summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--rsa.c22
-rw-r--r--rsa.h4
-rw-r--r--ssh-agent.c25
-rw-r--r--ssh-keygen.c71
5 files changed, 85 insertions, 42 deletions
diff --git a/ChangeLog b/ChangeLog
index 41ea13fba..bf670de5a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,9 @@
6 - markus@cvs.openbsd.org 2001/03/26 23:12:42 6 - markus@cvs.openbsd.org 2001/03/26 23:12:42
7 [authfile.c] 7 [authfile.c]
8 KNF 8 KNF
9 - markus@cvs.openbsd.org 2001/03/26 23:23:24
10 [rsa.c rsa.h ssh-agent.c ssh-keygen.c]
11 try to read private f-secure ssh v2 rsa keys.
9 12
1020010328 1320010328
11 - (djm) Reorder tests and library inclusion for Krb4/AFS to try to 14 - (djm) Reorder tests and library inclusion for Krb4/AFS to try to
@@ -4744,4 +4747,4 @@
4744 - Wrote replacements for strlcpy and mkdtemp 4747 - Wrote replacements for strlcpy and mkdtemp
4745 - Released 1.0pre1 4748 - Released 1.0pre1
4746 4749
4747$Id: ChangeLog,v 1.1027 2001/03/29 00:28:37 mouring Exp $ 4750$Id: ChangeLog,v 1.1028 2001/03/29 00:29:54 mouring Exp $
diff --git a/rsa.c b/rsa.c
index 626553149..f69f99606 100644
--- a/rsa.c
+++ b/rsa.c
@@ -60,7 +60,7 @@
60 */ 60 */
61 61
62#include "includes.h" 62#include "includes.h"
63RCSID("$OpenBSD: rsa.c,v 1.21 2001/02/04 15:32:24 stevesk Exp $"); 63RCSID("$OpenBSD: rsa.c,v 1.22 2001/03/26 23:23:23 markus Exp $");
64 64
65#include "rsa.h" 65#include "rsa.h"
66#include "log.h" 66#include "log.h"
@@ -119,3 +119,23 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
119 xfree(inbuf); 119 xfree(inbuf);
120 return len; 120 return len;
121} 121}
122
123void
124generate_additional_parameters(RSA *rsa)
125{
126 BIGNUM *aux;
127 BN_CTX *ctx;
128 /* Generate additional parameters */
129 aux = BN_new();
130 ctx = BN_CTX_new();
131
132 BN_sub(aux, rsa->q, BN_value_one());
133 BN_mod(rsa->dmq1, rsa->d, aux, ctx);
134
135 BN_sub(aux, rsa->p, BN_value_one());
136 BN_mod(rsa->dmp1, rsa->d, aux, ctx);
137
138 BN_clear_free(aux);
139 BN_CTX_free(ctx);
140}
141
diff --git a/rsa.h b/rsa.h
index 713d31281..d3d2c9964 100644
--- a/rsa.h
+++ b/rsa.h
@@ -11,7 +11,7 @@
11 * called by a name other than "ssh" or "Secure Shell". 11 * called by a name other than "ssh" or "Secure Shell".
