]> andersk Git - openssh.git/blame - key.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- dtucker@cvs.openbsd.org 2006/08/01 11:34:36
[openssh.git] / key.c
CommitLineData
00146caa 1/* $OpenBSD: key.c,v 1.65 2006/07/22 20:48:23 stevesk Exp $ */
4fe2af09 2/*
bcbf86ec 3 * read_bignum():
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 *
6 * As far as I am concerned, the code I have written for this software
7 * can be used freely for any purpose. Any derived versions of this
8 * software must be clearly marked as such, and if the derived work is
9 * incompatible with the protocol description in the RFC file, it must be
10 * called by a name other than "ssh" or "Secure Shell".
11 *
12 *
a96070d4 13 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
4fe2af09 14 *
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
17 * are met:
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
4fe2af09 23 *
24 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
25 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
26 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
27 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
28 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
29 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
30 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
31 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */
4fe2af09 35#include "includes.h"
42f11eb2 36
4fe2af09 37#include <openssl/evp.h>
42f11eb2 38
00146caa 39#include <string.h>
40
4fe2af09 41#include "xmalloc.h"
42#include "key.h"
fa08c86b 43#include "rsa.h"
a306f2dd 44#include "uuencode.h"
fa08c86b 45#include "buffer.h"
46#include "bufaux.h"
42f11eb2 47#include "log.h"
4fe2af09 48
49Key *
50key_new(int type)
51{
52 Key *k;
53 RSA *rsa;
54 DSA *dsa;
52e3daed 55 k = xcalloc(1, sizeof(*k));
4fe2af09 56 k->type = type;
a306f2dd 57 k->dsa = NULL;
58 k->rsa = NULL;
4fe2af09 59 switch (k->type) {
fa08c86b 60 case KEY_RSA1:
4fe2af09 61 case KEY_RSA:
b775c6f2 62 if ((rsa = RSA_new()) == NULL)
63 fatal("key_new: RSA_new failed");
64 if ((rsa->n = BN_new()) == NULL)
65 fatal("key_new: BN_new failed");
66 if ((rsa->e = BN_new()) == NULL)
67 fatal("key_new: BN_new failed");
4fe2af09 68 k->rsa = rsa;
69 break;
70 case KEY_DSA:
b775c6f2 71 if ((dsa = DSA_new()) == NULL)
72 fatal("key_new: DSA_new failed");
73 if ((dsa->p = BN_new()) == NULL)
74 fatal("key_new: BN_new failed");
75 if ((dsa->q = BN_new()) == NULL)
76 fatal("key_new: BN_new failed");
77 if ((dsa->g = BN_new()) == NULL)
78 fatal("key_new: BN_new failed");
79 if ((dsa->pub_key = BN_new()) == NULL)
80 fatal("key_new: BN_new failed");
4fe2af09 81 k->dsa = dsa;
82 break;
fa08c86b 83 case KEY_UNSPEC:
4fe2af09 84 break;
85 default:
86 fatal("key_new: bad key type %d", k->type);
87 break;
88 }
89 return k;
90}
3ddc795d 91
fa08c86b 92Key *
93key_new_private(int type)
94{
95 Key *k = key_new(type);
96 switch (k->type) {
97 case KEY_RSA1:
98 case KEY_RSA:
b775c6f2 99 if ((k->rsa->d = BN_new()) == NULL)
100 fatal("key_new_private: BN_new failed");
101 if ((k->rsa->iqmp = BN_new()) == NULL)
102 fatal("key_new_private: BN_new failed");
103 if ((k->rsa->q = BN_new()) == NULL)
104 fatal("key_new_private: BN_new failed");
105 if ((k->rsa->p = BN_new()) == NULL)
106 fatal("key_new_private: BN_new failed");
107 if ((k->rsa->dmq1 = BN_new()) == NULL)
