Annotation of src/usr.bin/ssh/key.c, Revision 1.34
1.1 markus 1: /*
1.11 deraadt 2: * read_bignum():
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: *
5: * As far as I am concerned, the code I have written for this software
6: * can be used freely for any purpose. Any derived versions of this
7: * software must be clearly marked as such, and if the derived work is
8: * incompatible with the protocol description in the RFC file, it must be
9: * called by a name other than "ssh" or "Secure Shell".
10: *
11: *
1.28 markus 12: * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
1.1 markus 13: *
14: * Redistribution and use in source and binary forms, with or without
15: * modification, are permitted provided that the following conditions
16: * are met:
17: * 1. Redistributions of source code must retain the above copyright
18: * notice, this list of conditions and the following disclaimer.
19: * 2. Redistributions in binary form must reproduce the above copyright
20: * notice, this list of conditions and the following disclaimer in the
21: * documentation and/or other materials provided with the distribution.
22: *
23: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33: */
1.15 markus 34: #include "includes.h"
1.34 ! markus 35: RCSID("$OpenBSD: key.c,v 1.33 2001/10/04 14:34:16 markus Exp $");
1.1 markus 36:
1.2 markus 37: #include <openssl/evp.h>
1.15 markus 38:
1.1 markus 39: #include "xmalloc.h"
40: #include "key.h"
1.12 markus 41: #include "rsa.h"
42: #include "ssh-dss.h"
43: #include "ssh-rsa.h"
1.3 markus 44: #include "uuencode.h"
1.12 markus 45: #include "buffer.h"
46: #include "bufaux.h"
1.15 markus 47: #include "log.h"
1.1 markus 48:
49: Key *
50: key_new(int type)
51: {
52: Key *k;
53: RSA *rsa;
54: DSA *dsa;
55: k = xmalloc(sizeof(*k));
56: k->type = type;
1.29 markus 57: k->flags = 0;
1.3 markus 58: k->dsa = NULL;
59: k->rsa = NULL;
1.1 markus 60: switch (k->type) {
1.12 markus 61: case KEY_RSA1:
1.1 markus 62: case KEY_RSA:
63: rsa = RSA_new();
64: rsa->n = BN_new();
65: rsa->e = BN_new();
66: k->rsa = rsa;
67: break;
68: case KEY_DSA:
69: dsa = DSA_new();
70: dsa->p = BN_new();
71: dsa->q = BN_new();
72: dsa->g = BN_new();
73: dsa->pub_key = BN_new();
74: k->dsa = dsa;
75: break;
1.12 markus 76: case KEY_UNSPEC:
1.1 markus 77: break;
78: default:
79: fatal("key_new: bad key type %d", k->type);
80: break;
81: }
82: return k;
83: }
1.12 markus 84: Key *
85: key_new_private(int type)
86: {
87: Key *k = key_new(type);
88: switch (k->type) {
89: case KEY_RSA1:
90: case KEY_RSA:
91: k->rsa->d = BN_new();
92: k->rsa->iqmp = BN_new();
93: k->rsa->q = BN_new();
94: k->rsa->p = BN_new();
95: k->rsa->dmq1 = BN_new();
96: k->rsa->dmp1 = BN_new();
97: break;
98: case KEY_DSA:
99: k->dsa->priv_key = BN_new();
100: break;
101: case KEY_UNSPEC:
102: break;
103: default:
104: break;
105: }
106: return k;
107: }
1.1 markus 108: void
109: key_free(Key *k)
110: {
111: switch (k->type) {
1.12 markus 112: case KEY_RSA1:
1.1 markus 113: case KEY_RSA:
114: if (k->rsa != NULL)
115: RSA_free(k->rsa);
116: k->rsa = NULL;
117: break;
118: case KEY_DSA:
119: if (k->dsa != NULL)
120: DSA_free(k->dsa);
121: k->dsa = NULL;
122: break;
1.12 markus 123: case KEY_UNSPEC:
124: break;
1.1 markus 125: default:
126: fatal("key_free: bad key type %d", k->type);
127: break;
128: }
129: xfree(k);
130: }
131: int
132: key_equal(Key *a, Key *b)
133: {
134: if (a == NULL || b == NULL || a->type != b->type)
135: return 0;
136: switch (a->type) {
1.12 markus 137: case KEY_RSA1:
1.1 markus 138: case KEY_RSA:
139: return a->rsa != NULL && b->rsa != NULL &&
140: BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
141: BN_cmp(a->rsa->n, b->rsa->n) == 0;
142: break;
143: case KEY_DSA:
144: return a->dsa != NULL && b->dsa != NULL &&
145: BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
146: BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
147: BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
148: BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
149: break;
150: default:
1.3 markus 151: fatal("key_equal: bad key type %d", a->type);
1.1 markus 152: break;
153: }
154: return 0;
155: }
156:
1.27 itojun 157: static u_char*
1.19 jakob 158: key_fingerprint_raw(Key *k, enum fp_type dgst_type, size_t *dgst_raw_length)
1.1 markus 159: {
1.21 markus 160: EVP_MD *md = NULL;
161: EVP_MD_CTX ctx;
1.13 markus 162: u_char *blob = NULL;
1.19 jakob 163: u_char *retval = NULL;
1.1 markus 164: int len = 0;
1.3 markus 165: int nlen, elen;
1.1 markus 166:
1.19 jakob 167: *dgst_raw_length = 0;
168:
1.21 markus 169: switch (dgst_type) {
170: case SSH_FP_MD5:
171: md = EVP_md5();
172: break;
173: case SSH_FP_SHA1:
174: md = EVP_sha1();
175: break;
176: default:
177: fatal("key_fingerprint_raw: bad digest type %d",
178: dgst_type);
179: }
1.1 markus 180: switch (k->type) {
1.12 markus 181: case KEY_RSA1:
1.1 markus 182: nlen = BN_num_bytes(k->rsa->n);
183: elen = BN_num_bytes(k->rsa->e);
184: len = nlen + elen;
1.3 markus 185: blob = xmalloc(len);
186: BN_bn2bin(k->rsa->n, blob);
187: BN_bn2bin(k->rsa->e, blob + nlen);
1.1 markus 188: break;
189: case KEY_DSA:
1.12 markus 190: case KEY_RSA:
191: key_to_blob(k, &blob, &len);
192: break;
193: case KEY_UNSPEC:
194: return retval;
1.1 markus 195: break;
196: default:
1.19 jakob 197: fatal("key_fingerprint_raw: bad key type %d", k->type);
1.1 markus 198: break;
199: }
1.3 markus 200: if (blob != NULL) {
1.19 jakob 201: retval = xmalloc(EVP_MAX_MD_SIZE);
1.8 markus 202: EVP_DigestInit(&ctx, md);
203: EVP_DigestUpdate(&ctx, blob, len);
1.19 jakob 204: EVP_DigestFinal(&ctx, retval, NULL);
205: *dgst_raw_length = md->md_size;
1.3 markus 206: memset(blob, 0, len);
207: xfree(blob);
1.19 jakob 208: } else {
209: fatal("key_fingerprint_raw: blob is null");
1.1 markus 210: }
1.19 jakob 211: return retval;
212: }
213:
1.27 itojun 214: static char*
1.23 markus 215: key_fingerprint_hex(u_char* dgst_raw, size_t dgst_raw_len)
1.19 jakob 216: {
217: char *retval;
218: int i;
219:
1.24 deraadt 220: retval = xmalloc(dgst_raw_len * 3 + 1);
1.19 jakob 221: retval[0] = '\0';
222: for(i = 0; i < dgst_raw_len; i++) {
223: char hex[4];
224: snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
