annotate signkey.c @ 1861:2b3a8026a6ce

Add re-exec for server This allows ASLR to re-randomize the address space for every connection, preventing some vulnerabilities from being exploitable by repeated probing. Overhead (memory and time) is yet to be confirmed. At present this is only enabled on Linux. Other BSD platforms with fexecve() would probably also work though have not been tested.
author Matt Johnston <matt@ucc.asn.au>
date Sun, 30 Jan 2022 10:14:56 +0800
parents 35d504d59c05
children 3f4cdf839a1a
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 * Dropbear - a SSH2 server
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
3 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
4 * Copyright (c) 2002,2003 Matt Johnston
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5 * All rights reserved.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
6 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
8 * of this software and associated documentation files (the "Software"), to deal
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
9 * in the Software without restriction, including without limitation the rights
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
11 * copies of the Software, and to permit persons to whom the Software is
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
12 * furnished to do so, subject to the following conditions:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 * The above copyright notice and this permission notice shall be included in
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15 * all copies or substantial portions of the Software.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
16 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
23 * SOFTWARE. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
24
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
25 #include "includes.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
26 #include "dbutil.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
27 #include "signkey.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 #include "buffer.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
29 #include "ssh.h"
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
30 #include "ecdsa.h"
1855
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
31 #include "sk-ecdsa.h"
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
32 #include "sk-ed25519.h"
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
33 #include "rsa.h"
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
34 #include "dss.h"
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
35 #include "ed25519.h"
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
36
1273
139935236c72 const variables
Francois Perrad <francois.perrad@gadz.org>
parents: 1249
diff changeset
37 static const char * const signkey_names[DROPBEAR_SIGNKEY_NUM_NAMED] = {
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
38 #if DROPBEAR_RSA
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
39 "ssh-rsa",
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
40 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
41 #if DROPBEAR_DSS
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
42 "ssh-dss",
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
43 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
44 #if DROPBEAR_ECDSA
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
45 "ecdsa-sha2-nistp256",
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
46 "ecdsa-sha2-nistp384",
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
47 "ecdsa-sha2-nistp521",
1855
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
48 #if DROPBEAR_SK_ECDSA
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
49 "[email protected]",
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
50 #endif /* DROPBEAR_SK_ECDSA */
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 855
diff changeset
51 #endif /* DROPBEAR_ECDSA */
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
52 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
53 "ssh-ed25519",
1855
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
54 #if DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
55 "[email protected]",
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
56 #endif /* DROPBEAR_SK_ED25519 */
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
57 #endif /* DROPBEAR_ED25519 */
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
58 /* "rsa-sha2-256" is special-cased below since it is only a signature name, not key type */
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
59 };
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
60
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
61 /* malloc a new sign_key and set the dss and rsa keys to NULL */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
62 sign_key * new_sign_key() {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
63
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
64 sign_key * ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
65
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
66 ret = (sign_key*)m_malloc(sizeof(sign_key));
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 436
diff changeset
67 ret->type = DROPBEAR_SIGNKEY_NONE;
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 436
diff changeset
68 ret->source = SIGNKEY_SOURCE_INVALID;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
69 return ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
70 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
71
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
72 /* Returns key name corresponding to the type. Exits fatally
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
73 * if the type is invalid */
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
74 const char* signkey_name_from_type(enum signkey_type type, unsigned int *namelen) {
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
75 if (type >= DROPBEAR_SIGNKEY_NUM_NAMED) {
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
76 dropbear_exit("Bad key type %d", type);
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
77 }
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
78
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
79 if (namelen) {
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
80 *namelen = strlen(signkey_names[type]);
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
81 }
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
82 return signkey_names[type];
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
83 }
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
84
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
85 /* Returns DROPBEAR_SIGNKEY_NONE if none match */
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
86 enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen) {
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
87 int i;
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
88 for (i = 0; i < DROPBEAR_SIGNKEY_NUM_NAMED; i++) {
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
89 const char *fixed_name = signkey_names[i];
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
90 if (namelen == strlen(fixed_name)
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
91 && memcmp(fixed_name, name, namelen) == 0) {
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
92
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
93 #if DROPBEAR_ECDSA
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
94 /* Some of the ECDSA key sizes are defined even if they're not compiled in */
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
95 if (0
1499
2d450c1056e3 options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents: 1459
diff changeset
96 #if !DROPBEAR_ECC_256
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
97 || i == DROPBEAR_SIGNKEY_ECDSA_NISTP256
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
98 #endif
1499
2d450c1056e3 options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents: 1459
diff changeset
99 #if !DROPBEAR_ECC_384
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
100 || i == DROPBEAR_SIGNKEY_ECDSA_NISTP384
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
101 #endif
1499
2d450c1056e3 options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents: 1459
diff changeset
102 #if !DROPBEAR_ECC_521
795
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
103 || i == DROPBEAR_SIGNKEY_ECDSA_NISTP521
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
104 #endif
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
105 ) {
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
106 TRACE(("attempt to use ecdsa type %d not compiled in", i))
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
107 return DROPBEAR_SIGNKEY_NONE;
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
108 }
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
109 #endif
7f604f9b3756 ecdsa is working
Matt Johnston <matt@ucc.asn.au>
parents: 794
diff changeset
110
1255
55d485943eb0 cast return type to enum
Matt Johnston <matt@ucc.asn.au>
parents: 1249
diff changeset
111 return (enum signkey_type)i;
