read (useful when type = _ANY) */
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	333 int buf_get_priv_key(buffer buf, sign_key key, enum signkey_type *type) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	334
1094 c45d65392c1a Fix pointer differ in signess warnings [-Werror=pointer-sign] Gaël PORTAY <gael.portay@gmail.com> parents: 1058 diff changeset	335 char *ident;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	336 unsigned int len;
1032 0da8ba489c23 Move generic network routines to netio.c Matt Johnston <matt@ucc.asn.au> parents: 935 diff changeset	337 enum signkey_type keytype;
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	338 int ret = DROPBEAR_FAILURE;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	339
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	340 TRACE2(("enter buf_get_priv_key"))
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	341
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1094 diff changeset	342 ident = buf_getstring(buf, &len);
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	343 keytype = signkey_type_from_name(ident, len);
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	344 m_free(ident);
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	345
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	346 if (type != DROPBEAR_SIGNKEY_ANY && type != keytype) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	347 TRACE(("wrong key type: %d %d", *type, keytype))
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	348 return DROPBEAR_FAILURE;
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	349 }
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	350
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	351 *type = keytype;
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	352
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	353 /* Rewind the buffer back before "ssh-rsa" etc */
1754 064f5be2fc45 Add buf_decrpos() Matt Johnston <matt@ucc.asn.au> parents: 1684 diff changeset	354 buf_decrpos(buf, len + 4);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	355
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	356 #if DROPBEAR_DSS
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	357 if (keytype == DROPBEAR_SIGNKEY_DSS) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	358 dss_key_free(key->dsskey);
586 b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so Matt Johnston <matt@ucc.asn.au> parents: 560 diff changeset	359 key->dsskey = m_malloc(sizeof(*key->dsskey));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	360 ret = buf_get_dss_priv_key(buf, key->dsskey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	361 if (ret == DROPBEAR_FAILURE) {
1409 c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	362 dss_key_free(key->dsskey);
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	363 key->dsskey = NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	364 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	365 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	366 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	367 #if DROPBEAR_RSA
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	368 if (keytype == DROPBEAR_SIGNKEY_RSA) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	369 rsa_key_free(key->rsakey);
586 b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so Matt Johnston <matt@ucc.asn.au> parents: 560 diff changeset	370 key->rsakey = m_malloc(sizeof(*key->rsakey));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	371 ret = buf_get_rsa_priv_key(buf, key->rsakey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	372 if (ret == DROPBEAR_FAILURE) {
1409 c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	373 rsa_key_free(key->rsakey);
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	374 key->rsakey = NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	375 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	376 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	377 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	378 #if DROPBEAR_ECDSA
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 841 diff changeset	379 if (signkey_is_ecdsa(keytype)) {
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	380 ecc_key eck = (ecc_key)signkey_key_ptr(key, keytype);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	381 if (eck) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	382 if (*eck) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	383 ecc_free(*eck);
1058 063c38ea622b Fix some memory leaks in ecc code Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	384 m_free(*eck);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	385 *eck = NULL;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	386 }
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	387 *eck = buf_get_ecdsa_priv_key(buf);
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	388 if (*eck) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	389 ret = DROPBEAR_SUCCESS;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	390 }
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	391 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	392 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	393 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	394 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	395 if (keytype == DROPBEAR_SIGNKEY_ED25519) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	396 ed25519_key_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	397 key->ed25519key = m_malloc(sizeof(*key->ed25519key));
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	398 ret = buf_get_ed25519_priv_key(buf, key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	399 if (ret == DROPBEAR_FAILURE) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	400 m_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	401 key->ed25519key = NULL;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	402 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	403 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	404 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	405
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	406 TRACE2(("leave buf_get_priv_key"))
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	407
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	408 return ret;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	409
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	410 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	411
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	412 /* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	413 void buf_put_pub_key(buffer* buf, sign_key *key, enum signkey_type type) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	414
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	415 buffer *pubkeys;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	416
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	417 TRACE2(("enter buf_put_pub_key"))
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 51 diff changeset	418 pubkeys = buf_new(MAX_PUBKEY_SIZE);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	419
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	420 #if DROPBEAR_DSS
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	421 if (type == DROPBEAR_SIGNKEY_DSS) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	422 buf_put_dss_pub_key(pubkeys, key->dsskey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	423 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	424 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	425 #if DROPBEAR_RSA
