Mercurial > dropbear
comparison cli-authpubkey.c @ 1674:ba6fc7afe1c5
use sigtype where appropriate
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 06 Apr 2020 23:18:26 +0800 |
| parents | 06d52bcb8094 |
| children | ae41624c2198 |
comparison
equal
deleted
inserted
replaced
| 1668:49cb3cf4bd6f | 1674:ba6fc7afe1c5 |
|---|---|
| 31 #include "runopts.h" | 31 #include "runopts.h" |
| 32 #include "auth.h" | 32 #include "auth.h" |
| 33 #include "agentfwd.h" | 33 #include "agentfwd.h" |
| 34 | 34 |
| 35 #if DROPBEAR_CLI_PUBKEY_AUTH | 35 #if DROPBEAR_CLI_PUBKEY_AUTH |
| 36 static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign); | 36 static void send_msg_userauth_pubkey(sign_key *key, enum signkey_type sigtype, int realsign); |
| 37 | 37 |
| 38 /* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request. | 38 /* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request. |
| 39 * We use it to remove the key we tried from the list */ | 39 * We use it to remove the key we tried from the list */ |
| 40 void cli_pubkeyfail() { | 40 void cli_pubkeyfail() { |
| 41 m_list_elem *iter; | 41 m_list_elem *iter; |
| 56 void recv_msg_userauth_pk_ok() { | 56 void recv_msg_userauth_pk_ok() { |
| 57 m_list_elem *iter; | 57 m_list_elem *iter; |
| 58 buffer* keybuf = NULL; | 58 buffer* keybuf = NULL; |
| 59 char* algotype = NULL; | 59 char* algotype = NULL; |
| 60 unsigned int algolen; | 60 unsigned int algolen; |
| 61 enum signkey_type keytype; | 61 enum signkey_type sigtype, keytype; |
| 62 unsigned int remotelen; | 62 unsigned int remotelen; |
| 63 | 63 |
| 64 TRACE(("enter recv_msg_userauth_pk_ok")) | 64 TRACE(("enter recv_msg_userauth_pk_ok")) |
| 65 | 65 |
| 66 algotype = buf_getstring(ses.payload, &algolen); | 66 algotype = buf_getstring(ses.payload, &algolen); |
| 67 keytype = signkey_type_from_name(algotype, algolen); | 67 sigtype = signature_type_from_name(algotype, algolen); |
| 68 TRACE(("recv_msg_userauth_pk_ok: type %d", keytype)) | 68 keytype = signkey_type_from_signature(sigtype); |
| 69 TRACE(("recv_msg_userauth_pk_ok: type %d", sigtype)) | |
| 69 m_free(algotype); | 70 m_free(algotype); |
| 70 | 71 |
| 71 keybuf = buf_new(MAX_PUBKEY_SIZE); | 72 keybuf = buf_new(MAX_PUBKEY_SIZE); |
| 72 | 73 |
| 73 remotelen = buf_getint(ses.payload); | 74 remotelen = buf_getint(ses.payload); |
| 118 } | 119 } |
| 119 | 120 |
| 120 TRACE(("leave recv_msg_userauth_pk_ok")) | 121 TRACE(("leave recv_msg_userauth_pk_ok")) |
| 121 } | 122 } |
| 122 | 123 |
| 123 void cli_buf_put_sign(buffer* buf, sign_key *key, int type, | 124 static void cli_buf_put_sign(buffer* buf, sign_key *key, enum signkey_type sigtype, |
| 124 const buffer *data_buf) { | 125 const buffer *data_buf) { |
| 125 #if DROPBEAR_CLI_AGENTFWD | 126 #if DROPBEAR_CLI_AGENTFWD |
| 127 // TODO: rsa-sha256 agent | |
| 126 if (key->source == SIGNKEY_SOURCE_AGENT) { | 128 if (key->source == SIGNKEY_SOURCE_AGENT) { |
| 127 /* Format the agent signature ourselves, as buf_put_sign would. */ | 129 /* Format the agent signature ourselves, as buf_put_sign would. */ |
| 128 buffer *sigblob; | 130 buffer *sigblob; |
| 129 sigblob = buf_new(MAX_PUBKEY_SIZE); | 131 sigblob = buf_new(MAX_PUBKEY_SIZE); |
| 130 agent_buf_sign(sigblob, key, data_buf); | 132 agent_buf_sign(sigblob, key, data_buf); |
| 131 buf_putbufstring(buf, sigblob); | 133 buf_putbufstring(buf, sigblob); |
| 132 buf_free(sigblob); | 134 buf_free(sigblob); |
| 133 } else | 135 } else |
| 134 #endif /* DROPBEAR_CLI_AGENTFWD */ | 136 #endif /* DROPBEAR_CLI_AGENTFWD */ |
| 135 { | 137 { |
| 136 buf_put_sign(buf, key, type, data_buf); | 138 buf_put_sign(buf, key, sigtype, data_buf); |
| 137 } | 139 } |
| 138 } | 140 } |
| 139 | 141 |
