2014-07-23 01:40:46 +02:00
|
|
|
/* $OpenBSD: key.c,v 1.122 2014/07/22 01:18:50 dtucker Exp $ */
|
2000-03-26 05:04:51 +02:00
|
|
|
/*
|
2014-07-02 07:28:02 +02:00
|
|
|
* placed in the public domain
|
2000-03-26 05:04:51 +02:00
|
|
|
*/
|
2006-08-05 04:39:39 +02:00
|
|
|
|
2000-03-26 05:04:51 +02:00
|
|
|
#include "includes.h"
|
2001-01-22 06:34:40 +01:00
|
|
|
|
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
#include <sys/param.h>
|
2006-08-05 04:39:39 +02:00
|
|
|
#include <sys/types.h>
|
2014-07-02 07:28:02 +02:00
|
|
|
#include <errno.h>
|
2006-09-01 07:38:36 +02:00
|
|
|
#include <stdarg.h>
|
2006-08-05 03:37:59 +02:00
|
|
|
#include <stdio.h>
|
2006-07-24 06:13:33 +02:00
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
#define SSH_KEY_NO_DEFINE
|
2000-03-26 05:04:51 +02:00
|
|
|
#include "key.h"
|
2010-02-26 21:55:05 +01:00
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
#include "compat.h"
|
|
|
|
#include "sshkey.h"
|
|
|
|
#include "ssherr.h"
|
|
|
|
#include "log.h"
|
|
|
|
#include "authfile.h"
|
2002-06-23 23:21:30 +02:00
|
|
|
|
2010-02-26 21:55:05 +01:00
|
|
|
void
|
|
|
|
key_add_private(Key *k)
|
2000-11-13 12:57:25 +01:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
int r;
|
|
|
|
|
|
|
|
if ((r = sshkey_add_private(k)) != 0)
|
|
|
|
fatal("%s: %s", __func__, ssh_err(r));
|
2010-02-26 21:55:05 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
Key *
|
|
|
|
key_new_private(int type)
|
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
Key *ret = NULL;
|
2000-03-26 05:04:51 +02:00
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
if ((ret = sshkey_new_private(type)) == NULL)
|
|
|
|
fatal("%s: failed", __func__);
|
|
|
|
return ret;
|
2010-02-26 21:55:05 +01:00
|
|
|
}
|
|
|
|
|
2003-05-15 02:19:46 +02:00
|
|
|
u_char*
|
2013-01-18 01:44:04 +01:00
|
|
|
key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
|
|
|
|
u_int *dgst_raw_length)
|
2000-03-26 05:04:51 +02:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
u_char *ret = NULL;
|
|
|
|
size_t dlen;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
if (dgst_raw_length != NULL)
|
|
|
|
*dgst_raw_length = 0;
|
|
|
|
if ((r = sshkey_fingerprint_raw(k, dgst_type, &ret, &dlen)) != 0)
|
|
|
|
fatal("%s: %s", __func__, ssh_err(r));
|
|
|
|
if (dlen > INT_MAX)
|
|
|
|
fatal("%s: giant len %zu", __func__, dlen);
|
|
|
|
*dgst_raw_length = dlen;
|
|
|
|
return ret;
|
2000-03-26 05:04:51 +02:00
|
|
|
}
|
2000-11-13 12:57:25 +01:00
|
|
|
|
|
|
|
int
|
2000-04-29 15:57:08 +02:00
|
|
|
key_read(Key *ret, char **cpp)
|
2000-03-26 05:04:51 +02:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
return sshkey_read(ret, cpp) == 0 ? 1 : -1;
|
2000-03-26 05:04:51 +02:00
|
|
|
}
|
2002-06-23 23:21:30 +02:00
|
|
|
|
2000-03-26 05:04:51 +02:00
|
|
|
int
|
2003-11-17 11:18:23 +01:00
|
|
|
key_write(const Key *key, FILE *f)
|
2000-03-26 05:04:51 +02:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
return sshkey_write(key, f) == 0 ? 1 : 0;
|
2010-08-31 14:41:14 +02:00
|
|
|
}
|
|
|
|
|
2000-11-13 12:57:25 +01:00
|
|
|
Key *
|
2000-12-22 02:43:59 +01:00
|
|
|
key_generate(int type, u_int bits)
|
2000-11-13 12:57:25 +01:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
int r;
|
|
|
|
Key *ret = NULL;
|
|
|
|
|
|
|
|
if ((r = sshkey_generate(type, bits, &ret)) != 0)
|
|
|
|
fatal("%s: %s", __func__, ssh_err(r));
|
|
|
|
return ret;
|
2000-11-13 12:57:25 +01:00
|
|
|
}
|
|
|
|
|
2010-02-26 21:55:05 +01:00
|
|
|
void
|
2014-07-02 07:28:02 +02:00
|
|
|
key_cert_copy(const Key *from_key, Key *to_key)
|
2010-02-26 21:55:05 +01:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
int r;
|
2010-02-26 21:55:05 +01:00
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
if ((r = sshkey_cert_copy(from_key, to_key)) != 0)
|
|
|
|
