Annotation of src/usr.bin/ssh/key.c, Revision 1.35
1.1 markus 1: /*
1.11 deraadt 2: * read_bignum():
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: *
5: * As far as I am concerned, the code I have written for this software
6: * can be used freely for any purpose. Any derived versions of this
7: * software must be clearly marked as such, and if the derived work is
8: * incompatible with the protocol description in the RFC file, it must be
9: * called by a name other than "ssh" or "Secure Shell".
10: *
11: *
1.28 markus 12: * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
1.1 markus 13: *
14: * Redistribution and use in source and binary forms, with or without
15: * modification, are permitted provided that the following conditions
16: * are met:
17: * 1. Redistributions of source code must retain the above copyright
18: * notice, this list of conditions and the following disclaimer.
19: * 2. Redistributions in binary form must reproduce the above copyright
20: * notice, this list of conditions and the following disclaimer in the
21: * documentation and/or other materials provided with the distribution.
22: *
23: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33: */
1.15 markus 34: #include "includes.h"
1.35 ! deraadt 35: RCSID("$OpenBSD: key.c,v 1.34 2001/11/21 15:51:24 markus Exp $");
1.1 markus 36:
1.2 markus 37: #include <openssl/evp.h>
1.15 markus 38:
1.1 markus 39: #include "xmalloc.h"
40: #include "key.h"
1.12 markus 41: #include "rsa.h"
42: #include "ssh-dss.h"
43: #include "ssh-rsa.h"
1.3 markus 44: #include "uuencode.h"
1.12 markus 45: #include "buffer.h"
46: #include "bufaux.h"
1.15 markus 47: #include "log.h"
1.1 markus 48:
49: Key *
50: key_new(int type)
51: {
52: Key *k;
53: RSA *rsa;
54: DSA *dsa;
55: k = xmalloc(sizeof(*k));
56: k->type = type;
1.29 markus 57: k->flags = 0;
1.3 markus 58: k->dsa = NULL;
59: k->rsa = NULL;
1.1 markus 60: switch (k->type) {
1.12 markus 61: case KEY_RSA1:
1.1 markus 62: case KEY_RSA:
63: rsa = RSA_new();
64: rsa->n = BN_new();
65: rsa->e = BN_new();
66: k->rsa = rsa;
67: break;
68: case KEY_DSA:
69: dsa = DSA_new();
70: dsa->p = BN_new();
71: dsa->q = BN_new();
72: dsa->g = BN_new();
73: dsa->pub_key = BN_new();
74: k->dsa = dsa;
75: break;
1.12 markus 76: case KEY_UNSPEC:
1.1 markus 77: break;
78: default:
79: fatal("key_new: bad key type %d", k->type);
80: break;
81: }
82: return k;
83: }
1.12 markus 84: Key *
85: key_new_private(int type)
86: {
87: Key *k = key_new(type);
88: switch (k->type) {
89: case KEY_RSA1:
90: case KEY_RSA:
91: k->rsa->d = BN_new();
92: k->rsa->iqmp = BN_new();
93: k->rsa->q = BN_new();
94: k->rsa->p = BN_new();
95: k->rsa->dmq1 = BN_new();
96: k->rsa->dmp1 = BN_new();
97: break;
98: case KEY_DSA:
99: k->dsa->priv_key = BN_new();
100: break;
101: case KEY_UNSPEC:
102: break;
103: default:
104: break;
105: }
106: return k;
107: }
1.1 markus 108: void
109: key_free(Key *k)
110: {
111: switch (k->type) {
1.12 markus 112: case KEY_RSA1:
1.1 markus 113: case KEY_RSA:
114: if (k->rsa != NULL)
115: RSA_free(k->rsa);
116: k->rsa = NULL;
117: break;
118: case KEY_DSA:
119: if (k->dsa != NULL)
120: DSA_free(k->dsa);
121: k->dsa = NULL;
122: break;
1.12 markus 123: case KEY_UNSPEC:
124: break;
1.1 markus 125: default:
126: fatal("key_free: bad key type %d", k->type);
127: break;
128: }
129: xfree(k);
130: }
131: int
132: key_equal(Key *a, Key *b)
133: {
134: if (a == NULL || b == NULL || a->type != b->type)
135: return 0;
136: switch (a->type) {
1.12 markus 137: case KEY_RSA1:
1.1 markus 138: case KEY_RSA:
139: return a->rsa != NULL && b->rsa != NULL &&
140: BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
141: BN_cmp(a->rsa->n, b->rsa->n) == 0;
142: break;
143: case KEY_DSA:
144: return a->dsa != NULL && b->dsa != NULL &&
145: BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
146: BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
147: BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
148: BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
149: break;
150: default:
1.3 markus 151: fatal("key_equal: bad key type %d", a->type);
1.1 markus 152: break;
153: }
154: return 0;
155: }
156:
1.27 itojun 157: static u_char*
1.19 jakob 158: key_fingerprint_raw(Key *k, enum fp_type dgst_type, size_t *dgst_raw_length)
1.1 markus 159: {
1.21 markus 160: EVP_MD *md = NULL;
161: EVP_MD_CTX ctx;
1.13 markus 162: u_char *blob = NULL;
1.19 jakob 163: u_char *retval = NULL;
1.1 markus 164: int len = 0;
1.3 markus 165: int nlen, elen;
1.1 markus 166:
1.19 jakob 167: *dgst_raw_length = 0;
168:
1.21 markus 169: switch (dgst_type) {
170: case SSH_FP_MD5:
171: md = EVP_md5();
172: break;
173: case SSH_FP_SHA1:
174: md = EVP_sha1();
175: break;
176: default:
177: fatal("key_fingerprint_raw: bad digest type %d",
178: dgst_type);
179: }
1.1 markus 180: switch (k->type) {
1.12 markus 181: case KEY_RSA1:
1.1 markus 182: nlen = BN_num_bytes(k->rsa->n);
183: elen = BN_num_bytes(k->rsa->e);
184: len = nlen + elen;
1.3 markus 185: blob = xmalloc(len);
186: BN_bn2bin(k->rsa->n, blob);
187: BN_bn2bin(k->rsa->e, blob + nlen);
1.1 markus 188: break;
189: case KEY_DSA:
1.12 markus 190: case KEY_RSA:
191: key_to_blob(k, &blob, &len);
192: break;
193: case KEY_UNSPEC:
194: return retval;
1.1 markus 195: break;
196: default:
1.19 jakob 197: fatal("key_fingerprint_raw: bad key type %d", k->type);
1.1 markus 198: break;
199: }
1.3 markus 200: if (blob != NULL) {
1.19 jakob 201: retval = xmalloc(EVP_MAX_MD_SIZE);
1.8 markus 202: EVP_DigestInit(&ctx, md);
203: EVP_DigestUpdate(&ctx, blob, len);
1.19 jakob 204: EVP_DigestFinal(&ctx, retval, NULL);
205: *dgst_raw_length = md->md_size;
1.3 markus 206: memset(blob, 0, len);
207: xfree(blob);
1.19 jakob 208: } else {
209: fatal("key_fingerprint_raw: blob is null");
1.1 markus 210: }
1.19 jakob 211: return retval;
212: }
213:
1.27 itojun 214: static char*
1.23 markus 215: key_fingerprint_hex(u_char* dgst_raw, size_t dgst_raw_len)
1.19 jakob 216: {
217: char *retval;
218: int i;
219:
1.24 deraadt 220: retval = xmalloc(dgst_raw_len * 3 + 1);
1.19 jakob 221: retval[0] = '\0';
222: for(i = 0; i < dgst_raw_len; i++) {
223: char hex[4];
224: snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
