1 files changed, 353 insertions, 35 deletions
diff --git a/key.c b/key.c
index f7df0bb1d..a6b25b7ae 100644
--- a/key.c
+++ b/key.c
@@ -39,12 +39,14 @@
 #include <openssl/evp.h>
 #include "xmalloc.h"
 #include "key.h"
-#include "dsa.h"
+#include "rsa.h"
+#include "ssh-dss.h"
+#include "ssh-rsa.h"
 #include "uuencode.h"
+#include "buffer.h"
+#include "bufaux.h"
-RCSID("$OpenBSD: key.c,v 1.11 2000/09/07 20:27:51 deraadt Exp $");
+RCSID("$OpenBSD: key.c,v 1.12 2000/11/12 19:50:37 markus Exp $");
-#define SSH_DSS "ssh-dss"
 Key *
 key_new(int type)
@@ -57,6 +59,7 @@ key_new(int type)
        k->dsa = NULL;
        k->rsa = NULL;
        switch (k->type) {
+        case KEY_RSA1:
        case KEY_RSA:
                rsa = RSA_new();
                rsa->n = BN_new();
@@ -71,7 +74,7 @@ key_new(int type)
                dsa->pub_key = BN_new();
                k->dsa = dsa;
                break;
-        case KEY_EMPTY:
+        case KEY_UNSPEC:
                break;
        default:
                fatal("key_new: bad key type %d", k->type);
@@ -79,10 +82,35 @@ key_new(int type)
        }
        return k;
 }
+Key *
+key_new_private(int type)
+{
+        Key *k = key_new(type);
+        switch (k->type) {
+        case KEY_RSA1:
+        case KEY_RSA:
+                k->rsa->d = BN_new();
+                k->rsa->iqmp = BN_new();
+                k->rsa->q = BN_new();
+                k->rsa->p = BN_new();
+                k->rsa->dmq1 = BN_new();
+                k->rsa->dmp1 = BN_new();
+                break;
+        case KEY_DSA:
+                k->dsa->priv_key = BN_new();
+                break;
+        case KEY_UNSPEC:
+                break;
+        default:
+                break;
+        }
+        return k;
+}
 void
 key_free(Key *k)
 {
        switch (k->type) {
+        case KEY_RSA1:
        case KEY_RSA:
                if (k->rsa != NULL)
                        RSA_free(k->rsa);
@@ -93,6 +121,8 @@ key_free(Key *k)
                        DSA_free(k->dsa);
                k->dsa = NULL;
                break;
+        case KEY_UNSPEC:
+                break;
        default:
                fatal("key_free: bad key type %d", k->type);
                break;
@@ -105,6 +135,7 @@ key_equal(Key *a, Key *b)
        if (a == NULL || b == NULL || a->type != b->type)
                return 0;
        switch (a->type) {
+        case KEY_RSA1:
        case KEY_RSA:
                return a->rsa != NULL && b->rsa != NULL &&
                    BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
@@ -136,8 +167,9 @@ key_fingerprint(Key *k)
        int len = 0;
        int nlen, elen;
+        retval[0] = '\0';
        switch (k->type) {
-        case KEY_RSA:
+        case KEY_RSA1:
                nlen = BN_num_bytes(k->rsa->n);
                elen = BN_num_bytes(k->rsa->e);
                len = nlen + elen;
@@ -146,14 +178,16 @@ key_fingerprint(Key *k)
                BN_bn2bin(k->rsa->e, blob + nlen);
                break;
        case KEY_DSA:
-                dsa_make_key_blob(k, &blob, &len);
+        case KEY_RSA:
+                key_to_blob(k, &blob, &len);
+                break;
+        case KEY_UNSPEC:
+                return retval;
                break;
        default:
                fatal("key_fingerprint: bad key type %d", k->type);
                break;
        }
-        retval[0] = '\0';
        if (blob != NULL) {
                int i;
                unsigned char digest[EVP_MAX_MD_SIZE];
@@ -229,56 +263,106 @@ write_bignum(FILE *f, BIGNUM *num)
        free(buf);
        return 1;
 }
-unsigned int
+/* returns 1 ok, -1 error, 0 type mismatch */
+int
 key_read(Key *ret, char **cpp)
 {
        Key *k;
-        unsigned int bits = 0;
+        int success = -1;
-        char *cp;
+        char *cp, *space;
-        int len, n;
+        int len, n, type;
+        u_int bits;
        unsigned char *blob;
        cp = *cpp;
        switch(ret->type) {
-        case KEY_RSA:
+        case KEY_RSA1:
                /* Get number of bits. */
                if (*cp < '0' || *cp > '9')
