mirror of
http://galexander.org/git/simplesshd.git
synced 2025-01-27 15:30:56 +00:00
781 lines
20 KiB
C
781 lines
20 KiB
C
/*
|
|
* Dropbear - a SSH2 server
|
|
*
|
|
* Copyright (c) 2002,2003 Matt Johnston
|
|
* All rights reserved.
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
* in the Software without restriction, including without limitation the rights
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
* furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
* SOFTWARE. */
|
|
|
|
#include "includes.h"
|
|
#include "dbutil.h"
|
|
#include "signkey.h"
|
|
#include "buffer.h"
|
|
#include "ssh.h"
|
|
#include "ecdsa.h"
|
|
#include "rsa.h"
|
|
#include "dss.h"
|
|
#include "ed25519.h"
|
|
|
|
static const char * const signkey_names[DROPBEAR_SIGNKEY_NUM_NAMED] = {
|
|
#if DROPBEAR_RSA
|
|
"ssh-rsa",
|
|
#endif
|
|
#if DROPBEAR_DSS
|
|
"ssh-dss",
|
|
#endif
|
|
#if DROPBEAR_ECDSA
|
|
"ecdsa-sha2-nistp256",
|
|
"ecdsa-sha2-nistp384",
|
|
"ecdsa-sha2-nistp521",
|
|
#endif /* DROPBEAR_ECDSA */
|
|
#if DROPBEAR_ED25519
|
|
"ssh-ed25519",
|
|
#endif /* DROPBEAR_ED25519 */
|
|
/* "rsa-sha2-256" is special-cased below since it is only a signature name, not key type */
|
|
};
|
|
|
|
/* malloc a new sign_key and set the dss and rsa keys to NULL */
|
|
sign_key * new_sign_key() {
|
|
|
|
sign_key * ret;
|
|
|
|
ret = (sign_key*)m_malloc(sizeof(sign_key));
|
|
ret->type = DROPBEAR_SIGNKEY_NONE;
|
|
ret->source = SIGNKEY_SOURCE_INVALID;
|
|
return ret;
|
|
}
|
|
|
|
/* Returns key name corresponding to the type. Exits fatally
|
|
* if the type is invalid */
|
|
const char* signkey_name_from_type(enum signkey_type type, unsigned int *namelen) {
|
|
if (type >= DROPBEAR_SIGNKEY_NUM_NAMED) {
|
|
dropbear_exit("Bad key type %d", type);
|
|
}
|
|
|
|
if (namelen) {
|
|
*namelen = strlen(signkey_names[type]);
|
|
}
|
|
return signkey_names[type];
|
|
}
|
|
|
|
/* Returns DROPBEAR_SIGNKEY_NONE if none match */
|
|
enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen) {
|
|
int i;
|
|
for (i = 0; i < DROPBEAR_SIGNKEY_NUM_NAMED; i++) {
|
|
const char *fixed_name = signkey_names[i];
|
|
if (namelen == strlen(fixed_name)
|
|
&& memcmp(fixed_name, name, namelen) == 0) {
|
|
|
|
#if DROPBEAR_ECDSA
|
|
/* Some of the ECDSA key sizes are defined even if they're not compiled in */
|
|
if (0
|
|
#if !DROPBEAR_ECC_256
|
|
|| i == DROPBEAR_SIGNKEY_ECDSA_NISTP256
|
|
#endif
|
|
#if !DROPBEAR_ECC_384
|
|
|| i == DROPBEAR_SIGNKEY_ECDSA_NISTP384
|
|
#endif
|
|
#if !DROPBEAR_ECC_521
|
|
|| i == DROPBEAR_SIGNKEY_ECDSA_NISTP521
|
|
#endif
|
|
) {
|
|
TRACE(("attempt to use ecdsa type %d not compiled in", i))
|
|
return DROPBEAR_SIGNKEY_NONE;
|
|
}
|
|
#endif
|
|
|
|
return (enum signkey_type)i;
|
|
}
|
|
}
|
|
|
|
TRACE(("signkey_type_from_name unexpected key type."))
