Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/key.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/key.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 4539 - (hide annotations) (download) (as text)
Wed Jul 27 08:50:14 2011 UTC (12 years, 8 months ago) by doda
Original Path: trunk/ttssh2/ttxssh/key.c
File MIME type: text/x-csrc
File size: 27450 byte(s) 
SSHFP 検証を ECDSA 鍵、および SHA256 ダイジェストに対応させた
http://tools.ietf.org/html/draft-os-ietf-sshfp-ecdsa-sha2-00
1 maya 4304 /*
2     Copyright (c) 2011, TeraTerm Project
3     All rights reserved.
4    
5     Redistribution and use in source and binary forms, with or without modification,
6     are permitted provided that the following conditions are met:
7    
8     Redistributions of source code must retain the above copyright notice, this list of
9     conditions and the following disclaimer.
10    
11     Redistributions in binary form must reproduce the above copyright notice, this list
12     of conditions and the following disclaimer in the documentation and/or other materials
13     provided with the distribution.
14    
15     The name of Robert O'Callahan may not be used to endorse or promote products derived from
16     this software without specific prior written permission.
17    
18     THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21     THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22     EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23     SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25     OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26     SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27     */
28    
29     #include "key.h"
30 maya 4321 #include "kex.h"
31 maya 4304
32     #include <openssl/rsa.h>
33     #include <openssl/dsa.h>
34 maya 4321 #include <openssl/ecdsa.h>
35 maya 4304
36     #define INTBLOB_LEN 20
37     #define SIGBLOB_LEN (2*INTBLOB_LEN)
38    
39     //////////////////////////////////////////////////////////////////////////////
40     //
41     // Key verify function
42     //
43     //////////////////////////////////////////////////////////////////////////////
44    
45     //
46     // DSS
47     //
48    
49     int ssh_dss_verify(DSA *key,
50     u_char *signature, u_int signaturelen,
51     u_char *data, u_int datalen)
52     {
53     DSA_SIG *sig;
54     const EVP_MD *evp_md = EVP_sha1();
55     EVP_MD_CTX md;
56     unsigned char digest[EVP_MAX_MD_SIZE], *sigblob;
57     unsigned int len, dlen;
58     int ret;
59     char *ptr;
60    
61     OpenSSL_add_all_digests();
62    
63     if (key == NULL) {
64     return -2;
65     }
66    
67     ptr = signature;
68    
69     // step1
70     if (signaturelen == 0x28) {
71     // workaround for SSH-2.0-2.0* and SSH-2.0-2.1* (2006.11.18 maya)
72     ptr -= 4;
73     }
74     else {
75     len = get_uint32_MSBfirst(ptr);
76     ptr += 4;
77     if (strncmp("ssh-dss", ptr, len) != 0) {
78     return -3;
79     }
80     ptr += len;
81     }
82    
83     // step2
84     len = get_uint32_MSBfirst(ptr);
85     ptr += 4;
86     sigblob = ptr;
87     ptr += len;
88    
89     if (len != SIGBLOB_LEN) {
90     return -4;
91     }
92    
93     /* parse signature */
94     if ((sig = DSA_SIG_new()) == NULL)
95     return -5;
96     if ((sig->r = BN_new()) == NULL)
97     return -6;
98     if ((sig->s = BN_new()) == NULL)
99     return -7;
100     BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);
101     BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
102    
103     /* sha1 the data */
104     EVP_DigestInit(&md, evp_md);
105     EVP_DigestUpdate(&md, data, datalen);
106     EVP_DigestFinal(&md, digest, &dlen);
107    
108     ret = DSA_do_verify(digest, dlen, sig, key);
109     memset(digest, 'd', sizeof(digest));
110    
111     DSA_SIG_free(sig);
112    
113     return ret;
114     }
115    
116    
117     //
118     // RSA
119     //
120    
121     /*
122     * See:
123     * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/
124     * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn
125     */
126     /*
127     * id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
128     * oiw(14) secsig(3) algorithms(2) 26 }
129     */
130     static const u_char id_sha1[] = {
131     0x30, 0x21, /* type Sequence, length 0x21 (33) */
132     0x30, 0x09, /* type Sequence, length 0x09 */
133     0x06, 0x05, /* type OID, length 0x05 */
