Mercurial > dropbear
annotate gensignkey.c @ 1306:34e6127ef02e
merge fixes from PuTTY import.c
toint() from misc.c
(revids are from hggit conversion)
changeset: 4620:60a336a6c85c
user: Simon Tatham <[email protected]>
date: Thu Feb 25 20:26:33 2016 +0000
files: import.c
description:
Fix potential segfaults in reading OpenSSH's ASN.1 key format.
The length coming back from ber_read_id_len might have overflowed, so
treat it as potentially negative. Also, while I'm here, accumulate it
inside ber_read_id_len as an unsigned, so as to avoid undefined
behaviour on integer overflow, and toint() it before return.
Thanks to Hanno Böck for spotting this, with the aid of AFL.
(cherry picked from commit 5b7833cd474a24ec098654dcba8cb9509f3bf2c1)
Conflicts:
import.c
(cherry-picker's note: resolving the conflict involved removing an
entire section of the original commit which fixed ECDSA code not
present on this branch)
changeset: 4619:9c6c638d98d8
user: Simon Tatham <[email protected]>
date: Sun Jul 14 10:45:54 2013 +0000
files: import.c ssh.c sshdss.c sshpubk.c sshrsa.c
description:
Tighten up a lot of casts from unsigned to int which are read by one
of the GET_32BIT macros and then used as length fields. Missing bounds
checks against zero have been added, and also I've introduced a helper
function toint() which casts from unsigned to int in such a way as to
avoid C undefined behaviour, since I'm not sure I trust compilers any
more to do the obviously sensible thing.
[originally from svn r9918]
changeset: 4618:3957829f24d3
user: Simon Tatham <[email protected]>
date: Mon Jul 08 22:36:04 2013 +0000
files: import.c sshdss.c sshrsa.c
description:
Add an assortment of extra safety checks.
[originally from svn r9896]
changeset: 4617:2cddee0bce12
user: Jacob Nevins <[email protected]>
date: Wed Dec 07 00:24:45 2005 +0000
files: import.c
description:
Institutional failure to memset() things pointed at rather than pointers.
Things should now be zeroed and memory not leaked. Spotted by Brant Thomsen.
[originally from svn r6476]
changeset: 4616:24ac78a9c71d
user: Simon Tatham <[email protected]>
date: Wed Feb 11 13:58:27 2004 +0000
files: import.c
description:
Jacob's last-minute testing found a couple of trivial bugs in
import.c, and my attempts to reproduce them in cmdgen found another
one there :-)
[originally from svn r3847]
changeset: 4615:088d39a73db0
user: Simon Tatham <[email protected]>
date: Thu Jan 22 18:52:49 2004 +0000
files: import.c
description:
Placate some gcc warnings.
[originally from svn r3761]
changeset: 4614:e4288bad4d93
parent: 1758:108b8924593d
user: Simon Tatham <[email protected]>
date: Fri Oct 03 21:21:23 2003 +0000
files: import.c
description:
My ASN.1 decoder returned wrong IDs for anything above 0x1E! Good
job it's never had to yet. Ahem.
[originally from svn r3479]
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Tue, 12 Jul 2016 23:00:01 +0800 |
parents | 2bb4c662d1c2 |
children | 750ec4ec4cbe efad433418c4 |
rev | line source |
---|---|
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 #include "includes.h" |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 #include "dbutil.h" |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 #include "buffer.h" |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 #include "ecdsa.h" |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 #include "genrsa.h" |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 #include "gendss.h" |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 #include "signkey.h" |
858
220f55d540ae
rename random.h to dbrandom.h since some OSes have a system random.h
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
8 #include "dbrandom.h" |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 #define RSA_DEFAULT_SIZE 2048 |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 #define DSS_DEFAULT_SIZE 1024 |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 |
857 | 13 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 static int buf_writefile(buffer * buf, const char * filename) { |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 int ret = DROPBEAR_FAILURE; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 int fd = -1; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 fd = open(filename, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 if (fd < 0) { |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 dropbear_log(LOG_ERR, "Couldn't create new file %s: %s", |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 filename, strerror(errno)); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 goto out; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 } |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 /* write the file now */ |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 while (buf->pos != buf->len) { |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 int len = write(fd, buf_getptr(buf, buf->len - buf->pos), |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 buf->len - buf->pos); |
888 | 29 if (len == -1 && errno == EINTR) { |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 continue; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 } |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 if (len <= 0) { |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 dropbear_log(LOG_ERR, "Failed writing file %s: %s", |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 filename, strerror(errno)); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 goto out; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 } |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
37 buf_incrpos(buf, len); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
38 } |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
40 ret = DROPBEAR_SUCCESS; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
41 |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 out: |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 if (fd >= 0) { |
983
2b62f26cf808
Open directories O_RDONLY for fsync, add debugging if it fails
Matt Johnston <matt@ucc.asn.au>
parents:
982
diff
changeset
|
44 if (fsync(fd) != 0) { |
2b62f26cf808
Open directories O_RDONLY for fsync, add debugging if it fails
