Blame - key.c - platform/external/openssh

blob: 387190b539b60d65dc03dafcf9100c1badf91545 [file] [log] [blame]

Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	1	/* $OpenBSD: key.c,v 1.83 2010/02/26 20:29:54 djm Exp $ */
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	2	/*
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	3	* read_bignum():
				4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
				5	*
				6	* As far as I am concerned, the code I have written for this software
				7	* can be used freely for any purpose. Any derived versions of this
				8	* software must be clearly marked as such, and if the derived work is
				9	* incompatible with the protocol description in the RFC file, it must be
				10	* called by a name other than "ssh" or "Secure Shell".
				11	*
				12	*
Ben Lindstrom	4469723	2001-07-04 03:32:30 +0000	[diff] [blame]	13	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
Darren Tucker	0f0ef0a	2008-06-13 08:58:05 +1000	[diff] [blame]	14	* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	15	*
				16	* Redistribution and use in source and binary forms, with or without
				17	* modification, are permitted provided that the following conditions
				18	* are met:
				19	* 1. Redistributions of source code must retain the above copyright
				20	* notice, this list of conditions and the following disclaimer.
				21	* 2. Redistributions in binary form must reproduce the above copyright
				22	* notice, this list of conditions and the following disclaimer in the
				23	* documentation and/or other materials provided with the distribution.
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	24	*
				25	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				26	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				27	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				28	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				29	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				30	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				31	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				32	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				33	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				34	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
				35	*/
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	36
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	37	#include "includes.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	38
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	39	#include <sys/param.h>
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	40	#include <sys/types.h>
				41
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	42	#include <openssl/evp.h>
Darren Tucker	3d295a6	2008-02-28 19:22:04 +1100	[diff] [blame]	43	#include <openbsd-compat/openssl-compat.h>
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	44
Damien Miller	ded319c	2006-09-01 15:38:36 +1000	[diff] [blame]	45	#include <stdarg.h>
Damien Miller	a7a73ee	2006-08-05 11:37:59 +1000	[diff] [blame]	46	#include <stdio.h>
Damien Miller	e3476ed	2006-07-24 14:13:33 +1000	[diff] [blame]	47	#include <string.h>
				48
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	49	#include "xmalloc.h"
				50	#include "key.h"
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	51	#include "rsa.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	52	#include "uuencode.h"
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	53	#include "buffer.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	54	#include "log.h"
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	55	#include "ssh2.h"
				56
				57	static struct KeyCert *
				58	cert_new(void)
				59	{
				60	struct KeyCert *cert;
				61
				62	cert = xcalloc(1, sizeof(*cert));
				63	buffer_init(&cert->certblob);
				64	buffer_init(&cert->constraints);
				65	cert->key_id = NULL;
				66	cert->principals = NULL;
				67	cert->signature_key = NULL;
				68	return cert;
				69	}
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	70
				71	Key *
				72	key_new(int type)
				73	{
				74	Key *k;
				75	RSA *rsa;
				76	DSA *dsa;
Damien Miller	07d86be	2006-03-26 14:19:21 +1100	[diff] [blame]	77	k = xcalloc(1, sizeof(*k));
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	78	k->type = type;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	79	k->dsa = NULL;
				80	k->rsa = NULL;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	81	k->cert = NULL;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	82	switch (k->type) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	83	case KEY_RSA1:
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	84	case KEY_RSA:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	85	case KEY_RSA_CERT:
Damien Miller	da75516	2002-01-22 23:09:22 +1100	[diff] [blame]	86	if ((rsa = RSA_new()) == NULL)
				87	fatal("key_new: RSA_new failed");
				88	if ((rsa->n = BN_new()) == NULL)
				89	fatal("key_new: BN_new failed");
				90	if ((rsa->e = BN_new()) == NULL)
				91	fatal("key_new: BN_new failed");
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	92	k->rsa = rsa;
				93	break;
				94	case KEY_DSA:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	95	case KEY_DSA_CERT:
Damien Miller	da75516	2002-01-22 23:09:22 +1100	[diff] [blame]	96	if ((dsa = DSA_new()) == NULL)
				97	fatal("key_new: DSA_new failed");
				98	if ((dsa->p = BN_new()) == NULL)
				99	fatal("key_new: BN_new failed");
				100	if ((dsa->q = BN_new()) == NULL)
				101	fatal("key_new: BN_new failed");
				102	if ((dsa->g = BN_new()) == NULL)
				103	fatal("key_new: BN_new failed");
				104	if ((dsa->pub_key = BN_new()) == NULL)
				105	fatal("key_new: BN_new failed");
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	106	k->dsa = dsa;
				107	break;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	108	case KEY_UNSPEC:
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	109	break;
				110	default:
				111	fatal("key_new: bad key type %d", k->type);
				112	break;
				113	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	114
				115	if (key_is_cert(k))
				116	k->cert = cert_new();
				117
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	118	return k;
				119	}
Ben Lindstrom	836f0e9	2002-06-23 21:21:30 +0000	[diff] [blame]	120
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	121	void
				122	key_add_private(Key *k)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	123	{
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	124	switch (k->type) {
				125	case KEY_RSA1:
				126	case KEY_RSA:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	127	case KEY_RSA_CERT:
Damien Miller	da75516	2002-01-22 23:09:22 +1100	[diff] [blame]	128	if ((k->rsa->d = BN_new()) == NULL)
				129	fatal("key_new_private: BN_new failed");
				130	if ((k->rsa->iqmp = BN_new()) == NULL)
				131	fatal("key_new_private: BN_new failed");
				132	if ((k->rsa->q = BN_new()) == NULL)
				133	fatal("key_new_private: BN_new failed");
				134	if ((k->rsa->p = BN_new()) == NULL)
				135	fatal("key_new_private: BN_new failed");
				136	if ((k->rsa->dmq1 = BN_new()) == NULL)
				137	fatal("key_new_private: BN_new failed");
				138	if ((k->rsa->dmp1 = BN_new()) == NULL)
				139	fatal("key_new_private: BN_new failed");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	140	break;
				141	case KEY_DSA:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	142	case KEY_DSA_CERT:
Damien Miller	da75516	2002-01-22 23:09:22 +1100	[diff] [blame]	143	if ((k->dsa->priv_key = BN_new()) == NULL)
				144	fatal("key_new_private: BN_new failed");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	145	break;
				146	case KEY_UNSPEC:
				147	break;
				148	default:
				149	break;
				150	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	151	}
				152
				153	Key *
				154	key_new_private(int type)
				155	{
				156	Key *k = key_new(type);
				157
				158	key_add_private(k);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	159	return k;
				160	}
Ben Lindstrom	836f0e9	2002-06-23 21:21:30 +0000	[diff] [blame]	161
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	162	static void
				163	cert_free(struct KeyCert *cert)
				164	{
				165	u_int i;
				166
				167	buffer_free(&cert->certblob);
				168	buffer_free(&cert->constraints);
				169	if (cert->key_id != NULL)
				170	xfree(cert->key_id);
				171	for (i = 0; i < cert->nprincipals; i++)
				172	xfree(cert->principals[i]);
				173	if (cert->principals != NULL)
				174	xfree(cert->principals);
				175	if (cert->signature_key != NULL)
				176	key_free(cert->signature_key);
				177	}
				178
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	179	void
				180	key_free(Key *k)
				181	{
Damien Miller	429fcc2	2006-03-26 14:02:16 +1100	[diff] [blame]	182	if (k == NULL)
Damien Miller	bbaad77	2006-03-26 14:03:03 +1100	[diff] [blame]	183	fatal("key_free: key is NULL");
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	184	switch (k->type) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	185	case KEY_RSA1:
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	186	case KEY_RSA:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	187	case KEY_RSA_CERT:
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	188	if (k->rsa != NULL)
				189	RSA_free(k->rsa);
				190	k->rsa = NULL;
				191	break;
				192	case KEY_DSA:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	193	case KEY_DSA_CERT:
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	194	if (k->dsa != NULL)
				195	DSA_free(k->dsa);
				196	k->dsa = NULL;
				197	break;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	198	case KEY_UNSPEC:
				199	break;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	200	default:
				201	fatal("key_free: bad key type %d", k->type);
				202	break;
				203	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	204	if (key_is_cert(k)) {
				205	if (k->cert != NULL)
				206	cert_free(k->cert);
				207	k->cert = NULL;
				208	}
				209
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	210	xfree(k);
				211	}
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	212
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	213	static int
				214	cert_compare(struct KeyCert a, struct KeyCert b)
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	215	{
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	216	if (a == NULL && b == NULL)
				217	return 1;
				218	if (a == NULL \|\| b == NULL)
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	219	return 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	220	if (buffer_len(&a->certblob) != buffer_len(&b->certblob))
				221	return 0;
				222	if (memcmp(buffer_ptr(&a->certblob), buffer_ptr(&b->certblob),
				223	buffer_len(&a->certblob)) != 0)
				224	return 0;
				225	return 1;
				226	}
				227
				228	/*
				229	* Compare public portions of key only, allowing comparisons between
				230	* certificates and plain keys too.
