version 1.116, 2014/02/02 03:44:31 |
version 1.117, 2014/04/29 18:01:49 |
|
|
key_new(int type) |
key_new(int type) |
{ |
{ |
Key *k; |
Key *k; |
|
#ifdef WITH_OPENSSL |
RSA *rsa; |
RSA *rsa; |
DSA *dsa; |
DSA *dsa; |
|
#endif |
|
|
k = xcalloc(1, sizeof(*k)); |
k = xcalloc(1, sizeof(*k)); |
k->type = type; |
k->type = type; |
k->ecdsa = NULL; |
k->ecdsa = NULL; |
|
|
k->ed25519_sk = NULL; |
k->ed25519_sk = NULL; |
k->ed25519_pk = NULL; |
k->ed25519_pk = NULL; |
switch (k->type) { |
switch (k->type) { |
|
#ifdef WITH_OPENSSL |
case KEY_RSA1: |
case KEY_RSA1: |
case KEY_RSA: |
case KEY_RSA: |
case KEY_RSA_CERT_V00: |
case KEY_RSA_CERT_V00: |
|
|
case KEY_ECDSA_CERT: |
case KEY_ECDSA_CERT: |
/* Cannot do anything until we know the group */ |
/* Cannot do anything until we know the group */ |
break; |
break; |
|
#endif |
case KEY_ED25519: |
case KEY_ED25519: |
case KEY_ED25519_CERT: |
case KEY_ED25519_CERT: |
/* no need to prealloc */ |
/* no need to prealloc */ |
|
|
key_add_private(Key *k) |
key_add_private(Key *k) |
{ |
{ |
switch (k->type) { |
switch (k->type) { |
|
#ifdef WITH_OPENSSL |
case KEY_RSA1: |
case KEY_RSA1: |
case KEY_RSA: |
case KEY_RSA: |
case KEY_RSA_CERT_V00: |
case KEY_RSA_CERT_V00: |
|
|
case KEY_ECDSA_CERT: |
case KEY_ECDSA_CERT: |
/* Cannot do anything until we know the group */ |
/* Cannot do anything until we know the group */ |
break; |
break; |
|
#endif |
case KEY_ED25519: |
case KEY_ED25519: |
case KEY_ED25519_CERT: |
case KEY_ED25519_CERT: |
/* no need to prealloc */ |
/* no need to prealloc */ |
|
|
if (k == NULL) |
if (k == NULL) |
fatal("key_free: key is NULL"); |
fatal("key_free: key is NULL"); |
switch (k->type) { |
switch (k->type) { |
|
#ifdef WITH_OPENSSL |
case KEY_RSA1: |
case KEY_RSA1: |
case KEY_RSA: |
case KEY_RSA: |
case KEY_RSA_CERT_V00: |
case KEY_RSA_CERT_V00: |
|
|
EC_KEY_free(k->ecdsa); |
EC_KEY_free(k->ecdsa); |
k->ecdsa = NULL; |
k->ecdsa = NULL; |
break; |
break; |
|
#endif |
case KEY_ED25519: |
case KEY_ED25519: |
case KEY_ED25519_CERT: |
case KEY_ED25519_CERT: |
if (k->ed25519_pk) { |
if (k->ed25519_pk) { |
|
|
int |
int |
key_equal_public(const Key *a, const Key *b) |
key_equal_public(const Key *a, const Key *b) |
{ |
{ |
|
#ifdef WITH_OPENSSL |
BN_CTX *bnctx; |
BN_CTX *bnctx; |
|
#endif |
|
|
if (a == NULL || b == NULL || |
if (a == NULL || b == NULL || |
key_type_plain(a->type) != key_type_plain(b->type)) |
key_type_plain(a->type) != key_type_plain(b->type)) |
return 0; |
return 0; |
|
|
switch (a->type) { |
switch (a->type) { |
|
#ifdef WITH_OPENSSL |
case KEY_RSA1: |
case KEY_RSA1: |
case KEY_RSA_CERT_V00: |
case KEY_RSA_CERT_V00: |
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
|
|
} |
} |
BN_CTX_free(bnctx); |
BN_CTX_free(bnctx); |
return 1; |
return 1; |
|
#endif |
case KEY_ED25519: |
case KEY_ED25519: |
case KEY_ED25519_CERT: |
case KEY_ED25519_CERT: |
return a->ed25519_pk != NULL && b->ed25519_pk != NULL && |
return a->ed25519_pk != NULL && b->ed25519_pk != NULL && |
