dropbear: signkey.c annotate

annotate signkey.c @ 1659:d32bcb5c557d

Add Ed25519 support (#91) * Add support for Ed25519 as a public key type Ed25519 is a elliptic curve signature scheme that offers better security than ECDSA and DSA and good performance. It may be used for both user and host keys. OpenSSH key import and fuzzer are not supported yet. Initially inspired by Peter Szabo. * Add curve25519 and ed25519 fuzzers * Add import and export of Ed25519 keys

author	Vladislav Grishenko <themiron@users.noreply.github.com>
date	Wed, 11 Mar 2020 21:09:45 +0500
parents	2f64cb3d3007
children	ba6fc7afe1c5

rev	line source
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 * Dropbear - a SSH2 server
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 * Copyright (c) 2002,2003 Matt Johnston
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5 * All rights reserved.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7 * Permission is hereby granted, free of charge, to any person obtaining a copy
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 * of this software and associated documentation files (the "Software"), to deal
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 * in the Software without restriction, including without limitation the rights
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 * copies of the Software, and to permit persons to whom the Software is
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12 * furnished to do so, subject to the following conditions:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 * The above copyright notice and this permission notice shall be included in
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 * all copies or substantial portions of the Software.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 * SOFTWARE. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25 #include "includes.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26 #include "dbutil.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 #include "signkey.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28 #include "buffer.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29 #include "ssh.h"
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	30 #include "ecdsa.h"
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	31
1273 139935236c72 const variables Francois Perrad <francois.perrad@gadz.org> parents: 1249 diff changeset	32 static const char * const signkey_names[DROPBEAR_SIGNKEY_NUM_NAMED] = {
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	33 #if DROPBEAR_RSA
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	34 "ssh-rsa",
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	35 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	36 #if DROPBEAR_DSS
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	37 "ssh-dss",
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	38 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	39 #if DROPBEAR_ECDSA
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	40 "ecdsa-sha2-nistp256",
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	41 "ecdsa-sha2-nistp384",
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	42 "ecdsa-sha2-nistp521",
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 855 diff changeset	43 #endif /* DROPBEAR_ECDSA */
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	44 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	45 "ssh-ed25519",
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	46 #endif /* DROPBEAR_ED25519 */
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	47 };
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	48
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	49 /* malloc a new sign_key and set the dss and rsa keys to NULL */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	50 sign_key * new_sign_key() {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	51
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	52 sign_key * ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	53
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	54 ret = (sign_key*)m_malloc(sizeof(sign_key));
551 c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	55 ret->type = DROPBEAR_SIGNKEY_NONE;
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	56 ret->source = SIGNKEY_SOURCE_INVALID;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	58 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	59
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	60 /* Returns key name corresponding to the type. Exits fatally
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	61 * if the type is invalid */
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	62 const char* signkey_name_from_type(enum signkey_type type, unsigned int *namelen) {
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	63 if (type >= DROPBEAR_SIGNKEY_NUM_NAMED) {
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	64 dropbear_exit("Bad key type %d", type);
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	65 }
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	66
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	67 if (namelen) {
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	68 *namelen = strlen(signkey_names[type]);
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	69 }
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	70 return signkey_names[type];
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	71 }
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	72
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	73 /* Returns DROPBEAR_SIGNKEY_NONE if none match */
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	74 enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen) {
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	75 int i;
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	76 for (i = 0; i < DROPBEAR_SIGNKEY_NUM_NAMED; i++) {
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	77 const char *fixed_name = signkey_names[i];
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	78 if (namelen == strlen(fixed_name)
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	79 && memcmp(fixed_name, name, namelen) == 0) {
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	80
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	81 #if DROPBEAR_ECDSA
795 7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	82 /* Some of the ECDSA key sizes are defined even if they're not compiled in */
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	83 if (0
1499 2d450c1056e3 options: Complete the transition to numeric toggles (`#if') Michael Witten <mfwitten@gmail.com> parents: 1459 diff changeset	84 #if !DROPBEAR_ECC_256
795 7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	85 \|\| i == DROPBEAR_SIGNKEY_ECDSA_NISTP256
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	86 #endif
1499 2d450c1056e3 options: Complete the transition to numeric toggles (`#if') Michael Witten <mfwitten@gmail.com> parents: 1459 diff changeset	87 #if !DROPBEAR_ECC_384
795 7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	88 \|\| i == DROPBEAR_SIGNKEY_ECDSA_NISTP384
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	89 #endif
1499 2d450c1056e3 options: Complete the transition to numeric toggles (`#if') Michael Witten <mfwitten@gmail.com> parents: 1459 diff changeset	90 #if !DROPBEAR_ECC_521
795 7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	91 \|\| i == DROPBEAR_SIGNKEY_ECDSA_NISTP521
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	92 #endif
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	93 ) {
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	94 TRACE(("attempt to use ecdsa type %d not compiled in", i))
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	95 return DROPBEAR_SIGNKEY_NONE;
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	96 }
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	97 #endif
7f604f9b3756 ecdsa is working Matt Johnston <matt@ucc.asn.au> parents: 794 diff changeset	98
1255 55d485943eb0 cast return type to enum Matt Johnston <matt@ucc.asn.au> parents: 1249 diff changeset	99 return (enum signkey_type)i;
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	100 }
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	101 }
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	102
551 c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	103 TRACE(("signkey_type_from_name unexpected key type."))