				231	*/
				232	int
				233	key_equal_public(const Key a, const Key b)
				234	{
				235	if (a == NULL \|\| b == NULL \|\|
				236	key_type_plain(a->type) != key_type_plain(b->type))
				237	return 0;
				238
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	239	switch (a->type) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	240	case KEY_RSA1:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	241	case KEY_RSA_CERT:
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	242	case KEY_RSA:
				243	return a->rsa != NULL && b->rsa != NULL &&
				244	BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
				245	BN_cmp(a->rsa->n, b->rsa->n) == 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	246	case KEY_DSA_CERT:
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	247	case KEY_DSA:
				248	return a->dsa != NULL && b->dsa != NULL &&
				249	BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
				250	BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
				251	BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
				252	BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	253	default:
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	254	fatal("key_equal: bad key type %d", a->type);
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	255	}
Damien Miller	87dd5f2	2008-07-11 17:35:09 +1000	[diff] [blame]	256	/* NOTREACHED */
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	257	}
				258
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	259	int
				260	key_equal(const Key a, const Key b)
				261	{
				262	if (a == NULL \|\| b == NULL \|\| a->type != b->type)
				263	return 0;
				264	if (key_is_cert(a)) {
				265	if (!cert_compare(a->cert, b->cert))
				266	return 0;
				267	}
				268	return key_equal_public(a, b);
				269	}
				270
Damien Miller	37876e9	2003-05-15 10:19:46 +1000	[diff] [blame]	271	u_char*
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	272	key_fingerprint_raw(Key k, enum fp_type dgst_type, u_int dgst_raw_length)
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	273	{
Ben Lindstrom	80cb27d	2002-03-05 01:33:36 +0000	[diff] [blame]	274	const EVP_MD *md = NULL;
Ben Lindstrom	f0b4853	2001-03-12 02:59:31 +0000	[diff] [blame]	275	EVP_MD_CTX ctx;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	276	u_char *blob = NULL;
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	277	u_char *retval = NULL;
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	278	u_int len = 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	279	int nlen, elen, otype;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	280
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	281	*dgst_raw_length = 0;
				282
Ben Lindstrom	f0b4853	2001-03-12 02:59:31 +0000	[diff] [blame]	283	switch (dgst_type) {
				284	case SSH_FP_MD5:
				285	md = EVP_md5();
				286	break;
				287	case SSH_FP_SHA1:
				288	md = EVP_sha1();
				289	break;
				290	default:
				291	fatal("key_fingerprint_raw: bad digest type %d",
				292	dgst_type);
				293	}
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	294	switch (k->type) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	295	case KEY_RSA1:
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	296	nlen = BN_num_bytes(k->rsa->n);
				297	elen = BN_num_bytes(k->rsa->e);
				298	len = nlen + elen;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	299	blob = xmalloc(len);
				300	BN_bn2bin(k->rsa->n, blob);
				301	BN_bn2bin(k->rsa->e, blob + nlen);
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	302	break;
				303	case KEY_DSA:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	304	case KEY_RSA:
				305	key_to_blob(k, &blob, &len);
				306	break;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	307	case KEY_DSA_CERT:
				308	case KEY_RSA_CERT:
				309	/* We want a fingerprint of the _key_ not of the cert */
				310	otype = k->type;
				311	k->type = key_type_plain(k->type);
				312	key_to_blob(k, &blob, &len);
				313	k->type = otype;
				314	break;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	315	case KEY_UNSPEC:
				316	return retval;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	317	default:
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	318	fatal("key_fingerprint_raw: bad key type %d", k->type);
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	319	break;
				320	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	321	if (blob != NULL) {
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	322	retval = xmalloc(EVP_MAX_MD_SIZE);
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	323	EVP_DigestInit(&ctx, md);
				324	EVP_DigestUpdate(&ctx, blob, len);
Damien Miller	3672e4b	2002-02-05 11:54:07 +1100	[diff] [blame]	325	EVP_DigestFinal(&ctx, retval, dgst_raw_length);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	326	memset(blob, 0, len);
				327	xfree(blob);
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	328	} else {
				329	fatal("key_fingerprint_raw: blob is null");
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	330	}
				331	return retval;
				332	}
				333
Ben Lindstrom	a962c2f	2002-07-04 00:14:17 +0000	[diff] [blame]	334	static char *
				335	key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len)
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	336	{
				337	char *retval;
Damien Miller	eccb9de	2005-06-17 12:59:34 +1000	[diff] [blame]	338	u_int i;
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	339
Damien Miller	07d86be	2006-03-26 14:19:21 +1100	[diff] [blame]	340	retval = xcalloc(1, dgst_raw_len * 3 + 1);
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	341	for (i = 0; i < dgst_raw_len; i++) {
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	342	char hex[4];
				343	snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
Darren Tucker	2958861	2003-07-14 17:28:34 +1000	[diff] [blame]	344	strlcat(retval, hex, dgst_raw_len * 3 + 1);
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	345	}
Darren Tucker	2958861	2003-07-14 17:28:34 +1000	[diff] [blame]	346
				347	/* Remove the trailing ':' character */
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	348	retval[(dgst_raw_len * 3) - 1] = '\0';
				349	return retval;
				350	}
				351
Ben Lindstrom	a962c2f	2002-07-04 00:14:17 +0000	[diff] [blame]	352	static char *
				353	key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len)
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	354	{
				355	char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' };
				356	char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm',
				357	'n', 'p', 'r', 's', 't', 'v', 'z', 'x' };
Ben Lindstrom	cbe3ad2	2001-03-11 20:06:59 +0000	[diff] [blame]	358	u_int i, j = 0, rounds, seed = 1;
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	359	char *retval;
				360
				361	rounds = (dgst_raw_len / 2) + 1;
Damien Miller	07d86be	2006-03-26 14:19:21 +1100	[diff] [blame]	362	retval = xcalloc((rounds * 6), sizeof(char));
Ben Lindstrom	cbe3ad2	2001-03-11 20:06:59 +0000	[diff] [blame]	363	retval[j++] = 'x';
				364	for (i = 0; i < rounds; i++) {
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	365	u_int idx0, idx1, idx2, idx3, idx4;
Ben Lindstrom	cbe3ad2	2001-03-11 20:06:59 +0000	[diff] [blame]	366	if ((i + 1 < rounds) \|\| (dgst_raw_len % 2 != 0)) {
				367	idx0 = (((((u_int)(dgst_raw[2 * i])) >> 6) & 3) +
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	368	seed) % 6;
Ben Lindstrom	cbe3ad2	2001-03-11 20:06:59 +0000	[diff] [blame]	369	idx1 = (((u_int)(dgst_raw[2 * i])) >> 2) & 15;
				370	idx2 = ((((u_int)(dgst_raw[2 * i])) & 3) +
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	371	(seed / 6)) % 6;
Ben Lindstrom	cbe3ad2	2001-03-11 20:06:59 +0000	[diff] [blame]	372	retval[j++] = vowels[idx0];
				373	retval[j++] = consonants[idx1];
				374	retval[j++] = vowels[idx2];
				375	if ((i + 1) < rounds) {
				376	idx3 = (((u_int)(dgst_raw[(2 * i) + 1])) >> 4) & 15;
				377	idx4 = (((u_int)(dgst_raw[(2 * i) + 1]))) & 15;
				378	retval[j++] = consonants[idx3];
				379	retval[j++] = '-';
				380	retval[j++] = consonants[idx4];
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	381	seed = ((seed * 5) +
Ben Lindstrom	cbe3ad2	2001-03-11 20:06:59 +0000	[diff] [blame]	382	((((u_int)(dgst_raw[2 * i])) * 7) +
				383	((u_int)(dgst_raw[(2 * i) + 1])))) % 36;
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	384	}
				385	} else {
				386	idx0 = seed % 6;
				387	idx1 = 16;
				388	idx2 = seed / 6;
Ben Lindstrom	cbe3ad2	2001-03-11 20:06:59 +0000	[diff] [blame]	389	retval[j++] = vowels[idx0];
				390	retval[j++] = consonants[idx1];
				391	retval[j++] = vowels[idx2];
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	392	}
				393	}
Ben Lindstrom	cbe3ad2	2001-03-11 20:06:59 +0000	[diff] [blame]	394	retval[j++] = 'x';
				395	retval[j++] = '\0';
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	396	return retval;
				397	}
				398
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	399	/*
				400	* Draw an ASCII-Art representing the fingerprint so human brain can
				401	* profit from its built-in pattern recognition ability.
