diff options
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | authfd.c | 57 | ||||
-rw-r--r-- | key.c | 193 | ||||
-rw-r--r-- | key.h | 5 | ||||
-rw-r--r-- | ssh-agent.c | 133 |
5 files changed, 213 insertions, 178 deletions
@@ -9,6 +9,9 @@ | |||
9 | remove duplicated character ('g') in getopt() string; | 9 | remove duplicated character ('g') in getopt() string; |
10 | document the (few) remaining option characters so we don't have to | 10 | document the (few) remaining option characters so we don't have to |
11 | rummage next time. | 11 | rummage next time. |
12 | - markus@cvs.openbsd.org 2013/12/06 13:30:08 | ||
13 | [authfd.c key.c key.h ssh-agent.c] | ||
14 | move private key (de)serialization to key.c; ok djm | ||
12 | 15 | ||
13 | 20131205 | 16 | 20131205 |
14 | - (djm) OpenBSD CVS Sync | 17 | - (djm) OpenBSD CVS Sync |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfd.c,v 1.88 2013/11/08 00:39:14 djm Exp $ */ | 1 | /* $OpenBSD: authfd.c,v 1.89 2013/12/06 13:30:08 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -42,8 +42,8 @@ | |||
42 | #include <sys/socket.h> | 42 | #include <sys/socket.h> |
43 | 43 | ||
44 | #include <openssl/evp.h> | 44 | #include <openssl/evp.h> |
45 | |||
46 | #include <openssl/crypto.h> | 45 | #include <openssl/crypto.h> |
46 | |||
47 | #include <fcntl.h> | 47 | #include <fcntl.h> |
48 | #include <stdlib.h> | 48 | #include <stdlib.h> |
49 | #include <signal.h> | 49 | #include <signal.h> |
@@ -474,58 +474,7 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) | |||
474 | static void | 474 | static void |
475 | ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) | 475 | ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) |
476 | { | 476 | { |
477 | buffer_put_cstring(b, key_ssh_name(key)); | 477 | key_private_serialize(key, b); |
478 | switch (key->type) { | ||
479 | case KEY_RSA: | ||
480 | buffer_put_bignum2(b, key->rsa->n); | ||
481 | buffer_put_bignum2(b, key->rsa->e); | ||
482 | buffer_put_bignum2(b, key->rsa->d); | ||
483 | buffer_put_bignum2(b, key->rsa->iqmp); | ||
484 | buffer_put_bignum2(b, key->rsa->p); | ||
485 | buffer_put_bignum2(b, key->rsa->q); | ||
486 | break; | ||
487 | case KEY_RSA_CERT_V00: | ||
488 | case KEY_RSA_CERT: | ||
489 | if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) | ||
490 | fatal("%s: no cert/certblob", __func__); | ||
491 | buffer_put_string(b, buffer_ptr(&key->cert->certblob), | ||
492 | buffer_len(&key->cert->certblob)); | ||
493 | buffer_put_bignum2(b, key->rsa->d); | ||
494 | buffer_put_bignum2(b, key->rsa->iqmp); | ||
495 | buffer_put_bignum2(b, key->rsa->p); | ||
496 | buffer_put_bignum2(b, key->rsa->q); | ||
497 | break; | ||
498 | case KEY_DSA: | ||
499 | buffer_put_bignum2(b, key->dsa->p); | ||
500 | buffer_put_bignum2(b, key->dsa->q); | ||
501 | buffer_put_bignum2(b, key->dsa->g); | ||
502 | buffer_put_bignum2(b, key->dsa->pub_key); | ||
503 | buffer_put_bignum2(b, key->dsa->priv_key); | ||
504 | break; | ||
505 | case KEY_DSA_CERT_V00: | ||
506 | case KEY_DSA_CERT: | ||
507 | if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) | ||
508 | fatal("%s: no cert/certblob", __func__); | ||
509 | buffer_put_string(b, buffer_ptr(&key->cert->certblob), | ||
510 | buffer_len(&key->cert->certblob)); | ||
511 | buffer_put_bignum2(b, key->dsa->priv_key); | ||