|
|
u_char *blob = NULL; |
u_char *blob = NULL; |
u_char *retval = NULL; |
u_char *retval = NULL; |
u_int len = 0; |
u_int len = 0; |
int nlen, elen, hash_alg = -1; |
int hash_alg = -1; |
|
#ifdef WITH_OPENSSL |
|
int nlen, elen; |
|
#endif |
|
|
*dgst_raw_length = 0; |
*dgst_raw_length = 0; |
|
|
|
|
fatal("%s: bad digest type %d", __func__, dgst_type); |
fatal("%s: bad digest type %d", __func__, dgst_type); |
} |
} |
switch (k->type) { |
switch (k->type) { |
|
#ifdef WITH_OPENSSL |
case KEY_RSA1: |
case KEY_RSA1: |
nlen = BN_num_bytes(k->rsa->n); |
nlen = BN_num_bytes(k->rsa->n); |
elen = BN_num_bytes(k->rsa->e); |
elen = BN_num_bytes(k->rsa->e); |
|
|
case KEY_DSA: |
case KEY_DSA: |
case KEY_ECDSA: |
case KEY_ECDSA: |
case KEY_RSA: |
case KEY_RSA: |
|
#endif |
case KEY_ED25519: |
case KEY_ED25519: |
key_to_blob(k, &blob, &len); |
key_to_blob(k, &blob, &len); |
break; |
break; |
|
#ifdef WITH_OPENSSL |
case KEY_DSA_CERT_V00: |
case KEY_DSA_CERT_V00: |
case KEY_RSA_CERT_V00: |
case KEY_RSA_CERT_V00: |
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
case KEY_ECDSA_CERT: |
case KEY_ECDSA_CERT: |
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
|
#endif |
case KEY_ED25519_CERT: |
case KEY_ED25519_CERT: |
/* We want a fingerprint of the _key_ not of the cert */ |
/* We want a fingerprint of the _key_ not of the cert */ |
to_blob(k, &blob, &len, 1); |
to_blob(k, &blob, &len, 1); |
|
|
return retval; |
return retval; |
} |
} |
|
|
|
#ifdef WITH_SSH1 |
/* |
/* |
* Reads a multiple-precision integer in decimal from the buffer, and advances |
* Reads a multiple-precision integer in decimal from the buffer, and advances |
* the pointer. The integer must already be initialized. This function is |
* the pointer. The integer must already be initialized. This function is |
|
|
OPENSSL_free(buf); |
OPENSSL_free(buf); |
return 1; |
return 1; |
} |
} |
|
#endif |
|
|
/* returns 1 ok, -1 error */ |
/* returns 1 ok, -1 error */ |
int |
int |
|
|
int success = -1; |
int success = -1; |
char *cp, *space; |
char *cp, *space; |
int len, n, type, curve_nid = -1; |
int len, n, type, curve_nid = -1; |
|
#ifdef WITH_SSH1 |
u_int bits; |
u_int bits; |
|
#endif |
u_char *blob; |
u_char *blob; |
|
|
cp = *cpp; |
cp = *cpp; |
|
|
switch (ret->type) { |
switch (ret->type) { |
case KEY_RSA1: |
case KEY_RSA1: |
|
#ifdef WITH_SSH1 |
/* Get number of bits. */ |
/* Get number of bits. */ |
if (*cp < '0' || *cp > '9') |
if (*cp < '0' || *cp > '9') |
return -1; /* Bad bit count... */ |
return -1; /* Bad bit count... */ |
|
|
return -1; |
return -1; |
} |
} |
success = 1; |
success = 1; |
|
#endif |
break; |
break; |
case KEY_UNSPEC: |
case KEY_UNSPEC: |
case KEY_RSA: |
case KEY_RSA: |
|
|
ret->cert = k->cert; |
ret->cert = k->cert; |
k->cert = NULL; |
k->cert = NULL; |
} |
} |
|
#ifdef WITH_OPENSSL |
if (key_type_plain(ret->type) == KEY_RSA) { |
if (key_type_plain(ret->type) == KEY_RSA) { |
if (ret->rsa != NULL) |
