Mercurial > dropbear
annotate signkey_ossh.c @ 1930:299f4f19ba19
Add /usr/sbin and /sbin to default root PATH
When dropbear is used in a very restricted environment (such as in a
initrd), the default user shell is often also very restricted
and doesn't take care of setting the PATH so the user ends up
with the PATH set by dropbear. Unfortunately, dropbear always
sets "/usr/bin:/bin" as default PATH even for the root user
which should have /usr/sbin and /sbin too.
For a concrete instance of this problem, see the "Remote Unlocking"
section in this tutorial: https://paxswill.com/blog/2013/11/04/encrypted-raspberry-pi/
It speaks of a bug in the initramfs script because it's written "blkid"
instead of "/sbin/blkid"... this is just because the scripts from the
initramfs do not expect to have a PATH without the sbin directories and
because dropbear is not setting the PATH appropriately for the root user.
I'm thus suggesting to use the attached patch to fix this misbehaviour (I
did not test it, but it's easy enough). It might seem anecdotic but
multiple Kali users have been bitten by this.
From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903403
| author | Raphael Hertzog <hertzog@debian.org> |
|---|---|
| date | Mon, 09 Jul 2018 16:27:53 +0200 |
| parents | ced53051e200 |
| children |
| rev | line source |
|---|---|
|
1908
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 #include "includes.h" |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 #include "dbutil.h" |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 #include "ssh.h" |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 #include "signkey_ossh.h" |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 #include "bignum.h" |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 #include "ecdsa.h" |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 #include "sk-ecdsa.h" |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 #include "sk-ed25519.h" |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 #include "rsa.h" |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 #include "dss.h" |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 #include "ed25519.h" |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 #if DROPBEAR_RSA |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 /* OpenSSH raw private RSA format is |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 string "ssh-rsa" |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 mpint n |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 mpint e |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 mpint d |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 mpint iqmp (q^-1) mod p |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 mpint p |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 mpint q |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 */ |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 void buf_put_rsa_priv_ossh(buffer *buf, const sign_key *akey) { |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 const dropbear_rsa_key *key = akey->rsakey; |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 mp_int iqmp; |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 dropbear_assert(key != NULL); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 if (!(key->p && key->q)) { |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 dropbear_exit("Pre-0.33 Dropbear keys cannot be converted to OpenSSH keys.\n"); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 } |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 m_mp_init(&iqmp); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 /* iqmp = (q^-1) mod p */ |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 if (mp_invmod(key->q, key->p, &iqmp) != MP_OKAY) { |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 dropbear_exit("Bignum error for iqmp\n"); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 } |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 buf_putstring(buf, SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 buf_putmpint(buf, key->n); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
40 buf_putmpint(buf, key->e); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 buf_putmpint(buf, key->d); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 buf_putmpint(buf, &iqmp); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 buf_putmpint(buf, key->p); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 buf_putmpint(buf, key->q); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 mp_clear(&iqmp); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 } |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 int buf_get_rsa_priv_ossh(buffer *buf, sign_key *akey) { |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
49 int ret = DROPBEAR_FAILURE; |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
50 dropbear_rsa_key *key = NULL; |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 mp_int iqmp; |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 rsa_key_free(akey->rsakey); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 akey->rsakey = m_malloc(sizeof(*akey->rsakey)); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 key = akey->rsakey; |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
56 m_mp_alloc_init_multi(&key->e, &key->n, &key->d, &key->p, &key->q, NULL); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
57 |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
58 buf_eatstring(buf); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 m_mp_init(&iqmp); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
60 if (buf_getmpint(buf, key->n) == DROPBEAR_SUCCESS |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
61 && buf_getmpint(buf, key->e) == DROPBEAR_SUCCESS |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
62 && buf_getmpint(buf, key->d) == DROPBEAR_SUCCESS |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
63 && buf_getmpint(buf, &iqmp) == DROPBEAR_SUCCESS |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
64 && buf_getmpint(buf, key->p) == DROPBEAR_SUCCESS |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
65 && buf_getmpint(buf, key->q) == DROPBEAR_SUCCESS) { |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 ret = DROPBEAR_SUCCESS; |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
67 } |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
68 mp_clear(&iqmp); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 return ret; |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
70 } |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
72 #endif /* DROPBEAR_RSA */ |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
73 |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
74 #if DROPBEAR_ED25519 |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
75 /* OpenSSH raw private ed25519 format is |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
76 string "ssh-ed25519" |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
77 uint32 32 |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
78 byte[32] pubkey |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
