Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/key.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/key.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 5545 - (show annotations) (download) (as text)
Mon Mar 17 16:06:58 2014 UTC (10 years ago) by yutakapon
Original Path: trunk/ttssh2/ttxssh/key.c
File MIME type: text/x-csrc
File size: 39489 byte(s) 
チケット #33263
Curve25519楕円曲線DH(Diffe Hellman)アルゴリズムを使った鍵交換をサポートした。

svn+ssh://svn.sourceforge.jp/svnroot/ttssh2/branches/ssh_ed25519
ブランチからマージ。

現時点でサポートしている機能は下記の通り。

 ・Key Generatorで ED25519 鍵の作成
 ・Key Generatorで RSA/DSA/ECDSA 秘密鍵ファイルに bcrypt KDF を選択可能。
 ・ED25519 による公開鍵認証ログイン
 ・RSA(bcrypt KDF) による公開鍵認証ログイン
 ・DSA(bcrypt KDF) による公開鍵認証ログイン
 ・ECDSA(bcrypt KDF) による公開鍵認証ログイン
 ・Host Keyに ssh-ed25519 のサポート
1 /*
2 Copyright (c) 2011, TeraTerm Project
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #include "key.h"
30 #include "kex.h"
31
32 #include <openssl/rsa.h>
33 #include <openssl/dsa.h>
34 #include <openssl/ecdsa.h>
35
36 #define INTBLOB_LEN 20
37 #define SIGBLOB_LEN (2*INTBLOB_LEN)
38
39 //////////////////////////////////////////////////////////////////////////////
40 //
41 // Key verify function
42 //
43 //////////////////////////////////////////////////////////////////////////////
44
45 //
46 // DSS
47 //
48
49 int ssh_dss_verify(DSA *key,
50 u_char *signature, u_int signaturelen,
51 u_char *data, u_int datalen)
52 {
53 DSA_SIG *sig;
54 const EVP_MD *evp_md = EVP_sha1();
55 EVP_MD_CTX md;
56 unsigned char digest[EVP_MAX_MD_SIZE], *sigblob;
57 unsigned int len, dlen;
58 int ret;
59 char *ptr;
60
61 OpenSSL_add_all_digests();
62
63 if (key == NULL) {
64 return -2;
65 }
66
67 ptr = signature;
68
69 // step1
70 if (signaturelen == 0x28) {
71 // workaround for SSH-2.0-2.0* and SSH-2.0-2.1* (2006.11.18 maya)
72 ptr -= 4;
73 }
74 else {
75 len = get_uint32_MSBfirst(ptr);
76 ptr += 4;
77 if (strncmp("ssh-dss", ptr, len) != 0) {
78 return -3;
79 }
80 ptr += len;
81 }
82
83 // step2
84 len = get_uint32_MSBfirst(ptr);
85 ptr += 4;
86 sigblob = ptr;
87 ptr += len;
88
89 if (len != SIGBLOB_LEN) {
90 return -4;
91 }
92
93 /* parse signature */
94 if ((sig = DSA_SIG_new()) == NULL)
95 return -5;
96 if ((sig->r = BN_new()) == NULL)
97 return -6;
98 if ((sig->s = BN_new()) == NULL)
99 return -7;
100 BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);
101 BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
102
103 /* sha1 the data */
104 EVP_DigestInit(&md, evp_md);
105 EVP_DigestUpdate(&md, data, datalen);
106 EVP_DigestFinal(&md, digest, &dlen);
107
108 ret = DSA_do_verify(digest, dlen, sig, key);
109 memset(digest, 'd', sizeof(digest));
110
111 DSA_SIG_free(sig);
112
113 return ret;
114 }
115
116
117 //
118 // RSA
119 //
120
121 /*
122 * See:
123 * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/
124 * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn
125 */
126 /*
127 * id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
128 * oiw(14) secsig(3) algorithms(2) 26 }
129 */
130 static const u_char id_sha1[] = {
131 0x30, 0x21, /* type Sequence, length 0x21 (33) */
132 0x30, 0x09, /* type Sequence, length 0x09 */
133 0x06, 0x05, /* type OID, length 0x05 */
134 0x2b, 0x0e, 0x03, 0x02, 0x1a, /* id-sha1 OID */
135 0x05, 0x00, /* NULL */
136 0x04, 0x14 /* Octet string, length 0x14 (20), followed by sha1 hash */
137 };
138 /*
139 * id-md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
140 * rsadsi(113549) digestAlgorithm(2) 5 }
141 */
142 static const u_char id_md5[] = {
143 0x30, 0x20, /* type Sequence, length 0x20 (32) */
144 0x30, 0x0c, /* type Sequence, length 0x09 */
145 0x06, 0x08, /* type OID, length 0x05 */
146 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, /* id-md5 */
147 0x05, 0x00, /* NULL */
148 0x04, 0x10 /* Octet string, length 0x10 (16), followed by md5 hash */
149 };
150
151 static int openssh_RSA_verify(int type, u_char *hash, u_int hashlen,
152 u_char *sigbuf, u_int siglen, RSA *rsa)
153 {
154 u_int ret, rsasize, oidlen = 0, hlen = 0;
155 int len;
156 const u_char *oid = NULL;
157 u_char *decrypted = NULL;
158
159 ret = 0;
160 switch (type) {
161 case NID_sha1:
162 oid = id_sha1;
163 oidlen = sizeof(id_sha1);
164 hlen = 20;
165 break;
166 case NID_md5:
167 oid = id_md5;
168 oidlen = sizeof(id_md5);
169 hlen = 16;
170 break;
171 default:
172 goto done;
173 break;
174 }
175 if (hashlen != hlen) {
176 //error("bad hashlen");
177 goto done;
178 }
179 rsasize = RSA_size(rsa);
180 if (siglen == 0 || siglen > rsasize) {
181 //error("bad siglen");
182 goto done;
183 }
184 decrypted = malloc(rsasize);
185 if (decrypted == NULL)
186 return 1; // error
187
188 if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa,
189 RSA_PKCS1_PADDING)) < 0) {
190 //error("RSA_public_decrypt failed: %s",
191 // ERR_error_string(ERR_get_error(), NULL));
192 goto done;
193 }
194 if (len != hlen + oidlen) {
195 //error("bad decrypted len: %d != %d + %d", len, hlen, oidlen);
196 goto done;
197 }
198 if (memcmp(decrypted, oid, oidlen) != 0) {
199 //error("oid mismatch");
