dropbear: signkey.c annotate

annotate signkey.c @ 1861:2b3a8026a6ce

Add re-exec for server This allows ASLR to re-randomize the address space for every connection, preventing some vulnerabilities from being exploitable by repeated probing. Overhead (memory and time) is yet to be confirmed. At present this is only enabled on Linux. Other BSD platforms with fexecve() would probably also work though have not been tested.

author	Matt Johnston <matt@ucc.asn.au>
date	Sun, 30 Jan 2022 10:14:56 +0800
parents	35d504d59c05
children	3f4cdf839a1a

rev	line source
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 * Dropbear - a SSH2 server
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 * Copyright (c) 2002,2003 Matt Johnston
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5 * All rights reserved.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7 * Permission is hereby granted, free of charge, to any person obtaining a copy
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 * of this software and associated documentation files (the "Software"), to deal
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 * in the Software without restriction, including without limitation the rights
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 * copies of the Software, and to permit persons to whom the Software is
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12 * furnished to do so, subject to the following conditions:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 * The above copyright notice and this permission notice shall be included in
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 * all copies or substantial portions of the Software.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 * SOFTWARE. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25 #include "includes.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26 #include "dbutil.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 #include "signkey.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28 #include "buffer.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29 #include "ssh.h"
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	30 #include "ecdsa.h"
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	31 #include "sk-ecdsa.h"
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	32 #include "sk-ed25519.h"
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	33 #include "rsa.h"
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	34 #include "dss.h"
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	35 #include "ed25519.h"
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	36
1273 139935236c72 const variables Francois Perrad <francois.perrad@gadz.org> parents: 1249 diff changeset	37 static const char * const signkey_names[DROPBEAR_SIGNKEY_NUM_NAMED] = {
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	38 #if DROPBEAR_RSA
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	39 "ssh-rsa",
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	40 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	41 #if DROPBEAR_DSS
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	42 "ssh-dss",
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	43 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	44 #if DROPBEAR_ECDSA
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	45 "ecdsa-sha2-nistp256",
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	46 "ecdsa-sha2-nistp384",
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	47 "ecdsa-sha2-nistp521",
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	48 #if DROPBEAR_SK_ECDSA
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	49 "[email protected]",
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	50 #endif /* DROPBEAR_SK_ECDSA */
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 855 diff changeset	51 #endif /* DROPBEAR_ECDSA */
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	52 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	53 "ssh-ed25519",
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	54 #if DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	55 "[email protected]",
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	56 #endif /* DROPBEAR_SK_ED25519 */
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	57 #endif /* DROPBEAR_ED25519 */
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	58 /* "rsa-sha2-256" is special-cased below since it is only a signature name, not key type */
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	59 };
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	60
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	61 /* malloc a new sign_key and set the dss and rsa keys to NULL */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	62 sign_key * new_sign_key() {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	63
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	64 sign_key * ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	65
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	66 ret = (sign_key*)m_malloc(sizeof(sign_key));
551 c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	67 ret->type = DROPBEAR_SIGNKEY_NONE;
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	68 ret->source = SIGNKEY_SOURCE_INVALID;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	69 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	70 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	71
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	72 /* Returns key name corresponding to the type. Exits fatally
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	73 * if the type is invalid */
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	74 const char* signkey_name_from_type(enum signkey_type type, unsigned int *namelen) {
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	75 if (type >= DROPBEAR_SIGNKEY_NUM_NAMED) {
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	76 dropbear_exit("Bad key type %d", type);
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	77 }
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	78
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	79 if (namelen) {
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	80 *namelen = strlen(signkey_names[type]);
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	81 }
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	82 return signkey_names[type];
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	83 }
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	84
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	85 /* Returns DROPBEAR_SIGNKEY_NONE if none match */
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	86 enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen) {
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	87 int i;
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	88 for (i = 0; i < DROPBEAR_SIGNKEY_NUM_NAMED; i++) {
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	89 const char *fixed_name = signkey_names[i];
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	90 if (namelen == strlen(fixed_name)
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	91 && memcmp(fixed_name, name, namelen) == 0) {
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	92
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	93 #if DROPBEAR_ECDSA
795 7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	94 /* Some of the ECDSA key sizes are defined even if they're not compiled in */
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	95 if (0
1499 2d450c1056e3 options: Complete the transition to numeric toggles (`#if') Michael Witten <mfwitten@gmail.com> parents: 1459 diff changeset	96 #if !DROPBEAR_ECC_256
795 7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	97 \|\| i == DROPBEAR_SIGNKEY_ECDSA_NISTP256
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	98 #endif
1499 2d450c1056e3 options: Complete the transition to numeric toggles (`#if') Michael Witten <mfwitten@gmail.com> parents: 1459 diff changeset	99 #if !DROPBEAR_ECC_384
795 7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	100 \|\| i == DROPBEAR_SIGNKEY_ECDSA_NISTP384
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	101 #endif
1499 2d450c1056e3 options: Complete the transition to numeric toggles (`#if') Michael Witten <mfwitten@gmail.com> parents: 1459 diff changeset	102 #if !DROPBEAR_ECC_521
795 7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	103 \|\| i == DROPBEAR_SIGNKEY_ECDSA_NISTP521
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	104 #endif
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	105 ) {
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	106 TRACE(("attempt to use ecdsa type %d not compiled in", i))
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	107 return DROPBEAR_SIGNKEY_NONE;
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	108 }
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	109 #endif
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	110
1255 55d485943eb0 cast return type to enum Matt Johnston <matt@ucc.asn.au> parents: 1249 diff changeset	111 return (enum signkey_type)i;
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	112 }
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	113 }
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	114
551 c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	115 TRACE(("signkey_type_from_name unexpected key type."))
