Develop and Download Open Source Software

Tera Term

Browse Subversion Repository

/[ttssh2]/branches/ssh_chacha20poly1305/ttssh2/ttxssh/key.c

Contents of /branches/ssh_chacha20poly1305/ttssh2/ttxssh/key.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 5841 - (show annotations) (download) (as text)
Thu Apr 30 16:27:29 2015 UTC (8 years, 11 months ago) by yutakapon
Original Path: trunk/ttssh2/ttxssh/key.c
File MIME type: text/x-csrc
File size: 43159 byte(s) 
チケット #35047 SSH サーバホスト公開鍵の自動更新

許可された(ユーザが設定した)ホスト鍵アルゴリズムのみを受け付けるようにした。
1 /*
2 Copyright (c) 2011, TeraTerm Project
3 All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without modification,
6 are permitted provided that the following conditions are met:
7
8 Redistributions of source code must retain the above copyright notice, this list of
9 conditions and the following disclaimer.
10
11 Redistributions in binary form must reproduce the above copyright notice, this list
12 of conditions and the following disclaimer in the documentation and/or other materials
13 provided with the distribution.
14
15 The name of Robert O'Callahan may not be used to endorse or promote products derived from
16 this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND
19 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
22 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29 #include "key.h"
30 #include "kex.h"
31
32 #include <openssl/rsa.h>
33 #include <openssl/dsa.h>
34 #include <openssl/ecdsa.h>
35
36 #define INTBLOB_LEN 20
37 #define SIGBLOB_LEN (2*INTBLOB_LEN)
38
39
40 struct hostkeys_update_ctx {
41 /* The hostname and (optionally) IP address string for the server */
42 char *host_str, *ip_str;
43
44 /*
45 * Keys received from the server and a flag for each indicating
46 * whether they already exist in known_hosts.
47 * keys_seen is filled in by hostkeys_find() and later (for new
48 * keys) by client_global_hostkeys_private_confirm().
49 */
50 Key **keys;
51 int *keys_seen;
52 size_t nkeys;
53
54 size_t nnew;
55
56 /*
57 * Keys that are in known_hosts, but were not present in the update
58 * from the server (i.e. scheduled to be deleted).
59 * Filled in by hostkeys_find().
60 */
61 Key **old_keys;
62 size_t nold;
63 };
64
65
66 //////////////////////////////////////////////////////////////////////////////
67 //
68 // Key verify function
69 //
70 //////////////////////////////////////////////////////////////////////////////
71
72 //
73 // DSS
74 //
75
76 int ssh_dss_verify(DSA *key,
77 u_char *signature, u_int signaturelen,
78 u_char *data, u_int datalen)
79 {
80 DSA_SIG *sig;
81 const EVP_MD *evp_md = EVP_sha1();
82 EVP_MD_CTX md;
83 unsigned char digest[EVP_MAX_MD_SIZE], *sigblob;
84 unsigned int len, dlen;
85 int ret;
86 char *ptr;
87
88 OpenSSL_add_all_digests();
89
90 if (key == NULL) {
91 return -2;
92 }
93
94 ptr = signature;
95
96 // step1
97 if (signaturelen == 0x28) {
98 // workaround for SSH-2.0-2.0* and SSH-2.0-2.1* (2006.11.18 maya)
99 ptr -= 4;
100 }
101 else {
102 len = get_uint32_MSBfirst(ptr);
103 ptr += 4;
104 if (strncmp("ssh-dss", ptr, len) != 0) {
105 return -3;
106 }
107 ptr += len;
108 }
109
110 // step2
111 len = get_uint32_MSBfirst(ptr);
112 ptr += 4;
113 sigblob = ptr;
114 ptr += len;
115
116 if (len != SIGBLOB_LEN) {
117 return -4;
118 }
119
120 /* parse signature */
121 if ((sig = DSA_SIG_new()) == NULL)
122 return -5;
123 if ((sig->r = BN_new()) == NULL)
124 return -6;
125 if ((sig->s = BN_new()) == NULL)
126 return -7;
127 BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);
128 BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
129
130 /* sha1 the data */
131 EVP_DigestInit(&md, evp_md);
132 EVP_DigestUpdate(&md, data, datalen);
133 EVP_DigestFinal(&md, digest, &dlen);
134
135 ret = DSA_do_verify(digest, dlen, sig, key);
136 memset(digest, 'd', sizeof(digest));
137
138 DSA_SIG_free(sig);
139
140 return ret;
141 }
142
143
144 //
145 // RSA
146 //
147
148 /*
149 * See:
150 * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/
151 * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.asn
152 */
153 /*
154 * id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
155 * oiw(14) secsig(3) algorithms(2) 26 }
156 */
157 static const u_char id_sha1[] = {
158 0x30, 0x21, /* type Sequence, length 0x21 (33) */
159 0x30, 0x09, /* type Sequence, length 0x09 */
160 0x06, 0x05, /* type OID, length 0x05 */
161 0x2b, 0x0e, 0x03, 0x02, 0x1a, /* id-sha1 OID */
162 0x05, 0x00, /* NULL */
163 0x04, 0x14 /* Octet string, length 0x14 (20), followed by sha1 hash */
164 };
165 /*
166 * id-md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
167 * rsadsi(113549) digestAlgorithm(2) 5 }
168 */
169 static const u_char id_md5[] = {
170 0x30, 0x20, /* type Sequence, length 0x20 (32) */
171 0x30, 0x0c, /* type Sequence, length 0x09 */
172 0x06, 0x08, /* type OID, length 0x05 */
173 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, /* id-md5 */
174 0x05, 0x00, /* NULL */
175 0x04, 0x10 /* Octet string, length 0x10 (16), followed by md5 hash */
176 };
177
178 static int openssh_RSA_verify(int type, u_char *hash, u_int hashlen,
179 u_char *sigbuf, u_int siglen, RSA *rsa)
180 {
181 u_int ret, rsasize, oidlen = 0, hlen = 0;
182 int len;
183 const u_char *oid = NULL;
184 u_char *decrypted = NULL;
185
186 ret = 0;
187 switch (type) {
188 case NID_sha1:
189 oid = id_sha1;
190 oidlen = sizeof(id_sha1);
191 hlen = 20;
192 break;
193 case NID_md5:
194 oid = id_md5;
195 oidlen = sizeof(id_md5);
196 hlen = 16;
197 break;
198 default:
199 goto done;
200 break;
201 }
202 if (hashlen != hlen) {
203 //error("bad hashlen");
204 goto done;
205 }
206 rsasize = RSA_size(rsa);
207 if (siglen == 0 || siglen > rsasize) {
208 //error("bad siglen");
209 goto done;
210 }
211 decrypted = malloc(rsasize);
212 if (decrypted == NULL)
213 return 1; // error
214
215 if ((len = RSA_public_decrypt(siglen, sigbuf, decrypted, rsa,
