Mercurial > dropbear
annotate signkey.c @ 994:5c5ade336926
Prefer stronger algorithms in algorithm negotiation.
Prefer diffie-hellman-group14-sha1 (2048 bit) over
diffie-hellman-group1-sha1 (1024 bit).
Due to meet-in-the-middle attacks the effective key length of
three key 3DES is 112 bits. AES is stronger and faster then 3DES.
Prefer to delay the start of compression until after authentication
has completed. This avoids exposing compression code to attacks
from unauthenticated users.
(github pull request #9)
author | Fedor Brunner <fedor.brunner@azet.sk> |
---|---|
date | Fri, 23 Jan 2015 23:00:25 +0800 |
parents | 25692c60479e |
children | 0da8ba489c23 |
rev | line source |
---|---|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Dropbear - a SSH2 server |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 * Copyright (c) 2002,2003 Matt Johnston |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * All rights reserved. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * Permission is hereby granted, free of charge, to any person obtaining a copy |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * of this software and associated documentation files (the "Software"), to deal |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * in the Software without restriction, including without limitation the rights |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * copies of the Software, and to permit persons to whom the Software is |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * furnished to do so, subject to the following conditions: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * The above copyright notice and this permission notice shall be included in |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * all copies or substantial portions of the Software. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * SOFTWARE. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 #include "includes.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 #include "dbutil.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 #include "signkey.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 #include "buffer.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 #include "ssh.h" |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
30 #include "ecdsa.h" |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
31 |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
32 static const char *signkey_names[DROPBEAR_SIGNKEY_NUM_NAMED] = { |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
33 #ifdef DROPBEAR_RSA |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
34 "ssh-rsa", |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
35 #endif |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
36 #ifdef DROPBEAR_DSS |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
37 "ssh-dss", |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
38 #endif |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
39 #ifdef DROPBEAR_ECDSA |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
40 "ecdsa-sha2-nistp256", |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
41 "ecdsa-sha2-nistp384", |
852
7540c0822374
Various cleanups and fixes for warnings
Matt Johnston <matt@ucc.asn.au>
parents:
847
diff
changeset
|
42 "ecdsa-sha2-nistp521" |
857 | 43 #endif /* DROPBEAR_ECDSA */ |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
44 }; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 /* malloc a new sign_key and set the dss and rsa keys to NULL */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 sign_key * new_sign_key() { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
49 sign_key * ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
50 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 ret = (sign_key*)m_malloc(sizeof(sign_key)); |
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
436
diff
changeset
|
52 ret->type = DROPBEAR_SIGNKEY_NONE; |
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
436
diff
changeset
|
53 ret->source = SIGNKEY_SOURCE_INVALID; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 return ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
56 |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
57 /* Returns key name corresponding to the type. Exits fatally |
44 | 58 * if the type is invalid */ |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
59 const char* signkey_name_from_type(enum signkey_type type, unsigned int *namelen) { |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
60 if (type >= DROPBEAR_SIGNKEY_NUM_NAMED) { |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
61 dropbear_exit("Bad key type %d", type); |
44 | 62 } |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
63 |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
64 if (namelen) { |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
65 *namelen = strlen(signkey_names[type]); |
44 | 66 } |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
67 return signkey_names[type]; |
44 | 68 } |
69 | |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
70 /* Returns DROPBEAR_SIGNKEY_NONE if none match */ |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
71 enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen) { |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
72 int i; |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
73 for (i = 0; i < DROPBEAR_SIGNKEY_NUM_NAMED; i++) { |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
74 const char *fixed_name = signkey_names[i]; |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
75 if (namelen == strlen(fixed_name) |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
76 && memcmp(fixed_name, name, namelen) == 0) { |
44 | 77 |
795 | 78 #ifdef DROPBEAR_ECDSA |
79 /* Some of the ECDSA key sizes are defined even if they're not compiled in */ | |
80 if (0 | |
81 #ifndef DROPBEAR_ECC_256 | |
82 || i == DROPBEAR_SIGNKEY_ECDSA_NISTP256 | |
83 #endif | |
84 #ifndef DROPBEAR_ECC_384 | |
85 || i == DROPBEAR_SIGNKEY_ECDSA_NISTP384 | |
44 | 86 #endif |
795 | 87 #ifndef DROPBEAR_ECC_521 |
88 || i == DROPBEAR_SIGNKEY_ECDSA_NISTP521 | |
89 #endif | |
90 ) { | |
91 TRACE(("attempt to use ecdsa type %d not compiled in", i)) | |
92 return DROPBEAR_SIGNKEY_NONE; | |
93 } | |
94 #endif | |
95 | |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
96 return i; |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
97 } |
44 | 98 } |
99 | |
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