225: strlcat(retval, hex, dgst_raw_len * 3);
226: }
227: retval[(dgst_raw_len * 3) - 1] = '\0';
228: return retval;
229: }
230:
1.27 itojun 231: static char*
1.23 markus 232: key_fingerprint_bubblebabble(u_char* dgst_raw, size_t dgst_raw_len)
1.19 jakob 233: {
234: char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' };
235: char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm',
236: 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' };
1.20 jakob 237: u_int i, j = 0, rounds, seed = 1;
1.19 jakob 238: char *retval;
239:
240: rounds = (dgst_raw_len / 2) + 1;
241: retval = xmalloc(sizeof(char) * (rounds*6));
1.20 jakob 242: retval[j++] = 'x';
243: for (i = 0; i < rounds; i++) {
1.19 jakob 244: u_int idx0, idx1, idx2, idx3, idx4;
1.20 jakob 245: if ((i + 1 < rounds) || (dgst_raw_len % 2 != 0)) {
246: idx0 = (((((u_int)(dgst_raw[2 * i])) >> 6) & 3) +
1.19 jakob 247: seed) % 6;
1.20 jakob 248: idx1 = (((u_int)(dgst_raw[2 * i])) >> 2) & 15;
249: idx2 = ((((u_int)(dgst_raw[2 * i])) & 3) +
1.19 jakob 250: (seed / 6)) % 6;
1.20 jakob 251: retval[j++] = vowels[idx0];
252: retval[j++] = consonants[idx1];
253: retval[j++] = vowels[idx2];
254: if ((i + 1) < rounds) {
255: idx3 = (((u_int)(dgst_raw[(2 * i) + 1])) >> 4) & 15;
256: idx4 = (((u_int)(dgst_raw[(2 * i) + 1]))) & 15;
257: retval[j++] = consonants[idx3];
258: retval[j++] = '-';
259: retval[j++] = consonants[idx4];
1.19 jakob 260: seed = ((seed * 5) +
1.20 jakob 261: ((((u_int)(dgst_raw[2 * i])) * 7) +
262: ((u_int)(dgst_raw[(2 * i) + 1])))) % 36;
1.19 jakob 263: }
264: } else {
265: idx0 = seed % 6;
266: idx1 = 16;
267: idx2 = seed / 6;
1.20 jakob 268: retval[j++] = vowels[idx0];
269: retval[j++] = consonants[idx1];
270: retval[j++] = vowels[idx2];
1.19 jakob 271: }
272: }
1.20 jakob 273: retval[j++] = 'x';
274: retval[j++] = '\0';
1.19 jakob 275: return retval;
276: }
277:
278: char*
1.22 markus 279: key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
1.19 jakob 280: {
1.23 markus 281: char *retval = NULL;
1.19 jakob 282: u_char *dgst_raw;
1.23 markus 283: size_t dgst_raw_len;
1.19 jakob 284:
285: dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len);
286: if (!dgst_raw)
1.22 markus 287: fatal("key_fingerprint: null from key_fingerprint_raw()");
1.35 ! deraadt 288: switch (dgst_rep) {
1.19 jakob 289: case SSH_FP_HEX:
290: retval = key_fingerprint_hex(dgst_raw, dgst_raw_len);
291: break;
292: case SSH_FP_BUBBLEBABBLE:
293: retval = key_fingerprint_bubblebabble(dgst_raw, dgst_raw_len);
294: break;
295: default:
296: fatal("key_fingerprint_ex: bad digest representation %d",
297: dgst_rep);
298: break;
299: }
300: memset(dgst_raw, 0, dgst_raw_len);
301: xfree(dgst_raw);
1.1 markus 302: return retval;
303: }
304:
305: /*
306: * Reads a multiple-precision integer in decimal from the buffer, and advances
307: * the pointer. The integer must already be initialized. This function is
308: * permitted to modify the buffer. This leaves *cpp to point just beyond the
309: * last processed (and maybe modified) character. Note that this may modify
310: * the buffer containing the number.
