Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/key.c

Annotation of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/key.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 5846 - (hide annotations) (download) (as text)
Sun May 3 16:46:29 2015 UTC (8 years, 11 months ago) by yutakapon
Original Path: trunk/ttssh2/ttxssh/key.c
File MIME type: text/x-csrc
File size: 44149 byte(s) 
チケット #35047 SSH サーバホスト公開鍵の自動更新

known_hosts ファイルを検索する関数(host key rotation用)を追加した。
1 maya 4304 /*
2     Copyright (c) 2011, TeraTerm Project
3     All rights reserved.
4    
5     Redistribution and use in source and binary forms, with or without modification,
6     are permitted provided that the following conditions are met:
7    
8     Redistributions of source code must retain the above copyright notice, this list of
9     conditions and the following disclaimer.
10    
11     Redistributions in binary form must reproduce the above copyright notice, this list
12     of conditions and the following disclaimer in the documentation and/or other materials
13     provided with the distribution.
14    
15     The name of Robert O'Callahan may not be used to endorse or promote products derived from
16     this software without specific prior written permission.
17    
18     THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20     OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21     THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22     EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23     SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25     OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26     SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27     */
28    
29     #include "key.h"
30 maya 4321 #include "kex.h"
31 maya 4304
32     #include <openssl/rsa.h>
33     #include <openssl/dsa.h>
34 maya 4321 #include <openssl/ecdsa.h>
35 maya 4304
36     #define INTBLOB_LEN 20
37     #define SIGBLOB_LEN (2*INTBLOB_LEN)
38    
39 yutakapon 5838
40     struct hostkeys_update_ctx {
41     /* The hostname and (optionally) IP address string for the server */
42     char *host_str, *ip_str;
43    
44     /*
45     * Keys received from the server and a flag for each indicating
46     * whether they already exist in known_hosts.
47     * keys_seen is filled in by hostkeys_find() and later (for new
48     * keys) by client_global_hostkeys_private_confirm().
49     */
50     Key **keys;
51     int *keys_seen;
52     size_t nkeys;
53    
54     size_t nnew;
55    
56     /*
57     * Keys that are in known_hosts, but were not present in the update
58     * from the server (i.e. scheduled to be deleted).
59     * Filled in by hostkeys_find().
60     */
61     Key **old_keys;
62     size_t nold;
63     };
64    
65    
66 maya 4304 //////////////////////////////////////////////////////////////////////////////
67     //
68     // Key verify function
69     //
70     //////////////////////////////////////////////////////////////////////////////
71    
72     //
73     // DSS
74     //
75    
76     int ssh_dss_verify(DSA *key,
77     u_char *signature, u_int signaturelen,
78     u_char *data, u_int datalen)
79     {
80     DSA_SIG *sig;
81     const EVP_MD *evp_md = EVP_sha1();
82     EVP_MD_CTX md;
83     unsigned char digest[EVP_MAX_MD_SIZE], *sigblob;
84     unsigned int len, dlen;
85     int ret;
86     char *ptr;
87    
88     OpenSSL_add_all_digests();
89    
90     if (key == NULL) {
91     return -2;
92     }
93    
94     ptr = signature;
95    
96     // step1
97     if (signaturelen == 0x28) {
98     // workaround for SSH-2.0-2.0* and SSH-2.0-2.1* (2006.11.18 maya)
99     ptr -= 4;
100     }
101     else {
102     len = get_uint32_MSBfirst(ptr);
103     ptr += 4;
104     if (strncmp("ssh-dss", ptr, len) != 0) {
105     return -3;
106     }
107     ptr += len;
108     }
109    
110     // step2
111     len = get_uint32_MSBfirst(ptr);
112     ptr += 4;
113     sigblob = ptr;
114     ptr += len;
115    
116     if (len != SIGBLOB_LEN) {
117     return -4;
118     }
119    
120     /* parse signature */
121     if ((sig = DSA_SIG_new()) == NULL)
122     return -5;
123     if ((sig->r = BN_new()) == NULL)
124     return -6;
125     if ((sig->s = BN_new()) == NULL)
126     return -7;
127     BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);
128     BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
129    
130     /* sha1 the data */
131     EVP_DigestInit(&md, evp_md);
132     EVP_DigestUpdate(&md, data, datalen);
133     EVP_DigestFinal(&md, digest, &dlen);
134    
135     ret = DSA_do_verify(digest, dlen, sig, key);
136     memset(digest, 'd', sizeof(digest));
137    
138     DSA_SIG_free(sig);
139    
140     return ret;
141     }
142    
143    
144     //
145     // RSA
146     //
147    
148     /*
149     * See:
150     * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/
151     * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn
152     */
153     /*
154     * id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
155     * oiw(14) secsig(3) algorithms(2) 26 }
156     */
157     static const u_char id_sha1[] = {
158     0x30, 0x21, /* type Sequence, length 0x21 (33) */
159     0x30, 0x09, /* type Sequence, length 0x09 */
160     0x06, 0x05, /* type OID, length 0x05 */
161     0x2b, 0x0e, 0x03, 0x02, 0x1a, /* id-sha1 OID */
162     0x05, 0x00, /* NULL */
163     0x04, 0x14 /* Octet string, length 0x14 (20), followed by sha1 hash */
164     };
165     /*
166     * id-md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
167     * rsadsi(113549) digestAlgorithm(2) 5 }
168     */
169     static const u_char id_md5[] = {
170     0x30, 0x20, /* type Sequence, length 0x20 (32) */
171     0x30, 0x0c, /* type Sequence, length 0x09 */
172     0x06, 0x08, /* type OID, length 0x05 */
173     0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, /* id-md5 */
174     0x05, 0x00, /* NULL */
175     0x04, 0x10 /* Octet string, length 0x10 (16), followed by md5 hash */
176     };
177    
178     static int openssh_RSA_verify(int type, u_char *hash, u_int hashlen,
179     u_char *sigbuf, u_int siglen, RSA *rsa)
180     {
181     u_int ret, rsasize, oidlen = 0, hlen = 0;
182     int len;
183     const u_char *oid = NULL;
184     u_char *decrypted = NULL;
185    
186     ret = 0;
187     switch (type) {
188     case NID_sha1:
189     oid = id_sha1;
190     oidlen = sizeof(id_sha1);
191     hlen = 20;
192     break;
193     case NID_md5:
194     oid = id_md5;
195     oidlen = sizeof(id_md5);
196     hlen = 16;
197     break;
198     default:
199     goto done;
200     break;
201     }
202     if (hashlen != hlen) {
203     //error("bad hashlen");
204     goto done;
205     }
206     rsasize = RSA_size(rsa);
207     if (siglen == 0 || siglen > rsasize) {
208     //error("bad siglen");
209     goto done;
210     }
211     decrypted = malloc(rsasize);
212     if (decrypted == NULL)
213     return 1; // error
214    
215     if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa,
216     RSA_PKCS1_PADDING)) < 0) {
217     //error("RSA_public_decrypt failed: %s",
218     // ERR_error_string(ERR_get_error(), NULL));
219     goto done;
220     }
221     if (len != hlen + oidlen) {
222     //error("bad decrypted len: %d != %d + %d", len, hlen, oidlen);
223     goto done;
224     }
225     if (memcmp(decrypted, oid, oidlen) != 0) {
226     //error("oid mismatch");
227     goto done;
228     }
229     if (memcmp(decrypted + oidlen, hash, hlen) != 0) {
230     //error("hash mismatch");
231     goto done;
232     }
233     ret = 1;
234     done:
235     if (decrypted)
236     free(decrypted);
237     return ret;
238     }
239    
240     int ssh_rsa_verify(RSA *key,
241     u_char *signature, u_int signaturelen,
242     u_char *data, u_int datalen)
243     {
244     const EVP_MD *evp_md;
245     EVP_MD_CTX md;
246     // char *ktype;
247     u_char digest[EVP_MAX_MD_SIZE], *sigblob;
248     u_int len, dlen, modlen;
249     // int rlen, ret, nid;
250     int ret, nid;
251     char *ptr;
252    
253     OpenSSL_add_all_digests();
254    
255     if (key == NULL) {
256     return -2;
257     }
258     if (BN_num_bits(key->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
259     return -3;
260     }
261     //debug_print(41, signature, signaturelen);
262     ptr = signature;
263    
264     // step1
265     len = get_uint32_MSBfirst(ptr);
266     ptr += 4;
267     if (strncmp("ssh-rsa", ptr, len) != 0) {
268     return -4;
269     }
270     ptr += len;
271    
272     // step2
273     len = get_uint32_MSBfirst(ptr);
274     ptr += 4;
275     sigblob = ptr;
276     ptr += len;
277     #if 0
278     rlen = get_uint32_MSBfirst(ptr);
279     if (rlen != 0) {
280     return -1;
281     }
282     #endif
283    
284     /* RSA_verify expects a signature of RSA_size */
285     modlen = RSA_size(key);
286     if (len > modlen) {
287     return -5;
288    
289     } else if (len < modlen) {
290     u_int diff = modlen - len;
291     sigblob = realloc(sigblob, modlen);
292     memmove(sigblob + diff, sigblob, len);
293     memset(sigblob, 0, diff);
294     len = modlen;
295     }
296    
297     /* sha1 the data */
298     // nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1;
299     nid = NID_sha1;
300     if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
301     //error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid);
302     return -6;
303     }
304     EVP_DigestInit(&md, evp_md);
305     EVP_DigestUpdate(&md, data, datalen);
306     EVP_DigestFinal(&md, digest, &dlen);
307    
308     ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key);
309    
310     memset(digest, 'd', sizeof(digest));
311     memset(sigblob, 's', len);
312     //free(sigblob);
313     //debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
314    
315     return ret;
316     }
317    
318 maya 4378 int ssh_ecdsa_verify(EC_KEY *key, ssh_keytype keytype,
319 maya 4321 u_char *signature, u_int signaturelen,
320     u_char *data, u_int datalen)
321     {
322     ECDSA_SIG *sig;
323     const EVP_MD *evp_md;
324     EVP_MD_CTX md;
325     unsigned char digest[EVP_MAX_MD_SIZE], *sigblob;
326     unsigned int len, dlen;
327     int ret, nid = NID_undef;
328     char *ptr;
329    
330     OpenSSL_add_all_digests();
331    
332     if (key == NULL) {
333     return -2;
334     }
335    
336     ptr = signature;
337    
338     len = get_uint32_MSBfirst(ptr);
339     ptr += 4;
340 maya 4378 if (strncmp(get_ssh_keytype_name(keytype), ptr, len) != 0) {
341 maya 4321 return -3;
342     }
343     ptr += len;
344    
345     len = get_uint32_MSBfirst(ptr);
346     ptr += 4;
347     sigblob = ptr;
348     ptr += len;
349    
350     /* parse signature */
351     if ((sig = ECDSA_SIG_new()) == NULL)
352     return -4;
353     if ((sig->r = BN_new()) == NULL)
354     return -5;
355     if ((sig->s = BN_new()) == NULL)
356     return -6;
357    
358     buffer_get_bignum2(&sigblob, sig->r);
359     buffer_get_bignum2(&sigblob, sig->s);
360     if (sigblob != ptr) {
361     return -7;
362     }
363    
364     /* hash the data */
365 maya 4327 nid = keytype_to_hash_nid(keytype);
366 maya 4321 if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
367     return -8;
368     }
369     EVP_DigestInit(&md, evp_md);
370     EVP_DigestUpdate(&md, data, datalen);
371     EVP_DigestFinal(&md, digest, &dlen);
372    
373     ret = ECDSA_do_verify(digest, dlen, sig, key);
374     memset(digest, 'd', sizeof(digest));
375    
376     ECDSA_SIG_free(sig);
377    
378     return ret;
379     }
380    
381 yutakapon 5545 static int ssh_ed25519_verify(Key *key, unsigned char *signature, unsigned int signaturelen,
382     unsigned char *data, unsigned int datalen)
383     {
384     buffer_t *b;
385     char *ktype = NULL;
386     unsigned char *sigblob = NULL, *sm = NULL, *m = NULL;
387     unsigned int len;
388     unsigned long long smlen, mlen;
389     int rlen, ret;
390     char *bptr;
391    
392     ret = -1;
393     b = buffer_init();
394     if (b == NULL)
395     goto error;
396    
397     buffer_append(b, signature, signaturelen);
398     bptr = buffer_ptr(b);
399     ktype = buffer_get_string(&bptr, NULL);
400     if (strcmp("ssh-ed25519", ktype) != 0) {
401     goto error;
402     }
403     sigblob = buffer_get_string(&bptr, &len);
404     rlen = buffer_remain_len(b);
405     if (rlen != 0) {
406     goto error;
407     }
408     if (len > crypto_sign_ed25519_BYTES) {
409     goto error;
410     }
411    
412     smlen = len + datalen;
413     sm = malloc((size_t)smlen);
414     memcpy(sm, sigblob, len);
415     memcpy(sm+len, data, datalen);
416     mlen = smlen;
417     m = malloc((size_t)mlen);
418    
419     if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
420     key->ed25519_pk)) != 0) {
421     //debug2("%s: crypto_sign_ed25519_open failed: %d",
422     // __func__, ret);
423     }
424     if (ret == 0 && mlen != datalen) {
425     //debug2("%s: crypto_sign_ed25519_open "
426     // "mlen != datalen (%llu != %u)", __func__, mlen, datalen);
427     ret = -1;
428     }
429     /* XXX compare 'm' and 'data' ? */
430    
431     error:
432     buffer_free(b);
433     free(ktype);
434    
435     if (sigblob) {
436     memset(sigblob, 's', len);
437     free(sigblob);
438     }
439     if (sm) {
440     memset(sm, 'S', (size_t)smlen);
441     free(sm);
442     }
443     if (m) {
444     memset(m, 'm', (size_t)smlen); /* NB. mlen may be invalid if ret != 0 */
445     free(m);
446     }
447    
448     /* translate return code carefully */
449     return (ret == 0) ? 1 : -1;
450     }
451    
452 maya 4307 int key_verify(Key *key,
453 maya 4304 unsigned char *signature, unsigned int signaturelen,
454     unsigned char *data, unsigned int datalen)
455     {
456     int ret = 0;
457    
458 maya 4321 switch (key->type) {
459     case KEY_RSA:
460 maya 4307 ret = ssh_rsa_verify(key->rsa, signature, signaturelen, data, datalen);
461 maya 4321 break;
462     case KEY_DSA:
463 maya 4307 ret = ssh_dss_verify(key->dsa, signature, signaturelen, data, datalen);
464 maya 4321 break;
465     case KEY_ECDSA256:
466     case KEY_ECDSA384:
467     case KEY_ECDSA521:
468     ret = ssh_ecdsa_verify(key->ecdsa, key->type, signature, signaturelen, data, datalen);
469     break;
470 yutakapon 5545 case KEY_ED25519:
