Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/key.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/key.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 5545 - (hide annotations) (download) (as text)
Mon Mar 17 16:06:58 2014 UTC (10 years ago) by yutakapon
Original Path: trunk/ttssh2/ttxssh/key.c
File MIME type: text/x-csrc
File size: 39489 byte(s) 
チケット #33263
Curve25519楕円曲線DH(Diffe Hellman)アルゴリズムを使った鍵交換をサポートした。

svn+ssh://svn.sourceforge.jp/svnroot/ttssh2/branches/ssh_ed25519
ブランチからマージ。

現時点でサポートしている機能は下記の通り。

 ・Key Generatorで ED25519 鍵の作成
 ・Key Generatorで RSA/DSA/ECDSA 秘密鍵ファイルに bcrypt KDF を選択可能。
 ・ED25519 による公開鍵認証ログイン
 ・RSA(bcrypt KDF) による公開鍵認証ログイン
 ・DSA(bcrypt KDF) による公開鍵認証ログイン
 ・ECDSA(bcrypt KDF) による公開鍵認証ログイン
 ・Host Keyに ssh-ed25519 のサポート
1 maya 4304 /*
2     Copyright (c) 2011, TeraTerm Project
3     All rights reserved.
4    
5     Redistribution and use in source and binary forms, with or without modification,
6     are permitted provided that the following conditions are met:
7    
8     Redistributions of source code must retain the above copyright notice, this list of
9     conditions and the following disclaimer.
10    
11     Redistributions in binary form must reproduce the above copyright notice, this list
12     of conditions and the following disclaimer in the documentation and/or other materials
13     provided with the distribution.
14    
15     The name of Robert O'Callahan may not be used to endorse or promote products derived from
16     this software without specific prior written permission.
17    
18     THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21     THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22     EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23     SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25     OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26     SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27     */
28    
29     #include "key.h"
30 maya 4321 #include "kex.h"
31 maya 4304
32     #include <openssl/rsa.h>
33     #include <openssl/dsa.h>
34 maya 4321 #include <openssl/ecdsa.h>
35 maya 4304
36     #define INTBLOB_LEN 20
37     #define SIGBLOB_LEN (2*INTBLOB_LEN)
38    
39     //////////////////////////////////////////////////////////////////////////////
40     //
41     // Key verify function
42     //
43     //////////////////////////////////////////////////////////////////////////////
44    
45     //
46     // DSS
47     //
48    
49     int ssh_dss_verify(DSA *key,
50     u_char *signature, u_int signaturelen,
51     u_char *data, u_int datalen)
52     {
53     DSA_SIG *sig;
54     const EVP_MD *evp_md = EVP_sha1();
55     EVP_MD_CTX md;
56     unsigned char digest[EVP_MAX_MD_SIZE], *sigblob;
57     unsigned int len, dlen;
58     int ret;
59     char *ptr;
60    
61     OpenSSL_add_all_digests();
62    
63     if (key == NULL) {
64     return -2;
65     }
66    
67     ptr = signature;
68    
69     // step1
70     if (signaturelen == 0x28) {
71     // workaround for SSH-2.0-2.0* and SSH-2.0-2.1* (2006.11.18 maya)
72     ptr -= 4;
73     }
74     else {
75     len = get_uint32_MSBfirst(ptr);
76     ptr += 4;
77     if (strncmp("ssh-dss", ptr, len) != 0) {
78     return -3;
79     }
80     ptr += len;
81     }
82    
83     // step2
84     len = get_uint32_MSBfirst(ptr);
85     ptr += 4;
86     sigblob = ptr;
87     ptr += len;
88    
89     if (len != SIGBLOB_LEN) {
90     return -4;
91     }
92    
93     /* parse signature */
94     if ((sig = DSA_SIG_new()) == NULL)
95     return -5;
96     if ((sig->r = BN_new()) == NULL)
97     return -6;
98     if ((sig->s = BN_new()) == NULL)
99     return -7;
100     BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);
101     BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
102    
103     /* sha1 the data */
104     EVP_DigestInit(&md, evp_md);
105     EVP_DigestUpdate(&md, data, datalen);
106     EVP_DigestFinal(&md, digest, &dlen);
107    
108     ret = DSA_do_verify(digest, dlen, sig, key);
109     memset(digest, 'd', sizeof(digest));
110    
111     DSA_SIG_free(sig);
112    
113     return ret;
114     }
115    
116    
117     //
118     // RSA
119     //
120    
121     /*
122     * See:
123     * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/
124     * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn
125     */
126     /*
127     * id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
128     * oiw(14) secsig(3) algorithms(2) 26 }
129     */
130     static const u_char id_sha1[] = {
131     0x30, 0x21, /* type Sequence, length 0x21 (33) */
132     0x30, 0x09, /* type Sequence, length 0x09 */
133     0x06, 0x05, /* type OID, length 0x05 */
134     0x2b, 0x0e, 0x03, 0x02, 0x1a, /* id-sha1 OID */
135     0x05, 0x00, /* NULL */
136     0x04, 0x14 /* Octet string, length 0x14 (20), followed by sha1 hash */
137     };
138     /*
139     * id-md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
140     * rsadsi(113549) digestAlgorithm(2) 5 }
141     */
142     static const u_char id_md5[] = {
143     0x30, 0x20, /* type Sequence, length 0x20 (32) */
144     0x30, 0x0c, /* type Sequence, length 0x09 */
145     0x06, 0x08, /* type OID, length 0x05 */
146     0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, /* id-md5 */
147     0x05, 0x00, /* NULL */
148     0x04, 0x10 /* Octet string, length 0x10 (16), followed by md5 hash */
149     };
150    
151     static int openssh_RSA_verify(int type, u_char *hash, u_int hashlen,
152     u_char *sigbuf, u_int siglen, RSA *rsa)
153     {
154     u_int ret, rsasize, oidlen = 0, hlen = 0;
155     int len;
156     const u_char *oid = NULL;
157     u_char *decrypted = NULL;
158    
159     ret = 0;
160     switch (type) {
161     case NID_sha1:
162     oid = id_sha1;
163     oidlen = sizeof(id_sha1);
164     hlen = 20;
165     break;
166     case NID_md5:
167     oid = id_md5;
168     oidlen = sizeof(id_md5);
169     hlen = 16;
170     break;
171     default:
172     goto done;
173     break;
174     }
175     if (hashlen != hlen) {
176     //error("bad hashlen");
177     goto done;
178     }
179     rsasize = RSA_size(rsa);
180     if (siglen == 0 || siglen > rsasize) {
181     //error("bad siglen");
182     goto done;
183     }
184     decrypted = malloc(rsasize);
185     if (decrypted == NULL)
