Annotation of src/usr.bin/ssh/key.c, Revision 1.17
1.1 markus 1: /*
1.11 deraadt 2: * read_bignum():
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: *
5: * As far as I am concerned, the code I have written for this software
6: * can be used freely for any purpose. Any derived versions of this
7: * software must be clearly marked as such, and if the derived work is
8: * incompatible with the protocol description in the RFC file, it must be
9: * called by a name other than "ssh" or "Secure Shell".
10: *
11: *
1.1 markus 12: * Copyright (c) 2000 Markus Friedl. All rights reserved.
13: *
14: * Redistribution and use in source and binary forms, with or without
15: * modification, are permitted provided that the following conditions
16: * are met:
17: * 1. Redistributions of source code must retain the above copyright
18: * notice, this list of conditions and the following disclaimer.
19: * 2. Redistributions in binary form must reproduce the above copyright
20: * notice, this list of conditions and the following disclaimer in the
21: * documentation and/or other materials provided with the distribution.
22: *
23: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33: */
1.15 markus 34: #include "includes.h"
1.17 ! stevesk 35: RCSID("$OpenBSD: key.c,v 1.16 2001/01/22 16:55:21 stevesk Exp $");
1.1 markus 36:
1.2 markus 37: #include <openssl/evp.h>
1.15 markus 38:
1.1 markus 39: #include "xmalloc.h"
40: #include "key.h"
1.12 markus 41: #include "rsa.h"
42: #include "ssh-dss.h"
43: #include "ssh-rsa.h"
1.3 markus 44: #include "uuencode.h"
1.12 markus 45: #include "buffer.h"
46: #include "bufaux.h"
1.15 markus 47: #include "log.h"
1.1 markus 48:
49: Key *
50: key_new(int type)
51: {
52: Key *k;
53: RSA *rsa;
54: DSA *dsa;
55: k = xmalloc(sizeof(*k));
56: k->type = type;
1.3 markus 57: k->dsa = NULL;
58: k->rsa = NULL;
1.1 markus 59: switch (k->type) {
1.12 markus 60: case KEY_RSA1:
1.1 markus 61: case KEY_RSA:
62: rsa = RSA_new();
63: rsa->n = BN_new();
64: rsa->e = BN_new();
65: k->rsa = rsa;
66: break;
67: case KEY_DSA:
68: dsa = DSA_new();
69: dsa->p = BN_new();
70: dsa->q = BN_new();
71: dsa->g = BN_new();
72: dsa->pub_key = BN_new();
73: k->dsa = dsa;
74: break;
1.12 markus 75: case KEY_UNSPEC:
1.1 markus 76: break;
77: default:
78: fatal("key_new: bad key type %d", k->type);
79: break;
80: }
81: return k;
82: }
1.12 markus 83: Key *
84: key_new_private(int type)
85: {
86: Key *k = key_new(type);
87: switch (k->type) {
88: case KEY_RSA1:
89: case KEY_RSA:
90: k->rsa->d = BN_new();
91: k->rsa->iqmp = BN_new();
92: k->rsa->q = BN_new();
93: k->rsa->p = BN_new();
94: k->rsa->dmq1 = BN_new();
95: k->rsa->dmp1 = BN_new();
96: break;
97: case KEY_DSA:
98: k->dsa->priv_key = BN_new();
99: break;
100: case KEY_UNSPEC:
101: break;
102: default:
103: break;
104: }
105: return k;
106: }
1.1 markus 107: void
108: key_free(Key *k)
109: {
110: switch (k->type) {
1.12 markus 111: case KEY_RSA1:
1.1 markus 112: case KEY_RSA:
113: if (k->rsa != NULL)
114: RSA_free(k->rsa);
115: k->rsa = NULL;
116: break;
117: case KEY_DSA:
118: if (k->dsa != NULL)
119: DSA_free(k->dsa);
120: k->dsa = NULL;
121: break;
1.12 markus 122: case KEY_UNSPEC:
123: break;
1.1 markus 124: default:
125: fatal("key_free: bad key type %d", k->type);
126: break;
127: }
128: xfree(k);
129: }
130: int
131: key_equal(Key *a, Key *b)
132: {
133: if (a == NULL || b == NULL || a->type != b->type)
134: return 0;
135: switch (a->type) {
1.12 markus 136: case KEY_RSA1:
1.1 markus 137: case KEY_RSA:
138: return a->rsa != NULL && b->rsa != NULL &&
139: BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
140: BN_cmp(a->rsa->n, b->rsa->n) == 0;
141: break;
142: case KEY_DSA:
143: return a->dsa != NULL && b->dsa != NULL &&
144: BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
145: BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
146: BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
147: BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
148: break;
149: default:
1.3 markus 150: fatal("key_equal: bad key type %d", a->type);
1.1 markus 151: break;
152: }
153: return 0;
154: }
155:
156: /*
157: * Generate key fingerprint in ascii format.