				402	* This technique is called "random art" and can be found in some
				403	* scientific publications like this original paper:
				404	*
				405	* "Hash Visualization: a New Technique to improve Real-World Security",
				406	* Perrig A. and Song D., 1999, International Workshop on Cryptographic
				407	* Techniques and E-Commerce (CrypTEC '99)
				408	* sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
				409	*
				410	* The subject came up in a talk by Dan Kaminsky, too.
				411	*
				412	* If you see the picture is different, the key is different.
				413	* If the picture looks the same, you still know nothing.
				414	*
				415	* The algorithm used here is a worm crawling over a discrete plane,
				416	* leaving a trace (augmenting the field) everywhere it goes.
				417	* Movement is taken from dgst_raw 2bit-wise. Bumping into walls
				418	* makes the respective movement vector be ignored for this turn.
				419	* Graphs are not unambiguous, because circles in graphs can be
				420	* walked in either direction.
				421	*/
Darren Tucker	987ac84	2008-06-13 04:54:40 +1000	[diff] [blame]	422
				423	/*
				424	* Field sizes for the random art. Have to be odd, so the starting point
				425	* can be in the exact middle of the picture, and FLDBASE should be >=8 .
				426	* Else pictures would be too dense, and drawing the frame would
				427	* fail, too, because the key type would not fit in anymore.
				428	*/
				429	#define FLDBASE 8
				430	#define FLDSIZE_Y (FLDBASE + 1)
				431	#define FLDSIZE_X (FLDBASE * 2 + 1)
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	432	static char *
Darren Tucker	987ac84	2008-06-13 04:54:40 +1000	[diff] [blame]	433	key_fingerprint_randomart(u_char dgst_raw, u_int dgst_raw_len, const Key k)
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	434	{
				435	/*
				436	* Chars to be used after each other every time the worm
				437	* intersects with itself. Matter of taste.
				438	*/
Darren Tucker	4b3b977	2008-06-13 04:55:10 +1000	[diff] [blame]	439	char augmentation_string = " .o+=BOX@%&#/^SE";
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	440	char retval, p;
Darren Tucker	014d76f	2008-06-13 04:43:51 +1000	[diff] [blame]	441	u_char field[FLDSIZE_X][FLDSIZE_Y];
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	442	u_int i, b;
				443	int x, y;
Darren Tucker	d32b28a	2008-06-13 04:45:50 +1000	[diff] [blame]	444	size_t len = strlen(augmentation_string) - 1;
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	445
				446	retval = xcalloc(1, (FLDSIZE_X + 3) * (FLDSIZE_Y + 2));
				447
				448	/* initialize field */
Darren Tucker	014d76f	2008-06-13 04:43:51 +1000	[diff] [blame]	449	memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char));
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	450	x = FLDSIZE_X / 2;
				451	y = FLDSIZE_Y / 2;
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	452
				453	/* process raw key */
				454	for (i = 0; i < dgst_raw_len; i++) {
				455	int input;
				456	/* each byte conveys four 2-bit move commands */
				457	input = dgst_raw[i];
				458	for (b = 0; b < 4; b++) {
				459	/* evaluate 2 bit, rest is shifted later */
				460	x += (input & 0x1) ? 1 : -1;
				461	y += (input & 0x2) ? 1 : -1;
				462
				463	/* assure we are still in bounds */
				464	x = MAX(x, 0);
				465	y = MAX(y, 0);
				466	x = MIN(x, FLDSIZE_X - 1);
				467	y = MIN(y, FLDSIZE_Y - 1);
				468
				469	/* augment the field */
Damien Miller	c6aadd9	2008-11-03 19:16:20 +1100	[diff] [blame]	470	if (field[x][y] < len - 2)
				471	field[x][y]++;
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	472	input = input >> 2;
				473	}
				474	}
Darren Tucker	4b3b977	2008-06-13 04:55:10 +1000	[diff] [blame]	475
				476	/* mark starting point and end point*/
				477	field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1;
				478	field[x][y] = len;
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	479
				480	/* fill in retval */
Damien Miller	007132a	2008-06-29 22:45:37 +1000	[diff] [blame]	481	snprintf(retval, FLDSIZE_X, "+--[%4s %4u]", key_type(k), key_size(k));
Darren Tucker	987ac84	2008-06-13 04:54:40 +1000	[diff] [blame]	482	p = strchr(retval, '\0');
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	483
				484	/* output upper border */
Damien Miller	007132a	2008-06-29 22:45:37 +1000	[diff] [blame]	485	for (i = p - retval - 1; i < FLDSIZE_X; i++)
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	486	*p++ = '-';
				487	*p++ = '+';
				488	*p++ = '\n';
				489
				490	/* output content */
				491	for (y = 0; y < FLDSIZE_Y; y++) {
				492	*p++ = '\|';
				493	for (x = 0; x < FLDSIZE_X; x++)
Darren Tucker	d32b28a	2008-06-13 04:45:50 +1000	[diff] [blame]	494	*p++ = augmentation_string[MIN(field[x][y], len)];
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	495	*p++ = '\|';
				496	*p++ = '\n';
				497	}
				498
				499	/* output lower border */
				500	*p++ = '+';
				501	for (i = 0; i < FLDSIZE_X; i++)
				502	*p++ = '-';
				503	*p++ = '+';
				504
				505	return retval;
				506	}
				507
Ben Lindstrom	a962c2f	2002-07-04 00:14:17 +0000	[diff] [blame]	508	char *
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	509	key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	510	{
Ben Lindstrom	a370005	2001-04-05 23:26:32 +0000	[diff] [blame]	511	char *retval = NULL;
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	512	u_char *dgst_raw;
Damien Miller	3672e4b	2002-02-05 11:54:07 +1100	[diff] [blame]	513	u_int dgst_raw_len;
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	514
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	515	dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len);
				516	if (!dgst_raw)
Ben Lindstrom	cfccef9	2001-03-13 04:57:58 +0000	[diff] [blame]	517	fatal("key_fingerprint: null from key_fingerprint_raw()");
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	518	switch (dgst_rep) {
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	519	case SSH_FP_HEX:
				520	retval = key_fingerprint_hex(dgst_raw, dgst_raw_len);
				521	break;
				522	case SSH_FP_BUBBLEBABBLE:
				523	retval = key_fingerprint_bubblebabble(dgst_raw, dgst_raw_len);
				524	break;
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	525	case SSH_FP_RANDOMART:
Darren Tucker	987ac84	2008-06-13 04:54:40 +1000	[diff] [blame]	526	retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len, k);
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	527	break;
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	528	default:
Damien Miller	2f54ada	2008-11-03 19:24:16 +1100	[diff] [blame]	529	fatal("key_fingerprint: bad digest representation %d",
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	530	dgst_rep);
				531	break;
				532	}
				533	memset(dgst_raw, 0, dgst_raw_len);
				534	xfree(dgst_raw);
				535	return retval;
				536	}
				537
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	538	/*
				539	* Reads a multiple-precision integer in decimal from the buffer, and advances
				540	* the pointer. The integer must already be initialized. This function is
				541	* permitted to modify the buffer. This leaves *cpp to point just beyond the
				542	* last processed (and maybe modified) character. Note that this may modify
				543	* the buffer containing the number.
