src/usr.bin/ssh/key.c - diff

Return to key.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/Attic/key.c between version 1.108 and 1.109

version 1.108, 2013/12/06 13:34:54

version 1.109, 2013/12/06 13:39:49

Line 38

#include <sys/types.h>

#include <openssl/evp.h>

#include "crypto_api.h"

#include <stdio.h>

#include <string.h>

Line 82

Line 83

k->dsa = NULL;

k->rsa = NULL;

k->cert = NULL;

k->ed25519_sk = NULL;

k->ed25519_pk = NULL;

switch (k->type) {

case KEY_RSA1:

case KEY_RSA:

Line 114

Line 117

case KEY_ECDSA_CERT:

/* Cannot do anything until we know the group */

break;

case KEY_ED25519:

case KEY_ED25519_CERT:

/* no need to prealloc */

break;

case KEY_UNSPEC:

break;

default:

Line 158

Line 165

case KEY_ECDSA_CERT:

/* Cannot do anything until we know the group */

break;

case KEY_ED25519:

case KEY_ED25519_CERT:

/* no need to prealloc */

break;

case KEY_UNSPEC:

break;

default:

Line 218

Line 229

EC_KEY_free(k->ecdsa);

k->ecdsa = NULL;

break;

case KEY_ED25519:

case KEY_ED25519_CERT:

if (k->ed25519_pk) {

memset(k->ed25519_pk, 0, ED25519_PK_SZ);

free(k->ed25519_pk);

k->ed25519_pk = NULL;

}

if (k->ed25519_sk) {

memset(k->ed25519_sk, 0, ED25519_SK_SZ);

free(k->ed25519_sk);

k->ed25519_sk = NULL;

}

break;

case KEY_UNSPEC:

break;

default:

Line 295

Line 319

}

BN_CTX_free(bnctx);

return 1;

case KEY_ED25519:

case KEY_ED25519_CERT:

return a->ed25519_pk != NULL && b->ed25519_pk != NULL &&

memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0;

default:

fatal("key_equal: bad key type %d", a->type);

}

Line 352

Line 380

case KEY_DSA:

case KEY_ECDSA:

case KEY_RSA:

case KEY_ED25519:

key_to_blob(k, &blob, &len);

break;

case KEY_DSA_CERT_V00:

Line 359

Line 388

case KEY_DSA_CERT:

case KEY_ECDSA_CERT:

case KEY_RSA_CERT:

case KEY_ED25519_CERT:

/* We want a fingerprint of the _key_ not of the cert */

to_blob(k, &blob, &len, 1);

break;

Line 682

Line 712

case KEY_RSA:

case KEY_DSA:

case KEY_ECDSA:

case KEY_ED25519:

case KEY_DSA_CERT_V00:

case KEY_RSA_CERT_V00:

case KEY_DSA_CERT:

case KEY_ECDSA_CERT:

case KEY_RSA_CERT:

case KEY_ED25519_CERT:

space = strchr(cp, ' ');

if (space == NULL) {

debug3("key_read: missing whitespace");

Line 782

Line 814

key_dump_ec_key(ret->ecdsa);

#endif

}

if (key_type_plain(ret->type) == KEY_ED25519) {

free(ret->ed25519_pk);

ret->ed25519_pk = k->ed25519_pk;

k->ed25519_pk = NULL;

#ifdef DEBUG_PK

/* XXX */

#endif

}

success = 1;

/*XXXX*/

key_free(k);

Line 843

Line 883

if (key->ecdsa == NULL)

return 0;

break;

case KEY_ED25519:

case KEY_ED25519_CERT:

if (key->ed25519_pk == NULL)

return 0;

break;

case KEY_RSA:

case KEY_RSA_CERT_V00:

case KEY_RSA_CERT:

Line 890

Line 935

{ NULL, "RSA1", KEY_RSA1, 0, 0 },

{ "ssh-rsa", "RSA", KEY_RSA, 0, 0 },

{ "ssh-dss", "DSA", KEY_DSA, 0, 0 },

{ "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 },

{ "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 },

{ "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 },

{ "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 },

Line 905

Line 951

KEY_RSA_CERT_V00, 0, 1 },

{ "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00",

KEY_DSA_CERT_V00, 0, 1 },

{ "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT",

KEY_ED25519_CERT, 0, 1 },

{ NULL, NULL, -1, -1, 0 }

};

Line 976

Line 1024

}

char *

key_alg_list(void)

key_alg_list(int certs_only, int plain_only)

{

char *ret = NULL;

size_t nlen, rlen = 0;