158: * Based on ideas and code from Bjoern Groenvall <bg@sics.se>
159: */
160: char *
161: key_fingerprint(Key *k)
162: {
1.8 markus 163: static char retval[(EVP_MAX_MD_SIZE+1)*3];
1.13 markus 164: u_char *blob = NULL;
1.1 markus 165: int len = 0;
1.3 markus 166: int nlen, elen;
1.1 markus 167:
1.12 markus 168: retval[0] = '\0';
1.1 markus 169: switch (k->type) {
1.12 markus 170: case KEY_RSA1:
1.1 markus 171: nlen = BN_num_bytes(k->rsa->n);
172: elen = BN_num_bytes(k->rsa->e);
173: len = nlen + elen;
1.3 markus 174: blob = xmalloc(len);
175: BN_bn2bin(k->rsa->n, blob);
176: BN_bn2bin(k->rsa->e, blob + nlen);
1.1 markus 177: break;
178: case KEY_DSA:
1.12 markus 179: case KEY_RSA:
180: key_to_blob(k, &blob, &len);
181: break;
182: case KEY_UNSPEC:
183: return retval;
1.1 markus 184: break;
185: default:
186: fatal("key_fingerprint: bad key type %d", k->type);
187: break;
188: }
1.3 markus 189: if (blob != NULL) {
1.8 markus 190: int i;
1.13 markus 191: u_char digest[EVP_MAX_MD_SIZE];
1.8 markus 192: EVP_MD *md = EVP_md5();
193: EVP_MD_CTX ctx;
194: EVP_DigestInit(&ctx, md);
195: EVP_DigestUpdate(&ctx, blob, len);
196: EVP_DigestFinal(&ctx, digest, NULL);
197: for(i = 0; i < md->md_size; i++) {
198: char hex[4];
199: snprintf(hex, sizeof(hex), "%02x:", digest[i]);
200: strlcat(retval, hex, sizeof(retval));
201: }
202: retval[strlen(retval) - 1] = '\0';
1.3 markus 203: memset(blob, 0, len);
204: xfree(blob);
1.1 markus 205: }
206: return retval;
207: }
208:
209: /*
210: * Reads a multiple-precision integer in decimal from the buffer, and advances
211: * the pointer. The integer must already be initialized. This function is
212: * permitted to modify the buffer. This leaves *cpp to point just beyond the
213: * last processed (and maybe modified) character. Note that this may modify
214: * the buffer containing the number.
215: */
216: int
217: read_bignum(char **cpp, BIGNUM * value)
218: {
219: char *cp = *cpp;
220: int old;
221:
222: /* Skip any leading whitespace. */
223: for (; *cp == ' ' || *cp == '\t'; cp++)
224: ;
225:
226: /* Check that it begins with a decimal digit. */
227: if (*cp < '0' || *cp > '9')
228: return 0;
229:
230: /* Save starting position. */
231: *cpp = cp;
232:
233: /* Move forward until all decimal digits skipped. */
234: for (; *cp >= '0' && *cp <= '9'; cp++)
235: ;
236:
237: /* Save the old terminating character, and replace it by \0. */
238: old = *cp;
239: *cp = 0;
240:
241: /* Parse the number. */
242: if (BN_dec2bn(&value, *cpp) == 0)
243: return 0;
244:
245: /* Restore old terminating character. */
246: *cp = old;
247:
248: /* Move beyond the number and return success. */
249: *cpp = cp;
250: return 1;
251: }
252: int
253: write_bignum(FILE *f, BIGNUM *num)
254: {
255: char *buf = BN_bn2dec(num);
256: if (buf == NULL) {
257: error("write_bignum: BN_bn2dec() failed");
258: return 0;
259: }
260: fprintf(f, " %s", buf);
1.16 stevesk 261: xfree(buf);
1.1 markus 262: return 1;
263: }
1.12 markus 264:
265: /* returns 1 ok, -1 error, 0 type mismatch */
266: int
1.3 markus 267: key_read(Key *ret, char **cpp)
1.1 markus 268: {
1.3 markus 269: Key *k;
1.12 markus 270: int success = -1;
271: char *cp, *space;
272: int len, n, type;
273: u_int bits;
1.13 markus 274: u_char *blob;
1.3 markus 275:
276: cp = *cpp;
277:
1.1 markus 278: switch(ret->type) {
1.12 markus 279: case KEY_RSA1:
1.3 markus 280: /* Get number of bits. */
