version 1.38, 2000/11/12 19:03:28 |
version 1.39, 2000/11/12 19:50:38 |
|
|
#include <openssl/rsa.h> |
#include <openssl/rsa.h> |
#include "key.h" |
#include "key.h" |
#include "authfd.h" |
#include "authfd.h" |
#include "dsa.h" |
|
#include "kex.h" |
#include "kex.h" |
#include "compat.h" |
#include "compat.h" |
|
|
|
|
buffer_put_int(&msg, tab->nentries); |
buffer_put_int(&msg, tab->nentries); |
for (i = 0; i < tab->nentries; i++) { |
for (i = 0; i < tab->nentries; i++) { |
Identity *id = &tab->identities[i]; |
Identity *id = &tab->identities[i]; |
if (id->key->type == KEY_RSA) { |
if (id->key->type == KEY_RSA1) { |
buffer_put_int(&msg, BN_num_bits(id->key->rsa->n)); |
buffer_put_int(&msg, BN_num_bits(id->key->rsa->n)); |
buffer_put_bignum(&msg, id->key->rsa->e); |
buffer_put_bignum(&msg, id->key->rsa->e); |
buffer_put_bignum(&msg, id->key->rsa->n); |
buffer_put_bignum(&msg, id->key->rsa->n); |
} else { |
} else { |
unsigned char *blob; |
unsigned char *blob; |
unsigned int blen; |
unsigned int blen; |
dsa_make_key_blob(id->key, &blob, &blen); |
key_to_blob(id->key, &blob, &blen); |
buffer_put_string(&msg, blob, blen); |
buffer_put_string(&msg, blob, blen); |
xfree(blob); |
xfree(blob); |
} |
} |
|
|
unsigned int response_type; |
unsigned int response_type; |
|
|
buffer_init(&msg); |
buffer_init(&msg); |
key = key_new(KEY_RSA); |
key = key_new(KEY_RSA1); |
challenge = BN_new(); |
challenge = BN_new(); |
|
|
buffer_get_int(&e->input); /* ignored */ |
buffer_get_int(&e->input); /* ignored */ |
|
|
if (flags & SSH_AGENT_OLD_SIGNATURE) |
if (flags & SSH_AGENT_OLD_SIGNATURE) |
datafellows = SSH_BUG_SIGBLOB; |
datafellows = SSH_BUG_SIGBLOB; |
|
|
key = dsa_key_from_blob(blob, blen); |
key = key_from_blob(blob, blen); |
if (key != NULL) { |
if (key != NULL) { |
private = lookup_private_key(key, NULL, 2); |
private = lookup_private_key(key, NULL, 2); |
if (private != NULL) |
if (private != NULL) |
ok = dsa_sign(private, &signature, &slen, data, dlen); |
ok = key_sign(private, &signature, &slen, data, dlen); |
} |
} |
key_free(key); |
key_free(key); |
buffer_init(&msg); |
buffer_init(&msg); |
|
|
|
|
switch(version){ |
switch(version){ |
case 1: |
case 1: |
key = key_new(KEY_RSA); |
key = key_new(KEY_RSA1); |
bits = buffer_get_int(&e->input); |
bits = buffer_get_int(&e->input); |
buffer_get_bignum(&e->input, key->rsa->e); |
buffer_get_bignum(&e->input, key->rsa->e); |
buffer_get_bignum(&e->input, key->rsa->n); |
buffer_get_bignum(&e->input, key->rsa->n); |
|
|
break; |
break; |
case 2: |
case 2: |
blob = buffer_get_string(&e->input, &blen); |
blob = buffer_get_string(&e->input, &blen); |
key = dsa_key_from_blob(blob, blen); |
key = key_from_blob(blob, blen); |
xfree(blob); |
xfree(blob); |
break; |
break; |
} |
} |
|
|
} |
} |
|
|
void |
void |
process_add_identity(SocketEntry *e, int version) |
generate_additional_parameters(RSA *rsa) |
{ |
{ |
Key *k = NULL; |
|
RSA *rsa; |
|
BIGNUM *aux; |
BIGNUM *aux; |
BN_CTX *ctx; |
BN_CTX *ctx; |
char *type; |
/* Generate additional parameters */ |
|
aux = BN_new(); |
|
ctx = BN_CTX_new(); |
|
|
|
BN_sub(aux, rsa->q, BN_value_one()); |
|
BN_mod(rsa->dmq1, rsa->d, aux, ctx); |
|
|
|
BN_sub(aux, rsa->p, BN_value_one()); |
|
BN_mod(rsa->dmp1, rsa->d, aux, ctx); |
|
|
|
BN_clear_free(aux); |
|
BN_CTX_free(ctx); |
|
} |
|
|
|
void |
|
process_add_identity(SocketEntry *e, int version) |
|
{ |
|
Key *k = NULL; |
|
char *type_name; |
char *comment; |
char *comment; |
int success = 0; |
int type, success = 0; |
Idtab *tab = idtab_lookup(version); |
Idtab *tab = idtab_lookup(version); |
|
|
switch (version) { |
switch (version) { |