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	116
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	117 return DROPBEAR_SIGNKEY_NONE;
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	118 }
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	119
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	120 /* Special case for rsa-sha2-256. This could be generalised if more
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	121 signature names are added that aren't 1-1 with public key names */
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	122 const char* signature_name_from_type(enum signature_type type, unsigned int *namelen) {
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	123 #if DROPBEAR_RSA_SHA256
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	124 if (type == DROPBEAR_SIGNATURE_RSA_SHA256) {
1676 d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	125 if (namelen) {
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	126 *namelen = strlen(SSH_SIGNATURE_RSA_SHA256);
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	127 }
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	128 return SSH_SIGNATURE_RSA_SHA256;
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	129 }
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	130 #endif
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	131 #if DROPBEAR_RSA_SHA1
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	132 if (type == DROPBEAR_SIGNATURE_RSA_SHA1) {
1676 d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	133 if (namelen) {
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	134 *namelen = strlen(SSH_SIGNKEY_RSA);
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	135 }
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	136 return SSH_SIGNKEY_RSA;
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	137 }
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	138 #endif
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	139 return signkey_name_from_type((enum signkey_type)type, namelen);
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	140 }
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	141
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	142 /* Returns DROPBEAR_SIGNATURE_NONE if none match */
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	143 enum signature_type signature_type_from_name(const char* name, unsigned int namelen) {
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	144 #if DROPBEAR_RSA_SHA256
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	145 if (namelen == strlen(SSH_SIGNATURE_RSA_SHA256)
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	146 && memcmp(name, SSH_SIGNATURE_RSA_SHA256, namelen) == 0) {
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	147 return DROPBEAR_SIGNATURE_RSA_SHA256;
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	148 }
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	149 #endif
1681 435cfb9ec96e send and handle SSH_MSG_EXT_INFO only at the correct point Matt Johnston <matt@ucc.asn.au> parents: 1676 diff changeset	150 #if DROPBEAR_RSA_SHA1
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	151 if (namelen == strlen(SSH_SIGNKEY_RSA)
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	152 && memcmp(name, SSH_SIGNKEY_RSA, namelen) == 0) {
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	153 return DROPBEAR_SIGNATURE_RSA_SHA1;
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	154 }
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	155 #endif
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	156 return (enum signature_type)signkey_type_from_name(name, namelen);
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	157 }
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	158
1676 d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	159 /* Returns the signature type from a key type. Must not be called
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	160 with RSA keytype */
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	161 enum signature_type signature_type_from_signkey(enum signkey_type keytype) {
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	162 #if DROPBEAR_RSA
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	163 assert(keytype != DROPBEAR_SIGNKEY_RSA);
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	164 #endif
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	165 assert(keytype < DROPBEAR_SIGNKEY_NUM_NAMED);
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	166 return (enum signature_type)keytype;
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	167 }
d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	168
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	169 enum signkey_type signkey_type_from_signature(enum signature_type sigtype) {
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	170 #if DROPBEAR_RSA_SHA256
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	171 if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA256) {
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	172 return DROPBEAR_SIGNKEY_RSA;
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	173 }
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	174 #endif
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	175 #if DROPBEAR_RSA_SHA1
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	176 if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA1) {
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	177 return DROPBEAR_SIGNKEY_RSA;
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	178 }
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	179 #endif
1684 d5d25ce2a2ed cast to fix warning Matt Johnston <matt@ucc.asn.au> parents: 1681 diff changeset	180 assert((int)sigtype < (int)DROPBEAR_SIGNKEY_NUM_NAMED);
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	181 return (enum signkey_type)sigtype;
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	182 }
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	183
1423 c1c3d5943bfc Fix null pointer dereference found by libfuzzer Matt Johnston <matt@ucc.asn.au> parents: 1409 diff changeset	184 /* Returns a pointer to the key part specific to "type".
