| 26 |
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 27 |
*/ |
*/ |
| 28 |
|
|
|
#include "ttxssh.h" |
|
| 29 |
#include "key.h" |
#include "key.h" |
| 30 |
|
#include "kex.h" |
| 31 |
|
|
| 32 |
#include <openssl/rsa.h> |
#include <openssl/rsa.h> |
| 33 |
#include <openssl/dsa.h> |
#include <openssl/dsa.h> |
| 34 |
|
#include <openssl/ecdsa.h> |
| 35 |
|
|
| 36 |
#define INTBLOB_LEN 20 |
#define INTBLOB_LEN 20 |
| 37 |
#define SIGBLOB_LEN (2*INTBLOB_LEN) |
#define SIGBLOB_LEN (2*INTBLOB_LEN) |
| 288 |
return ret; |
return ret; |
| 289 |
} |
} |
| 290 |
|
|
| 291 |
|
int ssh_ecdsa_verify(EC_KEY *key, enum ssh_keytype keytype, |
| 292 |
|
u_char *signature, u_int signaturelen, |
| 293 |
|
u_char *data, u_int datalen) |
| 294 |
|
{ |
| 295 |
|
ECDSA_SIG *sig; |
| 296 |
|
const EVP_MD *evp_md; |
| 297 |
|
EVP_MD_CTX md; |
| 298 |
|
unsigned char digest[EVP_MAX_MD_SIZE], *sigblob; |
| 299 |
|
unsigned int len, dlen; |
| 300 |
|
int ret, nid = NID_undef; |
| 301 |
|
char *ptr; |
| 302 |
|
|
| 303 |
|
OpenSSL_add_all_digests(); |
| 304 |
|
|
| 305 |
|
if (key == NULL) { |
| 306 |
|
return -2; |
| 307 |
|
} |
| 308 |
|
|
| 309 |
|
ptr = signature; |
| 310 |
|
|
| 311 |
|
len = get_uint32_MSBfirst(ptr); |
| 312 |
|
ptr += 4; |
| 313 |
|
if (strncmp(get_sshname_from_keytype(keytype), ptr, len) != 0) { |
| 314 |
|
return -3; |
| 315 |
|
} |
| 316 |
|
ptr += len; |
| 317 |
|
|
| 318 |
|
len = get_uint32_MSBfirst(ptr); |
| 319 |
|
ptr += 4; |
| 320 |
|
sigblob = ptr; |
| 321 |
|
ptr += len; |
| 322 |
|
|
| 323 |
|
/* parse signature */ |
| 324 |
|
if ((sig = ECDSA_SIG_new()) == NULL) |
| 325 |
|
return -4; |
| 326 |
|
if ((sig->r = BN_new()) == NULL) |
| 327 |
|
return -5; |
| 328 |
|
if ((sig->s = BN_new()) == NULL) |
| 329 |
|
return -6; |
| 330 |
|
|
| 331 |
|
buffer_get_bignum2(&sigblob, sig->r); |
| 332 |
|
buffer_get_bignum2(&sigblob, sig->s); |
| 333 |
|
if (sigblob != ptr) { |
| 334 |
|
return -7; |
| 335 |
|
} |
| 336 |
|
|
| 337 |
|
/* hash the data */ |
| 338 |
|
switch (keytype) { |
| 339 |
|
case KEY_ECDSA256: |
| 340 |
|
nid = NID_sha256; |
| 341 |
|
break; |
| 342 |
|
case KEY_ECDSA384: |
| 343 |
|
nid = NID_sha384; |
| 344 |
|
break; |
| 345 |
|
case KEY_ECDSA521: |
| 346 |
|
nid = NID_sha512; |
| 347 |
|
break; |
| 348 |
|
} |
| 349 |
|
if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
| 350 |
|
return -8; |
| 351 |
|
} |
| 352 |
|
EVP_DigestInit(&md, evp_md); |
| 353 |
|
EVP_DigestUpdate(&md, data, datalen); |
| 354 |
|
EVP_DigestFinal(&md, digest, &dlen); |
| 355 |
|
|
| 356 |
|
ret = ECDSA_do_verify(digest, dlen, sig, key); |
| 357 |
|
memset(digest, 'd', sizeof(digest)); |