471     ret = ssh_ed25519_verify(key, signature, signaturelen, data, datalen);
472     break;
473 maya 4321 default:
474 maya 4304 return -1;
475     }
476    
477     return (ret); // success
478     }
479    
480     //
481     // RSA�\����������
482     //
483     RSA *duplicate_RSA(RSA *src)
484     {
485     RSA *rsa = NULL;
486    
487     rsa = RSA_new();
488     if (rsa == NULL)
489     goto error;
490     rsa->n = BN_new();
491     rsa->e = BN_new();
492     if (rsa->n == NULL || rsa->e == NULL) {
493     RSA_free(rsa);
494     goto error;
495     }
496    
497     // �[���R�s�[(deep copy)���s���B�����R�s�[(shallow copy)��NG�B
498     BN_copy(rsa->n, src->n);
499     BN_copy(rsa->e, src->e);
500    
501     error:
502     return (rsa);
503     }
504    
505    
506     //
507     // DSA�\����������
508     //
509     DSA *duplicate_DSA(DSA *src)
510     {
511     DSA *dsa = NULL;
512    
513     dsa = DSA_new();
514     if (dsa == NULL)
515     goto error;
516     dsa->p = BN_new();
517     dsa->q = BN_new();
518     dsa->g = BN_new();
519     dsa->pub_key = BN_new();
520     if (dsa->p == NULL ||
521     dsa->q == NULL ||
522     dsa->g == NULL ||
523     dsa->pub_key == NULL) {
524     DSA_free(dsa);
525     goto error;
526     }
527    
528     // �[���R�s�[(deep copy)���s���B�����R�s�[(shallow copy)��NG�B
529     BN_copy(dsa->p, src->p);
530     BN_copy(dsa->q, src->q);
531     BN_copy(dsa->g, src->g);
532     BN_copy(dsa->pub_key, src->pub_key);
533    
534     error:
535     return (dsa);
536     }
537    
538 yutakapon 5545 unsigned char *duplicate_ED25519_PK(unsigned char *src)
539     {
540     unsigned char *ptr = NULL;
541 maya 4304
542 yutakapon 5545 ptr = malloc(ED25519_PK_SZ);
543     if (ptr) {
544     memcpy(ptr, src, ED25519_PK_SZ);
545     }
546     return (ptr);
547     }
548    
549    
550 doda 4531 char* key_fingerprint_raw(Key *k, enum fp_type dgst_type, int *dgst_raw_length)
551 maya 4304 {
552     const EVP_MD *md = NULL;
553     EVP_MD_CTX ctx;
554     char *blob = NULL;
555     char *retval = NULL;
556     int len = 0;
557     int nlen, elen;
558     RSA *rsa;
559    
560     *dgst_raw_length = 0;
561    
562 doda 4531 switch (dgst_type) {
563     case SSH_FP_MD5:
564     md = EVP_md5();
565     break;
566     case SSH_FP_SHA1:
567     md = EVP_sha1();
568     break;
569 doda 4539 case SSH_FP_SHA256:
570     md = EVP_sha256();
571     break;
572 doda 4531 default:
573     md = EVP_md5();
574     }
575 maya 4304
576     switch (k->type) {
577     case KEY_RSA1:
578     rsa = make_key(NULL, k->bits, k->exp, k->mod);
579     nlen = BN_num_bytes(rsa->n);
580     elen = BN_num_bytes(rsa->e);
581     len = nlen + elen;
582     blob = malloc(len);
583     if (blob == NULL) {
584     // TODO:
585     }
586     BN_bn2bin(rsa->n, blob);
587     BN_bn2bin(rsa->e, blob + nlen);
588     RSA_free(rsa);
589     break;
590    
591     case KEY_DSA:
592     case KEY_RSA:
593 maya 4321 case KEY_ECDSA256:
594     case KEY_ECDSA384:
595     case KEY_ECDSA521:
596 yutakapon 5545 case KEY_ED25519:
597 maya 4304 key_to_blob(k, &blob, &len);
598     break;
599    
600     case KEY_UNSPEC:
601     return retval;
602     break;
603    
604     default:
605     //fatal("key_fingerprint_raw: bad key type %d", k->type);
606     break;
607     }
608    
609     if (blob != NULL) {
610     retval = malloc(EVP_MAX_MD_SIZE);
611     if (retval == NULL) {
612     // TODO:
613     }
614     EVP_DigestInit(&ctx, md);
615     EVP_DigestUpdate(&ctx, blob, len);
616     EVP_DigestFinal(&ctx, retval, dgst_raw_length);
617     memset(blob, 0, len);
618     free(blob);
619     } else {
620     //fatal("key_fingerprint_raw: blob is null");
621     }
622     return retval;
623     }
624    
625    
626     const char *
627 maya 5550 ssh_key_type(ssh_keytype type)
628 maya 4304 {
629 maya 5550 switch (type) {
630 maya 4304 case KEY_RSA1:
631     return "RSA1";
632     case KEY_RSA:
633     return "RSA";
634     case KEY_DSA:
635     return "DSA";
636 maya 4321 case KEY_ECDSA256:
637     case KEY_ECDSA384:
638     case KEY_ECDSA521:
639     return "ECDSA";
640 yutakapon 5545 case KEY_ED25519:
641     return "ED25519";
642 maya 4304 }
643     return "unknown";
644     }
645    
646     unsigned int
647     key_size(const Key *k)
648     {
649     switch (k->type) {
650     case KEY_RSA1:
651     // SSH1�������� key->rsa �� key->dsa �� NULL �����������A�g�������B
652     return k->bits;
653     case KEY_RSA:
654     return BN_num_bits(k->rsa->n);
655     case KEY_DSA:
656     return BN_num_bits(k->dsa->p);
657 maya 4321 case KEY_ECDSA256:
658     return 256;
659     case KEY_ECDSA384:
660     return 384;
661     case KEY_ECDSA521:
662     return 521;
663 yutakapon 5545 case KEY_ED25519:
664     return 256; /* XXX */
665 maya 4304 }
666     return 0;
667     }
668    
669     // based on OpenSSH 5.1
670     #define FLDBASE 8
671     #define FLDSIZE_Y (FLDBASE + 1)
672     #define FLDSIZE_X (FLDBASE * 2 + 1)
673     static char *
674     key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k)
675     {
676     /*
677     * Chars to be used after each other every time the worm
678     * intersects with itself. Matter of taste.
679     */
680     char *augmentation_string = " .o+=*BOX@%&#/^SE";
681     char *retval, *p;
682     unsigned char field[FLDSIZE_X][FLDSIZE_Y];
683     unsigned int i, b;
684     int x, y;
685     size_t len = strlen(augmentation_string) - 1;
686    
687     retval = calloc(1, (FLDSIZE_X + 3 + 1) * (FLDSIZE_Y + 2));
688    
689     /* initialize field */
690     memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char));
691     x = FLDSIZE_X / 2;
692     y = FLDSIZE_Y / 2;
693    
694     /* process raw key */
695     for (i = 0; i < dgst_raw_len; i++) {
696     int input;
697     /* each byte conveys four 2-bit move commands */
698     input = dgst_raw[i];
699     for (b = 0; b < 4; b++) {
700     /* evaluate 2 bit, rest is shifted later */
701     x += (input & 0x1) ? 1 : -1;
702     y += (input & 0x2) ? 1 : -1;
703    
704     /* assure we are still in bounds */
705     x = max(x, 0);
706     y = max(y, 0);
707     x = min(x, FLDSIZE_X - 1);
708     y = min(y, FLDSIZE_Y - 1);
709    
710     /* augment the field */
711     field[x][y]++;
712     input = input >> 2;
713     }
714     }
715    
716     /* mark starting point and end point*/
717     field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1;
718     field[x][y] = len;
719    
720     /* fill in retval */
721 maya 5550 _snprintf_s(retval, FLDSIZE_X, _TRUNCATE, "+--[%4s %4u]", ssh_key_type(k->type), key_size(k));
722 maya 4304 p = strchr(retval, '\0');
723    
724     /* output upper border */
725     for (i = p - retval - 1; i < FLDSIZE_X; i++)
726     *p++ = '-';
727     *p++ = '+';
728     *p++ = '\r';
729     *p++ = '\n';
730    
731     /* output content */
732     for (y = 0; y < FLDSIZE_Y; y++) {
733     *p++ = '|';
734     for (x = 0; x < FLDSIZE_X; x++)
735     *p++ = augmentation_string[min(field[x][y], len)];
736     *p++ = '|';
737     *p++ = '\r';
738     *p++ = '\n';
739     }
740    
741     /* output lower border */
742     *p++ = '+';
