1 /* $OpenBSD: key.c,v 1.67 2006/08/03 03:34:42 deraadt Exp $ */
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6 * As far as I am concerned, the code I have written for this software
7 * can be used freely for any purpose. Any derived versions of this
8 * software must be clearly marked as such, and if the derived work is
9 * incompatible with the protocol description in the RFC file, it must be
10 * called by a name other than "ssh" or "Secure Shell".
13 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
24 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
25 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
26 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
27 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
28 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
29 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
30 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
31 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
38 #include <sys/types.h>
40 #include <openssl/evp.h>
59 k
= xcalloc(1, sizeof(*k
));
66 if ((rsa
= RSA_new()) == NULL
)
67 fatal("key_new: RSA_new failed");
68 if ((rsa
->n
= BN_new()) == NULL
)
69 fatal("key_new: BN_new failed");
70 if ((rsa
->e
= BN_new()) == NULL
)
71 fatal("key_new: BN_new failed");
75 if ((dsa
= DSA_new()) == NULL
)
76 fatal("key_new: DSA_new failed");
77 if ((dsa
->p
= BN_new()) == NULL
)
78 fatal("key_new: BN_new failed");
79 if ((dsa
->q
= BN_new()) == NULL
)
80 fatal("key_new: BN_new failed");
81 if ((dsa
->g
= BN_new()) == NULL
)
82 fatal("key_new: BN_new failed");
83 if ((dsa
->pub_key
= BN_new()) == NULL
)
84 fatal("key_new: BN_new failed");
90 fatal("key_new: bad key type %d", k
->type
);
97 key_new_private(int type
)
99 Key
*k
= key_new(type
);
103 if ((k
->rsa
->d
= BN_new()) == NULL
)
104 fatal("key_new_private: BN_new failed");
105 if ((k
->rsa
->iqmp
= BN_new()) == NULL
)
106 fatal("key_new_private: BN_new failed");
107 if ((k
->rsa
->q
= BN_new()) == NULL
)
108 fatal("key_new_private: BN_new failed");
109 if ((k
->rsa
->p
= BN_new()) == NULL
)
110 fatal("key_new_private: BN_new failed");
111 if ((k
->rsa
->dmq1
= BN_new()) == NULL
)
112 fatal("key_new_private: BN_new failed");
113 if ((k
->rsa
->dmp1
= BN_new()) == NULL
)
114 fatal("key_new_private: BN_new failed");
117 if ((k
->dsa
->priv_key
= BN_new()) == NULL
)
118 fatal("key_new_private: BN_new failed");
132 fatal("key_free: key is NULL");
148 fatal("key_free: bad key type %d", k
->type
);
155 key_equal(const Key
*a
, const Key
*b
)
157 if (a
== NULL
|| b
== NULL
|| a
->type
!= b
->type
)
162 return a
->rsa
!= NULL
&& b
->rsa
!= NULL
&&
163 BN_cmp(a
->rsa
->e
, b
->rsa
->e
) == 0 &&
164 BN_cmp(a
->rsa
->n
, b
->rsa
->n
) == 0;
166 return a
->dsa
!= NULL
&& b
->dsa
!= NULL
&&
167 BN_cmp(a
->dsa
->p
, b
->dsa
->p
) == 0 &&
168 BN_cmp(a
->dsa
->q
, b
->dsa
->q
) == 0 &&
169 BN_cmp(a
->dsa
->g
, b
->dsa
->g
) == 0 &&
170 BN_cmp(a
->dsa
->pub_key
, b
->dsa
->pub_key
) == 0;
172 fatal("key_equal: bad key type %d", a
->type
);
179 key_fingerprint_raw(const Key
*k
, enum fp_type dgst_type
,
180 u_int
*dgst_raw_length
)
182 const EVP_MD
*md
= NULL
;
185 u_char
*retval
= NULL
;
189 *dgst_raw_length
= 0;
199 fatal("key_fingerprint_raw: bad digest type %d",
204 nlen
= BN_num_bytes(k
->rsa
->n
);
205 elen
= BN_num_bytes(k
->rsa
->e
);
208 BN_bn2bin(k
->rsa
->n
, blob
);
209 BN_bn2bin(k
->rsa
->e
, blob
+ nlen
);
213 key_to_blob(k
, &blob
, &len
);
218 fatal("key_fingerprint_raw: bad key type %d", k
->type
);
222 retval
