signkey.c 15 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
/*
 * Dropbear - a SSH2 server
 * 
 * Copyright (c) 2002,2003 Matt Johnston
 * All rights reserved.
 * 
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 * 
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 * 
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE. */

#include "includes.h"
#include "dbutil.h"
#include "signkey.h"
#include "buffer.h"
#include "ssh.h"
30
31
32
33
34
35
36
37
38
39
40
41
#include "ecdsa.h"

static const char *signkey_names[DROPBEAR_SIGNKEY_NUM_NAMED] = {
#ifdef DROPBEAR_RSA
	"ssh-rsa",
#endif
#ifdef DROPBEAR_DSS
	"ssh-dss",
#endif
#ifdef DROPBEAR_ECDSA
	"ecdsa-sha2-nistp256",
	"ecdsa-sha2-nistp384",
42
	"ecdsa-sha2-nistp521"
Matt Johnston's avatar
Matt Johnston committed
43
#endif /* DROPBEAR_ECDSA */
44
};
45
46
47
48
49
50
51

/* malloc a new sign_key and set the dss and rsa keys to NULL */
sign_key * new_sign_key() {

	sign_key * ret;

	ret = (sign_key*)m_malloc(sizeof(sign_key));
52
53
	ret->type = DROPBEAR_SIGNKEY_NONE;
	ret->source = SIGNKEY_SOURCE_INVALID;
54
55
56
	return ret;
}

57
/* Returns key name corresponding to the type. Exits fatally
Matt Johnston's avatar
Matt Johnston committed
58
 * if the type is invalid */
59
60
61
const char* signkey_name_from_type(enum signkey_type type, unsigned int *namelen) {
	if (type >= DROPBEAR_SIGNKEY_NUM_NAMED) {
		dropbear_exit("Bad key type %d", type);
Matt Johnston's avatar
Matt Johnston committed
62
	}
63
64
65

	if (namelen) {
		*namelen = strlen(signkey_names[type]);
Matt Johnston's avatar
Matt Johnston committed
66
	}
67
	return signkey_names[type];
Matt Johnston's avatar
Matt Johnston committed
68
69
}

70
71
72
73
74
75
76
/* Returns DROPBEAR_SIGNKEY_NONE if none match */
enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen) {
	int i;
	for (i = 0; i < DROPBEAR_SIGNKEY_NUM_NAMED; i++) {
		const char *fixed_name = signkey_names[i];
		if (namelen == strlen(fixed_name)
			&& memcmp(fixed_name, name, namelen) == 0) {
Matt Johnston's avatar
Matt Johnston committed
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

#ifdef DROPBEAR_ECDSA
			/* Some of the ECDSA key sizes are defined even if they're not compiled in */
			if (0
#ifndef DROPBEAR_ECC_256
				|| i == DROPBEAR_SIGNKEY_ECDSA_NISTP256
#endif
#ifndef DROPBEAR_ECC_384
				|| i == DROPBEAR_SIGNKEY_ECDSA_NISTP384
#endif
#ifndef DROPBEAR_ECC_521
				|| i == DROPBEAR_SIGNKEY_ECDSA_NISTP521
#endif
				) {
				TRACE(("attempt to use ecdsa type %d not compiled in", i))
				return DROPBEAR_SIGNKEY_NONE;
			}
#endif

96
97
			return i;
		}
Matt Johnston's avatar
Matt Johnston committed
98
99
	}

100
101
	TRACE(("signkey_type_from_name unexpected key type."))