743     for (i = 0; i < FLDSIZE_X; i++)
744     *p++ = '-';
745     *p++ = '+';
746    
747     return retval;
748     }
749     #undef FLDBASE
750     #undef FLDSIZE_Y
751     #undef FLDSIZE_X
752    
753     //
754     // fingerprint�i�w���F�z�X�g���J�����n�b�V���j����������
755     //
756     char *key_fingerprint(Key *key, enum fp_rep dgst_rep)
757     {
758     char *retval = NULL;
759     unsigned char *dgst_raw;
760     int dgst_raw_len;
761     int i, retval_len;
762    
763     // fingerprint���n�b�V���l�i�o�C�i���j��������
764 doda 4531 dgst_raw = key_fingerprint_raw(key, SSH_FP_MD5, &dgst_raw_len);
765 maya 4304
766     if (dgst_rep == SSH_FP_HEX) {
767     // 16�i�\�L����������
768     retval_len = dgst_raw_len * 3 + 1;
769     retval = malloc(retval_len);
770     retval[0] = '\0';
771     for (i = 0; i < dgst_raw_len; i++) {
772     char hex[4];
773     _snprintf_s(hex, sizeof(hex), _TRUNCATE, "%02x:", dgst_raw[i]);
774     strncat_s(retval, retval_len, hex, _TRUNCATE);
775     }
776    
777     /* Remove the trailing ':' character */
778     retval[(dgst_raw_len * 3) - 1] = '\0';
779    
780     } else if (dgst_rep == SSH_FP_RANDOMART) {
781     retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len, key);
782    
783     } else {
784    
785     }
786    
787     memset(dgst_raw, 0, dgst_raw_len);
788     free(dgst_raw);
789    
790     return (retval);
791     }
792    
793 yutakapon 5545 //
794     // �L�[�������������m��
795     //
796     static void key_add_private(Key *k)
797     {
798     switch (k->type) {
799     case KEY_RSA1:
800     case KEY_RSA:
801     k->rsa->d = BN_new();
802     k->rsa->iqmp = BN_new();
803     k->rsa->q = BN_new();
804     k->rsa->p = BN_new();
805     k->rsa->dmq1 = BN_new();
806     k->rsa->dmp1 = BN_new();
807     if (k->rsa->d == NULL || k->rsa->iqmp == NULL || k->rsa->q == NULL ||
808     k->rsa->p == NULL || k->rsa->dmq1 == NULL || k->rsa->dmp1 == NULL)
809     goto error;
810     break;
811 maya 4304
812 yutakapon 5545 case KEY_DSA:
813     k->dsa->priv_key = BN_new();
814     if (k->dsa->priv_key == NULL)
815     goto error;
816     break;
817    
818     case KEY_ECDSA256:
819     case KEY_ECDSA384:
820     case KEY_ECDSA521:
821     /* Cannot do anything until we know the group */
822     break;
823    
824     case KEY_ED25519:
825     /* no need to prealloc */
826     break;
827    
828     case KEY_UNSPEC:
829     break;
830    
831     default:
832     goto error;
833     break;
834     }
835     return;
836    
837     error:
838     if (k->rsa->d) {
839     BN_free(k->rsa->d);
840     k->rsa->d = NULL;
841     }
842     if (k->rsa->iqmp) {
843     BN_free(k->rsa->iqmp);
844     k->rsa->iqmp = NULL;
845     }
846     if (k->rsa->q) {
847     BN_free(k->rsa->q);
848     k->rsa->q = NULL;
849     }
850     if (k->rsa->p) {
851     BN_free(k->rsa->p);
852     k->rsa->p = NULL;
853     }
854     if (k->rsa->dmq1) {
855     BN_free(k->rsa->dmq1);
856     k->rsa->dmq1 = NULL;
857     }
858     if (k->rsa->dmp1) {
859     BN_free(k->rsa->dmp1);
860     k->rsa->dmp1 = NULL;
861     }
862    
863    
864     if (k->dsa->priv_key == NULL) {
865     BN_free(k->dsa->priv_key);
866     k->dsa->priv_key = NULL;
867     }
868    
869     }
870    
871     Key *key_new_private(int type)
872     {
873     Key *k = key_new(type);
874    
875     key_add_private(k);
876     return (k);
877     }
878    
879    
880     Key *key_new(int type)
881     {
882     int success = 0;
883     Key *k = NULL;
884     RSA *rsa;
885     DSA *dsa;
886    
887     k = calloc(1, sizeof(Key));
888     if (k == NULL)
889     goto error;
890     k->type = type;
891     k->ecdsa = NULL;
892     k->dsa = NULL;
893     k->rsa = NULL;
894     k->ed25519_pk = NULL;
895     k->ed25519_sk = NULL;
896    
897     switch (k->type) {
898     case KEY_RSA1:
899     case KEY_RSA:
900     rsa = RSA_new();
901     if (rsa == NULL)
902     goto error;
903     rsa->n = BN_new();
904     rsa->e = BN_new();
905     if (rsa->n == NULL || rsa->e == NULL)
906     goto error;
907     k->rsa = rsa;
908     break;
909    
910     case KEY_DSA:
911     dsa = DSA_new();
912     if (dsa == NULL)
913     goto error;
914     dsa->p = BN_new();
915     dsa->q = BN_new();
916     dsa->g = BN_new();
917     dsa->pub_key = BN_new();
918     if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL || dsa->pub_key == NULL)
919     goto error;
920     k->dsa = dsa;
921     break;
922    
923     case KEY_ECDSA256:
924     case KEY_ECDSA384:
925     case KEY_ECDSA521:
926     /* Cannot do anything until we know the group */
927     break;
928    
929     case KEY_ED25519:
930     /* no need to prealloc */
931     break;
932    
933     case KEY_UNSPEC:
934     break;
935    
936     default:
937     goto error;
938     break;
939     }
940     success = 1;
941    
942     error:
943     if (success == 0) {
944     key_free(k);
945     k = NULL;
946     }
947     return (k);
948     }
949    
950    
951 maya 4304 //
952     // �L�[����������������
953     //
954     void key_free(Key *key)
955     {
956 maya 4321 if (key == NULL) {
957     return;
958     }
959    
960 maya 4304 switch (key->type) {
961     case KEY_RSA1:
962     case KEY_RSA:
963     if (key->rsa != NULL)
964     RSA_free(key->rsa);
965     key->rsa = NULL;
966     break;
967    
968     case KEY_DSA:
969     if (key->dsa != NULL)
970     DSA_free(key->dsa);
971     key->dsa = NULL;
972     break;
973 maya 4321
974     case KEY_ECDSA256:
975     case KEY_ECDSA384:
976     case KEY_ECDSA521:
977     if (key->ecdsa != NULL)
978     EC_KEY_free(key->ecdsa);
979     key->ecdsa = NULL;
980     break;
981 yutakapon 5545
982     case KEY_ED25519:
983     if (key->ed25519_pk) {
984     memset(key->ed25519_pk, 0, ED25519_PK_SZ);
985     free(key->ed25519_pk);
986     key->ed25519_pk = NULL;
987     }
988     if (key->ed25519_sk) {
989     memset(key->ed25519_sk, 0, ED25519_SK_SZ);
990     free(key->ed25519_sk);
991     key->ed25519_sk = NULL;
992     }
993     break;
994 maya 4304 }
995     free(key);
996     }
997    
998     //
999     // �L�[���������������p����
1000     //
1001 maya 4321 char *get_sshname_from_key(Key *key)
1002     {
1003 maya 4378 return get_ssh_keytype_name(key->type);
1004 maya 4321 }
1005 maya 4304
1006     //
1007     // �L�[������������������������
1008     //
1009 maya 4378 ssh_keytype get_keytype_from_name(char *name)
1010 maya 4304 {
1011     if (strcmp(name, "rsa1") == 0) {
1012     return KEY_RSA1;
1013     } else if (strcmp(name, "rsa") == 0) {
1014     return KEY_RSA;
1015     } else if (strcmp(name, "dsa") == 0) {
1016     return KEY_DSA;
1017     } else if (strcmp(name, "ssh-rsa") == 0) {
1018     return KEY_RSA;
1019     } else if (strcmp(name, "ssh-dss") == 0) {
1020     return KEY_DSA;
1021 maya 4321 } else if (strcmp(name, "ecdsa-sha2-nistp256") == 0) {
1022     return KEY_ECDSA256;
1023     } else if (strcmp(name, "ecdsa-sha2-nistp384") == 0) {
1024     return KEY_ECDSA384;
1025     } else if (strcmp(name, "ecdsa-sha2-nistp521") == 0) {
1026     return KEY_ECDSA521;
1027 yutakapon 5545 } else if (strcmp(name, "ssh-ed25519") == 0) {
1028     return KEY_ED25519;
