diff options
| author | Damien Miller <djm@mindrot.org> | 2013-12-07 10:40:26 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-12-07 10:40:26 +1100 |
| commit | f0e9060d236c0e38bec2fa1c6579fb0a2ea6458d (patch) | |
| tree | 3ad8b9719e35b7f7e0a4ae2d012f6e8ee5160dcc /ssh-agent.c | |
| parent | 0f8536da23a6ef26e6495177c0d8a4242b710289 (diff) | |
- markus@cvs.openbsd.org 2013/12/06 13:30:08
[authfd.c key.c key.h ssh-agent.c]
move private key (de)serialization to key.c; ok djm
Diffstat (limited to 'ssh-agent.c')
| -rw-r--r-- | ssh-agent.c | 133 |
1 files changed, 11 insertions, 122 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index c3b11729c..0196f8f6b 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-agent.c,v 1.177 2013/07/20 01:50:20 djm Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.178 2013/12/06 13:30:08 markus Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -464,16 +464,9 @@ process_add_identity(SocketEntry *e, int version) | |||
| 464 | Idtab *tab = idtab_lookup(version); | 464 | Idtab *tab = idtab_lookup(version); |
| 465 | Identity *id; | 465 | Identity *id; |
| 466 | int type, success = 0, confirm = 0; | 466 | int type, success = 0, confirm = 0; |
| 467 | char *type_name, *comment; | 467 | char *comment; |
| 468 | time_t death = 0; | 468 | time_t death = 0; |
| 469 | Key *k = NULL; | 469 | Key *k = NULL; |
| 470 | #ifdef OPENSSL_HAS_ECC | ||
| 471 | BIGNUM *exponent; | ||
| 472 | EC_POINT *q; | ||
| 473 | char *curve; | ||
| 474 | #endif | ||
| 475 | u_char *cert; | ||
| 476 | u_int len; | ||
| 477 | 470 | ||
| 478 | switch (version) { | 471 | switch (version) { |
| 479 | case 1: | 472 | case 1: |
| @@ -490,125 +483,21 @@ process_add_identity(SocketEntry *e, int version) | |||
| 490 | 483 | ||
| 491 | /* Generate additional parameters */ | 484 | /* Generate additional parameters */ |
| 492 | rsa_generate_additional_parameters(k->rsa); | 485 | rsa_generate_additional_parameters(k->rsa); |
| 493 | break; | 486 | |
| 494 | case 2: | 487 | /* enable blinding */ |
| 495 | type_name = buffer_get_string(&e->request, NULL); | ||
| 496 | type = key_type_from_name(type_name); | ||
| 497 | switch (type) { | ||
| 498 | case KEY_DSA: | ||
| 499 | k = key_new_private(type); | ||
| 500 | buffer_get_bignum2(&e->request, k->dsa->p); | ||
| 501 | buffer_get_bignum2(&e->request, k->dsa->q); | ||
| 502 | buffer_get_bignum2(&e->request, k->dsa->g); | ||
| 503 | buffer_get_bignum2(&e->request, k->dsa->pub_key); | ||
| 504 | buffer_get_bignum2(&e->request, k->dsa->priv_key); | ||
| 505 | break; | ||
| 506 | case KEY_DSA_CERT_V00: | ||
| 507 | case KEY_DSA_CERT: | ||
| 508 | cert = buffer_get_string(&e->request, &len); | ||
| 509 | if ((k = key_from_blob(cert, len)) == NULL) | ||
| 510 | fatal("Certificate parse failed"); | ||
| 511 | free(cert); | ||
| 512 | key_add_private(k); | ||
| 513 | buffer_get_bignum2(&e->request, k->dsa->priv_key); | ||
| 514 | break; | ||
| 515 | #ifdef OPENSSL_HAS_ECC | ||
| 516 | case KEY_ECDSA: | ||
| 517 | k = key_new_private(type); | ||
| 518 | k->ecdsa_nid = key_ecdsa_nid_from_name(type_name); | ||
| 519 | curve = buffer_get_string(&e->request, NULL); | ||
| 520 | if (k->ecdsa_nid != key_curve_name_to_nid(curve)) | ||
| 521 | fatal("%s: curve names mismatch", __func__); | ||
| 522 | free(curve); | ||
| 523 | k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); | ||
| 524 | if (k->ecdsa == NULL) | ||
| 525 | fatal("%s: EC_KEY_new_by_curve_name failed", | ||
| 526 | __func__); | ||
| 527 | q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa)); | ||
| 528 | if (q == NULL) | ||
| 529 | fatal("%s: BN_new failed", __func__); | ||
| 530 | if ((exponent = BN_new()) == NULL) | ||
| 531 | fatal("%s: BN_new failed", __func__); | ||
| 532 | buffer_get_ecpoint(&e->request, | ||
| 533 | EC_KEY_get0_group(k->ecdsa), q); | ||
