diff options
Diffstat (limited to 'key.c')
| -rw-r--r-- | key.c | 510 |
1 files changed, 444 insertions, 66 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: key.c,v 1.104 2013/05/19 02:42:42 djm Exp $ */ | 1 | /* $OpenBSD: key.c,v 1.115 2014/01/09 23:20:00 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * read_bignum(): | 3 | * read_bignum(): |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -39,6 +39,8 @@ | |||
| 39 | #include <sys/param.h> | 39 | #include <sys/param.h> |
| 40 | #include <sys/types.h> | 40 | #include <sys/types.h> |
| 41 | 41 | ||
| 42 | #include "crypto_api.h" | ||
| 43 | |||
| 42 | #include <openssl/evp.h> | 44 | #include <openssl/evp.h> |
| 43 | #include <openbsd-compat/openssl-compat.h> | 45 | #include <openbsd-compat/openssl-compat.h> |
| 44 | 46 | ||
| @@ -54,8 +56,10 @@ | |||
| 54 | #include "log.h" | 56 | #include "log.h" |
| 55 | #include "misc.h" | 57 | #include "misc.h" |
| 56 | #include "ssh2.h" | 58 | #include "ssh2.h" |
| 59 | #include "digest.h" | ||
| 57 | 60 | ||
| 58 | static int to_blob(const Key *, u_char **, u_int *, int); | 61 | static int to_blob(const Key *, u_char **, u_int *, int); |
| 62 | static Key *key_from_blob2(const u_char *, u_int, int); | ||
| 59 | 63 | ||
| 60 | static struct KeyCert * | 64 | static struct KeyCert * |
| 61 | cert_new(void) | 65 | cert_new(void) |
| @@ -85,6 +89,8 @@ key_new(int type) | |||
| 85 | k->dsa = NULL; | 89 | k->dsa = NULL; |
| 86 | k->rsa = NULL; | 90 | k->rsa = NULL; |
| 87 | k->cert = NULL; | 91 | k->cert = NULL; |
| 92 | k->ed25519_sk = NULL; | ||
| 93 | k->ed25519_pk = NULL; | ||
| 88 | switch (k->type) { | 94 | switch (k->type) { |
| 89 | case KEY_RSA1: | 95 | case KEY_RSA1: |
| 90 | case KEY_RSA: | 96 | case KEY_RSA: |
| @@ -119,6 +125,10 @@ key_new(int type) | |||
| 119 | /* Cannot do anything until we know the group */ | 125 | /* Cannot do anything until we know the group */ |
| 120 | break; | 126 | break; |
| 121 | #endif | 127 | #endif |
| 128 | case KEY_ED25519: | ||
| 129 | case KEY_ED25519_CERT: | ||
| 130 | /* no need to prealloc */ | ||
| 131 | break; | ||
| 122 | case KEY_UNSPEC: | 132 | case KEY_UNSPEC: |
| 123 | break; | 133 | break; |
| 124 | default: | 134 | default: |
| @@ -163,6 +173,10 @@ key_add_private(Key *k) | |||
| 163 | case KEY_ECDSA_CERT: | 173 | case KEY_ECDSA_CERT: |
| 164 | /* Cannot do anything until we know the group */ | 174 | /* Cannot do anything until we know the group */ |
| 165 | break; | 175 | break; |
| 176 | case KEY_ED25519: | ||
| 177 | case KEY_ED25519_CERT: | ||
| 178 | /* no need to prealloc */ | ||
| 179 | break; | ||
| 166 | case KEY_UNSPEC: | 180 | case KEY_UNSPEC: |
| 167 | break; | 181 | break; |
| 168 | default: | 182 | default: |
| @@ -225,6 +239,19 @@ key_free(Key *k) | |||
| 225 | k->ecdsa = NULL; | 239 | k->ecdsa = NULL; |
| 226 | break; | 240 | break; |
| 227 | #endif | 241 | #endif |
| 242 | case KEY_ED25519: | ||
| 243 | case KEY_ED25519_CERT: | ||
| 244 | if (k->ed25519_pk) { | ||
| 245 | memset(k->ed25519_pk, 0, ED25519_PK_SZ); | ||
| 246 | free(k->ed25519_pk); | ||
| 247 | k->ed25519_pk = NULL; | ||
| 248 | } | ||
| 249 | if (k->ed25519_sk) { | ||
| 250 | memset(k->ed25519_sk, 0, ED25519_SK_SZ); | ||
| 251 | free(k->ed25519_sk); | ||
| 252 | k->ed25519_sk = NULL; | ||
| 253 | } | ||
| 254 | break; | ||
| 228 | case KEY_UNSPEC: | 255 | case KEY_UNSPEC: |
| 229 | break; | 256 | break; |
| 230 | default: | 257 | default: |
| @@ -306,6 +333,10 @@ key_equal_public(const Key *a, const Key *b) | |||
| 306 | BN_CTX_free(bnctx); | 333 | BN_CTX_free(bnctx); |
| 307 | return 1; | 334 | return 1; |
| 308 | #endif /* OPENSSL_HAS_ECC */ | 335 | #endif /* OPENSSL_HAS_ECC */ |
| 336 | case KEY_ED25519: | ||
| 337 | case KEY_ED25519_CERT: | ||
| 338 | return a->ed25519_pk != NULL && b->ed25519_pk != NULL && | ||
| 339 | memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0; | ||
| 309 | default: | 340 | default: |
| 310 | fatal("key_equal: bad key type %d", a->type); | 341 | fatal("key_equal: bad key type %d", a->type); |
| 311 | } | 342 | } |
| @@ -328,30 +359,26 @@ u_char* | |||
| 328 | key_fingerprint_raw(const Key *k, enum fp_type dgst_type, | 359 | key_fingerprint_raw(const Key *k, enum fp_type dgst_type, |
| 329 | u_int *dgst_raw_length) | 360 | u_int *dgst_raw_length) |
| 330 | { | 361 | { |
| 331 | const EVP_MD *md = NULL; | ||
| 332 | EVP_MD_CTX ctx; | ||
| 333 | u_char *blob = NULL; | 362 | u_char *blob = NULL; |
| 334 | u_char *retval = NULL; | 363 | u_char *retval = NULL; |
| 335 | u_int len = 0; | 364 | u_int len = 0; |
| 336 | int nlen, elen; | 365 | int nlen, elen, hash_alg = -1; |
| 337 | 366 | ||
| 338 | *dgst_raw_length = 0; | 367 | *dgst_raw_length = 0; |
| 339 | 368 | ||
| 369 | /* XXX switch to DIGEST_* directly? */ | ||
| 340 | switch (dgst_type) { | 370 | switch (dgst_type) { |
| 341 | case SSH_FP_MD5: | 371 | case SSH_FP_MD5: |
| 342 | md = EVP_md5(); | 372 | hash_alg = SSH_DIGEST_MD5; |
| 343 | break; | 373 | break; |
| 344 | case SSH_FP_SHA1: | 374 | case SSH_FP_SHA1: |
| 345 | md = EVP_sha1(); | 375 | hash_alg = SSH_DIGEST_SHA1; |
| 346 | break; | 376 | break; |
| 347 | #ifdef HAVE_EVP_SHA256 | ||
| 348 | case SSH_FP_SHA256: | 377 | case SSH_FP_SHA256: |
| 349 | md = EVP_sha256(); | 378 | hash_alg = SSH_DIGEST_SHA256; |
| 350 | break; | 379 | break; |
| 351 | #endif | ||
| 352 | default: | 380 | default: |
| 353 | fatal("key_fingerprint_raw: bad digest type %d", | 381 | fatal("%s: bad digest type %d", __func__, dgst_type); |
| 354 | dgst_type); | ||
| 355 | } | 382 | } |
| 356 | switch (k->type) { | 383 | switch (k->type) { |