512 | break; | ||
513 | #ifdef OPENSSL_HAS_ECC | ||
514 | case KEY_ECDSA: | ||
515 | buffer_put_cstring(b, key_curve_nid_to_name(key->ecdsa_nid)); | ||
516 | buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa), | ||
517 | EC_KEY_get0_public_key(key->ecdsa)); | ||
518 | buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa)); | ||
519 | break; | ||
520 | case KEY_ECDSA_CERT: | ||
521 | if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) | ||
522 | fatal("%s: no cert/certblob", __func__); | ||
523 | buffer_put_string(b, buffer_ptr(&key->cert->certblob), | ||
524 | buffer_len(&key->cert->certblob)); | ||
525 | buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa)); | ||
526 | break; | ||
527 | #endif | ||
528 | } | ||
529 | buffer_put_cstring(b, comment); | 478 | buffer_put_cstring(b, comment); |
530 | } | 479 | } |
531 | 480 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.c,v 1.106 2013/12/02 03:09:22 djm Exp $ */ | 1 | /* $OpenBSD: key.c,v 1.107 2013/12/06 13:30:08 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * read_bignum(): | 3 | * read_bignum(): |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -2276,3 +2276,194 @@ key_dump_ec_key(const EC_KEY *key) | |||
2276 | } | 2276 | } |
2277 | #endif /* defined(DEBUG_KEXECDH) || defined(DEBUG_PK) */ | 2277 | #endif /* defined(DEBUG_KEXECDH) || defined(DEBUG_PK) */ |
2278 | #endif /* OPENSSL_HAS_ECC */ | 2278 | #endif /* OPENSSL_HAS_ECC */ |
2279 | |||
2280 | void | ||
2281 | key_private_serialize(const Key *key, Buffer *b) | ||
2282 | { | ||
2283 | buffer_put_cstring(b, key_ssh_name(key)); | ||
2284 | switch (key->type) { | ||
2285 | case KEY_RSA: | ||
2286 | buffer_put_bignum2(b, key->rsa->n); | ||
2287 | buffer_put_bignum2(b, key->rsa->e); | ||
2288 | buffer_put_bignum2(b, key->rsa->d); | ||
2289 | buffer_put_bignum2(b, key->rsa->iqmp); | ||
2290 | buffer_put_bignum2(b, key->rsa->p); | ||
2291 | buffer_put_bignum2(b, key->rsa->q); | ||
2292 | break; | ||
2293 | case KEY_RSA_CERT_V00: | ||
2294 | case KEY_RSA_CERT: | ||
2295 | if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) | ||
2296 | fatal("%s: no cert/certblob", __func__); | ||
2297 | buffer_put_string(b, buffer_ptr(&key->cert->certblob), | ||
2298 | buffer_len(&key->cert->certblob)); | ||
2299 | buffer_put_bignum2(b, key->rsa->d); | ||
2300 | buffer_put_bignum2(b, key->rsa->iqmp); | ||
2301 | buffer_put_bignum2(b, key->rsa->p); | ||
2302 | buffer_put_bignum2(b, key->rsa->q); | ||
2303 | break; | ||
2304 | case KEY_DSA: | ||
2305 | buffer_put_bignum2(b, key->dsa->p); | ||
2306 | buffer_put_bignum2(b, key->dsa->q); | ||
2307 | buffer_put_bignum2(b, key->dsa->g); | ||
2308 | buffer_put_bignum2(b, key->dsa->pub_key); | ||
2309 | buffer_put_bignum2(b, key->dsa->priv_key); | ||
2310 | break; | ||
2311 | case KEY_DSA_CERT_V00: | ||
2312 | case KEY_DSA_CERT: | ||
2313 | if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) | ||
2314 | fatal("%s: no cert/certblob", __func__); | ||
2315 | buffer_put_string(b, buffer_ptr(&key->cert->certblob), | ||
2316 | buffer_len(&key->cert->certblob)); | ||
2317 | buffer_put_bignum2(b, key->dsa->priv_key); | ||
2318 | break; | ||
2319 | #ifdef OPENSSL_HAS_ECC | ||
2320 | case KEY_ECDSA: | ||
2321 | buffer_put_cstring(b, key_curve_nid_to_name(key->ecdsa_nid)); | ||