225: strlcat(retval, hex, dgst_raw_len * 3);
226: }
227: retval[(dgst_raw_len * 3) - 1] = '\0';
228: return retval;
229: }
230:
1.27 itojun 231: static char*
1.23 markus 232: key_fingerprint_bubblebabble(u_char* dgst_raw, size_t dgst_raw_len)
1.19 jakob 233: {
234: char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' };
235: char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm',
236: 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' };
1.20 jakob 237: u_int i, j = 0, rounds, seed = 1;
1.19 jakob 238: char *retval;
239:
240: rounds = (dgst_raw_len / 2) + 1;
241: retval = xmalloc(sizeof(char) * (rounds*6));
1.20 jakob 242: retval[j++] = 'x';
243: for (i = 0; i < rounds; i++) {
1.19 jakob 244: u_int idx0, idx1, idx2, idx3, idx4;
1.20 jakob 245: if ((i + 1 < rounds) || (dgst_raw_len % 2 != 0)) {
246: idx0 = (((((u_int)(dgst_raw[2 * i])) >> 6) & 3) +
1.19 jakob 247: seed) % 6;
1.20 jakob 248: idx1 = (((u_int)(dgst_raw[2 * i])) >> 2) & 15;
249: idx2 = ((((u_int)(dgst_raw[2 * i])) & 3) +
1.19 jakob 250: (seed / 6)) % 6;
1.20 jakob 251: retval[j++] = vowels[idx0];
252: retval[j++] = consonants[idx1];
253: retval[j++] = vowels[idx2];
254: if ((i + 1) < rounds) {
255: idx3 = (((u_int)(dgst_raw[(2 * i) + 1])) >> 4) & 15;
256: idx4 = (((u_int)(dgst_raw[(2 * i) + 1]))) & 15;
257: retval[j++] = consonants[idx3];
258: retval[j++] = '-';
259: retval[j++] = consonants[idx4];
1.19 jakob 260: seed = ((seed * 5) +
1.20 jakob 261: ((((u_int)(dgst_raw[2 * i])) * 7) +
262: ((u_int)(dgst_raw[(2 * i) + 1])))) % 36;
1.19 jakob 263: }
264: } else {
265: idx0 = seed % 6;
266: idx1 = 16;
267: idx2 = seed / 6;
1.20 jakob 268: retval[j++] = vowels[idx0];
269: retval[j++] = consonants[idx1];
270: retval[j++] = vowels[idx2];
1.19 jakob 271: }
272: }
1.20 jakob 273: retval[j++] = 'x';
274: retval[j++] = '\0';
1.19 jakob 275: return retval;
276: }
277:
278: char*
1.22 markus 279: key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
1.19 jakob 280: {
1.23 markus 281: char *retval = NULL;
1.19 jakob 282: u_char *dgst_raw;
1.23 markus 283: size_t dgst_raw_len;
1.19 jakob 284:
285: dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len);
286: if (!dgst_raw)
1.22 markus 287: fatal("key_fingerprint: null from key_fingerprint_raw()");
1.19 jakob 288: switch(dgst_rep) {
289: case SSH_FP_HEX:
290: retval = key_fingerprint_hex(dgst_raw, dgst_raw_len);
291: break;
292: case SSH_FP_BUBBLEBABBLE:
293: retval = key_fingerprint_bubblebabble(dgst_raw, dgst_raw_len);
294: break;
295: default:
296: fatal("key_fingerprint_ex: bad digest representation %d",
297: dgst_rep);
298: break;
299: }
300: memset(dgst_raw, 0, dgst_raw_len);
301: xfree(dgst_raw);
1.1 markus 302: return retval;
303: }
304:
305: /*
306: * Reads a multiple-precision integer in decimal from the buffer, and advances
307: * the pointer. The integer must already be initialized. This function is
308: * permitted to modify the buffer. This leaves *cpp to point just beyond the
309: * last processed (and maybe modified) character. Note that this may modify
310: * the buffer containing the number.