-                        return 0;       /* Bad bit count... */
+                        return -1;      /* Bad bit count... */
                for (bits = 0; *cp >= '0' && *cp <= '9'; cp++)
                        bits = 10 * bits + *cp - '0';
                if (bits == 0)
-                        return 0;
+                        return -1;
                *cpp = cp;
                /* Get public exponent, public modulus. */
                if (!read_bignum(cpp, ret->rsa->e))
-                        return 0;
+                        return -1;
                if (!read_bignum(cpp, ret->rsa->n))
-                        return 0;
+                        return -1;
+                success = 1;
                break;
+        case KEY_UNSPEC:
+        case KEY_RSA:
        case KEY_DSA:
-                if (strncmp(cp, SSH_DSS " ", 7) != 0)
+                space = strchr(cp, ' ');
+                if (space == NULL) {
+                        debug3("key_read: no space");
+                        return -1;
+                }
+                *space = '\0';
+                type = key_type_from_name(cp);
+                *space = ' ';
+                if (type == KEY_UNSPEC) {
+                        debug3("key_read: no key found");
+                        return -1;
+                }
+                cp = space+1;
+                if (*cp == '\0') {
+                        debug3("key_read: short string");
+                        return -1;
+                }
+                if (ret->type == KEY_UNSPEC) {
+                        ret->type = type;
+                } else if (ret->type != type) {
+                        /* is a key, but different type */
+                        debug3("key_read: type mismatch");
                        return 0;
-                cp += 7;
+                }
                len = 2*strlen(cp);
                blob = xmalloc(len);
                n = uudecode(cp, blob, len);
                if (n < 0) {
                        error("key_read: uudecode %s failed", cp);
-                        return 0;
+                        return -1;
                }
-                k = dsa_key_from_blob(blob, n);
+                k = key_from_blob(blob, n);
                if (k == NULL) {
-                        error("key_read: dsa_key_from_blob %s failed", cp);
+                        error("key_read: key_from_blob %s failed", cp);
-                        return 0;
+                        return -1;
                }
                xfree(blob);
-                if (ret->dsa != NULL)
+                if (k->type != type) {
-                        DSA_free(ret->dsa);
+                        error("key_read: type mismatch: encoding error");
-                ret->dsa = k->dsa;
+                        key_free(k);
-                k->dsa = NULL;
+                        return -1;
+                }
+/*XXXX*/
+                if (ret->type == KEY_RSA) {
+                        if (ret->rsa != NULL)
+                                RSA_free(ret->rsa);
+                        ret->rsa = k->rsa;
+                        k->rsa = NULL;
+                        success = 1;
+#ifdef DEBUG_PK
+                        RSA_print_fp(stderr, ret->rsa, 8);
+#endif
+                } else {
+                        if (ret->dsa != NULL)
+                                DSA_free(ret->dsa);
+                        ret->dsa = k->dsa;
+                        k->dsa = NULL;
+                        success = 1;
+#ifdef DEBUG_PK
+                        DSA_print_fp(stderr, ret->dsa, 8);
+#endif
+                }
+/*XXXX*/
+                if (success != 1)
+                        break;
                key_free(k);
-                bits = BN_num_bits(ret->dsa->p);
                /* advance cp: skip whitespace and data */
                while (*cp == ' ' || *cp == '\t')
                        cp++;
@@ -290,7 +374,7 @@ key_read(Key *ret, char **cpp)
                fatal("key_read: bad key type: %d", ret->type);
                break;
        }
-        return bits;