108 fatal("key_new_private: BN_new failed");
109 if ((k->rsa->dmp1 = BN_new()) == NULL)
110 fatal("key_new_private: BN_new failed");
fa08c86b 111 break;
112 case KEY_DSA:
b775c6f2 113 if ((k->dsa->priv_key = BN_new()) == NULL)
114 fatal("key_new_private: BN_new failed");
fa08c86b 115 break;
116 case KEY_UNSPEC:
117 break;
118 default:
119 break;
120 }
121 return k;
122}
3ddc795d 123
4fe2af09 124void
125key_free(Key *k)
126{
7016f7cf 127 if (k == NULL)
353d48db 128 fatal("key_free: key is NULL");
4fe2af09 129 switch (k->type) {
fa08c86b 130 case KEY_RSA1:
4fe2af09 131 case KEY_RSA:
132 if (k->rsa != NULL)
133 RSA_free(k->rsa);
134 k->rsa = NULL;
135 break;
136 case KEY_DSA:
137 if (k->dsa != NULL)
138 DSA_free(k->dsa);
139 k->dsa = NULL;
140 break;
fa08c86b 141 case KEY_UNSPEC:
142 break;
4fe2af09 143 default:
144 fatal("key_free: bad key type %d", k->type);
145 break;
146 }
147 xfree(k);
148}
b6c7b7b7 149
4fe2af09 150int
b6c7b7b7 151key_equal(const Key *a, const Key *b)
4fe2af09 152{
153 if (a == NULL || b == NULL || a->type != b->type)
154 return 0;
155 switch (a->type) {
fa08c86b 156 case KEY_RSA1:
4fe2af09 157 case KEY_RSA:
158 return a->rsa != NULL && b->rsa != NULL &&
159 BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
160 BN_cmp(a->rsa->n, b->rsa->n) == 0;
4fe2af09 161 case KEY_DSA:
162 return a->dsa != NULL && b->dsa != NULL &&
163 BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
164 BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
165 BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
166 BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
4fe2af09 167 default:
a306f2dd 168 fatal("key_equal: bad key type %d", a->type);
4fe2af09 169 break;
170 }
171 return 0;
172}
173
21289cd0 174u_char*
b6c7b7b7 175key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
176 u_int *dgst_raw_length)
4fe2af09 177{
714954dc 178 const EVP_MD *md = NULL;
79c9ac1b 179 EVP_MD_CTX ctx;
1e3b8b07 180 u_char *blob = NULL;
301e8e5b 181 u_char *retval = NULL;
c66f9d0e 182 u_int len = 0;
a306f2dd 183 int nlen, elen;
4fe2af09 184
301e8e5b 185 *dgst_raw_length = 0;
186
79c9ac1b 187 switch (dgst_type) {
188 case SSH_FP_MD5:
189 md = EVP_md5();
190 break;
191 case SSH_FP_SHA1:
192 md = EVP_sha1();
193 break;
194 default:
195 fatal("key_fingerprint_raw: bad digest type %d",
196 dgst_type);
197 }
4fe2af09 198 switch (k->type) {
fa08c86b 199 case KEY_RSA1:
4fe2af09 200 nlen = BN_num_bytes(k->rsa->n);
201 elen = BN_num_bytes(k->rsa->e);
202 len = nlen + elen;
a306f2dd 203 blob = xmalloc(len);
204 BN_bn2bin(k->rsa->n, blob);
205 BN_bn2bin(k->rsa->e, blob + nlen);
4fe2af09 206 break;
207 case KEY_DSA:
fa08c86b 208 case KEY_RSA:
209 key_to_blob(k, &blob, &len);
210 break;
211 case KEY_UNSPEC:
212 return retval;
4fe2af09 213 default:
301e8e5b 214 fatal("key_fingerprint_raw: bad key type %d", k->type);
4fe2af09 215 break;
216 }
a306f2dd 217 if (blob != NULL) {
301e8e5b 218 retval = xmalloc(EVP_MAX_MD_SIZE);
74fc9186 219 EVP_DigestInit(&ctx, md);
220 EVP_DigestUpdate(&ctx, blob, len);
a209a158 221 EVP_DigestFinal(&ctx, retval, dgst_raw_length);
a306f2dd 222 memset(blob, 0, len);
223 xfree(blob);
301e8e5b 224 } else {
225 fatal("key_fingerprint_raw: blob is null");
4fe2af09 226 }
227 return retval;
228}
229
343288b8 230static char *
231key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len)
