1 /* $OpenBSD: key.c,v 1.69 2007/07/12 05:48:05 ray Exp $ */
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6 * As far as I am concerned, the code I have written for this software
7 * can be used freely for any purpose. Any derived versions of this
8 * software must be clearly marked as such, and if the derived work is
9 * incompatible with the protocol description in the RFC file, it must be
10 * called by a name other than "ssh" or "Secure Shell".
13 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
24 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
25 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
26 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
27 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
28 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
29 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
30 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
31 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
38 #include <sys/types.h>
40 #include <openssl/evp.h>
59 k
= xcalloc(1, sizeof(*k
));
66 if ((rsa
= RSA_new()) == NULL
)
67 fatal("key_new: RSA_new failed");
68 if ((rsa
->n
= BN_new()) == NULL
)
69 fatal("key_new: BN_new failed");
70 if ((rsa
->e
= BN_new()) == NULL
)
71 fatal("key_new: BN_new failed");
75 if ((dsa
= DSA_new()) == NULL
)
76 fatal("key_new: DSA_new failed");
77 if ((dsa
->p
= BN_new()) == NULL
)
78 fatal("key_new: BN_new failed");
79 if ((dsa
->q
= BN_new()) == NULL
)
80 fatal("key_new: BN_new failed");
81 if ((dsa
->g
= BN_new()) == NULL
)
82 fatal("key_new: BN_new failed");
83 if ((dsa
->pub_key
= BN_new()) == NULL
)
84 fatal("key_new: BN_new failed");
90 fatal("key_new: bad key type %d", k
->type
);
97 key_new_private(int type
)
99 Key
*k
= key_new(type
);
103 if ((k
->rsa
->d
= BN_new()) == NULL
)
104 fatal("key_new_private: BN_new failed");
105 if ((k
->rsa
->iqmp
= BN_new()) == NULL
)
106 fatal("key_new_private: BN_new failed");
107 if ((k
->rsa
->q
= BN_new()) == NULL
)
108 fatal("key_new_private: BN_new failed");
109 if ((k
->rsa
->p
= BN_new()) == NULL
)
110 fatal("key_new_private: BN_new failed");
111 if ((k
->rsa
->dmq1
= BN_new()) == NULL
)
112 fatal("key_new_private: BN_new failed");
113 if ((k
->rsa
->dmp1
= BN_new()) == NULL
)
114 fatal("key_new_private: BN_new failed");
117 if ((k
->dsa
->priv_key
= BN_new()) == NULL
)
118 fatal("key_new_private: BN_new failed");
132 fatal("key_free: key is NULL");
148 fatal("key_free: bad key type %d", k
->type
);
155 key_equal(const Key
*a
, const Key
*b
)
157 if (a
== NULL
|| b
== NULL
|| a
->type
!= b
->type
)
162 return a
->rsa
!= NULL
&& b
->rsa
!= NULL
&&
163 BN_cmp(a
->rsa
->e
, b
->rsa
->e
) == 0 &&
164 BN_cmp(a
->rsa
->n
, b
->rsa
->n
) == 0;
166 return a
->dsa
!= NULL
&& b
->dsa
!= NULL
&&
167 BN_cmp(a
->dsa
->p
, b
->dsa
->p
) == 0 &&
168 BN_cmp(a
->dsa
->q
, b
->dsa
->q
) == 0 &&
169 BN_cmp(a
->dsa
->g
, b
->dsa
->g
) == 0 &&
170 BN_cmp(a
->dsa
->pub_key
, b
->dsa
->pub_key
) == 0;
172 fatal("key_equal: bad key type %d", a
->type
);
177 key_fingerprint_raw(const Key
*k
, enum fp_type dgst_type
,