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	104
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	105 return DROPBEAR_SIGNKEY_NONE;
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	106 }
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	107
1423 c1c3d5943bfc Fix null pointer dereference found by libfuzzer Matt Johnston <matt@ucc.asn.au> parents: 1409 diff changeset	108 /* Returns a pointer to the key part specific to "type".
c1c3d5943bfc Fix null pointer dereference found by libfuzzer Matt Johnston <matt@ucc.asn.au> parents: 1409 diff changeset	109 Be sure to check both (ret != NULL) and (ret != NULL) /
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	110 void **
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	111 signkey_key_ptr(sign_key *key, enum signkey_type type) {
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	112 switch (type) {
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	113 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	114 case DROPBEAR_SIGNKEY_ED25519:
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	115 return (void**)&key->ed25519key;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	116 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	117 #if DROPBEAR_ECDSA
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	118 #if DROPBEAR_ECC_256
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	119 case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	120 return (void**)&key->ecckey256;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	121 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	122 #if DROPBEAR_ECC_384
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	123 case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	124 return (void**)&key->ecckey384;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	125 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	126 #if DROPBEAR_ECC_521
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	127 case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	128 return (void**)&key->ecckey521;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	129 #endif
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 864 diff changeset	130 #endif /* DROPBEAR_ECDSA */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	131 #if DROPBEAR_RSA
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	132 case DROPBEAR_SIGNKEY_RSA:
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	133 return (void**)&key->rsakey;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	134 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	135 #if DROPBEAR_DSS
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	136 case DROPBEAR_SIGNKEY_DSS:
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	137 return (void**)&key->dsskey;
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	138 #endif
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	139 default:
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	140 return NULL;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	141 }
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	142 }
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	143
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	144 /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail.
26 0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	145 * type should be set by the caller to specify the type to read, and
0969767bca0d snapshot of stuff Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	146 * on return is set to the type read (useful when type = _ANY) */
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	147 int buf_get_pub_key(buffer buf, sign_key key, enum signkey_type *type) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	148
1094 c45d65392c1a Fix pointer differ in signess warnings [-Werror=pointer-sign] Gaël PORTAY <gael.portay@gmail.com> parents: 1058 diff changeset	149 char *ident;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	150 unsigned int len;
1032 0da8ba489c23 Move generic network routines to netio.c Matt Johnston <matt@ucc.asn.au> parents: 935 diff changeset	151 enum signkey_type keytype;
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	152 int ret = DROPBEAR_FAILURE;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	153
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	154 TRACE2(("enter buf_get_pub_key"))
34 e2a1eaa19f22 Client mostly works up to password auth Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	155
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1094 diff changeset	156 ident = buf_getstring(buf, &len);
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	157 keytype = signkey_type_from_name(ident, len);
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	158 m_free(ident);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	159
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	160 if (type != DROPBEAR_SIGNKEY_ANY && type != keytype) {
651 a48a1f6ab43e - Fix some format strings in TRACE()s Matt Johnston <matt@ucc.asn.au> parents: 594 diff changeset	161 TRACE(("buf_get_pub_key bad type - got %d, expected %d", keytype, *type))
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	162 return DROPBEAR_FAILURE;
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	163 }
551 c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	164
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	165 TRACE2(("buf_get_pub_key keytype is %d", keytype))
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	166
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	167 *type = keytype;
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	168
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	169 /* Rewind the buffer back before "ssh-rsa" etc */
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	170 buf_incrpos(buf, -len - 4);
34 e2a1eaa19f22 Client mostly works up to password auth Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	171
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	172 #if DROPBEAR_DSS
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	173 if (keytype == DROPBEAR_SIGNKEY_DSS) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	174 dss_key_free(key->dsskey);
586 b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so Matt Johnston <matt@ucc.asn.au> parents: 560 diff changeset	175 key->dsskey = m_malloc(sizeof(*key->dsskey));
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	176 ret = buf_get_dss_pub_key(buf, key->dsskey);
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	177 if (ret == DROPBEAR_FAILURE) {
1409 c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	178 dss_key_free(key->dsskey);
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	179 key->dsskey = NULL;
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	180 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	181 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	182 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	183 #if DROPBEAR_RSA
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	184 if (keytype == DROPBEAR_SIGNKEY_RSA) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	185 rsa_key_free(key->rsakey);