216 RSA_PKCS1_PADDING)) < 0) {
217 //error("RSA_public_decrypt failed: %s",
218 // ERR_error_string(ERR_get_error(), NULL));
219 goto done;
220 }
221 if (len != hlen + oidlen) {
222 //error("bad decrypted len: %d != %d + %d", len, hlen, oidlen);
223 goto done;
224 }
225 if (memcmp(decrypted, oid, oidlen) != 0) {
226 //error("oid mismatch");
227 goto done;
228 }
229 if (memcmp(decrypted + oidlen, hash, hlen) != 0) {
230 //error("hash mismatch");
231 goto done;
232 }
233 ret = 1;
234 done:
235 if (decrypted)
236 free(decrypted);
237 return ret;
238 }
239
240 int ssh_rsa_verify(RSA *key,
241 u_char *signature, u_int signaturelen,
242 u_char *data, u_int datalen)
243 {
244 const EVP_MD *evp_md;
245 EVP_MD_CTX md;
246 // char *ktype;
247 u_char digest[EVP_MAX_MD_SIZE], *sigblob;
248 u_int len, dlen, modlen;
249 // int rlen, ret, nid;
250 int ret, nid;
251 char *ptr;
252
253 OpenSSL_add_all_digests();
254
255 if (key == NULL) {
256 return -2;
257 }
258 if (BN_num_bits(key->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
259 return -3;
260 }
261 //debug_print(41, signature, signaturelen);
262 ptr = signature;
263
264 // step1
265 len = get_uint32_MSBfirst(ptr);
266 ptr += 4;
267 if (strncmp("ssh-rsa", ptr, len) != 0) {
268 return -4;
269 }
270 ptr += len;
271
272 // step2
273 len = get_uint32_MSBfirst(ptr);
274 ptr += 4;
275 sigblob = ptr;
276 ptr += len;
277 #if 0
278 rlen = get_uint32_MSBfirst(ptr);
279 if (rlen != 0) {
280 return -1;
281 }
282 #endif
283
284 /* RSA_verify expects a signature of RSA_size */
285 modlen = RSA_size(key);
286 if (len > modlen) {
287 return -5;
288
289 } else if (len < modlen) {
290 u_int diff = modlen - len;
291 sigblob = realloc(sigblob, modlen);
292 memmove(sigblob + diff, sigblob, len);
293 memset(sigblob, 0, diff);
294 len = modlen;
295 }
296
297 /* sha1 the data */
298 // nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1;
299 nid = NID_sha1;
300 if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
301 //error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid);
302 return -6;
303 }
304 EVP_DigestInit(&md, evp_md);
305 EVP_DigestUpdate(&md, data, datalen);
306 EVP_DigestFinal(&md, digest, &dlen);
307
308 ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key);
309
310 memset(digest, 'd', sizeof(digest));
311 memset(sigblob, 's', len);
312 //free(sigblob);
313 //debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
314
315 return ret;
316 }
317
318 int ssh_ecdsa_verify(EC_KEY *key, ssh_keytype keytype,
319 u_char *signature, u_int signaturelen,
320 u_char *data, u_int datalen)
321 {
322 ECDSA_SIG *sig;
323 const EVP_MD *evp_md;
324 EVP_MD_CTX md;
325 unsigned char digest[EVP_MAX_MD_SIZE], *sigblob;
326 unsigned int len, dlen;
327 int ret, nid = NID_undef;
328 char *ptr;
329
330 OpenSSL_add_all_digests();
331
332 if (key == NULL) {
333 return -2;
334 }
335
336 ptr = signature;
337
338 len = get_uint32_MSBfirst(ptr);
339 ptr += 4;
340 if (strncmp(get_ssh_keytype_name(keytype), ptr, len) != 0) {
341 return -3;
342 }
343 ptr += len;
344
345 len = get_uint32_MSBfirst(ptr);
346 ptr += 4;
347 sigblob = ptr;
348 ptr += len;
349
350 /* parse signature */
351 if ((sig = ECDSA_SIG_new()) == NULL)
352 return -4;
353 if ((sig->r = BN_new()) == NULL)
354 return -5;
355 if ((sig->s = BN_new()) == NULL)
356 return -6;
357
358 buffer_get_bignum2(&sigblob, sig->r);
359 buffer_get_bignum2(&sigblob, sig->s);
360 if (sigblob != ptr) {
361 return -7;
362 }
363
364 /* hash the data */
365 nid = keytype_to_hash_nid(keytype);
366 if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
367 return -8;
368 }
369 EVP_DigestInit(&md, evp_md);
370 EVP_DigestUpdate(&md, data, datalen);
371 EVP_DigestFinal(&md, digest, &dlen);
372
373 ret = ECDSA_do_verify(digest, dlen, sig, key);
374 memset(digest, 'd', sizeof(digest));
375
376 ECDSA_SIG_free(sig);
377
378 return ret;
379 }
380
381 static int ssh_ed25519_verify(Key *key, unsigned char *signature, unsigned int signaturelen,
382 unsigned char *data, unsigned int datalen)
383 {
384 buffer_t *b;
385 char *ktype = NULL;
386 unsigned char *sigblob = NULL, *sm = NULL, *m = NULL;
387 unsigned int len;
388 unsigned long long smlen, mlen;
389 int rlen, ret;
390 char *bptr;
391
392 ret = -1;
393 b = buffer_init();
394 if (b == NULL)
395 goto error;
396
397 buffer_append(b, signature, signaturelen);
398 bptr = buffer_ptr(b);
399 ktype = buffer_get_string(&bptr, NULL);
400 if (strcmp("ssh-ed25519", ktype) != 0) {
401 goto error;
402 }
403 sigblob = buffer_get_string(&bptr, &len);
404 rlen = buffer_remain_len(b);
405 if (rlen != 0) {
406 goto error;
407 }
408 if (len > crypto_sign_ed25519_BYTES) {
409 goto error;
410 }
411
412 smlen = len + datalen;
413 sm = malloc((size_t)smlen);
414 memcpy(sm, sigblob, len);
415 memcpy(sm+len, data, datalen);
416 mlen = smlen;
417 m = malloc((size_t)mlen);
418
419 if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
420 key->ed25519_pk)) != 0) {
421 //debug2("%s: crypto_sign_ed25519_open failed: %d",
422 // __func__, ret);
423 }
424 if (ret == 0 && mlen != datalen) {
425 //debug2("%s: crypto_sign_ed25519_open "
426 // "mlen != datalen (%llu != %u)", __func__, mlen, datalen);
427 ret = -1;
428 }
429 /* XXX compare 'm' and 'data' ? */
430
431 error:
432 buffer_free(b);
433 free(ktype);
434
435 if (sigblob) {
436 memset(sigblob, 's', len);
437 free(sigblob);
438 }
439 if (sm) {
440 memset(sm, 'S', (size_t)smlen);
441 free(sm);
442 }
443 if (m) {
444 memset(m, 'm', (size_t)smlen); /* NB. mlen may be invalid if ret != 0 */
445 free(m);
446 }
447
448 /* translate return code carefully */
449 return (ret == 0) ? 1 : -1;
450 }
451
452 int key_verify(Key *key,
453 unsigned char *signature, unsigned int signaturelen,
454 unsigned char *data, unsigned int datalen)
455 {
456 int ret = 0;
457
458 switch (key->type) {
459 case KEY_RSA:
460 ret = ssh_rsa_verify(key->rsa, signature, signaturelen, data, datalen);
461 break;
462 case KEY_DSA:
463 ret = ssh_dss_verify(key->dsa, signature, signaturelen, data, datalen);
464 break;
465 case KEY_ECDSA256:
466 case KEY_ECDSA384:
467 case KEY_ECDSA521:
468 ret = ssh_ecdsa_verify(key->ecdsa, key->type, signature, signaturelen, data, datalen);
469 break;
470 case KEY_ED25519:
471 ret = ssh_ed25519_verify(key, signature, signaturelen, data, datalen);
472 break;
473 default:
474 return -1;
475 }
476
477 return (ret); // success
478 }
479
480 //
481 // RSA�\����������
482 //
483 RSA *duplicate_RSA(RSA *src)
484 {
485 RSA *rsa = NULL;
486
487 rsa = RSA_new();
488 if (rsa == NULL)
489 goto error;
490 rsa->n = BN_new();
491 rsa->e = BN_new();
492 if (rsa->n == NULL || rsa->e == NULL) {
493 RSA_free(rsa);
494 goto error;
495 }
496
497 // �[���R�s�[(deep copy)���s���B�����R�s�[(shallow copy)��NG�B
498 BN_copy(rsa->n, src->n);
499 BN_copy(rsa->e, src->e);
500
501 error:
502 return (rsa);
503 }
504
505
506 //
507 // DSA�\����������
508 //
509 DSA *duplicate_DSA(DSA *src)
510 {
511 DSA *dsa = NULL;
512
513 dsa = DSA_new();
514 if (dsa == NULL)
515 goto error;
516 dsa->p = BN_new();
517 dsa->q = BN_new();
518 dsa->g = BN_new();
519 dsa->pub_key = BN_new();
520 if (dsa->p == NULL ||
521 dsa->q == NULL ||
522 dsa->g == NULL ||
523 dsa->pub_key == NULL) {
524 DSA_free(dsa);
525 goto error;
526 }
527
528 // �[���R�s�[(deep copy)���s���B�����R�s�[(shallow copy)��NG�B
529 BN_copy(dsa->p, src->p);
530 BN_copy(dsa->q, src->q);
531 BN_copy(dsa->g, src->g);
532 BN_copy(dsa->pub_key, src->pub_key);
533
534 error:
535 return (dsa);
536 }
537
538 unsigned char *duplicate_ED25519_PK(unsigned char *src)
539 {
540 unsigned char *ptr = NULL;
541
542 ptr = malloc(ED25519_PK_SZ);
543 if (ptr) {
544 memcpy(ptr, src, ED25519_PK_SZ);
545 }
546 return (ptr);
547 }
548
549
550 char* key_fingerprint_raw(Key *k, enum fp_type dgst_type, int *dgst_raw_length)
551 {
552 const EVP_MD *md = NULL;
553 EVP_MD_CTX ctx;
554 char *blob = NULL;
555 char *retval = NULL;
556 int len = 0;
557 int nlen, elen;
558 RSA *rsa;
559
560 *dgst_raw_length = 0;
561
562 switch (dgst_type) {
563 case SSH_FP_MD5:
564 md = EVP_md5();
565 break;
566 case SSH_FP_SHA1:
567 md = EVP_sha1();
568 break;
569 case SSH_FP_SHA256:
570 md = EVP_sha256();
571 break;
572 default:
573 md = EVP_md5();
574 }
575
576 switch (k->type) {
577 case KEY_RSA1:
578 rsa = make_key(NULL, k->bits, k->exp, k->mod);
579 nlen = BN_num_bytes(rsa->n);
580 elen = BN_num_bytes(rsa->e);
581 len = nlen + elen;
582 blob = malloc(len);
583 if (blob == NULL) {
584 // TODO:
585 }
586 BN_bn2bin(rsa->n, blob);
587 BN_bn2bin(rsa->e, blob + nlen);
588 RSA_free(rsa);
589 break;
590
591 case KEY_DSA:
592 case KEY_RSA:
593 case KEY_ECDSA256:
594 case KEY_ECDSA384:
595 case KEY_ECDSA521:
596 case KEY_ED25519:
597 key_to_blob(k, &blob, &len);
598 break;
599
600 case KEY_UNSPEC:
601 return retval;
602 break;
603
604 default:
605 //fatal("key_fingerprint_raw: bad key type %d", k->type);
606 break;
607 }
608
609 if (blob != NULL) {
610 retval = malloc(EVP_MAX_MD_SIZE);
611 if (retval == NULL) {
612 // TODO:
613 }
614 EVP_DigestInit(&ctx, md);
615 EVP_DigestUpdate(&ctx, blob, len);
616 EVP_DigestFinal(&ctx, retval, dgst_raw_length);
617 memset(blob, 0, len);
618 free(blob);
619 } else {
620 //fatal("key_fingerprint_raw: blob is null");
621 }
622 return retval;
623 }
624
625
626 const char *
627 ssh_key_type(ssh_keytype type)
628 {
629 switch (type) {
630 case KEY_RSA1:
631 return "RSA1";
632 case KEY_RSA:
633 return "RSA";
634 case KEY_DSA:
635 return "DSA";
636 case KEY_ECDSA256:
637 case KEY_ECDSA384:
638 case KEY_ECDSA521:
639 return "ECDSA";
640 case KEY_ED25519:
641 return "ED25519";
642 }
643 return "unknown";
644 }
645
646 unsigned int
647 key_size(const Key *k)
648 {
649 switch (k->type) {
650 case KEY_RSA1:
651 // SSH1�������� key->rsa �� key->dsa �� NULL �����������A�g�������B
652 return k->bits;
653 case KEY_RSA:
654 return BN_num_bits(k->rsa->n);
655 case KEY_DSA:
656 return BN_num_bits(k->dsa->p);
657 case KEY_ECDSA256:
658 return 256;
659 case KEY_ECDSA384:
660 return 384;
661 case KEY_ECDSA521:
662 return 521;
663 case KEY_ED25519:
664 return 256; /* XXX */
665 }
666 return 0;
667 }
668
669 // based on OpenSSH 5.1
670 #define FLDBASE 8
671 #define FLDSIZE_Y (FLDBASE + 1)
672 #define FLDSIZE_X (FLDBASE * 2 + 1)
673 static char *
674 key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k)
675 {
676 /*
677 * Chars to be used after each other every time the worm
678 * intersects with itself. Matter of taste.
679 */
680 char *augmentation_string = " .o+=*BOX@%&#/^SE";
681 char *retval, *p;
682 unsigned char field[FLDSIZE_X][FLDSIZE_Y];
683 unsigned int i, b;
684 int x, y;
685 size_t len = strlen(augmentation_string) - 1;
686
687 retval = calloc(1, (FLDSIZE_X + 3 + 1) * (FLDSIZE_Y + 2));
688
689 /* initialize field */
690 memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char));
691 x = FLDSIZE_X / 2;
692 y = FLDSIZE_Y / 2;
693
694 /* process raw key */
695 for (i = 0; i < dgst_raw_len; i++) {
696 int input;
697 /* each byte conveys four 2-bit move commands */
698 input = dgst_raw[i];
699 for (b = 0; b < 4; b++) {
700 /* evaluate 2 bit, rest is shifted later */
701 x += (input & 0x1) ? 1 : -1;
702 y += (input & 0x2) ? 1 : -1;
703
704 /* assure we are still in bounds */
705 x = max(x, 0);
706 y = max(y, 0);
707 x = min(x, FLDSIZE_X - 1);
708 y = min(y, FLDSIZE_Y - 1);
709
710 /* augment the field */
711 field[x][y]++;
712 input = input >> 2;
713 }
714 }
715
716 /* mark starting point and end point*/
717 field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1;
718 field[x][y] = len;
719
720 /* fill in retval */
721 _snprintf_s(retval, FLDSIZE_X, _TRUNCATE, "+--[%4s %4u]", ssh_key_type(k->type), key_size(k));
722 p = strchr(retval, '\0');
