src/usr.bin/ssh/key.c - diff

Return to key.c CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/Attic/key.c between version 1.116 and 1.117

version 1.116, 2014/02/02 03:44:31

version 1.117, 2014/04/29 18:01:49

Line 75

key_new(int type)

{

Key *k;

#ifdef WITH_OPENSSL

RSA *rsa;

DSA *dsa;

#endif

k = xcalloc(1, sizeof(*k));

k->type = type;

k->ecdsa = NULL;

Line 87

Line 90

k->ed25519_sk = NULL;

k->ed25519_pk = NULL;

switch (k->type) {

#ifdef WITH_OPENSSL

case KEY_RSA1:

case KEY_RSA:

case KEY_RSA_CERT_V00:

Line 118

Line 122

case KEY_ECDSA_CERT:

/* Cannot do anything until we know the group */

break;

#endif

case KEY_ED25519:

case KEY_ED25519_CERT:

/* no need to prealloc */

Line 139

Line 144

key_add_private(Key *k)

{

switch (k->type) {

#ifdef WITH_OPENSSL

case KEY_RSA1:

case KEY_RSA:

case KEY_RSA_CERT_V00:

Line 166

Line 172

case KEY_ECDSA_CERT:

/* Cannot do anything until we know the group */

break;

#endif

case KEY_ED25519:

case KEY_ED25519_CERT:

/* no need to prealloc */

Line 209

Line 216

if (k == NULL)

fatal("key_free: key is NULL");

switch (k->type) {

#ifdef WITH_OPENSSL

case KEY_RSA1:

case KEY_RSA:

case KEY_RSA_CERT_V00:

Line 230

Line 238

EC_KEY_free(k->ecdsa);

k->ecdsa = NULL;

break;

#endif

case KEY_ED25519:

case KEY_ED25519_CERT:

if (k->ed25519_pk) {

Line 280

Line 289

int

key_equal_public(const Key *a, const Key *b)

{

#ifdef WITH_OPENSSL

BN_CTX *bnctx;

#endif

if (a == NULL || b == NULL ||

key_type_plain(a->type) != key_type_plain(b->type))

return 0;

switch (a->type) {

#ifdef WITH_OPENSSL

case KEY_RSA1:

case KEY_RSA_CERT_V00:

case KEY_RSA_CERT:

Line 320

Line 332

}

BN_CTX_free(bnctx);

return 1;

#endif

case KEY_ED25519:

case KEY_ED25519_CERT:

return a->ed25519_pk != NULL && b->ed25519_pk != NULL &&

Line 349

Line 362

u_char *blob = NULL;

u_char *retval = NULL;

u_int len = 0;

int nlen, elen, hash_alg = -1;

int hash_alg = -1;

#ifdef WITH_OPENSSL

int nlen, elen;

#endif

*dgst_raw_length = 0;

Line 368

Line 384

fatal("%s: bad digest type %d", __func__, dgst_type);

}

switch (k->type) {

#ifdef WITH_OPENSSL

case KEY_RSA1:

nlen = BN_num_bytes(k->rsa->n);

elen = BN_num_bytes(k->rsa->e);

Line 379

Line 396

case KEY_DSA:

case KEY_ECDSA:

case KEY_RSA:

#endif

case KEY_ED25519:

key_to_blob(k, &blob, &len);

break;

#ifdef WITH_OPENSSL

case KEY_DSA_CERT_V00:

case KEY_RSA_CERT_V00:

case KEY_DSA_CERT:

case KEY_ECDSA_CERT:

case KEY_RSA_CERT:

#endif

case KEY_ED25519_CERT:

/* We want a fingerprint of the _key_ not of the cert */

to_blob(k, &blob, &len, 1);

Line 615

Line 635

return retval;

}

#ifdef WITH_SSH1

* Reads a multiple-precision integer in decimal from the buffer, and advances

* the pointer. The integer must already be initialized. This function is

Line 671

Line 692

OPENSSL_free(buf);

return 1;