| 358 |
|
|
| 359 |
|
ECDSA_SIG_free(sig); |
| 360 |
|
|
| 361 |
|
return ret; |
| 362 |
|
} |
| 363 |
|
|
| 364 |
int key_verify(Key *key, |
int key_verify(Key *key, |
| 365 |
unsigned char *signature, unsigned int signaturelen, |
unsigned char *signature, unsigned int signaturelen, |
| 366 |
unsigned char *data, unsigned int datalen) |
unsigned char *data, unsigned int datalen) |
| 367 |
{ |
{ |
| 368 |
int ret = 0; |
int ret = 0; |
| 369 |
|
|
| 370 |
if (key->type == KEY_RSA) { |
switch (key->type) { |
| 371 |
|
case KEY_RSA: |
| 372 |
ret = ssh_rsa_verify(key->rsa, signature, signaturelen, data, datalen); |
ret = ssh_rsa_verify(key->rsa, signature, signaturelen, data, datalen); |
| 373 |
|
break; |
| 374 |
} |
case KEY_DSA: |
|
else if (key->type == KEY_DSA) { |
|
| 375 |
ret = ssh_dss_verify(key->dsa, signature, signaturelen, data, datalen); |
ret = ssh_dss_verify(key->dsa, signature, signaturelen, data, datalen); |
| 376 |
|
break; |
| 377 |
} |
case KEY_ECDSA256: |
| 378 |
else { |
case KEY_ECDSA384: |
| 379 |
|
case KEY_ECDSA521: |
| 380 |
|
ret = ssh_ecdsa_verify(key->ecdsa, key->type, signature, signaturelen, data, datalen); |
| 381 |
|
break; |
| 382 |
|
default: |
| 383 |
return -1; |
return -1; |
| 384 |
} |
} |
| 385 |
|
|
| 477 |
|
|
| 478 |
case KEY_DSA: |
case KEY_DSA: |
| 479 |
case KEY_RSA: |
case KEY_RSA: |
| 480 |
|
case KEY_ECDSA256: |
| 481 |
|
case KEY_ECDSA384: |
| 482 |
|
case KEY_ECDSA521: |
| 483 |
key_to_blob(k, &blob, &len); |
key_to_blob(k, &blob, &len); |
| 484 |
break; |
break; |
| 485 |
|
|
| 519 |
return "RSA"; |
return "RSA"; |
| 520 |
case KEY_DSA: |
case KEY_DSA: |
| 521 |
return "DSA"; |
return "DSA"; |
| 522 |
|
case KEY_ECDSA256: |
| 523 |
|
case KEY_ECDSA384: |
| 524 |
|
case KEY_ECDSA521: |
| 525 |
|
return "ECDSA"; |
| 526 |
} |
} |
| 527 |
return "unknown"; |
return "unknown"; |
| 528 |
} |
} |
| 538 |
return BN_num_bits(k->rsa->n); |
return BN_num_bits(k->rsa->n); |
| 539 |
case KEY_DSA: |
case KEY_DSA: |
| 540 |
return BN_num_bits(k->dsa->p); |
return BN_num_bits(k->dsa->p); |
| 541 |
|
case KEY_ECDSA256: |
| 542 |
|
return 256; |
| 543 |
|
case KEY_ECDSA384: |
| 544 |
|
return 384; |
| 545 |
|
case KEY_ECDSA521: |
| 546 |
|
return 521; |
| 547 |
} |
} |
| 548 |
return 0; |
return 0; |
| 549 |
} |
} |
| 678 |
// |
// |
| 679 |
void key_free(Key *key) |
void key_free(Key *key) |
| 680 |
{ |
{ |
| 681 |
|
if (key == NULL) { |
| 682 |
|
return; |
| 683 |
|
} |
| 684 |
|
|
| 685 |
switch (key->type) { |
switch (key->type) { |
| 686 |
case KEY_RSA1: |
case KEY_RSA1: |
| 687 |
case KEY_RSA: |
case KEY_RSA: |
| 695 |
DSA_free(key->dsa); |
DSA_free(key->dsa); |
| 696 |
key->dsa = NULL; |
key->dsa = NULL; |
| 697 |
break; |
break; |
| 698 |
|
|
| 699 |
|
case KEY_ECDSA256: |
| 700 |
|
case KEY_ECDSA384: |
| 701 |
|
case KEY_ECDSA521: |
| 702 |
|
if (key->ecdsa != NULL) |
| 703 |
|
EC_KEY_free(key->ecdsa); |
| 704 |
|
key->ecdsa = NULL; |
| 705 |
|
break; |
| 706 |
} |
} |
| 707 |
free(key); |
free(key); |
| 708 |
} |
} |
| 710 |
// |
// |
| 711 |
// キーから文字列を返却する |
// キーから文字列を返却する |
| 712 |
// |
// |
| 713 |
char *get_sshname_from_key(Key *key) |
char *get_sshname_from_keytype(enum ssh_keytype type) |
| 714 |
{ |
{ |
| 715 |
if (key->type == KEY_RSA) { |
if (type == KEY_RSA) { |
| 716 |
return "ssh-rsa"; |
return "ssh-rsa"; |
| 717 |
} else if (key->type == KEY_DSA) { |
} else if (type == KEY_DSA) { |
| 718 |
return "ssh-dss"; |
return "ssh-dss"; |
| 719 |
|
} else if (type == KEY_ECDSA256) { |
| 720 |
|
return "ecdsa-sha2-nistp256"; |
| 721 |
|
} else if (type == KEY_ECDSA384) { |
| 722 |
|
return "ecdsa-sha2-nistp384"; |
| 723 |
|
} else if (type == KEY_ECDSA521) { |
| 724 |
|
return "ecdsa-sha2-nistp521"; |
| 725 |
} else { |
} else { |
| 726 |
return "ssh-unknown"; |
return "ssh-unknown"; |
| 727 |
} |
} |
| 728 |
} |
} |
| 729 |
|
char *get_sshname_from_key(Key *key) |
| 730 |
|
{ |
| 731 |
|
return get_sshname_from_keytype(key->type); |
| 732 |
|
} |
| 733 |
|
|
| 734 |
// |
// |
| 735 |
// キー文字列から種別を判定する |
// キー文字列から種別を判定する |
| 746 |
return KEY_RSA; |
return KEY_RSA; |
| 747 |
} else if (strcmp(name, "ssh-dss") == 0) { |
} else if (strcmp(name, "ssh-dss") == 0) { |
| 748 |
return KEY_DSA; |
return KEY_DSA; |
| 749 |
|
} else if (strcmp(name, "ecdsa-sha2-nistp256") == 0) { |
| 750 |
|
return KEY_ECDSA256; |
| 751 |
|
} else if (strcmp(name, "ecdsa-sha2-nistp384") == 0) { |
| 752 |
|
return KEY_ECDSA384; |
| 753 |
|
} else if (strcmp(name, "ecdsa-sha2-nistp521") == 0) { |
| 754 |
|
return KEY_ECDSA521; |
| 755 |
} |
} |
| 756 |
return KEY_UNSPEC; |
return KEY_UNSPEC; |
| 757 |
} |
} |
| 758 |
|
|
| 759 |
|
|
| 760 |
|
enum ssh_keytype key_curve_name_to_keytype(char *name) |
| 761 |
|
{ |
| 762 |
|
if (strcmp(name, "nistp256") == 0) { |
| 763 |
|
return KEY_ECDSA256; |
| 764 |
|
} else if (strcmp(name, "nistp384") == 0) { |
| 765 |
|
return KEY_ECDSA384; |
| 766 |
|
} else if (strcmp(name, "nistp521") == 0) { |
| 767 |
|
return KEY_ECDSA521; |
| 768 |
|
} |
| 769 |
|
return KEY_UNSPEC; |
| 770 |
|
} |
| 771 |
|
|
| 772 |
|
char *curve_keytype_to_name(enum ssh_keytype type) |
| 773 |
|
{ |
| 774 |
|
switch (type) { |
| 775 |
|
case KEY_ECDSA256: |
| 776 |
|
return "nistp256"; |
| 777 |
|
break; |
| 778 |
|
case KEY_ECDSA384: |
| 779 |
|