79 uint32 64 |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
80 byte[32] privkey |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
81 byte[32] pubkey |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
82 */ |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
83 |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
84 void buf_put_ed25519_priv_ossh(buffer *buf, const sign_key *akey) { |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
85 const dropbear_ed25519_key *key = akey->ed25519key; |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
86 dropbear_assert(key != NULL); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
87 buf_putstring(buf, SSH_SIGNKEY_ED25519, SSH_SIGNKEY_ED25519_LEN); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
88 buf_putint(buf, CURVE25519_LEN); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
89 buf_putbytes(buf, key->pub, CURVE25519_LEN); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
90 buf_putint(buf, CURVE25519_LEN*2); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
91 buf_putbytes(buf, key->priv, CURVE25519_LEN); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
92 buf_putbytes(buf, key->pub, CURVE25519_LEN); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
93 } |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
94 |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
95 int buf_get_ed25519_priv_ossh(buffer *buf, sign_key *akey) { |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
96 dropbear_ed25519_key *key = NULL; |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
97 uint32_t len; |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
98 |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
99 ed25519_key_free(akey->ed25519key); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
100 akey->ed25519key = m_malloc(sizeof(*akey->ed25519key)); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
101 key = akey->ed25519key; |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
102 |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
103 /* Parse past the first string and pubkey */ |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
104 if (buf_get_ed25519_pub_key(buf, key, DROPBEAR_SIGNKEY_ED25519) |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
105 == DROPBEAR_FAILURE) { |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
106 dropbear_log(LOG_ERR, "Error parsing ed25519 key, pubkey"); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
107 return DROPBEAR_FAILURE; |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
108 } |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
109 len = buf_getint(buf); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
110 if (len != 2*CURVE25519_LEN) { |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
111 dropbear_log(LOG_ERR, "Error parsing ed25519 key, bad length"); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
112 return DROPBEAR_FAILURE; |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
113 } |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
114 memcpy(key->priv, buf_getptr(buf, CURVE25519_LEN), CURVE25519_LEN); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
115 buf_incrpos(buf, CURVE25519_LEN); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
116 |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
117 /* Sanity check */ |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
118 if (memcmp(buf_getptr(buf, CURVE25519_LEN), key->pub, |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
119 CURVE25519_LEN) != 0) { |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
120 dropbear_log(LOG_ERR, "Error parsing ed25519 key, mismatch pubkey"); |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
121 return DROPBEAR_FAILURE; |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
122 } |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
123 return DROPBEAR_SUCCESS; |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
124 } |
|
eadd023fde4d
Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
125 #endif /* DROPBEAR_ED255219 */ |
|
1911
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
126 |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
127 #if DROPBEAR_ECDSA |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
128 /* OpenSSH raw private ecdsa format is the same as Dropbear's. |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
129 # First part is the same as the SSH wire pubkey format |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
130 string "ecdsa-sha2-[identifier]" |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
131 string [identifier] |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
132 string Q |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
133 # With private part appended |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
134 mpint d |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
135 */ |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
136 |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
137 void buf_put_ecdsa_priv_ossh(buffer *buf, const sign_key *key) { |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
138 ecc_key **eck = (ecc_key**)signkey_key_ptr((sign_key*)key, key->type); |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
139 if (eck && *eck) { |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
140 buf_put_ecdsa_priv_key(buf, *eck); |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
141 return; |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
142 } |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
143 dropbear_exit("ecdsa key is not set"); |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
144 } |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
145 |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
146 int buf_get_ecdsa_priv_ossh(buffer *buf, sign_key *key) { |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
147 ecc_key **eck = (ecc_key**)signkey_key_ptr(key, key->type); |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
148 if (eck) { |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
149 if (*eck) { |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
150 ecc_free(*eck); |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
151 m_free(*eck); |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
152 *eck = NULL; |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
153 } |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
154 *eck = buf_get_ecdsa_priv_key(buf); |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
155 if (*eck) { |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
156 return DROPBEAR_SUCCESS; |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
157 } |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
158 } |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
159 return DROPBEAR_FAILURE; |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
160 } |
|
ced53051e200
Add ecdsa OpenSSH format for dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
1908
diff
changeset
|
161 #endif /* DROPBEAR_ECDSA */ |