+        return success;
 }
 int
 key_write(Key *key, FILE *f)
@@ -298,7 +382,7 @@ key_write(Key *key, FILE *f)
        int success = 0;
        unsigned int bits = 0;
-        if (key->type == KEY_RSA && key->rsa != NULL) {
+        if (key->type == KEY_RSA1 && key->rsa != NULL) {
                /* size of modulus 'n' */
                bits = BN_num_bits(key->rsa->n);
                fprintf(f, "%u", bits);
@@ -308,14 +392,15 @@ key_write(Key *key, FILE *f)
                } else {
                        error("key_write: failed for RSA key");
                }
-        } else if (key->type == KEY_DSA && key->dsa != NULL) {
+        } else if ((key->type == KEY_DSA && key->dsa != NULL) ||
+            (key->type == KEY_RSA && key->rsa != NULL)) {
                int len, n;
                unsigned char *blob, *uu;
-                dsa_make_key_blob(key, &blob, &len);
+                key_to_blob(key, &blob, &len);
                uu = xmalloc(2*len);
                n = uuencode(blob, len, uu, 2*len);
                if (n > 0) {
-                        fprintf(f, "%s %s", SSH_DSS, uu);
+                        fprintf(f, "%s %s", key_ssh_name(key), uu);
                        success = 1;
                }
                xfree(blob);
@@ -327,6 +412,9 @@ char *
 key_type(Key *k)
 {
        switch (k->type) {
+        case KEY_RSA1:
+                return "RSA1";
+                break;
        case KEY_RSA:
                return "RSA";
                break;
@@ -336,9 +424,23 @@ key_type(Key *k)
        }
        return "unknown";
 }
-unsigned int
+char *
+key_ssh_name(Key *k)
+{
+        switch (k->type) {
+        case KEY_RSA:
+                return "ssh-rsa";
+                break;
+        case KEY_DSA:
+                return "ssh-dss";
+                break;
+        }
+        return "ssh-unknown";
+}
+u_int
 key_size(Key *k){
        switch (k->type) {
+        case KEY_RSA1:
        case KEY_RSA:
                return BN_num_bits(k->rsa->n);
                break;
@@ -348,3 +450,219 @@ key_size(Key *k){
        }
        return 0;
 }
+RSA *
+rsa_generate_private_key(unsigned int bits)
+{
+        RSA *private;
+        private = RSA_generate_key(bits, 35, NULL, NULL);
+        if (private == NULL)
+                fatal("rsa_generate_private_key: key generation failed.");
+        return private;
+}
+DSA*
+dsa_generate_private_key(unsigned int bits)
+{
+        DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
+        if (private == NULL)
+                fatal("dsa_generate_private_key: DSA_generate_parameters failed");
+        if (!DSA_generate_key(private))
+                fatal("dsa_generate_private_key: DSA_generate_key failed.");
+        if (private == NULL)
+                fatal("dsa_generate_private_key: NULL.");
+        return private;
+}
+Key *
+key_generate(int type, unsigned int bits)
+{
+        Key *k = key_new(KEY_UNSPEC);
+        switch (type) {
+        case KEY_DSA:
+                k->dsa = dsa_generate_private_key(bits);
+                break;
+        case KEY_RSA:
+        case KEY_RSA1:
+                k->rsa = rsa_generate_private_key(bits);
+                break;
+        default:
+                fatal("key_generate: unknown type %d", type);
+        }
+        k->type = type;
+        return k;
+}
+Key *
+key_from_private(Key *k)
+{
+        Key *n = NULL;
+        switch (k->type) {
+        case KEY_DSA:
+                n = key_new(k->type);
+                BN_copy(n->dsa->p, k->dsa->p);
+                BN_copy(n->dsa->q, k->dsa->q);
+                BN_copy(n->dsa->g, k->dsa->g);
+                BN_copy(n->dsa->pub_key, k->dsa->pub_key);
+                break;
+        case KEY_RSA:
+        case KEY_RSA1:
+                n = key_new(k->type);
+                BN_copy(n->rsa->n, k->rsa->n);
+                BN_copy(n->rsa->e, k->rsa->e);
+                break;
+        default:
+                fatal("key_from_private: unknown type %d", k->type);
+                break;
+        }
+        return n;
+}
+int
+key_type_from_name(char *name)