281: if (*cp < '0' || *cp > '9')
1.12 markus 282: return -1; /* Bad bit count... */
1.3 markus 283: for (bits = 0; *cp >= '0' && *cp <= '9'; cp++)
284: bits = 10 * bits + *cp - '0';
1.1 markus 285: if (bits == 0)
1.12 markus 286: return -1;
1.3 markus 287: *cpp = cp;
1.1 markus 288: /* Get public exponent, public modulus. */
289: if (!read_bignum(cpp, ret->rsa->e))
1.12 markus 290: return -1;
1.1 markus 291: if (!read_bignum(cpp, ret->rsa->n))
1.12 markus 292: return -1;
293: success = 1;
1.1 markus 294: break;
1.12 markus 295: case KEY_UNSPEC:
296: case KEY_RSA:
1.1 markus 297: case KEY_DSA:
1.12 markus 298: space = strchr(cp, ' ');
299: if (space == NULL) {
300: debug3("key_read: no space");
301: return -1;
302: }
303: *space = '\0';
304: type = key_type_from_name(cp);
305: *space = ' ';
306: if (type == KEY_UNSPEC) {
307: debug3("key_read: no key found");
308: return -1;
309: }
310: cp = space+1;
311: if (*cp == '\0') {
312: debug3("key_read: short string");
313: return -1;
314: }
315: if (ret->type == KEY_UNSPEC) {
316: ret->type = type;
317: } else if (ret->type != type) {
318: /* is a key, but different type */
319: debug3("key_read: type mismatch");
1.1 markus 320: return 0;
1.12 markus 321: }
1.3 markus 322: len = 2*strlen(cp);
323: blob = xmalloc(len);
324: n = uudecode(cp, blob, len);
1.6 markus 325: if (n < 0) {
1.7 markus 326: error("key_read: uudecode %s failed", cp);
1.12 markus 327: return -1;
1.6 markus 328: }
1.12 markus 329: k = key_from_blob(blob, n);
1.7 markus 330: if (k == NULL) {
1.12 markus 331: error("key_read: key_from_blob %s failed", cp);
332: return -1;
1.7 markus 333: }
1.3 markus 334: xfree(blob);
1.12 markus 335: if (k->type != type) {
336: error("key_read: type mismatch: encoding error");
337: key_free(k);
338: return -1;
339: }
340: /*XXXX*/
341: if (ret->type == KEY_RSA) {
342: if (ret->rsa != NULL)
343: RSA_free(ret->rsa);
344: ret->rsa = k->rsa;
345: k->rsa = NULL;
346: success = 1;
347: #ifdef DEBUG_PK
348: RSA_print_fp(stderr, ret->rsa, 8);
349: #endif
350: } else {
351: if (ret->dsa != NULL)
352: DSA_free(ret->dsa);
353: ret->dsa = k->dsa;
354: k->dsa = NULL;
355: success = 1;
356: #ifdef DEBUG_PK
357: DSA_print_fp(stderr, ret->dsa, 8);
358: #endif
359: }
360: /*XXXX*/
361: if (success != 1)
362: break;
1.3 markus 363: key_free(k);
1.7 markus 364: /* advance cp: skip whitespace and data */
365: while (*cp == ' ' || *cp == '\t')
366: cp++;
367: while (*cp != '\0' && *cp != ' ' && *cp != '\t')
368: cp++;
369: *cpp = cp;
1.1 markus 370: break;
371: default:
1.3 markus 372: fatal("key_read: bad key type: %d", ret->type);
1.1 markus 373: break;
374: }
1.12 markus 375: return success;
1.1 markus 376: }
377: int
378: key_write(Key *key, FILE *f)
379: {
380: int success = 0;
1.13 markus 381: u_int bits = 0;
1.1 markus 382:
1.12 markus 383: if (key->type == KEY_RSA1 && key->rsa != NULL) {
1.1 markus 384: /* size of modulus 'n' */
385: bits = BN_num_bits(key->rsa->n);
386: fprintf(f, "%u", bits);
387: if (write_bignum(f, key->rsa->e) &&
388: write_bignum(f, key->rsa->n)) {
389: success = 1;
390: } else {
391: error("key_write: failed for RSA key");
392: }
1.12 markus 393: } else if ((key->type == KEY_DSA && key->dsa != NULL) ||
394: (key->type == KEY_RSA && key->rsa != NULL)) {
1.3 markus 395: int len, n;
1.13 markus 396: u_char *blob, *uu;
1.12 markus 397: key_to_blob(key, &blob, &len);
1.3 markus 398: uu = xmalloc(2*len);