Matt Johnston's avatar
Matt Johnston committed
102
103
104
	return DROPBEAR_SIGNKEY_NONE;
}

105
106
107
108
/* Returns a pointer to the key part specific to "type" */
void **
signkey_key_ptr(sign_key *key, enum signkey_type type) {
	switch (type) {
109
#ifdef DROPBEAR_ECDSA
110
#ifdef DROPBEAR_ECC_256
111
		case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
112
113
114
			return (void**)&key->ecckey256;
#endif
#ifdef DROPBEAR_ECC_384
115
		case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
116
117
118
			return (void**)&key->ecckey384;
#endif
#ifdef DROPBEAR_ECC_521
119
		case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
120
121
			return (void**)&key->ecckey521;
#endif
122
#endif /* DROPBEAR_ECDSA */
123
124
125
126
127
128
129
130
#ifdef DROPBEAR_RSA
		case DROPBEAR_SIGNKEY_RSA:
			return (void**)&key->rsakey;
#endif
#ifdef DROPBEAR_DSS
		case DROPBEAR_SIGNKEY_DSS:
			return (void**)&key->dsskey;
#endif
131
132
133
134
135
		default:
			return NULL;
	}
}

136
/* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail.
Matt Johnston's avatar
Matt Johnston committed
137
138
 * type should be set by the caller to specify the type to read, and
 * on return is set to the type read (useful when type = _ANY) */
139
int buf_get_pub_key(buffer *buf, sign_key *key, enum signkey_type *type) {
140
141
142

	unsigned char* ident;
	unsigned int len;
Matt Johnston's avatar
Matt Johnston committed
143
144
	int keytype;
	int ret = DROPBEAR_FAILURE;
145

146
	TRACE2(("enter buf_get_pub_key"))
147

148
	ident = buf_getstring(buf, &len);
Matt Johnston's avatar
Matt Johnston committed
149
150
151
152
	keytype = signkey_type_from_name(ident, len);
	m_free(ident);

	if (*type != DROPBEAR_SIGNKEY_ANY && *type != keytype) {
153
		TRACE(("buf_get_pub_key bad type - got %d, expected %d", keytype, *type))
Matt Johnston's avatar
Matt Johnston committed
154
155
		return DROPBEAR_FAILURE;
	}
156
	
157
	TRACE2(("buf_get_pub_key keytype is %d", keytype))
158

Matt Johnston's avatar
Matt Johnston committed
159
160
161
162
	*type = keytype;

	/* Rewind the buffer back before "ssh-rsa" etc */
	buf_incrpos(buf, -len - 4);
163

164
#ifdef DROPBEAR_DSS
Matt Johnston's avatar
Matt Johnston committed
165
	if (keytype == DROPBEAR_SIGNKEY_DSS) {
166
		dss_key_free(key->dsskey);
167
		key->dsskey = m_malloc(sizeof(*key->dsskey));
Matt Johnston's avatar
Matt Johnston committed
168
169
170
171
		ret = buf_get_dss_pub_key(buf, key->dsskey);
		if (ret == DROPBEAR_FAILURE) {
			m_free(key->dsskey);
		}
172
173
174
	}
#endif
#ifdef DROPBEAR_RSA
Matt Johnston's avatar
Matt Johnston committed
175
	if (keytype == DROPBEAR_SIGNKEY_RSA) {
176
		rsa_key_free(key->rsakey);
177
		key->rsakey = m_malloc(sizeof(*key->rsakey));
Matt Johnston's avatar
Matt Johnston committed
178
179
180
181
		ret = buf_get_rsa_pub_key(buf, key->rsakey);
		if (ret == DROPBEAR_FAILURE) {
			m_free(key->rsakey);
		}
182
183
	}
#endif
184
#ifdef DROPBEAR_ECDSA
185
	if (signkey_is_ecdsa(keytype)) {
186
		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype);
187
188
189
190
191
192
193
194
195
		if (eck) {
			if (*eck) {
				ecc_free(*eck);
				*eck = NULL;
			}
			*eck = buf_get_ecdsa_pub_key(buf);
			if (*eck) {
				ret = DROPBEAR_SUCCESS;
			}
196
197
198
		}
	}
#endif
199