| 357 | case KEY_RSA1: | 384 | case KEY_RSA1: |
| @@ -365,6 +392,7 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type, | |||
| 365 | case KEY_DSA: | 392 | case KEY_DSA: |
| 366 | case KEY_ECDSA: | 393 | case KEY_ECDSA: |
| 367 | case KEY_RSA: | 394 | case KEY_RSA: |
| 395 | case KEY_ED25519: | ||
| 368 | key_to_blob(k, &blob, &len); | 396 | key_to_blob(k, &blob, &len); |
| 369 | break; | 397 | break; |
| 370 | case KEY_DSA_CERT_V00: | 398 | case KEY_DSA_CERT_V00: |
| @@ -372,24 +400,26 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type, | |||
| 372 | case KEY_DSA_CERT: | 400 | case KEY_DSA_CERT: |
| 373 | case KEY_ECDSA_CERT: | 401 | case KEY_ECDSA_CERT: |
| 374 | case KEY_RSA_CERT: | 402 | case KEY_RSA_CERT: |
| 403 | case KEY_ED25519_CERT: | ||
| 375 | /* We want a fingerprint of the _key_ not of the cert */ | 404 | /* We want a fingerprint of the _key_ not of the cert */ |
| 376 | to_blob(k, &blob, &len, 1); | 405 | to_blob(k, &blob, &len, 1); |
| 377 | break; | 406 | break; |
| 378 | case KEY_UNSPEC: | 407 | case KEY_UNSPEC: |
| 379 | return retval; | 408 | return retval; |
| 380 | default: | 409 | default: |
| 381 | fatal("key_fingerprint_raw: bad key type %d", k->type); | 410 | fatal("%s: bad key type %d", __func__, k->type); |
| 382 | break; | 411 | break; |
| 383 | } | 412 | } |
| 384 | if (blob != NULL) { | 413 | if (blob != NULL) { |
| 385 | retval = xmalloc(EVP_MAX_MD_SIZE); | 414 | retval = xmalloc(SSH_DIGEST_MAX_LENGTH); |
| 386 | EVP_DigestInit(&ctx, md); | 415 | if ((ssh_digest_memory(hash_alg, blob, len, |
| 387 | EVP_DigestUpdate(&ctx, blob, len); | 416 | retval, SSH_DIGEST_MAX_LENGTH)) != 0) |
| 388 | EVP_DigestFinal(&ctx, retval, dgst_raw_length); | 417 | fatal("%s: digest_memory failed", __func__); |
| 389 | memset(blob, 0, len); | 418 | memset(blob, 0, len); |
| 390 | free(blob); | 419 | free(blob); |
| 420 | *dgst_raw_length = ssh_digest_bytes(hash_alg); | ||
| 391 | } else { | 421 | } else { |
| 392 | fatal("key_fingerprint_raw: blob is null"); | 422 | fatal("%s: blob is null", __func__); |
| 393 | } | 423 | } |
| 394 | return retval; | 424 | return retval; |
| 395 | } | 425 | } |
| @@ -698,11 +728,13 @@ key_read(Key *ret, char **cpp) | |||
| 698 | case KEY_RSA: | 728 | case KEY_RSA: |
| 699 | case KEY_DSA: | 729 | case KEY_DSA: |
| 700 | case KEY_ECDSA: | 730 | case KEY_ECDSA: |
| 731 | case KEY_ED25519: | ||
| 701 | case KEY_DSA_CERT_V00: | 732 | case KEY_DSA_CERT_V00: |
| 702 | case KEY_RSA_CERT_V00: | 733 | case KEY_RSA_CERT_V00: |
| 703 | case KEY_DSA_CERT: | 734 | case KEY_DSA_CERT: |
| 704 | case KEY_ECDSA_CERT: | 735 | case KEY_ECDSA_CERT: |
| 705 | case KEY_RSA_CERT: | 736 | case KEY_RSA_CERT: |
| 737 | case KEY_ED25519_CERT: | ||
| 706 | space = strchr(cp, ' '); | 738 | space = strchr(cp, ' '); |
| 707 | if (space == NULL) { | 739 | if (space == NULL) { |
| 708 | debug3("key_read: missing whitespace"); | 740 | debug3("key_read: missing whitespace"); |
| @@ -804,6 +836,14 @@ key_read(Key *ret, char **cpp) | |||
| 804 | #endif | 836 | #endif |
| 805 | } | 837 | } |
| 806 | #endif | 838 | #endif |
| 839 | if (key_type_plain(ret->type) == KEY_ED25519) { | ||
| 840 | free(ret->ed25519_pk); | ||
| 841 | ret->ed25519_pk = k->ed25519_pk; | ||
| 842 | k->ed25519_pk = NULL; | ||
| 843 | #ifdef DEBUG_PK | ||
| 844 | /* XXX */ | ||
| 845 | #endif | ||
| 846 | } | ||
| 807 | success = 1; | 847 | success = 1; |
| 808 | /*XXXX*/ | 848 | /*XXXX*/ |
| 809 | key_free(k); | 849 | key_free(k); |
| @@ -867,6 +907,11 @@ key_write(const Key *key, FILE *f) | |||
| 867 | return 0; | 907 | return 0; |
| 868 | break; | 908 | break; |
| 869 | #endif | 909 | #endif |
| 910 | case KEY_ED25519: | ||
| 911 | case KEY_ED25519_CERT: | ||
| 912 | if (key->ed25519_pk == NULL) | ||
| 913 | return 0; | ||
| 914 | break; | ||
| 870 | case KEY_RSA: | 915 | case KEY_RSA: |
| 871 | case KEY_RSA_CERT_V00: | 916 | case KEY_RSA_CERT_V00: |
| 872 | case KEY_RSA_CERT: | 917 | case KEY_RSA_CERT: |
| @@ -914,10 +959,13 @@ static const struct keytype keytypes[] = { | |||
| 914 | { NULL, "RSA1", KEY_RSA1, 0, 0 }, | 959 | { NULL, "RSA1", KEY_RSA1, 0, 0 }, |
| 915 | { "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, | 960 | { "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, |
| 916 | { "ssh-dss", "DSA", KEY_DSA, 0, 0 }, | 961 | { "ssh-dss", "DSA", KEY_DSA, 0, 0 }, |
| 962 | { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 }, | ||
| 917 | #ifdef OPENSSL_HAS_ECC | 963 | #ifdef OPENSSL_HAS_ECC |
| 918 | { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 }, | 964 | { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 }, |
| 919 | { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 }, | 965 | { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 }, |
| 966 | # ifdef OPENSSL_HAS_NISTP521 | ||
| 920 | { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 }, | 967 | { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 }, |
| 968 | # endif | ||
| 921 | #endif /* OPENSSL_HAS_ECC */ | 969 | #endif /* OPENSSL_HAS_ECC */ |
| 922 | { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 }, | 970 | { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 }, |
| 923 | { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 }, | 971 | { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 }, |
| @@ -926,13 +974,17 @@ static const struct keytype keytypes[] = { | |||
| 926 | KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1 }, | 974 | KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1 }, |
| 927 | { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", | 975 | { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", |