311: */
1.27 itojun 312: static int
1.1 markus 313: read_bignum(char **cpp, BIGNUM * value)
314: {
315: char *cp = *cpp;
316: int old;
317:
318: /* Skip any leading whitespace. */
319: for (; *cp == ' ' || *cp == '\t'; cp++)
320: ;
321:
322: /* Check that it begins with a decimal digit. */
323: if (*cp < '0' || *cp > '9')
324: return 0;
325:
326: /* Save starting position. */
327: *cpp = cp;
328:
329: /* Move forward until all decimal digits skipped. */
330: for (; *cp >= '0' && *cp <= '9'; cp++)
331: ;
332:
333: /* Save the old terminating character, and replace it by \0. */
334: old = *cp;
335: *cp = 0;
336:
337: /* Parse the number. */
338: if (BN_dec2bn(&value, *cpp) == 0)
339: return 0;
340:
341: /* Restore old terminating character. */
342: *cp = old;
343:
344: /* Move beyond the number and return success. */
345: *cpp = cp;
346: return 1;
347: }
1.27 itojun 348: static int
1.1 markus 349: write_bignum(FILE *f, BIGNUM *num)
350: {
351: char *buf = BN_bn2dec(num);
352: if (buf == NULL) {
353: error("write_bignum: BN_bn2dec() failed");
354: return 0;
355: }
356: fprintf(f, " %s", buf);
1.33 markus 357: OPENSSL_free(buf);
1.1 markus 358: return 1;
359: }
1.12 markus 360:
1.32 markus 361: /* returns 1 ok, -1 error */
1.12 markus 362: int
1.3 markus 363: key_read(Key *ret, char **cpp)
1.1 markus 364: {
1.3 markus 365: Key *k;
1.12 markus 366: int success = -1;
367: char *cp, *space;
368: int len, n, type;
369: u_int bits;
1.13 markus 370: u_char *blob;
1.3 markus 371:
372: cp = *cpp;
373:
1.35 ! deraadt 374: switch (ret->type) {
1.12 markus 375: case KEY_RSA1:
1.3 markus 376: /* Get number of bits. */
377: if (*cp < '0' || *cp > '9')
1.12 markus 378: return -1; /* Bad bit count... */
1.3 markus 379: for (bits = 0; *cp >= '0' && *cp <= '9'; cp++)
380: bits = 10 * bits + *cp - '0';
1.1 markus 381: if (bits == 0)
1.12 markus 382: return -1;
1.3 markus 383: *cpp = cp;
1.1 markus 384: /* Get public exponent, public modulus. */
385: if (!read_bignum(cpp, ret->rsa->e))
1.12 markus 386: return -1;
1.1 markus 387: if (!read_bignum(cpp, ret->rsa->n))
1.12 markus 388: return -1;
389: success = 1;
1.1 markus 390: break;
1.12 markus 391: case KEY_UNSPEC:
392: case KEY_RSA:
1.1 markus 393: case KEY_DSA:
1.12 markus 394: space = strchr(cp, ' ');
395: if (space == NULL) {
396: debug3("key_read: no space");
397: return -1;
398: }
399: *space = '\0';
400: type = key_type_from_name(cp);
401: *space = ' ';
402: if (type == KEY_UNSPEC) {
403: debug3("key_read: no key found");
404: return -1;
405: }
406: cp = space+1;
407: if (*cp == '\0') {
408: debug3("key_read: short string");
409: return -1;
410: }
411: if (ret->type == KEY_UNSPEC) {
412: ret->type = type;
413: } else if (ret->type != type) {
414: /* is a key, but different type */
415: debug3("key_read: type mismatch");
1.32 markus 416: return -1;
1.12 markus 417: }
1.3 markus 418: len = 2*strlen(cp);
419: blob = xmalloc(len);
420: n = uudecode(cp, blob, len);
1.6 markus 421: if (n < 0) {
1.7 markus 422: error("key_read: uudecode %s failed", cp);
1.34 markus 423: xfree(blob);
1.12 markus 424: return -1;
1.6 markus 425: }
1.12 markus 426: k = key_from_blob(blob, n);
1.34 markus 427: xfree(blob);
1.7 markus 428: if (k == NULL) {
