Annotation of src/usr.bin/ssh/key.c, Revision 1.21
1.1 markus 1: /*
1.11 deraadt 2: * read_bignum():
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: *
5: * As far as I am concerned, the code I have written for this software
6: * can be used freely for any purpose. Any derived versions of this
7: * software must be clearly marked as such, and if the derived work is
8: * incompatible with the protocol description in the RFC file, it must be
9: * called by a name other than "ssh" or "Secure Shell".
10: *
11: *
1.1 markus 12: * Copyright (c) 2000 Markus Friedl. All rights reserved.
13: *
14: * Redistribution and use in source and binary forms, with or without
15: * modification, are permitted provided that the following conditions
16: * are met:
17: * 1. Redistributions of source code must retain the above copyright
18: * notice, this list of conditions and the following disclaimer.
19: * 2. Redistributions in binary form must reproduce the above copyright
20: * notice, this list of conditions and the following disclaimer in the
21: * documentation and/or other materials provided with the distribution.
22: *
23: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33: */
1.15 markus 34: #include "includes.h"
1.21 ! markus 35: RCSID("$OpenBSD: key.c,v 1.20 2001/03/11 15:13:09 jakob Exp $");
1.1 markus 36:
1.2 markus 37: #include <openssl/evp.h>
1.15 markus 38:
1.1 markus 39: #include "xmalloc.h"
40: #include "key.h"
1.12 markus 41: #include "rsa.h"
42: #include "ssh-dss.h"
43: #include "ssh-rsa.h"
1.3 markus 44: #include "uuencode.h"
1.12 markus 45: #include "buffer.h"
46: #include "bufaux.h"
1.15 markus 47: #include "log.h"
1.1 markus 48:
49: Key *
50: key_new(int type)
51: {
52: Key *k;
53: RSA *rsa;
54: DSA *dsa;
55: k = xmalloc(sizeof(*k));
56: k->type = type;
1.3 markus 57: k->dsa = NULL;
58: k->rsa = NULL;
1.1 markus 59: switch (k->type) {
1.12 markus 60: case KEY_RSA1:
1.1 markus 61: case KEY_RSA:
62: rsa = RSA_new();
63: rsa->n = BN_new();
64: rsa->e = BN_new();
65: k->rsa = rsa;
66: break;
67: case KEY_DSA:
68: dsa = DSA_new();
69: dsa->p = BN_new();
70: dsa->q = BN_new();
71: dsa->g = BN_new();
72: dsa->pub_key = BN_new();
73: k->dsa = dsa;
74: break;
1.12 markus 75: case KEY_UNSPEC:
1.1 markus 76: break;
77: default:
78: fatal("key_new: bad key type %d", k->type);
79: break;
80: }
81: return k;
82: }
1.12 markus 83: Key *
84: key_new_private(int type)
85: {
86: Key *k = key_new(type);
87: switch (k->type) {
88: case KEY_RSA1:
89: case KEY_RSA:
90: k->rsa->d = BN_new();
91: k->rsa->iqmp = BN_new();
92: k->rsa->q = BN_new();
93: k->rsa->p = BN_new();
94: k->rsa->dmq1 = BN_new();
95: k->rsa->dmp1 = BN_new();
96: break;
97: case KEY_DSA:
98: k->dsa->priv_key = BN_new();
99: break;
100: case KEY_UNSPEC:
101: break;
102: default:
103: break;
104: }
105: return k;
106: }
1.1 markus 107: void
108: key_free(Key *k)
109: {
110: switch (k->type) {
1.12 markus 111: case KEY_RSA1:
1.1 markus 112: case KEY_RSA:
113: if (k->rsa != NULL)
114: RSA_free(k->rsa);
115: k->rsa = NULL;
116: break;
117: case KEY_DSA:
118: if (k->dsa != NULL)
119: DSA_free(k->dsa);