200 goto done;
201 }
202 if (memcmp(decrypted + oidlen, hash, hlen) != 0) {
203 //error("hash mismatch");
204 goto done;
205 }
206 ret = 1;
207 done:
208 if (decrypted)
209 free(decrypted);
210 return ret;
211 }
212
213 int ssh_rsa_verify(RSA *key,
214 u_char *signature, u_int signaturelen,
215 u_char *data, u_int datalen)
216 {
217 const EVP_MD *evp_md;
218 EVP_MD_CTX md;
219 // char *ktype;
220 u_char digest[EVP_MAX_MD_SIZE], *sigblob;
221 u_int len, dlen, modlen;
222 // int rlen, ret, nid;
223 int ret, nid;
224 char *ptr;
225
226 OpenSSL_add_all_digests();
227
228 if (key == NULL) {
229 return -2;
230 }
231 if (BN_num_bits(key->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
232 return -3;
233 }
234 //debug_print(41, signature, signaturelen);
235 ptr = signature;
236
237 // step1
238 len = get_uint32_MSBfirst(ptr);
239 ptr += 4;
240 if (strncmp("ssh-rsa", ptr, len) != 0) {
241 return -4;
242 }
243 ptr += len;
244
245 // step2
246 len = get_uint32_MSBfirst(ptr);
247 ptr += 4;
248 sigblob = ptr;
249 ptr += len;
250 #if 0
251 rlen = get_uint32_MSBfirst(ptr);
252 if (rlen != 0) {
253 return -1;
254 }
255 #endif
256
257 /* RSA_verify expects a signature of RSA_size */
258 modlen = RSA_size(key);
259 if (len > modlen) {
260 return -5;
261
262 } else if (len < modlen) {
263 u_int diff = modlen - len;
264 sigblob = realloc(sigblob, modlen);
265 memmove(sigblob + diff, sigblob, len);
266 memset(sigblob, 0, diff);
267 len = modlen;
268 }
269
270 /* sha1 the data */
271 // nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1;
272 nid = NID_sha1;
273 if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
274 //error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid);
275 return -6;
276 }
277 EVP_DigestInit(&md, evp_md);
278 EVP_DigestUpdate(&md, data, datalen);
279 EVP_DigestFinal(&md, digest, &dlen);
280
281 ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key);
282
283 memset(digest, 'd', sizeof(digest));
284 memset(sigblob, 's', len);
285 //free(sigblob);
286 //debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
287
288 return ret;
289 }
290
291 int ssh_ecdsa_verify(EC_KEY *key, ssh_keytype keytype,
292 u_char *signature, u_int signaturelen,
293 u_char *data, u_int datalen)
294 {
295 ECDSA_SIG *sig;
296 const EVP_MD *evp_md;
297 EVP_MD_CTX md;
298 unsigned char digest[EVP_MAX_MD_SIZE], *sigblob;
299 unsigned int len, dlen;
300 int ret, nid = NID_undef;
301 char *ptr;
302
303 OpenSSL_add_all_digests();
304
305 if (key == NULL) {
306 return -2;
307 }
308
309 ptr = signature;
310
311 len = get_uint32_MSBfirst(ptr);
312 ptr += 4;
313 if (strncmp(get_ssh_keytype_name(keytype), ptr, len) != 0) {
314 return -3;
315 }
316 ptr += len;
317
318 len = get_uint32_MSBfirst(ptr);
319 ptr += 4;
320 sigblob = ptr;
321 ptr += len;
322
323 /* parse signature */
324 if ((sig = ECDSA_SIG_new()) == NULL)
325 return -4;
326 if ((sig->r = BN_new()) == NULL)
327 return -5;
328 if ((sig->s = BN_new()) == NULL)
329 return -6;
330
331 buffer_get_bignum2(&sigblob, sig->r);
332 buffer_get_bignum2(&sigblob, sig->s);
333 if (sigblob != ptr) {
334 return -7;
335 }
336
337 /* hash the data */
338 nid = keytype_to_hash_nid(keytype);
339 if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
340 return -8;
341 }
342 EVP_DigestInit(&md, evp_md);
343 EVP_DigestUpdate(&md, data, datalen);
344 EVP_DigestFinal(&md, digest, &dlen);
345
346 ret = ECDSA_do_verify(digest, dlen, sig, key);
347 memset(digest, 'd', sizeof(digest));
348
349 ECDSA_SIG_free(sig);
350
351 return ret;
352 }
353
354 static int ssh_ed25519_verify(Key *key, unsigned char *signature, unsigned int signaturelen,
355 unsigned char *data, unsigned int datalen)
356 {
357 buffer_t *b;
358 char *ktype = NULL;
359 unsigned char *sigblob = NULL, *sm = NULL, *m = NULL;
360 unsigned int len;
361 unsigned long long smlen, mlen;
362 int rlen, ret;
363 char *bptr;
364
365 ret = -1;
366 b = buffer_init();
367 if (b == NULL)
368 goto error;
369
370 buffer_append(b, signature, signaturelen);
371 bptr = buffer_ptr(b);
372 ktype = buffer_get_string(&bptr, NULL);
373 if (strcmp("ssh-ed25519", ktype) != 0) {
374 goto error;
375 }
376 sigblob = buffer_get_string(&bptr, &len);
377 rlen = buffer_remain_len(b);
378 if (rlen != 0) {
379 goto error;
380 }
381 if (len > crypto_sign_ed25519_BYTES) {
382 goto error;
383 }
384
385 smlen = len + datalen;
386 sm = malloc((size_t)smlen);
387 memcpy(sm, sigblob, len);
388 memcpy(sm+len, data, datalen);
389 mlen = smlen;
390 m = malloc((size_t)mlen);
391
392 if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
393 key->ed25519_pk)) != 0) {
394 //debug2("%s: crypto_sign_ed25519_open failed: %d",
395 // __func__, ret);
396 }
397 if (ret == 0 && mlen != datalen) {
398 //debug2("%s: crypto_sign_ed25519_open "
399 // "mlen != datalen (%llu != %u)", __func__, mlen, datalen);
400 ret = -1;
401 }
402 /* XXX compare 'm' and 'data' ? */
403
404 error:
405 buffer_free(b);
406 free(ktype);
407
408 if (sigblob) {
409 memset(sigblob, 's', len);
410 free(sigblob);
411 }
412 if (sm) {