134     0x2b, 0x0e, 0x03, 0x02, 0x1a, /* id-sha1 OID */
135     0x05, 0x00, /* NULL */
136     0x04, 0x14 /* Octet string, length 0x14 (20), followed by sha1 hash */
137     };
138     /*
139     * id-md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
140     * rsadsi(113549) digestAlgorithm(2) 5 }
141     */
142     static const u_char id_md5[] = {
143     0x30, 0x20, /* type Sequence, length 0x20 (32) */
144     0x30, 0x0c, /* type Sequence, length 0x09 */
145     0x06, 0x08, /* type OID, length 0x05 */
146     0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, /* id-md5 */
147     0x05, 0x00, /* NULL */
148     0x04, 0x10 /* Octet string, length 0x10 (16), followed by md5 hash */
149     };
150    
151     static int openssh_RSA_verify(int type, u_char *hash, u_int hashlen,
152     u_char *sigbuf, u_int siglen, RSA *rsa)
153     {
154     u_int ret, rsasize, oidlen = 0, hlen = 0;
155     int len;
156     const u_char *oid = NULL;
157     u_char *decrypted = NULL;
158    
159     ret = 0;
160     switch (type) {
161     case NID_sha1:
162     oid = id_sha1;
163     oidlen = sizeof(id_sha1);
164     hlen = 20;
165     break;
166     case NID_md5:
167     oid = id_md5;
168     oidlen = sizeof(id_md5);
169     hlen = 16;
170     break;
171     default:
172     goto done;
173     break;
174     }
175     if (hashlen != hlen) {
176     //error("bad hashlen");
177     goto done;
178     }
179     rsasize = RSA_size(rsa);
180     if (siglen == 0 || siglen > rsasize) {
181     //error("bad siglen");
182     goto done;
183     }
184     decrypted = malloc(rsasize);
185     if (decrypted == NULL)
186     return 1; // error
187    
188     if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa,
189     RSA_PKCS1_PADDING)) < 0) {
190     //error("RSA_public_decrypt failed: %s",
191     // ERR_error_string(ERR_get_error(), NULL));
192     goto done;
193     }
194     if (len != hlen + oidlen) {
195     //error("bad decrypted len: %d != %d + %d", len, hlen, oidlen);
196     goto done;
197     }
198     if (memcmp(decrypted, oid, oidlen) != 0) {
199     //error("oid mismatch");
200     goto done;
201     }
202     if (memcmp(decrypted + oidlen, hash, hlen) != 0) {
203     //error("hash mismatch");
204     goto done;
205     }
206     ret = 1;
207     done:
208     if (decrypted)
209     free(decrypted);
210     return ret;
211     }
212    
213     int ssh_rsa_verify(RSA *key,
214     u_char *signature, u_int signaturelen,
215     u_char *data, u_int datalen)
216     {
217     const EVP_MD *evp_md;
218     EVP_MD_CTX md;
219     // char *ktype;
220     u_char digest[EVP_MAX_MD_SIZE], *sigblob;
221     u_int len, dlen, modlen;
222     // int rlen, ret, nid;
223     int ret, nid;
224     char *ptr;
225    
226     OpenSSL_add_all_digests();
227    
228     if (key == NULL) {
229     return -2;
230     }
231     if (BN_num_bits(key->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
232     return -3;
233     }
234     //debug_print(41, signature, signaturelen);
235     ptr = signature;
236    
237     // step1
238     len = get_uint32_MSBfirst(ptr);
239     ptr += 4;
240     if (strncmp("ssh-rsa", ptr, len) != 0) {
241     return -4;
242     }
243     ptr += len;
244    
245     // step2
246     len = get_uint32_MSBfirst(ptr);
247     ptr += 4;
248     sigblob = ptr;
249     ptr += len;
250     #if 0
251     rlen = get_uint32_MSBfirst(ptr);
252     if (rlen != 0) {
253     return -1;
254     }
255     #endif
256    
257     /* RSA_verify expects a signature of RSA_size */
258     modlen = RSA_size(key);
259     if (len > modlen) {
260     return -5;
261    
262     } else if (len < modlen) {
263     u_int diff = modlen - len;
264     sigblob = realloc(sigblob, modlen);
265     memmove(sigblob + diff, sigblob, len);
266     memset(sigblob, 0, diff);
267     len = modlen;
268     }
269    
270     /* sha1 the data */
271     // nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1;
272     nid = NID_sha1;
273     if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
274     //error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid);
275     return -6;
276     }
277     EVP_DigestInit(&md, evp_md);
278     EVP_DigestUpdate(&md, data, datalen);
279     EVP_DigestFinal(&md, digest, &dlen);
280    
281     ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key);
282    
283     memset(digest, 'd', sizeof(digest));