436
diff
changeset
|
100 TRACE(("signkey_type_from_name unexpected key type.")) |
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
436
diff
changeset
|
101 |
44 | 102 return DROPBEAR_SIGNKEY_NONE; |
103 } | |
104 | |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
105 /* Returns a pointer to the key part specific to "type" */ |
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
106 void ** |
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
107 signkey_key_ptr(sign_key *key, enum signkey_type type) { |
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
108 switch (type) { |
935
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
864
diff
changeset
|
109 #ifdef DROPBEAR_ECDSA |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
110 #ifdef DROPBEAR_ECC_256 |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
111 case DROPBEAR_SIGNKEY_ECDSA_NISTP256: |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
112 return (void**)&key->ecckey256; |
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
113 #endif |
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
114 #ifdef DROPBEAR_ECC_384 |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
115 case DROPBEAR_SIGNKEY_ECDSA_NISTP384: |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
116 return (void**)&key->ecckey384; |
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
117 #endif |
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
118 #ifdef DROPBEAR_ECC_521 |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
119 case DROPBEAR_SIGNKEY_ECDSA_NISTP521: |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
120 return (void**)&key->ecckey521; |
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
121 #endif |
935
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
864
diff
changeset
|
122 #endif /* DROPBEAR_ECDSA */ |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
123 #ifdef DROPBEAR_RSA |
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
124 case DROPBEAR_SIGNKEY_RSA: |
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
125 return (void**)&key->rsakey; |
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
126 #endif |
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
127 #ifdef DROPBEAR_DSS |
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
128 case DROPBEAR_SIGNKEY_DSS: |
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
129 return (void**)&key->dsskey; |
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
130 #endif |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
131 default: |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
132 return NULL; |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
133 } |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
134 } |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
135 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
136 /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail. |
26 | 137 * type should be set by the caller to specify the type to read, and |
138 * on return is set to the type read (useful when type = _ANY) */ | |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
139 int buf_get_pub_key(buffer *buf, sign_key *key, enum signkey_type *type) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
140 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
141 unsigned char* ident; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
142 unsigned int len; |
44 | 143 int keytype; |
144 int ret = DROPBEAR_FAILURE; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
145 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
651
diff
changeset
|
146 TRACE2(("enter buf_get_pub_key")) |
34
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
26
diff
changeset
|
147 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
148 ident = buf_getstring(buf, &len); |
44 | 149 keytype = signkey_type_from_name(ident, len); |
150 m_free(ident); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
151 |
44 | 152 if (*type != DROPBEAR_SIGNKEY_ANY && *type != keytype) { |
651
a48a1f6ab43e
- Fix some format strings in TRACE()s
Matt Johnston <matt@ucc.asn.au>
parents:
594
diff
changeset
|
153 TRACE(("buf_get_pub_key bad type - got %d, expected %d", keytype, *type)) |
44 | 154 return DROPBEAR_FAILURE; |
155 } | |
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
436
diff
changeset
|
156 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
651
diff
changeset
|
157 TRACE2(("buf_get_pub_key keytype is %d", keytype)) |
44 | 158 |
159 *type = keytype; | |
160 | |
161 /* Rewind the buffer back before "ssh-rsa" etc */ | |
162 buf_incrpos(buf, -len - 4); | |
34
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
26
diff
changeset
|
163 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
164 #ifdef DROPBEAR_DSS |
44 | 165 if (keytype == DROPBEAR_SIGNKEY_DSS) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
166 dss_key_free(key->dsskey); |
586
b50f0107e505
Rename rsa_key to dropbear_rsa_key (and same for dss too) so
Matt Johnston <matt@ucc.asn.au>
parents:
560
diff
changeset
|
167 key->dsskey = m_malloc(sizeof(*key->dsskey)); |
44 | 168 ret = buf_get_dss_pub_key(buf, key->dsskey); |
169 if (ret == DROPBEAR_FAILURE) { | |
170 m_free(key->dsskey); | |
171 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
172 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
173 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
174 #ifdef DROPBEAR_RSA |
44 | 175 if (keytype == DROPBEAR_SIGNKEY_RSA) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
176 rsa_key_free(key->rsakey); |
586
b50f0107e505
Rename rsa_key to dropbear_rsa_key (and same for dss too) so
Matt Johnston <matt@ucc.asn.au>
parents:
560
diff
changeset
|
177 key->rsakey = m_malloc(sizeof(*key->rsakey)); |
44 | 178 ret = buf_get_rsa_pub_key(buf, key->rsakey); |
179 if (ret == DROPBEAR_FAILURE) { | |
180 m_free(key->rsakey); | |
181 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
182 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
183 #endif |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
184 #ifdef DROPBEAR_ECDSA |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
841
diff
changeset
|
185 if (signkey_is_ecdsa(keytype)) { |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
186 ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype); |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
187 if (eck) { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