12 */ 12 */
13 13
14/* RCSID("$OpenBSD: rsa.h,v 1.10 2001/01/29 19:47:30 markus Exp $"); */ 14/* RCSID("$OpenBSD: rsa.h,v 1.11 2001/03/26 23:23:24 markus Exp $"); */
15 15
16#ifndef RSA_H 16#ifndef RSA_H
17#define RSA_H 17#define RSA_H
@@ -22,4 +22,6 @@
22void rsa_public_encrypt __P((BIGNUM * out, BIGNUM * in, RSA * prv)); 22void rsa_public_encrypt __P((BIGNUM * out, BIGNUM * in, RSA * prv));
23int rsa_private_decrypt __P((BIGNUM * out, BIGNUM * in, RSA * prv)); 23int rsa_private_decrypt __P((BIGNUM * out, BIGNUM * in, RSA * prv));
24 24
25void generate_additional_parameters __P((RSA *rsa));
26
25#endif /* RSA_H */ 27#endif /* RSA_H */
diff --git a/ssh-agent.c b/ssh-agent.c
index 8c4b5397c..6a0c0d07f 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.52 2001/03/06 00:33:04 deraadt Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.53 2001/03/26 23:23:24 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: ssh-agent.c,v 1.52 2001/03/06 00:33:04 deraadt Exp $"); 40RCSID("$OpenBSD: ssh-agent.c,v 1.53 2001/03/26 23:23:24 markus Exp $");
41 41
42#include <openssl/evp.h> 42#include <openssl/evp.h>
43#include <openssl/md5.h> 43#include <openssl/md5.h>
@@ -361,25 +361,6 @@ process_remove_all_identities(SocketEntry *e, int version)
361} 361}
362 362
363void 363void
364generate_additional_parameters(RSA *rsa)
365{
366 BIGNUM *aux;
367 BN_CTX *ctx;
368 /* Generate additional parameters */
369 aux = BN_new();
370 ctx = BN_CTX_new();
371
372 BN_sub(aux, rsa->q, BN_value_one());
373 BN_mod(rsa->dmq1, rsa->d, aux, ctx);
374
375 BN_sub(aux, rsa->p, BN_value_one());
376 BN_mod(rsa->dmp1, rsa->d, aux, ctx);
377
378 BN_clear_free(aux);
379 BN_CTX_free(ctx);
380}
381
382void
383process_add_identity(SocketEntry *e, int version) 364process_add_identity(SocketEntry *e, int version)
384{ 365{
385 Key *k = NULL; 366 Key *k = NULL;
@@ -738,6 +719,8 @@ main(int ac, char **av)
738 extern int optind; 719 extern int optind;
739 fd_set *readsetp = NULL, *writesetp = NULL; 720 fd_set *readsetp = NULL, *writesetp = NULL;
740 721
722 SSLeay_add_all_algorithms();
723
741 __progname = get_progname(av[0]); 724 __progname = get_progname(av[0]);
742 init_rng(); 725 init_rng();
743 seed_rng(); 726 seed_rng();
diff --git a/ssh-keygen.c b/ssh-keygen.c
index b3074e8de..496393ff0 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,13 +12,14 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: ssh-keygen.c,v 1.52 2001/03/26 08:07:09 markus Exp $"); 15RCSID("$OpenBSD: ssh-keygen.c,v 1.53 2001/03/26 23:23:24 markus Exp $");
16 16
17#include <openssl/evp.h> 17#include <openssl/evp.h>
18#include <openssl/pem.h> 18#include <openssl/pem.h>
19 19
20#include "xmalloc.h" 20#include "xmalloc.h"
21#include "key.h" 21#include "key.h"
22#include "rsa.h"
22#include "authfile.h" 23#include "authfile.h"
23#include "uuencode.h" 24#include "uuencode.h"
24#include "buffer.h" 25#include "buffer.h"
@@ -169,8 +170,10 @@ buffer_get_bignum_bits(Buffer *b, BIGNUM *value)
169{ 170{
170 int bits = buffer_get_int(b); 171 int bits = buffer_get_int(b);
171 int bytes = (bits + 7) / 8; 172 int bytes = (bits + 7) / 8;
173
172 if (buffer_len(b) < bytes) 174 if (buffer_len(b) < bytes)
173 fatal("buffer_get_bignum_bits: input buffer too small"); 175 fatal("buffer_get_bignum_bits: input buffer too small: "
176 "need %d have %d", bytes, buffer_len(b));
174 BN_bin2bn((u_char *)buffer_ptr(b), bytes, value); 177 BN_bin2bn((u_char *)buffer_ptr(b), bytes, value);
175 buffer_consume(b, bytes); 178 buffer_consume(b, bytes);
176} 179}
@@ -179,9 +182,8 @@ Key *