| 534 | buffer_get_bignum2(&e->request, exponent); | ||
| 535 | if (EC_KEY_set_public_key(k->ecdsa, q) != 1) | ||
| 536 | fatal("%s: EC_KEY_set_public_key failed", | ||
| 537 | __func__); | ||
| 538 | if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) | ||
| 539 | fatal("%s: EC_KEY_set_private_key failed", | ||
| 540 | __func__); | ||
| 541 | if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), | ||
| 542 | EC_KEY_get0_public_key(k->ecdsa)) != 0) | ||
| 543 | fatal("%s: bad ECDSA public key", __func__); | ||
| 544 | if (key_ec_validate_private(k->ecdsa) != 0) | ||
| 545 | fatal("%s: bad ECDSA private key", __func__); | ||
| 546 | BN_clear_free(exponent); | ||
| 547 | EC_POINT_free(q); | ||
| 548 | break; | ||
| 549 | case KEY_ECDSA_CERT: | ||
| 550 | cert = buffer_get_string(&e->request, &len); | ||
| 551 | if ((k = key_from_blob(cert, len)) == NULL) | ||
| 552 | fatal("Certificate parse failed"); | ||
| 553 | free(cert); | ||
| 554 | key_add_private(k); | ||
| 555 | if ((exponent = BN_new()) == NULL) | ||
| 556 | fatal("%s: BN_new failed", __func__); | ||
| 557 | buffer_get_bignum2(&e->request, exponent); | ||
| 558 | if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) | ||
| 559 | fatal("%s: EC_KEY_set_private_key failed", | ||
| 560 | __func__); | ||
| 561 | if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), | ||
| 562 | EC_KEY_get0_public_key(k->ecdsa)) != 0 || | ||
| 563 | key_ec_validate_private(k->ecdsa) != 0) | ||
| 564 | fatal("%s: bad ECDSA key", __func__); | ||
| 565 | BN_clear_free(exponent); | ||
| 566 | break; | ||
| 567 | #endif /* OPENSSL_HAS_ECC */ | ||
| 568 | case KEY_RSA: | ||
| 569 | k = key_new_private(type); | ||
| 570 | buffer_get_bignum2(&e->request, k->rsa->n); | ||
| 571 | buffer_get_bignum2(&e->request, k->rsa->e); | ||
| 572 | buffer_get_bignum2(&e->request, k->rsa->d); | ||
| 573 | buffer_get_bignum2(&e->request, k->rsa->iqmp); | ||
| 574 | buffer_get_bignum2(&e->request, k->rsa->p); | ||
| 575 | buffer_get_bignum2(&e->request, k->rsa->q); | ||
| 576 | |||
| 577 | /* Generate additional parameters */ | ||
| 578 | rsa_generate_additional_parameters(k->rsa); | ||
| 579 | break; | ||
| 580 | case KEY_RSA_CERT_V00: | ||
| 581 | case KEY_RSA_CERT: | ||
| 582 | cert = buffer_get_string(&e->request, &len); | ||
| 583 | if ((k = key_from_blob(cert, len)) == NULL) | ||
| 584 | fatal("Certificate parse failed"); | ||
| 585 | free(cert); | ||
| 586 | key_add_private(k); | ||
| 587 | buffer_get_bignum2(&e->request, k->rsa->d); | ||
| 588 | buffer_get_bignum2(&e->request, k->rsa->iqmp); | ||
| 589 | buffer_get_bignum2(&e->request, k->rsa->p); | ||
| 590 | buffer_get_bignum2(&e->request, k->rsa->q); | ||
| 591 | break; | ||
| 592 | default: | ||
| 593 | free(type_name); | ||
| 594 | buffer_clear(&e->request); | ||
| 595 | goto send; | ||
| 596 | } | ||
| 597 | free(type_name); | ||
| 598 | break; | ||
| 599 | } | ||
| 600 | /* enable blinding */ | ||
| 601 | switch (k->type) { | ||
| 602 | case KEY_RSA: | ||
| 603 | case KEY_RSA_CERT_V00: | ||
| 604 | case KEY_RSA_CERT: | ||
| 605 | case KEY_RSA1: | ||
| 606 | if (RSA_blinding_on(k->rsa, NULL) != 1) { | 488 | if (RSA_blinding_on(k->rsa, NULL) != 1) { |
| 607 | error("process_add_identity: RSA_blinding_on failed"); | 489 | error("process_add_identity: RSA_blinding_on failed"); |
| 608 | key_free(k); | 490 | key_free(k); |
| 609 | goto send; | 491 | goto send; |
| 610 | } | 492 | } |
| 611 | break; | 493 | break; |
| 494 | case 2: | ||
| 495 | k = key_private_deserialize(&e->request); | ||
| 496 | if (k == NULL) { | ||
| 497 | buffer_clear(&e->request); | ||
| 498 | goto send; | ||
| 499 | } | ||
| 500 | break; | ||
| 612 | } | 501 | } |
| 613 | comment = buffer_get_string(&e->request, NULL); | 502 | comment = buffer_get_string(&e->request, NULL); |
| 614 | if (k == NULL) { | 503 | if (k == NULL) { |