blob: 9f03d5137e333107e008d2e8f90e1b451a625ac8 [file] [log] [blame]
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001/*
Damien Miller95def091999-11-25 00:26:21 +11002 * Author: Tatu Ylonen <ylo@cs.hut.fi>
Damien Miller95def091999-11-25 00:26:21 +11003 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
Damien Miller95def091999-11-25 00:26:21 +11005 * This file contains functions for reading and writing identity files, and
6 * for reading the passphrase from the user.
Damien Miller4af51302000-04-16 11:18:38 +10007 *
Damien Millere4340be2000-09-16 13:29:08 +11008 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
13 *
14 *
15 * Copyright (c) 2000 Markus Friedl. All rights reserved.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
19 * are met:
20 * 1. Redistributions of source code must retain the above copyright
21 * notice, this list of conditions and the following disclaimer.
22 * 2. Redistributions in binary form must reproduce the above copyright
23 * notice, this list of conditions and the following disclaimer in the
24 * documentation and/or other materials provided with the distribution.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller95def091999-11-25 00:26:21 +110036 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100037
38#include "includes.h"
Ben Lindstromb257cca2001-03-05 04:59:27 +000039RCSID("$OpenBSD: authfile.c,v 1.28 2001/02/21 09:05:54 deraadt Exp $");
Damien Millerd4a8b7e1999-10-27 13:42:43 +100040
Damien Miller0bc1bd82000-11-13 22:57:25 +110041#include <openssl/err.h>
Damien Millereba71ba2000-04-29 23:57:08 +100042#include <openssl/evp.h>
Ben Lindstrom226cfa02001-01-22 05:34:40 +000043#include <openssl/pem.h>
Damien Millereba71ba2000-04-29 23:57:08 +100044
Ben Lindstrom226cfa02001-01-22 05:34:40 +000045#include "cipher.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100046#include "xmalloc.h"
47#include "buffer.h"
48#include "bufaux.h"
Damien Millereba71ba2000-04-29 23:57:08 +100049#include "key.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000050#include "ssh.h"
51#include "log.h"
Ben Lindstrom31ca54a2001-02-09 02:11:24 +000052#include "authfile.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100053
54/* Version identification string for identity files. */
Ben Lindstrom1170d712001-01-29 07:51:26 +000055static const char authfile_id_string[] =
56 "SSH PRIVATE KEY FILE FORMAT 1.1\n";
Damien Millerd4a8b7e1999-10-27 13:42:43 +100057
Damien Miller5428f641999-11-25 11:54:57 +110058/*
59 * Saves the authentication (private) key in a file, encrypting it with
60 * passphrase. The identification of the file (lowest 64 bits of n) will
61 * precede the key to provide identification of the key without needing a
62 * passphrase.
63 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100064
65int
Damien Miller0bc1bd82000-11-13 22:57:25 +110066save_private_key_rsa1(const char *filename, const char *passphrase,
Damien Millereba71ba2000-04-29 23:57:08 +100067 RSA *key, const char *comment)
Damien Millerd4a8b7e1999-10-27 13:42:43 +100068{
Damien Miller95def091999-11-25 00:26:21 +110069 Buffer buffer, encrypted;
70 char buf[100], *cp;
Damien Miller037a0dc1999-12-07 15:38:31 +110071 int fd, i;
Damien Miller874d77b2000-10-14 16:23:11 +110072 CipherContext ciphercontext;
73 Cipher *cipher;
Damien Miller95def091999-11-25 00:26:21 +110074 u_int32_t rand;
Damien Millerd4a8b7e1999-10-27 13:42:43 +100075
Damien Miller5428f641999-11-25 11:54:57 +110076 /*
77 * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting
78 * to another cipher; otherwise use SSH_AUTHFILE_CIPHER.