c1c3d5943bfc Fix null pointer dereference found by libfuzzer Matt Johnston <matt@ucc.asn.au> parents: 1409 diff changeset	185 Be sure to check both (ret != NULL) and (ret != NULL) /
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	186 void **
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	187 signkey_key_ptr(sign_key *key, enum signkey_type type) {
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	188 switch (type) {
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	189 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	190 case DROPBEAR_SIGNKEY_ED25519:
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	191 #if DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	192 case DROPBEAR_SIGNKEY_SK_ED25519:
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	193 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	194 return (void**)&key->ed25519key;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	195 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	196 #if DROPBEAR_ECDSA
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	197 #if DROPBEAR_ECC_256
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	198 case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	199 #if DROPBEAR_SK_ECDSA
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	200 case DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256:
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	201 #endif
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	202 return (void**)&key->ecckey256;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	203 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	204 #if DROPBEAR_ECC_384
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	205 case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	206 return (void**)&key->ecckey384;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	207 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	208 #if DROPBEAR_ECC_521
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	209 case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	210 return (void**)&key->ecckey521;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	211 #endif
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 864 diff changeset	212 #endif /* DROPBEAR_ECDSA */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	213 #if DROPBEAR_RSA
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	214 case DROPBEAR_SIGNKEY_RSA:
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	215 return (void**)&key->rsakey;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	216 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	217 #if DROPBEAR_DSS
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	218 case DROPBEAR_SIGNKEY_DSS:
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	219 return (void**)&key->dsskey;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	220 #endif
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	221 default:
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	222 return NULL;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	223 }
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	224 }
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	225
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	226 /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail.
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	227 * type should be set by the caller to specify the type to read, and
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	228 * on return is set to the type read (useful when type = _ANY) */
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	229 int buf_get_pub_key(buffer buf, sign_key key, enum signkey_type *type) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	230
1094 c45d65392c1a Fix pointer differ in signess warnings [-Werror=pointer-sign] Gaël PORTAY <gael.portay@gmail.com> parents: 1058 diff changeset	231 char *ident;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	232 unsigned int len;
1032 0da8ba489c23 Move generic network routines to netio.c Matt Johnston <matt@ucc.asn.au> parents: 935 diff changeset	233 enum signkey_type keytype;
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	234 int ret = DROPBEAR_FAILURE;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	235
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	236 TRACE2(("enter buf_get_pub_key"))
34 e2a1eaa19f22 Client mostly works up to password auth Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	237
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1094 diff changeset	238 ident = buf_getstring(buf, &len);
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	239 keytype = signkey_type_from_name(ident, len);
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	240 m_free(ident);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	241
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	242 if (type != DROPBEAR_SIGNKEY_ANY && type != keytype) {
651 a48a1f6ab43e - Fix some format strings in TRACE()s Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	243 TRACE(("buf_get_pub_key bad type - got %d, expected %d", keytype, *type))
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	244 return DROPBEAR_FAILURE;
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	245 }
551 c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	246
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	247 TRACE2(("buf_get_pub_key keytype is %d", keytype))
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	248
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	249 *type = keytype;
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	250
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	251 /* Rewind the buffer back before "ssh-rsa" etc */
1754 064f5be2fc45 Add buf_decrpos() Matt Johnston <matt@ucc.asn.au> parents: 1684 diff changeset	252 buf_decrpos(buf, len + 4);
34 e2a1eaa19f22 Client mostly works up to password auth Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	253
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	254 #if DROPBEAR_DSS
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	255 if (keytype == DROPBEAR_SIGNKEY_DSS) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	256 dss_key_free(key->dsskey);
586 b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so Matt Johnston <matt@ucc.asn.au> parents: 560 diff changeset	257 key->dsskey = m_malloc(sizeof(*key->dsskey));
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	258 ret = buf_get_dss_pub_key(buf, key->dsskey);
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	259 if (ret == DROPBEAR_FAILURE) {
1409 c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	260 dss_key_free(key->dsskey);
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	261 key->dsskey = NULL;
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	262 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	263 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	264 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	265 #if DROPBEAR_RSA
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	266 if (keytype == DROPBEAR_SIGNKEY_RSA) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	267 rsa_key_free(key->rsakey);
586 b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so Matt Johnston <matt@ucc.asn.au> parents: 560 diff changeset	268 key->rsakey = m_malloc(sizeof(*key->rsakey));
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	269 ret = buf_get_rsa_pub_key(buf, key->rsakey);
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	270 if (ret == DROPBEAR_FAILURE) {
1409 c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	271 rsa_key_free(key->rsakey);
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	272 key->rsakey = NULL;
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	273 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	274 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	275 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	276 #if DROPBEAR_ECDSA
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	277 if (signkey_is_ecdsa(keytype)
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	278 #if DROPBEAR_SK_ECDSA
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	279 \|\| keytype == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	280 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	281 ) {
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	282 ecc_key eck = (ecc_key)signkey_key_ptr(key, keytype);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	283 if (eck) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	284 if (*eck) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	285 ecc_free(*eck);
1058 063c38ea622b Fix some memory leaks in ecc code Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	286 m_free(*eck);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	287 *eck = NULL;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	288 }
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	289 *eck = buf_get_ecdsa_pub_key(buf);
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	290 if (*eck) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	291 ret = DROPBEAR_SUCCESS;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	292 }
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	293 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	294 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	295 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	296 #if DROPBEAR_ED25519
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	297 if (keytype == DROPBEAR_SIGNKEY_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	298 #if DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	299 \|\| keytype == DROPBEAR_SIGNKEY_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	300 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	301 ) {
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	302 ed25519_key_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	303 key->ed25519key = m_malloc(sizeof(*key->ed25519key));
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	304 ret = buf_get_ed25519_pub_key(buf, key->ed25519key, keytype);
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	305 if (ret == DROPBEAR_FAILURE) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	306 m_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	307 key->ed25519key = NULL;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	308 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	309 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	310 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	311
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	312 #if DROPBEAR_SK_ECDSA \|\| DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	313 if (0
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	314 #if DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	315 \|\| keytype == DROPBEAR_SIGNKEY_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	316 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	317 #if DROPBEAR_SK_ECDSA
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	318 \|\| keytype == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	319 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	320 ) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	321 key->sk_app = buf_getstring(buf, &key->sk_applen);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	322 }
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	323 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	324
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	325 TRACE2(("leave buf_get_pub_key"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	326
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	327 return ret;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	328 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	329
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	330 /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail.