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
112 }
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
113 }
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
114
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 436
diff changeset
115 TRACE(("signkey_type_from_name unexpected key type."))
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 436
diff changeset
116
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
117 return DROPBEAR_SIGNKEY_NONE;
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
118 }
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
119
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
120 /* Special case for rsa-sha2-256. This could be generalised if more
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
121 signature names are added that aren't 1-1 with public key names */
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
122 const char* signature_name_from_type(enum signature_type type, unsigned int *namelen) {
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
123 #if DROPBEAR_RSA_SHA256
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
124 if (type == DROPBEAR_SIGNATURE_RSA_SHA256) {
1676
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
125 if (namelen) {
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
126 *namelen = strlen(SSH_SIGNATURE_RSA_SHA256);
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
127 }
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
128 return SSH_SIGNATURE_RSA_SHA256;
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
129 }
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
130 #endif
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
131 #if DROPBEAR_RSA_SHA1
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
132 if (type == DROPBEAR_SIGNATURE_RSA_SHA1) {
1676
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
133 if (namelen) {
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
134 *namelen = strlen(SSH_SIGNKEY_RSA);
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
135 }
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
136 return SSH_SIGNKEY_RSA;
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
137 }
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
138 #endif
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
139 return signkey_name_from_type((enum signkey_type)type, namelen);
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
140 }
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
141
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
142 /* Returns DROPBEAR_SIGNATURE_NONE if none match */
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
143 enum signature_type signature_type_from_name(const char* name, unsigned int namelen) {
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
144 #if DROPBEAR_RSA_SHA256
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
145 if (namelen == strlen(SSH_SIGNATURE_RSA_SHA256)
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
146 && memcmp(name, SSH_SIGNATURE_RSA_SHA256, namelen) == 0) {
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
147 return DROPBEAR_SIGNATURE_RSA_SHA256;
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
148 }
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
149 #endif
1681
435cfb9ec96e send and handle SSH_MSG_EXT_INFO only at the correct point
Matt Johnston <matt@ucc.asn.au>
parents: 1676
diff changeset
150 #if DROPBEAR_RSA_SHA1
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
151 if (namelen == strlen(SSH_SIGNKEY_RSA)
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
152 && memcmp(name, SSH_SIGNKEY_RSA, namelen) == 0) {
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
153 return DROPBEAR_SIGNATURE_RSA_SHA1;
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
154 }
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
155 #endif
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
156 return (enum signature_type)signkey_type_from_name(name, namelen);
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
157 }
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
158
1676
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
159 /* Returns the signature type from a key type. Must not be called
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
160 with RSA keytype */
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
161 enum signature_type signature_type_from_signkey(enum signkey_type keytype) {
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
162 #if DROPBEAR_RSA
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
163 assert(keytype != DROPBEAR_SIGNKEY_RSA);
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
164 #endif
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
165 assert(keytype < DROPBEAR_SIGNKEY_NUM_NAMED);
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
166 return (enum signature_type)keytype;
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
167 }
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
168
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
169 enum signkey_type signkey_type_from_signature(enum signature_type sigtype) {
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
170 #if DROPBEAR_RSA_SHA256
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
171 if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA256) {
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
172 return DROPBEAR_SIGNKEY_RSA;
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
173 }
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
174 #endif
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
175 #if DROPBEAR_RSA_SHA1
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
176 if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA1) {
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
177 return DROPBEAR_SIGNKEY_RSA;
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
178 }
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
179 #endif
1684
d5d25ce2a2ed cast to fix warning
Matt Johnston <matt@ucc.asn.au>
parents: 1681
diff changeset
180 assert((int)sigtype < (int)DROPBEAR_SIGNKEY_NUM_NAMED);
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
181 return (enum signkey_type)sigtype;
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
182 }
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
183
1423
c1c3d5943bfc Fix null pointer dereference found by libfuzzer
Matt Johnston <matt@ucc.asn.au>
parents: 1409
diff changeset
184 /* Returns a pointer to the key part specific to "type".
c1c3d5943bfc Fix null pointer dereference found by libfuzzer
Matt Johnston <matt@ucc.asn.au>
parents: 1409
diff changeset
185 Be sure to check both (ret != NULL) and (*ret != NULL) */
841
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
186 void **
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
187 signkey_key_ptr(sign_key *key, enum signkey_type type) {
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
188 switch (type) {
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
189 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
190 case DROPBEAR_SIGNKEY_ED25519:
1855
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
191 #if DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
192 case DROPBEAR_SIGNKEY_SK_ED25519:
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
193 #endif
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
194 return (void**)&key->ed25519key;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
195 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
196 #if DROPBEAR_ECDSA
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
197 #if DROPBEAR_ECC_256
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
198 case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
1855
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
199 #if DROPBEAR_SK_ECDSA
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
200 case DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256:
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
201 #endif
841
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
202 return (void**)&key->ecckey256;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
203 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
204 #if DROPBEAR_ECC_384
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
205 case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
841
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
206 return (void**)&key->ecckey384;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
207 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
208 #if DROPBEAR_ECC_521
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
209 case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
841
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
210 return (void**)&key->ecckey521;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
211 #endif
935
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 864
diff changeset
212 #endif /* DROPBEAR_ECDSA */
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
213 #if DROPBEAR_RSA
841
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
214 case DROPBEAR_SIGNKEY_RSA:
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
215 return (void**)&key->rsakey;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
216 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
217 #if DROPBEAR_DSS
841
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
218 case DROPBEAR_SIGNKEY_DSS:
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
219 return (void**)&key->dsskey;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
220 #endif
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
221 default:
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
222 return NULL;
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
223 }
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
224 }
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
225
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
226 /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail.