79 */
Damien Miller95def091999-11-25 00:26:21 +110080 if (strcmp(passphrase, "") == 0)
Damien Miller874d77b2000-10-14 16:23:11 +110081 cipher = cipher_by_number(SSH_CIPHER_NONE);
Damien Miller95def091999-11-25 00:26:21 +110082 else
Damien Miller874d77b2000-10-14 16:23:11 +110083 cipher = cipher_by_number(SSH_AUTHFILE_CIPHER);
84 if (cipher == NULL)
85 fatal("save_private_key_rsa: bad cipher");
Damien Millerd4a8b7e1999-10-27 13:42:43 +100086
Damien Miller95def091999-11-25 00:26:21 +110087 /* This buffer is used to built the secret part of the private key. */
88 buffer_init(&buffer);
Damien Millerd4a8b7e1999-10-27 13:42:43 +100089
Damien Miller95def091999-11-25 00:26:21 +110090 /* Put checkbytes for checking passphrase validity. */
91 rand = arc4random();
92 buf[0] = rand & 0xff;
93 buf[1] = (rand >> 8) & 0xff;
94 buf[2] = buf[0];
95 buf[3] = buf[1];
96 buffer_append(&buffer, buf, 4);
Damien Millerd4a8b7e1999-10-27 13:42:43 +100097
Damien Miller5428f641999-11-25 11:54:57 +110098 /*
99 * Store the private key (n and e will not be stored because they
100 * will be stored in plain text, and storing them also in encrypted
101 * format would just give known plaintext).
102 */
Damien Miller95def091999-11-25 00:26:21 +1100103 buffer_put_bignum(&buffer, key->d);
104 buffer_put_bignum(&buffer, key->iqmp);
105 buffer_put_bignum(&buffer, key->q); /* reverse from SSL p */
106 buffer_put_bignum(&buffer, key->p); /* reverse from SSL q */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000107
Damien Miller95def091999-11-25 00:26:21 +1100108 /* Pad the part to be encrypted until its size is a multiple of 8. */
109 while (buffer_len(&buffer) % 8 != 0)
110 buffer_put_char(&buffer, 0);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000111
Damien Miller95def091999-11-25 00:26:21 +1100112 /* This buffer will be used to contain the data in the file. */
113 buffer_init(&encrypted);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000114
Damien Miller95def091999-11-25 00:26:21 +1100115 /* First store keyfile id string. */
Ben Lindstrom1170d712001-01-29 07:51:26 +0000116 for (i = 0; authfile_id_string[i]; i++)
117 buffer_put_char(&encrypted, authfile_id_string[i]);
Damien Miller95def091999-11-25 00:26:21 +1100118 buffer_put_char(&encrypted, 0);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000119
Damien Miller95def091999-11-25 00:26:21 +1100120 /* Store cipher type. */
Damien Miller874d77b2000-10-14 16:23:11 +1100121 buffer_put_char(&encrypted, cipher->number);
Damien Miller95def091999-11-25 00:26:21 +1100122 buffer_put_int(&encrypted, 0); /* For future extension */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000123
Damien Miller95def091999-11-25 00:26:21 +1100124 /* Store public key. This will be in plain text. */
125 buffer_put_int(&encrypted, BN_num_bits(key->n));
126 buffer_put_bignum(&encrypted, key->n);
127 buffer_put_bignum(&encrypted, key->e);
128 buffer_put_string(&encrypted, comment, strlen(comment));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000129
Damien Miller95def091999-11-25 00:26:21 +1100130 /* Allocate space for the private part of the key in the buffer. */
131 buffer_append_space(&encrypted, &cp, buffer_len(&buffer));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000132
Damien Miller874d77b2000-10-14 16:23:11 +1100133 cipher_set_key_string(&ciphercontext, cipher, passphrase);
Ben Lindstrom46c16222000-12-22 01:43:59 +0000134 cipher_encrypt(&ciphercontext, (u_char *) cp,
135 (u_char *) buffer_ptr(&buffer), buffer_len(&buffer));
Damien Miller874d77b2000-10-14 16:23:11 +1100136 memset(&ciphercontext, 0, sizeof(ciphercontext));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000137
Damien Miller95def091999-11-25 00:26:21 +1100138 /* Destroy temporary data. */
139 memset(buf, 0, sizeof(buf));
140 buffer_free(&buffer);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000141
Damien Miller037a0dc1999-12-07 15:38:31 +1100142 fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
143 if (fd < 0)
Damien Miller95def091999-11-25 00:26:21 +1100144 return 0;
Damien Miller037a0dc1999-12-07 15:38:31 +1100145 if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) !=
Damien Miller95def091999-11-25 00:26:21 +1100146 buffer_len(&encrypted)) {
147 debug("Write to key file %.200s failed: %.100s", filename,
148 strerror(errno));
149 buffer_free(&encrypted);
Damien Miller037a0dc1999-12-07 15:38:31 +1100150 close(fd);
Damien Miller78315eb2000-09-29 23:01:36 +1100151 unlink(filename);
Damien Miller95def091999-11-25 00:26:21 +1100152 return 0;
153 }
Damien Miller037a0dc1999-12-07 15:38:31 +1100154 close(fd);
Damien Miller95def091999-11-25 00:26:21 +1100155 buffer_free(&encrypted);
156 return 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000157}
158
Damien Miller0bc1bd82000-11-13 22:57:25 +1100159/* save SSH2 key in OpenSSL PEM format */
Damien Millereba71ba2000-04-29 23:57:08 +1000160int
Damien Miller0bc1bd82000-11-13 22:57:25 +1100161save_private_key_ssh2(const char *filename, const char *_passphrase,
162 Key *key, const char *comment)
Damien Millereba71ba2000-04-29 23:57:08 +1000163{
164 FILE *fp;
165 int fd;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100166 int success = 0;
167 int len = strlen(_passphrase);
168 char *passphrase = (len > 0) ? (char *)_passphrase : NULL;
169 EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL;
Damien Millereba71ba2000-04-29 23:57:08 +1000170
171 if (len > 0 && len <= 4) {
172 error("passphrase too short: %d bytes", len);
173 errno = 0;
174 return 0;
175 }
176 fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
177 if (fd < 0) {
178 debug("open %s failed", filename);
179 return 0;
180 }
181 fp = fdopen(fd, "w");
182 if (fp == NULL ) {
183 debug("fdopen %s failed", filename);
184 close(fd);
185 return 0;
186 }
Damien Miller0bc1bd82000-11-13 22:57:25 +1100187 switch (key->type) {
188 case KEY_DSA:
189 success = PEM_write_DSAPrivateKey(fp, key->dsa,
190 cipher, passphrase, len, NULL, NULL);
191 break;
192 case KEY_RSA:
193 success = PEM_write_RSAPrivateKey(fp, key->rsa,
194 cipher, passphrase, len, NULL, NULL);
195 break;
Damien Millereba71ba2000-04-29 23:57:08 +1000196 }
197 fclose(fp);
198 return success;
199}
200
201int
202save_private_key(const char *filename, const char *passphrase, Key *key,
203 const char *comment)
204{
205 switch (key->type) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100206 case KEY_RSA1:
207 return save_private_key_rsa1(filename, passphrase, key->rsa, comment);
Damien Millereba71ba2000-04-29 23:57:08 +1000208 break;
209 case KEY_DSA:
Damien Miller0bc1bd82000-11-13 22:57:25 +1100210 case KEY_RSA:
211 return save_private_key_ssh2(filename, passphrase, key, comment);
Damien Millereba71ba2000-04-29 23:57:08 +1000212 break;
213 default:
214 break;
215 }
216 return 0;
217}
218
Damien Miller5428f641999-11-25 11:54:57 +1100219/*
220 * Loads the public part of the key file. Returns 0 if an error was
221 * encountered (the file does not exist or is not readable), and non-zero
222 * otherwise.
223 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000224
225int
Damien Millereba71ba2000-04-29 23:57:08 +1000226load_public_key_rsa(const char *filename, RSA * pub, char **comment_return)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000227{
Damien Miller037a0dc1999-12-07 15:38:31 +1100228 int fd, i;
Damien Miller95def091999-11-25 00:26:21 +1100229 off_t len;
230 Buffer buffer;
231 char *cp;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000232
Damien Miller037a0dc1999-12-07 15:38:31 +1100233 fd = open(filename, O_RDONLY);
234 if (fd < 0)
Damien Miller95def091999-11-25 00:26:21 +1100235 return 0;
Damien Miller037a0dc1999-12-07 15:38:31 +1100236 len = lseek(fd, (off_t) 0, SEEK_END);
237 lseek(fd, (off_t) 0, SEEK_SET);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000238
Damien Miller95def091999-11-25 00:26:21 +1100239 buffer_init(&buffer);
240 buffer_append_space(&buffer, &cp, len);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000241
Damien Miller037a0dc1999-12-07 15:38:31 +1100242 if (read(fd, cp, (size_t) len) != (size_t) len) {
Damien Miller95def091999-11-25 00:26:21 +1100243 debug("Read from key file %.200s failed: %.100s", filename,
Damien Millereba71ba2000-04-29 23:57:08 +1000244 strerror(errno));
Damien Miller95def091999-11-25 00:26:21 +1100245 buffer_free(&buffer);
Damien Miller037a0dc1999-12-07 15:38:31 +1100246 close(fd);
Damien Miller95def091999-11-25 00:26:21 +1100247 return 0;
248 }
Damien Miller037a0dc1999-12-07 15:38:31 +1100249 close(fd);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000250
Ben Lindstrom1170d712001-01-29 07:51:26 +0000251 /* Check that it is at least big enough to contain the ID string. */
252 if (len < sizeof(authfile_id_string)) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100253 debug3("Bad RSA1 key file %.200s.", filename);
Damien Miller95def091999-11-25 00:26:21 +1100254 buffer_free(&buffer);
255 return 0;
256 }
Damien Miller5428f641999-11-25 11:54:57 +1100257 /*
258 * Make sure it begins with the id string. Consume the id string
259 * from the buffer.
260 */
Ben Lindstrom1170d712001-01-29 07:51:26 +0000261 for (i = 0; i < sizeof(authfile_id_string); i++)
262 if (buffer_get_char(&buffer) != authfile_id_string[i]) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100263 debug3("Bad RSA1 key file %.200s.", filename);
Damien Miller95def091999-11-25 00:26:21 +1100264 buffer_free(&buffer);
265 return 0;
266 }
267 /* Skip cipher type and reserved data. */
268 (void) buffer_get_char(&buffer); /* cipher type */
269 (void) buffer_get_int(&buffer); /* reserved */
270
271 /* Read the public key from the buffer. */
272 buffer_get_int(&buffer);
Damien Millereba71ba2000-04-29 23:57:08 +1000273 /* XXX alloc */
274 if (pub->n == NULL)
275 pub->n = BN_new();
Damien Miller95def091999-11-25 00:26:21 +1100276 buffer_get_bignum(&buffer, pub->n);
Damien Millereba71ba2000-04-29 23:57:08 +1000277 /* XXX alloc */
278 if (pub->e == NULL)
279 pub->e = BN_new();
Damien Miller95def091999-11-25 00:26:21 +1100280 buffer_get_bignum(&buffer, pub->e);
281 if (comment_return)
282 *comment_return = buffer_get_string(&buffer, NULL);
283 /* The encrypted private part is not parsed by this function. */
284
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000285 buffer_free(&buffer);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000286
Damien Miller95def091999-11-25 00:26:21 +1100287 return 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000288}
289
Damien Millere4340be2000-09-16 13:29:08 +1100290/* load public key from private-key file */
Damien Millereba71ba2000-04-29 23:57:08 +1000291int
292load_public_key(const char *filename, Key * key, char **comment_return)
293{
294 switch (key->type) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100295 case KEY_RSA1:
Damien Millereba71ba2000-04-29 23:57:08 +1000296 return load_public_key_rsa(filename, key->rsa, comment_return);
297 break;
298 case KEY_DSA:
Damien Miller0bc1bd82000-11-13 22:57:25 +1100299 case KEY_RSA:
Damien Millereba71ba2000-04-29 23:57:08 +1000300 default:
301 break;
302 }
303 return 0;
304}
305
Damien Miller5428f641999-11-25 11:54:57 +1100306/*
307 * Loads the private key from the file. Returns 0 if an error is encountered
308 * (file does not exist or is not readable, or passphrase is bad). This
309 * initializes the private key.
