blob: 7a1b74a7f47cda2721edb471968b90c72a1f7f6a [file] [log] [blame]
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001/*
Damien Miller95def091999-11-25 00:26:21 +11002 * Author: Tatu Ylonen <ylo@cs.hut.fi>
Damien Miller95def091999-11-25 00:26:21 +11003 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
Damien Miller95def091999-11-25 00:26:21 +11005 * This file contains functions for reading and writing identity files, and
6 * for reading the passphrase from the user.
Damien Miller4af51302000-04-16 11:18:38 +10007 *
Damien Millere4340be2000-09-16 13:29:08 +11008 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
13 *
14 *
15 * Copyright (c) 2000 Markus Friedl. All rights reserved.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
19 * are met:
20 * 1. Redistributions of source code must retain the above copyright
21 * notice, this list of conditions and the following disclaimer.
22 * 2. Redistributions in binary form must reproduce the above copyright
23 * notice, this list of conditions and the following disclaimer in the
24 * documentation and/or other materials provided with the distribution.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller95def091999-11-25 00:26:21 +110036 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100037
38#include "includes.h"
Kevin Stevesa074feb2000-12-21 22:33:45 +000039RCSID("$OpenBSD: authfile.c,v 1.22 2000/12/19 22:43:44 markus Exp $");
Damien Millerd4a8b7e1999-10-27 13:42:43 +100040
41#include <openssl/bn.h>
Damien Millereba71ba2000-04-29 23:57:08 +100042#include <openssl/dsa.h>
43#include <openssl/rsa.h>
Damien Miller0bc1bd82000-11-13 22:57:25 +110044#include <openssl/err.h>
Damien Millereba71ba2000-04-29 23:57:08 +100045#include <openssl/pem.h>
46#include <openssl/evp.h>
47
Damien Millerd4a8b7e1999-10-27 13:42:43 +100048#include "xmalloc.h"
49#include "buffer.h"
50#include "bufaux.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100051#include "ssh.h"
Damien Millereba71ba2000-04-29 23:57:08 +100052#include "key.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100053
54/* Version identification string for identity files. */
55#define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n"
56
Damien Miller5428f641999-11-25 11:54:57 +110057/*
58 * Saves the authentication (private) key in a file, encrypting it with
59 * passphrase. The identification of the file (lowest 64 bits of n) will
60 * precede the key to provide identification of the key without needing a
61 * passphrase.
62 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100063
64int
Damien Miller0bc1bd82000-11-13 22:57:25 +110065save_private_key_rsa1(const char *filename, const char *passphrase,
Damien Millereba71ba2000-04-29 23:57:08 +100066 RSA *key, const char *comment)
Damien Millerd4a8b7e1999-10-27 13:42:43 +100067{
Damien Miller95def091999-11-25 00:26:21 +110068 Buffer buffer, encrypted;
69 char buf[100], *cp;
Damien Miller037a0dc1999-12-07 15:38:31 +110070 int fd, i;
Damien Miller874d77b2000-10-14 16:23:11 +110071 CipherContext ciphercontext;
72 Cipher *cipher;
Damien Miller95def091999-11-25 00:26:21 +110073 u_int32_t rand;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100074
Damien Miller5428f641999-11-25 11:54:57 +110075 /*
76 * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting
77 * to another cipher; otherwise use SSH_AUTHFILE_CIPHER.
78 */
Damien Miller95def091999-11-25 00:26:21 +110079 if (strcmp(passphrase, "") == 0)
Damien Miller874d77b2000-10-14 16:23:11 +110080 cipher = cipher_by_number(SSH_CIPHER_NONE);
Damien Miller95def091999-11-25 00:26:21 +110081 else
Damien Miller874d77b2000-10-14 16:23:11 +110082 cipher = cipher_by_number(SSH_AUTHFILE_CIPHER);
83 if (cipher == NULL)
84 fatal("save_private_key_rsa: bad cipher");
Damien Millerd4a8b7e1999-10-27 13:42:43 +100085
Damien Miller95def091999-11-25 00:26:21 +110086 /* This buffer is used to built the secret part of the private key. */
87 buffer_init(&buffer);
Damien Millerd4a8b7e1999-10-27 13:42:43 +100088
Damien Miller95def091999-11-25 00:26:21 +110089 /* Put checkbytes for checking passphrase validity. */
90 rand = arc4random();
91 buf[0] = rand & 0xff;
92 buf[1] = (rand >> 8) & 0xff;
93 buf[2] = buf[0];
94 buf[3] = buf[1];
95 buffer_append(&buffer, buf, 4);
Damien Millerd4a8b7e1999-10-27 13:42:43 +100096
Damien Miller5428f641999-11-25 11:54:57 +110097 /*
98 * Store the private key (n and e will not be stored because they
99 * will be stored in plain text, and storing them also in encrypted
100 * format would just give known plaintext).