if (ret->rsa != NULL) |
RSA_free(ret->rsa); |
RSA_free(ret->rsa); |
|
|
key_dump_ec_key(ret->ecdsa); |
key_dump_ec_key(ret->ecdsa); |
#endif |
#endif |
} |
} |
|
#endif |
if (key_type_plain(ret->type) == KEY_ED25519) { |
if (key_type_plain(ret->type) == KEY_ED25519) { |
free(ret->ed25519_pk); |
free(ret->ed25519_pk); |
ret->ed25519_pk = k->ed25519_pk; |
ret->ed25519_pk = k->ed25519_pk; |
|
|
key_write(const Key *key, FILE *f) |
key_write(const Key *key, FILE *f) |
{ |
{ |
int n, success = 0; |
int n, success = 0; |
u_int len, bits = 0; |
#ifdef WITH_SSH1 |
|
u_int bits = 0; |
|
#endif |
|
u_int len; |
u_char *blob; |
u_char *blob; |
char *uu; |
char *uu; |
|
|
|
|
} |
} |
|
|
switch (key->type) { |
switch (key->type) { |
|
#ifdef WITH_SSH1 |
case KEY_RSA1: |
case KEY_RSA1: |
if (key->rsa == NULL) |
if (key->rsa == NULL) |
return 0; |
return 0; |
|
|
return 1; |
return 1; |
error("key_write: failed for RSA key"); |
error("key_write: failed for RSA key"); |
return 0; |
return 0; |
|
#endif |
|
#ifdef WITH_OPENSSL |
case KEY_DSA: |
case KEY_DSA: |
case KEY_DSA_CERT_V00: |
case KEY_DSA_CERT_V00: |
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
|
|
if (key->ecdsa == NULL) |
if (key->ecdsa == NULL) |
return 0; |
return 0; |
break; |
break; |
case KEY_ED25519: |
|
case KEY_ED25519_CERT: |
|
if (key->ed25519_pk == NULL) |
|
return 0; |
|
break; |
|
case KEY_RSA: |
case KEY_RSA: |
case KEY_RSA_CERT_V00: |
case KEY_RSA_CERT_V00: |
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
if (key->rsa == NULL) |
if (key->rsa == NULL) |
return 0; |
return 0; |
break; |
break; |
|
#endif |
|
case KEY_ED25519: |
|
case KEY_ED25519_CERT: |
|
if (key->ed25519_pk == NULL) |
|
return 0; |
|
break; |
default: |
default: |
return 0; |
return 0; |
} |
} |
|
|
int cert; |
int cert; |
}; |
}; |
static const struct keytype keytypes[] = { |
static const struct keytype keytypes[] = { |
|
#ifdef WITH_OPENSSL |
|
#ifdef WITH_SSH1 |
{ NULL, "RSA1", KEY_RSA1, 0, 0 }, |
{ NULL, "RSA1", KEY_RSA1, 0, 0 }, |
|
#endif |
{ "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, |
{ "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, |
{ "ssh-dss", "DSA", KEY_DSA, 0, 0 }, |
{ "ssh-dss", "DSA", KEY_DSA, 0, 0 }, |
{ "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 }, |
|
{ "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 }, |
{ "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 }, |
{ "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 }, |
{ "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 }, |
{ "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 }, |
{ "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 }, |
|
|
KEY_RSA_CERT_V00, 0, 1 }, |
KEY_RSA_CERT_V00, 0, 1 }, |
{ "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00", |
{ "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00", |
KEY_DSA_CERT_V00, 0, 1 }, |
KEY_DSA_CERT_V00, 0, 1 }, |
|
#endif |
|
{ "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 }, |