= xmalloc(EVP_MAX_MD_SIZE
);
223 EVP_DigestInit(&ctx
, md
);
224 EVP_DigestUpdate(&ctx
, blob
, len
);
225 EVP_DigestFinal(&ctx
, retval
, dgst_raw_length
);
226 memset(blob
, 0, len
);
229 fatal("key_fingerprint_raw: blob is null");
235 key_fingerprint_hex(u_char
*dgst_raw
, u_int dgst_raw_len
)
240 retval
= xcalloc(1, dgst_raw_len
* 3 + 1);
241 for (i
= 0; i
< dgst_raw_len
; i
++) {
243 snprintf(hex
, sizeof(hex
), "%02x:", dgst_raw
[i
]);
244 strlcat(retval
, hex
, dgst_raw_len
* 3 + 1);
247 /* Remove the trailing ':' character */
248 retval
[(dgst_raw_len
* 3) - 1] = '\0';
253 key_fingerprint_bubblebabble(u_char
*dgst_raw
, u_int dgst_raw_len
)
255 char vowels
[] = { 'a', 'e', 'i', 'o', 'u', 'y' };
256 char consonants
[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm',
257 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' };
258 u_int i
, j
= 0, rounds
, seed
= 1;
261 rounds
= (dgst_raw_len
/ 2) + 1;
262 retval
= xcalloc((rounds
* 6), sizeof(char));
264 for (i
= 0; i
< rounds
; i
++) {
265 u_int idx0
, idx1
, idx2
, idx3
, idx4
;
266 if ((i
+ 1 < rounds
) || (dgst_raw_len
% 2 != 0)) {
267 idx0
= (((((u_int
)(dgst_raw
[2 * i
])) >> 6) & 3) +
269 idx1
= (((u_int
)(dgst_raw
[2 * i
])) >> 2) & 15;
270 idx2
= ((((u_int
)(dgst_raw
[2 * i
])) & 3) +
272 retval
[j
++] = vowels
[idx0
];
273 retval
[j
++] = consonants
[idx1
];
274 retval
[j
++] = vowels
[idx2
];
275 if ((i
+ 1) < rounds
) {
276 idx3
= (((u_int
)(dgst_raw
[(2 * i
) + 1])) >> 4) & 15;
277 idx4
= (((u_int
)(dgst_raw
[(2 * i
) + 1]))) & 15;
278 retval
[j
++] = consonants
[idx3
];
280 retval
[j
++] = consonants
[idx4
];
282 ((((u_int
)(dgst_raw
[2 * i
])) * 7) +
283 ((u_int
)(dgst_raw
[(2 * i
) + 1])))) % 36;
289 retval
[j
++] = vowels
[idx0
];
290 retval
[j
++] = consonants
[idx1
];
291 retval
[j
++] = vowels
[idx2
];
300 key_fingerprint(const Key
*k
, enum fp_type dgst_type
, enum fp_rep dgst_rep
)
306 dgst_raw
= key_fingerprint_raw(k
, dgst_type
, &dgst_raw_len
);
308 fatal("key_fingerprint: null from key_fingerprint_raw()");
311 retval
= key_fingerprint_hex(dgst_raw
, dgst_raw_len
);
313 case SSH_FP_BUBBLEBABBLE
:
314 retval
= key_fingerprint_bubblebabble(dgst_raw
, dgst_raw_len
);
317 fatal("key_fingerprint_ex: bad digest representation %d",
321 memset(dgst_raw
, 0, dgst_raw_len
);
327 * Reads a multiple-precision integer in decimal from the buffer, and advances
328 * the pointer. The integer must already be initialized. This function is
329 * permitted to modify the buffer. This leaves *cpp to point just beyond the
330 * last processed (and maybe modified) character. Note that this may modify
331 * the buffer containing the number.
334 read_bignum(char **cpp
, BIGNUM
* value
)
339 /* Skip any leading whitespace. */
340 for (; *cp
== ' ' || *cp
== '\t'; cp
++)
343 /* Check that it begins with a decimal digit. */
344 if (*cp
< '0' || *cp
> '9')
347 /* Save starting position. */
350 /* Move forward until all decimal digits skipped. */
351 for (; *cp
>= '0' && *cp
<= '9'; cp
++)
354 /* Save the old terminating character, and replace it by \0. */
358 /* Parse the number. */
359 if (BN_dec2bn(&value
, *cpp
) == 0)
362 /* Restore old terminating character. */
365 /* Move beyond the number and return success. */
371 write_bignum(FILE *f
, BIGNUM
*num
)
373 char *buf
= BN_bn2dec(num
);
375 error("write_bignum: BN_bn2dec() failed");
378 fprintf(f
, " %s", buf
);
383 /* returns 1 ok, -1 error */
385 key_read(Key
*ret
, char **cpp
)
398 /* Get number of bits. */
399 if (*cp
< '0' || *cp
> '9')