2322 | buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa), | ||
2323 | EC_KEY_get0_public_key(key->ecdsa)); | ||
2324 | buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa)); | ||
2325 | break; | ||
2326 | case KEY_ECDSA_CERT: | ||
2327 | if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) | ||
2328 | fatal("%s: no cert/certblob", __func__); | ||
2329 | buffer_put_string(b, buffer_ptr(&key->cert->certblob), | ||
2330 | buffer_len(&key->cert->certblob)); | ||
2331 | buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa)); | ||
2332 | break; | ||
2333 | #endif /* OPENSSL_HAS_ECC */ | ||
2334 | } | ||
2335 | } | ||
2336 | |||
2337 | Key * | ||
2338 | key_private_deserialize(Buffer *blob) | ||
2339 | { | ||
2340 | char *type_name; | ||
2341 | Key *k = NULL; | ||
2342 | u_char *cert; | ||
2343 | u_int len; | ||
2344 | int type; | ||
2345 | #ifdef OPENSSL_HAS_ECC | ||
2346 | char *curve; | ||
2347 | BIGNUM *exponent; | ||
2348 | EC_POINT *q; | ||
2349 | #endif | ||
2350 | |||
2351 | type_name = buffer_get_string(blob, NULL); | ||
2352 | type = key_type_from_name(type_name); | ||
2353 | switch (type) { | ||
2354 | case KEY_DSA: | ||
2355 | k = key_new_private(type); | ||
2356 | buffer_get_bignum2(blob, k->dsa->p); | ||
2357 | buffer_get_bignum2(blob, k->dsa->q); | ||
2358 | buffer_get_bignum2(blob, k->dsa->g); | ||
2359 | buffer_get_bignum2(blob, k->dsa->pub_key); | ||
2360 | buffer_get_bignum2(blob, k->dsa->priv_key); | ||
2361 | break; | ||
2362 | case KEY_DSA_CERT_V00: | ||
2363 | case KEY_DSA_CERT: | ||
2364 | cert = buffer_get_string(blob, &len); | ||
2365 | if ((k = key_from_blob(cert, len)) == NULL) | ||
2366 | fatal("Certificate parse failed"); | ||
2367 | free(cert); | ||
2368 | key_add_private(k); | ||
2369 | buffer_get_bignum2(blob, k->dsa->priv_key); | ||
2370 | break; | ||
2371 | #ifdef OPENSSL_HAS_ECC | ||
2372 | case KEY_ECDSA: | ||
2373 | k = key_new_private(type); | ||
2374 | k->ecdsa_nid = key_ecdsa_nid_from_name(type_name); | ||
2375 | curve = buffer_get_string(blob, NULL); | ||
2376 | if (k->ecdsa_nid != key_curve_name_to_nid(curve)) | ||
2377 | fatal("%s: curve names mismatch", __func__); | ||
2378 | free(curve); | ||
2379 | k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); | ||
2380 | if (k->ecdsa == NULL) | ||
2381 | fatal("%s: EC_KEY_new_by_curve_name failed", | ||
2382 | __func__); | ||
2383 | q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa)); | ||
2384 | if (q == NULL) | ||
2385 | fatal("%s: BN_new failed", __func__); | ||
2386 | if ((exponent = BN_new()) == NULL) | ||
2387 | fatal("%s: BN_new failed", __func__); | ||
2388 | buffer_get_ecpoint(blob, | ||
2389 | EC_KEY_get0_group(k->ecdsa), q); | ||
2390 | buffer_get_bignum2(blob, exponent); | ||
2391 | if (EC_KEY_set_public_key(k->ecdsa, q) != 1) | ||
2392 | fatal("%s: EC_KEY_set_public_key failed", | ||
2393 | __func__); | ||
2394 | if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) | ||
2395 | fatal("%s: EC_KEY_set_private_key failed", | ||
2396 | __func__); | ||
2397 | if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), | ||
2398 | EC_KEY_get0_public_key(k->ecdsa)) != 0) | ||
2399 | fatal("%s: bad ECDSA public key", __func__); | ||
2400 | if (key_ec_validate_private(k->ecdsa) != 0) | ||
