Mercurial > dropbear

comparison signkey.c @ 641:2b1bb792cd4d dropbear-tfm

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- Update tfm changes to current default tip
author Matt Johnston <matt@ucc.asn.au>
date Mon, 21 Nov 2011 19:52:28 +0800
parents a98a2138364a
children a48a1f6ab43e
comparison
equal deleted inserted replaced
640:76097ec1a29a 641:2b1bb792cd4d
38 ret->dsskey = NULL; 38 ret->dsskey = NULL;
39 #endif 39 #endif
40 #ifdef DROPBEAR_RSA 40 #ifdef DROPBEAR_RSA
41 ret->rsakey = NULL; 41 ret->rsakey = NULL;
42 #endif 42 #endif
43 return ret; 43 ret->filename = NULL;
44 44 ret->type = DROPBEAR_SIGNKEY_NONE;
45 ret->source = SIGNKEY_SOURCE_INVALID;
46 return ret;
45 } 47 }
46 48
47 /* Returns "ssh-dss" or "ssh-rsa" corresponding to the type. Exits fatally 49 /* Returns "ssh-dss" or "ssh-rsa" corresponding to the type. Exits fatally
48 * if the type is invalid */ 50 * if the type is invalid */
49 const char* signkey_name_from_type(int type, int *namelen) { 51 const char* signkey_name_from_type(int type, int *namelen) {
58 if (type == DROPBEAR_SIGNKEY_DSS) { 60 if (type == DROPBEAR_SIGNKEY_DSS) {
59 *namelen = SSH_SIGNKEY_DSS_LEN; 61 *namelen = SSH_SIGNKEY_DSS_LEN;
60 return SSH_SIGNKEY_DSS; 62 return SSH_SIGNKEY_DSS;
61 } 63 }
62 #endif 64 #endif
63 dropbear_exit("bad key type %d", type); 65 dropbear_exit("Bad key type %d", type);
64 return NULL; /* notreached */ 66 return NULL; /* notreached */
65 } 67 }
66 68
67 /* Returns DROPBEAR_SIGNKEY_RSA, DROPBEAR_SIGNKEY_DSS, 69 /* Returns DROPBEAR_SIGNKEY_RSA, DROPBEAR_SIGNKEY_DSS,
68 * or DROPBEAR_SIGNKEY_NONE */ 70 * or DROPBEAR_SIGNKEY_NONE */
78 if (namelen == SSH_SIGNKEY_DSS_LEN 80 if (namelen == SSH_SIGNKEY_DSS_LEN
79 && memcmp(name, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN) == 0) { 81 && memcmp(name, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN) == 0) {
80 return DROPBEAR_SIGNKEY_DSS; 82 return DROPBEAR_SIGNKEY_DSS;
81 } 83 }
82 #endif 84 #endif
85
86 TRACE(("signkey_type_from_name unexpected key type."))
83 87
84 return DROPBEAR_SIGNKEY_NONE; 88 return DROPBEAR_SIGNKEY_NONE;
85 } 89 }
86 90
87 /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail. 91 /* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail.
99 ident = buf_getstring(buf, &len); 103 ident = buf_getstring(buf, &len);
100 keytype = signkey_type_from_name(ident, len); 104 keytype = signkey_type_from_name(ident, len);
101 m_free(ident); 105 m_free(ident);
102 106
103 if (*type != DROPBEAR_SIGNKEY_ANY && *type != keytype) { 107 if (*type != DROPBEAR_SIGNKEY_ANY && *type != keytype) {
108 TRACE(("buf_get_pub_key bad type - got %d, expected %d", keytype, type))
104 return DROPBEAR_FAILURE; 109 return DROPBEAR_FAILURE;
105 } 110 }
111
112 TRACE(("buf_get_pub_key keytype is %d"))
106 113
107 *type = keytype; 114 *type = keytype;
108 115
109 /* Rewind the buffer back before "ssh-rsa" etc */ 116 /* Rewind the buffer back before "ssh-rsa" etc */
110 buf_incrpos(buf, -len - 4); 117 buf_incrpos(buf, -len - 4);
111 118
112 #ifdef DROPBEAR_DSS 119 #ifdef DROPBEAR_DSS
113 if (keytype == DROPBEAR_SIGNKEY_DSS) { 120 if (keytype == DROPBEAR_SIGNKEY_DSS) {
114 dss_key_free(key->dsskey); 121 dss_key_free(key->dsskey);