200
	TRACE2(("leave buf_get_pub_key"))
201

Matt Johnston's avatar
Matt Johnston committed
202
	return ret;
203
204
205
	
}

Matt Johnston's avatar
Matt Johnston committed
206
207
208
/* returns DROPBEAR_SUCCESS on success, DROPBEAR_FAILURE on fail.
 * type should be set by the caller to specify the type to read, and
 * on return is set to the type read (useful when type = _ANY) */
209
int buf_get_priv_key(buffer *buf, sign_key *key, enum signkey_type *type) {
210
211
212

	unsigned char* ident;
	unsigned int len;
Matt Johnston's avatar
Matt Johnston committed
213
214
	int keytype;
	int ret = DROPBEAR_FAILURE;
215

216
	TRACE2(("enter buf_get_priv_key"))
Matt Johnston's avatar
Matt Johnston committed
217

218
	ident = buf_getstring(buf, &len);
Matt Johnston's avatar
Matt Johnston committed
219
220
221
222
	keytype = signkey_type_from_name(ident, len);
	m_free(ident);

	if (*type != DROPBEAR_SIGNKEY_ANY && *type != keytype) {
223
		TRACE(("wrong key type: %d %d", *type, keytype))
Matt Johnston's avatar
Matt Johnston committed
224
225
226
227
228
229
230
		return DROPBEAR_FAILURE;
	}

	*type = keytype;

	/* Rewind the buffer back before "ssh-rsa" etc */
	buf_incrpos(buf, -len - 4);
231
232

#ifdef DROPBEAR_DSS
Matt Johnston's avatar
Matt Johnston committed
233
	if (keytype == DROPBEAR_SIGNKEY_DSS) {
234
		dss_key_free(key->dsskey);
235
		key->dsskey = m_malloc(sizeof(*key->dsskey));
236
237
238
239
240
241
242
		ret = buf_get_dss_priv_key(buf, key->dsskey);
		if (ret == DROPBEAR_FAILURE) {
			m_free(key->dsskey);
		}
	}
#endif
#ifdef DROPBEAR_RSA
Matt Johnston's avatar
Matt Johnston committed
243
	if (keytype == DROPBEAR_SIGNKEY_RSA) {
244
		rsa_key_free(key->rsakey);
245
		key->rsakey = m_malloc(sizeof(*key->rsakey));
246
247
248
249
250
251
		ret = buf_get_rsa_priv_key(buf, key->rsakey);
		if (ret == DROPBEAR_FAILURE) {
			m_free(key->rsakey);
		}
	}
#endif
252
#ifdef DROPBEAR_ECDSA
253
	if (signkey_is_ecdsa(keytype)) {
254
		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype);
255
256
257
258
259
260
261
262
263
		if (eck) {
			if (*eck) {
				ecc_free(*eck);
				*eck = NULL;
			}
			*eck = buf_get_ecdsa_priv_key(buf);
			if (*eck) {
				ret = DROPBEAR_SUCCESS;
			}
264
265
266
		}
	}
#endif
267

268
	TRACE2(("leave buf_get_priv_key"))
Matt Johnston's avatar
Matt Johnston committed
269
270

	return ret;
271
272
273
274
	
}

/* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */
275
void buf_put_pub_key(buffer* buf, sign_key *key, enum signkey_type type) {
276
277
278

	buffer *pubkeys;

279
	TRACE2(("enter buf_put_pub_key"))
280
	pubkeys = buf_new(MAX_PUBKEY_SIZE);
281
282
283
284
285
286
287
288
289
290
	
#ifdef DROPBEAR_DSS
	if (type == DROPBEAR_SIGNKEY_DSS) {
		buf_put_dss_pub_key(pubkeys, key->dsskey);
	}
#endif
#ifdef DROPBEAR_RSA
	if (type == DROPBEAR_SIGNKEY_RSA) {
		buf_put_rsa_pub_key(pubkeys, key->rsakey);
	}
291
292
#endif
#ifdef DROPBEAR_ECDSA
293
	if (signkey_is_ecdsa(type)) {
294
		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
295
296
297
		if (eck) {
			buf_put_ecdsa_pub_key(pubkeys, *eck);
		}
298
	}
299
300
#endif
	if (pubkeys->len == 0) {
301
		dropbear_exit("Bad key types in buf_put_pub_key");
302
303
	}