Matt Johnston <matt@ucc.asn.au>
parents:
982
diff
changeset
|
45 dropbear_log(LOG_ERR, "fsync of %s failed: %s", filename, strerror(errno)); |
2b62f26cf808
Open directories O_RDONLY for fsync, add debugging if it fails
Matt Johnston <matt@ucc.asn.au>
parents:
982
diff
changeset
|
46 } |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 m_close(fd); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 } |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
49 return ret; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
50 } |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 /* returns 0 on failure */ |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 static int get_default_bits(enum signkey_type keytype) |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 { |
1250 | 55 switch (keytype) { |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
56 #ifdef DROPBEAR_RSA |
1250 | 57 case DROPBEAR_SIGNKEY_RSA: |
58 return RSA_DEFAULT_SIZE; | |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 #endif |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
60 #ifdef DROPBEAR_DSS |
1250 | 61 case DROPBEAR_SIGNKEY_DSS: |
62 return DSS_DEFAULT_SIZE; | |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
63 #endif |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
64 #ifdef DROPBEAR_ECDSA |
1250 | 65 case DROPBEAR_SIGNKEY_ECDSA_KEYGEN: |
66 return ECDSA_DEFAULT_SIZE; | |
67 case DROPBEAR_SIGNKEY_ECDSA_NISTP521: | |
68 return 521; | |
69 case DROPBEAR_SIGNKEY_ECDSA_NISTP384: | |
70 return 384; | |
71 case DROPBEAR_SIGNKEY_ECDSA_NISTP256: | |
72 return 256; | |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
73 #endif |
1250 | 74 default: |
75 return 0; | |
76 } | |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
77 } |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
78 |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
79 int signkey_generate(enum signkey_type keytype, int bits, const char* filename) |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
80 { |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
81 sign_key * key = NULL; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
82 buffer *buf = NULL; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
83 int ret = DROPBEAR_FAILURE; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
84 if (bits == 0) |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
85 { |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
86 bits = get_default_bits(keytype); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
87 } |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
88 |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
89 /* now we can generate the key */ |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
90 key = new_sign_key(); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
91 |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
92 seedrandom(); |
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
93 |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
94 switch(keytype) { |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
95 #ifdef DROPBEAR_RSA |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
96 case DROPBEAR_SIGNKEY_RSA: |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
97 key->rsakey = gen_rsa_priv_key(bits); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
98 break; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
99 #endif |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
100 #ifdef DROPBEAR_DSS |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
101 case DROPBEAR_SIGNKEY_DSS: |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
102 key->dsskey = gen_dss_priv_key(bits); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
103 break; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
104 #endif |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
105 #ifdef DROPBEAR_ECDSA |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
106 case DROPBEAR_SIGNKEY_ECDSA_KEYGEN: |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
107 case DROPBEAR_SIGNKEY_ECDSA_NISTP521: |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
108 case DROPBEAR_SIGNKEY_ECDSA_NISTP384: |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
109 case DROPBEAR_SIGNKEY_ECDSA_NISTP256: |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
110 { |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
111 ecc_key *ecckey = gen_ecdsa_priv_key(bits); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
112 keytype = ecdsa_signkey_type(ecckey); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
113 *signkey_key_ptr(key, keytype) = ecckey; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
114 } |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
115 break; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
116 #endif |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
117 default: |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
118 dropbear_exit("Internal error"); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
119 } |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
120 |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
121 seedrandom(); |
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
122 |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
123 buf = buf_new(MAX_PRIVKEY_SIZE); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
124 |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
125 buf_put_priv_key(buf, key, keytype); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
126 sign_key_free(key); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
127 key = NULL; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
128 buf_setpos(buf, 0); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 ret = buf_writefile(buf, filename); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
130 |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
131 buf_burn(buf); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
132 buf_free(buf); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
133 buf = NULL; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
134 return ret; |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
135 } |