115 key->dsskey = (dss_key*)m_malloc(sizeof(dss_key)); 122 key->dsskey = m_malloc(sizeof(*key->dsskey));
116 ret = buf_get_dss_pub_key(buf, key->dsskey); 123 ret = buf_get_dss_pub_key(buf, key->dsskey);
117 if (ret == DROPBEAR_FAILURE) { 124 if (ret == DROPBEAR_FAILURE) {
118 m_free(key->dsskey); 125 m_free(key->dsskey);
119 } 126 }
120 } 127 }
121 #endif 128 #endif
122 #ifdef DROPBEAR_RSA 129 #ifdef DROPBEAR_RSA
123 if (keytype == DROPBEAR_SIGNKEY_RSA) { 130 if (keytype == DROPBEAR_SIGNKEY_RSA) {
124 rsa_key_free(key->rsakey); 131 rsa_key_free(key->rsakey);
125 key->rsakey = (rsa_key*)m_malloc(sizeof(rsa_key)); 132 key->rsakey = m_malloc(sizeof(*key->rsakey));
126 ret = buf_get_rsa_pub_key(buf, key->rsakey); 133 ret = buf_get_rsa_pub_key(buf, key->rsakey);
127 if (ret == DROPBEAR_FAILURE) { 134 if (ret == DROPBEAR_FAILURE) {
128 m_free(key->rsakey); 135 m_free(key->rsakey);
129 } 136 }
130 } 137 }
163 buf_incrpos(buf, -len - 4); 170 buf_incrpos(buf, -len - 4);
164 171
165 #ifdef DROPBEAR_DSS 172 #ifdef DROPBEAR_DSS
166 if (keytype == DROPBEAR_SIGNKEY_DSS) { 173 if (keytype == DROPBEAR_SIGNKEY_DSS) {
167 dss_key_free(key->dsskey); 174 dss_key_free(key->dsskey);
168 key->dsskey = (dss_key*)m_malloc(sizeof(dss_key)); 175 key->dsskey = m_malloc(sizeof(*key->dsskey));
169 ret = buf_get_dss_priv_key(buf, key->dsskey); 176 ret = buf_get_dss_priv_key(buf, key->dsskey);
170 if (ret == DROPBEAR_FAILURE) { 177 if (ret == DROPBEAR_FAILURE) {
171 m_free(key->dsskey); 178 m_free(key->dsskey);
172 } 179 }
173 } 180 }
174 #endif 181 #endif
175 #ifdef DROPBEAR_RSA 182 #ifdef DROPBEAR_RSA
176 if (keytype == DROPBEAR_SIGNKEY_RSA) { 183 if (keytype == DROPBEAR_SIGNKEY_RSA) {
177 rsa_key_free(key->rsakey); 184 rsa_key_free(key->rsakey);
178 key->rsakey = (rsa_key*)m_malloc(sizeof(rsa_key)); 185 key->rsakey = m_malloc(sizeof(*key->rsakey));
179 ret = buf_get_rsa_priv_key(buf, key->rsakey); 186 ret = buf_get_rsa_priv_key(buf, key->rsakey);
180 if (ret == DROPBEAR_FAILURE) { 187 if (ret == DROPBEAR_FAILURE) {
181 m_free(key->rsakey); 188 m_free(key->rsakey);
182 } 189 }
183 } 190 }
206 if (type == DROPBEAR_SIGNKEY_RSA) { 213 if (type == DROPBEAR_SIGNKEY_RSA) {
207 buf_put_rsa_pub_key(pubkeys, key->rsakey); 214 buf_put_rsa_pub_key(pubkeys, key->rsakey);
208 } 215 }
209 #endif 216 #endif
210 if (pubkeys->len == 0) { 217 if (pubkeys->len == 0) {
211 dropbear_exit("bad key types in buf_put_pub_key"); 218 dropbear_exit("Bad key types in buf_put_pub_key");
212 } 219 }
213 220
214 buf_setpos(pubkeys, 0); 221 buf_setpos(pubkeys, 0);
215 buf_putstring(buf, buf_getptr(pubkeys, pubkeys->len), 222 buf_putstring(buf, buf_getptr(pubkeys, pubkeys->len),
216 pubkeys->len); 223 pubkeys->len);
237 buf_put_rsa_priv_key(buf, key->rsakey); 244 buf_put_rsa_priv_key(buf, key->rsakey);
238 TRACE(("leave buf_put_priv_key: rsa done")) 245 TRACE(("leave buf_put_priv_key: rsa done"))
239 return; 246 return;
240 } 247 }
241 #endif 248 #endif
242 dropbear_exit("bad key types in put pub key"); 249 dropbear_exit("Bad key types in put pub key");
243 } 250 }
244 251
245 void sign_key_free(sign_key *key) { 252 void sign_key_free(sign_key *key) {
246 253
247 TRACE(("enter sign_key_free")) 254 TRACE(("enter sign_key_free"))