26
0969767bca0d snapshot of stuff
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
227 * type should be set by the caller to specify the type to read, and
0969767bca0d snapshot of stuff
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
228 * on return is set to the type read (useful when type = _ANY) */
841
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
229 int buf_get_pub_key(buffer *buf, sign_key *key, enum signkey_type *type) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
230
1094
c45d65392c1a Fix pointer differ in signess warnings [-Werror=pointer-sign]
Gaël PORTAY <gael.portay@gmail.com>
parents: 1058
diff changeset
231 char *ident;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
232 unsigned int len;
1032
0da8ba489c23 Move generic network routines to netio.c
Matt Johnston <matt@ucc.asn.au>
parents: 935
diff changeset
233 enum signkey_type keytype;
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
234 int ret = DROPBEAR_FAILURE;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
235
731
9a5438271556 Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents: 651
diff changeset
236 TRACE2(("enter buf_get_pub_key"))
34
e2a1eaa19f22 Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents: 26
diff changeset
237
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1094
diff changeset
238 ident = buf_getstring(buf, &len);
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
239 keytype = signkey_type_from_name(ident, len);
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
240 m_free(ident);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
241
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
242 if (*type != DROPBEAR_SIGNKEY_ANY && *type != keytype) {
651
a48a1f6ab43e - Fix some format strings in TRACE()s
Matt Johnston <matt@ucc.asn.au>
parents: 594
diff changeset
243 TRACE(("buf_get_pub_key bad type - got %d, expected %d", keytype, *type))
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
244 return DROPBEAR_FAILURE;
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
245 }
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 436
diff changeset
246
731
9a5438271556 Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents: 651
diff changeset
247 TRACE2(("buf_get_pub_key keytype is %d", keytype))
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
248
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
249 *type = keytype;
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
250
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
251 /* Rewind the buffer back before "ssh-rsa" etc */
1754
064f5be2fc45 Add buf_decrpos()
Matt Johnston <matt@ucc.asn.au>
parents: 1684
diff changeset
252 buf_decrpos(buf, len + 4);
34
e2a1eaa19f22 Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents: 26
diff changeset
253
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
254 #if DROPBEAR_DSS
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
255 if (keytype == DROPBEAR_SIGNKEY_DSS) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
256 dss_key_free(key->dsskey);
586
b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so
Matt Johnston <matt@ucc.asn.au>
parents: 560
diff changeset
257 key->dsskey = m_malloc(sizeof(*key->dsskey));
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
258 ret = buf_get_dss_pub_key(buf, key->dsskey);
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
259 if (ret == DROPBEAR_FAILURE) {
1409
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
260 dss_key_free(key->dsskey);
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
261 key->dsskey = NULL;
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
262 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
263 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
264 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
265 #if DROPBEAR_RSA
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
266 if (keytype == DROPBEAR_SIGNKEY_RSA) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
267 rsa_key_free(key->rsakey);
586
b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so
Matt Johnston <matt@ucc.asn.au>
parents: 560
diff changeset
268 key->rsakey = m_malloc(sizeof(*key->rsakey));
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
269 ret = buf_get_rsa_pub_key(buf, key->rsakey);
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
270 if (ret == DROPBEAR_FAILURE) {
1409
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
271 rsa_key_free(key->rsakey);
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
272 key->rsakey = NULL;
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
273 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
274 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
275 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
276 #if DROPBEAR_ECDSA
1855
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
277 if (signkey_is_ecdsa(keytype)
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
278 #if DROPBEAR_SK_ECDSA
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
279 || keytype == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
280 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
281 ) {
841
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
282 ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype);
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
283 if (eck) {
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
284 if (*eck) {
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
285 ecc_free(*eck);
1058
063c38ea622b Fix some memory leaks in ecc code
Matt Johnston <matt@ucc.asn.au>
parents: 1032
diff changeset
286 m_free(*eck);
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
287 *eck = NULL;
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
288 }
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
289 *eck = buf_get_ecdsa_pub_key(buf);
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
290 if (*eck) {
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
291 ret = DROPBEAR_SUCCESS;
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
292 }
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
293 }
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
294 }
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
295 #endif
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
296 #if DROPBEAR_ED25519
1855
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
297 if (keytype == DROPBEAR_SIGNKEY_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
298 #if DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
299 || keytype == DROPBEAR_SIGNKEY_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
300 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
301 ) {
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
302 ed25519_key_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
303 key->ed25519key = m_malloc(sizeof(*key->ed25519key));
1855
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
304 ret = buf_get_ed25519_pub_key(buf, key->ed25519key, keytype);
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
305 if (ret == DROPBEAR_FAILURE) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
306 m_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
307 key->ed25519key = NULL;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
308 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
309 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
310 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
311
1855
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
312 #if DROPBEAR_SK_ECDSA || DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
313 if (0
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
314 #if DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
315 || keytype == DROPBEAR_SIGNKEY_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
316 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
317 #if DROPBEAR_SK_ECDSA
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
318 || keytype == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
319 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
320 ) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
321 key->sk_app = buf_getstring(buf, &key->sk_applen);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
322 }
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
323 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
324
731
9a5438271556 Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents: 651
diff changeset
325 TRACE2(("leave buf_get_pub_key"))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
326
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
327 return ret;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
328 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
329
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
330 /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail.