413 memset(sm, 'S', (size_t)smlen);
414 free(sm);
415 }
416 if (m) {
417 memset(m, 'm', (size_t)smlen); /* NB. mlen may be invalid if ret != 0 */
418 free(m);
419 }
420
421 /* translate return code carefully */
422 return (ret == 0) ? 1 : -1;
423 }
424
425 int key_verify(Key *key,
426 unsigned char *signature, unsigned int signaturelen,
427 unsigned char *data, unsigned int datalen)
428 {
429 int ret = 0;
430
431 switch (key->type) {
432 case KEY_RSA:
433 ret = ssh_rsa_verify(key->rsa, signature, signaturelen, data, datalen);
434 break;
435 case KEY_DSA:
436 ret = ssh_dss_verify(key->dsa, signature, signaturelen, data, datalen);
437 break;
438 case KEY_ECDSA256:
439 case KEY_ECDSA384:
440 case KEY_ECDSA521:
441 ret = ssh_ecdsa_verify(key->ecdsa, key->type, signature, signaturelen, data, datalen);
442 break;
443 case KEY_ED25519:
444 ret = ssh_ed25519_verify(key, signature, signaturelen, data, datalen);
445 break;
446 default:
447 return -1;
448 }
449
450 return (ret); // success
451 }
452
453 //
454 // RSA�\����������
455 //
456 RSA *duplicate_RSA(RSA *src)
457 {
458 RSA *rsa = NULL;
459
460 rsa = RSA_new();
461 if (rsa == NULL)
462 goto error;
463 rsa->n = BN_new();
464 rsa->e = BN_new();
465 if (rsa->n == NULL || rsa->e == NULL) {
466 RSA_free(rsa);
467 goto error;
468 }
469
470 // �[���R�s�[(deep copy)���s���B�����R�s�[(shallow copy)��NG�B
471 BN_copy(rsa->n, src->n);
472 BN_copy(rsa->e, src->e);
473
474 error:
475 return (rsa);
476 }
477
478
479 //
480 // DSA�\����������
481 //
482 DSA *duplicate_DSA(DSA *src)
483 {
484 DSA *dsa = NULL;
485
486 dsa = DSA_new();
487 if (dsa == NULL)
488 goto error;
489 dsa->p = BN_new();
490 dsa->q = BN_new();
491 dsa->g = BN_new();
492 dsa->pub_key = BN_new();
493 if (dsa->p == NULL ||
494 dsa->q == NULL ||
495 dsa->g == NULL ||
496 dsa->pub_key == NULL) {
497 DSA_free(dsa);
498 goto error;
499 }
500
501 // �[���R�s�[(deep copy)���s���B�����R�s�[(shallow copy)��NG�B
502 BN_copy(dsa->p, src->p);
503 BN_copy(dsa->q, src->q);
504 BN_copy(dsa->g, src->g);
505 BN_copy(dsa->pub_key, src->pub_key);
506
507 error:
508 return (dsa);
509 }
510
511 unsigned char *duplicate_ED25519_PK(unsigned char *src)
512 {
513 unsigned char *ptr = NULL;
514
515 ptr = malloc(ED25519_PK_SZ);
516 if (ptr) {
517 memcpy(ptr, src, ED25519_PK_SZ);
518 }
519 return (ptr);
520 }
521
522
523 char* key_fingerprint_raw(Key *k, enum fp_type dgst_type, int *dgst_raw_length)
524 {
525 const EVP_MD *md = NULL;
526 EVP_MD_CTX ctx;
527 char *blob = NULL;
528 char *retval = NULL;
529 int len = 0;
530 int nlen, elen;
531 RSA *rsa;
532
533 *dgst_raw_length = 0;
534
535 switch (dgst_type) {
536 case SSH_FP_MD5:
537 md = EVP_md5();
538 break;
539 case SSH_FP_SHA1:
540 md = EVP_sha1();
541 break;
542 case SSH_FP_SHA256:
543 md = EVP_sha256();
544 break;
545 default:
546 md = EVP_md5();
547 }
548
549 switch (k->type) {
550 case KEY_RSA1:
551 rsa = make_key(NULL, k->bits, k->exp, k->mod);
552 nlen = BN_num_bytes(rsa->n);
553 elen = BN_num_bytes(rsa->e);
554 len = nlen + elen;
555 blob = malloc(len);
556 if (blob == NULL) {
557 // TODO:
558 }
559 BN_bn2bin(rsa->n, blob);
560 BN_bn2bin(rsa->e, blob + nlen);
561 RSA_free(rsa);
562 break;
563
564 case KEY_DSA:
565 case KEY_RSA:
566 case KEY_ECDSA256:
567 case KEY_ECDSA384:
568 case KEY_ECDSA521:
569 case KEY_ED25519:
570 key_to_blob(k, &blob, &len);
571 break;
572
573 case KEY_UNSPEC:
574 return retval;
575 break;
576
577 default:
578 //fatal("key_fingerprint_raw: bad key type %d", k->type);
579 break;
580 }
581
582 if (blob != NULL) {
583 retval = malloc(EVP_MAX_MD_SIZE);
584 if (retval == NULL) {
585 // TODO:
586 }
587 EVP_DigestInit(&ctx, md);
588 EVP_DigestUpdate(&ctx, blob, len);
589 EVP_DigestFinal(&ctx, retval, dgst_raw_length);
590 memset(blob, 0, len);
591 free(blob);
592 } else {
593 //fatal("key_fingerprint_raw: blob is null");
594 }
595 return retval;
596 }
597
598
599 const char *
600 ssh_key_type(const Key *k)
601 {
602 switch (k->type) {
603 case KEY_RSA1:
604 return "RSA1";
605 case KEY_RSA:
606 return "RSA";
607 case KEY_DSA:
608 return "DSA";
609 case KEY_ECDSA256:
610 case KEY_ECDSA384:
611 case KEY_ECDSA521:
612 return "ECDSA";
613 case KEY_ED25519:
614 return "ED25519";
615 }
616 return "unknown";
617 }
618
619 unsigned int
620 key_size(const Key *k)
621 {
622 switch (k->type) {
623 case KEY_RSA1:
624 // SSH1�������� key->rsa �� key->dsa �� NULL �����������A�g�������B
625 return k->bits;
626 case KEY_RSA:
627 return BN_num_bits(k->rsa->n);
628 case KEY_DSA:
629 return BN_num_bits(k->dsa->p);
630 case KEY_ECDSA256:
631 return 256;
632 case KEY_ECDSA384:
633 return 384;
634 case KEY_ECDSA521:
635 return 521;
636 case KEY_ED25519:
637 return 256; /* XXX */
638 }
639 return 0;
640 }
641
642 // based on OpenSSH 5.1
643 #define FLDBASE 8
644 #define FLDSIZE_Y (FLDBASE + 1)
645 #define FLDSIZE_X (FLDBASE * 2 + 1)
646 static char *
647 key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k)
648 {
649 /*
650 * Chars to be used after each other every time the worm
651 * intersects with itself. Matter of taste.