188 if (*eck) { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
189 ecc_free(*eck); |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
190 *eck = NULL; |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
191 } |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
192 *eck = buf_get_ecdsa_pub_key(buf); |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
193 if (*eck) { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
194 ret = DROPBEAR_SUCCESS; |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
195 } |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
196 } |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
197 } |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
198 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
199 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
651
diff
changeset
|
200 TRACE2(("leave buf_get_pub_key")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
201 |
44 | 202 return ret; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
203 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
204 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
205 |
44 | 206 /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail. |
207 * type should be set by the caller to specify the type to read, and | |
208 * on return is set to the type read (useful when type = _ANY) */ | |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
209 int buf_get_priv_key(buffer *buf, sign_key *key, enum signkey_type *type) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
210 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
211 unsigned char* ident; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
212 unsigned int len; |
44 | 213 int keytype; |
214 int ret = DROPBEAR_FAILURE; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
215 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
651
diff
changeset
|
216 TRACE2(("enter buf_get_priv_key")) |
44 | 217 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
218 ident = buf_getstring(buf, &len); |
44 | 219 keytype = signkey_type_from_name(ident, len); |
220 m_free(ident); | |
221 | |
222 if (*type != DROPBEAR_SIGNKEY_ANY && *type != keytype) { | |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
107
diff
changeset
|
223 TRACE(("wrong key type: %d %d", *type, keytype)) |
44 | 224 return DROPBEAR_FAILURE; |
225 } | |
226 | |
227 *type = keytype; | |
228 | |
229 /* Rewind the buffer back before "ssh-rsa" etc */ | |
230 buf_incrpos(buf, -len - 4); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
231 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
232 #ifdef DROPBEAR_DSS |
44 | 233 if (keytype == DROPBEAR_SIGNKEY_DSS) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
234 dss_key_free(key->dsskey); |
586
b50f0107e505
Rename rsa_key to dropbear_rsa_key (and same for dss too) so
Matt Johnston <matt@ucc.asn.au>
parents:
560
diff
changeset
|
235 key->dsskey = m_malloc(sizeof(*key->dsskey)); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
236 ret = buf_get_dss_priv_key(buf, key->dsskey); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
237 if (ret == DROPBEAR_FAILURE) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
238 m_free(key->dsskey); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
239 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
240 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
241 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
242 #ifdef DROPBEAR_RSA |
44 | 243 if (keytype == DROPBEAR_SIGNKEY_RSA) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
244 rsa_key_free(key->rsakey); |
586
b50f0107e505
Rename rsa_key to dropbear_rsa_key (and same for dss too) so
Matt Johnston <matt@ucc.asn.au>
parents:
560
diff
changeset
|
245 key->rsakey = m_malloc(sizeof(*key->rsakey)); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
246 ret = buf_get_rsa_priv_key(buf, key->rsakey); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
247 if (ret == DROPBEAR_FAILURE) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
248 m_free(key->rsakey); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
249 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
250 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
251 #endif |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
252 #ifdef DROPBEAR_ECDSA |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
841
diff
changeset
|
253 if (signkey_is_ecdsa(keytype)) { |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
254 ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype); |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
255 if (eck) { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
256 if (*eck) { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
257 ecc_free(*eck); |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
258 *eck = NULL; |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
259 } |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
260 *eck = buf_get_ecdsa_priv_key(buf); |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
261 if (*eck) { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
262 ret = DROPBEAR_SUCCESS; |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
263 } |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
264 } |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
265 } |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
266 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
267 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
651
diff
changeset
|
268 TRACE2(("leave buf_get_priv_key")) |
44 | 269 |
270 return ret; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
271 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
272 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
273 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
274 /* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */ |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
275 void buf_put_pub_key(buffer* buf, sign_key *key, enum signkey_type type) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
276 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
277 buffer *pubkeys; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
278 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
651
diff
changeset
|
279 TRACE2(("enter buf_put_pub_key")) |
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
51
diff
changeset
|
280 pubkeys = buf_new(MAX_PUBKEY_SIZE); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
281 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