1.12 markus 429: error("key_read: key_from_blob %s failed", cp);
430: return -1;
1.7 markus 431: }
1.12 markus 432: if (k->type != type) {
433: error("key_read: type mismatch: encoding error");
434: key_free(k);
435: return -1;
436: }
437: /*XXXX*/
438: if (ret->type == KEY_RSA) {
439: if (ret->rsa != NULL)
440: RSA_free(ret->rsa);
441: ret->rsa = k->rsa;
442: k->rsa = NULL;
443: success = 1;
444: #ifdef DEBUG_PK
445: RSA_print_fp(stderr, ret->rsa, 8);
446: #endif
447: } else {
448: if (ret->dsa != NULL)
449: DSA_free(ret->dsa);
450: ret->dsa = k->dsa;
451: k->dsa = NULL;
452: success = 1;
453: #ifdef DEBUG_PK
454: DSA_print_fp(stderr, ret->dsa, 8);
455: #endif
456: }
457: /*XXXX*/
1.34 markus 458: key_free(k);
1.12 markus 459: if (success != 1)
460: break;
1.7 markus 461: /* advance cp: skip whitespace and data */
462: while (*cp == ' ' || *cp == '\t')
463: cp++;
464: while (*cp != '\0' && *cp != ' ' && *cp != '\t')
465: cp++;
466: *cpp = cp;
1.1 markus 467: break;
468: default:
1.3 markus 469: fatal("key_read: bad key type: %d", ret->type);
1.1 markus 470: break;
471: }
1.12 markus 472: return success;
1.1 markus 473: }
474: int
475: key_write(Key *key, FILE *f)
476: {
477: int success = 0;
1.13 markus 478: u_int bits = 0;
1.1 markus 479:
1.12 markus 480: if (key->type == KEY_RSA1 && key->rsa != NULL) {
1.1 markus 481: /* size of modulus 'n' */
482: bits = BN_num_bits(key->rsa->n);
483: fprintf(f, "%u", bits);
484: if (write_bignum(f, key->rsa->e) &&
485: write_bignum(f, key->rsa->n)) {
486: success = 1;
487: } else {
488: error("key_write: failed for RSA key");
489: }
1.12 markus 490: } else if ((key->type == KEY_DSA && key->dsa != NULL) ||
491: (key->type == KEY_RSA && key->rsa != NULL)) {
1.3 markus 492: int len, n;
1.13 markus 493: u_char *blob, *uu;
1.12 markus 494: key_to_blob(key, &blob, &len);
1.3 markus 495: uu = xmalloc(2*len);
1.5 markus 496: n = uuencode(blob, len, uu, 2*len);
497: if (n > 0) {
1.12 markus 498: fprintf(f, "%s %s", key_ssh_name(key), uu);
1.5 markus 499: success = 1;
500: }
1.3 markus 501: xfree(blob);
502: xfree(uu);
1.1 markus 503: }
504: return success;
505: }
1.4 markus 506: char *
507: key_type(Key *k)
508: {
509: switch (k->type) {
1.12 markus 510: case KEY_RSA1:
511: return "RSA1";
512: break;
1.4 markus 513: case KEY_RSA:
514: return "RSA";
515: break;
516: case KEY_DSA:
517: return "DSA";
518: break;
519: }
520: return "unknown";
1.10 markus 521: }
1.12 markus 522: char *
523: key_ssh_name(Key *k)
524: {
525: switch (k->type) {
526: case KEY_RSA:
527: return "ssh-rsa";
528: break;
529: case KEY_DSA:
530: return "ssh-dss";
531: break;
532: }
533: return "ssh-unknown";
534: }
535: u_int
1.35 ! deraadt 536: key_size(Key *k)
! 537: {
1.10 markus 538: switch (k->type) {
1.12 markus 539: case KEY_RSA1:
1.10 markus 540: case KEY_RSA:
541: return BN_num_bits(k->rsa->n);
542: break;
543: case KEY_DSA:
544: return BN_num_bits(k->dsa->p);
545: break;
546: }
547: return 0;
1.12 markus 548: }
549:
1.27 itojun 550: static RSA *
1.13 markus 551: rsa_generate_private_key(u_int bits)
1.12 markus 552: {
1.17 stevesk 553: RSA *private;
554: private = RSA_generate_key(bits, 35, NULL, NULL);
555: if (private == NULL)