1.5 markus 399: n = uuencode(blob, len, uu, 2*len);
400: if (n > 0) {
1.12 markus 401: fprintf(f, "%s %s", key_ssh_name(key), uu);
1.5 markus 402: success = 1;
403: }
1.3 markus 404: xfree(blob);
405: xfree(uu);
1.1 markus 406: }
407: return success;
408: }
1.4 markus 409: char *
410: key_type(Key *k)
411: {
412: switch (k->type) {
1.12 markus 413: case KEY_RSA1:
414: return "RSA1";
415: break;
1.4 markus 416: case KEY_RSA:
417: return "RSA";
418: break;
419: case KEY_DSA:
420: return "DSA";
421: break;
422: }
423: return "unknown";
1.10 markus 424: }
1.12 markus 425: char *
426: key_ssh_name(Key *k)
427: {
428: switch (k->type) {
429: case KEY_RSA:
430: return "ssh-rsa";
431: break;
432: case KEY_DSA:
433: return "ssh-dss";
434: break;
435: }
436: return "ssh-unknown";
437: }
438: u_int
1.10 markus 439: key_size(Key *k){
440: switch (k->type) {
1.12 markus 441: case KEY_RSA1:
1.10 markus 442: case KEY_RSA:
443: return BN_num_bits(k->rsa->n);
444: break;
445: case KEY_DSA:
446: return BN_num_bits(k->dsa->p);
447: break;
448: }
449: return 0;
1.12 markus 450: }
451:
452: RSA *
1.13 markus 453: rsa_generate_private_key(u_int bits)
1.12 markus 454: {
1.17 ! stevesk 455: RSA *private;
! 456: private = RSA_generate_key(bits, 35, NULL, NULL);
! 457: if (private == NULL)
! 458: fatal("rsa_generate_private_key: key generation failed.");
! 459: return private;
1.12 markus 460: }
461:
462: DSA*
1.13 markus 463: dsa_generate_private_key(u_int bits)
1.12 markus 464: {
465: DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
466: if (private == NULL)
467: fatal("dsa_generate_private_key: DSA_generate_parameters failed");
468: if (!DSA_generate_key(private))
1.17 ! stevesk 469: fatal("dsa_generate_private_key: DSA_generate_key failed.");
! 470: if (private == NULL)
! 471: fatal("dsa_generate_private_key: NULL.");
1.12 markus 472: return private;
473: }
474:
475: Key *
1.13 markus 476: key_generate(int type, u_int bits)
1.12 markus 477: {
478: Key *k = key_new(KEY_UNSPEC);
479: switch (type) {
1.17 ! stevesk 480: case KEY_DSA:
1.12 markus 481: k->dsa = dsa_generate_private_key(bits);
482: break;
483: case KEY_RSA:
484: case KEY_RSA1:
485: k->rsa = rsa_generate_private_key(bits);
486: break;
487: default:
1.17 ! stevesk 488: fatal("key_generate: unknown type %d", type);
1.12 markus 489: }
1.17 ! stevesk 490: k->type = type;
1.12 markus 491: return k;
492: }
493:
494: Key *
495: key_from_private(Key *k)
496: {
497: Key *n = NULL;
498: switch (k->type) {
1.17 ! stevesk 499: case KEY_DSA:
1.12 markus 500: n = key_new(k->type);
501: BN_copy(n->dsa->p, k->dsa->p);
502: BN_copy(n->dsa->q, k->dsa->q);
503: BN_copy(n->dsa->g, k->dsa->g);
504: BN_copy(n->dsa->pub_key, k->dsa->pub_key);
505: break;
506: case KEY_RSA:
507: case KEY_RSA1:
508: n = key_new(k->type);
509: BN_copy(n->rsa->n, k->rsa->n);
510: BN_copy(n->rsa->e, k->rsa->e);
511: break;
512: default:
1.17 ! stevesk 513: fatal("key_from_private: unknown type %d", k->type);
1.12 markus 514: break;
515: }
516: return n;
517: }
518:
519: int
520: key_type_from_name(char *name)
521: {
522: if (strcmp(name, "rsa1") == 0){
523: return KEY_RSA1;
524: } else if (strcmp(name, "rsa") == 0){
525: return KEY_RSA;
526: } else if (strcmp(name, "dsa") == 0){
527: return KEY_DSA;
528: } else if (strcmp(name, "ssh-rsa") == 0){
529: return KEY_RSA;
530: } else if (strcmp(name, "ssh-dss") == 0){
531: return KEY_DSA;
532: }
