Blame - key.c - platform/external/openssh

blob: 5cc4132c011f256d9f78f00b411f990a71881237 [file] [log] [blame]

Damien Miller	c51a5ab	2011-10-18 16:06:14 +1100	[diff] [blame]	1	/* $OpenBSD: key.c,v 1.98 2011/10/18 04:58:26 djm Exp $ */
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	2	/*
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	3	* read_bignum():
				4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
				5	*
				6	* As far as I am concerned, the code I have written for this software
				7	* can be used freely for any purpose. Any derived versions of this
				8	* software must be clearly marked as such, and if the derived work is
				9	* incompatible with the protocol description in the RFC file, it must be
				10	* called by a name other than "ssh" or "Secure Shell".
				11	*
				12	*
Ben Lindstrom	4469723	2001-07-04 03:32:30 +0000	[diff] [blame]	13	* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
Darren Tucker	0f0ef0a	2008-06-13 08:58:05 +1000	[diff] [blame]	14	* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	15	*
				16	* Redistribution and use in source and binary forms, with or without
				17	* modification, are permitted provided that the following conditions
				18	* are met:
				19	* 1. Redistributions of source code must retain the above copyright
				20	* notice, this list of conditions and the following disclaimer.
				21	* 2. Redistributions in binary form must reproduce the above copyright
				22	* notice, this list of conditions and the following disclaimer in the
				23	* documentation and/or other materials provided with the distribution.
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	24	*
				25	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				26	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				27	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				28	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				29	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				30	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				31	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				32	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				33	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				34	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
				35	*/
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	36
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	37	#include "includes.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	38
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	39	#include <sys/param.h>
Damien Miller	d783435	2006-08-05 12:39:39 +1000	[diff] [blame]	40	#include <sys/types.h>
				41
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	42	#include <openssl/evp.h>
Darren Tucker	3d295a6	2008-02-28 19:22:04 +1100	[diff] [blame]	43	#include <openbsd-compat/openssl-compat.h>
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	44
Damien Miller	ded319c	2006-09-01 15:38:36 +1000	[diff] [blame]	45	#include <stdarg.h>
Damien Miller	a7a73ee	2006-08-05 11:37:59 +1000	[diff] [blame]	46	#include <stdio.h>
Damien Miller	e3476ed	2006-07-24 14:13:33 +1000	[diff] [blame]	47	#include <string.h>
				48
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	49	#include "xmalloc.h"
				50	#include "key.h"
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	51	#include "rsa.h"
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	52	#include "uuencode.h"
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	53	#include "buffer.h"
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	54	#include "log.h"
Damien Miller	8a0268f	2010-07-16 13:57:51 +1000	[diff] [blame]	55	#include "misc.h"
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	56	#include "ssh2.h"
				57
				58	static struct KeyCert *
				59	cert_new(void)
				60	{
				61	struct KeyCert *cert;
				62
				63	cert = xcalloc(1, sizeof(*cert));
				64	buffer_init(&cert->certblob);
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	65	buffer_init(&cert->critical);
				66	buffer_init(&cert->extensions);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	67	cert->key_id = NULL;
				68	cert->principals = NULL;
				69	cert->signature_key = NULL;
				70	return cert;
				71	}
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	72
				73	Key *
				74	key_new(int type)
				75	{
				76	Key *k;
				77	RSA *rsa;
				78	DSA *dsa;
Damien Miller	07d86be	2006-03-26 14:19:21 +1100	[diff] [blame]	79	k = xcalloc(1, sizeof(*k));
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	80	k->type = type;
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	81	k->ecdsa = NULL;
				82	k->ecdsa_nid = -1;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	83	k->dsa = NULL;
				84	k->rsa = NULL;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	85	k->cert = NULL;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	86	switch (k->type) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	87	case KEY_RSA1:
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	88	case KEY_RSA:
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	89	case KEY_RSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	90	case KEY_RSA_CERT:
Damien Miller	da75516	2002-01-22 23:09:22 +1100	[diff] [blame]	91	if ((rsa = RSA_new()) == NULL)
				92	fatal("key_new: RSA_new failed");
				93	if ((rsa->n = BN_new()) == NULL)
				94	fatal("key_new: BN_new failed");
				95	if ((rsa->e = BN_new()) == NULL)
				96	fatal("key_new: BN_new failed");
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	97	k->rsa = rsa;
				98	break;
				99	case KEY_DSA:
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	100	case KEY_DSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	101	case KEY_DSA_CERT:
Damien Miller	da75516	2002-01-22 23:09:22 +1100	[diff] [blame]	102	if ((dsa = DSA_new()) == NULL)
				103	fatal("key_new: DSA_new failed");
				104	if ((dsa->p = BN_new()) == NULL)
				105	fatal("key_new: BN_new failed");
				106	if ((dsa->q = BN_new()) == NULL)
				107	fatal("key_new: BN_new failed");
				108	if ((dsa->g = BN_new()) == NULL)
				109	fatal("key_new: BN_new failed");
				110	if ((dsa->pub_key = BN_new()) == NULL)
				111	fatal("key_new: BN_new failed");
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	112	k->dsa = dsa;
				113	break;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	114	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	115	case KEY_ECDSA:
				116	case KEY_ECDSA_CERT:
				117	/* Cannot do anything until we know the group */
				118	break;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	119	#endif
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	120	case KEY_UNSPEC:
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	121	break;
				122	default:
				123	fatal("key_new: bad key type %d", k->type);
				124	break;
				125	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	126
				127	if (key_is_cert(k))
				128	k->cert = cert_new();
				129
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	130	return k;
				131	}
Ben Lindstrom	836f0e9	2002-06-23 21:21:30 +0000	[diff] [blame]	132
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	133	void
				134	key_add_private(Key *k)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	135	{
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	136	switch (k->type) {
				137	case KEY_RSA1:
				138	case KEY_RSA:
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	139	case KEY_RSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	140	case KEY_RSA_CERT:
Damien Miller	da75516	2002-01-22 23:09:22 +1100	[diff] [blame]	141	if ((k->rsa->d = BN_new()) == NULL)
				142	fatal("key_new_private: BN_new failed");
				143	if ((k->rsa->iqmp = BN_new()) == NULL)
				144	fatal("key_new_private: BN_new failed");
				145	if ((k->rsa->q = BN_new()) == NULL)
				146	fatal("key_new_private: BN_new failed");
				147	if ((k->rsa->p = BN_new()) == NULL)
				148	fatal("key_new_private: BN_new failed");
				149	if ((k->rsa->dmq1 = BN_new()) == NULL)
				150	fatal("key_new_private: BN_new failed");
				151	if ((k->rsa->dmp1 = BN_new()) == NULL)
				152	fatal("key_new_private: BN_new failed");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	153	break;
				154	case KEY_DSA:
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	155	case KEY_DSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	156	case KEY_DSA_CERT:
Damien Miller	da75516	2002-01-22 23:09:22 +1100	[diff] [blame]	157	if ((k->dsa->priv_key = BN_new()) == NULL)
				158	fatal("key_new_private: BN_new failed");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	159	break;
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	160	case KEY_ECDSA:
				161	case KEY_ECDSA_CERT:
				162	/* Cannot do anything until we know the group */
				163	break;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	164	case KEY_UNSPEC:
				165	break;
				166	default:
				167	break;
				168	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	169	}
				170
				171	Key *
				172	key_new_private(int type)
				173	{
				174	Key *k = key_new(type);
				175
				176	key_add_private(k);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	177	return k;
				178	}
Ben Lindstrom	836f0e9	2002-06-23 21:21:30 +0000	[diff] [blame]	179
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	180	static void
				181	cert_free(struct KeyCert *cert)
				182	{
				183	u_int i;
				184
				185	buffer_free(&cert->certblob);
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	186	buffer_free(&cert->critical);
				187	buffer_free(&cert->extensions);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	188	if (cert->key_id != NULL)
				189	xfree(cert->key_id);
				190	for (i = 0; i < cert->nprincipals; i++)
				191	xfree(cert->principals[i]);
				192	if (cert->principals != NULL)
				193	xfree(cert->principals);
				194	if (cert->signature_key != NULL)
				195	key_free(cert->signature_key);
				196	}
				197
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	198	void
				199	key_free(Key *k)
				200	{
Damien Miller	429fcc2	2006-03-26 14:02:16 +1100	[diff] [blame]	201	if (k == NULL)
Damien Miller	bbaad77	2006-03-26 14:03:03 +1100	[diff] [blame]	202	fatal("key_free: key is NULL");
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	203	switch (k->type) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	204	case KEY_RSA1:
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	205	case KEY_RSA:
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	206	case KEY_RSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	207	case KEY_RSA_CERT:
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	208	if (k->rsa != NULL)
				209	RSA_free(k->rsa);
				210	k->rsa = NULL;
				211	break;
				212	case KEY_DSA:
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	213	case KEY_DSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	214	case KEY_DSA_CERT:
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	215	if (k->dsa != NULL)
				216	DSA_free(k->dsa);
				217	k->dsa = NULL;
				218	break;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	219	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	220	case KEY_ECDSA:
				221	case KEY_ECDSA_CERT:
				222	if (k->ecdsa != NULL)
				223	EC_KEY_free(k->ecdsa);
				224	k->ecdsa = NULL;
				225	break;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	226	#endif
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	227	case KEY_UNSPEC:
				228	break;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	229	default:
				230	fatal("key_free: bad key type %d", k->type);
				231	break;
				232	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	233	if (key_is_cert(k)) {
				234	if (k->cert != NULL)
				235	cert_free(k->cert);
				236	k->cert = NULL;
				237	}
				238
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	239	xfree(k);
				240	}
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	241
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	242	static int
				243	cert_compare(struct KeyCert a, struct KeyCert b)
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	244	{
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	245	if (a == NULL && b == NULL)
				246	return 1;
				247	if (a == NULL \|\| b == NULL)
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	248	return 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	249	if (buffer_len(&a->certblob) != buffer_len(&b->certblob))
				250	return 0;
Damien Miller	ea1651c	2010-07-16 13:58:37 +1000	[diff] [blame]	251	if (timingsafe_bcmp(buffer_ptr(&a->certblob), buffer_ptr(&b->certblob),
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	252	buffer_len(&a->certblob)) != 0)
				253	return 0;
				254	return 1;
				255	}
				256
				257	/*
				258	* Compare public portions of key only, allowing comparisons between
				259	* certificates and plain keys too.
				260	*/
				261	int
				262	key_equal_public(const Key a, const Key b)
				263	{
Darren Tucker	8ccb739	2010-09-10 12:28:24 +1000	[diff] [blame]	264	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	265	BN_CTX *bnctx;
Darren Tucker	8ccb739	2010-09-10 12:28:24 +1000	[diff] [blame]	266	#endif
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	267
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	268	if (a == NULL \|\| b == NULL \|\|
				269	key_type_plain(a->type) != key_type_plain(b->type))
				270	return 0;
				271
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	272	switch (a->type) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	273	case KEY_RSA1:
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	274	case KEY_RSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	275	case KEY_RSA_CERT:
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	276	case KEY_RSA:
				277	return a->rsa != NULL && b->rsa != NULL &&
				278	BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
				279	BN_cmp(a->rsa->n, b->rsa->n) == 0;
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	280	case KEY_DSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	281	case KEY_DSA_CERT:
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	282	case KEY_DSA:
				283	return a->dsa != NULL && b->dsa != NULL &&
				284	BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
				285	BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
				286	BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
				287	BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	288	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	289	case KEY_ECDSA_CERT:
				290	case KEY_ECDSA:
				291	if (a->ecdsa == NULL \|\| b->ecdsa == NULL \|\|
				292	EC_KEY_get0_public_key(a->ecdsa) == NULL \|\|
				293	EC_KEY_get0_public_key(b->ecdsa) == NULL)
				294	return 0;
				295	if ((bnctx = BN_CTX_new()) == NULL)
				296	fatal("%s: BN_CTX_new failed", __func__);
				297	if (EC_GROUP_cmp(EC_KEY_get0_group(a->ecdsa),
				298	EC_KEY_get0_group(b->ecdsa), bnctx) != 0 \|\|
				299	EC_POINT_cmp(EC_KEY_get0_group(a->ecdsa),
				300	EC_KEY_get0_public_key(a->ecdsa),
				301	EC_KEY_get0_public_key(b->ecdsa), bnctx) != 0) {
				302	BN_CTX_free(bnctx);
				303	return 0;
				304	}
				305	BN_CTX_free(bnctx);
				306	return 1;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	307	#endif /* OPENSSL_HAS_ECC */
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	308	default:
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	309	fatal("key_equal: bad key type %d", a->type);
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	310	}
Damien Miller	87dd5f2	2008-07-11 17:35:09 +1000	[diff] [blame]	311	/* NOTREACHED */
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	312	}
				313
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	314	int
				315	key_equal(const Key a, const Key b)
				316	{
				317	if (a == NULL \|\| b == NULL \|\| a->type != b->type)
				318	return 0;
				319	if (key_is_cert(a)) {
				320	if (!cert_compare(a->cert, b->cert))
				321	return 0;
				322	}
				323	return key_equal_public(a, b);
				324	}
				325
Damien Miller	37876e9	2003-05-15 10:19:46 +1000	[diff] [blame]	326	u_char*
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	327	key_fingerprint_raw(Key k, enum fp_type dgst_type, u_int dgst_raw_length)
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	328	{
Ben Lindstrom	80cb27d	2002-03-05 01:33:36 +0000	[diff] [blame]	329	const EVP_MD *md = NULL;
Ben Lindstrom	f0b4853	2001-03-12 02:59:31 +0000	[diff] [blame]	330	EVP_MD_CTX ctx;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	331	u_char *blob = NULL;
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	332	u_char *retval = NULL;
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	333	u_int len = 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	334	int nlen, elen, otype;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	335
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	336	*dgst_raw_length = 0;
				337
Ben Lindstrom	f0b4853	2001-03-12 02:59:31 +0000	[diff] [blame]	338	switch (dgst_type) {
				339	case SSH_FP_MD5:
				340	md = EVP_md5();
				341	break;
				342	case SSH_FP_SHA1:
				343	md = EVP_sha1();
				344	break;
				345	default:
				346	fatal("key_fingerprint_raw: bad digest type %d",
				347	dgst_type);
				348	}
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	349	switch (k->type) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	350	case KEY_RSA1:
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	351	nlen = BN_num_bytes(k->rsa->n);
				352	elen = BN_num_bytes(k->rsa->e);
				353	len = nlen + elen;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	354	blob = xmalloc(len);
				355	BN_bn2bin(k->rsa->n, blob);
				356	BN_bn2bin(k->rsa->e, blob + nlen);
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	357	break;
				358	case KEY_DSA:
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	359	case KEY_ECDSA:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	360	case KEY_RSA:
				361	key_to_blob(k, &blob, &len);
				362	break;
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	363	case KEY_DSA_CERT_V00:
				364	case KEY_RSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	365	case KEY_DSA_CERT:
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	366	case KEY_ECDSA_CERT:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	367	case KEY_RSA_CERT:
				368	/* We want a fingerprint of the _key_ not of the cert */
				369	otype = k->type;
				370	k->type = key_type_plain(k->type);
				371	key_to_blob(k, &blob, &len);
				372	k->type = otype;
				373	break;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	374	case KEY_UNSPEC:
				375	return retval;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	376	default:
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	377	fatal("key_fingerprint_raw: bad key type %d", k->type);
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	378	break;
				379	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	380	if (blob != NULL) {
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	381	retval = xmalloc(EVP_MAX_MD_SIZE);
Damien Miller	6536c7d	2000-06-22 21:32:31 +1000	[diff] [blame]	382	EVP_DigestInit(&ctx, md);
				383	EVP_DigestUpdate(&ctx, blob, len);
Damien Miller	3672e4b	2002-02-05 11:54:07 +1100	[diff] [blame]	384	EVP_DigestFinal(&ctx, retval, dgst_raw_length);
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	385	memset(blob, 0, len);
				386	xfree(blob);
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	387	} else {
				388	fatal("key_fingerprint_raw: blob is null");
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	389	}
				390	return retval;
				391	}
				392
Ben Lindstrom	a962c2f	2002-07-04 00:14:17 +0000	[diff] [blame]	393	static char *
				394	key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len)
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	395	{
				396	char *retval;
Damien Miller	eccb9de	2005-06-17 12:59:34 +1000	[diff] [blame]	397	u_int i;
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	398
Damien Miller	07d86be	2006-03-26 14:19:21 +1100	[diff] [blame]	399	retval = xcalloc(1, dgst_raw_len * 3 + 1);
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	400	for (i = 0; i < dgst_raw_len; i++) {
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	401	char hex[4];
				402	snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
Darren Tucker	2958861	2003-07-14 17:28:34 +1000	[diff] [blame]	403	strlcat(retval, hex, dgst_raw_len * 3 + 1);
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	404	}
Darren Tucker	2958861	2003-07-14 17:28:34 +1000	[diff] [blame]	405
				406	/* Remove the trailing ':' character */
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	407	retval[(dgst_raw_len * 3) - 1] = '\0';
				408	return retval;
				409	}
				410
Ben Lindstrom	a962c2f	2002-07-04 00:14:17 +0000	[diff] [blame]	411	static char *
				412	key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len)
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	413	{
				414	char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' };
				415	char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm',
				416	'n', 'p', 'r', 's', 't', 'v', 'z', 'x' };
Ben Lindstrom	cbe3ad2	2001-03-11 20:06:59 +0000	[diff] [blame]	417	u_int i, j = 0, rounds, seed = 1;
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	418	char *retval;
				419
				420	rounds = (dgst_raw_len / 2) + 1;
Damien Miller	07d86be	2006-03-26 14:19:21 +1100	[diff] [blame]	421	retval = xcalloc((rounds * 6), sizeof(char));
Ben Lindstrom	cbe3ad2	2001-03-11 20:06:59 +0000	[diff] [blame]	422	retval[j++] = 'x';
				423	for (i = 0; i < rounds; i++) {
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	424	u_int idx0, idx1, idx2, idx3, idx4;
Ben Lindstrom	cbe3ad2	2001-03-11 20:06:59 +0000	[diff] [blame]	425	if ((i + 1 < rounds) \|\| (dgst_raw_len % 2 != 0)) {
				426	idx0 = (((((u_int)(dgst_raw[2 * i])) >> 6) & 3) +
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	427	seed) % 6;
Ben Lindstrom	cbe3ad2	2001-03-11 20:06:59 +0000	[diff] [blame]	428	idx1 = (((u_int)(dgst_raw[2 * i])) >> 2) & 15;
				429	idx2 = ((((u_int)(dgst_raw[2 * i])) & 3) +
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	430	(seed / 6)) % 6;
Ben Lindstrom	cbe3ad2	2001-03-11 20:06:59 +0000	[diff] [blame]	431	retval[j++] = vowels[idx0];
				432	retval[j++] = consonants[idx1];
				433	retval[j++] = vowels[idx2];
				434	if ((i + 1) < rounds) {
				435	idx3 = (((u_int)(dgst_raw[(2 * i) + 1])) >> 4) & 15;
				436	idx4 = (((u_int)(dgst_raw[(2 * i) + 1]))) & 15;
				437	retval[j++] = consonants[idx3];
				438	retval[j++] = '-';
				439	retval[j++] = consonants[idx4];
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	440	seed = ((seed * 5) +
Ben Lindstrom	cbe3ad2	2001-03-11 20:06:59 +0000	[diff] [blame]	441	((((u_int)(dgst_raw[2 * i])) * 7) +
				442	((u_int)(dgst_raw[(2 * i) + 1])))) % 36;
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	443	}
				444	} else {
				445	idx0 = seed % 6;
				446	idx1 = 16;
				447	idx2 = seed / 6;
Ben Lindstrom	cbe3ad2	2001-03-11 20:06:59 +0000	[diff] [blame]	448	retval[j++] = vowels[idx0];
				449	retval[j++] = consonants[idx1];
				450	retval[j++] = vowels[idx2];
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	451	}
				452	}
Ben Lindstrom	cbe3ad2	2001-03-11 20:06:59 +0000	[diff] [blame]	453	retval[j++] = 'x';
				454	retval[j++] = '\0';
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	455	return retval;
				456	}
				457
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	458	/*
				459	* Draw an ASCII-Art representing the fingerprint so human brain can
				460	* profit from its built-in pattern recognition ability.
				461	* This technique is called "random art" and can be found in some
				462	* scientific publications like this original paper:
				463	*
				464	* "Hash Visualization: a New Technique to improve Real-World Security",
				465	* Perrig A. and Song D., 1999, International Workshop on Cryptographic
				466	* Techniques and E-Commerce (CrypTEC '99)
				467	* sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
				468	*
				469	* The subject came up in a talk by Dan Kaminsky, too.
				470	*
				471	* If you see the picture is different, the key is different.
				472	* If the picture looks the same, you still know nothing.
				473	*
				474	* The algorithm used here is a worm crawling over a discrete plane,
				475	* leaving a trace (augmenting the field) everywhere it goes.
				476	* Movement is taken from dgst_raw 2bit-wise. Bumping into walls
				477	* makes the respective movement vector be ignored for this turn.
				478	* Graphs are not unambiguous, because circles in graphs can be
				479	* walked in either direction.
				480	*/
Darren Tucker	987ac84	2008-06-13 04:54:40 +1000	[diff] [blame]	481
				482	/*
				483	* Field sizes for the random art. Have to be odd, so the starting point
				484	* can be in the exact middle of the picture, and FLDBASE should be >=8 .
				485	* Else pictures would be too dense, and drawing the frame would
				486	* fail, too, because the key type would not fit in anymore.
				487	*/
				488	#define FLDBASE 8
				489	#define FLDSIZE_Y (FLDBASE + 1)
				490	#define FLDSIZE_X (FLDBASE * 2 + 1)
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	491	static char *
Darren Tucker	987ac84	2008-06-13 04:54:40 +1000	[diff] [blame]	492	key_fingerprint_randomart(u_char dgst_raw, u_int dgst_raw_len, const Key k)
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	493	{
				494	/*
				495	* Chars to be used after each other every time the worm
				496	* intersects with itself. Matter of taste.
				497	*/
Darren Tucker	4b3b977	2008-06-13 04:55:10 +1000	[diff] [blame]	498	char augmentation_string = " .o+=BOX@%&#/^SE";
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	499	char retval, p;
Darren Tucker	014d76f	2008-06-13 04:43:51 +1000	[diff] [blame]	500	u_char field[FLDSIZE_X][FLDSIZE_Y];
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	501	u_int i, b;
				502	int x, y;
Darren Tucker	d32b28a	2008-06-13 04:45:50 +1000	[diff] [blame]	503	size_t len = strlen(augmentation_string) - 1;
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	504
				505	retval = xcalloc(1, (FLDSIZE_X + 3) * (FLDSIZE_Y + 2));
				506
				507	/* initialize field */
Darren Tucker	014d76f	2008-06-13 04:43:51 +1000	[diff] [blame]	508	memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char));
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	509	x = FLDSIZE_X / 2;
				510	y = FLDSIZE_Y / 2;
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	511
				512	/* process raw key */
				513	for (i = 0; i < dgst_raw_len; i++) {
				514	int input;
				515	/* each byte conveys four 2-bit move commands */
				516	input = dgst_raw[i];
				517	for (b = 0; b < 4; b++) {
				518	/* evaluate 2 bit, rest is shifted later */
				519	x += (input & 0x1) ? 1 : -1;
				520	y += (input & 0x2) ? 1 : -1;
				521
				522	/* assure we are still in bounds */
				523	x = MAX(x, 0);
				524	y = MAX(y, 0);
				525	x = MIN(x, FLDSIZE_X - 1);
				526	y = MIN(y, FLDSIZE_Y - 1);
				527
				528	/* augment the field */
Damien Miller	c6aadd9	2008-11-03 19:16:20 +1100	[diff] [blame]	529	if (field[x][y] < len - 2)
				530	field[x][y]++;
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	531	input = input >> 2;
				532	}
				533	}
Darren Tucker	4b3b977	2008-06-13 04:55:10 +1000	[diff] [blame]	534
				535	/* mark starting point and end point*/
				536	field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1;
				537	field[x][y] = len;
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	538
				539	/* fill in retval */
Damien Miller	007132a	2008-06-29 22:45:37 +1000	[diff] [blame]	540	snprintf(retval, FLDSIZE_X, "+--[%4s %4u]", key_type(k), key_size(k));
Darren Tucker	987ac84	2008-06-13 04:54:40 +1000	[diff] [blame]	541	p = strchr(retval, '\0');
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	542
				543	/* output upper border */
Damien Miller	007132a	2008-06-29 22:45:37 +1000	[diff] [blame]	544	for (i = p - retval - 1; i < FLDSIZE_X; i++)
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	545	*p++ = '-';
				546	*p++ = '+';
				547	*p++ = '\n';
				548
				549	/* output content */
				550	for (y = 0; y < FLDSIZE_Y; y++) {
				551	*p++ = '\|';
				552	for (x = 0; x < FLDSIZE_X; x++)
Darren Tucker	d32b28a	2008-06-13 04:45:50 +1000	[diff] [blame]	553	*p++ = augmentation_string[MIN(field[x][y], len)];
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	554	*p++ = '\|';
				555	*p++ = '\n';
				556	}
				557
				558	/* output lower border */
				559	*p++ = '+';
				560	for (i = 0; i < FLDSIZE_X; i++)
				561	*p++ = '-';
				562	*p++ = '+';
				563
				564	return retval;
				565	}
				566
Ben Lindstrom	a962c2f	2002-07-04 00:14:17 +0000	[diff] [blame]	567	char *
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	568	key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	569	{
Ben Lindstrom	a370005	2001-04-05 23:26:32 +0000	[diff] [blame]	570	char *retval = NULL;
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	571	u_char *dgst_raw;
Damien Miller	3672e4b	2002-02-05 11:54:07 +1100	[diff] [blame]	572	u_int dgst_raw_len;
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	573
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	574	dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len);
				575	if (!dgst_raw)
Ben Lindstrom	cfccef9	2001-03-13 04:57:58 +0000	[diff] [blame]	576	fatal("key_fingerprint: null from key_fingerprint_raw()");
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	577	switch (dgst_rep) {
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	578	case SSH_FP_HEX:
				579	retval = key_fingerprint_hex(dgst_raw, dgst_raw_len);
				580	break;
				581	case SSH_FP_BUBBLEBABBLE:
				582	retval = key_fingerprint_bubblebabble(dgst_raw, dgst_raw_len);
				583	break;
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	584	case SSH_FP_RANDOMART:
Darren Tucker	987ac84	2008-06-13 04:54:40 +1000	[diff] [blame]	585	retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len, k);
Darren Tucker	9c16ac9	2008-06-13 04:40:35 +1000	[diff] [blame]	586	break;
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	587	default:
Damien Miller	2f54ada	2008-11-03 19:24:16 +1100	[diff] [blame]	588	fatal("key_fingerprint: bad digest representation %d",
Ben Lindstrom	96e8ea6	2001-03-11 20:03:44 +0000	[diff] [blame]	589	dgst_rep);
				590	break;
				591	}
				592	memset(dgst_raw, 0, dgst_raw_len);
				593	xfree(dgst_raw);
				594	return retval;
				595	}
				596
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	597	/*
				598	* Reads a multiple-precision integer in decimal from the buffer, and advances
				599	* the pointer. The integer must already be initialized. This function is
				600	* permitted to modify the buffer. This leaves *cpp to point just beyond the
				601	* last processed (and maybe modified) character. Note that this may modify
				602	* the buffer containing the number.
				603	*/
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	604	static int
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	605	read_bignum(char *cpp, BIGNUM value)
				606	{
				607	char cp = cpp;
				608	int old;
				609
				610	/* Skip any leading whitespace. */
				611	for (; cp == ' ' \|\| cp == '\t'; cp++)
				612	;
				613
				614	/* Check that it begins with a decimal digit. */
				615	if (cp < '0' \|\| cp > '9')
				616	return 0;
				617
				618	/* Save starting position. */
				619	*cpp = cp;
				620
				621	/* Move forward until all decimal digits skipped. */
				622	for (; cp >= '0' && cp <= '9'; cp++)
				623	;
				624
				625	/* Save the old terminating character, and replace it by \0. */
				626	old = *cp;
				627	*cp = 0;
				628
				629	/* Parse the number. */
				630	if (BN_dec2bn(&value, *cpp) == 0)
				631	return 0;
				632
				633	/* Restore old terminating character. */
				634	*cp = old;
				635
				636	/* Move beyond the number and return success. */
				637	*cpp = cp;
				638	return 1;
				639	}
Ben Lindstrom	836f0e9	2002-06-23 21:21:30 +0000	[diff] [blame]	640
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	641	static int
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	642	write_bignum(FILE f, BIGNUM num)
				643	{
				644	char *buf = BN_bn2dec(num);
				645	if (buf == NULL) {
				646	error("write_bignum: BN_bn2dec() failed");
				647	return 0;
				648	}
				649	fprintf(f, " %s", buf);
Damien Miller	af3030f	2001-10-10 15:00:49 +1000	[diff] [blame]	650	OPENSSL_free(buf);
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	651	return 1;
				652	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	653
Ben Lindstrom	309f3d1	2001-09-20 00:55:53 +0000	[diff] [blame]	654	/* returns 1 ok, -1 error */
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	655	int
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	656	key_read(Key ret, char *cpp)
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	657	{
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	658	Key *k;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	659	int success = -1;
				660	char cp, space;
Darren Tucker	8ccb739	2010-09-10 12:28:24 +1000	[diff] [blame]	661	int len, n, type;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	662	u_int bits;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	663	u_char *blob;
Darren Tucker	8ccb739	2010-09-10 12:28:24 +1000	[diff] [blame]	664	#ifdef OPENSSL_HAS_ECC
				665	int curve_nid = -1;
				666	#endif
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	667
				668	cp = *cpp;
				669
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	670	switch (ret->type) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	671	case KEY_RSA1:
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	672	/* Get number of bits. */
				673	if (cp < '0' \|\| cp > '9')
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	674	return -1; /* Bad bit count... */
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	675	for (bits = 0; cp >= '0' && cp <= '9'; cp++)
				676	bits = 10 * bits + *cp - '0';
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	677	if (bits == 0)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	678	return -1;
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	679	*cpp = cp;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	680	/* Get public exponent, public modulus. */
				681	if (!read_bignum(cpp, ret->rsa->e))
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	682	return -1;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	683	if (!read_bignum(cpp, ret->rsa->n))
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	684	return -1;
Darren Tucker	561724f	2010-01-13 22:43:05 +1100	[diff] [blame]	685	/* validate the claimed number of bits */
				686	if ((u_int)BN_num_bits(ret->rsa->n) != bits) {
				687	verbose("key_read: claimed key size %d does not match "
				688	"actual %d", bits, BN_num_bits(ret->rsa->n));
				689	return -1;
				690	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	691	success = 1;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	692	break;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	693	case KEY_UNSPEC:
				694	case KEY_RSA:
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	695	case KEY_DSA:
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	696	case KEY_ECDSA:
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	697	case KEY_DSA_CERT_V00:
				698	case KEY_RSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	699	case KEY_DSA_CERT:
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	700	case KEY_ECDSA_CERT:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	701	case KEY_RSA_CERT:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	702	space = strchr(cp, ' ');
				703	if (space == NULL) {
Damien Miller	386f1f3	2003-02-24 11:54:57 +1100	[diff] [blame]	704	debug3("key_read: missing whitespace");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	705	return -1;
				706	}
				707	*space = '\0';
				708	type = key_type_from_name(cp);
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	709	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	710	if (key_type_plain(type) == KEY_ECDSA &&
				711	(curve_nid = key_ecdsa_nid_from_name(cp)) == -1) {
				712	debug("key_read: invalid curve");
				713	return -1;
				714	}
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	715	#endif
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	716	*space = ' ';
				717	if (type == KEY_UNSPEC) {
Damien Miller	386f1f3	2003-02-24 11:54:57 +1100	[diff] [blame]	718	debug3("key_read: missing keytype");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	719	return -1;
				720	}
				721	cp = space+1;
				722	if (*cp == '\0') {
				723	debug3("key_read: short string");
				724	return -1;
				725	}
				726	if (ret->type == KEY_UNSPEC) {
				727	ret->type = type;
				728	} else if (ret->type != type) {
				729	/* is a key, but different type */
				730	debug3("key_read: type mismatch");
Ben Lindstrom	309f3d1	2001-09-20 00:55:53 +0000	[diff] [blame]	731	return -1;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	732	}
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	733	len = 2*strlen(cp);
				734	blob = xmalloc(len);
				735	n = uudecode(cp, blob, len);
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	736	if (n < 0) {
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	737	error("key_read: uudecode %s failed", cp);
Ben Lindstrom	4cbc181	2001-12-06 16:41:41 +0000	[diff] [blame]	738	xfree(blob);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	739	return -1;
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	740	}
Darren Tucker	502d384	2003-06-28 12:38:01 +1000	[diff] [blame]	741	k = key_from_blob(blob, (u_int)n);
Ben Lindstrom	4cbc181	2001-12-06 16:41:41 +0000	[diff] [blame]	742	xfree(blob);
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	743	if (k == NULL) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	744	error("key_read: key_from_blob %s failed", cp);
				745	return -1;
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	746	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	747	if (k->type != type) {
				748	error("key_read: type mismatch: encoding error");
				749	key_free(k);
				750	return -1;
				751	}
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	752	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	753	if (key_type_plain(type) == KEY_ECDSA &&
				754	curve_nid != k->ecdsa_nid) {
				755	error("key_read: type mismatch: EC curve mismatch");
				756	key_free(k);
				757	return -1;
				758	}
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	759	#endif
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	760	/XXXX/
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	761	if (key_is_cert(ret)) {
				762	if (!key_is_cert(k)) {
				763	error("key_read: loaded key is not a cert");
				764	key_free(k);
				765	return -1;
				766	}
				767	if (ret->cert != NULL)
				768	cert_free(ret->cert);
				769	ret->cert = k->cert;
				770	k->cert = NULL;
				771	}
				772	if (key_type_plain(ret->type) == KEY_RSA) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	773	if (ret->rsa != NULL)
				774	RSA_free(ret->rsa);
				775	ret->rsa = k->rsa;
				776	k->rsa = NULL;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	777	#ifdef DEBUG_PK
				778	RSA_print_fp(stderr, ret->rsa, 8);
				779	#endif
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	780	}
				781	if (key_type_plain(ret->type) == KEY_DSA) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	782	if (ret->dsa != NULL)
				783	DSA_free(ret->dsa);
				784	ret->dsa = k->dsa;
				785	k->dsa = NULL;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	786	#ifdef DEBUG_PK
				787	DSA_print_fp(stderr, ret->dsa, 8);
				788	#endif
				789	}
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	790	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	791	if (key_type_plain(ret->type) == KEY_ECDSA) {
				792	if (ret->ecdsa != NULL)
				793	EC_KEY_free(ret->ecdsa);
				794	ret->ecdsa = k->ecdsa;
				795	ret->ecdsa_nid = k->ecdsa_nid;
				796	k->ecdsa = NULL;
				797	k->ecdsa_nid = -1;
				798	#ifdef DEBUG_PK
				799	key_dump_ec_key(ret->ecdsa);
				800	#endif
				801	}
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	802	#endif
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	803	success = 1;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	804	/XXXX/
Ben Lindstrom	4cbc181	2001-12-06 16:41:41 +0000	[diff] [blame]	805	key_free(k);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	806	if (success != 1)
				807	break;
Damien Miller	b1715dc	2000-05-30 13:44:51 +1000	[diff] [blame]	808	/* advance cp: skip whitespace and data */
				809	while (cp == ' ' \|\| cp == '\t')
				810	cp++;
				811	while (cp != '\0' && cp != ' ' && *cp != '\t')
				812	cp++;
				813	*cpp = cp;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	814	break;
				815	default:
Damien Miller	eba71ba	2000-04-29 23:57:08 +1000	[diff] [blame]	816	fatal("key_read: bad key type: %d", ret->type);
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	817	break;
				818	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	819	return success;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	820	}
Ben Lindstrom	836f0e9	2002-06-23 21:21:30 +0000	[diff] [blame]	821
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	822	int
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	823	key_write(const Key key, FILE f)
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	824	{
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	825	int n, success = 0;
				826	u_int len, bits = 0;
Damien Miller	a10f561	2002-09-12 09:49:15 +1000	[diff] [blame]	827	u_char *blob;
				828	char *uu;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	829
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	830	if (key_is_cert(key)) {
				831	if (key->cert == NULL) {
				832	error("%s: no cert data", __func__);
				833	return 0;
				834	}
				835	if (buffer_len(&key->cert->certblob) == 0) {
				836	error("%s: no signed certificate blob", __func__);
				837	return 0;
				838	}
				839	}
				840
				841	switch (key->type) {
				842	case KEY_RSA1:
				843	if (key->rsa == NULL)
				844	return 0;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	845	/* size of modulus 'n' */
				846	bits = BN_num_bits(key->rsa->n);
				847	fprintf(f, "%u", bits);
				848	if (write_bignum(f, key->rsa->e) &&
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	849	write_bignum(f, key->rsa->n))
				850	return 1;
				851	error("key_write: failed for RSA key");
				852	return 0;
				853	case KEY_DSA:
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	854	case KEY_DSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	855	case KEY_DSA_CERT:
				856	if (key->dsa == NULL)
				857	return 0;
				858	break;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	859	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	860	case KEY_ECDSA:
				861	case KEY_ECDSA_CERT:
				862	if (key->ecdsa == NULL)
				863	return 0;
				864	break;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	865	#endif
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	866	case KEY_RSA:
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	867	case KEY_RSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	868	case KEY_RSA_CERT:
				869	if (key->rsa == NULL)
				870	return 0;
				871	break;
				872	default:
				873	return 0;
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	874	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	875
				876	key_to_blob(key, &blob, &len);
				877	uu = xmalloc(2*len);
				878	n = uuencode(blob, len, uu, 2*len);
				879	if (n > 0) {
				880	fprintf(f, "%s %s", key_ssh_name(key), uu);
				881	success = 1;
				882	}
				883	xfree(blob);
				884	xfree(uu);
				885
Damien Miller	450a7a1	2000-03-26 13:04:51 +1000	[diff] [blame]	886	return success;
				887	}
Ben Lindstrom	836f0e9	2002-06-23 21:21:30 +0000	[diff] [blame]	888
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	889	const char *
				890	key_type(const Key *k)
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	891	{
				892	switch (k->type) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	893	case KEY_RSA1:
				894	return "RSA1";
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	895	case KEY_RSA:
				896	return "RSA";
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	897	case KEY_DSA:
				898	return "DSA";
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	899	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	900	case KEY_ECDSA:
				901	return "ECDSA";
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	902	#endif
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	903	case KEY_RSA_CERT_V00:
				904	return "RSA-CERT-V00";
				905	case KEY_DSA_CERT_V00:
				906	return "DSA-CERT-V00";
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	907	case KEY_RSA_CERT:
				908	return "RSA-CERT";
				909	case KEY_DSA_CERT:
				910	return "DSA-CERT";
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	911	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	912	case KEY_ECDSA_CERT:
				913	return "ECDSA-CERT";
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	914	#endif
Damien Miller	e247cc4	2000-05-07 12:03:14 +1000	[diff] [blame]	915	}
				916	return "unknown";
				917	}
Ben Lindstrom	836f0e9	2002-06-23 21:21:30 +0000	[diff] [blame]	918
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	919	const char *
Damien Miller	1cfbfaf	2010-03-22 05:58:24 +1100	[diff] [blame]	920	key_cert_type(const Key *k)
				921	{
				922	switch (k->cert->type) {
				923	case SSH2_CERT_TYPE_USER:
				924	return "user";
				925	case SSH2_CERT_TYPE_HOST:
				926	return "host";
				927	default:
				928	return "unknown";
				929	}
				930	}
				931
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	932	static const char *
				933	key_ssh_name_from_type_nid(int type, int nid)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	934	{
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	935	switch (type) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	936	case KEY_RSA:
				937	return "ssh-rsa";
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	938	case KEY_DSA:
				939	return "ssh-dss";
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	940	case KEY_RSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	941	return "ssh-rsa-cert-v00@openssh.com";
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	942	case KEY_DSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	943	return "ssh-dss-cert-v00@openssh.com";
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	944	case KEY_RSA_CERT:
				945	return "ssh-rsa-cert-v01@openssh.com";
				946	case KEY_DSA_CERT:
				947	return "ssh-dss-cert-v01@openssh.com";
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	948	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	949	case KEY_ECDSA:
				950	switch (nid) {
				951	case NID_X9_62_prime256v1:
				952	return "ecdsa-sha2-nistp256";
				953	case NID_secp384r1:
				954	return "ecdsa-sha2-nistp384";
				955	case NID_secp521r1:
				956	return "ecdsa-sha2-nistp521";
				957	default:
				958	break;
				959	}
				960	break;
				961	case KEY_ECDSA_CERT:
				962	switch (nid) {
				963	case NID_X9_62_prime256v1:
				964	return "ecdsa-sha2-nistp256-cert-v01@openssh.com";
				965	case NID_secp384r1:
				966	return "ecdsa-sha2-nistp384-cert-v01@openssh.com";
				967	case NID_secp521r1:
				968	return "ecdsa-sha2-nistp521-cert-v01@openssh.com";
				969	default:
				970	break;
				971	}
				972	break;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	973	#endif /* OPENSSL_HAS_ECC */
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	974	}
				975	return "ssh-unknown";
				976	}
Ben Lindstrom	836f0e9	2002-06-23 21:21:30 +0000	[diff] [blame]	977
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	978	const char *
				979	key_ssh_name(const Key *k)
				980	{
				981	return key_ssh_name_from_type_nid(k->type, k->ecdsa_nid);
				982	}
				983
				984	const char *
				985	key_ssh_name_plain(const Key *k)
				986	{
				987	return key_ssh_name_from_type_nid(key_type_plain(k->type),
				988	k->ecdsa_nid);
				989	}
				990
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	991	u_int
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	992	key_size(const Key *k)
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	993	{
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	994	switch (k->type) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	995	case KEY_RSA1:
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	996	case KEY_RSA:
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	997	case KEY_RSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	998	case KEY_RSA_CERT:
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	999	return BN_num_bits(k->rsa->n);
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	1000	case KEY_DSA:
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1001	case KEY_DSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1002	case KEY_DSA_CERT:
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	1003	return BN_num_bits(k->dsa->p);
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1004	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1005	case KEY_ECDSA:
				1006	case KEY_ECDSA_CERT:
Damien Miller	041ab7c	2010-09-10 11:23:34 +1000	[diff] [blame]	1007	return key_curve_nid_to_bits(k->ecdsa_nid);
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1008	#endif
Damien Miller	ad833b3	2000-08-23 10:46:23 +1000	[diff] [blame]	1009	}
				1010	return 0;
				1011	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1012
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1013	static RSA *
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	1014	rsa_generate_private_key(u_int bits)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1015	{
Damien Miller	4499f4c	2010-11-20 15:15:49 +1100	[diff] [blame]	1016	RSA *private = RSA_new();
				1017	BIGNUM *f4 = BN_new();
Damien Miller	69b7203	2006-03-26 14:02:35 +1100	[diff] [blame]	1018
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1019	if (private == NULL)
Damien Miller	4499f4c	2010-11-20 15:15:49 +1100	[diff] [blame]	1020	fatal("%s: RSA_new failed", __func__);
				1021	if (f4 == NULL)
				1022	fatal("%s: BN_new failed", __func__);
				1023	if (!BN_set_word(f4, RSA_F4))
				1024	fatal("%s: BN_new failed", __func__);
				1025	if (!RSA_generate_key_ex(private, bits, f4, NULL))
				1026	fatal("%s: key generation failed.", __func__);
				1027	BN_free(f4);
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1028	return private;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1029	}
				1030
Ben Lindstrom	bba8121	2001-06-25 05:01:22 +0000	[diff] [blame]	1031	static DSA*
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	1032	dsa_generate_private_key(u_int bits)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1033	{
Damien Miller	4499f4c	2010-11-20 15:15:49 +1100	[diff] [blame]	1034	DSA *private = DSA_new();
Damien Miller	69b7203	2006-03-26 14:02:35 +1100	[diff] [blame]	1035
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1036	if (private == NULL)
Damien Miller	4499f4c	2010-11-20 15:15:49 +1100	[diff] [blame]	1037	fatal("%s: DSA_new failed", __func__);
				1038	if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL,
				1039	NULL, NULL))
				1040	fatal("%s: DSA_generate_parameters failed", __func__);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1041	if (!DSA_generate_key(private))
Damien Miller	4499f4c	2010-11-20 15:15:49 +1100	[diff] [blame]	1042	fatal("%s: DSA_generate_key failed.", __func__);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1043	return private;
				1044	}
				1045
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1046	int
				1047	key_ecdsa_bits_to_nid(int bits)
				1048	{
				1049	switch (bits) {
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1050	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1051	case 256:
				1052	return NID_X9_62_prime256v1;
				1053	case 384:
				1054	return NID_secp384r1;
				1055	case 521:
				1056	return NID_secp521r1;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1057	#endif
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1058	default:
				1059	return -1;
				1060	}
				1061	}
				1062
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1063	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1064	int
Damien Miller	b472a90	2010-11-05 10:19:49 +1100	[diff] [blame]	1065	key_ecdsa_key_to_nid(EC_KEY *k)
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1066	{
				1067	EC_GROUP *eg;
				1068	int nids[] = {
				1069	NID_X9_62_prime256v1,
				1070	NID_secp384r1,
				1071	NID_secp521r1,
				1072	-1
				1073	};
Damien Miller	b472a90	2010-11-05 10:19:49 +1100	[diff] [blame]	1074	int nid;
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1075	u_int i;
				1076	BN_CTX *bnctx;
Damien Miller	b472a90	2010-11-05 10:19:49 +1100	[diff] [blame]	1077	const EC_GROUP *g = EC_KEY_get0_group(k);
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1078
Damien Miller	b472a90	2010-11-05 10:19:49 +1100	[diff] [blame]	1079	/*
				1080	* The group may be stored in a ASN.1 encoded private key in one of two
				1081	* ways: as a "named group", which is reconstituted by ASN.1 object ID
				1082	* or explicit group parameters encoded into the key blob. Only the
				1083	* "named group" case sets the group NID for us, but we can figure
				1084	* it out for the other case by comparing against all the groups that
				1085	* are supported.
				1086	*/
				1087	if ((nid = EC_GROUP_get_curve_name(g)) > 0)
				1088	return nid;
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1089	if ((bnctx = BN_CTX_new()) == NULL)
				1090	fatal("%s: BN_CTX_new() failed", __func__);
				1091	for (i = 0; nids[i] != -1; i++) {
				1092	if ((eg = EC_GROUP_new_by_curve_name(nids[i])) == NULL)
				1093	fatal("%s: EC_GROUP_new_by_curve_name failed",
				1094	__func__);
Damien Miller	b472a90	2010-11-05 10:19:49 +1100	[diff] [blame]	1095	if (EC_GROUP_cmp(g, eg, bnctx) == 0)
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1096	break;
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1097	EC_GROUP_free(eg);
				1098	}
				1099	BN_CTX_free(bnctx);
				1100	debug3("%s: nid = %d", __func__, nids[i]);
Damien Miller	b472a90	2010-11-05 10:19:49 +1100	[diff] [blame]	1101	if (nids[i] != -1) {
				1102	/* Use the group with the NID attached */
				1103	EC_GROUP_set_asn1_flag(eg, OPENSSL_EC_NAMED_CURVE);
				1104	if (EC_KEY_set_group(k, eg) != 1)
				1105	fatal("%s: EC_KEY_set_group", __func__);
				1106	}
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1107	return nids[i];
				1108	}
				1109
				1110	static EC_KEY*
				1111	ecdsa_generate_private_key(u_int bits, int *nid)
				1112	{
				1113	EC_KEY *private;
				1114
				1115	if ((*nid = key_ecdsa_bits_to_nid(bits)) == -1)
				1116	fatal("%s: invalid key length", __func__);
				1117	if ((private = EC_KEY_new_by_curve_name(*nid)) == NULL)
				1118	fatal("%s: EC_KEY_new_by_curve_name failed", __func__);
				1119	if (EC_KEY_generate_key(private) != 1)
				1120	fatal("%s: EC_KEY_generate_key failed", __func__);
Damien Miller	b472a90	2010-11-05 10:19:49 +1100	[diff] [blame]	1121	EC_KEY_set_asn1_flag(private, OPENSSL_EC_NAMED_CURVE);
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1122	return private;
				1123	}
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1124	#endif /* OPENSSL_HAS_ECC */
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1125
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1126	Key *
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	1127	key_generate(int type, u_int bits)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1128	{
				1129	Key *k = key_new(KEY_UNSPEC);
				1130	switch (type) {
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1131	case KEY_DSA:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1132	k->dsa = dsa_generate_private_key(bits);
				1133	break;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1134	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1135	case KEY_ECDSA:
				1136	k->ecdsa = ecdsa_generate_private_key(bits, &k->ecdsa_nid);
				1137	break;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1138	#endif
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1139	case KEY_RSA:
				1140	case KEY_RSA1:
				1141	k->rsa = rsa_generate_private_key(bits);
				1142	break;
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1143	case KEY_RSA_CERT_V00:
				1144	case KEY_DSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1145	case KEY_RSA_CERT:
				1146	case KEY_DSA_CERT:
				1147	fatal("key_generate: cert keys cannot be generated directly");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1148	default:
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1149	fatal("key_generate: unknown type %d", type);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1150	}
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1151	k->type = type;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1152	return k;
				1153	}
				1154
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1155	void
				1156	key_cert_copy(const Key from_key, struct Key to_key)
				1157	{
				1158	u_int i;
				1159	const struct KeyCert *from;
				1160	struct KeyCert *to;
				1161
				1162	if (to_key->cert != NULL) {
				1163	cert_free(to_key->cert);
				1164	to_key->cert = NULL;
				1165	}
				1166
				1167	if ((from = from_key->cert) == NULL)
				1168	return;
				1169
				1170	to = to_key->cert = cert_new();
				1171
				1172	buffer_append(&to->certblob, buffer_ptr(&from->certblob),
				1173	buffer_len(&from->certblob));
				1174
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1175	buffer_append(&to->critical,
				1176	buffer_ptr(&from->critical), buffer_len(&from->critical));
				1177	buffer_append(&to->extensions,
				1178	buffer_ptr(&from->extensions), buffer_len(&from->extensions));
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1179
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1180	to->serial = from->serial;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1181	to->type = from->type;
				1182	to->key_id = from->key_id == NULL ? NULL : xstrdup(from->key_id);
				1183	to->valid_after = from->valid_after;
				1184	to->valid_before = from->valid_before;
				1185	to->signature_key = from->signature_key == NULL ?
