ports/libssh
ports/libssh
1
1
Форкнуть 0
Код Релизы 1 Активность
libssh/src/pki_crypto.c
Jakub Jelen 39102224b2 pki: Allow reading keys in new OpenSSH format 
This implements reading the OpenSSH key format accross the
cryptographic backends. Most of the code is shared and moved
to pki.c, just the building of the keys is implemented in
pki_privkey_build_*() functions.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-09-18 09:53:49 +02:00

2021 строка
55 KiB
C
Исходник Ответственный История

/*
* pki_crypto.c - PKI infrastructure using OpenSSL
*
* This file is part of the SSH Library
*
* Copyright (c) 2003-2009 by Aris Adamantiadis
* Copyright (c) 2009-2013 by Andreas Schneider <asn@cryptomilk.org>
*
* The SSH Library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The SSH Library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the SSH Library; see the file COPYING. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#ifndef _PKI_CRYPTO_H
#define _PKI_CRYPTO_H
#include "config.h"
#include "libssh/priv.h"
#include <openssl/pem.h>
#include <openssl/dsa.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include "libcrypto-compat.h"
#ifdef HAVE_OPENSSL_EC_H
#include <openssl/ec.h>
#endif
#ifdef HAVE_OPENSSL_ECDSA_H
#include <openssl/ecdsa.h>
#endif
#include "libssh/libssh.h"
#include "libssh/buffer.h"
#include "libssh/session.h"
#include "libssh/pki.h"
#include "libssh/pki_priv.h"
#include "libssh/bignum.h"
struct pem_get_password_struct {
ssh_auth_callback fn;
void *data;
};
static int pem_get_password(char *buf, int size, int rwflag, void *userdata) {
struct pem_get_password_struct *pgp = userdata;
(void) rwflag; /* unused */
if (buf == NULL) {
return 0;
}
memset(buf, '\0', size);
if (pgp) {
int rc;
rc = pgp->fn("Passphrase for private key:",
buf, size, 0, 0,
pgp->data);
if (rc == 0) {
return strlen(buf);
}
}
return 0;
}
#ifdef HAVE_OPENSSL_ECC
static int pki_key_ecdsa_to_nid(EC_KEY *k)
{
const EC_GROUP *g = EC_KEY_get0_group(k);
int nid;
nid = EC_GROUP_get_curve_name(g);
if (nid) {
return nid;
}
return -1;
}
const char *pki_key_ecdsa_nid_to_name(int nid)
{
switch (nid) {
case NID_X9_62_prime256v1:
return "ecdsa-sha2-nistp256";
case NID_secp384r1:
return "ecdsa-sha2-nistp384";
case NID_secp521r1:
return "ecdsa-sha2-nistp521";
default:
break;
}
return "unknown";
}
static const char *pki_key_ecdsa_nid_to_char(int nid)
{
switch (nid) {
case NID_X9_62_prime256v1:
return "nistp256";
case NID_secp384r1:
return "nistp384";
case NID_secp521r1:
return "nistp521";
default:
break;
}
return "unknown";
}
int pki_key_ecdsa_nid_from_name(const char *name)
{
if (strcmp(name, "nistp256") == 0) {
return NID_X9_62_prime256v1;
} else if (strcmp(name, "nistp384") == 0) {
return NID_secp384r1;
} else if (strcmp(name, "nistp521") == 0) {
return NID_secp521r1;
}
return -1;
}
static ssh_string make_ecpoint_string(const EC_GROUP *g,
const EC_POINT *p)
{
ssh_string s;
size_t len;
len = EC_POINT_point2oct(g,
p,
POINT_CONVERSION_UNCOMPRESSED,
NULL,
0,
NULL);
if (len == 0) {
return NULL;
}
s = ssh_string_new(len);
if (s == NULL) {
return NULL;
}
len = EC_POINT_point2oct(g,
p,
POINT_CONVERSION_UNCOMPRESSED,
ssh_string_data(s),
ssh_string_len(s),
NULL);
if (len != ssh_string_len(s)) {
ssh_string_free(s);
return NULL;
}
return s;
}
int pki_privkey_build_ecdsa(ssh_key key, int nid, ssh_string e, ssh_string exp)
{
EC_POINT *p = NULL;
const EC_GROUP *g = NULL;
int ok;
BIGNUM *bexp = NULL;
key->ecdsa_nid = nid;
key->type_c = pki_key_ecdsa_nid_to_name(nid);
key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid);
if (key->ecdsa == NULL) {
return -1;
}
g = EC_KEY_get0_group(key->ecdsa);
p = EC_POINT_new(g);
if (p == NULL) {
return -1;
}
ok = EC_POINT_oct2point(g,
p,
ssh_string_data(e),
ssh_string_len(e),
NULL);
if (!ok) {
EC_POINT_free(p);
return -1;
}
/* EC_KEY_set_public_key duplicates p */
ok = EC_KEY_set_public_key(key->ecdsa, p);
EC_POINT_free(p);
if (!ok) {
return -1;
}
bexp = ssh_make_string_bn(exp);
if (bexp == NULL) {
EC_KEY_free(key->ecdsa);
return -1;
}
/* EC_KEY_set_private_key duplicates exp */
ok = EC_KEY_set_private_key(key->ecdsa, bexp);
BN_free(bexp);
if (!ok) {
EC_KEY_free(key->ecdsa);
return -1;
}
return 0;
}
int pki_pubkey_build_ecdsa(ssh_key key, int nid, ssh_string e)
{
EC_POINT *p = NULL;
const EC_GROUP *g = NULL;
int ok;
key->ecdsa_nid = nid;
key->type_c = pki_key_ecdsa_nid_to_name(nid);
key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid);
if (key->ecdsa == NULL) {
return -1;
}
g = EC_KEY_get0_group(key->ecdsa);
p = EC_POINT_new(g);
if (p == NULL) {
return -1;
}
ok = EC_POINT_oct2point(g,
p,
ssh_string_data(e),
ssh_string_len(e),
NULL);
if (!ok) {
EC_POINT_free(p);
return -1;
}
/* EC_KEY_set_public_key duplicates p */
ok = EC_KEY_set_public_key(key->ecdsa, p);
EC_POINT_free(p);
if (!ok) {
return -1;
}
return 0;
}
#endif
ssh_key pki_key_dup(const ssh_key key, int demote)
{
ssh_key new;
int rc;
new = ssh_key_new();
if (new == NULL) {
return NULL;
}
new->type = key->type;
new->type_c = key->type_c;
if (demote) {
new->flags = SSH_KEY_FLAG_PUBLIC;
} else {