186     return 1; // error
187    
188     if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa,
189     RSA_PKCS1_PADDING)) < 0) {
190     //error("RSA_public_decrypt failed: %s",
191     // ERR_error_string(ERR_get_error(), NULL));
192     goto done;
193     }
194     if (len != hlen + oidlen) {
195     //error("bad decrypted len: %d != %d + %d", len, hlen, oidlen);
196     goto done;
197     }
198     if (memcmp(decrypted, oid, oidlen) != 0) {
199     //error("oid mismatch");
200     goto done;
201     }
202     if (memcmp(decrypted + oidlen, hash, hlen) != 0) {
203     //error("hash mismatch");
204     goto done;
205     }
206     ret = 1;
207     done:
208     if (decrypted)
209     free(decrypted);
210     return ret;
211     }
212    
213     int ssh_rsa_verify(RSA *key,
214     u_char *signature, u_int signaturelen,
215     u_char *data, u_int datalen)
216     {
217     const EVP_MD *evp_md;
218     EVP_MD_CTX md;
219     // char *ktype;
220     u_char digest[EVP_MAX_MD_SIZE], *sigblob;
221     u_int len, dlen, modlen;
222     // int rlen, ret, nid;
223     int ret, nid;
224     char *ptr;
225    
226     OpenSSL_add_all_digests();
227    
228     if (key == NULL) {
229     return -2;
230     }
231     if (BN_num_bits(key->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
232     return -3;
233     }
234     //debug_print(41, signature, signaturelen);
235     ptr = signature;
236    
237     // step1
238     len = get_uint32_MSBfirst(ptr);
239     ptr += 4;
240     if (strncmp("ssh-rsa", ptr, len) != 0) {
241     return -4;
242     }
243     ptr += len;
244    
245     // step2
246     len = get_uint32_MSBfirst(ptr);
247     ptr += 4;
248     sigblob = ptr;
249     ptr += len;
250     #if 0
251     rlen = get_uint32_MSBfirst(ptr);
252     if (rlen != 0) {
253     return -1;
254     }
255     #endif
256    
257     /* RSA_verify expects a signature of RSA_size */
258     modlen = RSA_size(key);
259     if (len > modlen) {
260     return -5;
261    
262     } else if (len < modlen) {
263     u_int diff = modlen - len;
264     sigblob = realloc(sigblob, modlen);
265     memmove(sigblob + diff, sigblob, len);
266     memset(sigblob, 0, diff);
267     len = modlen;
268     }
269    
270     /* sha1 the data */
271     // nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1;
272     nid = NID_sha1;
273     if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
274     //error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid);
275     return -6;
276     }
277     EVP_DigestInit(&md, evp_md);
278     EVP_DigestUpdate(&md, data, datalen);
279     EVP_DigestFinal(&md, digest, &dlen);
280    
281     ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key);
282    
283     memset(digest, 'd', sizeof(digest));
284     memset(sigblob, 's', len);
285     //free(sigblob);
286     //debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
287    
288     return ret;
289     }
290    
291 maya 4378 int ssh_ecdsa_verify(EC_KEY *key, ssh_keytype keytype,
292 maya 4321 u_char *signature, u_int signaturelen,
293     u_char *data, u_int datalen)
294     {
295     ECDSA_SIG *sig;
296     const EVP_MD *evp_md;
297     EVP_MD_CTX md;
298     unsigned char digest[EVP_MAX_MD_SIZE], *sigblob;
299     unsigned int len, dlen;
300     int ret, nid = NID_undef;
301     char *ptr;
302    
303     OpenSSL_add_all_digests();
304    
305     if (key == NULL) {
306     return -2;
307     }
308    
309     ptr = signature;
310    
311     len = get_uint32_MSBfirst(ptr);
312     ptr += 4;
313 maya 4378 if (strncmp(get_ssh_keytype_name(keytype), ptr, len) != 0) {
314 maya 4321 return -3;
315     }
316     ptr += len;
317    
318     len = get_uint32_MSBfirst(ptr);
319     ptr += 4;
320     sigblob = ptr;
321     ptr += len;
322    
323     /* parse signature */
324     if ((sig = ECDSA_SIG_new()) == NULL)
325     return -4;
326     if ((sig->r = BN_new()) == NULL)
327     return -5;
328     if ((sig->s = BN_new()) == NULL)
329     return -6;
330    
331     buffer_get_bignum2(&sigblob, sig->r);
332     buffer_get_bignum2(&sigblob, sig->s);
333     if (sigblob != ptr) {
334     return -7;
335     }
336    
337     /* hash the data */
338 maya 4327 nid = keytype_to_hash_nid(keytype);
339 maya 4321 if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
340     return -8;
341     }
342     EVP_DigestInit(&md, evp_md);
343     EVP_DigestUpdate(&md, data, datalen);
344     EVP_DigestFinal(&md, digest, &dlen);
345    
346     ret = ECDSA_do_verify(digest, dlen, sig, key);
347     memset(digest, 'd', sizeof(digest));
348    
349     ECDSA_SIG_free(sig);
350    
351     return ret;
352     }
353    
354 yutakapon 5545 static int ssh_ed25519_verify(Key *key, unsigned char *signature, unsigned int signaturelen,
355     unsigned char *data, unsigned int datalen)
356     {
357     buffer_t *b;
358     char *ktype = NULL;
359     unsigned char *sigblob = NULL, *sm = NULL, *m = NULL;
360     unsigned int len;
361     unsigned long long smlen, mlen;
362     int rlen, ret;
363     char *bptr;
364    
365     ret = -1;
366     b = buffer_init();
367     if (b == NULL)
368     goto error;
369    
370     buffer_append(b, signature, signaturelen);
371     bptr = buffer_ptr(b);
372     ktype = buffer_get_string(&bptr, NULL);
373     if (strcmp("ssh-ed25519", ktype) != 0) {
374     goto error;
375     }
376     sigblob = buffer_get_string(&bptr, &len);
377     rlen = buffer_remain_len(b);
378     if (rlen != 0) {
379     goto error;
380     }
381     if (len > crypto_sign_ed25519_BYTES) {
382     goto error;
383     }
384    
385     smlen = len + datalen;
386     sm = malloc((size_t)smlen);
387     memcpy(sm, sigblob, len);
388     memcpy(sm+len, data, datalen);
389     mlen = smlen;
390     m = malloc((size_t)mlen);
391    
392     if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
393     key->ed25519_pk)) != 0) {
394     //debug2("%s: crypto_sign_ed25519_open failed: %d",
395     // __func__, ret);
396     }
397     if (ret == 0 && mlen != datalen) {
398     //debug2("%s: crypto_sign_ed25519_open "
399     // "mlen != datalen (%llu != %u)", __func__, mlen, datalen);
400     ret = -1;
401     }
402     /* XXX compare 'm' and 'data' ? */
403    
404     error:
405     buffer_free(b);
406     free(ktype);
407    
