Annotation of src/usr.bin/ssh/key.c, Revision 1.33
1.1 markus 1: /*
1.11 deraadt 2: * read_bignum():
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: *
5: * As far as I am concerned, the code I have written for this software
6: * can be used freely for any purpose. Any derived versions of this
7: * software must be clearly marked as such, and if the derived work is
8: * incompatible with the protocol description in the RFC file, it must be
9: * called by a name other than "ssh" or "Secure Shell".
10: *
11: *
1.28 markus 12: * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
1.1 markus 13: *
14: * Redistribution and use in source and binary forms, with or without
15: * modification, are permitted provided that the following conditions
16: * are met:
17: * 1. Redistributions of source code must retain the above copyright
18: * notice, this list of conditions and the following disclaimer.
19: * 2. Redistributions in binary form must reproduce the above copyright
20: * notice, this list of conditions and the following disclaimer in the
21: * documentation and/or other materials provided with the distribution.
22: *
23: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33: */
1.15 markus 34: #include "includes.h"
1.33 ! markus 35: RCSID("$OpenBSD: key.c,v 1.32 2001/09/19 13:23:29 markus Exp $");
1.1 markus 36:
1.2 markus 37: #include <openssl/evp.h>
1.15 markus 38:
1.1 markus 39: #include "xmalloc.h"
40: #include "key.h"
1.12 markus 41: #include "rsa.h"
42: #include "ssh-dss.h"
43: #include "ssh-rsa.h"
1.3 markus 44: #include "uuencode.h"
1.12 markus 45: #include "buffer.h"
46: #include "bufaux.h"
1.15 markus 47: #include "log.h"
1.1 markus 48:
49: Key *
50: key_new(int type)
51: {
52: Key *k;
53: RSA *rsa;
54: DSA *dsa;
55: k = xmalloc(sizeof(*k));
56: k->type = type;
1.29 markus 57: k->flags = 0;
1.3 markus 58: k->dsa = NULL;
59: k->rsa = NULL;
1.1 markus 60: switch (k->type) {
1.12 markus 61: case KEY_RSA1:
1.1 markus 62: case KEY_RSA:
63: rsa = RSA_new();
64: rsa->n = BN_new();
65: rsa->e = BN_new();
66: k->rsa = rsa;
67: break;
68: case KEY_DSA:
69: dsa = DSA_new();
70: dsa->p = BN_new();
71: dsa->q = BN_new();
72: dsa->g = BN_new();
73: dsa->pub_key = BN_new();
74: k->dsa = dsa;
75: break;
1.12 markus 76: case KEY_UNSPEC:
1.1 markus 77: break;
78: default:
79: fatal("key_new: bad key type %d", k->type);
80: break;
81: }
82: return k;
83: }
1.12 markus 84: Key *
85: key_new_private(int type)
86: {
87: Key *k = key_new(type);
88: switch (k->type) {
89: case KEY_RSA1:
90: case KEY_RSA:
91: k->rsa->d = BN_new();
92: k->rsa->iqmp = BN_new();
93: k->rsa->q = BN_new();
94: k->rsa->p = BN_new();
95: k->rsa->dmq1 = BN_new();
96: k->rsa->dmp1 = BN_new();
97: break;
98: case KEY_DSA:
99: k->dsa->priv_key = BN_new();
100: break;
101: case KEY_UNSPEC:
102: break;
103: default:
104: break;
105: }
106: return k;
107: }
1.1 markus 108: void
109: key_free(Key *k)
110: {
111: switch (k->type) {
1.12 markus 112: case KEY_RSA1:
1.1 markus 113: case KEY_RSA:
114: if (k->rsa != NULL)
115: RSA_free(k->rsa);
116: k->rsa = NULL;
117: break;
118: case KEY_DSA:
119: if (k->dsa != NULL)
120: DSA_free(k->dsa);
121: k->dsa = NULL;
122: break;
1.12 markus 123: case KEY_UNSPEC:
124: break;
1.1 markus 125: default:
126: fatal("key_free: bad key type %d", k->type);
127: break;
128: }
129: xfree(k);
130: }
131: int
132: key_equal(Key *a, Key *b)
133: {
134: if (a == NULL || b == NULL || a->type != b->type)
135: return 0;
136: switch (a->type) {
1.12 markus 137: case KEY_RSA1:
1.1 markus 138: case KEY_RSA:
139: return a->rsa != NULL && b->rsa != NULL &&
140: BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
141: BN_cmp(a->rsa->n, b->rsa->n) == 0;
142: break;
143: case KEY_DSA:
144: return a->dsa != NULL && b->dsa != NULL &&
145: BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
146: BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
147: BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
148: BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
149: break;
150: default:
1.3 markus 151: fatal("key_equal: bad key type %d", a->type);
1.1 markus 152: break;
153: }
154: return 0;
155: }
156:
1.27 itojun 157: static u_char*
1.19 jakob 158: key_fingerprint_raw(Key *k, enum fp_type dgst_type, size_t *dgst_raw_length)
1.1 markus 159: {
1.21 markus 160: EVP_MD *md = NULL;
161: EVP_MD_CTX ctx;
1.13 markus 162: u_char *blob = NULL;
1.19 jakob 163: u_char *retval = NULL;
1.1 markus 164: int len = 0;
1.3 markus 165: int nlen, elen;
1.1 markus 166:
1.19 jakob 167: *dgst_raw_length = 0;
168:
1.21 markus 169: switch (dgst_type) {
170: case SSH_FP_MD5:
171: md = EVP_md5();
172: break;
173: case SSH_FP_SHA1:
174: md = EVP_sha1();
175: break;
176: default:
177: fatal("key_fingerprint_raw: bad digest type %d",
178: dgst_type);
179: }
1.1 markus 180: switch (k->type) {
1.12 markus 181: case KEY_RSA1:
1.1 markus 182: nlen = BN_num_bytes(k->rsa->n);
183: elen = BN_num_bytes(k->rsa->e);
184: len = nlen + elen;
1.3 markus 185: blob = xmalloc(len);
186: BN_bn2bin(k->rsa->n, blob);
187: BN_bn2bin(k->rsa->e, blob + nlen);
1.1 markus 188: break;
189: case KEY_DSA:
1.12 markus 190: case KEY_RSA:
191: key_to_blob(k, &blob, &len);
192: break;
193: case KEY_UNSPEC:
194: return retval;
1.1 markus 195: break;
196: default:
1.19 jakob 197: fatal("key_fingerprint_raw: bad key type %d", k->type);
1.1 markus 198: break;
199: }
1.3 markus 200: if (blob != NULL) {
1.19 jakob 201: retval = xmalloc(EVP_MAX_MD_SIZE);
1.8 markus 202: EVP_DigestInit(&ctx, md);
203: EVP_DigestUpdate(&ctx, blob, len);
1.19 jakob 204: EVP_DigestFinal(&ctx, retval, NULL);
205: *dgst_raw_length = md->md_size;
1.3 markus 206: memset(blob, 0, len);
207: xfree(blob);
1.19 jakob 208: } else {
209: fatal("key_fingerprint_raw: blob is null");
1.1 markus 210: }
1.19 jakob 211: return retval;
212: }
213:
1.27 itojun 214: static char*
1.23 markus 215: key_fingerprint_hex(u_char* dgst_raw, size_t dgst_raw_len)
1.19 jakob 216: {
217: char *retval;
218: int i;
219:
1.24 deraadt 220: retval = xmalloc(dgst_raw_len * 3 + 1);
1.19 jakob 221: retval[0] = '\0';
222: for(i = 0; i < dgst_raw_len; i++) {
223: char hex[4];
224: snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