new->flags = key->flags;
}
switch (key->type) {
case SSH_KEYTYPE_DSS: {
const BIGNUM *p = NULL, *q = NULL, *g = NULL,
*pub_key = NULL, *priv_key = NULL;
BIGNUM *np, *nq, *ng, *npub_key, *npriv_key;
new->dsa = DSA_new();
if (new->dsa == NULL) {
goto fail;
}
/*
* p = public prime number
* q = public 160-bit subprime, q | p-1
* g = public generator of subgroup
* pub_key = public key y = g^x
* priv_key = private key x
*/
DSA_get0_pqg(key->dsa, &p, &q, &g);
np = BN_dup(p);
nq = BN_dup(q);
ng = BN_dup(g);
if (np == NULL || nq == NULL || ng == NULL) {
BN_free(np);
BN_free(nq);
BN_free(ng);
goto fail;
}
/* Memory management of np, nq and ng is transfered to DSA object */
rc = DSA_set0_pqg(new->dsa, np, nq, ng);
if (rc == 0) {
BN_free(np);
BN_free(nq);
BN_free(ng);
goto fail;
}
DSA_get0_key(key->dsa, &pub_key, &priv_key);
npub_key = BN_dup(pub_key);
if (npub_key == NULL) {
goto fail;
}
/* Memory management of npubkey is transfered to DSA object */
rc = DSA_set0_key(new->dsa, npub_key, NULL);
if (rc == 0) {
goto fail;
}
if (!demote && (key->flags & SSH_KEY_FLAG_PRIVATE)) {
npriv_key = BN_dup(priv_key);
if (npriv_key == NULL) {
goto fail;
}
/* Memory management of npriv_key is transfered to DSA object */
rc = DSA_set0_key(new->dsa, NULL, npriv_key);
if (rc == 0) {
goto fail;
}
}
break;
}
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1: {
const BIGNUM *n = NULL, *e = NULL, *d = NULL;
BIGNUM *nn, *ne, *nd;
new->rsa = RSA_new();
if (new->rsa == NULL) {
goto fail;
}
/*
* n = public modulus
* e = public exponent
* d = private exponent
* p = secret prime factor
* q = secret prime factor
* dmp1 = d mod (p-1)
* dmq1 = d mod (q-1)
* iqmp = q^-1 mod p
*/
RSA_get0_key(key->rsa, &n, &e, &d);
nn = BN_dup(n);
ne = BN_dup(e);
if (nn == NULL || ne == NULL) {
BN_free(nn);
BN_free(ne);
goto fail;
}
/* Memory management of nn and ne is transfered to RSA object */
rc = RSA_set0_key(new->rsa, nn, ne, NULL);
if (rc == 0) {
BN_free(nn);
BN_free(ne);
goto fail;
}
if (!demote && (key->flags & SSH_KEY_FLAG_PRIVATE)) {
const BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL,
*dmq1 = NULL, *iqmp = NULL;
BIGNUM *np, *nq, *ndmp1, *ndmq1, *niqmp;
nd = BN_dup(d);
if (nd == NULL) {
goto fail;
}
/* Memory management of nd is transfered to RSA object */
rc = RSA_set0_key(new->rsa, NULL, NULL, nd);
if (rc == 0) {
goto fail;
}
/* p, q, dmp1, dmq1 and iqmp may be NULL in private keys, but the
* RSA operations are much faster when these values are available.
*/
RSA_get0_factors(key->rsa, &p, &q);
if (p != NULL && q != NULL) { /* need to set both of them */
np = BN_dup(p);
nq = BN_dup(q);
if (np == NULL || nq == NULL) {
BN_free(np);
BN_free(nq);
goto fail;
}
/* Memory management of np and nq is transfered to RSA object */
rc = RSA_set0_factors(new->rsa, np, nq);
if (rc == 0) {
BN_free(np);
BN_free(nq);
goto fail;
}
}
RSA_get0_crt_params(key->rsa, &dmp1, &dmq1, &iqmp);
if (dmp1 != NULL || dmq1 != NULL || iqmp != NULL) {
ndmp1 = BN_dup(dmp1);
ndmq1 = BN_dup(dmq1);
niqmp = BN_dup(iqmp);
if (ndmp1 == NULL || ndmq1 == NULL || niqmp == NULL) {
BN_free(ndmp1);
BN_free(ndmq1);
BN_free(niqmp);
goto fail;
}
/* Memory management of ndmp1, ndmq1 and niqmp is transfered
* to RSA object */
rc = RSA_set0_crt_params(new->rsa, ndmp1, ndmq1, niqmp);
if (rc == 0) {
BN_free(ndmp1);
BN_free(ndmq1);
BN_free(niqmp);
goto fail;
}
}
}
break;
}
case SSH_KEYTYPE_ECDSA:
#ifdef HAVE_OPENSSL_ECC
new->ecdsa_nid = key->ecdsa_nid;
/* privkey -> pubkey */
if (demote && ssh_key_is_private(key)) {
const EC_POINT *p;
int ok;
new->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid);
if (new->ecdsa == NULL) {
goto fail;
}
p = EC_KEY_get0_public_key(key->ecdsa);
if (p == NULL) {
goto fail;
}
ok = EC_KEY_set_public_key(new->ecdsa, p);
if (!ok) {
goto fail;
}
} else {
new->ecdsa = EC_KEY_dup(key->ecdsa);
}
break;
#endif
case SSH_KEYTYPE_ED25519:
rc = pki_ed25519_key_dup(new, key);
if (rc != SSH_OK) {
goto fail;
}
break;
case SSH_KEYTYPE_UNKNOWN:
default:
ssh_key_free(new);
return NULL;
}
return new;
fail:
ssh_key_free(new);
return NULL;
}
int pki_key_generate_rsa(ssh_key key, int parameter){
BIGNUM *e;
int rc;
e = BN_new();
key->rsa = RSA_new();
BN_set_word(e, 65537);
rc = RSA_generate_key_ex(key->rsa, parameter, e, NULL);
BN_free(e);
if (rc == -1 || key->rsa == NULL)
return SSH_ERROR;
return SSH_OK;
}
int pki_key_generate_dss(ssh_key key, int parameter){
int rc;
#if OPENSSL_VERSION_NUMBER > 0x10100000L
key->dsa = DSA_new();
if (key->dsa == NULL) {
return SSH_ERROR;
}
rc = DSA_generate_parameters_ex(key->dsa,
parameter,
NULL, /* seed */
0, /* seed_len */
NULL, /* counter_ret */
NULL, /* h_ret */
NULL); /* cb */
if (rc != 1) {
DSA_free(key->dsa);
key->dsa = NULL;
return SSH_ERROR;
}
#else
key->dsa = DSA_generate_parameters(parameter, NULL, 0, NULL, NULL,
NULL, NULL);
if(key->dsa == NULL){
return SSH_ERROR;
}
#endif
rc = DSA_generate_key(key->dsa);
if (rc != 1){
DSA_free(key->dsa);
key->dsa=NULL;
return SSH_ERROR;
}
return SSH_OK;
}
#ifdef HAVE_OPENSSL_ECC
int pki_key_generate_ecdsa(ssh_key key, int parameter) {
int nid;
int ok;
switch (parameter) {