				1186	NULL : key_from_private(from->signature_key);
				1187
				1188	to->nprincipals = from->nprincipals;
				1189	if (to->nprincipals > CERT_MAX_PRINCIPALS)
				1190	fatal("%s: nprincipals (%u) > CERT_MAX_PRINCIPALS (%u)",
				1191	__func__, to->nprincipals, CERT_MAX_PRINCIPALS);
				1192	if (to->nprincipals > 0) {
				1193	to->principals = xcalloc(from->nprincipals,
				1194	sizeof(*to->principals));
				1195	for (i = 0; i < to->nprincipals; i++)
				1196	to->principals[i] = xstrdup(from->principals[i]);
				1197	}
				1198	}
				1199
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1200	Key *
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	1201	key_from_private(const Key *k)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1202	{
				1203	Key *n = NULL;
				1204	switch (k->type) {
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1205	case KEY_DSA:
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1206	case KEY_DSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1207	case KEY_DSA_CERT:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1208	n = key_new(k->type);
Darren Tucker	0bc8557	2006-11-07 23:14:41 +1100	[diff] [blame]	1209	if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) \|\|
				1210	(BN_copy(n->dsa->q, k->dsa->q) == NULL) \|\|
				1211	(BN_copy(n->dsa->g, k->dsa->g) == NULL) \|\|
				1212	(BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL))
				1213	fatal("key_from_private: BN_copy failed");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1214	break;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1215	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1216	case KEY_ECDSA:
				1217	case KEY_ECDSA_CERT:
				1218	n = key_new(k->type);
				1219	n->ecdsa_nid = k->ecdsa_nid;
				1220	if ((n->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid)) == NULL)
				1221	fatal("%s: EC_KEY_new_by_curve_name failed", __func__);
				1222	if (EC_KEY_set_public_key(n->ecdsa,
				1223	EC_KEY_get0_public_key(k->ecdsa)) != 1)
				1224	fatal("%s: EC_KEY_set_public_key failed", __func__);
				1225	break;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1226	#endif
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1227	case KEY_RSA:
				1228	case KEY_RSA1:
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1229	case KEY_RSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1230	case KEY_RSA_CERT:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1231	n = key_new(k->type);
Darren Tucker	0bc8557	2006-11-07 23:14:41 +1100	[diff] [blame]	1232	if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) \|\|
				1233	(BN_copy(n->rsa->e, k->rsa->e) == NULL))
				1234	fatal("key_from_private: BN_copy failed");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1235	break;
				1236	default:
Kevin Steves	ef4eea9	2001-02-05 12:42:17 +0000	[diff] [blame]	1237	fatal("key_from_private: unknown type %d", k->type);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1238	break;
				1239	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1240	if (key_is_cert(k))
				1241	key_cert_copy(k, n);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1242	return n;
				1243	}
				1244
				1245	int
				1246	key_type_from_name(char *name)
				1247	{
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	1248	if (strcmp(name, "rsa1") == 0) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1249	return KEY_RSA1;
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	1250	} else if (strcmp(name, "rsa") == 0) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1251	return KEY_RSA;
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	1252	} else if (strcmp(name, "dsa") == 0) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1253	return KEY_DSA;
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	1254	} else if (strcmp(name, "ssh-rsa") == 0) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1255	return KEY_RSA;
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	1256	} else if (strcmp(name, "ssh-dss") == 0) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1257	return KEY_DSA;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1258	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1259	} else if (strcmp(name, "ecdsa") == 0 \|\|
				1260	strcmp(name, "ecdsa-sha2-nistp256") == 0 \|\|
				1261	strcmp(name, "ecdsa-sha2-nistp384") == 0 \|\|
				1262	strcmp(name, "ecdsa-sha2-nistp521") == 0) {
				1263	return KEY_ECDSA;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1264	#endif
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1265	} else if (strcmp(name, "ssh-rsa-cert-v00@openssh.com") == 0) {
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1266	return KEY_RSA_CERT_V00;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1267	} else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) {
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1268	return KEY_DSA_CERT_V00;
				1269	} else if (strcmp(name, "ssh-rsa-cert-v01@openssh.com") == 0) {
				1270	return KEY_RSA_CERT;
				1271	} else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1272	return KEY_DSA_CERT;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1273	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1274	} else if (strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0 \|\|
				1275	strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0 \|\|
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1276	strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) {
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1277	return KEY_ECDSA_CERT;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1278	#endif
				1279	}
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1280
Ben Lindstrom	b54873a	2001-03-11 20:01:55 +0000	[diff] [blame]	1281	debug2("key_type_from_name: unknown key type '%s'", name);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1282	return KEY_UNSPEC;
				1283	}
				1284
Ben Lindstrom	982dbbc	2001-04-17 18:11:36 +0000	[diff] [blame]	1285	int
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1286	key_ecdsa_nid_from_name(const char *name)
				1287	{
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1288	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1289	if (strcmp(name, "ecdsa-sha2-nistp256") == 0 \|\|
				1290	strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0)
				1291	return NID_X9_62_prime256v1;
				1292	if (strcmp(name, "ecdsa-sha2-nistp384") == 0 \|\|
				1293	strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0)
				1294	return NID_secp384r1;
				1295	if (strcmp(name, "ecdsa-sha2-nistp521") == 0 \|\|
				1296	strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0)
				1297	return NID_secp521r1;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1298	#endif /* OPENSSL_HAS_ECC */
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1299
				1300	debug2("%s: unknown/non-ECDSA key type '%s'", __func__, name);
				1301	return -1;
				1302	}
				1303
				1304	int
Ben Lindstrom	982dbbc	2001-04-17 18:11:36 +0000	[diff] [blame]	1305	key_names_valid2(const char *names)
				1306	{
				1307	char s, cp, *p;
				1308
				1309	if (names == NULL \|\| strcmp(names, "") == 0)
				1310	return 0;
				1311	s = cp = xstrdup(names);
				1312	for ((p = strsep(&cp, ",")); p && *p != '\0';
Damien Miller	9f0f5c6	2001-12-21 14:45:46 +1100	[diff] [blame]	1313	(p = strsep(&cp, ","))) {
Ben Lindstrom	982dbbc	2001-04-17 18:11:36 +0000	[diff] [blame]	1314	switch (key_type_from_name(p)) {
				1315	case KEY_RSA1:
				1316	case KEY_UNSPEC:
				1317	xfree(s);
				1318	return 0;
				1319	}
				1320	}
				1321	debug3("key names ok: [%s]", names);
				1322	xfree(s);
				1323	return 1;
				1324	}
				1325
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1326	static int
				1327	cert_parse(Buffer b, Key key, const u_char *blob, u_int blen)
				1328	{
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1329	u_char principals, critical, exts, sig_key, *sig;
				1330	u_int signed_len, plen, clen, sklen, slen, kidlen, elen;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1331	Buffer tmp;
				1332	char *principal;
				1333	int ret = -1;
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1334	int v00 = key->type == KEY_DSA_CERT_V00 \|\|
				1335	key->type == KEY_RSA_CERT_V00;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1336
				1337	buffer_init(&tmp);
				1338
				1339	/* Copy the entire key blob for verification and later serialisation */
				1340	buffer_append(&key->cert->certblob, blob, blen);
				1341
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1342	elen = 0; /* Not touched for v00 certs */
				1343	principals = exts = critical = sig_key = sig = NULL;
				1344	if ((!v00 && buffer_get_int64_ret(&key->cert->serial, b) != 0) \|\|
				1345	buffer_get_int_ret(&key->cert->type, b) != 0 \|\|
Damien Miller	da108ec	2010-08-31 22:36:39 +1000	[diff] [blame]	1346	(key->cert->key_id = buffer_get_cstring_ret(b, &kidlen)) == NULL \|\|
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1347	(principals = buffer_get_string_ret(b, &plen)) == NULL \|\|
				1348	buffer_get_int64_ret(&key->cert->valid_after, b) != 0 \|\|
				1349	buffer_get_int64_ret(&key->cert->valid_before, b) != 0 \|\|
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1350	(critical = buffer_get_string_ret(b, &clen)) == NULL \|\|
				1351	(!v00 && (exts = buffer_get_string_ret(b, &elen)) == NULL) \|\|
				1352	(v00 && buffer_get_string_ptr_ret(b, NULL) == NULL) \|\| /* nonce */
				1353	buffer_get_string_ptr_ret(b, NULL) == NULL \|\| /* reserved */
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1354	(sig_key = buffer_get_string_ret(b, &sklen)) == NULL) {
				1355	error("%s: parse error", __func__);
				1356	goto out;
				1357	}
				1358
				1359	/* Signature is left in the buffer so we can calculate this length */
				1360	signed_len = buffer_len(&key->cert->certblob) - buffer_len(b);
				1361
				1362	if ((sig = buffer_get_string_ret(b, &slen)) == NULL) {
				1363	error("%s: parse error", __func__);
				1364	goto out;
				1365	}
				1366
				1367	if (key->cert->type != SSH2_CERT_TYPE_USER &&
				1368	key->cert->type != SSH2_CERT_TYPE_HOST) {
				1369	error("Unknown certificate type %u", key->cert->type);
				1370	goto out;
				1371	}
				1372
				1373	buffer_append(&tmp, principals, plen);
				1374	while (buffer_len(&tmp) > 0) {
				1375	if (key->cert->nprincipals >= CERT_MAX_PRINCIPALS) {
Damien Miller	4139657	2010-03-04 21:51:11 +1100	[diff] [blame]	1376	error("%s: Too many principals", __func__);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1377	goto out;
				1378	}
Damien Miller	da108ec	2010-08-31 22:36:39 +1000	[diff] [blame]	1379	if ((principal = buffer_get_cstring_ret(&tmp, &plen)) == NULL) {
Damien Miller	4139657	2010-03-04 21:51:11 +1100	[diff] [blame]	1380	error("%s: Principals data invalid", __func__);
				1381	goto out;
				1382	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1383	key->cert->principals = xrealloc(key->cert->principals,
				1384	key->cert->nprincipals + 1, sizeof(*key->cert->principals));
				1385	key->cert->principals[key->cert->nprincipals++] = principal;
				1386	}
				1387
				1388	buffer_clear(&tmp);
				1389
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1390	buffer_append(&key->cert->critical, critical, clen);
				1391	buffer_append(&tmp, critical, clen);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1392	/* validate structure */
				1393	while (buffer_len(&tmp) != 0) {
Damien Miller	2befbad	2010-03-04 21:52:18 +1100	[diff] [blame]	1394	if (buffer_get_string_ptr_ret(&tmp, NULL) == NULL \|\|
				1395	buffer_get_string_ptr_ret(&tmp, NULL) == NULL) {
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1396	error("%s: critical option data invalid", __func__);
				1397	goto out;
				1398	}
				1399	}
				1400	buffer_clear(&tmp);
				1401
				1402	buffer_append(&key->cert->extensions, exts, elen);
				1403	buffer_append(&tmp, exts, elen);
				1404	/* validate structure */
				1405	while (buffer_len(&tmp) != 0) {
				1406	if (buffer_get_string_ptr_ret(&tmp, NULL) == NULL \|\|
				1407	buffer_get_string_ptr_ret(&tmp, NULL) == NULL) {
				1408	error("%s: extension data invalid", __func__);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1409	goto out;
				1410	}
				1411	}
				1412	buffer_clear(&tmp);
				1413
				1414	if ((key->cert->signature_key = key_from_blob(sig_key,
				1415	sklen)) == NULL) {
Damien Miller	4139657	2010-03-04 21:51:11 +1100	[diff] [blame]	1416	error("%s: Signature key invalid", __func__);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1417	goto out;
				1418	}
				1419	if (key->cert->signature_key->type != KEY_RSA &&
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1420	key->cert->signature_key->type != KEY_DSA &&
				1421	key->cert->signature_key->type != KEY_ECDSA) {
