Mercurial > dropbear
comparison signkey.c @ 1675:ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 17 May 2020 23:58:31 +0800 |
| parents | ba6fc7afe1c5 |
| children | d5cdc60db08e |
comparison
equal
deleted
inserted
replaced
| 1674:ba6fc7afe1c5 | 1675:ae41624c2198 |
|---|---|
| 109 return DROPBEAR_SIGNKEY_NONE; | 109 return DROPBEAR_SIGNKEY_NONE; |
| 110 } | 110 } |
| 111 | 111 |
| 112 /* Special case for rsa-sha2-256. This could be generalised if more | 112 /* Special case for rsa-sha2-256. This could be generalised if more |
| 113 signature names are added that aren't 1-1 with public key names */ | 113 signature names are added that aren't 1-1 with public key names */ |
| 114 const char* signature_name_from_type(enum signkey_type type, unsigned int *namelen) { | 114 const char* signature_name_from_type(enum signature_type type, unsigned int *namelen) { |
| 115 #if DROPBEAR_RSA_SHA256 | 115 #if DROPBEAR_RSA_SHA256 |
| 116 if (type == DROPBEAR_SIGNKEY_RSA_SHA256) { | 116 if (type == DROPBEAR_SIGNATURE_RSA_SHA256) { |
| 117 *namelen = strlen(SSH_SIGNKEY_RSA_SHA256); | 117 *namelen = strlen(SSH_SIGNATURE_RSA_SHA256); |
| 118 return SSH_SIGNKEY_RSA_SHA256; | 118 return SSH_SIGNATURE_RSA_SHA256; |
| 119 } | 119 } |
| 120 #endif | 120 #endif |
| 121 return signkey_name_from_type(type, namelen); | 121 #if DROPBEAR_RSA_SHA1 |
| 122 } | 122 if (type == DROPBEAR_SIGNATURE_RSA_SHA1) { |
| 123 | 123 *namelen = strlen(SSH_SIGNKEY_RSA); |
| 124 enum signkey_type signature_type_from_name(const char* name, unsigned int namelen) { | 124 return SSH_SIGNKEY_RSA; |
| 125 } | |
| 126 #endif | |
| 127 return signkey_name_from_type((enum signkey_type)type, namelen); | |
| 128 } | |
| 129 | |
| 130 /* Returns DROPBEAR_SIGNATURE_NONE if none match */ | |
| 131 enum signature_type signature_type_from_name(const char* name, unsigned int namelen) { | |
| 125 #if DROPBEAR_RSA_SHA256 | 132 #if DROPBEAR_RSA_SHA256 |
| 126 if (namelen == strlen(SSH_SIGNKEY_RSA_SHA256) | 133 if (namelen == strlen(SSH_SIGNATURE_RSA_SHA256) |
| 127 && memcmp(name, SSH_SIGNKEY_RSA_SHA256, namelen) == 0) { | 134 && memcmp(name, SSH_SIGNATURE_RSA_SHA256, namelen) == 0) { |
| 128 return DROPBEAR_SIGNKEY_RSA_SHA256; | 135 return DROPBEAR_SIGNATURE_RSA_SHA256; |
| 129 } | 136 } |
| 130 #endif | 137 #endif |
| 131 return signkey_type_from_name(name, namelen); | |
| 132 } | |
| 133 | |
| 134 enum signkey_type signkey_type_from_signature(enum signkey_type sigtype) { | |
| 135 #if DROPBEAR_RSA_SHA256 | 138 #if DROPBEAR_RSA_SHA256 |
| 136 if (sigtype == DROPBEAR_SIGNKEY_RSA_SHA256) { | 139 if (namelen == strlen(SSH_SIGNKEY_RSA) |
| 140 && memcmp(name, SSH_SIGNKEY_RSA, namelen) == 0) { | |
| 141 return DROPBEAR_SIGNATURE_RSA_SHA1; | |
| 142 } | |
| 143 #endif | |
| 144 return (enum signature_type)signkey_type_from_name(name, namelen); | |
| 145 } | |
| 146 | |
| 147 enum signkey_type signkey_type_from_signature(enum signature_type sigtype) { | |
| 148 #if DROPBEAR_RSA_SHA256 | |
| 149 if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA256) { | |
| 137 return DROPBEAR_SIGNKEY_RSA; | 150 return DROPBEAR_SIGNKEY_RSA; |
| 138 } | 151 } |
| 139 #endif | 152 #endif |
| 153 #if DROPBEAR_RSA_SHA1 | |
| 154 if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA1) { | |
| 155 return DROPBEAR_SIGNKEY_RSA; | |
| 156 } | |
| 157 #endif | |
| 140 assert(sigtype < DROPBEAR_SIGNKEY_NUM_NAMED); | 158 assert(sigtype < DROPBEAR_SIGNKEY_NUM_NAMED); |
| 141 return sigtype; | 159 return (enum signkey_type)sigtype; |