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	426 if (type == DROPBEAR_SIGNKEY_RSA) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	427 buf_put_rsa_pub_key(pubkeys, key->rsakey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	428 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	429 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	430 #if DROPBEAR_ECDSA
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 841 diff changeset	431 if (signkey_is_ecdsa(type)) {
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	432 ecc_key eck = (ecc_key)signkey_key_ptr(key, type);
1423 c1c3d5943bfc Fix null pointer dereference found by libfuzzer Matt Johnston <matt@ucc.asn.au> parents: 1409 diff changeset	433 if (eck && *eck) {
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	434 buf_put_ecdsa_pub_key(pubkeys, *eck);
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	435 }
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	436 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	437 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	438 #if DROPBEAR_ED25519
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	439 if (type == DROPBEAR_SIGNKEY_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	440 #if DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	441 \|\| type == DROPBEAR_SIGNKEY_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	442 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	443 ) {
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	444 buf_put_ed25519_pub_key(pubkeys, key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	445 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	446 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	447 if (pubkeys->len == 0) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	448 dropbear_exit("Bad key types in buf_put_pub_key");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	449 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	450
760 f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	451 buf_putbufstring(buf, pubkeys);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	452 buf_free(pubkeys);
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	453 TRACE2(("leave buf_put_pub_key"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	454 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	455
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	456 /* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	457 void buf_put_priv_key(buffer* buf, sign_key *key, enum signkey_type type) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	458
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	459 TRACE(("enter buf_put_priv_key"))
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	460 TRACE(("type is %d", type))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	461
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	462 #if DROPBEAR_DSS
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	463 if (type == DROPBEAR_SIGNKEY_DSS) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	464 buf_put_dss_priv_key(buf, key->dsskey);
1249 c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1122 diff changeset	465 TRACE(("leave buf_put_priv_key: dss done"))
c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1122 diff changeset	466 return;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	467 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	468 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	469 #if DROPBEAR_RSA
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	470 if (type == DROPBEAR_SIGNKEY_RSA) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	471 buf_put_rsa_priv_key(buf, key->rsakey);
1249 c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1122 diff changeset	472 TRACE(("leave buf_put_priv_key: rsa done"))
c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1122 diff changeset	473 return;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	474 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	475 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	476 #if DROPBEAR_ECDSA
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 841 diff changeset	477 if (signkey_is_ecdsa(type)) {
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	478 ecc_key eck = (ecc_key)signkey_key_ptr(key, type);
1423 c1c3d5943bfc Fix null pointer dereference found by libfuzzer Matt Johnston <matt@ucc.asn.au> parents: 1409 diff changeset	479 if (eck && *eck) {
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	480 buf_put_ecdsa_priv_key(buf, *eck);
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	481 TRACE(("leave buf_put_priv_key: ecdsa done"))
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	482 return;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	483 }
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	484 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	485 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	486 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	487 if (type == DROPBEAR_SIGNKEY_ED25519) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	488 buf_put_ed25519_priv_key(buf, key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	489 TRACE(("leave buf_put_priv_key: ed25519 done"))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	490 return;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	491 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	492 #endif
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	493 dropbear_exit("Bad key types in put pub key");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	494 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	495
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	496 void sign_key_free(sign_key *key) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	497
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	498 TRACE2(("enter sign_key_free"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	499
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	500 #if DROPBEAR_DSS
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	501 dss_key_free(key->dsskey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	502 key->dsskey = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	503 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	504 #if DROPBEAR_RSA
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	505 rsa_key_free(key->rsakey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	506 key->rsakey = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	507 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	508 #if DROPBEAR_ECDSA
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	509 #if DROPBEAR_ECC_256
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	510 if (key->ecckey256) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	511 ecc_free(key->ecckey256);
1058 063c38ea622b Fix some memory leaks in ecc code Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	512 m_free(key->ecckey256);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	513 key->ecckey256 = NULL;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	514 }
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	515 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	516 #if DROPBEAR_ECC_384
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	517 if (key->ecckey384) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	518 ecc_free(key->ecckey384);
1058 063c38ea622b Fix some memory leaks in ecc code Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	519 m_free(key->ecckey384);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	520 key->ecckey384 = NULL;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	521 }
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	522 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	523 #if DROPBEAR_ECC_521
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	524 if (key->ecckey521) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	525 ecc_free(key->ecckey521);
1058 063c38ea622b Fix some memory leaks in ecc code Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	526 m_free(key->ecckey521);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	527 key->ecckey521 = NULL;
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	528 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	529 #endif
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	530 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	531 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	532 ed25519_key_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	533 key->ed25519key = NULL;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	534 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	535
551 c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	536 m_free(key->filename);
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	537 #if DROPBEAR_SK_ECDSA \|\| DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	538 if (key->sk_app) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	539 m_free(key->sk_app);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	540 }
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	541 #endif
551 c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	542
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	543 m_free(key);
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	544 TRACE2(("leave sign_key_free"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	545 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	546
1916 3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	547 static char * sign_key_sha256_fingerprint(const unsigned char* keyblob,
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	548 unsigned int keybloblen) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	549
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	550 char * ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	551 hash_state hs;
1916 3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	552 unsigned char hash[SHA256_HASH_SIZE];
3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	553 unsigned int b64chars, start;
3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	554 unsigned long b64size;
3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	555 const char *prefix = "SHA256:";
3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	556 int err;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	557
1916 3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	558 sha256_init(&hs);
3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	559 sha256_process(&hs, keyblob, keybloblen);
3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	560 sha256_done(&hs, hash);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	561
1916 3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	562 /* eg "SHA256:P9szN0L2ls6KxkVv7Bppv3asnZCn03rY7Msm/c8+ZgA"
3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	563 * 256/6 = 42.66 => 43 base64 chars. OpenSSH discards
3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	564 * base64 padding output. */
3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	565 start = strlen(prefix);
3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	566 b64chars = 43;
3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	567 /* space for discarded b64 padding and null terminator */
3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	568 b64size = b64chars + 4;
3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	569 ret = m_malloc(start + b64size);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	570
1916 3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	571 memcpy(ret, prefix, start);
3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	572 err = base64_encode(hash, SHA256_HASH_SIZE, &ret[start], &b64size);
3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	573 if (err != CRYPT_OK) {
3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	574 dropbear_exit("base64 failed");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	575 }
1916 3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	576 ret[start + b64chars] = '\0';
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	577 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	578 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	579
1916 3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	580 /* This will return a freshly malloced string */
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1424 diff changeset	581 char * sign_key_fingerprint(const unsigned char* keyblob, unsigned int keybloblen) {
1916 3f4cdf839a1a Make SHA1 optional, implement SHA256 fingerprints Matt Johnston <matt@ucc.asn.au> parents: 1855 diff changeset	582 return sign_key_sha256_fingerprint(keyblob, keybloblen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	583 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	584
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	585 void buf_put_sign(buffer* buf, sign_key *key, enum signature_type sigtype,
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1424 diff changeset	586 const buffer *data_buf) {
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	587 buffer *sigblob = buf_new(MAX_PUBKEY_SIZE);
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	588 enum signkey_type keytype = signkey_type_from_signature(sigtype);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	589
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	590 #if DEBUG_TRACE
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	591 {
1676 d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	592 const char* signame = signature_name_from_type(sigtype, NULL);
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	593 TRACE(("buf_put_sign type %d %s", sigtype, signame));
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	594 }
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	595 #endif
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	596
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	597
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	598 #if DROPBEAR_DSS
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	599 if (keytype == DROPBEAR_SIGNKEY_DSS) {
760 f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	600 buf_put_dss_sign(sigblob, key->dsskey, data_buf);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	601 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	602 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	603 #if DROPBEAR_RSA
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	604 if (keytype == DROPBEAR_SIGNKEY_RSA) {
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	605 buf_put_rsa_sign(sigblob, key->rsakey, sigtype, data_buf);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	606 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	607 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	608 #if DROPBEAR_ECDSA
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	609 if (signkey_is_ecdsa(keytype)) {
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	610 ecc_key eck = (ecc_key)signkey_key_ptr(key, keytype);
1423 c1c3d5943bfc Fix null pointer dereference found by libfuzzer Matt Johnston <matt@ucc.asn.au> parents: 1409 diff changeset	611 if (eck && *eck) {
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	612 buf_put_ecdsa_sign(sigblob, *eck, data_buf);
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	613 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	614 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	615 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	616 #if DROPBEAR_ED25519
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	617 if (keytype == DROPBEAR_SIGNKEY_ED25519) {
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	618 buf_put_ed25519_sign(sigblob, key->ed25519key, data_buf);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	619 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	620 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	621 if (sigblob->len == 0) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	622 dropbear_exit("Non-matching signing type");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	623 }
760 f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	624 buf_putbufstring(buf, sigblob);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	625 buf_free(sigblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	626
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	627 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	628
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	629 #if DROPBEAR_SIGNKEY_VERIFY
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	630
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	631 /* Return DROPBEAR_SUCCESS or DROPBEAR_FAILURE.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	632 * If FAILURE is returned, the position of
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	633 * buf is undefined. If SUCCESS is returned, buf will be positioned after the
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	634 * signature blob */
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	635 int buf_verify(buffer * buf, sign_key key, enum signature_type expect_sigtype, const buffer data_buf) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	636
1094 c45d65392c1a Fix pointer differ in signess warnings [-Werror=pointer-sign] Gaël PORTAY <gael.portay@gmail.com> parents: 1058 diff changeset	637 char *type_name = NULL;
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	638 unsigned int type_name_len = 0;
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	639 enum signature_type sigtype;
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	640 enum signkey_type keytype;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	641
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	642 TRACE(("enter buf_verify"))
34 e2a1eaa19f22 Client mostly works up to password auth Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	643
864 30ab30e46452 Fix some warnings Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	644 buf_getint(buf); /* blob length */
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1094 diff changeset	645 type_name = buf_getstring(buf, &type_name_len);
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	646 sigtype = signature_type_from_name(type_name, type_name_len);
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	647 m_free(type_name);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	648
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	649 if (expect_sigtype != sigtype) {
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	650 dropbear_exit("Non-matching signing type");
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	651 }
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	652
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	653 keytype = signkey_type_from_signature(sigtype);
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	654 #if DROPBEAR_DSS
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	655 if (keytype == DROPBEAR_SIGNKEY_DSS) {
244 eb7b9f2bb8e8 - add explicit check that correct keytype exists for pubkey verification Matt Johnston <matt@ucc.asn.au> parents: 214 diff changeset	656 if (key->dsskey == NULL) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	657 dropbear_exit("No DSS key to verify signature");
244 eb7b9f2bb8e8 - add explicit check that correct keytype exists for pubkey verification Matt Johnston <matt@ucc.asn.au> parents: 214 diff changeset	658 }
760 f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	659 return buf_dss_verify(buf, key->dsskey, data_buf);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	660 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	661 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	662
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	663 #if DROPBEAR_RSA
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	664 if (keytype == DROPBEAR_SIGNKEY_RSA) {
244 eb7b9f2bb8e8 - add explicit check that correct keytype exists for pubkey verification Matt Johnston <matt@ucc.asn.au> parents: 214 diff changeset	665 if (key->rsakey == NULL) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	666 dropbear_exit("No RSA key to verify signature");
244 eb7b9f2bb8e8 - add explicit check that correct keytype exists for pubkey verification Matt Johnston <matt@ucc.asn.au> parents: 214 diff changeset	667 }
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	668 return buf_rsa_verify(buf, key->rsakey, sigtype, data_buf);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	669 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	670 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	671 #if DROPBEAR_ECDSA
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	672 if (signkey_is_ecdsa(keytype)) {
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	673 ecc_key eck = (ecc_key)signkey_key_ptr(key, keytype);
1424 8a4b8f026de6 fix null pointer crash Matt Johnston <matt@ucc.asn.au> parents: 1423 diff changeset	674 if (eck && *eck) {
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	675 return buf_ecdsa_verify(buf, *eck, data_buf);
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	676 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	677 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	678 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	679 #if DROPBEAR_ED25519
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	680 if (keytype == DROPBEAR_SIGNKEY_ED25519) {
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	681 if (key->ed25519key == NULL) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	682 dropbear_exit("No Ed25519 key to verify signature");
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	683 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	684 return buf_ed25519_verify(buf, key->ed25519key, data_buf);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	685 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	686 #endif
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	687 #if DROPBEAR_SK_ECDSA
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	688 if (keytype == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	689 ecc_key eck = (ecc_key)signkey_key_ptr(key, keytype);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	690 if (eck && *eck) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	691 return buf_sk_ecdsa_verify(buf, *eck, data_buf, key->sk_app, key->sk_applen);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	692 }
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	693 }