101 */
Damien Miller95def091999-11-25 00:26:21 +1100102 buffer_put_bignum(&buffer, key->d);
103 buffer_put_bignum(&buffer, key->iqmp);
104 buffer_put_bignum(&buffer, key->q); /* reverse from SSL p */
105 buffer_put_bignum(&buffer, key->p); /* reverse from SSL q */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000106
Damien Miller95def091999-11-25 00:26:21 +1100107 /* Pad the part to be encrypted until its size is a multiple of 8. */
108 while (buffer_len(&buffer) % 8 != 0)
109 buffer_put_char(&buffer, 0);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000110
Damien Miller95def091999-11-25 00:26:21 +1100111 /* This buffer will be used to contain the data in the file. */
112 buffer_init(&encrypted);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000113
Damien Miller95def091999-11-25 00:26:21 +1100114 /* First store keyfile id string. */
115 cp = AUTHFILE_ID_STRING;
116 for (i = 0; cp[i]; i++)
117 buffer_put_char(&encrypted, cp[i]);
118 buffer_put_char(&encrypted, 0);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000119
Damien Miller95def091999-11-25 00:26:21 +1100120 /* Store cipher type. */
Damien Miller874d77b2000-10-14 16:23:11 +1100121 buffer_put_char(&encrypted, cipher->number);
Damien Miller95def091999-11-25 00:26:21 +1100122 buffer_put_int(&encrypted, 0); /* For future extension */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000123
Damien Miller95def091999-11-25 00:26:21 +1100124 /* Store public key. This will be in plain text. */
125 buffer_put_int(&encrypted, BN_num_bits(key->n));
126 buffer_put_bignum(&encrypted, key->n);
127 buffer_put_bignum(&encrypted, key->e);
128 buffer_put_string(&encrypted, comment, strlen(comment));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000129
Damien Miller95def091999-11-25 00:26:21 +1100130 /* Allocate space for the private part of the key in the buffer. */
131 buffer_append_space(&encrypted, &cp, buffer_len(&buffer));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000132
Damien Miller874d77b2000-10-14 16:23:11 +1100133 cipher_set_key_string(&ciphercontext, cipher, passphrase);
Ben Lindstrom46c16222000-12-22 01:43:59 +0000134 cipher_encrypt(&ciphercontext, (u_char *) cp,
135 (u_char *) buffer_ptr(&buffer), buffer_len(&buffer));
Damien Miller874d77b2000-10-14 16:23:11 +1100136 memset(&ciphercontext, 0, sizeof(ciphercontext));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000137
Damien Miller95def091999-11-25 00:26:21 +1100138 /* Destroy temporary data. */
139 memset(buf, 0, sizeof(buf));
140 buffer_free(&buffer);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000141
Damien Miller037a0dc1999-12-07 15:38:31 +1100142 fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
143 if (fd < 0)
Damien Miller95def091999-11-25 00:26:21 +1100144 return 0;
Damien Miller037a0dc1999-12-07 15:38:31 +1100145 if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) !=
Damien Miller95def091999-11-25 00:26:21 +1100146 buffer_len(&encrypted)) {
147 debug("Write to key file %.200s failed: %.100s", filename,
148 strerror(errno));
149 buffer_free(&encrypted);
Damien Miller037a0dc1999-12-07 15:38:31 +1100150 close(fd);
Damien Miller78315eb2000-09-29 23:01:36 +1100151 unlink(filename);
Damien Miller95def091999-11-25 00:26:21 +1100152 return 0;
153 }
Damien Miller037a0dc1999-12-07 15:38:31 +1100154 close(fd);
Damien Miller95def091999-11-25 00:26:21 +1100155 buffer_free(&encrypted);
156 return 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000157}
158
Damien Miller0bc1bd82000-11-13 22:57:25 +1100159/* save SSH2 key in OpenSSL PEM format */
Damien Millereba71ba2000-04-29 23:57:08 +1000160int
Damien Miller0bc1bd82000-11-13 22:57:25 +1100161save_private_key_ssh2(const char *filename, const char *_passphrase,
162 Key *key, const char *comment)
Damien Millereba71ba2000-04-29 23:57:08 +1000163{
164 FILE *fp;
165 int fd;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100166 int success = 0;