178 u_int
*dgst_raw_length
)
180 const EVP_MD
*md
= NULL
;
183 u_char
*retval
= NULL
;
187 *dgst_raw_length
= 0;
197 fatal("key_fingerprint_raw: bad digest type %d",
202 nlen
= BN_num_bytes(k
->rsa
->n
);
203 elen
= BN_num_bytes(k
->rsa
->e
);
206 BN_bn2bin(k
->rsa
->n
, blob
);
207 BN_bn2bin(k
->rsa
->e
, blob
+ nlen
);
211 key_to_blob(k
, &blob
, &len
);
216 fatal("key_fingerprint_raw: bad key type %d", k
->type
);
220 retval
= xmalloc(EVP_MAX_MD_SIZE
);
221 EVP_DigestInit(&ctx
, md
);
222 EVP_DigestUpdate(&ctx
, blob
, len
);
223 EVP_DigestFinal(&ctx
, retval
, dgst_raw_length
);
224 memset(blob
, 0, len
);
227 fatal("key_fingerprint_raw: blob is null");
233 key_fingerprint_hex(u_char
*dgst_raw
, u_int dgst_raw_len
)
238 retval
= xcalloc(1, dgst_raw_len
* 3 + 1);
239 for (i
= 0; i
< dgst_raw_len
; i
++) {
241 snprintf(hex
, sizeof(hex
), "%02x:", dgst_raw
[i
]);
242 strlcat(retval
, hex
, dgst_raw_len
* 3 + 1);
245 /* Remove the trailing ':' character */
246 retval
[(dgst_raw_len
* 3) - 1] = '\0';
251 key_fingerprint_bubblebabble(u_char
*dgst_raw
, u_int dgst_raw_len
)
253 char vowels
[] = { 'a', 'e', 'i', 'o', 'u', 'y' };
254 char consonants
[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm',
255 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' };
256 u_int i
, j
= 0, rounds
, seed
= 1;
259 rounds
= (dgst_raw_len
/ 2) + 1;
260 retval
= xcalloc((rounds
* 6), sizeof(char));
262 for (i
= 0; i
< rounds
; i
++) {
263 u_int idx0
, idx1
, idx2
, idx3
, idx4
;
264 if ((i
+ 1 < rounds
) || (dgst_raw_len
% 2 != 0)) {
265 idx0
= (((((u_int
)(dgst_raw
[2 * i
])) >> 6) & 3) +
267 idx1
= (((u_int
)(dgst_raw
[2 * i
])) >> 2) & 15;
268 idx2
= ((((u_int
)(dgst_raw
[2 * i
])) & 3) +
270 retval
[j
++] = vowels
[idx0
];
271 retval
[j
++] = consonants
[idx1
];
272 retval
[j
++] = vowels
[idx2
];
273 if ((i
+ 1) < rounds
) {
274 idx3
= (((u_int
)(dgst_raw
[(2 * i
) + 1])) >> 4) & 15;
275 idx4
= (((u_int
)(dgst_raw
[(2 * i
) + 1]))) & 15;
276 retval
[j
++] = consonants
[idx3
];
278 retval
[j
++] = consonants
[idx4
];
280 ((((u_int
)(dgst_raw
[2 * i
])) * 7) +
281 ((u_int
)(dgst_raw
[(2 * i
) + 1])))) % 36;
287 retval
[j
++] = vowels
[idx0
];
288 retval
[j
++] = consonants
[idx1
];
289 retval
[j
++] = vowels
[idx2
];
298 key_fingerprint(const Key
*k
, enum fp_type dgst_type
, enum fp_rep dgst_rep
)
304 dgst_raw
= key_fingerprint_raw(k
, dgst_type
, &dgst_raw_len
);
306 fatal("key_fingerprint: null from key_fingerprint_raw()");
309 retval
= key_fingerprint_hex(dgst_raw
, dgst_raw_len
);
311 case SSH_FP_BUBBLEBABBLE
:
312 retval
= key_fingerprint_bubblebabble(dgst_raw
, dgst_raw_len
);
315 fatal("key_fingerprint_ex: bad digest representation %d",
319 memset(dgst_raw
, 0, dgst_raw_len
);
325 * Reads a multiple-precision integer in decimal from the buffer, and advances
326 * the pointer. The integer must already be initialized. This function is
327 * permitted to modify the buffer. This leaves *cpp to point just beyond the
328 * last processed (and maybe modified) character. Note that this may modify
329 * the buffer containing the number.