|
|
|
|
return DROPBEAR_SIGNKEY_NONE;
|
|
}
|
|
|
|
/* Special case for rsa-sha2-256. This could be generalised if more
|
|
signature names are added that aren't 1-1 with public key names */
|
|
const char* signature_name_from_type(enum signature_type type, unsigned int *namelen) {
|
|
#if DROPBEAR_RSA_SHA256
|
|
if (type == DROPBEAR_SIGNATURE_RSA_SHA256) {
|
|
if (namelen) {
|
|
*namelen = strlen(SSH_SIGNATURE_RSA_SHA256);
|
|
}
|
|
return SSH_SIGNATURE_RSA_SHA256;
|
|
}
|
|
#endif
|
|
#if DROPBEAR_RSA_SHA1
|
|
if (type == DROPBEAR_SIGNATURE_RSA_SHA1) {
|
|
if (namelen) {
|
|
*namelen = strlen(SSH_SIGNKEY_RSA);
|
|
}
|
|
return SSH_SIGNKEY_RSA;
|
|
}
|
|
#endif
|
|
return signkey_name_from_type((enum signkey_type)type, namelen);
|
|
}
|
|
|
|
/* Returns DROPBEAR_SIGNATURE_NONE if none match */
|
|
enum signature_type signature_type_from_name(const char* name, unsigned int namelen) {
|
|
#if DROPBEAR_RSA_SHA256
|
|
if (namelen == strlen(SSH_SIGNATURE_RSA_SHA256)
|
|
&& memcmp(name, SSH_SIGNATURE_RSA_SHA256, namelen) == 0) {
|
|
return DROPBEAR_SIGNATURE_RSA_SHA256;
|
|
}
|
|
#endif
|
|
#if DROPBEAR_RSA_SHA1
|
|
if (namelen == strlen(SSH_SIGNKEY_RSA)
|
|
&& memcmp(name, SSH_SIGNKEY_RSA, namelen) == 0) {
|
|
return DROPBEAR_SIGNATURE_RSA_SHA1;
|
|
}
|
|
#endif
|
|
return (enum signature_type)signkey_type_from_name(name, namelen);
|
|
}
|
|
|
|
/* Returns the signature type from a key type. Must not be called
|
|
with RSA keytype */
|
|
enum signature_type signature_type_from_signkey(enum signkey_type keytype) {
|
|
#if DROPBEAR_RSA
|
|
assert(keytype != DROPBEAR_SIGNKEY_RSA);
|
|
#endif
|
|
assert(keytype < DROPBEAR_SIGNKEY_NUM_NAMED);
|
|
return (enum signature_type)keytype;
|
|
}
|
|
|
|
enum signkey_type signkey_type_from_signature(enum signature_type sigtype) {
|
|
#if DROPBEAR_RSA_SHA256
|
|
if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA256) {
|
|
return DROPBEAR_SIGNKEY_RSA;
|
|
}
|
|
#endif
|
|
#if DROPBEAR_RSA_SHA1
|
|
if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA1) {
|
|
return DROPBEAR_SIGNKEY_RSA;
|
|
}
|
|
#endif
|
|
assert((int)sigtype < (int)DROPBEAR_SIGNKEY_NUM_NAMED);
|
|
return (enum signkey_type)sigtype;
|
|
}
|
|
|
|
/* Returns a pointer to the key part specific to "type".
|
|
Be sure to check both (ret != NULL) and (*ret != NULL) */
|
|
void **
|
|
signkey_key_ptr(sign_key *key, enum signkey_type type) {
|
|
switch (type) {
|
|
#if DROPBEAR_ED25519
|
|
case DROPBEAR_SIGNKEY_ED25519:
|
|
return (void**)&key->ed25519key;
|
|
#endif
|
|
#if DROPBEAR_ECDSA
|
|
#if DROPBEAR_ECC_256
|
|
case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
|
|
return (void**)&key->ecckey256;
|
|
#endif
|
|
#if DROPBEAR_ECC_384
|
|
case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
|
|
return (void**)&key->ecckey384;
|
|
#endif
|
|
#if DROPBEAR_ECC_521
|
|
case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
|
|
return (void**)&key->ecckey521;
|
|
#endif
|
|
#endif /* DROPBEAR_ECDSA */
|
|
#if DROPBEAR_RSA
|
|
case DROPBEAR_SIGNKEY_RSA:
|
|
return (void**)&key->rsakey;
|
|
#endif
|
|
#if DROPBEAR_DSS
|
|
case DROPBEAR_SIGNKEY_DSS:
|
|
return (void**)&key->dsskey;
|
|
#endif
|
|
default:
|
|
return NULL;
|
|
}
|
|
}
|
|
|
|
/* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail.