}

#endif

/* returns 1 ok, -1 error */

int

Line 680

Line 702

int success = -1;

char *cp, *space;

int len, n, type, curve_nid = -1;

#ifdef WITH_SSH1

u_int bits;

#endif

u_char *blob;

cp = *cpp;

switch (ret->type) {

case KEY_RSA1:

#ifdef WITH_SSH1

/* Get number of bits. */

if (*cp < '0' || *cp > '9')

return -1; /* Bad bit count... */

Line 707

Line 732

return -1;

}

success = 1;

#endif

break;

case KEY_UNSPEC:

case KEY_RSA:

Line 785

Line 811

ret->cert = k->cert;

k->cert = NULL;

}

#ifdef WITH_OPENSSL

if (key_type_plain(ret->type) == KEY_RSA) {

if (ret->rsa != NULL)

RSA_free(ret->rsa);

Line 814

Line 841

key_dump_ec_key(ret->ecdsa);

#endif

}

#endif

if (key_type_plain(ret->type) == KEY_ED25519) {

free(ret->ed25519_pk);

ret->ed25519_pk = k->ed25519_pk;

Line 845

Line 873

key_write(const Key *key, FILE *f)

{

int n, success = 0;

u_int len, bits = 0;

#ifdef WITH_SSH1

u_int bits = 0;

#endif

u_int len;

u_char *blob;

char *uu;

Line 861

Line 892

}

switch (key->type) {

#ifdef WITH_SSH1

case KEY_RSA1:

if (key->rsa == NULL)

return 0;

Line 872

Line 904

return 1;

error("key_write: failed for RSA key");

return 0;

#endif

#ifdef WITH_OPENSSL

case KEY_DSA:

case KEY_DSA_CERT_V00:

case KEY_DSA_CERT:

Line 883

Line 917

if (key->ecdsa == NULL)

return 0;

break;

case KEY_ED25519:

case KEY_ED25519_CERT:

if (key->ed25519_pk == NULL)

return 0;

break;

case KEY_RSA:

case KEY_RSA_CERT_V00:

case KEY_RSA_CERT:

if (key->rsa == NULL)

return 0;

break;

#endif

case KEY_ED25519:

case KEY_ED25519_CERT:

if (key->ed25519_pk == NULL)

return 0;

break;

default:

return 0;

}

Line 932

Line 967

int cert;

};

static const struct keytype keytypes[] = {

#ifdef WITH_OPENSSL

#ifdef WITH_SSH1

{ NULL, "RSA1", KEY_RSA1, 0, 0 },

#endif

{ "ssh-rsa", "RSA", KEY_RSA, 0, 0 },

{ "ssh-dss", "DSA", KEY_DSA, 0, 0 },

{ "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 },

{ "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 },

{ "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 },

{ "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 },

Line 951

Line 988

KEY_RSA_CERT_V00, 0, 1 },

{ "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00",

KEY_DSA_CERT_V00, 0, 1 },

#endif

{ "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 },

{ "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT",

KEY_ED25519_CERT, 0, 1 },

{ NULL, NULL, -1, -1, 0 }

Line 1075

Line 1114

key_size(const Key *k)

{

switch (k->type) {

#ifdef WITH_OPENSSL

case KEY_RSA1:

case KEY_RSA:

case KEY_RSA_CERT_V00:

Line 1084

Line 1124

case KEY_DSA_CERT_V00:

case KEY_DSA_CERT:

return BN_num_bits(k->dsa->p);

case KEY_ED25519:

return 256; /* XXX */

case KEY_ECDSA:

case KEY_ECDSA_CERT:

return key_curve_nid_to_bits(k->ecdsa_nid);

#endif

case KEY_ED25519:

return 256; /* XXX */

}

return 0;

}

#ifdef WITH_OPENSSL

static RSA *

rsa_generate_private_key(u_int bits)