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
331 * type should be set by the caller to specify the type to read, and
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
332 * on return is set to the type read (useful when type = _ANY) */
841
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
333 int buf_get_priv_key(buffer *buf, sign_key *key, enum signkey_type *type) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
334
1094
c45d65392c1a Fix pointer differ in signess warnings [-Werror=pointer-sign]
Gaël PORTAY <gael.portay@gmail.com>
parents: 1058
diff changeset
335 char *ident;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
336 unsigned int len;
1032
0da8ba489c23 Move generic network routines to netio.c
Matt Johnston <matt@ucc.asn.au>
parents: 935
diff changeset
337 enum signkey_type keytype;
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
338 int ret = DROPBEAR_FAILURE;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
339
731
9a5438271556 Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents: 651
diff changeset
340 TRACE2(("enter buf_get_priv_key"))
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
341
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1094
diff changeset
342 ident = buf_getstring(buf, &len);
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
343 keytype = signkey_type_from_name(ident, len);
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
344 m_free(ident);
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
345
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
346 if (*type != DROPBEAR_SIGNKEY_ANY && *type != keytype) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 107
diff changeset
347 TRACE(("wrong key type: %d %d", *type, keytype))
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
348 return DROPBEAR_FAILURE;
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
349 }
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
350
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
351 *type = keytype;
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
352
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
353 /* Rewind the buffer back before "ssh-rsa" etc */
1754
064f5be2fc45 Add buf_decrpos()
Matt Johnston <matt@ucc.asn.au>
parents: 1684
diff changeset
354 buf_decrpos(buf, len + 4);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
355
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
356 #if DROPBEAR_DSS
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
357 if (keytype == DROPBEAR_SIGNKEY_DSS) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
358 dss_key_free(key->dsskey);
586
b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so
Matt Johnston <matt@ucc.asn.au>
parents: 560
diff changeset
359 key->dsskey = m_malloc(sizeof(*key->dsskey));
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
360 ret = buf_get_dss_priv_key(buf, key->dsskey);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
361 if (ret == DROPBEAR_FAILURE) {
1409
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
362 dss_key_free(key->dsskey);
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
363 key->dsskey = NULL;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
364 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
365 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
366 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
367 #if DROPBEAR_RSA
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
368 if (keytype == DROPBEAR_SIGNKEY_RSA) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
369 rsa_key_free(key->rsakey);
586
b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so
Matt Johnston <matt@ucc.asn.au>
parents: 560
diff changeset
370 key->rsakey = m_malloc(sizeof(*key->rsakey));
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
371 ret = buf_get_rsa_priv_key(buf, key->rsakey);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
372 if (ret == DROPBEAR_FAILURE) {
1409
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
373 rsa_key_free(key->rsakey);
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys
Matt Johnston <matt@ucc.asn.au>
parents: 1295
diff changeset
374 key->rsakey = NULL;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
375 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
376 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
377 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
378 #if DROPBEAR_ECDSA
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents: 841
diff changeset
379 if (signkey_is_ecdsa(keytype)) {
841
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
380 ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype);
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
381 if (eck) {
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
382 if (*eck) {
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
383 ecc_free(*eck);
1058
063c38ea622b Fix some memory leaks in ecc code
Matt Johnston <matt@ucc.asn.au>
parents: 1032
diff changeset
384 m_free(*eck);
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
385 *eck = NULL;
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
386 }
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
387 *eck = buf_get_ecdsa_priv_key(buf);
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
388 if (*eck) {
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
389 ret = DROPBEAR_SUCCESS;
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
390 }
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
391 }
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
392 }
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
393 #endif
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
394 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
395 if (keytype == DROPBEAR_SIGNKEY_ED25519) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
396 ed25519_key_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
397 key->ed25519key = m_malloc(sizeof(*key->ed25519key));
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
398 ret = buf_get_ed25519_priv_key(buf, key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
399 if (ret == DROPBEAR_FAILURE) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
400 m_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
401 key->ed25519key = NULL;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
402 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
403 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
404 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
405
731
9a5438271556 Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents: 651
diff changeset
406 TRACE2(("leave buf_get_priv_key"))
44
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
407
45edf30ea0a6 Improved signkey code
Matt Johnston <matt@ucc.asn.au>
parents: 40
diff changeset
408 return ret;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
409
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
410 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
411
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
412 /* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */
841
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
413 void buf_put_pub_key(buffer* buf, sign_key *key, enum signkey_type type) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
414
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
415 buffer *pubkeys;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
416
731
9a5438271556 Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents: 651
diff changeset
417 TRACE2(("enter buf_put_pub_key"))
70
b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents: 51
diff changeset
418 pubkeys = buf_new(MAX_PUBKEY_SIZE);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
419
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
420 #if DROPBEAR_DSS
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
421 if (type == DROPBEAR_SIGNKEY_DSS) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
422 buf_put_dss_pub_key(pubkeys, key->dsskey);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
423 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
424 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
425 #if DROPBEAR_RSA
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
426 if (type == DROPBEAR_SIGNKEY_RSA) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
427 buf_put_rsa_pub_key(pubkeys, key->rsakey);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
428 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
429 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
430 #if DROPBEAR_ECDSA
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents: 841
diff changeset
431 if (signkey_is_ecdsa(type)) {
841
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
432 ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
1423
c1c3d5943bfc Fix null pointer dereference found by libfuzzer
Matt Johnston <matt@ucc.asn.au>
parents: 1409
diff changeset
433 if (eck && *eck) {
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
434 buf_put_ecdsa_pub_key(pubkeys, *eck);
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
435 }
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
436 }
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
437 #endif
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
438 #if DROPBEAR_ED25519
1855
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
439 if (type == DROPBEAR_SIGNKEY_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
