version 1.132, 2022/10/28 00:44:17 |
version 1.133, 2022/10/28 00:44:44 |
|
|
SSHKEY_SERIALIZE_DEFAULT); |
SSHKEY_SERIALIZE_DEFAULT); |
} |
} |
|
|
|
/* Shared deserialization of FIDO private key components */ |
int |
int |
|
sshkey_private_deserialize_sk(struct sshbuf *buf, struct sshkey *k) |
|
{ |
|
int r; |
|
|
|
if ((k->sk_key_handle = sshbuf_new()) == NULL || |
|
(k->sk_reserved = sshbuf_new()) == NULL) |
|
return SSH_ERR_ALLOC_FAIL; |
|
if ((r = sshbuf_get_cstring(buf, &k->sk_application, NULL)) != 0 || |
|
(r = sshbuf_get_u8(buf, &k->sk_flags)) != 0 || |
|
(r = sshbuf_get_stringb(buf, k->sk_key_handle)) != 0 || |
|
(r = sshbuf_get_stringb(buf, k->sk_reserved)) != 0) |
|
return r; |
|
|
|
return 0; |
|
} |
|
|
|
int |
sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) |
sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) |
{ |
{ |
char *tname = NULL, *curve = NULL, *xmss_name = NULL; |
const struct sshkey_impl *impl; |
|
char *tname = NULL; |
char *expect_sk_application = NULL; |
char *expect_sk_application = NULL; |
|
u_char *expect_ed25519_pk = NULL; |
struct sshkey *k = NULL; |
struct sshkey *k = NULL; |
size_t pklen = 0, sklen = 0; |
|
int type, r = SSH_ERR_INTERNAL_ERROR; |
int type, r = SSH_ERR_INTERNAL_ERROR; |
u_char *ed25519_pk = NULL, *ed25519_sk = NULL; |
|
u_char *expect_ed25519_pk = NULL; |
|
u_char *xmss_pk = NULL, *xmss_sk = NULL; |
|
#ifdef WITH_OPENSSL |
|
BIGNUM *exponent = NULL; |
|
BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL; |
|
BIGNUM *rsa_iqmp = NULL, *rsa_p = NULL, *rsa_q = NULL; |
|
BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL; |
|
BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL; |
|
#endif /* WITH_OPENSSL */ |
|
|
|
if (kp != NULL) |
if (kp != NULL) |
*kp = NULL; |
*kp = NULL; |
|
|
expect_ed25519_pk = k->ed25519_pk; |
expect_ed25519_pk = k->ed25519_pk; |
k->sk_application = NULL; |
k->sk_application = NULL; |
k->ed25519_pk = NULL; |
k->ed25519_pk = NULL; |
|
/* XXX xmss too or refactor */ |
} else { |
} else { |
if ((k = sshkey_new(type)) == NULL) { |
if ((k = sshkey_new(type)) == NULL) { |
r = SSH_ERR_ALLOC_FAIL; |
r = SSH_ERR_ALLOC_FAIL; |
goto out; |
goto out; |
} |
} |
} |
} |
switch (type) { |
if ((impl = sshkey_impl_from_type(type)) == NULL) { |
#ifdef WITH_OPENSSL |
r = SSH_ERR_INTERNAL_ERROR; |
case KEY_DSA: |
|
if ((r = sshbuf_get_bignum2(buf, &dsa_p)) != 0 || |
|
(r = sshbuf_get_bignum2(buf, &dsa_q)) != 0 || |
|
(r = sshbuf_get_bignum2(buf, &dsa_g)) != 0 || |
|
(r = sshbuf_get_bignum2(buf, &dsa_pub_key)) != 0) |
|
goto out; |
