mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 01:02:24 +00:00
Use find_pubkey_alg in openssh_read_new().
This is better than listing all the algorithm names in yet another place that will then need updating when a new key format is added. However, that also means I need to find a new place to put the 'npieces' value I was previously setting up differently per key type; since that's a fundamental property of the key format, I've moved it to a constant field in the ssh_signkey structure, and filled that field in for all the existing key types with the values from the replaced code in openssh_read_new().
This commit is contained in:
parent
7cfa9f4627
commit
6b30316922
34
import.c
34
import.c
@ -1629,7 +1629,7 @@ struct ssh2_userkey *openssh_new_read(const Filename *filename,
|
|||||||
retkey = NULL;
|
retkey = NULL;
|
||||||
for (key_index = 0; key_index < key->nkeys; key_index++) {
|
for (key_index = 0; key_index < key->nkeys; key_index++) {
|
||||||
unsigned char *thiskey;
|
unsigned char *thiskey;
|
||||||
int thiskeylen, npieces;
|
int thiskeylen;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Read the key type, which will tell us how to scan over
|
* Read the key type, which will tell us how to scan over
|
||||||
@ -1647,26 +1647,16 @@ struct ssh2_userkey *openssh_new_read(const Filename *filename,
|
|||||||
* of strings, so we just need to know how many of them to
|
* of strings, so we just need to know how many of them to
|
||||||
* skip over. (The numbers below exclude the key comment.)
|
* skip over. (The numbers below exclude the key comment.)
|
||||||
*/
|
*/
|
||||||
if (match_ssh_id(stringlen, string, "ssh-rsa")) {
|
{
|
||||||
alg = &ssh_rsa;
|
/* find_pubkey_alg needs a zero-terminated copy of the
|
||||||
npieces = 6; /* n,e,d,iqmp,q,p */
|
* algorithm name */
|
||||||
} else if (match_ssh_id(stringlen, string, "ssh-dss")) {
|
char *name_zt = dupprintf("%.*s", stringlen, (char *)string);
|
||||||
alg = &ssh_dss;
|
alg = find_pubkey_alg(name_zt);
|
||||||
npieces = 5; /* p,q,g,y,x */
|
sfree(name_zt);
|
||||||
} else if (match_ssh_id(stringlen, string,
|
}
|
||||||
"ecdsa-sha2-nistp256")) {
|
|
||||||
alg = &ssh_ecdsa_nistp256;
|
if (!alg) {
|
||||||
npieces = 3; /* curve name, point, private exponent */
|
errmsg = "private key type not recognised\n";
|
||||||
} else if (match_ssh_id(stringlen, string,
|
|
||||||
"ecdsa-sha2-nistp384")) {
|
|
||||||
alg = &ssh_ecdsa_nistp384;
|
|
||||||
npieces = 3; /* curve name, point, private exponent */
|
|
||||||
} else if (match_ssh_id(stringlen, string,
|
|
||||||
"ecdsa-sha2-nistp521")) {
|
|
||||||
alg = &ssh_ecdsa_nistp521;
|
|
||||||
npieces = 3; /* curve name, point, private exponent */
|
|
||||||
} else {
|
|
||||||
errmsg = "private key did not start with type string\n";
|
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1675,7 +1665,7 @@ struct ssh2_userkey *openssh_new_read(const Filename *filename,
|
|||||||
/*
|
/*
|
||||||
* Skip over the pieces of key.
|
* Skip over the pieces of key.
|
||||||
*/
|
*/
|
||||||
for (i = 0; i < npieces; i++) {
|
for (i = 0; i < alg->openssh_private_npieces; i++) {
|
||||||
if (!(string = get_ssh_string(&privlen, &priv, &stringlen))) {
|
if (!(string = get_ssh_string(&privlen, &priv, &stringlen))) {
|
||||||
errmsg = "ran out of data in mid-private-key";
|
errmsg = "ran out of data in mid-private-key";
|
||||||
goto error;
|
goto error;
|
||||||
|
9
ssh.h
9
ssh.h
@ -333,6 +333,15 @@ struct ssh_signkey {
|
|||||||
unsigned char *priv_blob, int priv_len);
|
unsigned char *priv_blob, int priv_len);
|
||||||
void *(*openssh_createkey) (unsigned char **blob, int *len);
|
void *(*openssh_createkey) (unsigned char **blob, int *len);
|
||||||
int (*openssh_fmtkey) (void *key, unsigned char *blob, int len);
|
int (*openssh_fmtkey) (void *key, unsigned char *blob, int len);
|
||||||
|
/* OpenSSH private key blobs, as created by openssh_fmtkey and
|
||||||
|
* consumed by openssh_createkey, always (at least so far...) take
|
||||||
|
* the form of a number of SSH-2 strings / mpints concatenated
|
||||||
|
* end-to-end. Because the new-style OpenSSH private key format
|
||||||
|
* stores those blobs without a containing string wrapper, we need
|
||||||
|
* to know how many strings each one consists of, so that we can
|
||||||
|
* skip over the right number to find the next key in the file.
