From 3d295a6cf0c4e240509f035d514393eec4abd43d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 28 Feb 2008 19:22:04 +1100 Subject: - (dtucker) [key.c defines.h openbsd-compat/openssl-compat.h] Move old OpenSSL compat glue into openssl-compat.h. --- key.c | 1 + 1 file changed, 1 insertion(+) (limited to 'key.c') diff --git a/key.c b/key.c index 8fef9b40f..62bf8361d 100644 --- a/key.c +++ b/key.c @@ -38,6 +38,7 @@ #include #include +#include #include #include -- cgit v1.2.3 From 9c16ac926376ad87084ae78bac44a813ae5db21f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 13 Jun 2008 04:40:35 +1000 Subject: - grunk@cvs.openbsd.org 2008/06/11 21:01:35 [ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c sshconnect.c] Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the graphical hash visualization schemes known as "random art", and by Dan Kaminsky's musings on the subject during a BlackOp talk at the 23C3 in Berlin. Scientific publication (original paper): "Hash Visualization: a New Technique to improve Real-World Security", Perrig A. and Song D., 1999, International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99) http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf The algorithm used here is a worm crawling over a discrete plane, leaving a trace (augmenting the field) everywhere it goes. Movement is taken from dgst_raw 2bit-wise. Bumping into walls makes the respective movement vector be ignored for this turn, thus switching to the other color of the chessboard. Graphs are not unambiguous for now, because circles in graphs can be walked in either direction. discussions with several people, help, corrections and ok markus@ djm@ --- ChangeLog | 23 ++++++++++++- key.c | 105 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- key.h | 5 +-- readconf.c | 20 ++++++++++-- readconf.h | 6 +++- ssh-keygen.1 | 9 ++--- ssh-keygen.c | 21 +++++++++--- ssh_config.5 | 8 +++-- sshconnect.c | 26 +++++++++++---- 9 files changed, 199 insertions(+), 24 deletions(-) (limited to 'key.c') diff --git a/ChangeLog b/ChangeLog index 14eb11514..70d5baa58 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,27 @@ - jmc@cvs.openbsd.org 2008/06/11 07:30:37 [sshd.8] kill trailing whitespace; + - grunk@cvs.openbsd.org 2008/06/11 21:01:35 + [ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c + sshconnect.c] + Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the + graphical hash visualization schemes known as "random art", and by + Dan Kaminsky's musings on the subject during a BlackOp talk at the + 23C3 in Berlin. + Scientific publication (original paper): + "Hash Visualization: a New Technique to improve Real-World Security", + Perrig A. and Song D., 1999, International Workshop on Cryptographic + Techniques and E-Commerce (CrypTEC '99) + http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf + The algorithm used here is a worm crawling over a discrete plane, + leaving a trace (augmenting the field) everywhere it goes. + Movement is taken from dgst_raw 2bit-wise. Bumping into walls + makes the respective movement vector be ignored for this turn, + thus switching to the other color of the chessboard. + Graphs are not unambiguous for now, because circles in graphs can be + walked in either direction. + discussions with several people, + help, corrections and ok markus@ djm@ 20080611 - (djm) [channels.c configure.ac] @@ -4165,4 +4186,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4968 2008/06/12 18:32:00 dtucker Exp $ +$Id: ChangeLog,v 1.4969 2008/06/12 18:40:35 dtucker Exp $ diff --git a/key.c b/key.c index 62bf8361d..5d357a8d6 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.69 2007/07/12 05:48:05 ray Exp $ */ +/* $OpenBSD: key.c,v 1.70 2008/06/11 21:01:35 grunk Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,6 +35,7 @@ #include "includes.h" +#include #include #include @@ -295,6 +296,105 @@ key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len) return