Mercurial > dropbear
comparison svr-authpubkey.c @ 1675:ae41624c2198
split signkey_type and signature_type for RSA sha1 vs sha256
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 17 May 2020 23:58:31 +0800 |
| parents | ba6fc7afe1c5 |
| children | 064f5be2fc45 |
comparison
equal
deleted
inserted
replaced
| 1674:ba6fc7afe1c5 | 1675:ae41624c2198 |
|---|---|
| 90 unsigned int keybloblen; | 90 unsigned int keybloblen; |
| 91 unsigned int sign_payload_length; | 91 unsigned int sign_payload_length; |
| 92 buffer * signbuf = NULL; | 92 buffer * signbuf = NULL; |
| 93 sign_key * key = NULL; | 93 sign_key * key = NULL; |
| 94 char* fp = NULL; | 94 char* fp = NULL; |
| 95 enum signkey_type sigtype, keytype; | 95 enum signature_type sigtype; |
| 96 enum signkey_type keytype; | |
| 96 int auth_failure = 1; | 97 int auth_failure = 1; |
| 97 | 98 |
| 98 TRACE(("enter pubkeyauth")) | 99 TRACE(("enter pubkeyauth")) |
| 99 | 100 |
| 100 /* 0 indicates user just wants to check if key can be used, 1 is an | 101 /* 0 indicates user just wants to check if key can be used, 1 is an |
| 101 * actual attempt*/ | 102 * actual attempt*/ |
| 102 testkey = (buf_getbool(ses.payload) == 0); | 103 testkey = (buf_getbool(ses.payload) == 0); |
| 103 | 104 |
| 104 sigalgo = buf_getstring(ses.payload, &sigalgolen); | 105 sigalgo = buf_getstring(ses.payload, &sigalgolen); |
| 105 sigtype = signature_type_from_name(sigalgo, sigalgolen); | |
| 106 keytype = signkey_type_from_signature(sigtype); | |
| 107 keyalgo = signkey_name_from_type(keytype, &keyalgolen); | |
| 108 | |
| 109 keybloblen = buf_getint(ses.payload); | 106 keybloblen = buf_getint(ses.payload); |
| 110 keyblob = buf_getptr(ses.payload, keybloblen); | 107 keyblob = buf_getptr(ses.payload, keybloblen); |
| 111 | 108 |
| 112 if (!valid_user) { | 109 if (!valid_user) { |
| 113 /* Return failure once we have read the contents of the packet | 110 /* Return failure once we have read the contents of the packet |
| 115 Avoids blind user enumeration though it isn't possible to prevent | 112 Avoids blind user enumeration though it isn't possible to prevent |
| 116 testing for user existence if the public key is known */ | 113 testing for user existence if the public key is known */ |
| 117 send_msg_userauth_failure(0, 0); | 114 send_msg_userauth_failure(0, 0); |
| 118 goto out; | 115 goto out; |
| 119 } | 116 } |
| 117 | |
| 118 sigtype = signature_type_from_name(sigalgo, sigalgolen); | |
| 119 if (sigtype == DROPBEAR_SIGNATURE_NONE) { | |
| 120 send_msg_userauth_failure(0, 0); | |
| 121 goto out; | |
| 122 } | |
| 123 | |
| 124 keytype = signkey_type_from_signature(sigtype); | |
| 125 keyalgo = signkey_name_from_type(keytype, &keyalgolen); | |
| 126 | |
| 120 #if DROPBEAR_PLUGIN | 127 #if DROPBEAR_PLUGIN |
| 121 if (svr_ses.plugin_instance != NULL) { | 128 if (svr_ses.plugin_instance != NULL) { |
| 122 char *options_buf; | 129 char *options_buf; |
| 123 if (svr_ses.plugin_instance->checkpubkey( | 130 if (svr_ses.plugin_instance->checkpubkey( |
| 124 svr_ses.plugin_instance, | 131 svr_ses.plugin_instance, |