2401 | fatal("%s: bad ECDSA private key", __func__); | ||
2402 | BN_clear_free(exponent); | ||
2403 | EC_POINT_free(q); | ||
2404 | break; | ||
2405 | case KEY_ECDSA_CERT: | ||
2406 | cert = buffer_get_string(blob, &len); | ||
2407 | if ((k = key_from_blob(cert, len)) == NULL) | ||
2408 | fatal("Certificate parse failed"); | ||
2409 | free(cert); | ||
2410 | key_add_private(k); | ||
2411 | if ((exponent = BN_new()) == NULL) | ||
2412 | fatal("%s: BN_new failed", __func__); | ||
2413 | buffer_get_bignum2(blob, exponent); | ||
2414 | if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) | ||
2415 | fatal("%s: EC_KEY_set_private_key failed", | ||
2416 | __func__); | ||
2417 | if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), | ||
2418 | EC_KEY_get0_public_key(k->ecdsa)) != 0 || | ||
2419 | key_ec_validate_private(k->ecdsa) != 0) | ||
2420 | fatal("%s: bad ECDSA key", __func__); | ||
2421 | BN_clear_free(exponent); | ||
2422 | break; | ||
2423 | #endif | ||
2424 | case KEY_RSA: | ||
2425 | k = key_new_private(type); | ||
2426 | buffer_get_bignum2(blob, k->rsa->n); | ||
2427 | buffer_get_bignum2(blob, k->rsa->e); | ||
2428 | buffer_get_bignum2(blob, k->rsa->d); | ||
2429 | buffer_get_bignum2(blob, k->rsa->iqmp); | ||
2430 | buffer_get_bignum2(blob, k->rsa->p); | ||
2431 | buffer_get_bignum2(blob, k->rsa->q); | ||
2432 | |||
2433 | /* Generate additional parameters */ | ||
2434 | rsa_generate_additional_parameters(k->rsa); | ||
2435 | break; | ||
2436 | case KEY_RSA_CERT_V00: | ||
2437 | case KEY_RSA_CERT: | ||
2438 | cert = buffer_get_string(blob, &len); | ||
2439 | if ((k = key_from_blob(cert, len)) == NULL) | ||
2440 | fatal("Certificate parse failed"); | ||
2441 | free(cert); | ||
2442 | key_add_private(k); | ||
2443 | buffer_get_bignum2(blob, k->rsa->d); | ||
2444 | buffer_get_bignum2(blob, k->rsa->iqmp); | ||
2445 | buffer_get_bignum2(blob, k->rsa->p); | ||
2446 | buffer_get_bignum2(blob, k->rsa->q); | ||
2447 | break; | ||
2448 | default: | ||
2449 | free(type_name); | ||
2450 | buffer_clear(blob); | ||
2451 | return NULL; | ||
2452 | } | ||
2453 | free(type_name); | ||
2454 | |||
2455 | /* enable blinding */ | ||
2456 | switch (k->type) { | ||
2457 | case KEY_RSA: | ||
2458 | case KEY_RSA_CERT_V00: | ||
2459 | case KEY_RSA_CERT: | ||
2460 | case KEY_RSA1: | ||
2461 | if (RSA_blinding_on(k->rsa, NULL) != 1) { | ||
2462 | error("%s: RSA_blinding_on failed", __func__); | ||
2463 | key_free(k); | ||
2464 | return NULL; | ||
2465 | } | ||
2466 | break; | ||
2467 | } | ||
2468 | return k; | ||
2469 | } | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.h,v 1.38 2013/10/29 09:42:11 djm Exp $ */ | 1 | /* $OpenBSD: key.h,v 1.39 2013/12/06 13:30:08 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -151,4 +151,7 @@ void key_dump_ec_point(const EC_GROUP *, const EC_POINT *); | |||
151 | void key_dump_ec_key(const EC_KEY *); | 151 | void key_dump_ec_key(const EC_KEY *); |
152 | #endif | 152 | #endif |
153 | 153 | ||
154 | void key_private_serialize(const Key *, Buffer *); | ||
155 | Key *key_private_deserialize(Buffer *); | ||
156 | |||
154 | #endif | 157 | #endif |
diff --git a/ssh-agent.c b/ssh-agent.c index c3b11729c..0196f8f6b 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.177 2013/07/20 01:50:20 djm Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.178 2013/12/06 13:30:08 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -464,16 +464,9 @@ process_add_identity(SocketEntry *e, int version) | |||