440 #if DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
441 || type == DROPBEAR_SIGNKEY_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
442 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
443 ) {
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
444 buf_put_ed25519_pub_key(pubkeys, key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
445 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
446 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
447 if (pubkeys->len == 0) {
594
a98a2138364a Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents: 586
diff changeset
448 dropbear_exit("Bad key types in buf_put_pub_key");
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
449 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
450
760
f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents: 651
diff changeset
451 buf_putbufstring(buf, pubkeys);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
452 buf_free(pubkeys);
731
9a5438271556 Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents: 651
diff changeset
453 TRACE2(("leave buf_put_pub_key"))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
454 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
455
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
456 /* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */
841
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
457 void buf_put_priv_key(buffer* buf, sign_key *key, enum signkey_type type) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
458
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 107
diff changeset
459 TRACE(("enter buf_put_priv_key"))
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 107
diff changeset
460 TRACE(("type is %d", type))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
461
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
462 #if DROPBEAR_DSS
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
463 if (type == DROPBEAR_SIGNKEY_DSS) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
464 buf_put_dss_priv_key(buf, key->dsskey);
1249
c6346c63281b refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1122
diff changeset
465 TRACE(("leave buf_put_priv_key: dss done"))
c6346c63281b refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1122
diff changeset
466 return;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
467 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
468 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
469 #if DROPBEAR_RSA
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
470 if (type == DROPBEAR_SIGNKEY_RSA) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
471 buf_put_rsa_priv_key(buf, key->rsakey);
1249
c6346c63281b refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1122
diff changeset
472 TRACE(("leave buf_put_priv_key: rsa done"))
c6346c63281b refactor indentation with hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1122
diff changeset
473 return;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
474 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
475 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
476 #if DROPBEAR_ECDSA
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents: 841
diff changeset
477 if (signkey_is_ecdsa(type)) {
841
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
478 ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
1423
c1c3d5943bfc Fix null pointer dereference found by libfuzzer
Matt Johnston <matt@ucc.asn.au>
parents: 1409
diff changeset
479 if (eck && *eck) {
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
480 buf_put_ecdsa_priv_key(buf, *eck);
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
481 TRACE(("leave buf_put_priv_key: ecdsa done"))
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
482 return;
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
483 }
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
484 }
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
485 #endif
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
486 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
487 if (type == DROPBEAR_SIGNKEY_ED25519) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
488 buf_put_ed25519_priv_key(buf, key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
489 TRACE(("leave buf_put_priv_key: ed25519 done"))
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
490 return;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
491 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
492 #endif
594
a98a2138364a Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents: 586
diff changeset
493 dropbear_exit("Bad key types in put pub key");
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
494 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
495
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
496 void sign_key_free(sign_key *key) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
497
731
9a5438271556 Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents: 651
diff changeset
498 TRACE2(("enter sign_key_free"))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
499
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
500 #if DROPBEAR_DSS
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
501 dss_key_free(key->dsskey);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
502 key->dsskey = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
503 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
504 #if DROPBEAR_RSA
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
505 rsa_key_free(key->rsakey);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
506 key->rsakey = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
507 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
508 #if DROPBEAR_ECDSA
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
509 #if DROPBEAR_ECC_256
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
510 if (key->ecckey256) {
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
511 ecc_free(key->ecckey256);
1058
063c38ea622b Fix some memory leaks in ecc code
Matt Johnston <matt@ucc.asn.au>
parents: 1032
diff changeset
512 m_free(key->ecckey256);
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
513 key->ecckey256 = NULL;
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
514 }
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
515 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
516 #if DROPBEAR_ECC_384
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
517 if (key->ecckey384) {
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
518 ecc_free(key->ecckey384);
1058
063c38ea622b Fix some memory leaks in ecc code
Matt Johnston <matt@ucc.asn.au>
parents: 1032
diff changeset
519 m_free(key->ecckey384);
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
520 key->ecckey384 = NULL;
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
521 }
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
522 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
523 #if DROPBEAR_ECC_521
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
524 if (key->ecckey521) {
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
525 ecc_free(key->ecckey521);
1058
063c38ea622b Fix some memory leaks in ecc code
Matt Johnston <matt@ucc.asn.au>
parents: 1032
diff changeset
526 m_free(key->ecckey521);
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
527 key->ecckey521 = NULL;
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
528 }
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
529 #endif
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
530 #endif
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
531 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
532 ed25519_key_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
533 key->ed25519key = NULL;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
534 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
535
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 436
diff changeset
536 m_free(key->filename);
1855
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
537 #if DROPBEAR_SK_ECDSA || DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
538 if (key->sk_app) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
539 m_free(key->sk_app);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
540 }
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
541 #endif
551
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents: 436
diff changeset
542
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
543 m_free(key);
731
9a5438271556 Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents: 651
diff changeset
544 TRACE2(("leave sign_key_free"))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
545 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
546
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
547 static char hexdig(unsigned char x) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
548 if (x > 0xf)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
549 return 'X';
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
550
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
551 if (x < 10)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
552 return '0' + x;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
553 else
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
554 return 'a' + x - 10;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
555 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
556
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