Line 985

Line 1033

for (kt = keytypes; kt->type != -1; kt++) {

if (kt->name == NULL)

continue;

if ((certs_only && !kt->cert) || (plain_only && kt->cert))

continue;

if (ret != NULL)

ret[rlen++] = '\n';

nlen = strlen(kt->name);

Line 1020

Line 1070

case KEY_DSA_CERT_V00:

case KEY_DSA_CERT:

return BN_num_bits(k->dsa->p);

case KEY_ED25519:

return 256; /* XXX */

case KEY_ECDSA:

case KEY_ECDSA_CERT:

return key_curve_nid_to_bits(k->ecdsa_nid);

Line 1151

Line 1203

case KEY_RSA1:

k->rsa = rsa_generate_private_key(bits);

break;

case KEY_ED25519:

k->ed25519_pk = xmalloc(ED25519_PK_SZ);

k->ed25519_sk = xmalloc(ED25519_SK_SZ);

crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk);

break;

case KEY_RSA_CERT_V00:

case KEY_DSA_CERT_V00:

case KEY_RSA_CERT:

Line 1242

Line 1299

(BN_copy(n->rsa->e, k->rsa->e) == NULL))

fatal("key_from_private: BN_copy failed");

break;

case KEY_ED25519:

case KEY_ED25519_CERT:

n = key_new(k->type);

if (k->ed25519_pk != NULL) {

n->ed25519_pk = xmalloc(ED25519_PK_SZ);

memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);

}

break;

default:

fatal("key_from_private: unknown type %d", k->type);

break;

Line 1404

Line 1469

{

Buffer b;

int rlen, type, nid = -1;

u_int len;

char *ktype = NULL, *curve = NULL;

u_char *pk = NULL;

Key *key = NULL;

EC_POINT *q = NULL;

Line 1496

Line 1563

key_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q);

#endif

break;

case KEY_ED25519_CERT:

(void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */

/* FALLTHROUGH */

case KEY_ED25519:

if ((pk = buffer_get_string_ret(&b, &len)) == NULL) {

error("key_from_blob: can't read ed25519 key");

goto badkey;

}

if (len != ED25519_PK_SZ) {

error("key_from_blob: ed25519 len %d != %d",

len, ED25519_PK_SZ);

goto badkey;

}

key = key_new(type);

key->ed25519_pk = pk;

pk = NULL;

break;

case KEY_UNSPEC:

key = key_new(type);

break;

Line 1513

Line 1597

out:

free(ktype);

free(curve);

free(pk);

if (q != NULL)

EC_POINT_free(q);

buffer_free(&b);

Line 1547

Line 1632

case KEY_DSA_CERT:

case KEY_ECDSA_CERT:

case KEY_RSA_CERT:

case KEY_ED25519_CERT:

/* Use the existing blob */

buffer_append(&b, buffer_ptr(&key->cert->certblob),

buffer_len(&key->cert->certblob));

Line 1572

Line 1658

buffer_put_bignum2(&b, key->rsa->e);

buffer_put_bignum2(&b, key->rsa->n);

break;

case KEY_ED25519:

buffer_put_cstring(&b,

key_ssh_name_from_type_nid(type, key->ecdsa_nid));

buffer_put_string(&b, key->ed25519_pk, ED25519_PK_SZ);

break;

default:

error("key_to_blob: unsupported key type %d", key->type);

buffer_free(&b);

Line 1613

Line 1704

case KEY_RSA_CERT:

case KEY_RSA:

return ssh_rsa_sign(key, sigp, lenp, data, datalen);

case KEY_ED25519:

case KEY_ED25519_CERT:

return ssh_ed25519_sign(key, sigp, lenp, data, datalen);

default:

error("key_sign: invalid key type %d", key->type);

return -1;

Line 1644

Line 1738

case KEY_RSA_CERT:

case KEY_RSA:

return ssh_rsa_verify(key, signature, signaturelen, data, datalen);

case KEY_ED25519:

case KEY_ED25519_CERT:

return ssh_ed25519_verify(key, signature, signaturelen, data, datalen);

default:

error("key_verify: invalid key type %d", key->type);

return -1;

Line 1663

Line 1760

pk->dsa = NULL;

pk->ecdsa = NULL;

pk->rsa = NULL;

pk->ed25519_pk = NULL;

pk->ed25519_sk = NULL;

switch (k->type) {

case KEY_RSA_CERT_V00:

Line 1704

Line 1803

EC_KEY_get0_public_key(k->ecdsa)) != 1)

fatal("key_demote: EC_KEY_set_public_key failed");

break;

case KEY_ED25519_CERT:

key_cert_copy(k, pk);

/* FALLTHROUGH */

case KEY_ED25519:

if (k->ed25519_pk != NULL) {

pk->ed25519_pk = xmalloc(ED25519_PK_SZ);

memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);