|
||||||
|
* openssh_private_npieces gives that information. */
|
||||||
|
int openssh_private_npieces;
|
||||||
int (*pubkey_bits) (void *blob, int len);
|
int (*pubkey_bits) (void *blob, int len);
|
||||||
char *(*fingerprint) (void *key);
|
char *(*fingerprint) (void *key);
|
||||||
int (*verifysig) (void *key, char *sig, int siglen,
|
int (*verifysig) (void *key, char *sig, int siglen,
|
||||||
|
1
sshdss.c
1
sshdss.c
@ -701,6 +701,7 @@ const struct ssh_signkey ssh_dss = {
|
|||||||
dss_createkey,
|
dss_createkey,
|
||||||
dss_openssh_createkey,
|
dss_openssh_createkey,
|
||||||
dss_openssh_fmtkey,
|
dss_openssh_fmtkey,
|
||||||
|
5 /* p,q,g,y,x */,
|
||||||
dss_pubkey_bits,
|
dss_pubkey_bits,
|
||||||
dss_fingerprint,
|
dss_fingerprint,
|
||||||
dss_verifysig,
|
dss_verifysig,
|
||||||
|
3
sshecc.c
3
sshecc.c
@ -1966,6 +1966,7 @@ const struct ssh_signkey ssh_ecdsa_nistp256 = {
|
|||||||
ecdsa_createkey,
|
ecdsa_createkey,
|
||||||
ecdsa_openssh_createkey,
|
ecdsa_openssh_createkey,
|
||||||
ecdsa_openssh_fmtkey,
|
ecdsa_openssh_fmtkey,
|
||||||
|
3 /* curve name, point, private exponent */,
|
||||||
ecdsa_pubkey_bits,
|
ecdsa_pubkey_bits,
|
||||||
ecdsa_fingerprint,
|
ecdsa_fingerprint,
|
||||||
ecdsa_verifysig,
|
ecdsa_verifysig,
|
||||||
@ -1983,6 +1984,7 @@ const struct ssh_signkey ssh_ecdsa_nistp384 = {
|
|||||||
ecdsa_createkey,
|
ecdsa_createkey,
|
||||||
ecdsa_openssh_createkey,
|
ecdsa_openssh_createkey,
|
||||||
ecdsa_openssh_fmtkey,
|
ecdsa_openssh_fmtkey,
|
||||||
|
3 /* curve name, point, private exponent */,
|
||||||
ecdsa_pubkey_bits,
|
ecdsa_pubkey_bits,
|
||||||
ecdsa_fingerprint,
|
ecdsa_fingerprint,
|
||||||
ecdsa_verifysig,
|
ecdsa_verifysig,
|
||||||
@ -2000,6 +2002,7 @@ const struct ssh_signkey ssh_ecdsa_nistp521 = {
|
|||||||
ecdsa_createkey,
|
ecdsa_createkey,
|
||||||
ecdsa_openssh_createkey,
|
ecdsa_openssh_createkey,
|
||||||
ecdsa_openssh_fmtkey,
|
ecdsa_openssh_fmtkey,
|
||||||
|
3 /* curve name, point, private exponent */,
|
||||||
ecdsa_pubkey_bits,
|
ecdsa_pubkey_bits,
|
||||||
ecdsa_fingerprint,
|
ecdsa_fingerprint,
|
||||||
ecdsa_verifysig,
|
ecdsa_verifysig,
|
||||||
|
1
sshrsa.c
1
sshrsa.c
@ -942,6 +942,7 @@ const struct ssh_signkey ssh_rsa = {
|
|||||||
rsa2_createkey,
|
rsa2_createkey,
|
||||||
rsa2_openssh_createkey,
|
rsa2_openssh_createkey,
|
||||||
rsa2_openssh_fmtkey,
|
rsa2_openssh_fmtkey,
|
||||||
|
6 /* n,e,d,iqmp,q,p */,
|
||||||
rsa2_pubkey_bits,
|
rsa2_pubkey_bits,
|
||||||
rsa2_fingerprint,
|
rsa2_fingerprint,
|
||||||
rsa2_verifysig,
|
rsa2_verifysig,
|
||||||
|
Loading…
Reference in New Issue
Block a user