+{
+        if (strcmp(name, "rsa1") == 0){
+                return KEY_RSA1;
+        } else if (strcmp(name, "rsa") == 0){
+                return KEY_RSA;
+        } else if (strcmp(name, "dsa") == 0){
+                return KEY_DSA;
+        } else if (strcmp(name, "ssh-rsa") == 0){
+                return KEY_RSA;
+        } else if (strcmp(name, "ssh-dss") == 0){
+                return KEY_DSA;
+        }
+        debug("key_type_from_name: unknown key type '%s'", name);
+        return KEY_UNSPEC;
+}
+Key *
+key_from_blob(char *blob, int blen)
+{
+        Buffer b;
+        char *ktype;
+        int rlen, type;
+        Key *key = NULL;
+#ifdef DEBUG_PK
+        dump_base64(stderr, blob, blen);
+#endif
+        buffer_init(&b);
+        buffer_append(&b, blob, blen);
+        ktype = buffer_get_string(&b, NULL);
+        type = key_type_from_name(ktype);
+        switch(type){
+        case KEY_RSA:
+                key = key_new(type);
+                buffer_get_bignum2(&b, key->rsa->n);
+                buffer_get_bignum2(&b, key->rsa->e);
+#ifdef DEBUG_PK
+                RSA_print_fp(stderr, key->rsa, 8);
+#endif
+                break;
+        case KEY_DSA:
+                key = key_new(type);
+                buffer_get_bignum2(&b, key->dsa->p);
+                buffer_get_bignum2(&b, key->dsa->q);
+                buffer_get_bignum2(&b, key->dsa->g);
+                buffer_get_bignum2(&b, key->dsa->pub_key);
+#ifdef DEBUG_PK
+                DSA_print_fp(stderr, key->dsa, 8);
+#endif
+                break;
+        case KEY_UNSPEC:
+                key = key_new(type);
+                break;
+        default:
+                error("key_from_blob: cannot handle type %s", ktype);
+                break;
+        }
+        rlen = buffer_len(&b);
+        if (key != NULL && rlen != 0)
+                error("key_from_blob: remaining bytes in key blob %d", rlen);
+        xfree(ktype);
+        buffer_free(&b);
+        return key;
+}
+int
+key_to_blob(Key *key, unsigned char **blobp, unsigned int *lenp)
+{
+        Buffer b;
+        int len;
+        unsigned char *buf;
+        if (key == NULL) {
+                error("key_to_blob: key == NULL");
+                return 0;
+        }
+        buffer_init(&b);
+        switch(key->type){
+        case KEY_DSA:
+                buffer_put_cstring(&b, key_ssh_name(key));
+                buffer_put_bignum2(&b, key->dsa->p);
+                buffer_put_bignum2(&b, key->dsa->q);
+                buffer_put_bignum2(&b, key->dsa->g);
+                buffer_put_bignum2(&b, key->dsa->pub_key);
+                break;
+        case KEY_RSA:
+                buffer_put_cstring(&b, key_ssh_name(key));
+                buffer_put_bignum2(&b, key->rsa->n);
+                buffer_put_bignum2(&b, key->rsa->e);
+                break;
+        default:
+                error("key_to_blob: illegal key type %d", key->type);
+                break;
+        }
+        len = buffer_len(&b);
+        buf = xmalloc(len);
+        memcpy(buf, buffer_ptr(&b), len);
+        memset(buffer_ptr(&b), 0, len);
+        buffer_free(&b);
+        if (lenp != NULL)
+                *lenp = len;
+        if (blobp != NULL)
+                *blobp = buf;
+        return len;
+}
+int
+key_sign(
+    Key *key,
+    unsigned char **sigp, int *lenp,
+    unsigned char *data, int datalen)
+{
+        switch(key->type){
+        case KEY_DSA:
+                return ssh_dss_sign(key, sigp, lenp, data, datalen);
+                break;
+        case KEY_RSA:
+                return ssh_rsa_sign(key, sigp, lenp, data, datalen);
+                break;
+        default:
+                error("key_sign: illegal key type %d", key->type);
+                return -1;
+                break;
+        }
+}
+int
+key_verify(
+    Key *key,
+    unsigned char *signature, int signaturelen,
+    unsigned char *data, int datalen)
+{
+        switch(key->type){
+        case KEY_DSA:
+                return ssh_dss_verify(key, signature, signaturelen, data, datalen);
+                break;