retval; } +/* + * Draw an ASCII-Art representing the fingerprint so human brain can + * profit from its built-in pattern recognition ability. + * This technique is called "random art" and can be found in some + * scientific publications like this original paper: + * + * "Hash Visualization: a New Technique to improve Real-World Security", + * Perrig A. and Song D., 1999, International Workshop on Cryptographic + * Techniques and E-Commerce (CrypTEC '99) + * sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf + * + * The subject came up in a talk by Dan Kaminsky, too. + * + * If you see the picture is different, the key is different. + * If the picture looks the same, you still know nothing. + * + * The algorithm used here is a worm crawling over a discrete plane, + * leaving a trace (augmenting the field) everywhere it goes. + * Movement is taken from dgst_raw 2bit-wise. Bumping into walls + * makes the respective movement vector be ignored for this turn. + * Graphs are not unambiguous, because circles in graphs can be + * walked in either direction. + */ +#define FLDSIZE_Y 8 +#define FLDSIZE_X FLDSIZE_Y * 2 +static char * +key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len) +{ + /* + * Chars to be used after each other every time the worm + * intersects with itself. Matter of taste. + */ + char *augmentation_string = " .o+=*BOX@%&#/^"; + char *retval, *p; + char field[FLDSIZE_X][FLDSIZE_Y]; + u_int i, b; + int x, y; + + retval = xcalloc(1, (FLDSIZE_X + 3) * (FLDSIZE_Y + 2)); + + /* initialize field */ + memset(field, ' ', FLDSIZE_X * FLDSIZE_Y * sizeof(char)); + x = FLDSIZE_X / 2; + y = FLDSIZE_Y / 2; + field[x][y] = '.'; + + /* process raw key */ + for (i = 0; i < dgst_raw_len; i++) { + int input; + /* each byte conveys four 2-bit move commands */ + input = dgst_raw[i]; + for (b = 0; b < 4; b++) { + /* evaluate 2 bit, rest is shifted later */ + x += (input & 0x1) ? 1 : -1; + y += (input & 0x2) ? 1 : -1; + + /* assure we are still in bounds */ + x = MAX(x, 0); + y = MAX(y, 0); + x = MIN(x, FLDSIZE_X - 1); + y = MIN(y, FLDSIZE_Y - 1); + + /* augment the field */ + p = strchr(augmentation_string, field[x][y]); + if (*++p != '\0') + field[x][y] = *p; + + input = input >> 2; + } + } + + /* fill in retval */ + p = retval; + + /* output upper border */ + *p++ = '+'; + for (i = 0; i < FLDSIZE_X; i++) + *p++ = '-'; + *p++ = '+'; + *p++ = '\n'; + + /* output content */ + for (y = 0; y < FLDSIZE_Y; y++) { + *p++ = '|'; + for (x = 0; x < FLDSIZE_X; x++) + *p++ = field[x][y]; + *p++ = '|'; + *p++ = '\n'; + } + + /* output lower border */ + *p++ = '+'; + for (i = 0; i < FLDSIZE_X; i++) + *p++ = '-'; + *p++ = '+'; + + return retval; +} + char * key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) { @@ -312,6 +412,9 @@ key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) case SSH_FP_BUBBLEBABBLE: retval = key_fingerprint_bubblebabble(dgst_raw, dgst_raw_len); break; + case SSH_FP_RANDOMART: + retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len); + break; default: fatal("key_fingerprint_ex: bad digest representation %d", dgst_rep); diff --git a/key.h b/key.h index 6873dd793..14aac79c2 100644 --- a/key.h +++ b/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.26 2006/08/03 03:34:42 deraadt Exp $ */ +/* $OpenBSD: key.h,v 1.27 2008/06/11 21:01:35 grunk Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -42,7 +42,8 @@ enum fp_type { }; enum fp_rep { SSH_FP_HEX, - SSH_FP_BUBBLEBABBLE + SSH_FP_BUBBLEBABBLE, + SSH_FP_RANDOMART }; /* key is stored in external hardware */ diff --git a/readconf.c b/readconf.c index 3ddb4d392..1d61145c4 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.165 2008/01/19 23:09:49 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.166 2008/06/11 21:01:35 grunk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -452,7 +452,23 @@ parse_flag: case oCheckHostIP: intptr = &options->check_host_ip; - goto parse_flag; + arg = strdelim(&s); + if (!arg || *arg == '\0') + fatal("%.200s line %d: Missing CheckHostIP argument.", + filename, linenum); + value = 0; /* To avoid compiler warning... */ + if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0) + value = SSHCTL_CHECKHOSTIP_YES; + else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0) + value = SSHCTL_CHECKHOSTIP_NO; + else if (strcmp(arg, "fingerprint") == 0) + value = SSHCTL_CHECKHOSTIP_FPR; + else + fatal("%.200s line %d: Bad CheckHostIP argument.", + filename, linenum); + if (*activep && *intptr == -1) + *intptr = value; + break; case oVerifyHostKeyDNS: intptr = &options->verify_host_key_dns; diff --git a/readconf.h b/readconf.h index 6257f4b2f..5c16a0ba6 100644 --- a/readconf.h +++ b/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.72 2008/01/19 23:09:49 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.73 2008/06/11 21:01:35 grunk Exp $ */ /* * Author: Tatu Ylonen @@ -123,6 +123,10 @@ typedef struct { } Options; +#define SSHCTL_CHECKHOSTIP_NO 0 +#define SSHCTL_CHECKHOSTIP_YES 1 +#define SSHCTL_CHECKHOSTIP_FPR 2 + #define SSHCTL_MASTER_NO 0 #define SSHCTL_MASTER_YES 1 #define SSHCTL_MASTER_AUTO 2 diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 877935053..36249b288 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.75 2007/05/31 19:20:16 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.76 2008/06/11 21:01:35 grunk Exp $ .\" .\" -*- nroff -*- .\" @@ -37,7 +37,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 31 2007 $ +.Dd $Mdocdate: June 11 2008 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -257,11 +257,12 @@ RFC 4716 SSH Public Key File Format. This option allows importing keys from several commercial SSH implementations. .It Fl l -Show fingerprint of specified public key file. +Show fingerprint and ASCII art representation of specified public key file. Private RSA1 keys are also supported. For RSA and DSA keys .Nm -tries to find the matching public key file and prints its fingerprint. +tries to find the matching public key file and prints its fingerprint +and representation. .It Fl M Ar memory Specify the amount of memory to use (in megabytes) when generating candidate moduli for DH-GEX. diff --git a/ssh-keygen.c b/ssh-keygen.c index a03c6575d..c22e814da 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.166 2008/05/19 15:46:31 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.167 2008/06/11 21:01:35 grunk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -504,7 +504,7 @@ do_fingerprint(struct passwd *pw) { FILE *f; Key *public; - char *comment = NULL, *cp, *ep, line[16*1024], *fp; + char *comment = NULL, *cp, *ep, line[16*1024], *fp, *ra; int i, skip = 0, num = 0, invalid = 1; enum fp_rep rep; enum fp_type fptype; @@ -522,9 +522,12 @@ do_fingerprint(struct passwd *pw) public = key_load_public(identity_file, &comment); if (public != NULL) { fp = key_fingerprint(public, fptype, rep); + ra = key_fingerprint(public, fptype, rep); printf("%u %s %s\n", key_size(public), fp, comment); + verbose("%s\n", ra); key_free(public); xfree(comment); + xfree(ra); xfree(fp); exit(0); } @@ -582,8 +585,11 @@ do_fingerprint(struct passwd *pw) } comment = *cp ? cp : comment; fp = key_fingerprint(public, fptype, rep); + ra = key_fingerprint(public, fptype, SSH_FP_RANDOMART); printf("%u %s %s\n", key_size(public), fp, comment ? comment : "no comment"); + verbose("%s\n", ra); + xfree(ra); xfree(fp); key_free(public); invalid = 0; @@ -603,12 +609,14 @@ print_host(FILE *f, const char *name, Key *public, int hash) if (print_fingerprint) { enum fp_rep rep; enum fp_type fptype; - char *fp; + char *fp, *ra; fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; fp = key_fingerprint(public, fptype, rep); - printf("%u %s %s\n", key_size(public), fp, name); + ra = key_fingerprint(public, fptype, SSH_FP_RANDOMART); + printf("%u %s %s\n%s\n", key_size(public), fp, name, ra); + xfree(ra); xfree(fp); } else { if (hash && (name = host_hash(name, NULL, 0)) == NULL) @@ -1451,10 +1459,15 @@ passphrase_again: if (!quiet) { char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX); + char *ra = key_fingerprint(public, SSH_FP_MD5, + SSH_FP_RANDOMART); printf("Your public key has been saved in %s.