3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * As far as I am concerned, the code I have written for this software
6 * can be used freely for any purpose. Any derived versions of this
7 * software must be clearly marked as such, and if the derived work is
8 * incompatible with the protocol description in the RFC file, it must be
9 * called by a name other than "ssh" or "Secure Shell".
12 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright
20 * notice, this list of conditions and the following disclaimer in the
21 * documentation and/or other materials provided with the distribution.
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 RCSID("$OpenBSD: key.c,v 1.57 2004/10/29 23:57:05 djm Exp $");
37 #include <openssl/evp.h>
53 k
= xmalloc(sizeof(*k
));
61 if ((rsa
= RSA_new()) == NULL
)
62 fatal("key_new: RSA_new failed");
63 if ((rsa
->n
= BN_new()) == NULL
)
64 fatal("key_new: BN_new failed");
65 if ((rsa
->e
= BN_new()) == NULL
)
66 fatal("key_new: BN_new failed");
70 if ((dsa
= DSA_new()) == NULL
)
71 fatal("key_new: DSA_new failed");
72 if ((dsa
->p
= BN_new()) == NULL
)
73 fatal("key_new: BN_new failed");
74 if ((dsa
->q
= BN_new()) == NULL
)
75 fatal("key_new: BN_new failed");
76 if ((dsa
->g
= BN_new()) == NULL
)
77 fatal("key_new: BN_new failed");
78 if ((dsa
->pub_key
= BN_new()) == NULL
)
79 fatal("key_new: BN_new failed");
85 fatal("key_new: bad key type %d", k
->type
);
92 key_new_private(int type
)
94 Key
*k
= key_new(type
);
98 if ((k
->rsa
->d
= BN_new()) == NULL
)
99 fatal("key_new_private: BN_new failed");
100 if ((k
->rsa
->iqmp
= BN_new()) == NULL
)
101 fatal("key_new_private: BN_new failed");
102 if ((k
->rsa
->q
= BN_new()) == NULL
)
103 fatal("key_new_private: BN_new failed");
104 if ((k
->rsa
->p
= BN_new()) == NULL
)
105 fatal("key_new_private: BN_new failed");
106 if ((k
->rsa
->dmq1
= BN_new()) == NULL
)
107 fatal("key_new_private: BN_new failed");
108 if ((k
->rsa
->dmp1
= BN_new()) == NULL
)
109 fatal("key_new_private: BN_new failed");
112 if ((k
->dsa
->priv_key
= BN_new()) == NULL
)
113 fatal("key_new_private: BN_new failed");
141 fatal("key_free: bad key type %d", k
->type
);
148 key_equal(const Key
*a
, const Key
*b
)
150 if (a
== NULL
|| b
== NULL
|| a
->type
!= b
->type
)
155 return a
->rsa
!= NULL
&& b
->rsa
!= NULL
&&
156 BN_cmp(a
->rsa
->e
, b
->rsa
->e
) == 0 &&
157 BN_cmp(a
->rsa
->n
, b
->rsa
->n
) == 0;
160 return a
->dsa
!= NULL
&& b
->dsa
!= NULL
&&
161 BN_cmp(a
->dsa
->p
, b
->dsa
->p
) == 0 &&
162 BN_cmp(a
->dsa
->q
, b
->dsa
->q
) == 0 &&
163 BN_cmp(a
->dsa
->g
, b
->dsa
->g
) == 0 &&
164 BN_cmp(a
->dsa
->pub_key
, b
->dsa
->pub_key
) == 0;
167 fatal("key_equal: bad key type %d", a
->type
);
174 key_fingerprint_raw(const Key
*k
, enum fp_type dgst_type
,
175 u_int
*dgst_raw_length
)
177 const EVP_MD
*md
= NULL
;
180 u_char
*retval
= NULL
;
184 *dgst_raw_length
= 0;
194 fatal("key_fingerprint_raw: bad digest type %d",
199 nlen
= BN_num_bytes(k
->rsa
->n
);
200 elen
= BN_num_bytes(k
->rsa
->e
);
203 BN_bn2bin(k
->rsa
->n
, blob
);
204 BN_bn2bin(k
->rsa
->e
, blob
+ nlen
);
208 key_to_blob(k
, &blob
, &len
);
214 fatal("key_fingerprint_raw: bad key type %d", k
->type
);
218 retval
= xmalloc(EVP_MAX_MD_SIZE
);
219 EVP_DigestInit(&ctx
, md
);
220 EVP_DigestUpdate(&ctx
, blob
, len
);
221 EVP_DigestFinal(&ctx
, retval
, dgst_raw_length
);
222 memset(blob
, 0, len
);
225 fatal("key_fingerprint_raw: blob is null");
231 key_fingerprint_hex(u_char
*dgst_raw
, u_int dgst_raw_len
)
236 retval
= xmalloc(dgst_raw_len
* 3 + 1);
238 for (i
= 0; i
< dgst_raw_len
; i
++) {
240 snprintf(hex
, sizeof(hex
), "%02x:", dgst_raw
[i
]);
241 strlcat(retval
, hex
, dgst_raw_len
* 3 + 1);
244 /* Remove the trailing ':' character */
245 retval
[(dgst_raw_len
* 3) - 1] = '\0';
250 key_fingerprint_bubblebabble(u_char
*dgst_raw
, u_int dgst_raw_len
)
252 char vowels
[] = { 'a', 'e', 'i', 'o', 'u', 'y' };
253 char consonants
[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm',
254 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' };
255 u_int i
, j
= 0, rounds
, seed
= 1;
258 rounds
= (dgst_raw_len
/ 2) + 1;
259 retval
= xmalloc(sizeof(char) * (rounds
*6));
261 for (i
= 0; i
< rounds
; i
++) {
262 u_int idx0
, idx1
, idx2
, idx3
, idx4
;
263 if ((i
+ 1 < rounds
) || (dgst_raw_len
% 2 != 0)) {
264 idx0
= (((((u_int
)(dgst_raw
[2 * i
])) >> 6) & 3) +
266 idx1
= (((u_int
)(dgst_raw
[2 * i
])) >> 2) & 15;
267 idx2
= ((((u_int
)(dgst_raw
[2 * i
])) & 3) +
269 retval
[j
++] = vowels
[idx0
];
270 retval
[j
++] = consonants
[idx1
];
271 retval
[j
++] = vowels
[idx2
];
272 if ((i
+ 1) < rounds
) {
273 idx3
= (((u_int
)(dgst_raw
[(2 * i
) + 1])) >> 4) & 15;
274 idx4
= (((u_int
)(dgst_raw
[(2 * i
) + 1]))) & 15;
275 retval
[j
++] = consonants
[idx3
];
277 retval
[j
++] = consonants
[idx4
];
279 ((((u_int
)(dgst_raw
[2 * i
])) * 7) +
280 ((u_int
)(dgst_raw
[(2 * i
) + 1])))) % 36;
286 retval
[j
++] = vowels
[idx0
];
287 retval
[j
++] = consonants
[idx1
];
288 retval
[j
++] = vowels
[idx2
];
297 key_fingerprint(const Key
*k
, enum fp_type dgst_type
, enum fp_rep dgst_rep
)
303 dgst_raw
= key_fingerprint_raw(k
, dgst_type
, &dgst_raw_len
);
305 fatal("key_fingerprint: null from key_fingerprint_raw()");
308 retval
= key_fingerprint_hex(dgst_raw
, dgst_raw_len
);
310 case SSH_FP_BUBBLEBABBLE
:
311 retval
= key_fingerprint_bubblebabble(dgst_raw
, dgst_raw_len
);
314 fatal("key_fingerprint_ex: bad digest representation %d",
318 memset(dgst_raw
, 0, dgst_raw_len
);
324 * Reads a multiple-precision integer in decimal from the buffer, and advances
325 * the pointer. The integer must already be initialized. This function is
326 * permitted to modify the buffer. This leaves *cpp to point just beyond the
327 * last processed (and maybe modified) character. Note that this may modify
328 * the buffer containing the number.
331 read_bignum(char **cpp
, BIGNUM
* value
)
336 /* Skip any leading whitespace. */
337 for (; *cp
== ' ' || *cp
== '\t'; cp
++)
340 /* Check that it begins with a decimal digit. */
341 if (*cp
< '0' || *cp
> '9')
344 /* Save starting position. */
347 /* Move forward until all decimal digits skipped. */
348 for (; *cp
>= '0' && *cp
<= '9'; cp
++)
351 /* Save the old terminating character, and replace it by \0. */
355 /* Parse the number. */
356 if (BN_dec2bn(&value
, *cpp
) == 0)
359 /* Restore old terminating character. */
362 /* Move beyond the number and return success. */
368 write_bignum(FILE *f
, BIGNUM
*num
)
370 char *buf
= BN_bn2dec(num
);
372 error("write_bignum: BN_bn2dec() failed");
375 fprintf(f
, " %s", buf
);
380 /* returns 1 ok, -1 error */
382 key_read(Key
*ret
, char **cpp
)
395 /* Get number of bits. */
396 if (*cp
< '0' || *cp
> '9')
397 return -1; /* Bad bit count... */
398 for (bits
= 0; *cp
>= '0' && *cp
<= '9'; cp
++)
399 bits
= 10 * bits
+ *cp
- '0';
403 /* Get public exponent, public modulus. */