652 */
653 char *augmentation_string = " .o+=*BOX@%&#/^SE";
654 char *retval, *p;
655 unsigned char field[FLDSIZE_X][FLDSIZE_Y];
656 unsigned int i, b;
657 int x, y;
658 size_t len = strlen(augmentation_string) - 1;
659
660 retval = calloc(1, (FLDSIZE_X + 3 + 1) * (FLDSIZE_Y + 2));
661
662 /* initialize field */
663 memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char));
664 x = FLDSIZE_X / 2;
665 y = FLDSIZE_Y / 2;
666
667 /* process raw key */
668 for (i = 0; i < dgst_raw_len; i++) {
669 int input;
670 /* each byte conveys four 2-bit move commands */
671 input = dgst_raw[i];
672 for (b = 0; b < 4; b++) {
673 /* evaluate 2 bit, rest is shifted later */
674 x += (input & 0x1) ? 1 : -1;
675 y += (input & 0x2) ? 1 : -1;
676
677 /* assure we are still in bounds */
678 x = max(x, 0);
679 y = max(y, 0);
680 x = min(x, FLDSIZE_X - 1);
681 y = min(y, FLDSIZE_Y - 1);
682
683 /* augment the field */
684 field[x][y]++;
685 input = input >> 2;
686 }
687 }
688
689 /* mark starting point and end point*/
690 field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1;
691 field[x][y] = len;
692
693 /* fill in retval */
694 _snprintf_s(retval, FLDSIZE_X, _TRUNCATE, "+--[%4s %4u]", ssh_key_type(k), key_size(k));
695 p = strchr(retval, '\0');
696
697 /* output upper border */
698 for (i = p - retval - 1; i < FLDSIZE_X; i++)
699 *p++ = '-';
700 *p++ = '+';
701 *p++ = '\r';
702 *p++ = '\n';
703
704 /* output content */
705 for (y = 0; y < FLDSIZE_Y; y++) {
706 *p++ = '|';
707 for (x = 0; x < FLDSIZE_X; x++)
708 *p++ = augmentation_string[min(field[x][y], len)];
709 *p++ = '|';
710 *p++ = '\r';
711 *p++ = '\n';
712 }
713
714 /* output lower border */
715 *p++ = '+';
716 for (i = 0; i < FLDSIZE_X; i++)
717 *p++ = '-';
718 *p++ = '+';
719
720 return retval;
721 }
722 #undef FLDBASE
723 #undef FLDSIZE_Y
724 #undef FLDSIZE_X
725
726 //
727 // fingerprint�i�w���F�z�X�g���J�����n�b�V���j����������
728 //
729 char *key_fingerprint(Key *key, enum fp_rep dgst_rep)
730 {
731 char *retval = NULL;
732 unsigned char *dgst_raw;
733 int dgst_raw_len;
734 int i, retval_len;
735
736 // fingerprint���n�b�V���l�i�o�C�i���j��������
737 dgst_raw = key_fingerprint_raw(key, SSH_FP_MD5, &dgst_raw_len);
738
739 if (dgst_rep == SSH_FP_HEX) {
740 // 16�i�\�L����������
741 retval_len = dgst_raw_len * 3 + 1;
742 retval = malloc(retval_len);
743 retval[0] = '\0';
744 for (i = 0; i < dgst_raw_len; i++) {
745 char hex[4];
746 _snprintf_s(hex, sizeof(hex), _TRUNCATE, "%02x:", dgst_raw[i]);
747 strncat_s(retval, retval_len, hex, _TRUNCATE);
748 }
749
750 /* Remove the trailing ':' character */
751 retval[(dgst_raw_len * 3) - 1] = '\0';
752
753 } else if (dgst_rep == SSH_FP_RANDOMART) {
754 retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len, key);
755
756 } else {
757
758 }
759
760 memset(dgst_raw, 0, dgst_raw_len);
761 free(dgst_raw);
762
763 return (retval);
764 }
765
766 //
767 // �L�[�������������m��
768 //
769 static void key_add_private(Key *k)
770 {
771 switch (k->type) {
772 case KEY_RSA1:
773 case KEY_RSA:
774 k->rsa->d = BN_new();
775 k->rsa->iqmp = BN_new();
776 k->rsa->q = BN_new();
777 k->rsa->p = BN_new();
778 k->rsa->dmq1 = BN_new();
779 k->rsa->dmp1 = BN_new();
780 if (k->rsa->d == NULL || k->rsa->iqmp == NULL || k->rsa->q == NULL ||
781 k->rsa->p == NULL || k->rsa->dmq1 == NULL || k->rsa->dmp1 == NULL)
782 goto error;
783 break;
784
785 case KEY_DSA:
786 k->dsa->priv_key = BN_new();
787 if (k->dsa->priv_key == NULL)
788 goto error;
789 break;
790
791 case KEY_ECDSA256:
792 case KEY_ECDSA384:
793 case KEY_ECDSA521:
794 /* Cannot do anything until we know the group */
795 break;
796
797 case KEY_ED25519:
798 /* no need to prealloc */
799 break;
800
801 case KEY_UNSPEC:
802 break;
803
804 default:
805 goto error;
806 break;
807 }
808 return;
809
810 error:
811 if (k->rsa->d) {
812 BN_free(k->rsa->d);
813 k->rsa->d = NULL;
814 }
815 if (k->rsa->iqmp) {
816 BN_free(k->rsa->iqmp);
817 k->rsa->iqmp = NULL;
818 }
819 if (k->rsa->q) {
820 BN_free(k->rsa->q);
821 k->rsa->q = NULL;
822 }
823 if (k->rsa->p) {
824 BN_free(k->rsa->p);
825 k->rsa->p = NULL;
826 }
827 if (k->rsa->dmq1) {
828 BN_free(k->rsa->dmq1);
829 k->rsa->dmq1 = NULL;
830 }
831 if (k->rsa->dmp1) {
832 BN_free(k->rsa->dmp1);
833 k->rsa->dmp1 = NULL;
834 }
835
836
837 if (k->dsa->priv_key == NULL) {
838 BN_free(k->dsa->priv_key);
839 k->dsa->priv_key = NULL;
840 }
841
842 }
843
844 Key *key_new_private(int type)
845 {
846 Key *k = key_new(type);
847
848 key_add_private(k);
849 return (k);
850 }
851
852
853 Key *key_new(int type)
854 {
855 int success = 0;
856 Key *k = NULL;
857 RSA *rsa;
858 DSA *dsa;
859
860 k = calloc(1, sizeof(Key));
861 if (k == NULL)
862 goto error;
863 k->type = type;
864 k->ecdsa = NULL;
865 k->dsa = NULL;
866 k->rsa = NULL;
867 k->ed25519_pk = NULL;
868 k->ed25519_sk = NULL;
869
870 switch (k->type) {
871 case KEY_RSA1:
872 case KEY_RSA:
873 rsa = RSA_new();
874 if (rsa == NULL)
875 goto error;
876 rsa->n = BN_new();
877 rsa->e = BN_new();
878 if (rsa->n == NULL || rsa->e == NULL)
879 goto error;
880 k->rsa = rsa;
881 break;
882
883 case KEY_DSA:
884 dsa = DSA_new();
885 if (dsa == NULL)
886 goto error;
887 dsa->p = BN_new();
888 dsa->q = BN_new();
889 dsa->g = BN_new();
890 dsa->pub_key = BN_new();
891 if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL || dsa->pub_key == NULL)
892 goto error;
893 k->dsa = dsa;
894 break;
895
896 case KEY_ECDSA256:
897 case KEY_ECDSA384:
898 case KEY_ECDSA521:
899 /* Cannot do anything until we know the group */
900 break;
901
902 case KEY_ED25519:
903 /* no need to prealloc */
904 break;
905
906 case KEY_UNSPEC:
907 break;
908
909 default:
910 goto error;
911 break;
912 }
913 success = 1;
914
915 error:
916 if (success == 0) {
917 key_free(k);
918 k = NULL;
919 }
920 return (k);
921 }
922
923
924 //
925 // �L�[����������������
926 //
927 void key_free(Key *key)
928 {
929 if (key == NULL) {
930 return;
931 }
932
933 switch (key->type) {
934 case KEY_RSA1:
935 case KEY_RSA:
936 if (key->rsa != NULL)
937 RSA_free(key->rsa);
938 key->rsa = NULL;
939 break;
940
941 case KEY_DSA:
942 if (key->dsa != NULL)
943 DSA_free(key->dsa);
944 key->dsa = NULL;
945 break;
946
947 case KEY_ECDSA256:
948 case KEY_ECDSA384:
949 case KEY_ECDSA521:
950 if (key->ecdsa != NULL)
951 EC_KEY_free(key->ecdsa);
952 key->ecdsa = NULL;
953 break;
954
955 case KEY_ED25519:
956 if (key->ed25519_pk) {
957 memset(key->ed25519_pk, 0, ED25519_PK_SZ);
958 free(key->ed25519_pk);
959 key->ed25519_pk = NULL;
960 }
961 if (key->ed25519_sk) {
962 memset(key->ed25519_sk, 0, ED25519_SK_SZ);
963 free(key->ed25519_sk);
964 key->ed25519_sk = NULL;
965 }
966 break;
967 }
968 free(key);
969 }
970
971 //
972 // �L�[���������������p����
973 //
974 char *get_sshname_from_key(Key *key)
975 {
976 return get_ssh_keytype_name(key->type);
977 }
978
979 //
980 // �L�[������������������������
981 //
982 ssh_keytype get_keytype_from_name(char *name)
983 {
984 if (strcmp(name, "rsa1") == 0) {
985 return KEY_RSA1;
986 } else if (strcmp(name, "rsa") == 0) {
987 return KEY_RSA;
988 } else if (strcmp(name, "dsa") == 0) {
989 return KEY_DSA;
990 } else if (strcmp(name, "ssh-rsa") == 0) {
991 return KEY_RSA;
992 } else if (strcmp(name, "ssh-dss") == 0) {
993 return KEY_DSA;
994 } else if (strcmp(name, "ecdsa-sha2-nistp256") == 0) {
995 return KEY_ECDSA256;
996 } else if (strcmp(name, "ecdsa-sha2-nistp384") == 0) {
997 return KEY_ECDSA384;
998 } else if (strcmp(name, "ecdsa-sha2-nistp521") == 0) {
999 return KEY_ECDSA521;
1000 } else if (strcmp(name, "ssh-ed25519") == 0) {
1001 return KEY_ED25519;
1002 }
1003 return KEY_UNSPEC;
1004 }
1005
1006
1007 ssh_keytype key_curve_name_to_keytype(char *name)
1008 {
1009 if (strcmp(name, "nistp256") == 0) {
1010 return KEY_ECDSA256;
1011 } else if (strcmp(name, "nistp384") == 0) {
1012 return KEY_ECDSA384;
1013 } else if (strcmp(name, "nistp521") == 0) {
1014 return KEY_ECDSA521;
1015 }
1016 return KEY_UNSPEC;
1017 }
1018
1019 char *curve_keytype_to_name(ssh_keytype type)
1020 {
1021 switch (type) {
1022 case KEY_ECDSA256:
1023 return "nistp256";
1024 break;
1025 case KEY_ECDSA384:
1026 return "nistp384";
1027 break;
1028 case KEY_ECDSA521:
1029 return "nistp521";
1030 break;
1031 }
1032 return NULL;
1033 }
1034
1035 //
1036 // �L�[���������o�b�t�@���������� (for SSH2)
1037 // NOTE:
1038 //
1039 int key_to_blob(Key *key, char **blobp, int *lenp)
1040 {
1041 buffer_t *b;
1042 char *sshname, *tmp;
1043 int len;
1044 int ret = 1; // success
1045
1046 b = buffer_init();
1047 sshname = get_sshname_from_key(key);
1048
1049 switch (key->type) {
1050 case KEY_RSA:
1051 buffer_put_string(b, sshname, strlen(sshname));
1052 buffer_put_bignum2(b, key->rsa->e);
1053 buffer_put_bignum2(b, key->rsa->n);
1054 break;
1055 case KEY_DSA:
1056 buffer_put_string(b, sshname, strlen(sshname));
1057 buffer_put_bignum2(b, key->dsa->p);
1058 buffer_put_bignum2(b, key->dsa->q);
1059 buffer_put_bignum2(b, key->dsa->g);
1060 buffer_put_bignum2(b, key->dsa->pub_key);
1061 break;
1062 case KEY_ECDSA256:
1063 case KEY_ECDSA384:
1064 case KEY_ECDSA521:
1065 buffer_put_string(b, sshname, strlen(sshname));
1066 tmp = curve_keytype_to_name(key->type);
1067 buffer_put_string(b, tmp, strlen(tmp));
1068 buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa),
1069 EC_KEY_get0_public_key(key->ecdsa));
1070 break;
1071 case KEY_ED25519:
1072 buffer_put_cstring(b, sshname);
1073 buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ);
1074 break;
1075
1076 default:
1077 ret = 0;
1078 goto error;
1079 }
1080
1081 len = buffer_len(b);
1082 if (lenp != NULL)
1083 *lenp = len;
1084 if (blobp != NULL) {
1085 *blobp = malloc(len);
1086 if (*blobp == NULL) {
1087 ret = 0;
1088 goto error;
1089 }
1090 memcpy(*blobp, buffer_ptr(b), len);
1091 }
1092
1093 error:
1094 buffer_free(b);
1095
1096 return (ret);
1097 }
1098
1099
1100 //
1101 // �o�b�t�@�����L�[�����������o��(for SSH2)
1102 // NOTE: ���l���A���P�[�g���������������A�����o�������������������B
1103 //
1104 Key *key_from_blob(char *data, int blen)
1105 {
1106 int keynamelen, len;
1107 char key[128];
1108 RSA *rsa = NULL;
1109 DSA *dsa = NULL;
1110 EC_KEY *ecdsa = NULL;
1111 EC_POINT *q = NULL;
1112 char *curve = NULL;
1113 Key *hostkey; // hostkey
1114 ssh_keytype type;
1115 unsigned char *pk = NULL;
1116
1117 hostkey = malloc(sizeof(Key));
1118 if (hostkey == NULL)
1119 goto error;
1120
1121 memset(hostkey, 0, sizeof(Key));
1122
1123 keynamelen = get_uint32_MSBfirst(data);
1124 if (keynamelen >= sizeof(key)) {
1125 goto error;
1126 }
1127 data += 4;
1128 memcpy(key, data, keynamelen);
1129 key[keynamelen] = 0;
1130 data += keynamelen;
1131
1132 type = get_keytype_from_name(key);
1133
1134 switch (type) {
1135 case KEY_RSA: // RSA key
1136 rsa = RSA_new();
1137 if (rsa == NULL) {
1138 goto error;
1139 }
1140 rsa->n = BN_new();
1141 rsa->e = BN_new();