120: k->dsa = NULL;
121: break;
1.12 markus 122: case KEY_UNSPEC:
123: break;
1.1 markus 124: default:
125: fatal("key_free: bad key type %d", k->type);
126: break;
127: }
128: xfree(k);
129: }
130: int
131: key_equal(Key *a, Key *b)
132: {
133: if (a == NULL || b == NULL || a->type != b->type)
134: return 0;
135: switch (a->type) {
1.12 markus 136: case KEY_RSA1:
1.1 markus 137: case KEY_RSA:
138: return a->rsa != NULL && b->rsa != NULL &&
139: BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
140: BN_cmp(a->rsa->n, b->rsa->n) == 0;
141: break;
142: case KEY_DSA:
143: return a->dsa != NULL && b->dsa != NULL &&
144: BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
145: BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
146: BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
147: BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
148: break;
149: default:
1.3 markus 150: fatal("key_equal: bad key type %d", a->type);
1.1 markus 151: break;
152: }
153: return 0;
154: }
155:
1.19 jakob 156: u_char*
157: key_fingerprint_raw(Key *k, enum fp_type dgst_type, size_t *dgst_raw_length)
1.1 markus 158: {
1.21 ! markus 159: EVP_MD *md = NULL;
! 160: EVP_MD_CTX ctx;
1.13 markus 161: u_char *blob = NULL;
1.19 jakob 162: u_char *retval = NULL;
1.1 markus 163: int len = 0;
1.3 markus 164: int nlen, elen;
1.1 markus 165:
1.19 jakob 166: *dgst_raw_length = 0;
167:
1.21 ! markus 168: switch (dgst_type) {
! 169: case SSH_FP_MD5:
! 170: md = EVP_md5();
! 171: break;
! 172: case SSH_FP_SHA1:
! 173: md = EVP_sha1();
! 174: break;
! 175: default:
! 176: fatal("key_fingerprint_raw: bad digest type %d",
! 177: dgst_type);
! 178: }
1.1 markus 179: switch (k->type) {
1.12 markus 180: case KEY_RSA1:
1.1 markus 181: nlen = BN_num_bytes(k->rsa->n);
182: elen = BN_num_bytes(k->rsa->e);
183: len = nlen + elen;
1.3 markus 184: blob = xmalloc(len);
185: BN_bn2bin(k->rsa->n, blob);
186: BN_bn2bin(k->rsa->e, blob + nlen);
1.1 markus 187: break;
188: case KEY_DSA:
1.12 markus 189: case KEY_RSA:
190: key_to_blob(k, &blob, &len);
191: break;
192: case KEY_UNSPEC:
193: return retval;
1.1 markus 194: break;
195: default:
1.19 jakob 196: fatal("key_fingerprint_raw: bad key type %d", k->type);
1.1 markus 197: break;
198: }
1.3 markus 199: if (blob != NULL) {
1.19 jakob 200: retval = xmalloc(EVP_MAX_MD_SIZE);
1.8 markus 201: EVP_DigestInit(&ctx, md);
202: EVP_DigestUpdate(&ctx, blob, len);
1.19 jakob 203: EVP_DigestFinal(&ctx, retval, NULL);
204: *dgst_raw_length = md->md_size;
1.3 markus 205: memset(blob, 0, len);
206: xfree(blob);
1.19 jakob 207: } else {
208: fatal("key_fingerprint_raw: blob is null");
1.1 markus 209: }
1.19 jakob 210: return retval;
211: }
212:
213: char*
214: key_fingerprint_hex(u_char* dgst_raw, size_t dgst_raw_len)
215: {
216: char *retval;
217: int i;
218:
219: retval = xmalloc(dgst_raw_len * 3);
220: retval[0] = '\0';
221: for(i = 0; i < dgst_raw_len; i++) {
222: char hex[4];
223: snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
224: strlcat(retval, hex, dgst_raw_len * 3);
225: }
226: retval[(dgst_raw_len * 3) - 1] = '\0';
227: return retval;
228: }
229:
230: char*
231: key_fingerprint_bubblebabble(u_char* dgst_raw, size_t dgst_raw_len)
232: {
233: char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' };
234: char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm',
235: 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' };
1.20 jakob 236: u_int i, j = 0, rounds, seed = 1;
1.19 jakob 237: char *retval;
238:
239: rounds = (dgst_raw_len / 2) + 1;
240: retval = xmalloc(sizeof(char) * (rounds*6));
1.20 jakob 241: retval[j++] = 'x';
242: for (i = 0; i < rounds; i++) {
1.19 jakob 243: u_int idx0, idx1, idx2, idx3, idx4;
1.20 jakob 244: if ((i + 1 < rounds) || (dgst_raw_len % 2 != 0)) {
245: idx0 = (((((u_int)(dgst_raw[2 * i])) >> 6) & 3) +
1.19 jakob 246: seed) % 6;
1.20 jakob 247: idx1 = (((u_int)(dgst_raw[2 * i])) >> 2) & 15;
248: idx2 = ((((u_int)(dgst_raw[2 * i])) & 3) +
1.19 jakob 249: (seed / 6)) % 6;
1.20 jakob 250: retval[j++] = vowels[idx0];
251: retval[j++] = consonants[idx1];
252: retval[j++] = vowels[idx2];
253: if ((i + 1) < rounds) {
254: idx3 = (((u_int)(dgst_raw[(2 * i) + 1])) >> 4) & 15;
255: idx4 = (((u_int)(dgst_raw[(2 * i) + 1]))) & 15;
256: retval[j++] = consonants[idx3];
257: retval[j++] = '-';
258: retval[j++] = consonants[idx4];
1.19 jakob 259: seed = ((seed * 5) +
1.20 jakob 260: ((((u_int)(dgst_raw[2 * i])) * 7) +
261: ((u_int)(dgst_raw[(2 * i) + 1])))) % 36;
1.19 jakob 262: }
263: } else {
264: idx0 = seed % 6;
265: idx1 = 16;
266: idx2 = seed / 6;
1.20 jakob 267: retval[j++] = vowels[idx0];
268: retval[j++] = consonants[idx1];
269: retval[j++] = vowels[idx2];
1.19 jakob 270: }
271: }
1.20 jakob 272: retval[j++] = 'x';
273: retval[j++] = '\0';
1.19 jakob 274: return retval;
275: }
276:
277: char*
278: key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
279: {
280: char *retval = NULL;
281: u_char *dgst_raw;
282: size_t dgst_raw_len;
283:
284: dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len);
285: if (!dgst_raw)
286: fatal("key_fingerprint_ex: null value returned from key_fingerprint_raw()");
287: switch(dgst_rep) {
288: case SSH_FP_HEX:
289: retval = key_fingerprint_hex(dgst_raw, dgst_raw_len);
290: break;
291: case SSH_FP_BUBBLEBABBLE:
292: retval = key_fingerprint_bubblebabble(dgst_raw, dgst_raw_len);
293: break;
294: default:
295: fatal("key_fingerprint_ex: bad digest representation %d",
296: dgst_rep);
297: break;
298: }
299: memset(dgst_raw, 0, dgst_raw_len);
300: xfree(dgst_raw);
301: return retval;
302: }
303:
304: char *
305: key_fingerprint(Key *k)
306: {
307: static char retval[(EVP_MAX_MD_SIZE + 1) * 3];
308: char *digest;
309:
310: digest = key_fingerprint_ex(k, SSH_FP_MD5, SSH_FP_HEX);
311: strlcpy(retval, digest, sizeof(retval));
312: xfree(digest);
1.1 markus 313: return retval;
314: }
315:
316: /*
317: * Reads a multiple-precision integer in decimal from the buffer, and advances
318: * the pointer. The integer must already be initialized. This function is
319: * permitted to modify the buffer. This leaves *cpp to point just beyond the
320: * last processed (and maybe modified) character. Note that this may modify
321: * the buffer containing the number.