case 384:
nid = NID_secp384r1;
break;
case 512:
nid = NID_secp521r1;
break;
case 256:
default:
nid = NID_X9_62_prime256v1;
}
key->ecdsa_nid = nid;
key->type = SSH_KEYTYPE_ECDSA;
key->type_c = pki_key_ecdsa_nid_to_name(nid);
key->ecdsa = EC_KEY_new_by_curve_name(nid);
if (key->ecdsa == NULL) {
return SSH_ERROR;
}
ok = EC_KEY_generate_key(key->ecdsa);
if (!ok) {
EC_KEY_free(key->ecdsa);
return SSH_ERROR;
}
EC_KEY_set_asn1_flag(key->ecdsa, OPENSSL_EC_NAMED_CURVE);
return SSH_OK;
}
#endif
int pki_key_compare(const ssh_key k1,
const ssh_key k2,
enum ssh_keycmp_e what)
{
switch (k1->type) {
case SSH_KEYTYPE_DSS: {
const BIGNUM *p1, *p2, *q1, *q2, *g1, *g2,
*pub_key1, *pub_key2, *priv_key1, *priv_key2;
if (DSA_size(k1->dsa) != DSA_size(k2->dsa)) {
return 1;
}
DSA_get0_pqg(k1->dsa, &p1, &q1, &g1);
DSA_get0_pqg(k2->dsa, &p2, &q2, &g2);
if (bignum_cmp(p1, p2) != 0) {
return 1;
}
if (bignum_cmp(q1, q2) != 0) {
return 1;
}
if (bignum_cmp(g1, g2) != 0) {
return 1;
}
DSA_get0_key(k1->dsa, &pub_key1, &priv_key1);
DSA_get0_key(k2->dsa, &pub_key2, &priv_key2);
if (bignum_cmp(pub_key1, pub_key2) != 0) {
return 1;
}
if (what == SSH_KEY_CMP_PRIVATE) {
if (bignum_cmp(priv_key1, priv_key2) != 0) {
return 1;
}
}
break;
}
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1: {
const BIGNUM *e1, *e2, *n1, *n2, *p1, *p2, *q1, *q2;
if (RSA_size(k1->rsa) != RSA_size(k2->rsa)) {
return 1;
}
RSA_get0_key(k1->rsa, &n1, &e1, NULL);
RSA_get0_key(k2->rsa, &n2, &e2, NULL);
if (bignum_cmp(e1, e2) != 0) {
return 1;
}
if (bignum_cmp(n1, n2) != 0) {
return 1;
}
if (what == SSH_KEY_CMP_PRIVATE) {
RSA_get0_factors(k1->rsa, &p1, &q1);
RSA_get0_factors(k2->rsa, &p2, &q2);
if (bignum_cmp(p1, p2) != 0) {
return 1;
}
if (bignum_cmp(q1, q2) != 0) {
return 1;
}
}
break;
}
case SSH_KEYTYPE_ECDSA:
#ifdef HAVE_OPENSSL_ECC
{
const EC_POINT *p1 = EC_KEY_get0_public_key(k1->ecdsa);
const EC_POINT *p2 = EC_KEY_get0_public_key(k2->ecdsa);
const EC_GROUP *g1 = EC_KEY_get0_group(k1->ecdsa);
const EC_GROUP *g2 = EC_KEY_get0_group(k2->ecdsa);
if (p1 == NULL || p2 == NULL) {
return 1;
}
if (EC_GROUP_cmp(g1, g2, NULL) != 0) {
return 1;
}
if (EC_POINT_cmp(g1, p1, p2, NULL) != 0) {
return 1;
}
if (what == SSH_KEY_CMP_PRIVATE) {
if (bignum_cmp(EC_KEY_get0_private_key(k1->ecdsa),
EC_KEY_get0_private_key(k2->ecdsa))) {
return 1;
}
}
break;
}
#endif
case SSH_KEYTYPE_ED25519:
/* ed25519 keys handled globaly */
case SSH_KEYTYPE_UNKNOWN:
default:
return 1;
}
return 0;
}
ssh_string pki_private_key_to_pem(const ssh_key key,
const char *passphrase,
ssh_auth_callback auth_fn,
void *auth_data)
{
ssh_string blob;
BUF_MEM *buf;
BIO *mem;
int rc;
mem = BIO_new(BIO_s_mem());
if (mem == NULL) {
return NULL;
}
switch (key->type) {
case SSH_KEYTYPE_DSS:
if (passphrase == NULL) {
struct pem_get_password_struct pgp = { auth_fn, auth_data };
rc = PEM_write_bio_DSAPrivateKey(mem,
key->dsa,
NULL, /* cipher */
NULL, /* kstr */
0, /* klen */
pem_get_password,
&pgp);
} else {
rc = PEM_write_bio_DSAPrivateKey(mem,
key->dsa,
EVP_aes_128_cbc(),
NULL, /* kstr */
0, /* klen */
NULL, /* auth_fn */
(void*) passphrase);
}
if (rc != 1) {
goto err;
}
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
if (passphrase == NULL) {
struct pem_get_password_struct pgp = { auth_fn, auth_data };
rc = PEM_write_bio_RSAPrivateKey(mem,
key->rsa,
NULL, /* cipher */
NULL, /* kstr */
0, /* klen */
pem_get_password,
&pgp);
} else {
rc = PEM_write_bio_RSAPrivateKey(mem,
key->rsa,
EVP_aes_128_cbc(),
NULL, /* kstr */
0, /* klen */
NULL, /* auth_fn */
(void*) passphrase);
}
if (rc != 1) {
goto err;
}
break;
#ifdef HAVE_ECC
case SSH_KEYTYPE_ECDSA:
if (passphrase == NULL) {
struct pem_get_password_struct pgp = { auth_fn, auth_data };
rc = PEM_write_bio_ECPrivateKey(mem,
key->ecdsa,
NULL, /* cipher */
NULL, /* kstr */
0, /* klen */
pem_get_password,
&pgp);
} else {
rc = PEM_write_bio_ECPrivateKey(mem,
key->ecdsa,
EVP_aes_128_cbc(),
NULL, /* kstr */
0, /* klen */
NULL, /* auth_fn */
(void*) passphrase);
}
if (rc != 1) {
goto err;
}
break;
#endif
case SSH_KEYTYPE_ED25519:
BIO_free(mem);
SSH_LOG(SSH_LOG_WARN, "PEM output not supported for key type ssh-ed25519");
return NULL;
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_UNKNOWN:
default:
BIO_free(mem);
SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", key->type);
return NULL;
}
BIO_get_mem_ptr(mem, &buf);
blob = ssh_string_new(buf->length);
if (blob == NULL) {
goto err;
}
ssh_string_fill(blob, buf->data, buf->length);
BIO_free(mem);
return blob;
err:
BIO_free(mem);
return NULL;
}
ssh_key pki_private_key_from_base64(const char *b64_key,
const char *passphrase,
ssh_auth_callback auth_fn,
void *auth_data) {
BIO *mem = NULL;
DSA *dsa = NULL;
RSA *rsa = NULL;
ed25519_privkey *ed25519 = NULL;
ssh_key key;
enum ssh_keytypes_e type;
#ifdef HAVE_OPENSSL_ECC
EC_KEY *ecdsa = NULL;
#else
void *ecdsa = NULL;
#endif
type = pki_privatekey_type_from_string(b64_key);
if (type == SSH_KEYTYPE_UNKNOWN) {
SSH_LOG(SSH_LOG_WARN, "Unknown or invalid private key.");
return NULL;
}
mem = BIO_new_mem_buf((void*)b64_key, -1);
switch (type) {
case SSH_KEYTYPE_DSS:
if (passphrase == NULL) {
if (auth_fn) {
struct pem_get_password_struct pgp = { auth_fn, auth_data };
dsa = PEM_read_bio_DSAPrivateKey(mem, NULL, pem_get_password, &pgp);
} else {
/* openssl uses its own callback to get the passphrase here */
dsa = PEM_read_bio_DSAPrivateKey(mem, NULL, NULL, NULL);
}
} else {
dsa = PEM_read_bio_DSAPrivateKey(mem, NULL, NULL, (void *) passphrase);
}
BIO_free(mem);
if (dsa == NULL) {
SSH_LOG(SSH_LOG_WARN,
"Parsing private key: %s",
ERR_error_string(ERR_get_error(), NULL));
return NULL;
}
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
if (passphrase == NULL) {
if (auth_fn) {
struct pem_get_password_struct pgp = { auth_fn, auth_data };
rsa = PEM_read_bio_RSAPrivateKey(mem, NULL, pem_get_password, &pgp);
} else {
/* openssl uses its own callback to get the passphrase here */
rsa = PEM_read_bio_RSAPrivateKey(mem, NULL, NULL, NULL);
}
} else {
rsa = PEM_read_bio_RSAPrivateKey(mem, NULL, NULL, (void *) passphrase);
}
BIO_free(mem);
if (rsa == NULL) {
SSH_LOG(SSH_LOG_WARN,
"Parsing private key: %s",
ERR_error_string(ERR_get_error(),NULL));
return NULL;
}
break;
case SSH_KEYTYPE_ECDSA:
#ifdef HAVE_OPENSSL_ECC
if (passphrase == NULL) {
if (auth_fn) {
struct pem_get_password_struct pgp = { auth_fn, auth_data };
ecdsa = PEM_read_bio_ECPrivateKey(mem, NULL, pem_get_password, &pgp);
} else {
/* openssl uses its own callback to get the passphrase here */
ecdsa = PEM_read_bio_ECPrivateKey(mem, NULL, NULL, NULL);
}
} else {
ecdsa = PEM_read_bio_ECPrivateKey(mem, NULL, NULL, (void *) passphrase);
}
BIO_free(mem);
if (ecdsa == NULL) {
SSH_LOG(SSH_LOG_WARN,
"Parsing private key: %s",
ERR_error_string(ERR_get_error(), NULL));
return NULL;
}
break;
#endif
case SSH_KEYTYPE_ED25519:
/* Cannot open ed25519 keys with libcrypto */
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_UNKNOWN:
BIO_free(mem);
SSH_LOG(SSH_LOG_WARN, "Unkown or invalid private key type %d", type);
return NULL;
}
key = ssh_key_new();
if (key == NULL) {
goto fail;
}
key->type = type;
key->type_c = ssh_key_type_to_char(type);
key->flags = SSH_KEY_FLAG_PRIVATE | SSH_KEY_FLAG_PUBLIC;
key->dsa = dsa;
key->rsa = rsa;
key->ecdsa = ecdsa;
key->ed25519_privkey = ed25519;
#ifdef HAVE_OPENSSL_ECC
if (key->type == SSH_KEYTYPE_ECDSA) {
key->ecdsa_nid = pki_key_ecdsa_to_nid(key->ecdsa);
key->type_c = pki_key_ecdsa_nid_to_name(key->ecdsa_nid);
}
#endif
return key;
fail:
ssh_key_free(key);
DSA_free(dsa);
RSA_free(rsa);
#ifdef HAVE_OPENSSL_ECC
EC_KEY_free(ecdsa);
#endif
return NULL;
}
int pki_privkey_build_dss(ssh_key key,
ssh_string p,
ssh_string q,
ssh_string g,
ssh_string pubkey,
ssh_string privkey)
{
int rc;
BIGNUM *bp, *bq, *bg, *bpub_key, *bpriv_key;
key->dsa = DSA_new();
if (key->dsa == NULL) {
return SSH_ERROR;
}
bp = ssh_make_string_bn(p);
bq = ssh_make_string_bn(q);
bg = ssh_make_string_bn(g);
bpub_key = ssh_make_string_bn(pubkey);
bpriv_key = ssh_make_string_bn(privkey);
if (bp == NULL || bq == NULL ||
bg == NULL || bpub_key == NULL) {
goto fail;
}
/* Memory management of bp, qq and bg is transfered to DSA object */
rc = DSA_set0_pqg(key->dsa, bp, bq, bg);
if (rc == 0) {
goto fail;
}
/* Memory management of bpub_key and bpriv_key is transfered to DSA object */
rc = DSA_set0_key(key->dsa, bpub_key, bpriv_key);
if (rc == 0) {
goto fail;
}
return SSH_OK;
fail:
DSA_free(key->dsa);
return SSH_ERROR;
}
int pki_pubkey_build_dss(ssh_key key,
ssh_string p,
ssh_string q,
ssh_string g,
ssh_string pubkey) {
int rc;
BIGNUM *bp = NULL, *bq = NULL, *bg = NULL, *bpub_key = NULL;
key->dsa = DSA_new();
if (key->dsa == NULL) {
return SSH_ERROR;
}
bp = ssh_make_string_bn(p);
bq = ssh_make_string_bn(q);
bg = ssh_make_string_bn(g);
bpub_key = ssh_make_string_bn(pubkey);
if (bp == NULL || bq == NULL ||
bg == NULL || bpub_key == NULL) {
goto fail;
}
/* Memory management of bp, bq and bg is transfered to DSA object */
rc = DSA_set0_pqg(key->dsa, bp, bq, bg);
if (rc == 0) {
goto fail;
}
/* Memory management of npub_key is transfered to DSA object */
rc = DSA_set0_key(key->dsa, bpub_key, NULL);
if (rc == 0) {
goto fail;
}
return SSH_OK;
fail:
DSA_free(key->dsa);
return SSH_ERROR;
}
int pki_privkey_build_rsa(ssh_key key,
ssh_string n,
ssh_string e,
ssh_string d,
ssh_string iqmp,
ssh_string p,
ssh_string q)
{
int rc;
BIGNUM *be, *bn, *bd/*, *biqmp*/, *bp, *bq;
key->rsa = RSA_new();
if (key->rsa == NULL) {
return SSH_ERROR;
}
bn = ssh_make_string_bn(n);
be = ssh_make_string_bn(e);
bd = ssh_make_string_bn(d);
/*biqmp = ssh_make_string_bn(iqmp);*/
bp = ssh_make_string_bn(p);
bq = ssh_make_string_bn(q);
if (be == NULL || bn == NULL || bd == NULL ||
/*biqmp == NULL ||*/ bp == NULL || bq == NULL) {
goto fail;
}
/* Memory management of be, bn and bd is transfered to RSA object */
rc = RSA_set0_key(key->rsa, bn, be, bd);
if (rc == 0) {
goto fail;
}
/* Memory management of bp and bq is transfered to RSA object */
rc = RSA_set0_factors(key->rsa, bp, bq);
if (rc == 0) {
goto fail;
}
/* p, q, dmp1, dmq1 and iqmp may be NULL in private keys, but the RSA
* operations are much faster when these values are available.