284     memset(sigblob, 's', len);
285     //free(sigblob);
286     //debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
287    
288     return ret;
289     }
290    
291 maya 4378 int ssh_ecdsa_verify(EC_KEY *key, ssh_keytype keytype,
292 maya 4321 u_char *signature, u_int signaturelen,
293     u_char *data, u_int datalen)
294     {
295     ECDSA_SIG *sig;
296     const EVP_MD *evp_md;
297     EVP_MD_CTX md;
298     unsigned char digest[EVP_MAX_MD_SIZE], *sigblob;
299     unsigned int len, dlen;
300     int ret, nid = NID_undef;
301     char *ptr;
302    
303     OpenSSL_add_all_digests();
304    
305     if (key == NULL) {
306     return -2;
307     }
308    
309     ptr = signature;
310    
311     len = get_uint32_MSBfirst(ptr);
312     ptr += 4;
313 maya 4378 if (strncmp(get_ssh_keytype_name(keytype), ptr, len) != 0) {
314 maya 4321 return -3;
315     }
316     ptr += len;
317    
318     len = get_uint32_MSBfirst(ptr);
319     ptr += 4;
320     sigblob = ptr;
321     ptr += len;
322    
323     /* parse signature */
324     if ((sig = ECDSA_SIG_new()) == NULL)
325     return -4;
326     if ((sig->r = BN_new()) == NULL)
327     return -5;
328     if ((sig->s = BN_new()) == NULL)
329     return -6;
330    
331     buffer_get_bignum2(&sigblob, sig->r);
332     buffer_get_bignum2(&sigblob, sig->s);
333     if (sigblob != ptr) {
334     return -7;
335     }
336    
337     /* hash the data */
338 maya 4327 nid = keytype_to_hash_nid(keytype);
339 maya 4321 if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
340     return -8;
341     }
342     EVP_DigestInit(&md, evp_md);
343     EVP_DigestUpdate(&md, data, datalen);
344     EVP_DigestFinal(&md, digest, &dlen);
345    
346     ret = ECDSA_do_verify(digest, dlen, sig, key);
347     memset(digest, 'd', sizeof(digest));
348    
349     ECDSA_SIG_free(sig);
350    
351     return ret;
352     }
353    
354 maya 4307 int key_verify(Key *key,
355 maya 4304 unsigned char *signature, unsigned int signaturelen,
356     unsigned char *data, unsigned int datalen)
357     {
358     int ret = 0;
359    
360 maya 4321 switch (key->type) {
361     case KEY_RSA:
362 maya 4307 ret = ssh_rsa_verify(key->rsa, signature, signaturelen, data, datalen);
363 maya 4321 break;
364     case KEY_DSA:
365 maya 4307 ret = ssh_dss_verify(key->dsa, signature, signaturelen, data, datalen);
366 maya 4321 break;
367     case KEY_ECDSA256:
368     case KEY_ECDSA384:
369     case KEY_ECDSA521:
370     ret = ssh_ecdsa_verify(key->ecdsa, key->type, signature, signaturelen, data, datalen);
371     break;
372     default:
373 maya 4304 return -1;
374     }
375    
376     return (ret); // success
377     }
378    
379     //
380     // RSA�\����������
381     //
382     RSA *duplicate_RSA(RSA *src)
383     {
384     RSA *rsa = NULL;
385    
386     rsa = RSA_new();
387     if (rsa == NULL)
388     goto error;
389     rsa->n = BN_new();
390     rsa->e = BN_new();
391     if (rsa->n == NULL || rsa->e == NULL) {
392     RSA_free(rsa);
393     goto error;
394     }
395    
396     // �[���R�s�[(deep copy)���s���B�����R�s�[(shallow copy)��NG�B
397     BN_copy(rsa->n, src->n);
398     BN_copy(rsa->e, src->e);
399    
400     error:
401     return (rsa);
402     }
403    
404    
405     //
406     // DSA�\����������
407     //
408     DSA *duplicate_DSA(DSA *src)
409     {
410     DSA *dsa = NULL;
411    
412     dsa = DSA_new();
413     if (dsa == NULL)
414     goto error;
415     dsa->p = BN_new();
416     dsa->q = BN_new();
417     dsa->g = BN_new();
418     dsa->pub_key = BN_new();
419     if (dsa->p == NULL ||
420     dsa->q == NULL ||
421     dsa->g == NULL ||
422     dsa->pub_key == NULL) {
423     DSA_free(dsa);
424     goto error;
425     }
426    
427     // �[���R�s�[(deep copy)���s���B�����R�s�[(shallow copy)��NG�B
428     BN_copy(dsa->p, src->p);
429     BN_copy(dsa->q, src->q);
430     BN_copy(dsa->g, src->g);
431     BN_copy(dsa->pub_key, src->pub_key);
432    
433     error:
434     return (dsa);
435     }
436    
437    
438 doda 4531 char* key_fingerprint_raw(Key *k, enum fp_type dgst_type, int *dgst_raw_length)
439 maya 4304 {
440     const EVP_MD *md = NULL;
441     EVP_MD_CTX ctx;
442     char *blob = NULL;
443     char *retval = NULL;
444     int len = 0;
445     int nlen, elen;
446     RSA *rsa;
447    
448     *dgst_raw_length = 0;
449    
450 doda 4531 switch (dgst_type) {
451     case SSH_FP_MD5:
452     md = EVP_md5();
453     break;
454     case SSH_FP_SHA1:
455     md = EVP_sha1();
456     break;
457 doda 4539 case SSH_FP_SHA256:
458     md = EVP_sha256();
459     break;
460 doda 4531 default:
461     md = EVP_md5();
462     }
463 maya 4304
464     switch (k->type) {
465     case KEY_RSA1:
466     rsa = make_key(NULL, k->bits, k->exp, k->mod);
467     nlen = BN_num_bytes(rsa->n);
468     elen = BN_num_bytes(rsa->e);
469     len = nlen + elen;
470     blob = malloc(len);
471     if (blob == NULL) {
472     // TODO:
473     }
474     BN_bn2bin(rsa->n, blob);
475     BN_bn2bin(rsa->e, blob + nlen);
476     RSA_free(rsa);
477     break;
478    
479     case KEY_DSA:
480     case KEY_RSA:
481 maya 4321 case KEY_ECDSA256:
482     case KEY_ECDSA384:
483     case KEY_ECDSA521:
484 maya 4304 key_to_blob(k, &blob, &len);
485     break;
486    
487     case KEY_UNSPEC:
488     return retval;
489     break;
490    
491     default:
492     //fatal("key_fingerprint_raw: bad key type %d", k->type);
493     break;
494     }
495    
496     if (blob != NULL) {
497     retval = malloc(EVP_MAX_MD_SIZE);
498     if (retval == NULL) {
499     // TODO:
500     }
501     EVP_DigestInit(&ctx, md);
502     EVP_DigestUpdate(&ctx, blob, len);
503     EVP_DigestFinal(&ctx, retval, dgst_raw_length);
504     memset(blob, 0, len);
505     free(blob);
506     } else {
507     //fatal("key_fingerprint_raw: blob is null");
508     }
509     return retval;
510     }
511    
512    
513     const char *
514     key_type(const Key *k)
515     {
516     switch (k->type) {
517     case KEY_RSA1:
518     return "RSA1";
519     case KEY_RSA:
520     return "RSA";
521     case KEY_DSA:
522     return "DSA";
523 maya 4321 case KEY_ECDSA256:
524     case KEY_ECDSA384:
525     case KEY_ECDSA521:
526     return "ECDSA";
527 maya 4304 }
528     return "unknown";
529     }
530    
531     unsigned int
532     key_size(const Key *k)
533     {
534     switch (k->type) {
535     case KEY_RSA1:
536     // SSH1�������� key->rsa �� key->dsa �� NULL �����������A�g�������B
537     return k->bits;
538     case KEY_RSA:
539     return BN_num_bits(k->rsa->n);
540     case KEY_DSA:
541     return BN_num_bits(k->dsa->p);
542 maya 4321 case KEY_ECDSA256:
543     return 256;
544     case KEY_ECDSA384:
545     return 384;
546     case KEY_ECDSA521:
547     return 521;
548 maya 4304 }
549     return 0;
550     }
551    
552     // based on OpenSSH 5.1
553     #define FLDBASE 8
554     #define FLDSIZE_Y (FLDBASE + 1)
555     #define FLDSIZE_X (FLDBASE * 2 + 1)
556     static char *
557     key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k)
558     {
559     /*
560     * Chars to be used after each other every time the worm
561     * intersects with itself. Matter of taste.
562     */
563     char *augmentation_string = " .o+=*BOX@%&#/^SE";
564     char *retval, *p;
565     unsigned char field[FLDSIZE_X][FLDSIZE_Y];
566     unsigned int i, b;
567     int x, y;
568     size_t len = strlen(augmentation_string) - 1;
569    
570     retval = calloc(1, (FLDSIZE_X + 3 + 1) * (FLDSIZE_Y + 2));
571    
572     /* initialize field */
573     memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char));
574     x = FLDSIZE_X / 2;
575     y = FLDSIZE_Y / 2;
576    
577     /* process raw key */
578     for (i = 0; i < dgst_raw_len; i++) {
579     int input;
580     /* each byte conveys four 2-bit move commands */
581     input = dgst_raw[i];
582     for (b = 0; b < 4; b++) {
583     /* evaluate 2 bit, rest is shifted later */
584     x += (input & 0x1) ? 1 : -1;
585     y += (input & 0x2) ? 1 : -1;
586    
587     /* assure we are still in bounds */
588     x = max(x, 0);
589     y = max(y, 0);
590     x = min(x, FLDSIZE_X - 1);
591     y = min(y, FLDSIZE_Y - 1);
592    
593     /* augment the field */
594     field[x][y]++;
595     input = input >> 2;
596     }
597     }
598    
599     /* mark starting point and end point*/
600     field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1;
601     field[x][y] = len;
602    
603     /* fill in retval */
604     _snprintf_s(retval, FLDSIZE_X, _TRUNCATE, "+--[%4s %4u]", key_type(k), key_size(k));
605     p = strchr(retval, '\0');
606    
607     /* output upper border */
608     for (i = p - retval - 1; i < FLDSIZE_X; i++)
609     *p++ = '-';
610     *p++ = '+';
611     *p++ = '\r';
612     *p++ = '\n';
613    