\n", identity_file); printf("The key fingerprint is:\n"); printf("%s %s\n", fp, comment); + printf("The key's randomart image is:\n"); + printf("%s\n", ra); + xfree(ra); xfree(fp); } diff --git a/ssh_config.5 b/ssh_config.5 index d6f3fbf80..28ac724c8 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.106 2008/06/10 18:21:24 dtucker Exp $ -.Dd $Mdocdate: June 10 2008 $ +.\" $OpenBSD: ssh_config.5,v 1.107 2008/06/11 21:01:35 grunk Exp $ +.Dd $Mdocdate: June 11 2008 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -161,6 +161,10 @@ will additionally check the host IP address in the file. This allows ssh to detect if a host key changed due to DNS spoofing. If the option is set to +.Dq fingerprint , +not only the host IP address will be checked, but also an ASCII art +representation of the key will be printed. +If the option is set to .Dq no , the check will not be executed. The default is diff --git a/sshconnect.c b/sshconnect.c index a604c9724..151299614 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.203 2007/12/27 14:22:08 dtucker Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.204 2008/06/11 21:01:35 grunk Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -602,7 +602,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, Key *file_key; const char *type = key_type(host_key); char *ip = NULL, *host = NULL; - char hostline[1000], *hostp, *fp; + char hostline[1000], *hostp, *fp, *ra; HostStatus host_status; HostStatus ip_status; int r, local = 0, host_ip_differ = 0; @@ -740,6 +740,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, logit("Warning: Permanently added the %s host " "key for IP address '%.128s' to the list " "of known hosts.", type, ip); + } else if (options.check_host_ip == SSHCTL_CHECKHOSTIP_FPR) { + fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); + ra = key_fingerprint(host_key, SSH_FP_MD5, + SSH_FP_RANDOMART); + logit("Host key fingerprint is %s\n%s\n", fp, ra); + xfree(ra); + xfree(fp); } break; case HOST_NEW: @@ -775,6 +782,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, snprintf(msg1, sizeof(msg1), "."); /* The default */ fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); + ra = key_fingerprint(host_key, SSH_FP_MD5, + SSH_FP_RANDOMART); msg2[0] = '\0'; if (options.verify_host_key_dns) { if (matching_host_key_dns) @@ -789,10 +798,11 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, snprintf(msg, sizeof(msg), "The authenticity of host '%.200s (%s)' can't be " "established%s\n" - "%s key fingerprint is %s.\n%s" + "%s key fingerprint is %s.\n%s\n%s" "Are you sure you want to continue connecting " "(yes/no)? ", - host, ip, msg1, type, fp, msg2); + host, ip, msg1, type, fp, ra, msg2); + xfree(ra); xfree(fp); if (!confirm(msg)) goto fail; @@ -1063,18 +1073,20 @@ static int show_key_from_file(const char *file, const char *host, int keytype) { Key *found; - char *fp; + char *fp, *ra; int line, ret; found = key_new(keytype); if ((ret = lookup_key_in_hostfile_by_type(file, host, keytype, found, &line))) { fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); + ra = key_fingerprint(found, SSH_FP_MD5, SSH_FP_RANDOMART); logit("WARNING: %s key found for host %s\n" "in %s:%d\n" - "%s key fingerprint %s.", + "%s key fingerprint %s.