diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | rsa.c | 22 | ||||
-rw-r--r-- | rsa.h | 4 | ||||
-rw-r--r-- | ssh-agent.c | 25 | ||||
-rw-r--r-- | ssh-keygen.c | 71 |
5 files changed, 85 insertions, 42 deletions
@@ -6,6 +6,9 @@ | |||
6 | - markus@cvs.openbsd.org 2001/03/26 23:12:42 | 6 | - markus@cvs.openbsd.org 2001/03/26 23:12:42 |
7 | [authfile.c] | 7 | [authfile.c] |
8 | KNF | 8 | KNF |
9 | - markus@cvs.openbsd.org 2001/03/26 23:23:24 | ||
10 | [rsa.c rsa.h ssh-agent.c ssh-keygen.c] | ||
11 | try to read private f-secure ssh v2 rsa keys. | ||
9 | 12 | ||
10 | 20010328 | 13 | 20010328 |
11 | - (djm) Reorder tests and library inclusion for Krb4/AFS to try to | 14 | - (djm) Reorder tests and library inclusion for Krb4/AFS to try to |
@@ -4744,4 +4747,4 @@ | |||
4744 | - Wrote replacements for strlcpy and mkdtemp | 4747 | - Wrote replacements for strlcpy and mkdtemp |
4745 | - Released 1.0pre1 | 4748 | - Released 1.0pre1 |
4746 | 4749 | ||
4747 | $Id: ChangeLog,v 1.1027 2001/03/29 00:28:37 mouring Exp $ | 4750 | $Id: ChangeLog,v 1.1028 2001/03/29 00:29:54 mouring Exp $ |
@@ -60,7 +60,7 @@ | |||
60 | */ | 60 | */ |
61 | 61 | ||
62 | #include "includes.h" | 62 | #include "includes.h" |
63 | RCSID("$OpenBSD: rsa.c,v 1.21 2001/02/04 15:32:24 stevesk Exp $"); | 63 | RCSID("$OpenBSD: rsa.c,v 1.22 2001/03/26 23:23:23 markus Exp $"); |
64 | 64 | ||
65 | #include "rsa.h" | 65 | #include "rsa.h" |
66 | #include "log.h" | 66 | #include "log.h" |
@@ -119,3 +119,23 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) | |||
119 | xfree(inbuf); | 119 | xfree(inbuf); |
120 | return len; | 120 | return len; |
121 | } | 121 | } |
122 | |||
123 | void | ||
124 | generate_additional_parameters(RSA *rsa) | ||
125 | { | ||
126 | BIGNUM *aux; | ||
127 | BN_CTX *ctx; | ||
128 | /* Generate additional parameters */ | ||
129 | aux = BN_new(); | ||
130 | ctx = BN_CTX_new(); | ||
131 | |||
132 | BN_sub(aux, rsa->q, BN_value_one()); | ||
133 | BN_mod(rsa->dmq1, rsa->d, aux, ctx); | ||
134 | |||
135 | BN_sub(aux, rsa->p, BN_value_one()); | ||
136 | BN_mod(rsa->dmp1, rsa->d, aux, ctx); | ||
137 | |||
138 | BN_clear_free(aux); | ||
139 | BN_CTX_free(ctx); | ||
140 | } | ||
141 | |||
@@ -11,7 +11,7 @@ | |||
11 | * called by a name other than "ssh" or "Secure Shell". | 11 | * called by a name other than "ssh" or "Secure Shell". |
12 | */ | 12 | */ |
13 | 13 | ||
14 | /* RCSID("$OpenBSD: rsa.h,v 1.10 2001/01/29 19:47:30 markus Exp $"); */ | 14 | /* RCSID("$OpenBSD: rsa.h,v 1.11 2001/03/26 23:23:24 markus Exp $"); */ |
15 | 15 | ||
16 | #ifndef RSA_H | 16 | #ifndef RSA_H |
17 | #define RSA_H | 17 | #define RSA_H |
@@ -22,4 +22,6 @@ | |||
22 | void rsa_public_encrypt __P((BIGNUM * out, BIGNUM * in, RSA * prv)); | 22 | void rsa_public_encrypt __P((BIGNUM * out, BIGNUM * in, RSA * prv)); |
23 | int rsa_private_decrypt __P((BIGNUM * out, BIGNUM * in, RSA * prv)); | 23 | int rsa_private_decrypt __P((BIGNUM * out, BIGNUM * in, RSA * prv)); |
24 | 24 | ||
25 | void generate_additional_parameters __P((RSA *rsa)); | ||
26 | |||
25 | #endif /* RSA_H */ | 27 | #endif /* RSA_H */ |
diff --git a/ssh-agent.c b/ssh-agent.c index 8c4b5397c..6a0c0d07f 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.52 2001/03/06 00:33:04 deraadt Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.53 2001/03/26 23:23:24 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -37,7 +37,7 @@ | |||
37 | */ | 37 | */ |
38 | 38 | ||
39 | #include "includes.h" | 39 | #include "includes.h" |
40 | RCSID("$OpenBSD: ssh-agent.c,v 1.52 2001/03/06 00:33:04 deraadt Exp $"); | 40 | RCSID("$OpenBSD: ssh-agent.c,v 1.53 2001/03/26 23:23:24 markus Exp $"); |