723
724 /* output upper border */
725 for (i = p - retval - 1; i < FLDSIZE_X; i++)
726 *p++ = '-';
727 *p++ = '+';
728 *p++ = '\r';
729 *p++ = '\n';
730
731 /* output content */
732 for (y = 0; y < FLDSIZE_Y; y++) {
733 *p++ = '|';
734 for (x = 0; x < FLDSIZE_X; x++)
735 *p++ = augmentation_string[min(field[x][y], len)];
736 *p++ = '|';
737 *p++ = '\r';
738 *p++ = '\n';
739 }
740
741 /* output lower border */
742 *p++ = '+';
743 for (i = 0; i < FLDSIZE_X; i++)
744 *p++ = '-';
745 *p++ = '+';
746
747 return retval;
748 }
749 #undef FLDBASE
750 #undef FLDSIZE_Y
751 #undef FLDSIZE_X
752
753 //
754 // fingerprint�i�w���F�z�X�g���J�����n�b�V���j����������
755 //
756 char *key_fingerprint(Key *key, enum fp_rep dgst_rep)
757 {
758 char *retval = NULL;
759 unsigned char *dgst_raw;
760 int dgst_raw_len;
761 int i, retval_len;
762
763 // fingerprint���n�b�V���l�i�o�C�i���j��������
764 dgst_raw = key_fingerprint_raw(key, SSH_FP_MD5, &dgst_raw_len);
765
766 if (dgst_rep == SSH_FP_HEX) {
767 // 16�i�\�L����������
768 retval_len = dgst_raw_len * 3 + 1;
769 retval = malloc(retval_len);
770 retval[0] = '\0';
771 for (i = 0; i < dgst_raw_len; i++) {
772 char hex[4];
773 _snprintf_s(hex, sizeof(hex), _TRUNCATE, "%02x:", dgst_raw[i]);
774 strncat_s(retval, retval_len, hex, _TRUNCATE);
775 }
776
777 /* Remove the trailing ':' character */
778 retval[(dgst_raw_len * 3) - 1] = '\0';
779
780 } else if (dgst_rep == SSH_FP_RANDOMART) {
781 retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len, key);
782
783 } else {
784
785 }
786
787 memset(dgst_raw, 0, dgst_raw_len);
788 free(dgst_raw);
789
790 return (retval);
791 }
792
793 //
794 // �L�[�������������m��
795 //
796 static void key_add_private(Key *k)
797 {
798 switch (k->type) {
799 case KEY_RSA1:
800 case KEY_RSA:
801 k->rsa->d = BN_new();
802 k->rsa->iqmp = BN_new();
803 k->rsa->q = BN_new();
804 k->rsa->p = BN_new();
805 k->rsa->dmq1 = BN_new();
806 k->rsa->dmp1 = BN_new();
807 if (k->rsa->d == NULL || k->rsa->iqmp == NULL || k->rsa->q == NULL ||
808 k->rsa->p == NULL || k->rsa->dmq1 == NULL || k->rsa->dmp1 == NULL)
809 goto error;
810 break;
811
812 case KEY_DSA:
813 k->dsa->priv_key = BN_new();
814 if (k->dsa->priv_key == NULL)
815 goto error;
816 break;
817
818 case KEY_ECDSA256:
819 case KEY_ECDSA384:
820 case KEY_ECDSA521:
821 /* Cannot do anything until we know the group */
822 break;
823
824 case KEY_ED25519:
825 /* no need to prealloc */
826 break;
827
828 case KEY_UNSPEC:
829 break;
830
831 default:
832 goto error;
833 break;
834 }
835 return;
836
837 error:
838 if (k->rsa->d) {
839 BN_free(k->rsa->d);
840 k->rsa->d = NULL;
841 }
842 if (k->rsa->iqmp) {
843 BN_free(k->rsa->iqmp);
844 k->rsa->iqmp = NULL;
845 }
846 if (k->rsa->q) {
847 BN_free(k->rsa->q);
848 k->rsa->q = NULL;
849 }
850 if (k->rsa->p) {
851 BN_free(k->rsa->p);
852 k->rsa->p = NULL;
853 }
854 if (k->rsa->dmq1) {
855 BN_free(k->rsa->dmq1);
856 k->rsa->dmq1 = NULL;
857 }
858 if (k->rsa->dmp1) {
859 BN_free(k->rsa->dmp1);
860 k->rsa->dmp1 = NULL;
861 }
862
863
864 if (k->dsa->priv_key == NULL) {
865 BN_free(k->dsa->priv_key);
866 k->dsa->priv_key = NULL;
867 }
868
869 }
870
871 Key *key_new_private(int type)
872 {
873 Key *k = key_new(type);
874
875 key_add_private(k);
876 return (k);
877 }
878
879
880 Key *key_new(int type)
881 {
882 int success = 0;
883 Key *k = NULL;
884 RSA *rsa;
885 DSA *dsa;
886
887 k = calloc(1, sizeof(Key));
888 if (k == NULL)
889 goto error;
890 k->type = type;
891 k->ecdsa = NULL;
892 k->dsa = NULL;
893 k->rsa = NULL;
894 k->ed25519_pk = NULL;
895 k->ed25519_sk = NULL;
896
897 switch (k->type) {
898 case KEY_RSA1:
899 case KEY_RSA:
900 rsa = RSA_new();
901 if (rsa == NULL)
902 goto error;
903 rsa->n = BN_new();
904 rsa->e = BN_new();
905 if (rsa->n == NULL || rsa->e == NULL)
906 goto error;
907 k->rsa = rsa;
908 break;
909
910 case KEY_DSA:
911 dsa = DSA_new();
912 if (dsa == NULL)
913 goto error;
914 dsa->p = BN_new();
915 dsa->q = BN_new();
916 dsa->g = BN_new();
917 dsa->pub_key = BN_new();
918 if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL || dsa->pub_key == NULL)
919 goto error;
920 k->dsa = dsa;
921 break;
922
923 case KEY_ECDSA256:
924 case KEY_ECDSA384:
925 case KEY_ECDSA521:
926 /* Cannot do anything until we know the group */
927 break;
928
929 case KEY_ED25519:
930 /* no need to prealloc */
931 break;
932
933 case KEY_UNSPEC:
934 break;
935
936 default:
937 goto error;
938 break;
939 }
940 success = 1;
941
942 error:
943 if (success == 0) {
944 key_free(k);
945 k = NULL;
946 }
947 return (k);
948 }
949
950
951 //
952 // �L�[����������������
953 //
954 void key_free(Key *key)
955 {
956 if (key == NULL) {
957 return;
958 }
959
960 switch (key->type) {
961 case KEY_RSA1:
962 case KEY_RSA:
963 if (key->rsa != NULL)
964 RSA_free(key->rsa);
965 key->rsa = NULL;
966 break;
967
968 case KEY_DSA:
969 if (key->dsa != NULL)
970 DSA_free(key->dsa);
971 key->dsa = NULL;
972 break;
973
974 case KEY_ECDSA256:
975 case KEY_ECDSA384:
976 case KEY_ECDSA521:
977 if (key->ecdsa != NULL)
978 EC_KEY_free(key->ecdsa);
979 key->ecdsa = NULL;
980 break;
981
982 case KEY_ED25519:
983 if (key->ed25519_pk) {
984 memset(key->ed25519_pk, 0, ED25519_PK_SZ);
985 free(key->ed25519_pk);
986 key->ed25519_pk = NULL;
987 }
988 if (key->ed25519_sk) {
989 memset(key->ed25519_sk, 0, ED25519_SK_SZ);
990 free(key->ed25519_sk);
991 key->ed25519_sk = NULL;
992 }
993 break;
994 }
995 free(key);
996 }
997
998 //
999 // �L�[���������������p����
1000 //
1001 char *get_sshname_from_key(Key *key)
1002 {
1003 return get_ssh_keytype_name(key->type);
1004 }
1005
1006 //
1007 // �L�[������������������������
1008 //
1009 ssh_keytype get_keytype_from_name(char *name)
1010 {
1011 if (strcmp(name, "rsa1") == 0) {
1012 return KEY_RSA1;
1013 } else if (strcmp(name, "rsa") == 0) {
1014 return KEY_RSA;
1015 } else if (strcmp(name, "dsa") == 0) {