fatal("%s: %s", __func__, ssh_err(r));
|
2010-02-26 21:55:05 +01:00
|
|
|
}
|
|
|
|
|
2000-11-13 12:57:25 +01:00
|
|
|
Key *
|
2003-11-17 11:18:23 +01:00
|
|
|
key_from_private(const Key *k)
|
2000-11-13 12:57:25 +01:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
int r;
|
|
|
|
Key *ret = NULL;
|
2010-02-26 21:55:05 +01:00
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
if ((r = sshkey_from_private(k, &ret)) != 0)
|
|
|
|
fatal("%s: %s", __func__, ssh_err(r));
|
2010-02-26 21:55:05 +01:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
static void
|
|
|
|
fatal_on_fatal_errors(int r, const char *func, int extra_fatal)
|
2000-11-13 12:57:25 +01:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
if (r == SSH_ERR_INTERNAL_ERROR ||
|
|
|
|
r == SSH_ERR_ALLOC_FAIL ||
|
|
|
|
(extra_fatal != 0 && r == extra_fatal))
|
|
|
|
fatal("%s: %s", func, ssh_err(r));
|
2000-11-13 12:57:25 +01:00
|
|
|
}
|
|
|
|
|
2013-10-30 12:19:47 +01:00
|
|
|
Key *
|
|
|
|
key_from_blob(const u_char *blob, u_int blen)
|
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
int r;
|
|
|
|
Key *ret = NULL;
|
|
|
|
|
|
|
|
if ((r = sshkey_from_blob(blob, blen, &ret)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, 0);
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
return ret;
|
2013-10-30 12:19:47 +01:00
|
|
|
}
|
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
int
|
|
|
|
key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
|
2000-11-13 12:57:25 +01:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
u_char *blob;
|
|
|
|
size_t blen;
|
|
|
|
int r;
|
2000-11-13 12:57:25 +01:00
|
|
|
|
2013-12-05 00:25:51 +01:00
|
|
|
if (blobp != NULL)
|
|
|
|
*blobp = NULL;
|
|
|
|
if (lenp != NULL)
|
|
|
|
*lenp = 0;
|
2014-07-02 07:28:02 +02:00
|
|
|
if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, 0);
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
2000-11-13 12:57:25 +01:00
|
|
|
return 0;
|
|
|
|
}
|
2014-07-02 07:28:02 +02:00
|
|
|
if (blen > INT_MAX)
|
|
|
|
fatal("%s: giant len %zu", __func__, blen);
|
|
|
|
if (blobp != NULL)
|
|
|
|
*blobp = blob;
|
2000-11-13 12:57:25 +01:00
|
|
|
if (lenp != NULL)
|
2014-07-02 07:28:02 +02:00
|
|
|
*lenp = blen;
|
|
|
|
return blen;
|
2000-11-13 12:57:25 +01:00
|
|
|
}
|
|
|
|
|
2013-01-18 01:44:04 +01:00
|
|
|
int
|
2014-07-02 07:28:02 +02:00
|
|
|
key_sign(const Key *key, u_char **sigp, u_int *lenp,
|
2003-11-17 11:18:23 +01:00
|
|
|
const u_char *data, u_int datalen)
|
2000-11-13 12:57:25 +01:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
int r;
|
|
|
|
u_char *sig;
|
|
|
|
size_t siglen;
|
|
|
|
|
|
|
|
if (sigp != NULL)
|
|
|
|
*sigp = NULL;
|
|
|
|
if (lenp != NULL)
|
|
|
|
*lenp = 0;
|
|
|
|
if ((r = sshkey_sign(key, &sig, &siglen,
|
|
|
|
data, datalen, datafellows)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, 0);
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
2000-11-13 12:57:25 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2014-07-02 07:28:02 +02:00
|
|
|
if (siglen > INT_MAX)
|
|
|
|
fatal("%s: giant len %zu", __func__, siglen);
|
|
|
|
if (sigp != NULL)
|
|
|
|
*sigp = sig;
|
|
|
|
if (lenp != NULL)
|
|
|
|
*lenp = siglen;
|
|
|
|
return 0;
|
2000-11-13 12:57:25 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2014-07-02 07:28:02 +02:00
|
|
|
key_verify(const Key *key, const u_char *signature, u_int signaturelen,
|
2003-11-17 11:18:23 +01:00
|
|
|
const u_char *data, u_int datalen)
|
2000-11-13 12:57:25 +01:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
int r;
|
2001-06-25 06:42:20 +02:00
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
if ((r = sshkey_verify(key, signature, signaturelen,
|
|
|
|
data, datalen, datafellows)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, 0);
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