332 read_bignum(char **cpp
, BIGNUM
* value
)
337 /* Skip any leading whitespace. */
338 for (; *cp
== ' ' || *cp
== '\t'; cp
++)
341 /* Check that it begins with a decimal digit. */
342 if (*cp
< '0' || *cp
> '9')
345 /* Save starting position. */
348 /* Move forward until all decimal digits skipped. */
349 for (; *cp
>= '0' && *cp
<= '9'; cp
++)
352 /* Save the old terminating character, and replace it by \0. */
356 /* Parse the number. */
357 if (BN_dec2bn(&value
, *cpp
) == 0)
360 /* Restore old terminating character. */
363 /* Move beyond the number and return success. */
369 write_bignum(FILE *f
, BIGNUM
*num
)
371 char *buf
= BN_bn2dec(num
);
373 error("write_bignum: BN_bn2dec() failed");
376 fprintf(f
, " %s", buf
);
381 /* returns 1 ok, -1 error */
383 key_read(Key
*ret
, char **cpp
)
396 /* Get number of bits. */
397 if (*cp
< '0' || *cp
> '9')
398 return -1; /* Bad bit count... */
399 for (bits
= 0; *cp
>= '0' && *cp
<= '9'; cp
++)
400 bits
= 10 * bits
+ *cp
- '0';
404 /* Get public exponent, public modulus. */
405 if (!read_bignum(cpp
, ret
->rsa
->e
))
407 if (!read_bignum(cpp
, ret
->rsa
->n
))
414 space
= strchr(cp
, ' ');
416 debug3("key_read: missing whitespace");
420 type
= key_type_from_name(cp
);
422 if (type
== KEY_UNSPEC
) {
423 debug3("key_read: missing keytype");
428 debug3("key_read: short string");
431 if (ret
->type
== KEY_UNSPEC
) {
433 } else if (ret
->type
!= type
) {
434 /* is a key, but different type */
435 debug3("key_read: type mismatch");
440 n
= uudecode(cp
, blob
, len
);
442 error("key_read: uudecode %s failed", cp
);
446 k
= key_from_blob(blob
, (u_int
)n
);
449 error("key_read: key_from_blob %s failed", cp
);
452 if (k
->type
!= type
) {
453 error("key_read: type mismatch: encoding error");
458 if (ret
->type
== KEY_RSA
) {
459 if (ret
->rsa
!= NULL
)
465 RSA_print_fp(stderr
, ret
->rsa
, 8);
468 if (ret
->dsa
!= NULL
)
474 DSA_print_fp(stderr
, ret
->dsa
, 8);
481 /* advance cp: skip whitespace and data */
482 while (*cp
== ' ' || *cp
== '\t')
484 while (*cp
!= '\0' && *cp
!= ' ' && *cp
!= '\t')
489 fatal("key_read: bad key type: %d", ret
->type
);
496 key_write(const Key
*key
, FILE *f
)
503 if (key
->type
== KEY_RSA1
&& key
->rsa
!= NULL
) {
504 /* size of modulus 'n' */
505 bits
= BN_num_bits(key
->rsa
->n
);
506 fprintf(f
, "%u", bits
);
507 if (write_bignum(f
, key
->rsa
->e
) &&
508 write_bignum(f
, key
->rsa
->n
)) {
511 error("key_write: failed for RSA key");
513 } else if ((key
->type
== KEY_DSA
&& key
->dsa
!= NULL
) ||
514 (key
->type
== KEY_RSA
&& key
->rsa
!= NULL
)) {
515 key_to_blob(key
, &blob
, &len
);
517 n
= uuencode(blob
, len
, uu
, 2*len
);
519 fprintf(f
, "%s %s", key_ssh_name(key
), uu
);
529 key_type(const Key
*k
)
543 key_ssh_name(const Key
*k
)
551 return "ssh-unknown";
555 key_size(const Key
*k
)
560 return BN_num_bits(k
->rsa
->n
);
562 return BN_num_bits(k
->dsa
->p
);
568 rsa_generate_private_key(u_int bits
)
572 private = RSA_generate_key(bits
, 35, NULL
, NULL
);
574 fatal("rsa_generate_private_key: key generation failed.");
579 dsa_generate_private_key(u_int bits
)
581 DSA
*private = DSA_generate_parameters(bits
, NULL
, 0, NULL
, NULL
, NULL
, NULL
);
584 fatal("dsa_generate_private_key: DSA_generate_parameters failed");
585 if (!DSA_generate_key(private))
586 fatal("dsa_generate_private_key: DSA_generate_key failed.");
588 fatal("dsa_generate_private_key: NULL.");
593 key_generate(int type
, u_int bits
)
595 Key
*k
= key_new(KEY_UNSPEC
);
598 k
->dsa
= dsa_generate_private_key(bits
);
602 k
->rsa
= rsa_generate_private_key(bits
);
605 fatal("key_generate: unknown type %d", type
);
612 key_from_private(const Key
*k
)
617 n
= key_new(k
->type
);
618 if ((BN_copy(n
->dsa
->p
, k
->dsa
->p
) == NULL
) ||
619 (BN_copy(n
->dsa
->q
, k
->dsa
->q
) == NULL
) ||
620 (BN_copy(n
->dsa
->g
, k
->dsa
->g
) == NULL
) ||
621 (BN_copy(n
->dsa
->pub_key
, k
->dsa
->pub_key
) == NULL
))
622 fatal("key_from_private: BN_copy failed");
626 n
= key_new(k
->type
);
627 if ((BN_copy(n
->rsa
->n
, k
->rsa
->n
) == NULL
) ||
628 (BN_copy(n
->rsa
->e
, k
->rsa
->e
) == NULL
))
629 fatal("key_from_private: BN_copy failed");
632 fatal("key_from_private: unknown type %d", k
->type
);
639 key_type_from_name(char *name
)
641 if (strcmp(name
, "rsa1") == 0) {
643 } else if (strcmp(name
, "rsa") == 0) {
645 } else if (strcmp(name
, "dsa") == 0) {
647 } else if (strcmp(name
, "ssh-rsa") == 0) {
649 } else if (strcmp(name
, "ssh-dss") == 0) {
652 debug2("key_type_from_name: unknown key type '%s'", name
);
657 key_names_valid2(const char *names
)
661 if (names
== NULL
|| strcmp(names
, "") == 0)
663 s
= cp
= xstrdup(names
);
664 for ((p
= strsep(&cp
, ",")); p
&& *p
!= '\0';
665 (p
= strsep(&cp
, ","))) {
666 switch (key_type_from_name(p
)) {
673 debug3("key names ok: [%s]", names
);
679 key_from_blob(const u_char
*blob
, u_int blen
)
687 dump_base64(stderr
, blob
, blen
);
690 buffer_append(&b
, blob
, blen
);
691 if ((ktype
= buffer_get_string_ret(&b
, NULL
)) == NULL
) {
692 error("key_from_blob: can't read key type");
696 type
= key_type_from_name(ktype
);
701 if (buffer_get_bignum2_ret(&b
, key
->rsa
->e
) == -1 ||
702 buffer_get_bignum2_ret(&b
, key
->rsa
->n
) == -1) {
703 error("key_from_blob: can't read rsa key");
709 RSA_print_fp(stderr
, key
->rsa
, 8);
714 if (buffer_get_bignum2_ret(&b
, key
->dsa
->p
) == -1 ||
715 buffer_get_bignum2_ret(&b
, key
->dsa
->q
) == -1 ||
716 buffer_get_bignum2_ret(&b
, key
->dsa
->g
) == -1 ||
717 buffer_get_bignum2_ret(&b
, key
->dsa
->pub_key
) == -1) {
718 error("key_from_blob: can't read dsa key");
724 DSA_print_fp(stderr
, key
->dsa
, 8);
731 error("key_from_blob: cannot handle type %s", ktype
);
734 rlen
= buffer_len(&b
);
735 if (key
!= NULL
&& rlen
!= 0)
736 error("key_from_blob: remaining bytes in key blob %d", rlen
);
745 key_to_blob(const Key
*key
, u_char
**blobp
, u_int
*lenp
)
751 error("key_to_blob: key == NULL");
757 buffer_put_cstring(&b
, key_ssh_name(key
));
758 buffer_put_bignum2(&b
, key
->dsa
->p
);
759 buffer_put_bignum2(&b
, key
->dsa
->q
);
760 buffer_put_bignum2(&b
, key
->dsa
->g
);
761 buffer_put_bignum2(&b
, key
->dsa
->pub_key
);
764 buffer_put_cstring(&b
, key_ssh_name(key
));
765 buffer_put_bignum2(&b
, key
->rsa
->e
);
766 buffer_put_bignum2(&b
, key
->rsa
->n
);
769 error("key_to_blob: unsupported key type %d", key
->type
);
773 len
= buffer_len(&b
);
777 *blobp
= xmalloc(len
);
778 memcpy(*blobp
, buffer_ptr(&b
), len
);
780 memset(buffer_ptr(&b
), 0, len
);
788 u_char
**sigp
, u_int
*lenp
,
789 const u_char
*data
, u_int datalen
)
793 return ssh_dss_sign(key
, sigp
, lenp
, data
, datalen
);
795 return ssh_rsa_sign(key
, sigp
, lenp
, data
, datalen
);
797 error("key_sign: invalid key type %d", key
->type
);
803 * key_verify returns 1 for a correct signature, 0 for an incorrect signature
809 const u_char
*signature
, u_int signaturelen
,
810 const u_char
*data
, u_int datalen
)
812 if (signaturelen
== 0)
817 return ssh_dss_verify(key
, signature
, signaturelen
, data
, datalen
);
819 return ssh_rsa_verify(key
, signature
, signaturelen
, data
, datalen
);
821 error("key_verify: invalid key type %d", key
->type
);
826 /* Converts a private to a public key */
828 key_demote(const Key
*k
)
832 pk
= xcalloc(1, sizeof(*pk
));
834 pk
->flags
= k
->flags
;
841 if ((pk
->rsa
= RSA_new()) == NULL
)
842 fatal("key_demote: RSA_new failed");
843 if ((pk
->rsa
->e
= BN_dup(k
->rsa
->e
)) == NULL
)
844 fatal("key_demote: BN_dup failed");
845 if ((pk
->rsa
->n
= BN_dup(k
->rsa
->n
)) == NULL
)
846 fatal("key_demote: BN_dup failed");
849 if ((pk
->dsa
= DSA_new()) == NULL
)
850 fatal("key_demote: DSA_new failed");
851 if ((pk
->dsa
->p
= BN_dup(k
->dsa
->p
)) == NULL
)
852 fatal("key_demote: BN_dup failed");
853 if ((pk
->dsa
->q
= BN_dup(k
->dsa
->q
)) == NULL
)
854 fatal("key_demote: BN_dup failed");
855 if ((pk
->dsa
->g
= BN_dup(k
->dsa
->g
)) == NULL
)
856 fatal("key_demote: BN_dup failed");
857 if ((pk
->dsa
->pub_key
= BN_dup(k
->dsa
->pub_key
)) == NULL
)
858 fatal("key_demote: BN_dup failed");
861 fatal("key_free: bad key type %d", k
->type
);