| 140 /* TODO: make it take an agent reference to use as well */ | 142 static void send_msg_userauth_pubkey(sign_key *key, enum signkey_type sigtype, int realsign) { |
| 141 static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) { | |
| 142 | 143 |
| 143 const char *algoname = NULL; | 144 const char *algoname = NULL; |
| 144 unsigned int algolen; | 145 unsigned int algolen; |
| 145 buffer* sigbuf = NULL; | 146 buffer* sigbuf = NULL; |
| 147 enum signkey_type keytype = signkey_type_from_signature(sigtype); | |
| 146 | 148 |
| 147 TRACE(("enter send_msg_userauth_pubkey")) | 149 TRACE(("enter send_msg_userauth_pubkey")) |
| 148 CHECKCLEARTOWRITE(); | 150 CHECKCLEARTOWRITE(); |
| 149 | 151 |
| 150 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); | 152 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); |
| 158 buf_putstring(ses.writepayload, AUTH_METHOD_PUBKEY, | 160 buf_putstring(ses.writepayload, AUTH_METHOD_PUBKEY, |
| 159 AUTH_METHOD_PUBKEY_LEN); | 161 AUTH_METHOD_PUBKEY_LEN); |
| 160 | 162 |
| 161 buf_putbyte(ses.writepayload, realsign); | 163 buf_putbyte(ses.writepayload, realsign); |
| 162 | 164 |
| 163 algoname = signkey_name_from_type(type, &algolen); | 165 algoname = signature_name_from_type(sigtype, &algolen); |
| 164 | |
| 165 buf_putstring(ses.writepayload, algoname, algolen); | 166 buf_putstring(ses.writepayload, algoname, algolen); |
| 166 buf_put_pub_key(ses.writepayload, key, type); | 167 buf_put_pub_key(ses.writepayload, key, keytype); |
| 167 | 168 |
| 168 if (realsign) { | 169 if (realsign) { |
| 169 TRACE(("realsign")) | 170 TRACE(("realsign")) |
| 170 /* We put the signature as well - this contains string(session id), then | 171 /* We put the signature as well - this contains string(session id), then |
| 171 * the contents of the write payload to this point */ | 172 * the contents of the write payload to this point */ |
| 172 sigbuf = buf_new(4 + ses.session_id->len + ses.writepayload->len); | 173 sigbuf = buf_new(4 + ses.session_id->len + ses.writepayload->len); |
| 173 buf_putbufstring(sigbuf, ses.session_id); | 174 buf_putbufstring(sigbuf, ses.session_id); |
| 174 buf_putbytes(sigbuf, ses.writepayload->data, ses.writepayload->len); | 175 buf_putbytes(sigbuf, ses.writepayload->data, ses.writepayload->len); |
| 175 cli_buf_put_sign(ses.writepayload, key, type, sigbuf); | 176 cli_buf_put_sign(ses.writepayload, key, sigtype, sigbuf); |
| 176 buf_free(sigbuf); /* Nothing confidential in the buffer */ | 177 buf_free(sigbuf); /* Nothing confidential in the buffer */ |
| 177 } | 178 } |
| 178 | 179 |
| 179 encrypt_packet(); | 180 encrypt_packet(); |
| 180 TRACE(("leave send_msg_userauth_pubkey")) | 181 TRACE(("leave send_msg_userauth_pubkey")) |
| 193 } | 194 } |
| 194 #endif | 195 #endif |
| 195 | 196 |
| 196 if (cli_opts.privkeys->first) { | 197 if (cli_opts.privkeys->first) { |
| 197 sign_key * key = (sign_key*)cli_opts.privkeys->first->item; | 198 sign_key * key = (sign_key*)cli_opts.privkeys->first->item; |
| 199 enum signkey_type sigtype = key->type; | |
| 198 /* Send a trial request */ | 200 /* Send a trial request */ |
| 199 send_msg_userauth_pubkey(key, key->type, 0); | 201 #if DROPBEAR_RSA && DROPBEAR_RSA_SHA256 |
| 202 // TODO: use ext-info to choose rsa kind | |
| 203 if (sigtype == DROPBEAR_SIGNKEY_RSA) { | |
| 204 sigtype = DROPBEAR_SIGNKEY_RSA_SHA256; | |
| 205 } | |
| 206 #endif | |
| 207 send_msg_userauth_pubkey(key, sigtype, 0); | |
| 200 cli_ses.lastprivkey = key; | 208 cli_ses.lastprivkey = key; |
| 201 TRACE(("leave cli_auth_pubkey-success")) | 209 TRACE(("leave cli_auth_pubkey-success")) |
| 202 return 1; | 210 return 1; |
| 203 } else { | 211 } else { |
| 204 /* no more keys left */ | 212 /* no more keys left */ |