{

Line 1201

Line 1243

EC_KEY_set_asn1_flag(private, OPENSSL_EC_NAMED_CURVE);

return private;

}

#endif

Key *

key_generate(int type, u_int bits)

{

Key *k = key_new(KEY_UNSPEC);

switch (type) {

#ifdef WITH_OPENSSL

case KEY_DSA:

k->dsa = dsa_generate_private_key(bits);

break;

Line 1217

Line 1261

case KEY_RSA1:

k->rsa = rsa_generate_private_key(bits);

break;

case KEY_ED25519:

k->ed25519_pk = xmalloc(ED25519_PK_SZ);

k->ed25519_sk = xmalloc(ED25519_SK_SZ);

crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk);

break;

case KEY_RSA_CERT_V00:

case KEY_DSA_CERT_V00:

case KEY_RSA_CERT:

case KEY_DSA_CERT:

fatal("key_generate: cert keys cannot be generated directly");

#endif

case KEY_ED25519:

k->ed25519_pk = xmalloc(ED25519_PK_SZ);

k->ed25519_sk = xmalloc(ED25519_SK_SZ);

crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk);

break;

default:

fatal("key_generate: unknown type %d", type);

}

Line 1284

Line 1329

{

Key *n = NULL;

switch (k->type) {

#ifdef WITH_OPENSSL

case KEY_DSA:

case KEY_DSA_CERT_V00:

case KEY_DSA_CERT:

Line 1313

Line 1359

(BN_copy(n->rsa->e, k->rsa->e) == NULL))

fatal("key_from_private: BN_copy failed");

break;

#endif

case KEY_ED25519:

case KEY_ED25519_CERT:

n = key_new(k->type);

Line 1505

Line 1552

goto out;

}

switch (type) {

#ifdef WITH_OPENSSL

case KEY_RSA_CERT:

(void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */

/* FALLTHROUGH */

Line 1514

Line 1562

if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 ||

buffer_get_bignum2_ret(&b, key->rsa->n) == -1) {

error("key_from_blob: can't read rsa key");

badkey:

goto badkey;

key_free(key);

key = NULL;

goto out;

}

#ifdef DEBUG_PK

RSA_print_fp(stderr, key->rsa, 8);

Line 1575

Line 1620

key_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q);

#endif

break;

#endif

case KEY_ED25519_CERT:

(void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */

/* FALLTHROUGH */

Line 1614

Line 1660

EC_POINT_free(q);

buffer_free(&b);

return key;

badkey:

key_free(key);

key = NULL;

goto out;

}

Key *

Line 1639

Line 1690

buffer_init(&b);

type = force_plain ? key_type_plain(key->type) : key->type;

switch (type) {

#ifdef WITH_OPENSSL

case KEY_DSA_CERT_V00:

case KEY_RSA_CERT_V00:

case KEY_DSA_CERT:

case KEY_ECDSA_CERT:

case KEY_RSA_CERT:

#endif

case KEY_ED25519_CERT:

/* Use the existing blob */

buffer_append(&b, buffer_ptr(&key->cert->certblob),

buffer_len(&key->cert->certblob));

break;

#ifdef WITH_OPENSSL

case KEY_DSA:

buffer_put_cstring(&b,

key_ssh_name_from_type_nid(type, key->ecdsa_nid));

Line 1670

Line 1724

buffer_put_bignum2(&b, key->rsa->e);

buffer_put_bignum2(&b, key->rsa->n);

break;

#endif

case KEY_ED25519:

buffer_put_cstring(&b,

key_ssh_name_from_type_nid(type, key->ecdsa_nid));

Line 1705

Line 1760

const u_char *data, u_int datalen)

{

switch (key->type) {

#ifdef WITH_OPENSSL

case KEY_DSA_CERT_V00:

case KEY_DSA_CERT:

case KEY_DSA:

Line 1716

Line 1772

case KEY_RSA_CERT:

case KEY_RSA:

return ssh_rsa_sign(key, sigp, lenp, data, datalen);