225: strlcat(retval, hex, dgst_raw_len * 3);
226: }
227: retval[(dgst_raw_len * 3) - 1] = '\0';
228: return retval;
229: }
230:
1.27 itojun 231: static char*
1.23 markus 232: key_fingerprint_bubblebabble(u_char* dgst_raw, size_t dgst_raw_len)
1.19 jakob 233: {
234: char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' };
235: char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm',
236: 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' };
1.20 jakob 237: u_int i, j = 0, rounds, seed = 1;
1.19 jakob 238: char *retval;
239:
240: rounds = (dgst_raw_len / 2) + 1;
241: retval = xmalloc(sizeof(char) * (rounds*6));
1.20 jakob 242: retval[j++] = 'x';
243: for (i = 0; i < rounds; i++) {
1.19 jakob 244: u_int idx0, idx1, idx2, idx3, idx4;
1.20 jakob 245: if ((i + 1 < rounds) || (dgst_raw_len % 2 != 0)) {
246: idx0 = (((((u_int)(dgst_raw[2 * i])) >> 6) & 3) +
1.19 jakob 247: seed) % 6;
1.20 jakob 248: idx1 = (((u_int)(dgst_raw[2 * i])) >> 2) & 15;
249: idx2 = ((((u_int)(dgst_raw[2 * i])) & 3) +
1.19 jakob 250: (seed / 6)) % 6;
1.20 jakob 251: retval[j++] = vowels[idx0];
252: retval[j++] = consonants[idx1];
253: retval[j++] = vowels[idx2];
254: if ((i + 1) < rounds) {
255: idx3 = (((u_int)(dgst_raw[(2 * i) + 1])) >> 4) & 15;
256: idx4 = (((u_int)(dgst_raw[(2 * i) + 1]))) & 15;
257: retval[j++] = consonants[idx3];
258: retval[j++] = '-';
259: retval[j++] = consonants[idx4];
1.19 jakob 260: seed = ((seed * 5) +
1.20 jakob 261: ((((u_int)(dgst_raw[2 * i])) * 7) +
262: ((u_int)(dgst_raw[(2 * i) + 1])))) % 36;
1.19 jakob 263: }
264: } else {
265: idx0 = seed % 6;
266: idx1 = 16;
267: idx2 = seed / 6;
1.20 jakob 268: retval[j++] = vowels[idx0];
269: retval[j++] = consonants[idx1];
270: retval[j++] = vowels[idx2];
1.19 jakob 271: }
272: }
1.20 jakob 273: retval[j++] = 'x';
274: retval[j++] = '\0';
1.19 jakob 275: return retval;
276: }
277:
278: char*
1.22 markus 279: key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
1.19 jakob 280: {
1.23 markus 281: char *retval = NULL;
1.19 jakob 282: u_char *dgst_raw;
1.23 markus 283: size_t dgst_raw_len;
1.19 jakob 284:
285: dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len);
286: if (!dgst_raw)
1.22 markus 287: fatal("key_fingerprint: null from key_fingerprint_raw()");
1.19 jakob 288: switch(dgst_rep) {
289: case SSH_FP_HEX:
290: retval = key_fingerprint_hex(dgst_raw, dgst_raw_len);
291: break;
292: case SSH_FP_BUBBLEBABBLE:
293: retval = key_fingerprint_bubblebabble(dgst_raw, dgst_raw_len);
294: break;
295: default:
296: fatal("key_fingerprint_ex: bad digest representation %d",
297: dgst_rep);
298: break;
299: }
300: memset(dgst_raw, 0, dgst_raw_len);
301: xfree(dgst_raw);
1.1 markus 302: return retval;
303: }
304:
305: /*
306: * Reads a multiple-precision integer in decimal from the buffer, and advances
307: * the pointer. The integer must already be initialized. This function is
308: * permitted to modify the buffer. This leaves *cpp to point just beyond the
309: * last processed (and maybe modified) character. Note that this may modify
310: * the buffer containing the number.