557 /* Since we're not sure if we'll have md5 or sha1, we present both.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
558 * MD5 is used in preference, but sha1 could still be useful */
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
559 #if DROPBEAR_MD5_HMAC
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1424
diff changeset
560 static char * sign_key_md5_fingerprint(const unsigned char* keyblob,
51
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
561 unsigned int keybloblen) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
562
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
563 char * ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
564 hash_state hs;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
565 unsigned char hash[MD5_HASH_SIZE];
214
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
566 unsigned int i;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
567 unsigned int buflen;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
568
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
569 md5_init(&hs);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
570
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
571 /* skip the size int of the string - this is a bit messy */
51
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
572 md5_process(&hs, keyblob, keybloblen);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
573
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
574 md5_done(&hs, hash);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
575
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
576 /* "md5 hexfingerprinthere\0", each hex digit is "AB:" etc */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
577 buflen = 4 + 3*MD5_HASH_SIZE;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
578 ret = (char*)m_malloc(buflen);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
579
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
580 memset(ret, 'Z', buflen);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
581 strcpy(ret, "md5 ");
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
582
214
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
583 for (i = 0; i < MD5_HASH_SIZE; i++) {
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
584 unsigned int pos = 4 + i*3;
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
585 ret[pos] = hexdig(hash[i] >> 4);
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
586 ret[pos+1] = hexdig(hash[i] & 0x0f);
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
587 ret[pos+2] = ':';
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
588 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
589 ret[buflen-1] = 0x0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
590
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
591 return ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
592 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
593
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
594 #else /* use SHA1 rather than MD5 for fingerprint */
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1424
diff changeset
595 static char * sign_key_sha1_fingerprint(const unsigned char* keyblob,
51
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
596 unsigned int keybloblen) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
597
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
598 char * ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
599 hash_state hs;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
600 unsigned char hash[SHA1_HASH_SIZE];
214
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
601 unsigned int i;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
602 unsigned int buflen;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
603
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
604 sha1_init(&hs);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
605
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
606 /* skip the size int of the string - this is a bit messy */
51
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
607 sha1_process(&hs, keyblob, keybloblen);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
608
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
609 sha1_done(&hs, hash);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
610
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
611 /* "sha1!! hexfingerprinthere\0", each hex digit is "AB:" etc */
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
612 buflen = 7 + 3*SHA1_HASH_SIZE;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
613 ret = (char*)m_malloc(buflen);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
614
1822
fa6ff07dcc77 signkey: remove !! from SHA1 digest (#130)
Sven Roederer <devel-sven@geroedel.de>
parents: 1754
diff changeset
615 strcpy(ret, "sha1 ");
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
616
214
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
617 for (i = 0; i < SHA1_HASH_SIZE; i++) {
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
618 unsigned int pos = 7 + 3*i;
214
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
619 ret[pos] = hexdig(hash[i] >> 4);
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
620 ret[pos+1] = hexdig(hash[i] & 0x0f);
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents: 165
diff changeset
621 ret[pos+2] = ':';
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
622 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
623 ret[buflen-1] = 0x0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
624
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
625 return ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
626 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
627
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
628 #endif /* MD5/SHA1 switch */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
629
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
630 /* This will return a freshly malloced string, containing a fingerprint
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
631 * in either sha1 or md5 */
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1424
diff changeset
632 char * sign_key_fingerprint(const unsigned char* keyblob, unsigned int keybloblen) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
633
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
634 #if DROPBEAR_MD5_HMAC
51
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
635 return sign_key_md5_fingerprint(keyblob, keybloblen);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
636 #else
51
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
637 return sign_key_sha1_fingerprint(keyblob, keybloblen);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
638 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
639 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
640
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
641 void buf_put_sign(buffer* buf, sign_key *key, enum signature_type sigtype,
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1424
diff changeset
642 const buffer *data_buf) {
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
643 buffer *sigblob = buf_new(MAX_PUBKEY_SIZE);
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
644 enum signkey_type keytype = signkey_type_from_signature(sigtype);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
645
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
646 #if DEBUG_TRACE
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
647 {
1676
d5cdc60db08e ext-info handling for server-sig-algs
Matt Johnston <matt@ucc.asn.au>
parents: 1675
diff changeset
648 const char* signame = signature_name_from_type(sigtype, NULL);
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
649 TRACE(("buf_put_sign type %d %s", sigtype, signame));
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
650 }
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
651 #endif
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
652
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
653
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
654 #if DROPBEAR_DSS
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
655 if (keytype == DROPBEAR_SIGNKEY_DSS) {
760
f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents: 651
diff changeset
656 buf_put_dss_sign(sigblob, key->dsskey, data_buf);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
657 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
658 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
659 #if DROPBEAR_RSA
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
660 if (keytype == DROPBEAR_SIGNKEY_RSA) {
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
661 buf_put_rsa_sign(sigblob, key->rsakey, sigtype, data_buf);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
662 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
663 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
664 #if DROPBEAR_ECDSA
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
665 if (signkey_is_ecdsa(keytype)) {
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
666 ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype);
1423
c1c3d5943bfc Fix null pointer dereference found by libfuzzer
Matt Johnston <matt@ucc.asn.au>
parents: 1409
diff changeset
667 if (eck && *eck) {
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
668 buf_put_ecdsa_sign(sigblob, *eck, data_buf);
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