464 | Idtab *tab = idtab_lookup(version); | 464 | Idtab *tab = idtab_lookup(version); |
465 | Identity *id; | 465 | Identity *id; |
466 | int type, success = 0, confirm = 0; | 466 | int type, success = 0, confirm = 0; |
467 | char *type_name, *comment; | 467 | char *comment; |
468 | time_t death = 0; | 468 | time_t death = 0; |
469 | Key *k = NULL; | 469 | Key *k = NULL; |
470 | #ifdef OPENSSL_HAS_ECC | ||
471 | BIGNUM *exponent; | ||
472 | EC_POINT *q; | ||
473 | char *curve; | ||
474 | #endif | ||
475 | u_char *cert; | ||
476 | u_int len; | ||
477 | 470 | ||
478 | switch (version) { | 471 | switch (version) { |
479 | case 1: | 472 | case 1: |
@@ -490,125 +483,21 @@ process_add_identity(SocketEntry *e, int version) | |||
490 | 483 | ||
491 | /* Generate additional parameters */ | 484 | /* Generate additional parameters */ |
492 | rsa_generate_additional_parameters(k->rsa); | 485 | rsa_generate_additional_parameters(k->rsa); |
493 | break; | 486 | |
494 | case 2: | 487 | /* enable blinding */ |
495 | type_name = buffer_get_string(&e->request, NULL); | ||
496 | type = key_type_from_name(type_name); | ||
497 | switch (type) { | ||
498 | case KEY_DSA: | ||
499 | k = key_new_private(type); | ||
500 | buffer_get_bignum2(&e->request, k->dsa->p); | ||
501 | buffer_get_bignum2(&e->request, k->dsa->q); | ||
502 | buffer_get_bignum2(&e->request, k->dsa->g); | ||
503 | buffer_get_bignum2(&e->request, k->dsa->pub_key); | ||
504 | buffer_get_bignum2(&e->request, k->dsa->priv_key); | ||
505 | break; | ||
506 | case KEY_DSA_CERT_V00: | ||
507 | case KEY_DSA_CERT: | ||
508 | cert = buffer_get_string(&e->request, &len); | ||
509 | if ((k = key_from_blob(cert, len)) == NULL) | ||
510 | fatal("Certificate parse failed"); | ||
511 | free(cert); | ||
512 | key_add_private(k); | ||
513 | buffer_get_bignum2(&e->request, k->dsa->priv_key); | ||
514 | break; | ||
515 | #ifdef OPENSSL_HAS_ECC | ||
516 | case KEY_ECDSA: | ||
517 | k = key_new_private(type); | ||
518 | k->ecdsa_nid = key_ecdsa_nid_from_name(type_name); | ||
519 | curve = buffer_get_string(&e->request, NULL); | ||
520 | if (k->ecdsa_nid != key_curve_name_to_nid(curve)) | ||
521 | fatal("%s: curve names mismatch", __func__); | ||
522 | free(curve); | ||
523 | k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); | ||
524 | if (k->ecdsa == NULL) | ||
525 | fatal("%s: EC_KEY_new_by_curve_name failed", | ||
526 | __func__); | ||
527 | q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa)); | ||
528 | if (q == NULL) | ||
529 | fatal("%s: BN_new failed", __func__); | ||
530 | if ((exponent = BN_new()) == NULL) | ||
531 | fatal("%s: BN_new failed", __func__); | ||
532 | buffer_get_ecpoint(&e->request, | ||
533 | EC_KEY_get0_group(k->ecdsa), q); | ||
534 | buffer_get_bignum2(&e->request, exponent); | ||
535 | if (EC_KEY_set_public_key(k->ecdsa, q) != 1) | ||
536 | fatal("%s: EC_KEY_set_public_key failed", | ||
537 | __func__); | ||
538 | if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) | ||
539 | fatal("%s: EC_KEY_set_private_key failed", | ||
540 | __func__); | ||
541 | if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), | ||
