key.c revision 149753
1/* 2 * read_bignum(): 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * 5 * As far as I am concerned, the code I have written for this software 6 * can be used freely for any purpose. Any derived versions of this 7 * software must be clearly marked as such, and if the derived work is 8 * incompatible with the protocol description in the RFC file, it must be 9 * called by a name other than "ssh" or "Secure Shell". 10 * 11 * 12 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34#include "includes.h" 35RCSID("$OpenBSD: key.c,v 1.58 2005/06/17 02:44:32 djm Exp $"); 36 37#include <openssl/evp.h> 38 39#include "xmalloc.h" 40#include "key.h" 41#include "rsa.h" 42#include "uuencode.h" 43#include "buffer.h" 44#include "bufaux.h" 45#include "log.h" 46 47Key * 48key_new(int type) 49{ 50 Key *k; 51 RSA *rsa; 52 DSA *dsa; 53 k = xmalloc(sizeof(*k)); 54 k->type = type; 55 k->flags = 0; 56 k->dsa = NULL; 57 k->rsa = NULL; 58 switch (k->type) { 59 case KEY_RSA1: 60 case KEY_RSA: 61 if ((rsa = RSA_new()) == NULL) 62 fatal("key_new: RSA_new failed"); 63 if ((rsa->n = BN_new()) == NULL) 64 fatal("key_new: BN_new failed"); 65 if ((rsa->e = BN_new()) == NULL) 66 fatal("key_new: BN_new failed"); 67 k->rsa = rsa; 68 break; 69 case KEY_DSA: 70 if ((dsa = DSA_new()) == NULL) 71 fatal("key_new: DSA_new failed"); 72 if ((dsa->p = BN_new()) == NULL) 73 fatal("key_new: BN_new failed"); 74 if ((dsa->q = BN_new()) == NULL) 75 fatal("key_new: BN_new failed"); 76 if ((dsa->g = BN_new()) == NULL) 77 fatal("key_new: BN_new failed"); 78 if ((dsa->pub_key = BN_new()) == NULL) 79 fatal("key_new: BN_new failed"); 80 k->dsa = dsa; 81 break; 82 case KEY_UNSPEC: 83 break; 84 default: 85 fatal("key_new: bad key type %d", k->type); 86 break; 87 } 88 return k; 89} 90 91Key * 92key_new_private(int type) 93{ 94 Key *k = key_new(type); 95 switch (k->type) { 96 case KEY_RSA1: 97 case KEY_RSA: 98 if ((k->rsa->d = BN_new()) == NULL) 99 fatal("key_new_private: BN_new failed"); 100 if ((k->rsa->iqmp = BN_new()) == NULL) 101 fatal("key_new_private: BN_new failed"); 102 if ((k->rsa->q = BN_new()) == NULL) 103 fatal("key_new_private: BN_new failed"); 104 if ((k->rsa->p = BN_new()) == NULL) 105 fatal("key_new_private: BN_new failed"); 106 if ((k->rsa->dmq1 = BN_new()) == NULL) 107 fatal("key_new_private: BN_new failed"); 108 if ((k->rsa->dmp1 = BN_new()) == NULL) 109 fatal("key_new_private: BN_new failed"); 110 break; 111 case KEY_DSA: 112 if ((k->dsa->priv_key = BN_new()) == NULL) 113 fatal("key_new_private: BN_new failed"); 114 break; 115 case KEY_UNSPEC: 116 break; 117 default: 118 break; 119 } 120 return k; 121} 122 123void 124key_free(Key *k) 125{ 126 switch (k->type) { 127 case KEY_RSA1: 128 case KEY_RSA: 129 if (k->rsa != NULL) 130 RSA_free(k->rsa); 131 k->rsa = NULL; 132 break; 133 case KEY_DSA: 134 if (k->dsa != NULL) 135 DSA_free(k->dsa); 136 k->dsa = NULL; 137 break; 138 case KEY_UNSPEC: 139 break; 140 default: 141 fatal("key_free: bad key type %d", k->type); 142 break; 143 } 144 xfree(k); 145} 146 147int 148key_equal(const Key *a, const Key *b) 149{ 150 if (a == NULL || b == NULL || a->type != b->type) 151 return 0; 152 switch (a->type) { 153 case KEY_RSA1: 154 case KEY_RSA: 155 return a->rsa != NULL && b->rsa != NULL && 156 BN_cmp(a->rsa->e, b->rsa->e) == 0 && 157 BN_cmp(a->rsa->n, b->rsa->n) == 0; 158 break; 159 case KEY_DSA: 160 return a->dsa != NULL && b->dsa != NULL && 161 BN_cmp(a->dsa->p, b->dsa->p) == 0 && 162 BN_cmp(a->dsa->q, b->dsa->q) == 0 && 163 BN_cmp(a->dsa->g, b->dsa->g) == 0 && 164 BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; 165 break; 166 default: 167 fatal("key_equal: bad key type %d", a->type); 168 break; 169 } 170 return 0; 171} 172 173u_char* 174key_fingerprint_raw(const Key *k, enum fp_type dgst_type, 175 u_int *dgst_raw_length) 176{ 177 const EVP_MD *md = NULL; 178 EVP_MD_CTX ctx; 179 u_char *blob = NULL; 180 u_char *retval = NULL; 181 u_int len = 0; 182 int nlen, elen; 183 184 *dgst_raw_length = 0; 185 186 switch (dgst_type) { 187 case SSH_FP_MD5: 188 md = EVP_md5(); 189 break; 190 case SSH_FP_SHA1: 191 md = EVP_sha1(); 192 break; 193 default: 194 fatal("key_fingerprint_raw: bad digest type %d", 195 dgst_type); 196 } 197 switch (k->type) { 198 case KEY_RSA1: 199 nlen = BN_num_bytes(k->rsa->n); 200 elen = BN_num_bytes(k->rsa->e); 201 len = nlen + elen; 202 blob = xmalloc(len); 203 BN_bn2bin(k->rsa->n, blob); 204 BN_bn2bin(k->rsa->e, blob + nlen); 205 break; 206 case KEY_DSA: 207 case KEY_RSA: 208 key_to_blob(k, &blob, &len); 209 break; 210 case KEY_UNSPEC: 211 return retval; 212 break; 213 default: 214 fatal("key_fingerprint_raw: bad key type %d", k->type); 215 break; 216 } 217 if (blob != NULL) { 218 retval = xmalloc(EVP_MAX_MD_SIZE); 219 EVP_DigestInit(&ctx, md); 220 EVP_DigestUpdate(&ctx, blob, len); 221 EVP_DigestFinal(&ctx, retval, dgst_raw_length); 222 memset(blob, 0, len); 223 xfree(blob); 224 } else { 225 fatal("key_fingerprint_raw: blob is null"); 226 } 227 return retval; 228} 229 230static char * 231key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len) 232{ 233 char *retval; 234 u_int i; 235 236 retval = xmalloc(dgst_raw_len * 3 + 1); 237 retval[0] = '\0'; 238 for (i = 0; i < dgst_raw_len; i++) { 239 char hex[4]; 240 snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]); 241 strlcat(retval, hex, dgst_raw_len * 3 + 1); 242 } 243 244 /* Remove the trailing ':' character */ 245 retval[(dgst_raw_len * 3) - 1] = '\0'; 246 return retval; 247} 248 249static char * 250key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len) 251{ 252 char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' }; 253 char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm', 254 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' }; 255 u_int i, j = 0, rounds, seed = 1; 256 char *retval; 257 258 rounds = (dgst_raw_len / 2) + 1; 259 retval = xmalloc(sizeof(char) * (rounds*6)); 260 retval[j++] = 'x'; 261 for (i = 0; i < rounds; i++) { 262 u_int idx0, idx1, idx2, idx3, idx4; 263 if ((i + 1 < rounds) || (dgst_raw_len % 2 != 0)) { 264 idx0 = (((((u_int)(dgst_raw[2 * i])) >> 6) & 3) + 265 seed) % 6; 266 idx1 = (((u_int)(dgst_raw[2 * i])) >> 2) & 15; 267 idx2 = ((((u_int)(dgst_raw[2 * i])) & 3) + 268 (seed / 6)) % 6; 269 retval[j++] = vowels[idx0]; 270 retval[j++] = consonants[idx1]; 271 retval[j++] = vowels[idx2]; 272 if ((i + 1) < rounds) { 273 idx3 = (((u_int)(dgst_raw[(2 * i) + 1])) >> 4) & 15; 274 idx4 = (((u_int)(dgst_raw[(2 * i) + 1]))) & 15; 275 retval[j++] = consonants[idx3]; 276 retval[j++] = '-'; 277 retval[j++] = consonants[idx4]; 278 seed = ((seed * 5) + 279 ((((u_int)(dgst_raw[2 * i])) * 7) + 280 ((u_int)(dgst_raw[(2 * i) + 1])))) % 36; 281 } 282 } else { 283 idx0 = seed % 6; 284 idx1 = 16; 285 idx2 = seed / 6; 286 retval[j++] = vowels[idx0]; 287 retval[j++] = consonants[idx1]; 288 