\n%s\n", key_type(found), host, file, line, - key_type(found), fp); + key_type(found), fp, ra); + xfree(ra); xfree(fp); } key_free(found); -- cgit v1.2.3 From 014d76fa7294db63e37c642556008206f0179622 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 13 Jun 2008 04:43:51 +1000 Subject: - otto@cvs.openbsd.org 2008/06/11 23:02:22 [key.c] simpler way of computing the augmentations; ok grunk@ --- ChangeLog | 5 ++++- key.c | 16 +++++++--------- 2 files changed, 11 insertions(+), 10 deletions(-) (limited to 'key.c') diff --git a/ChangeLog b/ChangeLog index d9b27bd43..28aaf6091 100644 --- a/ChangeLog +++ b/ChangeLog @@ -34,6 +34,9 @@ that is not how it was envisioned. Also correct manpage saying that -v is needed along with -l for it to work. spotted by naddy@ + - otto@cvs.openbsd.org 2008/06/11 23:02:22 + [key.c] + simpler way of computing the augmentations; ok grunk@ 20080611 - (djm) [channels.c configure.ac] @@ -4196,4 +4199,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4971 2008/06/12 18:43:15 dtucker Exp $ +$Id: ChangeLog,v 1.4972 2008/06/12 18:43:51 dtucker Exp $ diff --git a/key.c b/key.c index 5d357a8d6..80ce855d8 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.70 2008/06/11 21:01:35 grunk Exp $ */ +/* $OpenBSD: key.c,v 1.71 2008/06/11 23:02:22 otto Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -330,17 +330,18 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len) */ char *augmentation_string = " .o+=*BOX@%&#/^"; char *retval, *p; - char field[FLDSIZE_X][FLDSIZE_Y]; + u_char field[FLDSIZE_X][FLDSIZE_Y]; u_int i, b; int x, y; + size_t len = strlen(augmentation_string); retval = xcalloc(1, (FLDSIZE_X + 3) * (FLDSIZE_Y + 2)); /* initialize field */ - memset(field, ' ', FLDSIZE_X * FLDSIZE_Y * sizeof(char)); + memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char)); x = FLDSIZE_X / 2; y = FLDSIZE_Y / 2; - field[x][y] = '.'; + field[x][y] = 1; /* process raw key */ for (i = 0; i < dgst_raw_len; i++) { @@ -359,10 +360,7 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len) y = MIN(y, FLDSIZE_Y - 1); /* augment the field */ - p = strchr(augmentation_string, field[x][y]); - if (*++p != '\0') - field[x][y] = *p; - + field[x][y]++; input = input >> 2; } } @@ -381,7 +379,7 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len) for (y = 0; y < FLDSIZE_Y; y++) { *p++ = '|'; for (x = 0; x < FLDSIZE_X; x++) - *p++ = field[x][y]; + *p++ = augmentation_string[MIN(field[x][y], len - 1)]; *p++ = '|'; *p++ = '\n'; } -- cgit v1.2.3 From d32b28a307b308e5b5b052b4eb2a2c8f396c380b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 13 Jun 2008 04:45:50 +1000 Subject: - grunk@cvs.openbsd.org 2008/06/11 23:51:57 [key.c] #define statements that are not atoms need braces around them, else they will cause trouble in some cases. Also do a computation of -1 once, and not in a loop several times. spotted by otto@ --- ChangeLog | 8 +++++++- key.c | 10 +++++----- 2 files changed, 12 insertions(+), 6 deletions(-) (limited to 'key.c') diff --git a/ChangeLog b/ChangeLog index 3e7f20152..c62492eb1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,6 +41,12 @@ [ssh_config.5] CheckHostIP set to ``fingerprint'' will display both hex and random art spotted by naddy@ + - grunk@cvs.openbsd.org 2008/06/11 23:51:57 + [key.c] + #define statements that are not atoms need braces around them, else they + will cause trouble in some cases. + Also do a computation of -1 once, and not in a loop several times. + spotted by otto@ 20080611 - (djm) [channels.c configure.ac] @@ -4203,4 +4209,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4973 2008/06/12 18:44:25 dtucker Exp $ +$Id: ChangeLog,v 1.4974 2008/06/12 18:45:50 dtucker Exp $ diff --git a/key.c b/key.c index 80ce855d8..ef047463b 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.71 2008/06/11 23:02:22 otto Exp $ */ +/* $OpenBSD: key.c,v 1.72 2008/06/11 23:51:57 grunk Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -319,8 +319,8 @@ key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len) * Graphs are not unambiguous, because circles in graphs can be * walked in either direction. */ -#define FLDSIZE_Y 8 -#define FLDSIZE_X FLDSIZE_Y * 2 +#define FLDSIZE_Y 8 +#define FLDSIZE_X (FLDSIZE_Y * 2) static char * key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len) { @@ -333,7 +333,7 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len) u_char field[FLDSIZE_X][FLDSIZE_Y]; u_int i, b; int x, y; - size_t