301e8e5b 232{
233 char *retval;
2ceb8101 234 u_int i;
301e8e5b 235
52e3daed 236 retval = xcalloc(1, dgst_raw_len * 3 + 1);
184eed6a 237 for (i = 0; i < dgst_raw_len; i++) {
301e8e5b 238 char hex[4];
239 snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
956b0f56 240 strlcat(retval, hex, dgst_raw_len * 3 + 1);
301e8e5b 241 }
956b0f56 242
243 /* Remove the trailing ':' character */
301e8e5b 244 retval[(dgst_raw_len * 3) - 1] = '\0';
245 return retval;
246}
247
343288b8 248static char *
249key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len)
301e8e5b 250{
251 char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' };
252 char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm',
253 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' };
08345971 254 u_int i, j = 0, rounds, seed = 1;
301e8e5b 255 char *retval;
256
257 rounds = (dgst_raw_len / 2) + 1;
52e3daed 258 retval = xcalloc((rounds * 6), sizeof(char));
08345971 259 retval[j++] = 'x';
260 for (i = 0; i < rounds; i++) {
301e8e5b 261 u_int idx0, idx1, idx2, idx3, idx4;
08345971 262 if ((i + 1 < rounds) || (dgst_raw_len % 2 != 0)) {
263 idx0 = (((((u_int)(dgst_raw[2 * i])) >> 6) & 3) +
301e8e5b 264 seed) % 6;
08345971 265 idx1 = (((u_int)(dgst_raw[2 * i])) >> 2) & 15;
266 idx2 = ((((u_int)(dgst_raw[2 * i])) & 3) +
301e8e5b 267 (seed / 6)) % 6;
08345971 268 retval[j++] = vowels[idx0];
269 retval[j++] = consonants[idx1];
270 retval[j++] = vowels[idx2];
271 if ((i + 1) < rounds) {
272 idx3 = (((u_int)(dgst_raw[(2 * i) + 1])) >> 4) & 15;
273 idx4 = (((u_int)(dgst_raw[(2 * i) + 1]))) & 15;
274 retval[j++] = consonants[idx3];
275 retval[j++] = '-';
276 retval[j++] = consonants[idx4];
301e8e5b 277 seed = ((seed * 5) +
08345971 278 ((((u_int)(dgst_raw[2 * i])) * 7) +
279 ((u_int)(dgst_raw[(2 * i) + 1])))) % 36;
301e8e5b 280 }
281 } else {
282 idx0 = seed % 6;
283 idx1 = 16;
284 idx2 = seed / 6;
08345971 285 retval[j++] = vowels[idx0];
286 retval[j++] = consonants[idx1];
287 retval[j++] = vowels[idx2];
301e8e5b 288 }
289 }
08345971 290 retval[j++] = 'x';
291 retval[j++] = '\0';
301e8e5b 292 return retval;
293}
294
343288b8 295char *
b6c7b7b7 296key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
301e8e5b 297{
cd332296 298 char *retval = NULL;
301e8e5b 299 u_char *dgst_raw;
a209a158 300 u_int dgst_raw_len;
184eed6a 301
301e8e5b 302 dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len);
303 if (!dgst_raw)
22138a36 304 fatal("key_fingerprint: null from key_fingerprint_raw()");
6aacefa7 305 switch (dgst_rep) {
301e8e5b 306 case SSH_FP_HEX:
307 retval = key_fingerprint_hex(dgst_raw, dgst_raw_len);
308 break;
309 case SSH_FP_BUBBLEBABBLE:
310 retval = key_fingerprint_bubblebabble(dgst_raw, dgst_raw_len);
311 break;
312 default:
313 fatal("key_fingerprint_ex: bad digest representation %d",
314 dgst_rep);
315 break;
316 }
317 memset(dgst_raw, 0, dgst_raw_len);
318 xfree(dgst_raw);
319 return retval;
320}
321
4fe2af09 322/*
323 * Reads a multiple-precision integer in decimal from the buffer, and advances
324 * the pointer. The integer must already be initialized. This function is
325 * permitted to modify the buffer. This leaves *cpp to point just beyond the
326 * last processed (and maybe modified) character. Note that this may modify
327 * the buffer containing the number.