542 | EC_KEY_get0_public_key(k->ecdsa)) != 0) | ||
543 | fatal("%s: bad ECDSA public key", __func__); | ||
544 | if (key_ec_validate_private(k->ecdsa) != 0) | ||
545 | fatal("%s: bad ECDSA private key", __func__); | ||
546 | BN_clear_free(exponent); | ||
547 | EC_POINT_free(q); | ||
548 | break; | ||
549 | case KEY_ECDSA_CERT: | ||
550 | cert = buffer_get_string(&e->request, &len); | ||
551 | if ((k = key_from_blob(cert, len)) == NULL) | ||
552 | fatal("Certificate parse failed"); | ||
553 | free(cert); | ||
554 | key_add_private(k); | ||
555 | if ((exponent = BN_new()) == NULL) | ||
556 | fatal("%s: BN_new failed", __func__); | ||
557 | buffer_get_bignum2(&e->request, exponent); | ||
558 | if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) | ||
559 | fatal("%s: EC_KEY_set_private_key failed", | ||
560 | __func__); | ||
561 | if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), | ||
562 | EC_KEY_get0_public_key(k->ecdsa)) != 0 || | ||
563 | key_ec_validate_private(k->ecdsa) != 0) | ||
564 | fatal("%s: bad ECDSA key", __func__); | ||
565 | BN_clear_free(exponent); | ||
566 | break; | ||
567 | #endif /* OPENSSL_HAS_ECC */ | ||
568 | case KEY_RSA: | ||
569 | k = key_new_private(type); | ||
570 | buffer_get_bignum2(&e->request, k->rsa->n); | ||
571 | buffer_get_bignum2(&e->request, k->rsa->e); | ||
572 | buffer_get_bignum2(&e->request, k->rsa->d); | ||
573 | buffer_get_bignum2(&e->request, k->rsa->iqmp); | ||
574 | buffer_get_bignum2(&e->request, k->rsa->p); | ||
575 | buffer_get_bignum2(&e->request, k->rsa->q); | ||
576 | |||
577 | /* Generate additional parameters */ | ||
578 | rsa_generate_additional_parameters(k->rsa); | ||
579 | break; | ||
580 | case KEY_RSA_CERT_V00: | ||
581 | case KEY_RSA_CERT: | ||
582 | cert = buffer_get_string(&e->request, &len); | ||
583 | if ((k = key_from_blob(cert, len)) == NULL) | ||
584 | fatal("Certificate parse failed"); | ||
585 | free(cert); | ||
586 | key_add_private(k); | ||
587 | buffer_get_bignum2(&e->request, k->rsa->d); | ||
588 | buffer_get_bignum2(&e->request, k->rsa->iqmp); | ||
589 | buffer_get_bignum2(&e->request, k->rsa->p); | ||
590 | buffer_get_bignum2(&e->request, k->rsa->q); | ||
591 | break; | ||
592 | default: | ||
593 | free(type_name); | ||
594 | buffer_clear(&e->request); | ||
595 | goto send; | ||
596 | } | ||
597 | free(type_name); | ||
598 | break; | ||
599 | } | ||
600 | /* enable blinding */ | ||
601 | switch (k->type) { | ||
602 | case KEY_RSA: | ||
603 | case KEY_RSA_CERT_V00: | ||
604 | case KEY_RSA_CERT: | ||
605 | case KEY_RSA1: | ||
606 | if (RSA_blinding_on(k->rsa, NULL) != 1) { | 488 | if (RSA_blinding_on(k->rsa, NULL) != 1) { |
607 | error("process_add_identity: RSA_blinding_on failed"); | 489 | error("process_add_identity: RSA_blinding_on failed"); |
608 | key_free(k); | 490 | key_free(k); |
609 | goto send; | 491 | goto send; |
610 | } | 492 | } |
611 | break; | 493 | break; |
494 | case 2: | ||
495 | k = key_private_deserialize(&e->request); | ||
496 | if (k == NULL) { | ||
497 | buffer_clear(&e->request); | ||
498 | goto send; | ||
499 | } | ||
500 | break; | ||
612 | } | 501 | } |
613 | comment = buffer_get_string(&e->request, NULL); | 502 | comment = buffer_get_string(&e->request, NULL); |
614 | if (k == NULL) { | 503 | if (k == NULL) { |