len = strlen(augmentation_string); + size_t len = strlen(augmentation_string) - 1; retval = xcalloc(1, (FLDSIZE_X + 3) * (FLDSIZE_Y + 2)); @@ -379,7 +379,7 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len) for (y = 0; y < FLDSIZE_Y; y++) { *p++ = '|'; for (x = 0; x < FLDSIZE_X; x++) - *p++ = augmentation_string[MIN(field[x][y], len - 1)]; + *p++ = augmentation_string[MIN(field[x][y], len)]; *p++ = '|'; *p++ = '\n'; } -- cgit v1.2.3 From 267e28bb75e97755ab3bbe128b75623734f2b3fd Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 13 Jun 2008 04:48:11 +1000 Subject: - otto@cvs.openbsd.org 2008/06/12 00:13:13 [key.c] use an odd number of rows and columns and a separate start marker, looks better; ok grunk@ --- ChangeLog | 6 +++++- key.c | 10 +++++----- 2 files changed, 10 insertions(+), 6 deletions(-) (limited to 'key.c') diff --git a/ChangeLog b/ChangeLog index 83b74d13b..27a2a7abc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -64,6 +64,10 @@ [sshconnect.c] Make ssh print the random art also when ssh'ing to a host using IP only. spotted by naddy@, ok and help djm@ dtucker@ + - otto@cvs.openbsd.org 2008/06/12 00:13:13 + [key.c] + use an odd number of rows and columns and a separate start marker, looks + better; ok grunk@ 20080611 - (djm) [channels.c configure.ac] @@ -4226,4 +4230,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4975 2008/06/12 18:47:34 dtucker Exp $ +$Id: ChangeLog,v 1.4976 2008/06/12 18:48:11 dtucker Exp $ diff --git a/key.c b/key.c index ef047463b..1f27926d1 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.72 2008/06/11 23:51:57 grunk Exp $ */ +/* $OpenBSD: key.c,v 1.73 2008/06/12 00:13:13 otto Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -319,8 +319,8 @@ key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len) * Graphs are not unambiguous, because circles in graphs can be * walked in either direction. */ -#define FLDSIZE_Y 8 -#define FLDSIZE_X (FLDSIZE_Y * 2) +#define FLDSIZE_Y (8 + 1) +#define FLDSIZE_X (8 * 2 + 1) static char * key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len) { @@ -328,7 +328,7 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len) * Chars to be used after each other every time the worm * intersects with itself. Matter of taste. */ - char *augmentation_string = " .o+=*BOX@%&#/^"; + char *augmentation_string = " .o+=*BOX@%&#/^S"; char *retval, *p; u_char field[FLDSIZE_X][FLDSIZE_Y]; u_int i, b; @@ -341,7 +341,6 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len) memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char)); x = FLDSIZE_X / 2; y = FLDSIZE_Y / 2; - field[x][y] = 1; /* process raw key */ for (i = 0; i < dgst_raw_len; i++) { @@ -364,6 +363,7 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len) input = input >> 2; } } + field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len; /* fill in retval */ p = retval; -- cgit v1.2.3 From 987ac84a1777fe4c4ce2424f6d5b0d127083fd54 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 13 Jun 2008 04:54:40 +1000 Subject: - grunk@cvs.openbsd.org 2008/06/12 05:42:46 [key.c] supply the key type (rsa1, rsa, dsa) as a caption in the frame of the random art. while there, stress the fact that the field base should at least be 8 characters for the pictures to make sense. comment and ok djm@ --- key.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) (limited to 'key.c') diff --git a/key.c b/key.c index 1f27926d1..c1dadb52c 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.73 2008/06/12 00:13:13 otto Exp $ */ +/* $OpenBSD: key.c,v 1.74 2008/06/12 05:42:46 grunk Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -319,10 +319,18 @@ key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len) * Graphs are not unambiguous, because circles in graphs can be * walked in either direction. */ -#define FLDSIZE_Y (8 + 1) -#define FLDSIZE_X (8 * 2 + 1) + +/* + * Field sizes for the random art. Have to be odd, so the starting point + * can be in the exact middle of the picture, and FLDBASE should be >=8 . + * Else pictures would be too dense, and drawing the frame would + * fail, too, because the key type would not fit in anymore. + */ +#define FLDBASE 8 +#define FLDSIZE_Y (FLDBASE + 1) +#define FLDSIZE_X (FLDBASE * 2 + 1) static char * -key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len) +key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k) { /* * Chars to be used after each other every time the worm @@ -366,11 +374,11 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len) field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len; /* fill in retval */ - p = retval; + snprintf(retval, 10, "+--[%4s]", key_type(k)); + p = strchr(retval, '\0'); /* output upper border */ - *p++ = '+'; - for (i = 0; i < FLDSIZE_X; i++) + for (i = 0; i < FLDSIZE_X - 8; i++) *p++ = '-'; *p++ = '+'; *p++ = '\n'; @@ -411,7 +419,7 @@ key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) retval = key_fingerprint_bubblebabble(dgst_raw, dgst_raw_len); break; case SSH_FP_RANDOMART: - retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len); + retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len, k); break; default: fatal("key_fingerprint_ex: bad digest representation %d", -- cgit v1.2.3 From 4b3b9773ec9d5e0de31a1a8e113488497c7113dc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 13 Jun 2008 04:55:10 +1000 Subject: - grunk@cvs.openbsd.org 2008/06/12 06:32:59 [key.c] We already mark the start of the worm, now also mark the end of the worm in our random art drawings. ok djm@ --- ChangeLog | 13 ++++++++++++- key.c | 9 ++++++--- 2 files changed, 18 insertions(+), 4 deletions(-) (limited to 'key.c') diff --git a/ChangeLog b/ChangeLog index b23311f6d..12471ba3b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -97,6 +97,17 @@ - djm@cvs.openbsd.org 2008/06/12 05:32:30 [mux.c] some more TODO for me + - grunk@cvs.openbsd.org 2008/06/12 05:42:46 + [key.c] + supply the key type (rsa1, rsa, dsa) as a caption in the frame of the + random art. while there, stress the fact that the field base should at + least be 8 characters for the pictures to make sense. + comment and ok djm@ + - grunk@cvs.openbsd.org 2008/06/12 06:32:59 + [key.c] + We already mark the start of the worm, now also mark the end of the worm + in our random art drawings. + ok djm@ 20080611 - (djm) [channels.c configure.ac] @@ -4259,4 +4270,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4982 2008/06/12 18:54:05 dtucker Exp $ +$Id: ChangeLog,v 1.4983 2008/06/12 18:55:10 dtucker Exp $ diff --git a/key.c b/key.c index c1dadb52c..7a062ea81 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.74 2008/06/12 05:42:46 grunk Exp $ */ +/* $OpenBSD: key.c,v 1.75 2008/06/12 06:32:59 grunk Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -336,7 +336,7 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k) * Chars to be used after each other every time the worm * intersects with itself. Matter of taste. */ - char *augmentation_string = " .o+=*BOX@%&#/^S"; + char *augmentation_string = " .o+=*BOX@%&#/^SE"; char *retval, *p; u_char field[FLDSIZE_X][FLDSIZE_Y]; u_int i, b; @@ -371,7 +371,10 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k) input = input >> 2; } } - field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len; + + /* mark starting point and end point*/ + field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1; + field[x][y] = len; /* fill in retval */ snprintf(retval, 10, "+--[%4s]", key_type(k)); -- cgit v1.2.3 From 0f0ef0ab1f7af50e7f48a8bc06cf3f5fc76654c7 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 13 Jun 2008 08:58:05 +1000 Subject: - grunk@cvs.openbsd.org 2008/06/12 22:03:36 [key.c] add my copyright, ok djm@ --- ChangeLog | 5 ++++- key.c | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'key.c') diff --git a/ChangeLog b/ChangeLog index c1f93fe73..83cb19b88 100644 --- a/ChangeLog +++ b/ChangeLog @@ -133,6 +133,9 @@ [ssh-keygen.c] make