|
|
* type should be set by the caller to specify the type to read, and
|
|
* on return is set to the type read (useful when type = _ANY) */
|
|
int buf_get_pub_key(buffer *buf, sign_key *key, enum signkey_type *type) {
|
|
|
|
char *ident;
|
|
unsigned int len;
|
|
enum signkey_type keytype;
|
|
int ret = DROPBEAR_FAILURE;
|
|
|
|
TRACE2(("enter buf_get_pub_key"))
|
|
|
|
ident = buf_getstring(buf, &len);
|
|
keytype = signkey_type_from_name(ident, len);
|
|
m_free(ident);
|
|
|
|
if (*type != DROPBEAR_SIGNKEY_ANY && *type != keytype) {
|
|
TRACE(("buf_get_pub_key bad type - got %d, expected %d", keytype, *type))
|
|
return DROPBEAR_FAILURE;
|
|
}
|
|
|
|
TRACE2(("buf_get_pub_key keytype is %d", keytype))
|
|
|
|
*type = keytype;
|
|
|
|
/* Rewind the buffer back before "ssh-rsa" etc */
|
|
buf_decrpos(buf, len + 4);
|
|
|
|
#if DROPBEAR_DSS
|
|
if (keytype == DROPBEAR_SIGNKEY_DSS) {
|
|
dss_key_free(key->dsskey);
|
|
key->dsskey = m_malloc(sizeof(*key->dsskey));
|
|
ret = buf_get_dss_pub_key(buf, key->dsskey);
|
|
if (ret == DROPBEAR_FAILURE) {
|
|
dss_key_free(key->dsskey);
|
|
key->dsskey = NULL;
|
|
}
|
|
}
|
|
#endif
|
|
#if DROPBEAR_RSA
|
|
if (keytype == DROPBEAR_SIGNKEY_RSA) {
|
|
rsa_key_free(key->rsakey);
|
|
key->rsakey = m_malloc(sizeof(*key->rsakey));
|
|
ret = buf_get_rsa_pub_key(buf, key->rsakey);
|
|
if (ret == DROPBEAR_FAILURE) {
|
|
rsa_key_free(key->rsakey);
|
|
key->rsakey = NULL;
|
|
}
|
|
}
|
|
#endif
|
|
#if DROPBEAR_ECDSA
|
|
if (signkey_is_ecdsa(keytype)) {
|
|
ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype);
|
|
if (eck) {
|
|
if (*eck) {
|
|
ecc_free(*eck);
|
|
m_free(*eck);
|
|
*eck = NULL;
|
|
}
|
|
*eck = buf_get_ecdsa_pub_key(buf);
|
|
if (*eck) {
|
|
ret = DROPBEAR_SUCCESS;
|
|
}
|
|
}
|
|
}
|
|
#endif
|
|
#if DROPBEAR_ED25519
|
|
if (keytype == DROPBEAR_SIGNKEY_ED25519) {
|
|
ed25519_key_free(key->ed25519key);
|
|
key->ed25519key = m_malloc(sizeof(*key->ed25519key));
|
|
ret = buf_get_ed25519_pub_key(buf, key->ed25519key);
|
|
if (ret == DROPBEAR_FAILURE) {
|
|
m_free(key->ed25519key);
|
|
key->ed25519key = NULL;
|
|
}
|
|
}
|
|
#endif
|
|
|
|
TRACE2(("leave buf_get_pub_key"))
|
|
|
|
return ret;
|
|
}
|
|
|
|
/* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail.