+        case KEY_RSA:
+                return ssh_rsa_verify(key, signature, signaturelen, data, datalen);
+                break;
+        default:
+                error("key_verify: illegal key type %d", key->type);
+                return -1;
+                break;
+        }
+}

diff --git a/key.c b/key.c index f7df0bb1d..a6b25b7ae 100644 --- a/key.c +++ b/key.c
@@ -39,12 +39,14 @@
39	#include <openssl/evp.h>	39	#include <openssl/evp.h>
40	#include "xmalloc.h"	40	#include "xmalloc.h"
41	#include "key.h"	41	#include "key.h"
42	#include "dsa.h"	42	#include "rsa.h"
		43	#include "ssh-dss.h"
		44	#include "ssh-rsa.h"
43	#include "uuencode.h"	45	#include "uuencode.h"
		46	#include "buffer.h"
		47	#include "bufaux.h"
44		48
45	RCSID("$OpenBSD: key.c,v 1.11 2000/09/07 20:27:51 deraadt Exp $");	49	RCSID("$OpenBSD: key.c,v 1.12 2000/11/12 19:50:37 markus Exp $");
46
47	#define SSH_DSS "ssh-dss"
48		50
49	Key *	51	Key *
50	key_new(int type)	52	key_new(int type)
@@ -57,6 +59,7 @@ key_new(int type)
57	k->dsa = NULL;	59	k->dsa = NULL;
58	k->rsa = NULL;	60	k->rsa = NULL;
59	switch (k->type) {	61	switch (k->type) {
		62	case KEY_RSA1:
60	case KEY_RSA:	63	case KEY_RSA:
61	rsa = RSA_new();	64	rsa = RSA_new();
62	rsa->n = BN_new();	65	rsa->n = BN_new();
@@ -71,7 +74,7 @@ key_new(int type)
71	dsa->pub_key = BN_new();	74	dsa->pub_key = BN_new();
72	k->dsa = dsa;	75	k->dsa = dsa;
73	break;	76	break;
74	case KEY_EMPTY:	77	case KEY_UNSPEC:
75	break;	78	break;
76	default:	79	default:
77	fatal("key_new: bad key type %d", k->type);	80	fatal("key_new: bad key type %d", k->type);
@@ -79,10 +82,35 @@ key_new(int type)
79	}	82	}
80	return k;	83	return k;
81	}	84	}
		85	Key *
		86	key_new_private(int type)
		87	{
		88	Key *k = key_new(type);
		89	switch (k->type) {
		90	case KEY_RSA1:
		91	case KEY_RSA:
		92	k->rsa->d = BN_new();
		93	k->rsa->iqmp = BN_new();
		94	k->rsa->q = BN_new();
		95	k->rsa->p = BN_new();
		96	k->rsa->dmq1 = BN_new();
		97	k->rsa->dmp1 = BN_new();
		98	break;
		99	case KEY_DSA:
		100	k->dsa->priv_key = BN_new();
		101	break;
		102	case KEY_UNSPEC:
		103	break;
		104	default:
		105	break;
		106	}
		107	return k;
		108	}
82	void	109	void
83	key_free(Key *k)	110	key_free(Key *k)
84	{	111	{
85	switch (k->type) {	112	switch (k->type) {
		113	case KEY_RSA1:
86	case KEY_RSA:	114	case KEY_RSA:
87	if (k->rsa != NULL)	115	if (k->rsa != NULL)
88	RSA_free(k->rsa);	116	RSA_free(k->rsa);
@@ -93,6 +121,8 @@ key_free(Key *k)
93	DSA_free(k->dsa);	121	DSA_free(k->dsa);
94	k->dsa = NULL;	122	k->dsa = NULL;
95	break;	123	break;
		124	case KEY_UNSPEC:
		125	break;
96	default:	126	default:
97	fatal("key_free: bad key type %d", k->type);	127	fatal("key_free: bad key type %d", k->type);
98	break;	128	break;
@@ -105,6 +135,7 @@ key_equal(Key a, Key b)
105	if (a == NULL \|\| b == NULL \|\| a->type != b->type)	135	if (a == NULL \|\| b == NULL \|\| a->type != b->type)
106	return 0;	136	return 0;
107	switch (a->type) {	137	switch (a->type) {
		138	case KEY_RSA1:
108	case KEY_RSA:	139	case KEY_RSA:
109	return a->rsa != NULL && b->rsa != NULL &&	140	return a->rsa != NULL && b->rsa != NULL &&
110	BN_cmp(a->rsa->e, b->rsa->e) == 0 &&	141	BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
@@ -136,8 +167,9 @@ key_fingerprint(Key *k)
136	int len = 0;	167	int len = 0;
137	int nlen, elen;	168	int nlen, elen;
138		169
		170	retval[0] = '\0';
139	switch (k->type) {	171	switch (k->type) {
140	case KEY_RSA:	172	case KEY_RSA1:
141	nlen = BN_num_bytes(k->rsa->n);	173	nlen = BN_num_bytes(k->rsa->n);
142	elen = BN_num_bytes(k->rsa->e);	174	elen = BN_num_bytes(k->rsa->e);
143	len = nlen + elen;	175	len = nlen + elen;
@@ -146,14 +178,16 @@ key_fingerprint(Key *k)
146	BN_bn2bin(k->rsa->e, blob + nlen);	178	BN_bn2bin(k->rsa->e, blob + nlen);
147	break;	179	break;
148	case KEY_DSA:	180	case KEY_DSA:
149	dsa_make_key_blob(k, &blob, &len);	181	case KEY_RSA:
		182	key_to_blob(k, &blob, &len);
		183	break;
		184	case KEY_UNSPEC:
		185	return retval;
150	break;	186	break;
151	default:	187	default:
152	fatal("key_fingerprint: bad key type %d", k->type);	188	fatal("key_fingerprint: bad key type %d", k->type);