* https://www.openssl.org/docs/man1.0.2/crypto/rsa.html
*/
/* RSA_set0_crt_params(key->rsa, biqmp, NULL, NULL);
TODO calculate missing crt_params */
return SSH_OK;
fail:
RSA_free(key->rsa);
return SSH_ERROR;
}
int pki_pubkey_build_rsa(ssh_key key,
ssh_string e,
ssh_string n) {
int rc;
BIGNUM *be = NULL, *bn = NULL;
key->rsa = RSA_new();
if (key->rsa == NULL) {
return SSH_ERROR;
}
be = ssh_make_string_bn(e);
bn = ssh_make_string_bn(n);
if (be == NULL || bn == NULL) {
goto fail;
}
/* Memory management of bn and be is transfered to RSA object */
rc = RSA_set0_key(key->rsa, bn, be, NULL);
if (rc == 0) {
goto fail;
}
return SSH_OK;
fail:
RSA_free(key->rsa);
return SSH_ERROR;
}
ssh_string pki_publickey_to_blob(const ssh_key key)
{
ssh_buffer buffer;
ssh_string type_s;
ssh_string str = NULL;
ssh_string e = NULL;
ssh_string n = NULL;
ssh_string p = NULL;
ssh_string g = NULL;
ssh_string q = NULL;
int rc;
buffer = ssh_buffer_new();
if (buffer == NULL) {
return NULL;
}
if (key->cert != NULL) {
rc = ssh_buffer_add_buffer(buffer, key->cert);
if (rc < 0) {
ssh_buffer_free(buffer);
return NULL;
}
goto makestring;
}
type_s = ssh_string_from_char(key->type_c);
if (type_s == NULL) {
ssh_buffer_free(buffer);
return NULL;
}
rc = ssh_buffer_add_ssh_string(buffer, type_s);
ssh_string_free(type_s);
if (rc < 0) {
ssh_buffer_free(buffer);
return NULL;
}
switch (key->type) {
case SSH_KEYTYPE_DSS: {
const BIGNUM *bp, *bq, *bg, *bpub_key;
DSA_get0_pqg(key->dsa, &bp, &bq, &bg);
p = ssh_make_bignum_string((BIGNUM *)bp);
if (p == NULL) {
goto fail;
}
q = ssh_make_bignum_string((BIGNUM *)bq);
if (q == NULL) {
goto fail;
}
g = ssh_make_bignum_string((BIGNUM *)bg);
if (g == NULL) {
goto fail;
}
DSA_get0_key(key->dsa, &bpub_key, NULL);
n = ssh_make_bignum_string((BIGNUM *)bpub_key);
if (n == NULL) {
goto fail;
}
if (ssh_buffer_add_ssh_string(buffer, p) < 0) {
goto fail;
}
if (ssh_buffer_add_ssh_string(buffer, q) < 0) {
goto fail;
}
if (ssh_buffer_add_ssh_string(buffer, g) < 0) {
goto fail;
}
if (ssh_buffer_add_ssh_string(buffer, n) < 0) {
goto fail;
}
ssh_string_burn(p);
ssh_string_free(p);
p = NULL;
ssh_string_burn(g);
ssh_string_free(g);
g = NULL;
ssh_string_burn(q);
ssh_string_free(q);
q = NULL;
ssh_string_burn(n);
ssh_string_free(n);
n = NULL;
break;
}
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1: {
const BIGNUM *be, *bn;
RSA_get0_key(key->rsa, &bn, &be, NULL);
e = ssh_make_bignum_string((BIGNUM *)be);
if (e == NULL) {
goto fail;
}
n = ssh_make_bignum_string((BIGNUM *)bn);
if (n == NULL) {
goto fail;
}
if (ssh_buffer_add_ssh_string(buffer, e) < 0) {
goto fail;
}
if (ssh_buffer_add_ssh_string(buffer, n) < 0) {
goto fail;
}
ssh_string_burn(e);
ssh_string_free(e);
e = NULL;
ssh_string_burn(n);
ssh_string_free(n);
n = NULL;
break;
}
case SSH_KEYTYPE_ECDSA:
#ifdef HAVE_OPENSSL_ECC
rc = ssh_buffer_reinit(buffer);
if (rc < 0) {
ssh_buffer_free(buffer);
return NULL;
}
type_s = ssh_string_from_char(pki_key_ecdsa_nid_to_name(key->ecdsa_nid));
if (type_s == NULL) {
ssh_buffer_free(buffer);
return NULL;
}
rc = ssh_buffer_add_ssh_string(buffer, type_s);
ssh_string_free(type_s);
if (rc < 0) {
ssh_buffer_free(buffer);
return NULL;
}
type_s = ssh_string_from_char(pki_key_ecdsa_nid_to_char(key->ecdsa_nid));
if (type_s == NULL) {
ssh_buffer_free(buffer);
return NULL;
}
rc = ssh_buffer_add_ssh_string(buffer, type_s);
ssh_string_free(type_s);
if (rc < 0) {
ssh_buffer_free(buffer);
return NULL;
}
e = make_ecpoint_string(EC_KEY_get0_group(key->ecdsa),
EC_KEY_get0_public_key(key->ecdsa));
if (e == NULL) {
ssh_buffer_free(buffer);
return NULL;
}
rc = ssh_buffer_add_ssh_string(buffer, e);
if (rc < 0) {
goto fail;
}
ssh_string_burn(e);
ssh_string_free(e);
e = NULL;
break;
#endif
case SSH_KEYTYPE_ED25519:
rc = pki_ed25519_public_key_to_blob(buffer, key);
if (rc == SSH_ERROR){
goto fail;
}
break;
case SSH_KEYTYPE_UNKNOWN:
default:
goto fail;
}
makestring:
str = ssh_string_new(ssh_buffer_get_len(buffer));
if (str == NULL) {
goto fail;
}
rc = ssh_string_fill(str, ssh_buffer_get(buffer), ssh_buffer_get_len(buffer));
if (rc < 0) {
goto fail;
}
ssh_buffer_free(buffer);
return str;
fail:
ssh_buffer_free(buffer);
ssh_string_burn(str);
ssh_string_free(str);
ssh_string_burn(e);
ssh_string_free(e);
ssh_string_burn(p);
ssh_string_free(p);
ssh_string_burn(g);
ssh_string_free(g);
ssh_string_burn(q);
ssh_string_free(q);
ssh_string_burn(n);
ssh_string_free(n);
return NULL;
}
/**
* @internal
*
* @brief Compute a digital signature.