return "nistp384"; |
| 780 |
|
break; |
| 781 |
|
case KEY_ECDSA521: |
| 782 |
|
return "nistp521"; |
| 783 |
|
break; |
| 784 |
|
} |
| 785 |
|
return NULL; |
| 786 |
|
} |
| 787 |
|
|
| 788 |
// |
// |
| 789 |
// キー情報からバッファへ変換する (for SSH2) |
// キー情報からバッファへ変換する (for SSH2) |
| 790 |
// NOTE: |
// NOTE: |
| 792 |
int key_to_blob(Key *key, char **blobp, int *lenp) |
int key_to_blob(Key *key, char **blobp, int *lenp) |
| 793 |
{ |
{ |
| 794 |
buffer_t *b; |
buffer_t *b; |
| 795 |
char *sshname; |
char *sshname, *tmp; |
| 796 |
int len; |
int len; |
| 797 |
int ret = 1; // success |
int ret = 1; // success |
| 798 |
|
|
| 799 |
b = buffer_init(); |
b = buffer_init(); |
| 800 |
sshname = get_sshname_from_key(key); |
sshname = get_sshname_from_key(key); |
| 801 |
|
|
| 802 |
if (key->type == KEY_RSA) { |
switch (key->type) { |
| 803 |
|
case KEY_RSA: |
| 804 |
buffer_put_string(b, sshname, strlen(sshname)); |
buffer_put_string(b, sshname, strlen(sshname)); |
| 805 |
buffer_put_bignum2(b, key->rsa->e); |
buffer_put_bignum2(b, key->rsa->e); |
| 806 |
buffer_put_bignum2(b, key->rsa->n); |
buffer_put_bignum2(b, key->rsa->n); |
| 807 |
|
break; |
| 808 |
} else if (key->type == KEY_DSA) { |
case KEY_DSA: |
| 809 |
buffer_put_string(b, sshname, strlen(sshname)); |
buffer_put_string(b, sshname, strlen(sshname)); |
| 810 |
buffer_put_bignum2(b, key->dsa->p); |
buffer_put_bignum2(b, key->dsa->p); |
| 811 |
buffer_put_bignum2(b, key->dsa->q); |
buffer_put_bignum2(b, key->dsa->q); |
| 812 |
buffer_put_bignum2(b, key->dsa->g); |
buffer_put_bignum2(b, key->dsa->g); |
| 813 |
buffer_put_bignum2(b, key->dsa->pub_key); |
buffer_put_bignum2(b, key->dsa->pub_key); |
| 814 |
|
break; |
| 815 |
|
case KEY_ECDSA256: |
| 816 |
|
case KEY_ECDSA384: |
| 817 |
|
case KEY_ECDSA521: |
| 818 |
|
buffer_put_string(b, sshname, strlen(sshname)); |
| 819 |
|
tmp = curve_keytype_to_name(key->type); |
| 820 |
|
buffer_put_string(b, tmp, strlen(tmp)); |
| 821 |
|
buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa), |
| 822 |
|
EC_KEY_get0_public_key(key->ecdsa)); |
| 823 |
|
break; |
| 824 |
|
|
| 825 |
} else { |
default: |
| 826 |
ret = 0; |
ret = 0; |
| 827 |
goto error; |
goto error; |
|
|
|
| 828 |
} |
} |
| 829 |
|
|
| 830 |
len = buffer_len(b); |
len = buffer_len(b); |
| 856 |
char key[128]; |
char key[128]; |
| 857 |
RSA *rsa = NULL; |
RSA *rsa = NULL; |
| 858 |
DSA *dsa = NULL; |
DSA *dsa = NULL; |
| 859 |
|
EC_KEY *ecdsa = NULL; |
| 860 |
|
EC_POINT *q = NULL; |
| 861 |
|
char *curve = NULL; |
| 862 |
Key *hostkey; // hostkey |
Key *hostkey; // hostkey |
| 863 |
enum ssh_keytype type; |
enum ssh_keytype type; |
| 864 |
|
|
| 879 |