533: debug("key_type_from_name: unknown key type '%s'", name);
534: return KEY_UNSPEC;
535: }
536:
537: Key *
538: key_from_blob(char *blob, int blen)
539: {
540: Buffer b;
541: char *ktype;
542: int rlen, type;
543: Key *key = NULL;
544:
545: #ifdef DEBUG_PK
546: dump_base64(stderr, blob, blen);
547: #endif
548: buffer_init(&b);
549: buffer_append(&b, blob, blen);
550: ktype = buffer_get_string(&b, NULL);
551: type = key_type_from_name(ktype);
552:
553: switch(type){
554: case KEY_RSA:
555: key = key_new(type);
1.14 markus 556: buffer_get_bignum2(&b, key->rsa->e);
1.12 markus 557: buffer_get_bignum2(&b, key->rsa->n);
558: #ifdef DEBUG_PK
559: RSA_print_fp(stderr, key->rsa, 8);
560: #endif
561: break;
562: case KEY_DSA:
563: key = key_new(type);
564: buffer_get_bignum2(&b, key->dsa->p);
565: buffer_get_bignum2(&b, key->dsa->q);
566: buffer_get_bignum2(&b, key->dsa->g);
567: buffer_get_bignum2(&b, key->dsa->pub_key);
568: #ifdef DEBUG_PK
569: DSA_print_fp(stderr, key->dsa, 8);
570: #endif
571: break;
572: case KEY_UNSPEC:
573: key = key_new(type);
574: break;
575: default:
576: error("key_from_blob: cannot handle type %s", ktype);
577: break;
578: }
579: rlen = buffer_len(&b);
580: if (key != NULL && rlen != 0)
581: error("key_from_blob: remaining bytes in key blob %d", rlen);
582: xfree(ktype);
583: buffer_free(&b);
584: return key;
585: }
586:
587: int
1.13 markus 588: key_to_blob(Key *key, u_char **blobp, u_int *lenp)
1.12 markus 589: {
590: Buffer b;
591: int len;
1.13 markus 592: u_char *buf;
1.12 markus 593:
594: if (key == NULL) {
595: error("key_to_blob: key == NULL");
596: return 0;
597: }
598: buffer_init(&b);
599: switch(key->type){
600: case KEY_DSA:
601: buffer_put_cstring(&b, key_ssh_name(key));
602: buffer_put_bignum2(&b, key->dsa->p);
603: buffer_put_bignum2(&b, key->dsa->q);
604: buffer_put_bignum2(&b, key->dsa->g);
605: buffer_put_bignum2(&b, key->dsa->pub_key);
606: break;
607: case KEY_RSA:
608: buffer_put_cstring(&b, key_ssh_name(key));
1.14 markus 609: buffer_put_bignum2(&b, key->rsa->e);
1.12 markus 610: buffer_put_bignum2(&b, key->rsa->n);
611: break;
612: default:
613: error("key_to_blob: illegal key type %d", key->type);
614: break;
615: }
616: len = buffer_len(&b);
617: buf = xmalloc(len);
618: memcpy(buf, buffer_ptr(&b), len);
619: memset(buffer_ptr(&b), 0, len);
620: buffer_free(&b);
621: if (lenp != NULL)
622: *lenp = len;
623: if (blobp != NULL)
624: *blobp = buf;
625: return len;
626: }
627:
628: int
629: key_sign(
630: Key *key,
1.13 markus 631: u_char **sigp, int *lenp,
632: u_char *data, int datalen)
1.12 markus 633: {
634: switch(key->type){
635: case KEY_DSA:
636: return ssh_dss_sign(key, sigp, lenp, data, datalen);
637: break;
638: case KEY_RSA:
639: return ssh_rsa_sign(key, sigp, lenp, data, datalen);
640: break;
641: default:
642: error("key_sign: illegal key type %d", key->type);
643: return -1;
644: break;
645: }
646: }
647:
648: int
649: key_verify(
650: Key *key,
1.13 markus 651: u_char *signature, int signaturelen,
652: u_char *data, int datalen)
1.12 markus 653: {
654: switch(key->type){
655: case KEY_DSA:
656: return ssh_dss_verify(key, signature, signaturelen, data, datalen);
657: break;
658: case KEY_RSA:
659: return ssh_rsa_verify(key, signature, signaturelen, data, datalen);
660: break;
661: default:
662: error("key_verify: illegal key type %d", key->type);
663: return -1;
664: break;
665: }
1.4 markus 666: }