|
|
* type should be set by the caller to specify the type to read, and
|
|
* on return is set to the type read (useful when type = _ANY) */
|
|
int buf_get_priv_key(buffer *buf, sign_key *key, enum signkey_type *type) {
|
|
|
|
char *ident;
|
|
unsigned int len;
|
|
enum signkey_type keytype;
|
|
int ret = DROPBEAR_FAILURE;
|
|
|
|
TRACE2(("enter buf_get_priv_key"))
|
|
|
|
ident = buf_getstring(buf, &len);
|
|
keytype = signkey_type_from_name(ident, len);
|
|
m_free(ident);
|
|
|
|
if (*type != DROPBEAR_SIGNKEY_ANY && *type != keytype) {
|
|
TRACE(("wrong key type: %d %d", *type, keytype))
|
|
return DROPBEAR_FAILURE;
|
|
}
|
|
|
|
*type = keytype;
|
|
|
|
/* Rewind the buffer back before "ssh-rsa" etc */
|
|
buf_decrpos(buf, len + 4);
|
|
|
|
#if DROPBEAR_DSS
|
|
if (keytype == DROPBEAR_SIGNKEY_DSS) {
|
|
dss_key_free(key->dsskey);
|
|
key->dsskey = m_malloc(sizeof(*key->dsskey));
|
|
ret = buf_get_dss_priv_key(buf, key->dsskey);
|
|
if (ret == DROPBEAR_FAILURE) {
|
|
dss_key_free(key->dsskey);
|
|
key->dsskey = NULL;
|
|
}
|
|
}
|
|
#endif
|
|
#if DROPBEAR_RSA
|
|
if (keytype == DROPBEAR_SIGNKEY_RSA) {
|
|
rsa_key_free(key->rsakey);
|
|
key->rsakey = m_malloc(sizeof(*key->rsakey));
|
|
ret = buf_get_rsa_priv_key(buf, key->rsakey);
|
|
if (ret == DROPBEAR_FAILURE) {
|
|
rsa_key_free(key->rsakey);
|
|
key->rsakey = NULL;
|
|
}
|
|
}
|
|
#endif
|
|
#if DROPBEAR_ECDSA
|
|
if (signkey_is_ecdsa(keytype)) {
|
|
ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype);
|
|
if (eck) {
|
|
if (*eck) {
|
|
ecc_free(*eck);
|
|
m_free(*eck);
|
|
*eck = NULL;
|
|
}
|
|
*eck = buf_get_ecdsa_priv_key(buf);
|
|
if (*eck) {
|
|
ret = DROPBEAR_SUCCESS;
|
|
}
|
|
}
|
|
}
|
|
#endif
|
|
#if DROPBEAR_ED25519
|
|
if (keytype == DROPBEAR_SIGNKEY_ED25519) {
|
|
ed25519_key_free(key->ed25519key);
|
|
key->ed25519key = m_malloc(sizeof(*key->ed25519key));
|
|
ret = buf_get_ed25519_priv_key(buf, key->ed25519key);
|
|
if (ret == DROPBEAR_FAILURE) {
|
|
m_free(key->ed25519key);
|
|
key->ed25519key = NULL;
|
|
}
|
|
}
|
|
#endif
|
|
|
|
TRACE2(("leave buf_get_priv_key"))
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
/* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */
|
|
void buf_put_pub_key(buffer* buf, sign_key *key, enum signkey_type type) {
|
|
|
|
buffer *pubkeys;
|
|
|
|
TRACE2(("enter buf_put_pub_key"))
|
|
pubkeys = buf_new(MAX_PUBKEY_SIZE);
|
|
|
|
#if DROPBEAR_DSS
|
|
if (type == DROPBEAR_SIGNKEY_DSS) {
|
|
buf_put_dss_pub_key(pubkeys, key->dsskey);
|
|
}
|
|
#endif
|
|
#if DROPBEAR_RSA
|
|
if (type == DROPBEAR_SIGNKEY_RSA) {
|
|
buf_put_rsa_pub_key(pubkeys, key->rsakey);
|
|
}
|
|
#endif
|
|
#if DROPBEAR_ECDSA
|
|
if (signkey_is_ecdsa(type)) {
|
|
ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