282 #ifdef DROPBEAR_DSS |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
283 if (type == DROPBEAR_SIGNKEY_DSS) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
284 buf_put_dss_pub_key(pubkeys, key->dsskey); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
285 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
286 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
287 #ifdef DROPBEAR_RSA |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
288 if (type == DROPBEAR_SIGNKEY_RSA) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
289 buf_put_rsa_pub_key(pubkeys, key->rsakey); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
290 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
291 #endif |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
292 #ifdef DROPBEAR_ECDSA |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
841
diff
changeset
|
293 if (signkey_is_ecdsa(type)) { |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
294 ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type); |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
295 if (eck) { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
296 buf_put_ecdsa_pub_key(pubkeys, *eck); |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
297 } |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
298 } |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
299 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
300 if (pubkeys->len == 0) { |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
586
diff
changeset
|
301 dropbear_exit("Bad key types in buf_put_pub_key"); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
302 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
303 |
760
f336d232fc63
Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents:
651
diff
changeset
|
304 buf_putbufstring(buf, pubkeys); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
305 buf_free(pubkeys); |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
651
diff
changeset
|
306 TRACE2(("leave buf_put_pub_key")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
307 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
308 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
309 /* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */ |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
310 void buf_put_priv_key(buffer* buf, sign_key *key, enum signkey_type type) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
311 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
107
diff
changeset
|
312 TRACE(("enter buf_put_priv_key")) |
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
107
diff
changeset
|
313 TRACE(("type is %d", type)) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
314 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
315 #ifdef DROPBEAR_DSS |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
316 if (type == DROPBEAR_SIGNKEY_DSS) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
317 buf_put_dss_priv_key(buf, key->dsskey); |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
107
diff
changeset
|
318 TRACE(("leave buf_put_priv_key: dss done")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
319 return; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
320 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
321 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
322 #ifdef DROPBEAR_RSA |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
323 if (type == DROPBEAR_SIGNKEY_RSA) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
324 buf_put_rsa_priv_key(buf, key->rsakey); |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
107
diff
changeset
|
325 TRACE(("leave buf_put_priv_key: rsa done")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
326 return; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
327 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
328 #endif |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
329 #ifdef DROPBEAR_ECDSA |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
841
diff
changeset
|
330 if (signkey_is_ecdsa(type)) { |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
331 ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type); |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
332 if (eck) { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
333 buf_put_ecdsa_priv_key(buf, *eck); |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
334 TRACE(("leave buf_put_priv_key: ecdsa done")) |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
335 return; |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
336 } |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
337 } |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
338 #endif |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
586
diff
changeset
|
339 dropbear_exit("Bad key types in put pub key"); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
340 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
341 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
342 void sign_key_free(sign_key *key) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
343 |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
651
diff
changeset
|
344 TRACE2(("enter sign_key_free")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
345 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
346 #ifdef DROPBEAR_DSS |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
347 dss_key_free(key->dsskey); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
348 key->dsskey = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
349 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
350 #ifdef DROPBEAR_RSA |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
351 rsa_key_free(key->rsakey); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
352 key->rsakey = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
353 #endif |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
354 #ifdef DROPBEAR_ECDSA |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
355 #ifdef DROPBEAR_ECC_256 |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
356 if (key->ecckey256) { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
357 ecc_free(key->ecckey256); |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
358 key->ecckey256 = NULL; |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
359 } |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
360 #endif |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