311: */
1.27 itojun 312: static int
1.1 markus 313: read_bignum(char **cpp, BIGNUM * value)
314: {
315: char *cp = *cpp;
316: int old;
317:
318: /* Skip any leading whitespace. */
319: for (; *cp == ' ' || *cp == '\t'; cp++)
320: ;
321:
322: /* Check that it begins with a decimal digit. */
323: if (*cp < '0' || *cp > '9')
324: return 0;
325:
326: /* Save starting position. */
327: *cpp = cp;
328:
329: /* Move forward until all decimal digits skipped. */
330: for (; *cp >= '0' && *cp <= '9'; cp++)
331: ;
332:
333: /* Save the old terminating character, and replace it by \0. */
334: old = *cp;
335: *cp = 0;
336:
337: /* Parse the number. */
338: if (BN_dec2bn(&value, *cpp) == 0)
339: return 0;
340:
341: /* Restore old terminating character. */
342: *cp = old;
343:
344: /* Move beyond the number and return success. */
345: *cpp = cp;
346: return 1;
347: }
1.27 itojun 348: static int
1.1 markus 349: write_bignum(FILE *f, BIGNUM *num)
350: {
351: char *buf = BN_bn2dec(num);
352: if (buf == NULL) {
353: error("write_bignum: BN_bn2dec() failed");
354: return 0;
355: }
356: fprintf(f, " %s", buf);
1.33 ! markus 357: OPENSSL_free(buf);
1.1 markus 358: return 1;
359: }
1.12 markus 360:
1.32 markus 361: /* returns 1 ok, -1 error */
1.12 markus 362: int
1.3 markus 363: key_read(Key *ret, char **cpp)
1.1 markus 364: {
1.3 markus 365: Key *k;
1.12 markus 366: int success = -1;
367: char *cp, *space;
368: int len, n, type;
369: u_int bits;
1.13 markus 370: u_char *blob;
1.3 markus 371:
372: cp = *cpp;
373:
1.1 markus 374: switch(ret->type) {
1.12 markus 375: case KEY_RSA1:
1.3 markus 376: /* Get number of bits. */
377: if (*cp < '0' || *cp > '9')
1.12 markus 378: return -1; /* Bad bit count... */
1.3 markus 379: for (bits = 0; *cp >= '0' && *cp <= '9'; cp++)
380: bits = 10 * bits + *cp - '0';
1.1 markus 381: if (bits == 0)
1.12 markus 382: return -1;
1.3 markus 383: *cpp = cp;
1.1 markus 384: /* Get public exponent, public modulus. */
385: if (!read_bignum(cpp, ret->rsa->e))
1.12 markus 386: return -1;
1.1 markus 387: if (!read_bignum(cpp, ret->rsa->n))
1.12 markus 388: return -1;
389: success = 1;
1.1 markus 390: break;
1.12 markus 391: case KEY_UNSPEC:
392: case KEY_RSA:
1.1 markus 393: case KEY_DSA:
1.12 markus 394: space = strchr(cp, ' ');
395: if (space == NULL) {
396: debug3("key_read: no space");
397: return -1;
398: }
399: *space = '\0';
400: type = key_type_from_name(cp);
401: *space = ' ';
402: if (type == KEY_UNSPEC) {
403: debug3("key_read: no key found");
404: return -1;
405: }
406: cp = space+1;
407: if (*cp == '\0') {
408: debug3("key_read: short string");
409: return -1;
410: }
411: if (ret->type == KEY_UNSPEC) {
412: ret->type = type;
413: } else if (ret->type != type) {
414: /* is a key, but different type */
415: debug3("key_read: type mismatch");
1.32 markus 416: return -1;
1.12 markus 417: }
1.3 markus 418: len = 2*strlen(cp);
419: blob = xmalloc(len);
420: n = uudecode(cp, blob, len);
1.6 markus 421: if (n < 0) {
1.7 markus 422: error("key_read: uudecode %s failed", cp);
1.12 markus 423: return -1;
1.6 markus 424: }
1.12 markus 425: k = key_from_blob(blob, n);
