| 392 |
|
|
| 393 |
len = get_uint32_MSBfirst(ptr); |
len = get_uint32_MSBfirst(ptr); |
| 394 |
ptr += 4; |
ptr += 4; |
| 395 |
if (strncmp(get_ssh_keytype_name(keytype), ptr, len) != 0) { |
if (strncmp(get_ssh2_hostkey_type_name(keytype), ptr, len) != 0) { |
| 396 |
ret = -3; |
ret = -3; |
| 397 |
goto error; |
goto error; |
| 398 |
} |
} |
| 448 |
} |
} |
| 449 |
|
|
| 450 |
static int ssh_ed25519_verify(Key *key, unsigned char *signature, unsigned int signaturelen, |
static int ssh_ed25519_verify(Key *key, unsigned char *signature, unsigned int signaturelen, |
| 451 |
unsigned char *data, unsigned int datalen) |
unsigned char *data, unsigned int datalen) |
| 452 |
{ |
{ |
| 453 |
buffer_t *b; |
buffer_t *b; |
| 454 |
char *ktype = NULL; |
char *ktype = NULL; |
| 979 |
// |
// |
| 980 |
// fingerprint(指紋:ホスト公開鍵のハッシュ)を生成する |
// fingerprint(指紋:ホスト公開鍵のハッシュ)を生成する |
| 981 |
// |
// |
| 982 |
char *key_fingerprint(Key *key, enum fp_rep dgst_rep, digest_algorithm dgst_alg) |
char *key_fingerprint(Key *key, fp_rep dgst_rep, digest_algorithm dgst_alg) |
| 983 |
{ |
{ |
| 984 |
char *retval = NULL, *alg; |
char *retval = NULL, *alg; |
| 985 |
unsigned char *dgst_raw; |
unsigned char *dgst_raw; |
| 1240 |
} |
} |
| 1241 |
} |
} |
| 1242 |
|
|
|
// |
|
|
// キーから文字列を返却する |
|
|
// |
|
|
char *get_sshname_from_key(Key *key) |
|
|
{ |
|
|
return get_ssh_keytype_name(key->type); |
|
|
} |
|
|
|
|
|
// |
|
|
// キー文字列から種別を判定する |
|
|
// |
|
|
ssh_keytype get_keytype_from_name(char *name) |
|
|
{ |
|
|
if (strcmp(name, "rsa1") == 0) { |
|
|
return KEY_RSA1; |
|
|
} else if (strcmp(name, "rsa") == 0) { |
|
|
return KEY_RSA; |
|
|
} else if (strcmp(name, "dsa") == 0) { |
|
|
return KEY_DSA; |
|
|
} else if (strcmp(name, "ssh-rsa") == 0) { |
|
|
return KEY_RSA; |
|
|
} else if (strcmp(name, "ssh-dss") == 0) { |
|
|
return KEY_DSA; |
|
|
} else if (strcmp(name, "ecdsa-sha2-nistp256") == 0) { |
|
|
return KEY_ECDSA256; |
|
|
} else if (strcmp(name, "ecdsa-sha2-nistp384") == 0) { |
|
|
return KEY_ECDSA384; |
|
|
} else if (strcmp(name, "ecdsa-sha2-nistp521") == 0) { |
|
|
return KEY_ECDSA521; |
|
|
} else if (strcmp(name, "ssh-ed25519") == 0) { |
|
|
return KEY_ED25519; |
|
|
} |
|
|
return KEY_UNSPEC; |
|
|
} |
|
|
|
|
|
|
|
| 1243 |
ssh_keytype key_curve_name_to_keytype(char *name) |
ssh_keytype key_curve_name_to_keytype(char *name) |
| 1244 |
{ |
{ |
| 1245 |
if (strcmp(name, "nistp256") == 0) { |
if (strcmp(name, "nistp256") == 0) { |
| 1282 |
BIGNUM *p, *q, *g, *pub_key; |
BIGNUM *p, *q, *g, *pub_key; |
| 1283 |
|
|
| 1284 |
b = buffer_init(); |
b = buffer_init(); |
| 1285 |
sshname = get_sshname_from_key(key); |
sshname = get_ssh2_hostkey_type_name_from_key(key); |
| 1286 |
|
|
| 1287 |
switch (key->type) { |