{ "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", |
{ "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", |
KEY_ED25519_CERT, 0, 1 }, |
KEY_ED25519_CERT, 0, 1 }, |
{ NULL, NULL, -1, -1, 0 } |
{ NULL, NULL, -1, -1, 0 } |
|
|
key_size(const Key *k) |
key_size(const Key *k) |
{ |
{ |
switch (k->type) { |
switch (k->type) { |
|
#ifdef WITH_OPENSSL |
case KEY_RSA1: |
case KEY_RSA1: |
case KEY_RSA: |
case KEY_RSA: |
case KEY_RSA_CERT_V00: |
case KEY_RSA_CERT_V00: |
|
|
case KEY_DSA_CERT_V00: |
case KEY_DSA_CERT_V00: |
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
return BN_num_bits(k->dsa->p); |
return BN_num_bits(k->dsa->p); |
case KEY_ED25519: |
|
return 256; /* XXX */ |
|
case KEY_ECDSA: |
case KEY_ECDSA: |
case KEY_ECDSA_CERT: |
case KEY_ECDSA_CERT: |
return key_curve_nid_to_bits(k->ecdsa_nid); |
return key_curve_nid_to_bits(k->ecdsa_nid); |
|
#endif |
|
case KEY_ED25519: |
|
return 256; /* XXX */ |
} |
} |
return 0; |
return 0; |
} |
} |
|
|
|
#ifdef WITH_OPENSSL |
static RSA * |
static RSA * |
rsa_generate_private_key(u_int bits) |
rsa_generate_private_key(u_int bits) |
{ |
{ |
|
|
EC_KEY_set_asn1_flag(private, OPENSSL_EC_NAMED_CURVE); |
EC_KEY_set_asn1_flag(private, OPENSSL_EC_NAMED_CURVE); |
return private; |
return private; |
} |
} |
|
#endif |
|
|
Key * |
Key * |
key_generate(int type, u_int bits) |
key_generate(int type, u_int bits) |
{ |
{ |
Key *k = key_new(KEY_UNSPEC); |
Key *k = key_new(KEY_UNSPEC); |
switch (type) { |
switch (type) { |
|
#ifdef WITH_OPENSSL |
case KEY_DSA: |
case KEY_DSA: |
k->dsa = dsa_generate_private_key(bits); |
k->dsa = dsa_generate_private_key(bits); |
break; |
break; |
|
|
case KEY_RSA1: |
case KEY_RSA1: |
k->rsa = rsa_generate_private_key(bits); |
k->rsa = rsa_generate_private_key(bits); |
break; |
break; |
case KEY_ED25519: |
|
k->ed25519_pk = xmalloc(ED25519_PK_SZ); |
|
k->ed25519_sk = xmalloc(ED25519_SK_SZ); |
|
crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk); |
|
break; |
|
case KEY_RSA_CERT_V00: |
case KEY_RSA_CERT_V00: |
case KEY_DSA_CERT_V00: |
case KEY_DSA_CERT_V00: |
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
fatal("key_generate: cert keys cannot be generated directly"); |
fatal("key_generate: cert keys cannot be generated directly"); |
|
#endif |
|
case KEY_ED25519: |
|
k->ed25519_pk = xmalloc(ED25519_PK_SZ); |
|
k->ed25519_sk = xmalloc(ED25519_SK_SZ); |
|
crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk); |
|
break; |
default: |
default: |
fatal("key_generate: unknown type %d", type); |
fatal("key_generate: unknown type %d", type); |
} |
} |
|
|
{ |
{ |
Key *n = NULL; |
Key *n = NULL; |
switch (k->type) { |
switch (k->type) { |
|
#ifdef WITH_OPENSSL |
case KEY_DSA: |
case KEY_DSA: |
case KEY_DSA_CERT_V00: |
case KEY_DSA_CERT_V00: |
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
|
|
(BN_copy(n->rsa->e, k->rsa->e) == NULL)) |
(BN_copy(n->rsa->e, k->rsa->e) == NULL)) |
fatal("key_from_private: BN_copy failed"); |
