Jakub Jelen
1226de875b
pki: Implement reading public key from OpenSSH private key container
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:53:49 +02:00
Jakub Jelen
2307be32cf
Revert "pkd: Generate host keys in old format"
...
This is no longer needed since libssh can read the private keys
in new OpenSSH format.
This reverts commit 100c9c98ce
.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:53:49 +02:00
Jakub Jelen
eaaa4131de
tests: Verify the keys loaded from new OpenSSH format
...
This runs the same test that are ran on the legacy PEM files
also with the new OpenSSH key files.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:53:49 +02:00
Jakub Jelen
39102224b2
pki: Allow reading keys in new OpenSSH format
...
This implements reading the OpenSSH key format accross the
cryptographic backends. Most of the code is shared and moved
to pki.c, just the building of the keys is implemented in
pki_privkey_build_*() functions.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:53:49 +02:00
Jakub Jelen
e365aed6d2
tests: Provide testing keys also in OpenSSH format
...
This extends the torture API to provide a way to request
keys in different formats. This extends the keys with
private keys in the new OpenSSH format (default since
OpenSSH 7.8).
This also needs modifications to the ed25519 tests, which
do not support PEM format and expected the new format out of the
box.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:53:49 +02:00
Jakub Jelen
d23bda8181
pki: Use unpack to simplify public key reading
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:53:49 +02:00
Jakub Jelen
86d521cbe7
buffer: Make sure unpack of secure buffers securely cleans up
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:53:49 +02:00
Andreas Schneider
856dc698a9
libmbedcrypto: Fix creating evp hash
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:51:41 +02:00
Jakub Jelen
4d09c6dc31
buffer: Reformat ssh_buffer_get_ssh_string
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 16:39:38 +02:00
Jakub Jelen
03a66b8599
tests: Use stdbool for with_passphrase argument
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 16:39:38 +02:00
Jakub Jelen
c04eac40f3
pki_crypto: Clarify that memory passed with set0 is managed by openssl objects
...
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 16:39:38 +02:00
Jakub Jelen
8cc0672c0c
pki_mbedcrypto: pki_pubkey_build_rsa: properly clean up on error
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 16:39:38 +02:00
Jakub Jelen
8f7214a584
pki: Initialize pointers to NULL
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 16:39:38 +02:00
Jakub Jelen
9d2de880ec
tests: Drop duplicate ed25519 key creation
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 16:39:38 +02:00
Jakub Jelen
039c066da5
buffer: Fix typo
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 16:39:38 +02:00
Jakub Jelen
6efbf7a30e
tests: Verify the pubkey authentication works with ECDSA keys
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2018-09-17 16:39:38 +02:00
Andreas Schneider
e5170107c9
auth: Fix ecdsa pubkey auth
...
Pair-Programmed-With: Jakub Jelen <jjelen@redhat.com>
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2018-09-17 16:39:12 +02:00
Andreas Schneider
30df04a8a5
tests: Do not call sftp_canonicalize_path()
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 14:35:39 +02:00
Andreas Schneider
aaca395bd3
tests: Add a sftp benchmark test for write/read
...
The tests writes and reads a file of 128M.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
0762057eb9
sftp: Move the packet payload to the message
...
This reduces memory allocations and copying.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
57153f6481
sftp: Use SSH_BUFFER_FREE in sftp_message_free()
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
4c32befd93
sftp: Reformat sftp_message_free()
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
be8302e2f3
sftp: Allocate a new buffer in sftp_packet_read() if needed
...
We will move the buffer to the message instead of duplicating the
memory.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
97d2e1f4cb
sftp: Reformat sftp_read_and_dispatch()
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
12fc0ea1bf
sftp: Validate the packet handle before we allocate memory
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
573eab0d51
sftp: Reformat sftp_get_message()
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
0e317e612f
sftp: Use bool for is_eof in sftp_packet_read()
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
01135703a3
sftp: Use 's' only in the scope it is needed
...
This revaled a bug when reading the packet type.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
c070414309
sftp: Use 16K for the transfer buffer size
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
d2cc4eccc7
sftp: Get the packet type directly from the buffer
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
38781f69b0
sftp: Limit packet size to 256 MB
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
dc4faf9952
sftp: Directly read and validate the packet size from the bufffer
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
cbbc6ddcb6
sftp: Use read_packet from sftp handle
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
a7456bf4d5
sftp: Simplify the code for reading data
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
afc14fe003
sftp: Reformat sftp_packet_read()
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
79a3fcac72
sftp: Keep a ssh_packet for reading in the sftp handle
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
945afaa6b4
sftp: Remove ZERO_STRUCTP from sftp_free()
...
The structure doesn't hold any sensitive data and this would be
optimized away anyway.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
d840a05be3
sftp: Reformat sftp_free()
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
662c30eb72
sftp: Reformat sftp_new()
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
29b5477849
include: Add SSH_BUFFER_FREE
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
2e8f2f03e7
cmake: Correctly detect if glob has gl_flags member
...
Thanks to Baruch Siach.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-17 10:48:49 +02:00
Andreas Schneider
983d1189d0
gitlab-ci: Add builds with gcc7
...
It looks like gcc7 has more warning enabled or something is broken in
gcc8.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-10 13:02:40 +02:00
Andreas Schneider
7b2e1c7fb7
gitlab-ci: Big cleanup
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-10 12:02:08 +02:00
Andreas Schneider
ceecd3fd6f
config: Fix size type
...
src/config.c:562:12: error: assuming signed overflow does not occur when
simplifying conditional to constant [-Werror=strict-overflow]
if (args < 1) {
^
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-06 08:28:24 +02:00
Andreas Schneider
bfd33ecf29
cmake: Use -Wpedantic and remove -pedantic-errors
...
We get -Werror if -DPICKY_DEVELOPER=ON is set.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-06 08:28:24 +02:00
Jakub Jelen
56317caafc
tests: UsePrivilegeSeparation has no effect since OpenSSH 7.5
...
Additionally, we can already work around the privilege separation.
http://www.openssh.com/txt/release-7.5
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-05 15:43:11 +02:00
Jakub Jelen
ca4fb9c6f8
tests: Do not trace sshd
...
OpenSSH's sshd does not work well under valgrind so lets avoid tracing it.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-05 15:43:00 +02:00
Andreas Schneider
91800eb243
cmake: Move CompilerFlags to own file
...
They need to be included before the project() call.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-05 15:28:29 +02:00
Andreas Schneider
2923ad59f9
cmake: Update defaults
...
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-05 15:21:34 +02:00
Jakub Jelen
556ad59a5a
tests: Verify the Match keyword from configuration file
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-05 11:43:05 +02:00