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	331 * type should be set by the caller to specify the type to read, and
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	332 * on return is set to the type read (useful when type = _ANY) */
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	333 int buf_get_priv_key(buffer buf, sign_key key, enum signkey_type *type) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	334
1094 c45d65392c1a Fix pointer differ in signess warnings [-Werror=pointer-sign] Gaël PORTAY <gael.portay@gmail.com> parents: 1058 diff changeset	335 char *ident;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	336 unsigned int len;
1032 0da8ba489c23 Move generic network routines to netio.c Matt Johnston <matt@ucc.asn.au> parents: 935 diff changeset	337 enum signkey_type keytype;
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	338 int ret = DROPBEAR_FAILURE;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	339
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	340 TRACE2(("enter buf_get_priv_key"))
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	341
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1094 diff changeset	342 ident = buf_getstring(buf, &len);
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	343 keytype = signkey_type_from_name(ident, len);
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	344 m_free(ident);
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	345
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	346 if (type != DROPBEAR_SIGNKEY_ANY && type != keytype) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	347 TRACE(("wrong key type: %d %d", *type, keytype))
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	348 return DROPBEAR_FAILURE;
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	349 }
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	350
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	351 *type = keytype;
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	352
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	353 /* Rewind the buffer back before "ssh-rsa" etc */
1754 064f5be2fc45 Add buf_decrpos() Matt Johnston <matt@ucc.asn.au> parents: 1684 diff changeset	354 buf_decrpos(buf, len + 4);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	355
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	356 #if DROPBEAR_DSS
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	357 if (keytype == DROPBEAR_SIGNKEY_DSS) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	358 dss_key_free(key->dsskey);
586 b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so Matt Johnston <matt@ucc.asn.au> parents: 560 diff changeset	359 key->dsskey = m_malloc(sizeof(*key->dsskey));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	360 ret = buf_get_dss_priv_key(buf, key->dsskey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	361 if (ret == DROPBEAR_FAILURE) {
1409 c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	362 dss_key_free(key->dsskey);
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	363 key->dsskey = NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	364 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	365 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	366 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	367 #if DROPBEAR_RSA
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	368 if (keytype == DROPBEAR_SIGNKEY_RSA) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	369 rsa_key_free(key->rsakey);
586 b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so Matt Johnston <matt@ucc.asn.au> parents: 560 diff changeset	370 key->rsakey = m_malloc(sizeof(*key->rsakey));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	371 ret = buf_get_rsa_priv_key(buf, key->rsakey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	372 if (ret == DROPBEAR_FAILURE) {
1409 c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	373 rsa_key_free(key->rsakey);
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	374 key->rsakey = NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	375 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	376 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	377 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	378 #if DROPBEAR_ECDSA
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 841 diff changeset	379 if (signkey_is_ecdsa(keytype)) {
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	380 ecc_key eck = (ecc_key)signkey_key_ptr(key, keytype);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	381 if (eck) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	382 if (*eck) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	383 ecc_free(*eck);
1058 063c38ea622b Fix some memory leaks in ecc code Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	384 m_free(*eck);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	385 *eck = NULL;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	386 }
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	387 *eck = buf_get_ecdsa_priv_key(buf);
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	388 if (*eck) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	389 ret = DROPBEAR_SUCCESS;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	390 }
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	391 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	392 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	393 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	394 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	395 if (keytype == DROPBEAR_SIGNKEY_ED25519) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	396 ed25519_key_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	397 key->ed25519key = m_malloc(sizeof(*key->ed25519key));
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	398 ret = buf_get_ed25519_priv_key(buf, key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	399 if (ret == DROPBEAR_FAILURE) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	400 m_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	401 key->ed25519key = NULL;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	402 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	403 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	404 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	405
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	406 TRACE2(("leave buf_get_priv_key"))
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	407
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	408 return ret;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	409
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	410 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	411
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	412 /* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	413 void buf_put_pub_key(buffer* buf, sign_key *key, enum signkey_type type) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	414
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	415 buffer *pubkeys;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	416
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	417 TRACE2(("enter buf_put_pub_key"))
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 51 diff changeset	418 pubkeys = buf_new(MAX_PUBKEY_SIZE);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	419
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	420 #if DROPBEAR_DSS
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	421 if (type == DROPBEAR_SIGNKEY_DSS) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	422 buf_put_dss_pub_key(pubkeys, key->dsskey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	423 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	424 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	425 #if DROPBEAR_RSA
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	426 if (type == DROPBEAR_SIGNKEY_RSA) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	427 buf_put_rsa_pub_key(pubkeys, key->rsakey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	428 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	429 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	430 #if DROPBEAR_ECDSA
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 841 diff changeset	431 if (signkey_is_ecdsa(type)) {
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	432 ecc_key eck = (ecc_key)signkey_key_ptr(key, type);
1423 c1c3d5943bfc Fix null pointer dereference found by libfuzzer Matt Johnston <matt@ucc.asn.au> parents: 1409 diff changeset	433 if (eck && *eck) {