1016 return KEY_DSA;
1017 } else if (strcmp(name, "ssh-rsa") == 0) {
1018 return KEY_RSA;
1019 } else if (strcmp(name, "ssh-dss") == 0) {
1020 return KEY_DSA;
1021 } else if (strcmp(name, "ecdsa-sha2-nistp256") == 0) {
1022 return KEY_ECDSA256;
1023 } else if (strcmp(name, "ecdsa-sha2-nistp384") == 0) {
1024 return KEY_ECDSA384;
1025 } else if (strcmp(name, "ecdsa-sha2-nistp521") == 0) {
1026 return KEY_ECDSA521;
1027 } else if (strcmp(name, "ssh-ed25519") == 0) {
1028 return KEY_ED25519;
1029 }
1030 return KEY_UNSPEC;
1031 }
1032
1033
1034 ssh_keytype key_curve_name_to_keytype(char *name)
1035 {
1036 if (strcmp(name, "nistp256") == 0) {
1037 return KEY_ECDSA256;
1038 } else if (strcmp(name, "nistp384") == 0) {
1039 return KEY_ECDSA384;
1040 } else if (strcmp(name, "nistp521") == 0) {
1041 return KEY_ECDSA521;
1042 }
1043 return KEY_UNSPEC;
1044 }
1045
1046 char *curve_keytype_to_name(ssh_keytype type)
1047 {
1048 switch (type) {
1049 case KEY_ECDSA256:
1050 return "nistp256";
1051 break;
1052 case KEY_ECDSA384:
1053 return "nistp384";
1054 break;
1055 case KEY_ECDSA521:
1056 return "nistp521";
1057 break;
1058 }
1059 return NULL;
1060 }
1061
1062 //
1063 // �L�[���������o�b�t�@���������� (for SSH2)
1064 // NOTE:
1065 //
1066 int key_to_blob(Key *key, char **blobp, int *lenp)
1067 {
1068 buffer_t *b;
1069 char *sshname, *tmp;
1070 int len;
1071 int ret = 1; // success
1072
1073 b = buffer_init();
1074 sshname = get_sshname_from_key(key);
1075
1076 switch (key->type) {
1077 case KEY_RSA:
1078 buffer_put_string(b, sshname, strlen(sshname));
1079 buffer_put_bignum2(b, key->rsa->e);
1080 buffer_put_bignum2(b, key->rsa->n);
1081 break;
1082 case KEY_DSA:
1083 buffer_put_string(b, sshname, strlen(sshname));
1084 buffer_put_bignum2(b, key->dsa->p);
1085 buffer_put_bignum2(b, key->dsa->q);
1086 buffer_put_bignum2(b, key->dsa->g);
1087 buffer_put_bignum2(b, key->dsa->pub_key);
1088 break;
1089 case KEY_ECDSA256:
1090 case KEY_ECDSA384:
1091 case KEY_ECDSA521:
1092 buffer_put_string(b, sshname, strlen(sshname));
1093 tmp = curve_keytype_to_name(key->type);
1094 buffer_put_string(b, tmp, strlen(tmp));
1095 buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa),
1096 EC_KEY_get0_public_key(key->ecdsa));
1097 break;
1098 case KEY_ED25519:
1099 buffer_put_cstring(b, sshname);
1100 buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ);
1101 break;
1102
1103 default:
1104 ret = 0;
1105 goto error;
1106 }
1107
1108 len = buffer_len(b);
1109 if (lenp != NULL)
1110 *lenp = len;
1111 if (blobp != NULL) {
1112 *blobp = malloc(len);
1113 if (*blobp == NULL) {
1114 ret = 0;
1115 goto error;
1116 }
1117 memcpy(*blobp, buffer_ptr(b), len);
1118 }
1119
1120 error:
1121 buffer_free(b);
1122
1123 return (ret);
1124 }
1125
1126
1127 //
1128 // �o�b�t�@�����L�[�����������o��(for SSH2)
1129 // NOTE: ���l���A���P�[�g���������������A�����o�������������������B
1130 //
1131 Key *key_from_blob(char *data, int blen)
1132 {
1133 int keynamelen, len;
1134 char key[128];
1135 RSA *rsa = NULL;
1136 DSA *dsa = NULL;
1137 EC_KEY *ecdsa = NULL;
1138 EC_POINT *q = NULL;
1139 char *curve = NULL;
1140 Key *hostkey = NULL; // hostkey
1141 ssh_keytype type;
1142 unsigned char *pk = NULL;
1143
1144 if (data == NULL)
1145 goto error;
1146
1147 hostkey = malloc(sizeof(Key));
1148 if (hostkey == NULL)
1149 goto error;
1150
1151 memset(hostkey, 0, sizeof(Key));
1152
1153 keynamelen = get_uint32_MSBfirst(data);
1154 if (keynamelen >= sizeof(key)) {
1155 goto error;
1156 }
1157 data += 4;
1158 memcpy(key, data, keynamelen);
1159 key[keynamelen] = 0;
1160 data += keynamelen;
1161
1162 type = get_keytype_from_name(key);
1163
1164 switch (type) {
1165 case KEY_RSA: // RSA key
1166 rsa = RSA_new();
1167 if (rsa == NULL) {
1168 goto error;
1169 }
1170 rsa->n = BN_new();
1171 rsa->e = BN_new();
1172 if (rsa->n == NULL || rsa->e == NULL) {
1173 goto error;
1174 }
1175
1176 buffer_get_bignum2(&data, rsa->e);
1177 buffer_get_bignum2(&data, rsa->n);
1178
1179 hostkey->type = type;
1180 hostkey->rsa = rsa;
1181 break;
1182
1183 case KEY_DSA: // DSA key
1184 dsa = DSA_new();
1185 if (dsa == NULL) {
1186 goto error;
1187 }
1188 dsa->p = BN_new();
1189 dsa->q = BN_new();
1190 dsa->g = BN_new();
1191 dsa->pub_key = BN_new();
1192 if (dsa->p == NULL ||
1193 dsa->q == NULL ||
1194 dsa->g == NULL ||
1195 dsa->pub_key == NULL) {
1196 goto error;
1197 }
1198
1199 buffer_get_bignum2(&data, dsa->p);
1200 buffer_get_bignum2(&data, dsa->q);
1201 buffer_get_bignum2(&data, dsa->g);
1202 buffer_get_bignum2(&data, dsa->pub_key);
1203
1204 hostkey->type = type;
1205 hostkey->dsa = dsa;
1206 break;
1207
1208 case KEY_ECDSA256: // ECDSA
1209 case KEY_ECDSA384:
1210 case KEY_ECDSA521:
1211 curve = buffer_get_string(&data, NULL);
1212 if (type != key_curve_name_to_keytype(curve)) {
1213 goto error;
1214 }
1215
1216 ecdsa = EC_KEY_new_by_curve_name(keytype_to_cipher_nid(type));
1217 if (ecdsa == NULL) {
1218 goto error;
1219 }
1220
1221 q = EC_POINT_new(EC_KEY_get0_group(ecdsa));
1222 if (q == NULL) {
1223 goto error;
1224 }
1225
1226 buffer_get_ecpoint(&data, EC_KEY_get0_group(ecdsa), q);
1227 if (key_ec_validate_public(EC_KEY_get0_group(ecdsa), q) == -1) {
1228 goto error;
1229 }
1230
1231 if (EC_KEY_set_public_key(ecdsa, q) != 1) {
1232 goto error;
1233 }
1234
1235 hostkey->type = type;
1236 hostkey->ecdsa = ecdsa;
1237 break;
1238
1239 case KEY_ED25519:
1240 pk = buffer_get_string(&data, &len);
1241 if (pk == NULL)
1242 goto error;
1243 if (len != ED25519_PK_SZ)
1244 goto error;
1245
1246 hostkey->type = type;
1247 hostkey->ed25519_pk = pk;
1248 pk = NULL;
1249 break;
1250
1251 default: // unknown key
1252 goto error;
1253 }
1254
1255 return (hostkey);
1256
1257 error:
1258 if (rsa != NULL)
1259 RSA_free(rsa);
1260 if (dsa != NULL)
1261 DSA_free(dsa);
1262 if (ecdsa != NULL)
1263 EC_KEY_free(ecdsa);
1264