556: fatal("rsa_generate_private_key: key generation failed.");
557: return private;
1.12 markus 558: }
559:
1.27 itojun 560: static DSA*
1.13 markus 561: dsa_generate_private_key(u_int bits)
1.12 markus 562: {
563: DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
564: if (private == NULL)
565: fatal("dsa_generate_private_key: DSA_generate_parameters failed");
566: if (!DSA_generate_key(private))
1.17 stevesk 567: fatal("dsa_generate_private_key: DSA_generate_key failed.");
568: if (private == NULL)
569: fatal("dsa_generate_private_key: NULL.");
1.12 markus 570: return private;
571: }
572:
573: Key *
1.13 markus 574: key_generate(int type, u_int bits)
1.12 markus 575: {
576: Key *k = key_new(KEY_UNSPEC);
577: switch (type) {
1.17 stevesk 578: case KEY_DSA:
1.12 markus 579: k->dsa = dsa_generate_private_key(bits);
580: break;
581: case KEY_RSA:
582: case KEY_RSA1:
583: k->rsa = rsa_generate_private_key(bits);
584: break;
585: default:
1.17 stevesk 586: fatal("key_generate: unknown type %d", type);
1.12 markus 587: }
1.17 stevesk 588: k->type = type;
1.12 markus 589: return k;
590: }
591:
592: Key *
593: key_from_private(Key *k)
594: {
595: Key *n = NULL;
596: switch (k->type) {
1.17 stevesk 597: case KEY_DSA:
1.12 markus 598: n = key_new(k->type);
599: BN_copy(n->dsa->p, k->dsa->p);
600: BN_copy(n->dsa->q, k->dsa->q);
601: BN_copy(n->dsa->g, k->dsa->g);
602: BN_copy(n->dsa->pub_key, k->dsa->pub_key);
603: break;
604: case KEY_RSA:
605: case KEY_RSA1:
606: n = key_new(k->type);
607: BN_copy(n->rsa->n, k->rsa->n);
608: BN_copy(n->rsa->e, k->rsa->e);
609: break;
610: default:
1.17 stevesk 611: fatal("key_from_private: unknown type %d", k->type);
1.12 markus 612: break;
613: }
614: return n;
615: }
616:
617: int
618: key_type_from_name(char *name)
619: {
1.35 ! deraadt 620: if (strcmp(name, "rsa1") == 0) {
1.12 markus 621: return KEY_RSA1;
1.35 ! deraadt 622: } else if (strcmp(name, "rsa") == 0) {
1.12 markus 623: return KEY_RSA;
1.35 ! deraadt 624: } else if (strcmp(name, "dsa") == 0) {
1.12 markus 625: return KEY_DSA;
1.35 ! deraadt 626: } else if (strcmp(name, "ssh-rsa") == 0) {
1.12 markus 627: return KEY_RSA;
1.35 ! deraadt 628: } else if (strcmp(name, "ssh-dss") == 0) {
1.12 markus 629: return KEY_DSA;
630: }
1.18 markus 631: debug2("key_type_from_name: unknown key type '%s'", name);
1.12 markus 632: return KEY_UNSPEC;
1.25 markus 633: }
634:
635: int
636: key_names_valid2(const char *names)
637: {
638: char *s, *cp, *p;
639:
640: if (names == NULL || strcmp(names, "") == 0)
641: return 0;
642: s = cp = xstrdup(names);
643: for ((p = strsep(&cp, ",")); p && *p != '\0';
644: (p = strsep(&cp, ","))) {
645: switch (key_type_from_name(p)) {
646: case KEY_RSA1:
647: case KEY_UNSPEC:
648: xfree(s);
649: return 0;
650: }
651: }
652: debug3("key names ok: [%s]", names);
653: xfree(s);
654: return 1;
1.12 markus 655: }
656:
657: Key *
1.30 stevesk 658: key_from_blob(u_char *blob, int blen)
1.12 markus 659: {
660: Buffer b;
661: char *ktype;
662: int rlen, type;
663: Key *key = NULL;
664:
665: #ifdef DEBUG_PK
666: dump_base64(stderr, blob, blen);
667: #endif
668: buffer_init(&b);
669: buffer_append(&b, blob, blen);
670: ktype = buffer_get_string(&b, NULL);
671: type = key_type_from_name(ktype);