404 if (!read_bignum(cpp
, ret
->rsa
->e
))
406 if (!read_bignum(cpp
, ret
->rsa
->n
))
413 space
= strchr(cp
, ' ');
415 debug3("key_read: missing whitespace");
419 type
= key_type_from_name(cp
);
421 if (type
== KEY_UNSPEC
) {
422 debug3("key_read: missing keytype");
427 debug3("key_read: short string");
430 if (ret
->type
== KEY_UNSPEC
) {
432 } else if (ret
->type
!= type
) {
433 /* is a key, but different type */
434 debug3("key_read: type mismatch");
439 n
= uudecode(cp
, blob
, len
);
441 error("key_read: uudecode %s failed", cp
);
445 k
= key_from_blob(blob
, (u_int
)n
);
448 error("key_read: key_from_blob %s failed", cp
);
451 if (k
->type
!= type
) {
452 error("key_read: type mismatch: encoding error");
457 if (ret
->type
== KEY_RSA
) {
458 if (ret
->rsa
!= NULL
)
464 RSA_print_fp(stderr
, ret
->rsa
, 8);
467 if (ret
->dsa
!= NULL
)
473 DSA_print_fp(stderr
, ret
->dsa
, 8);
480 /* advance cp: skip whitespace and data */
481 while (*cp
== ' ' || *cp
== '\t')
483 while (*cp
!= '\0' && *cp
!= ' ' && *cp
!= '\t')
488 fatal("key_read: bad key type: %d", ret
->type
);
495 key_write(const Key
*key
, FILE *f
)
502 if (key
->type
== KEY_RSA1
&& key
->rsa
!= NULL
) {
503 /* size of modulus 'n' */
504 bits
= BN_num_bits(key
->rsa
->n
);
505 fprintf(f
, "%u", bits
);
506 if (write_bignum(f
, key
->rsa
->e
) &&
507 write_bignum(f
, key
->rsa
->n
)) {
510 error("key_write: failed for RSA key");
512 } else if ((key
->type
== KEY_DSA
&& key
->dsa
!= NULL
) ||
513 (key
->type
== KEY_RSA
&& key
->rsa
!= NULL
)) {
514 key_to_blob(key
, &blob
, &len
);
516 n
= uuencode(blob
, len
, uu
, 2*len
);
518 fprintf(f
, "%s %s", key_ssh_name(key
), uu
);
528 key_type(const Key
*k
)
545 key_ssh_name(const Key
*k
)
555 return "ssh-unknown";
559 key_size(const Key
*k
)
564 return BN_num_bits(k
->rsa
->n
);
567 return BN_num_bits(k
->dsa
->p
);
574 rsa_generate_private_key(u_int bits
)
577 private = RSA_generate_key(bits
, 35, NULL
, NULL
);
579 fatal("rsa_generate_private_key: key generation failed.");
584 dsa_generate_private_key(u_int bits
)
586 DSA
*private = DSA_generate_parameters(bits
, NULL
, 0, NULL
, NULL
, NULL
, NULL
);
588 fatal("dsa_generate_private_key: DSA_generate_parameters failed");
589 if (!DSA_generate_key(private))
590 fatal("dsa_generate_private_key: DSA_generate_key failed.");
592 fatal("dsa_generate_private_key: NULL.");
597 key_generate(int type
, u_int bits
)
599 Key
*k
= key_new(KEY_UNSPEC
);
602 k
->dsa
= dsa_generate_private_key(bits
);
606 k
->rsa
= rsa_generate_private_key(bits
);
609 fatal("key_generate: unknown type %d", type
);
616 key_from_private(const Key
*k
)
621 n
= key_new(k
->type
);
622 BN_copy(n
->dsa
->p
, k
->dsa
->p
);
623 BN_copy(n
->dsa
->q
, k
->dsa
->q
);
624 BN_copy(n
->dsa
->g
, k
->dsa
->g
);
625 BN_copy(n
->dsa
->pub_key
, k
->dsa
->pub_key
);
629 n
= key_new(k
->type
);
630 BN_copy(n
->rsa
->n
, k
->rsa
->n
);
631 BN_copy(n
->rsa
->e
, k
->rsa
->e
);
634 fatal("key_from_private: unknown type %d", k
->type
);
641 key_type_from_name(char *name
)
643 if (strcmp(name
, "rsa1") == 0) {
645 } else if (strcmp(name
, "rsa") == 0) {
647 } else if (strcmp(name
, "dsa") == 0) {
649 } else if (strcmp(name
, "ssh-rsa") == 0) {
651 } else if (strcmp(name
, "ssh-dss") == 0) {
654 debug2("key_type_from_name: unknown key type '%s'", name
);
659 key_names_valid2(const char *names
)
663 if (names
== NULL
|| strcmp(names
, "") == 0)
665 s
= cp
= xstrdup(names
);
666 for ((p