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	434 buf_put_ecdsa_pub_key(pubkeys, *eck);
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	435 }
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	436 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	437 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	438 #if DROPBEAR_ED25519
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	439 if (type == DROPBEAR_SIGNKEY_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	440 #if DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	441 \|\| type == DROPBEAR_SIGNKEY_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	442 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	443 ) {
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	444 buf_put_ed25519_pub_key(pubkeys, key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	445 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	446 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	447 if (pubkeys->len == 0) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	448 dropbear_exit("Bad key types in buf_put_pub_key");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	449 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	450
760 f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	451 buf_putbufstring(buf, pubkeys);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	452 buf_free(pubkeys);
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	453 TRACE2(("leave buf_put_pub_key"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	454 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	455
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	456 /* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	457 void buf_put_priv_key(buffer* buf, sign_key *key, enum signkey_type type) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	458
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	459 TRACE(("enter buf_put_priv_key"))
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	460 TRACE(("type is %d", type))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	461
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	462 #if DROPBEAR_DSS
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	463 if (type == DROPBEAR_SIGNKEY_DSS) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	464 buf_put_dss_priv_key(buf, key->dsskey);
1249 c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1122 diff changeset	465 TRACE(("leave buf_put_priv_key: dss done"))
c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1122 diff changeset	466 return;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	467 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	468 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	469 #if DROPBEAR_RSA
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	470 if (type == DROPBEAR_SIGNKEY_RSA) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	471 buf_put_rsa_priv_key(buf, key->rsakey);
1249 c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1122 diff changeset	472 TRACE(("leave buf_put_priv_key: rsa done"))
c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1122 diff changeset	473 return;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	474 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	475 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	476 #if DROPBEAR_ECDSA
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 841 diff changeset	477 if (signkey_is_ecdsa(type)) {
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	478 ecc_key eck = (ecc_key)signkey_key_ptr(key, type);
1423 c1c3d5943bfc Fix null pointer dereference found by libfuzzer Matt Johnston <matt@ucc.asn.au> parents: 1409 diff changeset	479 if (eck && *eck) {
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	480 buf_put_ecdsa_priv_key(buf, *eck);
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	481 TRACE(("leave buf_put_priv_key: ecdsa done"))
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	482 return;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	483 }
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	484 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	485 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	486 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	487 if (type == DROPBEAR_SIGNKEY_ED25519) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	488 buf_put_ed25519_priv_key(buf, key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	489 TRACE(("leave buf_put_priv_key: ed25519 done"))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	490 return;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	491 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	492 #endif
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	493 dropbear_exit("Bad key types in put pub key");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	494 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	495
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	496 void sign_key_free(sign_key *key) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	497
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	498 TRACE2(("enter sign_key_free"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	499
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	500 #if DROPBEAR_DSS
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	501 dss_key_free(key->dsskey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	502 key->dsskey = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	503 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	504 #if DROPBEAR_RSA
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	505 rsa_key_free(key->rsakey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	506 key->rsakey = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	507 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	508 #if DROPBEAR_ECDSA
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	509 #if DROPBEAR_ECC_256
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	510 if (key->ecckey256) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	511 ecc_free(key->ecckey256);
1058 063c38ea622b Fix some memory leaks in ecc code Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	512 m_free(key->ecckey256);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	513 key->ecckey256 = NULL;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	514 }
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	515 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	516 #if DROPBEAR_ECC_384
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	517 if (key->ecckey384) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	518 ecc_free(key->ecckey384);
1058 063c38ea622b Fix some memory leaks in ecc code Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	519 m_free(key->ecckey384);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	520 key->ecckey384 = NULL;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	521 }
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	522 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	523 #if DROPBEAR_ECC_521
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	524 if (key->ecckey521) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	525 ecc_free(key->ecckey521);
1058 063c38ea622b Fix some memory leaks in ecc code Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	526 m_free(key->ecckey521);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	527 key->ecckey521 = NULL;
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	528 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	529 #endif
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	530 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	531 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	532 ed25519_key_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	533 key->ed25519key = NULL;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	534 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	535
551 c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	536 m_free(key->filename);
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	537 #if DROPBEAR_SK_ECDSA \|\| DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	538 if (key->sk_app) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	539 m_free(key->sk_app);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	540 }
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	541 #endif
551 c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	542