1029 maya 4304 }
1030     return KEY_UNSPEC;
1031     }
1032    
1033    
1034 maya 4378 ssh_keytype key_curve_name_to_keytype(char *name)
1035 maya 4321 {
1036     if (strcmp(name, "nistp256") == 0) {
1037     return KEY_ECDSA256;
1038     } else if (strcmp(name, "nistp384") == 0) {
1039     return KEY_ECDSA384;
1040     } else if (strcmp(name, "nistp521") == 0) {
1041     return KEY_ECDSA521;
1042     }
1043     return KEY_UNSPEC;
1044     }
1045    
1046 maya 4378 char *curve_keytype_to_name(ssh_keytype type)
1047 maya 4321 {
1048     switch (type) {
1049     case KEY_ECDSA256:
1050     return "nistp256";
1051     break;
1052     case KEY_ECDSA384:
1053     return "nistp384";
1054     break;
1055     case KEY_ECDSA521:
1056     return "nistp521";
1057     break;
1058     }
1059     return NULL;
1060     }
1061    
1062 maya 4304 //
1063     // �L�[���������o�b�t�@���������� (for SSH2)
1064     // NOTE:
1065     //
1066     int key_to_blob(Key *key, char **blobp, int *lenp)
1067     {
1068     buffer_t *b;
1069 maya 4321 char *sshname, *tmp;
1070 maya 4304 int len;
1071     int ret = 1; // success
1072    
1073     b = buffer_init();
1074     sshname = get_sshname_from_key(key);
1075    
1076 maya 4321 switch (key->type) {
1077     case KEY_RSA:
1078 maya 4304 buffer_put_string(b, sshname, strlen(sshname));
1079     buffer_put_bignum2(b, key->rsa->e);
1080     buffer_put_bignum2(b, key->rsa->n);
1081 maya 4321 break;
1082     case KEY_DSA:
1083 maya 4304 buffer_put_string(b, sshname, strlen(sshname));
1084     buffer_put_bignum2(b, key->dsa->p);
1085     buffer_put_bignum2(b, key->dsa->q);
1086     buffer_put_bignum2(b, key->dsa->g);
1087     buffer_put_bignum2(b, key->dsa->pub_key);
1088 maya 4321 break;
1089     case KEY_ECDSA256:
1090     case KEY_ECDSA384:
1091     case KEY_ECDSA521:
1092     buffer_put_string(b, sshname, strlen(sshname));
1093     tmp = curve_keytype_to_name(key->type);
1094     buffer_put_string(b, tmp, strlen(tmp));
1095     buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa),
1096     EC_KEY_get0_public_key(key->ecdsa));
1097     break;
1098 yutakapon 5545 case KEY_ED25519:
1099     buffer_put_cstring(b, sshname);
1100     buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ);
1101     break;
1102 maya 4304
1103 maya 4321 default:
1104 maya 4304 ret = 0;
1105     goto error;
1106     }
1107    
1108     len = buffer_len(b);
1109     if (lenp != NULL)
1110     *lenp = len;
1111     if (blobp != NULL) {
1112     *blobp = malloc(len);
1113     if (*blobp == NULL) {
1114     ret = 0;
1115     goto error;
1116     }
1117     memcpy(*blobp, buffer_ptr(b), len);
1118     }
1119    
1120     error:
1121     buffer_free(b);
1122    
1123     return (ret);
1124     }
1125    
1126    
1127     //
1128     // �o�b�t�@�����L�[�����������o��(for SSH2)
1129     // NOTE: ���l���A���P�[�g���������������A�����o�������������������B
1130     //
1131     Key *key_from_blob(char *data, int blen)
1132     {
1133 yutakapon 5545 int keynamelen, len;
1134 maya 4304 char key[128];
1135     RSA *rsa = NULL;
1136     DSA *dsa = NULL;
1137 maya 4321 EC_KEY *ecdsa = NULL;
1138     EC_POINT *q = NULL;
1139     char *curve = NULL;
1140 yutakapon 5838 Key *hostkey = NULL; // hostkey
1141 maya 4378 ssh_keytype type;
1142 yutakapon 5545 unsigned char *pk = NULL;
1143 maya 4304
1144 yutakapon 5838 if (data == NULL)
1145     goto error;
1146    
1147 maya 4304 hostkey = malloc(sizeof(Key));
1148     if (hostkey == NULL)
1149     goto error;
1150    
1151     memset(hostkey, 0, sizeof(Key));
1152    
1153     keynamelen = get_uint32_MSBfirst(data);
1154     if (keynamelen >= sizeof(key)) {
1155     goto error;
1156     }
1157     data += 4;
1158     memcpy(key, data, keynamelen);
1159     key[keynamelen] = 0;
1160     data += keynamelen;
1161    
1162     type = get_keytype_from_name(key);
1163    
1164 maya 4321 switch (type) {
1165     case KEY_RSA: // RSA key
1166 maya 4304 rsa = RSA_new();
1167     if (rsa == NULL) {
1168     goto error;
1169     }
1170     rsa->n = BN_new();
1171     rsa->e = BN_new();
1172     if (rsa->n == NULL || rsa->e == NULL) {
1173     goto error;
1174     }
1175    
1176     buffer_get_bignum2(&data, rsa->e);
1177     buffer_get_bignum2(&data, rsa->n);
1178    
1179     hostkey->type = type;
1180     hostkey->rsa = rsa;
1181 maya 4321 break;
1182 maya 4304
1183 maya 4321 case KEY_DSA: // DSA key
1184 maya 4304 dsa = DSA_new();
1185     if (dsa == NULL) {
1186     goto error;
1187     }
1188     dsa->p = BN_new();
1189     dsa->q = BN_new();
1190     dsa->g = BN_new();
1191     dsa->pub_key = BN_new();
1192     if (dsa->p == NULL ||
1193     dsa->q == NULL ||
1194     dsa->g == NULL ||
1195     dsa->pub_key == NULL) {
1196     goto error;
1197     }
1198    
1199     buffer_get_bignum2(&data, dsa->p);
1200     buffer_get_bignum2(&data, dsa->q);
1201     buffer_get_bignum2(&data, dsa->g);
1202     buffer_get_bignum2(&data, dsa->pub_key);
1203    
1204     hostkey->type = type;
1205     hostkey->dsa = dsa;
1206 maya 4321 break;
1207 maya 4304
1208 maya 4321 case KEY_ECDSA256: // ECDSA
1209     case KEY_ECDSA384:
1210     case KEY_ECDSA521:
1211     curve = buffer_get_string(&data, NULL);
1212     if (type != key_curve_name_to_keytype(curve)) {
1213     goto error;
1214     }
1215    
1216 maya 4327 ecdsa = EC_KEY_new_by_curve_name(keytype_to_cipher_nid(type));
1217 maya 4321 if (ecdsa == NULL) {
1218     goto error;
1219     }
1220    
1221     q = EC_POINT_new(EC_KEY_get0_group(ecdsa));
1222     if (q == NULL) {
1223     goto error;
1224     }
1225    
1226     buffer_get_ecpoint(&data, EC_KEY_get0_group(ecdsa), q);
1227     if (key_ec_validate_public(EC_KEY_get0_group(ecdsa), q) == -1) {
1228     goto error;
1229     }
1230    
1231     if (EC_KEY_set_public_key(ecdsa, q) != 1) {
1232     goto error;
1233     }
1234    
1235     hostkey->type = type;
1236     hostkey->ecdsa = ecdsa;
1237     break;
1238    
1239 yutakapon 5545 case KEY_ED25519:
1240     pk = buffer_get_string(&data, &len);
1241     if (pk == NULL)
1242     goto error;
1243     if (len != ED25519_PK_SZ)
1244     goto error;
1245    
1246     hostkey->type = type;
1247     hostkey->ed25519_pk = pk;
1248     pk = NULL;
1249     break;
1250    
1251 maya 4321 default: // unknown key
1252 maya 4304 goto error;
1253     }
1254    
1255     return (hostkey);
1256    
1257     error:
1258     if (rsa != NULL)
1259     RSA_free(rsa);
1260     if (dsa != NULL)
1261     DSA_free(dsa);
1262 maya 4321 if (ecdsa != NULL)
1263     EC_KEY_free(ecdsa);
1264 maya 4304
1265 yutakapon 5545 free(hostkey);
1266    
1267 maya 4304 return NULL;
1268     }
1269    
1270    
1271 yutakapon 5545 static int ssh_ed25519_sign(Key *key, char **sigp, int *lenp, char *data, int datalen)
1272     {
1273     char *sig;
1274     int slen, len;
1275     unsigned long long smlen;
1276     int ret;
1277     buffer_t *b;
1278    
1279     smlen = slen = datalen + crypto_sign_ed25519_BYTES;
1280     sig = malloc(slen);
1281    
1282     if ((ret = crypto_sign_ed25519(sig, &smlen, data, datalen,
1283     key->ed25519_sk)) != 0 || smlen <= datalen) {
1284     //error("%s: crypto_sign_ed25519 failed: %d", __func__, ret);