167 int len = strlen(_passphrase);
168 char *passphrase = (len > 0) ? (char *)_passphrase : NULL;
169 EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL;
Damien Millereba71ba2000-04-29 23:57:08 +1000170
171 if (len > 0 && len <= 4) {
172 error("passphrase too short: %d bytes", len);
173 errno = 0;
174 return 0;
175 }
176 fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
177 if (fd < 0) {
178 debug("open %s failed", filename);
179 return 0;
180 }
181 fp = fdopen(fd, "w");
182 if (fp == NULL ) {
183 debug("fdopen %s failed", filename);
184 close(fd);
185 return 0;
186 }
Damien Miller0bc1bd82000-11-13 22:57:25 +1100187 switch (key->type) {
188 case KEY_DSA:
189 success = PEM_write_DSAPrivateKey(fp, key->dsa,
190 cipher, passphrase, len, NULL, NULL);
191 break;
192 case KEY_RSA:
193 success = PEM_write_RSAPrivateKey(fp, key->rsa,
194 cipher, passphrase, len, NULL, NULL);
195 break;
Damien Millereba71ba2000-04-29 23:57:08 +1000196 }
197 fclose(fp);
198 return success;
199}
200
201int
202save_private_key(const char *filename, const char *passphrase, Key *key,
203 const char *comment)
204{
205 switch (key->type) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100206 case KEY_RSA1:
207 return save_private_key_rsa1(filename, passphrase, key->rsa, comment);
Damien Millereba71ba2000-04-29 23:57:08 +1000208 break;
209 case KEY_DSA:
Damien Miller0bc1bd82000-11-13 22:57:25 +1100210 case KEY_RSA:
211 return save_private_key_ssh2(filename, passphrase, key, comment);
Damien Millereba71ba2000-04-29 23:57:08 +1000212 break;
213 default:
214 break;
215 }
216 return 0;
217}
218
Damien Miller5428f641999-11-25 11:54:57 +1100219/*
220 * Loads the public part of the key file. Returns 0 if an error was
221 * encountered (the file does not exist or is not readable), and non-zero
222 * otherwise.
223 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000224
225int
Damien Millereba71ba2000-04-29 23:57:08 +1000226load_public_key_rsa(const char *filename, RSA * pub, char **comment_return)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000227{
Damien Miller037a0dc1999-12-07 15:38:31 +1100228 int fd, i;
Damien Miller95def091999-11-25 00:26:21 +1100229 off_t len;
230 Buffer buffer;
231 char *cp;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000232
Damien Miller037a0dc1999-12-07 15:38:31 +1100233 fd = open(filename, O_RDONLY);
234 if (fd < 0)
Damien Miller95def091999-11-25 00:26:21 +1100235 return 0;
Damien Miller037a0dc1999-12-07 15:38:31 +1100236 len = lseek(fd, (off_t) 0, SEEK_END);
237 lseek(fd, (off_t) 0, SEEK_SET);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000238
Damien Miller95def091999-11-25 00:26:21 +1100239 buffer_init(&buffer);
240 buffer_append_space(&buffer, &cp, len);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000241
Damien Miller037a0dc1999-12-07 15:38:31 +1100242 if (read(fd, cp, (size_t) len) != (size_t) len) {
Damien Miller95def091999-11-25 00:26:21 +1100243 debug("Read from key file %.200s failed: %.100s", filename,
Damien Millereba71ba2000-04-29 23:57:08 +1000244 strerror(errno));
Damien Miller95def091999-11-25 00:26:21 +1100245 buffer_free(&buffer);
Damien Miller037a0dc1999-12-07 15:38:31 +1100246 close(fd);
Damien Miller95def091999-11-25 00:26:21 +1100247 return 0;
248 }
Damien Miller037a0dc1999-12-07 15:38:31 +1100249 close(fd);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000250
Damien Miller95def091999-11-25 00:26:21 +1100251 /* Check that it is at least big enought to contain the ID string. */
252 if (len < strlen(AUTHFILE_ID_STRING) + 1) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100253 debug3("Bad RSA1 key file %.200s.", filename);
Damien Miller95def091999-11-25 00:26:21 +1100254 buffer_free(&buffer);
255 return 0;
256 }
Damien Miller5428f641999-11-25 11:54:57 +1100257 /*
258 * Make sure it begins with the id string. Consume the id string
259 * from the buffer.