408     if (sigblob) {
409     memset(sigblob, 's', len);
410     free(sigblob);
411     }
412     if (sm) {
413     memset(sm, 'S', (size_t)smlen);
414     free(sm);
415     }
416     if (m) {
417     memset(m, 'm', (size_t)smlen); /* NB. mlen may be invalid if ret != 0 */
418     free(m);
419     }
420    
421     /* translate return code carefully */
422     return (ret == 0) ? 1 : -1;
423     }
424    
425 maya 4307 int key_verify(Key *key,
426 maya 4304 unsigned char *signature, unsigned int signaturelen,
427     unsigned char *data, unsigned int datalen)
428     {
429     int ret = 0;
430    
431 maya 4321 switch (key->type) {
432     case KEY_RSA:
433 maya 4307 ret = ssh_rsa_verify(key->rsa, signature, signaturelen, data, datalen);
434 maya 4321 break;
435     case KEY_DSA:
436 maya 4307 ret = ssh_dss_verify(key->dsa, signature, signaturelen, data, datalen);
437 maya 4321 break;
438     case KEY_ECDSA256:
439     case KEY_ECDSA384:
440     case KEY_ECDSA521:
441     ret = ssh_ecdsa_verify(key->ecdsa, key->type, signature, signaturelen, data, datalen);
442     break;
443 yutakapon 5545 case KEY_ED25519:
444     ret = ssh_ed25519_verify(key, signature, signaturelen, data, datalen);
445     break;
446 maya 4321 default:
447 maya 4304 return -1;
448     }
449    
450     return (ret); // success
451     }
452    
453     //
454     // RSA�\����������
455     //
456     RSA *duplicate_RSA(RSA *src)
457     {
458     RSA *rsa = NULL;
459    
460     rsa = RSA_new();
461     if (rsa == NULL)
462     goto error;
463     rsa->n = BN_new();
464     rsa->e = BN_new();
465     if (rsa->n == NULL || rsa->e == NULL) {
466     RSA_free(rsa);
467     goto error;
468     }
469    
470     // �[���R�s�[(deep copy)���s���B�����R�s�[(shallow copy)��NG�B
471     BN_copy(rsa->n, src->n);
472     BN_copy(rsa->e, src->e);
473    
474     error:
475     return (rsa);
476     }
477    
478    
479     //
480     // DSA�\����������
481     //
482     DSA *duplicate_DSA(DSA *src)
483     {
484     DSA *dsa = NULL;
485    
486     dsa = DSA_new();
487     if (dsa == NULL)
488     goto error;
489     dsa->p = BN_new();
490     dsa->q = BN_new();
491     dsa->g = BN_new();
492     dsa->pub_key = BN_new();
493     if (dsa->p == NULL ||
494     dsa->q == NULL ||
495     dsa->g == NULL ||
496     dsa->pub_key == NULL) {
497     DSA_free(dsa);
498     goto error;
499     }
500    
501     // �[���R�s�[(deep copy)���s���B�����R�s�[(shallow copy)��NG�B
502     BN_copy(dsa->p, src->p);
503     BN_copy(dsa->q, src->q);
504     BN_copy(dsa->g, src->g);
505     BN_copy(dsa->pub_key, src->pub_key);
506    
507     error:
508     return (dsa);
509     }
510    
511 yutakapon 5545 unsigned char *duplicate_ED25519_PK(unsigned char *src)
512     {
513     unsigned char *ptr = NULL;
514 maya 4304
515 yutakapon 5545 ptr = malloc(ED25519_PK_SZ);
516     if (ptr) {
517     memcpy(ptr, src, ED25519_PK_SZ);
518     }
519     return (ptr);
520     }
521    
522    
523 doda 4531 char* key_fingerprint_raw(Key *k, enum fp_type dgst_type, int *dgst_raw_length)
524 maya 4304 {
525     const EVP_MD *md = NULL;
526     EVP_MD_CTX ctx;
527     char *blob = NULL;
528     char *retval = NULL;
529     int len = 0;
530     int nlen, elen;
531     RSA *rsa;
532    
533     *dgst_raw_length = 0;
534    
535 doda 4531 switch (dgst_type) {
536     case SSH_FP_MD5:
537     md = EVP_md5();
538     break;
539     case SSH_FP_SHA1:
540     md = EVP_sha1();
541     break;
542 doda 4539 case SSH_FP_SHA256:
543     md = EVP_sha256();
544     break;
545 doda 4531 default:
546     md = EVP_md5();
547     }
548 maya 4304
549     switch (k->type) {
550     case KEY_RSA1:
551     rsa = make_key(NULL, k->bits, k->exp, k->mod);
552     nlen = BN_num_bytes(rsa->n);
553     elen = BN_num_bytes(rsa->e);
554     len = nlen + elen;
555     blob = malloc(len);
556     if (blob == NULL) {
557     // TODO:
558     }
559     BN_bn2bin(rsa->n, blob);
560     BN_bn2bin(rsa->e, blob + nlen);
561     RSA_free(rsa);
562     break;
563    
564     case KEY_DSA:
565     case KEY_RSA:
566 maya 4321 case KEY_ECDSA256:
567     case KEY_ECDSA384:
568     case KEY_ECDSA521:
569 yutakapon 5545 case KEY_ED25519:
570 maya 4304 key_to_blob(k, &blob, &len);
571     break;
572    
573     case KEY_UNSPEC:
574     return retval;
575     break;
576    
577     default:
578     //fatal("key_fingerprint_raw: bad key type %d", k->type);
579     break;
580     }
581    
582     if (blob != NULL) {
583     retval = malloc(EVP_MAX_MD_SIZE);
584     if (retval == NULL) {
585     // TODO:
586     }
587     EVP_DigestInit(&ctx, md);
588     EVP_DigestUpdate(&ctx, blob, len);
589     EVP_DigestFinal(&ctx, retval, dgst_raw_length);
590     memset(blob, 0, len);
591     free(blob);
592     } else {
593     //fatal("key_fingerprint_raw: blob is null");
594     }
595     return retval;
596     }
597    
598    
599     const char *
600 yutakapon 5042 ssh_key_type(const Key *k)
601 maya 4304 {
602     switch (k->type) {
603     case KEY_RSA1:
604     return "RSA1";
605     case KEY_RSA:
606     return "RSA";
607     case KEY_DSA:
608     return "DSA";
609 maya 4321 case KEY_ECDSA256:
610     case KEY_ECDSA384:
611     case KEY_ECDSA521:
612     return "ECDSA";
613 yutakapon 5545 case KEY_ED25519:
614     return "ED25519";
615 maya 4304 }
616     return "unknown";
617     }
618    
619     unsigned int
620     key_size(const Key *k)
621     {
622     switch (k->type) {
623     case KEY_RSA1:
624     // SSH1�������� key->rsa �� key->dsa �� NULL �����������A�g�������B
625     return k->bits;
626     case KEY_RSA:
627     return BN_num_bits(k->rsa->n);
628     case KEY_DSA:
629     return BN_num_bits(k->dsa->p);
630 maya 4321 case KEY_ECDSA256:
631     return 256;
632     case KEY_ECDSA384:
633     return 384;
634     case KEY_ECDSA521:
635     return 521;
636 yutakapon 5545 case KEY_ED25519:
637     return 256; /* XXX */
638 maya 4304 }
639     return 0;
640     }
641    
642     // based on OpenSSH 5.1
643     #define FLDBASE 8
644     #define FLDSIZE_Y (FLDBASE + 1)
645     #define FLDSIZE_X (FLDBASE * 2 + 1)
646     static char *
647     key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k)
648     {
649     /*
650     * Chars to be used after each other every time the worm
651     * intersects with itself. Matter of taste.