322: */
323: int
324: read_bignum(char **cpp, BIGNUM * value)
325: {
326: char *cp = *cpp;
327: int old;
328:
329: /* Skip any leading whitespace. */
330: for (; *cp == ' ' || *cp == '\t'; cp++)
331: ;
332:
333: /* Check that it begins with a decimal digit. */
334: if (*cp < '0' || *cp > '9')
335: return 0;
336:
337: /* Save starting position. */
338: *cpp = cp;
339:
340: /* Move forward until all decimal digits skipped. */
341: for (; *cp >= '0' && *cp <= '9'; cp++)
342: ;
343:
344: /* Save the old terminating character, and replace it by \0. */
345: old = *cp;
346: *cp = 0;
347:
348: /* Parse the number. */
349: if (BN_dec2bn(&value, *cpp) == 0)
350: return 0;
351:
352: /* Restore old terminating character. */
353: *cp = old;
354:
355: /* Move beyond the number and return success. */
356: *cpp = cp;
357: return 1;
358: }
359: int
360: write_bignum(FILE *f, BIGNUM *num)
361: {
362: char *buf = BN_bn2dec(num);
363: if (buf == NULL) {
364: error("write_bignum: BN_bn2dec() failed");
365: return 0;
366: }
367: fprintf(f, " %s", buf);
1.16 stevesk 368: xfree(buf);
1.1 markus 369: return 1;
370: }
1.12 markus 371:
372: /* returns 1 ok, -1 error, 0 type mismatch */
373: int
1.3 markus 374: key_read(Key *ret, char **cpp)
1.1 markus 375: {
1.3 markus 376: Key *k;
1.12 markus 377: int success = -1;
378: char *cp, *space;
379: int len, n, type;
380: u_int bits;
1.13 markus 381: u_char *blob;
1.3 markus 382:
383: cp = *cpp;
384:
1.1 markus 385: switch(ret->type) {
1.12 markus 386: case KEY_RSA1:
1.3 markus 387: /* Get number of bits. */
388: if (*cp < '0' || *cp > '9')
1.12 markus 389: return -1; /* Bad bit count... */
1.3 markus 390: for (bits = 0; *cp >= '0' && *cp <= '9'; cp++)
391: bits = 10 * bits + *cp - '0';
1.1 markus 392: if (bits == 0)
1.12 markus 393: return -1;
1.3 markus 394: *cpp = cp;
1.1 markus 395: /* Get public exponent, public modulus. */
396: if (!read_bignum(cpp, ret->rsa->e))
1.12 markus 397: return -1;
1.1 markus 398: if (!read_bignum(cpp, ret->rsa->n))
1.12 markus 399: return -1;
400: success = 1;
1.1 markus 401: break;
1.12 markus 402: case KEY_UNSPEC:
403: case KEY_RSA:
1.1 markus 404: case KEY_DSA:
1.12 markus 405: space = strchr(cp, ' ');
406: if (space == NULL) {
407: debug3("key_read: no space");
408: return -1;
409: }
410: *space = '\0';
411: type = key_type_from_name(cp);
412: *space = ' ';
413: if (type == KEY_UNSPEC) {
414: debug3("key_read: no key found");
415: return -1;
416: }
417: cp = space+1;
418: if (*cp == '\0') {
419: debug3("key_read: short string");
420: return -1;
421: }
422: if (ret->type == KEY_UNSPEC) {
423: ret->type = type;
424: } else if (ret->type != type) {
425: /* is a key, but different type */
426: debug3("key_read: type mismatch");
1.1 markus 427: return 0;
1.12 markus 428: }
1.3 markus 429: len = 2*strlen(cp);
430: blob = xmalloc(len);
431: n = uudecode(cp, blob, len);
1.6 markus 432: if (n < 0) {
1.7 markus 433: error("key_read: uudecode %s failed", cp);