311: */
1.27 itojun 312: static int
1.1 markus 313: read_bignum(char **cpp, BIGNUM * value)
314: {
315: char *cp = *cpp;
316: int old;
317:
318: /* Skip any leading whitespace. */
319: for (; *cp == ' ' || *cp == '\t'; cp++)
320: ;
321:
322: /* Check that it begins with a decimal digit. */
323: if (*cp < '0' || *cp > '9')
324: return 0;
325:
326: /* Save starting position. */
327: *cpp = cp;
328:
329: /* Move forward until all decimal digits skipped. */
330: for (; *cp >= '0' && *cp <= '9'; cp++)
331: ;
332:
333: /* Save the old terminating character, and replace it by \0. */
334: old = *cp;
335: *cp = 0;
336:
337: /* Parse the number. */
338: if (BN_dec2bn(&value, *cpp) == 0)
339: return 0;
340:
341: /* Restore old terminating character. */
342: *cp = old;
343:
344: /* Move beyond the number and return success. */
345: *cpp = cp;
346: return 1;
347: }
1.27 itojun 348: static int
1.1 markus 349: write_bignum(FILE *f, BIGNUM *num)
350: {
351: char *buf = BN_bn2dec(num);
352: if (buf == NULL) {
353: error("write_bignum: BN_bn2dec() failed");
354: return 0;
355: }
356: fprintf(f, " %s", buf);
1.33 markus 357: OPENSSL_free(buf);
1.1 markus 358: return 1;
359: }
1.12 markus 360:
1.32 markus 361: /* returns 1 ok, -1 error */
1.12 markus 362: int
1.3 markus 363: key_read(Key *ret, char **cpp)
1.1 markus 364: {
1.3 markus 365: Key *k;
1.12 markus 366: int success = -1;
367: char *cp, *space;
368: int len, n, type;
369: u_int bits;
1.13 markus 370: u_char *blob;
1.3 markus 371:
372: cp = *cpp;
373:
1.1 markus 374: switch(ret->type) {
1.12 markus 375: case KEY_RSA1:
1.3 markus 376: /* Get number of bits. */
377: if (*cp < '0' || *cp > '9')
1.12 markus 378: return -1; /* Bad bit count... */
1.3 markus 379: for (bits = 0; *cp >= '0' && *cp <= '9'; cp++)
380: bits = 10 * bits + *cp - '0';
1.1 markus 381: if (bits == 0)
1.12 markus 382: return -1;
1.3 markus 383: *cpp = cp;
1.1 markus 384: /* Get public exponent, public modulus. */
385: if (!read_bignum(cpp, ret->rsa->e))
1.12 markus 386: return -1;
1.1 markus 387: if (!read_bignum(cpp, ret->rsa->n))
1.12 markus 388: return -1;
389: success = 1;
1.1 markus 390: break;
1.12 markus 391: case KEY_UNSPEC:
392: case KEY_RSA:
1.1 markus 393: case KEY_DSA:
1.12 markus 394: space = strchr(cp, ' ');
395: if (space == NULL) {
396: debug3("key_read: no space");
397: return -1;
398: }
399: *space = '\0';
400: type = key_type_from_name(cp);
401: *space = ' ';
402: if (type == KEY_UNSPEC) {
403: debug3("key_read: no key found");
404: return -1;
405: }
406: cp = space+1;
407: if (*cp == '\0') {
408: debug3("key_read: short string");
409: return -1;
410: }
411: if (ret->type == KEY_UNSPEC) {
412: ret->type = type;
413: } else if (ret->type != type) {
414: /* is a key, but different type */
415: debug3("key_read: type mismatch");
1.32 markus 416: return -1;
1.12 markus 417: }
1.3 markus 418: len = 2*strlen(cp);
419: blob = xmalloc(len);
420: n = uudecode(cp, blob, len);
1.6 markus 421: if (n < 0) {
1.7 markus 422: error("key_read: uudecode %s failed", cp);
1.34 ! markus 423: xfree(blob);
1.12 markus 424: return -1;
1.6 markus 425: }
1.12 markus 426: k = key_from_blob(blob, n);