652     */
653     char *augmentation_string = " .o+=*BOX@%&#/^SE";
654     char *retval, *p;
655     unsigned char field[FLDSIZE_X][FLDSIZE_Y];
656     unsigned int i, b;
657     int x, y;
658     size_t len = strlen(augmentation_string) - 1;
659    
660     retval = calloc(1, (FLDSIZE_X + 3 + 1) * (FLDSIZE_Y + 2));
661    
662     /* initialize field */
663     memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char));
664     x = FLDSIZE_X / 2;
665     y = FLDSIZE_Y / 2;
666    
667     /* process raw key */
668     for (i = 0; i < dgst_raw_len; i++) {
669     int input;
670     /* each byte conveys four 2-bit move commands */
671     input = dgst_raw[i];
672     for (b = 0; b < 4; b++) {
673     /* evaluate 2 bit, rest is shifted later */
674     x += (input & 0x1) ? 1 : -1;
675     y += (input & 0x2) ? 1 : -1;
676    
677     /* assure we are still in bounds */
678     x = max(x, 0);
679     y = max(y, 0);
680     x = min(x, FLDSIZE_X - 1);
681     y = min(y, FLDSIZE_Y - 1);
682    
683     /* augment the field */
684     field[x][y]++;
685     input = input >> 2;
686     }
687     }
688    
689     /* mark starting point and end point*/
690     field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1;
691     field[x][y] = len;
692    
693     /* fill in retval */
694 yutakapon 5042 _snprintf_s(retval, FLDSIZE_X, _TRUNCATE, "+--[%4s %4u]", ssh_key_type(k), key_size(k));
695 maya 4304 p = strchr(retval, '\0');
696    
697     /* output upper border */
698     for (i = p - retval - 1; i < FLDSIZE_X; i++)
699     *p++ = '-';
700     *p++ = '+';
701     *p++ = '\r';
702     *p++ = '\n';
703    
704     /* output content */
705     for (y = 0; y < FLDSIZE_Y; y++) {
706     *p++ = '|';
707     for (x = 0; x < FLDSIZE_X; x++)
708     *p++ = augmentation_string[min(field[x][y], len)];
709     *p++ = '|';
710     *p++ = '\r';
711     *p++ = '\n';
712     }
713    
714     /* output lower border */
715     *p++ = '+';
716     for (i = 0; i < FLDSIZE_X; i++)
717     *p++ = '-';
718     *p++ = '+';
719    
720     return retval;
721     }
722     #undef FLDBASE
723     #undef FLDSIZE_Y
724     #undef FLDSIZE_X
725    
726     //
727     // fingerprint�i�w���F�z�X�g���J�����n�b�V���j����������
728     //
729     char *key_fingerprint(Key *key, enum fp_rep dgst_rep)
730     {
731     char *retval = NULL;
732     unsigned char *dgst_raw;
733     int dgst_raw_len;
734     int i, retval_len;
735    
736     // fingerprint���n�b�V���l�i�o�C�i���j��������
737 doda 4531 dgst_raw = key_fingerprint_raw(key, SSH_FP_MD5, &dgst_raw_len);
738 maya 4304
739     if (dgst_rep == SSH_FP_HEX) {
740     // 16�i�\�L����������
741     retval_len = dgst_raw_len * 3 + 1;
742     retval = malloc(retval_len);
743     retval[0] = '\0';
744     for (i = 0; i < dgst_raw_len; i++) {
745     char hex[4];
746     _snprintf_s(hex, sizeof(hex), _TRUNCATE, "%02x:", dgst_raw[i]);
747     strncat_s(retval, retval_len, hex, _TRUNCATE);
748     }
749    
750     /* Remove the trailing ':' character */
751     retval[(dgst_raw_len * 3) - 1] = '\0';
752    
753     } else if (dgst_rep == SSH_FP_RANDOMART) {
754     retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len, key);
755    
756     } else {
757    
758     }
759    
760     memset(dgst_raw, 0, dgst_raw_len);
761     free(dgst_raw);
762    
763     return (retval);
764     }
765    
766 yutakapon 5545 //
767     // �L�[�������������m��
768     //
769     static void key_add_private(Key *k)
770     {
771     switch (k->type) {
772     case KEY_RSA1:
773     case KEY_RSA:
774     k->rsa->d = BN_new();
775     k->rsa->iqmp = BN_new();
776     k->rsa->q = BN_new();
777     k->rsa->p = BN_new();
778     k->rsa->dmq1 = BN_new();
779     k->rsa->dmp1 = BN_new();
780     if (k->rsa->d == NULL || k->rsa->iqmp == NULL || k->rsa->q == NULL ||
781     k->rsa->p == NULL || k->rsa->dmq1 == NULL || k->rsa->dmp1 == NULL)
782     goto error;
783     break;
784 maya 4304
785 yutakapon 5545 case KEY_DSA:
786     k->dsa->priv_key = BN_new();
787     if (k->dsa->priv_key == NULL)
788     goto error;
789     break;
790    
791     case KEY_ECDSA256:
792     case KEY_ECDSA384:
793     case KEY_ECDSA521:
794     /* Cannot do anything until we know the group */
795     break;
796    
797     case KEY_ED25519:
798     /* no need to prealloc */
799     break;
800    
801     case KEY_UNSPEC:
802     break;
803    
804     default:
805     goto error;
806     break;
807     }
808     return;
809    
810     error:
811     if (k->rsa->d) {
812     BN_free(k->rsa->d);
813     k->rsa->d = NULL;
814     }
815     if (k->rsa->iqmp) {
816     BN_free(k->rsa->iqmp);
817     k->rsa->iqmp = NULL;
818     }
819     if (k->rsa->q) {
820     BN_free(k->rsa->q);
821     k->rsa->q = NULL;
822     }
823     if (k->rsa->p) {
824     BN_free(k->rsa->p);
825     k->rsa->p = NULL;
826     }
827     if (k->rsa->dmq1) {
828     BN_free(k->rsa->dmq1);
829     k->rsa->dmq1 = NULL;
830     }
831     if (k->rsa->dmp1) {
832     BN_free(k->rsa->dmp1);
833     k->rsa->dmp1 = NULL;
834     }
835    
836    
837     if (k->dsa->priv_key == NULL) {
838     BN_free(k->dsa->priv_key);
839     k->dsa->priv_key = NULL;
840     }
841    
842     }
843    
844     Key *key_new_private(int type)
845     {
846     Key *k = key_new(type);
847    
848     key_add_private(k);
849     return (k);
850     }
851    
852    
853     Key *key_new(int type)
854     {
855     int success = 0;
856     Key *k = NULL;
857     RSA *rsa;
858     DSA *dsa;
859    
860     k = calloc(1, sizeof(Key));
861     if (k == NULL)
862     goto error;
863     k->type = type;
864     k->ecdsa = NULL;
865     k->dsa = NULL;
866     k->rsa = NULL;
867     k->ed25519_pk = NULL;
868     k->ed25519_sk = NULL;
869    
870     switch (k->type) {
871     case KEY_RSA1:
872     case KEY_RSA:
873     rsa = RSA_new();
874     if (rsa == NULL)
875     goto error;
876     rsa->n = BN_new();
877     rsa->e = BN_new();
878     if (rsa->n == NULL || rsa->e == NULL)
879     goto error;
880     k->rsa = rsa;
881     break;
882    
883     case KEY_DSA:
884     dsa = DSA_new();
885     if (dsa == NULL)
886     goto error;
887     dsa->p = BN_new();
888     dsa->q = BN_new();
889     dsa->g = BN_new();
890     dsa->pub_key = BN_new();
891     if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL || dsa->pub_key == NULL)
892     goto error;
893     k->dsa = dsa;
894     break;
895    
896     case KEY_ECDSA256:
897     case KEY_ECDSA384:
898     case KEY_ECDSA521:
899     /* Cannot do anything until we know the group */
900     break;
901    
902     case KEY_ED25519:
903     /* no need to prealloc */
904     break;
905    
906     case KEY_UNSPEC:
907     break;
908    
909     default:
910     goto error;
911     break;
912     }
913     success = 1;
914    
915     error:
916     if (success == 0) {
917     key_free(k);
918     k = NULL;
919     }
920     return (k);
921     }
922    
923    
924 maya 4304 //
925     // �L�[����������������
926     //
927     void key_free(Key *key)
928     {
929 maya 4321 if (key == NULL) {
930     return;
931     }
932    
933 maya 4304 switch (key->type) {
934     case KEY_RSA1:
935     case KEY_RSA:
936     if (key->rsa != NULL)
937     RSA_free(key->rsa);
938     key->rsa = NULL;
939     break;
940    
941     case KEY_DSA:
942     if (key->dsa != NULL)
943     DSA_free(key->dsa);
944     key->dsa = NULL;
945     break;
946 maya 4321
947     case KEY_ECDSA256:
948     case KEY_ECDSA384:
949     case KEY_ECDSA521:
950     if (key->ecdsa != NULL)
951     EC_KEY_free(key->ecdsa);
952     key->ecdsa = NULL;
953     break;
954 yutakapon 5545
955     case KEY_ED25519:
956     if (key->ed25519_pk) {
957     memset(key->ed25519_pk, 0, ED25519_PK_SZ);
958     free(key->ed25519_pk);
959     key->ed25519_pk = NULL;
960     }
961     if (key->ed25519_sk) {
962     memset(key->ed25519_sk, 0, ED25519_SK_SZ);
963     free(key->ed25519_sk);
964     key->ed25519_sk = NULL;
965     }
966     break;
967 maya 4304 }
968     free(key);
969     }
970    
971     //
972     // �L�[���������������p����
973     //
974 maya 4321 char *get_sshname_from_key(Key *key)
975     {
976 maya 4378 return get_ssh_keytype_name(key->type);
977 maya 4321 }
978 maya 4304
979     //
980     // �L�[������������������������
981     //
982 maya 4378 ssh_keytype get_keytype_from_name(char *name)
983 maya 4304 {
984     if (strcmp(name, "rsa1") == 0) {
985     return KEY_RSA1;
986     } else if (strcmp(name, "rsa") == 0) {
987     return KEY_RSA;
988     } else if (strcmp(name, "dsa") == 0) {
989     return KEY_DSA;
990     } else if (strcmp(name, "ssh-rsa") == 0) {
991     return KEY_RSA;
992     } else if (strcmp(name, "ssh-dss") == 0) {
993     return KEY_DSA;
994 maya 4321 } else if (strcmp(name, "ecdsa-sha2-nistp256") == 0) {
995     return KEY_ECDSA256;
996     } else if (strcmp(name, "ecdsa-sha2-nistp384") == 0) {
997     return KEY_ECDSA384;
998     } else if (strcmp(name, "ecdsa-sha2-nistp521") == 0) {
999     return KEY_ECDSA521;
1000 yutakapon 5545 } else if (strcmp(name, "ssh-ed25519") == 0) {
1001     return KEY_ED25519;
1002 maya 4304 }
1003     return KEY_UNSPEC;
1004     }
1005    
1006    
1007 maya 4378 ssh_keytype key_curve_name_to_keytype(char *name)
1008 maya 4321 {
1009     if (strcmp(name, "nistp256") == 0) {
1010     return KEY_ECDSA256;
1011     } else if (strcmp(name, "nistp384") == 0) {
1012     return KEY_ECDSA384;
1013     } else if (strcmp(name, "nistp521") == 0) {
1014     return KEY_ECDSA521;
1015     }
1016     return KEY_UNSPEC;
1017     }
1018    
1019 maya 4378 char *curve_keytype_to_name(ssh_keytype type)
1020 maya 4321 {
1021     switch (type) {
1022     case KEY_ECDSA256:
1023     return "nistp256";
1024     break;
1025     case KEY_ECDSA384:
1026     return "nistp384";
1027     break;
1028     case KEY_ECDSA521:
1029     return "nistp521";
1030     break;
1031     }
1032     return NULL;
1033     }
1034    
1035 maya 4304 //
1036     // �L�[���������o�b�t�@���������� (for SSH2)
1037     // NOTE:
1038     //
1039     int key_to_blob(Key *key, char **blobp, int *lenp)
1040     {
1041     buffer_t *b;
1042 maya 4321 char *sshname, *tmp;
1043 maya 4304 int len;
1044     int ret = 1; // success
1045    
1046     b = buffer_init();
1047     sshname = get_sshname_from_key(key);
1048    
1049 maya 4321 switch (key->type) {
1050     case KEY_RSA:
1051 maya 4304 buffer_put_string(b, sshname, strlen(sshname));
1052     buffer_put_bignum2(b, key->rsa->e);
1053     buffer_put_bignum2(b, key->rsa->n);
1054 maya 4321 break;
1055     case KEY_DSA:
1056 maya 4304 buffer_put_string(b, sshname, strlen(sshname));
1057     buffer_put_bignum2(b, key->dsa->p);
1058     buffer_put_bignum2(b, key->dsa->q);
1059     buffer_put_bignum2(b, key->dsa->g);
1060     buffer_put_bignum2(b, key->dsa->pub_key);
1061 maya 4321 break;
1062     case KEY_ECDSA256:
1063     case KEY_ECDSA384:
1064     case KEY_ECDSA521:
1065     buffer_put_string(b, sshname, strlen(sshname));
1066     tmp = curve_keytype_to_name(key->type);
1067     buffer_put_string(b, tmp, strlen(tmp));
1068     buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa),
1069     EC_KEY_get0_public_key(key->ecdsa));
1070     break;
1071 yutakapon 5545 case KEY_ED25519:
1072     buffer_put_cstring(b, sshname);
1073     buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ);
1074     break;
1075 maya 4304
1076 maya 4321 default:
1077 maya 4304 ret = 0;
1078     goto error;
1079     }
1080    
1081     len = buffer_len(b);
1082     if (lenp != NULL)
1083     *lenp = len;
1084     if (blobp != NULL) {
1085     *blobp = malloc(len);
1086     if (*blobp == NULL) {
1087     ret = 0;
1088     goto error;
1089     }
1090     memcpy(*blobp, buffer_ptr(b), len);
1091     }
1092    
1093     error:
1094     buffer_free(b);
1095    
1096     return (ret);
1097     }
1098    
1099    
1100     //
1101     // �o�b�t�@�����L�[�����������o��(for SSH2)
1102     // NOTE: ���l���A���P�[�g���������������A�����o�������������������B
1103     //
1104     Key *key_from_blob(char *data, int blen)
1105     {
1106 yutakapon 5545 int keynamelen, len;
1107 maya 4304 char key[128];
1108     RSA *rsa = NULL;
1109     DSA *dsa = NULL;
1110 maya 4321 EC_KEY *ecdsa = NULL;
1111     EC_POINT *q = NULL;
1112     char *curve = NULL;
1113 maya 4304 Key *hostkey; // hostkey
1114 maya 4378 ssh_keytype type;
1115 yutakapon 5545 unsigned char *pk = NULL;
1116 maya 4304
1117     hostkey = malloc(sizeof(Key));
1118     if (hostkey == NULL)
1119     goto error;
1120    
1121     memset(hostkey, 0, sizeof(Key));
1122    
1123     keynamelen = get_uint32_MSBfirst(data);
1124     if (keynamelen >= sizeof(key)) {
1125     goto error;
1126     }
1127     data += 4;
1128     memcpy(key, data, keynamelen);
1129     key[keynamelen] = 0;
1130     data += keynamelen;
1131    
1132     type = get_keytype_from_name(key);
1133    
1134 maya 4321 switch (type) {
1135     case KEY_RSA: // RSA key
1136 maya 4304 rsa = RSA_new();