switch (key->type) { |
| 1288 |
case KEY_RSA: |
case KEY_RSA: |
| 1375 |
key[keynamelen] = 0; |
key[keynamelen] = 0; |
| 1376 |
data += keynamelen; |
data += keynamelen; |
| 1377 |
|
|
| 1378 |
type = get_keytype_from_name(key); |
type = get_hostkey_type_from_name(key); |
| 1379 |
|
|
| 1380 |
switch (type) { |
switch (type) { |
| 1381 |
case KEY_RSA: // RSA key |
case KEY_RSA: // RSA key |
| 1582 |
|
|
| 1583 |
} |
} |
| 1584 |
|
|
| 1585 |
s = get_sshname_from_key(keypair); |
s = get_ssh2_hostkey_type_name_from_key(keypair); |
| 1586 |
buffer_put_string(msg, s, strlen(s)); |
buffer_put_string(msg, s, strlen(s)); |
| 1587 |
buffer_append_length(msg, sig, slen); |
buffer_append_length(msg, sig, slen); |
| 1588 |
len = buffer_len(msg); |
len = buffer_len(msg); |
| 1640 |
DSA_SIG_free(sig); |
DSA_SIG_free(sig); |
| 1641 |
|
|
| 1642 |
// setting |
// setting |
| 1643 |
s = get_sshname_from_key(keypair); |
s = get_ssh2_hostkey_type_name_from_key(keypair); |
| 1644 |
buffer_put_string(msg, s, strlen(s)); |
buffer_put_string(msg, s, strlen(s)); |
| 1645 |
buffer_append_length(msg, sigblob, sizeof(sigblob)); |
buffer_append_length(msg, sigblob, sizeof(sigblob)); |
| 1646 |
len = buffer_len(msg); |
len = buffer_len(msg); |
| 1699 |
buffer_put_bignum2(buf2, bs); |
buffer_put_bignum2(buf2, bs); |
| 1700 |
ECDSA_SIG_free(sig); |
ECDSA_SIG_free(sig); |
| 1701 |
|
|
| 1702 |
s = get_sshname_from_key(keypair); |
s = get_ssh2_hostkey_type_name_from_key(keypair); |
| 1703 |
buffer_put_string(msg, s, strlen(s)); |
buffer_put_string(msg, s, strlen(s)); |
| 1704 |
buffer_put_string(msg, buffer_ptr(buf2), buffer_len(buf2)); |
buffer_put_string(msg, buffer_ptr(buf2), buffer_len(buf2)); |
| 1705 |
buffer_free(buf2); |
buffer_free(buf2); |
| 1755 |
|
|
| 1756 |
switch (keypair->type) { |
switch (keypair->type) { |
| 1757 |
case KEY_RSA: // RSA |
case KEY_RSA: // RSA |
| 1758 |
s = get_sshname_from_key(keypair); |
s = get_ssh2_hostkey_type_name_from_key(keypair); |
| 1759 |
RSA_get0_key(keypair->rsa, &n, &e, NULL); |
RSA_get0_key(keypair->rsa, &n, &e, NULL); |
| 1760 |
buffer_put_string(msg, s, strlen(s)); |
buffer_put_string(msg, s, strlen(s)); |
| 1761 |
buffer_put_bignum2(msg, e); // 公開指数 |
buffer_put_bignum2(msg, e); // 公開指数 |
| 1764 |
case KEY_DSA: // DSA |
case KEY_DSA: // DSA |
| 1765 |
DSA_get0_pqg(keypair->dsa, &p, &q, &g); |
DSA_get0_pqg(keypair->dsa, &p, &q, &g); |
| 1766 |
DSA_get0_key(keypair->dsa, &pub_key, NULL); |
DSA_get0_key(keypair->dsa, &pub_key, NULL); |
| 1767 |
s = get_sshname_from_key(keypair); |
s = get_ssh2_hostkey_type_name_from_key(keypair); |
| 1768 |
buffer_put_string(msg, s, strlen(s)); |
buffer_put_string(msg, s, strlen(s)); |
| 1769 |
buffer_put_bignum2(msg, p); // 素数 |
buffer_put_bignum2(msg, p); // 素数 |
| 1770 |
buffer_put_bignum2(msg, q); // (p-1)の素因数 |
buffer_put_bignum2(msg, q); // (p-1)の素因数 |
| 1774 |
case KEY_ECDSA256: // ECDSA |
case KEY_ECDSA256: // ECDSA |
| 1775 |
case KEY_ECDSA384: |
case KEY_ECDSA384: |
| 1776 |
case KEY_ECDSA521: |
case KEY_ECDSA521: |
| 1777 |
s = get_sshname_from_key(keypair); |
s = get_ssh2_hostkey_type_name_from_key(keypair); |
| 1778 |
buffer_put_string(msg, s, strlen(s)); |
buffer_put_string(msg, s, strlen(s)); |
| 1779 |
tmp = curve_keytype_to_name(keypair->type); |
tmp = curve_keytype_to_name(keypair->type); |
| 1780 |
buffer_put_string(msg, tmp, strlen(tmp)); |
buffer_put_string(msg, tmp, strlen(tmp)); |
| 1782 |
EC_KEY_get0_public_key(keypair->ecdsa)); |
EC_KEY_get0_public_key(keypair->ecdsa)); |
| 1783 |
break; |
break; |
| 1784 |
case KEY_ED25519: |
case KEY_ED25519: |
| 1785 |
s = get_sshname_from_key(keypair); |
s = get_ssh2_hostkey_type_name_from_key(keypair); |
| 1786 |
buffer_put_cstring(msg, s); |
buffer_put_cstring(msg, s); |
| 1787 |
buffer_put_string(msg, keypair->ed25519_pk, ED25519_PK_SZ); |
buffer_put_string(msg, keypair->ed25519_pk, ED25519_PK_SZ); |
| 1788 |
break; |
break; |
| 1854 |
BIGNUM *e, *n, *d, *iqmp, *p, *q; |
BIGNUM *e, *n, *d, *iqmp, *p, *q; |
| 1855 |
BIGNUM *g, *pub_key, *priv_key; |
BIGNUM *g, *pub_key, *priv_key; |
| 1856 |
|
|
| 1857 |
s = get_sshname_from_key(key); |
s = get_ssh2_hostkey_type_name_from_key(key); |
| 1858 |
buffer_put_cstring(b, s); |
buffer_put_cstring(b, s); |
| 1859 |
|
|
| 1860 |
switch (key->type) { |
switch (key->type) { |
| 1942 |
type_name = buffer_get_string_msg(blob, NULL); |
type_name = buffer_get_string_msg(blob, NULL); |
| 1943 |
if (type_name == NULL) |
if (type_name == NULL) |
| 1944 |
goto error; |
goto error; |
| 1945 |
type = get_keytype_from_name(type_name); |
type = get_hostkey_type_from_name(type_name); |
| 1946 |
|
|
| 1947 |
k = key_new_private(type); |
k = key_new_private(type); |
| 1948 |
|
|
| 2206 |
if (index == KEY_NONE) // disabled line |
if (index == KEY_NONE) // disabled line |
| 2207 |
break; |
break; |
| 2208 |
|
|
| 2209 |
if (strcmp(get_sshname_from_key(key), get_ssh_keytype_name(index)) == 0) |
if (strcmp(get_ssh2_hostkey_type_name_from_key(key), |
| 2210 |
|
get_ssh2_hostkey_type_name(index)) == 0) |
| 2211 |
return 1; |
return 1; |
| 2212 |
} |
} |
| 2213 |
|
|
| 2279 |
fp = key_fingerprint(ctx->keys[i], SSH_FP_BASE64, SSH_DIGEST_SHA256); |
fp = key_fingerprint(ctx->keys[i], SSH_FP_BASE64, SSH_DIGEST_SHA256); |
| 2280 |
break; |
break; |
| 2281 |
} |
} |
| 2282 |
strncat_s(buf, buf_len, get_sshname_from_key(ctx->keys[i]), _TRUNCATE); |
strncat_s(buf, buf_len, get_ssh2_hostkey_type_name_from_key(ctx->keys[i]), _TRUNCATE); |
| 2283 |
strncat_s(buf, buf_len, " ", _TRUNCATE); |
strncat_s(buf, buf_len, " ", _TRUNCATE); |
| 2284 |
if (fp != NULL) { |
if (fp != NULL) { |
| 2285 |
strncat_s(buf, buf_len, fp, _TRUNCATE); |
strncat_s(buf, buf_len, fp, _TRUNCATE); |
| 2307 |
fp = key_fingerprint(ctx->old_keys[i], SSH_FP_BASE64, SSH_DIGEST_SHA256); |
fp = key_fingerprint(ctx->old_keys[i], SSH_FP_BASE64, SSH_DIGEST_SHA256); |
| 2308 |
break; |
break; |
| 2309 |
} |
} |
| 2310 |
strncat_s(buf, buf_len, get_sshname_from_key(ctx->old_keys[i]), _TRUNCATE); |
strncat_s(buf, buf_len, get_ssh2_hostkey_type_name_from_key(ctx->old_keys[i]), _TRUNCATE); |
| 2311 |
strncat_s(buf, buf_len, " ", _TRUNCATE); |
strncat_s(buf, buf_len, " ", _TRUNCATE); |
| 2312 |
if (fp != NULL) { |
if (fp != NULL) { |
| 2313 |
strncat_s(buf, buf_len, fp, _TRUNCATE); |
strncat_s(buf, buf_len, fp, _TRUNCATE); |
| 2522 |
if (ret != 1) { |
if (ret != 1) { |
| 2523 |
logprintf(LOG_LEVEL_ERROR, |
logprintf(LOG_LEVEL_ERROR, |
| 2524 |
"server gave bad signature for %s key %u", |
"server gave bad signature for %s key %u", |
| 2525 |
get_sshname_from_key(ctx->keys[i]), i); |
get_ssh2_hostkey_type_name_from_key(ctx->keys[i]), i); |
| 2526 |
goto error; |
goto error; |
| 2527 |
} |
} |
| 2528 |
ndone++; |
ndone++; |
| 2593 |
blob = NULL; |
blob = NULL; |
| 2594 |
|
|
| 2595 |
fp = key_fingerprint(key, SSH_FP_HEX, SSH_DIGEST_MD5); |
fp = key_fingerprint(key, SSH_FP_HEX, SSH_DIGEST_MD5); |
| 2596 |
logprintf(LOG_LEVEL_VERBOSE, "Received %s host key %s", get_sshname_from_key(key), fp); |
logprintf(LOG_LEVEL_VERBOSE, "Received %s host key %s", |
| 2597 |
|
get_ssh2_hostkey_type_name_from_key(key), fp); |
| 2598 |
free(fp); |
free(fp); |
| 2599 |
|
|
| 2600 |
// 許可されたホストキーアルゴリズムかをチェックする。 |
// 許可されたホストキーアルゴリズムかをチェックする。 |
| 2601 |
if (check_hostkey_algorithm(pvar, key) == 0) { |
if (check_hostkey_algorithm(pvar, key) == 0) { |
| 2602 |
logprintf(LOG_LEVEL_VERBOSE, "%s host key is not permitted by ts.HostKeyOrder", |
logprintf(LOG_LEVEL_VERBOSE, "%s host key is not permitted by ts.HostKeyOrder", |
| 2603 |
get_sshname_from_key(key)); |
get_ssh2_hostkey_type_name_from_key(key)); |
| 2604 |
continue; |
continue; |
| 2605 |
} |
} |
| 2606 |
|
|
| 2610 |
for (i = 0; i < ctx->nkeys; i++) { |
for (i = 0; i < ctx->nkeys; i++) { |
| 2611 |
if (HOSTS_compare_public_key(key, ctx->keys[i]) == 1) { |
if (HOSTS_compare_public_key(key, ctx->keys[i]) == 1) { |
| 2612 |
logprintf(LOG_LEVEL_ERROR, "Received duplicated %s host key", |
logprintf(LOG_LEVEL_ERROR, "Received duplicated %s host key", |
| 2613 |
get_sshname_from_key(key)); |
get_ssh2_hostkey_type_name_from_key(key)); |
| 2614 |
goto error; |
goto error; |
| 2615 |
} |
} |
| 2616 |
} |
} |
Tera Term
Parent Directory
Revision Log
Patch