669 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
670 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
671 #endif
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
672 #if DROPBEAR_ED25519
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
673 if (keytype == DROPBEAR_SIGNKEY_ED25519) {
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
674 buf_put_ed25519_sign(sigblob, key->ed25519key, data_buf);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
675 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
676 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
677 if (sigblob->len == 0) {
594
a98a2138364a Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents: 586
diff changeset
678 dropbear_exit("Non-matching signing type");
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
679 }
760
f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents: 651
diff changeset
680 buf_putbufstring(buf, sigblob);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
681 buf_free(sigblob);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
682
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
683 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
684
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
685 #if DROPBEAR_SIGNKEY_VERIFY
1855
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
686
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
687 /* Return DROPBEAR_SUCCESS or DROPBEAR_FAILURE.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
688 * If FAILURE is returned, the position of
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
689 * buf is undefined. If SUCCESS is returned, buf will be positioned after the
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
690 * signature blob */
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
691 int buf_verify(buffer * buf, sign_key *key, enum signature_type expect_sigtype, const buffer *data_buf) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
692
1094
c45d65392c1a Fix pointer differ in signess warnings [-Werror=pointer-sign]
Gaël PORTAY <gael.portay@gmail.com>
parents: 1058
diff changeset
693 char *type_name = NULL;
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
694 unsigned int type_name_len = 0;
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
695 enum signature_type sigtype;
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
696 enum signkey_type keytype;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
697
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 107
diff changeset
698 TRACE(("enter buf_verify"))
34
e2a1eaa19f22 Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents: 26
diff changeset
699
864
30ab30e46452 Fix some warnings
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
700 buf_getint(buf); /* blob length */
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1094
diff changeset
701 type_name = buf_getstring(buf, &type_name_len);
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
702 sigtype = signature_type_from_name(type_name, type_name_len);
794
d386defb5376 more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
703 m_free(type_name);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
704
1675
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256
Matt Johnston <matt@ucc.asn.au>
parents: 1674
diff changeset
705 if (expect_sigtype != sigtype) {
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
706 dropbear_exit("Non-matching signing type");
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
707 }
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
708
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
709 keytype = signkey_type_from_signature(sigtype);
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
710 #if DROPBEAR_DSS
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
711 if (keytype == DROPBEAR_SIGNKEY_DSS) {
244
eb7b9f2bb8e8 - add explicit check that correct keytype exists for pubkey verification
Matt Johnston <matt@ucc.asn.au>
parents: 214
diff changeset
712 if (key->dsskey == NULL) {
594
a98a2138364a Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents: 586
diff changeset
713 dropbear_exit("No DSS key to verify signature");
244
eb7b9f2bb8e8 - add explicit check that correct keytype exists for pubkey verification
Matt Johnston <matt@ucc.asn.au>
parents: 214
diff changeset
714 }
760
f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents: 651
diff changeset
715 return buf_dss_verify(buf, key->dsskey, data_buf);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
716 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
717 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
718
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
719 #if DROPBEAR_RSA
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
720 if (keytype == DROPBEAR_SIGNKEY_RSA) {
244
eb7b9f2bb8e8 - add explicit check that correct keytype exists for pubkey verification
Matt Johnston <matt@ucc.asn.au>
parents: 214
diff changeset
721 if (key->rsakey == NULL) {
594
a98a2138364a Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents: 586
diff changeset
722 dropbear_exit("No RSA key to verify signature");
244
eb7b9f2bb8e8 - add explicit check that correct keytype exists for pubkey verification
Matt Johnston <matt@ucc.asn.au>
parents: 214
diff changeset
723 }
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
724 return buf_rsa_verify(buf, key->rsakey, sigtype, data_buf);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
725 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
726 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
727 #if DROPBEAR_ECDSA
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
728 if (signkey_is_ecdsa(keytype)) {
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
729 ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype);
1424
8a4b8f026de6 fix null pointer crash
Matt Johnston <matt@ucc.asn.au>
parents: 1423
diff changeset
730 if (eck && *eck) {
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
731 return buf_ecdsa_verify(buf, *eck, data_buf);
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 801
diff changeset
732 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
733 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
734 #endif
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
735 #if DROPBEAR_ED25519
1674
ba6fc7afe1c5 use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents: 1659
diff changeset
736 if (keytype == DROPBEAR_SIGNKEY_ED25519) {
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
737 if (key->ed25519key == NULL) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
738 dropbear_exit("No Ed25519 key to verify signature");
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
739 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
740 return buf_ed25519_verify(buf, key->ed25519key, data_buf);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
741 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1558
diff changeset
742 #endif
1855
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
743 #if DROPBEAR_SK_ECDSA
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
744 if (keytype == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
745 ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
746 if (eck && *eck) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
747 return buf_sk_ecdsa_verify(buf, *eck, data_buf, key->sk_app, key->sk_applen);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
748 }
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
749 }
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
750 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
751 #if DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
752 if (keytype == DROPBEAR_SIGNKEY_SK_ED25519) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
753 dropbear_ed25519_key **eck = (dropbear_ed25519_key**)signkey_key_ptr(key, keytype);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
754 if (eck && *eck) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
755 return buf_sk_ed25519_verify(buf, *eck, data_buf, key->sk_app, key->sk_applen);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
756 }
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
757 }
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142)
egor-duda <egor-duda@users.noreply.github.com>
parents: 1822
diff changeset
758 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
759
594
a98a2138364a Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents: 586
diff changeset
760 dropbear_exit("Non-matching signing type");
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
761 return DROPBEAR_FAILURE;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
762 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
763 #endif /* DROPBEAR_SIGNKEY_VERIFY */
51
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
764
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1278
diff changeset
765 #if DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
51
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
766
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
767 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE when given a buffer containing
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
768 * a key, a key, and a type. The buffer is positioned at the start of the
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
769 * base64 data, and contains no trailing data */
436
7282370416a0 Improve known_hosts checking.