1285     free(sig);
1286     return -1;
1287     }
1288     /* encode signature */
1289     b = buffer_init();
1290     buffer_put_cstring(b, "ssh-ed25519");
1291     buffer_put_string(b, sig, (int)(smlen - datalen));
1292     len = buffer_len(b);
1293     if (lenp != NULL)
1294     *lenp = len;
1295     if (sigp != NULL) {
1296     *sigp = malloc(len);
1297     memcpy(*sigp, buffer_ptr(b), len);
1298     }
1299     buffer_free(b);
1300     memset(sig, 's', slen);
1301     free(sig);
1302    
1303     return 0;
1304     }
1305    
1306    
1307 maya 4307 BOOL generate_SSH2_keysign(Key *keypair, char **sigptr, int *siglen, char *data, int datalen)
1308 maya 4304 {
1309     buffer_t *msg = NULL;
1310     char *s;
1311 yutakapon 5545 int ret;
1312 maya 4304
1313     msg = buffer_init();
1314     if (msg == NULL) {
1315     // TODO: error check
1316     return FALSE;
1317     }
1318    
1319 maya 4324 switch (keypair->type) {
1320     case KEY_RSA: // RSA
1321     {
1322 maya 4307 const EVP_MD *evp_md = EVP_sha1();
1323 maya 4304 EVP_MD_CTX md;
1324     u_char digest[EVP_MAX_MD_SIZE], *sig;
1325     u_int slen, dlen, len;
1326 maya 4307 int ok, nid = NID_sha1;
1327 maya 4304
1328     // �_�C�W�F�X�g�l���v�Z
1329     EVP_DigestInit(&md, evp_md);
1330     EVP_DigestUpdate(&md, data, datalen);
1331     EVP_DigestFinal(&md, digest, &dlen);
1332    
1333 maya 4307 slen = RSA_size(keypair->rsa);
1334 maya 4304 sig = malloc(slen);
1335     if (sig == NULL)
1336     goto error;
1337    
1338     // �d�q�������v�Z
1339 maya 4307 ok = RSA_sign(nid, digest, dlen, sig, &len, keypair->rsa);
1340 maya 4304 memset(digest, 'd', sizeof(digest));
1341     if (ok != 1) { // error
1342     free(sig);
1343     goto error;
1344     }
1345     // �������T�C�Y���o�b�t�@���������������A�������������B�������[�����������B
1346     if (len < slen) {
1347     u_int diff = slen - len;
1348     memmove(sig + diff, sig, len);
1349     memset(sig, 0, diff);
1350    
1351     } else if (len > slen) {
1352     free(sig);
1353     goto error;
1354    
1355     } else {
1356     // do nothing
1357    
1358     }
1359    
1360 maya 4307 s = get_sshname_from_key(keypair);
1361 maya 4304 buffer_put_string(msg, s, strlen(s));
1362     buffer_append_length(msg, sig, slen);
1363     len = buffer_len(msg);
1364    
1365     // setting
1366     *siglen = len;
1367     *sigptr = malloc(len);
1368     if (*sigptr == NULL) {
1369     free(sig);
1370     goto error;
1371     }
1372     memcpy(*sigptr, buffer_ptr(msg), len);
1373     free(sig);
1374 maya 4324
1375     break;
1376 maya 4307 }
1377 maya 4324 case KEY_DSA: // DSA
1378     {
1379 maya 4304 DSA_SIG *sig;
1380     const EVP_MD *evp_md = EVP_sha1();
1381     EVP_MD_CTX md;
1382     u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
1383     u_int rlen, slen, len, dlen;
1384    
1385     // �_�C�W�F�X�g���v�Z
1386     EVP_DigestInit(&md, evp_md);
1387     EVP_DigestUpdate(&md, data, datalen);
1388     EVP_DigestFinal(&md, digest, &dlen);
1389    
1390     // DSA�d�q�������v�Z
1391 maya 4307 sig = DSA_do_sign(digest, dlen, keypair->dsa);
1392 maya 4304 memset(digest, 'd', sizeof(digest));
1393     if (sig == NULL) {
1394     goto error;
1395     }
1396    
1397     // BIGNUM�����o�C�i���l��������
1398     rlen = BN_num_bytes(sig->r);
1399     slen = BN_num_bytes(sig->s);
1400     if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
1401     DSA_SIG_free(sig);
1402     goto error;
1403     }
1404     memset(sigblob, 0, SIGBLOB_LEN);
1405     BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
1406     BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
1407     DSA_SIG_free(sig);
1408    
1409     // setting
1410 maya 4307 s = get_sshname_from_key(keypair);
1411 maya 4304 buffer_put_string(msg, s, strlen(s));
1412     buffer_append_length(msg, sigblob, sizeof(sigblob));
1413     len = buffer_len(msg);
1414    
1415     // setting
1416     *siglen = len;
1417     *sigptr = malloc(len);
1418     if (*sigptr == NULL) {
1419     goto error;
1420     }
1421     memcpy(*sigptr, buffer_ptr(msg), len);
1422    
1423 maya 4324 break;
1424 maya 4304 }
1425 maya 4324 case KEY_ECDSA256: // ECDSA
1426     case KEY_ECDSA384:
1427     case KEY_ECDSA521:
1428     {
1429     ECDSA_SIG *sig;
1430     const EVP_MD *evp_md;
1431     EVP_MD_CTX md;
1432     u_char digest[EVP_MAX_MD_SIZE];
1433     u_int len, dlen, nid;
1434     buffer_t *buf2 = NULL;
1435    
1436 maya 4327 nid = keytype_to_hash_nid(keypair->type);
1437 maya 4324 if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
1438     goto error;
1439     }
1440     EVP_DigestInit(&md, evp_md);
1441     EVP_DigestUpdate(&md, data, datalen);
1442     EVP_DigestFinal(&md, digest, &dlen);
1443    
1444     sig = ECDSA_do_sign(digest, dlen, keypair->ecdsa);
1445     memset(digest, 'd', sizeof(digest));
1446    
1447     if (sig == NULL) {
1448     goto error;
1449     }
1450    
1451     buf2 = buffer_init();
1452     if (buf2 == NULL) {
1453     // TODO: error check
1454     goto error;
1455     }
1456     buffer_put_bignum2(buf2, sig->r);
1457     buffer_put_bignum2(buf2, sig->s);
1458     ECDSA_SIG_free(sig);
1459    
1460     s = get_sshname_from_key(keypair);
1461     buffer_put_string(msg, s, strlen(s));
1462     buffer_put_string(msg, buffer_ptr(buf2), buffer_len(buf2));
1463     buffer_free(buf2);
1464     len = buffer_len(msg);
1465    
1466     *siglen = len;
1467     *sigptr = malloc(len);
1468     if (*sigptr == NULL) {
1469     goto error;
1470     }
1471     memcpy(*sigptr, buffer_ptr(msg), len);
1472    
1473     break;
1474     }
1475 yutakapon 5545
1476     case KEY_ED25519:
1477     ret = ssh_ed25519_sign(keypair, sigptr, siglen, data, datalen);
1478     if (ret != 0)
1479     goto error;
1480     break;
1481    
1482 maya 4324 default:
1483 maya 4307 buffer_free(msg);
1484     return FALSE;
1485 maya 4324 break;
1486 maya 4307 }
1487 maya 4304
1488     buffer_free(msg);
1489     return TRUE;
1490    
1491     error:
1492     buffer_free(msg);
1493    
1494     return FALSE;
1495     }
1496    
1497    
1498     BOOL get_SSH2_publickey_blob(PTInstVar pvar, buffer_t **blobptr, int *bloblen)
1499     {
1500     buffer_t *msg = NULL;
1501 maya 4307 Key *keypair;
1502 maya 4324 char *s, *tmp;
1503 maya 4304
1504     msg = buffer_init();
1505     if (msg == NULL) {
1506     // TODO: error check
1507     return FALSE;
1508     }
1509    
1510     keypair = pvar->auth_state.cur_cred.key_pair;
1511    
1512 maya 4324 switch (keypair->type) {
1513     case KEY_RSA: // RSA
1514 maya 4307 s = get_sshname_from_key(keypair);
1515 maya 4304 buffer_put_string(msg, s, strlen(s));
1516 maya 4307 buffer_put_bignum2(msg, keypair->rsa->e); // ���J�w��
1517     buffer_put_bignum2(msg, keypair->rsa->n); // p�~q
1518 maya 4324 break;
1519     case KEY_DSA: // DSA
1520 maya 4307 s = get_sshname_from_key(keypair);
1521 maya 4304 buffer_put_string(msg, s, strlen(s));
1522 maya 4307 buffer_put_bignum2(msg, keypair->dsa->p); // �f��
1523     buffer_put_bignum2(msg, keypair->dsa->q); // (p-1)���f����
1524     buffer_put_bignum2(msg, keypair->dsa->g); // ����
1525     buffer_put_bignum2(msg, keypair->dsa->pub_key); // ���J��
1526 maya 4324 break;
1527     case KEY_ECDSA256: // ECDSA
1528     case KEY_ECDSA384:
1529     case KEY_ECDSA521:
1530     s = get_sshname_from_key(keypair);
1531     buffer_put_string(msg, s, strlen(s));
1532     tmp = curve_keytype_to_name(keypair->type);
1533     buffer_put_string(msg, tmp, strlen(tmp));
1534     buffer_put_ecpoint(msg, EC_KEY_get0_group(keypair->ecdsa),
1535     EC_KEY_get0_public_key(keypair->ecdsa));
1536     break;
1537 yutakapon 5545 case KEY_ED25519:
1538     s = get_sshname_from_key(keypair);
1539     buffer_put_cstring(msg, s);
1540     buffer_put_string(msg, keypair->ed25519_pk, ED25519_PK_SZ);
1541     break;
1542 maya 4324 default:
1543 maya 4307 return FALSE;
1544     }
1545    
1546 maya 4304 *blobptr = msg;
1547     *bloblen = buffer_len(msg);
1548    
1549     return TRUE;
1550     }
1551 maya 4327
1552 maya 4378 int kextype_to_cipher_nid(kex_algorithm type)
1553 maya 4327 {
1554     switch (type) {
1555     case KEX_ECDH_SHA2_256:
1556     return NID_X9_62_prime256v1;
1557     case KEX_ECDH_SHA2_384:
1558     return NID_secp384r1;
1559     case KEX_ECDH_SHA2_521:
1560     return NID_secp521r1;
1561     }
1562     return NID_undef;
1563     }
1564    
1565 maya 4378 int keytype_to_hash_nid(ssh_keytype type)
1566 maya 4327 {
1567     switch (type) {
1568     case KEY_ECDSA256:
1569     return NID_sha256;
1570     case KEY_ECDSA384:
1571     return NID_sha384;
1572     case KEY_ECDSA521:
1573     return NID_sha512;
1574     }
1575     return NID_undef;
1576     }
1577    
1578 maya 4378 int keytype_to_cipher_nid(ssh_keytype type)
1579 maya 4327 {
1580     switch (type) {
1581     case KEY_ECDSA256:
1582     return NID_X9_62_prime256v1;
1583     case KEY_ECDSA384:
1584     return NID_secp384r1;
1585     case KEY_ECDSA521:
1586     return NID_secp521r1;
1587     }
1588     return NID_undef;
1589     }
1590    
1591 maya 4378 ssh_keytype nid_to_keytype(int nid)
1592 maya 4327 {
1593     switch (nid) {
1594     case NID_X9_62_prime256v1:
1595     return KEY_ECDSA256;
1596     case NID_secp384r1:
1597     return KEY_ECDSA384;
1598     case NID_secp521r1:
1599     return KEY_ECDSA521;
1600     }
1601     return KEY_UNSPEC;
1602     }
1603 yutakapon 5545
1604     void key_private_serialize(Key *key, buffer_t *b)
1605     {
1606     char *s;
1607    
1608     s = get_sshname_from_key(key);
1609     buffer_put_cstring(b, s);
1610    
1611     switch (key->type) {
1612     case KEY_RSA:
1613     buffer_put_bignum2(b, key->rsa->n);
1614     buffer_put_bignum2(b, key->rsa->e);
1615     buffer_put_bignum2(b, key->rsa->d);
1616     buffer_put_bignum2(b, key->rsa->iqmp);
1617     buffer_put_bignum2(b, key->rsa->p);
1618     buffer_put_bignum2(b, key->rsa->q);
1619     break;
1620    
1621     case KEY_DSA:
1622     buffer_put_bignum2(b, key->dsa->p);
1623     buffer_put_bignum2(b, key->dsa->q);
1624     buffer_put_bignum2(b, key->dsa->g);
1625     buffer_put_bignum2(b, key->dsa->pub_key);
1626     buffer_put_bignum2(b, key->dsa->priv_key);
1627     break;
1628    
1629     case KEY_ECDSA256:
1630     case KEY_ECDSA384:
1631     case KEY_ECDSA521:
1632     buffer_put_cstring(b, curve_keytype_to_name(key->type));
1633     buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa),
1634     EC_KEY_get0_public_key(key->ecdsa));
1635     buffer_put_bignum2(b, (BIGNUM *)EC_KEY_get0_private_key(key->ecdsa));
1636     break;
1637    
1638     case KEY_ED25519:
1639     buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ);
1640     buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ);
1641     break;
1642    
1643     default:
1644     break;
1645     }
1646     }
1647    
1648     /* calculate p-1 and q-1 */
1649     static void rsa_generate_additional_parameters(RSA *rsa)
1650     {
1651     BIGNUM *aux = NULL;
1652     BN_CTX *ctx = NULL;
1653    
1654     if ((aux = BN_new()) == NULL)
1655     goto error;
1656     if ((ctx = BN_CTX_new()) == NULL)
1657     goto error;
1658    
1659     if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
1660     (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
1661     (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
1662     (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0))
1663     goto error;
1664    
1665     error:
1666     if (aux)
1667     BN_clear_free(aux);
1668     if (ctx)
1669     BN_CTX_free(ctx);
1670     }
1671    
1672     static int key_ec_validate_private(EC_KEY *key)
1673     {
1674     BN_CTX *bnctx = NULL;
1675     BIGNUM *order, *tmp;
1676     int ret = -1;
1677    
1678     if ((bnctx = BN_CTX_new()) == NULL)
1679     goto out;
1680     BN_CTX_start(bnctx);
1681    
1682     if ((order = BN_CTX_get(bnctx)) == NULL ||
1683     (tmp = BN_CTX_get(bnctx)) == NULL)
1684     goto out;
1685    
1686     /* log2(private) > log2(order)/2 */
1687     if (EC_GROUP_get_order(EC_KEY_get0_group(key), order, bnctx) != 1)
1688     goto out;
1689     if (BN_num_bits(EC_KEY_get0_private_key(key)) <=
1690     BN_num_bits(order) / 2) {
1691     goto out;
1692     }
1693    
1694     /* private < order - 1 */
1695     if (!BN_sub(tmp, order, BN_value_one()))
1696     goto out;
1697     if (BN_cmp(EC_KEY_get0_private_key(key), tmp) >= 0) {
1698     goto out;
1699     }
1700     ret = 0;
1701    
1702     out:
1703     if (bnctx)
1704     BN_CTX_free(bnctx);
1705     return ret;
1706     }
1707    
1708     Key *key_private_deserialize(buffer_t *blob)
1709     {
1710     int success = 0;
1711     char *type_name = NULL;
1712     Key *k = NULL;
1713     unsigned int pklen, sklen;
1714     int type;
1715    
1716     type_name = buffer_get_string_msg(blob, NULL);
1717     if (type_name == NULL)
1718     goto error;
1719     type = get_keytype_from_name(type_name);
1720    
1721     k = key_new_private(type);
1722    
1723     switch (type) {
1724     case KEY_RSA:
1725     buffer_get_bignum2_msg(blob, k->rsa->n);
1726     buffer_get_bignum2_msg(blob, k->rsa->e);
1727     buffer_get_bignum2_msg(blob, k->rsa->d);
1728     buffer_get_bignum2_msg(blob, k->rsa->iqmp);
1729     buffer_get_bignum2_msg(blob, k->rsa->p);
1730     buffer_get_bignum2_msg(blob, k->rsa->q);
1731    
1732     /* Generate additional parameters */
1733     rsa_generate_additional_parameters(k->rsa);
1734     break;
1735    
1736     case KEY_DSA:
1737     buffer_get_bignum2_msg(blob, k->dsa->p);
1738     buffer_get_bignum2_msg(blob, k->dsa->q);
1739     buffer_get_bignum2_msg(blob, k->dsa->g);
1740     buffer_get_bignum2_msg(blob, k->dsa->pub_key);
1741     buffer_get_bignum2_msg(blob, k->dsa->priv_key);
1742     break;
1743    
1744     case KEY_ECDSA256:
1745     case KEY_ECDSA384:
1746     case KEY_ECDSA521:
1747     {
1748     int success = 0;
1749     unsigned int nid;
1750     char *curve = NULL;
1751     ssh_keytype skt;
1752     BIGNUM *exponent = NULL;
1753     EC_POINT *q = NULL;
1754    
1755     nid = keytype_to_cipher_nid(type);
1756     curve = buffer_get_string_msg(blob, NULL);
1757     skt = key_curve_name_to_keytype(curve);
1758     if (nid != keytype_to_cipher_nid(skt))
1759     goto ecdsa_error;
1760    