				544	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	545	static int
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	546	read_bignum(char *cpp, BIGNUM value)
				547	{
				548	char cp = cpp;
				549	int old;
				550
				551	/* Skip any leading whitespace. */
				552	for (; cp == ' ' \|\| cp == '\t'; cp++)
				553	;
				554
				555	/* Check that it begins with a decimal digit. */
				556	if (cp < '0' \|\| cp > '9')
				557	return 0;
				558
				559	/* Save starting position. */
				560	*cpp = cp;
				561
				562	/* Move forward until all decimal digits skipped. */
				563	for (; cp >= '0' && cp <= '9'; cp++)
				564	;
				565
				566	/* Save the old terminating character, and replace it by \0. */
				567	old = *cp;
				568	*cp = 0;
				569
				570	/* Parse the number. */
				571	if (BN_dec2bn(&value, *cpp) == 0)
				572	return 0;
				573
				574	/* Restore old terminating character. */
				575	*cp = old;
				576
				577	/* Move beyond the number and return success. */
				578	*cpp = cp;
				579	return 1;
				580	}
Ben Lindstrom	836f0e9	2002-06-23 21:21:30 +0000	[diff] [blame]	581
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	582	static int
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	583	write_bignum(FILE f, BIGNUM num)
				584	{
				585	char *buf = BN_bn2dec(num);
				586	if (buf == NULL) {
				587	error("write_bignum: BN_bn2dec() failed");
				588	return 0;
				589	}
				590	fprintf(f, " %s", buf);
Damien Miller	af3030f	2001-10-10 15:00:49 +1000	[diff] [blame]	591	OPENSSL_free(buf);
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	592	return 1;
				593	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	594
Ben Lindstrom	309f3d1	2001-09-20 00:55:53 +0000	[diff] [blame]	595	/* returns 1 ok, -1 error */
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	596	int
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	597	key_read(Key ret, char *cpp)
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	598	{
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	599	Key *k;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	600	int success = -1;
				601	char cp, space;
				602	int len, n, type;
				603	u_int bits;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	604	u_char *blob;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	605
				606	cp = *cpp;
				607
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	608	switch (ret->type) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	609	case KEY_RSA1:
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	610	/* Get number of bits. */
				611	if (cp < '0' \|\| cp > '9')
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	612	return -1; /* Bad bit count... */
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	613	for (bits = 0; cp >= '0' && cp <= '9'; cp++)
				614	bits = 10 * bits + *cp - '0';
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	615	if (bits == 0)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	616	return -1;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	617	*cpp = cp;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	618	/* Get public exponent, public modulus. */
				619	if (!read_bignum(cpp, ret->rsa->e))
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	620	return -1;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	621	if (!read_bignum(cpp, ret->rsa->n))
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	622	return -1;
Darren Tucker	561724f	2010-01-13 22:43:05 +1100	[diff] [blame]	623	/* validate the claimed number of bits */
				624	if ((u_int)BN_num_bits(ret->rsa->n) != bits) {
				625	verbose("key_read: claimed key size %d does not match "
				626	"actual %d", bits, BN_num_bits(ret->rsa->n));
				627	return -1;
				628	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	629	success = 1;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	630	break;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	631	case KEY_UNSPEC:
				632	case KEY_RSA:
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	633	case KEY_DSA:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	634	case KEY_DSA_CERT:
				635	case KEY_RSA_CERT:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	636	space = strchr(cp, ' ');
				637	if (space == NULL) {
Damien Miller	386f1f3	2003-02-24 11:54:57 +1100	[diff] [blame]	638	debug3("key_read: missing whitespace");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	639	return -1;
				640	}
				641	*space = '\0';
				642	type = key_type_from_name(cp);
				643	*space = ' ';
				644	if (type == KEY_UNSPEC) {
Damien Miller	386f1f3	2003-02-24 11:54:57 +1100	[diff] [blame]	645	debug3("key_read: missing keytype");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	646	return -1;
				647	}
				648	cp = space+1;
				649	if (*cp == '\0') {
				650	debug3("key_read: short string");
				651	return -1;
				652	}
				653	if (ret->type == KEY_UNSPEC) {
				654	ret->type = type;
				655	} else if (ret->type != type) {
				656	/* is a key, but different type */
				657	debug3("key_read: type mismatch");
Ben Lindstrom	309f3d1	2001-09-20 00:55:53 +0000	[diff] [blame]	658	return -1;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	659	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	660	len = 2*strlen(cp);
				661	blob = xmalloc(len);
				662	n = uudecode(cp, blob, len);
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	663	if (n < 0) {
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	664	error("key_read: uudecode %s failed", cp);
Ben Lindstrom	4cbc181	2001-12-06 16:41:41 +0000	[diff] [blame]	665	xfree(blob);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	666	return -1;
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	667	}
Darren Tucker	502d384	2003-06-28 12:38:01 +1000	[diff] [blame]	668	k = key_from_blob(blob, (u_int)n);
Ben Lindstrom	4cbc181	2001-12-06 16:41:41 +0000	[diff] [blame]	669	xfree(blob);
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	670	if (k == NULL) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	671	error("key_read: key_from_blob %s failed", cp);
				672	return -1;
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	673	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	674	if (k->type != type) {
				675	error("key_read: type mismatch: encoding error");
				676	key_free(k);
				677	return -1;
				678	}
				679	/XXXX/
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	680	if (key_is_cert(ret)) {
				681	if (!key_is_cert(k)) {
				682	error("key_read: loaded key is not a cert");
				683	key_free(k);
				684	return -1;
				685	}
				686	if (ret->cert != NULL)
				687	cert_free(ret->cert);
				688	ret->cert = k->cert;
				689	k->cert = NULL;
				690	}
				691	if (key_type_plain(ret->type) == KEY_RSA) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	692	if (ret->rsa != NULL)
				693	RSA_free(ret->rsa);
				694	ret->rsa = k->rsa;
				695	k->rsa = NULL;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	696	#ifdef DEBUG_PK
				697	RSA_print_fp(stderr, ret->rsa, 8);
				698	#endif
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	699	}
				700	if (key_type_plain(ret->type) == KEY_DSA) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	701	if (ret->dsa != NULL)
				702	DSA_free(ret->dsa);
				703	ret->dsa = k->dsa;
				704	k->dsa = NULL;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	705	#ifdef DEBUG_PK
				706	DSA_print_fp(stderr, ret->dsa, 8);
				707	#endif
				708	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	709	success = 1;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	710	/XXXX/
Ben Lindstrom	4cbc181	2001-12-06 16:41:41 +0000	[diff] [blame]	711	key_free(k);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	712	if (success != 1)
				713	break;
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	714	/* advance cp: skip whitespace and data */
				715	while (cp == ' ' \|\| cp == '\t')
				716	cp++;
				717	while (cp != '\0' && cp != ' ' && *cp != '\t')
				718	cp++;
				719	*cpp = cp;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	720	break;
				721	default:
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	722	fatal("key_read: bad key type: %d", ret->type);
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	723	break;