*
* @param[in] digest The message digest.
*
* @param[in] dlen The length of the digest.
*
* @param[in] privkey The private rsa key to use for signing.
*
* @param[in] hash_type The hash algorithm to use.
*
* @return A newly allocated rsa sig blob or NULL on error.
*/
static ssh_string _RSA_do_sign_hash(const unsigned char *digest,
int dlen,
RSA *privkey,
enum ssh_digest_e hash_type)
{
ssh_string sig_blob;
unsigned char *sig;
unsigned int slen;
int ok;
int nid = 0;
switch (hash_type) {
case SSH_DIGEST_SHA1:
case SSH_DIGEST_AUTO:
nid = NID_sha1;
break;
case SSH_DIGEST_SHA256:
nid = NID_sha256;
break;
case SSH_DIGEST_SHA512:
nid = NID_sha512;
break;
default:
SSH_LOG(SSH_LOG_WARN, "Incomplatible hash type");
return NULL;
}
sig = malloc(RSA_size(privkey));
if (sig == NULL) {
return NULL;
}
ok = RSA_sign(nid, digest, dlen, sig, &slen, privkey);
if (!ok) {
SAFE_FREE(sig);
return NULL;
}
sig_blob = ssh_string_new(slen);
if (sig_blob == NULL) {
SAFE_FREE(sig);
return NULL;
}
ssh_string_fill(sig_blob, sig, slen);
explicit_bzero(sig, slen);
SAFE_FREE(sig);
return sig_blob;
}
static ssh_string pki_dsa_signature_to_blob(const ssh_signature sig)
{
char buffer[40] = { 0 };
ssh_string sig_blob = NULL;
const BIGNUM *pr, *ps;
ssh_string r;
int r_len, r_offset_in, r_offset_out;
ssh_string s;
int s_len, s_offset_in, s_offset_out;
DSA_SIG_get0(sig->dsa_sig, &pr, &ps);
r = ssh_make_bignum_string((BIGNUM *)pr);
if (r == NULL) {
return NULL;
}
s = ssh_make_bignum_string((BIGNUM *)ps);
if (s == NULL) {
ssh_string_free(r);
return NULL;
}
r_len = ssh_string_len(r);
r_offset_in = (r_len > 20) ? (r_len - 20) : 0;
r_offset_out = (r_len < 20) ? (20 - r_len) : 0;
s_len = ssh_string_len(s);
s_offset_in = (s_len > 20) ? (s_len - 20) : 0;
s_offset_out = (s_len < 20) ? (20 - s_len) : 0;
memcpy(buffer + r_offset_out,
((char *)ssh_string_data(r)) + r_offset_in,
r_len - r_offset_in);
memcpy(buffer + 20 + s_offset_out,
((char *)ssh_string_data(s)) + s_offset_in,
s_len - s_offset_in);
ssh_string_free(r);
ssh_string_free(s);
sig_blob = ssh_string_new(40);
if (sig_blob == NULL) {
return NULL;
}
ssh_string_fill(sig_blob, buffer, 40);
return sig_blob;
}
ssh_string pki_signature_to_blob(const ssh_signature sig)
{
ssh_string sig_blob = NULL;
switch(sig->type) {
case SSH_KEYTYPE_DSS:
sig_blob = pki_dsa_signature_to_blob(sig);
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
sig_blob = ssh_string_copy(sig->rsa_sig);
break;
case SSH_KEYTYPE_ECDSA:
#ifdef HAVE_OPENSSL_ECC
{
ssh_string r;
ssh_string s;
ssh_buffer b;
int rc;
const BIGNUM *pr, *ps;
b = ssh_buffer_new();
if (b == NULL) {
return NULL;
}
ECDSA_SIG_get0(sig->ecdsa_sig, &pr, &ps);
r = ssh_make_bignum_string((BIGNUM *)pr);
if (r == NULL) {
ssh_buffer_free(b);
return NULL;
}
rc = ssh_buffer_add_ssh_string(b, r);
ssh_string_free(r);
if (rc < 0) {
ssh_buffer_free(b);
return NULL;
}
s = ssh_make_bignum_string((BIGNUM *)ps);
if (s == NULL) {
ssh_buffer_free(b);
return NULL;
}
rc = ssh_buffer_add_ssh_string(b, s);
ssh_string_free(s);
if (rc < 0) {
ssh_buffer_free(b);
return NULL;
}
sig_blob = ssh_string_new(ssh_buffer_get_len(b));
if (sig_blob == NULL) {
ssh_buffer_free(b);
return NULL;
}
ssh_string_fill(sig_blob, ssh_buffer_get(b), ssh_buffer_get_len(b));
ssh_buffer_free(b);
break;
}
#endif
case SSH_KEYTYPE_ED25519:
sig_blob = pki_ed25519_sig_to_blob(sig);
break;
default:
case SSH_KEYTYPE_UNKNOWN:
SSH_LOG(SSH_LOG_WARN, "Unknown signature key type: %s", sig->type_c);
return NULL;
}
return sig_blob;
}
static ssh_signature pki_signature_from_rsa_blob(const ssh_key pubkey,
const ssh_string sig_blob,
ssh_signature sig)
{
uint32_t pad_len = 0;
char *blob_orig;
char *blob_padded_data;
ssh_string sig_blob_padded;
size_t rsalen = 0;
size_t len = ssh_string_len(sig_blob);
if (pubkey->rsa == NULL) {
SSH_LOG(SSH_LOG_WARN, "Pubkey RSA field NULL");
goto errout;
}
rsalen = RSA_size(pubkey->rsa);
if (len > rsalen) {
SSH_LOG(SSH_LOG_WARN,
"Signature is too big: %lu > %lu",
(unsigned long)len,
(unsigned long)rsalen);
goto errout;
}
#ifdef DEBUG_CRYPTO
SSH_LOG(SSH_LOG_WARN, "RSA signature len: %lu", (unsigned long)len);
ssh_print_hexa("RSA signature", ssh_string_data(sig_blob), len);
#endif
if (len == rsalen) {
sig->rsa_sig = ssh_string_copy(sig_blob);
} else {
/* pad the blob to the expected rsalen size */
SSH_LOG(SSH_LOG_DEBUG,
"RSA signature len %lu < %lu",
(unsigned long)len,
(unsigned long)rsalen);
pad_len = rsalen - len;