361 #ifdef DROPBEAR_ECC_384 |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
362 if (key->ecckey384) { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
363 ecc_free(key->ecckey384); |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
364 key->ecckey384 = NULL; |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
365 } |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
366 #endif |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
367 #ifdef DROPBEAR_ECC_521 |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
368 if (key->ecckey521) { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
369 ecc_free(key->ecckey521); |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
370 key->ecckey521 = NULL; |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
371 } |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
372 #endif |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
373 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
374 |
551
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
436
diff
changeset
|
375 m_free(key->filename); |
c3f2ec71e3d4
New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList
Matt Johnston <matt@ucc.asn.au>
parents:
436
diff
changeset
|
376 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
377 m_free(key); |
731
9a5438271556
Move the more verbose TRACE() statements into TRACE2()
Matt Johnston <matt@ucc.asn.au>
parents:
651
diff
changeset
|
378 TRACE2(("leave sign_key_free")) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
379 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
380 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
381 static char hexdig(unsigned char x) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
382 if (x > 0xf) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
383 return 'X'; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
384 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
385 if (x < 10) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
386 return '0' + x; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
387 else |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
388 return 'a' + x - 10; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
389 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
390 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
391 /* Since we're not sure if we'll have md5 or sha1, we present both. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
392 * MD5 is used in preference, but sha1 could still be useful */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
393 #ifdef DROPBEAR_MD5_HMAC |
51
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
394 static char * sign_key_md5_fingerprint(unsigned char* keyblob, |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
395 unsigned int keybloblen) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
396 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
397 char * ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
398 hash_state hs; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
399 unsigned char hash[MD5_HASH_SIZE]; |
214
5a75f8a21503
Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
400 unsigned int i; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
401 unsigned int buflen; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
402 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
403 md5_init(&hs); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
404 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
405 /* skip the size int of the string - this is a bit messy */ |
51
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
406 md5_process(&hs, keyblob, keybloblen); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
407 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
408 md5_done(&hs, hash); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
409 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
410 /* "md5 hexfingerprinthere\0", each hex digit is "AB:" etc */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
411 buflen = 4 + 3*MD5_HASH_SIZE; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
412 ret = (char*)m_malloc(buflen); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
413 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
414 memset(ret, 'Z', buflen); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
415 strcpy(ret, "md5 "); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
416 |
214
5a75f8a21503
Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
417 for (i = 0; i < MD5_HASH_SIZE; i++) { |
5a75f8a21503
Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
418 unsigned int pos = 4 + i*3; |
5a75f8a21503
Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
419 ret[pos] = hexdig(hash[i] >> 4); |
5a75f8a21503
Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
420 ret[pos+1] = hexdig(hash[i] & 0x0f); |
5a75f8a21503
Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
421 ret[pos+2] = ':'; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
422 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
423 ret[buflen-1] = 0x0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
424 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
425 return ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
426 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
427 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
428 #else /* use SHA1 rather than MD5 for fingerprint */ |
51
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
429 static char * sign_key_sha1_fingerprint(unsigned char* keyblob, |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
430 unsigned int keybloblen) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
431 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
432 char * ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
433 hash_state hs; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
434 unsigned char hash[SHA1_HASH_SIZE]; |
214
5a75f8a21503
Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
435 unsigned int i; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
436 unsigned int buflen; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
437 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
438 sha1_init(&hs); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
439 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
440 /* skip the size int of the string - this is a bit messy */ |
51
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