Damien Miller	4139657	2010-03-04 21:51:11 +1100	[diff] [blame]	1422	error("%s: Invalid signature key type %s (%d)", __func__,
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1423	key_type(key->cert->signature_key),
				1424	key->cert->signature_key->type);
				1425	goto out;
				1426	}
				1427
				1428	switch (key_verify(key->cert->signature_key, sig, slen,
				1429	buffer_ptr(&key->cert->certblob), signed_len)) {
				1430	case 1:
Damien Miller	4139657	2010-03-04 21:51:11 +1100	[diff] [blame]	1431	ret = 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1432	break; /* Good signature */
				1433	case 0:
Damien Miller	4139657	2010-03-04 21:51:11 +1100	[diff] [blame]	1434	error("%s: Invalid signature on certificate", __func__);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1435	goto out;
				1436	case -1:
Damien Miller	4139657	2010-03-04 21:51:11 +1100	[diff] [blame]	1437	error("%s: Certificate signature verification failed",
				1438	__func__);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1439	goto out;
				1440	}
				1441
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1442	out:
				1443	buffer_free(&tmp);
				1444	if (principals != NULL)
				1445	xfree(principals);
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1446	if (critical != NULL)
				1447	xfree(critical);
				1448	if (exts != NULL)
				1449	xfree(exts);
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1450	if (sig_key != NULL)
				1451	xfree(sig_key);
				1452	if (sig != NULL)
				1453	xfree(sig);
				1454	return ret;
				1455	}
				1456
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1457	Key *
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	1458	key_from_blob(const u_char *blob, u_int blen)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1459	{
				1460	Buffer b;
Darren Tucker	8ccb739	2010-09-10 12:28:24 +1000	[diff] [blame]	1461	int rlen, type;
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1462	char ktype = NULL, curve = NULL;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1463	Key *key = NULL;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1464	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1465	EC_POINT *q = NULL;
Darren Tucker	8ccb739	2010-09-10 12:28:24 +1000	[diff] [blame]	1466	int nid = -1;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1467	#endif
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1468
				1469	#ifdef DEBUG_PK
				1470	dump_base64(stderr, blob, blen);
				1471	#endif
				1472	buffer_init(&b);
				1473	buffer_append(&b, blob, blen);
Damien Miller	da108ec	2010-08-31 22:36:39 +1000	[diff] [blame]	1474	if ((ktype = buffer_get_cstring_ret(&b, NULL)) == NULL) {
Darren Tucker	08d04fa	2004-11-05 20:42:28 +1100	[diff] [blame]	1475	error("key_from_blob: can't read key type");
				1476	goto out;
				1477	}
				1478
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1479	type = key_type_from_name(ktype);
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1480	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1481	if (key_type_plain(type) == KEY_ECDSA)
				1482	nid = key_ecdsa_nid_from_name(ktype);
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1483	#endif
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1484
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	1485	switch (type) {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1486	case KEY_RSA_CERT:
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1487	(void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */
				1488	/* FALLTHROUGH */
				1489	case KEY_RSA:
				1490	case KEY_RSA_CERT_V00:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1491	key = key_new(type);
Darren Tucker	08d04fa	2004-11-05 20:42:28 +1100	[diff] [blame]	1492	if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 \|\|
				1493	buffer_get_bignum2_ret(&b, key->rsa->n) == -1) {
				1494	error("key_from_blob: can't read rsa key");
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1495	badkey:
Darren Tucker	08d04fa	2004-11-05 20:42:28 +1100	[diff] [blame]	1496	key_free(key);
				1497	key = NULL;
				1498	goto out;
				1499	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1500	#ifdef DEBUG_PK
				1501	RSA_print_fp(stderr, key->rsa, 8);
				1502	#endif
				1503	break;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1504	case KEY_DSA_CERT:
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1505	(void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */
				1506	/* FALLTHROUGH */
				1507	case KEY_DSA:
				1508	case KEY_DSA_CERT_V00:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1509	key = key_new(type);
Darren Tucker	08d04fa	2004-11-05 20:42:28 +1100	[diff] [blame]	1510	if (buffer_get_bignum2_ret(&b, key->dsa->p) == -1 \|\|
				1511	buffer_get_bignum2_ret(&b, key->dsa->q) == -1 \|\|
				1512	buffer_get_bignum2_ret(&b, key->dsa->g) == -1 \|\|
				1513	buffer_get_bignum2_ret(&b, key->dsa->pub_key) == -1) {
				1514	error("key_from_blob: can't read dsa key");
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1515	goto badkey;
Darren Tucker	08d04fa	2004-11-05 20:42:28 +1100	[diff] [blame]	1516	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1517	#ifdef DEBUG_PK
				1518	DSA_print_fp(stderr, key->dsa, 8);
				1519	#endif
				1520	break;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1521	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1522	case KEY_ECDSA_CERT:
				1523	(void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */
				1524	/* FALLTHROUGH */
				1525	case KEY_ECDSA:
				1526	key = key_new(type);
				1527	key->ecdsa_nid = nid;
				1528	if ((curve = buffer_get_string_ret(&b, NULL)) == NULL) {
				1529	error("key_from_blob: can't read ecdsa curve");
				1530	goto badkey;
				1531	}
				1532	if (key->ecdsa_nid != key_curve_name_to_nid(curve)) {
				1533	error("key_from_blob: ecdsa curve doesn't match type");
				1534	goto badkey;
				1535	}
				1536	if (key->ecdsa != NULL)
				1537	EC_KEY_free(key->ecdsa);
				1538	if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid))
				1539	== NULL)
				1540	fatal("key_from_blob: EC_KEY_new_by_curve_name failed");
				1541	if ((q = EC_POINT_new(EC_KEY_get0_group(key->ecdsa))) == NULL)
				1542	fatal("key_from_blob: EC_POINT_new failed");
				1543	if (buffer_get_ecpoint_ret(&b, EC_KEY_get0_group(key->ecdsa),
				1544	q) == -1) {
				1545	error("key_from_blob: can't read ecdsa key point");
				1546	goto badkey;
				1547	}
				1548	if (key_ec_validate_public(EC_KEY_get0_group(key->ecdsa),
				1549	q) != 0)
				1550	goto badkey;
				1551	if (EC_KEY_set_public_key(key->ecdsa, q) != 1)
				1552	fatal("key_from_blob: EC_KEY_set_public_key failed");
				1553	#ifdef DEBUG_PK
				1554	key_dump_ec_point(EC_KEY_get0_group(key->ecdsa), q);
				1555	#endif
				1556	break;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1557	#endif /* OPENSSL_HAS_ECC */
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1558	case KEY_UNSPEC:
				1559	key = key_new(type);
				1560	break;
				1561	default:
				1562	error("key_from_blob: cannot handle type %s", ktype);
Darren Tucker	08d04fa	2004-11-05 20:42:28 +1100	[diff] [blame]	1563	goto out;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1564	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1565	if (key_is_cert(key) && cert_parse(&b, key, blob, blen) == -1) {
				1566	error("key_from_blob: can't parse cert data");
				1567	goto badkey;
				1568	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1569	rlen = buffer_len(&b);
				1570	if (key != NULL && rlen != 0)
				1571	error("key_from_blob: remaining bytes in key blob %d", rlen);
Darren Tucker	08d04fa	2004-11-05 20:42:28 +1100	[diff] [blame]	1572	out:
				1573	if (ktype != NULL)
				1574	xfree(ktype);
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1575	if (curve != NULL)
				1576	xfree(curve);
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1577	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1578	if (q != NULL)
				1579	EC_POINT_free(q);
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1580	#endif
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1581	buffer_free(&b);
				1582	return key;
				1583	}
				1584
				1585	int
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	1586	key_to_blob(const Key key, u_char blobp, u_int lenp)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1587	{
				1588	Buffer b;
				1589	int len;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1590
				1591	if (key == NULL) {
				1592	error("key_to_blob: key == NULL");
				1593	return 0;
				1594	}
				1595	buffer_init(&b);
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	1596	switch (key->type) {
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1597	case KEY_DSA_CERT_V00:
				1598	case KEY_RSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1599	case KEY_DSA_CERT:
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1600	case KEY_ECDSA_CERT:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1601	case KEY_RSA_CERT:
				1602	/* Use the existing blob */
				1603	buffer_append(&b, buffer_ptr(&key->cert->certblob),
				1604	buffer_len(&key->cert->certblob));
				1605	break;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1606	case KEY_DSA:
				1607	buffer_put_cstring(&b, key_ssh_name(key));
				1608	buffer_put_bignum2(&b, key->dsa->p);
				1609	buffer_put_bignum2(&b, key->dsa->q);
				1610	buffer_put_bignum2(&b, key->dsa->g);
				1611	buffer_put_bignum2(&b, key->dsa->pub_key);
				1612	break;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1613	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1614	case KEY_ECDSA:
				1615	buffer_put_cstring(&b, key_ssh_name(key));
				1616	buffer_put_cstring(&b, key_curve_nid_to_name(key->ecdsa_nid));
				1617	buffer_put_ecpoint(&b, EC_KEY_get0_group(key->ecdsa),
				1618	EC_KEY_get0_public_key(key->ecdsa));
				1619	break;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1620	#endif
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1621	case KEY_RSA:
				1622	buffer_put_cstring(&b, key_ssh_name(key));
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1623	buffer_put_bignum2(&b, key->rsa->e);
Ben Lindstrom	bf555ba	2001-01-18 02:04:35 +0000	[diff] [blame]	1624	buffer_put_bignum2(&b, key->rsa->n);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1625	break;
				1626	default:
Ben Lindstrom	99a30f1	2001-09-18 05:49:14 +0000	[diff] [blame]	1627	error("key_to_blob: unsupported key type %d", key->type);
				1628	buffer_free(&b);
				1629	return 0;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1630	}
				1631	len = buffer_len(&b);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1632	if (lenp != NULL)
				1633	*lenp = len;
Ben Lindstrom	2bf759c	2002-07-07 22:13:31 +0000	[diff] [blame]	1634	if (blobp != NULL) {
				1635	*blobp = xmalloc(len);
				1636	memcpy(*blobp, buffer_ptr(&b), len);
				1637	}
				1638	memset(buffer_ptr(&b), 0, len);
				1639	buffer_free(&b);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1640	return len;
				1641	}
				1642
				1643	int
				1644	key_sign(
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	1645	const Key *key,
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	1646	u_char *sigp, u_int lenp,
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	1647	const u_char *data, u_int datalen)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1648	{
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	1649	switch (key->type) {
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1650	case KEY_DSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1651	case KEY_DSA_CERT:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1652	case KEY_DSA:
				1653	return ssh_dss_sign(key, sigp, lenp, data, datalen);
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1654	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1655	case KEY_ECDSA_CERT:
				1656	case KEY_ECDSA:
				1657	return ssh_ecdsa_sign(key, sigp, lenp, data, datalen);
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1658	#endif
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1659	case KEY_RSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1660	case KEY_RSA_CERT:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1661	case KEY_RSA:
				1662	return ssh_rsa_sign(key, sigp, lenp, data, datalen);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1663	default:
Darren Tucker	5cb30ad	2004-08-12 22:40:24 +1000	[diff] [blame]	1664	error("key_sign: invalid key type %d", key->type);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1665	return -1;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1666	}
				1667	}
				1668
Ben Lindstrom	01fff0c	2002-06-06 20:54:07 +0000	[diff] [blame]	1669	/*
				1670	* key_verify returns 1 for a correct signature, 0 for an incorrect signature
				1671	* and -1 on error.