614     /* output content */
615     for (y = 0; y < FLDSIZE_Y; y++) {
616     *p++ = '|';
617     for (x = 0; x < FLDSIZE_X; x++)
618     *p++ = augmentation_string[min(field[x][y], len)];
619     *p++ = '|';
620     *p++ = '\r';
621     *p++ = '\n';
622     }
623    
624     /* output lower border */
625     *p++ = '+';
626     for (i = 0; i < FLDSIZE_X; i++)
627     *p++ = '-';
628     *p++ = '+';
629    
630     return retval;
631     }
632     #undef FLDBASE
633     #undef FLDSIZE_Y
634     #undef FLDSIZE_X
635    
636     //
637     // fingerprint�i�w���F�z�X�g���J�����n�b�V���j����������
638     //
639     char *key_fingerprint(Key *key, enum fp_rep dgst_rep)
640     {
641     char *retval = NULL;
642     unsigned char *dgst_raw;
643     int dgst_raw_len;
644     int i, retval_len;
645    
646     // fingerprint���n�b�V���l�i�o�C�i���j��������
647 doda 4531 dgst_raw = key_fingerprint_raw(key, SSH_FP_MD5, &dgst_raw_len);
648 maya 4304
649     if (dgst_rep == SSH_FP_HEX) {
650     // 16�i�\�L����������
651     retval_len = dgst_raw_len * 3 + 1;
652     retval = malloc(retval_len);
653     retval[0] = '\0';
654     for (i = 0; i < dgst_raw_len; i++) {
655     char hex[4];
656     _snprintf_s(hex, sizeof(hex), _TRUNCATE, "%02x:", dgst_raw[i]);
657     strncat_s(retval, retval_len, hex, _TRUNCATE);
658     }
659    
660     /* Remove the trailing ':' character */
661     retval[(dgst_raw_len * 3) - 1] = '\0';
662    
663     } else if (dgst_rep == SSH_FP_RANDOMART) {
664     retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len, key);
665    
666     } else {
667    
668     }
669    
670     memset(dgst_raw, 0, dgst_raw_len);
671     free(dgst_raw);
672    
673     return (retval);
674     }
675    
676    
677     //
678     // �L�[����������������
679     //
680     void key_free(Key *key)
681     {
682 maya 4321 if (key == NULL) {
683     return;
684     }
685    
686 maya 4304 switch (key->type) {
687     case KEY_RSA1:
688     case KEY_RSA:
689     if (key->rsa != NULL)
690     RSA_free(key->rsa);
691     key->rsa = NULL;
692     break;
693    
694     case KEY_DSA:
695     if (key->dsa != NULL)
696     DSA_free(key->dsa);
697     key->dsa = NULL;
698     break;
699 maya 4321
700     case KEY_ECDSA256:
701     case KEY_ECDSA384:
702     case KEY_ECDSA521:
703     if (key->ecdsa != NULL)
704     EC_KEY_free(key->ecdsa);
705     key->ecdsa = NULL;
706     break;
707 maya 4304 }
708     free(key);
709     }
710    
711     //
712     // �L�[���������������p����
713     //
714 maya 4321 char *get_sshname_from_key(Key *key)
715     {
716 maya 4378 return get_ssh_keytype_name(key->type);
717 maya 4321 }
718 maya 4304
719     //
720     // �L�[������������������������
721     //
722 maya 4378 ssh_keytype get_keytype_from_name(char *name)
723 maya 4304 {
724     if (strcmp(name, "rsa1") == 0) {
725     return KEY_RSA1;
726     } else if (strcmp(name, "rsa") == 0) {
727     return KEY_RSA;
728     } else if (strcmp(name, "dsa") == 0) {
729     return KEY_DSA;
730     } else if (strcmp(name, "ssh-rsa") == 0) {
731     return KEY_RSA;
732     } else if (strcmp(name, "ssh-dss") == 0) {
733     return KEY_DSA;
734 maya 4321 } else if (strcmp(name, "ecdsa-sha2-nistp256") == 0) {
735     return KEY_ECDSA256;
736     } else if (strcmp(name, "ecdsa-sha2-nistp384") == 0) {
737     return KEY_ECDSA384;
738     } else if (strcmp(name, "ecdsa-sha2-nistp521") == 0) {
739     return KEY_ECDSA521;
740 maya 4304 }
741     return KEY_UNSPEC;
742     }
743    
744    
745 maya 4378 ssh_keytype key_curve_name_to_keytype(char *name)
746 maya 4321 {
747     if (strcmp(name, "nistp256") == 0) {
748     return KEY_ECDSA256;
749     } else if (strcmp(name, "nistp384") == 0) {
750     return KEY_ECDSA384;
751     } else if (strcmp(name, "nistp521") == 0) {
752     return KEY_ECDSA521;
753     }
754     return KEY_UNSPEC;
755     }
756    
757 maya 4378 char *curve_keytype_to_name(ssh_keytype type)
758 maya 4321 {
759     switch (type) {
760     case KEY_ECDSA256:
761     return "nistp256";
762     break;
763     case KEY_ECDSA384:
764     return "nistp384";
765     break;
766     case KEY_ECDSA521:
767     return "nistp521";
768     break;
769     }
770     return NULL;
771     }
772    
773 maya 4304 //
774     // �L�[���������o�b�t�@���������� (for SSH2)
775     // NOTE:
776     //
777     int key_to_blob(Key *key, char **blobp, int *lenp)
778     {