|
|
if (eck && *eck) {
|
|
buf_put_ecdsa_pub_key(pubkeys, *eck);
|
|
}
|
|
}
|
|
#endif
|
|
#if DROPBEAR_ED25519
|
|
if (type == DROPBEAR_SIGNKEY_ED25519) {
|
|
buf_put_ed25519_pub_key(pubkeys, key->ed25519key);
|
|
}
|
|
#endif
|
|
if (pubkeys->len == 0) {
|
|
dropbear_exit("Bad key types in buf_put_pub_key");
|
|
}
|
|
|
|
buf_putbufstring(buf, pubkeys);
|
|
buf_free(pubkeys);
|
|
TRACE2(("leave buf_put_pub_key"))
|
|
}
|
|
|
|
/* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */
|
|
void buf_put_priv_key(buffer* buf, sign_key *key, enum signkey_type type) {
|
|
|
|
TRACE(("enter buf_put_priv_key"))
|
|
TRACE(("type is %d", type))
|
|
|
|
#if DROPBEAR_DSS
|
|
if (type == DROPBEAR_SIGNKEY_DSS) {
|
|
buf_put_dss_priv_key(buf, key->dsskey);
|
|
TRACE(("leave buf_put_priv_key: dss done"))
|
|
return;
|
|
}
|
|
#endif
|
|
#if DROPBEAR_RSA
|
|
if (type == DROPBEAR_SIGNKEY_RSA) {
|
|
buf_put_rsa_priv_key(buf, key->rsakey);
|
|
TRACE(("leave buf_put_priv_key: rsa done"))
|
|
return;
|
|
}
|
|
#endif
|
|
#if DROPBEAR_ECDSA
|
|
if (signkey_is_ecdsa(type)) {
|
|
ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
|
|
if (eck && *eck) {
|
|
buf_put_ecdsa_priv_key(buf, *eck);
|
|
TRACE(("leave buf_put_priv_key: ecdsa done"))
|
|
return;
|
|
}
|
|
}
|
|
#endif
|
|
#if DROPBEAR_ED25519
|
|
if (type == DROPBEAR_SIGNKEY_ED25519) {
|
|
buf_put_ed25519_priv_key(buf, key->ed25519key);
|
|
TRACE(("leave buf_put_priv_key: ed25519 done"))
|
|
return;
|
|
}
|
|
#endif
|
|
dropbear_exit("Bad key types in put pub key");
|
|
}
|
|
|
|
void sign_key_free(sign_key *key) {
|
|
|
|
TRACE2(("enter sign_key_free"))
|
|
|
|
#if DROPBEAR_DSS
|
|
dss_key_free(key->dsskey);
|
|
key->dsskey = NULL;
|
|
#endif
|
|
#if DROPBEAR_RSA
|
|
rsa_key_free(key->rsakey);
|
|
key->rsakey = NULL;
|
|
#endif
|
|
#if DROPBEAR_ECDSA
|
|
#if DROPBEAR_ECC_256
|
|
if (key->ecckey256) {
|
|
ecc_free(key->ecckey256);
|
|
m_free(key->ecckey256);
|
|
key->ecckey256 = NULL;
|
|
}
|
|
#endif
|
|
#if DROPBEAR_ECC_384
|
|
if (key->ecckey384) {
|
|
ecc_free(key->ecckey384);
|
|
m_free(key->ecckey384);
|
|
key->ecckey384 = NULL;
|
|
}
|
|
#endif
|
|
#if DROPBEAR_ECC_521
|
|
if (key->ecckey521) {
|
|
ecc_free(key->ecckey521);
|
|
m_free(key->ecckey521);
|
|
key->ecckey521 = NULL;
|
|
}
|
|
#endif
|
|
#endif
|
|
#if DROPBEAR_ED25519
|
|
ed25519_key_free(key->ed25519key);
|
|
key->ed25519key = NULL;
|
|
#endif
|
|
|
|
m_free(key->filename);
|
|
|
|
m_free(key);
|
|
TRACE2(("leave sign_key_free"))
|
|
}
|
|
|
|
static char hexdig(unsigned char x) {
|
|
if (x > 0xf)
|
|
return 'X';
|
|
|
|
if (x < 10)
|
|
return '0' + x;
|
|
else
|
|
return 'a' + x - 10;
|
|
}
|
|
|
|
/* Since we're not sure if we'll have md5 or sha1, we present both.