| 928 | KEY_ECDSA_CERT, NID_secp384r1, 1 }, | 976 | KEY_ECDSA_CERT, NID_secp384r1, 1 }, |
| 977 | # ifdef OPENSSL_HAS_NISTP521 | ||
| 929 | { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", | 978 | { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", |
| 930 | KEY_ECDSA_CERT, NID_secp521r1, 1 }, | 979 | KEY_ECDSA_CERT, NID_secp521r1, 1 }, |
| 980 | # endif | ||
| 931 | #endif /* OPENSSL_HAS_ECC */ | 981 | #endif /* OPENSSL_HAS_ECC */ |
| 932 | { "ssh-rsa-cert-v00@openssh.com", "RSA-CERT-V00", | 982 | { "ssh-rsa-cert-v00@openssh.com", "RSA-CERT-V00", |
| 933 | KEY_RSA_CERT_V00, 0, 1 }, | 983 | KEY_RSA_CERT_V00, 0, 1 }, |
| 934 | { "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00", | 984 | { "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00", |
| 935 | KEY_DSA_CERT_V00, 0, 1 }, | 985 | KEY_DSA_CERT_V00, 0, 1 }, |
| 986 | { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", | ||
| 987 | KEY_ED25519_CERT, 0, 1 }, | ||
| 936 | { NULL, NULL, -1, -1, 0 } | 988 | { NULL, NULL, -1, -1, 0 } |
| 937 | }; | 989 | }; |
| 938 | 990 | ||
| @@ -1004,7 +1056,7 @@ key_ecdsa_nid_from_name(const char *name) | |||
| 1004 | } | 1056 | } |
| 1005 | 1057 | ||
| 1006 | char * | 1058 | char * |
| 1007 | key_alg_list(void) | 1059 | key_alg_list(int certs_only, int plain_only) |
| 1008 | { | 1060 | { |
| 1009 | char *ret = NULL; | 1061 | char *ret = NULL; |
| 1010 | size_t nlen, rlen = 0; | 1062 | size_t nlen, rlen = 0; |
| @@ -1013,6 +1065,8 @@ key_alg_list(void) | |||
| 1013 | for (kt = keytypes; kt->type != -1; kt++) { | 1065 | for (kt = keytypes; kt->type != -1; kt++) { |
| 1014 | if (kt->name == NULL) | 1066 | if (kt->name == NULL) |
| 1015 | continue; | 1067 | continue; |
| 1068 | if ((certs_only && !kt->cert) || (plain_only && kt->cert)) | ||
| 1069 | continue; | ||
| 1016 | if (ret != NULL) | 1070 | if (ret != NULL) |
| 1017 | ret[rlen++] = '\n'; | 1071 | ret[rlen++] = '\n'; |
| 1018 | nlen = strlen(kt->name); | 1072 | nlen = strlen(kt->name); |
| @@ -1023,6 +1077,32 @@ key_alg_list(void) | |||
| 1023 | return ret; | 1077 | return ret; |
| 1024 | } | 1078 | } |
| 1025 | 1079 | ||
| 1080 | int | ||
| 1081 | key_type_is_cert(int type) | ||
| 1082 | { | ||
| 1083 | const struct keytype *kt; | ||
| 1084 | |||
| 1085 | for (kt = keytypes; kt->type != -1; kt++) { | ||
| 1086 | if (kt->type == type) | ||
| 1087 | return kt->cert; | ||
| 1088 | } | ||
| 1089 | return 0; | ||
| 1090 | } | ||
| 1091 | |||
| 1092 | static int | ||
| 1093 | key_type_is_valid_ca(int type) | ||
| 1094 | { | ||
| 1095 | switch (type) { | ||
| 1096 | case KEY_RSA: | ||
| 1097 | case KEY_DSA: | ||
| 1098 | case KEY_ECDSA: | ||
| 1099 | case KEY_ED25519: | ||
| 1100 | return 1; | ||
| 1101 | default: | ||
| 1102 | return 0; | ||
| 1103 | } | ||
| 1104 | } | ||
| 1105 | |||
| 1026 | u_int | 1106 | u_int |
| 1027 | key_size(const Key *k) | 1107 | key_size(const Key *k) |
| 1028 | { | 1108 | { |
| @@ -1036,6 +1116,8 @@ key_size(const Key *k) | |||
| 1036 | case KEY_DSA_CERT_V00: | 1116 | case KEY_DSA_CERT_V00: |
| 1037 | case KEY_DSA_CERT: | 1117 | case KEY_DSA_CERT: |
| 1038 | return BN_num_bits(k->dsa->p); | 1118 | return BN_num_bits(k->dsa->p); |
| 1119 | case KEY_ED25519: | ||
| 1120 | return 256; /* XXX */ | ||
| 1039 | #ifdef OPENSSL_HAS_ECC | 1121 | #ifdef OPENSSL_HAS_ECC |
| 1040 | case KEY_ECDSA: | 1122 | case KEY_ECDSA: |
| 1041 | case KEY_ECDSA_CERT: | 1123 | case KEY_ECDSA_CERT: |
| @@ -1087,8 +1169,10 @@ key_ecdsa_bits_to_nid(int bits) | |||
| 1087 | return NID_X9_62_prime256v1; | 1169 | return NID_X9_62_prime256v1; |
| 1088 | case 384: | 1170 | case 384: |
| 1089 | return NID_secp384r1; | 1171 | return NID_secp384r1; |
| 1172 | # ifdef OPENSSL_HAS_NISTP521 | ||
| 1090 | case 521: | 1173 | case 521: |
| 1091 | return NID_secp521r1; | 1174 | return NID_secp521r1; |
| 1175 | # endif | ||
| 1092 | #endif | 1176 | #endif |
| 1093 | default: | 1177 | default: |
| 1094 | return -1; | 1178 | return -1; |
| @@ -1103,7 +1187,9 @@ key_ecdsa_key_to_nid(EC_KEY *k) | |||
| 1103 | int nids[] = { | 1187 | int nids[] = { |
| 1104 | NID_X9_62_prime256v1, | 1188 | NID_X9_62_prime256v1, |
| 1105 | NID_secp384r1, | 1189 | NID_secp384r1, |
| 1190 | # ifdef OPENSSL_HAS_NISTP521 | ||
| 1106 | NID_secp521r1, | 1191 | NID_secp521r1, |
| 1192 | # endif | ||
| 1107 | -1 | 1193 | -1 |
| 1108 | }; | 1194 | }; |
| 1109 | int nid; | 1195 | int nid; |
| @@ -1175,6 +1261,11 @@ key_generate(int type, u_int bits) | |||
| 1175 | case KEY_RSA1: | 1261 | case KEY_RSA1: |
| 1176 | k->rsa = rsa_generate_private_key(bits); | 1262 | k->rsa = rsa_generate_private_key(bits); |
| 1177 | break; | 1263 | break; |
| 1264 | case KEY_ED25519: | ||
| 1265 | k->ed25519_pk = xmalloc(ED25519_PK_SZ); | ||
| 1266 | k->ed25519_sk = xmalloc(ED25519_SK_SZ); | ||
| 1267 | crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk); | ||
| 1268 | break; | ||
| 1178 | case KEY_RSA_CERT_V00: | 1269 | case KEY_RSA_CERT_V00: |
| 1179 | case KEY_DSA_CERT_V00: | 1270 | case KEY_DSA_CERT_V00: |
| 1180 | case KEY_RSA_CERT: | 1271 | case KEY_RSA_CERT: |
| @@ -1268,6 +1359,14 @@ key_from_private(const Key *k) | |||
| 1268 | (BN_copy(n->rsa->e, k->rsa->e) == NULL)) | 1359 | (BN_copy(n->rsa->e, k->rsa->e) == NULL)) |
| 1269 | fatal("key_from_private: BN_copy failed"); | 1360 | fatal("key_from_private: BN_copy failed"); |
| 1270 | break; | 1361 | break; |
| 1362 | case KEY_ED25519: | ||
| 1363 | case KEY_ED25519_CERT: | ||
| 1364 | n = key_new(k->type); | ||
| 1365 | if (k->ed25519_pk != NULL) { | ||
| 1366 | n->ed25519_pk = xmalloc(ED25519_PK_SZ); | ||