1265 free(hostkey);
1266
1267 return NULL;
1268 }
1269
1270
1271 static int ssh_ed25519_sign(Key *key, char **sigp, int *lenp, char *data, int datalen)
1272 {
1273 char *sig;
1274 int slen, len;
1275 unsigned long long smlen;
1276 int ret;
1277 buffer_t *b;
1278
1279 smlen = slen = datalen + crypto_sign_ed25519_BYTES;
1280 sig = malloc(slen);
1281
1282 if ((ret = crypto_sign_ed25519(sig, &smlen, data, datalen,
1283 key->ed25519_sk)) != 0 || smlen <= datalen) {
1284 //error("%s: crypto_sign_ed25519 failed: %d", __func__, ret);
1285 free(sig);
1286 return -1;
1287 }
1288 /* encode signature */
1289 b = buffer_init();
1290 buffer_put_cstring(b, "ssh-ed25519");
1291 buffer_put_string(b, sig, (int)(smlen - datalen));
1292 len = buffer_len(b);
1293 if (lenp != NULL)
1294 *lenp = len;
1295 if (sigp != NULL) {
1296 *sigp = malloc(len);
1297 memcpy(*sigp, buffer_ptr(b), len);
1298 }
1299 buffer_free(b);
1300 memset(sig, 's', slen);
1301 free(sig);
1302
1303 return 0;
1304 }
1305
1306
1307 BOOL generate_SSH2_keysign(Key *keypair, char **sigptr, int *siglen, char *data, int datalen)
1308 {
1309 buffer_t *msg = NULL;
1310 char *s;
1311 int ret;
1312
1313 msg = buffer_init();
1314 if (msg == NULL) {
1315 // TODO: error check
1316 return FALSE;
1317 }
1318
1319 switch (keypair->type) {
1320 case KEY_RSA: // RSA
1321 {
1322 const EVP_MD *evp_md = EVP_sha1();
1323 EVP_MD_CTX md;
1324 u_char digest[EVP_MAX_MD_SIZE], *sig;
1325 u_int slen, dlen, len;
1326 int ok, nid = NID_sha1;
1327
1328 // �_�C�W�F�X�g�l���v�Z
1329 EVP_DigestInit(&md, evp_md);
1330 EVP_DigestUpdate(&md, data, datalen);
1331 EVP_DigestFinal(&md, digest, &dlen);
1332
1333 slen = RSA_size(keypair->rsa);
1334 sig = malloc(slen);
1335 if (sig == NULL)
1336 goto error;
1337
1338 // �d�q�������v�Z
1339 ok = RSA_sign(nid, digest, dlen, sig, &len, keypair->rsa);
1340 memset(digest, 'd', sizeof(digest));
1341 if (ok != 1) { // error
1342 free(sig);
1343 goto error;
1344 }
1345 // �������T�C�Y���o�b�t�@���������������A�������������B�������[�����������B
1346 if (len < slen) {
1347 u_int diff = slen - len;
1348 memmove(sig + diff, sig, len);
1349 memset(sig, 0, diff);
1350
1351 } else if (len > slen) {
1352 free(sig);
1353 goto error;
1354
1355 } else {
1356 // do nothing
1357
1358 }
1359
1360 s = get_sshname_from_key(keypair);
1361 buffer_put_string(msg, s, strlen(s));
1362 buffer_append_length(msg, sig, slen);
1363 len = buffer_len(msg);
1364
1365 // setting
1366 *siglen = len;
1367 *sigptr = malloc(len);
1368 if (*sigptr == NULL) {
1369 free(sig);
1370 goto error;
1371 }
1372 memcpy(*sigptr, buffer_ptr(msg), len);
1373 free(sig);
1374
1375 break;
1376 }
1377 case KEY_DSA: // DSA
1378 {
1379 DSA_SIG *sig;
1380 const EVP_MD *evp_md = EVP_sha1();
1381 EVP_MD_CTX md;
1382 u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
1383 u_int rlen, slen, len, dlen;
1384
1385 // �_�C�W�F�X�g���v�Z
1386 EVP_DigestInit(&md, evp_md);
1387 EVP_DigestUpdate(&md, data, datalen);
1388 EVP_DigestFinal(&md, digest, &dlen);
1389
1390 // DSA�d�q�������v�Z
1391 sig = DSA_do_sign(digest, dlen, keypair->dsa);
1392 memset(digest, 'd', sizeof(digest));
1393 if (sig == NULL) {
1394 goto error;
1395 }
1396
1397 // BIGNUM�����o�C�i���l��������
1398 rlen = BN_num_bytes(sig->r);
1399 slen = BN_num_bytes(sig->s);
1400 if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
1401 DSA_SIG_free(sig);
1402 goto error;
1403 }
1404 memset(sigblob, 0, SIGBLOB_LEN);
1405 BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
1406 BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
1407 DSA_SIG_free(sig);
1408
1409 // setting
1410 s = get_sshname_from_key(keypair);
1411 buffer_put_string(msg, s, strlen(s));
1412 buffer_append_length(msg, sigblob, sizeof(sigblob));
1413 len = buffer_len(msg);
1414
1415 // setting
1416 *siglen = len;
1417 *sigptr = malloc(len);
1418 if (*sigptr == NULL) {
1419 goto error;
1420 }
1421 memcpy(*sigptr, buffer_ptr(msg), len);
1422
1423 break;
1424 }
1425 case KEY_ECDSA256: // ECDSA
1426 case KEY_ECDSA384:
1427 case KEY_ECDSA521:
1428 {
1429 ECDSA_SIG *sig;
1430 const EVP_MD *evp_md;
1431 EVP_MD_CTX md;
1432 u_char digest[EVP_MAX_MD_SIZE];
1433 u_int len, dlen, nid;
1434 buffer_t *buf2 = NULL;
1435
1436 nid = keytype_to_hash_nid(keypair->type);
1437 if ((evp_md = EVP_get_digestbynid(nid)) == NULL) {
1438 goto error;
1439 }
1440 EVP_DigestInit(&md, evp_md);
1441 EVP_DigestUpdate(&md, data, datalen);
1442 EVP_DigestFinal(&md, digest, &dlen);
1443
1444 sig = ECDSA_do_sign(digest, dlen, keypair->ecdsa);
1445 memset(digest, 'd', sizeof(digest));
1446
1447 if (sig == NULL) {
1448 goto error;
1449 }
1450
1451 buf2 = buffer_init();
1452 if (buf2 == NULL) {
1453 // TODO: error check
1454 goto error;
1455 }
1456 buffer_put_bignum2(buf2, sig->r);
1457 buffer_put_bignum2(buf2, sig->s);
1458 ECDSA_SIG_free(sig);
1459
1460 s = get_sshname_from_key(keypair);
1461 buffer_put_string(msg, s, strlen(s));
1462 buffer_put_string(msg, buffer_ptr(buf2), buffer_len(buf2));
1463 buffer_free(buf2);
1464 len = buffer_len(msg);
1465
1466 *siglen = len;
1467 *sigptr = malloc(len);
1468 if (*sigptr == NULL) {
1469 goto error;
1470 }
1471 memcpy(*sigptr, buffer_ptr(msg), len);
1472
1473 break;
1474 }
1475
1476 case KEY_ED25519:
1477 ret = ssh_ed25519_sign(keypair, sigptr, siglen, data, datalen);
1478 if (ret != 0)
1479 goto error;
1480 break;
1481
1482 default:
1483 buffer_free(msg);
1484 return FALSE;
1485 break;
1486 }
1487
1488 buffer_free(msg);
1489 return TRUE;
1490
1491 error:
1492 buffer_free(msg);
1493
1494 return FALSE;
1495 }
1496
1497
1498 BOOL get_SSH2_publickey_blob(PTInstVar pvar, buffer_t **blobptr, int *bloblen)
1499 {
1500 buffer_t *msg = NULL;
1501 Key *keypair;
1502 char *s, *tmp;
1503
1504 msg = buffer_init();
1505 if (msg == NULL) {
1506 // TODO: error check
1507 return FALSE;
1508 }
1509
1510 keypair = pvar->auth_state.cur_cred.key_pair;