				1672	*/
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1673	int
				1674	key_verify(
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	1675	const Key *key,
				1676	const u_char *signature, u_int signaturelen,
				1677	const u_char *data, u_int datalen)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1678	{
Ben Lindstrom	5363aee	2001-06-25 04:42:20 +0000	[diff] [blame]	1679	if (signaturelen == 0)
				1680	return -1;
				1681
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	1682	switch (key->type) {
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1683	case KEY_DSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1684	case KEY_DSA_CERT:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1685	case KEY_DSA:
				1686	return ssh_dss_verify(key, signature, signaturelen, data, datalen);
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1687	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1688	case KEY_ECDSA_CERT:
				1689	case KEY_ECDSA:
				1690	return ssh_ecdsa_verify(key, signature, signaturelen, data, datalen);
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1691	#endif
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1692	case KEY_RSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1693	case KEY_RSA_CERT:
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1694	case KEY_RSA:
				1695	return ssh_rsa_verify(key, signature, signaturelen, data, datalen);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1696	default:
Darren Tucker	5cb30ad	2004-08-12 22:40:24 +1000	[diff] [blame]	1697	error("key_verify: invalid key type %d", key->type);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1698	return -1;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1699	}
				1700	}
Ben Lindstrom	a674e8d	2002-03-22 01:45:53 +0000	[diff] [blame]	1701
				1702	/* Converts a private to a public key */
Ben Lindstrom	a674e8d	2002-03-22 01:45:53 +0000	[diff] [blame]	1703	Key *
Damien Miller	f58b58c	2003-11-17 21:18:23 +1100	[diff] [blame]	1704	key_demote(const Key *k)
Ben Lindstrom	a674e8d	2002-03-22 01:45:53 +0000	[diff] [blame]	1705	{
				1706	Key *pk;
Ben Lindstrom	6328ab3	2002-03-22 02:54:23 +0000	[diff] [blame]	1707
Damien Miller	07d86be	2006-03-26 14:19:21 +1100	[diff] [blame]	1708	pk = xcalloc(1, sizeof(*pk));
Ben Lindstrom	a674e8d	2002-03-22 01:45:53 +0000	[diff] [blame]	1709	pk->type = k->type;
				1710	pk->flags = k->flags;
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1711	pk->ecdsa_nid = k->ecdsa_nid;
Ben Lindstrom	a674e8d	2002-03-22 01:45:53 +0000	[diff] [blame]	1712	pk->dsa = NULL;
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1713	pk->ecdsa = NULL;
Ben Lindstrom	a674e8d	2002-03-22 01:45:53 +0000	[diff] [blame]	1714	pk->rsa = NULL;
				1715
				1716	switch (k->type) {
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1717	case KEY_RSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1718	case KEY_RSA_CERT:
				1719	key_cert_copy(k, pk);
				1720	/* FALLTHROUGH */
Ben Lindstrom	a674e8d	2002-03-22 01:45:53 +0000	[diff] [blame]	1721	case KEY_RSA1:
				1722	case KEY_RSA:
				1723	if ((pk->rsa = RSA_new()) == NULL)
				1724	fatal("key_demote: RSA_new failed");
				1725	if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL)
				1726	fatal("key_demote: BN_dup failed");
				1727	if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL)
				1728	fatal("key_demote: BN_dup failed");
				1729	break;
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1730	case KEY_DSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1731	case KEY_DSA_CERT:
				1732	key_cert_copy(k, pk);
				1733	/* FALLTHROUGH */
Ben Lindstrom	a674e8d	2002-03-22 01:45:53 +0000	[diff] [blame]	1734	case KEY_DSA:
				1735	if ((pk->dsa = DSA_new()) == NULL)
				1736	fatal("key_demote: DSA_new failed");
				1737	if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL)
				1738	fatal("key_demote: BN_dup failed");
				1739	if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL)
				1740	fatal("key_demote: BN_dup failed");
				1741	if ((pk->dsa->g = BN_dup(k->dsa->g)) == NULL)
				1742	fatal("key_demote: BN_dup failed");
				1743	if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL)
				1744	fatal("key_demote: BN_dup failed");
				1745	break;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1746	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1747	case KEY_ECDSA_CERT:
				1748	key_cert_copy(k, pk);
				1749	/* FALLTHROUGH */
				1750	case KEY_ECDSA:
				1751	if ((pk->ecdsa = EC_KEY_new_by_curve_name(pk->ecdsa_nid)) == NULL)
				1752	fatal("key_demote: EC_KEY_new_by_curve_name failed");
				1753	if (EC_KEY_set_public_key(pk->ecdsa,
				1754	EC_KEY_get0_public_key(k->ecdsa)) != 1)
				1755	fatal("key_demote: EC_KEY_set_public_key failed");
				1756	break;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1757	#endif
Ben Lindstrom	a674e8d	2002-03-22 01:45:53 +0000	[diff] [blame]	1758	default:
				1759	fatal("key_free: bad key type %d", k->type);
				1760	break;
				1761	}
				1762
				1763	return (pk);
				1764	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1765
				1766	int
				1767	key_is_cert(const Key *k)
				1768	{
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1769	if (k == NULL)
				1770	return 0;
				1771	switch (k->type) {
				1772	case KEY_RSA_CERT_V00:
				1773	case KEY_DSA_CERT_V00:
				1774	case KEY_RSA_CERT:
				1775	case KEY_DSA_CERT:
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1776	case KEY_ECDSA_CERT:
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1777	return 1;
				1778	default:
				1779	return 0;
				1780	}
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1781	}
				1782
				1783	/* Return the cert-less equivalent to a certified key type */
				1784	int
				1785	key_type_plain(int type)
				1786	{
				1787	switch (type) {
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1788	case KEY_RSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1789	case KEY_RSA_CERT:
				1790	return KEY_RSA;
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1791	case KEY_DSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1792	case KEY_DSA_CERT:
				1793	return KEY_DSA;
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1794	case KEY_ECDSA_CERT:
				1795	return KEY_ECDSA;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1796	default:
				1797	return type;
				1798	}
				1799	}
				1800
				1801	/* Convert a KEY_RSA or KEY_DSA to their _CERT equivalent */
				1802	int
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1803	key_to_certified(Key *k, int legacy)
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1804	{
				1805	switch (k->type) {
				1806	case KEY_RSA:
				1807	k->cert = cert_new();
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1808	k->type = legacy ? KEY_RSA_CERT_V00 : KEY_RSA_CERT;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1809	return 0;
				1810	case KEY_DSA:
				1811	k->cert = cert_new();
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1812	k->type = legacy ? KEY_DSA_CERT_V00 : KEY_DSA_CERT;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1813	return 0;
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1814	case KEY_ECDSA:
Damien Miller	8f639fe	2011-05-20 19:03:08 +1000	[diff] [blame]	1815	if (legacy)
				1816	fatal("%s: legacy ECDSA certificates are not supported",
				1817	__func__);
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1818	k->cert = cert_new();
				1819	k->type = KEY_ECDSA_CERT;
				1820	return 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1821	default:
				1822	error("%s: key has incorrect type %s", __func__, key_type(k));
				1823	return -1;
				1824	}
				1825	}
				1826
				1827	/* Convert a KEY_RSA_CERT or KEY_DSA_CERT to their raw key equivalent */
				1828	int
				1829	key_drop_cert(Key *k)
				1830	{
				1831	switch (k->type) {
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1832	case KEY_RSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1833	case KEY_RSA_CERT:
				1834	cert_free(k->cert);
				1835	k->type = KEY_RSA;
				1836	return 0;
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1837	case KEY_DSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1838	case KEY_DSA_CERT:
				1839	cert_free(k->cert);
				1840	k->type = KEY_DSA;
				1841	return 0;
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1842	case KEY_ECDSA_CERT:
				1843	cert_free(k->cert);
				1844	k->type = KEY_ECDSA;
				1845	return 0;
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1846	default:
				1847	error("%s: key has incorrect type %s", __func__, key_type(k));
				1848	return -1;
				1849	}
				1850	}
				1851
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1852	/*
				1853	* Sign a KEY_RSA_CERT, KEY_DSA_CERT or KEY_ECDSA_CERT, (re-)generating
				1854	* the signed certblob
				1855	*/
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1856	int
				1857	key_certify(Key k, Key ca)
				1858	{
				1859	Buffer principals;
				1860	u_char ca_blob, sig_blob, nonce[32];
				1861	u_int i, ca_len, sig_len;
				1862
				1863	if (k->cert == NULL) {
				1864	error("%s: key lacks cert info", __func__);
				1865	return -1;
				1866	}
				1867
				1868	if (!key_is_cert(k)) {
				1869	error("%s: certificate has unknown type %d", __func__,
				1870	k->cert->type);
				1871	return -1;
				1872	}
				1873
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1874	if (ca->type != KEY_RSA && ca->type != KEY_DSA &&
				1875	ca->type != KEY_ECDSA) {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1876	error("%s: CA key has unsupported type %s", __func__,
				1877	key_type(ca));
				1878	return -1;
				1879	}
				1880
				1881	key_to_blob(ca, &ca_blob, &ca_len);
				1882
				1883	buffer_clear(&k->cert->certblob);
				1884	buffer_put_cstring(&k->cert->certblob, key_ssh_name(k));
				1885
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1886	/* -v01 certs put nonce first */
Damien Miller	0a5f012	2011-02-04 11:47:01 +1100	[diff] [blame]	1887	arc4random_buf(&nonce, sizeof(nonce));
				1888	if (!key_cert_is_legacy(k))
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1889	buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce));
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1890
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1891	switch (k->type) {
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1892	case KEY_DSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1893	case KEY_DSA_CERT:
				1894	buffer_put_bignum2(&k->cert->certblob, k->dsa->p);
				1895	buffer_put_bignum2(&k->cert->certblob, k->dsa->q);
				1896	buffer_put_bignum2(&k->cert->certblob, k->dsa->g);
				1897	buffer_put_bignum2(&k->cert->certblob, k->dsa->pub_key);
				1898	break;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1899	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1900	case KEY_ECDSA_CERT:
				1901	buffer_put_cstring(&k->cert->certblob,
				1902	key_curve_nid_to_name(k->ecdsa_nid));
				1903	buffer_put_ecpoint(&k->cert->certblob,
				1904	EC_KEY_get0_group(k->ecdsa),
				1905	EC_KEY_get0_public_key(k->ecdsa));
				1906	break;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	1907	#endif
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1908	case KEY_RSA_CERT_V00:
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1909	case KEY_RSA_CERT:
				1910	buffer_put_bignum2(&k->cert->certblob, k->rsa->e);
				1911	buffer_put_bignum2(&k->cert->certblob, k->rsa->n);
				1912	break;
				1913	default:
				1914	error("%s: key has incorrect type %s", __func__, key_type(k));
				1915	buffer_clear(&k->cert->certblob);
				1916	xfree(ca_blob);
				1917	return -1;
				1918	}
				1919
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1920	/* -v01 certs have a serial number next */
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1921	if (!key_cert_is_legacy(k))
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1922	buffer_put_int64(&k->cert->certblob, k->cert->serial);
				1923
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1924	buffer_put_int(&k->cert->certblob, k->cert->type);
				1925	buffer_put_cstring(&k->cert->certblob, k->cert->key_id);
				1926
				1927	buffer_init(&principals);
				1928	for (i = 0; i < k->cert->nprincipals; i++)
				1929	buffer_put_cstring(&principals, k->cert->principals[i]);
				1930	buffer_put_string(&k->cert->certblob, buffer_ptr(&principals),
				1931	buffer_len(&principals));
				1932	buffer_free(&principals);
				1933
				1934	buffer_put_int64(&k->cert->certblob, k->cert->valid_after);
				1935	buffer_put_int64(&k->cert->certblob, k->cert->valid_before);
				1936	buffer_put_string(&k->cert->certblob,