328 */
396c147e 329static int
4fe2af09 330read_bignum(char **cpp, BIGNUM * value)
331{
332 char *cp = *cpp;
333 int old;
334
335 /* Skip any leading whitespace. */
336 for (; *cp == ' ' || *cp == '\t'; cp++)
337 ;
338
339 /* Check that it begins with a decimal digit. */
340 if (*cp < '0' || *cp > '9')
341 return 0;
342
343 /* Save starting position. */
344 *cpp = cp;
345
346 /* Move forward until all decimal digits skipped. */
347 for (; *cp >= '0' && *cp <= '9'; cp++)
348 ;
349
350 /* Save the old terminating character, and replace it by \0. */
351 old = *cp;
352 *cp = 0;
353
354 /* Parse the number. */
355 if (BN_dec2bn(&value, *cpp) == 0)
356 return 0;
357
358 /* Restore old terminating character. */
359 *cp = old;
360
361 /* Move beyond the number and return success. */
362 *cpp = cp;
363 return 1;
364}
3ddc795d 365
396c147e 366static int
4fe2af09 367write_bignum(FILE *f, BIGNUM *num)
368{
369 char *buf = BN_bn2dec(num);
370 if (buf == NULL) {
371 error("write_bignum: BN_bn2dec() failed");
372 return 0;
373 }
374 fprintf(f, " %s", buf);
c48c32c1 375 OPENSSL_free(buf);
4fe2af09 376 return 1;
377}
fa08c86b 378
cb8c7bad 379/* returns 1 ok, -1 error */
fa08c86b 380int
a306f2dd 381key_read(Key *ret, char **cpp)
4fe2af09 382{
a306f2dd 383 Key *k;
fa08c86b 384 int success = -1;
385 char *cp, *space;
386 int len, n, type;
387 u_int bits;
1e3b8b07 388 u_char *blob;
a306f2dd 389
390 cp = *cpp;
391
6aacefa7 392 switch (ret->type) {
fa08c86b 393 case KEY_RSA1:
a306f2dd 394 /* Get number of bits. */
395 if (*cp < '0' || *cp > '9')
fa08c86b 396 return -1; /* Bad bit count... */
a306f2dd 397 for (bits = 0; *cp >= '0' && *cp <= '9'; cp++)
398 bits = 10 * bits + *cp - '0';
4fe2af09 399 if (bits == 0)
fa08c86b 400 return -1;
a306f2dd 401 *cpp = cp;
4fe2af09 402 /* Get public exponent, public modulus. */
403 if (!read_bignum(cpp, ret->rsa->e))
fa08c86b 404 return -1;
4fe2af09 405 if (!read_bignum(cpp, ret->rsa->n))
fa08c86b 406 return -1;
407 success = 1;
4fe2af09 408 break;
fa08c86b 409 case KEY_UNSPEC:
410 case KEY_RSA:
4fe2af09 411 case KEY_DSA:
fa08c86b 412 space = strchr(cp, ' ');
413 if (space == NULL) {
79cfe67c 414 debug3("key_read: missing whitespace");
fa08c86b 415 return -1;
416 }
417 *space = '\0';
418 type = key_type_from_name(cp);
419 *space = ' ';
420 if (type == KEY_UNSPEC) {
79cfe67c 421 debug3("key_read: missing keytype");
fa08c86b 422 return -1;
423 }
424 cp = space+1;
425 if (*cp == '\0') {
426 debug3("key_read: short string");
427 return -1;
428 }
429 if (ret->type == KEY_UNSPEC) {
430 ret->type = type;
431 } else if (ret->type != type) {
432 /* is a key, but different type */
433 debug3("key_read: type mismatch");
cb8c7bad 434 return -1;
fa08c86b 435 }
a306f2dd 436 len = 2*strlen(cp);
437 blob = xmalloc(len);
438 n = uudecode(cp, blob, len);
1d1ffb87 439 if (n < 0) {