260 */
Ben Lindstrom46c16222000-12-22 01:43:59 +0000261 for (i = 0; i < (u_int) strlen(AUTHFILE_ID_STRING) + 1; i++)
Damien Miller037a0dc1999-12-07 15:38:31 +1100262 if (buffer_get_char(&buffer) != (u_char) AUTHFILE_ID_STRING[i]) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100263 debug3("Bad RSA1 key file %.200s.", filename);
Damien Miller95def091999-11-25 00:26:21 +1100264 buffer_free(&buffer);
265 return 0;
266 }
267 /* Skip cipher type and reserved data. */
268 (void) buffer_get_char(&buffer); /* cipher type */
269 (void) buffer_get_int(&buffer); /* reserved */
270
271 /* Read the public key from the buffer. */
272 buffer_get_int(&buffer);
Damien Millereba71ba2000-04-29 23:57:08 +1000273 /* XXX alloc */
274 if (pub->n == NULL)
275 pub->n = BN_new();
Damien Miller95def091999-11-25 00:26:21 +1100276 buffer_get_bignum(&buffer, pub->n);
Damien Millereba71ba2000-04-29 23:57:08 +1000277 /* XXX alloc */
278 if (pub->e == NULL)
279 pub->e = BN_new();
Damien Miller95def091999-11-25 00:26:21 +1100280 buffer_get_bignum(&buffer, pub->e);
281 if (comment_return)
282 *comment_return = buffer_get_string(&buffer, NULL);
283 /* The encrypted private part is not parsed by this function. */
284
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000285 buffer_free(&buffer);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000286
Damien Miller95def091999-11-25 00:26:21 +1100287 return 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000288}
289
Damien Millere4340be2000-09-16 13:29:08 +1100290/* load public key from private-key file */
Damien Millereba71ba2000-04-29 23:57:08 +1000291int
292load_public_key(const char *filename, Key * key, char **comment_return)
293{
294 switch (key->type) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100295 case KEY_RSA1:
Damien Millereba71ba2000-04-29 23:57:08 +1000296 return load_public_key_rsa(filename, key->rsa, comment_return);
297 break;
298 case KEY_DSA:
Damien Miller0bc1bd82000-11-13 22:57:25 +1100299 case KEY_RSA:
Damien Millereba71ba2000-04-29 23:57:08 +1000300 default:
301 break;
302 }
303 return 0;
304}
305
Damien Miller5428f641999-11-25 11:54:57 +1100306/*
307 * Loads the private key from the file. Returns 0 if an error is encountered
308 * (file does not exist or is not readable, or passphrase is bad). This
309 * initializes the private key.
310 * Assumes we are called under uid of the owner of the file.