1.34 ! markus 427: xfree(blob);
1.7 markus 428: if (k == NULL) {
1.12 markus 429: error("key_read: key_from_blob %s failed", cp);
430: return -1;
1.7 markus 431: }
1.12 markus 432: if (k->type != type) {
433: error("key_read: type mismatch: encoding error");
434: key_free(k);
435: return -1;
436: }
437: /*XXXX*/
438: if (ret->type == KEY_RSA) {
439: if (ret->rsa != NULL)
440: RSA_free(ret->rsa);
441: ret->rsa = k->rsa;
442: k->rsa = NULL;
443: success = 1;
444: #ifdef DEBUG_PK
445: RSA_print_fp(stderr, ret->rsa, 8);
446: #endif
447: } else {
448: if (ret->dsa != NULL)
449: DSA_free(ret->dsa);
450: ret->dsa = k->dsa;
451: k->dsa = NULL;
452: success = 1;
453: #ifdef DEBUG_PK
454: DSA_print_fp(stderr, ret->dsa, 8);
455: #endif
456: }
457: /*XXXX*/
1.34 ! markus 458: key_free(k);
1.12 markus 459: if (success != 1)
460: break;
1.7 markus 461: /* advance cp: skip whitespace and data */
462: while (*cp == ' ' || *cp == '\t')
463: cp++;
464: while (*cp != '\0' && *cp != ' ' && *cp != '\t')
465: cp++;
466: *cpp = cp;
1.1 markus 467: break;
468: default:
1.3 markus 469: fatal("key_read: bad key type: %d", ret->type);
1.1 markus 470: break;
471: }
1.12 markus 472: return success;
1.1 markus 473: }
474: int
475: key_write(Key *key, FILE *f)
476: {
477: int success = 0;
1.13 markus 478: u_int bits = 0;
1.1 markus 479:
1.12 markus 480: if (key->type == KEY_RSA1 && key->rsa != NULL) {
1.1 markus 481: /* size of modulus 'n' */
482: bits = BN_num_bits(key->rsa->n);
483: fprintf(f, "%u", bits);
484: if (write_bignum(f, key->rsa->e) &&
485: write_bignum(f, key->rsa->n)) {
486: success = 1;
487: } else {
488: error("key_write: failed for RSA key");
489: }
1.12 markus 490: } else if ((key->type == KEY_DSA && key->dsa != NULL) ||
491: (key->type == KEY_RSA && key->rsa != NULL)) {
1.3 markus 492: int len, n;
1.13 markus 493: u_char *blob, *uu;
1.12 markus 494: key_to_blob(key, &blob, &len);
1.3 markus 495: uu = xmalloc(2*len);
1.5 markus 496: n = uuencode(blob, len, uu, 2*len);
497: if (n > 0) {
1.12 markus 498: fprintf(f, "%s %s", key_ssh_name(key), uu);
1.5 markus 499: success = 1;
500: }
1.3 markus 501: xfree(blob);
502: xfree(uu);
1.1 markus 503: }
504: return success;
505: }
1.4 markus 506: char *
507: key_type(Key *k)
508: {
509: switch (k->type) {
1.12 markus 510: case KEY_RSA1:
511: return "RSA1";
512: break;
1.4 markus 513: case KEY_RSA:
514: return "RSA";
515: break;
516: case KEY_DSA:
517: return "DSA";
518: break;
519: }
520: return "unknown";
1.10 markus 521: }
1.12 markus 522: char *
523: key_ssh_name(Key *k)
524: {
525: switch (k->type) {
526: case KEY_RSA:
527: return "ssh-rsa";
528: break;
529: case KEY_DSA:
530: return "ssh-dss";
531: break;
532: }
533: return "ssh-unknown";
534: }
535: u_int
1.10 markus 536: key_size(Key *k){
537: switch (k->type) {
1.12 markus 538: case KEY_RSA1:
1.10 markus 539: case KEY_RSA:
540: return BN_num_bits(k->rsa->n);
541: break;
542: case KEY_DSA:
543: return BN_num_bits(k->dsa->p);
544: break;
545: }
546: return 0;
1.12 markus 547: }
548:
1.27 itojun 549: static RSA *
1.13 markus 550: rsa_generate_private_key(u_int bits)
1.12 markus 551: {
1.17 stevesk 552: RSA *private;