41 | 41 | ||
42 | #include <openssl/evp.h> | 42 | #include <openssl/evp.h> |
43 | #include <openssl/md5.h> | 43 | #include <openssl/md5.h> |
@@ -361,25 +361,6 @@ process_remove_all_identities(SocketEntry *e, int version) | |||
361 | } | 361 | } |
362 | 362 | ||
363 | void | 363 | void |
364 | generate_additional_parameters(RSA *rsa) | ||
365 | { | ||
366 | BIGNUM *aux; | ||
367 | BN_CTX *ctx; | ||
368 | /* Generate additional parameters */ | ||
369 | aux = BN_new(); | ||
370 | ctx = BN_CTX_new(); | ||
371 | |||
372 | BN_sub(aux, rsa->q, BN_value_one()); | ||
373 | BN_mod(rsa->dmq1, rsa->d, aux, ctx); | ||
374 | |||
375 | BN_sub(aux, rsa->p, BN_value_one()); | ||
376 | BN_mod(rsa->dmp1, rsa->d, aux, ctx); | ||
377 | |||
378 | BN_clear_free(aux); | ||
379 | BN_CTX_free(ctx); | ||
380 | } | ||
381 | |||
382 | void | ||
383 | process_add_identity(SocketEntry *e, int version) | 364 | process_add_identity(SocketEntry *e, int version) |
384 | { | 365 | { |
385 | Key *k = NULL; | 366 | Key *k = NULL; |
@@ -738,6 +719,8 @@ main(int ac, char **av) | |||
738 | extern int optind; | 719 | extern int optind; |
739 | fd_set *readsetp = NULL, *writesetp = NULL; | 720 | fd_set *readsetp = NULL, *writesetp = NULL; |
740 | 721 | ||
722 | SSLeay_add_all_algorithms(); | ||
723 | |||
741 | __progname = get_progname(av[0]); | 724 | __progname = get_progname(av[0]); |
742 | init_rng(); | 725 | init_rng(); |
743 | seed_rng(); | 726 | seed_rng(); |
diff --git a/ssh-keygen.c b/ssh-keygen.c index b3074e8de..496393ff0 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -12,13 +12,14 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.52 2001/03/26 08:07:09 markus Exp $"); | 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.53 2001/03/26 23:23:24 markus Exp $"); |
16 | 16 | ||
17 | #include <openssl/evp.h> | 17 | #include <openssl/evp.h> |
18 | #include <openssl/pem.h> | 18 | #include <openssl/pem.h> |
19 | 19 | ||
20 | #include "xmalloc.h" | 20 | #include "xmalloc.h" |
21 | #include "key.h" | 21 | #include "key.h" |
22 | #include "rsa.h" | ||
22 | #include "authfile.h" | 23 | #include "authfile.h" |
23 | #include "uuencode.h" | 24 | #include "uuencode.h" |
24 | #include "buffer.h" | 25 | #include "buffer.h" |
@@ -169,8 +170,10 @@ buffer_get_bignum_bits(Buffer *b, BIGNUM *value) | |||
169 | { | 170 | { |
170 | int bits = buffer_get_int(b); | 171 | int bits = buffer_get_int(b); |
171 | int bytes = (bits + 7) / 8; | 172 | int bytes = (bits + 7) / 8; |
173 | |||
172 | if (buffer_len(b) < bytes) | 174 | if (buffer_len(b) < bytes) |
173 | fatal("buffer_get_bignum_bits: input buffer too small"); | 175 | fatal("buffer_get_bignum_bits: input buffer too small: " |
176 | "need %d have %d", bytes, buffer_len(b)); | ||
174 | BN_bin2bn((u_char *)buffer_ptr(b), bytes, value); | 177 | BN_bin2bn((u_char *)buffer_ptr(b), bytes, value); |
175 | buffer_consume(b, bytes); | 178 | buffer_consume(b, bytes); |
176 | } | 179 | } |
@@ -179,9 +182,8 @@ Key * | |||
179 | do_convert_private_ssh2_from_blob(char *blob, int blen) | 182 | do_convert_private_ssh2_from_blob(char *blob, int blen) |
180 | { | 183 | { |
181 | Buffer b; | 184 | Buffer b; |
182 | DSA *dsa; | ||
183 | Key *key = NULL; | 185 | Key *key = NULL; |
184 | int ignore, magic, rlen; | 186 | int ignore, magic, rlen, ktype; |
185 | char *type, *cipher; | 187 | char *type, *cipher; |
186 | 188 | ||
187 | buffer_init(&b); | 189 | buffer_init(&b); |
@@ -199,33 +201,64 @@ do_convert_private_ssh2_from_blob(char *blob, int blen) | |||
199 | ignore = buffer_get_int(&b); | 201 | ignore = buffer_get_int(&b); |