				724	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	725	return success;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	726	}
Ben Lindstrom	836f0e9	2002-06-23 21:21:30 +0000	[diff] [blame]	727
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	728	int
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	729	key_write(const Key key, FILE f)
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	730	{
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	731	int n, success = 0;
				732	u_int len, bits = 0;
Damien Miller	a10f561	2002-09-12 09:49:15 +1000	[diff] [blame]	733	u_char *blob;
				734	char *uu;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	735
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	736	if (key_is_cert(key)) {
				737	if (key->cert == NULL) {
				738	error("%s: no cert data", __func__);
				739	return 0;
				740	}
				741	if (buffer_len(&key->cert->certblob) == 0) {
				742	error("%s: no signed certificate blob", __func__);
				743	return 0;
				744	}
				745	}
				746
				747	switch (key->type) {
				748	case KEY_RSA1:
				749	if (key->rsa == NULL)
				750	return 0;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	751	/* size of modulus 'n' */
				752	bits = BN_num_bits(key->rsa->n);
				753	fprintf(f, "%u", bits);
				754	if (write_bignum(f, key->rsa->e) &&
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	755	write_bignum(f, key->rsa->n))
				756	return 1;
				757	error("key_write: failed for RSA key");
				758	return 0;
				759	case KEY_DSA:
				760	case KEY_DSA_CERT:
				761	if (key->dsa == NULL)
				762	return 0;
				763	break;
				764	case KEY_RSA:
				765	case KEY_RSA_CERT:
				766	if (key->rsa == NULL)
				767	return 0;
				768	break;
				769	default:
				770	return 0;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	771	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	772
				773	key_to_blob(key, &blob, &len);
				774	uu = xmalloc(2*len);
				775	n = uuencode(blob, len, uu, 2*len);
				776	if (n > 0) {
				777	fprintf(f, "%s %s", key_ssh_name(key), uu);
				778	success = 1;
				779	}
				780	xfree(blob);
				781	xfree(uu);
				782
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	783	return success;
				784	}
Ben Lindstrom	836f0e9	2002-06-23 21:21:30 +0000	[diff] [blame]	785
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	786	const char *
				787	key_type(const Key *k)
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	788	{
				789	switch (k->type) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	790	case KEY_RSA1:
				791	return "RSA1";
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	792	case KEY_RSA:
				793	return "RSA";
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	794	case KEY_DSA:
				795	return "DSA";
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	796	case KEY_RSA_CERT:
				797	return "RSA-CERT";
				798	case KEY_DSA_CERT:
				799	return "DSA-CERT";
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	800	}
				801	return "unknown";
				802	}
Ben Lindstrom	836f0e9	2002-06-23 21:21:30 +0000	[diff] [blame]	803
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	804	const char *
				805	key_ssh_name(const Key *k)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	806	{
				807	switch (k->type) {
				808	case KEY_RSA:
				809	return "ssh-rsa";
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	810	case KEY_DSA:
				811	return "ssh-dss";
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	812	case KEY_RSA_CERT:
				813	return "ssh-rsa-cert-v00@openssh.com";
				814	case KEY_DSA_CERT:
				815	return "ssh-dss-cert-v00@openssh.com";
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	816	}
				817	return "ssh-unknown";
				818	}
Ben Lindstrom	836f0e9	2002-06-23 21:21:30 +0000	[diff] [blame]	819
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	820	u_int
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	821	key_size(const Key *k)
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	822	{
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	823	switch (k->type) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	824	case KEY_RSA1:
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	825	case KEY_RSA:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	826	case KEY_RSA_CERT:
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	827	return BN_num_bits(k->rsa->n);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	828	case KEY_DSA:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	829	case KEY_DSA_CERT:
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	830	return BN_num_bits(k->dsa->p);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	831	}
				832	return 0;
				833	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	834
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	835	static RSA *
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	836	rsa_generate_private_key(u_int bits)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	837	{
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	838	RSA *private;
Damien Miller	69b7203	2006-03-26 14:02:35 +1100	[diff] [blame]	839
Darren Tucker	57e0d01	2010-01-08 18:52:27 +1100	[diff] [blame]	840	private = RSA_generate_key(bits, RSA_F4, NULL, NULL);
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	841	if (private == NULL)
				842	fatal("rsa_generate_private_key: key generation failed.");
				843	return private;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	844	}
				845
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	846	static DSA*
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	847	dsa_generate_private_key(u_int bits)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	848	{
				849	DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
Damien Miller	69b7203	2006-03-26 14:02:35 +1100	[diff] [blame]	850
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	851	if (private == NULL)
				852	fatal("dsa_generate_private_key: DSA_generate_parameters failed");
				853	if (!DSA_generate_key(private))
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	854	fatal("dsa_generate_private_key: DSA_generate_key failed.");
				855	if (private == NULL)
				856	fatal("dsa_generate_private_key: NULL.");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	857	return private;
				858	}
				859
				860	Key *
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	861	key_generate(int type, u_int bits)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	862	{
				863	Key *k = key_new(KEY_UNSPEC);
				864	switch (type) {
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	865	case KEY_DSA:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	866	k->dsa = dsa_generate_private_key(bits);
				867	break;
				868	case KEY_RSA:
				869	case KEY_RSA1:
				870	k->rsa = rsa_generate_private_key(bits);
				871	break;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	872	case KEY_RSA_CERT:
				873	case KEY_DSA_CERT:
				874	fatal("key_generate: cert keys cannot be generated directly");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	875	default:
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	876	fatal("key_generate: unknown type %d", type);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	877	}
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	878	k->type = type;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	879	return k;
				880	}
				881
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	882	void
				883	key_cert_copy(const Key from_key, struct Key to_key)
				884	{
				885	u_int i;
				886	const struct KeyCert *from;
				887	struct KeyCert *to;
				888
				889	if (to_key->cert != NULL) {
				890	cert_free(to_key->cert);
				891	to_key->cert = NULL;
				892	}
				893
				894	if ((from = from_key->cert) == NULL)
				895	return;
				896
				897	to = to_key->cert = cert_new();
				898
				899	buffer_append(&to->certblob, buffer_ptr(&from->certblob),
				900	buffer_len(&from->certblob));
				901
				902	buffer_append(&to->constraints, buffer_ptr(&from->constraints),
				903	buffer_len(&from->constraints));
				904
				905	to->type = from->type;
				906	to->key_id = from->key_id == NULL ? NULL : xstrdup(from->key_id);
				907	to->valid_after = from->valid_after;
				908	to->valid_before = from->valid_before;
				909	to->signature_key = from->signature_key == NULL ?