779     buffer_t *b;
780 maya 4321 char *sshname, *tmp;
781 maya 4304 int len;
782     int ret = 1; // success
783    
784     b = buffer_init();
785     sshname = get_sshname_from_key(key);
786    
787 maya 4321 switch (key->type) {
788     case KEY_RSA:
789 maya 4304 buffer_put_string(b, sshname, strlen(sshname));
790     buffer_put_bignum2(b, key->rsa->e);
791     buffer_put_bignum2(b, key->rsa->n);
792 maya 4321 break;
793     case KEY_DSA:
794 maya 4304 buffer_put_string(b, sshname, strlen(sshname));
795     buffer_put_bignum2(b, key->dsa->p);
796     buffer_put_bignum2(b, key->dsa->q);
797     buffer_put_bignum2(b, key->dsa->g);
798     buffer_put_bignum2(b, key->dsa->pub_key);
799 maya 4321 break;
800     case KEY_ECDSA256:
801     case KEY_ECDSA384:
802     case KEY_ECDSA521:
803     buffer_put_string(b, sshname, strlen(sshname));
804     tmp = curve_keytype_to_name(key->type);
805     buffer_put_string(b, tmp, strlen(tmp));
806     buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa),
807     EC_KEY_get0_public_key(key->ecdsa));
808     break;
809 maya 4304
810 maya 4321 default:
811 maya 4304 ret = 0;
812     goto error;
813     }
814    
815     len = buffer_len(b);
816     if (lenp != NULL)
817     *lenp = len;
818     if (blobp != NULL) {
819     *blobp = malloc(len);
820     if (*blobp == NULL) {
821     ret = 0;
822     goto error;
823     }
824     memcpy(*blobp, buffer_ptr(b), len);
825     }
826    
827     error:
828     buffer_free(b);
829    
830     return (ret);
831     }
832    
833    
834     //
835     // �o�b�t�@�����L�[�����������o��(for SSH2)
836     // NOTE: ���l���A���P�[�g���������������A�����o�������������������B
837     //
838     Key *key_from_blob(char *data, int blen)
839     {
840     int keynamelen;
841     char key[128];
842     RSA *rsa = NULL;
843     DSA *dsa = NULL;
844 maya 4321 EC_KEY *ecdsa = NULL;
845     EC_POINT *q = NULL;
846     char *curve = NULL;
847 maya 4304 Key *hostkey; // hostkey
848 maya 4378 ssh_keytype type;
849 maya 4304
850     hostkey = malloc(sizeof(Key));
851     if (hostkey == NULL)
852     goto error;
853    
854     memset(hostkey, 0, sizeof(Key));
855    
856     keynamelen = get_uint32_MSBfirst(data);
857     if (keynamelen >= sizeof(key)) {
858     goto error;
859     }
860     data += 4;
861     memcpy(key, data, keynamelen);
862     key[keynamelen] = 0;
863     data += keynamelen;
864    
865     type = get_keytype_from_name(key);
866    
867 maya 4321 switch (type) {
868     case KEY_RSA: // RSA key
869 maya 4304 rsa = RSA_new();
870     if (rsa == NULL) {
871     goto error;
872     }
873     rsa->n = BN_new();
874     rsa->e = BN_new();
875     if (rsa->n == NULL || rsa->e == NULL) {
876     goto error;
877     }
878    
879     buffer_get_bignum2(&data, rsa->e);
880     buffer_get_bignum2(&data, rsa->n);
881    
882     hostkey->type = type;
883     hostkey->rsa = rsa;
884 maya 4321 break;
885 maya 4304
886 maya 4321 case KEY_DSA: // DSA key
887 maya 4304 dsa = DSA_new();
888     if (dsa == NULL) {
889     goto error;
890     }
891     dsa->p = BN_new();
892     dsa->q = BN_new();
893     dsa->g = BN_new();
894     dsa->pub_key = BN_new();
895     if (dsa->p == NULL ||
896     dsa->q == NULL ||
897     dsa->g == NULL ||
898     dsa->pub_key == NULL) {
899     goto error;
900     }
901    
902     buffer_get_bignum2(&data, dsa->p);
903     buffer_get_bignum2(&data, dsa->q);
904     buffer_get_bignum2(&data, dsa->g);
905     buffer_get_bignum2(&data, dsa->pub_key);
906    
907     hostkey->type = type;
908     hostkey->dsa = dsa;
909 maya 4321 break;
910 maya 4304
911 maya 4321 case KEY_ECDSA256: // ECDSA
912     case KEY_ECDSA384:
913     case KEY_ECDSA521:
914     curve = buffer_get_string(&data, NULL);
915     if (type != key_curve_name_to_keytype(curve)) {
916     goto error;
917     }
918    
919 maya 4327 ecdsa = EC_KEY_new_by_curve_name(keytype_to_cipher_nid(type));
920 maya 4321 if (ecdsa == NULL) {
921     goto error;
922     }
923    
924     q = EC_POINT_new(EC_KEY_get0_group(ecdsa));
925     if (q == NULL) {
926     goto error;
927     }
928    
929     buffer_get_ecpoint(&data, EC_KEY_get0_group(ecdsa), q);
930     if (key_ec_validate_public(EC_KEY_get0_group(ecdsa), q) == -1) {
931     goto error;
932     }
933    
934     if (EC_KEY_set_public_key(ecdsa, q) != 1) {
935     goto error;
936     }
937    
938     hostkey->type = type;