retval[j++] = vowels[idx2]; 289 } 290 } 291 retval[j++] = 'x'; 292 retval[j++] = '\0'; 293 return retval; 294} 295 296char * 297key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) 298{ 299 char *retval = NULL; 300 u_char *dgst_raw; 301 u_int dgst_raw_len; 302 303 dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len); 304 if (!dgst_raw) 305 fatal("key_fingerprint: null from key_fingerprint_raw()"); 306 switch (dgst_rep) { 307 case SSH_FP_HEX: 308 retval = key_fingerprint_hex(dgst_raw, dgst_raw_len); 309 break; 310 case SSH_FP_BUBBLEBABBLE: 311 retval = key_fingerprint_bubblebabble(dgst_raw, dgst_raw_len); 312 break; 313 default: 314 fatal("key_fingerprint_ex: bad digest representation %d", 315 dgst_rep); 316 break; 317 } 318 memset(dgst_raw, 0, dgst_raw_len); 319 xfree(dgst_raw); 320 return retval; 321} 322 323/* 324 * Reads a multiple-precision integer in decimal from the buffer, and advances 325 * the pointer. The integer must already be initialized. This function is 326 * permitted to modify the buffer. This leaves *cpp to point just beyond the 327 * last processed (and maybe modified) character. Note that this may modify 328 * the buffer containing the number. 329 */ 330static int 331read_bignum(char **cpp, BIGNUM * value) 332{ 333 char *cp = *cpp; 334 int old; 335 336 /* Skip any leading whitespace. */ 337 for (; *cp == ' ' || *cp == '\t'; cp++) 338 ; 339 340 /* Check that it begins with a decimal digit. */ 341 if (*cp < '0' || *cp > '9') 342 return 0; 343 344 /* Save starting position. */ 345 *cpp = cp; 346 347 /* Move forward until all decimal digits skipped. */ 348 for (; *cp >= '0' && *cp <= '9'; cp++) 349 ; 350 351 /* Save the old terminating character, and replace it by \0. */ 352 old = *cp; 353 *cp = 0; 354 355 /* Parse the number. */ 356 if (BN_dec2bn(&value, *cpp) == 0) 357 return 0; 358 359 /* Restore old terminating character. */ 360 *cp = old; 361 362 /* Move beyond the number and return success. */ 363 *cpp = cp; 364 return 1; 365} 366 367static int 368write_bignum(FILE *f, BIGNUM *num) 369{ 370 char *buf = BN_bn2dec(num); 371 if (buf == NULL) { 372 error("write_bignum: BN_bn2dec() failed"); 373 return 0; 374 } 375 fprintf(f, " %s", buf); 376 OPENSSL_free(buf); 377 return 1; 378} 379 380/* returns 1 ok, -1 error */ 381int 382key_read(Key *ret, char **cpp) 383{ 384 Key *k; 385 int success = -1; 386 char *cp, *space; 387 int len, n, type; 388 u_int bits; 389 u_char *blob; 390 391 cp = *cpp; 392 393 switch (ret->type) { 394 case KEY_RSA1: 395 /* Get number of bits. */ 396 if (*cp < '0' || *cp > '9') 397 return -1; /* Bad bit count... */ 398 for (bits = 0; *cp >= '0' && *cp <= '9'; cp++) 399 bits = 10 * bits + *cp - '0'; 400 if (bits == 0) 401 return -1; 402 *cpp = cp; 403 /* Get public exponent, public modulus. */ 404 if (!read_bignum(cpp, ret->rsa->e)) 405 return -1; 406 if (!read_bignum(cpp, ret->rsa->n)) 407 return -1; 408 success = 1; 409 break; 410 case KEY_UNSPEC: 411 case KEY_RSA: 412 case KEY_DSA: 413 space = strchr(cp, ' '); 414 if (space == NULL) { 415 debug3("key_read: missing whitespace"); 416 return -1; 417 } 418 *space = '\0'; 419 type = key_type_from_name(cp); 420 *space = ' '; 421 if (type == KEY_UNSPEC) { 422 debug3("key_read: missing keytype"); 423 return -1; 424 } 425 cp = space+1; 426 if (*cp == '\0') { 427 debug3("key_read: short string"); 428 return -1; 429 } 430 if (ret->type == KEY_UNSPEC) { 431 ret->type = type; 