1761     k->ecdsa = EC_KEY_new_by_curve_name(nid);
1762     if (k->ecdsa == NULL)
1763     goto ecdsa_error;
1764    
1765     q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa));
1766     if (q == NULL)
1767     goto ecdsa_error;
1768    
1769     if ((exponent = BN_new()) == NULL)
1770     goto ecdsa_error;
1771     buffer_get_ecpoint_msg(blob,
1772     EC_KEY_get0_group(k->ecdsa), q);
1773     buffer_get_bignum2_msg(blob, exponent);
1774     if (EC_KEY_set_public_key(k->ecdsa, q) != 1)
1775     goto ecdsa_error;
1776     if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
1777     goto ecdsa_error;
1778     if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
1779     EC_KEY_get0_public_key(k->ecdsa)) != 0)
1780     goto ecdsa_error;
1781     if (key_ec_validate_private(k->ecdsa) != 0)
1782     goto ecdsa_error;
1783    
1784     success = 1;
1785    
1786     ecdsa_error:
1787     free(curve);
1788     if (exponent)
1789     BN_clear_free(exponent);
1790     if (q)
1791     EC_POINT_free(q);
1792     if (success == 0)
1793     goto error;
1794     }
1795     break;
1796    
1797     case KEY_ED25519:
1798     k->ed25519_pk = buffer_get_string_msg(blob, &pklen);
1799     k->ed25519_sk = buffer_get_string_msg(blob, &sklen);
1800     if (pklen != ED25519_PK_SZ)
1801     goto error;
1802     if (sklen != ED25519_SK_SZ)
1803     goto error;
1804     break;
1805    
1806     default:
1807     goto error;
1808     break;
1809     }
1810    
1811     /* enable blinding */
1812     switch (k->type) {
1813     case KEY_RSA1:
1814     case KEY_RSA:
1815     if (RSA_blinding_on(k->rsa, NULL) != 1)
1816     goto error;
1817     break;
1818     }
1819    
1820     success = 1;
1821    
1822     error:
1823     free(type_name);
1824    
1825     if (success == 0) {
1826     key_free(k);
1827     k = NULL;
1828     }
1829    
1830     return (k);
1831     }
1832 yutakapon 5838
1833    
1834     static void hostkeys_update_ctx_free(struct hostkeys_update_ctx *ctx)
1835     {
1836     size_t i;
1837    
1838     if (ctx == NULL)
1839     return;
1840     for (i = 0; i < ctx->nkeys; i++)
1841     key_free(ctx->keys[i]);
1842     free(ctx->keys);
1843     free(ctx->keys_seen);
1844     for (i = 0; i < ctx->nold; i++)
1845     key_free(ctx->old_keys[i]);
1846     free(ctx->old_keys);
1847     free(ctx->host_str);
1848     free(ctx->ip_str);
1849     free(ctx);
1850     }
1851    
1852 yutakapon 5841
1853     // �����������z�X�g���A���S���Y�������`�F�b�N�����B
1854 yutakapon 5838 //
1855 yutakapon 5841 // return 1: matched
1856     // 0: not matched
1857     //
1858     static int check_hostkey_algorithm(PTInstVar pvar, Key *key)
1859     {
1860     int ret = 0;
1861     int i, index;
1862    
1863     for (i = 0; pvar->settings.HostKeyOrder[i] != 0; i++) {
1864     index = pvar->settings.HostKeyOrder[i] - '0';
1865     if (index == KEY_NONE) // disabled line
1866     break;
1867    
1868     if (strcmp(get_sshname_from_key(key), get_ssh_keytype_name(index)) == 0)
1869     return 1;
1870     }
1871    
1872     return (ret);
1873     }
1874    
1875     //
1876 yutakapon 5838 // SSH�T�[�o�z�X�g��(known_hosts)�������X�V(OpenSSH 6.8 or later: host key rotation support)
1877     //
1878     // return 1: success
1879     // 0: fail
1880     //
1881     int update_client_input_hostkeys(PTInstVar pvar, char *dataptr, int datalen)
1882     {
1883     int success = 1; // OpenSSH 6.8�����������A�����������������������������������A
1884     // �������������� Tera Term �������������������������B
1885     int len;
1886 yutakapon 5843 size_t i;
1887 yutakapon 5838 char *cp, *fp;
1888     char msg[128];
1889     unsigned char *blob = NULL;
1890     buffer_t *b = NULL;
1891     struct hostkeys_update_ctx *ctx = NULL;
1892 yutakapon 5843 Key *key = NULL, **tmp;
1893 yutakapon 5838
1894 yutakapon 5839 // Tera Term���������A���Y�@�\���I���I�t�����������������������B
1895     if (pvar->settings.UpdateHostkeys == 0) {
1896     _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Hostkey was not updated because ts.UpdateHostkeys is disabled.");
1897     notify_verbose_message(pvar, msg, LOG_LEVEL_VERBOSE);
1898 yutakapon 5843 return 1;
1899 yutakapon 5839 }
1900 yutakapon 5838
1901     ctx = calloc(1, sizeof(struct hostkeys_update_ctx));
1902     if (ctx == NULL)
1903     goto error;
1904    
1905     b = buffer_init();
1906     if (b == NULL)
1907     goto error;
1908    
1909     cp = buffer_append_space(b, datalen);
1910     memcpy(cp, dataptr, datalen);
1911    
1912     while (buffer_remain_len(b) > 0) {
1913     key_free(key);
1914     key = NULL;
1915    
1916     blob = buffer_get_string_msg(b, &len);
1917     key = key_from_blob(blob, len);
1918     if (key == NULL) {
1919 yutakapon 5841 _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Not found host key into blob %p (%d)", blob, len);
1920 yutakapon 5843 notify_verbose_message(pvar, msg, LOG_LEVEL_ERROR);
1921 yutakapon 5838 goto error;
1922     }
1923     free(blob);
1924     blob = NULL;
1925    
1926     fp = key_fingerprint(key, SSH_FP_HEX);
1927 yutakapon 5841 _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Received %s host key %s",
1928 yutakapon 5838 get_sshname_from_key(key), fp);
1929     notify_verbose_message(pvar, msg, LOG_LEVEL_VERBOSE);
1930     free(fp);
1931 yutakapon 5841
1932     // �����������z�X�g�L�[�A���S���Y�������`�F�b�N�����B
1933     if (check_hostkey_algorithm(pvar, key) == 0) {
1934     _snprintf_s(msg, sizeof(msg), _TRUNCATE, "%s host key is not permitted by ts.HostKeyOrder",
1935     get_sshname_from_key(key));
1936     notify_verbose_message(pvar, msg, LOG_LEVEL_VERBOSE);
1937     continue;
1938     }
1939    
1940 yutakapon 5843 // Skip certs: Tera Term�����������F�������T�|�[�g�B
1941 yutakapon 5841
1942 yutakapon 5843 // �d�������L�[�����M�������G���[�������B
1943     for (i = 0; i < ctx->nkeys; i++) {
1944     if (HOSTS_compare_public_key(key, ctx->keys[i]) == 1) {
1945     _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Received duplicated %s host key",
1946     get_sshname_from_key(key));
1947     notify_verbose_message(pvar, msg, LOG_LEVEL_ERROR);
1948     goto error;
1949     }
1950     }
1951    
1952     // �L�[���o�^�����B
1953     tmp = realloc(ctx->keys, (ctx->nkeys + 1)*sizeof(*ctx->keys));
1954     if (tmp == NULL) {
1955     _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Not memory: realloc ctx->keys %d",
1956     ctx->nkeys);
1957     notify_verbose_message(pvar, msg, LOG_LEVEL_FATAL);
1958     goto error;
1959     }
1960     ctx->keys = tmp;
1961     ctx->keys[ctx->nkeys++] = key;
1962     key = NULL;
1963 yutakapon 5838 }
1964    
1965 yutakapon 5843 if (ctx->nkeys == 0) {
1966     _snprintf_s(msg, sizeof(msg), _TRUNCATE, "No host rotation key");
1967     notify_verbose_message(pvar, msg, LOG_LEVEL_VERBOSE);
1968     goto error;
1969     }
1970    
1971 yutakapon 5846 //HOSTS_hostkey_foreach(pvar, NULL, ctx);
1972    
1973 yutakapon 5838 success = 1;
1974    
1975     error:
1976     buffer_free(b);
1977     hostkeys_update_ctx_free(ctx);
1978     free(blob);
1979    
1980     return (success);
1981     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help