939     hostkey->ecdsa = ecdsa;
940     break;
941    
942     default: // unknown key
943 maya 4304 goto error;
944     }
945    
946     return (hostkey);
947    
948     error:
949     if (rsa != NULL)
950     RSA_free(rsa);
951     if (dsa != NULL)
952     DSA_free(dsa);
953 maya 4321 if (ecdsa != NULL)
954     EC_KEY_free(ecdsa);
955 maya 4304
956     return NULL;
957     }
958    
959    
960 maya 4307 BOOL generate_SSH2_keysign(Key *keypair, char **sigptr, int *siglen, char *data, int datalen)
961 maya 4304 {
962     buffer_t *msg = NULL;
963     char *s;
964    
965     msg = buffer_init();
966     if (msg == NULL) {
967     // TODO: error check
968     return FALSE;
969     }
970    
971 maya 4324 switch (keypair->type) {
972     case KEY_RSA: // RSA
973     {
974 maya 4307 const EVP_MD *evp_md = EVP_sha1();
975 maya 4304 EVP_MD_CTX md;
976     u_char digest[EVP_MAX_MD_SIZE], *sig;
977     u_int slen, dlen, len;
978 maya 4307 int ok, nid = NID_sha1;
979 maya 4304
980     // �_�C�W�F�X�g�l���v�Z
981     EVP_DigestInit(&md, evp_md);
982     EVP_DigestUpdate(&md, data, datalen);
983     EVP_DigestFinal(&md, digest, &dlen);
984    
985 maya 4307 slen = RSA_size(keypair->rsa);
986 maya 4304 sig = malloc(slen);
987     if (sig == NULL)
988     goto error;
989    
990     // �d�q�������v�Z
991 maya 4307 ok = RSA_sign(nid, digest, dlen, sig, &len, keypair->rsa);
992 maya 4304 memset(digest, 'd', sizeof(digest));
993     if (ok != 1) { // error
994     free(sig);
995     goto error;
996     }
997     // �������T�C�Y���o�b�t�@���������������A�������������B�������[�����������B
998     if (len < slen) {
999     u_int diff = slen - len;
1000     memmove(sig + diff, sig, len);
1001     memset(sig, 0, diff);
1002    
1003     } else if (len > slen) {
1004     free(sig);
1005     goto error;
1006    
1007     } else {
1008     // do nothing
1009    
1010     }
1011    
1012 maya 4307 s = get_sshname_from_key(keypair);
1013 maya 4304 buffer_put_string(msg, s, strlen(s));
1014     buffer_append_length(msg, sig, slen);
1015     len = buffer_len(msg);
1016    
1017     // setting
1018     *siglen = len;
1019     *sigptr = malloc(len);
1020     if (*sigptr == NULL) {
1021     free(sig);
1022     goto error;
1023     }
1024     memcpy(*sigptr, buffer_ptr(msg), len);
1025     free(sig);
1026 maya 4324
1027     break;
1028 maya 4307 }
1029 maya 4324 case KEY_DSA: // DSA
1030     {
1031 maya 4304 DSA_SIG *sig;
1032     const EVP_MD *evp_md = EVP_sha1();
1033     EVP_MD_CTX md;
1034     u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
1035     u_int rlen, slen, len, dlen;
1036    
1037     // �_�C�W�F�X�g���v�Z
1038     EVP_DigestInit(&md, evp_md);
1039     EVP_DigestUpdate(&md, data, datalen);
1040     EVP_DigestFinal(&md, digest, &dlen);
1041    
1042     // DSA�d�q�������v�Z
1043 maya 4307 sig = DSA_do_sign(digest, dlen, keypair->dsa);
1044 maya 4304 memset(digest, 'd', sizeof(digest));
1045     if (sig == NULL) {
1046     goto error;
1047     }
1048    
1049     // BIGNUM�����o�C�i���l��������
1050     rlen = BN_num_bytes(sig->r);
1051     slen = BN_num_bytes(sig->s);
1052     if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
1053     DSA_SIG_free(sig);
1054     goto error;
1055     }
1056     memset(sigblob, 0, SIGBLOB_LEN);
1057     BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
1058     BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
1059     DSA_SIG_free(sig);
1060    
1061     // setting
1062 maya 4307 s = get_sshname_from_key(keypair);
1063 maya 4304 buffer_put_string(msg, s, strlen(s));
1064     buffer_append_length(msg, sigblob, sizeof(sigblob));
1065     len = buffer_len(msg);
1066    
1067     // setting
1068     *siglen = len;
1069     *sigptr = malloc(len);
1070     if (*sigptr == NULL) {
1071     goto error;
1072     }
1073     memcpy(*sigptr, buffer_ptr(msg), len);
1074    
1075 maya 4324 break;
1076 maya 4304 }
1077 maya 4324 case KEY_ECDSA256: // ECDSA
1078     case KEY_ECDSA384:
1079     case KEY_ECDSA521:
1080     {
1081     ECDSA_SIG *sig;
1082     const EVP_MD *evp_md;
1083     EVP_MD_CTX md;
1084     u_char digest[EVP_MAX_MD_SIZE];
1085     u_int len, dlen, nid;
1086     buffer_t *buf2 = NULL;
1087    
1088 maya 4327 nid = keytype_to_hash_nid(keypair->type);
1089 maya 4324 if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
1090     goto error;
1091     }
1092     EVP_DigestInit(&md, evp_md);