| 1367 | memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); | ||
| 1368 | } | ||
| 1369 | break; | ||
| 1271 | default: | 1370 | default: |
| 1272 | fatal("key_from_private: unknown type %d", k->type); | 1371 | fatal("key_from_private: unknown type %d", k->type); |
| 1273 | break; | 1372 | break; |
| @@ -1387,14 +1486,12 @@ cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen) | |||
| 1387 | } | 1486 | } |
| 1388 | buffer_clear(&tmp); | 1487 | buffer_clear(&tmp); |
| 1389 | 1488 | ||
| 1390 | if ((key->cert->signature_key = key_from_blob(sig_key, | 1489 | if ((key->cert->signature_key = key_from_blob2(sig_key, sklen, 0)) |
| 1391 | sklen)) == NULL) { | 1490 | == NULL) { |
| 1392 | error("%s: Signature key invalid", __func__); | 1491 | error("%s: Signature key invalid", __func__); |
| 1393 | goto out; | 1492 | goto out; |
| 1394 | } | 1493 | } |
| 1395 | if (key->cert->signature_key->type != KEY_RSA && | 1494 | if (!key_type_is_valid_ca(key->cert->signature_key->type)) { |
| 1396 | key->cert->signature_key->type != KEY_DSA && | ||
| 1397 | key->cert->signature_key->type != KEY_ECDSA) { | ||
| 1398 | error("%s: Invalid signature key type %s (%d)", __func__, | 1495 | error("%s: Invalid signature key type %s (%d)", __func__, |
| 1399 | key_type(key->cert->signature_key), | 1496 | key_type(key->cert->signature_key), |
| 1400 | key->cert->signature_key->type); | 1497 | key->cert->signature_key->type); |
| @@ -1425,12 +1522,14 @@ cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen) | |||
| 1425 | return ret; | 1522 | return ret; |
| 1426 | } | 1523 | } |
| 1427 | 1524 | ||
| 1428 | Key * | 1525 | static Key * |
| 1429 | key_from_blob(const u_char *blob, u_int blen) | 1526 | key_from_blob2(const u_char *blob, u_int blen, int allow_cert) |
| 1430 | { | 1527 | { |
| 1431 | Buffer b; | 1528 | Buffer b; |
| 1432 | int rlen, type; | 1529 | int rlen, type; |
| 1530 | u_int len; | ||
| 1433 | char *ktype = NULL, *curve = NULL; | 1531 | char *ktype = NULL, *curve = NULL; |
| 1532 | u_char *pk = NULL; | ||
| 1434 | Key *key = NULL; | 1533 | Key *key = NULL; |
| 1435 | #ifdef OPENSSL_HAS_ECC | 1534 | #ifdef OPENSSL_HAS_ECC |
| 1436 | EC_POINT *q = NULL; | 1535 | EC_POINT *q = NULL; |
| @@ -1452,7 +1551,10 @@ key_from_blob(const u_char *blob, u_int blen) | |||
| 1452 | if (key_type_plain(type) == KEY_ECDSA) | 1551 | if (key_type_plain(type) == KEY_ECDSA) |
| 1453 | nid = key_ecdsa_nid_from_name(ktype); | 1552 | nid = key_ecdsa_nid_from_name(ktype); |
| 1454 | #endif | 1553 | #endif |
| 1455 | 1554 | if (!allow_cert && key_type_is_cert(type)) { | |
| 1555 | error("key_from_blob: certificate not allowed in this context"); | ||
| 1556 | goto out; | ||
| 1557 | } | ||
| 1456 | switch (type) { | 1558 | switch (type) { |
| 1457 | case KEY_RSA_CERT: | 1559 | case KEY_RSA_CERT: |
| 1458 | (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ | 1560 | (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ |
| @@ -1526,6 +1628,23 @@ key_from_blob(const u_char *blob, u_int blen) | |||
| 1526 | #endif | 1628 | #endif |
| 1527 | break; | 1629 | break; |
| 1528 | #endif /* OPENSSL_HAS_ECC */ | 1630 | #endif /* OPENSSL_HAS_ECC */ |
| 1631 | case KEY_ED25519_CERT: | ||
| 1632 | (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ | ||
| 1633 | /* FALLTHROUGH */ | ||
| 1634 | case KEY_ED25519: | ||
| 1635 | if ((pk = buffer_get_string_ret(&b, &len)) == NULL) { | ||
| 1636 | error("key_from_blob: can't read ed25519 key"); | ||
| 1637 | goto badkey; | ||
| 1638 | } | ||
| 1639 | if (len != ED25519_PK_SZ) { | ||
| 1640 | error("key_from_blob: ed25519 len %d != %d", | ||
| 1641 | len, ED25519_PK_SZ); | ||
| 1642 | goto badkey; | ||
| 1643 | } | ||
| 1644 | key = key_new(type); | ||
| 1645 | key->ed25519_pk = pk; | ||
| 1646 | pk = NULL; | ||
| 1647 | break; | ||
| 1529 | case KEY_UNSPEC: | 1648 | case KEY_UNSPEC: |
| 1530 | key = key_new(type); | 1649 | key = key_new(type); |
| 1531 | break; | 1650 | break; |
| @@ -1543,6 +1662,7 @@ key_from_blob(const u_char *blob, u_int blen) | |||
| 1543 | out: | 1662 | out: |
| 1544 | free(ktype); | 1663 | free(ktype); |
| 1545 | free(curve); | 1664 | free(curve); |
| 1665 | free(pk); | ||
| 1546 | #ifdef OPENSSL_HAS_ECC | 1666 | #ifdef OPENSSL_HAS_ECC |
| 1547 | if (q != NULL) | 1667 | if (q != NULL) |
| 1548 | EC_POINT_free(q); | 1668 | EC_POINT_free(q); |
| @@ -1551,12 +1671,22 @@ key_from_blob(const u_char *blob, u_int blen) | |||
| 1551 | return key; | 1671 | return key; |
| 1552 | } | 1672 | } |
| 1553 | 1673 | ||
| 1674 | Key * | ||
| 1675 | key_from_blob(const u_char *blob, u_int blen) | ||
| 1676 | { | ||
| 1677 | return key_from_blob2(blob, blen, 1); | ||
| 1678 | } | ||
| 1679 | |||
| 1554 | static int | 1680 | static int |
| 1555 | to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain) | 1681 | to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain) |
| 1556 | { | 1682 | { |
| 1557 | Buffer b; | 1683 | Buffer b; |
| 1558 | int len, type; | 1684 | int len, type; |
| 1559 | 1685 | ||
| 1686 | if (blobp != NULL) | ||
| 1687 | *blobp = NULL; | ||
| 1688 | if (lenp != NULL) | ||
| 1689 | *lenp = 0; | ||
| 1560 | if (key == NULL) { | 1690 | if (key == NULL) { |
| 1561 | error("key_to_blob: key == NULL"); | 1691 | error("key_to_blob: key == NULL"); |
| 1562 | return 0; | 1692 | return 0; |
| @@ -1569,6 +1699,7 @@ to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain) | |||
| 1569 | case KEY_DSA_CERT: | 1699 | case KEY_DSA_CERT: |
| 1570 | case KEY_ECDSA_CERT: | 1700 | case KEY_ECDSA_CERT: |
| 1571 | case KEY_RSA_CERT: | 1701 | case KEY_RSA_CERT: |
| 1702 | case KEY_ED25519_CERT: | ||