304
	buf_putbufstring(buf, pubkeys);
305
	buf_free(pubkeys);
306
	TRACE2(("leave buf_put_pub_key"))
307
308
309
}

/* type is either DROPBEAR_SIGNKEY_DSS or DROPBEAR_SIGNKEY_RSA */
310
void buf_put_priv_key(buffer* buf, sign_key *key, enum signkey_type type) {
311

312
313
	TRACE(("enter buf_put_priv_key"))
	TRACE(("type is %d", type))
314
315
316
317

#ifdef DROPBEAR_DSS
	if (type == DROPBEAR_SIGNKEY_DSS) {
		buf_put_dss_priv_key(buf, key->dsskey);
318
	TRACE(("leave buf_put_priv_key: dss done"))
319
320
321
322
323
324
	return;
	}
#endif
#ifdef DROPBEAR_RSA
	if (type == DROPBEAR_SIGNKEY_RSA) {
		buf_put_rsa_priv_key(buf, key->rsakey);
325
	TRACE(("leave buf_put_priv_key: rsa done"))
326
327
	return;
	}
328
329
#endif
#ifdef DROPBEAR_ECDSA
330
	if (signkey_is_ecdsa(type)) {
331
		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
332
333
334
335
336
		if (eck) {
			buf_put_ecdsa_priv_key(buf, *eck);
			TRACE(("leave buf_put_priv_key: ecdsa done"))
			return;
		}
337
	}
338
#endif
339
	dropbear_exit("Bad key types in put pub key");
340
341
342
343
}

void sign_key_free(sign_key *key) {

344
	TRACE2(("enter sign_key_free"))
345
346
347
348
349
350
351
352
353

#ifdef DROPBEAR_DSS
	dss_key_free(key->dsskey);
	key->dsskey = NULL;
#endif
#ifdef DROPBEAR_RSA
	rsa_key_free(key->rsakey);
	key->rsakey = NULL;
#endif
354
#ifdef DROPBEAR_ECDSA
355
#ifdef DROPBEAR_ECC_256
356
357
358
359
	if (key->ecckey256) {
		ecc_free(key->ecckey256);
		key->ecckey256 = NULL;
	}
360
361
#endif
#ifdef DROPBEAR_ECC_384
362
363
364
365
	if (key->ecckey384) {
		ecc_free(key->ecckey384);
		key->ecckey384 = NULL;
	}
366
367
#endif
#ifdef DROPBEAR_ECC_521
368
369
370
	if (key->ecckey521) {
		ecc_free(key->ecckey521);
		key->ecckey521 = NULL;
371
	}
372
#endif
373
#endif
374

375
376
	m_free(key->filename);

377
	m_free(key);
378
	TRACE2(("leave sign_key_free"))
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
}

static char hexdig(unsigned char x) {
	if (x > 0xf)
		return 'X';

	if (x < 10)
		return '0' + x;
	else
		return 'a' + x - 10;
}

/* Since we're not sure if we'll have md5 or sha1, we present both.
 * MD5 is used in preference, but sha1 could still be useful */
#ifdef DROPBEAR_MD5_HMAC
394
395
static char * sign_key_md5_fingerprint(unsigned char* keyblob,
		unsigned int keybloblen) {
396
397
398
399

	char * ret;
	hash_state hs;
	unsigned char hash[MD5_HASH_SIZE];
400
	unsigned int i;
401
402
403
404
405
	unsigned int buflen;

	md5_init(&hs);

	/* skip the size int of the string - this is a bit messy */
406
	md5_process(&hs, keyblob, keybloblen);
407
408
409
410
411
412
413
414
415
416

	md5_done(&hs, hash);

	/* "md5 hexfingerprinthere\0", each hex digit is "AB:" etc */
	buflen = 4 + 3*MD5_HASH_SIZE;
	ret = (char*)m_malloc(buflen);

	memset(ret, 'Z', buflen);
	strcpy(ret, "md5 ");