200 | ignore = buffer_get_int(&b); | 202 | ignore = buffer_get_int(&b); |
201 | ignore = buffer_get_int(&b); | 203 | ignore = buffer_get_int(&b); |
202 | xfree(type); | ||
203 | 204 | ||
204 | if (strcmp(cipher, "none") != 0) { | 205 | if (strcmp(cipher, "none") != 0) { |
205 | error("unsupported cipher %s", cipher); | 206 | error("unsupported cipher %s", cipher); |
206 | xfree(cipher); | 207 | xfree(cipher); |
207 | buffer_free(&b); | 208 | buffer_free(&b); |
209 | xfree(type); | ||
208 | return NULL; | 210 | return NULL; |
209 | } | 211 | } |
210 | xfree(cipher); | 212 | xfree(cipher); |
211 | 213 | ||
212 | key = key_new(KEY_DSA); | 214 | if (strstr(type, "dsa")) { |
213 | dsa = key->dsa; | 215 | ktype = KEY_DSA; |
214 | dsa->priv_key = BN_new(); | 216 | } else if (strstr(type, "rsa")) { |
215 | if (dsa->priv_key == NULL) { | 217 | ktype = KEY_RSA; |
216 | error("alloc priv_key failed"); | 218 | } else { |
217 | key_free(key); | 219 | xfree(type); |
218 | return NULL; | 220 | return NULL; |
219 | } | 221 | } |
220 | buffer_get_bignum_bits(&b, dsa->p); | 222 | key = key_new_private(ktype); |
221 | buffer_get_bignum_bits(&b, dsa->g); | 223 | xfree(type); |
222 | buffer_get_bignum_bits(&b, dsa->q); | 224 | |
223 | buffer_get_bignum_bits(&b, dsa->pub_key); | 225 | switch (key->type) { |
224 | buffer_get_bignum_bits(&b, dsa->priv_key); | 226 | case KEY_DSA: |
227 | buffer_get_bignum_bits(&b, key->dsa->p); | ||
228 | buffer_get_bignum_bits(&b, key->dsa->g); | ||
229 | buffer_get_bignum_bits(&b, key->dsa->q); | ||
230 | buffer_get_bignum_bits(&b, key->dsa->pub_key); | ||
231 | buffer_get_bignum_bits(&b, key->dsa->priv_key); | ||
232 | break; | ||
233 | case KEY_RSA: | ||
234 | if (!BN_set_word(key->rsa->e, (u_long) buffer_get_char(&b))) { | ||
235 | buffer_free(&b); | ||
236 | key_free(key); | ||
237 | return NULL; | ||
238 | } | ||
239 | buffer_get_bignum_bits(&b, key->rsa->d); | ||
240 | buffer_get_bignum_bits(&b, key->rsa->n); | ||
241 | buffer_get_bignum_bits(&b, key->rsa->iqmp); | ||
242 | buffer_get_bignum_bits(&b, key->rsa->q); | ||
243 | buffer_get_bignum_bits(&b, key->rsa->p); | ||
244 | generate_additional_parameters(key->rsa); | ||
245 | break; | ||
246 | } | ||
225 | rlen = buffer_len(&b); | 247 | rlen = buffer_len(&b); |
226 | if(rlen != 0) | 248 | if(rlen != 0) |
227 | error("do_convert_private_ssh2_from_blob: remaining bytes in key blob %d", rlen); | 249 | error("do_convert_private_ssh2_from_blob: " |
250 | "remaining bytes in key blob %d", rlen); | ||
228 | buffer_free(&b); | 251 | buffer_free(&b); |
252 | #ifdef DEBUG_PK | ||
253 | { | ||
254 | u_int slen; | ||
255 | u_char *sig, data[10] = "abcde12345"; | ||
256 | |||
257 | key_sign(key, &sig, &slen, data, sizeof data); | ||
258 | key_verify(key, sig, slen, data, sizeof data); | ||
259 | free(sig); | ||
260 | } | ||
261 | #endif | ||
229 | return key; | 262 | return key; |
230 | } | 263 | } |
231 | 264 | ||
@@ -288,7 +321,9 @@ do_convert_from_ssh2(struct passwd *pw) | |||
288 | exit(1); | 321 | exit(1); |
289 | } | 322 | } |
290 | ok = private ? | 323 | ok = private ? |
291 | PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, NULL, 0, NULL, NULL) : | 324 | (k->type == KEY_DSA ? |
325 | PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, NULL, 0, NULL, NULL) : | ||
326 | PEM_write_RSAPrivateKey(stdout, k->rsa, NULL, NULL, 0, NULL, NULL)) : | ||
292 | key_write(k, stdout); | 327 | key_write(k, stdout); |
293 | if (!ok) { | 328 | if (!ok) { |
294 | fprintf(stderr, "key write failed"); | 329 | fprintf(stderr, "key write failed"); |