Blame - ssh-rsa.c - platform/external/openssh

blob: 458c9c840efab6d4375b655de7ce18d2a3090059 [file] [log] [blame]

Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	1	/*
				2	* Copyright (c) 2000 Markus Friedl. All rights reserved.
				3	*
				4	* Redistribution and use in source and binary forms, with or without
				5	* modification, are permitted provided that the following conditions
				6	* are met:
				7	* 1. Redistributions of source code must retain the above copyright
				8	* notice, this list of conditions and the following disclaimer.
				9	* 2. Redistributions in binary form must reproduce the above copyright
				10	* notice, this list of conditions and the following disclaimer in the
				11	* documentation and/or other materials provided with the distribution.
				12	*
				13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
				23	*/
				24
				25	#include "includes.h"
Ben Lindstrom	ceae9d1	2002-06-06 20:55:04 +0000	[diff] [blame^]	26	RCSID("$OpenBSD: ssh-rsa.c,v 1.19 2002/05/31 13:20:50 markus Exp $");
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	27
				28	#include <openssl/evp.h>
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	29	#include <openssl/err.h>
				30
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	31	#include "xmalloc.h"
				32	#include "log.h"
				33	#include "buffer.h"
				34	#include "bufaux.h"
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	35	#include "key.h"
Ben Lindstrom	31ca54a	2001-02-09 02:11:24 +0000	[diff] [blame]	36	#include "ssh-rsa.h"
Ben Lindstrom	60a4381	2001-03-29 00:32:56 +0000	[diff] [blame]	37	#include "compat.h"
Ben Lindstrom	03f3932	2002-04-02 20:43:11 +0000	[diff] [blame]	38	#include "ssh.h"
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	39
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	40	/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
				41	int
				42	ssh_rsa_sign(
				43	Key *key,
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	44	u_char *sigp, u_int lenp,
				45	u_char *data, u_int datalen)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	46	{
Ben Lindstrom	425fb02	2001-03-29 00:31:20 +0000	[diff] [blame]	47	const EVP_MD *evp_md;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	48	EVP_MD_CTX md;
Damien Miller	c516e92	2002-02-05 11:53:43 +1100	[diff] [blame]	49	u_char digest[EVP_MAX_MD_SIZE], sig, ret;
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	50	u_int slen, dlen, len;
Ben Lindstrom	425fb02	2001-03-29 00:31:20 +0000	[diff] [blame]	51	int ok, nid;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	52	Buffer b;
				53
				54	if (key == NULL \|\| key->type != KEY_RSA \|\| key->rsa == NULL) {
				55	error("ssh_rsa_sign: no RSA key");
				56	return -1;
				57	}
Ben Lindstrom	60a4381	2001-03-29 00:32:56 +0000	[diff] [blame]	58	nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1;
Ben Lindstrom	425fb02	2001-03-29 00:31:20 +0000	[diff] [blame]	59	if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
				60	error("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid);
				61	return -1;
				62	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	63	EVP_DigestInit(&md, evp_md);
				64	EVP_DigestUpdate(&md, data, datalen);
Damien Miller	c516e92	2002-02-05 11:53:43 +1100	[diff] [blame]	65	EVP_DigestFinal(&md, digest, &dlen);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	66
Ben Lindstrom	425fb02	2001-03-29 00:31:20 +0000	[diff] [blame]	67	slen = RSA_size(key->rsa);
				68	sig = xmalloc(slen);
				69
				70	ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa);
Damien Miller	c516e92	2002-02-05 11:53:43 +1100	[diff] [blame]	71	memset(digest, 'd', sizeof(digest));
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	72
				73	if (ok != 1) {
				74	int ecode = ERR_get_error();
				75	error("ssh_rsa_sign: RSA_sign failed: %s", ERR_error_string(ecode, NULL));
				76	xfree(sig);
				77	return -1;
				78	}
				79	if (len < slen) {
				80	int diff = slen - len;
				81	debug("slen %d > len %d", slen, len);
				82	memmove(sig + diff, sig, len);
				83	memset(sig, 0, diff);
				84	} else if (len > slen) {
				85	error("ssh_rsa_sign: slen %d slen2 %d", slen, len);
				86	xfree(sig);
				87	return -1;
				88	}
				89	/* encode signature */
				90	buffer_init(&b);
				91	buffer_put_cstring(&b, "ssh-rsa");
				92	buffer_put_string(&b, sig, slen);
				93	len = buffer_len(&b);
				94	ret = xmalloc(len);
				95	memcpy(ret, buffer_ptr(&b), len);
				96	buffer_free(&b);
				97	memset(sig, 's', slen);
				98	xfree(sig);
				99