1142 if (rsa->n == NULL || rsa->e == NULL) {
1143 goto error;
1144 }
1145
1146 buffer_get_bignum2(&data, rsa->e);
1147 buffer_get_bignum2(&data, rsa->n);
1148
1149 hostkey->type = type;
1150 hostkey->rsa = rsa;
1151 break;
1152
1153 case KEY_DSA: // DSA key
1154 dsa = DSA_new();
1155 if (dsa == NULL) {
1156 goto error;
1157 }
1158 dsa->p = BN_new();
1159 dsa->q = BN_new();
1160 dsa->g = BN_new();
1161 dsa->pub_key = BN_new();
1162 if (dsa->p == NULL ||
1163 dsa->q == NULL ||
1164 dsa->g == NULL ||
1165 dsa->pub_key == NULL) {
1166 goto error;
1167 }
1168
1169 buffer_get_bignum2(&data, dsa->p);
1170 buffer_get_bignum2(&data, dsa->q);
1171 buffer_get_bignum2(&data, dsa->g);
1172 buffer_get_bignum2(&data, dsa->pub_key);
1173
1174 hostkey->type = type;
1175 hostkey->dsa = dsa;
1176 break;
1177
1178 case KEY_ECDSA256: // ECDSA
1179 case KEY_ECDSA384:
1180 case KEY_ECDSA521:
1181 curve = buffer_get_string(&data, NULL);
1182 if (type != key_curve_name_to_keytype(curve)) {
1183 goto error;
1184 }
1185
1186 ecdsa = EC_KEY_new_by_curve_name(keytype_to_cipher_nid(type));
1187 if (ecdsa == NULL) {
1188 goto error;
1189 }
1190
1191 q = EC_POINT_new(EC_KEY_get0_group(ecdsa));
1192 if (q == NULL) {
1193 goto error;
1194 }
1195
1196 buffer_get_ecpoint(&data, EC_KEY_get0_group(ecdsa), q);
1197 if (key_ec_validate_public(EC_KEY_get0_group(ecdsa), q) == -1) {
1198 goto error;
1199 }
1200
1201 if (EC_KEY_set_public_key(ecdsa, q) != 1) {
1202 goto error;
1203 }
1204
1205 hostkey->type = type;
1206 hostkey->ecdsa = ecdsa;
1207 break;
1208
1209 case KEY_ED25519:
1210 pk = buffer_get_string(&data, &len);
1211 if (pk == NULL)
1212 goto error;
1213 if (len != ED25519_PK_SZ)
1214 goto error;
1215
1216 hostkey->type = type;
1217 hostkey->ed25519_pk = pk;
1218 pk = NULL;
1219 break;
1220
1221 default: // unknown key
1222 goto error;
1223 }
1224
1225 return (hostkey);
1226
1227 error:
1228 if (rsa != NULL)
1229 RSA_free(rsa);
1230 if (dsa != NULL)
1231 DSA_free(dsa);
1232 if (ecdsa != NULL)
1233 EC_KEY_free(ecdsa);
1234
1235 free(hostkey);
1236
1237 return NULL;
1238 }
1239
1240
1241 static int ssh_ed25519_sign(Key *key, char **sigp, int *lenp, char *data, int datalen)
1242 {
1243 char *sig;
1244 int slen, len;
1245 unsigned long long smlen;
1246 int ret;
1247 buffer_t *b;
1248
1249 smlen = slen = datalen + crypto_sign_ed25519_BYTES;
1250 sig = malloc(slen);
1251
1252 if ((ret = crypto_sign_ed25519(sig, &smlen, data, datalen,
1253 key->ed25519_sk)) != 0 || smlen <= datalen) {
1254 //error("%s: crypto_sign_ed25519 failed: %d", __func__, ret);
1255 free(sig);
1256 return -1;
1257 }
1258 /* encode signature */
1259 b = buffer_init();
1260 buffer_put_cstring(b, "ssh-ed25519");
1261 buffer_put_string(b, sig, (int)(smlen - datalen));
1262 len = buffer_len(b);
1263 if (lenp != NULL)
1264 *lenp = len;
1265 if (sigp != NULL) {
1266 *sigp = malloc(len);
1267 memcpy(*sigp, buffer_ptr(b), len);
1268 }
1269 buffer_free(b);
1270 memset(sig, 's', slen);
1271 free(sig);
1272
1273 return 0;
1274 }
1275
1276
1277 BOOL generate_SSH2_keysign(Key *keypair, char **sigptr, int *siglen, char *data, int datalen)
1278 {
1279 buffer_t *msg = NULL;
1280 char *s;
1281 int ret;
1282
1283 msg = buffer_init();
1284 if (msg == NULL) {
1285 // TODO: error check
1286 return FALSE;
1287 }
1288
1289 switch (keypair->type) {
1290 case KEY_RSA: // RSA
1291 {
1292 const EVP_MD *evp_md = EVP_sha1();
1293 EVP_MD_CTX md;
1294 u_char digest[EVP_MAX_MD_SIZE], *sig;
1295 u_int slen, dlen, len;
1296 int ok, nid = NID_sha1;
1297
1298 // �_�C�W�F�X�g�l���v�Z
1299 EVP_DigestInit(&md, evp_md);
1300 EVP_DigestUpdate(&md, data, datalen);
1301 EVP_DigestFinal(&md, digest, &dlen);
1302
1303 slen = RSA_size(keypair->rsa);
1304 sig = malloc(slen);
1305 if (sig == NULL)
1306 goto error;
1307
1308 // �d�q�������v�Z
1309 ok = RSA_sign(nid, digest, dlen, sig, &len, keypair->rsa);
1310 memset(digest, 'd', sizeof(digest));
1311 if (ok != 1) { // error
1312 free(sig);
1313 goto error;
1314 }
1315 // �������T�C�Y���o�b�t�@���������������A�������������B�������[�����������B
1316 if (len < slen) {
1317 u_int diff = slen - len;
1318 memmove(sig + diff, sig, len);
1319 memset(sig, 0, diff);
1320
1321 } else if (len > slen) {
1322 free(sig);
1323 goto error;
1324
1325 } else {
1326 // do nothing
1327
1328 }
1329
1330 s = get_sshname_from_key(keypair);
1331 buffer_put_string(msg, s, strlen(s));
1332 buffer_append_length(msg, sig, slen);
1333 len = buffer_len(msg);
1334
1335 // setting
1336 *siglen = len;
1337 *sigptr = malloc(len);
1338 if (*sigptr == NULL) {
1339 free(sig);
1340 goto error;
1341 }
1342 memcpy(*sigptr, buffer_ptr(msg), len);
1343 free(sig);
1344
1345 break;
1346 }
1347 case KEY_DSA: // DSA
1348 {
1349 DSA_SIG *sig;
1350 const EVP_MD *evp_md = EVP_sha1();
1351 EVP_MD_CTX md;
1352 u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
1353 u_int rlen, slen, len, dlen;
1354
1355 // �_�C�W�F�X�g���v�Z
1356 EVP_DigestInit(&md, evp_md);
1357 EVP_DigestUpdate(&md, data, datalen);
1358 EVP_DigestFinal(&md, digest, &dlen);
1359
1360 // DSA�d�q�������v�Z
1361 sig = DSA_do_sign(digest, dlen, keypair->dsa);
1362 memset(digest, 'd', sizeof(digest));
1363 if (sig == NULL) {
1364 goto error;
1365 }
1366
1367 // BIGNUM�����o�C�i���l��������
1368 rlen = BN_num_bytes(sig->r);
1369 slen = BN_num_bytes(sig->s);
1370 if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
1371 DSA_SIG_free(sig);
1372 goto error;