#endif

case KEY_ED25519:

case KEY_ED25519_CERT:

return ssh_ed25519_sign(key, sigp, lenp, data, datalen);

Line 1739

Line 1796

return -1;

switch (key->type) {

#ifdef WITH_OPENSSL

case KEY_DSA_CERT_V00:

case KEY_DSA_CERT:

case KEY_DSA:

Line 1750

Line 1808

case KEY_RSA_CERT:

case KEY_RSA:

return ssh_rsa_verify(key, signature, signaturelen, data, datalen);

#endif

case KEY_ED25519:

case KEY_ED25519_CERT:

return ssh_ed25519_verify(key, signature, signaturelen, data, datalen);

Line 1776

Line 1835

pk->ed25519_sk = NULL;

switch (k->type) {

#ifdef WITH_OPENSSL

case KEY_RSA_CERT_V00:

case KEY_RSA_CERT:

key_cert_copy(k, pk);

Line 1815

Line 1875

EC_KEY_get0_public_key(k->ecdsa)) != 1)

fatal("key_demote: EC_KEY_set_public_key failed");

break;

#endif

case KEY_ED25519_CERT:

key_cert_copy(k, pk);

/* FALLTHROUGH */

Line 1944

Line 2005

/* XXX this substantially duplicates to_blob(); refactor */

switch (k->type) {

#ifdef WITH_OPENSSL

case KEY_DSA_CERT_V00:

case KEY_DSA_CERT:

buffer_put_bignum2(&k->cert->certblob, k->dsa->p);

Line 1963

Line 2025

buffer_put_bignum2(&k->cert->certblob, k->rsa->e);

buffer_put_bignum2(&k->cert->certblob, k->rsa->n);

break;

#endif

case KEY_ED25519_CERT:

buffer_put_string(&k->cert->certblob,

k->ed25519_pk, ED25519_PK_SZ);

Line 2087

Line 2150

}

#ifdef WITH_OPENSSL

/* XXX: these are really begging for a table-driven approach */

int

key_curve_name_to_nid(const char *name)

Line 2272

Line 2336

BN_CTX_free(bnctx);

return ret;

}

#endif

#if defined(DEBUG_KEXECDH) || defined(DEBUG_PK)

void

Line 2322

Line 2387

{

buffer_put_cstring(b, key_ssh_name(key));

switch (key->type) {

#ifdef WITH_OPENSSL

case KEY_RSA:

buffer_put_bignum2(b, key->rsa->n);

buffer_put_bignum2(b, key->rsa->e);

Line 2369

Line 2435

buffer_len(&key->cert->certblob));

buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa));

break;

#endif

case KEY_ED25519:

buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ);

buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ);

Line 2387

Line 2454

Key *

key_private_deserialize(Buffer *blob)

{

char *type_name, *curve;

char *type_name;

Key *k = NULL;

BIGNUM *exponent;

EC_POINT *q;

u_char *cert;

u_int len, pklen, sklen;

int type;

#ifdef WITH_OPENSSL

char *curve;

BIGNUM *exponent;

EC_POINT *q;

#endif

type_name = buffer_get_string(blob, NULL);

type = key_type_from_name(type_name);

switch (type) {

#ifdef WITH_OPENSSL

case KEY_DSA:

k = key_new_private(type);

buffer_get_bignum2(blob, k->dsa->p);

Line 2490

Line 2561

buffer_get_bignum2(blob, k->rsa->p);

buffer_get_bignum2(blob, k->rsa->q);

break;

#endif

case KEY_ED25519:

k = key_new_private(type);

k->ed25519_pk = buffer_get_string(blob, &pklen);

Line 2525

Line 2597

/* enable blinding */

switch (k->type) {

#ifdef WITH_OPENSSL

case KEY_RSA:

case KEY_RSA_CERT_V00:

case KEY_RSA_CERT:

Line 2535

Line 2608

return NULL;

}

break;

#endif

}

return k;

}