X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/e31150022ded8a1b8f5f3a02b3a27476c6f3589d..ca24b5507e1129858ef7c87a4549f0e44237a7b1:/key.c diff --git a/key.c b/key.c index 80ce855d..5aea416b 100644 --- a/key.c +++ b/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.71 2008/06/11 23:02:22 otto Exp $ */ +/* $OpenBSD: key.c,v 1.82 2010/01/13 01:10:56 dtucker Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -11,6 +11,7 @@ * * * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. + * Copyright (c) 2008 Alexander von Gernler. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -173,6 +174,7 @@ key_equal(const Key *a, const Key *b) default: fatal("key_equal: bad key type %d", a->type); } + /* NOTREACHED */ } u_char* @@ -319,21 +321,29 @@ key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len) * Graphs are not unambiguous, because circles in graphs can be * walked in either direction. */ -#define FLDSIZE_Y 8 -#define FLDSIZE_X FLDSIZE_Y * 2 + +/* + * Field sizes for the random art. Have to be odd, so the starting point + * can be in the exact middle of the picture, and FLDBASE should be >=8 . + * Else pictures would be too dense, and drawing the frame would + * fail, too, because the key type would not fit in anymore. + */ +#define FLDBASE 8 +#define FLDSIZE_Y (FLDBASE + 1) +#define FLDSIZE_X (FLDBASE * 2 + 1) static char * -key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len) +key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k) { /* * Chars to be used after each other every time the worm * intersects with itself. Matter of taste. */ - char *augmentation_string = " .o+=*BOX@%&#/^"; + char *augmentation_string = " .o+=*BOX@%&#/^SE"; char *retval, *p; u_char field[FLDSIZE_X][FLDSIZE_Y]; u_int i, b; int x, y; - size_t len = strlen(augmentation_string); + size_t len = strlen(augmentation_string) - 1; retval = xcalloc(1, (FLDSIZE_X + 3) * (FLDSIZE_Y + 2)); @@ -341,7 +351,6 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len) memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char)); x = FLDSIZE_X / 2; y = FLDSIZE_Y / 2; - field[x][y] = 1; /* process raw key */ for (i = 0; i < dgst_raw_len; i++) { @@ -360,17 +369,22 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len) y = MIN(y, FLDSIZE_Y - 1); /* augment the field */ - field[x][y]++; + if (field[x][y] < len - 2) + field[x][y]++; input = input >> 2; } } + /* mark starting point and end point*/ + field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1; + field[x][y] = len; + /* fill in retval */ - p = retval; + snprintf(retval, FLDSIZE_X, "+--[%4s %4u]", key_type(k), key_size(k)); + p = strchr(retval, '\0'); /* output upper border */ - *p++ = '+'; - for (i = 0; i < FLDSIZE_X; i++) + for (i = p - retval - 1; i < FLDSIZE_X; i++) *p++ = '-'; *p++ = '+'; *p++ = '\n'; @@ -379,7 +393,7 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len) for (y = 0; y < FLDSIZE_Y; y++) { *p++ = '|'; for (x = 0; x < FLDSIZE_X; x++) - *p++ = augmentation_string[MIN(field[x][y], len - 1)]; + *p++ = augmentation_string[MIN(field[x][y], len)]; *p++ = '|'; *p++ = '\n'; } @@ -411,10 +425,10 @@ key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) retval = key_fingerprint_bubblebabble(dgst_raw, dgst_raw_len); break; case SSH_FP_RANDOMART: - retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len); + retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len, k); break; default: - fatal("key_fingerprint_ex: bad digest representation %d", + fatal("key_fingerprint: bad digest representation %d", dgst_rep); break; } @@ -508,6 +522,12 @@ key_read(Key *ret, char **cpp) return -1; if (!read_bignum(cpp, ret->rsa->n)) return -1; + /* validate the claimed number of bits */ + if ((u_int)BN_num_bits(ret->rsa->n) != bits) { + verbose("key_read: claimed key size %d does not match " + "actual %d", bits, BN_num_bits(ret->rsa->n)); + return -1; + } success = 1; break; case KEY_UNSPEC: @@ -671,7 +691,7 @@ rsa_generate_private_key(u_int bits) { RSA *private; - private = RSA_generate_key(bits, 35, NULL, NULL); + private = RSA_generate_key(bits, RSA_F4, NULL, NULL); if (private == NULL) fatal("rsa_generate_private_key: key generation failed."); return private;