400 return -1; /* Bad bit count... */
401 for (bits
= 0; *cp
>= '0' && *cp
<= '9'; cp
++)
402 bits
= 10 * bits
+ *cp
- '0';
406 /* Get public exponent, public modulus. */
407 if (!read_bignum(cpp
, ret
->rsa
->e
))
409 if (!read_bignum(cpp
, ret
->rsa
->n
))
416 space
= strchr(cp
, ' ');
418 debug3("key_read: missing whitespace");
422 type
= key_type_from_name(cp
);
424 if (type
== KEY_UNSPEC
) {
425 debug3("key_read: missing keytype");
430 debug3("key_read: short string");
433 if (ret
->type
== KEY_UNSPEC
) {
435 } else if (ret
->type
!= type
) {
436 /* is a key, but different type */
437 debug3("key_read: type mismatch");
442 n
= uudecode(cp
, blob
, len
);
444 error("key_read: uudecode %s failed", cp
);
448 k
= key_from_blob(blob
, (u_int
)n
);
451 error("key_read: key_from_blob %s failed", cp
);
454 if (k
->type
!= type
) {
455 error("key_read: type mismatch: encoding error");
460 if (ret
->type
== KEY_RSA
) {
461 if (ret
->rsa
!= NULL
)
467 RSA_print_fp(stderr
, ret
->rsa
, 8);
470 if (ret
->dsa
!= NULL
)
476 DSA_print_fp(stderr
, ret
->dsa
, 8);
483 /* advance cp: skip whitespace and data */
484 while (*cp
== ' ' || *cp
== '\t')
486 while (*cp
!= '\0' && *cp
!= ' ' && *cp
!= '\t')
491 fatal("key_read: bad key type: %d", ret
->type
);
498 key_write(const Key
*key
, FILE *f
)
505 if (key
->type
== KEY_RSA1
&& key
->rsa
!= NULL
) {
506 /* size of modulus 'n' */
507 bits
= BN_num_bits(key
->rsa
->n
);
508 fprintf(f
, "%u", bits
);
509 if (write_bignum(f
, key
->rsa
->e
) &&
510 write_bignum(f
, key
->rsa
->n
)) {
513 error("key_write: failed for RSA key");
515 } else if ((key
->type
== KEY_DSA
&& key
->dsa
!= NULL
) ||
516 (key
->type
== KEY_RSA
&& key
->rsa
!= NULL
)) {
517 key_to_blob(key
, &blob
, &len
);
519 n
= uuencode(blob
, len
, uu
, 2*len
);
521 fprintf(f
, "%s %s", key_ssh_name(key
), uu
);
531 key_type(const Key
*k
)
545 key_ssh_name(const Key
*k
)
553 return "ssh-unknown";
557 key_size(const Key
*k
)
562 return BN_num_bits(k
->rsa
->n
);
564 return BN_num_bits(k
->dsa
->p
);
570 rsa_generate_private_key(u_int bits
)
574 private = RSA_generate_key(bits
, 35, NULL
, NULL
);
576 fatal("rsa_generate_private_key: key generation failed.");
581 dsa_generate_private_key(u_int bits
)
583 DSA
*private = DSA_generate_parameters(bits
, NULL
, 0, NULL
, NULL
, NULL
, NULL
);
586 fatal("dsa_generate_private_key: DSA_generate_parameters failed");
587 if (!DSA_generate_key(private))
588 fatal("dsa_generate_private_key: DSA_generate_key failed.");
590 fatal("dsa_generate_private_key: NULL.");
595 key_generate(int type
, u_int bits
)
597 Key
*k
= key_new(KEY_UNSPEC
);
600 k
->dsa
= dsa_generate_private_key(bits
);
604 k
->rsa
= rsa_generate_private_key(bits
);
607 fatal("key_generate: unknown type %d", type
);
614 key_from_private(const Key
*k
)
619 n
= key_new(k
->type
);
620 BN_copy(n
->dsa
->p
, k
->dsa
->p
);
621 BN_copy(n
->dsa
->q
, k
->dsa
->q
);
622 BN_copy(n
->dsa
->g
, k
->dsa
->g
);
623 BN_copy(n
->dsa
->pub_key
, k
->dsa
->pub_key
);
627 n
= key_new(k
->type
);
628 BN_copy(n
->rsa
->n
, k
->rsa
->n
);
629 BN_copy(n
->rsa
->e
, k
->rsa
->e
);
632 fatal("key_from_private: unknown type %d", k
->type
);
639 key_type_from_name(char *name
)
641 if (strcmp(name
, "rsa1") == 0) {
643 } else if (strcmp(name
, "rsa") == 0) {
645 } else if (strcmp(name
, "dsa") == 0) {
647 } else if (strcmp(name
, "ssh-rsa") == 0) {
649 } else if (strcmp(name
, "ssh-dss") == 0) {
652 debug2("key_type_from_name: unknown key type '%s'", name
);
657 key_names_valid2(const char *names
)
661 if (names