				100	if (lenp != NULL)
				101	*lenp = len;
				102	if (sigp != NULL)
				103	*sigp = ret;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	104	return 0;
				105	}
				106
				107	int
				108	ssh_rsa_verify(
				109	Key *key,
Ben Lindstrom	90fd814	2002-02-26 18:09:42 +0000	[diff] [blame]	110	u_char *signature, u_int signaturelen,
				111	u_char *data, u_int datalen)
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	112	{
				113	Buffer b;
Ben Lindstrom	425fb02	2001-03-29 00:31:20 +0000	[diff] [blame]	114	const EVP_MD *evp_md;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	115	EVP_MD_CTX md;
				116	char *ktype;
Damien Miller	c516e92	2002-02-05 11:53:43 +1100	[diff] [blame]	117	u_char digest[EVP_MAX_MD_SIZE], *sigblob;
Ben Lindstrom	ceae9d1	2002-06-06 20:55:04 +0000	[diff] [blame^]	118	u_int len, dlen, modlen;
Ben Lindstrom	425fb02	2001-03-29 00:31:20 +0000	[diff] [blame]	119	int rlen, ret, nid;
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	120
				121	if (key == NULL \|\| key->type != KEY_RSA \|\| key->rsa == NULL) {
				122	error("ssh_rsa_verify: no RSA key");
				123	return -1;
				124	}
Ben Lindstrom	03f3932	2002-04-02 20:43:11 +0000	[diff] [blame]	125	if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
Ben Lindstrom	bf555ba	2001-01-18 02:04:35 +0000	[diff] [blame]	126	error("ssh_rsa_verify: n too small: %d bits",
				127	BN_num_bits(key->rsa->n));
				128	return -1;
				129	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	130	buffer_init(&b);
Ben Lindstrom	9e0ddd4	2001-09-18 05:41:19 +0000	[diff] [blame]	131	buffer_append(&b, signature, signaturelen);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	132	ktype = buffer_get_string(&b, NULL);
				133	if (strcmp("ssh-rsa", ktype) != 0) {
				134	error("ssh_rsa_verify: cannot handle type %s", ktype);
				135	buffer_free(&b);
				136	xfree(ktype);
				137	return -1;
				138	}
				139	xfree(ktype);
Ben Lindstrom	9e0ddd4	2001-09-18 05:41:19 +0000	[diff] [blame]	140	sigblob = buffer_get_string(&b, &len);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	141	rlen = buffer_len(&b);
				142	buffer_free(&b);
Ben Lindstrom	1c37c6a	2001-12-06 18:00:18 +0000	[diff] [blame]	143	if (rlen != 0) {
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	144	error("ssh_rsa_verify: remaining bytes in signature %d", rlen);
Damien Miller	36e603d	2001-11-12 11:03:35 +1100	[diff] [blame]	145	xfree(sigblob);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	146	return -1;
				147	}
Ben Lindstrom	ceae9d1	2002-06-06 20:55:04 +0000	[diff] [blame^]	148	/* RSA_verify expects a signature of RSA_size */
				149	modlen = RSA_size(key->rsa);
				150	if (len > modlen) {
				151	error("ssh_rsa_verify: len %d > modlen %d", len, modlen);
				152	xfree(sigblob);
				153	return -1;
				154	} else if (len < modlen) {
				155	int diff = modlen - len;
				156	debug("ssh_rsa_verify: add padding: modlen %d > len %d",
				157	modlen, len);
				158	sigblob = xrealloc(sigblob, modlen);
				159	memmove(sigblob + diff, sigblob, len);
				160	memset(sigblob, 0, diff);
				161	len = modlen;
				162	}
Ben Lindstrom	60a4381	2001-03-29 00:32:56 +0000	[diff] [blame]	163	nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1;
Ben Lindstrom	425fb02	2001-03-29 00:31:20 +0000	[diff] [blame]	164	if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
Ben Lindstrom	425fb02	2001-03-29 00:31:20 +0000	[diff] [blame]	165	error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid);
Damien Miller	36e603d	2001-11-12 11:03:35 +1100	[diff] [blame]	166	xfree(sigblob);
Ben Lindstrom	425fb02	2001-03-29 00:31:20 +0000	[diff] [blame]	167	return -1;
				168	}
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	169	EVP_DigestInit(&md, evp_md);
				170	EVP_DigestUpdate(&md, data, datalen);
Damien Miller	c516e92	2002-02-05 11:53:43 +1100	[diff] [blame]	171	EVP_DigestFinal(&md, digest, &dlen);
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	172
Ben Lindstrom	425fb02	2001-03-29 00:31:20 +0000	[diff] [blame]	173	ret = RSA_verify(nid, digest, dlen, sigblob, len, key->rsa);
Damien Miller	c516e92	2002-02-05 11:53:43 +1100	[diff] [blame]	174	memset(digest, 'd', sizeof(digest));
Damien Miller	0bc1bd8	2000-11-13 22:57:25 +1100	[diff] [blame]	175	memset(sigblob, 's', len);
				176	xfree(sigblob);
				177	if (ret == 0) {
				178	int ecode = ERR_get_error();
				179	error("ssh_rsa_verify: RSA_verify failed: %s", ERR_error_string(ecode, NULL));
				180	}
				181	debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
				182	return ret;
				183	}