553: private = RSA_generate_key(bits, 35, NULL, NULL);
554: if (private == NULL)
555: fatal("rsa_generate_private_key: key generation failed.");
556: return private;
1.12 markus 557: }
558:
1.27 itojun 559: static DSA*
1.13 markus 560: dsa_generate_private_key(u_int bits)
1.12 markus 561: {
562: DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
563: if (private == NULL)
564: fatal("dsa_generate_private_key: DSA_generate_parameters failed");
565: if (!DSA_generate_key(private))
1.17 stevesk 566: fatal("dsa_generate_private_key: DSA_generate_key failed.");
567: if (private == NULL)
568: fatal("dsa_generate_private_key: NULL.");
1.12 markus 569: return private;
570: }
571:
572: Key *
1.13 markus 573: key_generate(int type, u_int bits)
1.12 markus 574: {
575: Key *k = key_new(KEY_UNSPEC);
576: switch (type) {
1.17 stevesk 577: case KEY_DSA:
1.12 markus 578: k->dsa = dsa_generate_private_key(bits);
579: break;
580: case KEY_RSA:
581: case KEY_RSA1:
582: k->rsa = rsa_generate_private_key(bits);
583: break;
584: default:
1.17 stevesk 585: fatal("key_generate: unknown type %d", type);
1.12 markus 586: }
1.17 stevesk 587: k->type = type;
1.12 markus 588: return k;
589: }
590:
591: Key *
592: key_from_private(Key *k)
593: {
594: Key *n = NULL;
595: switch (k->type) {
1.17 stevesk 596: case KEY_DSA:
1.12 markus 597: n = key_new(k->type);
598: BN_copy(n->dsa->p, k->dsa->p);
599: BN_copy(n->dsa->q, k->dsa->q);
600: BN_copy(n->dsa->g, k->dsa->g);
601: BN_copy(n->dsa->pub_key, k->dsa->pub_key);
602: break;
603: case KEY_RSA:
604: case KEY_RSA1:
605: n = key_new(k->type);
606: BN_copy(n->rsa->n, k->rsa->n);
607: BN_copy(n->rsa->e, k->rsa->e);
608: break;
609: default:
1.17 stevesk 610: fatal("key_from_private: unknown type %d", k->type);
1.12 markus 611: break;
612: }
613: return n;
614: }
615:
616: int
617: key_type_from_name(char *name)
618: {
619: if (strcmp(name, "rsa1") == 0){
620: return KEY_RSA1;
621: } else if (strcmp(name, "rsa") == 0){
622: return KEY_RSA;
623: } else if (strcmp(name, "dsa") == 0){
624: return KEY_DSA;
625: } else if (strcmp(name, "ssh-rsa") == 0){
626: return KEY_RSA;
627: } else if (strcmp(name, "ssh-dss") == 0){
628: return KEY_DSA;
629: }
1.18 markus 630: debug2("key_type_from_name: unknown key type '%s'", name);
1.12 markus 631: return KEY_UNSPEC;
1.25 markus 632: }
633:
634: int
635: key_names_valid2(const char *names)
636: {
637: char *s, *cp, *p;
638:
639: if (names == NULL || strcmp(names, "") == 0)
640: return 0;
641: s = cp = xstrdup(names);
642: for ((p = strsep(&cp, ",")); p && *p != '\0';
643: (p = strsep(&cp, ","))) {
644: switch (key_type_from_name(p)) {
645: case KEY_RSA1:
646: case KEY_UNSPEC:
647: xfree(s);
648: return 0;
649: }
650: }
651: debug3("key names ok: [%s]", names);
652: xfree(s);
653: return 1;
1.12 markus 654: }
655:
656: Key *
1.30 stevesk 657: key_from_blob(u_char *blob, int blen)
1.12 markus 658: {
659: Buffer b;
660: char *ktype;
661: int rlen, type;
662: Key *key = NULL;
663:
664: #ifdef DEBUG_PK
665: dump_base64(stderr, blob, blen);
666: #endif
667: buffer_init(&b);
668: buffer_append(&b, blob, blen);
669: ktype = buffer_get_string(&b, NULL);