|
|
* MD5 is used in preference, but sha1 could still be useful */
|
|
#if DROPBEAR_MD5_HMAC
|
|
static char * sign_key_md5_fingerprint(const unsigned char* keyblob,
|
|
unsigned int keybloblen) {
|
|
|
|
char * ret;
|
|
hash_state hs;
|
|
unsigned char hash[MD5_HASH_SIZE];
|
|
unsigned int i;
|
|
unsigned int buflen;
|
|
|
|
md5_init(&hs);
|
|
|
|
/* skip the size int of the string - this is a bit messy */
|
|
md5_process(&hs, keyblob, keybloblen);
|
|
|
|
md5_done(&hs, hash);
|
|
|
|
/* "md5 hexfingerprinthere\0", each hex digit is "AB:" etc */
|
|
buflen = 4 + 3*MD5_HASH_SIZE;
|
|
ret = (char*)m_malloc(buflen);
|
|
|
|
memset(ret, 'Z', buflen);
|
|
strcpy(ret, "md5 ");
|
|
|
|
for (i = 0; i < MD5_HASH_SIZE; i++) {
|
|
unsigned int pos = 4 + i*3;
|
|
ret[pos] = hexdig(hash[i] >> 4);
|
|
ret[pos+1] = hexdig(hash[i] & 0x0f);
|
|
ret[pos+2] = ':';
|
|
}
|
|
ret[buflen-1] = 0x0;
|
|
|
|
return ret;
|
|
}
|
|
|
|
#else /* use SHA1 rather than MD5 for fingerprint */
|
|
static char * sign_key_sha1_fingerprint(const unsigned char* keyblob,
|
|
unsigned int keybloblen) {
|
|
|
|
char * ret;
|
|
hash_state hs;
|
|
unsigned char hash[SHA1_HASH_SIZE];
|
|
unsigned int i;
|
|
unsigned int buflen;
|
|
|
|
sha1_init(&hs);
|
|
|
|
/* skip the size int of the string - this is a bit messy */
|
|
sha1_process(&hs, keyblob, keybloblen);
|
|
|
|
sha1_done(&hs, hash);
|
|
|
|
/* "sha1!! hexfingerprinthere\0", each hex digit is "AB:" etc */
|
|
buflen = 7 + 3*SHA1_HASH_SIZE;
|
|
ret = (char*)m_malloc(buflen);
|
|
|
|
strcpy(ret, "sha1!! ");
|
|
|
|
for (i = 0; i < SHA1_HASH_SIZE; i++) {
|
|
unsigned int pos = 7 + 3*i;
|
|
ret[pos] = hexdig(hash[i] >> 4);
|
|
ret[pos+1] = hexdig(hash[i] & 0x0f);
|
|
ret[pos+2] = ':';
|
|
}
|
|
ret[buflen-1] = 0x0;
|
|
|
|
return ret;
|
|
}
|
|
|
|
#endif /* MD5/SHA1 switch */
|
|
|
|
/* This will return a freshly malloced string, containing a fingerprint
|
|
* in either sha1 or md5 */
|
|
char * sign_key_fingerprint(const unsigned char* keyblob, unsigned int keybloblen) {
|
|
|
|
#if DROPBEAR_MD5_HMAC
|
|
return sign_key_md5_fingerprint(keyblob, keybloblen);
|
|
#else
|
|
return sign_key_sha1_fingerprint(keyblob, keybloblen);
|
|
#endif
|
|
}
|
|
|
|
void buf_put_sign(buffer* buf, sign_key *key, enum signature_type sigtype,
|
|
const buffer *data_buf) {
|
|
buffer *sigblob = buf_new(MAX_PUBKEY_SIZE);
|
|
enum signkey_type keytype = signkey_type_from_signature(sigtype);
|
|
|
|
#if DEBUG_TRACE
|
|
{
|
|
const char* signame = signature_name_from_type(sigtype, NULL);
|
|
TRACE(("buf_put_sign type %d %s", sigtype, signame));
|
|
}
|
|
#endif
|
|
|
|
|
|
#if DROPBEAR_DSS
|
|