1.7 markus 426: if (k == NULL) {
1.12 markus 427: error("key_read: key_from_blob %s failed", cp);
428: return -1;
1.7 markus 429: }
1.3 markus 430: xfree(blob);
1.12 markus 431: if (k->type != type) {
432: error("key_read: type mismatch: encoding error");
433: key_free(k);
434: return -1;
435: }
436: /*XXXX*/
437: if (ret->type == KEY_RSA) {
438: if (ret->rsa != NULL)
439: RSA_free(ret->rsa);
440: ret->rsa = k->rsa;
441: k->rsa = NULL;
442: success = 1;
443: #ifdef DEBUG_PK
444: RSA_print_fp(stderr, ret->rsa, 8);
445: #endif
446: } else {
447: if (ret->dsa != NULL)
448: DSA_free(ret->dsa);
449: ret->dsa = k->dsa;
450: k->dsa = NULL;
451: success = 1;
452: #ifdef DEBUG_PK
453: DSA_print_fp(stderr, ret->dsa, 8);
454: #endif
455: }
456: /*XXXX*/
457: if (success != 1)
458: break;
1.3 markus 459: key_free(k);
1.7 markus 460: /* advance cp: skip whitespace and data */
461: while (*cp == ' ' || *cp == '\t')
462: cp++;
463: while (*cp != '\0' && *cp != ' ' && *cp != '\t')
464: cp++;
465: *cpp = cp;
1.1 markus 466: break;
467: default:
1.3 markus 468: fatal("key_read: bad key type: %d", ret->type);
1.1 markus 469: break;
470: }
1.12 markus 471: return success;
1.1 markus 472: }
473: int
474: key_write(Key *key, FILE *f)
475: {
476: int success = 0;
1.13 markus 477: u_int bits = 0;
1.1 markus 478:
1.12 markus 479: if (key->type == KEY_RSA1 && key->rsa != NULL) {
1.1 markus 480: /* size of modulus 'n' */
481: bits = BN_num_bits(key->rsa->n);
482: fprintf(f, "%u", bits);
483: if (write_bignum(f, key->rsa->e) &&
484: write_bignum(f, key->rsa->n)) {
485: success = 1;
486: } else {
487: error("key_write: failed for RSA key");
488: }
1.12 markus 489: } else if ((key->type == KEY_DSA && key->dsa != NULL) ||
490: (key->type == KEY_RSA && key->rsa != NULL)) {
1.3 markus 491: int len, n;
1.13 markus 492: u_char *blob, *uu;
1.12 markus 493: key_to_blob(key, &blob, &len);
1.3 markus 494: uu = xmalloc(2*len);
1.5 markus 495: n = uuencode(blob, len, uu, 2*len);
496: if (n > 0) {
1.12 markus 497: fprintf(f, "%s %s", key_ssh_name(key), uu);
1.5 markus 498: success = 1;
499: }
1.3 markus 500: xfree(blob);
501: xfree(uu);
1.1 markus 502: }
503: return success;
504: }
1.4 markus 505: char *
506: key_type(Key *k)
507: {
508: switch (k->type) {
1.12 markus 509: case KEY_RSA1:
510: return "RSA1";
511: break;
1.4 markus 512: case KEY_RSA:
513: return "RSA";
514: break;
515: case KEY_DSA:
516: return "DSA";
517: break;
518: }
519: return "unknown";
1.10 markus 520: }
1.12 markus 521: char *
522: key_ssh_name(Key *k)
523: {
524: switch (k->type) {
525: case KEY_RSA:
526: return "ssh-rsa";
527: break;
528: case KEY_DSA:
529: return "ssh-dss";
530: break;
531: }
532: return "ssh-unknown";
533: }
534: u_int
1.10 markus 535: key_size(Key *k){
536: switch (k->type) {
1.12 markus 537: case KEY_RSA1:
1.10 markus 538: case KEY_RSA:
539: return BN_num_bits(k->rsa->n);
540: break;
541: case KEY_DSA:
542: return BN_num_bits(k->dsa->p);
543: break;
544: }
545: return 0;
1.12 markus 546: }
547:
1.27 itojun 548: static RSA *
1.13 markus 549: rsa_generate_private_key(u_int bits)
1.12 markus 550: {
1.17 stevesk 551: RSA *private;