fatal("key_from_private: BN_copy failed"); |
break; |
break; |
|
#endif |
case KEY_ED25519: |
case KEY_ED25519: |
case KEY_ED25519_CERT: |
case KEY_ED25519_CERT: |
n = key_new(k->type); |
n = key_new(k->type); |
|
|
goto out; |
goto out; |
} |
} |
switch (type) { |
switch (type) { |
|
#ifdef WITH_OPENSSL |
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
(void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ |
(void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ |
/* FALLTHROUGH */ |
/* FALLTHROUGH */ |
|
|
if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || |
if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || |
buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { |
buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { |
error("key_from_blob: can't read rsa key"); |
error("key_from_blob: can't read rsa key"); |
badkey: |
goto badkey; |
key_free(key); |
|
key = NULL; |
|
goto out; |
|
} |
} |
#ifdef DEBUG_PK |
#ifdef DEBUG_PK |
RSA_print_fp(stderr, key->rsa, 8); |
RSA_print_fp(stderr, key->rsa, 8); |
|
|
key_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q); |
key_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q); |
#endif |
#endif |
break; |
break; |
|
#endif |
case KEY_ED25519_CERT: |
case KEY_ED25519_CERT: |
(void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ |
(void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ |
/* FALLTHROUGH */ |
/* FALLTHROUGH */ |
|
|
EC_POINT_free(q); |
EC_POINT_free(q); |
buffer_free(&b); |
buffer_free(&b); |
return key; |
return key; |
|
|
|
badkey: |
|
key_free(key); |
|
key = NULL; |
|
goto out; |
} |
} |
|
|
Key * |
Key * |
|
|
buffer_init(&b); |
buffer_init(&b); |
type = force_plain ? key_type_plain(key->type) : key->type; |
type = force_plain ? key_type_plain(key->type) : key->type; |
switch (type) { |
switch (type) { |
|
#ifdef WITH_OPENSSL |
case KEY_DSA_CERT_V00: |
case KEY_DSA_CERT_V00: |
case KEY_RSA_CERT_V00: |
case KEY_RSA_CERT_V00: |
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
case KEY_ECDSA_CERT: |
case KEY_ECDSA_CERT: |
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
|
#endif |
case KEY_ED25519_CERT: |
case KEY_ED25519_CERT: |
/* Use the existing blob */ |
/* Use the existing blob */ |
buffer_append(&b, buffer_ptr(&key->cert->certblob), |
buffer_append(&b, buffer_ptr(&key->cert->certblob), |
buffer_len(&key->cert->certblob)); |
buffer_len(&key->cert->certblob)); |
break; |
break; |
|
#ifdef WITH_OPENSSL |
case KEY_DSA: |
case KEY_DSA: |
buffer_put_cstring(&b, |
buffer_put_cstring(&b, |
key_ssh_name_from_type_nid(type, key->ecdsa_nid)); |
key_ssh_name_from_type_nid(type, key->ecdsa_nid)); |
|
|
buffer_put_bignum2(&b, key->rsa->e); |
buffer_put_bignum2(&b, key->rsa->e); |
buffer_put_bignum2(&b, key->rsa->n); |
buffer_put_bignum2(&b, key->rsa->n); |
break; |
break; |
|
#endif |
case KEY_ED25519: |
case KEY_ED25519: |
buffer_put_cstring(&b, |
buffer_put_cstring(&b, |