ssh-keygen -lf show the key type just as ssh-add -l would do it ok djm@ markus@ + - grunk@cvs.openbsd.org 2008/06/12 22:03:36 + [key.c] + add my copyright, ok djm@ - (dtucker) [clientloop.c serverloop.c] channel_register_filter now takes 2 more args. with djm@ @@ -4297,4 +4300,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4991 2008/06/12 22:57:27 dtucker Exp $ +$Id: ChangeLog,v 1.4992 2008/06/12 22:58:05 dtucker Exp $ diff --git a/key.c b/key.c index 7a062ea81..f981710a7 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.75 2008/06/12 06:32:59 grunk Exp $ */ +/* $OpenBSD: key.c,v 1.76 2008/06/12 22:03:36 grunk Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -11,6 +11,7 @@ * * * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. + * Copyright (c) 2008 Alexander von Gernler. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions -- cgit v1.2.3 From 007132a7c92e603ffb76862cedb28f3165582731 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 29 Jun 2008 22:45:37 +1000 Subject: - otto@cvs.openbsd.org 2008/06/25 11:13:43 [key.c] add key length to visual fingerprint; zap magical constants; ok grunk@ djm@ --- ChangeLog | 6 +++++- key.c | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) (limited to 'key.c') diff --git a/ChangeLog b/ChangeLog index 892eb90de..5cde1b698 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,10 @@ [sftp.c] use optopt to get invalid flag, instead of return value of getopt, which is always '?'; ok djm@ + - otto@cvs.openbsd.org 2008/06/25 11:13:43 + [key.c] + add key length to visual fingerprint; zap magical constants; + ok grunk@ djm@ 20080628 - (djm) [RFC.nroff contrib/cygwin/Makefile contrib/suse/openssh.spec] @@ -4424,4 +4428,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5025 2008/06/29 12:45:13 djm Exp $ +$Id: ChangeLog,v 1.5026 2008/06/29 12:45:37 djm Exp $ diff --git a/key.c b/key.c index f981710a7..515103cb4 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.76 2008/06/12 22:03:36 grunk Exp $ */ +/* $OpenBSD: key.c,v 1.77 2008/06/25 11:13:43 otto Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -378,11 +378,11 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k) field[x][y] = len; /* fill in retval */ - snprintf(retval, 10, "+--[%4s]", key_type(k)); + snprintf(retval, FLDSIZE_X, "+--[%4s %4u]", key_type(k), key_size(k)); p = strchr(retval, '\0'); /* output upper border */ - for (i = 0; i < FLDSIZE_X - 8; i++) + for (i = p - retval - 1; i < FLDSIZE_X; i++) *p++ = '-'; *p++ = '+'; *p++ = '\n'; -- cgit v1.2.3 From 87dd5f2804a93010e289b1cbf53916688ddc1bc8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 11 Jul 2008 17:35:09 +1000 Subject: - stevesk@cvs.openbsd.org 2008/07/07 23:32:51 [key.c] /*NOTREACHED*/ for lint warning: warning: function key_equal falls off bottom without returning value ok djm@ --- ChangeLog | 7 ++++++- key.c | 3 ++- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'key.c') diff --git a/ChangeLog b/ChangeLog index 5c451e20a..ae8efacae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,11 @@ [ttymodes.c] we don't need arg after the debug3() was removed. from lint. ok djm@ + - stevesk@cvs.openbsd.org 2008/07/07 23:32:51 + [key.c] + /*NOTREACHED*/ for lint warning: + warning: function key_equal falls off bottom without returning value + ok djm@ 20080709 - (djm) [Makefile.in] Print "all tests passed" when all regress tests pass @@ -4610,4 +4615,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.5070 2008/07/11 07:34:35 djm Exp $ +$Id: ChangeLog,v 1.5071 2008/07/11 07:35:09 djm Exp $ diff --git a/key.c b/key.c index 515103cb4..2ea13d27d 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.77 2008/06/25 11:13:43 otto Exp $ */ +/* $OpenBSD: key.c,v 1.78 2008/07/07 23:32:51 stevesk Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -174,6 +174,7 @@ key_equal(const Key *a, const Key *b) default: fatal("key_equal: bad key type %d", a->type); } + /* NOTREACHED */ } u_char* -- cgit v1.2.3