				910	NULL : key_from_private(from->signature_key);
				911
				912	to->nprincipals = from->nprincipals;
				913	if (to->nprincipals > CERT_MAX_PRINCIPALS)
				914	fatal("%s: nprincipals (%u) > CERT_MAX_PRINCIPALS (%u)",
				915	__func__, to->nprincipals, CERT_MAX_PRINCIPALS);
				916	if (to->nprincipals > 0) {
				917	to->principals = xcalloc(from->nprincipals,
				918	sizeof(*to->principals));
				919	for (i = 0; i < to->nprincipals; i++)
				920	to->principals[i] = xstrdup(from->principals[i]);
				921	}
				922	}
				923
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	924	Key *
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	925	key_from_private(const Key *k)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	926	{
				927	Key *n = NULL;
				928	switch (k->type) {
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	929	case KEY_DSA:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	930	case KEY_DSA_CERT:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	931	n = key_new(k->type);
Darren Tucker	0bc8557	2006-11-07 23:14:41 +1100	[diff] [blame]	932	if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) \|\|
				933	(BN_copy(n->dsa->q, k->dsa->q) == NULL) \|\|
				934	(BN_copy(n->dsa->g, k->dsa->g) == NULL) \|\|
				935	(BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL))
				936	fatal("key_from_private: BN_copy failed");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	937	break;
				938	case KEY_RSA:
				939	case KEY_RSA1:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	940	case KEY_RSA_CERT:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	941	n = key_new(k->type);
Darren Tucker	0bc8557	2006-11-07 23:14:41 +1100	[diff] [blame]	942	if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) \|\|
				943	(BN_copy(n->rsa->e, k->rsa->e) == NULL))
				944	fatal("key_from_private: BN_copy failed");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	945	break;
				946	default:
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	947	fatal("key_from_private: unknown type %d", k->type);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	948	break;
				949	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	950	if (key_is_cert(k))
				951	key_cert_copy(k, n);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	952	return n;
				953	}
				954
				955	int
				956	key_type_from_name(char *name)
				957	{
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	958	if (strcmp(name, "rsa1") == 0) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	959	return KEY_RSA1;
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	960	} else if (strcmp(name, "rsa") == 0) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	961	return KEY_RSA;
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	962	} else if (strcmp(name, "dsa") == 0) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	963	return KEY_DSA;
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	964	} else if (strcmp(name, "ssh-rsa") == 0) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	965	return KEY_RSA;
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	966	} else if (strcmp(name, "ssh-dss") == 0) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	967	return KEY_DSA;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	968	} else if (strcmp(name, "ssh-rsa-cert-v00@openssh.com") == 0) {
				969	return KEY_RSA_CERT;
				970	} else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) {
				971	return KEY_DSA_CERT;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	972	}
Ben Lindstrom	b54873a	2001-03-11 20:01:55 +0000	[diff] [blame]	973	debug2("key_type_from_name: unknown key type '%s'", name);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	974	return KEY_UNSPEC;
				975	}
				976
Ben Lindstrom	982dbbc	2001-04-17 18:11:36 +0000	[diff] [blame]	977	int
				978	key_names_valid2(const char *names)
				979	{
				980	char s, cp, *p;
				981
				982	if (names == NULL \|\| strcmp(names, "") == 0)
				983	return 0;
				984	s = cp = xstrdup(names);
				985	for ((p = strsep(&cp, ",")); p && *p != '\0';
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	986	(p = strsep(&cp, ","))) {
Ben Lindstrom	982dbbc	2001-04-17 18:11:36 +0000	[diff] [blame]	987	switch (key_type_from_name(p)) {
				988	case KEY_RSA1:
				989	case KEY_UNSPEC:
				990	xfree(s);
				991	return 0;
				992	}
				993	}
				994	debug3("key names ok: [%s]", names);
				995	xfree(s);
				996	return 1;
				997	}
				998
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	999	static int
				1000	cert_parse(Buffer b, Key key, const u_char *blob, u_int blen)
				1001	{
				1002	u_char principals, constraints, sig_key, sig;
				1003	u_int signed_len, plen, clen, sklen, slen;
				1004	Buffer tmp;
				1005	char *principal;
				1006	int ret = -1;
				1007
				1008	buffer_init(&tmp);
				1009
				1010	/* Copy the entire key blob for verification and later serialisation */
				1011	buffer_append(&key->cert->certblob, blob, blen);
				1012
				1013	principals = constraints = sig_key = sig = NULL;
				1014	if (buffer_get_int_ret(&key->cert->type, b) != 0 \|\|
				1015	(key->cert->key_id = buffer_get_string_ret(b, NULL)) == NULL \|\|
				1016	(principals = buffer_get_string_ret(b, &plen)) == NULL \|\|
				1017	buffer_get_int64_ret(&key->cert->valid_after, b) != 0 \|\|
				1018	buffer_get_int64_ret(&key->cert->valid_before, b) != 0 \|\|
				1019	(constraints = buffer_get_string_ret(b, &clen)) == NULL \|\|
				1020	/* skip nonce */ buffer_get_string_ptr_ret(b, NULL) == NULL \|\|
				1021	/* skip reserved */ buffer_get_string_ptr_ret(b, NULL) == NULL \|\|
				1022	(sig_key = buffer_get_string_ret(b, &sklen)) == NULL) {
				1023	error("%s: parse error", __func__);
				1024	goto out;
				1025	}
				1026
				1027	/* Signature is left in the buffer so we can calculate this length */
				1028	signed_len = buffer_len(&key->cert->certblob) - buffer_len(b);
				1029
				1030	if ((sig = buffer_get_string_ret(b, &slen)) == NULL) {
				1031	error("%s: parse error", __func__);
				1032	goto out;
				1033	}
				1034
				1035	if (key->cert->type != SSH2_CERT_TYPE_USER &&
				1036	key->cert->type != SSH2_CERT_TYPE_HOST) {
				1037	error("Unknown certificate type %u", key->cert->type);
				1038	goto out;
				1039	}
				1040
				1041	buffer_append(&tmp, principals, plen);
				1042	while (buffer_len(&tmp) > 0) {
				1043	if (key->cert->nprincipals >= CERT_MAX_PRINCIPALS) {
				1044	error("Too many principals");
				1045	goto out;
				1046	}
				1047	if ((principal = buffer_get_string_ret(&tmp, NULL)) == NULL) {
				1048	error("Principals data invalid");
				1049	goto out;
				1050	}
				1051	key->cert->principals = xrealloc(key->cert->principals,
				1052	key->cert->nprincipals + 1, sizeof(*key->cert->principals));
				1053	key->cert->principals[key->cert->nprincipals++] = principal;
				1054	}
				1055
				1056	buffer_clear(&tmp);
				1057
				1058	buffer_append(&key->cert->constraints, constraints, clen);
				1059	buffer_append(&tmp, constraints, clen);
				1060	/* validate structure */
				1061	while (buffer_len(&tmp) != 0) {
				1062	if (buffer_get_string_ptr(&tmp, NULL) == NULL \|\|
				1063	buffer_get_string_ptr(&tmp, NULL) == NULL) {
				1064	error("Constraints data invalid");
				1065	goto out;
				1066	}
				1067	}
				1068	buffer_clear(&tmp);
				1069
				1070	if ((key->cert->signature_key = key_from_blob(sig_key,
				1071	sklen)) == NULL) {
				1072	error("Signature key invalid");
				1073	goto out;
				1074	}
				1075	if (key->cert->signature_key->type != KEY_RSA &&
				1076	key->cert->signature_key->type != KEY_DSA) {
				1077	error("Invalid signature key type %s (%d)",
				1078	key_type(key->cert->signature_key),
				1079	key->cert->signature_key->type);
				1080	goto out;
				1081	}
				1082
				1083	switch (key_verify(key->cert->signature_key, sig, slen,
				1084	buffer_ptr(&key->cert->certblob), signed_len)) {
				1085	case 1:
				1086	break; /* Good signature */
				1087	case 0:
				1088	error("Invalid signature on certificate");
				1089	goto out;
				1090	case -1:
				1091	error("Certificate signature verification failed");
				1092	goto out;
				1093	}
				1094
				1095	ret = 0;
				1096
				1097	out:
				1098	buffer_free(&tmp);
				1099	if (principals != NULL)
				1100	xfree(principals);
				1101	if (constraints != NULL)
				1102	xfree(constraints);
				1103	if (sig_key != NULL)
				1104	xfree(sig_key);
				1105	if (sig != NULL)
				1106	xfree(sig);
				1107	return ret;