1373 }
1374 memset(sigblob, 0, SIGBLOB_LEN);
1375 BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
1376 BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
1377 DSA_SIG_free(sig);
1378
1379 // setting
1380 s = get_sshname_from_key(keypair);
1381 buffer_put_string(msg, s, strlen(s));
1382 buffer_append_length(msg, sigblob, sizeof(sigblob));
1383 len = buffer_len(msg);
1384
1385 // setting
1386 *siglen = len;
1387 *sigptr = malloc(len);
1388 if (*sigptr == NULL) {
1389 goto error;
1390 }
1391 memcpy(*sigptr, buffer_ptr(msg), len);
1392
1393 break;
1394 }
1395 case KEY_ECDSA256: // ECDSA
1396 case KEY_ECDSA384:
1397 case KEY_ECDSA521:
1398 {
1399 ECDSA_SIG *sig;
1400 const EVP_MD *evp_md;
1401 EVP_MD_CTX md;
1402 u_char digest[EVP_MAX_MD_SIZE];
1403 u_int len, dlen, nid;
1404 buffer_t *buf2 = NULL;
1405
1406 nid = keytype_to_hash_nid(keypair->type);
1407 if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
1408 goto error;
1409 }
1410 EVP_DigestInit(&md, evp_md);
1411 EVP_DigestUpdate(&md, data, datalen);
1412 EVP_DigestFinal(&md, digest, &dlen);
1413
1414 sig = ECDSA_do_sign(digest, dlen, keypair->ecdsa);
1415 memset(digest, 'd', sizeof(digest));
1416
1417 if (sig == NULL) {
1418 goto error;
1419 }
1420
1421 buf2 = buffer_init();
1422 if (buf2 == NULL) {
1423 // TODO: error check
1424 goto error;
1425 }
1426 buffer_put_bignum2(buf2, sig->r);
1427 buffer_put_bignum2(buf2, sig->s);
1428 ECDSA_SIG_free(sig);
1429
1430 s = get_sshname_from_key(keypair);
1431 buffer_put_string(msg, s, strlen(s));
1432 buffer_put_string(msg, buffer_ptr(buf2), buffer_len(buf2));
1433 buffer_free(buf2);
1434 len = buffer_len(msg);
1435
1436 *siglen = len;
1437 *sigptr = malloc(len);
1438 if (*sigptr == NULL) {
1439 goto error;
1440 }
1441 memcpy(*sigptr, buffer_ptr(msg), len);
1442
1443 break;
1444 }
1445
1446 case KEY_ED25519:
1447 ret = ssh_ed25519_sign(keypair, sigptr, siglen, data, datalen);
1448 if (ret != 0)
1449 goto error;
1450 break;
1451
1452 default:
1453 buffer_free(msg);
1454 return FALSE;
1455 break;
1456 }
1457
1458 buffer_free(msg);
1459 return TRUE;
1460
1461 error:
1462 buffer_free(msg);
1463
1464 return FALSE;
1465 }
1466
1467
1468 BOOL get_SSH2_publickey_blob(PTInstVar pvar, buffer_t **blobptr, int *bloblen)
1469 {
1470 buffer_t *msg = NULL;
1471 Key *keypair;
1472 char *s, *tmp;
1473
1474 msg = buffer_init();
1475 if (msg == NULL) {
1476 // TODO: error check
1477 return FALSE;
1478 }
1479
1480 keypair = pvar->auth_state.cur_cred.key_pair;
1481
1482 switch (keypair->type) {
1483 case KEY_RSA: // RSA
1484 s = get_sshname_from_key(keypair);
1485 buffer_put_string(msg, s, strlen(s));
1486 buffer_put_bignum2(msg, keypair->rsa->e); // ���J�w��
1487 buffer_put_bignum2(msg, keypair->rsa->n); // p�~q
1488 break;
1489 case KEY_DSA: // DSA
1490 s = get_sshname_from_key(keypair);
1491 buffer_put_string(msg, s, strlen(s));
1492 buffer_put_bignum2(msg, keypair->dsa->p); // �f��
1493 buffer_put_bignum2(msg, keypair->dsa->q); // (p-1)���f����
1494 buffer_put_bignum2(msg, keypair->dsa->g); // ����
1495 buffer_put_bignum2(msg, keypair->dsa->pub_key); // ���J��
1496 break;
1497 case KEY_ECDSA256: // ECDSA
1498 case KEY_ECDSA384:
1499 case KEY_ECDSA521:
1500 s = get_sshname_from_key(keypair);
1501 buffer_put_string(msg, s, strlen(s));
1502 tmp = curve_keytype_to_name(keypair->type);
1503 buffer_put_string(msg, tmp, strlen(tmp));
1504 buffer_put_ecpoint(msg, EC_KEY_get0_group(keypair->ecdsa),
1505 EC_KEY_get0_public_key(keypair->ecdsa));
1506 break;
1507 case KEY_ED25519:
1508 s = get_sshname_from_key(keypair);
1509 buffer_put_cstring(msg, s);
1510 buffer_put_string(msg, keypair->ed25519_pk, ED25519_PK_SZ);
1511 break;
1512 default:
1513 return FALSE;
1514 }
1515
1516 *blobptr = msg;
1517 *bloblen = buffer_len(msg);
1518
1519 return TRUE;
1520 }
1521
1522 int kextype_to_cipher_nid(kex_algorithm type)
1523 {
1524 switch (type) {
1525 case KEX_ECDH_SHA2_256:
1526 return NID_X9_62_prime256v1;
1527 case KEX_ECDH_SHA2_384:
1528 return NID_secp384r1;
1529 case KEX_ECDH_SHA2_521:
1530 return NID_secp521r1;
1531 }
1532 return NID_undef;
1533 }
1534
1535 int keytype_to_hash_nid(ssh_keytype type)
1536 {
1537 switch (type) {
1538 case KEY_ECDSA256:
1539 return NID_sha256;
1540 case KEY_ECDSA384:
1541 return NID_sha384;
1542 case KEY_ECDSA521:
1543 return NID_sha512;
1544 }
1545 return NID_undef;
1546 }
1547
1548 int keytype_to_cipher_nid(ssh_keytype type)
1549 {
1550 switch (type) {
1551 case KEY_ECDSA256:
1552 return NID_X9_62_prime256v1;
1553 case KEY_ECDSA384:
1554 return NID_secp384r1;
1555 case KEY_ECDSA521:
1556 return NID_secp521r1;
1557 }
1558 return NID_undef;
1559 }
1560
1561 ssh_keytype nid_to_keytype(int nid)
1562 {
1563 switch (nid) {
1564 case NID_X9_62_prime256v1:
1565 return KEY_ECDSA256;
1566 case NID_secp384r1:
1567 return KEY_ECDSA384;
1568 case NID_secp521r1:
1569 return KEY_ECDSA521;
1570 }
1571 return KEY_UNSPEC;
1572 }
1573
1574 void key_private_serialize(Key *key, buffer_t *b)
1575 {
1576 char *s;
1577
1578 s = get_sshname_from_key(key);
1579 buffer_put_cstring(b, s);
1580
1581 switch (key->type) {
1582 case KEY_RSA:
1583 buffer_put_bignum2(b, key->rsa->n);
1584 buffer_put_bignum2(b, key->rsa->e);
1585 buffer_put_bignum2(b, key->rsa->d);
1586 buffer_put_bignum2(b, key->rsa->iqmp);
1587 buffer_put_bignum2(b, key->rsa->p);
1588 buffer_put_bignum2(b, key->rsa->q);
1589 break;
1590
1591 case KEY_DSA:
1592 buffer_put_bignum2(b, key->dsa->p);
1593 buffer_put_bignum2(b, key->dsa->q);
1594 buffer_put_bignum2(b, key->dsa->g);
1595 buffer_put_bignum2(b, key->dsa->pub_key);
1596 buffer_put_bignum2(b, key->dsa->priv_key);
1597 break;
1598
1599 case KEY_ECDSA256:
1600 case KEY_ECDSA384:
1601 case KEY_ECDSA521:
1602 buffer_put_cstring(b, curve_keytype_to_name(key->type));
1603 buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa),
1604 EC_KEY_get0_public_key(key->ecdsa));
1605 buffer_put_bignum2(b, (BIGNUM *)EC_KEY_get0_private_key(key->ecdsa));
1606 break;
1607
1608 case KEY_ED25519:
1609 buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ);
1610 buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ);
1611 break;
1612
1613 default:
1614 break;
1615 }
1616 }
1617
1618 /* calculate p-1 and q-1 */
1619 static void rsa_generate_additional_parameters(RSA *rsa)
1620 {
1621 BIGNUM *aux = NULL;
1622 BN_CTX *ctx = NULL;
1623
1624 if ((aux = BN_new()) == NULL)
1625 goto error;
1626 if ((ctx = BN_CTX_new()) == NULL)
1627 goto error;
1628
1629 if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
1630 (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
1631 (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
1632 (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0))
1633 goto error;
1634
1635 error:
1636 if (aux)
1637 BN_clear_free(aux);
1638 if (ctx)
1639 BN_CTX_free(ctx);
1640 }
1641
1642 static int key_ec_validate_private(EC_KEY *key)
1643 {
1644 BN_CTX *bnctx = NULL;
1645 BIGNUM *order, *tmp;
1646 int ret = -1;
1647
1648 if ((bnctx = BN_CTX_new()) == NULL)
1649 goto out;
1650 BN_CTX_start(bnctx);
1651
1652 if ((order = BN_CTX_get(bnctx)) == NULL ||
1653 (tmp = BN_CTX_get(bnctx)) == NULL)
1654 goto out;
1655
1656 /* log2(private) > log2(order)/2 */
1657 if (EC_GROUP_get_order(EC_KEY_get0_group(key), order, bnctx) != 1)
1658 goto out;
1659 if (BN_num_bits(EC_KEY_get0_private_key(key)) <=
1660 BN_num_bits(order) / 2) {
1661 goto out;
1662 }
1663
1664 /* private < order - 1 */
1665 if (!BN_sub(tmp, order, BN_value_one()))
1666 goto out;
1667 if (BN_cmp(EC_KEY_get0_private_key(key), tmp) >= 0) {
1668 goto out;
1669 }
1670 ret = 0;
1671
1672 out:
1673 if (bnctx)
1674 BN_CTX_free(bnctx);
1675 return ret;
1676 }
1677
1678 Key *key_private_deserialize(buffer_t *blob)
1679 {
1680 int success = 0;
1681 char *type_name = NULL;
1682 Key *k = NULL;
1683 unsigned int pklen, sklen;
1684 int type;
1685
1686 type_name = buffer_get_string_msg(blob, NULL);
1687 if (type_name == NULL)
1688 goto error;
1689 type = get_keytype_from_name(type_name);
1690
1691 k = key_new_private(type);
1692
1693 switch (type) {
1694 case KEY_RSA:
1695 buffer_get_bignum2_msg(blob, k->rsa->n);
1696 buffer_get_bignum2_msg(blob, k->rsa->e);
1697 buffer_get_bignum2_msg(blob, k->rsa->d);
1698 buffer_get_bignum2_msg(blob, k->rsa->iqmp);
1699 buffer_get_bignum2_msg(blob, k->rsa->p);
1700 buffer_get_bignum2_msg(blob, k->rsa->q);
1701
1702 /* Generate additional parameters */
1703 rsa_generate_additional_parameters(k->rsa);
1704 break;
1705
1706 case KEY_DSA:
1707 buffer_get_bignum2_msg(blob, k->dsa->p);
1708 buffer_get_bignum2_msg(blob, k->dsa->q);
1709 buffer_get_bignum2_msg(blob, k->dsa->g);
1710 buffer_get_bignum2_msg(blob, k->dsa->pub_key);
1711 buffer_get_bignum2_msg(blob, k->dsa->priv_key);
1712 break;
1713
1714 case KEY_ECDSA256:
1715 case KEY_ECDSA384:
1716 case KEY_ECDSA521:
1717 {
1718 int success = 0;
1719 unsigned int nid;
1720 char *curve = NULL;
1721 ssh_keytype skt;
1722 BIGNUM *exponent = NULL;
1723 EC_POINT *q = NULL;
1724
1725 nid = keytype_to_cipher_nid(type);
1726 curve = buffer_get_string_msg(blob, NULL);
1727 skt = key_curve_name_to_keytype(curve);
1728 if (nid != keytype_to_cipher_nid(skt))
1729 goto ecdsa_error;
1730
1731 k->ecdsa = EC_KEY_new_by_curve_name(nid);
1732 if (k->ecdsa == NULL)
1733 goto ecdsa_error;
1734
1735 q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa));
1736 if (q == NULL)
1737 goto ecdsa_error;
1738
1739 if ((exponent = BN_new()) == NULL)
1740 goto ecdsa_error;
1741 buffer_get_ecpoint_msg(blob,
1742 EC_KEY_get0_group(k->ecdsa), q);
1743 buffer_get_bignum2_msg(blob, exponent);
1744 if (EC_KEY_set_public_key(k->ecdsa, q) != 1)
1745 goto ecdsa_error;
1746 if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
1747 goto ecdsa_error;
1748 if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
1749 EC_KEY_get0_public_key(k->ecdsa)) != 0)
1750 goto ecdsa_error;
1751 if (key_ec_validate_private(k->ecdsa) != 0)
1752 goto ecdsa_error;
1753
1754 success = 1;
1755
1756 ecdsa_error:
1757 free(curve);
1758 if (exponent)
1759 BN_clear_free(exponent);
1760 if (q)
1761 EC_POINT_free(q);
1762 if (success == 0)
1763 goto error;
1764 }
1765 break;
1766
1767 case KEY_ED25519:
1768 k->ed25519_pk = buffer_get_string_msg(blob, &pklen);
1769 k->ed25519_sk = buffer_get_string_msg(blob, &sklen);
1770 if (pklen != ED25519_PK_SZ)
1771 goto error;
1772 if (sklen != ED25519_SK_SZ)
1773 goto error;
1774 break;
1775
1776 default:
1777 goto error;
1778 break;
1779 }
1780
1781 /* enable blinding */
1782 switch (k->type) {
1783 case KEY_RSA1:
1784 case KEY_RSA:
1785 if (RSA_blinding_on(k->rsa, NULL) != 1)
1786 goto error;
1787 break;
1788 }
1789
1790 success = 1;
1791
1792 error:
1793 free(type_name);
1794
1795 if (success == 0) {
1796 key_free(k);
1797 k = NULL;
1798 }
1799
1800 return (k);
1801 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help