diff options
Diffstat (limited to 'dsa.c')
-rw-r--r-- | dsa.c | 78 |
1 files changed, 37 insertions, 41 deletions
@@ -28,7 +28,7 @@ | |||
28 | */ | 28 | */ |
29 | 29 | ||
30 | #include "includes.h" | 30 | #include "includes.h" |
31 | RCSID("$Id: dsa.c,v 1.4 2000/04/14 10:30:31 markus Exp $"); | 31 | RCSID("$Id: dsa.c,v 1.5 2000/04/26 20:56:29 markus Exp $"); |
32 | 32 | ||
33 | #include "ssh.h" | 33 | #include "ssh.h" |
34 | #include "xmalloc.h" | 34 | #include "xmalloc.h" |
@@ -47,13 +47,14 @@ RCSID("$Id: dsa.c,v 1.4 2000/04/14 10:30:31 markus Exp $"); | |||
47 | #include <openssl/hmac.h> | 47 | #include <openssl/hmac.h> |
48 | #include "kex.h" | 48 | #include "kex.h" |
49 | #include "key.h" | 49 | #include "key.h" |
50 | #include "uuencode.h" | ||
50 | 51 | ||
51 | #define INTBLOB_LEN 20 | 52 | #define INTBLOB_LEN 20 |
52 | #define SIGBLOB_LEN (2*INTBLOB_LEN) | 53 | #define SIGBLOB_LEN (2*INTBLOB_LEN) |
53 | 54 | ||
54 | Key * | 55 | Key * |
55 | dsa_serverkey_from_blob( | 56 | dsa_key_from_blob( |
56 | char *serverhostkey, int serverhostkeylen) | 57 | char *blob, int blen) |
57 | { | 58 | { |
58 | Buffer b; | 59 | Buffer b; |
59 | char *ktype; | 60 | char *ktype; |
@@ -61,14 +62,17 @@ dsa_serverkey_from_blob( | |||
61 | DSA *dsa; | 62 | DSA *dsa; |
62 | Key *key; | 63 | Key *key; |
63 | 64 | ||
65 | #ifdef DEBUG_DSS | ||
66 | dump_base64(blob, blen); | ||
67 | #endif | ||
64 | /* fetch & parse DSA/DSS pubkey */ | 68 | /* fetch & parse DSA/DSS pubkey */ |
65 | key = key_new(KEY_DSA); | 69 | key = key_new(KEY_DSA); |
66 | dsa = key->dsa; | 70 | dsa = key->dsa; |
67 | buffer_init(&b); | 71 | buffer_init(&b); |
68 | buffer_append(&b, serverhostkey, serverhostkeylen); | 72 | buffer_append(&b, blob, blen); |
69 | ktype = buffer_get_string(&b, NULL); | 73 | ktype = buffer_get_string(&b, NULL); |
70 | if (strcmp(KEX_DSS, ktype) != 0) { | 74 | if (strcmp(KEX_DSS, ktype) != 0) { |
71 | error("dsa_serverkey_from_blob: cannot handle type %s", ktype); | 75 | error("dsa_key_from_blob: cannot handle type %s", ktype); |
72 | key_free(key); | 76 | key_free(key); |
73 | return NULL; | 77 | return NULL; |
74 | } | 78 | } |
@@ -78,7 +82,7 @@ dsa_serverkey_from_blob( | |||
78 | buffer_get_bignum2(&b, dsa->pub_key); | 82 | buffer_get_bignum2(&b, dsa->pub_key); |
79 | rlen = buffer_len(&b); | 83 | rlen = buffer_len(&b); |
80 | if(rlen != 0) | 84 | if(rlen != 0) |
81 | error("dsa_serverkey_from_blob: remaining bytes in serverhostkey %d", rlen); | 85 | error("dsa_key_from_blob: remaining bytes in key blob %d", rlen); |
82 | buffer_free(&b); | 86 | buffer_free(&b); |
83 | 87 | ||
84 | debug("keytype %s", ktype); | 88 | debug("keytype %s", ktype); |
@@ -87,37 +91,8 @@ dsa_serverkey_from_blob( | |||
87 | #endif | 91 | #endif |
88 | return key; | 92 | return key; |
89 | } | 93 | } |
90 | DSA * | ||
91 | dsa_load_private(char *filename) | ||
92 | { | ||
93 | DSA *dsa; | ||
94 | BIO *in; | ||
95 | |||
96 | in = BIO_new(BIO_s_file()); | ||
97 | if (in == NULL) | ||
98 | fatal("BIO_new failed"); | ||
99 | if (BIO_read_filename(in, filename) <= 0) | ||
100 | fatal("BIO_read failed %s: %s", filename, strerror(errno)); | ||
101 | fprintf(stderr, "read DSA private key\n"); | ||
102 | dsa = PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL); | ||
103 | if (dsa == NULL) | ||
104 | fatal("PEM_read_bio_DSAPrivateKey failed %s", filename); | ||
105 | BIO_free(in); | ||
106 | return dsa; | ||
107 | } | ||
108 | Key * | ||
109 | dsa_get_serverkey(char *filename) | ||
110 | { | ||