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	694 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	695 #if DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	696 if (keytype == DROPBEAR_SIGNKEY_SK_ED25519) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	697 dropbear_ed25519_key eck = (dropbear_ed25519_key)signkey_key_ptr(key, keytype);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	698 if (eck && *eck) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	699 return buf_sk_ed25519_verify(buf, *eck, data_buf, key->sk_app, key->sk_applen);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	700 }
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	701 }
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	702 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	703
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	704 dropbear_exit("Non-matching signing type");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	705 return DROPBEAR_FAILURE;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	706 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	707 #endif /* DROPBEAR_SIGNKEY_VERIFY */
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	708
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	709 #if DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	710
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	711 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE when given a buffer containing
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	712 * a key, a key, and a type. The buffer is positioned at the start of the
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	713 * base64 data, and contains no trailing data */
436 7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	714 /* If fingerprint is non-NULL, it will be set to a malloc()ed fingerprint
7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	715 of the key if it is successfully decoded */
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	716 int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen,
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	717 const unsigned char* algoname, unsigned int algolen,
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1424 diff changeset	718 const buffer * line, char ** fingerprint) {
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	719
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	720 buffer * decodekey = NULL;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	721 int ret = DROPBEAR_FAILURE;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	722 unsigned int len, filealgolen;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	723 unsigned long decodekeylen;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	724 unsigned char* filealgo = NULL;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	725
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	726 /* now we have the actual data */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	727 len = line->len - line->pos;
1371 bc9e2e148f58 avoid NULL argument to base64 decode Matt Johnston <matt@ucc.asn.au> parents: 1369 diff changeset	728 if (len == 0) {
bc9e2e148f58 avoid NULL argument to base64 decode Matt Johnston <matt@ucc.asn.au> parents: 1369 diff changeset	729 /* base64_decode doesn't like NULL argument */
bc9e2e148f58 avoid NULL argument to base64 decode Matt Johnston <matt@ucc.asn.au> parents: 1369 diff changeset	730 return DROPBEAR_FAILURE;
bc9e2e148f58 avoid NULL argument to base64 decode Matt Johnston <matt@ucc.asn.au> parents: 1369 diff changeset	731 }
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	732 decodekeylen = len * 2; /* big to be safe */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	733 decodekey = buf_new(decodekeylen);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	734
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	735 if (base64_decode(buf_getptr(line, len), len,
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	736 buf_getwriteptr(decodekey, decodekey->size),
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	737 &decodekeylen) != CRYPT_OK) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	738 TRACE(("checkpubkey: base64 decode failed"))
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	739 goto out;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	740 }
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	741 TRACE(("checkpubkey: base64_decode success"))
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	742 buf_incrlen(decodekey, decodekeylen);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	743
436 7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	744 if (fingerprint) {
7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	745 *fingerprint = sign_key_fingerprint(buf_getptr(decodekey, decodekeylen),
7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	746 decodekeylen);
7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	747 }
7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	748
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	749 /* compare the keys */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	750 if ( ( decodekeylen != keybloblen )
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	751 \|\| memcmp( buf_getptr(decodekey, decodekey->len),
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	752 keyblob, decodekey->len) != 0) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	753 TRACE(("checkpubkey: compare failed"))
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	754 goto out;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	755 }
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	756
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	757 /* ... and also check that the algo specified and the algo in the key
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	758 * itself match */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	759 filealgolen = buf_getint(decodekey);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	760 filealgo = buf_getptr(decodekey, filealgolen);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	761 if (filealgolen != algolen \|\| memcmp(filealgo, algoname, algolen) != 0) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	762 TRACE(("checkpubkey: algo match failed"))
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	763 goto out;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	764 }
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	765
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	766 /* All checks passed */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	767 ret = DROPBEAR_SUCCESS;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	768
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	769 out:
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	770 buf_free(decodekey);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	771 decodekey = NULL;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	772 return ret;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	773 }
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	774 #endif
1369 ddfcadca3c4c fuzzer-pubkey Matt Johnston <matt@ucc.asn.au> parents: 1362 diff changeset	775
1558 2f64cb3d3007 - #if not #ifdef for DROPBEAR_FUZZ Matt Johnston <matt@ucc.asn.au> parents: 1511 diff changeset	776 #if DROPBEAR_FUZZ
1369 ddfcadca3c4c fuzzer-pubkey Matt Johnston <matt@ucc.asn.au> parents: 1362 diff changeset	777 const char * const * fuzz_signkey_names = signkey_names;
ddfcadca3c4c fuzzer-pubkey Matt Johnston <matt@ucc.asn.au> parents: 1362 diff changeset	778
ddfcadca3c4c fuzzer-pubkey Matt Johnston <matt@ucc.asn.au> parents: 1362 diff changeset	779 #endif

Mercurial > dropbear

annotate signkey.c @ 1930:299f4f19ba19