311 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000312
313int
Damien Miller0bc1bd82000-11-13 22:57:25 +1100314load_private_key_rsa1(int fd, const char *filename,
Damien Millereba71ba2000-04-29 23:57:08 +1000315 const char *passphrase, RSA * prv, char **comment_return)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000316{
Damien Millereba71ba2000-04-29 23:57:08 +1000317 int i, check1, check2, cipher_type;
Damien Miller95def091999-11-25 00:26:21 +1100318 off_t len;
319 Buffer buffer, decrypted;
320 char *cp;
Damien Miller874d77b2000-10-14 16:23:11 +1100321 CipherContext ciphercontext;
322 Cipher *cipher;
Damien Miller95def091999-11-25 00:26:21 +1100323 BN_CTX *ctx;
324 BIGNUM *aux;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000325
Damien Miller037a0dc1999-12-07 15:38:31 +1100326 len = lseek(fd, (off_t) 0, SEEK_END);
327 lseek(fd, (off_t) 0, SEEK_SET);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000328
Damien Miller95def091999-11-25 00:26:21 +1100329 buffer_init(&buffer);
330 buffer_append_space(&buffer, &cp, len);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000331
Damien Miller037a0dc1999-12-07 15:38:31 +1100332 if (read(fd, cp, (size_t) len) != (size_t) len) {
Damien Miller95def091999-11-25 00:26:21 +1100333 debug("Read from key file %.200s failed: %.100s", filename,
Damien Miller0bc1bd82000-11-13 22:57:25 +1100334 strerror(errno));
Damien Miller95def091999-11-25 00:26:21 +1100335 buffer_free(&buffer);
Damien Miller037a0dc1999-12-07 15:38:31 +1100336 close(fd);
Damien Miller95def091999-11-25 00:26:21 +1100337 return 0;
338 }
Damien Miller037a0dc1999-12-07 15:38:31 +1100339 close(fd);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000340
Damien Miller95def091999-11-25 00:26:21 +1100341 /* Check that it is at least big enought to contain the ID string. */
342 if (len < strlen(AUTHFILE_ID_STRING) + 1) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100343 debug3("Bad RSA1 key file %.200s.", filename);
Damien Miller95def091999-11-25 00:26:21 +1100344 buffer_free(&buffer);
345 return 0;
346 }
Damien Miller5428f641999-11-25 11:54:57 +1100347 /*
348 * Make sure it begins with the id string. Consume the id string
349 * from the buffer.
350 */
Ben Lindstrom46c16222000-12-22 01:43:59 +0000351 for (i = 0; i < (u_int) strlen(AUTHFILE_ID_STRING) + 1; i++)
Damien Miller0bc1bd82000-11-13 22:57:25 +1100352 if (buffer_get_char(&buffer) != (u_char) AUTHFILE_ID_STRING[i]) {
353 debug3("Bad RSA1 key file %.200s.", filename);
Damien Miller95def091999-11-25 00:26:21 +1100354 buffer_free(&buffer);
355 return 0;
356 }
357 /* Read cipher type. */
358 cipher_type = buffer_get_char(&buffer);
359 (void) buffer_get_int(&buffer); /* Reserved data. */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000360
Damien Miller95def091999-11-25 00:26:21 +1100361 /* Read the public key from the buffer. */
362 buffer_get_int(&buffer);
363 prv->n = BN_new();
364 buffer_get_bignum(&buffer, prv->n);
365 prv->e = BN_new();
366 buffer_get_bignum(&buffer, prv->e);
367 if (comment_return)
368 *comment_return = buffer_get_string(&buffer, NULL);
369 else
370 xfree(buffer_get_string(&buffer, NULL));
371
372 /* Check that it is a supported cipher. */
Damien Miller874d77b2000-10-14 16:23:11 +1100373 cipher = cipher_by_number(cipher_type);
374 if (cipher == NULL) {
375 debug("Unsupported cipher %d used in key file %.200s.",
376 cipher_type, filename);
Damien Miller95def091999-11-25 00:26:21 +1100377 buffer_free(&buffer);
378 goto fail;
379 }
380 /* Initialize space for decrypted data. */
381 buffer_init(&decrypted);
382 buffer_append_space(&decrypted, &cp, buffer_len(&buffer));
383
384 /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */
Damien Miller874d77b2000-10-14 16:23:11 +1100385 cipher_set_key_string(&ciphercontext, cipher, passphrase);
Ben Lindstrom46c16222000-12-22 01:43:59 +0000386 cipher_decrypt(&ciphercontext, (u_char *) cp,