case 1: |
case 1: |
k = key_new(KEY_RSA); |
k = key_new_private(KEY_RSA1); |
rsa = k->rsa; |
buffer_get_int(&e->input); /* ignored */ |
|
buffer_get_bignum(&e->input, k->rsa->n); |
|
buffer_get_bignum(&e->input, k->rsa->e); |
|
buffer_get_bignum(&e->input, k->rsa->d); |
|
buffer_get_bignum(&e->input, k->rsa->iqmp); |
|
|
/* allocate mem for private key */ |
|
/* XXX rsa->n and rsa->e are already allocated */ |
|
rsa->d = BN_new(); |
|
rsa->iqmp = BN_new(); |
|
rsa->q = BN_new(); |
|
rsa->p = BN_new(); |
|
rsa->dmq1 = BN_new(); |
|
rsa->dmp1 = BN_new(); |
|
|
|
buffer_get_int(&e->input); /* ignored */ |
|
|
|
buffer_get_bignum(&e->input, rsa->n); |
|
buffer_get_bignum(&e->input, rsa->e); |
|
buffer_get_bignum(&e->input, rsa->d); |
|
buffer_get_bignum(&e->input, rsa->iqmp); |
|
|
|
/* SSH and SSL have p and q swapped */ |
/* SSH and SSL have p and q swapped */ |
buffer_get_bignum(&e->input, rsa->q); /* p */ |
buffer_get_bignum(&e->input, k->rsa->q); /* p */ |
buffer_get_bignum(&e->input, rsa->p); /* q */ |
buffer_get_bignum(&e->input, k->rsa->p); /* q */ |
|
|
/* Generate additional parameters */ |
/* Generate additional parameters */ |
aux = BN_new(); |
generate_additional_parameters(k->rsa); |
ctx = BN_CTX_new(); |
|
|
|
BN_sub(aux, rsa->q, BN_value_one()); |
|
BN_mod(rsa->dmq1, rsa->d, aux, ctx); |
|
|
|
BN_sub(aux, rsa->p, BN_value_one()); |
|
BN_mod(rsa->dmp1, rsa->d, aux, ctx); |
|
|
|
BN_clear_free(aux); |
|
BN_CTX_free(ctx); |
|
|
|
break; |
break; |
case 2: |
case 2: |
type = buffer_get_string(&e->input, NULL); |
type_name = buffer_get_string(&e->input, NULL); |
if (strcmp(type, KEX_DSS)) { |
type = key_type_from_name(type_name); |
|
xfree(type_name); |
|
switch(type) { |
|
case KEY_DSA: |
|
k = key_new_private(type); |
|
buffer_get_bignum2(&e->input, k->dsa->p); |
|
buffer_get_bignum2(&e->input, k->dsa->q); |
|
buffer_get_bignum2(&e->input, k->dsa->g); |
|
buffer_get_bignum2(&e->input, k->dsa->pub_key); |
|
buffer_get_bignum2(&e->input, k->dsa->priv_key); |
|
break; |
|
case KEY_RSA: |
|
k = key_new_private(type); |
|
buffer_get_bignum2(&e->input, k->rsa->n); |
|
buffer_get_bignum2(&e->input, k->rsa->e); |
|
buffer_get_bignum2(&e->input, k->rsa->d); |
|
buffer_get_bignum2(&e->input, k->rsa->iqmp); |
|
buffer_get_bignum2(&e->input, k->rsa->p); |
|
buffer_get_bignum2(&e->input, k->rsa->q); |
|
|
|
/* Generate additional parameters */ |
|
generate_additional_parameters(k->rsa); |
|
break; |
|
default: |
buffer_clear(&e->input); |
buffer_clear(&e->input); |
xfree(type); |
|
goto send; |
goto send; |
} |
} |
xfree(type); |
|
|
|
k = key_new(KEY_DSA); |
|
|
|
/* allocate mem for private key */ |
|
k->dsa->priv_key = BN_new(); |
|
|
|
buffer_get_bignum2(&e->input, k->dsa->p); |
|
buffer_get_bignum2(&e->input, k->dsa->q); |
|
buffer_get_bignum2(&e->input, k->dsa->g); |
|
buffer_get_bignum2(&e->input, k->dsa->pub_key); |
|
buffer_get_bignum2(&e->input, k->dsa->priv_key); |
|
|
|
break; |
break; |
} |
} |
|
|
comment = buffer_get_string(&e->input, NULL); |
comment = buffer_get_string(&e->input, NULL); |
if (k == NULL) { |
if (k == NULL) { |
xfree(comment); |
xfree(comment); |
|
|
pid_t pid; |
pid_t pid; |
char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid]; |
char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid]; |
|
|
/* check if RSA support exists */ |
|
if (rsa_alive() == 0) { |
|
fprintf(stderr, |
|
"%s: no RSA support in libssl and libcrypto. See ssl(8).\n", |
|
__progname); |
|
exit(1); |
|
} |
|
while ((ch = getopt(ac, av, "cks")) != -1) { |
while ((ch = getopt(ac, av, "cks")) != -1) { |
switch (ch) { |
switch (ch) { |
case 'c': |
case 'c': |