310 * Assumes we are called under uid of the owner of the file.
311 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000312
313int
Damien Miller0bc1bd82000-11-13 22:57:25 +1100314load_private_key_rsa1(int fd, const char *filename,
Damien Millereba71ba2000-04-29 23:57:08 +1000315 const char *passphrase, RSA * prv, char **comment_return)
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000316{
Damien Millereba71ba2000-04-29 23:57:08 +1000317 int i, check1, check2, cipher_type;
Damien Miller95def091999-11-25 00:26:21 +1100318 off_t len;
319 Buffer buffer, decrypted;
320 char *cp;
Damien Miller874d77b2000-10-14 16:23:11 +1100321 CipherContext ciphercontext;
322 Cipher *cipher;
Damien Miller95def091999-11-25 00:26:21 +1100323 BN_CTX *ctx;
324 BIGNUM *aux;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000325
Damien Miller037a0dc1999-12-07 15:38:31 +1100326 len = lseek(fd, (off_t) 0, SEEK_END);
327 lseek(fd, (off_t) 0, SEEK_SET);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000328
Damien Miller95def091999-11-25 00:26:21 +1100329 buffer_init(&buffer);
330 buffer_append_space(&buffer, &cp, len);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000331
Damien Miller037a0dc1999-12-07 15:38:31 +1100332 if (read(fd, cp, (size_t) len) != (size_t) len) {
Damien Miller95def091999-11-25 00:26:21 +1100333 debug("Read from key file %.200s failed: %.100s", filename,
Damien Miller0bc1bd82000-11-13 22:57:25 +1100334 strerror(errno));
Damien Miller95def091999-11-25 00:26:21 +1100335 buffer_free(&buffer);
Damien Miller037a0dc1999-12-07 15:38:31 +1100336 close(fd);
Damien Miller95def091999-11-25 00:26:21 +1100337 return 0;
338 }
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000339
Ben Lindstrom1170d712001-01-29 07:51:26 +0000340 /* Check that it is at least big enough to contain the ID string. */
341 if (len < sizeof(authfile_id_string)) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100342 debug3("Bad RSA1 key file %.200s.", filename);
Damien Miller95def091999-11-25 00:26:21 +1100343 buffer_free(&buffer);
Ben Lindstromb257cca2001-03-05 04:59:27 +0000344 close(fd);
Damien Miller95def091999-11-25 00:26:21 +1100345 return 0;
346 }
Damien Miller5428f641999-11-25 11:54:57 +1100347 /*
348 * Make sure it begins with the id string. Consume the id string
349 * from the buffer.
350 */
Ben Lindstrom1170d712001-01-29 07:51:26 +0000351 for (i = 0; i < sizeof(authfile_id_string); i++)
352 if (buffer_get_char(&buffer) != authfile_id_string[i]) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100353 debug3("Bad RSA1 key file %.200s.", filename);
Damien Miller95def091999-11-25 00:26:21 +1100354 buffer_free(&buffer);
Ben Lindstromb257cca2001-03-05 04:59:27 +0000355 close(fd);
Damien Miller95def091999-11-25 00:26:21 +1100356 return 0;
357 }
Ben Lindstromb257cca2001-03-05 04:59:27 +0000358
Damien Miller95def091999-11-25 00:26:21 +1100359 /* Read cipher type. */
360 cipher_type = buffer_get_char(&buffer);
361 (void) buffer_get_int(&buffer); /* Reserved data. */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000362
Damien Miller95def091999-11-25 00:26:21 +1100363 /* Read the public key from the buffer. */
364 buffer_get_int(&buffer);
365 prv->n = BN_new();
366 buffer_get_bignum(&buffer, prv->n);
367 prv->e = BN_new();
368 buffer_get_bignum(&buffer, prv->e);
369 if (comment_return)
370 *comment_return = buffer_get_string(&buffer, NULL);
371 else
372 xfree(buffer_get_string(&buffer, NULL));
373
374 /* Check that it is a supported cipher. */
Damien Miller874d77b2000-10-14 16:23:11 +1100375 cipher = cipher_by_number(cipher_type);
376 if (cipher == NULL) {
377 debug("Unsupported cipher %d used in key file %.200s.",
378 cipher_type, filename);
Damien Miller95def091999-11-25 00:26:21 +1100379 buffer_free(&buffer);
380 goto fail;
381 }
382 /* Initialize space for decrypted data. */
383 buffer_init(&decrypted);
384 buffer_append_space(&decrypted, &cp, buffer_len(&buffer));
385
386 /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */
Damien Miller874d77b2000-10-14 16:23:11 +1100387 cipher_set_key_string(&ciphercontext, cipher, passphrase);
Ben Lindstrom46c16222000-12-22 01:43:59 +0000388 cipher_decrypt(&ciphercontext, (u_char *) cp,
389 (u_char *) buffer_ptr(&buffer), buffer_len(&buffer));
Damien Miller874d77b2000-10-14 16:23:11 +1100390 memset(&ciphercontext, 0, sizeof(ciphercontext));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000391 buffer_free(&buffer);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000392
Damien Miller95def091999-11-25 00:26:21 +1100393 check1 = buffer_get_char(&decrypted);
394 check2 = buffer_get_char(&decrypted);
395 if (check1 != buffer_get_char(&decrypted) ||
396 check2 != buffer_get_char(&decrypted)) {
397 if (strcmp(passphrase, "") != 0)
398 debug("Bad passphrase supplied for key file %.200s.", filename);
399 /* Bad passphrase. */
400 buffer_free(&decrypted);
401fail:
402 BN_clear_free(prv->n);
Damien Millereba71ba2000-04-29 23:57:08 +1000403 prv->n = NULL;
Damien Miller95def091999-11-25 00:26:21 +1100404 BN_clear_free(prv->e);
Damien Millereba71ba2000-04-29 23:57:08 +1000405 prv->e = NULL;
Damien Miller95def091999-11-25 00:26:21 +1100406 if (comment_return)
407 xfree(*comment_return);
Ben Lindstromb257cca2001-03-05 04:59:27 +0000408 close(fd);
Damien Miller95def091999-11-25 00:26:21 +1100409 return 0;
410 }
411 /* Read the rest of the private key. */
412 prv->d = BN_new();
413 buffer_get_bignum(&decrypted, prv->d);
414 prv->iqmp = BN_new();
415 buffer_get_bignum(&decrypted, prv->iqmp); /* u */
416 /* in SSL and SSH p and q are exchanged */
417 prv->q = BN_new();
418 buffer_get_bignum(&decrypted, prv->q); /* p */
419 prv->p = BN_new();
420 buffer_get_bignum(&decrypted, prv->p); /* q */
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000421
Damien Miller95def091999-11-25 00:26:21 +1100422 ctx = BN_CTX_new();
423 aux = BN_new();
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000424
Damien Miller95def091999-11-25 00:26:21 +1100425 BN_sub(aux, prv->q, BN_value_one());
426 prv->dmq1 = BN_new();
427 BN_mod(prv->dmq1, prv->d, aux, ctx);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000428
Damien Miller95def091999-11-25 00:26:21 +1100429 BN_sub(aux, prv->p, BN_value_one());
430 prv->dmp1 = BN_new();
431 BN_mod(prv->dmp1, prv->d, aux, ctx);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000432
Damien Miller95def091999-11-25 00:26:21 +1100433 BN_clear_free(aux);
434 BN_CTX_free(ctx);
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000435
Damien Miller95def091999-11-25 00:26:21 +1100436 buffer_free(&decrypted);
Ben Lindstromb257cca2001-03-05 04:59:27 +0000437 close(fd);
Damien Miller95def091999-11-25 00:26:21 +1100438 return 1;
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000439}
Damien Millereba71ba2000-04-29 23:57:08 +1000440
441int
Damien Miller0bc1bd82000-11-13 22:57:25 +1100442load_private_key_ssh2(int fd, const char *passphrase, Key *k, char **comment_return)
Damien Millereba71ba2000-04-29 23:57:08 +1000443{
Damien Millereba71ba2000-04-29 23:57:08 +1000444 FILE *fp;
Damien Miller0bc1bd82000-11-13 22:57:25 +1100445 int success = 0;
446 EVP_PKEY *pk = NULL;
447 char *name = "<no key>";
Damien Millereba71ba2000-04-29 23:57:08 +1000448
Damien Millereba71ba2000-04-29 23:57:08 +1000449 fp = fdopen(fd, "r");
450 if (fp == NULL) {
451 error("fdopen failed");
Ben Lindstromb257cca2001-03-05 04:59:27 +0000452 close(fd);
Damien Millereba71ba2000-04-29 23:57:08 +1000453 return 0;
454 }
Damien Miller0bc1bd82000-11-13 22:57:25 +1100455 pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
456 if (pk == NULL) {
457 debug("PEM_read_PrivateKey failed");
458 (void)ERR_get_error();
459 } else if (pk->type == EVP_PKEY_RSA) {
460 /* replace k->rsa with loaded key */
461 if (k->type == KEY_RSA || k->type == KEY_UNSPEC) {
462 if (k->rsa != NULL)
463 RSA_free(k->rsa);
464 k->rsa = EVP_PKEY_get1_RSA(pk);
465 k->type = KEY_RSA;
466 name = "rsa w/o comment";
467 success = 1;
468#ifdef DEBUG_PK
469 RSA_print_fp(stderr, k->rsa, 8);
Damien Millereba71ba2000-04-29 23:57:08 +1000470#endif
Damien Miller0bc1bd82000-11-13 22:57:25 +1100471 }
472 } else if (pk->type == EVP_PKEY_DSA) {
473 /* replace k->dsa with loaded key */
474 if (k->type == KEY_DSA || k->type == KEY_UNSPEC) {
475 if (k->dsa != NULL)
476 DSA_free(k->dsa);
477 k->dsa = EVP_PKEY_get1_DSA(pk);
478 k->type = KEY_DSA;
479 name = "dsa w/o comment";
480#ifdef DEBUG_PK
481 DSA_print_fp(stderr, k->dsa, 8);
482#endif
483 success = 1;
484 }
485 } else {
486 error("PEM_read_PrivateKey: mismatch or "
487 "unknown EVP_PKEY save_type %d", pk->save_type);
488 }
489 fclose(fp);
490 if (pk != NULL)
491 EVP_PKEY_free(pk);
492 if (success && comment_return)
493 *comment_return = xstrdup(name);
494 debug("read SSH2 private key done: name %s success %d", name, success);
495 return success;
Damien Millereba71ba2000-04-29 23:57:08 +1000496}
497
498int
499load_private_key(const char *filename, const char *passphrase, Key *key,
500 char **comment_return)
501{
502 int fd;
503 int ret = 0;
504 struct stat st;
505
506 fd = open(filename, O_RDONLY);
507 if (fd < 0)