key_ssh_name_from_type_nid(type, key->ecdsa_nid)); |
key_ssh_name_from_type_nid(type, key->ecdsa_nid)); |
|
|
const u_char *data, u_int datalen) |
const u_char *data, u_int datalen) |
{ |
{ |
switch (key->type) { |
switch (key->type) { |
|
#ifdef WITH_OPENSSL |
case KEY_DSA_CERT_V00: |
case KEY_DSA_CERT_V00: |
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
case KEY_DSA: |
case KEY_DSA: |
|
|
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
case KEY_RSA: |
case KEY_RSA: |
return ssh_rsa_sign(key, sigp, lenp, data, datalen); |
return ssh_rsa_sign(key, sigp, lenp, data, datalen); |
|
#endif |
case KEY_ED25519: |
case KEY_ED25519: |
case KEY_ED25519_CERT: |
case KEY_ED25519_CERT: |
return ssh_ed25519_sign(key, sigp, lenp, data, datalen); |
return ssh_ed25519_sign(key, sigp, lenp, data, datalen); |
|
|
return -1; |
return -1; |
|
|
switch (key->type) { |
switch (key->type) { |
|
#ifdef WITH_OPENSSL |
case KEY_DSA_CERT_V00: |
case KEY_DSA_CERT_V00: |
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
case KEY_DSA: |
case KEY_DSA: |
|
|
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
case KEY_RSA: |
case KEY_RSA: |
return ssh_rsa_verify(key, signature, signaturelen, data, datalen); |
return ssh_rsa_verify(key, signature, signaturelen, data, datalen); |
|
#endif |
case KEY_ED25519: |
case KEY_ED25519: |
case KEY_ED25519_CERT: |
case KEY_ED25519_CERT: |
return ssh_ed25519_verify(key, signature, signaturelen, data, datalen); |
return ssh_ed25519_verify(key, signature, signaturelen, data, datalen); |
|
|
pk->ed25519_sk = NULL; |
pk->ed25519_sk = NULL; |
|
|
switch (k->type) { |
switch (k->type) { |
|
#ifdef WITH_OPENSSL |
case KEY_RSA_CERT_V00: |
case KEY_RSA_CERT_V00: |
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
key_cert_copy(k, pk); |
key_cert_copy(k, pk); |
|
|
EC_KEY_get0_public_key(k->ecdsa)) != 1) |
EC_KEY_get0_public_key(k->ecdsa)) != 1) |
fatal("key_demote: EC_KEY_set_public_key failed"); |
fatal("key_demote: EC_KEY_set_public_key failed"); |
break; |
break; |
|
#endif |
case KEY_ED25519_CERT: |
case KEY_ED25519_CERT: |
key_cert_copy(k, pk); |
key_cert_copy(k, pk); |
/* FALLTHROUGH */ |
/* FALLTHROUGH */ |
|
|
|
|
/* XXX this substantially duplicates to_blob(); refactor */ |
/* XXX this substantially duplicates to_blob(); refactor */ |
switch (k->type) { |
switch (k->type) { |
|
#ifdef WITH_OPENSSL |
case KEY_DSA_CERT_V00: |
case KEY_DSA_CERT_V00: |
case KEY_DSA_CERT: |
case KEY_DSA_CERT: |
buffer_put_bignum2(&k->cert->certblob, k->dsa->p); |
buffer_put_bignum2(&k->cert->certblob, k->dsa->p); |
|
|
buffer_put_bignum2(&k->cert->certblob, k->rsa->e); |
buffer_put_bignum2(&k->cert->certblob, k->rsa->e); |
buffer_put_bignum2(&k->cert->certblob, k->rsa->n); |
buffer_put_bignum2(&k->cert->certblob, k->rsa->n); |
break; |
break; |
|
#endif |
case KEY_ED25519_CERT: |
case KEY_ED25519_CERT: |
buffer_put_string(&k->cert->certblob, |
buffer_put_string(&k->cert->certblob, |
k->ed25519_pk, ED25519_PK_SZ); |