== NULL
|| strcmp(names
, "") == 0)
663 s
= cp
= xstrdup(names
);
664 for ((p
= strsep(&cp
, ",")); p
&& *p
!= '\0';
665 (p
= strsep(&cp
, ","))) {
666 switch (key_type_from_name(p
)) {
673 debug3("key names ok: [%s]", names
);
679 key_from_blob(const u_char
*blob
, u_int blen
)
687 dump_base64(stderr
, blob
, blen
);
690 buffer_append(&b
, blob
, blen
);
691 if ((ktype
= buffer_get_string_ret(&b
, NULL
)) == NULL
) {
692 error("key_from_blob: can't read key type");
696 type
= key_type_from_name(ktype
);
701 if (buffer_get_bignum2_ret(&b
, key
->rsa
->e
) == -1 ||
702 buffer_get_bignum2_ret(&b
, key
->rsa
->n
) == -1) {
703 error("key_from_blob: can't read rsa key");
709 RSA_print_fp(stderr
, key
->rsa
, 8);
714 if (buffer_get_bignum2_ret(&b
, key
->dsa
->p
) == -1 ||
715 buffer_get_bignum2_ret(&b
, key
->dsa
->q
) == -1 ||
716 buffer_get_bignum2_ret(&b
, key
->dsa
->g
) == -1 ||
717 buffer_get_bignum2_ret(&b
, key
->dsa
->pub_key
) == -1) {
718 error("key_from_blob: can't read dsa key");
724 DSA_print_fp(stderr
, key
->dsa
, 8);
731 error("key_from_blob: cannot handle type %s", ktype
);
734 rlen
= buffer_len(&b
);
735 if (key
!= NULL
&& rlen
!= 0)
736 error("key_from_blob: remaining bytes in key blob %d", rlen
);
745 key_to_blob(const Key
*key
, u_char
**blobp
, u_int
*lenp
)
751 error("key_to_blob: key == NULL");
757 buffer_put_cstring(&b
, key_ssh_name(key
));
758 buffer_put_bignum2(&b
, key
->dsa
->p
);
759 buffer_put_bignum2(&b
, key
->dsa
->q
);
760 buffer_put_bignum2(&b
, key
->dsa
->g
);
761 buffer_put_bignum2(&b
, key
->dsa
->pub_key
);
764 buffer_put_cstring(&b
, key_ssh_name(key
));
765 buffer_put_bignum2(&b
, key
->rsa
->e
);
766 buffer_put_bignum2(&b
, key
->rsa
->n
);
769 error("key_to_blob: unsupported key type %d", key
->type
);
773 len
= buffer_len(&b
);
777 *blobp
= xmalloc(len
);
778 memcpy(*blobp
, buffer_ptr(&b
), len
);
780 memset(buffer_ptr(&b
), 0, len
);
788 u_char
**sigp
, u_int
*lenp
,
789 const u_char
*data
, u_int datalen
)
793 return ssh_dss_sign(key
, sigp
, lenp
, data
, datalen
);
795 return ssh_rsa_sign(key
, sigp
, lenp
, data
, datalen
);
797 error("key_sign: invalid key type %d", key
->type
);
803 * key_verify returns 1 for a correct signature, 0 for an incorrect signature
809 const u_char
*signature
, u_int signaturelen
,
810 const u_char
*data
, u_int datalen
)
812 if (signaturelen
== 0)
817 return ssh_dss_verify(key
, signature
, signaturelen
, data
, datalen
);
819 return ssh_rsa_verify(key
, signature
, signaturelen
, data
, datalen
);
821 error("key_verify: invalid key type %d", key
->type
);
826 /* Converts a private to a public key */
828 key_demote(const Key
*k
)
832 pk
= xcalloc(1, sizeof(*pk
));
834 pk
->flags
= k
->flags
;
841 if ((pk
->rsa
= RSA_new()) == NULL
)
842 fatal("key_demote: RSA_new failed");
843 if ((pk
->rsa
->e
= BN_dup(k
->rsa
->e
)) == NULL
)
844 fatal("key_demote: BN_dup failed");
845 if ((pk
->rsa
->n
= BN_dup(k
->rsa
->n
)) == NULL
)
846 fatal("key_demote: BN_dup failed");
849 if ((pk
->dsa
= DSA_new()) == NULL
)
850 fatal("key_demote: DSA_new failed");
851 if ((pk
->dsa
->p
= BN_dup(k
->dsa
->p
)) == NULL
)
852 fatal("key_demote: BN_dup failed");
853 if ((pk
->dsa
->q
= BN_dup(k
->dsa
->q
)) == NULL
)
854 fatal("key_demote: BN_dup failed");
855 if ((pk
->dsa
->g
= BN_dup(k
->dsa
->g
)) == NULL
)
856 fatal("key_demote: BN_dup failed");
857 if ((pk
->dsa
->pub_key
= BN_dup(k
->dsa
->pub_key
)) == NULL
)
858 fatal("key_demote: BN_dup failed");
861 fatal("key_free: bad key type %d", k
->type
);