key.c revision 106130 
1/*
2 * read_bignum():
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 *
5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose.  Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
10 *
11 *
12 * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
13 *
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
16 * are met:
17 * 1. Redistributions of source code must retain the above copyright
18 *    notice, this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright
20 *    notice, this list of conditions and the following disclaimer in the
21 *    documentation and/or other materials provided with the distribution.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 */
34#include "includes.h"
35RCSID("$OpenBSD: key.c,v 1.49 2002/09/09 14:54:14 markus Exp $");
36RCSID("$FreeBSD: head/crypto/openssh/key.c 106130 2002-10-29 10:16:02Z des $");
37
38#include <openssl/evp.h>
39
40#include "xmalloc.h"
41#include "key.h"
42#include "rsa.h"
43#include "ssh-dss.h"
44#include "ssh-rsa.h"
45#include "uuencode.h"
46#include "buffer.h"
47#include "bufaux.h"
48#include "log.h"
49
50Key *
51key_new(int type)
52{
53	Key *k;
54	RSA *rsa;
55	DSA *dsa;
56	k = xmalloc(sizeof(*k));
57	k->type = type;
58	k->flags = 0;
59	k->dsa = NULL;
60	k->rsa = NULL;
61	switch (k->type) {
62	case KEY_RSA1:
63	case KEY_RSA:
64		if ((rsa = RSA_new()) == NULL)
65			fatal("key_new: RSA_new failed");
66		if ((rsa->n = BN_new()) == NULL)
67			fatal("key_new: BN_new failed");
68		if ((rsa->e = BN_new()) == NULL)
69			fatal("key_new: BN_new failed");
70		k->rsa = rsa;
71		break;
72	case KEY_DSA:
73		if ((dsa = DSA_new()) == NULL)
74			fatal("key_new: DSA_new failed");
75		if ((dsa->p = BN_new()) == NULL)
76			fatal("key_new: BN_new failed");
77		if ((dsa->q = BN_new()) == NULL)
78			fatal("key_new: BN_new failed");
79		if ((dsa->g = BN_new()) == NULL)
80			fatal("key_new: BN_new failed");
81		if ((dsa->pub_key = BN_new()) == NULL)
82			fatal("key_new: BN_new failed");
83		k->dsa = dsa;
84		break;
85	case KEY_UNSPEC:
86		break;
87	default:
88		fatal("key_new: bad key type %d", k->type);
89		break;
90	}
91	return k;
92}
93
94Key *
95key_new_private(int type)
96{
97	Key *k = key_new(type);
98	switch (k->type) {
99	case KEY_RSA1:
100	case KEY_RSA:
101		if ((k->rsa->d = BN_new()) == NULL)
102			fatal("key_new_private: BN_new failed");
103		if ((k->rsa->iqmp = BN_new()) == NULL)
104			fatal("key_new_private: BN_new failed");
105		if ((k->rsa->q = BN_new()) == NULL)
106			fatal("key_new_private: BN_new failed");
107		if ((k->rsa->p = BN_new()) == NULL)
108			fatal("key_new_private: BN_new failed");
109		if ((k->rsa->dmq1 = BN_new()) == NULL)
110			fatal("key_new_private: BN_new failed");
111		if ((k->rsa->dmp1 = BN_new()) == NULL)
112			fatal("key_new_private: BN_new failed");
113		break;
114	case KEY_DSA:
115		if ((k->dsa->priv_key = BN_new()) == NULL)
116			fatal("key_new_private: BN_new failed");
117		break;
118	case KEY_UNSPEC:
119		break;
120	default:
121		break;
122	}
123	return k;
124}
125
126void
127key_free(Key *k)
128{
129	switch (k->type) {
130	case KEY_RSA1:
131	case KEY_RSA:
132		if (k->rsa != NULL)
133			RSA_free(k->rsa);
134		k->rsa = NULL;
135		break;
136	case KEY_DSA:
137		if (k->dsa != NULL)
138			DSA_free(k->dsa);
139		k->dsa = NULL;
140		break;
141	case KEY_UNSPEC:
142		break;
143	default:
144		fatal("key_free: bad key type %d", k->type);
145		break;
146	}
147	xfree(k);
148}
149int
150key_equal(Key *a, Key *b)