|
if (!DSA_set0_pqg(k->dsa, dsa_p, dsa_q, dsa_g)) { |
|
r = SSH_ERR_LIBCRYPTO_ERROR; |
|
goto out; |
|
} |
|
dsa_p = dsa_q = dsa_g = NULL; /* transferred */ |
|
if (!DSA_set0_key(k->dsa, dsa_pub_key, NULL)) { |
|
r = SSH_ERR_LIBCRYPTO_ERROR; |
|
goto out; |
|
} |
|
dsa_pub_key = NULL; /* transferred */ |
|
/* FALLTHROUGH */ |
|
case KEY_DSA_CERT: |
|
if ((r = sshbuf_get_bignum2(buf, &dsa_priv_key)) != 0) |
|
goto out; |
|
if (!DSA_set0_key(k->dsa, NULL, dsa_priv_key)) { |
|
r = SSH_ERR_LIBCRYPTO_ERROR; |
|
goto out; |
|
} |
|
dsa_priv_key = NULL; /* transferred */ |
|
break; |
|
case KEY_ECDSA: |
|
if ((k->ecdsa_nid = sshkey_ecdsa_nid_from_name(tname)) == -1) { |
|
r = SSH_ERR_INVALID_ARGUMENT; |
|
goto out; |
|
} |
|
if ((r = sshbuf_get_cstring(buf, &curve, NULL)) != 0) |
|
goto out; |
|
if (k->ecdsa_nid != sshkey_curve_name_to_nid(curve)) { |
|
r = SSH_ERR_EC_CURVE_MISMATCH; |
|
goto out; |
|
} |
|
k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); |
|
if (k->ecdsa == NULL) { |
|
r = SSH_ERR_LIBCRYPTO_ERROR; |
|
goto out; |
|
} |
|
if ((r = sshbuf_get_eckey(buf, k->ecdsa)) != 0) |
|
goto out; |
|
/* FALLTHROUGH */ |
|
case KEY_ECDSA_CERT: |
|
if ((r = sshbuf_get_bignum2(buf, &exponent)) != 0) |
|
goto out; |
|
if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) { |
|
r = SSH_ERR_LIBCRYPTO_ERROR; |
|
goto out; |
|
} |
|
if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), |
|
EC_KEY_get0_public_key(k->ecdsa))) != 0 || |
|
(r = sshkey_ec_validate_private(k->ecdsa)) != 0) |
|
goto out; |
|
break; |
|
case KEY_ECDSA_SK: |
|
if ((k->ecdsa_nid = sshkey_ecdsa_nid_from_name(tname)) == -1) { |
|
r = SSH_ERR_INVALID_ARGUMENT; |
|
goto out; |
|
} |
|
if ((r = sshbuf_get_cstring(buf, &curve, NULL)) != 0) |
|
goto out; |
|
if (k->ecdsa_nid != sshkey_curve_name_to_nid(curve)) { |
|
r = SSH_ERR_EC_CURVE_MISMATCH; |
|
goto out; |
|
} |
|
if ((k->sk_key_handle = sshbuf_new()) == NULL || |
|
(k->sk_reserved = sshbuf_new()) == NULL) { |
|
r = SSH_ERR_ALLOC_FAIL; |
|
goto out; |
|
} |
|
k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); |
|
if (k->ecdsa == NULL) { |
|
r = SSH_ERR_LIBCRYPTO_ERROR; |
|
goto out; |
|
} |
|
if ((r = sshbuf_get_eckey(buf, k->ecdsa)) != 0 || |
|
(r = sshbuf_get_cstring(buf, &k->sk_application, |
|
NULL)) != 0 || |
|
(r = sshbuf_get_u8(buf, &k->sk_flags)) != 0 || |
|
(r = sshbuf_get_stringb(buf, k->sk_key_handle)) != 0 || |
|
(r = sshbuf_get_stringb(buf, k->sk_reserved)) != 0) |
|
goto out; |
|
if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), |
|