				1108	}
				1109
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1110	Key *
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	1111	key_from_blob(const u_char *blob, u_int blen)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1112	{
				1113	Buffer b;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1114	int rlen, type;
Darren Tucker	08d04fa	2004-11-05 20:42:28 +1100	[diff] [blame]	1115	char *ktype = NULL;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1116	Key *key = NULL;
				1117
				1118	#ifdef DEBUG_PK
				1119	dump_base64(stderr, blob, blen);
				1120	#endif
				1121	buffer_init(&b);
				1122	buffer_append(&b, blob, blen);
Darren Tucker	08d04fa	2004-11-05 20:42:28 +1100	[diff] [blame]	1123	if ((ktype = buffer_get_string_ret(&b, NULL)) == NULL) {
				1124	error("key_from_blob: can't read key type");
				1125	goto out;
				1126	}
				1127
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1128	type = key_type_from_name(ktype);
				1129
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	1130	switch (type) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1131	case KEY_RSA:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	1132	case KEY_RSA_CERT:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1133	key = key_new(type);
Darren Tucker	08d04fa	2004-11-05 20:42:28 +1100	[diff] [blame]	1134	if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 \|\|
				1135	buffer_get_bignum2_ret(&b, key->rsa->n) == -1) {
				1136	error("key_from_blob: can't read rsa key");
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	1137	badkey:
Darren Tucker	08d04fa	2004-11-05 20:42:28 +1100	[diff] [blame]	1138	key_free(key);
				1139	key = NULL;
				1140	goto out;
				1141	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1142	#ifdef DEBUG_PK
				1143	RSA_print_fp(stderr, key->rsa, 8);
				1144	#endif
				1145	break;
				1146	case KEY_DSA:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	1147	case KEY_DSA_CERT:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1148	key = key_new(type);
Darren Tucker	08d04fa	2004-11-05 20:42:28 +1100	[diff] [blame]	1149	if (buffer_get_bignum2_ret(&b, key->dsa->p) == -1 \|\|
				1150	buffer_get_bignum2_ret(&b, key->dsa->q) == -1 \|\|
				1151	buffer_get_bignum2_ret(&b, key->dsa->g) == -1 \|\|
				1152	buffer_get_bignum2_ret(&b, key->dsa->pub_key) == -1) {
				1153	error("key_from_blob: can't read dsa key");
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	1154	goto badkey;
Darren Tucker	08d04fa	2004-11-05 20:42:28 +1100	[diff] [blame]	1155	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1156	#ifdef DEBUG_PK
				1157	DSA_print_fp(stderr, key->dsa, 8);
				1158	#endif
				1159	break;
				1160	case KEY_UNSPEC:
				1161	key = key_new(type);
				1162	break;
				1163	default:
				1164	error("key_from_blob: cannot handle type %s", ktype);
Darren Tucker	08d04fa	2004-11-05 20:42:28 +1100	[diff] [blame]	1165	goto out;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1166	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	1167	if (key_is_cert(key) && cert_parse(&b, key, blob, blen) == -1) {
				1168	error("key_from_blob: can't parse cert data");
				1169	goto badkey;
				1170	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1171	rlen = buffer_len(&b);
				1172	if (key != NULL && rlen != 0)
				1173	error("key_from_blob: remaining bytes in key blob %d", rlen);
Darren Tucker	08d04fa	2004-11-05 20:42:28 +1100	[diff] [blame]	1174	out:
				1175	if (ktype != NULL)
				1176	xfree(ktype);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1177	buffer_free(&b);
				1178	return key;
				1179	}
				1180
				1181	int
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	1182	key_to_blob(const Key key, u_char blobp, u_int lenp)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1183	{
				1184	Buffer b;
				1185	int len;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1186
				1187	if (key == NULL) {
				1188	error("key_to_blob: key == NULL");
				1189	return 0;
				1190	}
				1191	buffer_init(&b);
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	1192	switch (key->type) {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	1193	case KEY_DSA_CERT:
				1194	case KEY_RSA_CERT:
				1195	/* Use the existing blob */
				1196	buffer_append(&b, buffer_ptr(&key->cert->certblob),
				1197	buffer_len(&key->cert->certblob));
				1198	break;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1199	case KEY_DSA:
				1200	buffer_put_cstring(&b, key_ssh_name(key));
				1201	buffer_put_bignum2(&b, key->dsa->p);
				1202	buffer_put_bignum2(&b, key->dsa->q);
				1203	buffer_put_bignum2(&b, key->dsa->g);
				1204	buffer_put_bignum2(&b, key->dsa->pub_key);
				1205	break;
				1206	case KEY_RSA:
				1207	buffer_put_cstring(&b, key_ssh_name(key));
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1208	buffer_put_bignum2(&b, key->rsa->e);
Ben Lindstrom	bf555ba	2001-01-18 02:04:35 +0000	[diff] [blame]	1209	buffer_put_bignum2(&b, key->rsa->n);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1210	break;
				1211	default:
Ben Lindstrom	99a30f1	2001-09-18 05:49:14 +0000	[diff] [blame]	1212	error("key_to_blob: unsupported key type %d", key->type);
				1213	buffer_free(&b);
				1214	return 0;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1215	}
				1216	len = buffer_len(&b);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1217	if (lenp != NULL)
				1218	*lenp = len;
Ben Lindstrom	2bf759c	2002-07-07 22:13:31 +0000	[diff] [blame]	1219	if (blobp != NULL) {
				1220	*blobp = xmalloc(len);
				1221	memcpy(*blobp, buffer_ptr(&b), len);
				1222	}
				1223	memset(buffer_ptr(&b), 0, len);
				1224	buffer_free(&b);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1225	return len;
				1226	}
				1227
				1228	int
				1229	key_sign(
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	1230	const Key *key,
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	1231	u_char *sigp, u_int lenp,
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	1232	const u_char *data, u_int datalen)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1233	{
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	1234	switch (key->type) {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	1235	case KEY_DSA_CERT:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1236	case KEY_DSA:
				1237	return ssh_dss_sign(key, sigp, lenp, data, datalen);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	1238	case KEY_RSA_CERT:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1239	case KEY_RSA:
				1240	return ssh_rsa_sign(key, sigp, lenp, data, datalen);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1241	default:
Darren Tucker	5cb30ad	2004-08-12 22:40:24 +1000	[diff] [blame]	1242	error("key_sign: invalid key type %d", key->type);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1243	return -1;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1244	}
				1245	}
				1246
Ben Lindstrom	01fff0c	2002-06-06 20:54:07 +0000	[diff] [blame]	1247	/*
				1248	* key_verify returns 1 for a correct signature, 0 for an incorrect signature
				1249	* and -1 on error.
				1250	*/
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1251	int
				1252	key_verify(
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	1253	const Key *key,
				1254	const u_char *signature, u_int signaturelen,
				1255	const u_char *data, u_int datalen)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1256	{
Ben Lindstrom	5363aee	2001-06-25 04:42:20 +0000	[diff] [blame]	1257	if (signaturelen == 0)
				1258	return -1;
				1259
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	1260	switch (key->type) {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	1261	case KEY_DSA_CERT:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1262	case KEY_DSA:
				1263	return ssh_dss_verify(key, signature, signaturelen, data, datalen);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	1264	case KEY_RSA_CERT:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1265	case KEY_RSA:
				1266	return ssh_rsa_verify(key, signature, signaturelen, data, datalen);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1267	default:
Darren Tucker	5cb30ad	2004-08-12 22:40:24 +1000	[diff] [blame]	1268	error("key_verify: invalid key type %d", key->type);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1269	return -1;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1270	}
				1271	}
Ben Lindstrom	a674e8d	2002-03-22 01:45:53 +0000	[diff] [blame]	1272