|
|
| 880 |
type = get_keytype_from_name(key); |
type = get_keytype_from_name(key); |
| 881 |
|
|
| 882 |
if (type == KEY_RSA) { // RSA key |
switch (type) { |
| 883 |
|
case KEY_RSA: // RSA key |
| 884 |
rsa = RSA_new(); |
rsa = RSA_new(); |
| 885 |
if (rsa == NULL) { |
if (rsa == NULL) { |
| 886 |
goto error; |
goto error; |
| 896 |
|
|
| 897 |
hostkey->type = type; |
hostkey->type = type; |
| 898 |
hostkey->rsa = rsa; |
hostkey->rsa = rsa; |
| 899 |
|
break; |
| 900 |
|
|
| 901 |
} |
case KEY_DSA: // DSA key |
|
else if (type == KEY_DSA) { // DSA key |
|
| 902 |
dsa = DSA_new(); |
dsa = DSA_new(); |
| 903 |
if (dsa == NULL) { |
if (dsa == NULL) { |
| 904 |
goto error; |
goto error; |
| 921 |
|
|
| 922 |
hostkey->type = type; |
hostkey->type = type; |
| 923 |
hostkey->dsa = dsa; |
hostkey->dsa = dsa; |
| 924 |
|
break; |
| 925 |
|
|
| 926 |
} else { |
case KEY_ECDSA256: // ECDSA |
| 927 |
// unknown key |
case KEY_ECDSA384: |
| 928 |
goto error; |
case KEY_ECDSA521: |
| 929 |
|
curve = buffer_get_string(&data, NULL); |
| 930 |
|
if (type != key_curve_name_to_keytype(curve)) { |
| 931 |
|
goto error; |
| 932 |
|
} |
| 933 |
|
|
| 934 |
|
switch (type) { |
| 935 |
|
case KEY_ECDSA256: |
| 936 |
|
ecdsa = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); |
| 937 |
|
break; |
| 938 |
|
case KEY_ECDSA384: |
| 939 |
|
ecdsa = EC_KEY_new_by_curve_name(NID_secp384r1); |
| 940 |
|
break; |
| 941 |
|
case KEY_ECDSA521: |
| 942 |
|
ecdsa = EC_KEY_new_by_curve_name(NID_secp521r1); |
| 943 |
|
break; |
| 944 |
|
default: |
| 945 |
|
goto error; |
| 946 |
|
} |
| 947 |
|
if (ecdsa == NULL) { |
| 948 |
|
goto error; |
| 949 |
|
} |
| 950 |
|
|
| 951 |
|
q = EC_POINT_new(EC_KEY_get0_group(ecdsa)); |
| 952 |
|
if (q == NULL) { |
| 953 |
|
goto error; |
| 954 |
|
} |
| 955 |
|
|
| 956 |
|
buffer_get_ecpoint(&data, EC_KEY_get0_group(ecdsa), q); |
| 957 |
|
if (key_ec_validate_public(EC_KEY_get0_group(ecdsa), q) == -1) { |
| 958 |
|
goto error; |
| 959 |
|
} |
| 960 |
|
|
| 961 |
|
if (EC_KEY_set_public_key(ecdsa, q) != 1) { |
| 962 |
|
goto error; |
| 963 |
|
} |
| 964 |
|
|
| 965 |
|
hostkey->type = type; |
| 966 |
|
hostkey->ecdsa = ecdsa; |
| 967 |
|
break; |
| 968 |
|
|
| 969 |
|
default: // unknown key |
| 970 |
|
goto error; |
| 971 |
} |
} |
| 972 |
|
|
| 973 |
return (hostkey); |
return (hostkey); |
| 977 |
RSA_free(rsa); |
RSA_free(rsa); |
| 978 |
if (dsa != NULL) |
if (dsa != NULL) |
| 979 |
DSA_free(dsa); |
DSA_free(dsa); |
| 980 |
|
if (ecdsa != NULL) |
| 981 |
|
EC_KEY_free(ecdsa); |
| 982 |
|
|
| 983 |
return NULL; |
return NULL; |
| 984 |
} |
} |
Tera Term
Parent Directory
Revision Log
Patch