672:
1.35 ! deraadt 673: switch (type) {
1.12 markus 674: case KEY_RSA:
675: key = key_new(type);
1.14 markus 676: buffer_get_bignum2(&b, key->rsa->e);
1.12 markus 677: buffer_get_bignum2(&b, key->rsa->n);
678: #ifdef DEBUG_PK
679: RSA_print_fp(stderr, key->rsa, 8);
680: #endif
681: break;
682: case KEY_DSA:
683: key = key_new(type);
684: buffer_get_bignum2(&b, key->dsa->p);
685: buffer_get_bignum2(&b, key->dsa->q);
686: buffer_get_bignum2(&b, key->dsa->g);
687: buffer_get_bignum2(&b, key->dsa->pub_key);
688: #ifdef DEBUG_PK
689: DSA_print_fp(stderr, key->dsa, 8);
690: #endif
691: break;
692: case KEY_UNSPEC:
693: key = key_new(type);
694: break;
695: default:
696: error("key_from_blob: cannot handle type %s", ktype);
697: break;
698: }
699: rlen = buffer_len(&b);
700: if (key != NULL && rlen != 0)
701: error("key_from_blob: remaining bytes in key blob %d", rlen);
702: xfree(ktype);
703: buffer_free(&b);
704: return key;
705: }
706:
707: int
1.13 markus 708: key_to_blob(Key *key, u_char **blobp, u_int *lenp)
1.12 markus 709: {
710: Buffer b;
711: int len;
1.13 markus 712: u_char *buf;
1.12 markus 713:
714: if (key == NULL) {
715: error("key_to_blob: key == NULL");
716: return 0;
717: }
718: buffer_init(&b);
1.35 ! deraadt 719: switch (key->type) {
1.12 markus 720: case KEY_DSA:
721: buffer_put_cstring(&b, key_ssh_name(key));
722: buffer_put_bignum2(&b, key->dsa->p);
723: buffer_put_bignum2(&b, key->dsa->q);
724: buffer_put_bignum2(&b, key->dsa->g);
725: buffer_put_bignum2(&b, key->dsa->pub_key);
726: break;
727: case KEY_RSA:
728: buffer_put_cstring(&b, key_ssh_name(key));
1.14 markus 729: buffer_put_bignum2(&b, key->rsa->e);
1.12 markus 730: buffer_put_bignum2(&b, key->rsa->n);
731: break;
732: default:
1.31 markus 733: error("key_to_blob: unsupported key type %d", key->type);
734: buffer_free(&b);
735: return 0;
1.12 markus 736: }
737: len = buffer_len(&b);
738: buf = xmalloc(len);
739: memcpy(buf, buffer_ptr(&b), len);
740: memset(buffer_ptr(&b), 0, len);
741: buffer_free(&b);
742: if (lenp != NULL)
743: *lenp = len;
744: if (blobp != NULL)
745: *blobp = buf;
746: return len;
747: }
748:
749: int
750: key_sign(
751: Key *key,
1.13 markus 752: u_char **sigp, int *lenp,
753: u_char *data, int datalen)
1.12 markus 754: {
1.35 ! deraadt 755: switch (key->type) {
1.12 markus 756: case KEY_DSA:
757: return ssh_dss_sign(key, sigp, lenp, data, datalen);
758: break;
759: case KEY_RSA:
760: return ssh_rsa_sign(key, sigp, lenp, data, datalen);
761: break;
762: default:
763: error("key_sign: illegal key type %d", key->type);
764: return -1;
765: break;
766: }
767: }
768:
769: int
770: key_verify(
771: Key *key,
1.13 markus 772: u_char *signature, int signaturelen,
773: u_char *data, int datalen)
1.12 markus 774: {
1.26 markus 775: if (signaturelen == 0)
776: return -1;
777:
1.35 ! deraadt 778: switch (key->type) {
1.12 markus 779: case KEY_DSA:
780: return ssh_dss_verify(key, signature, signaturelen, data, datalen);
781: break;
782: case KEY_RSA:
783: return ssh_rsa_verify(key, signature, signaturelen, data, datalen);
784: break;
785: default:
786: error("key_verify: illegal key type %d", key->type);
787: return -1;
788: break;
789: }
1.4 markus 790: }