179do_convert_private_ssh2_from_blob(char *blob, int blen) 182do_convert_private_ssh2_from_blob(char *blob, int blen)
180{ 183{
181 Buffer b; 184 Buffer b;
182 DSA *dsa;
183 Key *key = NULL; 185 Key *key = NULL;
184 int ignore, magic, rlen; 186 int ignore, magic, rlen, ktype;
185 char *type, *cipher; 187 char *type, *cipher;
186 188
187 buffer_init(&b); 189 buffer_init(&b);
@@ -199,33 +201,64 @@ do_convert_private_ssh2_from_blob(char *blob, int blen)
199 ignore = buffer_get_int(&b); 201 ignore = buffer_get_int(&b);
200 ignore = buffer_get_int(&b); 202 ignore = buffer_get_int(&b);
201 ignore = buffer_get_int(&b); 203 ignore = buffer_get_int(&b);
202 xfree(type);
203 204
204 if (strcmp(cipher, "none") != 0) { 205 if (strcmp(cipher, "none") != 0) {
205 error("unsupported cipher %s", cipher); 206 error("unsupported cipher %s", cipher);
206 xfree(cipher); 207 xfree(cipher);
207 buffer_free(&b); 208 buffer_free(&b);
209 xfree(type);
208 return NULL; 210 return NULL;
209 } 211 }
210 xfree(cipher); 212 xfree(cipher);
211 213
212 key = key_new(KEY_DSA); 214 if (strstr(type, "dsa")) {
213 dsa = key->dsa; 215 ktype = KEY_DSA;
214 dsa->priv_key = BN_new(); 216 } else if (strstr(type, "rsa")) {
215 if (dsa->priv_key == NULL) { 217 ktype = KEY_RSA;
216 error("alloc priv_key failed"); 218 } else {
217 key_free(key); 219 xfree(type);
218 return NULL; 220 return NULL;
219 } 221 }
220 buffer_get_bignum_bits(&b, dsa->p); 222 key = key_new_private(ktype);
221 buffer_get_bignum_bits(&b, dsa->g); 223 xfree(type);
222 buffer_get_bignum_bits(&b, dsa->q); 224
223 buffer_get_bignum_bits(&b, dsa->pub_key); 225 switch (key->type) {
224 buffer_get_bignum_bits(&b, dsa->priv_key); 226 case KEY_DSA:
227 buffer_get_bignum_bits(&b, key->dsa->p);
228 buffer_get_bignum_bits(&b, key->dsa->g);
229 buffer_get_bignum_bits(&b, key->dsa->q);
230 buffer_get_bignum_bits(&b, key->dsa->pub_key);
231 buffer_get_bignum_bits(&b, key->dsa->priv_key);
232 break;
233 case KEY_RSA:
234 if (!BN_set_word(key->rsa->e, (u_long) buffer_get_char(&b))) {
235 buffer_free(&b);
236 key_free(key);
237 return NULL;
238 }
239 buffer_get_bignum_bits(&b, key->rsa->d);
240 buffer_get_bignum_bits(&b, key->rsa->n);
241 buffer_get_bignum_bits(&b, key->rsa->iqmp);
242 buffer_get_bignum_bits(&b, key->rsa->q);
243 buffer_get_bignum_bits(&b, key->rsa->p);
244 generate_additional_parameters(key->rsa);
245 break;
246 }
225 rlen = buffer_len(&b); 247 rlen = buffer_len(&b);
226 if(rlen != 0) 248 if(rlen != 0)
227 error("do_convert_private_ssh2_from_blob: remaining bytes in key blob %d", rlen); 249 error("do_convert_private_ssh2_from_blob: "
250 "remaining bytes in key blob %d", rlen);
228 buffer_free(&b); 251 buffer_free(&b);
252#ifdef DEBUG_PK
253 {
254 u_int slen;
255 u_char *sig, data[10] = "abcde12345";
256
257 key_sign(key, &sig, &slen, data, sizeof data);
258 key_verify(key, sig, slen, data, sizeof data);
259 free(sig);
260 }
261#endif
229 return key; 262 return key;
230} 263}
231 264
@@ -288,7 +321,9 @@ do_convert_from_ssh2(struct passwd *pw)
288 exit(1); 321 exit(1);
289 } 322 }
290 ok = private ? 323 ok = private ?
291 PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, NULL, 0, NULL, NULL) : 324 (k->type == KEY_DSA ?
325 PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, NULL, 0, NULL, NULL) :
326 PEM_write_RSAPrivateKey(stdout, k->rsa, NULL, NULL, 0, NULL, NULL)) :
292 key_write(k, stdout); 327 key_write(k, stdout);
293 if (!ok) { 328 if (!ok) {
294 fprintf(stderr, "key write failed"); 329 fprintf(stderr, "key write failed");