| 1572 | /* Use the existing blob */ | 1703 | /* Use the existing blob */ |
| 1573 | buffer_append(&b, buffer_ptr(&key->cert->certblob), | 1704 | buffer_append(&b, buffer_ptr(&key->cert->certblob), |
| 1574 | buffer_len(&key->cert->certblob)); | 1705 | buffer_len(&key->cert->certblob)); |
| @@ -1596,6 +1727,11 @@ to_blob(const Key *key, u_char **blobp, u_int *lenp, int force_plain) | |||
| 1596 | buffer_put_bignum2(&b, key->rsa->e); | 1727 | buffer_put_bignum2(&b, key->rsa->e); |
| 1597 | buffer_put_bignum2(&b, key->rsa->n); | 1728 | buffer_put_bignum2(&b, key->rsa->n); |
| 1598 | break; | 1729 | break; |
| 1730 | case KEY_ED25519: | ||
| 1731 | buffer_put_cstring(&b, | ||
| 1732 | key_ssh_name_from_type_nid(type, key->ecdsa_nid)); | ||
| 1733 | buffer_put_string(&b, key->ed25519_pk, ED25519_PK_SZ); | ||
| 1734 | break; | ||
| 1599 | default: | 1735 | default: |
| 1600 | error("key_to_blob: unsupported key type %d", key->type); | 1736 | error("key_to_blob: unsupported key type %d", key->type); |
| 1601 | buffer_free(&b); | 1737 | buffer_free(&b); |
| @@ -1639,6 +1775,9 @@ key_sign( | |||
| 1639 | case KEY_RSA_CERT: | 1775 | case KEY_RSA_CERT: |
| 1640 | case KEY_RSA: | 1776 | case KEY_RSA: |
| 1641 | return ssh_rsa_sign(key, sigp, lenp, data, datalen); | 1777 | return ssh_rsa_sign(key, sigp, lenp, data, datalen); |
| 1778 | case KEY_ED25519: | ||
| 1779 | case KEY_ED25519_CERT: | ||
| 1780 | return ssh_ed25519_sign(key, sigp, lenp, data, datalen); | ||
| 1642 | default: | 1781 | default: |
| 1643 | error("key_sign: invalid key type %d", key->type); | 1782 | error("key_sign: invalid key type %d", key->type); |
| 1644 | return -1; | 1783 | return -1; |
| @@ -1672,6 +1811,9 @@ key_verify( | |||
| 1672 | case KEY_RSA_CERT: | 1811 | case KEY_RSA_CERT: |
| 1673 | case KEY_RSA: | 1812 | case KEY_RSA: |
| 1674 | return ssh_rsa_verify(key, signature, signaturelen, data, datalen); | 1813 | return ssh_rsa_verify(key, signature, signaturelen, data, datalen); |
| 1814 | case KEY_ED25519: | ||
| 1815 | case KEY_ED25519_CERT: | ||
| 1816 | return ssh_ed25519_verify(key, signature, signaturelen, data, datalen); | ||
| 1675 | default: | 1817 | default: |
| 1676 | error("key_verify: invalid key type %d", key->type); | 1818 | error("key_verify: invalid key type %d", key->type); |
| 1677 | return -1; | 1819 | return -1; |
| @@ -1691,6 +1833,8 @@ key_demote(const Key *k) | |||
| 1691 | pk->dsa = NULL; | 1833 | pk->dsa = NULL; |
| 1692 | pk->ecdsa = NULL; | 1834 | pk->ecdsa = NULL; |
| 1693 | pk->rsa = NULL; | 1835 | pk->rsa = NULL; |
| 1836 | pk->ed25519_pk = NULL; | ||
| 1837 | pk->ed25519_sk = NULL; | ||
| 1694 | 1838 | ||
| 1695 | switch (k->type) { | 1839 | switch (k->type) { |
| 1696 | case KEY_RSA_CERT_V00: | 1840 | case KEY_RSA_CERT_V00: |
| @@ -1734,8 +1878,17 @@ key_demote(const Key *k) | |||
| 1734 | fatal("key_demote: EC_KEY_set_public_key failed"); | 1878 | fatal("key_demote: EC_KEY_set_public_key failed"); |
| 1735 | break; | 1879 | break; |
| 1736 | #endif | 1880 | #endif |
| 1881 | case KEY_ED25519_CERT: | ||
| 1882 | key_cert_copy(k, pk); | ||
| 1883 | /* FALLTHROUGH */ | ||
| 1884 | case KEY_ED25519: | ||
| 1885 | if (k->ed25519_pk != NULL) { | ||
| 1886 | pk->ed25519_pk = xmalloc(ED25519_PK_SZ); | ||
| 1887 | memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); | ||
| 1888 | } | ||
| 1889 | break; | ||
| 1737 | default: | 1890 | default: |
| 1738 | fatal("key_free: bad key type %d", k->type); | 1891 | fatal("key_demote: bad key type %d", k->type); |
| 1739 | break; | 1892 | break; |
| 1740 | } | 1893 | } |
| 1741 | 1894 | ||
| @@ -1747,16 +1900,7 @@ key_is_cert(const Key *k) | |||
| 1747 | { | 1900 | { |
| 1748 | if (k == NULL) | 1901 | if (k == NULL) |
| 1749 | return 0; | 1902 | return 0; |
| 1750 | switch (k->type) { | 1903 | return key_type_is_cert(k->type); |
| 1751 | case KEY_RSA_CERT_V00: | ||
| 1752 | case KEY_DSA_CERT_V00: | ||
| 1753 | case KEY_RSA_CERT: | ||
| 1754 | case KEY_DSA_CERT: | ||
| 1755 | case KEY_ECDSA_CERT: | ||
| 1756 | return 1; | ||
| 1757 | default: | ||
| 1758 | return 0; | ||
| 1759 | } | ||
| 1760 | } | 1904 | } |
| 1761 | 1905 | ||
| 1762 | /* Return the cert-less equivalent to a certified key type */ | 1906 | /* Return the cert-less equivalent to a certified key type */ |
| @@ -1772,12 +1916,14 @@ key_type_plain(int type) | |||
| 1772 | return KEY_DSA; | 1916 | return KEY_DSA; |
| 1773 | case KEY_ECDSA_CERT: | 1917 | case KEY_ECDSA_CERT: |
| 1774 | return KEY_ECDSA; | 1918 | return KEY_ECDSA; |
| 1919 | case KEY_ED25519_CERT: | ||
| 1920 | return KEY_ED25519; | ||
| 1775 | default: | 1921 | default: |
| 1776 | return type; | 1922 | return type; |
| 1777 | } | 1923 | } |
| 1778 | } | 1924 | } |
| 1779 | 1925 | ||
| 1780 | /* Convert a KEY_RSA or KEY_DSA to their _CERT equivalent */ | 1926 | /* Convert a plain key to their _CERT equivalent */ |
| 1781 | int | 1927 | int |
| 1782 | key_to_certified(Key *k, int legacy) | 1928 | key_to_certified(Key *k, int legacy) |
| 1783 | { | 1929 | { |
| @@ -1797,41 +1943,34 @@ key_to_certified(Key *k, int legacy) | |||
| 1797 | k->cert = cert_new(); | 1943 | k->cert = cert_new(); |
| 1798 | k->type = KEY_ECDSA_CERT; | 1944 | k->type = KEY_ECDSA_CERT; |
| 1799 | return 0; | 1945 | return 0; |
| 1946 | case KEY_ED25519: | ||
| 1947 | if (legacy) | ||
| 1948 | fatal("%s: legacy ED25519 certificates are not " | ||
| 1949 | "supported", __func__); | ||
| 1950 | k->cert = cert_new(); | ||
| 1951 | k->type = KEY_ED25519_CERT; | ||
| 1952 | return 0; | ||
| 1800 | default: | 1953 | default: |