586 b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so Matt Johnston <matt@ucc.asn.au> parents: 560 diff changeset	186 key->rsakey = m_malloc(sizeof(*key->rsakey));
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	187 ret = buf_get_rsa_pub_key(buf, key->rsakey);
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	188 if (ret == DROPBEAR_FAILURE) {
1409 c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	189 rsa_key_free(key->rsakey);
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	190 key->rsakey = NULL;
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	191 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	192 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	193 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	194 #if DROPBEAR_ECDSA
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 841 diff changeset	195 if (signkey_is_ecdsa(keytype)) {
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	196 ecc_key eck = (ecc_key)signkey_key_ptr(key, keytype);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	197 if (eck) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	198 if (*eck) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	199 ecc_free(*eck);
1058 063c38ea622b Fix some memory leaks in ecc code Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	200 m_free(*eck);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	201 *eck = NULL;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	202 }
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	203 *eck = buf_get_ecdsa_pub_key(buf);
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	204 if (*eck) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	205 ret = DROPBEAR_SUCCESS;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	206 }
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	207 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	208 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	209 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	210 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	211 if (keytype == DROPBEAR_SIGNKEY_ED25519) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	212 ed25519_key_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	213 key->ed25519key = m_malloc(sizeof(*key->ed25519key));
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	214 ret = buf_get_ed25519_pub_key(buf, key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	215 if (ret == DROPBEAR_FAILURE) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	216 m_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	217 key->ed25519key = NULL;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	218 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	219 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	220 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	221
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	222 TRACE2(("leave buf_get_pub_key"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	223
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	224 return ret;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	225 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	226
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	227 /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail.
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	228 * type should be set by the caller to specify the type to read, and
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	229 * on return is set to the type read (useful when type = _ANY) */
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	230 int buf_get_priv_key(buffer buf, sign_key key, enum signkey_type *type) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	231
1094 c45d65392c1a Fix pointer differ in signess warnings [-Werror=pointer-sign] Gaël PORTAY <gael.portay@gmail.com> parents: 1058 diff changeset	232 char *ident;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	233 unsigned int len;
1032 0da8ba489c23 Move generic network routines to netio.c Matt Johnston <matt@ucc.asn.au> parents: 935 diff changeset	234 enum signkey_type keytype;
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	235 int ret = DROPBEAR_FAILURE;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	236
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	237 TRACE2(("enter buf_get_priv_key"))
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	238
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1094 diff changeset	239 ident = buf_getstring(buf, &len);
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	240 keytype = signkey_type_from_name(ident, len);
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	241 m_free(ident);
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	242
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	243 if (type != DROPBEAR_SIGNKEY_ANY && type != keytype) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	244 TRACE(("wrong key type: %d %d", *type, keytype))
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	245 return DROPBEAR_FAILURE;
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	246 }
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	247
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	248 *type = keytype;
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	249
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	250 /* Rewind the buffer back before "ssh-rsa" etc */
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	251 buf_incrpos(buf, -len - 4);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	252
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	253 #if DROPBEAR_DSS
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	254 if (keytype == DROPBEAR_SIGNKEY_DSS) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	255 dss_key_free(key->dsskey);
586 b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so Matt Johnston <matt@ucc.asn.au> parents: 560 diff changeset	256 key->dsskey = m_malloc(sizeof(*key->dsskey));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	257 ret = buf_get_dss_priv_key(buf, key->dsskey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	258 if (ret == DROPBEAR_FAILURE) {
1409 c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	259 dss_key_free(key->dsskey);
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	260 key->dsskey = NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	261 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	262 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	263 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	264 #if DROPBEAR_RSA
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	265 if (keytype == DROPBEAR_SIGNKEY_RSA) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	266 rsa_key_free(key->rsakey);
586 b50f0107e505 Rename rsa_key to dropbear_rsa_key (and same for dss too) so Matt Johnston <matt@ucc.asn.au> parents: 560 diff changeset	267 key->rsakey = m_malloc(sizeof(*key->rsakey));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	268 ret = buf_get_rsa_priv_key(buf, key->rsakey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	269 if (ret == DROPBEAR_FAILURE) {
1409 c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	270 rsa_key_free(key->rsakey);