151{
152	if (a == NULL || b == NULL || a->type != b->type)
153		return 0;
154	switch (a->type) {
155	case KEY_RSA1:
156	case KEY_RSA:
157		return a->rsa != NULL && b->rsa != NULL &&
158		    BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
159		    BN_cmp(a->rsa->n, b->rsa->n) == 0;
160		break;
161	case KEY_DSA:
162		return a->dsa != NULL && b->dsa != NULL &&
163		    BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
164		    BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
165		    BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
166		    BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
167		break;
168	default:
169		fatal("key_equal: bad key type %d", a->type);
170		break;
171	}
172	return 0;
173}
174
175static u_char *
176key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length)
177{
178	const EVP_MD *md = NULL;
179	EVP_MD_CTX ctx;
180	u_char *blob = NULL;
181	u_char *retval = NULL;
182	u_int len = 0;
183	int nlen, elen;
184
185	*dgst_raw_length = 0;
186
187	switch (dgst_type) {
188	case SSH_FP_MD5:
189		md = EVP_md5();
190		break;
191	case SSH_FP_SHA1:
192		md = EVP_sha1();
193		break;
194	default:
195		fatal("key_fingerprint_raw: bad digest type %d",
196		    dgst_type);
197	}
198	switch (k->type) {
199	case KEY_RSA1:
200		nlen = BN_num_bytes(k->rsa->n);
201		elen = BN_num_bytes(k->rsa->e);
202		len = nlen + elen;
203		blob = xmalloc(len);
204		BN_bn2bin(k->rsa->n, blob);
205		BN_bn2bin(k->rsa->e, blob + nlen);
206		break;
207	case KEY_DSA:
208	case KEY_RSA:
209		key_to_blob(k, &blob, &len);
210		break;
211	case KEY_UNSPEC:
212		return retval;
213		break;
214	default:
215		fatal("key_fingerprint_raw: bad key type %d", k->type);
216		break;
217	}
218	if (blob != NULL) {
219		retval = xmalloc(EVP_MAX_MD_SIZE);
220		EVP_DigestInit(&ctx, md);
221		EVP_DigestUpdate(&ctx, blob, len);
222		EVP_DigestFinal(&ctx, retval, dgst_raw_length);
223		memset(blob, 0, len);
224		xfree(blob);
225	} else {
226		fatal("key_fingerprint_raw: blob is null");
227	}
228	return retval;
229}
230
231static char *
232key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len)
233{
234	char *retval;
235	int i;
236
237	retval = xmalloc(dgst_raw_len * 3 + 1);
238	retval[0] = '\0';
239	for (i = 0; i < dgst_raw_len; i++) {
240		char hex[4];
241		snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
242		strlcat(retval, hex, dgst_raw_len * 3);
243	}
244	retval[(dgst_raw_len * 3) - 1] = '\0';
245	return retval;
246}
247
248static char *
249key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len)
250{
251	char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' };
252	char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm',
253	    'n', 'p', 'r', 's', 't', 'v', 'z', 'x' };
254	u_int i, j = 0, rounds, seed = 1;
255	char *retval;
256
257	rounds = (dgst_raw_len / 2) + 1;
258	retval = xmalloc(sizeof(char) * (rounds*6));
259	retval[j++] = 'x';
260	for (i = 0; i < rounds; i++) {
261		u_int idx0, idx1, idx2, idx3, idx4;
262		if ((i + 1 < rounds) || (dgst_raw_len % 2 != 0)) {
263			idx0 = (((((u_int)(dgst_raw[2 * i])) >> 6) & 3) +
264			    seed) % 6;
265			idx1 = (((u_int)(dgst_raw[2 * i])) >> 2) & 15;
266			idx2 = ((((u_int)(dgst_raw[2 * i])) & 3) +
267			    (seed / 6)) % 6;
268			retval[j++] = vowels[idx0];
269			retval[j++] = consonants[idx1];
270			retval[j++] = vowels[idx2];
271			if ((i + 1) < rounds) {
272				idx3 = (((u_int)(dgst_raw[(2 * i) + 1])) >> 4) & 15;