417
418
419
420
421
	for (i = 0; i < MD5_HASH_SIZE; i++) {
		unsigned int pos = 4 + i*3;
		ret[pos] = hexdig(hash[i] >> 4);
		ret[pos+1] = hexdig(hash[i] & 0x0f);
		ret[pos+2] = ':';
422
423
424
425
426
427
428
	}
	ret[buflen-1] = 0x0;

	return ret;
}

#else /* use SHA1 rather than MD5 for fingerprint */
429
430
static char * sign_key_sha1_fingerprint(unsigned char* keyblob, 
		unsigned int keybloblen) {
431
432
433
434

	char * ret;
	hash_state hs;
	unsigned char hash[SHA1_HASH_SIZE];
435
	unsigned int i;
436
437
438
439
440
	unsigned int buflen;

	sha1_init(&hs);

	/* skip the size int of the string - this is a bit messy */
441
	sha1_process(&hs, keyblob, keybloblen);
442
443
444

	sha1_done(&hs, hash);

445
446
	/* "sha1!! hexfingerprinthere\0", each hex digit is "AB:" etc */
	buflen = 7 + 3*SHA1_HASH_SIZE;
447
448
	ret = (char*)m_malloc(buflen);

449
	strcpy(ret, "sha1!! ");
450

451
	for (i = 0; i < SHA1_HASH_SIZE; i++) {
452
		unsigned int pos = 7 + 3*i;
453
454
455
		ret[pos] = hexdig(hash[i] >> 4);
		ret[pos+1] = hexdig(hash[i] & 0x0f);
		ret[pos+2] = ':';
456
457
458
459
460
461
462
463
464
465
	}
	ret[buflen-1] = 0x0;

	return ret;
}

#endif /* MD5/SHA1 switch */

/* This will return a freshly malloced string, containing a fingerprint
 * in either sha1 or md5 */
466
char * sign_key_fingerprint(unsigned char* keyblob, unsigned int keybloblen) {
467
468

#ifdef DROPBEAR_MD5_HMAC
469
	return sign_key_md5_fingerprint(keyblob, keybloblen);
470
#else
471
	return sign_key_sha1_fingerprint(keyblob, keybloblen);
472
473
474
#endif
}

475
void buf_put_sign(buffer* buf, sign_key *key, enum signkey_type type, 
476
	buffer *data_buf) {
477
	buffer *sigblob;
478
	sigblob = buf_new(MAX_PUBKEY_SIZE);
479
480
481

#ifdef DROPBEAR_DSS
	if (type == DROPBEAR_SIGNKEY_DSS) {
482
		buf_put_dss_sign(sigblob, key->dsskey, data_buf);
483
484
485
486
	}
#endif
#ifdef DROPBEAR_RSA
	if (type == DROPBEAR_SIGNKEY_RSA) {
487
		buf_put_rsa_sign(sigblob, key->rsakey, data_buf);
488
	}
489
490
#endif
#ifdef DROPBEAR_ECDSA
491
	if (signkey_is_ecdsa(type)) {
492
		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
493
494
495
		if (eck) {
			buf_put_ecdsa_sign(sigblob, *eck, data_buf);
		}
496
	}
497
498
#endif
	if (sigblob->len == 0) {
499
		dropbear_exit("Non-matching signing type");
500
	}
501
	buf_putbufstring(buf, sigblob);
502
503
504
505
506
507
508
509
510
	buf_free(sigblob);

}

#ifdef DROPBEAR_SIGNKEY_VERIFY
/* Return DROPBEAR_SUCCESS or DROPBEAR_FAILURE.
 * If FAILURE is returned, the position of
 * buf is undefined. If SUCCESS is returned, buf will be positioned after the
 * signature blob */
511
int buf_verify(buffer * buf, sign_key *key, buffer *data_buf) {
512
	
513
514
	unsigned char * type_name = NULL;
	unsigned int type_name_len = 0;
515
	enum signkey_type type;
516