441 sha1_process(&hs, keyblob, keybloblen); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
442 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
443 sha1_done(&hs, hash); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
444 |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
445 /* "sha1!! hexfingerprinthere\0", each hex digit is "AB:" etc */ |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
446 buflen = 7 + 3*SHA1_HASH_SIZE; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
447 ret = (char*)m_malloc(buflen); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
448 |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
449 strcpy(ret, "sha1!! "); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
450 |
214
5a75f8a21503
Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
451 for (i = 0; i < SHA1_HASH_SIZE; i++) { |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
452 unsigned int pos = 7 + 3*i; |
214
5a75f8a21503
Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
453 ret[pos] = hexdig(hash[i] >> 4); |
5a75f8a21503
Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
454 ret[pos+1] = hexdig(hash[i] & 0x0f); |
5a75f8a21503
Change the format of for loops, gcc4 produces incorrect binaries with
Matt Johnston <matt@ucc.asn.au>
parents:
165
diff
changeset
|
455 ret[pos+2] = ':'; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
456 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
457 ret[buflen-1] = 0x0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
458 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
459 return ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
460 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
461 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
462 #endif /* MD5/SHA1 switch */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
463 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
464 /* This will return a freshly malloced string, containing a fingerprint |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
465 * in either sha1 or md5 */ |
51
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
466 char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
467 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
468 #ifdef DROPBEAR_MD5_HMAC |
51
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
469 return sign_key_md5_fingerprint(keyblob, keybloblen); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
470 #else |
51
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
471 return sign_key_sha1_fingerprint(keyblob, keybloblen); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
472 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
473 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
474 |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
475 void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type, |
760
f336d232fc63
Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents:
651
diff
changeset
|
476 buffer *data_buf) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
477 buffer *sigblob; |
70
b0316ce64e4b
Merging in the changes from 0.41-0.43 main Dropbear tree
Matt Johnston <matt@ucc.asn.au>
parents:
51
diff
changeset
|
478 sigblob = buf_new(MAX_PUBKEY_SIZE); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
479 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
480 #ifdef DROPBEAR_DSS |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
481 if (type == DROPBEAR_SIGNKEY_DSS) { |
760
f336d232fc63
Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents:
651
diff
changeset
|
482 buf_put_dss_sign(sigblob, key->dsskey, data_buf); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
483 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
484 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
485 #ifdef DROPBEAR_RSA |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
486 if (type == DROPBEAR_SIGNKEY_RSA) { |
760
f336d232fc63
Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents:
651
diff
changeset
|
487 buf_put_rsa_sign(sigblob, key->rsakey, data_buf); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
488 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
489 #endif |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
490 #ifdef DROPBEAR_ECDSA |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
841
diff
changeset
|
491 if (signkey_is_ecdsa(type)) { |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
492 ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type); |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
493 if (eck) { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
494 buf_put_ecdsa_sign(sigblob, *eck, data_buf); |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
495 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
496 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
497 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
498 if (sigblob->len == 0) { |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
586
diff
changeset
|
499 dropbear_exit("Non-matching signing type"); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
500 } |
760
f336d232fc63
Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents:
651
diff
changeset
|
501 buf_putbufstring(buf, sigblob); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
502 buf_free(sigblob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
503 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
504 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
505 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
506 #ifdef DROPBEAR_SIGNKEY_VERIFY |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
507 /* Return DROPBEAR_SUCCESS or DROPBEAR_FAILURE. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
508 * If FAILURE is returned, the position of |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
509 * buf is undefined. If SUCCESS is returned, buf will be positioned after the |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
510 * signature blob */ |
760
f336d232fc63
Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents:
651
diff
changeset
|
511 int buf_verify(buffer * buf, sign_key *key, buffer *data_buf) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
512 |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
513 unsigned char * type_name = NULL; |
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
514 unsigned int type_name_len = 0; |
855
04ede40a529a
- Some fixes for old compilers like tru64 v4 from Daniel Richard G.