432 } else if (ret->type != type) { 433 /* is a key, but different type */ 434 debug3("key_read: type mismatch"); 435 return -1; 436 } 437 len = 2*strlen(cp); 438 blob = xmalloc(len); 439 n = uudecode(cp, blob, len); 440 if (n < 0) { 441 error("key_read: uudecode %s failed", cp); 442 xfree(blob); 443 return -1; 444 } 445 k = key_from_blob(blob, (u_int)n); 446 xfree(blob); 447 if (k == NULL) { 448 error("key_read: key_from_blob %s failed", cp); 449 return -1; 450 } 451 if (k->type != type) { 452 error("key_read: type mismatch: encoding error"); 453 key_free(k); 454 return -1; 455 } 456/*XXXX*/ 457 if (ret->type == KEY_RSA) { 458 if (ret->rsa != NULL) 459 RSA_free(ret->rsa); 460 ret->rsa = k->rsa; 461 k->rsa = NULL; 462 success = 1; 463#ifdef DEBUG_PK 464 RSA_print_fp(stderr, ret->rsa, 8); 465#endif 466 } else { 467 if (ret->dsa != NULL) 468 DSA_free(ret->dsa); 469 ret->dsa = k->dsa; 470 k->dsa = NULL; 471 success = 1; 472#ifdef DEBUG_PK 473 DSA_print_fp(stderr, ret->dsa, 8); 474#endif 475 } 476/*XXXX*/ 477 key_free(k); 478 if (success != 1) 479 break; 480 /* advance cp: skip whitespace and data */ 481 while (*cp == ' ' || *cp == '\t') 482 cp++; 483 while (*cp != '\0' && *cp != ' ' && *cp != '\t') 484 cp++; 485 *cpp = cp; 486 break; 487 default: 488 fatal("key_read: bad key type: %d", ret->type); 489 break; 490 } 491 return success; 492} 493 494int 495key_write(const Key *key, FILE *f) 496{ 497 int n, success = 0; 498 u_int len, bits = 0; 499 u_char *blob; 500 char *uu; 501 502 if (key->type == KEY_RSA1 && key->rsa != NULL) { 503 /* size of modulus 'n' */ 504 bits = BN_num_bits(key->rsa->n); 505 fprintf(f, "%u", bits); 506 if (write_bignum(f, key->rsa->e) && 507 write_bignum(f, key->rsa->n)) { 508 success = 1; 509 } else { 510 error("key_write: failed for RSA key"); 511 } 512 } else if ((key->type == KEY_DSA && key->dsa != NULL) || 513 (key->type == KEY_RSA && key->rsa != NULL)) { 514 key_to_blob(key, &blob, &len); 515 uu = xmalloc(2*len); 516 n = uuencode(blob, len, uu, 2*len); 517 if (n > 0) { 518 fprintf(f, "%s %s", key_ssh_name(key), uu); 519 success = 1; 520 } 521 xfree(blob); 522 xfree(uu); 523 } 524 return success; 525} 526 527const char * 528key_type(const Key *k) 529{ 530 switch (k->type) { 531 case KEY_RSA1: 532 return "RSA1"; 533 break; 534 case KEY_RSA: 535 return "RSA"; 536 break; 537 case KEY_DSA: 538 return "DSA"; 539 break; 540 } 541 return "unknown"; 542} 543 544const char * 545key_ssh_name(const Key *k) 546{ 547 switch (k->type) { 548 case KEY_RSA: 549 return "ssh-rsa"; 550 break; 551 case KEY_DSA: 552 return "ssh-dss"; 553 break; 554 } 555 return "ssh-unknown"; 556} 557 558u_int 559key_size(const Key *k) 560{ 561 switch (k->type) { 562 case KEY_RSA1: 563 case KEY_RSA: 564 return BN_num_bits(k->rsa->n); 565 break; 566 case KEY_DSA: 567 return BN_num_bits(k->dsa->p); 568 break; 569 } 570 return 0; 571} 572 573static RSA * 574rsa_generate_private_key(u_int bits) 575{ 576 RSA *private; 577 private = RSA_generate_key(bits, 35, NULL, NULL); 578 if (private == NULL) 579 fatal("rsa_generate_private_key: key generation failed."); 580 return private; 581} 582 583static DSA* 584dsa_generate_private_key(u_int bits) 585{ 586 DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL); 587 if (private == NULL) 588 fatal("dsa_generate_private_key: DSA_generate_parameters failed"); 589 if (!DSA_generate_key(private)) 590 fatal("dsa_generate_private_key: DSA_generate_key failed."); 591 if (private == NULL) 592 fatal("dsa_generate_private_key: NULL."); 593 return private; 594} 595 596Key * 597key_generate(int type, u_int bits) 598{ 599 Key *k = key_new(KEY_UNSPEC); 600 switch (type) { 601 case KEY_DSA: 602 k->dsa = dsa_generate_private_key(bits); 603 break; 604 case KEY_RSA: 605 case KEY_RSA1: 606 k->rsa = rsa_generate_private_key(bits); 607 break; 608 default: 609 fatal("key_generate: unknown type %d", type); 610 } 611 k->type = type; 612 return k; 613} 614 615Key * 616key_from_private(const Key *k) 617{ 618 Key *n = NULL; 619 switch (k->type) { 620 case KEY_DSA: 621 n = key_new(k->type); 622 BN_copy(n->dsa->p, k->dsa->p); 623 BN_copy(n->dsa->q, k->dsa->q); 624 BN_copy(n->dsa->g, k->dsa->g); 625 BN_copy(n->dsa->pub_key, k->dsa->pub_key); 626 break; 627 case KEY_RSA: 628 case KEY_RSA1: 629 n = key_new(k->type); 630 BN_copy(n->rsa->n, k->rsa->n); 631 BN_copy(n->rsa->e, k->rsa->e); 632 break; 633 default: 634 fatal("key_from_private: unknown type %d", k->type); 635 break; 636 } 637 return n; 638} 639 640int 641key_type_from_name(char *name) 642{ 643 if (strcmp(name, "rsa1") == 0) { 644 return KEY_RSA1; 645 } else if (strcmp(name, "rsa") == 0) { 646 return KEY_RSA; 647 } else if (strcmp(name, "dsa") == 0) { 648 return KEY_DSA; 649 } else if (strcmp(name, "ssh-rsa") == 0) { 650 return KEY_RSA; 651 } else if (strcmp(name, "ssh-dss") == 0) { 652 return KEY_DSA; 653 } 654 debug2("key_type_from_name: unknown key type '%s'", name); 655 return KEY_UNSPEC; 656} 657 658int 659key_names_valid2(const char *names) 660{ 661 char *s, *cp, *p; 662 663 if (names == NULL || strcmp(names, "") == 0) 664 return 0; 665 s = cp = xstrdup(names); 666 for ((p = strsep(&cp, ",")); p && *p != '\0'; 667 (p = strsep(&cp, ","))) { 668 switch (key_type_from_name(p)) { 669 case KEY_RSA1: 670 case KEY_UNSPEC: 671 xfree(s); 672 return 0; 673 } 674 } 675 debug3("key names ok: [%s]", names); 676 xfree(s); 677 return 1; 678} 679 680Key * 681key_from_blob(const u_char *blob, u_int blen) 682{ 683 Buffer b; 684 int rlen, type; 685 char *ktype = NULL; 686 Key *key = NULL; 687 688#ifdef DEBUG_PK 689 dump_base64(stderr, blob, blen); 690#endif 691 buffer_init(&b); 692 buffer_append(&b, blob, blen); 693 if ((ktype = buffer_get_string_ret(&b, NULL)) == NULL) { 694 error("key_from_blob: can't read key type"); 695 goto out; 696 } 697 698 type = key_type_from_name(ktype); 699 700 switch (type) { 701 case KEY_RSA: 702 key = key_new(type); 703 if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || 704 buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { 705 error("key_from_blob: can't read rsa key"); 706 key_free(key); 707 key = NULL; 708 goto out; 709 } 710#ifdef DEBUG_PK 711 RSA_print_fp(stderr, key->rsa, 8); 712#endif 713 break; 714 case KEY_DSA: 715 key = key_new(type); 716 if (buffer_get_bignum2_ret(&b, key->dsa->p) == -1 || 717 buffer_get_bignum2_ret(&b, key->dsa->q) == -1 || 718 buffer_get_bignum2_ret(&b, key->dsa->g) == -1 || 719 buffer_get_bignum2_ret(&b, key->dsa->pub_key) == -1) { 720 error("key_from_blob: can't read dsa key"); 721 key_free(key); 722 key = NULL; 723 goto out; 724 } 725#ifdef DEBUG_PK 726 DSA_print_fp(stderr, key->dsa, 8); 727#endif 728 break; 729 case KEY_UNSPEC: 730 key = key_new(type); 731 break; 732 default: 733 error("key_from_blob: cannot handle type %s", ktype); 734 goto out; 735 } 736 rlen = buffer_len(&b); 737 if (key != NULL && rlen != 0) 738 error("key_from_blob: remaining bytes in key blob %d", rlen); 739 out: 740 if (ktype != NULL) 741 xfree(ktype); 742 buffer_free(&b); 743 return key; 744} 745 746int 747key_to_blob(const Key *key, u_char **blobp, u_int *lenp) 748{ 749 Buffer b; 750 int len; 751 752 if (key == NULL) { 753 error("key_to_blob: key == NULL"); 754 return 0; 755 } 756 buffer_init(&b); 757 switch (key->type) { 758 case KEY_DSA: 759 buffer_put_cstring(&b, key_ssh_name(key)); 760 buffer_put_bignum2(&b, key->dsa->p); 761 buffer_put_bignum2(&b, key->dsa->q); 762 buffer_put_bignum2(&b, key->dsa->g); 763 buffer_put_bignum2(&b, key->dsa->pub_key); 764 break; 765 case KEY_RSA: 766 buffer_put_cstring(&b, key_ssh_name(key)); 767 buffer_put_bignum2(&b, key->rsa->e); 768 buffer_put_bignum2(&b, key->rsa->n); 769 break; 770 default: 771 error("key_to_blob: unsupported key type %d", key->type); 772 buffer_free(&b); 773 return 0; 774 } 775 len = buffer_len(&b); 776 if (lenp != NULL) 777 *lenp = len; 778 if (blobp != NULL) { 779 *blobp = xmalloc(len); 780 memcpy(*blobp, buffer_ptr(&b), len); 781 } 782 memset(buffer_ptr(&b), 0, len); 783 buffer_free(&b); 784 return len; 785} 786 787int 788key_sign( 789 const Key *key, 790 u_char **sigp, u_int *lenp, 791 const u_char *data, u_int datalen) 792{ 793 switch (key->type) { 794 case KEY_DSA: 795 return ssh_dss_sign(key, sigp, lenp, data, datalen); 796 break; 797 case KEY_RSA: 798 return ssh_rsa_sign(key, sigp, lenp, data, datalen); 799 break; 800 default: 801 error("key_sign: invalid key type %d", key->type); 802 return -1; 803 break; 804 } 805} 806 807/* 808 * key_verify returns 1 for a correct signature, 0 for an incorrect signature 809 * and -1 on error. 810 */ 811int 812key_verify( 813 const Key *key, 814 const u_char *signature, u_int signaturelen, 815 const u_char *data, u_int datalen) 816{ 817 if (signaturelen == 0) 818 return -1; 819 820 switch (key->type) { 821 case KEY_DSA: 822 return ssh_dss_verify(key, signature, signaturelen, data, datalen); 823 break; 824 case KEY_RSA: 825 return ssh_rsa_verify(key, signature, signaturelen, data, datalen); 826 break; 827 default: 828 error("key_verify: invalid key type %d", key->type); 829 return -1; 830 break; 831 } 832} 833 834/* Converts a private to a public key */ 835Key * 836key_demote(const Key *k) 837{ 838 Key *pk; 839 840 pk = xmalloc(sizeof(*pk)); 841 pk->type = k->type; 842 pk->flags = k->flags; 843 pk->dsa = NULL; 844 pk->rsa = NULL; 845 846 switch (k->type) { 847 case KEY_RSA1: 848 case KEY_RSA: 849 if ((pk->rsa = RSA_new()) == NULL) 850 fatal("key_demote: RSA_new failed"); 851 if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL) 852 fatal("key_demote: BN_dup failed"); 853 if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL) 854 fatal("key_demote: BN_dup failed"); 855 break; 856 case KEY_DSA: 857 if ((pk->dsa = DSA_new()) == NULL) 858 fatal("key_demote: DSA_new failed"); 859 if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL) 860 fatal("key_demote: BN_dup failed"); 861 if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL) 862 fatal("key_demote: BN_dup failed"); 863 if ((pk->dsa->g = BN_dup(k->dsa->g)) == NULL) 864 fatal("key_demote: BN_dup failed"); 865 if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) 866 fatal("key_demote: BN_dup failed"); 867 break; 868 default: 869 fatal("key_free: bad key type %d", k->type); 870 break; 871 } 872 873 return (pk); 874} 875