1511
1512 switch (keypair->type) {
1513 case KEY_RSA: // RSA
1514 s = get_sshname_from_key(keypair);
1515 buffer_put_string(msg, s, strlen(s));
1516 buffer_put_bignum2(msg, keypair->rsa->e); // ���J�w��
1517 buffer_put_bignum2(msg, keypair->rsa->n); // p�~q
1518 break;
1519 case KEY_DSA: // DSA
1520 s = get_sshname_from_key(keypair);
1521 buffer_put_string(msg, s, strlen(s));
1522 buffer_put_bignum2(msg, keypair->dsa->p); // �f��
1523 buffer_put_bignum2(msg, keypair->dsa->q); // (p-1)���f����
1524 buffer_put_bignum2(msg, keypair->dsa->g); // ����
1525 buffer_put_bignum2(msg, keypair->dsa->pub_key); // ���J��
1526 break;
1527 case KEY_ECDSA256: // ECDSA
1528 case KEY_ECDSA384:
1529 case KEY_ECDSA521:
1530 s = get_sshname_from_key(keypair);
1531 buffer_put_string(msg, s, strlen(s));
1532 tmp = curve_keytype_to_name(keypair->type);
1533 buffer_put_string(msg, tmp, strlen(tmp));
1534 buffer_put_ecpoint(msg, EC_KEY_get0_group(keypair->ecdsa),
1535 EC_KEY_get0_public_key(keypair->ecdsa));
1536 break;
1537 case KEY_ED25519:
1538 s = get_sshname_from_key(keypair);
1539 buffer_put_cstring(msg, s);
1540 buffer_put_string(msg, keypair->ed25519_pk, ED25519_PK_SZ);
1541 break;
1542 default:
1543 return FALSE;
1544 }
1545
1546 *blobptr = msg;
1547 *bloblen = buffer_len(msg);
1548
1549 return TRUE;
1550 }
1551
1552 int kextype_to_cipher_nid(kex_algorithm type)
1553 {
1554 switch (type) {
1555 case KEX_ECDH_SHA2_256:
1556 return NID_X9_62_prime256v1;
1557 case KEX_ECDH_SHA2_384:
1558 return NID_secp384r1;
1559 case KEX_ECDH_SHA2_521:
1560 return NID_secp521r1;
1561 }
1562 return NID_undef;
1563 }
1564
1565 int keytype_to_hash_nid(ssh_keytype type)
1566 {
1567 switch (type) {
1568 case KEY_ECDSA256:
1569 return NID_sha256;
1570 case KEY_ECDSA384:
1571 return NID_sha384;
1572 case KEY_ECDSA521:
1573 return NID_sha512;
1574 }
1575 return NID_undef;
1576 }
1577
1578 int keytype_to_cipher_nid(ssh_keytype type)
1579 {
1580 switch (type) {
1581 case KEY_ECDSA256:
1582 return NID_X9_62_prime256v1;
1583 case KEY_ECDSA384:
1584 return NID_secp384r1;
1585 case KEY_ECDSA521:
1586 return NID_secp521r1;
1587 }
1588 return NID_undef;
1589 }
1590
1591 ssh_keytype nid_to_keytype(int nid)
1592 {
1593 switch (nid) {
1594 case NID_X9_62_prime256v1:
1595 return KEY_ECDSA256;
1596 case NID_secp384r1:
1597 return KEY_ECDSA384;
1598 case NID_secp521r1:
1599 return KEY_ECDSA521;
1600 }
1601 return KEY_UNSPEC;
1602 }
1603
1604 void key_private_serialize(Key *key, buffer_t *b)
1605 {
1606 char *s;
1607
1608 s = get_sshname_from_key(key);
1609 buffer_put_cstring(b, s);
1610
1611 switch (key->type) {
1612 case KEY_RSA:
1613 buffer_put_bignum2(b, key->rsa->n);
1614 buffer_put_bignum2(b, key->rsa->e);
1615 buffer_put_bignum2(b, key->rsa->d);
1616 buffer_put_bignum2(b, key->rsa->iqmp);
1617 buffer_put_bignum2(b, key->rsa->p);
1618 buffer_put_bignum2(b, key->rsa->q);
1619 break;
1620
1621 case KEY_DSA:
1622 buffer_put_bignum2(b, key->dsa->p);
1623 buffer_put_bignum2(b, key->dsa->q);
1624 buffer_put_bignum2(b, key->dsa->g);
1625 buffer_put_bignum2(b, key->dsa->pub_key);
1626 buffer_put_bignum2(b, key->dsa->priv_key);
1627 break;
1628
1629 case KEY_ECDSA256:
1630 case KEY_ECDSA384:
1631 case KEY_ECDSA521:
1632 buffer_put_cstring(b, curve_keytype_to_name(key->type));
1633 buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa),
1634 EC_KEY_get0_public_key(key->ecdsa));
1635 buffer_put_bignum2(b, (BIGNUM *)EC_KEY_get0_private_key(key->ecdsa));
1636 break;
1637
1638 case KEY_ED25519:
1639 buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ);
1640 buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ);
1641 break;
1642
1643 default:
1644 break;
1645 }
1646 }
1647
1648 /* calculate p-1 and q-1 */
1649 static void rsa_generate_additional_parameters(RSA *rsa)
1650 {
1651 BIGNUM *aux = NULL;
1652 BN_CTX *ctx = NULL;
1653
1654 if ((aux = BN_new()) == NULL)
1655 goto error;
1656 if ((ctx = BN_CTX_new()) == NULL)
1657 goto error;
1658
1659 if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) ||
1660 (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) ||
1661 (BN_sub(aux, rsa->p, BN_value_one()) == 0) ||
1662 (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0))
1663 goto error;
1664
1665 error:
1666 if (aux)
1667 BN_clear_free(aux);
1668 if (ctx)
1669 BN_CTX_free(ctx);
1670 }
1671
1672 static int key_ec_validate_private(EC_KEY *key)
1673 {
1674 BN_CTX *bnctx = NULL;
1675 BIGNUM *order, *tmp;
1676 int ret = -1;
1677
1678 if ((bnctx = BN_CTX_new()) == NULL)
1679 goto out;
1680 BN_CTX_start(bnctx);
1681
1682 if ((order = BN_CTX_get(bnctx)) == NULL ||
1683 (tmp = BN_CTX_get(bnctx)) == NULL)
1684 goto out;
1685
1686 /* log2(private) > log2(order)/2 */
1687 if (EC_GROUP_get_order(EC_KEY_get0_group(key), order, bnctx) != 1)
1688 goto out;
1689 if (BN_num_bits(EC_KEY_get0_private_key(key)) <=
1690 BN_num_bits(order) / 2) {
1691 goto out;
1692 }
1693
1694 /* private < order - 1 */
1695 if (!BN_sub(tmp, order, BN_value_one()))
1696 goto out;
1697 if (BN_cmp(EC_KEY_get0_private_key(key), tmp) >= 0) {
1698 goto out;
1699 }
1700 ret = 0;
1701
1702 out:
1703 if (bnctx)
1704 BN_CTX_free(bnctx);
1705 return ret;
1706 }
1707
1708 Key *key_private_deserialize(buffer_t *blob)
1709 {
1710 int success = 0;
1711 char *type_name = NULL;
1712 Key *k = NULL;
1713 unsigned int pklen, sklen;
1714 int type;
1715
1716 type_name = buffer_get_string_msg(blob, NULL);
1717 if (type_name == NULL)
1718 goto error;
1719 type = get_keytype_from_name(type_name);
1720
1721 k = key_new_private(type);
1722
1723 switch (type) {
1724 case KEY_RSA:
1725 buffer_get_bignum2_msg(blob, k->rsa->n);
1726 buffer_get_bignum2_msg(blob, k->rsa->e);
1727 buffer_get_bignum2_msg(blob, k->rsa->d);
1728 buffer_get_bignum2_msg(blob, k->rsa->iqmp);
1729 buffer_get_bignum2_msg(blob, k->rsa->p);
1730 buffer_get_bignum2_msg(blob, k->rsa->q);