1137     if (rsa == NULL) {
1138     goto error;
1139     }
1140     rsa->n = BN_new();
1141     rsa->e = BN_new();
1142     if (rsa->n == NULL || rsa->e == NULL) {
1143     goto error;
1144     }
1145    
1146     buffer_get_bignum2(&data, rsa->e);
1147     buffer_get_bignum2(&data, rsa->n);
1148    
1149     hostkey->type = type;
1150     hostkey->rsa = rsa;
1151 maya 4321 break;
1152 maya 4304
1153 maya 4321 case KEY_DSA: // DSA key
1154 maya 4304 dsa = DSA_new();
1155     if (dsa == NULL) {
1156     goto error;
1157     }
1158     dsa->p = BN_new();
1159     dsa->q = BN_new();
1160     dsa->g = BN_new();
1161     dsa->pub_key = BN_new();
1162     if (dsa->p == NULL ||
1163     dsa->q == NULL ||
1164     dsa->g == NULL ||
1165     dsa->pub_key == NULL) {
1166     goto error;
1167     }
1168    
1169     buffer_get_bignum2(&data, dsa->p);
1170     buffer_get_bignum2(&data, dsa->q);
1171     buffer_get_bignum2(&data, dsa->g);
1172     buffer_get_bignum2(&data, dsa->pub_key);
1173    
1174     hostkey->type = type;
1175     hostkey->dsa = dsa;
1176 maya 4321 break;
1177 maya 4304
1178 maya 4321 case KEY_ECDSA256: // ECDSA
1179     case KEY_ECDSA384:
1180     case KEY_ECDSA521:
1181     curve = buffer_get_string(&data, NULL);
1182     if (type != key_curve_name_to_keytype(curve)) {
1183     goto error;
1184     }
1185    
1186 maya 4327 ecdsa = EC_KEY_new_by_curve_name(keytype_to_cipher_nid(type));
1187 maya 4321 if (ecdsa == NULL) {
1188     goto error;
1189     }
1190    
1191     q = EC_POINT_new(EC_KEY_get0_group(ecdsa));
1192     if (q == NULL) {
1193     goto error;
1194     }
1195    
1196     buffer_get_ecpoint(&data, EC_KEY_get0_group(ecdsa), q);
1197     if (key_ec_validate_public(EC_KEY_get0_group(ecdsa), q) == -1) {
1198     goto error;
1199     }
1200    
1201     if (EC_KEY_set_public_key(ecdsa, q) != 1) {
1202     goto error;
1203     }
1204    
1205     hostkey->type = type;
1206     hostkey->ecdsa = ecdsa;
1207     break;
1208    
1209 yutakapon 5545 case KEY_ED25519:
1210     pk = buffer_get_string(&data, &len);
1211     if (pk == NULL)
1212     goto error;
1213     if (len != ED25519_PK_SZ)
1214     goto error;
1215    
1216     hostkey->type = type;
1217     hostkey->ed25519_pk = pk;
1218     pk = NULL;
1219     break;
1220    
1221 maya 4321 default: // unknown key
1222 maya 4304 goto error;
1223     }
1224    
1225     return (hostkey);
1226    
1227     error:
1228     if (rsa != NULL)
1229     RSA_free(rsa);
1230     if (dsa != NULL)
1231     DSA_free(dsa);
1232 maya 4321 if (ecdsa != NULL)
1233     EC_KEY_free(ecdsa);
1234 maya 4304
1235 yutakapon 5545 free(hostkey);
1236    
1237 maya 4304 return NULL;
1238     }
1239    
1240    
1241 yutakapon 5545 static int ssh_ed25519_sign(Key *key, char **sigp, int *lenp, char *data, int datalen)
1242     {
1243     char *sig;
1244     int slen, len;
1245     unsigned long long smlen;
1246     int ret;
1247     buffer_t *b;
1248    
1249     smlen = slen = datalen + crypto_sign_ed25519_BYTES;
1250     sig = malloc(slen);
1251    
1252     if ((ret = crypto_sign_ed25519(sig, &smlen, data, datalen,
1253     key->ed25519_sk)) != 0 || smlen <= datalen) {
1254     //error("%s: crypto_sign_ed25519 failed: %d", __func__, ret);
1255     free(sig);
1256     return -1;
1257     }
1258     /* encode signature */
1259     b = buffer_init();
1260     buffer_put_cstring(b, "ssh-ed25519");
1261     buffer_put_string(b, sig, (int)(smlen - datalen));
1262     len = buffer_len(b);
1263     if (lenp != NULL)
1264     *lenp = len;
1265     if (sigp != NULL) {
1266     *sigp = malloc(len);
1267     memcpy(*sigp, buffer_ptr(b), len);
1268     }
1269     buffer_free(b);
1270     memset(sig, 's', slen);
1271     free(sig);
1272    
1273     return 0;
1274     }
1275    
1276    
1277 maya 4307 BOOL generate_SSH2_keysign(Key *keypair, char **sigptr, int *siglen, char *data, int datalen)
1278 maya 4304 {
1279     buffer_t *msg = NULL;
1280     char *s;
1281 yutakapon 5545 int ret;
1282 maya 4304
1283     msg = buffer_init();
1284     if (msg == NULL) {
1285     // TODO: error check
1286     return FALSE;
1287     }
1288    
1289 maya 4324 switch (keypair->type) {
1290     case KEY_RSA: // RSA
1291     {
1292 maya 4307 const EVP_MD *evp_md = EVP_sha1();
1293 maya 4304 EVP_MD_CTX md;
1294     u_char digest[EVP_MAX_MD_SIZE], *sig;
1295     u_int slen, dlen, len;
1296 maya 4307 int ok, nid = NID_sha1;
1297 maya 4304
1298     // �_�C�W�F�X�g�l���v�Z
1299     EVP_DigestInit(&md, evp_md);
1300     EVP_DigestUpdate(&md, data, datalen);
1301     EVP_DigestFinal(&md, digest, &dlen);
1302    
1303 maya 4307 slen = RSA_size(keypair->rsa);
1304 maya 4304 sig = malloc(slen);
1305     if (sig == NULL)
1306     goto error;
1307    
1308     // �d�q�������v�Z
1309 maya 4307 ok = RSA_sign(nid, digest, dlen, sig, &len, keypair->rsa);
1310 maya 4304 memset(digest, 'd', sizeof(digest));
1311     if (ok != 1) { // error
1312     free(sig);
1313     goto error;
1314     }
1315     // �������T�C�Y���o�b�t�@���������������A�������������B�������[�����������B
1316     if (len < slen) {
1317     u_int diff = slen - len;
1318     memmove(sig + diff, sig, len);
1319     memset(sig, 0, diff);
1320    
1321     } else if (len > slen) {
1322     free(sig);
1323     goto error;
1324    
1325     } else {
1326     // do nothing
1327    
1328     }
1329    
1330 maya 4307 s = get_sshname_from_key(keypair);
1331 maya 4304 buffer_put_string(msg, s, strlen(s));
1332     buffer_append_length(msg, sig, slen);
1333     len = buffer_len(msg);
1334    
1335     // setting
1336     *siglen = len;
1337     *sigptr = malloc(len);
1338     if (*sigptr == NULL) {
1339     free(sig);
1340     goto error;
1341     }
1342     memcpy(*sigptr, buffer_ptr(msg), len);
1343     free(sig);
1344 maya 4324
1345     break;
1346 maya 4307 }
1347 maya 4324 case KEY_DSA: // DSA
1348     {
1349 maya 4304 DSA_SIG *sig;
1350     const EVP_MD *evp_md = EVP_sha1();
1351     EVP_MD_CTX md;
1352     u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
1353     u_int rlen, slen, len, dlen;
1354    
1355     // �_�C�W�F�X�g���v�Z
1356     EVP_DigestInit(&md, evp_md);
1357     EVP_DigestUpdate(&md, data, datalen);
1358     EVP_DigestFinal(&md, digest, &dlen);
1359    
1360     // DSA�d�q�������v�Z
1361 maya 4307 sig = DSA_do_sign(digest, dlen, keypair->dsa);
1362 maya 4304 memset(digest, 'd', sizeof(digest));
1363     if (sig == NULL) {
1364     goto error;
1365     }
1366    
1367     // BIGNUM�����o�C�i���l��������
1368     rlen = BN_num_bytes(sig->r);
1369     slen = BN_num_bytes(sig->s);
1370     if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
1371     DSA_SIG_free(sig);
1372     goto error;
1373     }
1374     memset(sigblob, 0, SIGBLOB_LEN);
1375     BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
1376     BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
1377     DSA_SIG_free(sig);
1378    
1379     // setting
1380 maya 4307 s = get_sshname_from_key(keypair);
1381 maya 4304 buffer_put_string(msg, s, strlen(s));
1382     buffer_append_length(msg, sigblob, sizeof(sigblob));
1383     len = buffer_len(msg);
1384    
1385     // setting
1386     *siglen = len;
1387     *sigptr = malloc(len);
1388     if (*sigptr == NULL) {
1389     goto error;
1390     }
1391     memcpy(*sigptr, buffer_ptr(msg), len);
1392    
1393 maya 4324 break;
1394 maya 4304 }
1395 maya 4324 case KEY_ECDSA256: // ECDSA
1396     case KEY_ECDSA384:
1397     case KEY_ECDSA521:
1398     {
1399     ECDSA_SIG *sig;
1400     const EVP_MD *evp_md;
1401     EVP_MD_CTX md;
1402     u_char digest[EVP_MAX_MD_SIZE];
1403     u_int len, dlen, nid;
1404     buffer_t *buf2 = NULL;
1405    
1406 maya 4327 nid = keytype_to_hash_nid(keypair->type);
1407 maya 4324 if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
1408     goto error;
1409     }
1410     EVP_DigestInit(&md, evp_md);
1411     EVP_DigestUpdate(&md, data, datalen);
1412     EVP_DigestFinal(&md, digest, &dlen);
1413    
1414     sig = ECDSA_do_sign(digest, dlen, keypair->ecdsa);
1415     memset(digest, 'd', sizeof(digest));
1416    
1417     if (sig == NULL) {
1418     goto error;
1419     }
1420    
1421     buf2 = buffer_init();
1422     if (buf2 == NULL) {
1423     // TODO: error check
1424     goto error;
1425     }
1426     buffer_put_bignum2(buf2, sig->r);
1427     buffer_put_bignum2(buf2, sig->s);
1428     ECDSA_SIG_free(sig);
1429    
1430     s = get_sshname_from_key(keypair);
1431     buffer_put_string(msg, s, strlen(s));
1432     buffer_put_string(msg, buffer_ptr(buf2), buffer_len(buf2));
1433     buffer_free(buf2);
1434     len = buffer_len(msg);
1435    
1436     *siglen = len;
1437     *sigptr = malloc(len);
1438     if (*sigptr == NULL) {
1439     goto error;
1440     }
1441     memcpy(*sigptr, buffer_ptr(msg), len);
1442    
1443     break;
1444     }
1445 yutakapon 5545
1446     case KEY_ED25519:
1447     ret = ssh_ed25519_sign(keypair, sigptr, siglen, data, datalen);
1448     if (ret != 0)
1449     goto error;
1450     break;
1451    
1452 maya 4324 default:
1453 maya 4307 buffer_free(msg);
1454     return FALSE;
1455 maya 4324 break;
1456 maya 4307 }
1457 maya 4304
1458     buffer_free(msg);
1459     return TRUE;
1460    
1461     error:
1462     buffer_free(msg);
1463    
1464     return FALSE;
1465     }
1466    
1467    
1468     BOOL get_SSH2_publickey_blob(PTInstVar pvar, buffer_t **blobptr, int *bloblen)
1469     {
1470     buffer_t *msg = NULL;
1471 maya 4307 Key *keypair;
1472 maya 4324 char *s, *tmp;
1473 maya 4304
1474     msg = buffer_init();
1475     if (msg == NULL) {
1476     // TODO: error check
1477     return FALSE;
1478     }
1479    
1480     keypair = pvar->auth_state.cur_cred.key_pair;
1481    
1482 maya 4324 switch (keypair->type) {
1483     case KEY_RSA: // RSA
1484 maya 4307 s = get_sshname_from_key(keypair);
1485 maya 4304 buffer_put_string(msg, s, strlen(s));
1486 maya 4307 buffer_put_bignum2(msg, keypair->rsa->e); // ���J�w��
1487     buffer_put_bignum2(msg, keypair->rsa->n); // p�~q
1488 maya 4324 break;
1489     case KEY_DSA: // DSA
1490 maya 4307 s = get_sshname_from_key(keypair);
1491 maya 4304 buffer_put_string(msg, s, strlen(s));
1492 maya 4307 buffer_put_bignum2(msg, keypair->dsa->p); // �f��
1493     buffer_put_bignum2(msg, keypair->dsa->q); // (p-1)���f����
1494     buffer_put_bignum2(msg, keypair->dsa->g); // ����
1495     buffer_put_bignum2(msg, keypair->dsa->pub_key); // ���J��
1496 maya 4324 break;
1497     case KEY_ECDSA256: // ECDSA
1498     case KEY_ECDSA384:
1499     case KEY_ECDSA521:
1500     s = get_sshname_from_key(keypair);
1501     buffer_put_string(msg, s, strlen(s));
1502     tmp = curve_keytype_to_name(keypair->type);
1503     buffer_put_string(msg, tmp, strlen(tmp));
1504     buffer_put_ecpoint(msg, EC_KEY_get0_group(keypair->ecdsa),
1505     EC_KEY_get0_public_key(keypair->ecdsa));
1506     break;
1507 yutakapon 5545 case KEY_ED25519:
1508     s = get_sshname_from_key(keypair);
1509     buffer_put_cstring(msg, s);
1510     buffer_put_string(msg, keypair->ed25519_pk, ED25519_PK_SZ);
1511     break;
1512 maya 4324 default:
1513 maya 4307 return FALSE;
1514     }
1515    
1516 maya 4304 *blobptr = msg;
1517     *bloblen = buffer_len(msg);
1518    
1519     return TRUE;
1520     }
1521 maya 4327
1522 maya 4378 int kextype_to_cipher_nid(kex_algorithm type)
1523 maya 4327 {
1524     switch (type) {
1525     case KEX_ECDH_SHA2_256:
1526     return NID_X9_62_prime256v1;
1527     case KEX_ECDH_SHA2_384:
1528     return NID_secp384r1;
1529     case KEX_ECDH_SHA2_521:
1530     return NID_secp521r1;
1531     }
1532     return NID_undef;
1533     }
1534    
1535 maya 4378 int keytype_to_hash_nid(ssh_keytype type)
1536 maya 4327 {
1537     switch (type) {
1538     case KEY_ECDSA256:
1539     return NID_sha256;
1540     case KEY_ECDSA384:
1541     return NID_sha384;
1542     case KEY_ECDSA521:
1543     return NID_sha512;
1544     }
1545     return NID_undef;
1546     }
1547    
1548 maya 4378 int keytype_to_cipher_nid(ssh_keytype type)
1549 maya 4327 {
1550     switch (type) {
1551     case KEY_ECDSA256:
1552     return NID_X9_62_prime256v1;
1553     case KEY_ECDSA384:
1554     return NID_secp384r1;
1555     case KEY_ECDSA521:
1556     return NID_secp521r1;
1557     }
1558     return NID_undef;
1559     }
1560    
1561 maya 4378 ssh_keytype nid_to_keytype(int nid)
1562 maya 4327 {
1563     switch (nid) {
1564     case NID_X9_62_prime256v1:
1565     return KEY_ECDSA256;
1566     case NID_secp384r1:
1567     return KEY_ECDSA384;
1568     case NID_secp521r1:
1569     return KEY_ECDSA521;
1570     }
1571     return KEY_UNSPEC;
1572     }
1573 yutakapon 5545
1574     void key_private_serialize(Key *key, buffer_t *b)
1575     {
1576     char *s;
1577    
1578     s = get_sshname_from_key(key);
1579     buffer_put_cstring(b, s);
1580    
1581     switch (key->type) {
1582     case KEY_RSA:
1583     buffer_put_bignum2(b, key->rsa->n);
1584     buffer_put_bignum2(b, key->rsa->e);
