nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-03-23 15:09:24 -05:00
Code Issues Projects Releases Wiki Activity

Pass flags from agent sign request to ssh_key_sign.

Browse Source 
Now each public-key algorithm gets to indicate what flags it supports,
and the ones it specifies support for may turn up in a call to its
sign() method.

We still don't actually support any flags yet, though.
This commit is contained in:
Simon Tatham 2018-11-19 20:24:37 +00:00
parent 74f792e00b
commit 7d4a276fc1
7 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pageant.c
View File

@ -323,7 +323,7 @@ void pageant_handle_msg(BinarySink *bs,
struct ssh2_userkey *key; struct ssh2_userkey *key;
ptrlen keyblob, sigdata; ptrlen keyblob, sigdata;
strbuf *signature; strbuf *signature;
uint32_t flags; uint32_t flags, supported_flags;
plog(logctx, logfn, "request: SSH2_AGENTC_SIGN_REQUEST"); plog(logctx, logfn, "request: SSH2_AGENTC_SIGN_REQUEST");
@ -366,20 +366,22 @@ void pageant_handle_msg(BinarySink *bs,
else else
plog(logctx, logfn, "no signature flags"); plog(logctx, logfn, "no signature flags");
if (flags) { supported_flags = ssh_key_alg(key->key)->supported_flags;
if (flags & ~supported_flags) {
/* /*
* We MUST reject any message containing flags we * We MUST reject any message containing flags we
* don't understand. * don't understand.
*/ */
char *msg = dupprintf( char *msg = dupprintf(
"unsupported flag bits 0x%08"PRIx32, flags); "unsupported flag bits 0x%08"PRIx32,
flags & ~supported_flags);
pageant_failure_msg(bs, msg, logctx, logfn); pageant_failure_msg(bs, msg, logctx, logfn);
sfree(msg); sfree(msg);
return; return;
} }
signature = strbuf_new(); signature = strbuf_new();
ssh_key_sign(key->key, sigdata.ptr, sigdata.len, ssh_key_sign(key->key, sigdata.ptr, sigdata.len, flags,
BinarySink_UPCAST(signature)); BinarySink_UPCAST(signature));
put_byte(bs, SSH2_AGENT_SIGN_RESPONSE); put_byte(bs, SSH2_AGENT_SIGN_RESPONSE);

7
ssh.h
View File

@ -770,7 +770,8 @@ struct ssh_keyalg {
/* Methods that operate on an existing ssh_key */ /* Methods that operate on an existing ssh_key */
void (*freekey) (ssh_key *key); void (*freekey) (ssh_key *key);
void (*sign) (ssh_key *key, const void *data, int datalen, BinarySink *); void (*sign) (ssh_key *key, const void *data, int datalen,
unsigned flags, BinarySink *);
bool (*verify) (ssh_key *key, ptrlen sig, ptrlen data); bool (*verify) (ssh_key *key, ptrlen sig, ptrlen data);
void (*public_blob)(ssh_key *key, BinarySink *); void (*public_blob)(ssh_key *key, BinarySink *);
void (*private_blob)(ssh_key *key, BinarySink *); void (*private_blob)(ssh_key *key, BinarySink *);
@ -784,6 +785,7 @@ struct ssh_keyalg {
const char *ssh_id; /* string identifier in the SSH protocol */ const char *ssh_id; /* string identifier in the SSH protocol */
const char *cache_id; /* identifier used in PuTTY's host key cache */ const char *cache_id; /* identifier used in PuTTY's host key cache */
const void *extra; /* private to the public key methods */ const void *extra; /* private to the public key methods */
const unsigned supported_flags; /* signature-type flags we understand */
}; };
#define ssh_key_new_pub(alg, data) ((alg)->new_pub(alg, data)) #define ssh_key_new_pub(alg, data) ((alg)->new_pub(alg, data))
@ -791,7 +793,8 @@ struct ssh_keyalg {
#define ssh_key_new_priv_openssh(alg, bs) ((alg)->new_priv_openssh(alg, bs)) #define ssh_key_new_priv_openssh(alg, bs) ((alg)->new_priv_openssh(alg, bs))
#define ssh_key_free(key) ((*(key))->freekey(key)) #define ssh_key_free(key) ((*(key))->freekey(key))
#define ssh_key_sign(key, data, len, bs) ((*(key))->sign(key, data, len, bs)) #define ssh_key_sign(key, data, len, flags, bs) \
((*(key))->sign(key, data, len, flags, bs))
#define ssh_key_verify(key, sig, data) ((*(key))->verify(key, sig, data)) #define ssh_key_verify(key, sig, data) ((*(key))->verify(key, sig, data))
#define ssh_key_public_blob(key, bs) ((*(key))->public_blob(key, bs)) #define ssh_key_public_blob(key, bs) ((*(key))->public_blob(key, bs))
#define ssh_key_private_blob(key, bs) ((*(key))->private_blob(key, bs)) #define ssh_key_private_blob(key, bs) ((*(key))->private_blob(key, bs))

2
ssh2kex-server.c
View File

@ -27,7 +27,7 @@ static strbuf *finalise_and_sign_exhash(struct ssh2_transport_state *s)
strbuf *sb; strbuf *sb;
ssh2transport_finalise_exhash(s); ssh2transport_finalise_exhash(s);
sb = strbuf_new(); sb = strbuf_new();
ssh_key_sign(s->hkey, s->exchange_hash, s->kex_alg->hash->hlen, ssh_key_sign(s->hkey, s->exchange_hash, s->kex_alg->hash->hlen, 0,
BinarySink_UPCAST(sb)); BinarySink_UPCAST(sb));
return sb; return sb;
} }