|
|
|
return r == SSH_ERR_SIGNATURE_INVALID ? 0 : -1;
|
2000-11-13 12:57:25 +01:00
|
|
|
}
|
2014-07-02 07:28:02 +02:00
|
|
|
return 1;
|
2000-11-13 12:57:25 +01:00
|
|
|
}
|
2002-03-22 02:45:53 +01:00
|
|
|
|
|
|
|
Key *
|
2003-11-17 11:18:23 +01:00
|
|
|
key_demote(const Key *k)
|
2002-03-22 02:45:53 +01:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
int r;
|
|
|
|
Key *ret = NULL;
|
2010-02-26 21:55:05 +01:00
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
if ((r = sshkey_demote(k, &ret)) != 0)
|
|
|
|
fatal("%s: %s", __func__, ssh_err(r));
|
|
|
|
return ret;
|
2010-02-26 21:55:05 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2010-04-16 07:56:21 +02:00
|
|
|
key_to_certified(Key *k, int legacy)
|
2010-02-26 21:55:05 +01:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
int r;
|
|
|
|
|
|
|
|
if ((r = sshkey_to_certified(k, legacy)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, 0);
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
2010-02-26 21:55:05 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2014-07-02 07:28:02 +02:00
|
|
|
return 0;
|
2010-02-26 21:55:05 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
key_drop_cert(Key *k)
|
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
int r;
|
|
|
|
|
|
|
|
if ((r = sshkey_drop_cert(k)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, 0);
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
2010-02-26 21:55:05 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2013-12-07 01:24:01 +01:00
|
|
|
return 0;
|
2010-02-26 21:55:05 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
key_certify(Key *k, Key *ca)
|
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
int r;
|
2010-02-26 21:55:05 +01:00
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
if ((r = sshkey_certify(k, ca)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, 0);
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
2010-02-26 21:55:05 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2014-07-02 07:28:02 +02:00
|
|
|
return 0;
|
|
|
|
}
|
2010-02-26 21:55:05 +01:00
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
int
|
|
|
|
key_cert_check_authority(const Key *k, int want_host, int require_principal,
|
|
|
|
const char *name, const char **reason)
|
|
|
|
{
|
|
|
|
int r;
|
2010-02-26 21:55:05 +01:00
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
if ((r = sshkey_cert_check_authority(k, want_host, require_principal,
|
|
|
|
name, reason)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, 0);
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
2010-02-26 21:55:05 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2014-07-02 07:28:02 +02:00
|
|
|
return 0;
|
|
|
|
}
|
2010-02-26 21:55:05 +01:00
|
|
|
|
2014-07-18 23:23:55 +02:00
|
|
|
#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
|
2014-07-02 07:28:02 +02:00
|
|
|
int
|
|
|
|
key_ec_validate_public(const EC_GROUP *group, const EC_POINT *public)
|
|
|
|
{
|
|
|
|
int r;
|
2010-02-26 21:55:05 +01:00
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
if ((r = sshkey_ec_validate_public(group, public)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
2010-02-26 21:55:05 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2014-07-02 07:28:02 +02:00
|
|
|
key_ec_validate_private(const EC_KEY *key)
|
2010-02-26 21:55:05 +01:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
int r;
|
|
|
|
|
|
|
|
if ((r = sshkey_ec_validate_private(key)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
2010-02-26 21:55:05 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
2014-07-02 07:28:02 +02:00
|
|
|
#endif /* WITH_OPENSSL */
|
2010-04-16 07:56:21 +02:00
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
void
|
|
|
|
key_private_serialize(const Key *key, struct sshbuf *b)