}

break;

default:

fatal("key_free: bad key type %d", k->type);

fatal("key_demote: bad key type %d", k->type);

break;

}

Line 1733

Line 1841

return KEY_DSA;

case KEY_ECDSA_CERT:

return KEY_ECDSA;

case KEY_ED25519_CERT:

return KEY_ED25519;

default:

return type;

}

Line 1758

Line 1868

k->cert = cert_new();

k->type = KEY_ECDSA_CERT;

return 0;

case KEY_ED25519:

if (legacy)

fatal("%s: legacy ED25519 certificates are not "

"supported", __func__);

k->cert = cert_new();

k->type = KEY_ED25519_CERT;

return 0;

default:

error("%s: key has incorrect type %s", __func__, key_type(k));

return -1;

Line 1768

Line 1885

int

key_drop_cert(Key *k)

{

switch (k->type) {

if (!key_type_is_cert(k->type)) {

case KEY_RSA_CERT_V00:

case KEY_RSA_CERT:

cert_free(k->cert);

k->type = KEY_RSA;

return 0;

case KEY_DSA_CERT_V00:

case KEY_DSA_CERT:

cert_free(k->cert);

k->type = KEY_DSA;

return 0;

case KEY_ECDSA_CERT:

cert_free(k->cert);

k->type = KEY_ECDSA;

return 0;

default:

error("%s: key has incorrect type %s", __func__, key_type(k));

return -1;

}

cert_free(k->cert);

k->type = key_type_plain(k->type);

return 0;

}

/* Sign a certified key, (re-)generating the signed certblob. */

* Sign a KEY_RSA_CERT, KEY_DSA_CERT or KEY_ECDSA_CERT, (re-)generating

* the signed certblob

int

key_certify(Key *k, Key *ca)

{

Line 1812

Line 1914

}

if (ca->type != KEY_RSA && ca->type != KEY_DSA &&

ca->type != KEY_ECDSA) {

ca->type != KEY_ECDSA && ca->type != KEY_ED25519) {

error("%s: CA key has unsupported type %s", __func__,

key_type(ca));

return -1;

Line 1849

Line 1951

buffer_put_bignum2(&k->cert->certblob, k->rsa->e);

buffer_put_bignum2(&k->cert->certblob, k->rsa->n);

break;

case KEY_ED25519_CERT:

buffer_put_string(&k->cert->certblob,

k->ed25519_pk, ED25519_PK_SZ);

break;

default:

error("%s: key has incorrect type %s", __func__, key_type(k));

buffer_clear(&k->cert->certblob);

Line 2251

Line 2357

buffer_len(&key->cert->certblob));

buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa));

break;

case KEY_ED25519:

buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ);

buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ);

break;

case KEY_ED25519_CERT:

if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0)

fatal("%s: no cert/certblob", __func__);

buffer_put_string(b, buffer_ptr(&key->cert->certblob),

buffer_len(&key->cert->certblob));

buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ);

buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ);

break;

}

Line 2262

Line 2380

BIGNUM *exponent;

EC_POINT *q;

u_char *cert;

u_int len;

u_int len, pklen, sklen;

int type;

type_name = buffer_get_string(blob, NULL);

Line 2359

Line 2477

buffer_get_bignum2(blob, k->rsa->iqmp);

buffer_get_bignum2(blob, k->rsa->p);

buffer_get_bignum2(blob, k->rsa->q);

break;

case KEY_ED25519:

k = key_new_private(type);

k->ed25519_pk = buffer_get_string(blob, &pklen);

k->ed25519_sk = buffer_get_string(blob, &sklen);

if (pklen != ED25519_PK_SZ)

fatal("%s: ed25519 pklen %d != %d",

__func__, pklen, ED25519_PK_SZ);

if (sklen != ED25519_SK_SZ)

fatal("%s: ed25519 sklen %d != %d",

__func__, sklen, ED25519_SK_SZ);

break;

case KEY_ED25519_CERT:

cert = buffer_get_string(blob, &len);

if ((k = key_from_blob(cert, len)) == NULL)

fatal("Certificate parse failed");

free(cert);

key_add_private(k);

k->ed25519_pk = buffer_get_string(blob, &pklen);

k->ed25519_sk = buffer_get_string(blob, &sklen);

if (pklen != ED25519_PK_SZ)

fatal("%s: ed25519 pklen %d != %d",

__func__, pklen, ED25519_PK_SZ);

if (sklen != ED25519_SK_SZ)

fatal("%s: ed25519 sklen %d != %d",

__func__, sklen, ED25519_SK_SZ);

break;

default:

free(type_name);