508 return 0;
509
Damien Millercb5e44a2000-09-29 12:12:36 +1100510 /* check owner and modes */
Damien Millerb70b61f2000-09-16 16:25:12 +1100511#ifdef HAVE_CYGWIN
Damien Millercb5e44a2000-09-29 12:12:36 +1100512 if (check_ntsec(filename))
Damien Millerb70b61f2000-09-16 16:25:12 +1100513#endif
Damien Millereba71ba2000-04-29 23:57:08 +1000514 if (fstat(fd, &st) < 0 ||
Ben Lindstrom46c16222000-12-22 01:43:59 +0000515 (st.st_uid != 0 && getuid() != 0 && st.st_uid != getuid()) ||
Damien Millereba71ba2000-04-29 23:57:08 +1000516 (st.st_mode & 077) != 0) {
517 close(fd);
518 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
519 error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
520 error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
521 error("Bad ownership or mode(0%3.3o) for '%s'.",
Ben Lindstromb257cca2001-03-05 04:59:27 +0000522 st.st_mode & 0777, filename);
Damien Millereba71ba2000-04-29 23:57:08 +1000523 error("It is recommended that your private key files are NOT accessible by others.");
524 return 0;
525 }
526 switch (key->type) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100527 case KEY_RSA1:
Damien Millereba71ba2000-04-29 23:57:08 +1000528 if (key->rsa->e != NULL) {
529 BN_clear_free(key->rsa->e);
530 key->rsa->e = NULL;
531 }
532 if (key->rsa->n != NULL) {
533 BN_clear_free(key->rsa->n);
534 key->rsa->n = NULL;
535 }
Damien Miller0bc1bd82000-11-13 22:57:25 +1100536 ret = load_private_key_rsa1(fd, filename, passphrase,
Ben Lindstromb257cca2001-03-05 04:59:27 +0000537 key->rsa, comment_return); /* closes fd */
538
Damien Millereba71ba2000-04-29 23:57:08 +1000539 break;
540 case KEY_DSA:
Damien Miller0bc1bd82000-11-13 22:57:25 +1100541 case KEY_RSA:
542 case KEY_UNSPEC:
Ben Lindstromb257cca2001-03-05 04:59:27 +0000543 ret = load_private_key_ssh2(fd, passphrase, key,
544 comment_return); /* closes fd */
545 break;
Damien Millereba71ba2000-04-29 23:57:08 +1000546 default:
Ben Lindstromb257cca2001-03-05 04:59:27 +0000547 close(fd);
Damien Millereba71ba2000-04-29 23:57:08 +1000548 break;
549 }
Damien Millereba71ba2000-04-29 23:57:08 +1000550 return ret;
551}
Damien Millere4340be2000-09-16 13:29:08 +1100552
553int
554do_load_public_key(const char *filename, Key *k, char **commentp)
555{
556 FILE *f;
Damien Millere4340be2000-09-16 13:29:08 +1100557 char line[1024];
558 char *cp;
559
560 f = fopen(filename, "r");
561 if (f != NULL) {
562 while (fgets(line, sizeof(line), f)) {
563 line[sizeof(line)-1] = '\0';
564 cp = line;
565 switch(*cp){
566 case '#':
567 case '\n':
568 case '\0':
569 continue;
570 }
571 /* Skip leading whitespace. */
572 for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
573 ;
574 if (*cp) {
Damien Miller0bc1bd82000-11-13 22:57:25 +1100575 if (key_read(k, &cp) == 1) {
Damien Millere4340be2000-09-16 13:29:08 +1100576 if (commentp)
577 *commentp=xstrdup(filename);
578 fclose(f);
579 return 1;
580 }
581 }
582 }
583 fclose(f);
584 }
585 return 0;
586}
587
588/* load public key from pubkey file */
589int
590try_load_public_key(const char *filename, Key *k, char **commentp)
591{
592 char pub[MAXPATHLEN];
593
594 if (do_load_public_key(filename, k, commentp) == 1)
595 return 1;
596 if (strlcpy(pub, filename, sizeof pub) >= MAXPATHLEN)
597 return 0;
598 if (strlcat(pub, ".pub", sizeof pub) >= MAXPATHLEN)
599 return 0;
600 if (do_load_public_key(pub, k, commentp) == 1)
601 return 1;
602 return 0;
603}