153	break;	189	break;
154	}	190	}
155	retval[0] = '\0';
156
157	if (blob != NULL) {	191	if (blob != NULL) {
158	int i;	192	int i;
159	unsigned char digest[EVP_MAX_MD_SIZE];	193	unsigned char digest[EVP_MAX_MD_SIZE];
@@ -229,56 +263,106 @@ write_bignum(FILE f, BIGNUM num)
229	free(buf);	263	free(buf);
230	return 1;	264	return 1;
231	}	265	}
232	unsigned int	266
		267	/* returns 1 ok, -1 error, 0 type mismatch */
		268	int
233	key_read(Key ret, char *cpp)	269	key_read(Key ret, char *cpp)
234	{	270	{
235	Key *k;	271	Key *k;
236	unsigned int bits = 0;	272	int success = -1;
237	char *cp;	273	char cp, space;
238	int len, n;	274	int len, n, type;
		275	u_int bits;
239	unsigned char *blob;	276	unsigned char *blob;
240		277
241	cp = *cpp;	278	cp = *cpp;
242		279
243	switch(ret->type) {	280	switch(ret->type) {
244	case KEY_RSA:	281	case KEY_RSA1:
245	/* Get number of bits. */	282	/* Get number of bits. */
246	if (cp < '0' \|\| cp > '9')	283	if (cp < '0' \|\| cp > '9')
247	return 0; /* Bad bit count... */	284	return -1; /* Bad bit count... */
248	for (bits = 0; cp >= '0' && cp <= '9'; cp++)	285	for (bits = 0; cp >= '0' && cp <= '9'; cp++)
249	bits = 10 * bits + *cp - '0';	286	bits = 10 * bits + *cp - '0';
250	if (bits == 0)	287	if (bits == 0)
251	return 0;	288	return -1;
252	*cpp = cp;	289	*cpp = cp;
253	/* Get public exponent, public modulus. */	290	/* Get public exponent, public modulus. */
254	if (!read_bignum(cpp, ret->rsa->e))	291	if (!read_bignum(cpp, ret->rsa->e))
255	return 0;	292	return -1;
256	if (!read_bignum(cpp, ret->rsa->n))	293	if (!read_bignum(cpp, ret->rsa->n))
257	return 0;	294	return -1;
		295	success = 1;
258	break;	296	break;
		297	case KEY_UNSPEC:
		298	case KEY_RSA:
259	case KEY_DSA:	299	case KEY_DSA:
260	if (strncmp(cp, SSH_DSS " ", 7) != 0)	300	space = strchr(cp, ' ');
		301	if (space == NULL) {
		302	debug3("key_read: no space");
		303	return -1;
		304	}
		305	*space = '\0';
		306	type = key_type_from_name(cp);
		307	*space = ' ';
		308	if (type == KEY_UNSPEC) {
		309	debug3("key_read: no key found");
		310	return -1;
		311	}
		312	cp = space+1;
		313	if (*cp == '\0') {
		314	debug3("key_read: short string");
		315	return -1;
		316	}
		317	if (ret->type == KEY_UNSPEC) {
		318	ret->type = type;
		319	} else if (ret->type != type) {
		320	/* is a key, but different type */
		321	debug3("key_read: type mismatch");
261	return 0;	322	return 0;
262	cp += 7;	323	}
263	len = 2*strlen(cp);	324	len = 2*strlen(cp);
264	blob = xmalloc(len);	325	blob = xmalloc(len);
265	n = uudecode(cp, blob, len);	326	n = uudecode(cp, blob, len);
266	if (n < 0) {	327	if (n < 0) {
267	error("key_read: uudecode %s failed", cp);	328	error("key_read: uudecode %s failed", cp);
268	return 0;	329	return -1;
269	}	330	}
270	k = dsa_key_from_blob(blob, n);	331	k = key_from_blob(blob, n);
271	if (k == NULL) {	332	if (k == NULL) {
272	error("key_read: dsa_key_from_blob %s failed", cp);	333	error("key_read: key_from_blob %s failed", cp);
273	return 0;	334	return -1;
274	}	335	}
275	xfree(blob);	336	xfree(blob);
276	if (ret->dsa != NULL)	337	if (k->type != type) {
277	DSA_free(ret->dsa);	338	error("key_read: type mismatch: encoding error");
278	ret->dsa = k->dsa;	339	key_free(k);
279	k->dsa = NULL;	340	return -1;
		341	}
		342	/XXXX/
		343	if (ret->type == KEY_RSA) {
		344	if (ret->rsa != NULL)
		345	RSA_free(ret->rsa);
		346	ret->rsa = k->rsa;
		347	k->rsa = NULL;
		348	success = 1;
		349	#ifdef DEBUG_PK
		350	RSA_print_fp(stderr, ret->rsa, 8);
		351	#endif
		352	} else {
		353	if (ret->dsa != NULL)
		354	DSA_free(ret->dsa);
		355	ret->dsa = k->dsa;
		356	k->dsa = NULL;
		357	success = 1;
		358	#ifdef DEBUG_PK
		359	DSA_print_fp(stderr, ret->dsa, 8);
		360	#endif
		361	}
		362	/XXXX/
		363	if (success != 1)
		364	break;
280	key_free(k);	365	key_free(k);
281	bits = BN_num_bits(ret->dsa->p);
282	/* advance cp: skip whitespace and data */	366	/* advance cp: skip whitespace and data */
283	while (cp == ' ' \|\| cp == '\t')	367	while (cp == ' ' \|\| cp == '\t')
284	cp++;	368	cp++;