552: private = RSA_generate_key(bits, 35, NULL, NULL);
553: if (private == NULL)
554: fatal("rsa_generate_private_key: key generation failed.");
555: return private;
1.12 markus 556: }
557:
1.27 itojun 558: static DSA*
1.13 markus 559: dsa_generate_private_key(u_int bits)
1.12 markus 560: {
561: DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
562: if (private == NULL)
563: fatal("dsa_generate_private_key: DSA_generate_parameters failed");
564: if (!DSA_generate_key(private))
1.17 stevesk 565: fatal("dsa_generate_private_key: DSA_generate_key failed.");
566: if (private == NULL)
567: fatal("dsa_generate_private_key: NULL.");
1.12 markus 568: return private;
569: }
570:
571: Key *
1.13 markus 572: key_generate(int type, u_int bits)
1.12 markus 573: {
574: Key *k = key_new(KEY_UNSPEC);
575: switch (type) {
1.17 stevesk 576: case KEY_DSA:
1.12 markus 577: k->dsa = dsa_generate_private_key(bits);
578: break;
579: case KEY_RSA:
580: case KEY_RSA1:
581: k->rsa = rsa_generate_private_key(bits);
582: break;
583: default:
1.17 stevesk 584: fatal("key_generate: unknown type %d", type);
1.12 markus 585: }
1.17 stevesk 586: k->type = type;
1.12 markus 587: return k;
588: }
589:
590: Key *
591: key_from_private(Key *k)
592: {
593: Key *n = NULL;
594: switch (k->type) {
1.17 stevesk 595: case KEY_DSA:
1.12 markus 596: n = key_new(k->type);
597: BN_copy(n->dsa->p, k->dsa->p);
598: BN_copy(n->dsa->q, k->dsa->q);
599: BN_copy(n->dsa->g, k->dsa->g);
600: BN_copy(n->dsa->pub_key, k->dsa->pub_key);
601: break;
602: case KEY_RSA:
603: case KEY_RSA1:
604: n = key_new(k->type);
605: BN_copy(n->rsa->n, k->rsa->n);
606: BN_copy(n->rsa->e, k->rsa->e);
607: break;
608: default:
1.17 stevesk 609: fatal("key_from_private: unknown type %d", k->type);
1.12 markus 610: break;
611: }
612: return n;
613: }
614:
615: int
616: key_type_from_name(char *name)
617: {
618: if (strcmp(name, "rsa1") == 0){
619: return KEY_RSA1;
620: } else if (strcmp(name, "rsa") == 0){
621: return KEY_RSA;
622: } else if (strcmp(name, "dsa") == 0){
623: return KEY_DSA;
624: } else if (strcmp(name, "ssh-rsa") == 0){
625: return KEY_RSA;
626: } else if (strcmp(name, "ssh-dss") == 0){
627: return KEY_DSA;
628: }
1.18 markus 629: debug2("key_type_from_name: unknown key type '%s'", name);
1.12 markus 630: return KEY_UNSPEC;
1.25 markus 631: }
632:
633: int
634: key_names_valid2(const char *names)
635: {
636: char *s, *cp, *p;
637:
638: if (names == NULL || strcmp(names, "") == 0)
639: return 0;
640: s = cp = xstrdup(names);
641: for ((p = strsep(&cp, ",")); p && *p != '\0';
642: (p = strsep(&cp, ","))) {
643: switch (key_type_from_name(p)) {
644: case KEY_RSA1:
645: case KEY_UNSPEC:
646: xfree(s);
647: return 0;
648: }
649: }
650: debug3("key names ok: [%s]", names);
651: xfree(s);
652: return 1;
1.12 markus 653: }
654:
655: Key *
1.30 stevesk 656: key_from_blob(u_char *blob, int blen)
1.12 markus 657: {
658: Buffer b;
659: char *ktype;
660: int rlen, type;
661: Key *key = NULL;
662:
663: #ifdef DEBUG_PK
664: dump_base64(stderr, blob, blen);
665: #endif
666: buffer_init(&b);
667: buffer_append(&b, blob, blen);
668: ktype = buffer_get_string(&b, NULL);