111 | Key *k = key_new(KEY_EMPTY); | ||
112 | k->type = KEY_DSA; | ||
113 | k->dsa = dsa_load_private(filename); | ||
114 | #ifdef DEBUG_DSS | ||
115 | DSA_print_fp(stderr, dsa, 8); | ||
116 | #endif | ||
117 | return k; | ||
118 | } | ||
119 | int | 94 | int |
120 | dsa_make_serverkey_blob(Key *key, unsigned char **blobp, unsigned int *lenp) | 95 | dsa_make_key_blob(Key *key, unsigned char **blobp, unsigned int *lenp) |
121 | { | 96 | { |
122 | Buffer b; | 97 | Buffer b; |
123 | int len; | 98 | int len; |
@@ -146,7 +121,7 @@ int | |||
146 | dsa_sign( | 121 | dsa_sign( |
147 | Key *key, | 122 | Key *key, |
148 | unsigned char **sigp, int *lenp, | 123 | unsigned char **sigp, int *lenp, |
149 | unsigned char *hash, int hlen) | 124 | unsigned char *data, int datalen) |
150 | { | 125 | { |
151 | unsigned char *digest; | 126 | unsigned char *digest; |
152 | unsigned char *ret; | 127 | unsigned char *ret; |
@@ -165,10 +140,13 @@ dsa_sign( | |||
165 | } | 140 | } |
166 | digest = xmalloc(evp_md->md_size); | 141 | digest = xmalloc(evp_md->md_size); |
167 | EVP_DigestInit(&md, evp_md); | 142 | EVP_DigestInit(&md, evp_md); |
168 | EVP_DigestUpdate(&md, hash, hlen); | 143 | EVP_DigestUpdate(&md, data, datalen); |
169 | EVP_DigestFinal(&md, digest, NULL); | 144 | EVP_DigestFinal(&md, digest, NULL); |
170 | 145 | ||
171 | sig = DSA_do_sign(digest, evp_md->md_size, key->dsa); | 146 | sig = DSA_do_sign(digest, evp_md->md_size, key->dsa); |
147 | if (sig == NULL) { | ||
148 | fatal("dsa_sign: cannot sign"); | ||
149 | } | ||
172 | 150 | ||
173 | rlen = BN_num_bytes(sig->r); | 151 | rlen = BN_num_bytes(sig->r); |
174 | slen = BN_num_bytes(sig->s); | 152 | slen = BN_num_bytes(sig->s); |
@@ -212,7 +190,7 @@ int | |||
212 | dsa_verify( | 190 | dsa_verify( |
213 | Key *key, | 191 | Key *key, |
214 | unsigned char *signature, int signaturelen, | 192 | unsigned char *signature, int signaturelen, |
215 | unsigned char *hash, int hlen) | 193 | unsigned char *data, int datalen) |
216 | { | 194 | { |
217 | Buffer b; | 195 | Buffer b; |
218 | unsigned char *digest; | 196 | unsigned char *digest; |
@@ -269,10 +247,10 @@ dsa_verify( | |||
269 | xfree(sigblob); | 247 | xfree(sigblob); |
270 | } | 248 | } |
271 | 249 | ||
272 | /* sha1 the signed data (== session_id == hash) */ | 250 | /* sha1 the data */ |
273 | digest = xmalloc(evp_md->md_size); | 251 | digest = xmalloc(evp_md->md_size); |
274 | EVP_DigestInit(&md, evp_md); | 252 | EVP_DigestInit(&md, evp_md); |
275 | EVP_DigestUpdate(&md, hash, hlen); | 253 | EVP_DigestUpdate(&md, data, datalen); |
276 | EVP_DigestFinal(&md, digest, NULL); | 254 | EVP_DigestFinal(&md, digest, NULL); |
277 | 255 | ||
278 | ret = DSA_do_verify(digest, evp_md->md_size, sig, key->dsa); | 256 | ret = DSA_do_verify(digest, evp_md->md_size, sig, key->dsa); |
@@ -296,3 +274,21 @@ dsa_verify( | |||
296 | debug("dsa_verify: signature %s", txt); | 274 | debug("dsa_verify: signature %s", txt); |
297 | return ret; | 275 | return ret; |
298 | } | 276 | } |
277 | |||
278 | Key * | ||
279 | dsa_generate_key(unsigned int bits) | ||
280 | { | ||
281 | DSA *dsa = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL); | ||
282 | Key *k; | ||
283 | if (dsa == NULL) { | ||
284 | fatal("DSA_generate_parameters failed"); | ||
285 | } | ||
286 | if (!DSA_generate_key(dsa)) { | ||
287 | fatal("DSA_generate_keys failed"); | ||
288 | } | ||
289 | |||
290 | k = key_new(KEY_EMPTY); | ||
291 | k->type = KEY_DSA; | ||
292 | k->dsa = dsa; | ||
293 | return k; | ||
294 | } | ||