517
	TRACE(("enter buf_verify"))
518

Matt Johnston's avatar
Matt Johnston committed
519
	buf_getint(buf); /* blob length */
520
	type_name = buf_getstring(buf, &type_name_len);
521
	type = signkey_type_from_name(type_name, type_name_len);
522
	m_free(type_name);
523
524

#ifdef DROPBEAR_DSS
525
	if (type == DROPBEAR_SIGNKEY_DSS) {
526
		if (key->dsskey == NULL) {
527
			dropbear_exit("No DSS key to verify signature");
528
		}
529
		return buf_dss_verify(buf, key->dsskey, data_buf);
530
531
532
533
	}
#endif

#ifdef DROPBEAR_RSA
534
	if (type == DROPBEAR_SIGNKEY_RSA) {
535
		if (key->rsakey == NULL) {
536
			dropbear_exit("No RSA key to verify signature");
537
		}
538
		return buf_rsa_verify(buf, key->rsakey, data_buf);
539
540
	}
#endif
541
#ifdef DROPBEAR_ECDSA
542
	if (signkey_is_ecdsa(type)) {
543
		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, type);
544
545
546
		if (eck) {
			return buf_ecdsa_verify(buf, *eck, data_buf);
		}
547
548
	}
#endif
549

550
	dropbear_exit("Non-matching signing type");
551
552
553
	return DROPBEAR_FAILURE;
}
#endif /* DROPBEAR_SIGNKEY_VERIFY */
554
555
556
557
558
559

#ifdef DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */

/* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE when given a buffer containing
 * a key, a key, and a type. The buffer is positioned at the start of the
 * base64 data, and contains no trailing data */
Matt Johnston's avatar
Matt Johnston committed
560
561
/* If fingerprint is non-NULL, it will be set to a malloc()ed fingerprint
   of the key if it is successfully decoded */
562
563
int cmp_base64_key(const unsigned char* keyblob, unsigned int keybloblen, 
					const unsigned char* algoname, unsigned int algolen, 
Matt Johnston's avatar
Matt Johnston committed
564
					buffer * line, char ** fingerprint) {
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579

	buffer * decodekey = NULL;
	int ret = DROPBEAR_FAILURE;
	unsigned int len, filealgolen;
	unsigned long decodekeylen;
	unsigned char* filealgo = NULL;

	/* now we have the actual data */
	len = line->len - line->pos;
	decodekeylen = len * 2; /* big to be safe */
	decodekey = buf_new(decodekeylen);

	if (base64_decode(buf_getptr(line, len), len,
				buf_getwriteptr(decodekey, decodekey->size),
				&decodekeylen) != CRYPT_OK) {
580
		TRACE(("checkpubkey: base64 decode failed"))
581
582
		goto out;
	}
583
	TRACE(("checkpubkey: base64_decode success"))
584
585
	buf_incrlen(decodekey, decodekeylen);
	
Matt Johnston's avatar
Matt Johnston committed
586
587
588
589
590
	if (fingerprint) {
		*fingerprint = sign_key_fingerprint(buf_getptr(decodekey, decodekeylen),
											decodekeylen);
	}
	
591
592
593
594
	/* compare the keys */
	if ( ( decodekeylen != keybloblen )
			|| memcmp( buf_getptr(decodekey, decodekey->len),
						keyblob, decodekey->len) != 0) {
595
		TRACE(("checkpubkey: compare failed"))
596
597
598
599
600
601
602
603
		goto out;
	}

	/* ... and also check that the algo specified and the algo in the key
	 * itself match */
	filealgolen = buf_getint(decodekey);
	filealgo = buf_getptr(decodekey, filealgolen);
	if (filealgolen != algolen || memcmp(filealgo, algoname, algolen) != 0) {
604
		TRACE(("checkpubkey: algo match failed")) 
605
606
607
608
609
610
611
612
613
614
615
616
		goto out;
	}

	/* All checks passed */
	ret = DROPBEAR_SUCCESS;

out:
	buf_free(decodekey);
	decodekey = NULL;
	return ret;
}
#endif