273				idx4 = (((u_int)(dgst_raw[(2 * i) + 1]))) & 15;
274				retval[j++] = consonants[idx3];
275				retval[j++] = '-';
276				retval[j++] = consonants[idx4];
277				seed = ((seed * 5) +
278				    ((((u_int)(dgst_raw[2 * i])) * 7) +
279				    ((u_int)(dgst_raw[(2 * i) + 1])))) % 36;
280			}
281		} else {
282			idx0 = seed % 6;
283			idx1 = 16;
284			idx2 = seed / 6;
285			retval[j++] = vowels[idx0];
286			retval[j++] = consonants[idx1];
287			retval[j++] = vowels[idx2];
288		}
289	}
290	retval[j++] = 'x';
291	retval[j++] = '\0';
292	return retval;
293}
294
295char *
296key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
297{
298	char *retval = NULL;
299	u_char *dgst_raw;
300	u_int dgst_raw_len;
301
302	dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len);
303	if (!dgst_raw)
304		fatal("key_fingerprint: null from key_fingerprint_raw()");
305	switch (dgst_rep) {
306	case SSH_FP_HEX:
307		retval = key_fingerprint_hex(dgst_raw, dgst_raw_len);
308		break;
309	case SSH_FP_BUBBLEBABBLE:
310		retval = key_fingerprint_bubblebabble(dgst_raw, dgst_raw_len);
311		break;
312	default:
313		fatal("key_fingerprint_ex: bad digest representation %d",
314		    dgst_rep);
315		break;
316	}
317	memset(dgst_raw, 0, dgst_raw_len);
318	xfree(dgst_raw);
319	return retval;
320}
321
322/*
323 * Reads a multiple-precision integer in decimal from the buffer, and advances
324 * the pointer.  The integer must already be initialized.  This function is
325 * permitted to modify the buffer.  This leaves *cpp to point just beyond the
326 * last processed (and maybe modified) character.  Note that this may modify
327 * the buffer containing the number.
328 */
329static int
330read_bignum(char **cpp, BIGNUM * value)
331{
332	char *cp = *cpp;
333	int old;
334
335	/* Skip any leading whitespace. */
336	for (; *cp == ' ' || *cp == '\t'; cp++)
337		;
338
339	/* Check that it begins with a decimal digit. */
340	if (*cp < '0' || *cp > '9')
341		return 0;
342
343	/* Save starting position. */
344	*cpp = cp;
345
346	/* Move forward until all decimal digits skipped. */
347	for (; *cp >= '0' && *cp <= '9'; cp++)
348		;
349
350	/* Save the old terminating character, and replace it by \0. */
351	old = *cp;
352	*cp = 0;
353
354	/* Parse the number. */
355	if (BN_dec2bn(&value, *cpp) == 0)
356		return 0;
357
358	/* Restore old terminating character. */
359	*cp = old;
360
361	/* Move beyond the number and return success. */
362	*cpp = cp;
363	return 1;
364}
365
366static int
367write_bignum(FILE *f, BIGNUM *num)
368{
369	char *buf = BN_bn2dec(num);
370	if (buf == NULL) {
371		error("write_bignum: BN_bn2dec() failed");
372		return 0;
373	}
374	fprintf(f, " %s", buf);
375	OPENSSL_free(buf);
376	return 1;
377}
378
379/* returns 1 ok, -1 error */
380int
381key_read(Key *ret, char **cpp)
382{
383	Key *k;
384	int success = -1;
385	char *cp, *space;
386	int len, n, type;
387	u_int bits;
388	u_char *blob;
389
390	cp = *cpp;
391
392	switch (ret->type) {
393	case KEY_RSA1:
394		/* Get number of bits. */
395		if (*cp < '0' || *cp > '9')
396			return -1;	/* Bad bit count... */
397		for (bits = 0; *cp >= '0' && *cp <= '9'; cp++)
398			bits = 10 * bits + *cp - '0';
399		if (bits == 0)
400			return -1;
401		*cpp = cp;
402		/* Get public exponent, public modulus. */
403		if (!read_bignum(cpp, ret->rsa->e))
404			return -1;
405		if (!read_bignum(cpp, ret->rsa->n))
406			return -1;
407		success = 1;
408		break;
409	case KEY_UNSPEC:
410	case KEY_RSA:
411	case KEY_DSA:
412		space = strchr(cp, ' ');