Matt Johnston <matt@ucc.asn.au>
parents: 244
diff changeset
770 /* If fingerprint is non-NULL, it will be set to a malloc()ed fingerprint
7282370416a0 Improve known_hosts checking.
Matt Johnston <matt@ucc.asn.au>
parents: 244
diff changeset
771 of the key if it is successfully decoded */
51
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
772 int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen,
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
773 const unsigned char* algoname, unsigned int algolen,
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1424
diff changeset
774 const buffer * line, char ** fingerprint) {
51
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
775
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
776 buffer * decodekey = NULL;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
777 int ret = DROPBEAR_FAILURE;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
778 unsigned int len, filealgolen;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
779 unsigned long decodekeylen;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
780 unsigned char* filealgo = NULL;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
781
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
782 /* now we have the actual data */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
783 len = line->len - line->pos;
1371
bc9e2e148f58 avoid NULL argument to base64 decode
Matt Johnston <matt@ucc.asn.au>
parents: 1369
diff changeset
784 if (len == 0) {
bc9e2e148f58 avoid NULL argument to base64 decode
Matt Johnston <matt@ucc.asn.au>
parents: 1369
diff changeset
785 /* base64_decode doesn't like NULL argument */
bc9e2e148f58 avoid NULL argument to base64 decode
Matt Johnston <matt@ucc.asn.au>
parents: 1369
diff changeset
786 return DROPBEAR_FAILURE;
bc9e2e148f58 avoid NULL argument to base64 decode
Matt Johnston <matt@ucc.asn.au>
parents: 1369
diff changeset
787 }
51
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
788 decodekeylen = len * 2; /* big to be safe */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
789 decodekey = buf_new(decodekeylen);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
790
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
791 if (base64_decode(buf_getptr(line, len), len,
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
792 buf_getwriteptr(decodekey, decodekey->size),
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
793 &decodekeylen) != CRYPT_OK) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 107
diff changeset
794 TRACE(("checkpubkey: base64 decode failed"))
51
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
795 goto out;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
796 }
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 107
diff changeset
797 TRACE(("checkpubkey: base64_decode success"))
51
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
798 buf_incrlen(decodekey, decodekeylen);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
799
436
7282370416a0 Improve known_hosts checking.
Matt Johnston <matt@ucc.asn.au>
parents: 244
diff changeset
800 if (fingerprint) {
7282370416a0 Improve known_hosts checking.
Matt Johnston <matt@ucc.asn.au>
parents: 244
diff changeset
801 *fingerprint = sign_key_fingerprint(buf_getptr(decodekey, decodekeylen),
7282370416a0 Improve known_hosts checking.
Matt Johnston <matt@ucc.asn.au>
parents: 244
diff changeset
802 decodekeylen);
7282370416a0 Improve known_hosts checking.
Matt Johnston <matt@ucc.asn.au>
parents: 244
diff changeset
803 }
7282370416a0 Improve known_hosts checking.
Matt Johnston <matt@ucc.asn.au>
parents: 244
diff changeset
804
51
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
805 /* compare the keys */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
806 if ( ( decodekeylen != keybloblen )
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
807 || memcmp( buf_getptr(decodekey, decodekey->len),
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
808 keyblob, decodekey->len) != 0) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 107
diff changeset
809 TRACE(("checkpubkey: compare failed"))
51
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
810 goto out;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
811 }
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
812
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
813 /* ... and also check that the algo specified and the algo in the key
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
814 * itself match */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
815 filealgolen = buf_getint(decodekey);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
816 filealgo = buf_getptr(decodekey, filealgolen);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
817 if (filealgolen != algolen || memcmp(filealgo, algoname, algolen) != 0) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 107
diff changeset
818 TRACE(("checkpubkey: algo match failed"))
51
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
819 goto out;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
820 }
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
821
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
822 /* All checks passed */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
823 ret = DROPBEAR_SUCCESS;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
824
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
825 out:
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
826 buf_free(decodekey);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
827 decodekey = NULL;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
828 return ret;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
829 }
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents: 44
diff changeset
830 #endif
1369
ddfcadca3c4c fuzzer-pubkey
Matt Johnston <matt@ucc.asn.au>
parents: 1362
diff changeset
831
1558
2f64cb3d3007 - #if not #ifdef for DROPBEAR_FUZZ
Matt Johnston <matt@ucc.asn.au>
parents: 1511
diff changeset
832 #if DROPBEAR_FUZZ
1369
ddfcadca3c4c fuzzer-pubkey
Matt Johnston <matt@ucc.asn.au>
parents: 1362
diff changeset
833 const char * const * fuzz_signkey_names = signkey_names;
ddfcadca3c4c fuzzer-pubkey
Matt Johnston <matt@ucc.asn.au>
parents: 1362
diff changeset
834
ddfcadca3c4c fuzzer-pubkey
Matt Johnston <matt@ucc.asn.au>
parents: 1362
diff changeset
835 #endif