if (keytype == DROPBEAR_SIGNKEY_DSS) {
|
|
buf_put_dss_sign(sigblob, key->dsskey, data_buf);
|
|
}
|
|
#endif
|
|
#if DROPBEAR_RSA
|
|
if (keytype == DROPBEAR_SIGNKEY_RSA) {
|
|
buf_put_rsa_sign(sigblob, key->rsakey, sigtype, data_buf);
|
|
}
|
|
#endif
|
|
#if DROPBEAR_ECDSA
|
|
if (signkey_is_ecdsa(keytype)) {
|
|
ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype);
|
|
if (eck && *eck) {
|
|
buf_put_ecdsa_sign(sigblob, *eck, data_buf);
|
|
}
|
|
}
|
|
#endif
|
|
#if DROPBEAR_ED25519
|
|
if (keytype == DROPBEAR_SIGNKEY_ED25519) {
|
|
buf_put_ed25519_sign(sigblob, key->ed25519key, data_buf);
|
|
}
|
|
#endif
|
|
if (sigblob->len == 0) {
|
|
dropbear_exit("Non-matching signing type");
|
|
}
|
|
buf_putbufstring(buf, sigblob);
|
|
buf_free(sigblob);
|
|
|
|
}
|
|
|
|
#if DROPBEAR_SIGNKEY_VERIFY
|
|
/* Return DROPBEAR_SUCCESS or DROPBEAR_FAILURE.
|
|
* If FAILURE is returned, the position of
|
|
* buf is undefined. If SUCCESS is returned, buf will be positioned after the
|
|
* signature blob */
|
|
int buf_verify(buffer * buf, sign_key *key, enum signature_type expect_sigtype, const buffer *data_buf) {
|
|
|
|
char *type_name = NULL;
|
|
unsigned int type_name_len = 0;
|
|
enum signature_type sigtype;
|
|
enum signkey_type keytype;
|
|
|
|
TRACE(("enter buf_verify"))
|
|
|
|
buf_getint(buf); /* blob length */
|
|
type_name = buf_getstring(buf, &type_name_len);
|
|
sigtype = signature_type_from_name(type_name, type_name_len);
|
|
m_free(type_name);
|
|
|
|
if (((expect_sigtype == DROPBEAR_SIGNATURE_RSA_SHA256) &&
|
|
(sigtype == DROPBEAR_SIGNATURE_RSA_SHA1)) ||
|
|
((expect_sigtype == DROPBEAR_SIGNATURE_RSA_SHA1) &&
|
|
(sigtype == DROPBEAR_SIGNATURE_RSA_SHA256))) {
|
|
/* ignore mismatch between different flavors of ssh-rsa
|
|
* - Greg 2021/01/17 */
|
|
} else if (expect_sigtype != sigtype) {
|
|
dropbear_exit("Non-matching signing type");
|
|
}
|
|
|
|
keytype = signkey_type_from_signature(sigtype);
|
|
#if DROPBEAR_DSS
|
|
if (keytype == DROPBEAR_SIGNKEY_DSS) {
|
|
if (key->dsskey == NULL) {
|
|
dropbear_exit("No DSS key to verify signature");
|
|
}
|
|
return buf_dss_verify(buf, key->dsskey, data_buf);
|
|
}
|
|
#endif
|
|
|
|
#if DROPBEAR_RSA
|
|
if (keytype == DROPBEAR_SIGNKEY_RSA) {
|
|
if (key->rsakey == NULL) {
|
|
dropbear_exit("No RSA key to verify signature");
|
|
}
|
|
return buf_rsa_verify(buf, key->rsakey, sigtype, data_buf);
|
|
}
|
|
#endif
|
|
#if DROPBEAR_ECDSA
|
|
if (signkey_is_ecdsa(keytype)) {
|
|
ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype);
|
|
if (eck && *eck) {
|
|
return buf_ecdsa_verify(buf, *eck, data_buf);
|
|
}
|
|
}
|
|
#endif
|
|