c721e8c42d2a add m_mp_free_multi, be more careful freeing when failing to load keys Matt Johnston <matt@ucc.asn.au> parents: 1295 diff changeset	271 key->rsakey = NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	272 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	273 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	274 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	275 #if DROPBEAR_ECDSA
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 841 diff changeset	276 if (signkey_is_ecdsa(keytype)) {
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	277 ecc_key eck = (ecc_key)signkey_key_ptr(key, keytype);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	278 if (eck) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	279 if (*eck) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	280 ecc_free(*eck);
1058 063c38ea622b Fix some memory leaks in ecc code Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	281 m_free(*eck);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	282 *eck = NULL;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	283 }
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	284 *eck = buf_get_ecdsa_priv_key(buf);
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	285 if (*eck) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	286 ret = DROPBEAR_SUCCESS;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	287 }
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	288 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	289 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	290 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	291 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	292 if (keytype == DROPBEAR_SIGNKEY_ED25519) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	293 ed25519_key_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	294 key->ed25519key = m_malloc(sizeof(*key->ed25519key));
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	295 ret = buf_get_ed25519_priv_key(buf, key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	296 if (ret == DROPBEAR_FAILURE) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	297 m_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	298 key->ed25519key = NULL;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	299 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	300 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	301 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	302
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	303 TRACE2(("leave buf_get_priv_key"))
44 45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	304
45edf30ea0a6 Improved signkey code Matt Johnston <matt@ucc.asn.au> parents: 40 diff changeset	305 return ret;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	306
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	307 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	308
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	309 /* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	310 void buf_put_pub_key(buffer* buf, sign_key *key, enum signkey_type type) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	311
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	312 buffer *pubkeys;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	313
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	314 TRACE2(("enter buf_put_pub_key"))
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 51 diff changeset	315 pubkeys = buf_new(MAX_PUBKEY_SIZE);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	316
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	317 #if DROPBEAR_DSS
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	318 if (type == DROPBEAR_SIGNKEY_DSS) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	319 buf_put_dss_pub_key(pubkeys, key->dsskey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	320 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	321 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	322 #if DROPBEAR_RSA
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	323 if (type == DROPBEAR_SIGNKEY_RSA) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	324 buf_put_rsa_pub_key(pubkeys, key->rsakey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	325 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	326 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	327 #if DROPBEAR_ECDSA
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 841 diff changeset	328 if (signkey_is_ecdsa(type)) {
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	329 ecc_key eck = (ecc_key)signkey_key_ptr(key, type);
1423 c1c3d5943bfc Fix null pointer dereference found by libfuzzer Matt Johnston <matt@ucc.asn.au> parents: 1409 diff changeset	330 if (eck && *eck) {
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	331 buf_put_ecdsa_pub_key(pubkeys, *eck);
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	332 }
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	333 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	334 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	335 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	336 if (type == DROPBEAR_SIGNKEY_ED25519) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	337 buf_put_ed25519_pub_key(pubkeys, key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	338 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	339 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	340 if (pubkeys->len == 0) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	341 dropbear_exit("Bad key types in buf_put_pub_key");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	342 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	343
760 f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	344 buf_putbufstring(buf, pubkeys);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	345 buf_free(pubkeys);
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	346 TRACE2(("leave buf_put_pub_key"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	347 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	348
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	349 /* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	350 void buf_put_priv_key(buffer* buf, sign_key *key, enum signkey_type type) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	351
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	352 TRACE(("enter buf_put_priv_key"))
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	353 TRACE(("type is %d", type))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	354
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	355 #if DROPBEAR_DSS
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	356 if (type == DROPBEAR_SIGNKEY_DSS) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	357 buf_put_dss_priv_key(buf, key->dsskey);
1249 c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1122 diff changeset	358 TRACE(("leave buf_put_priv_key: dss done"))
c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1122 diff changeset	359 return;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	360 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	361 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	362 #if DROPBEAR_RSA