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1937	buffer_ptr(&k->cert->critical), buffer_len(&k->cert->critical));
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1938
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1939	/* -v01 certs have non-critical options here */
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1940	if (!key_cert_is_legacy(k)) {
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1941	buffer_put_string(&k->cert->certblob,
				1942	buffer_ptr(&k->cert->extensions),
				1943	buffer_len(&k->cert->extensions));
				1944	}
				1945
				1946	/* -v00 certs put the nonce at the end */
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	1947	if (key_cert_is_legacy(k))
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	1948	buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce));
				1949
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	1950	buffer_put_string(&k->cert->certblob, NULL, 0); /* reserved */
				1951	buffer_put_string(&k->cert->certblob, ca_blob, ca_len);
				1952	xfree(ca_blob);
				1953
				1954	/* Sign the whole mess */
				1955	if (key_sign(ca, &sig_blob, &sig_len, buffer_ptr(&k->cert->certblob),
				1956	buffer_len(&k->cert->certblob)) != 0) {
				1957	error("%s: signature operation failed", __func__);
				1958	buffer_clear(&k->cert->certblob);
				1959	return -1;
				1960	}
				1961	/* Append signature and we are done */
				1962	buffer_put_string(&k->cert->certblob, sig_blob, sig_len);
				1963	xfree(sig_blob);
				1964
				1965	return 0;
				1966	}
				1967
				1968	int
				1969	key_cert_check_authority(const Key *k, int want_host, int require_principal,
				1970	const char name, const char *reason)
				1971	{
				1972	u_int i, principal_matches;
				1973	time_t now = time(NULL);
				1974
				1975	if (want_host) {
				1976	if (k->cert->type != SSH2_CERT_TYPE_HOST) {
				1977	*reason = "Certificate invalid: not a host certificate";
				1978	return -1;
				1979	}
				1980	} else {
				1981	if (k->cert->type != SSH2_CERT_TYPE_USER) {
				1982	*reason = "Certificate invalid: not a user certificate";
				1983	return -1;
				1984	}
				1985	}
				1986	if (now < 0) {
				1987	error("%s: system clock lies before epoch", __func__);
				1988	*reason = "Certificate invalid: not yet valid";
				1989	return -1;
				1990	}
				1991	if ((u_int64_t)now < k->cert->valid_after) {
				1992	*reason = "Certificate invalid: not yet valid";
				1993	return -1;
				1994	}
				1995	if ((u_int64_t)now >= k->cert->valid_before) {
				1996	*reason = "Certificate invalid: expired";
				1997	return -1;
				1998	}
				1999	if (k->cert->nprincipals == 0) {
				2000	if (require_principal) {
				2001	*reason = "Certificate lacks principal list";
				2002	return -1;
				2003	}
Damien Miller	30da344	2010-05-10 11:58:03 +1000	[diff] [blame]	2004	} else if (name != NULL) {
Damien Miller	0a80ca1	2010-02-27 07:55:05 +1100	[diff] [blame]	2005	principal_matches = 0;
				2006	for (i = 0; i < k->cert->nprincipals; i++) {
				2007	if (strcmp(name, k->cert->principals[i]) == 0) {
				2008	principal_matches = 1;
				2009	break;
				2010	}
				2011	}
				2012	if (!principal_matches) {
				2013	*reason = "Certificate invalid: name is not a listed "
				2014	"principal";
				2015	return -1;
				2016	}
				2017	}
				2018	return 0;
				2019	}
Damien Miller	4e270b0	2010-04-16 15:56:21 +1000	[diff] [blame]	2020
				2021	int
				2022	key_cert_is_legacy(Key *k)
				2023	{
				2024	switch (k->type) {
				2025	case KEY_DSA_CERT_V00:
				2026	case KEY_RSA_CERT_V00:
				2027	return 1;
				2028	default:
				2029	return 0;
				2030	}
				2031	}
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	2032
Damien Miller	041ab7c	2010-09-10 11:23:34 +1000	[diff] [blame]	2033	/* XXX: these are really begging for a table-driven approach */
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	2034	int
				2035	key_curve_name_to_nid(const char *name)
				2036	{
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	2037	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	2038	if (strcmp(name, "nistp256") == 0)
				2039	return NID_X9_62_prime256v1;
				2040	else if (strcmp(name, "nistp384") == 0)
				2041	return NID_secp384r1;
				2042	else if (strcmp(name, "nistp521") == 0)
				2043	return NID_secp521r1;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	2044	#endif
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	2045
				2046	debug("%s: unsupported EC curve name \"%.100s\"", __func__, name);
				2047	return -1;
				2048	}
				2049
Damien Miller	041ab7c	2010-09-10 11:23:34 +1000	[diff] [blame]	2050	u_int
				2051	key_curve_nid_to_bits(int nid)
				2052	{
				2053	switch (nid) {
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	2054	#ifdef OPENSSL_HAS_ECC
Damien Miller	041ab7c	2010-09-10 11:23:34 +1000	[diff] [blame]	2055	case NID_X9_62_prime256v1:
				2056	return 256;
				2057	case NID_secp384r1:
				2058	return 384;
				2059	case NID_secp521r1:
				2060	return 521;
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	2061	#endif
Damien Miller	041ab7c	2010-09-10 11:23:34 +1000	[diff] [blame]	2062	default:
				2063	error("%s: unsupported EC curve nid %d", __func__, nid);
				2064	return 0;
				2065	}
				2066	}
				2067
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	2068	const char *
				2069	key_curve_nid_to_name(int nid)
				2070	{
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	2071	#ifdef OPENSSL_HAS_ECC
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	2072	if (nid == NID_X9_62_prime256v1)
				2073	return "nistp256";
				2074	else if (nid == NID_secp384r1)
				2075	return "nistp384";
				2076	else if (nid == NID_secp521r1)
				2077	return "nistp521";
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	2078	#endif
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	2079	error("%s: unsupported EC curve nid %d", __func__, nid);
				2080	return NULL;
				2081	}
				2082
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	2083	#ifdef OPENSSL_HAS_ECC
Damien Miller	041ab7c	2010-09-10 11:23:34 +1000	[diff] [blame]	2084	const EVP_MD *
				2085	key_ec_nid_to_evpmd(int nid)
				2086	{
				2087	int kbits = key_curve_nid_to_bits(nid);
				2088
				2089	if (kbits == 0)
				2090	fatal("%s: invalid nid %d", __func__, nid);
				2091	/* RFC5656 section 6.2.1 */
				2092	if (kbits <= 256)
				2093	return EVP_sha256();
				2094	else if (kbits <= 384)
				2095	return EVP_sha384();
				2096	else
				2097	return EVP_sha512();
				2098	}
				2099
Damien Miller	eb8b60e	2010-08-31 22:41:14 +1000	[diff] [blame]	2100	int
				2101	key_ec_validate_public(const EC_GROUP group, const EC_POINT public)
				2102	{
				2103	BN_CTX *bnctx;
				2104	EC_POINT *nq = NULL;
				2105	BIGNUM order, x, y, tmp;
				2106	int ret = -1;
				2107
				2108	if ((bnctx = BN_CTX_new()) == NULL)
				2109	fatal("%s: BN_CTX_new failed", __func__);
				2110	BN_CTX_start(bnctx);
				2111
				2112	/*
				2113	* We shouldn't ever hit this case because bignum_get_ecpoint()
				2114	* refuses to load GF2m points.
				2115	*/
				2116	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
				2117	NID_X9_62_prime_field) {
				2118	error("%s: group is not a prime field", __func__);
				2119	goto out;
				2120	}
				2121
				2122	/* Q != infinity */
				2123	if (EC_POINT_is_at_infinity(group, public)) {
				2124	error("%s: received degenerate public key (infinity)",
				2125	__func__);
				2126	goto out;
				2127	}
				2128
				2129	if ((x = BN_CTX_get(bnctx)) == NULL \|\|
				2130	(y = BN_CTX_get(bnctx)) == NULL \|\|
				2131	(order = BN_CTX_get(bnctx)) == NULL \|\|
				2132	(tmp = BN_CTX_get(bnctx)) == NULL)
				2133	fatal("%s: BN_CTX_get failed", __func__);
				2134
				2135	/* log2(x) > log2(order)/2, log2(y) > log2(order)/2 */
				2136	if (EC_GROUP_get_order(group, order, bnctx) != 1)
				2137	fatal("%s: EC_GROUP_get_order failed", __func__);
				2138	if (EC_POINT_get_affine_coordinates_GFp(group, public,
				2139	x, y, bnctx) != 1)
				2140	fatal("%s: EC_POINT_get_affine_coordinates_GFp", __func__);
				2141	if (BN_num_bits(x) <= BN_num_bits(order) / 2) {
				2142	error("%s: public key x coordinate too small: "
				2143	"bits(x) = %d, bits(order)/2 = %d", __func__,
				2144	BN_num_bits(x), BN_num_bits(order) / 2);
				2145	goto out;
				2146	}
				2147	if (BN_num_bits(y) <= BN_num_bits(order) / 2) {
				2148	error("%s: public key y coordinate too small: "
				2149	"bits(y) = %d, bits(order)/2 = %d", __func__,
				2150	BN_num_bits(x), BN_num_bits(order) / 2);
				2151	goto out;
				2152	}
				2153
				2154	/* nQ == infinity (n == order of subgroup) */
				2155	if ((nq = EC_POINT_new(group)) == NULL)
				2156	fatal("%s: BN_CTX_tmp failed", __func__);
				2157	if (EC_POINT_mul(group, nq, NULL, public, order, bnctx) != 1)
				2158	fatal("%s: EC_GROUP_mul failed", __func__);
				2159	if (EC_POINT_is_at_infinity(group, nq) != 1) {
				2160	error("%s: received degenerate public key (nQ != infinity)",
				2161	__func__);
				2162	goto out;
				2163	}
				2164
				2165	/* x < order - 1, y < order - 1 */
				2166	if (!BN_sub(tmp, order, BN_value_one()))
				2167	fatal("%s: BN_sub failed", __func__);
				2168	if (BN_cmp(x, tmp) >= 0) {
				2169	error("%s: public key x coordinate >= group order - 1",
				2170	__func__);
				2171	goto out;
				2172	}
				2173	if (BN_cmp(y, tmp) >= 0) {
				2174	error("%s: public key y coordinate >= group order - 1",
				2175	__func__);
				2176	goto out;
				2177	}
				2178	ret = 0;
				2179	out:
				2180	BN_CTX_free(bnctx);
				2181	EC_POINT_free(nq);
				2182	return ret;
				2183	}
				2184
				2185	int
				2186	key_ec_validate_private(const EC_KEY *key)
				2187	{
				2188	BN_CTX *bnctx;
				2189	BIGNUM order, tmp;
				2190	int ret = -1;
				2191
				2192	if ((bnctx = BN_CTX_new()) == NULL)
				2193	fatal("%s: BN_CTX_new failed", __func__);
				2194	BN_CTX_start(bnctx);
				2195
				2196	if ((order = BN_CTX_get(bnctx)) == NULL \|\|
				2197	(tmp = BN_CTX_get(bnctx)) == NULL)
				2198	fatal("%s: BN_CTX_get failed", __func__);
				2199
				2200	/* log2(private) > log2(order)/2 */
				2201	if (EC_GROUP_get_order(EC_KEY_get0_group(key), order, bnctx) != 1)
				2202	fatal("%s: EC_GROUP_get_order failed", __func__);
				2203	if (BN_num_bits(EC_KEY_get0_private_key(key)) <=
				2204	BN_num_bits(order) / 2) {
				2205	error("%s: private key too small: "
				2206	"bits(y) = %d, bits(order)/2 = %d", __func__,
				2207	BN_num_bits(EC_KEY_get0_private_key(key)),
				2208	BN_num_bits(order) / 2);
				2209	goto out;
				2210	}
				2211
				2212	/* private < order - 1 */
				2213	if (!BN_sub(tmp, order, BN_value_one()))
				2214	fatal("%s: BN_sub failed", __func__);
				2215	if (BN_cmp(EC_KEY_get0_private_key(key), tmp) >= 0) {
				2216	error("%s: private key >= group order - 1", __func__);
				2217	goto out;
				2218	}
				2219	ret = 0;
				2220	out:
				2221	BN_CTX_free(bnctx);
				2222	return ret;
				2223	}
				2224
				2225	#if defined(DEBUG_KEXECDH) \|\| defined(DEBUG_PK)
				2226	void
				2227	key_dump_ec_point(const EC_GROUP group, const EC_POINT point)
				2228	{
				2229	BIGNUM x, y;
				2230	BN_CTX *bnctx;
				2231
				2232	if (point == NULL) {
				2233	fputs("point=(NULL)\n", stderr);
				2234	return;
				2235	}
				2236	if ((bnctx = BN_CTX_new()) == NULL)
				2237	fatal("%s: BN_CTX_new failed", __func__);
				2238	BN_CTX_start(bnctx);
				2239	if ((x = BN_CTX_get(bnctx)) == NULL \|\| (y = BN_CTX_get(bnctx)) == NULL)
				2240	fatal("%s: BN_CTX_get failed", __func__);
				2241	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
				2242	NID_X9_62_prime_field)
				2243	fatal("%s: group is not a prime field", __func__);
				2244	if (EC_POINT_get_affine_coordinates_GFp(group, point, x, y, bnctx) != 1)
				2245	fatal("%s: EC_POINT_get_affine_coordinates_GFp", __func__);
				2246	fputs("x=", stderr);
				2247	BN_print_fp(stderr, x);
				2248	fputs("\ny=", stderr);
				2249	BN_print_fp(stderr, y);
				2250	fputs("\n", stderr);
				2251	BN_CTX_free(bnctx);
				2252	}
				2253
				2254	void
				2255	key_dump_ec_key(const EC_KEY *key)
				2256	{
				2257	const BIGNUM *exponent;
				2258
				2259	key_dump_ec_point(EC_KEY_get0_group(key), EC_KEY_get0_public_key(key));
				2260	fputs("exponent=", stderr);
				2261	if ((exponent = EC_KEY_get0_private_key(key)) == NULL)
				2262	fputs("(NULL)", stderr);
				2263	else
				2264	BN_print_fp(stderr, EC_KEY_get0_private_key(key));
				2265	fputs("\n", stderr);
				2266	}
				2267	#endif /* defined(DEBUG_KEXECDH) \|\| defined(DEBUG_PK) */
Damien Miller	6af914a	2010-09-10 11:39:26 +1000	[diff] [blame]	2268	#endif /* OPENSSL_HAS_ECC */