387 (u_char *) buffer_ptr(&buffer), buffer_len(&buffer));
Damien Miller874d77b2000-10-14 16:23:11 +1100388 memset(&ciphercontext, 0, sizeof(ciphercontext));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000389 buffer_free(&buffer);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000390
Damien Miller95def091999-11-25 00:26:21 +1100391 check1 = buffer_get_char(&decrypted);
392 check2 = buffer_get_char(&decrypted);
393 if (check1 != buffer_get_char(&decrypted) ||
394 check2 != buffer_get_char(&decrypted)) {
395 if (strcmp(passphrase, "") != 0)
396 debug("Bad passphrase supplied for key file %.200s.", filename);
397 /* Bad passphrase. */
398 buffer_free(&decrypted);
399fail:
400 BN_clear_free(prv->n);
Damien Millereba71ba2000-04-29 23:57:08 +1000401 prv->n = NULL;
Damien Miller95def091999-11-25 00:26:21 +1100402 BN_clear_free(prv->e);
Damien Millereba71ba2000-04-29 23:57:08 +1000403 prv->e = NULL;
Damien Miller95def091999-11-25 00:26:21 +1100404 if (comment_return)
405 xfree(*comment_return);
406 return 0;
407 }
408 /* Read the rest of the private key. */
409 prv->d = BN_new();
410 buffer_get_bignum(&decrypted, prv->d);
411 prv->iqmp = BN_new();
412 buffer_get_bignum(&decrypted, prv->iqmp); /* u */
413 /* in SSL and SSH p and q are exchanged */
414 prv->q = BN_new();
415 buffer_get_bignum(&decrypted, prv->q); /* p */
416 prv->p = BN_new();
417 buffer_get_bignum(&decrypted, prv->p); /* q */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000418
Damien Miller95def091999-11-25 00:26:21 +1100419 ctx = BN_CTX_new();
420 aux = BN_new();
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000421
Damien Miller95def091999-11-25 00:26:21 +1100422 BN_sub(aux, prv->q, BN_value_one());
423 prv->dmq1 = BN_new();
424 BN_mod(prv->dmq1, prv->d, aux, ctx);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000425
Damien Miller95def091999-11-25 00:26:21 +1100426 BN_sub(aux, prv->p, BN_value_one());
427 prv->dmp1 = BN_new();
428 BN_mod(prv->dmp1, prv->d, aux, ctx);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000429
Damien Miller95def091999-11-25 00:26:21 +1100430 BN_clear_free(aux);
431 BN_CTX_free(ctx);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000432
Damien Miller95def091999-11-25 00:26:21 +1100433 buffer_free(&decrypted);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000434
Damien Miller95def091999-11-25 00:26:21 +1100435 return 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000436}
Damien Millereba71ba2000-04-29 23:57:08 +1000437
438int
Damien Miller0bc1bd82000-11-13 22:57:25 +1100439load_private_key_ssh2(int fd, const char *passphrase, Key *k, char **comment_return)
Damien Millereba71ba2000-04-29 23:57:08 +1000440{
Damien Millereba71ba2000-04-29 23:57:08 +1000441 FILE *fp;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100442 int success = 0;
443 EVP_PKEY *pk = NULL;
444 char *name = "<no key>";
Damien Millereba71ba2000-04-29 23:57:08 +1000445
Damien Millereba71ba2000-04-29 23:57:08 +1000446 fp = fdopen(fd, "r");
447 if (fp == NULL) {
448 error("fdopen failed");
449 return 0;
450 }
Damien Miller0bc1bd82000-11-13 22:57:25 +1100451 pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
452 if (pk == NULL) {
453 debug("PEM_read_PrivateKey failed");
454 (void)ERR_get_error();
455 } else if (pk->type == EVP_PKEY_RSA) {
456 /* replace k->rsa with loaded key */
457 if (k->type == KEY_RSA || k->type == KEY_UNSPEC) {
458 if (k->rsa != NULL)
459 RSA_free(k->rsa);
460 k->rsa = EVP_PKEY_get1_RSA(pk);
461 k->type = KEY_RSA;
462 name = "rsa w/o comment";
463 success = 1;
464#ifdef DEBUG_PK
465 RSA_print_fp(stderr, k->rsa, 8);
Damien Millereba71ba2000-04-29 23:57:08 +1000466#endif
Damien Miller0bc1bd82000-11-13 22:57:25 +1100467 }
468 } else if (pk->type == EVP_PKEY_DSA) {
469 /* replace k->dsa with loaded key */
470 if (k->type == KEY_DSA || k->type == KEY_UNSPEC) {