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	363 if (type == DROPBEAR_SIGNKEY_RSA) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	364 buf_put_rsa_priv_key(buf, key->rsakey);
1249 c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1122 diff changeset	365 TRACE(("leave buf_put_priv_key: rsa done"))
c6346c63281b refactor indentation with hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1122 diff changeset	366 return;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	367 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	368 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	369 #if DROPBEAR_ECDSA
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 841 diff changeset	370 if (signkey_is_ecdsa(type)) {
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	371 ecc_key eck = (ecc_key)signkey_key_ptr(key, type);
1423 c1c3d5943bfc Fix null pointer dereference found by libfuzzer Matt Johnston <matt@ucc.asn.au> parents: 1409 diff changeset	372 if (eck && *eck) {
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	373 buf_put_ecdsa_priv_key(buf, *eck);
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	374 TRACE(("leave buf_put_priv_key: ecdsa done"))
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	375 return;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	376 }
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	377 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	378 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	379 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	380 if (type == DROPBEAR_SIGNKEY_ED25519) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	381 buf_put_ed25519_priv_key(buf, key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	382 TRACE(("leave buf_put_priv_key: ed25519 done"))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	383 return;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	384 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	385 #endif
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	386 dropbear_exit("Bad key types in put pub key");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	387 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	388
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	389 void sign_key_free(sign_key *key) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	390
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	391 TRACE2(("enter sign_key_free"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	392
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	393 #if DROPBEAR_DSS
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	394 dss_key_free(key->dsskey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	395 key->dsskey = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	396 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	397 #if DROPBEAR_RSA
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	398 rsa_key_free(key->rsakey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	399 key->rsakey = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	400 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	401 #if DROPBEAR_ECDSA
750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	402 #if DROPBEAR_ECC_256
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	403 if (key->ecckey256) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	404 ecc_free(key->ecckey256);
1058 063c38ea622b Fix some memory leaks in ecc code Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	405 m_free(key->ecckey256);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	406 key->ecckey256 = NULL;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	407 }
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	408 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	409 #if DROPBEAR_ECC_384
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	410 if (key->ecckey384) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	411 ecc_free(key->ecckey384);
1058 063c38ea622b Fix some memory leaks in ecc code Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	412 m_free(key->ecckey384);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	413 key->ecckey384 = NULL;
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	414 }
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	415 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	416 #if DROPBEAR_ECC_521
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	417 if (key->ecckey521) {
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	418 ecc_free(key->ecckey521);
1058 063c38ea622b Fix some memory leaks in ecc code Matt Johnston <matt@ucc.asn.au> parents: 1032 diff changeset	419 m_free(key->ecckey521);
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	420 key->ecckey521 = NULL;
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	421 }
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	422 #endif
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	423 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	424 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	425 ed25519_key_free(key->ed25519key);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	426 key->ed25519key = NULL;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	427 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	428
551 c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	429 m_free(key->filename);
c3f2ec71e3d4 New standard linked list to use, rather than adhoc SignKeyList or TCPFwdList Matt Johnston <matt@ucc.asn.au> parents: 436 diff changeset	430
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	431 m_free(key);
731 9a5438271556 Move the more verbose TRACE() statements into TRACE2() Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	432 TRACE2(("leave sign_key_free"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	433 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	434
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	435 static char hexdig(unsigned char x) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	436 if (x > 0xf)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	437 return 'X';
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	438
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	439 if (x < 10)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	440 return '0' + x;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	441 else
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	442 return 'a' + x - 10;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	443 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	444
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	445 /* Since we're not sure if we'll have md5 or sha1, we present both.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	446 * MD5 is used in preference, but sha1 could still be useful */
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	447 #if DROPBEAR_MD5_HMAC
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1424 diff changeset	448 static char * sign_key_md5_fingerprint(const unsigned char* keyblob,
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	449 unsigned int keybloblen) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	450
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	451 char * ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	452 hash_state hs;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	453 unsigned char hash[MD5_HASH_SIZE];
214 5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	454 unsigned int i;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	455 unsigned int buflen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	456
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	457 md5_init(&hs);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	458
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	459 /* skip the size int of the string - this is a bit messy */
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	460 md5_process(&hs, keyblob, keybloblen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	461
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	462 md5_done(&hs, hash);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	463
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	464 /* "md5 hexfingerprinthere\0", each hex digit is "AB:" etc */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	465 buflen = 4 + 3*MD5_HASH_SIZE;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	466 ret = (char*)m_malloc(buflen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	467
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	468 memset(ret, 'Z', buflen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	469 strcpy(ret, "md5 ");
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	470
214 5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	471 for (i = 0; i < MD5_HASH_SIZE; i++) {
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	472 unsigned int pos = 4 + i*3;
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	473 ret[pos] = hexdig(hash[i] >> 4);
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	474 ret[pos+1] = hexdig(hash[i] & 0x0f);
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	475 ret[pos+2] = ':';
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	476 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	477 ret[buflen-1] = 0x0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	478
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	479 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	480 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	481
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	482 #else /* use SHA1 rather than MD5 for fingerprint */
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1424 diff changeset	483 static char * sign_key_sha1_fingerprint(const unsigned char* keyblob,
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	484 unsigned int keybloblen) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	485
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	486 char * ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	487 hash_state hs;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	488 unsigned char hash[SHA1_HASH_SIZE];
214 5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	489 unsigned int i;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	490 unsigned int buflen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	491
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	492 sha1_init(&hs);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	493
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	494 /* skip the size int of the string - this is a bit messy */
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	495 sha1_process(&hs, keyblob, keybloblen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	496
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	497 sha1_done(&hs, hash);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	498
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	499 /* "sha1!! hexfingerprinthere\0", each hex digit is "AB:" etc */
d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	500 buflen = 7 + 3*SHA1_HASH_SIZE;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	501 ret = (char*)m_malloc(buflen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	502
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	503 strcpy(ret, "sha1!! ");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	504
214 5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	505 for (i = 0; i < SHA1_HASH_SIZE; i++) {
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	506 unsigned int pos = 7 + 3*i;
214 5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	507 ret[pos] = hexdig(hash[i] >> 4);
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	508 ret[pos+1] = hexdig(hash[i] & 0x0f);
5a75f8a21503 Change the format of for loops, gcc4 produces incorrect binaries with Matt Johnston <matt@ucc.asn.au> parents: 165 diff changeset	509 ret[pos+2] = ':';
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	510 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	511 ret[buflen-1] = 0x0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	512
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	513 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	514 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	515
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	516 #endif /* MD5/SHA1 switch */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	517
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	518 /* This will return a freshly malloced string, containing a fingerprint
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	519 * in either sha1 or md5 */
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1424 diff changeset	520 char * sign_key_fingerprint(const unsigned char* keyblob, unsigned int keybloblen) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	521
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	522 #if DROPBEAR_MD5_HMAC
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	523 return sign_key_md5_fingerprint(keyblob, keybloblen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	524 #else
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	525 return sign_key_sha1_fingerprint(keyblob, keybloblen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	526 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	527 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	528
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	529 void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type,
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1424 diff changeset	530 const buffer *data_buf) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	531 buffer *sigblob;
70 b0316ce64e4b Merging in the changes from 0.41-0.43 main Dropbear tree Matt Johnston <matt@ucc.asn.au> parents: 51 diff changeset	532 sigblob = buf_new(MAX_PUBKEY_SIZE);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	533
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	534 #if DROPBEAR_DSS
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	535 if (type == DROPBEAR_SIGNKEY_DSS) {
760 f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	536 buf_put_dss_sign(sigblob, key->dsskey, data_buf);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	537 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	538 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	539 #if DROPBEAR_RSA
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	540 if (type == DROPBEAR_SIGNKEY_RSA) {