71276795 440 error("key_read: uudecode %s failed", cp);
2f98d223 441 xfree(blob);
fa08c86b 442 return -1;
1d1ffb87 443 }
a27002e5 444 k = key_from_blob(blob, (u_int)n);
2f98d223 445 xfree(blob);
71276795 446 if (k == NULL) {
fa08c86b 447 error("key_read: key_from_blob %s failed", cp);
448 return -1;
71276795 449 }
fa08c86b 450 if (k->type != type) {
451 error("key_read: type mismatch: encoding error");
452 key_free(k);
453 return -1;
454 }
455/*XXXX*/
456 if (ret->type == KEY_RSA) {
457 if (ret->rsa != NULL)
458 RSA_free(ret->rsa);
459 ret->rsa = k->rsa;
460 k->rsa = NULL;
461 success = 1;
462#ifdef DEBUG_PK
463 RSA_print_fp(stderr, ret->rsa, 8);
464#endif
465 } else {
466 if (ret->dsa != NULL)
467 DSA_free(ret->dsa);
468 ret->dsa = k->dsa;
469 k->dsa = NULL;
470 success = 1;
471#ifdef DEBUG_PK
472 DSA_print_fp(stderr, ret->dsa, 8);
473#endif
474 }
475/*XXXX*/
2f98d223 476 key_free(k);
fa08c86b 477 if (success != 1)
478 break;
71276795 479 /* advance cp: skip whitespace and data */
480 while (*cp == ' ' || *cp == '\t')
481 cp++;
482 while (*cp != '\0' && *cp != ' ' && *cp != '\t')
483 cp++;
484 *cpp = cp;
4fe2af09 485 break;
486 default:
a306f2dd 487 fatal("key_read: bad key type: %d", ret->type);
4fe2af09 488 break;
489 }
fa08c86b 490 return success;
4fe2af09 491}
3ddc795d 492
4fe2af09 493int
b6c7b7b7 494key_write(const Key *key, FILE *f)
4fe2af09 495{
c66f9d0e 496 int n, success = 0;
497 u_int len, bits = 0;
661e45a0 498 u_char *blob;
499 char *uu;
4fe2af09 500
fa08c86b 501 if (key->type == KEY_RSA1 && key->rsa != NULL) {
4fe2af09 502 /* size of modulus 'n' */
503 bits = BN_num_bits(key->rsa->n);
504 fprintf(f, "%u", bits);
505 if (write_bignum(f, key->rsa->e) &&
506 write_bignum(f, key->rsa->n)) {
507 success = 1;
508 } else {
509 error("key_write: failed for RSA key");
510 }
fa08c86b 511 } else if ((key->type == KEY_DSA && key->dsa != NULL) ||
512 (key->type == KEY_RSA && key->rsa != NULL)) {
fa08c86b 513 key_to_blob(key, &blob, &len);
a306f2dd 514 uu = xmalloc(2*len);
1d1ffb87 515 n = uuencode(blob, len, uu, 2*len);
516 if (n > 0) {
fa08c86b 517 fprintf(f, "%s %s", key_ssh_name(key), uu);
1d1ffb87 518 success = 1;
519 }
a306f2dd 520 xfree(blob);
521 xfree(uu);
4fe2af09 522 }
523 return success;
524}
3ddc795d 525
b6c7b7b7 526const char *
527key_type(const Key *k)
1d1ffb87 528{
529 switch (k->type) {
fa08c86b 530 case KEY_RSA1:
531 return "RSA1";
1d1ffb87 532 case KEY_RSA:
533 return "RSA";
1d1ffb87 534 case KEY_DSA:
535 return "DSA";
1d1ffb87 536 }
537 return "unknown";
538}
3ddc795d 539
b6c7b7b7 540const char *
541key_ssh_name(const Key *k)
fa08c86b 542{
543 switch (k->type) {
544 case KEY_RSA:
545 return "ssh-rsa";
fa08c86b 546 case KEY_DSA:
547 return "ssh-dss";
fa08c86b 548 }
549 return "ssh-unknown";
550}
3ddc795d 551
fa08c86b 552u_int
b6c7b7b7 553key_size(const Key *k)
6aacefa7 554{
2e73a022 555 switch (k->type) {