2
ssh2userauth.c
View File

@ -863,7 +863,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
put_data(sigdata, s->pktout->data + 5, put_data(sigdata, s->pktout->data + 5,
s->pktout->length - 5); s->pktout->length - 5);
sigblob = strbuf_new(); sigblob = strbuf_new();
ssh_key_sign(key->key, sigdata->s, sigdata->len, ssh_key_sign(key->key, sigdata->s, sigdata->len, 0,
BinarySink_UPCAST(sigblob)); BinarySink_UPCAST(sigblob));
strbuf_free(sigdata); strbuf_free(sigdata);
ssh2_userauth_add_sigblob( ssh2_userauth_add_sigblob(

3
sshdss.c
View File

@ -447,7 +447,7 @@ Bignum *dss_gen_k(const char *id_string, Bignum modulus, Bignum private_key,
} }
static void dss_sign(ssh_key *key, const void *data, int datalen, static void dss_sign(ssh_key *key, const void *data, int datalen,
BinarySink *bs) unsigned flags, BinarySink *bs)
{ {
struct dss_key *dss = container_of(key, struct dss_key, sshk); struct dss_key *dss = container_of(key, struct dss_key, sshk);
Bignum k, gkp, hash, kinv, hxr, r, s; Bignum k, gkp, hash, kinv, hxr, r, s;
@ -504,4 +504,5 @@ const ssh_keyalg ssh_dss = {
"ssh-dss", "ssh-dss",
"dss", "dss",
NULL, NULL,
0, /* no supported flags */
}; };

6
sshecc.c
View File

@ -2257,7 +2257,7 @@ static bool ecdsa_verify(ssh_key *key, ptrlen sig, ptrlen data)
} }
static void ecdsa_sign(ssh_key *key, const void *data, int datalen, static void ecdsa_sign(ssh_key *key, const void *data, int datalen,
BinarySink *bs) unsigned flags, BinarySink *bs)
{ {
struct ec_key *ec = container_of(key, struct ec_key, sshk); struct ec_key *ec = container_of(key, struct ec_key, sshk);
const struct ecsign_extra *extra = const struct ecsign_extra *extra =
@ -2413,6 +2413,7 @@ const ssh_keyalg ssh_ecdsa_ed25519 = {
"ssh-ed25519", "ssh-ed25519",
"ssh-ed25519", "ssh-ed25519",
&sign_extra_ed25519, &sign_extra_ed25519,
0, /* no supported flags */
}; };
/* OID: 1.2.840.10045.3.1.7 (ansiX9p256r1) */ /* OID: 1.2.840.10045.3.1.7 (ansiX9p256r1) */
@ -2441,6 +2442,7 @@ const ssh_keyalg ssh_ecdsa_nistp256 = {
"ecdsa-sha2-nistp256", "ecdsa-sha2-nistp256",
"ecdsa-sha2-nistp256", "ecdsa-sha2-nistp256",
&sign_extra_nistp256, &sign_extra_nistp256,
0, /* no supported flags */
}; };
/* OID: 1.3.132.0.34 (secp384r1) */ /* OID: 1.3.132.0.34 (secp384r1) */
@ -2469,6 +2471,7 @@ const ssh_keyalg ssh_ecdsa_nistp384 = {
"ecdsa-sha2-nistp384", "ecdsa-sha2-nistp384",
"ecdsa-sha2-nistp384", "ecdsa-sha2-nistp384",
&sign_extra_nistp384, &sign_extra_nistp384,
0, /* no supported flags */
}; };
/* OID: 1.3.132.0.35 (secp521r1) */ /* OID: 1.3.132.0.35 (secp521r1) */
@ -2497,6 +2500,7 @@ const ssh_keyalg ssh_ecdsa_nistp521 = {
"ecdsa-sha2-nistp521", "ecdsa-sha2-nistp521",
"ecdsa-sha2-nistp521", "ecdsa-sha2-nistp521",
&sign_extra_nistp521, &sign_extra_nistp521,
0, /* no supported flags */
}; };
/* ---------------------------------------------------------------------- /* ----------------------------------------------------------------------

3
sshrsa.c
View File

@ -744,7 +744,7 @@ static bool rsa2_verify(ssh_key *key, ptrlen sig, ptrlen data)
} }
static void rsa2_sign(ssh_key *key, const void *data, int datalen, static void rsa2_sign(ssh_key *key, const void *data, int datalen,
BinarySink *bs) unsigned flags, BinarySink *bs)
{ {
struct RSAKey *rsa = container_of(key, struct RSAKey, sshk); struct RSAKey *rsa = container_of(key, struct RSAKey, sshk);
unsigned char *bytes; unsigned char *bytes;
@ -800,6 +800,7 @@ const ssh_keyalg ssh_rsa = {
"ssh-rsa", "ssh-rsa",
"rsa2", "rsa2",
NULL, NULL,
0, /* no supported flags */
}; };
struct RSAKey *ssh_rsakex_newkey(const void *data, int len) struct RSAKey *ssh_rsakex_newkey(const void *data, int len)