| 1801 | error("%s: key has incorrect type %s", __func__, key_type(k)); | 1954 | error("%s: key has incorrect type %s", __func__, key_type(k)); |
| 1802 | return -1; | 1955 | return -1; |
| 1803 | } | 1956 | } |
| 1804 | } | 1957 | } |
| 1805 | 1958 | ||
| 1806 | /* Convert a KEY_RSA_CERT or KEY_DSA_CERT to their raw key equivalent */ | 1959 | /* Convert a certificate to its raw key equivalent */ |
| 1807 | int | 1960 | int |
| 1808 | key_drop_cert(Key *k) | 1961 | key_drop_cert(Key *k) |
| 1809 | { | 1962 | { |
| 1810 | switch (k->type) { | 1963 | if (!key_type_is_cert(k->type)) { |
| 1811 | case KEY_RSA_CERT_V00: | ||
| 1812 | case KEY_RSA_CERT: | ||
| 1813 | cert_free(k->cert); | ||
| 1814 | k->type = KEY_RSA; | ||
| 1815 | return 0; | ||
| 1816 | case KEY_DSA_CERT_V00: | ||
| 1817 | case KEY_DSA_CERT: | ||
| 1818 | cert_free(k->cert); | ||
| 1819 | k->type = KEY_DSA; | ||
| 1820 | return 0; | ||
| 1821 | case KEY_ECDSA_CERT: | ||
| 1822 | cert_free(k->cert); | ||
| 1823 | k->type = KEY_ECDSA; | ||
| 1824 | return 0; | ||
| 1825 | default: | ||
| 1826 | error("%s: key has incorrect type %s", __func__, key_type(k)); | 1964 | error("%s: key has incorrect type %s", __func__, key_type(k)); |
| 1827 | return -1; | 1965 | return -1; |
| 1828 | } | 1966 | } |
| 1967 | cert_free(k->cert); | ||
| 1968 | k->cert = NULL; | ||
| 1969 | k->type = key_type_plain(k->type); | ||
| 1970 | return 0; | ||
| 1829 | } | 1971 | } |
| 1830 | 1972 | ||
| 1831 | /* | 1973 | /* Sign a certified key, (re-)generating the signed certblob. */ |
| 1832 | * Sign a KEY_RSA_CERT, KEY_DSA_CERT or KEY_ECDSA_CERT, (re-)generating | ||
| 1833 | * the signed certblob | ||
| 1834 | */ | ||
| 1835 | int | 1974 | int |
| 1836 | key_certify(Key *k, Key *ca) | 1975 | key_certify(Key *k, Key *ca) |
| 1837 | { | 1976 | { |
| @@ -1850,8 +1989,7 @@ key_certify(Key *k, Key *ca) | |||
| 1850 | return -1; | 1989 | return -1; |
| 1851 | } | 1990 | } |
| 1852 | 1991 | ||
| 1853 | if (ca->type != KEY_RSA && ca->type != KEY_DSA && | 1992 | if (!key_type_is_valid_ca(ca->type)) { |
| 1854 | ca->type != KEY_ECDSA) { | ||
| 1855 | error("%s: CA key has unsupported type %s", __func__, | 1993 | error("%s: CA key has unsupported type %s", __func__, |
| 1856 | key_type(ca)); | 1994 | key_type(ca)); |
| 1857 | return -1; | 1995 | return -1; |
| @@ -1867,6 +2005,7 @@ key_certify(Key *k, Key *ca) | |||
| 1867 | if (!key_cert_is_legacy(k)) | 2005 | if (!key_cert_is_legacy(k)) |
| 1868 | buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce)); | 2006 | buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce)); |
| 1869 | 2007 | ||
| 2008 | /* XXX this substantially duplicates to_blob(); refactor */ | ||
| 1870 | switch (k->type) { | 2009 | switch (k->type) { |
| 1871 | case KEY_DSA_CERT_V00: | 2010 | case KEY_DSA_CERT_V00: |
| 1872 | case KEY_DSA_CERT: | 2011 | case KEY_DSA_CERT: |
| @@ -1889,6 +2028,10 @@ key_certify(Key *k, Key *ca) | |||
| 1889 | buffer_put_bignum2(&k->cert->certblob, k->rsa->e); | 2028 | buffer_put_bignum2(&k->cert->certblob, k->rsa->e); |
| 1890 | buffer_put_bignum2(&k->cert->certblob, k->rsa->n); | 2029 | buffer_put_bignum2(&k->cert->certblob, k->rsa->n); |
| 1891 | break; | 2030 | break; |
| 2031 | case KEY_ED25519_CERT: | ||
| 2032 | buffer_put_string(&k->cert->certblob, | ||
| 2033 | k->ed25519_pk, ED25519_PK_SZ); | ||
| 2034 | break; | ||
| 1892 | default: | 2035 | default: |
| 1893 | error("%s: key has incorrect type %s", __func__, key_type(k)); | 2036 | error("%s: key has incorrect type %s", __func__, key_type(k)); |
| 1894 | buffer_clear(&k->cert->certblob); | 2037 | buffer_clear(&k->cert->certblob); |
| @@ -2018,8 +2161,10 @@ key_curve_name_to_nid(const char *name) | |||
| 2018 | return NID_X9_62_prime256v1; | 2161 | return NID_X9_62_prime256v1; |
| 2019 | else if (strcmp(name, "nistp384") == 0) | 2162 | else if (strcmp(name, "nistp384") == 0) |
| 2020 | return NID_secp384r1; | 2163 | return NID_secp384r1; |
| 2164 | # ifdef OPENSSL_HAS_NISTP521 | ||
| 2021 | else if (strcmp(name, "nistp521") == 0) | 2165 | else if (strcmp(name, "nistp521") == 0) |
| 2022 | return NID_secp521r1; | 2166 | return NID_secp521r1; |
| 2167 | # endif | ||
| 2023 | #endif | 2168 | #endif |
| 2024 | 2169 | ||
| 2025 | debug("%s: unsupported EC curve name \"%.100s\"", __func__, name); | 2170 | debug("%s: unsupported EC curve name \"%.100s\"", __func__, name); |
| @@ -2035,8 +2180,10 @@ key_curve_nid_to_bits(int nid) | |||
| 2035 | return 256; | 2180 | return 256; |
| 2036 | case NID_secp384r1: | 2181 | case NID_secp384r1: |
| 2037 | return 384; | 2182 | return 384; |
| 2183 | # ifdef OPENSSL_HAS_NISTP521 | ||
| 2038 | case NID_secp521r1: | 2184 | case NID_secp521r1: |
| 2039 | return 521; | 2185 | return 521; |
| 2186 | # endif | ||
| 2040 | #endif | 2187 | #endif |
| 2041 | default: | 2188 | default: |
| 2042 | error("%s: unsupported EC curve nid %d", __func__, nid); | 2189 | error("%s: unsupported EC curve nid %d", __func__, nid); |
| @@ -2052,16 +2199,18 @@ key_curve_nid_to_name(int nid) | |||
| 2052 | return "nistp256"; | 2199 | return "nistp256"; |
| 2053 | else if (nid == NID_secp384r1) | 2200 | else if (nid == NID_secp384r1) |
| 2054 | return "nistp384"; | 2201 | return "nistp384"; |
| 2202 | # ifdef OPENSSL_HAS_NISTP521 | ||
| 2055 | else if (nid == NID_secp521r1) | 2203 | else if (nid == NID_secp521r1) |
| 2056 | return "nistp521"; | 2204 | return "nistp521"; |
| 2205 | # endif | ||
| 2057 | #endif | 2206 | #endif |
| 2058 | error("%s: unsupported EC curve nid %d", __func__, nid); | 2207 | error("%s: unsupported EC curve nid %d", __func__, nid); |
| 2059 | return NULL; | 2208 | return NULL; |
| 2060 | } | 2209 | } |
