summaryrefslogtreecommitdiff
path: root/dsa.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2000-04-29 23:57:08 +1000
committerDamien Miller <djm@mindrot.org>2000-04-29 23:57:08 +1000
commiteba71bab9bf01c0d688f829a8971f902732558df (patch)
treea9d5b50568bfc10cc50291fd3604debfaf3e3783 /dsa.c
parent8117111a3c1360727e3c54aad31aa045e7a7871b (diff)
- Merge big update to OpenSSH-2.0 from OpenBSD CVS
[README.openssh2] - interop w/ F-secure windows client - sync documentation - ssh_host_dsa_key not ssh_dsa_key [auth-rsa.c] - missing fclose [auth.c authfile.c compat.c dsa.c dsa.h hostfile.c key.c key.h radix.c] [readconf.c readconf.h ssh-add.c ssh-keygen.c ssh.c ssh.h sshconnect.c] [sshd.c uuencode.c uuencode.h authfile.h] - add DSA pubkey auth and other SSH2 fixes. use ssh-keygen -[xX] for trading keys with the real and the original SSH, directly from the people who invented the SSH protocol. [auth.c auth.h authfile.c sshconnect.c auth1.c auth2.c sshconnect.h] [sshconnect1.c sshconnect2.c] - split auth/sshconnect in one file per protocol version [sshconnect2.c] - remove debug [uuencode.c] - add trailing = [version.h] - OpenSSH-2.0 [ssh-keygen.1 ssh-keygen.c] - add -R flag: exit code indicates if RSA is alive [sshd.c] - remove unused silent if -Q is specified [ssh.h] - host key becomes /etc/ssh_host_dsa_key [readconf.c servconf.c ] - ssh/sshd default to proto 1 and 2 [uuencode.c] - remove debug [auth2.c ssh-keygen.c sshconnect2.c sshd.c] - xfree DSA blobs [auth2.c serverloop.c session.c] - cleanup logging for sshd/2, respect PasswordAuth no [sshconnect2.c] - less debug, respect .ssh/config [README.openssh2 channels.c channels.h] - clientloop.c session.c ssh.c - support for x11-fwding, client+server
Diffstat (limited to 'dsa.c')
-rw-r--r--dsa.c78
1 files changed, 37 insertions, 41 deletions
diff --git a/dsa.c b/dsa.c
index 1594c14f5..a4f6d3e78 100644
--- a/dsa.c
+++ b/dsa.c
@@ -28,7 +28,7 @@
28 */ 28 */
29 29
30#include "includes.h" 30#include "includes.h"
31RCSID("$Id: dsa.c,v 1.4 2000/04/14 10:30:31 markus Exp $"); 31RCSID("$Id: dsa.c,v 1.5 2000/04/26 20:56:29 markus Exp $");
32 32
33#include "ssh.h" 33#include "ssh.h"
34#include "xmalloc.h" 34#include "xmalloc.h"
@@ -47,13 +47,14 @@ RCSID("$Id: dsa.c,v 1.4 2000/04/14 10:30:31 markus Exp $");
47#include <openssl/hmac.h> 47#include <openssl/hmac.h>
48#include "kex.h" 48#include "kex.h"
49#include "key.h" 49#include "key.h"
50#include "uuencode.h"
50 51
51#define INTBLOB_LEN 20 52#define INTBLOB_LEN 20
52#define SIGBLOB_LEN (2*INTBLOB_LEN) 53#define SIGBLOB_LEN (2*INTBLOB_LEN)
53 54
54Key * 55Key *
55dsa_serverkey_from_blob( 56dsa_key_from_blob(
56 char *serverhostkey, int serverhostkeylen) 57 char *blob, int blen)
57{ 58{
58 Buffer b; 59 Buffer b;
59 char *ktype; 60 char *ktype;
@@ -61,14 +62,17 @@ dsa_serverkey_from_blob(
61 DSA *dsa; 62 DSA *dsa;
62 Key *key; 63 Key *key;
63 64
65#ifdef DEBUG_DSS
66 dump_base64(blob, blen);
67#endif
64 /* fetch & parse DSA/DSS pubkey */ 68 /* fetch & parse DSA/DSS pubkey */
65 key = key_new(KEY_DSA); 69 key = key_new(KEY_DSA);
66 dsa = key->dsa; 70 dsa = key->dsa;
67 buffer_init(&b); 71 buffer_init(&b);
68 buffer_append(&b, serverhostkey, serverhostkeylen); 72 buffer_append(&b, blob, blen);
69 ktype = buffer_get_string(&b, NULL); 73 ktype = buffer_get_string(&b, NULL);
70 if (strcmp(KEX_DSS, ktype) != 0) { 74 if (strcmp(KEX_DSS, ktype) != 0) {
71 error("dsa_serverkey_from_blob: cannot handle type %s", ktype); 75 error("dsa_key_from_blob: cannot handle type %s", ktype);
72 key_free(key); 76 key_free(key);
73 return NULL; 77 return NULL;
74 } 78 }
@@ -78,7 +82,7 @@ dsa_serverkey_from_blob(
78 buffer_get_bignum2(&b, dsa->pub_key); 82 buffer_get_bignum2(&b, dsa->pub_key);
79 rlen = buffer_len(&b); 83 rlen = buffer_len(&b);
80 if(rlen != 0) 84 if(rlen != 0)
81 error("dsa_serverkey_from_blob: remaining bytes in serverhostkey %d", rlen); 85 error("dsa_key_from_blob: remaining bytes in key blob %d", rlen);
82 buffer_free(&b); 86 buffer_free(&b);
83 87
84 debug("keytype %s", ktype); 88 debug("keytype %s", ktype);
@@ -87,37 +91,8 @@ dsa_serverkey_from_blob(
87#endif 91#endif
88 return key; 92 return key;
89} 93}
90DSA *
91dsa_load_private(char *filename)
92{
93 DSA *dsa;
94 BIO *in;
95
96 in = BIO_new(BIO_s_file());
97 if (in == NULL)
98 fatal("BIO_new failed");
99 if (BIO_read_filename(in, filename) <= 0)
100 fatal("BIO_read failed %s: %s", filename, strerror(errno));
101 fprintf(stderr, "read DSA private key\n");
102 dsa = PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
103 if (dsa == NULL)
104 fatal("PEM_read_bio_DSAPrivateKey failed %s", filename);
105 BIO_free(in);
106 return dsa;
107}
108Key *
109dsa_get_serverkey(char *filename)
110{
111 Key *k = key_new(KEY_EMPTY);
112 k->type = KEY_DSA;
113 k->dsa = dsa_load_private(filename);
114#ifdef DEBUG_DSS
115 DSA_print_fp(stderr, dsa, 8);
116#endif
117 return k;
118}
119int 94int
120dsa_make_serverkey_blob(Key *key, unsigned char **blobp, unsigned int *lenp) 95dsa_make_key_blob(Key *key, unsigned char **blobp, unsigned int *lenp)
121{ 96{
122 Buffer b; 97 Buffer b;
123 int len; 98 int len;
@@ -146,7 +121,7 @@ int
146dsa_sign( 121dsa_sign(
147 Key *key, 122 Key *key,
148 unsigned char **sigp, int *lenp, 123 unsigned char **sigp, int *lenp,
149 unsigned char *hash, int hlen) 124 unsigned char *data, int datalen)
150{ 125{
151 unsigned char *digest; 126 unsigned char *digest;
152 unsigned char *ret; 127 unsigned char *ret;
@@ -165,10 +140,13 @@ dsa_sign(
165 } 140 }
166 digest = xmalloc(evp_md->md_size); 141 digest = xmalloc(evp_md->md_size);
167 EVP_DigestInit(&md, evp_md); 142 EVP_DigestInit(&md, evp_md);
168 EVP_DigestUpdate(&md, hash, hlen); 143 EVP_DigestUpdate(&md, data, datalen);
169 EVP_DigestFinal(&md, digest, NULL); 144 EVP_DigestFinal(&md, digest, NULL);
170 145
171 sig = DSA_do_sign(digest, evp_md->md_size, key->dsa); 146 sig = DSA_do_sign(digest, evp_md->md_size, key->dsa);
147 if (sig == NULL) {
148 fatal("dsa_sign: cannot sign");
149 }
172 150
173 rlen = BN_num_bytes(sig->r); 151 rlen = BN_num_bytes(sig->r);
174 slen = BN_num_bytes(sig->s); 152 slen = BN_num_bytes(sig->s);
@@ -212,7 +190,7 @@ int
212dsa_verify( 190dsa_verify(
213 Key *key, 191 Key *key,
214 unsigned char *signature, int signaturelen, 192 unsigned char *signature, int signaturelen,
215 unsigned char *hash, int hlen) 193 unsigned char *data, int datalen)
216{ 194{
217 Buffer b; 195 Buffer b;
218 unsigned char *digest; 196 unsigned char *digest;
@@ -269,10 +247,10 @@ dsa_verify(
269 xfree(sigblob); 247 xfree(sigblob);
270 } 248 }
271 249
272 /* sha1 the signed data (== session_id == hash) */ 250 /* sha1 the data */
273 digest = xmalloc(evp_md->md_size); 251 digest = xmalloc(evp_md->md_size);
274 EVP_DigestInit(&md, evp_md); 252 EVP_DigestInit(&md, evp_md);
275 EVP_DigestUpdate(&md, hash, hlen); 253 EVP_DigestUpdate(&md, data, datalen);
276 EVP_DigestFinal(&md, digest, NULL); 254 EVP_DigestFinal(&md, digest, NULL);
277 255
278 ret = DSA_do_verify(digest, evp_md->md_size, sig, key->dsa); 256 ret = DSA_do_verify(digest, evp_md->md_size, sig, key->dsa);
@@ -296,3 +274,21 @@ dsa_verify(
296 debug("dsa_verify: signature %s", txt); 274 debug("dsa_verify: signature %s", txt);
297 return ret; 275 return ret;
298} 276}
277
278Key *
279dsa_generate_key(unsigned int bits)
280{
281 DSA *dsa = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
282 Key *k;
283 if (dsa == NULL) {
284 fatal("DSA_generate_parameters failed");
285 }
286 if (!DSA_generate_key(dsa)) {
287 fatal("DSA_generate_keys failed");
288 }
289
290 k = key_new(KEY_EMPTY);
291 k->type = KEY_DSA;
292 k->dsa = dsa;
293 return k;
294}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-08 09:10:03 +0000