				1273	/* Converts a private to a public key */
Ben Lindstrom	a674e8d	2002-03-22 01:45:53 +0000	[diff] [blame]	1274	Key *
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	1275	key_demote(const Key *k)
Ben Lindstrom	a674e8d	2002-03-22 01:45:53 +0000	[diff] [blame]	1276	{
				1277	Key *pk;
Ben Lindstrom	6328ab3	2002-03-22 02:54:23 +0000	[diff] [blame]	1278
Damien Miller	07d86be	2006-03-26 14:19:21 +1100	[diff] [blame]	1279	pk = xcalloc(1, sizeof(*pk));
Ben Lindstrom	a674e8d	2002-03-22 01:45:53 +0000	[diff] [blame]	1280	pk->type = k->type;
				1281	pk->flags = k->flags;
				1282	pk->dsa = NULL;
				1283	pk->rsa = NULL;
				1284
				1285	switch (k->type) {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	1286	case KEY_RSA_CERT:
				1287	key_cert_copy(k, pk);
				1288	/* FALLTHROUGH */
Ben Lindstrom	a674e8d	2002-03-22 01:45:53 +0000	[diff] [blame]	1289	case KEY_RSA1:
				1290	case KEY_RSA:
				1291	if ((pk->rsa = RSA_new()) == NULL)
				1292	fatal("key_demote: RSA_new failed");
				1293	if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL)
				1294	fatal("key_demote: BN_dup failed");
				1295	if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL)
				1296	fatal("key_demote: BN_dup failed");
				1297	break;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	1298	case KEY_DSA_CERT:
				1299	key_cert_copy(k, pk);
				1300	/* FALLTHROUGH */
Ben Lindstrom	a674e8d	2002-03-22 01:45:53 +0000	[diff] [blame]	1301	case KEY_DSA:
				1302	if ((pk->dsa = DSA_new()) == NULL)
				1303	fatal("key_demote: DSA_new failed");
				1304	if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL)
				1305	fatal("key_demote: BN_dup failed");
				1306	if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL)
				1307	fatal("key_demote: BN_dup failed");
				1308	if ((pk->dsa->g = BN_dup(k->dsa->g)) == NULL)
				1309	fatal("key_demote: BN_dup failed");
				1310	if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL)
				1311	fatal("key_demote: BN_dup failed");
				1312	break;
				1313	default:
				1314	fatal("key_free: bad key type %d", k->type);
				1315	break;
				1316	}
				1317
				1318	return (pk);
				1319	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame^]	1320
				1321	int
				1322	key_is_cert(const Key *k)
				1323	{
				1324	return k != NULL &&
				1325	(k->type == KEY_RSA_CERT \|\| k->type == KEY_DSA_CERT);
				1326	}
				1327
				1328	/* Return the cert-less equivalent to a certified key type */
				1329	int
				1330	key_type_plain(int type)
				1331	{
				1332	switch (type) {
				1333	case KEY_RSA_CERT:
				1334	return KEY_RSA;
				1335	case KEY_DSA_CERT:
				1336	return KEY_DSA;
				1337	default:
				1338	return type;
				1339	}
				1340	}
				1341
				1342	/* Convert a KEY_RSA or KEY_DSA to their _CERT equivalent */
				1343	int
				1344	key_to_certified(Key *k)
				1345	{
				1346	switch (k->type) {
				1347	case KEY_RSA:
				1348	k->cert = cert_new();
				1349	k->type = KEY_RSA_CERT;
				1350	return 0;
				1351	case KEY_DSA:
				1352	k->cert = cert_new();
				1353	k->type = KEY_DSA_CERT;
				1354	return 0;
				1355	default:
				1356	error("%s: key has incorrect type %s", __func__, key_type(k));
				1357	return -1;
				1358	}
				1359	}
				1360
				1361	/* Convert a KEY_RSA_CERT or KEY_DSA_CERT to their raw key equivalent */
				1362	int
				1363	key_drop_cert(Key *k)
				1364	{
				1365	switch (k->type) {
				1366	case KEY_RSA_CERT:
				1367	cert_free(k->cert);
				1368	k->type = KEY_RSA;
				1369	return 0;
				1370	case KEY_DSA_CERT:
				1371	cert_free(k->cert);
				1372	k->type = KEY_DSA;
				1373	return 0;
				1374	default:
				1375	error("%s: key has incorrect type %s", __func__, key_type(k));
				1376	return -1;
				1377	}
				1378	}
				1379
				1380	/* Sign a KEY_RSA_CERT or KEY_DSA_CERT, (re-)generating the signed certblob */
				1381	int
				1382	key_certify(Key k, Key ca)
				1383	{
				1384	Buffer principals;
				1385	u_char ca_blob, sig_blob, nonce[32];
				1386	u_int i, ca_len, sig_len;
				1387
				1388	if (k->cert == NULL) {
				1389	error("%s: key lacks cert info", __func__);
				1390	return -1;
				1391	}
				1392
				1393	if (!key_is_cert(k)) {
				1394	error("%s: certificate has unknown type %d", __func__,
				1395	k->cert->type);
				1396	return -1;
				1397	}
				1398
				1399	if (ca->type != KEY_RSA && ca->type != KEY_DSA) {
				1400	error("%s: CA key has unsupported type %s", __func__,
				1401	key_type(ca));
				1402	return -1;
				1403	}
				1404
				1405	key_to_blob(ca, &ca_blob, &ca_len);
				1406
				1407	buffer_clear(&k->cert->certblob);
				1408	buffer_put_cstring(&k->cert->certblob, key_ssh_name(k));
				1409
				1410	switch (k->type) {
				1411	case KEY_DSA_CERT:
				1412	buffer_put_bignum2(&k->cert->certblob, k->dsa->p);
				1413	buffer_put_bignum2(&k->cert->certblob, k->dsa->q);
				1414	buffer_put_bignum2(&k->cert->certblob, k->dsa->g);
				1415	buffer_put_bignum2(&k->cert->certblob, k->dsa->pub_key);
				1416	break;
				1417	case KEY_RSA_CERT:
				1418	buffer_put_bignum2(&k->cert->certblob, k->rsa->e);
				1419	buffer_put_bignum2(&k->cert->certblob, k->rsa->n);
				1420	break;
				1421	default:
				1422	error("%s: key has incorrect type %s", __func__, key_type(k));
				1423	buffer_clear(&k->cert->certblob);
				1424	xfree(ca_blob);
				1425	return -1;
				1426	}
				1427
				1428	buffer_put_int(&k->cert->certblob, k->cert->type);
				1429	buffer_put_cstring(&k->cert->certblob, k->cert->key_id);
				1430
				1431	buffer_init(&principals);
				1432	for (i = 0; i < k->cert->nprincipals; i++)
				1433	buffer_put_cstring(&principals, k->cert->principals[i]);
				1434	buffer_put_string(&k->cert->certblob, buffer_ptr(&principals),
				1435	buffer_len(&principals));
				1436	buffer_free(&principals);
				1437
				1438	buffer_put_int64(&k->cert->certblob, k->cert->valid_after);
				1439	buffer_put_int64(&k->cert->certblob, k->cert->valid_before);
				1440	buffer_put_string(&k->cert->certblob,
				1441	buffer_ptr(&k->cert->constraints),
				1442	buffer_len(&k->cert->constraints));
				1443
				1444	arc4random_buf(&nonce, sizeof(nonce));
				1445	buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce));
				1446	buffer_put_string(&k->cert->certblob, NULL, 0); /* reserved */
				1447	buffer_put_string(&k->cert->certblob, ca_blob, ca_len);
				1448	xfree(ca_blob);
				1449
				1450	/* Sign the whole mess */
				1451	if (key_sign(ca, &sig_blob, &sig_len, buffer_ptr(&k->cert->certblob),
				1452	buffer_len(&k->cert->certblob)) != 0) {
				1453	error("%s: signature operation failed", __func__);
				1454	buffer_clear(&k->cert->certblob);
				1455	return -1;
				1456	}
				1457	/* Append signature and we are done */
				1458	buffer_put_string(&k->cert->certblob, sig_blob, sig_len);
				1459	xfree(sig_blob);
				1460
				1461	return 0;
				1462	}
				1463
				1464	int
				1465	key_cert_check_authority(const Key *k, int want_host, int require_principal,
				1466	const char name, const char *reason)
				1467	{
				1468	u_int i, principal_matches;
				1469	time_t now = time(NULL);
				1470
				1471	if (want_host) {
				1472	if (k->cert->type != SSH2_CERT_TYPE_HOST) {
				1473	*reason = "Certificate invalid: not a host certificate";
				1474	return -1;
				1475	}
				1476	} else {
				1477	if (k->cert->type != SSH2_CERT_TYPE_USER) {
				1478	*reason = "Certificate invalid: not a user certificate";
				1479	return -1;
				1480	}
				1481	}
				1482	if (now < 0) {
				1483	error("%s: system clock lies before epoch", __func__);
				1484	*reason = "Certificate invalid: not yet valid";
				1485	return -1;
				1486	}
				1487	if ((u_int64_t)now < k->cert->valid_after) {
				1488	*reason = "Certificate invalid: not yet valid";
				1489	return -1;
				1490	}
				1491	if ((u_int64_t)now >= k->cert->valid_before) {
				1492	*reason = "Certificate invalid: expired";
				1493	return -1;
				1494	}
				1495	if (k->cert->nprincipals == 0) {
				1496	if (require_principal) {
				1497	*reason = "Certificate lacks principal list";
				1498	return -1;
				1499	}
				1500	} else {
				1501	principal_matches = 0;
				1502	for (i = 0; i < k->cert->nprincipals; i++) {
				1503	if (strcmp(name, k->cert->principals[i]) == 0) {
				1504	principal_matches = 1;
				1505	break;
				1506	}
				1507	}
				1508	if (!principal_matches) {
				1509	*reason = "Certificate invalid: name is not a listed "
				1510	"principal";
				1511	return -1;
				1512	}
				1513	}
				1514	return 0;
				1515	}