252 #endif 259 #endif
253 #ifdef DROPBEAR_RSA 260 #ifdef DROPBEAR_RSA
254 rsa_key_free(key->rsakey); 261 rsa_key_free(key->rsakey);
255 key->rsakey = NULL; 262 key->rsakey = NULL;
256 #endif 263 #endif
264
265 m_free(key->filename);
257 266
258 m_free(key); 267 m_free(key);
259 TRACE(("leave sign_key_free")) 268 TRACE(("leave sign_key_free"))
260 } 269 }
261 270
356 365
357 void buf_put_sign(buffer* buf, sign_key *key, int type, 366 void buf_put_sign(buffer* buf, sign_key *key, int type,
358 const unsigned char *data, unsigned int len) { 367 const unsigned char *data, unsigned int len) {
359 368
360 buffer *sigblob; 369 buffer *sigblob;
361
362 sigblob = buf_new(MAX_PUBKEY_SIZE); 370 sigblob = buf_new(MAX_PUBKEY_SIZE);
363 371
364 #ifdef DROPBEAR_DSS 372 #ifdef DROPBEAR_DSS
365 if (type == DROPBEAR_SIGNKEY_DSS) { 373 if (type == DROPBEAR_SIGNKEY_DSS) {
366 buf_put_dss_sign(sigblob, key->dsskey, data, len); 374 buf_put_dss_sign(sigblob, key->dsskey, data, len);
370 if (type == DROPBEAR_SIGNKEY_RSA) { 378 if (type == DROPBEAR_SIGNKEY_RSA) {
371 buf_put_rsa_sign(sigblob, key->rsakey, data, len); 379 buf_put_rsa_sign(sigblob, key->rsakey, data, len);
372 } 380 }
373 #endif 381 #endif
374 if (sigblob->len == 0) { 382 if (sigblob->len == 0) {
375 dropbear_exit("non-matching signing type"); 383 dropbear_exit("Non-matching signing type");
376 } 384 }
377
378 buf_setpos(sigblob, 0); 385 buf_setpos(sigblob, 0);
379 buf_putstring(buf, buf_getptr(sigblob, sigblob->len), 386 buf_putstring(buf, buf_getptr(sigblob, sigblob->len),
380 sigblob->len); 387 sigblob->len);
381 388
382 buf_free(sigblob); 389 buf_free(sigblob);
403 #ifdef DROPBEAR_DSS 410 #ifdef DROPBEAR_DSS
404 if (bloblen == DSS_SIGNATURE_SIZE && 411 if (bloblen == DSS_SIGNATURE_SIZE &&
405 memcmp(ident, SSH_SIGNKEY_DSS, identlen) == 0) { 412 memcmp(ident, SSH_SIGNKEY_DSS, identlen) == 0) {
406 m_free(ident); 413 m_free(ident);
407 if (key->dsskey == NULL) { 414 if (key->dsskey == NULL) {
408 dropbear_exit("no dss key to verify signature"); 415 dropbear_exit("No DSS key to verify signature");
409 } 416 }
410 return buf_dss_verify(buf, key->dsskey, data, len); 417 return buf_dss_verify(buf, key->dsskey, data, len);
411 } 418 }
412 #endif 419 #endif
413 420
414 #ifdef DROPBEAR_RSA 421 #ifdef DROPBEAR_RSA
415 if (memcmp(ident, SSH_SIGNKEY_RSA, identlen) == 0) { 422 if (memcmp(ident, SSH_SIGNKEY_RSA, identlen) == 0) {
416 m_free(ident); 423 m_free(ident);
417 if (key->rsakey == NULL) { 424 if (key->rsakey == NULL) {
418 dropbear_exit("no rsa key to verify signature"); 425 dropbear_exit("No RSA key to verify signature");
419 } 426 }
420 return buf_rsa_verify(buf, key->rsakey, data, len); 427 return buf_rsa_verify(buf, key->rsakey, data, len);
421 } 428 }
422 #endif 429 #endif
423 430
424 m_free(ident); 431 m_free(ident);
425 dropbear_exit("non-matching signing type"); 432 dropbear_exit("Non-matching signing type");
426 return DROPBEAR_FAILURE; 433 return DROPBEAR_FAILURE;
427 } 434 }
428 #endif /* DROPBEAR_SIGNKEY_VERIFY */ 435 #endif /* DROPBEAR_SIGNKEY_VERIFY */
429 436
430 #ifdef DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */ 437 #ifdef DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */