version 1.32, 2023/04/06 03:56:02 |
version 1.33, 2023/09/06 23:18:15 |
|
|
#define SIG_VERSION 0x01 |
#define SIG_VERSION 0x01 |
#define MAGIC_PREAMBLE "SSHSIG" |
#define MAGIC_PREAMBLE "SSHSIG" |
#define MAGIC_PREAMBLE_LEN (sizeof(MAGIC_PREAMBLE) - 1) |
#define MAGIC_PREAMBLE_LEN (sizeof(MAGIC_PREAMBLE) - 1) |
#define BEGIN_SIGNATURE "-----BEGIN SSH SIGNATURE-----\n" |
#define BEGIN_SIGNATURE "-----BEGIN SSH SIGNATURE-----" |
#define END_SIGNATURE "-----END SSH SIGNATURE-----" |
#define END_SIGNATURE "-----END SSH SIGNATURE-----" |
#define RSA_SIGN_ALG "rsa-sha2-512" /* XXX maybe make configurable */ |
#define RSA_SIGN_ALG "rsa-sha2-512" /* XXX maybe make configurable */ |
#define RSA_SIGN_ALLOWED "rsa-sha2-512,rsa-sha2-256" |
#define RSA_SIGN_ALLOWED "rsa-sha2-512,rsa-sha2-256" |
|
|
goto out; |
goto out; |
} |
} |
|
|
if ((r = sshbuf_put(buf, BEGIN_SIGNATURE, |
if ((r = sshbuf_putf(buf, "%s\n", BEGIN_SIGNATURE)) != 0) { |
sizeof(BEGIN_SIGNATURE)-1)) != 0) { |
|
error_fr(r, "sshbuf_putf"); |
error_fr(r, "sshbuf_putf"); |
goto out; |
goto out; |
} |
} |
|
|
return SSH_ERR_ALLOC_FAIL; |
return SSH_ERR_ALLOC_FAIL; |
} |
} |
|
|
|
/* Expect and consume preamble + lf/crlf */ |
if ((r = sshbuf_cmp(sbuf, 0, |
if ((r = sshbuf_cmp(sbuf, 0, |
BEGIN_SIGNATURE, sizeof(BEGIN_SIGNATURE)-1)) != 0) { |
BEGIN_SIGNATURE, sizeof(BEGIN_SIGNATURE)-1)) != 0) { |
error("Couldn't parse signature: missing header"); |
error("Couldn't parse signature: missing header"); |
goto done; |
goto done; |
} |
} |
|
|
if ((r = sshbuf_consume(sbuf, sizeof(BEGIN_SIGNATURE)-1)) != 0) { |
if ((r = sshbuf_consume(sbuf, sizeof(BEGIN_SIGNATURE)-1)) != 0) { |
error_fr(r, "consume"); |
error_fr(r, "consume"); |
goto done; |
goto done; |
} |
} |
|
if ((r = sshbuf_cmp(sbuf, 0, "\r\n", 2)) == 0) |
|
eoffset = 2; |
|
else if ((r = sshbuf_cmp(sbuf, 0, "\n", 1)) == 0) |
|
eoffset = 1; |
|
else { |
|
r = SSH_ERR_INVALID_FORMAT; |
|
error_f("no header eol"); |
|
goto done; |
|
} |
|
if ((r = sshbuf_consume(sbuf, eoffset)) != 0) { |
|
error_fr(r, "consume eol"); |
|
goto done; |
|
} |
|
/* Find and consume lf + suffix (any prior cr would be ignored) */ |
if ((r = sshbuf_find(sbuf, 0, "\n" END_SIGNATURE, |
if ((r = sshbuf_find(sbuf, 0, "\n" END_SIGNATURE, |
sizeof("\n" END_SIGNATURE)-1, &eoffset)) != 0) { |
sizeof(END_SIGNATURE), &eoffset)) != 0) { |
error("Couldn't parse signature: missing footer"); |
error("Couldn't parse signature: missing footer"); |
goto done; |
goto done; |
} |
} |
|
|
if ((r = sshbuf_consume_end(sbuf, sshbuf_len(sbuf)-eoffset)) != 0) { |
if ((r = sshbuf_consume_end(sbuf, sshbuf_len(sbuf)-eoffset)) != 0) { |
error_fr(r, "consume"); |
error_fr(r, "consume"); |
goto done; |
goto done; |