fa08c86b 556 case KEY_RSA1:
2e73a022 557 case KEY_RSA:
558 return BN_num_bits(k->rsa->n);
2e73a022 559 case KEY_DSA:
560 return BN_num_bits(k->dsa->p);
2e73a022 561 }
562 return 0;
563}
fa08c86b 564
396c147e 565static RSA *
1e3b8b07 566rsa_generate_private_key(u_int bits)
fa08c86b 567{
2b87da3b 568 RSA *private;
5ef36928 569
2b87da3b 570 private = RSA_generate_key(bits, 35, NULL, NULL);
571 if (private == NULL)
572 fatal("rsa_generate_private_key: key generation failed.");
573 return private;
fa08c86b 574}
575
396c147e 576static DSA*
1e3b8b07 577dsa_generate_private_key(u_int bits)
fa08c86b 578{
579 DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
5ef36928 580
fa08c86b 581 if (private == NULL)
582 fatal("dsa_generate_private_key: DSA_generate_parameters failed");
583 if (!DSA_generate_key(private))
2b87da3b 584 fatal("dsa_generate_private_key: DSA_generate_key failed.");
585 if (private == NULL)
586 fatal("dsa_generate_private_key: NULL.");
fa08c86b 587 return private;
588}
589
590Key *
1e3b8b07 591key_generate(int type, u_int bits)
fa08c86b 592{
593 Key *k = key_new(KEY_UNSPEC);
594 switch (type) {
2b87da3b 595 case KEY_DSA:
fa08c86b 596 k->dsa = dsa_generate_private_key(bits);
597 break;
598 case KEY_RSA:
599 case KEY_RSA1:
600 k->rsa = rsa_generate_private_key(bits);
601 break;
602 default:
2b87da3b 603 fatal("key_generate: unknown type %d", type);
fa08c86b 604 }
2b87da3b 605 k->type = type;
fa08c86b 606 return k;
607}
608
609Key *
b6c7b7b7 610key_from_private(const Key *k)
fa08c86b 611{
612 Key *n = NULL;
613 switch (k->type) {
2b87da3b 614 case KEY_DSA:
fa08c86b 615 n = key_new(k->type);
616 BN_copy(n->dsa->p, k->dsa->p);
617 BN_copy(n->dsa->q, k->dsa->q);
618 BN_copy(n->dsa->g, k->dsa->g);
619 BN_copy(n->dsa->pub_key, k->dsa->pub_key);
620 break;
621 case KEY_RSA:
622 case KEY_RSA1:
623 n = key_new(k->type);
624 BN_copy(n->rsa->n, k->rsa->n);
625 BN_copy(n->rsa->e, k->rsa->e);
626 break;
627 default:
2b87da3b 628 fatal("key_from_private: unknown type %d", k->type);
fa08c86b 629 break;
630 }
631 return n;
632}
633
634int
635key_type_from_name(char *name)
636{
6aacefa7 637 if (strcmp(name, "rsa1") == 0) {
fa08c86b 638 return KEY_RSA1;
6aacefa7 639 } else if (strcmp(name, "rsa") == 0) {
fa08c86b 640 return KEY_RSA;
6aacefa7 641 } else if (strcmp(name, "dsa") == 0) {
fa08c86b 642 return KEY_DSA;
6aacefa7 643 } else if (strcmp(name, "ssh-rsa") == 0) {
fa08c86b 644 return KEY_RSA;
6aacefa7 645 } else if (strcmp(name, "ssh-dss") == 0) {
fa08c86b 646 return KEY_DSA;
647 }
539af7f5 648 debug2("key_type_from_name: unknown key type '%s'", name);
fa08c86b 649 return KEY_UNSPEC;
650}
651
e961a8f9 652int
653key_names_valid2(const char *names)
654{
655 char *s, *cp, *p;
656
657 if (names == NULL || strcmp(names, "") == 0)
658 return 0;
659 s = cp = xstrdup(names);
660 for ((p = strsep(&cp, ",")); p && *p != '\0';