670: type = key_type_from_name(ktype);
671:
672: switch(type){
673: case KEY_RSA:
674: key = key_new(type);
1.14 markus 675: buffer_get_bignum2(&b, key->rsa->e);
1.12 markus 676: buffer_get_bignum2(&b, key->rsa->n);
677: #ifdef DEBUG_PK
678: RSA_print_fp(stderr, key->rsa, 8);
679: #endif
680: break;
681: case KEY_DSA:
682: key = key_new(type);
683: buffer_get_bignum2(&b, key->dsa->p);
684: buffer_get_bignum2(&b, key->dsa->q);
685: buffer_get_bignum2(&b, key->dsa->g);
686: buffer_get_bignum2(&b, key->dsa->pub_key);
687: #ifdef DEBUG_PK
688: DSA_print_fp(stderr, key->dsa, 8);
689: #endif
690: break;
691: case KEY_UNSPEC:
692: key = key_new(type);
693: break;
694: default:
695: error("key_from_blob: cannot handle type %s", ktype);
696: break;
697: }
698: rlen = buffer_len(&b);
699: if (key != NULL && rlen != 0)
700: error("key_from_blob: remaining bytes in key blob %d", rlen);
701: xfree(ktype);
702: buffer_free(&b);
703: return key;
704: }
705:
706: int
1.13 markus 707: key_to_blob(Key *key, u_char **blobp, u_int *lenp)
1.12 markus 708: {
709: Buffer b;
710: int len;
1.13 markus 711: u_char *buf;
1.12 markus 712:
713: if (key == NULL) {
714: error("key_to_blob: key == NULL");
715: return 0;
716: }
717: buffer_init(&b);
718: switch(key->type){
719: case KEY_DSA:
720: buffer_put_cstring(&b, key_ssh_name(key));
721: buffer_put_bignum2(&b, key->dsa->p);
722: buffer_put_bignum2(&b, key->dsa->q);
723: buffer_put_bignum2(&b, key->dsa->g);
724: buffer_put_bignum2(&b, key->dsa->pub_key);
725: break;
726: case KEY_RSA:
727: buffer_put_cstring(&b, key_ssh_name(key));
1.14 markus 728: buffer_put_bignum2(&b, key->rsa->e);
1.12 markus 729: buffer_put_bignum2(&b, key->rsa->n);
730: break;
731: default:
1.31 markus 732: error("key_to_blob: unsupported key type %d", key->type);
733: buffer_free(&b);
734: return 0;
1.12 markus 735: }
736: len = buffer_len(&b);
737: buf = xmalloc(len);
738: memcpy(buf, buffer_ptr(&b), len);
739: memset(buffer_ptr(&b), 0, len);
740: buffer_free(&b);
741: if (lenp != NULL)
742: *lenp = len;
743: if (blobp != NULL)
744: *blobp = buf;
745: return len;
746: }
747:
748: int
749: key_sign(
750: Key *key,
1.13 markus 751: u_char **sigp, int *lenp,
752: u_char *data, int datalen)
1.12 markus 753: {
754: switch(key->type){
755: case KEY_DSA:
756: return ssh_dss_sign(key, sigp, lenp, data, datalen);
757: break;
758: case KEY_RSA:
759: return ssh_rsa_sign(key, sigp, lenp, data, datalen);
760: break;
761: default:
762: error("key_sign: illegal key type %d", key->type);
763: return -1;
764: break;
765: }
766: }
767:
768: int
769: key_verify(
770: Key *key,
1.13 markus 771: u_char *signature, int signaturelen,
772: u_char *data, int datalen)
1.12 markus 773: {
1.26 markus 774: if (signaturelen == 0)
775: return -1;
776:
1.12 markus 777: switch(key->type){
778: case KEY_DSA:
779: return ssh_dss_verify(key, signature, signaturelen, data, datalen);
780: break;
781: case KEY_RSA:
782: return ssh_rsa_verify(key, signature, signaturelen, data, datalen);
783: break;
784: default:
785: error("key_verify: illegal key type %d", key->type);
786: return -1;
787: break;
788: }
1.4 markus 789: }