|
2010-04-16 07:56:21 +02:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
int r;
|
2010-08-31 14:41:14 +02:00
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
if ((r = sshkey_private_serialize(key, b)) != 0)
|
|
|
|
fatal("%s: %s", __func__, ssh_err(r));
|
2010-08-31 14:41:14 +02:00
|
|
|
}
|
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
Key *
|
|
|
|
key_private_deserialize(struct sshbuf *blob)
|
2010-09-10 03:23:34 +02:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
int r;
|
|
|
|
Key *ret = NULL;
|
|
|
|
|
|
|
|
if ((r = sshkey_private_deserialize(blob, &ret)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
|
|
|
return NULL;
|
2010-09-10 03:23:34 +02:00
|
|
|
}
|
2014-07-02 07:28:02 +02:00
|
|
|
return ret;
|
2010-09-10 03:23:34 +02:00
|
|
|
}
|
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
/* authfile.c */
|
2010-08-31 14:41:14 +02:00
|
|
|
|
2014-01-10 00:58:53 +01:00
|
|
|
int
|
2014-07-02 07:28:02 +02:00
|
|
|
key_save_private(Key *key, const char *filename, const char *passphrase,
|
|
|
|
const char *comment, int force_new_format, const char *new_format_cipher,
|
|
|
|
int new_format_rounds)
|
2010-09-10 03:23:34 +02:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
int r;
|
|
|
|
|
|
|
|
if ((r = sshkey_save_private(key, filename, passphrase, comment,
|
|
|
|
force_new_format, new_format_cipher, new_format_rounds)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
return 1;
|
2010-09-10 03:23:34 +02:00
|
|
|
}
|
|
|
|
|
2010-08-31 14:41:14 +02:00
|
|
|
int
|
2014-07-02 07:28:02 +02:00
|
|
|
key_load_file(int fd, const char *filename, struct sshbuf *blob)
|
2010-08-31 14:41:14 +02:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
int r;
|
2010-08-31 14:41:14 +02:00
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
if ((r = sshkey_load_file(fd, filename, blob)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
|
|
|
return 0;
|
2010-08-31 14:41:14 +02:00
|
|
|
}
|
2014-07-02 07:28:02 +02:00
|
|
|
return 1;
|
|
|
|
}
|
2010-08-31 14:41:14 +02:00
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
Key *
|
|
|
|
key_load_cert(const char *filename)
|
|
|
|
{
|
|
|
|
int r;
|
|
|
|
Key *ret = NULL;
|
2010-08-31 14:41:14 +02:00
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
if ((r = sshkey_load_cert(filename, &ret)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
|
2014-07-09 05:07:28 +02:00
|
|
|
/* Old authfile.c ignored all file errors. */
|
|
|
|
if (r == SSH_ERR_SYSTEM_ERROR)
|
2014-07-02 07:28:02 +02:00
|
|
|
debug("%s: %s", __func__, ssh_err(r));
|
|
|
|
else
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
|
|
|
return NULL;
|
2010-08-31 14:41:14 +02:00
|
|
|
}
|
|
|
|
return ret;
|
2014-07-02 07:28:02 +02:00
|
|
|
|
2010-08-31 14:41:14 +02:00
|
|
|
}
|
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
Key *
|
|
|
|
key_load_public(const char *filename, char **commentp)
|
2010-08-31 14:41:14 +02:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
int r;
|
|
|
|
Key *ret = NULL;
|
2010-08-31 14:41:14 +02:00
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
if ((r = sshkey_load_public(filename, &ret, commentp)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
|
2014-07-09 05:07:28 +02:00
|
|
|
/* Old authfile.c ignored all file errors. */
|
|
|
|
if (r == SSH_ERR_SYSTEM_ERROR)
|
2014-07-02 07:28:02 +02:00
|
|
|
debug("%s: %s", __func__, ssh_err(r));
|
|
|
|
else
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
|
|
|
return NULL;
|
2010-08-31 14:41:14 +02:00
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
Key *
|
|
|
|
key_load_private(const char *path, const char *passphrase,
|
|
|
|
char **commentp)
|
|
|
|
{
|
|
|
|
int r;
|
|
|
|
Key *ret = NULL;
|
|
|
|
|
|
|
|