1.12 markus 434: return -1;
1.6 markus 435: }
1.12 markus 436: k = key_from_blob(blob, n);
1.7 markus 437: if (k == NULL) {
1.12 markus 438: error("key_read: key_from_blob %s failed", cp);
439: return -1;
1.7 markus 440: }
1.3 markus 441: xfree(blob);
1.12 markus 442: if (k->type != type) {
443: error("key_read: type mismatch: encoding error");
444: key_free(k);
445: return -1;
446: }
447: /*XXXX*/
448: if (ret->type == KEY_RSA) {
449: if (ret->rsa != NULL)
450: RSA_free(ret->rsa);
451: ret->rsa = k->rsa;
452: k->rsa = NULL;
453: success = 1;
454: #ifdef DEBUG_PK
455: RSA_print_fp(stderr, ret->rsa, 8);
456: #endif
457: } else {
458: if (ret->dsa != NULL)
459: DSA_free(ret->dsa);
460: ret->dsa = k->dsa;
461: k->dsa = NULL;
462: success = 1;
463: #ifdef DEBUG_PK
464: DSA_print_fp(stderr, ret->dsa, 8);
465: #endif
466: }
467: /*XXXX*/
468: if (success != 1)
469: break;
1.3 markus 470: key_free(k);
1.7 markus 471: /* advance cp: skip whitespace and data */
472: while (*cp == ' ' || *cp == '\t')
473: cp++;
474: while (*cp != '\0' && *cp != ' ' && *cp != '\t')
475: cp++;
476: *cpp = cp;
1.1 markus 477: break;
478: default:
1.3 markus 479: fatal("key_read: bad key type: %d", ret->type);
1.1 markus 480: break;
481: }
1.12 markus 482: return success;
1.1 markus 483: }
484: int
485: key_write(Key *key, FILE *f)
486: {
487: int success = 0;
1.13 markus 488: u_int bits = 0;
1.1 markus 489:
1.12 markus 490: if (key->type == KEY_RSA1 && key->rsa != NULL) {
1.1 markus 491: /* size of modulus 'n' */
492: bits = BN_num_bits(key->rsa->n);
493: fprintf(f, "%u", bits);
494: if (write_bignum(f, key->rsa->e) &&
495: write_bignum(f, key->rsa->n)) {
496: success = 1;
497: } else {
498: error("key_write: failed for RSA key");
499: }
1.12 markus 500: } else if ((key->type == KEY_DSA && key->dsa != NULL) ||
501: (key->type == KEY_RSA && key->rsa != NULL)) {
1.3 markus 502: int len, n;
1.13 markus 503: u_char *blob, *uu;
1.12 markus 504: key_to_blob(key, &blob, &len);
1.3 markus 505: uu = xmalloc(2*len);
1.5 markus 506: n = uuencode(blob, len, uu, 2*len);
507: if (n > 0) {
1.12 markus 508: fprintf(f, "%s %s", key_ssh_name(key), uu);
1.5 markus 509: success = 1;
510: }
1.3 markus 511: xfree(blob);
512: xfree(uu);
1.1 markus 513: }
514: return success;
515: }
1.4 markus 516: char *
517: key_type(Key *k)
518: {
519: switch (k->type) {
1.12 markus 520: case KEY_RSA1:
521: return "RSA1";
522: break;
1.4 markus 523: case KEY_RSA:
524: return "RSA";
525: break;
526: case KEY_DSA:
527: return "DSA";
528: break;
529: }
530: return "unknown";
1.10 markus 531: }
1.12 markus 532: char *
533: key_ssh_name(Key *k)
534: {
535: switch (k->type) {
536: case KEY_RSA:
537: return "ssh-rsa";
538: break;
539: case KEY_DSA:
540: return "ssh-dss";
541: break;
542: }
543: return "ssh-unknown";
544: }
545: u_int
1.10 markus 546: key_size(Key *k){
547: switch (k->type) {
1.12 markus 548: case KEY_RSA1:
1.10 markus 549: case KEY_RSA:
550: return BN_num_bits(k->rsa->n);
551: break;
552: case KEY_DSA:
553: return BN_num_bits(k->dsa->p);
554: break;
555: }
556: return 0;
1.12 markus 557: }
558:
559: RSA *
1.13 markus 560: rsa_generate_private_key(u_int bits)
1.12 markus 561: {
1.17 stevesk 562: RSA *private;
563: private = RSA_generate_key(bits, 35, NULL, NULL);
564: if (private == NULL)
565: fatal("rsa_generate_private_key: key generation failed.");
566: return private;
1.12 markus 567: }
568:
569: DSA*
1.13 markus 570: dsa_generate_private_key(u_int bits)
1.12 markus 571: {
572: DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
573: if (private == NULL)
574: fatal("dsa_generate_private_key: DSA_generate_parameters failed");
575: if (!DSA_generate_key(private))
1.17 stevesk 576: fatal("dsa_generate_private_key: DSA_generate_key failed.");
577: if (private == NULL)
578: fatal("dsa_generate_private_key: NULL.");
1.12 markus 579: return private;
580: }
581:
582: Key *
1.13 markus 583: key_generate(int type, u_int bits)
1.12 markus 584: {
585: Key *k = key_new(KEY_UNSPEC);
586: switch (type) {
1.17 stevesk 587: case KEY_DSA:
1.12 markus 588: k->dsa = dsa_generate_private_key(bits);
589: break;
590: case KEY_RSA:
591: case KEY_RSA1:
592: k->rsa = rsa_generate_private_key(bits);
593: break;
594: default:
1.17 stevesk 595: fatal("key_generate: unknown type %d", type);
1.12 markus 596: }
1.17 stevesk 597: k->type = type;
1.12 markus 598: return k;
599: }
600:
601: Key *
602: key_from_private(Key *k)
603: {
604: Key *n = NULL;
605: switch (k->type) {
1.17 stevesk 606: case KEY_DSA:
1.12 markus 607: n = key_new(k->type);
608: BN_copy(n->dsa->p, k->dsa->p);
609: BN_copy(n->dsa->q, k->dsa->q);
610: BN_copy(n->dsa->g, k->dsa->g);
611: BN_copy(n->dsa->pub_key, k->dsa->pub_key);
612: break;
613: case KEY_RSA:
614: case KEY_RSA1:
615: n = key_new(k->type);
616: BN_copy(n->rsa->n, k->rsa->n);
617: BN_copy(n->rsa->e, k->rsa->e);
618: break;
619: default:
1.17 stevesk 620: fatal("key_from_private: unknown type %d", k->type);
1.12 markus 621: break;
622: }
623: return n;
624: }
625:
626: int
627: key_type_from_name(char *name)
628: {
629: if (strcmp(name, "rsa1") == 0){
630: return KEY_RSA1;
631: } else if (strcmp(name, "rsa") == 0){
632: return KEY_RSA;
633: } else if (strcmp(name, "dsa") == 0){
634: return KEY_DSA;
635: } else if (strcmp(name, "ssh-rsa") == 0){
636: return KEY_RSA;
637: } else if (strcmp(name, "ssh-dss") == 0){
638: return KEY_DSA;
639: }
1.18 markus 640: debug2("key_type_from_name: unknown key type '%s'", name);
1.12 markus 641: return KEY_UNSPEC;
642: }
643:
644: Key *
645: key_from_blob(char *blob, int blen)
646: {
647: Buffer b;
648: char *ktype;
649: int rlen, type;
650: Key *key = NULL;
651:
652: #ifdef DEBUG_PK
653: dump_base64(stderr, blob, blen);
654: #endif
655: buffer_init(&b);
656: buffer_append(&b, blob, blen);
657: ktype = buffer_get_string(&b, NULL);
658: type = key_type_from_name(ktype);
659:
660: switch(type){
