version 1.58.4.2, 2006/11/08 00:17:14 |
version 1.59, 2006/03/19 18:51:18 |
|
|
/* $OpenBSD$ */ |
|
/* |
/* |
* read_bignum(): |
* read_bignum(): |
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
*/ |
*/ |
|
#include "includes.h" |
|
|
#include <sys/types.h> |
|
|
|
#include <openssl/evp.h> |
#include <openssl/evp.h> |
|
|
#include <stdio.h> |
|
#include <string.h> |
|
|
|
#include "xmalloc.h" |
#include "xmalloc.h" |
#include "key.h" |
#include "key.h" |
#include "rsa.h" |
#include "rsa.h" |
#include "uuencode.h" |
#include "uuencode.h" |
#include "buffer.h" |
#include "buffer.h" |
|
#include "bufaux.h" |
#include "log.h" |
#include "log.h" |
|
|
Key * |
Key * |
|
|
Key *k; |
Key *k; |
RSA *rsa; |
RSA *rsa; |
DSA *dsa; |
DSA *dsa; |
k = xcalloc(1, sizeof(*k)); |
k = xmalloc(sizeof(*k)); |
k->type = type; |
k->type = type; |
|
k->flags = 0; |
k->dsa = NULL; |
k->dsa = NULL; |
k->rsa = NULL; |
k->rsa = NULL; |
switch (k->type) { |
switch (k->type) { |
|
|
void |
void |
key_free(Key *k) |
key_free(Key *k) |
{ |
{ |
if (k == NULL) |
|
fatal("key_free: key is NULL"); |
|
switch (k->type) { |
switch (k->type) { |
case KEY_RSA1: |
case KEY_RSA1: |
case KEY_RSA: |
case KEY_RSA: |
|
|
return a->rsa != NULL && b->rsa != NULL && |
return a->rsa != NULL && b->rsa != NULL && |
BN_cmp(a->rsa->e, b->rsa->e) == 0 && |
BN_cmp(a->rsa->e, b->rsa->e) == 0 && |
BN_cmp(a->rsa->n, b->rsa->n) == 0; |
BN_cmp(a->rsa->n, b->rsa->n) == 0; |
|
break; |
case KEY_DSA: |
case KEY_DSA: |
return a->dsa != NULL && b->dsa != NULL && |
return a->dsa != NULL && b->dsa != NULL && |
BN_cmp(a->dsa->p, b->dsa->p) == 0 && |
BN_cmp(a->dsa->p, b->dsa->p) == 0 && |
BN_cmp(a->dsa->q, b->dsa->q) == 0 && |
BN_cmp(a->dsa->q, b->dsa->q) == 0 && |
BN_cmp(a->dsa->g, b->dsa->g) == 0 && |
BN_cmp(a->dsa->g, b->dsa->g) == 0 && |
BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; |
BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; |
|
break; |
default: |
default: |
fatal("key_equal: bad key type %d", a->type); |
fatal("key_equal: bad key type %d", a->type); |
break; |
break; |
|
|
break; |
break; |
case KEY_UNSPEC: |
case KEY_UNSPEC: |
return retval; |
return retval; |
|
break; |
default: |
default: |
fatal("key_fingerprint_raw: bad key type %d", k->type); |
fatal("key_fingerprint_raw: bad key type %d", k->type); |
break; |
break; |
|
|
char *retval; |
char *retval; |
u_int i; |
u_int i; |
|
|
retval = xcalloc(1, dgst_raw_len * 3 + 1); |
retval = xmalloc(dgst_raw_len * 3 + 1); |
|
retval[0] = '\0'; |
for (i = 0; i < dgst_raw_len; i++) { |
for (i = 0; i < dgst_raw_len; i++) { |
char hex[4]; |
char hex[4]; |
snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]); |
snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]); |
|
|
char *retval; |
char *retval; |
|
|
rounds = (dgst_raw_len / 2) + 1; |
rounds = (dgst_raw_len / 2) + 1; |
retval = xcalloc((rounds * 6), sizeof(char)); |
retval = xmalloc(sizeof(char) * (rounds*6)); |
retval[j++] = 'x'; |
retval[j++] = 'x'; |
for (i = 0; i < rounds; i++) { |
for (i = 0; i < rounds; i++) { |
u_int idx0, idx1, idx2, idx3, idx4; |
u_int idx0, idx1, idx2, idx3, idx4; |
|
|
switch (k->type) { |
switch (k->type) { |
case KEY_RSA1: |
case KEY_RSA1: |
return "RSA1"; |
return "RSA1"; |
|
break; |
case KEY_RSA: |
case KEY_RSA: |
return "RSA"; |
return "RSA"; |
|
break; |
case KEY_DSA: |
case KEY_DSA: |
return "DSA"; |
return "DSA"; |
|
break; |
} |
} |
return "unknown"; |
return "unknown"; |
} |
} |
|
|
switch (k->type) { |
switch (k->type) { |
case KEY_RSA: |
case KEY_RSA: |
return "ssh-rsa"; |
return "ssh-rsa"; |
|
break; |
case KEY_DSA: |
case KEY_DSA: |
return "ssh-dss"; |
return "ssh-dss"; |
|
break; |
} |
} |
return "ssh-unknown"; |
return "ssh-unknown"; |
} |
} |
|
|
case KEY_RSA1: |
case KEY_RSA1: |
case KEY_RSA: |
case KEY_RSA: |
return BN_num_bits(k->rsa->n); |
return BN_num_bits(k->rsa->n); |
|
break; |
case KEY_DSA: |
case KEY_DSA: |
return BN_num_bits(k->dsa->p); |
return BN_num_bits(k->dsa->p); |
|
break; |
} |
} |
return 0; |
return 0; |
} |
} |
|
|
rsa_generate_private_key(u_int bits) |
rsa_generate_private_key(u_int bits) |
{ |
{ |
RSA *private; |
RSA *private; |
|
|
private = RSA_generate_key(bits, 35, NULL, NULL); |
private = RSA_generate_key(bits, 35, NULL, NULL); |
if (private == NULL) |
if (private == NULL) |
fatal("rsa_generate_private_key: key generation failed."); |
fatal("rsa_generate_private_key: key generation failed."); |
|
|
dsa_generate_private_key(u_int bits) |
dsa_generate_private_key(u_int bits) |
{ |
{ |
DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL); |
DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL); |
|
|
if (private == NULL) |
if (private == NULL) |
fatal("dsa_generate_private_key: DSA_generate_parameters failed"); |
fatal("dsa_generate_private_key: DSA_generate_parameters failed"); |
if (!DSA_generate_key(private)) |
if (!DSA_generate_key(private)) |
|
|
switch (k->type) { |
switch (k->type) { |
case KEY_DSA: |
case KEY_DSA: |
n = key_new(k->type); |
n = key_new(k->type); |
if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || |
BN_copy(n->dsa->p, k->dsa->p); |
(BN_copy(n->dsa->q, k->dsa->q) == NULL) || |
BN_copy(n->dsa->q, k->dsa->q); |
(BN_copy(n->dsa->g, k->dsa->g) == NULL) || |
BN_copy(n->dsa->g, k->dsa->g); |
(BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) |
BN_copy(n->dsa->pub_key, k->dsa->pub_key); |
fatal("key_from_private: BN_copy failed"); |
|
break; |
break; |
case KEY_RSA: |
case KEY_RSA: |
case KEY_RSA1: |
case KEY_RSA1: |
n = key_new(k->type); |
n = key_new(k->type); |
if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || |
BN_copy(n->rsa->n, k->rsa->n); |
(BN_copy(n->rsa->e, k->rsa->e) == NULL)) |
BN_copy(n->rsa->e, k->rsa->e); |
fatal("key_from_private: BN_copy failed"); |
|
break; |
break; |
default: |
default: |
fatal("key_from_private: unknown type %d", k->type); |
fatal("key_from_private: unknown type %d", k->type); |
|
|
switch (key->type) { |
switch (key->type) { |
case KEY_DSA: |
case KEY_DSA: |
return ssh_dss_sign(key, sigp, lenp, data, datalen); |
return ssh_dss_sign(key, sigp, lenp, data, datalen); |
|
break; |
case KEY_RSA: |
case KEY_RSA: |
return ssh_rsa_sign(key, sigp, lenp, data, datalen); |
return ssh_rsa_sign(key, sigp, lenp, data, datalen); |
|
break; |
default: |
default: |
error("key_sign: invalid key type %d", key->type); |
error("key_sign: invalid key type %d", key->type); |
return -1; |
return -1; |
|
break; |
} |
} |
} |
} |
|
|
|
|
switch (key->type) { |
switch (key->type) { |
case KEY_DSA: |
case KEY_DSA: |
return ssh_dss_verify(key, signature, signaturelen, data, datalen); |
return ssh_dss_verify(key, signature, signaturelen, data, datalen); |
|
break; |
case KEY_RSA: |
case KEY_RSA: |
return ssh_rsa_verify(key, signature, signaturelen, data, datalen); |
return ssh_rsa_verify(key, signature, signaturelen, data, datalen); |
|
break; |
default: |
default: |
error("key_verify: invalid key type %d", key->type); |
error("key_verify: invalid key type %d", key->type); |
return -1; |
return -1; |
|
break; |
} |
} |
} |
} |
|
|
|
|
{ |
{ |
Key *pk; |
Key *pk; |
|
|
pk = xcalloc(1, sizeof(*pk)); |
pk = xmalloc(sizeof(*pk)); |
pk->type = k->type; |
pk->type = k->type; |
pk->flags = k->flags; |
pk->flags = k->flags; |
pk->dsa = NULL; |
pk->dsa = NULL; |