Mercurial > dropbear
comparison svr-authpubkey.c @ 1675:ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sun, 17 May 2020 23:58:31 +0800 |
parents | ba6fc7afe1c5 |
children | 064f5be2fc45 |
comparison
equal
deleted
inserted
replaced
1674:ba6fc7afe1c5 | 1675:ae41624c2198 |
---|---|
90 unsigned int keybloblen; | 90 unsigned int keybloblen; |
91 unsigned int sign_payload_length; | 91 unsigned int sign_payload_length; |
92 buffer * signbuf = NULL; | 92 buffer * signbuf = NULL; |
93 sign_key * key = NULL; | 93 sign_key * key = NULL; |
94 char* fp = NULL; | 94 char* fp = NULL; |
95 enum signkey_type sigtype, keytype; | 95 enum signature_type sigtype; |
96 enum signkey_type keytype; | |
96 int auth_failure = 1; | 97 int auth_failure = 1; |
97 | 98 |
98 TRACE(("enter pubkeyauth")) | 99 TRACE(("enter pubkeyauth")) |
99 | 100 |
100 /* 0 indicates user just wants to check if key can be used, 1 is an | 101 /* 0 indicates user just wants to check if key can be used, 1 is an |
101 * actual attempt*/ | 102 * actual attempt*/ |
102 testkey = (buf_getbool(ses.payload) == 0); | 103 testkey = (buf_getbool(ses.payload) == 0); |
103 | 104 |
104 sigalgo = buf_getstring(ses.payload, &sigalgolen); | 105 sigalgo = buf_getstring(ses.payload, &sigalgolen); |
105 sigtype = signature_type_from_name(sigalgo, sigalgolen); | |
106 keytype = signkey_type_from_signature(sigtype); | |
107 keyalgo = signkey_name_from_type(keytype, &keyalgolen); | |
108 | |
109 keybloblen = buf_getint(ses.payload); | 106 keybloblen = buf_getint(ses.payload); |
110 keyblob = buf_getptr(ses.payload, keybloblen); | 107 keyblob = buf_getptr(ses.payload, keybloblen); |
111 | 108 |
112 if (!valid_user) { | 109 if (!valid_user) { |
113 /* Return failure once we have read the contents of the packet | 110 /* Return failure once we have read the contents of the packet |
115 Avoids blind user enumeration though it isn't possible to prevent | 112 Avoids blind user enumeration though it isn't possible to prevent |
116 testing for user existence if the public key is known */ | 113 testing for user existence if the public key is known */ |
117 send_msg_userauth_failure(0, 0); | 114 send_msg_userauth_failure(0, 0); |
118 goto out; | 115 goto out; |
119 } | 116 } |
117 | |
118 sigtype = signature_type_from_name(sigalgo, sigalgolen); | |
119 if (sigtype == DROPBEAR_SIGNATURE_NONE) { | |
120 send_msg_userauth_failure(0, 0); | |
121 goto out; | |
122 } | |
123 | |
124 keytype = signkey_type_from_signature(sigtype); | |
125 keyalgo = signkey_name_from_type(keytype, &keyalgolen); | |
126 | |
120 #if DROPBEAR_PLUGIN | 127 #if DROPBEAR_PLUGIN |
121 if (svr_ses.plugin_instance != NULL) { | 128 if (svr_ses.plugin_instance != NULL) { |
122 char *options_buf; | 129 char *options_buf; |
123 if (svr_ses.plugin_instance->checkpubkey( | 130 if (svr_ses.plugin_instance->checkpubkey( |
124 svr_ses.plugin_instance, | 131 svr_ses.plugin_instance, |