sig_blob_padded = ssh_string_new(rsalen);
if (sig_blob_padded == NULL) {
goto errout;
}
blob_padded_data = (char *) ssh_string_data(sig_blob_padded);
blob_orig = (char *) ssh_string_data(sig_blob);
/* front-pad the buffer with zeroes */
explicit_bzero(blob_padded_data, pad_len);
/* fill the rest with the actual signature blob */
memcpy(blob_padded_data + pad_len, blob_orig, len);
sig->rsa_sig = sig_blob_padded;
}
return sig;
errout:
ssh_signature_free(sig);
return NULL;
}
ssh_signature pki_signature_from_blob(const ssh_key pubkey,
const ssh_string sig_blob,
enum ssh_keytypes_e type,
enum ssh_digest_e hash_type)
{
ssh_signature sig;
ssh_string r;
ssh_string s;
size_t len;
int rc;
BIGNUM *pr = NULL, *ps = NULL;
sig = ssh_signature_new();
if (sig == NULL) {
return NULL;
}
sig->type = type;
sig->hash_type = hash_type;
sig->type_c = ssh_key_signature_to_char(type, hash_type);
len = ssh_string_len(sig_blob);
switch(type) {
case SSH_KEYTYPE_DSS:
/* 40 is the dual signature blob len. */
if (len != 40) {
SSH_LOG(SSH_LOG_WARN,
"Signature has wrong size: %lu",
(unsigned long)len);
ssh_signature_free(sig);
return NULL;
}
#ifdef DEBUG_CRYPTO
ssh_print_hexa("r", ssh_string_data(sig_blob), 20);
ssh_print_hexa("s", (unsigned char *)ssh_string_data(sig_blob) + 20, 20);
#endif
sig->dsa_sig = DSA_SIG_new();
if (sig->dsa_sig == NULL) {
ssh_signature_free(sig);
return NULL;
}
r = ssh_string_new(20);
if (r == NULL) {
ssh_signature_free(sig);
return NULL;
}
ssh_string_fill(r, ssh_string_data(sig_blob), 20);
pr = ssh_make_string_bn(r);
ssh_string_free(r);
if (pr == NULL) {
ssh_signature_free(sig);
return NULL;
}
s = ssh_string_new(20);
if (s == NULL) {
ssh_signature_free(sig);
return NULL;
}
ssh_string_fill(s, (char *)ssh_string_data(sig_blob) + 20, 20);
ps = ssh_make_string_bn(s);
ssh_string_free(s);
if (ps == NULL) {
ssh_signature_free(sig);
return NULL;
}
/* Memory management of pr and ps is transfered to DSA signature
* object */
rc = DSA_SIG_set0(sig->dsa_sig, pr, ps);
if (rc == 0) {
ssh_signature_free(sig);
return NULL;
}
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
sig = pki_signature_from_rsa_blob(pubkey, sig_blob, sig);
break;
case SSH_KEYTYPE_ECDSA:
#ifdef HAVE_OPENSSL_ECC
sig->ecdsa_sig = ECDSA_SIG_new();
if (sig->ecdsa_sig == NULL) {
ssh_signature_free(sig);
return NULL;
}
{ /* build ecdsa siganature */
ssh_buffer b;
uint32_t rlen;
b = ssh_buffer_new();
if (b == NULL) {
ssh_signature_free(sig);
return NULL;
}
rc = ssh_buffer_add_data(b,
ssh_string_data(sig_blob),
ssh_string_len(sig_blob));
if (rc < 0) {
ssh_buffer_free(b);
ssh_signature_free(sig);
return NULL;
}
r = ssh_buffer_get_ssh_string(b);
if (r == NULL) {
ssh_buffer_free(b);
ssh_signature_free(sig);
return NULL;
}
#ifdef DEBUG_CRYPTO
ssh_print_hexa("r", ssh_string_data(r), ssh_string_len(r));
#endif
pr = ssh_make_string_bn(r);
ssh_string_burn(r);
ssh_string_free(r);
if (pr == NULL) {
ssh_buffer_free(b);
ssh_signature_free(sig);
return NULL;
}
s = ssh_buffer_get_ssh_string(b);
rlen = ssh_buffer_get_len(b);
ssh_buffer_free(b);
if (s == NULL) {
ssh_signature_free(sig);
return NULL;
}
#ifdef DEBUG_CRYPTO
ssh_print_hexa("s", ssh_string_data(s), ssh_string_len(s));
#endif
ps = ssh_make_string_bn(s);
ssh_string_burn(s);
ssh_string_free(s);
if (ps == NULL) {
ssh_signature_free(sig);
return NULL;
}
/* Memory management of pr and ps is transfered to
* ECDSA signature object */
rc = ECDSA_SIG_set0(sig->ecdsa_sig, pr, ps);
if (rc == 0) {
ssh_signature_free(sig);
return NULL;
}
if (rlen != 0) {
SSH_LOG(SSH_LOG_WARN,
"Signature has remaining bytes in inner "
"sigblob: %lu",
(unsigned long)rlen);
ssh_signature_free(sig);
return NULL;
}
}
break;
#endif
case SSH_KEYTYPE_ED25519:
rc = pki_ed25519_sig_from_blob(sig, sig_blob);
if (rc == SSH_ERROR){
ssh_signature_free(sig);
return NULL;
}
break;
default:
case SSH_KEYTYPE_UNKNOWN:
SSH_LOG(SSH_LOG_WARN, "Unknown signature type");
ssh_signature_free(sig);
return NULL;
}
return sig;
}
int pki_signature_verify(ssh_session session,
const ssh_signature sig,
const ssh_key key,
const unsigned char *hash,
size_t hlen)
{
int rc;
int nid;
switch(key->type) {
case SSH_KEYTYPE_DSS:
rc = DSA_do_verify(hash,
hlen,
sig->dsa_sig,
key->dsa);
if (rc <= 0) {
ssh_set_error(session,
SSH_FATAL,
"DSA error: %s",
ERR_error_string(ERR_get_error(), NULL));
return SSH_ERROR;
}
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
switch (sig->hash_type) {