413		if (space == NULL) {
414			debug3("key_read: no space");
415			return -1;
416		}
417		*space = '\0';
418		type = key_type_from_name(cp);
419		*space = ' ';
420		if (type == KEY_UNSPEC) {
421			debug3("key_read: no key found");
422			return -1;
423		}
424		cp = space+1;
425		if (*cp == '\0') {
426			debug3("key_read: short string");
427			return -1;
428		}
429		if (ret->type == KEY_UNSPEC) {
430			ret->type = type;
431		} else if (ret->type != type) {
432			/* is a key, but different type */
433			debug3("key_read: type mismatch");
434			return -1;
435		}
436		len = 2*strlen(cp);
437		blob = xmalloc(len);
438		n = uudecode(cp, blob, len);
439		if (n < 0) {
440			error("key_read: uudecode %s failed", cp);
441			xfree(blob);
442			return -1;
443		}
444		k = key_from_blob(blob, n);
445		xfree(blob);
446		if (k == NULL) {
447			error("key_read: key_from_blob %s failed", cp);
448			return -1;
449		}
450		if (k->type != type) {
451			error("key_read: type mismatch: encoding error");
452			key_free(k);
453			return -1;
454		}
455/*XXXX*/
456		if (ret->type == KEY_RSA) {
457			if (ret->rsa != NULL)
458				RSA_free(ret->rsa);
459			ret->rsa = k->rsa;
460			k->rsa = NULL;
461			success = 1;
462#ifdef DEBUG_PK
463			RSA_print_fp(stderr, ret->rsa, 8);
464#endif
465		} else {
466			if (ret->dsa != NULL)
467				DSA_free(ret->dsa);
468			ret->dsa = k->dsa;
469			k->dsa = NULL;
470			success = 1;
471#ifdef DEBUG_PK
472			DSA_print_fp(stderr, ret->dsa, 8);
473#endif
474		}
475/*XXXX*/
476		key_free(k);
477		if (success != 1)
478			break;
479		/* advance cp: skip whitespace and data */
480		while (*cp == ' ' || *cp == '\t')
481			cp++;
482		while (*cp != '\0' && *cp != ' ' && *cp != '\t')
483			cp++;
484		*cpp = cp;
485		break;
486	default:
487		fatal("key_read: bad key type: %d", ret->type);
488		break;
489	}
490	return success;
491}
492
493int
494key_write(Key *key, FILE *f)
495{
496	int n, success = 0;
497	u_int len, bits = 0;
498	u_char *blob;
499	char *uu;
500
501	if (key->type == KEY_RSA1 && key->rsa != NULL) {
502		/* size of modulus 'n' */
503		bits = BN_num_bits(key->rsa->n);
504		fprintf(f, "%u", bits);
505		if (write_bignum(f, key->rsa->e) &&
506		    write_bignum(f, key->rsa->n)) {
507			success = 1;
508		} else {
509			error("key_write: failed for RSA key");
510		}
511	} else if ((key->type == KEY_DSA && key->dsa != NULL) ||
512	    (key->type == KEY_RSA && key->rsa != NULL)) {
513		key_to_blob(key, &blob, &len);
514		uu = xmalloc(2*len);
515		n = uuencode(blob, len, uu, 2*len);
516		if (n > 0) {
517			fprintf(f, "%s %s", key_ssh_name(key), uu);
518			success = 1;
519		}
520		xfree(blob);
521		xfree(uu);
522	}
523	return success;
524}
525
526char *
527key_type(Key *k)
528{
529	switch (k->type) {
530	case KEY_RSA1:
531		return "RSA1";
532		break;
533	case KEY_RSA:
534		return "RSA";
535		break;
536	case KEY_DSA:
537		return "DSA";
538		break;
539	}
540	return "unknown";
541}
542
543char *
544key_ssh_name(Key *k)
545{
546	switch (k->type) {
547	case KEY_RSA:
548		return "ssh-rsa";
549		break;
550	case KEY_DSA:
551		return "ssh-dss";
552		break;
553	}
554	return "ssh-unknown";
555}
556
557u_int
558key_size(Key *k)
559{
560	switch (k->type) {
561	case KEY_RSA1:
562	case KEY_RSA:
563		return BN_num_bits(k->rsa->n);
564		break;
565	case KEY_DSA:
566		return BN_num_bits(k->dsa->p);
567		break;
568	}
569	return 0;
570}
571
572static RSA *
573rsa_generate_private_key(u_int bits)
574{
575	RSA *private;