#if DROPBEAR_ED25519
|
|
if (keytype == DROPBEAR_SIGNKEY_ED25519) {
|
|
if (key->ed25519key == NULL) {
|
|
dropbear_exit("No Ed25519 key to verify signature");
|
|
}
|
|
return buf_ed25519_verify(buf, key->ed25519key, data_buf);
|
|
}
|
|
#endif
|
|
|
|
dropbear_exit("Non-matching signing type");
|
|
return DROPBEAR_FAILURE;
|
|
}
|
|
#endif /* DROPBEAR_SIGNKEY_VERIFY */
|
|
|
|
#if DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
|
|
|
|
/* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE when given a buffer containing
|
|
* a key, a key, and a type. The buffer is positioned at the start of the
|
|
* base64 data, and contains no trailing data */
|
|
/* If fingerprint is non-NULL, it will be set to a malloc()ed fingerprint
|
|
of the key if it is successfully decoded */
|
|
int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen,
|
|
const unsigned char* algoname, unsigned int algolen,
|
|
const buffer * line, char ** fingerprint) {
|
|
|
|
buffer * decodekey = NULL;
|
|
int ret = DROPBEAR_FAILURE;
|
|
unsigned int len, filealgolen;
|
|
unsigned long decodekeylen;
|
|
unsigned char* filealgo = NULL;
|
|
|
|
/* now we have the actual data */
|
|
len = line->len - line->pos;
|
|
if (len == 0) {
|
|
/* base64_decode doesn't like NULL argument */
|
|
return DROPBEAR_FAILURE;
|
|
}
|
|
decodekeylen = len * 2; /* big to be safe */
|
|
decodekey = buf_new(decodekeylen);
|
|
|
|
if (base64_decode(buf_getptr(line, len), len,
|
|
buf_getwriteptr(decodekey, decodekey->size),
|
|
&decodekeylen) != CRYPT_OK) {
|
|
TRACE(("checkpubkey: base64 decode failed"))
|
|
goto out;
|
|
}
|
|
TRACE(("checkpubkey: base64_decode success"))
|
|
buf_incrlen(decodekey, decodekeylen);
|
|
|
|
if (fingerprint) {
|
|
*fingerprint = sign_key_fingerprint(buf_getptr(decodekey, decodekeylen),
|
|
decodekeylen);
|
|
}
|
|
|
|
/* compare the keys */
|
|
if ( ( decodekeylen != keybloblen )
|
|
|| memcmp( buf_getptr(decodekey, decodekey->len),
|
|
keyblob, decodekey->len) != 0) {
|
|
TRACE(("checkpubkey: compare failed"))
|
|
goto out;
|
|
}
|
|
|
|
/* ... and also check that the algo specified and the algo in the key
|
|
* itself match */
|
|
filealgolen = buf_getint(decodekey);
|
|
filealgo = buf_getptr(decodekey, filealgolen);
|
|
if (filealgolen != algolen || memcmp(filealgo, algoname, algolen) != 0) {
|
|
TRACE(("checkpubkey: algo match failed"))
|
|
goto out;
|
|
}
|
|
|
|
/* All checks passed */
|
|
ret = DROPBEAR_SUCCESS;
|
|
|
|
out:
|
|
buf_free(decodekey);
|
|
decodekey = NULL;
|
|
return ret;
|
|
}
|
|
#endif
|
|
|
|
#if DROPBEAR_FUZZ
|
|
const char * const * fuzz_signkey_names = signkey_names;
|
|
|
|
#endif
|