184eed6a 661 (p = strsep(&cp, ","))) {
e961a8f9 662 switch (key_type_from_name(p)) {
663 case KEY_RSA1:
664 case KEY_UNSPEC:
665 xfree(s);
666 return 0;
667 }
668 }
669 debug3("key names ok: [%s]", names);
670 xfree(s);
671 return 1;
672}
673
fa08c86b 674Key *
b6c7b7b7 675key_from_blob(const u_char *blob, u_int blen)
fa08c86b 676{
677 Buffer b;
fa08c86b 678 int rlen, type;
63488674 679 char *ktype = NULL;
fa08c86b 680 Key *key = NULL;
681
682#ifdef DEBUG_PK
683 dump_base64(stderr, blob, blen);
684#endif
685 buffer_init(&b);
686 buffer_append(&b, blob, blen);
63488674 687 if ((ktype = buffer_get_string_ret(&b, NULL)) == NULL) {
688 error("key_from_blob: can't read key type");
689 goto out;
690 }
691
fa08c86b 692 type = key_type_from_name(ktype);
693
6aacefa7 694 switch (type) {
fa08c86b 695 case KEY_RSA:
696 key = key_new(type);
63488674 697 if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 ||
698 buffer_get_bignum2_ret(&b, key->rsa->n) == -1) {
699 error("key_from_blob: can't read rsa key");
700 key_free(key);
701 key = NULL;
702 goto out;
703 }
fa08c86b 704#ifdef DEBUG_PK
705 RSA_print_fp(stderr, key->rsa, 8);
706#endif
707 break;
708 case KEY_DSA:
709 key = key_new(type);
63488674 710 if (buffer_get_bignum2_ret(&b, key->dsa->p) == -1 ||
711 buffer_get_bignum2_ret(&b, key->dsa->q) == -1 ||
712 buffer_get_bignum2_ret(&b, key->dsa->g) == -1 ||
713 buffer_get_bignum2_ret(&b, key->dsa->pub_key) == -1) {
714 error("key_from_blob: can't read dsa key");
715 key_free(key);
716 key = NULL;
717 goto out;
718 }
fa08c86b 719#ifdef DEBUG_PK
720 DSA_print_fp(stderr, key->dsa, 8);
721#endif
722 break;
723 case KEY_UNSPEC:
724 key = key_new(type);
725 break;
726 default:
727 error("key_from_blob: cannot handle type %s", ktype);
63488674 728 goto out;
fa08c86b 729 }
730 rlen = buffer_len(&b);
731 if (key != NULL && rlen != 0)
732 error("key_from_blob: remaining bytes in key blob %d", rlen);
63488674 733 out:
734 if (ktype != NULL)
735 xfree(ktype);
fa08c86b 736 buffer_free(&b);
737 return key;
738}
739
740int
b6c7b7b7 741key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
fa08c86b 742{
743 Buffer b;
744 int len;
fa08c86b 745
746 if (key == NULL) {
747 error("key_to_blob: key == NULL");
748 return 0;
749 }
750 buffer_init(&b);
6aacefa7 751 switch (key->type) {
fa08c86b 752 case KEY_DSA:
753 buffer_put_cstring(&b, key_ssh_name(key));
754 buffer_put_bignum2(&b, key->dsa->p);
755 buffer_put_bignum2(&b, key->dsa->q);
756 buffer_put_bignum2(&b, key->dsa->g);
757 buffer_put_bignum2(&b, key->dsa->pub_key);
758 break;
759 case KEY_RSA:
760 buffer_put_cstring(&b, key_ssh_name(key));
fa08c86b 761 buffer_put_bignum2(&b, key->rsa->e);
b5c334cc 762 buffer_put_bignum2(&b, key->rsa->n);
fa08c86b 763 break;
764 default:
f7436b8c 765 error("key_to_blob: unsupported key type %d", key->type);
766 buffer_free(&b);