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	543 m_free(key);
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	544 TRACE2(("leave sign_key_free"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	545 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	546
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	547 static char hexdig(unsigned char x) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	548 if (x > 0xf)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	549 return 'X';
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	550
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	551 if (x < 10)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	552 return '0' + x;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	553 else
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	554 return 'a' + x - 10;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	555 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	556
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	557 /* Since we're not sure if we'll have md5 or sha1, we present both.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	558 * MD5 is used in preference, but sha1 could still be useful */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	559 #if DROPBEAR_MD5_HMAC
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1424 diff changeset	560 static char * sign_key_md5_fingerprint(const unsigned char* keyblob,
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	561 unsigned int keybloblen) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	562
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	563 char * ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	564 hash_state hs;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	565 unsigned char hash[MD5_HASH_SIZE];
214 5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	566 unsigned int i;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	567 unsigned int buflen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	568
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	569 md5_init(&hs);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	570
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	571 /* skip the size int of the string - this is a bit messy */
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	572 md5_process(&hs, keyblob, keybloblen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	573
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	574 md5_done(&hs, hash);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	575
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	576 /* "md5 hexfingerprinthere\0", each hex digit is "AB:" etc */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	577 buflen = 4 + 3*MD5_HASH_SIZE;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	578 ret = (char*)m_malloc(buflen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	579
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	580 memset(ret, 'Z', buflen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	581 strcpy(ret, "md5 ");
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	582
214 5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	583 for (i = 0; i < MD5_HASH_SIZE; i++) {
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	584 unsigned int pos = 4 + i*3;
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	585 ret[pos] = hexdig(hash[i] >> 4);
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	586 ret[pos+1] = hexdig(hash[i] & 0x0f);
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	587 ret[pos+2] = ':';
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	588 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	589 ret[buflen-1] = 0x0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	590
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	591 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	592 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	593
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	594 #else /* use SHA1 rather than MD5 for fingerprint */
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1424 diff changeset	595 static char * sign_key_sha1_fingerprint(const unsigned char* keyblob,
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	596 unsigned int keybloblen) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	597
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	598 char * ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	599 hash_state hs;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	600 unsigned char hash[SHA1_HASH_SIZE];
214 5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	601 unsigned int i;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	602 unsigned int buflen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	603
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	604 sha1_init(&hs);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	605
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	606 /* skip the size int of the string - this is a bit messy */
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	607 sha1_process(&hs, keyblob, keybloblen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	608
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	609 sha1_done(&hs, hash);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	610
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	611 /* "sha1!! hexfingerprinthere\0", each hex digit is "AB:" etc */
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	612 buflen = 7 + 3*SHA1_HASH_SIZE;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	613 ret = (char*)m_malloc(buflen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	614
1822 fa6ff07dcc77 signkey: remove !! from SHA1 digest (#130) Sven Roederer <devel-sven@geroedel.de> parents: 1754 diff changeset	615 strcpy(ret, "sha1 ");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	616
214 5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	617 for (i = 0; i < SHA1_HASH_SIZE; i++) {
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	618 unsigned int pos = 7 + 3*i;
214 5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	619 ret[pos] = hexdig(hash[i] >> 4);
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	620 ret[pos+1] = hexdig(hash[i] & 0x0f);
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	621 ret[pos+2] = ':';
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	622 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	623 ret[buflen-1] = 0x0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	624
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	625 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	626 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	627
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	628 #endif /* MD5/SHA1 switch */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	629
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	630 /* This will return a freshly malloced string, containing a fingerprint
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	631 * in either sha1 or md5 */
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1424 diff changeset	632 char * sign_key_fingerprint(const unsigned char* keyblob, unsigned int keybloblen) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	633
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	634 #if DROPBEAR_MD5_HMAC
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	635 return sign_key_md5_fingerprint(keyblob, keybloblen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	636 #else
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	637 return sign_key_sha1_fingerprint(keyblob, keybloblen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	638 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	639 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	640
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	641 void buf_put_sign(buffer* buf, sign_key *key, enum signature_type sigtype,
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1424 diff changeset	642 const buffer *data_buf) {
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	643 buffer *sigblob = buf_new(MAX_PUBKEY_SIZE);
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	644 enum signkey_type keytype = signkey_type_from_signature(sigtype);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	645
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	646 #if DEBUG_TRACE
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	647 {