case SSH_DIGEST_AUTO:
case SSH_DIGEST_SHA1:
nid = NID_sha1;
break;
case SSH_DIGEST_SHA256:
nid = NID_sha256;
break;
case SSH_DIGEST_SHA512:
nid = NID_sha512;
break;
default:
SSH_LOG(SSH_LOG_TRACE, "Unknown hash type %d", sig->hash_type);
ssh_set_error(session,
SSH_FATAL,
"Unexpected hash type %d during RSA verify",
sig->hash_type);
return SSH_ERROR;
}
rc = RSA_verify(nid,
hash,
hlen,
ssh_string_data(sig->rsa_sig),
ssh_string_len(sig->rsa_sig),
key->rsa);
if (rc <= 0) {
SSH_LOG(SSH_LOG_TRACE, "RSA verify failed");
ssh_set_error(session,
SSH_FATAL,
"RSA error: %s",
ERR_error_string(ERR_get_error(), NULL));
return SSH_ERROR;
}
break;
case SSH_KEYTYPE_ED25519:
rc = pki_ed25519_verify(key, sig, hash, hlen);
if (rc != SSH_OK){
ssh_set_error(session,
SSH_FATAL,
"ed25519 signature verification error");
return SSH_ERROR;
}
break;
case SSH_KEYTYPE_ECDSA:
#ifdef HAVE_OPENSSL_ECC
rc = ECDSA_do_verify(hash,
hlen,
sig->ecdsa_sig,
key->ecdsa);
if (rc <= 0) {
ssh_set_error(session,
SSH_FATAL,
"ECDSA error: %s",
ERR_error_string(ERR_get_error(), NULL));
return SSH_ERROR;
}
break;
#endif
case SSH_KEYTYPE_UNKNOWN:
default:
SSH_LOG(SSH_LOG_TRACE, "Unknown key type");
ssh_set_error(session, SSH_FATAL, "Unknown public key type");
return SSH_ERROR;
}
return SSH_OK;
}
ssh_signature pki_do_sign_hash(const ssh_key privkey,
const unsigned char *hash,
size_t hlen,
enum ssh_digest_e hash_type)
{
ssh_signature sig;
int rc;
/* Only RSA supports different signature algorithm types now */
if (privkey->type != SSH_KEYTYPE_RSA && hash_type != SSH_DIGEST_AUTO) {
SSH_LOG(SSH_LOG_WARN, "Incompatible signature algorithm passed");
return NULL;
}
sig = ssh_signature_new();
if (sig == NULL) {
return NULL;
}
sig->type = privkey->type;
sig->hash_type = hash_type;
sig->type_c = privkey->type_c;
switch(privkey->type) {
case SSH_KEYTYPE_DSS:
sig->dsa_sig = DSA_do_sign(hash, hlen, privkey->dsa);
if (sig->dsa_sig == NULL) {
ssh_signature_free(sig);
return NULL;
}
#ifdef DEBUG_CRYPTO
{
const BIGNUM *pr, *ps;
DSA_SIG_get0(sig->dsa_sig, &pr, &ps);
ssh_print_bignum("r", (BIGNUM *) pr);
ssh_print_bignum("s", (BIGNUM *) ps);
}
#endif
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
sig->type_c = ssh_key_signature_to_char(privkey->type, hash_type);
sig->rsa_sig = _RSA_do_sign_hash(hash, hlen, privkey->rsa, hash_type);
if (sig->rsa_sig == NULL) {
ssh_signature_free(sig);
return NULL;
}
sig->dsa_sig = NULL;
break;
case SSH_KEYTYPE_ECDSA:
#ifdef HAVE_OPENSSL_ECC
sig->ecdsa_sig = ECDSA_do_sign(hash, hlen, privkey->ecdsa);
if (sig->ecdsa_sig == NULL) {
ssh_signature_free(sig);
return NULL;
}
# ifdef DEBUG_CRYPTO
{
const BIGNUM *pr, *ps;
ECDSA_SIG_get0(sig->ecdsa_sig, &pr, &ps);
ssh_print_bignum("r", (BIGNUM *) pr);
ssh_print_bignum("s", (BIGNUM *) ps);
}
# endif /* DEBUG_CRYPTO */
break;
#endif /* HAVE_OPENSSL_ECC */
case SSH_KEYTYPE_ED25519:
rc = pki_ed25519_sign(privkey, sig, hash, hlen);
if (rc != SSH_OK){
ssh_signature_free(sig);
return NULL;
}
break;
case SSH_KEYTYPE_UNKNOWN:
default:
ssh_signature_free(sig);
return NULL;
}
return sig;
}
#ifdef WITH_SERVER
ssh_signature pki_do_sign_sessionid_hash(const ssh_key key,
const unsigned char *hash,
size_t hlen,
enum ssh_digest_e hash_type)
{
ssh_signature sig;
/* Only RSA supports different signature algorithm types now */
if (key->type != SSH_KEYTYPE_RSA && hash_type != SSH_DIGEST_AUTO) {
SSH_LOG(SSH_LOG_WARN, "Incompatible signature algorithm passed");
return NULL;
}
sig = ssh_signature_new();
if (sig == NULL) {
return NULL;
}
sig->type = key->type;
sig->type_c = key->type_c;
switch(key->type) {
case SSH_KEYTYPE_DSS:
sig->dsa_sig = DSA_do_sign(hash, hlen, key->dsa);
if (sig->dsa_sig == NULL) {
ssh_signature_free(sig);
return NULL;
}
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
sig->type_c = ssh_key_signature_to_char(key->type, hash_type);
sig->rsa_sig = _RSA_do_sign_hash(hash, hlen, key->rsa, hash_type);
if (sig->rsa_sig == NULL) {
ssh_signature_free(sig);
return NULL;
}
break;
case SSH_KEYTYPE_ECDSA:
#ifdef HAVE_OPENSSL_ECC
sig->ecdsa_sig = ECDSA_do_sign(hash, hlen, key->ecdsa);
if (sig->ecdsa_sig == NULL) {
ssh_signature_free(sig);
return NULL;
}
break;
#endif
case SSH_KEYTYPE_ED25519:
/* ED25519 handled in caller */
case SSH_KEYTYPE_UNKNOWN:
default:
ssh_signature_free(sig);
return NULL;
}
return sig;
}
#endif /* WITH_SERVER */
#endif /* _PKI_CRYPTO_H */
Показать git blame Копировать постоянную ссылку