471 if (k->dsa != NULL)
472 DSA_free(k->dsa);
473 k->dsa = EVP_PKEY_get1_DSA(pk);
474 k->type = KEY_DSA;
475 name = "dsa w/o comment";
476#ifdef DEBUG_PK
477 DSA_print_fp(stderr, k->dsa, 8);
478#endif
479 success = 1;
480 }
481 } else {
482 error("PEM_read_PrivateKey: mismatch or "
483 "unknown EVP_PKEY save_type %d", pk->save_type);
484 }
485 fclose(fp);
486 if (pk != NULL)
487 EVP_PKEY_free(pk);
488 if (success && comment_return)
489 *comment_return = xstrdup(name);
490 debug("read SSH2 private key done: name %s success %d", name, success);
491 return success;
Damien Millereba71ba2000-04-29 23:57:08 +1000492}
493
494int
495load_private_key(const char *filename, const char *passphrase, Key *key,
496 char **comment_return)
497{
498 int fd;
499 int ret = 0;
500 struct stat st;
501
502 fd = open(filename, O_RDONLY);
503 if (fd < 0)
504 return 0;
505
Damien Millercb5e44a2000-09-29 12:12:36 +1100506 /* check owner and modes */
Damien Millerb70b61f2000-09-16 16:25:12 +1100507#ifdef HAVE_CYGWIN
Damien Millercb5e44a2000-09-29 12:12:36 +1100508 if (check_ntsec(filename))
Damien Millerb70b61f2000-09-16 16:25:12 +1100509#endif
Damien Millereba71ba2000-04-29 23:57:08 +1000510 if (fstat(fd, &st) < 0 ||
Ben Lindstrom46c16222000-12-22 01:43:59 +0000511 (st.st_uid != 0 && getuid() != 0 && st.st_uid != getuid()) ||
Damien Millereba71ba2000-04-29 23:57:08 +1000512 (st.st_mode & 077) != 0) {
513 close(fd);
514 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
515 error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
516 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
517 error("Bad ownership or mode(0%3.3o) for '%s'.",
518 st.st_mode & 0777, filename);
519 error("It is recommended that your private key files are NOT accessible by others.");
520 return 0;
521 }
522 switch (key->type) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100523 case KEY_RSA1:
Damien Millereba71ba2000-04-29 23:57:08 +1000524 if (key->rsa->e != NULL) {
525 BN_clear_free(key->rsa->e);
526 key->rsa->e = NULL;
527 }
528 if (key->rsa->n != NULL) {
529 BN_clear_free(key->rsa->n);
530 key->rsa->n = NULL;
531 }
Damien Miller0bc1bd82000-11-13 22:57:25 +1100532 ret = load_private_key_rsa1(fd, filename, passphrase,
Damien Millereba71ba2000-04-29 23:57:08 +1000533 key->rsa, comment_return);
534 break;
535 case KEY_DSA:
Damien Miller0bc1bd82000-11-13 22:57:25 +1100536 case KEY_RSA:
537 case KEY_UNSPEC:
538 ret = load_private_key_ssh2(fd, passphrase, key, comment_return);
Damien Millereba71ba2000-04-29 23:57:08 +1000539 default:
540 break;
541 }
542 close(fd);
543 return ret;
544}
Damien Millere4340be2000-09-16 13:29:08 +1100545
546int
547do_load_public_key(const char *filename, Key *k, char **commentp)
548{
549 FILE *f;
Damien Millere4340be2000-09-16 13:29:08 +1100550 char line[1024];
551 char *cp;
552
553 f = fopen(filename, "r");
554 if (f != NULL) {
555 while (fgets(line, sizeof(line), f)) {
556 line[sizeof(line)-1] = '\0';
557 cp = line;
558 switch(*cp){
559 case '#':
560 case '\n':
561 case '\0':
562 continue;
563 }
564 /* Skip leading whitespace. */
565 for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
566 ;
567 if (*cp) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100568 if (key_read(k, &cp) == 1) {
Damien Millere4340be2000-09-16 13:29:08 +1100569 if (commentp)
570 *commentp=xstrdup(filename);
571 fclose(f);
572 return 1;
573 }
574 }
575 }
576 fclose(f);
577 }
578 return 0;
579}
580
581/* load public key from pubkey file */
582int
583try_load_public_key(const char *filename, Key *k, char **commentp)
584{
585 char pub[MAXPATHLEN];
586
587 if (do_load_public_key(filename, k, commentp) == 1)
588 return 1;
589 if (strlcpy(pub, filename, sizeof pub) >= MAXPATHLEN)
590 return 0;
591 if (strlcat(pub, ".pub", sizeof pub) >= MAXPATHLEN)
592 return 0;
593 if (do_load_public_key(pub, k, commentp) == 1)
594 return 1;
595 return 0;
596}