1676 d5cdc60db08e ext-info handling for server-sig-algs Matt Johnston <matt@ucc.asn.au> parents: 1675 diff changeset	648 const char* signame = signature_name_from_type(sigtype, NULL);
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	649 TRACE(("buf_put_sign type %d %s", sigtype, signame));
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	650 }
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	651 #endif
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	652
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	653
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	654 #if DROPBEAR_DSS
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	655 if (keytype == DROPBEAR_SIGNKEY_DSS) {
760 f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	656 buf_put_dss_sign(sigblob, key->dsskey, data_buf);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	657 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	658 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	659 #if DROPBEAR_RSA
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	660 if (keytype == DROPBEAR_SIGNKEY_RSA) {
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	661 buf_put_rsa_sign(sigblob, key->rsakey, sigtype, data_buf);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	662 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	663 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	664 #if DROPBEAR_ECDSA
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	665 if (signkey_is_ecdsa(keytype)) {
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	666 ecc_key eck = (ecc_key)signkey_key_ptr(key, keytype);
1423 c1c3d5943bfc Fix null pointer dereference found by libfuzzer Matt Johnston <matt@ucc.asn.au> parents: 1409 diff changeset	667 if (eck && *eck) {
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	668 buf_put_ecdsa_sign(sigblob, *eck, data_buf);
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	669 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	670 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	671 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	672 #if DROPBEAR_ED25519
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	673 if (keytype == DROPBEAR_SIGNKEY_ED25519) {
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	674 buf_put_ed25519_sign(sigblob, key->ed25519key, data_buf);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	675 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	676 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	677 if (sigblob->len == 0) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	678 dropbear_exit("Non-matching signing type");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	679 }
760 f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	680 buf_putbufstring(buf, sigblob);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	681 buf_free(sigblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	682
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	683 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	684
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	685 #if DROPBEAR_SIGNKEY_VERIFY
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	686
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	687 /* Return DROPBEAR_SUCCESS or DROPBEAR_FAILURE.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	688 * If FAILURE is returned, the position of
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	689 * buf is undefined. If SUCCESS is returned, buf will be positioned after the
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	690 * signature blob */
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	691 int buf_verify(buffer * buf, sign_key key, enum signature_type expect_sigtype, const buffer data_buf) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	692
1094 c45d65392c1a Fix pointer differ in signess warnings [-Werror=pointer-sign] Gaël PORTAY <gael.portay@gmail.com> parents: 1058 diff changeset	693 char *type_name = NULL;
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	694 unsigned int type_name_len = 0;
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	695 enum signature_type sigtype;
ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	696 enum signkey_type keytype;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	697
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	698 TRACE(("enter buf_verify"))
34 e2a1eaa19f22 Client mostly works up to password auth Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	699
864 30ab30e46452 Fix some warnings Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	700 buf_getint(buf); /* blob length */
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1094 diff changeset	701 type_name = buf_getstring(buf, &type_name_len);
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	702 sigtype = signature_type_from_name(type_name, type_name_len);
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	703 m_free(type_name);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	704
1675 ae41624c2198 split signkey_type and signature_type for RSA sha1 vs sha256 Matt Johnston <matt@ucc.asn.au> parents: 1674 diff changeset	705 if (expect_sigtype != sigtype) {
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	706 dropbear_exit("Non-matching signing type");
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	707 }
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	708
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	709 keytype = signkey_type_from_signature(sigtype);
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	710 #if DROPBEAR_DSS
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	711 if (keytype == DROPBEAR_SIGNKEY_DSS) {
244 eb7b9f2bb8e8 - add explicit check that correct keytype exists for pubkey verification Matt Johnston <matt@ucc.asn.au> parents: 214 diff changeset	712 if (key->dsskey == NULL) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	713 dropbear_exit("No DSS key to verify signature");
244 eb7b9f2bb8e8 - add explicit check that correct keytype exists for pubkey verification Matt Johnston <matt@ucc.asn.au> parents: 214 diff changeset	714 }
760 f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	715 return buf_dss_verify(buf, key->dsskey, data_buf);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	716 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	717 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	718
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	719 #if DROPBEAR_RSA
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	720 if (keytype == DROPBEAR_SIGNKEY_RSA) {
244 eb7b9f2bb8e8 - add explicit check that correct keytype exists for pubkey verification Matt Johnston <matt@ucc.asn.au> parents: 214 diff changeset	721 if (key->rsakey == NULL) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	722 dropbear_exit("No RSA key to verify signature");
244 eb7b9f2bb8e8 - add explicit check that correct keytype exists for pubkey verification Matt Johnston <matt@ucc.asn.au> parents: 214 diff changeset	723 }
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	724 return buf_rsa_verify(buf, key->rsakey, sigtype, data_buf);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	725 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	726 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	727 #if DROPBEAR_ECDSA
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	728 if (signkey_is_ecdsa(keytype)) {
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	729 ecc_key eck = (ecc_key)signkey_key_ptr(key, keytype);
1424 8a4b8f026de6 fix null pointer crash Matt Johnston <matt@ucc.asn.au> parents: 1423 diff changeset	730 if (eck && *eck) {
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	731 return buf_ecdsa_verify(buf, *eck, data_buf);
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	732 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	733 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	734 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	735 #if DROPBEAR_ED25519
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	736 if (keytype == DROPBEAR_SIGNKEY_ED25519) {
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	737 if (key->ed25519key == NULL) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	738 dropbear_exit("No Ed25519 key to verify signature");
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	739 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	740 return buf_ed25519_verify(buf, key->ed25519key, data_buf);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	741 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	742 #endif