| 2061 | 2210 | ||
| 2062 | #ifdef OPENSSL_HAS_ECC | 2211 | #ifdef OPENSSL_HAS_ECC |
| 2063 | const EVP_MD * | 2212 | int |
| 2064 | key_ec_nid_to_evpmd(int nid) | 2213 | key_ec_nid_to_hash_alg(int nid) |
| 2065 | { | 2214 | { |
| 2066 | int kbits = key_curve_nid_to_bits(nid); | 2215 | int kbits = key_curve_nid_to_bits(nid); |
| 2067 | 2216 | ||
| @@ -2069,11 +2218,11 @@ key_ec_nid_to_evpmd(int nid) | |||
| 2069 | fatal("%s: invalid nid %d", __func__, nid); | 2218 | fatal("%s: invalid nid %d", __func__, nid); |
| 2070 | /* RFC5656 section 6.2.1 */ | 2219 | /* RFC5656 section 6.2.1 */ |
| 2071 | if (kbits <= 256) | 2220 | if (kbits <= 256) |
| 2072 | return EVP_sha256(); | 2221 | return SSH_DIGEST_SHA256; |
| 2073 | else if (kbits <= 384) | 2222 | else if (kbits <= 384) |
| 2074 | return EVP_sha384(); | 2223 | return SSH_DIGEST_SHA384; |
| 2075 | else | 2224 | else |
| 2076 | return EVP_sha512(); | 2225 | return SSH_DIGEST_SHA512; |
| 2077 | } | 2226 | } |
| 2078 | 2227 | ||
| 2079 | int | 2228 | int |
| @@ -2245,3 +2394,232 @@ key_dump_ec_key(const EC_KEY *key) | |||
| 2245 | } | 2394 | } |
| 2246 | #endif /* defined(DEBUG_KEXECDH) || defined(DEBUG_PK) */ | 2395 | #endif /* defined(DEBUG_KEXECDH) || defined(DEBUG_PK) */ |
| 2247 | #endif /* OPENSSL_HAS_ECC */ | 2396 | #endif /* OPENSSL_HAS_ECC */ |
| 2397 | |||
| 2398 | void | ||
| 2399 | key_private_serialize(const Key *key, Buffer *b) | ||
| 2400 | { | ||
| 2401 | buffer_put_cstring(b, key_ssh_name(key)); | ||
| 2402 | switch (key->type) { | ||
| 2403 | case KEY_RSA: | ||
| 2404 | buffer_put_bignum2(b, key->rsa->n); | ||
| 2405 | buffer_put_bignum2(b, key->rsa->e); | ||
| 2406 | buffer_put_bignum2(b, key->rsa->d); | ||
| 2407 | buffer_put_bignum2(b, key->rsa->iqmp); | ||
| 2408 | buffer_put_bignum2(b, key->rsa->p); | ||
| 2409 | buffer_put_bignum2(b, key->rsa->q); | ||
| 2410 | break; | ||
| 2411 | case KEY_RSA_CERT_V00: | ||
| 2412 | case KEY_RSA_CERT: | ||
| 2413 | if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) | ||
| 2414 | fatal("%s: no cert/certblob", __func__); | ||
| 2415 | buffer_put_string(b, buffer_ptr(&key->cert->certblob), | ||
| 2416 | buffer_len(&key->cert->certblob)); | ||
| 2417 | buffer_put_bignum2(b, key->rsa->d); | ||
| 2418 | buffer_put_bignum2(b, key->rsa->iqmp); | ||
| 2419 | buffer_put_bignum2(b, key->rsa->p); | ||
| 2420 | buffer_put_bignum2(b, key->rsa->q); | ||
| 2421 | break; | ||
| 2422 | case KEY_DSA: | ||
| 2423 | buffer_put_bignum2(b, key->dsa->p); | ||
| 2424 | buffer_put_bignum2(b, key->dsa->q); | ||
| 2425 | buffer_put_bignum2(b, key->dsa->g); | ||
| 2426 | buffer_put_bignum2(b, key->dsa->pub_key); | ||
| 2427 | buffer_put_bignum2(b, key->dsa->priv_key); | ||
| 2428 | break; | ||
| 2429 | case KEY_DSA_CERT_V00: | ||
| 2430 | case KEY_DSA_CERT: | ||
| 2431 | if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) | ||
| 2432 | fatal("%s: no cert/certblob", __func__); | ||
| 2433 | buffer_put_string(b, buffer_ptr(&key->cert->certblob), | ||
| 2434 | buffer_len(&key->cert->certblob)); | ||
| 2435 | buffer_put_bignum2(b, key->dsa->priv_key); | ||
| 2436 | break; | ||
| 2437 | #ifdef OPENSSL_HAS_ECC | ||
| 2438 | case KEY_ECDSA: | ||
| 2439 | buffer_put_cstring(b, key_curve_nid_to_name(key->ecdsa_nid)); | ||
| 2440 | buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa), | ||
| 2441 | EC_KEY_get0_public_key(key->ecdsa)); | ||
| 2442 | buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa)); | ||
| 2443 | break; | ||
| 2444 | case KEY_ECDSA_CERT: | ||
| 2445 | if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) | ||
| 2446 | fatal("%s: no cert/certblob", __func__); | ||
| 2447 | buffer_put_string(b, buffer_ptr(&key->cert->certblob), | ||
| 2448 | buffer_len(&key->cert->certblob)); | ||
| 2449 | buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa)); | ||
| 2450 | break; | ||
| 2451 | #endif /* OPENSSL_HAS_ECC */ | ||
| 2452 | case KEY_ED25519: | ||
| 2453 | buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ); | ||
| 2454 | buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ); | ||
| 2455 | break; | ||
| 2456 | case KEY_ED25519_CERT: | ||
| 2457 | if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0) | ||
| 2458 | fatal("%s: no cert/certblob", __func__); | ||
| 2459 | buffer_put_string(b, buffer_ptr(&key->cert->certblob), | ||
| 2460 | buffer_len(&key->cert->certblob)); | ||
| 2461 | buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ); | ||
| 2462 | buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ); | ||
| 2463 | break; | ||
| 2464 | } | ||
| 2465 | } | ||
| 2466 | |||
| 2467 | Key * | ||
| 2468 | key_private_deserialize(Buffer *blob) | ||
| 2469 | { | ||
| 2470 | char *type_name; | ||
| 2471 | Key *k = NULL; | ||
| 2472 | u_char *cert; | ||
| 2473 | u_int len, pklen, sklen; | ||
| 2474 | int type; | ||
| 2475 | #ifdef OPENSSL_HAS_ECC | ||
| 2476 | char *curve; | ||
| 2477 | BIGNUM *exponent; | ||
| 2478 | EC_POINT *q; | ||
| 2479 | #endif | ||
| 2480 | |||
| 2481 | type_name = buffer_get_string(blob, NULL); | ||
| 2482 | type = key_type_from_name(type_name); | ||
| 2483 | switch (type) { | ||
| 2484 | case KEY_DSA: | ||
| 2485 | k = key_new_private(type); | ||
| 2486 | buffer_get_bignum2(blob, k->dsa->p); | ||
| 2487 | buffer_get_bignum2(blob, k->dsa->q); | ||
| 2488 | buffer_get_bignum2(blob, k->dsa->g); | ||
| 2489 | buffer_get_bignum2(blob, k->dsa->pub_key); | ||
| 2490 | buffer_get_bignum2(blob, k->dsa->priv_key); | ||
| 2491 | break; | ||
| 2492 | case KEY_DSA_CERT_V00: | ||
| 2493 | case KEY_DSA_CERT: | ||
| 2494 | cert = buffer_get_string(blob, &len); | ||