Matt Johnston <matt@ucc.asn.au>
parents:
852
diff
changeset
|
515 enum signkey_type type; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
516 |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
107
diff
changeset
|
517 TRACE(("enter buf_verify")) |
34
e2a1eaa19f22
Client mostly works up to password auth
Matt Johnston <matt@ucc.asn.au>
parents:
26
diff
changeset
|
518 |
864 | 519 buf_getint(buf); /* blob length */ |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
520 type_name = buf_getstring(buf, &type_name_len); |
855
04ede40a529a
- Some fixes for old compilers like tru64 v4 from Daniel Richard G.
Matt Johnston <matt@ucc.asn.au>
parents:
852
diff
changeset
|
521 type = signkey_type_from_name(type_name, type_name_len); |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
522 m_free(type_name); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
523 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
524 #ifdef DROPBEAR_DSS |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
525 if (type == DROPBEAR_SIGNKEY_DSS) { |
244
eb7b9f2bb8e8
- add explicit check that correct keytype exists for pubkey verification
Matt Johnston <matt@ucc.asn.au>
parents:
214
diff
changeset
|
526 if (key->dsskey == NULL) { |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
586
diff
changeset
|
527 dropbear_exit("No DSS key to verify signature"); |
244
eb7b9f2bb8e8
- add explicit check that correct keytype exists for pubkey verification
Matt Johnston <matt@ucc.asn.au>
parents:
214
diff
changeset
|
528 } |
760
f336d232fc63
Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents:
651
diff
changeset
|
529 return buf_dss_verify(buf, key->dsskey, data_buf); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
530 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
531 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
532 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
533 #ifdef DROPBEAR_RSA |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
534 if (type == DROPBEAR_SIGNKEY_RSA) { |
244
eb7b9f2bb8e8
- add explicit check that correct keytype exists for pubkey verification
Matt Johnston <matt@ucc.asn.au>
parents:
214
diff
changeset
|
535 if (key->rsakey == NULL) { |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
586
diff
changeset
|
536 dropbear_exit("No RSA key to verify signature"); |
244
eb7b9f2bb8e8
- add explicit check that correct keytype exists for pubkey verification
Matt Johnston <matt@ucc.asn.au>
parents:
214
diff
changeset
|
537 } |
760
f336d232fc63
Make _sign and _verify functions take a buffer* rather than void* and int
Matt Johnston <matt@ucc.asn.au>
parents:
651
diff
changeset
|
538 return buf_rsa_verify(buf, key->rsakey, data_buf); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
539 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
540 #endif |
794
d386defb5376
more ecdsa signkey work, not correct
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
541 #ifdef DROPBEAR_ECDSA |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
841
diff
changeset
|
542 if (signkey_is_ecdsa(type)) { |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
543 ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type); |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
544 if (eck) { |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
545 return buf_ecdsa_verify(buf, *eck, data_buf); |
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
801
diff
changeset
|
546 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
547 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
548 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
549 |
594
a98a2138364a
Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents:
586
diff
changeset
|
550 dropbear_exit("Non-matching signing type"); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
551 return DROPBEAR_FAILURE; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
552 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
553 #endif /* DROPBEAR_SIGNKEY_VERIFY */ |
51
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
554 |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
555 #ifdef DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */ |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
556 |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
557 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE when given a buffer containing |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
558 * a key, a key, and a type. The buffer is positioned at the start of the |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
559 * base64 data, and contains no trailing data */ |
436
7282370416a0
Improve known_hosts checking.