EC_KEY_get0_public_key(k->ecdsa))) != 0) |
|
goto out; |
|
break; |
|
case KEY_ECDSA_SK_CERT: |
|
if ((k->sk_key_handle = sshbuf_new()) == NULL || |
|
(k->sk_reserved = sshbuf_new()) == NULL) { |
|
r = SSH_ERR_ALLOC_FAIL; |
|
goto out; |
|
} |
|
if ((r = sshbuf_get_cstring(buf, &k->sk_application, |
|
NULL)) != 0 || |
|
(r = sshbuf_get_u8(buf, &k->sk_flags)) != 0 || |
|
(r = sshbuf_get_stringb(buf, k->sk_key_handle)) != 0 || |
|
(r = sshbuf_get_stringb(buf, k->sk_reserved)) != 0) |
|
goto out; |
|
if ((r = sshkey_ec_validate_public(EC_KEY_get0_group(k->ecdsa), |
|
EC_KEY_get0_public_key(k->ecdsa))) != 0) |
|
goto out; |
|
break; |
|
case KEY_RSA: |
|
if ((r = sshbuf_get_bignum2(buf, &rsa_n)) != 0 || |
|
(r = sshbuf_get_bignum2(buf, &rsa_e)) != 0) |
|
goto out; |
|
if (!RSA_set0_key(k->rsa, rsa_n, rsa_e, NULL)) { |
|
r = SSH_ERR_LIBCRYPTO_ERROR; |
|
goto out; |
|
} |
|
rsa_n = rsa_e = NULL; /* transferred */ |
|
/* FALLTHROUGH */ |
|
case KEY_RSA_CERT: |
|
if ((r = sshbuf_get_bignum2(buf, &rsa_d)) != 0 || |
|
(r = sshbuf_get_bignum2(buf, &rsa_iqmp)) != 0 || |
|
(r = sshbuf_get_bignum2(buf, &rsa_p)) != 0 || |
|
(r = sshbuf_get_bignum2(buf, &rsa_q)) != 0) |
|
goto out; |
|
if (!RSA_set0_key(k->rsa, NULL, NULL, rsa_d)) { |
|
r = SSH_ERR_LIBCRYPTO_ERROR; |
|
goto out; |
|
} |
|
rsa_d = NULL; /* transferred */ |
|
if (!RSA_set0_factors(k->rsa, rsa_p, rsa_q)) { |
|
r = SSH_ERR_LIBCRYPTO_ERROR; |
|
goto out; |
|
} |
|
rsa_p = rsa_q = NULL; /* transferred */ |
|
if ((r = sshkey_check_rsa_length(k, 0)) != 0) |
|
goto out; |
|
if ((r = ssh_rsa_complete_crt_parameters(k, rsa_iqmp)) != 0) |
|
goto out; |
|
break; |
|
#endif /* WITH_OPENSSL */ |
|
case KEY_ED25519: |
|
case KEY_ED25519_CERT: |
|
if ((r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0 || |
|
(r = sshbuf_get_string(buf, &ed25519_sk, &sklen)) != 0) |
|
goto out; |
|
if (pklen != ED25519_PK_SZ || sklen != ED25519_SK_SZ) { |
|
r = SSH_ERR_INVALID_FORMAT; |
|
goto out; |
|
} |
|
k->ed25519_pk = ed25519_pk; |
|
k->ed25519_sk = ed25519_sk; |
|
ed25519_pk = ed25519_sk = NULL; /* transferred */ |
|
break; |
|
case KEY_ED25519_SK: |
|
case KEY_ED25519_SK_CERT: |
|
if ((r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0) |
|
goto out; |
|
if (pklen != ED25519_PK_SZ) { |
|
r = SSH_ERR_INVALID_FORMAT; |
|
goto out; |
|
} |
|
if ((k->sk_key_handle = sshbuf_new()) == NULL || |
|
(k->sk_reserved = sshbuf_new()) == NULL) { |
|
r = SSH_ERR_ALLOC_FAIL; |
|
goto out; |
|
} |
|
if ((r = sshbuf_get_cstring(buf, &k->sk_application, |
|
NULL)) != 0 || |
|