| 2495 | if ((k = key_from_blob(cert, len)) == NULL) | ||
| 2496 | fatal("Certificate parse failed"); | ||
| 2497 | free(cert); | ||
| 2498 | key_add_private(k); | ||
| 2499 | buffer_get_bignum2(blob, k->dsa->priv_key); | ||
| 2500 | break; | ||
| 2501 | #ifdef OPENSSL_HAS_ECC | ||
| 2502 | case KEY_ECDSA: | ||
| 2503 | k = key_new_private(type); | ||
| 2504 | k->ecdsa_nid = key_ecdsa_nid_from_name(type_name); | ||
| 2505 | curve = buffer_get_string(blob, NULL); | ||
| 2506 | if (k->ecdsa_nid != key_curve_name_to_nid(curve)) | ||
| 2507 | fatal("%s: curve names mismatch", __func__); | ||
| 2508 | free(curve); | ||
| 2509 | k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); | ||
| 2510 | if (k->ecdsa == NULL) | ||
| 2511 | fatal("%s: EC_KEY_new_by_curve_name failed", | ||
| 2512 | __func__); | ||
| 2513 | q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa)); | ||
| 2514 | if (q == NULL) | ||
| 2515 | fatal("%s: BN_new failed", __func__); | ||
| 2516 | if ((exponent = BN_new()) == NULL) | ||
| 2517 | fatal("%s: BN_new failed", __func__); | ||
| 2518 | buffer_get_ecpoint(blob, | ||
| 2519 | EC_KEY_get0_group(k->ecdsa), q); | ||
| 2520 | buffer_get_bignum2(blob, exponent); | ||
| 2521 | if (EC_KEY_set_public_key(k->ecdsa, q) != 1) | ||
| 2522 | fatal("%s: EC_KEY_set_public_key failed", | ||
| 2523 | __func__); | ||
| 2524 | if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) | ||
| 2525 | fatal("%s: EC_KEY_set_private_key failed", | ||
| 2526 | __func__); | ||
| 2527 | if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), | ||
| 2528 | EC_KEY_get0_public_key(k->ecdsa)) != 0) | ||
| 2529 | fatal("%s: bad ECDSA public key", __func__); | ||
| 2530 | if (key_ec_validate_private(k->ecdsa) != 0) | ||
| 2531 | fatal("%s: bad ECDSA private key", __func__); | ||
| 2532 | BN_clear_free(exponent); | ||
| 2533 | EC_POINT_free(q); | ||
| 2534 | break; | ||
| 2535 | case KEY_ECDSA_CERT: | ||
| 2536 | cert = buffer_get_string(blob, &len); | ||
| 2537 | if ((k = key_from_blob(cert, len)) == NULL) | ||
| 2538 | fatal("Certificate parse failed"); | ||
| 2539 | free(cert); | ||
| 2540 | key_add_private(k); | ||
| 2541 | if ((exponent = BN_new()) == NULL) | ||
| 2542 | fatal("%s: BN_new failed", __func__); | ||
| 2543 | buffer_get_bignum2(blob, exponent); | ||
| 2544 | if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) | ||
| 2545 | fatal("%s: EC_KEY_set_private_key failed", | ||
| 2546 | __func__); | ||
| 2547 | if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), | ||
| 2548 | EC_KEY_get0_public_key(k->ecdsa)) != 0 || | ||
| 2549 | key_ec_validate_private(k->ecdsa) != 0) | ||
| 2550 | fatal("%s: bad ECDSA key", __func__); | ||
| 2551 | BN_clear_free(exponent); | ||
| 2552 | break; | ||
| 2553 | #endif | ||
| 2554 | case KEY_RSA: | ||
| 2555 | k = key_new_private(type); | ||
| 2556 | buffer_get_bignum2(blob, k->rsa->n); | ||
| 2557 | buffer_get_bignum2(blob, k->rsa->e); | ||
| 2558 | buffer_get_bignum2(blob, k->rsa->d); | ||
| 2559 | buffer_get_bignum2(blob, k->rsa->iqmp); | ||
| 2560 | buffer_get_bignum2(blob, k->rsa->p); | ||
| 2561 | buffer_get_bignum2(blob, k->rsa->q); | ||
| 2562 | |||
| 2563 | /* Generate additional parameters */ | ||
| 2564 | rsa_generate_additional_parameters(k->rsa); | ||
| 2565 | break; | ||
| 2566 | case KEY_RSA_CERT_V00: | ||
| 2567 | case KEY_RSA_CERT: | ||
| 2568 | cert = buffer_get_string(blob, &len); | ||
| 2569 | if ((k = key_from_blob(cert, len)) == NULL) | ||
| 2570 | fatal("Certificate parse failed"); | ||
| 2571 | free(cert); | ||
| 2572 | key_add_private(k); | ||
| 2573 | buffer_get_bignum2(blob, k->rsa->d); | ||
| 2574 | buffer_get_bignum2(blob, k->rsa->iqmp); | ||
| 2575 | buffer_get_bignum2(blob, k->rsa->p); | ||
| 2576 | buffer_get_bignum2(blob, k->rsa->q); | ||
| 2577 | break; | ||
| 2578 | case KEY_ED25519: | ||
| 2579 | k = key_new_private(type); | ||
| 2580 | k->ed25519_pk = buffer_get_string(blob, &pklen); | ||
| 2581 | k->ed25519_sk = buffer_get_string(blob, &sklen); | ||
| 2582 | if (pklen != ED25519_PK_SZ) | ||
| 2583 | fatal("%s: ed25519 pklen %d != %d", | ||
| 2584 | __func__, pklen, ED25519_PK_SZ); | ||
| 2585 | if (sklen != ED25519_SK_SZ) | ||
| 2586 | fatal("%s: ed25519 sklen %d != %d", | ||
| 2587 | __func__, sklen, ED25519_SK_SZ); | ||
| 2588 | break; | ||
| 2589 | case KEY_ED25519_CERT: | ||
| 2590 | cert = buffer_get_string(blob, &len); | ||
| 2591 | if ((k = key_from_blob(cert, len)) == NULL) | ||
| 2592 | fatal("Certificate parse failed"); | ||
| 2593 | free(cert); | ||
| 2594 | key_add_private(k); | ||
| 2595 | k->ed25519_pk = buffer_get_string(blob, &pklen); | ||
| 2596 | k->ed25519_sk = buffer_get_string(blob, &sklen); | ||
| 2597 | if (pklen != ED25519_PK_SZ) | ||
| 2598 | fatal("%s: ed25519 pklen %d != %d", | ||
| 2599 | __func__, pklen, ED25519_PK_SZ); | ||
| 2600 | if (sklen != ED25519_SK_SZ) | ||
| 2601 | fatal("%s: ed25519 sklen %d != %d", | ||
| 2602 | __func__, sklen, ED25519_SK_SZ); | ||
| 2603 | break; | ||
| 2604 | default: | ||
| 2605 | free(type_name); | ||
| 2606 | buffer_clear(blob); | ||
| 2607 | return NULL; | ||
| 2608 | } | ||
| 2609 | free(type_name); | ||
| 2610 | |||
| 2611 | /* enable blinding */ | ||
| 2612 | switch (k->type) { | ||
| 2613 | case KEY_RSA: | ||
| 2614 | case KEY_RSA_CERT_V00: | ||
| 2615 | case KEY_RSA_CERT: | ||
| 2616 | case KEY_RSA1: | ||
| 2617 | if (RSA_blinding_on(k->rsa, NULL) != 1) { | ||
| 2618 | error("%s: RSA_blinding_on failed", __func__); | ||
| 2619 | key_free(k); | ||
| 2620 | return NULL; | ||
| 2621 | } | ||
| 2622 | break; | ||
| 2623 | } | ||
| 2624 | return k; | ||
| 2625 | } | ||