Matt Johnston <matt@ucc.asn.au>
parents:
244
diff
changeset
|
560 /* If fingerprint is non-NULL, it will be set to a malloc()ed fingerprint |
7282370416a0
Improve known_hosts checking.
Matt Johnston <matt@ucc.asn.au>
parents:
244
diff
changeset
|
561 of the key if it is successfully decoded */ |
51
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
562 int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen, |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
563 const unsigned char* algoname, unsigned int algolen, |
436
7282370416a0
Improve known_hosts checking.
Matt Johnston <matt@ucc.asn.au>
parents:
244
diff
changeset
|
564 buffer * line, char ** fingerprint) { |
51
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
565 |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
566 buffer * decodekey = NULL; |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
567 int ret = DROPBEAR_FAILURE; |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
568 unsigned int len, filealgolen; |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
569 unsigned long decodekeylen; |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
570 unsigned char* filealgo = NULL; |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
571 |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
572 /* now we have the actual data */ |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
573 len = line->len - line->pos; |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
574 decodekeylen = len * 2; /* big to be safe */ |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
575 decodekey = buf_new(decodekeylen); |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
576 |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
577 if (base64_decode(buf_getptr(line, len), len, |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
578 buf_getwriteptr(decodekey, decodekey->size), |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
579 &decodekeylen) != CRYPT_OK) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
107
diff
changeset
|
580 TRACE(("checkpubkey: base64 decode failed")) |
51
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
581 goto out; |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
582 } |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
107
diff
changeset
|
583 TRACE(("checkpubkey: base64_decode success")) |
51
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
584 buf_incrlen(decodekey, decodekeylen); |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
585 |
436
7282370416a0
Improve known_hosts checking.
Matt Johnston <matt@ucc.asn.au>
parents:
244
diff
changeset
|
586 if (fingerprint) { |
7282370416a0
Improve known_hosts checking.
Matt Johnston <matt@ucc.asn.au>
parents:
244
diff
changeset
|
587 *fingerprint = sign_key_fingerprint(buf_getptr(decodekey, decodekeylen), |
7282370416a0
Improve known_hosts checking.
Matt Johnston <matt@ucc.asn.au>
parents:
244
diff
changeset
|
588 decodekeylen); |
7282370416a0
Improve known_hosts checking.
Matt Johnston <matt@ucc.asn.au>
parents:
244
diff
changeset
|
589 } |
7282370416a0
Improve known_hosts checking.
Matt Johnston <matt@ucc.asn.au>
parents:
244
diff
changeset
|
590 |
51
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
591 /* compare the keys */ |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
592 if ( ( decodekeylen != keybloblen ) |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
593 || memcmp( buf_getptr(decodekey, decodekey->len), |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
594 keyblob, decodekey->len) != 0) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
107
diff
changeset
|
595 TRACE(("checkpubkey: compare failed")) |
51
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
596 goto out; |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
597 } |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
598 |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
599 /* ... and also check that the algo specified and the algo in the key |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
600 * itself match */ |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
601 filealgolen = buf_getint(decodekey); |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
602 filealgo = buf_getptr(decodekey, filealgolen); |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
603 if (filealgolen != algolen || memcmp(filealgo, algoname, algolen) != 0) { |
165
0cfba3034be5
Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents:
107
diff
changeset
|
604 TRACE(("checkpubkey: algo match failed")) |
51
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
605 goto out; |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
606 } |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
607 |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
608 /* All checks passed */ |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
609 ret = DROPBEAR_SUCCESS; |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
610 |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
611 out: |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
612 buf_free(decodekey); |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
613 decodekey = NULL; |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
614 return ret; |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
615 } |
095d689fed16
- Hostkey checking is mostly there, just aren't appending yet.
Matt Johnston <matt@ucc.asn.au>
parents:
44
diff
changeset
|
616 #endif |