version 1.177, 2013/07/20 01:50:20 |
version 1.178, 2013/12/06 13:30:08 |
|
|
Idtab *tab = idtab_lookup(version); |
Idtab *tab = idtab_lookup(version); |
Identity *id; |
Identity *id; |
int type, success = 0, confirm = 0; |
int type, success = 0, confirm = 0; |
char *type_name, *comment, *curve; |
char *comment; |
time_t death = 0; |
time_t death = 0; |
Key *k = NULL; |
Key *k = NULL; |
BIGNUM *exponent; |
|
EC_POINT *q; |
|
u_char *cert; |
|
u_int len; |
|
|
|
switch (version) { |
switch (version) { |
case 1: |
case 1: |
|
|
|
|
/* Generate additional parameters */ |
/* Generate additional parameters */ |
rsa_generate_additional_parameters(k->rsa); |
rsa_generate_additional_parameters(k->rsa); |
break; |
|
case 2: |
|
type_name = buffer_get_string(&e->request, NULL); |
|
type = key_type_from_name(type_name); |
|
switch (type) { |
|
case KEY_DSA: |
|
k = key_new_private(type); |
|
buffer_get_bignum2(&e->request, k->dsa->p); |
|
buffer_get_bignum2(&e->request, k->dsa->q); |
|
buffer_get_bignum2(&e->request, k->dsa->g); |
|
buffer_get_bignum2(&e->request, k->dsa->pub_key); |
|
buffer_get_bignum2(&e->request, k->dsa->priv_key); |
|
break; |
|
case KEY_DSA_CERT_V00: |
|
case KEY_DSA_CERT: |
|
cert = buffer_get_string(&e->request, &len); |
|
if ((k = key_from_blob(cert, len)) == NULL) |
|
fatal("Certificate parse failed"); |
|
free(cert); |
|
key_add_private(k); |
|
buffer_get_bignum2(&e->request, k->dsa->priv_key); |
|
break; |
|
case KEY_ECDSA: |
|
k = key_new_private(type); |
|
k->ecdsa_nid = key_ecdsa_nid_from_name(type_name); |
|
curve = buffer_get_string(&e->request, NULL); |
|
if (k->ecdsa_nid != key_curve_name_to_nid(curve)) |
|
fatal("%s: curve names mismatch", __func__); |
|
free(curve); |
|
k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); |
|
if (k->ecdsa == NULL) |
|
fatal("%s: EC_KEY_new_by_curve_name failed", |
|
__func__); |
|
q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa)); |
|
if (q == NULL) |
|
fatal("%s: BN_new failed", __func__); |
|
if ((exponent = BN_new()) == NULL) |
|
fatal("%s: BN_new failed", __func__); |
|
buffer_get_ecpoint(&e->request, |
|
EC_KEY_get0_group(k->ecdsa), q); |
|
buffer_get_bignum2(&e->request, exponent); |
|
if (EC_KEY_set_public_key(k->ecdsa, q) != 1) |
|
fatal("%s: EC_KEY_set_public_key failed", |
|
__func__); |
|
if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) |
|
fatal("%s: EC_KEY_set_private_key failed", |
|
__func__); |
|
if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), |
|
EC_KEY_get0_public_key(k->ecdsa)) != 0) |
|
fatal("%s: bad ECDSA public key", __func__); |
|
if (key_ec_validate_private(k->ecdsa) != 0) |
|
fatal("%s: bad ECDSA private key", __func__); |
|
BN_clear_free(exponent); |
|
EC_POINT_free(q); |
|
break; |
|
case KEY_ECDSA_CERT: |
|
cert = buffer_get_string(&e->request, &len); |
|
if ((k = key_from_blob(cert, len)) == NULL) |
|
fatal("Certificate parse failed"); |
|
free(cert); |
|
key_add_private(k); |
|
if ((exponent = BN_new()) == NULL) |
|
fatal("%s: BN_new failed", __func__); |
|
buffer_get_bignum2(&e->request, exponent); |
|
if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) |
|
fatal("%s: EC_KEY_set_private_key failed", |
|
__func__); |
|
if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), |
|
EC_KEY_get0_public_key(k->ecdsa)) != 0 || |
|
key_ec_validate_private(k->ecdsa) != 0) |
|
fatal("%s: bad ECDSA key", __func__); |
|
BN_clear_free(exponent); |
|
break; |
|
case KEY_RSA: |
|
k = key_new_private(type); |
|
buffer_get_bignum2(&e->request, k->rsa->n); |
|
buffer_get_bignum2(&e->request, k->rsa->e); |
|
buffer_get_bignum2(&e->request, k->rsa->d); |
|
buffer_get_bignum2(&e->request, k->rsa->iqmp); |
|
buffer_get_bignum2(&e->request, k->rsa->p); |
|
buffer_get_bignum2(&e->request, k->rsa->q); |
|
|
|
/* Generate additional parameters */ |
/* enable blinding */ |
rsa_generate_additional_parameters(k->rsa); |
|
break; |
|
case KEY_RSA_CERT_V00: |
|
case KEY_RSA_CERT: |
|
cert = buffer_get_string(&e->request, &len); |
|
if ((k = key_from_blob(cert, len)) == NULL) |
|
fatal("Certificate parse failed"); |
|
free(cert); |
|
key_add_private(k); |
|
buffer_get_bignum2(&e->request, k->rsa->d); |
|
buffer_get_bignum2(&e->request, k->rsa->iqmp); |
|
buffer_get_bignum2(&e->request, k->rsa->p); |
|
buffer_get_bignum2(&e->request, k->rsa->q); |
|
break; |
|
default: |
|
free(type_name); |
|
buffer_clear(&e->request); |
|
goto send; |
|
} |
|
free(type_name); |
|
break; |
|
} |
|
/* enable blinding */ |
|
switch (k->type) { |
|
case KEY_RSA: |
|
case KEY_RSA_CERT_V00: |
|
case KEY_RSA_CERT: |
|
case KEY_RSA1: |
|
if (RSA_blinding_on(k->rsa, NULL) != 1) { |
if (RSA_blinding_on(k->rsa, NULL) != 1) { |
error("process_add_identity: RSA_blinding_on failed"); |
error("process_add_identity: RSA_blinding_on failed"); |
key_free(k); |
key_free(k); |
|
goto send; |
|
} |
|
break; |
|
case 2: |
|
k = key_private_deserialize(&e->request); |
|
if (k == NULL) { |
|
buffer_clear(&e->request); |
goto send; |
goto send; |
} |
} |
break; |
break; |