1731
1732 /* Generate additional parameters */
1733 rsa_generate_additional_parameters(k->rsa);
1734 break;
1735
1736 case KEY_DSA:
1737 buffer_get_bignum2_msg(blob, k->dsa->p);
1738 buffer_get_bignum2_msg(blob, k->dsa->q);
1739 buffer_get_bignum2_msg(blob, k->dsa->g);
1740 buffer_get_bignum2_msg(blob, k->dsa->pub_key);
1741 buffer_get_bignum2_msg(blob, k->dsa->priv_key);
1742 break;
1743
1744 case KEY_ECDSA256:
1745 case KEY_ECDSA384:
1746 case KEY_ECDSA521:
1747 {
1748 int success = 0;
1749 unsigned int nid;
1750 char *curve = NULL;
1751 ssh_keytype skt;
1752 BIGNUM *exponent = NULL;
1753 EC_POINT *q = NULL;
1754
1755 nid = keytype_to_cipher_nid(type);
1756 curve = buffer_get_string_msg(blob, NULL);
1757 skt = key_curve_name_to_keytype(curve);
1758 if (nid != keytype_to_cipher_nid(skt))
1759 goto ecdsa_error;
1760
1761 k->ecdsa = EC_KEY_new_by_curve_name(nid);
1762 if (k->ecdsa == NULL)
1763 goto ecdsa_error;
1764
1765 q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa));
1766 if (q == NULL)
1767 goto ecdsa_error;
1768
1769 if ((exponent = BN_new()) == NULL)
1770 goto ecdsa_error;
1771 buffer_get_ecpoint_msg(blob,
1772 EC_KEY_get0_group(k->ecdsa), q);
1773 buffer_get_bignum2_msg(blob, exponent);
1774 if (EC_KEY_set_public_key(k->ecdsa, q) != 1)
1775 goto ecdsa_error;
1776 if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
1777 goto ecdsa_error;
1778 if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
1779 EC_KEY_get0_public_key(k->ecdsa)) != 0)
1780 goto ecdsa_error;
1781 if (key_ec_validate_private(k->ecdsa) != 0)
1782 goto ecdsa_error;
1783
1784 success = 1;
1785
1786 ecdsa_error:
1787 free(curve);
1788 if (exponent)
1789 BN_clear_free(exponent);
1790 if (q)
1791 EC_POINT_free(q);
1792 if (success == 0)
1793 goto error;
1794 }
1795 break;
1796
1797 case KEY_ED25519:
1798 k->ed25519_pk = buffer_get_string_msg(blob, &pklen);
1799 k->ed25519_sk = buffer_get_string_msg(blob, &sklen);
1800 if (pklen != ED25519_PK_SZ)
1801 goto error;
1802 if (sklen != ED25519_SK_SZ)
1803 goto error;
1804 break;
1805
1806 default:
1807 goto error;
1808 break;
1809 }
1810
1811 /* enable blinding */
1812 switch (k->type) {
1813 case KEY_RSA1:
1814 case KEY_RSA:
1815 if (RSA_blinding_on(k->rsa, NULL) != 1)
1816 goto error;
1817 break;
1818 }
1819
1820 success = 1;
1821
1822 error:
1823 free(type_name);
1824
1825 if (success == 0) {
1826 key_free(k);
1827 k = NULL;
1828 }
1829
1830 return (k);
1831 }
1832
1833
1834 static void hostkeys_update_ctx_free(struct hostkeys_update_ctx *ctx)
1835 {
1836 size_t i;
1837
1838 if (ctx == NULL)
1839 return;
1840 for (i = 0; i < ctx->nkeys; i++)
1841 key_free(ctx->keys[i]);
1842 free(ctx->keys);
1843 free(ctx->keys_seen);
1844 for (i = 0; i < ctx->nold; i++)
1845 key_free(ctx->old_keys[i]);
1846 free(ctx->old_keys);
1847 free(ctx->host_str);
1848 free(ctx->ip_str);
1849 free(ctx);
1850 }
1851
1852
1853 // �����������z�X�g���A���S���Y�������`�F�b�N�����B
1854 //
1855 // return 1: matched
1856 // 0: not matched
1857 //
1858 static int check_hostkey_algorithm(PTInstVar pvar, Key *key)
1859 {
1860 int ret = 0;
1861 int i, index;
1862
1863 for (i = 0; pvar->settings.HostKeyOrder[i] != 0; i++) {
1864 index = pvar->settings.HostKeyOrder[i] - '0';
1865 if (index == KEY_NONE) // disabled line
1866 break;
1867
1868 if (strcmp(get_sshname_from_key(key), get_ssh_keytype_name(index)) == 0)
1869 return 1;
1870 }
1871
1872 return (ret);
1873 }
1874
1875 //
1876 // SSH�T�[�o�z�X�g��(known_hosts)�������X�V(OpenSSH 6.8 or later: host key rotation support)
1877 //
1878 // return 1: success
1879 // 0: fail
1880 //
1881 int update_client_input_hostkeys(PTInstVar pvar, char *dataptr, int datalen)
1882 {
1883 int success = 1; // OpenSSH 6.8�����������A�����������������������������������A
1884 // �������������� Tera Term �������������������������B
1885 int len;
1886 char *cp, *fp;
1887 char msg[128];
1888 unsigned char *blob = NULL;
1889 buffer_t *b = NULL;
1890 struct hostkeys_update_ctx *ctx = NULL;
1891 Key *key = NULL;
1892
1893 // Tera Term���������A���Y�@�\���I���I�t�����������������������B
1894 if (pvar->settings.UpdateHostkeys == 0) {
1895 _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Hostkey was not updated because ts.UpdateHostkeys is disabled.");
1896 notify_verbose_message(pvar, msg, LOG_LEVEL_VERBOSE);
1897 goto error;
1898 }
1899
1900 ctx = calloc(1, sizeof(struct hostkeys_update_ctx));
1901 if (ctx == NULL)
1902 goto error;
1903
1904 b = buffer_init();
1905 if (b == NULL)
1906 goto error;
1907
1908 cp = buffer_append_space(b, datalen);
1909 memcpy(cp, dataptr, datalen);
1910
1911 while (buffer_remain_len(b) > 0) {
1912 key_free(key);
1913 key = NULL;
1914
1915 blob = buffer_get_string_msg(b, &len);
1916 key = key_from_blob(blob, len);
1917 if (key == NULL) {
1918 _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Not found host key into blob %p (%d)", blob, len);
1919 notify_verbose_message(pvar, msg, LOG_LEVEL_VERBOSE);
1920 goto error;
1921 }
1922 free(blob);
1923 blob = NULL;
1924
1925 fp = key_fingerprint(key, SSH_FP_HEX);
1926 _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Received %s host key %s",
1927 get_sshname_from_key(key), fp);
1928 notify_verbose_message(pvar, msg, LOG_LEVEL_VERBOSE);
1929 free(fp);
1930
1931 // �����������z�X�g�L�[�A���S���Y�������`�F�b�N�����B
1932 if (check_hostkey_algorithm(pvar, key) == 0) {
1933 _snprintf_s(msg, sizeof(msg), _TRUNCATE, "%s host key is not permitted by ts.HostKeyOrder",
1934 get_sshname_from_key(key));
1935 notify_verbose_message(pvar, msg, LOG_LEVEL_VERBOSE);
1936 continue;
1937 }
1938
1939
1940 }
1941
1942 success = 1;
1943
1944 error:
1945 buffer_free(b);
1946 hostkeys_update_ctx_free(ctx);
1947 free(blob);
1948
1949 return (success);
1950 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
About OSDN
Find Software
Develop Software
Help