= strsep(&cp
, ",")); p
&& *p
!= '\0';
667 (p
= strsep(&cp
, ","))) {
668 switch (key_type_from_name(p
)) {
675 debug3("key names ok: [%s]", names
);
681 key_from_blob(const u_char
*blob
, u_int blen
)
689 dump_base64(stderr
, blob
, blen
);
692 buffer_append(&b
, blob
, blen
);
693 if ((ktype
= buffer_get_string_ret(&b
, NULL
)) == NULL
) {
694 error("key_from_blob: can't read key type");
698 type
= key_type_from_name(ktype
);
703 if (buffer_get_bignum2_ret(&b
, key
->rsa
->e
) == -1 ||
704 buffer_get_bignum2_ret(&b
, key
->rsa
->n
) == -1) {
705 error("key_from_blob: can't read rsa key");
711 RSA_print_fp(stderr
, key
->rsa
, 8);
716 if (buffer_get_bignum2_ret(&b
, key
->dsa
->p
) == -1 ||
717 buffer_get_bignum2_ret(&b
, key
->dsa
->q
) == -1 ||
718 buffer_get_bignum2_ret(&b
, key
->dsa
->g
) == -1 ||
719 buffer_get_bignum2_ret(&b
, key
->dsa
->pub_key
) == -1) {
720 error("key_from_blob: can't read dsa key");
726 DSA_print_fp(stderr
, key
->dsa
, 8);
733 error("key_from_blob: cannot handle type %s", ktype
);
736 rlen
= buffer_len(&b
);
737 if (key
!= NULL
&& rlen
!= 0)
738 error("key_from_blob: remaining bytes in key blob %d", rlen
);
747 key_to_blob(const Key
*key
, u_char
**blobp
, u_int
*lenp
)
753 error("key_to_blob: key == NULL");
759 buffer_put_cstring(&b
, key_ssh_name(key
));
760 buffer_put_bignum2(&b
, key
->dsa
->p
);
761 buffer_put_bignum2(&b
, key
->dsa
->q
);
762 buffer_put_bignum2(&b
, key
->dsa
->g
);
763 buffer_put_bignum2(&b
, key
->dsa
->pub_key
);
766 buffer_put_cstring(&b
, key_ssh_name(key
));
767 buffer_put_bignum2(&b
, key
->rsa
->e
);
768 buffer_put_bignum2(&b
, key
->rsa
->n
);
771 error("key_to_blob: unsupported key type %d", key
->type
);
775 len
= buffer_len(&b
);
779 *blobp
= xmalloc(len
);
780 memcpy(*blobp
, buffer_ptr(&b
), len
);
782 memset(buffer_ptr(&b
), 0, len
);
790 u_char
**sigp
, u_int
*lenp
,
791 const u_char
*data
, u_int datalen
)
795 return ssh_dss_sign(key
, sigp
, lenp
, data
, datalen
);
798 return ssh_rsa_sign(key
, sigp
, lenp
, data
, datalen
);
801 error("key_sign: invalid key type %d", key
->type
);
808 * key_verify returns 1 for a correct signature, 0 for an incorrect signature
814 const u_char
*signature
, u_int signaturelen
,
815 const u_char
*data
, u_int datalen
)
817 if (signaturelen
== 0)
822 return ssh_dss_verify(key
, signature
, signaturelen
, data
, datalen
);
825 return ssh_rsa_verify(key
, signature
, signaturelen
, data
, datalen
);
828 error("key_verify: invalid key type %d", key
->type
);
834 /* Converts a private to a public key */
836 key_demote(const Key
*k
)
840 pk
= xmalloc(sizeof(*pk
));
842 pk
->flags
= k
->flags
;
849 if ((pk
->rsa
= RSA_new()) == NULL
)
850 fatal("key_demote: RSA_new failed");
851 if ((pk
->rsa
->e
= BN_dup(k
->rsa
->e
)) == NULL
)
852 fatal("key_demote: BN_dup failed");
853 if ((pk
->rsa
->n
= BN_dup(k
->rsa
->n
)) == NULL
)
854 fatal("key_demote: BN_dup failed");
857 if ((pk
->dsa
= DSA_new()) == NULL
)
858 fatal("key_demote: DSA_new failed");
859 if ((pk
->dsa
->p
= BN_dup(k
->dsa
->p
)) == NULL
)
860 fatal("key_demote: BN_dup failed");
861 if ((pk
->dsa
->q
= BN_dup(k
->dsa
->q
)) == NULL
)
862 fatal("key_demote: BN_dup failed");
863 if ((pk
->dsa
->g
= BN_dup(k
->dsa
->g
)) == NULL
)
864 fatal("key_demote: BN_dup failed");
865 if ((pk
->dsa
->pub_key
= BN_dup(k
->dsa
->pub_key
)) == NULL
)
866 fatal("key_demote: BN_dup failed");
869 fatal("key_free: bad key type %d", k
->type
);