@@ -290,7 +374,7 @@ key_read(Key ret, char *cpp)
290	fatal("key_read: bad key type: %d", ret->type);	374	fatal("key_read: bad key type: %d", ret->type);
291	break;	375	break;
292	}	376	}
293	return bits;	377	return success;
294	}	378	}
295	int	379	int
296	key_write(Key key, FILE f)	380	key_write(Key key, FILE f)
@@ -298,7 +382,7 @@ key_write(Key key, FILE f)
298	int success = 0;	382	int success = 0;
299	unsigned int bits = 0;	383	unsigned int bits = 0;
300		384
301	if (key->type == KEY_RSA && key->rsa != NULL) {	385	if (key->type == KEY_RSA1 && key->rsa != NULL) {
302	/* size of modulus 'n' */	386	/* size of modulus 'n' */
303	bits = BN_num_bits(key->rsa->n);	387	bits = BN_num_bits(key->rsa->n);
304	fprintf(f, "%u", bits);	388	fprintf(f, "%u", bits);
@@ -308,14 +392,15 @@ key_write(Key key, FILE f)
308	} else {	392	} else {
309	error("key_write: failed for RSA key");	393	error("key_write: failed for RSA key");
310	}	394	}
311	} else if (key->type == KEY_DSA && key->dsa != NULL) {	395	} else if ((key->type == KEY_DSA && key->dsa != NULL) \|\|
		396	(key->type == KEY_RSA && key->rsa != NULL)) {
312	int len, n;	397	int len, n;
313	unsigned char blob, uu;	398	unsigned char blob, uu;
314	dsa_make_key_blob(key, &blob, &len);	399	key_to_blob(key, &blob, &len);
315	uu = xmalloc(2*len);	400	uu = xmalloc(2*len);
316	n = uuencode(blob, len, uu, 2*len);	401	n = uuencode(blob, len, uu, 2*len);
317	if (n > 0) {	402	if (n > 0) {
318	fprintf(f, "%s %s", SSH_DSS, uu);	403	fprintf(f, "%s %s", key_ssh_name(key), uu);
319	success = 1;	404	success = 1;
320	}	405	}
321	xfree(blob);	406	xfree(blob);
@@ -327,6 +412,9 @@ char *
327	key_type(Key *k)	412	key_type(Key *k)
328	{	413	{
329	switch (k->type) {	414	switch (k->type) {
		415	case KEY_RSA1:
		416	return "RSA1";
		417	break;
330	case KEY_RSA:	418	case KEY_RSA:
331	return "RSA";	419	return "RSA";
332	break;	420	break;
@@ -336,9 +424,23 @@ key_type(Key *k)
336	}	424	}
337	return "unknown";	425	return "unknown";
338	}	426	}
339	unsigned int	427	char *
		428	key_ssh_name(Key *k)
		429	{
		430	switch (k->type) {
		431	case KEY_RSA:
		432	return "ssh-rsa";
		433	break;
		434	case KEY_DSA:
		435	return "ssh-dss";
		436	break;
		437	}
		438	return "ssh-unknown";
		439	}
		440	u_int
340	key_size(Key *k){	441	key_size(Key *k){
341	switch (k->type) {	442	switch (k->type) {
		443	case KEY_RSA1:
342	case KEY_RSA:	444	case KEY_RSA:
343	return BN_num_bits(k->rsa->n);	445	return BN_num_bits(k->rsa->n);
344	break;	446	break;
@@ -348,3 +450,219 @@ key_size(Key *k){
348	}	450	}
349	return 0;	451	return 0;
350	}	452	}
		453
		454	RSA *
		455	rsa_generate_private_key(unsigned int bits)
		456	{
		457	RSA *private;
		458	private = RSA_generate_key(bits, 35, NULL, NULL);
		459	if (private == NULL)
		460	fatal("rsa_generate_private_key: key generation failed.");
		461	return private;
		462	}
		463
		464	DSA*
		465	dsa_generate_private_key(unsigned int bits)
		466	{
		467	DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
		468	if (private == NULL)
		469	fatal("dsa_generate_private_key: DSA_generate_parameters failed");
		470	if (!DSA_generate_key(private))
		471	fatal("dsa_generate_private_key: DSA_generate_key failed.");
		472	if (private == NULL)
		473	fatal("dsa_generate_private_key: NULL.");
		474	return private;
		475	}
		476
		477	Key *
		478	key_generate(int type, unsigned int bits)
		479	{
		480	Key *k = key_new(KEY_UNSPEC);
		481	switch (type) {
		482	case KEY_DSA:
		483	k->dsa = dsa_generate_private_key(bits);
		484	break;
		485	case KEY_RSA:
		486	case KEY_RSA1:
		487	k->rsa = rsa_generate_private_key(bits);
		488	break;
		489	default:
		490	fatal("key_generate: unknown type %d", type);
		491	}
		492	k->type = type;
		493	return k;
		494	}
		495
		496	Key *
		497	key_from_private(Key *k)
		498	{
		499	Key *n = NULL;
		500	switch (k->type) {
		501	case KEY_DSA:
		502	n = key_new(k->type);
		503	BN_copy(n->dsa->p, k->dsa->p);
		504	BN_copy(n->dsa->q, k->dsa->q);
		505	BN_copy(n->dsa->g, k->dsa->g);
		506	BN_copy(n->dsa->pub_key, k->dsa->pub_key);
		507	break;
		508	case KEY_RSA:
		509	case KEY_RSA1:
		510	n = key_new(k->type);
		511	BN_copy(n->rsa->n, k->rsa->n);
		512	BN_copy(n->rsa->e, k->rsa->e);
		513	break;
		514	default:
		515	fatal("key_from_private: unknown type %d", k->type);
		516	break;
		517	}
		518	return n;
		519	}
		520
		521	int
		522	key_type_from_name(char *name)
		523	{
		524	if (strcmp(name, "rsa1") == 0){
		525	return KEY_RSA1;
		526	} else if (strcmp(name, "rsa") == 0){
		527	return KEY_RSA;
		528	} else if (strcmp(name, "dsa") == 0){
		529	return KEY_DSA;
		530	} else if (strcmp(name, "ssh-rsa") == 0){
		531	return KEY_RSA;
		532	} else if (strcmp(name, "ssh-dss") == 0){
		533	return KEY_DSA;
		534	}
		535	debug("key_type_from_name: unknown key type '%s'", name);
		536	return KEY_UNSPEC;
		537	}
		538
		539	Key *
		540	key_from_blob(char *blob, int blen)
		541	{
		542	Buffer b;
		543	char *ktype;
		544	int rlen, type;
		545	Key *key = NULL;
		546
		547	#ifdef DEBUG_PK
		548	dump_base64(stderr, blob, blen);
		549	#endif
		550	buffer_init(&b);
		551	buffer_append(&b, blob, blen);
		552	ktype = buffer_get_string(&b, NULL);
		553	type = key_type_from_name(ktype);
		554
		555	switch(type){
		556	case KEY_RSA:
		557	key = key_new(type);
		558	buffer_get_bignum2(&b, key->rsa->n);
		559	buffer_get_bignum2(&b, key->rsa->e);
		560	#ifdef DEBUG_PK
		561	RSA_print_fp(stderr, key->rsa, 8);
		562	#endif
		563	break;
		564	case KEY_DSA:
		565	key = key_new(type);
		566	buffer_get_bignum2(&b, key->dsa->p);
		567	buffer_get_bignum2(&b, key->dsa->q);
		568	buffer_get_bignum2(&b, key->dsa->g);
		569	buffer_get_bignum2(&b, key->dsa->pub_key);
		570	#ifdef DEBUG_PK
		571	DSA_print_fp(stderr, key->dsa, 8);
		572	#endif
		573	break;
		574	case KEY_UNSPEC:
		575	key = key_new(type);
		576	break;
		577	default:
		578	error("key_from_blob: cannot handle type %s", ktype);
		579	break;
		580	}
		581	rlen = buffer_len(&b);
		582	if (key != NULL && rlen != 0)
		583	error("key_from_blob: remaining bytes in key blob %d", rlen);
		584	xfree(ktype);
		585	buffer_free(&b);
		586	return key;
		587	}
		588
		589	int
		590	key_to_blob(Key key, unsigned char blobp, unsigned int lenp)
		591	{
		592	Buffer b;
		593	int len;
		594	unsigned char *buf;
		595
		596	if (key == NULL) {
		597	error("key_to_blob: key == NULL");
		598	return 0;
		599	}
		600	buffer_init(&b);
		601	switch(key->type){
		602	case KEY_DSA:
		603	buffer_put_cstring(&b, key_ssh_name(key));
		604	buffer_put_bignum2(&b, key->dsa->p);
		605	buffer_put_bignum2(&b, key->dsa->q);
		606	buffer_put_bignum2(&b, key->dsa->g);
		607	buffer_put_bignum2(&b, key->dsa->pub_key);
		608	break;
		609	case KEY_RSA:
		610	buffer_put_cstring(&b, key_ssh_name(key));
		611	buffer_put_bignum2(&b, key->rsa->n);
		612	buffer_put_bignum2(&b, key->rsa->e);
		613	break;
		614	default:
		615	error("key_to_blob: illegal key type %d", key->type);
		616	break;
		617	}
		618	len = buffer_len(&b);
		619	buf = xmalloc(len);
		620	memcpy(buf, buffer_ptr(&b), len);
		621	memset(buffer_ptr(&b), 0, len);
		622	buffer_free(&b);
		623	if (lenp != NULL)
		624	*lenp = len;
		625	if (blobp != NULL)
		626	*blobp = buf;
		627	return len;
		628	}
		629
		630	int
		631	key_sign(
		632	Key *key,
		633	unsigned char *sigp, int lenp,
		634	unsigned char *data, int datalen)
		635	{
		636	switch(key->type){
		637	case KEY_DSA:
		638	return ssh_dss_sign(key, sigp, lenp, data, datalen);
		639	break;
		640	case KEY_RSA:
		641	return ssh_rsa_sign(key, sigp, lenp, data, datalen);
		642	break;
		643	default:
		644	error("key_sign: illegal key type %d", key->type);
		645	return -1;
		646	break;
		647	}
		648	}
		649
		650	int
		651	key_verify(
		652	Key *key,
		653	unsigned char *signature, int signaturelen,
		654	unsigned char *data, int datalen)
		655	{
		656	switch(key->type){
		657	case KEY_DSA:
		658	return ssh_dss_verify(key, signature, signaturelen, data, datalen);
		659	break;
		660	case KEY_RSA:
		661	return ssh_rsa_verify(key, signature, signaturelen, data, datalen);
		662	break;
		663	default:
		664	error("key_verify: illegal key type %d", key->type);
		665	return -1;
		666	break;
		667	}
		668	}