1093     EVP_DigestUpdate(&md, data, datalen);
1094     EVP_DigestFinal(&md, digest, &dlen);
1095    
1096     sig = ECDSA_do_sign(digest, dlen, keypair->ecdsa);
1097     memset(digest, 'd', sizeof(digest));
1098    
1099     if (sig == NULL) {
1100     goto error;
1101     }
1102    
1103     buf2 = buffer_init();
1104     if (buf2 == NULL) {
1105     // TODO: error check
1106     goto error;
1107     }
1108     buffer_put_bignum2(buf2, sig->r);
1109     buffer_put_bignum2(buf2, sig->s);
1110     ECDSA_SIG_free(sig);
1111    
1112     s = get_sshname_from_key(keypair);
1113     buffer_put_string(msg, s, strlen(s));
1114     buffer_put_string(msg, buffer_ptr(buf2), buffer_len(buf2));
1115     buffer_free(buf2);
1116     len = buffer_len(msg);
1117    
1118     *siglen = len;
1119     *sigptr = malloc(len);
1120     if (*sigptr == NULL) {
1121     goto error;
1122     }
1123     memcpy(*sigptr, buffer_ptr(msg), len);
1124    
1125     break;
1126     }
1127     default:
1128 maya 4307 buffer_free(msg);
1129     return FALSE;
1130 maya 4324 break;
1131 maya 4307 }
1132 maya 4304
1133     buffer_free(msg);
1134     return TRUE;
1135    
1136     error:
1137     buffer_free(msg);
1138    
1139     return FALSE;
1140     }
1141    
1142    
1143     BOOL get_SSH2_publickey_blob(PTInstVar pvar, buffer_t **blobptr, int *bloblen)
1144     {
1145     buffer_t *msg = NULL;
1146 maya 4307 Key *keypair;
1147 maya 4324 char *s, *tmp;
1148 maya 4304
1149     msg = buffer_init();
1150     if (msg == NULL) {
1151     // TODO: error check
1152     return FALSE;
1153     }
1154    
1155     keypair = pvar->auth_state.cur_cred.key_pair;
1156    
1157 maya 4324 switch (keypair->type) {
1158     case KEY_RSA: // RSA
1159 maya 4307 s = get_sshname_from_key(keypair);
1160 maya 4304 buffer_put_string(msg, s, strlen(s));
1161 maya 4307 buffer_put_bignum2(msg, keypair->rsa->e); // ���J�w��
1162     buffer_put_bignum2(msg, keypair->rsa->n); // p�~q
1163 maya 4324 break;
1164     case KEY_DSA: // DSA
1165 maya 4307 s = get_sshname_from_key(keypair);
1166 maya 4304 buffer_put_string(msg, s, strlen(s));
1167 maya 4307 buffer_put_bignum2(msg, keypair->dsa->p); // �f��
1168     buffer_put_bignum2(msg, keypair->dsa->q); // (p-1)���f����
1169     buffer_put_bignum2(msg, keypair->dsa->g); // ����
1170     buffer_put_bignum2(msg, keypair->dsa->pub_key); // ���J��
1171 maya 4324 break;
1172     case KEY_ECDSA256: // ECDSA
1173     case KEY_ECDSA384:
1174     case KEY_ECDSA521:
1175     s = get_sshname_from_key(keypair);
1176     buffer_put_string(msg, s, strlen(s));
1177     tmp = curve_keytype_to_name(keypair->type);
1178     buffer_put_string(msg, tmp, strlen(tmp));
1179     buffer_put_ecpoint(msg, EC_KEY_get0_group(keypair->ecdsa),
1180     EC_KEY_get0_public_key(keypair->ecdsa));
1181     break;
1182     default:
1183 maya 4307 return FALSE;
1184     }
1185    
1186 maya 4304 *blobptr = msg;
1187     *bloblen = buffer_len(msg);
1188    
1189     return TRUE;
1190     }
1191 maya 4327
1192 maya 4378 int kextype_to_cipher_nid(kex_algorithm type)
1193 maya 4327 {
1194     switch (type) {
1195     case KEX_ECDH_SHA2_256:
1196     return NID_X9_62_prime256v1;
1197     case KEX_ECDH_SHA2_384:
1198     return NID_secp384r1;
1199     case KEX_ECDH_SHA2_521:
1200     return NID_secp521r1;
1201     }
1202     return NID_undef;
1203     }
1204    
1205 maya 4378 int keytype_to_hash_nid(ssh_keytype type)
1206 maya 4327 {
1207     switch (type) {
1208     case KEY_ECDSA256:
1209     return NID_sha256;
1210     case KEY_ECDSA384:
1211     return NID_sha384;
1212     case KEY_ECDSA521:
1213     return NID_sha512;
1214     }
1215     return NID_undef;
1216     }
1217    
1218 maya 4378 int keytype_to_cipher_nid(ssh_keytype type)
1219 maya 4327 {
1220     switch (type) {
1221     case KEY_ECDSA256:
1222     return NID_X9_62_prime256v1;
1223     case KEY_ECDSA384:
1224     return NID_secp384r1;
1225     case KEY_ECDSA521:
1226     return NID_secp521r1;
1227     }
1228     return NID_undef;
1229     }
1230    
1231 maya 4378 ssh_keytype nid_to_keytype(int nid)
1232 maya 4327 {
1233     switch (nid) {
1234     case NID_X9_62_prime256v1:
1235     return KEY_ECDSA256;
1236     case NID_secp384r1:
1237     return KEY_ECDSA384;
1238     case NID_secp521r1:
1239     return KEY_ECDSA521;
1240     }
1241     return KEY_UNSPEC;
1242     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help