| 142 } | 160 } |
| 143 | 161 |
| 144 /* Returns a pointer to the key part specific to "type". | 162 /* Returns a pointer to the key part specific to "type". |
| 145 Be sure to check both (ret != NULL) and (*ret != NULL) */ | 163 Be sure to check both (ret != NULL) and (*ret != NULL) */ |
| 146 void ** | 164 void ** |
| 560 #else | 578 #else |
| 561 return sign_key_sha1_fingerprint(keyblob, keybloblen); | 579 return sign_key_sha1_fingerprint(keyblob, keybloblen); |
| 562 #endif | 580 #endif |
| 563 } | 581 } |
| 564 | 582 |
| 565 void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type sigtype, | 583 void buf_put_sign(buffer* buf, sign_key *key, enum signature_type sigtype, |
| 566 const buffer *data_buf) { | 584 const buffer *data_buf) { |
| 567 buffer *sigblob = buf_new(MAX_PUBKEY_SIZE); | 585 buffer *sigblob = buf_new(MAX_PUBKEY_SIZE); |
| 568 enum signkey_type keytype = signkey_type_from_signature(sigtype); | 586 enum signkey_type keytype = signkey_type_from_signature(sigtype); |
| 587 | |
| 588 #if DEBUG_TRACE | |
| 589 { | |
| 590 int namelen; | |
| 591 const char* signame = signature_name_from_type(sigtype, &namelen); | |
| 592 TRACE(("buf_put_sign type %d %s", sigtype, signame)); | |
| 593 } | |
| 594 #endif | |
| 595 | |
| 569 | 596 |
| 570 #if DROPBEAR_DSS | 597 #if DROPBEAR_DSS |
| 571 if (keytype == DROPBEAR_SIGNKEY_DSS) { | 598 if (keytype == DROPBEAR_SIGNKEY_DSS) { |
| 572 buf_put_dss_sign(sigblob, key->dsskey, data_buf); | 599 buf_put_dss_sign(sigblob, key->dsskey, data_buf); |
| 573 } | 600 } |
| 601 #if DROPBEAR_SIGNKEY_VERIFY | 628 #if DROPBEAR_SIGNKEY_VERIFY |
| 602 /* Return DROPBEAR_SUCCESS or DROPBEAR_FAILURE. | 629 /* Return DROPBEAR_SUCCESS or DROPBEAR_FAILURE. |
| 603 * If FAILURE is returned, the position of | 630 * If FAILURE is returned, the position of |
| 604 * buf is undefined. If SUCCESS is returned, buf will be positioned after the | 631 * buf is undefined. If SUCCESS is returned, buf will be positioned after the |
| 605 * signature blob */ | 632 * signature blob */ |
| 606 int buf_verify(buffer * buf, sign_key *key, enum signkey_type expect_sigtype, const buffer *data_buf) { | 633 int buf_verify(buffer * buf, sign_key *key, enum signature_type expect_sigtype, const buffer *data_buf) { |
| 607 | 634 |
| 608 char *type_name = NULL; | 635 char *type_name = NULL; |
| 609 unsigned int type_name_len = 0; | 636 unsigned int type_name_len = 0; |
| 610 enum signkey_type sigtype, keytype; | 637 enum signature_type sigtype; |
| 638 enum signkey_type keytype; | |
| 611 | 639 |
| 612 TRACE(("enter buf_verify")) | 640 TRACE(("enter buf_verify")) |
| 613 | 641 |
| 614 buf_getint(buf); /* blob length */ | 642 buf_getint(buf); /* blob length */ |
| 615 type_name = buf_getstring(buf, &type_name_len); | 643 type_name = buf_getstring(buf, &type_name_len); |
| 616 sigtype = signature_type_from_name(type_name, type_name_len); | 644 sigtype = signature_type_from_name(type_name, type_name_len); |
| 617 m_free(type_name); | 645 m_free(type_name); |
| 618 | 646 |
| 619 if (expect_sigtype != DROPBEAR_SIGNKEY_ANY | 647 if (expect_sigtype != sigtype) { |
| 620 && expect_sigtype != sigtype) { | |
| 621 dropbear_exit("Non-matching signing type"); | 648 dropbear_exit("Non-matching signing type"); |
| 622 } | 649 } |
| 623 | 650 |
| 624 keytype = signkey_type_from_signature(sigtype); | 651 keytype = signkey_type_from_signature(sigtype); |
| 625 #if DROPBEAR_DSS | 652 #if DROPBEAR_DSS |