760 f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	541 buf_put_rsa_sign(sigblob, key->rsakey, data_buf);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	542 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	543 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	544 #if DROPBEAR_ECDSA
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 841 diff changeset	545 if (signkey_is_ecdsa(type)) {
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	546 ecc_key eck = (ecc_key)signkey_key_ptr(key, type);
1423 c1c3d5943bfc Fix null pointer dereference found by libfuzzer Matt Johnston <matt@ucc.asn.au> parents: 1409 diff changeset	547 if (eck && *eck) {
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	548 buf_put_ecdsa_sign(sigblob, *eck, data_buf);
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	549 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	550 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	551 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	552 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	553 if (type == DROPBEAR_SIGNKEY_ED25519) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	554 buf_put_ed25519_sign(sigblob, key->ed25519key, data_buf);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	555 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	556 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	557 if (sigblob->len == 0) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	558 dropbear_exit("Non-matching signing type");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	559 }
760 f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	560 buf_putbufstring(buf, sigblob);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	561 buf_free(sigblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	562
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	563 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	564
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	565 #if DROPBEAR_SIGNKEY_VERIFY
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	566 /* Return DROPBEAR_SUCCESS or DROPBEAR_FAILURE.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	567 * If FAILURE is returned, the position of
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	568 * buf is undefined. If SUCCESS is returned, buf will be positioned after the
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	569 * signature blob */
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1424 diff changeset	570 int buf_verify(buffer * buf, sign_key key, const buffer data_buf) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	571
1094 c45d65392c1a Fix pointer differ in signess warnings [-Werror=pointer-sign] Gaël PORTAY <gael.portay@gmail.com> parents: 1058 diff changeset	572 char *type_name = NULL;
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	573 unsigned int type_name_len = 0;
855 04ede40a529a - Some fixes for old compilers like tru64 v4 from Daniel Richard G. Matt Johnston <matt@ucc.asn.au> parents: 852 diff changeset	574 enum signkey_type type;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	575
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	576 TRACE(("enter buf_verify"))
34 e2a1eaa19f22 Client mostly works up to password auth Matt Johnston <matt@ucc.asn.au> parents: 26 diff changeset	577
864 30ab30e46452 Fix some warnings Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	578 buf_getint(buf); /* blob length */
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1094 diff changeset	579 type_name = buf_getstring(buf, &type_name_len);
855 04ede40a529a - Some fixes for old compilers like tru64 v4 from Daniel Richard G. Matt Johnston <matt@ucc.asn.au> parents: 852 diff changeset	580 type = signkey_type_from_name(type_name, type_name_len);
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	581 m_free(type_name);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	582
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	583 #if DROPBEAR_DSS
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	584 if (type == DROPBEAR_SIGNKEY_DSS) {
244 eb7b9f2bb8e8 - add explicit check that correct keytype exists for pubkey verification Matt Johnston <matt@ucc.asn.au> parents: 214 diff changeset	585 if (key->dsskey == NULL) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	586 dropbear_exit("No DSS key to verify signature");
244 eb7b9f2bb8e8 - add explicit check that correct keytype exists for pubkey verification Matt Johnston <matt@ucc.asn.au> parents: 214 diff changeset	587 }
760 f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	588 return buf_dss_verify(buf, key->dsskey, data_buf);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	589 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	590 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	591
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	592 #if DROPBEAR_RSA
794 d386defb5376 more ecdsa signkey work, not correct Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	593 if (type == DROPBEAR_SIGNKEY_RSA) {
244 eb7b9f2bb8e8 - add explicit check that correct keytype exists for pubkey verification Matt Johnston <matt@ucc.asn.au> parents: 214 diff changeset	594 if (key->rsakey == NULL) {
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	595 dropbear_exit("No RSA key to verify signature");
244 eb7b9f2bb8e8 - add explicit check that correct keytype exists for pubkey verification Matt Johnston <matt@ucc.asn.au> parents: 214 diff changeset	596 }
760 f336d232fc63 Make _sign and _verify functions take a buffer* rather than void* and int Matt Johnston <matt@ucc.asn.au> parents: 651 diff changeset	597 return buf_rsa_verify(buf, key->rsakey, data_buf);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	598 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	599 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	600 #if DROPBEAR_ECDSA
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 841 diff changeset	601 if (signkey_is_ecdsa(type)) {
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	602 ecc_key eck = (ecc_key)signkey_key_ptr(key, type);
1424 8a4b8f026de6 fix null pointer crash Matt Johnston <matt@ucc.asn.au> parents: 1423 diff changeset	603 if (eck && *eck) {
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	604 return buf_ecdsa_verify(buf, *eck, data_buf);
75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 801 diff changeset	605 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	606 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	607 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	608 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	609 if (type == DROPBEAR_SIGNKEY_ED25519) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	610 if (key->ed25519key == NULL) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	611 dropbear_exit("No Ed25519 key to verify signature");
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	612 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	613 return buf_ed25519_verify(buf, key->ed25519key, data_buf);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	614 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1558 diff changeset	615 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	616