767 return 0;
fa08c86b 768 }
769 len = buffer_len(&b);
fa08c86b 770 if (lenp != NULL)
771 *lenp = len;
eb9f2fab 772 if (blobp != NULL) {
773 *blobp = xmalloc(len);
774 memcpy(*blobp, buffer_ptr(&b), len);
775 }
776 memset(buffer_ptr(&b), 0, len);
777 buffer_free(&b);
fa08c86b 778 return len;
779}
780
781int
782key_sign(
b6c7b7b7 783 const Key *key,
c66f9d0e 784 u_char **sigp, u_int *lenp,
b6c7b7b7 785 const u_char *data, u_int datalen)
fa08c86b 786{
6aacefa7 787 switch (key->type) {
fa08c86b 788 case KEY_DSA:
789 return ssh_dss_sign(key, sigp, lenp, data, datalen);
fa08c86b 790 case KEY_RSA:
791 return ssh_rsa_sign(key, sigp, lenp, data, datalen);
fa08c86b 792 default:
d77347cc 793 error("key_sign: invalid key type %d", key->type);
fa08c86b 794 return -1;
fa08c86b 795 }
796}
797
3ed81c99 798/*
799 * key_verify returns 1 for a correct signature, 0 for an incorrect signature
800 * and -1 on error.
801 */
fa08c86b 802int
803key_verify(
b6c7b7b7 804 const Key *key,
805 const u_char *signature, u_int signaturelen,
806 const u_char *data, u_int datalen)
fa08c86b 807{
c10d042a 808 if (signaturelen == 0)
809 return -1;
810
6aacefa7 811 switch (key->type) {
fa08c86b 812 case KEY_DSA:
813 return ssh_dss_verify(key, signature, signaturelen, data, datalen);
fa08c86b 814 case KEY_RSA:
815 return ssh_rsa_verify(key, signature, signaturelen, data, datalen);
fa08c86b 816 default:
d77347cc 817 error("key_verify: invalid key type %d", key->type);
fa08c86b 818 return -1;
fa08c86b 819 }
820}
d0074658 821
822/* Converts a private to a public key */
d0074658 823Key *
b6c7b7b7 824key_demote(const Key *k)
d0074658 825{
826 Key *pk;
762715ce 827
52e3daed 828 pk = xcalloc(1, sizeof(*pk));
d0074658 829 pk->type = k->type;
830 pk->flags = k->flags;
831 pk->dsa = NULL;
832 pk->rsa = NULL;
833
834 switch (k->type) {
835 case KEY_RSA1:
836 case KEY_RSA:
837 if ((pk->rsa = RSA_new()) == NULL)
838 fatal("key_demote: RSA_new failed");
839 if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL)
840 fatal("key_demote: BN_dup failed");
841 if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL)
842 fatal("key_demote: BN_dup failed");
843 break;
844 case KEY_DSA:
845 if ((pk->dsa = DSA_new()) == NULL)
846 fatal("key_demote: DSA_new failed");
847 if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL)
848 fatal("key_demote: BN_dup failed");
849 if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL)
850 fatal("key_demote: BN_dup failed");
851 if ((pk->dsa->g = BN_dup(k->dsa->g)) == NULL)
852 fatal("key_demote: BN_dup failed");
853 if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL)
854 fatal("key_demote: BN_dup failed");
855 break;
856 default:
857 fatal("key_free: bad key type %d", k->type);
858 break;
859 }
860
861 return (pk);
862}
git-cvsimport mirror of OpenSSH
This page took 0.557876 seconds and 5 git commands to generate.