k->ed25519_pk, ED25519_PK_SZ); |
|
|
} |
} |
} |
} |
|
|
|
#ifdef WITH_OPENSSL |
/* XXX: these are really begging for a table-driven approach */ |
/* XXX: these are really begging for a table-driven approach */ |
int |
int |
key_curve_name_to_nid(const char *name) |
key_curve_name_to_nid(const char *name) |
|
|
BN_CTX_free(bnctx); |
BN_CTX_free(bnctx); |
return ret; |
return ret; |
} |
} |
|
#endif |
|
|
#if defined(DEBUG_KEXECDH) || defined(DEBUG_PK) |
#if defined(DEBUG_KEXECDH) || defined(DEBUG_PK) |
void |
void |
|
|
{ |
{ |
buffer_put_cstring(b, key_ssh_name(key)); |
buffer_put_cstring(b, key_ssh_name(key)); |
switch (key->type) { |
switch (key->type) { |
|
#ifdef WITH_OPENSSL |
case KEY_RSA: |
case KEY_RSA: |
buffer_put_bignum2(b, key->rsa->n); |
buffer_put_bignum2(b, key->rsa->n); |
buffer_put_bignum2(b, key->rsa->e); |
buffer_put_bignum2(b, key->rsa->e); |
|
|
buffer_len(&key->cert->certblob)); |
buffer_len(&key->cert->certblob)); |
buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa)); |
buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa)); |
break; |
break; |
|
#endif |
case KEY_ED25519: |
case KEY_ED25519: |
buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ); |
buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ); |
buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ); |
buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ); |
|
|
Key * |
Key * |
key_private_deserialize(Buffer *blob) |
key_private_deserialize(Buffer *blob) |
{ |
{ |
char *type_name, *curve; |
char *type_name; |
Key *k = NULL; |
Key *k = NULL; |
BIGNUM *exponent; |
|
EC_POINT *q; |
|
u_char *cert; |
u_char *cert; |
u_int len, pklen, sklen; |
u_int len, pklen, sklen; |
int type; |
int type; |
|
#ifdef WITH_OPENSSL |
|
char *curve; |
|
BIGNUM *exponent; |
|
EC_POINT *q; |
|
#endif |
|
|
type_name = buffer_get_string(blob, NULL); |
type_name = buffer_get_string(blob, NULL); |
type = key_type_from_name(type_name); |
type = key_type_from_name(type_name); |
switch (type) { |
switch (type) { |
|
#ifdef WITH_OPENSSL |
case KEY_DSA: |
case KEY_DSA: |
k = key_new_private(type); |
k = key_new_private(type); |
buffer_get_bignum2(blob, k->dsa->p); |
buffer_get_bignum2(blob, k->dsa->p); |
|
|
buffer_get_bignum2(blob, k->rsa->p); |
buffer_get_bignum2(blob, k->rsa->p); |
buffer_get_bignum2(blob, k->rsa->q); |
buffer_get_bignum2(blob, k->rsa->q); |
break; |
break; |
|
#endif |
case KEY_ED25519: |
case KEY_ED25519: |
k = key_new_private(type); |
k = key_new_private(type); |
k->ed25519_pk = buffer_get_string(blob, &pklen); |
k->ed25519_pk = buffer_get_string(blob, &pklen); |
|
|
|
|
/* enable blinding */ |
/* enable blinding */ |
switch (k->type) { |
switch (k->type) { |
|
#ifdef WITH_OPENSSL |
case KEY_RSA: |
case KEY_RSA: |
case KEY_RSA_CERT_V00: |
case KEY_RSA_CERT_V00: |
case KEY_RSA_CERT: |
case KEY_RSA_CERT: |
|
|
return NULL; |
return NULL; |
} |
} |
break; |
break; |
|
#endif |
} |
} |
return k; |
return k; |
} |
} |