661: case KEY_RSA:
662: key = key_new(type);
1.14 markus 663: buffer_get_bignum2(&b, key->rsa->e);
1.12 markus 664: buffer_get_bignum2(&b, key->rsa->n);
665: #ifdef DEBUG_PK
666: RSA_print_fp(stderr, key->rsa, 8);
667: #endif
668: break;
669: case KEY_DSA:
670: key = key_new(type);
671: buffer_get_bignum2(&b, key->dsa->p);
672: buffer_get_bignum2(&b, key->dsa->q);
673: buffer_get_bignum2(&b, key->dsa->g);
674: buffer_get_bignum2(&b, key->dsa->pub_key);
675: #ifdef DEBUG_PK
676: DSA_print_fp(stderr, key->dsa, 8);
677: #endif
678: break;
679: case KEY_UNSPEC:
680: key = key_new(type);
681: break;
682: default:
683: error("key_from_blob: cannot handle type %s", ktype);
684: break;
685: }
686: rlen = buffer_len(&b);
687: if (key != NULL && rlen != 0)
688: error("key_from_blob: remaining bytes in key blob %d", rlen);
689: xfree(ktype);
690: buffer_free(&b);
691: return key;
692: }
693:
694: int
1.13 markus 695: key_to_blob(Key *key, u_char **blobp, u_int *lenp)
1.12 markus 696: {
697: Buffer b;
698: int len;
1.13 markus 699: u_char *buf;
1.12 markus 700:
701: if (key == NULL) {
702: error("key_to_blob: key == NULL");
703: return 0;
704: }
705: buffer_init(&b);
706: switch(key->type){
707: case KEY_DSA:
708: buffer_put_cstring(&b, key_ssh_name(key));
709: buffer_put_bignum2(&b, key->dsa->p);
710: buffer_put_bignum2(&b, key->dsa->q);
711: buffer_put_bignum2(&b, key->dsa->g);
712: buffer_put_bignum2(&b, key->dsa->pub_key);
713: break;
714: case KEY_RSA:
715: buffer_put_cstring(&b, key_ssh_name(key));
1.14 markus 716: buffer_put_bignum2(&b, key->rsa->e);
1.12 markus 717: buffer_put_bignum2(&b, key->rsa->n);
718: break;
719: default:
720: error("key_to_blob: illegal key type %d", key->type);
721: break;
722: }
723: len = buffer_len(&b);
724: buf = xmalloc(len);
725: memcpy(buf, buffer_ptr(&b), len);
726: memset(buffer_ptr(&b), 0, len);
727: buffer_free(&b);
728: if (lenp != NULL)
729: *lenp = len;
730: if (blobp != NULL)
731: *blobp = buf;
732: return len;
733: }
734:
735: int
736: key_sign(
737: Key *key,
1.13 markus 738: u_char **sigp, int *lenp,
739: u_char *data, int datalen)
1.12 markus 740: {
741: switch(key->type){
742: case KEY_DSA:
743: return ssh_dss_sign(key, sigp, lenp, data, datalen);
744: break;
745: case KEY_RSA:
746: return ssh_rsa_sign(key, sigp, lenp, data, datalen);
747: break;
748: default:
749: error("key_sign: illegal key type %d", key->type);
750: return -1;
751: break;
752: }
753: }
754:
755: int
756: key_verify(
757: Key *key,
1.13 markus 758: u_char *signature, int signaturelen,
759: u_char *data, int datalen)
1.12 markus 760: {
761: switch(key->type){
762: case KEY_DSA:
763: return ssh_dss_verify(key, signature, signaturelen, data, datalen);
764: break;
765: case KEY_RSA:
766: return ssh_rsa_verify(key, signature, signaturelen, data, datalen);
767: break;
768: default:
769: error("key_verify: illegal key type %d", key->type);
770: return -1;
771: break;
772: }
1.4 markus 773: }