if ((r = sshkey_load_private(path, passphrase, &ret, commentp)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
|
2014-07-09 05:07:28 +02:00
|
|
|
/* Old authfile.c ignored all file errors. */
|
2014-07-18 07:03:49 +02:00
|
|
|
if (r == SSH_ERR_SYSTEM_ERROR ||
|
|
|
|
r == SSH_ERR_KEY_WRONG_PASSPHRASE)
|
2014-07-02 07:28:02 +02:00
|
|
|
debug("%s: %s", __func__, ssh_err(r));
|
|
|
|
else
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
|
|
|
return NULL;
|
2010-08-31 14:41:14 +02:00
|
|
|
}
|
2014-07-02 07:28:02 +02:00
|
|
|
return ret;
|
2010-08-31 14:41:14 +02:00
|
|
|
}
|
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
Key *
|
|
|
|
key_load_private_cert(int type, const char *filename, const char *passphrase,
|
|
|
|
int *perm_ok)
|
|
|
|
{
|
|
|
|
int r;
|
|
|
|
Key *ret = NULL;
|
|
|
|
|
|
|
|
if ((r = sshkey_load_private_cert(type, filename, passphrase,
|
|
|
|
&ret, perm_ok)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
|
2014-07-09 05:07:28 +02:00
|
|
|
/* Old authfile.c ignored all file errors. */
|
2014-07-18 07:03:49 +02:00
|
|
|
if (r == SSH_ERR_SYSTEM_ERROR ||
|
|
|
|
r == SSH_ERR_KEY_WRONG_PASSPHRASE)
|
2014-07-02 07:28:02 +02:00
|
|
|
debug("%s: %s", __func__, ssh_err(r));
|
|
|
|
else
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
return ret;
|
2010-08-31 14:41:14 +02:00
|
|
|
}
|
2013-12-07 00:40:26 +01:00
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
Key *
|
|
|
|
key_load_private_type(int type, const char *filename, const char *passphrase,
|
|
|
|
char **commentp, int *perm_ok)
|
|
|
|
{
|
|
|
|
int r;
|
|
|
|
Key *ret = NULL;
|
|
|
|
|
|
|
|
if ((r = sshkey_load_private_type(type, filename, passphrase,
|
|
|
|
&ret, commentp, perm_ok)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
|
2014-07-09 05:07:28 +02:00
|
|
|
/* Old authfile.c ignored all file errors. */
|
|
|
|
if (r == SSH_ERR_SYSTEM_ERROR ||
|
2014-07-02 07:28:02 +02:00
|
|
|
(r == SSH_ERR_KEY_WRONG_PASSPHRASE))
|
|
|
|
debug("%s: %s", __func__, ssh_err(r));
|
|
|
|
else
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
|
|
|
return NULL;
|
2013-12-07 00:40:26 +01:00
|
|
|
}
|
2014-07-02 07:28:02 +02:00
|
|
|
return ret;
|
2013-12-07 00:40:26 +01:00
|
|
|
}
|
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
#ifdef WITH_OPENSSL
|
2013-12-07 00:40:26 +01:00
|
|
|
Key *
|
2014-07-02 07:28:02 +02:00
|
|
|
key_load_private_pem(int fd, int type, const char *passphrase,
|
|
|
|
char **commentp)
|
2013-12-07 00:40:26 +01:00
|
|
|
{
|
2014-07-02 07:28:02 +02:00
|
|
|
int r;
|
|
|
|
Key *ret = NULL;
|
|
|
|
|
|
|
|
if ((r = sshkey_load_private_pem(fd, type, passphrase,
|
|
|
|
&ret, commentp)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
|
2014-07-23 01:40:46 +02:00
|
|
|
if (r == SSH_ERR_KEY_WRONG_PASSPHRASE)
|
|
|
|
debug("%s: %s", __func__, ssh_err(r));
|
|
|
|
else
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
2013-12-07 00:40:26 +01:00
|
|
|
return NULL;
|
|
|
|
}
|
2014-07-02 07:28:02 +02:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
#endif /* WITH_OPENSSL */
|
2013-12-07 00:40:26 +01:00
|
|
|
|
2014-07-02 07:28:02 +02:00
|
|
|
int
|
|
|
|
key_perm_ok(int fd, const char *filename)
|
|
|
|
{
|
|
|
|
return sshkey_perm_ok(fd, filename) == 0 ? 1 : 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
key_in_file(Key *key, const char *filename, int strict_type)
|
|
|
|
{
|
|
|
|
int r;
|
|
|
|
|
|
|
|
if ((r = sshkey_in_file(key, filename, strict_type)) != 0) {
|
|
|
|
fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
|
|
|
|
if (r == SSH_ERR_SYSTEM_ERROR && errno == ENOENT)
|
|
|
|
return 0;
|
|
|
|
error("%s: %s", __func__, ssh_err(r));
|
|
|
|
return r == SSH_ERR_KEY_NOT_FOUND ? 0 : -1;
|
2013-12-07 00:40:26 +01:00
|
|
|
}
|
2014-07-02 07:28:02 +02:00
|
|
|
return 1;
|
2013-12-07 00:40:26 +01:00
|
|
|
}
|