576	private = RSA_generate_key(bits, 35, NULL, NULL);
577	if (private == NULL)
578		fatal("rsa_generate_private_key: key generation failed.");
579	return private;
580}
581
582static DSA*
583dsa_generate_private_key(u_int bits)
584{
585	DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
586	if (private == NULL)
587		fatal("dsa_generate_private_key: DSA_generate_parameters failed");
588	if (!DSA_generate_key(private))
589		fatal("dsa_generate_private_key: DSA_generate_key failed.");
590	if (private == NULL)
591		fatal("dsa_generate_private_key: NULL.");
592	return private;
593}
594
595Key *
596key_generate(int type, u_int bits)
597{
598	Key *k = key_new(KEY_UNSPEC);
599	switch (type) {
600	case KEY_DSA:
601		k->dsa = dsa_generate_private_key(bits);
602		break;
603	case KEY_RSA:
604	case KEY_RSA1:
605		k->rsa = rsa_generate_private_key(bits);
606		break;
607	default:
608		fatal("key_generate: unknown type %d", type);
609	}
610	k->type = type;
611	return k;
612}
613
614Key *
615key_from_private(Key *k)
616{
617	Key *n = NULL;
618	switch (k->type) {
619	case KEY_DSA:
620		n = key_new(k->type);
621		BN_copy(n->dsa->p, k->dsa->p);
622		BN_copy(n->dsa->q, k->dsa->q);
623		BN_copy(n->dsa->g, k->dsa->g);
624		BN_copy(n->dsa->pub_key, k->dsa->pub_key);
625		break;
626	case KEY_RSA:
627	case KEY_RSA1:
628		n = key_new(k->type);
629		BN_copy(n->rsa->n, k->rsa->n);
630		BN_copy(n->rsa->e, k->rsa->e);
631		break;
632	default:
633		fatal("key_from_private: unknown type %d", k->type);
634		break;
635	}
636	return n;
637}
638
639int
640key_type_from_name(char *name)
641{
642	if (strcmp(name, "rsa1") == 0) {
643		return KEY_RSA1;
644	} else if (strcmp(name, "rsa") == 0) {
645		return KEY_RSA;
646	} else if (strcmp(name, "dsa") == 0) {
647		return KEY_DSA;
648	} else if (strcmp(name, "ssh-rsa") == 0) {
649		return KEY_RSA;
650	} else if (strcmp(name, "ssh-dss") == 0) {
651		return KEY_DSA;
652	}
653	debug2("key_type_from_name: unknown key type '%s'", name);
654	return KEY_UNSPEC;
655}
656
657int
658key_names_valid2(const char *names)
659{
660	char *s, *cp, *p;
661
662	if (names == NULL || strcmp(names, "") == 0)
663		return 0;
664	s = cp = xstrdup(names);
665	for ((p = strsep(&cp, ",")); p && *p != '\0';
666	    (p = strsep(&cp, ","))) {
667		switch (key_type_from_name(p)) {
668		case KEY_RSA1:
669		case KEY_UNSPEC:
670			xfree(s);
671			return 0;
672		}
673	}
674	debug3("key names ok: [%s]", names);
675	xfree(s);
676	return 1;
677}
678
679Key *
680key_from_blob(u_char *blob, int blen)
681{
682	Buffer b;
683	char *ktype;
684	int rlen, type;
685	Key *key = NULL;
686
687#ifdef DEBUG_PK
688	dump_base64(stderr, blob, blen);
689#endif
690	buffer_init(&b);
691	buffer_append(&b, blob, blen);
692	ktype = buffer_get_string(&b, NULL);
693	type = key_type_from_name(ktype);
694
695	switch (type) {
696	case KEY_RSA:
697		key = key_new(type);
698		buffer_get_bignum2(&b, key->rsa->e);
699		buffer_get_bignum2(&b, key->rsa->n);
700#ifdef DEBUG_PK
701		RSA_print_fp(stderr, key->rsa, 8);
702#endif
703		break;
704	case KEY_DSA:
705		key = key_new(type);
706		buffer_get_bignum2(&b, key->dsa->p);
707		buffer_get_bignum2(&b, key->dsa->q);
708		buffer_get_bignum2(&b, key->dsa->g);
709		buffer_get_bignum2(&b, key->dsa->pub_key);
710#ifdef DEBUG_PK
711		DSA_print_fp(stderr, key->dsa, 8);
712#endif
713		break;
714	case KEY_UNSPEC:
715		key = key_new(type);
716		break;
717	default:
718		error("key_from_blob: cannot handle type %s", ktype);
719		break;
720	}