1855 35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	743 #if DROPBEAR_SK_ECDSA
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	744 if (keytype == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	745 ecc_key eck = (ecc_key)signkey_key_ptr(key, keytype);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	746 if (eck && *eck) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	747 return buf_sk_ecdsa_verify(buf, *eck, data_buf, key->sk_app, key->sk_applen);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	748 }
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	749 }
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	750 #endif
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	751 #if DROPBEAR_SK_ED25519
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	752 if (keytype == DROPBEAR_SIGNKEY_SK_ED25519) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	753 dropbear_ed25519_key eck = (dropbear_ed25519_key)signkey_key_ptr(key, keytype);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	754 if (eck && *eck) {
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	755 return buf_sk_ed25519_verify(buf, *eck, data_buf, key->sk_app, key->sk_applen);
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	756 }
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	757 }
35d504d59c05 Implement server-side support for sk-ecdsa U2F-backed keys (#142) egor-duda <egor-duda@users.noreply.github.com> parents: 1822 diff changeset	758 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	759
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	760 dropbear_exit("Non-matching signing type");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	761 return DROPBEAR_FAILURE;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	762 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	763 #endif /* DROPBEAR_SIGNKEY_VERIFY */
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	764
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	765 #if DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	766
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	767 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE when given a buffer containing
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	768 * a key, a key, and a type. The buffer is positioned at the start of the
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	769 * base64 data, and contains no trailing data */
436 7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	770 /* If fingerprint is non-NULL, it will be set to a malloc()ed fingerprint
7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	771 of the key if it is successfully decoded */
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	772 int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen,
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	773 const unsigned char* algoname, unsigned int algolen,
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1424 diff changeset	774 const buffer * line, char ** fingerprint) {
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	775
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	776 buffer * decodekey = NULL;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	777 int ret = DROPBEAR_FAILURE;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	778 unsigned int len, filealgolen;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	779 unsigned long decodekeylen;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	780 unsigned char* filealgo = NULL;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	781
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	782 /* now we have the actual data */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	783 len = line->len - line->pos;
1371 bc9e2e148f58 avoid NULL argument to base64 decode Matt Johnston <matt@ucc.asn.au> parents: 1369 diff changeset	784 if (len == 0) {
bc9e2e148f58 avoid NULL argument to base64 decode Matt Johnston <matt@ucc.asn.au> parents: 1369 diff changeset	785 /* base64_decode doesn't like NULL argument */
bc9e2e148f58 avoid NULL argument to base64 decode Matt Johnston <matt@ucc.asn.au> parents: 1369 diff changeset	786 return DROPBEAR_FAILURE;
bc9e2e148f58 avoid NULL argument to base64 decode Matt Johnston <matt@ucc.asn.au> parents: 1369 diff changeset	787 }
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	788 decodekeylen = len * 2; /* big to be safe */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	789 decodekey = buf_new(decodekeylen);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	790
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	791 if (base64_decode(buf_getptr(line, len), len,
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	792 buf_getwriteptr(decodekey, decodekey->size),
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	793 &decodekeylen) != CRYPT_OK) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	794 TRACE(("checkpubkey: base64 decode failed"))
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	795 goto out;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	796 }
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	797 TRACE(("checkpubkey: base64_decode success"))
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	798 buf_incrlen(decodekey, decodekeylen);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	799
436 7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	800 if (fingerprint) {
7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	801 *fingerprint = sign_key_fingerprint(buf_getptr(decodekey, decodekeylen),
7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	802 decodekeylen);
7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	803 }
7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	804
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	805 /* compare the keys */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	806 if ( ( decodekeylen != keybloblen )
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	807 \|\| memcmp( buf_getptr(decodekey, decodekey->len),
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	808 keyblob, decodekey->len) != 0) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	809 TRACE(("checkpubkey: compare failed"))
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	810 goto out;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	811 }
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	812
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	813 /* ... and also check that the algo specified and the algo in the key
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	814 * itself match */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	815 filealgolen = buf_getint(decodekey);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	816 filealgo = buf_getptr(decodekey, filealgolen);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	817 if (filealgolen != algolen \|\| memcmp(filealgo, algoname, algolen) != 0) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	818 TRACE(("checkpubkey: algo match failed"))
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	819 goto out;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	820 }
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	821
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	822 /* All checks passed */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	823 ret = DROPBEAR_SUCCESS;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	824
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	825 out:
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	826 buf_free(decodekey);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	827 decodekey = NULL;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	828 return ret;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	829 }
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	830 #endif
1369 ddfcadca3c4c fuzzer-pubkey Matt Johnston <matt@ucc.asn.au> parents: 1362 diff changeset	831
1558 2f64cb3d3007 - #if not #ifdef for DROPBEAR_FUZZ Matt Johnston <matt@ucc.asn.au> parents: 1511 diff changeset	832 #if DROPBEAR_FUZZ
1369 ddfcadca3c4c fuzzer-pubkey Matt Johnston <matt@ucc.asn.au> parents: 1362 diff changeset	833 const char * const * fuzz_signkey_names = signkey_names;
ddfcadca3c4c fuzzer-pubkey Matt Johnston <matt@ucc.asn.au> parents: 1362 diff changeset	834
ddfcadca3c4c fuzzer-pubkey Matt Johnston <matt@ucc.asn.au> parents: 1362 diff changeset	835 #endif

Mercurial > dropbear

annotate signkey.c @ 1861:2b3a8026a6ce