594 a98a2138364a Improve capitalisation for all logged strings Matt Johnston <matt@ucc.asn.au> parents: 586 diff changeset	617 dropbear_exit("Non-matching signing type");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	618 return DROPBEAR_FAILURE;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	619 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	620 #endif /* DROPBEAR_SIGNKEY_VERIFY */
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	621
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1278 diff changeset	622 #if DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	623
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	624 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE when given a buffer containing
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	625 * a key, a key, and a type. The buffer is positioned at the start of the
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	626 * base64 data, and contains no trailing data */
436 7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	627 /* If fingerprint is non-NULL, it will be set to a malloc()ed fingerprint
7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	628 of the key if it is successfully decoded */
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	629 int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen,
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	630 const unsigned char* algoname, unsigned int algolen,
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1424 diff changeset	631 const buffer * line, char ** fingerprint) {
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	632
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	633 buffer * decodekey = NULL;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	634 int ret = DROPBEAR_FAILURE;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	635 unsigned int len, filealgolen;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	636 unsigned long decodekeylen;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	637 unsigned char* filealgo = NULL;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	638
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	639 /* now we have the actual data */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	640 len = line->len - line->pos;
1371 bc9e2e148f58 avoid NULL argument to base64 decode Matt Johnston <matt@ucc.asn.au> parents: 1369 diff changeset	641 if (len == 0) {
bc9e2e148f58 avoid NULL argument to base64 decode Matt Johnston <matt@ucc.asn.au> parents: 1369 diff changeset	642 /* base64_decode doesn't like NULL argument */
bc9e2e148f58 avoid NULL argument to base64 decode Matt Johnston <matt@ucc.asn.au> parents: 1369 diff changeset	643 return DROPBEAR_FAILURE;
bc9e2e148f58 avoid NULL argument to base64 decode Matt Johnston <matt@ucc.asn.au> parents: 1369 diff changeset	644 }
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	645 decodekeylen = len * 2; /* big to be safe */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	646 decodekey = buf_new(decodekeylen);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	647
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	648 if (base64_decode(buf_getptr(line, len), len,
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	649 buf_getwriteptr(decodekey, decodekey->size),
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	650 &decodekeylen) != CRYPT_OK) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	651 TRACE(("checkpubkey: base64 decode failed"))
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	652 goto out;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	653 }
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	654 TRACE(("checkpubkey: base64_decode success"))
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	655 buf_incrlen(decodekey, decodekeylen);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	656
436 7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	657 if (fingerprint) {
7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	658 *fingerprint = sign_key_fingerprint(buf_getptr(decodekey, decodekeylen),
7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	659 decodekeylen);
7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	660 }
7282370416a0 Improve known_hosts checking. Matt Johnston <matt@ucc.asn.au> parents: 244 diff changeset	661
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	662 /* compare the keys */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	663 if ( ( decodekeylen != keybloblen )
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	664 \|\| memcmp( buf_getptr(decodekey, decodekey->len),
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	665 keyblob, decodekey->len) != 0) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	666 TRACE(("checkpubkey: compare failed"))
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	667 goto out;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	668 }
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	669
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	670 /* ... and also check that the algo specified and the algo in the key
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	671 * itself match */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	672 filealgolen = buf_getint(decodekey);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	673 filealgo = buf_getptr(decodekey, filealgolen);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	674 if (filealgolen != algolen \|\| memcmp(filealgo, algoname, algolen) != 0) {
165 0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place Matt Johnston <matt@ucc.asn.au> parents: 107 diff changeset	675 TRACE(("checkpubkey: algo match failed"))
51 095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	676 goto out;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	677 }
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	678
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	679 /* All checks passed */
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	680 ret = DROPBEAR_SUCCESS;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	681
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	682 out:
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	683 buf_free(decodekey);
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	684 decodekey = NULL;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	685 return ret;
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	686 }
095d689fed16 - Hostkey checking is mostly there, just aren't appending yet. Matt Johnston <matt@ucc.asn.au> parents: 44 diff changeset	687 #endif
1369 ddfcadca3c4c fuzzer-pubkey Matt Johnston <matt@ucc.asn.au> parents: 1362 diff changeset	688
1558 2f64cb3d3007 - #if not #ifdef for DROPBEAR_FUZZ Matt Johnston <matt@ucc.asn.au> parents: 1511 diff changeset	689 #if DROPBEAR_FUZZ
1369 ddfcadca3c4c fuzzer-pubkey Matt Johnston <matt@ucc.asn.au> parents: 1362 diff changeset	690 const char * const * fuzz_signkey_names = signkey_names;
ddfcadca3c4c fuzzer-pubkey Matt Johnston <matt@ucc.asn.au> parents: 1362 diff changeset	691
ddfcadca3c4c fuzzer-pubkey Matt Johnston <matt@ucc.asn.au> parents: 1362 diff changeset	692 #endif

Mercurial > dropbear

annotate signkey.c @ 1659:d32bcb5c557d