669: type = key_type_from_name(ktype);
670:
671: switch(type){
672: case KEY_RSA:
673: key = key_new(type);
1.14 markus 674: buffer_get_bignum2(&b, key->rsa->e);
1.12 markus 675: buffer_get_bignum2(&b, key->rsa->n);
676: #ifdef DEBUG_PK
677: RSA_print_fp(stderr, key->rsa, 8);
678: #endif
679: break;
680: case KEY_DSA:
681: key = key_new(type);
682: buffer_get_bignum2(&b, key->dsa->p);
683: buffer_get_bignum2(&b, key->dsa->q);
684: buffer_get_bignum2(&b, key->dsa->g);
685: buffer_get_bignum2(&b, key->dsa->pub_key);
686: #ifdef DEBUG_PK
687: DSA_print_fp(stderr, key->dsa, 8);
688: #endif
689: break;
690: case KEY_UNSPEC:
691: key = key_new(type);
692: break;
693: default:
694: error("key_from_blob: cannot handle type %s", ktype);
695: break;
696: }
697: rlen = buffer_len(&b);
698: if (key != NULL && rlen != 0)
699: error("key_from_blob: remaining bytes in key blob %d", rlen);
700: xfree(ktype);
701: buffer_free(&b);
702: return key;
703: }
704:
705: int
1.13 markus 706: key_to_blob(Key *key, u_char **blobp, u_int *lenp)
1.12 markus 707: {
708: Buffer b;
709: int len;
1.13 markus 710: u_char *buf;
1.12 markus 711:
712: if (key == NULL) {
713: error("key_to_blob: key == NULL");
714: return 0;
715: }
716: buffer_init(&b);
717: switch(key->type){
718: case KEY_DSA:
719: buffer_put_cstring(&b, key_ssh_name(key));
720: buffer_put_bignum2(&b, key->dsa->p);
721: buffer_put_bignum2(&b, key->dsa->q);
722: buffer_put_bignum2(&b, key->dsa->g);
723: buffer_put_bignum2(&b, key->dsa->pub_key);
724: break;
725: case KEY_RSA:
726: buffer_put_cstring(&b, key_ssh_name(key));
1.14 markus 727: buffer_put_bignum2(&b, key->rsa->e);
1.12 markus 728: buffer_put_bignum2(&b, key->rsa->n);
729: break;
730: default:
1.31 markus 731: error("key_to_blob: unsupported key type %d", key->type);
732: buffer_free(&b);
733: return 0;
1.12 markus 734: }
735: len = buffer_len(&b);
736: buf = xmalloc(len);
737: memcpy(buf, buffer_ptr(&b), len);
738: memset(buffer_ptr(&b), 0, len);
739: buffer_free(&b);
740: if (lenp != NULL)
741: *lenp = len;
742: if (blobp != NULL)
743: *blobp = buf;
744: return len;
745: }
746:
747: int
748: key_sign(
749: Key *key,
1.13 markus 750: u_char **sigp, int *lenp,
751: u_char *data, int datalen)
1.12 markus 752: {
753: switch(key->type){
754: case KEY_DSA:
755: return ssh_dss_sign(key, sigp, lenp, data, datalen);
756: break;
757: case KEY_RSA:
758: return ssh_rsa_sign(key, sigp, lenp, data, datalen);
759: break;
760: default:
761: error("key_sign: illegal key type %d", key->type);
762: return -1;
763: break;
764: }
765: }
766:
767: int
768: key_verify(
769: Key *key,
1.13 markus 770: u_char *signature, int signaturelen,
771: u_char *data, int datalen)
1.12 markus 772: {
1.26 markus 773: if (signaturelen == 0)
774: return -1;
775:
1.12 markus 776: switch(key->type){
777: case KEY_DSA:
778: return ssh_dss_verify(key, signature, signaturelen, data, datalen);
779: break;
780: case KEY_RSA:
781: return ssh_rsa_verify(key, signature, signaturelen, data, datalen);
782: break;
783: default:
784: error("key_verify: illegal key type %d", key->type);
785: return -1;
786: break;
787: }
1.4 markus 788: }