(r = sshbuf_get_u8(buf, &k->sk_flags)) != 0 || |
|
(r = sshbuf_get_stringb(buf, k->sk_key_handle)) != 0 || |
|
(r = sshbuf_get_stringb(buf, k->sk_reserved)) != 0) |
|
goto out; |
|
k->ed25519_pk = ed25519_pk; |
|
ed25519_pk = NULL; /* transferred */ |
|
break; |
|
#ifdef WITH_XMSS |
|
case KEY_XMSS: |
|
case KEY_XMSS_CERT: |
|
if ((r = sshbuf_get_cstring(buf, &xmss_name, NULL)) != 0 || |
|
(r = sshbuf_get_string(buf, &xmss_pk, &pklen)) != 0 || |
|
(r = sshbuf_get_string(buf, &xmss_sk, &sklen)) != 0) |
|
goto out; |
|
if (type == KEY_XMSS && |
|
(r = sshkey_xmss_init(k, xmss_name)) != 0) |
|
goto out; |
|
if (pklen != sshkey_xmss_pklen(k) || |
|
sklen != sshkey_xmss_sklen(k)) { |
|
r = SSH_ERR_INVALID_FORMAT; |
|
goto out; |
|
} |
|
k->xmss_pk = xmss_pk; |
|
k->xmss_sk = xmss_sk; |
|
xmss_pk = xmss_sk = NULL; |
|
/* optional internal state */ |
|
if ((r = sshkey_xmss_deserialize_state_opt(k, buf)) != 0) |
|
goto out; |
|
break; |
|
#endif /* WITH_XMSS */ |
|
default: |
|
r = SSH_ERR_KEY_TYPE_UNKNOWN; |
|
goto out; |
goto out; |
} |
} |
#ifdef WITH_OPENSSL |
if ((r = impl->funcs->deserialize_private(tname, buf, k)) != 0) |
/* enable blinding */ |
goto out; |
switch (k->type) { |
|
case KEY_RSA: |
/* XXX xmss too or refactor */ |
case KEY_RSA_CERT: |
|
if (RSA_blinding_on(k->rsa, NULL) != 1) { |
|
r = SSH_ERR_LIBCRYPTO_ERROR; |
|
goto out; |
|
} |
|
break; |
|
} |
|
#endif /* WITH_OPENSSL */ |
|
if ((expect_sk_application != NULL && (k->sk_application == NULL || |
if ((expect_sk_application != NULL && (k->sk_application == NULL || |
strcmp(expect_sk_application, k->sk_application) != 0)) || |
strcmp(expect_sk_application, k->sk_application) != 0)) || |
(expect_ed25519_pk != NULL && (k->ed25519_pk == NULL || |
(expect_ed25519_pk != NULL && (k->ed25519_pk == NULL || |
|
|
} |
} |
out: |
out: |
free(tname); |
free(tname); |
free(curve); |
|
#ifdef WITH_OPENSSL |
|
BN_clear_free(exponent); |
|
BN_clear_free(dsa_p); |
|
BN_clear_free(dsa_q); |
|
BN_clear_free(dsa_g); |
|
BN_clear_free(dsa_pub_key); |
|
BN_clear_free(dsa_priv_key); |
|
BN_clear_free(rsa_n); |
|
BN_clear_free(rsa_e); |
|
BN_clear_free(rsa_d); |
|
BN_clear_free(rsa_p); |
|
BN_clear_free(rsa_q); |
|
BN_clear_free(rsa_iqmp); |
|
#endif /* WITH_OPENSSL */ |
|
sshkey_free(k); |
sshkey_free(k); |
freezero(ed25519_pk, pklen); |
|
freezero(ed25519_sk, sklen); |
|
free(xmss_name); |
|
freezero(xmss_pk, pklen); |
|
freezero(xmss_sk, sklen); |
|
free(expect_sk_application); |
free(expect_sk_application); |
free(expect_ed25519_pk); |
free(expect_ed25519_pk); |
return r; |
return r; |