1585     buffer_put_bignum2(b, key->rsa->d);
1586     buffer_put_bignum2(b, key->rsa->iqmp);
1587     buffer_put_bignum2(b, key->rsa->p);
1588     buffer_put_bignum2(b, key->rsa->q);
1589     break;
1590    
1591     case KEY_DSA:
1592     buffer_put_bignum2(b, key->dsa->p);
1593     buffer_put_bignum2(b, key->dsa->q);
1594     buffer_put_bignum2(b, key->dsa->g);
1595     buffer_put_bignum2(b, key->dsa->pub_key);
1596     buffer_put_bignum2(b, key->dsa->priv_key);
1597     break;
1598    
1599     case KEY_ECDSA256:
1600     case KEY_ECDSA384:
1601     case KEY_ECDSA521:
1602     buffer_put_cstring(b, curve_keytype_to_name(key->type));
1603     buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa),
1604     EC_KEY_get0_public_key(key->ecdsa));
1605     buffer_put_bignum2(b, (BIGNUM *)EC_KEY_get0_private_key(key->ecdsa));
1606     break;
1607    
1608     case KEY_ED25519:
1609     buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ);
1610     buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ);
1611     break;
1612    
1613     default:
1614     break;
1615     }
1616     }
1617    
1618     /* calculate p-1 and q-1 */
1619     static void rsa_generate_additional_parameters(RSA *rsa)
1620     {
1621     BIGNUM *aux = NULL;
1622     BN_CTX *ctx = NULL;
1623    
1624     if ((aux = BN_new()) == NULL)
1625     goto error;
1626     if ((ctx = BN_CTX_new()) == NULL)
1627     goto error;
1628    
1629     if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
1630     (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
1631     (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
1632     (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0))
1633     goto error;
1634    
1635     error:
1636     if (aux)
1637     BN_clear_free(aux);
1638     if (ctx)
1639     BN_CTX_free(ctx);
1640     }
1641    
1642     static int key_ec_validate_private(EC_KEY *key)
1643     {
1644     BN_CTX *bnctx = NULL;
1645     BIGNUM *order, *tmp;
1646     int ret = -1;
1647    
1648     if ((bnctx = BN_CTX_new()) == NULL)
1649     goto out;
1650     BN_CTX_start(bnctx);
1651    
1652     if ((order = BN_CTX_get(bnctx)) == NULL ||
1653     (tmp = BN_CTX_get(bnctx)) == NULL)
1654     goto out;
1655    
1656     /* log2(private) > log2(order)/2 */
1657     if (EC_GROUP_get_order(EC_KEY_get0_group(key), order, bnctx) != 1)
1658     goto out;
1659     if (BN_num_bits(EC_KEY_get0_private_key(key)) <=
1660     BN_num_bits(order) / 2) {
1661     goto out;
1662     }
1663    
1664     /* private < order - 1 */
1665     if (!BN_sub(tmp, order, BN_value_one()))
1666     goto out;
1667     if (BN_cmp(EC_KEY_get0_private_key(key), tmp) >= 0) {
1668     goto out;
1669     }
1670     ret = 0;
1671    
1672     out:
1673     if (bnctx)
1674     BN_CTX_free(bnctx);
1675     return ret;
1676     }
1677    
1678     Key *key_private_deserialize(buffer_t *blob)
1679     {
1680     int success = 0;
1681     char *type_name = NULL;
1682     Key *k = NULL;
1683     unsigned int pklen, sklen;
1684     int type;
1685    
1686     type_name = buffer_get_string_msg(blob, NULL);
1687     if (type_name == NULL)
1688     goto error;
1689     type = get_keytype_from_name(type_name);
1690    
1691     k = key_new_private(type);
1692    
1693     switch (type) {
1694     case KEY_RSA:
1695     buffer_get_bignum2_msg(blob, k->rsa->n);
1696     buffer_get_bignum2_msg(blob, k->rsa->e);
1697     buffer_get_bignum2_msg(blob, k->rsa->d);
1698     buffer_get_bignum2_msg(blob, k->rsa->iqmp);
1699     buffer_get_bignum2_msg(blob, k->rsa->p);
1700     buffer_get_bignum2_msg(blob, k->rsa->q);
1701    
1702     /* Generate additional parameters */
1703     rsa_generate_additional_parameters(k->rsa);
1704     break;
1705    
1706     case KEY_DSA:
1707     buffer_get_bignum2_msg(blob, k->dsa->p);
1708     buffer_get_bignum2_msg(blob, k->dsa->q);
1709     buffer_get_bignum2_msg(blob, k->dsa->g);
1710     buffer_get_bignum2_msg(blob, k->dsa->pub_key);
1711     buffer_get_bignum2_msg(blob, k->dsa->priv_key);
1712     break;
1713    
1714     case KEY_ECDSA256:
1715     case KEY_ECDSA384:
1716     case KEY_ECDSA521:
1717     {
1718     int success = 0;
1719     unsigned int nid;
1720     char *curve = NULL;
1721     ssh_keytype skt;
1722     BIGNUM *exponent = NULL;
1723     EC_POINT *q = NULL;
1724    
1725     nid = keytype_to_cipher_nid(type);
1726     curve = buffer_get_string_msg(blob, NULL);
1727     skt = key_curve_name_to_keytype(curve);
1728     if (nid != keytype_to_cipher_nid(skt))
1729     goto ecdsa_error;
1730    
1731     k->ecdsa = EC_KEY_new_by_curve_name(nid);
1732     if (k->ecdsa == NULL)
1733     goto ecdsa_error;
1734    
1735     q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa));
1736     if (q == NULL)
1737     goto ecdsa_error;
1738    
1739     if ((exponent = BN_new()) == NULL)
1740     goto ecdsa_error;
1741     buffer_get_ecpoint_msg(blob,
1742     EC_KEY_get0_group(k->ecdsa), q);
1743     buffer_get_bignum2_msg(blob, exponent);
1744     if (EC_KEY_set_public_key(k->ecdsa, q) != 1)
1745     goto ecdsa_error;
1746     if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
1747     goto ecdsa_error;
1748     if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
1749     EC_KEY_get0_public_key(k->ecdsa)) != 0)
1750     goto ecdsa_error;
1751     if (key_ec_validate_private(k->ecdsa) != 0)
1752     goto ecdsa_error;
1753    
1754     success = 1;
1755    
1756     ecdsa_error:
1757     free(curve);
1758     if (exponent)
1759     BN_clear_free(exponent);
1760     if (q)
1761     EC_POINT_free(q);
1762     if (success == 0)
1763     goto error;
1764     }
1765     break;
1766    
1767     case KEY_ED25519:
1768     k->ed25519_pk = buffer_get_string_msg(blob, &pklen);
1769     k->ed25519_sk = buffer_get_string_msg(blob, &sklen);
1770     if (pklen != ED25519_PK_SZ)
1771     goto error;
1772     if (sklen != ED25519_SK_SZ)
1773     goto error;
1774     break;
1775    
1776     default:
1777     goto error;
1778     break;
1779     }
1780    
1781     /* enable blinding */
1782     switch (k->type) {
1783     case KEY_RSA1:
1784     case KEY_RSA:
1785     if (RSA_blinding_on(k->rsa, NULL) != 1)
1786     goto error;
1787     break;
1788     }
1789    
1790     success = 1;
1791    
1792     error:
1793     free(type_name);
1794    
1795     if (success == 0) {
1796     key_free(k);
1797     k = NULL;
1798     }
1799    
1800     return (k);
1801     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help