721	rlen = buffer_len(&b);
722	if (key != NULL && rlen != 0)
723		error("key_from_blob: remaining bytes in key blob %d", rlen);
724	xfree(ktype);
725	buffer_free(&b);
726	return key;
727}
728
729int
730key_to_blob(Key *key, u_char **blobp, u_int *lenp)
731{
732	Buffer b;
733	int len;
734
735	if (key == NULL) {
736		error("key_to_blob: key == NULL");
737		return 0;
738	}
739	buffer_init(&b);
740	switch (key->type) {
741	case KEY_DSA:
742		buffer_put_cstring(&b, key_ssh_name(key));
743		buffer_put_bignum2(&b, key->dsa->p);
744		buffer_put_bignum2(&b, key->dsa->q);
745		buffer_put_bignum2(&b, key->dsa->g);
746		buffer_put_bignum2(&b, key->dsa->pub_key);
747		break;
748	case KEY_RSA:
749		buffer_put_cstring(&b, key_ssh_name(key));
750		buffer_put_bignum2(&b, key->rsa->e);
751		buffer_put_bignum2(&b, key->rsa->n);
752		break;
753	default:
754		error("key_to_blob: unsupported key type %d", key->type);
755		buffer_free(&b);
756		return 0;
757	}
758	len = buffer_len(&b);
759	if (lenp != NULL)
760		*lenp = len;
761	if (blobp != NULL) {
762		*blobp = xmalloc(len);
763		memcpy(*blobp, buffer_ptr(&b), len);
764	}
765	memset(buffer_ptr(&b), 0, len);
766	buffer_free(&b);
767	return len;
768}
769
770int
771key_sign(
772    Key *key,
773    u_char **sigp, u_int *lenp,
774    u_char *data, u_int datalen)
775{
776	switch (key->type) {
777	case KEY_DSA:
778		return ssh_dss_sign(key, sigp, lenp, data, datalen);
779		break;
780	case KEY_RSA:
781		return ssh_rsa_sign(key, sigp, lenp, data, datalen);
782		break;
783	default:
784		error("key_sign: illegal key type %d", key->type);
785		return -1;
786		break;
787	}
788}
789
790/*
791 * key_verify returns 1 for a correct signature, 0 for an incorrect signature
792 * and -1 on error.
793 */
794int
795key_verify(
796    Key *key,
797    u_char *signature, u_int signaturelen,
798    u_char *data, u_int datalen)
799{
800	if (signaturelen == 0)
801		return -1;
802
803	switch (key->type) {
804	case KEY_DSA:
805		return ssh_dss_verify(key, signature, signaturelen, data, datalen);
806		break;
807	case KEY_RSA:
808		return ssh_rsa_verify(key, signature, signaturelen, data, datalen);
809		break;
810	default:
811		error("key_verify: illegal key type %d", key->type);
812		return -1;
813		break;
814	}
815}
816
817/* Converts a private to a public key */
818Key *
819key_demote(Key *k)
820{
821	Key *pk;
822
823	pk = xmalloc(sizeof(*pk));
824	pk->type = k->type;
825	pk->flags = k->flags;
826	pk->dsa = NULL;
827	pk->rsa = NULL;
828
829	switch (k->type) {
830	case KEY_RSA1:
831	case KEY_RSA:
832		if ((pk->rsa = RSA_new()) == NULL)
833			fatal("key_demote: RSA_new failed");
834		if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL)
835			fatal("key_demote: BN_dup failed");
836		if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL)
837			fatal("key_demote: BN_dup failed");
838		break;
839	case KEY_DSA:
840		if ((pk->dsa = DSA_new()) == NULL)
841			fatal("key_demote: DSA_new failed");
842		if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL)
843			fatal("key_demote: BN_dup failed");
844		if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL)
845			fatal("key_demote: BN_dup failed");
846		if ((pk->dsa->g = BN_dup(k->dsa->g)) == NULL)
847			fatal("key_demote: BN_dup failed");
848		if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL)
849			fatal("key_demote: BN_dup failed");
850		break;
851	default:
852		fatal("key_free: bad key type %d", k->type);
853		break;
854	}
855
856	return (pk);
857}
858