2008-06-12 20:55:10 +02:00
|
|
|
/* $OpenBSD: key.c,v 1.75 2008/06/12 06:32:59 grunk Exp $ */
|
2000-03-26 05:04:51 +02:00
|
|
|
/*
|
2000-09-16 04:29:08 +02:00
|
|
|
* read_bignum():
|
|
|
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
|
|
|
*
|
|
|
|
* As far as I am concerned, the code I have written for this software
|
|
|
|
* can be used freely for any purpose. Any derived versions of this
|
|
|
|
* software must be clearly marked as such, and if the derived work is
|
|
|
|
* incompatible with the protocol description in the RFC file, it must be
|
|
|
|
* called by a name other than "ssh" or "Secure Shell".
|
|
|
|
*
|
|
|
|
*
|
2001-07-04 05:32:30 +02:00
|
|
|
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
2000-03-26 05:04:51 +02:00
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
*/
|
2006-08-05 04:39:39 +02:00
|
|
|
|
2000-03-26 05:04:51 +02:00
|
|
|
#include "includes.h"
|
2001-01-22 06:34:40 +01:00
|
|
|
|
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
#include <sys/param.h>
|
2006-08-05 04:39:39 +02:00
|
|
|
#include <sys/types.h>
|
|
|
|
|
2000-03-26 05:04:51 +02:00
|
|
|
#include <openssl/evp.h>
|
2008-02-28 09:22:04 +01:00
|
|
|
#include <openbsd-compat/openssl-compat.h>
|
2001-01-22 06:34:40 +01:00
|
|
|
|
2006-09-01 07:38:36 +02:00
|
|
|
#include <stdarg.h>
|
2006-08-05 03:37:59 +02:00
|
|
|
#include <stdio.h>
|
2006-07-24 06:13:33 +02:00
|
|
|
#include <string.h>
|
|
|
|
|
2000-03-26 05:04:51 +02:00
|
|
|
#include "xmalloc.h"
|
|
|
|
#include "key.h"
|
2000-11-13 12:57:25 +01:00
|
|
|
#include "rsa.h"
|
2000-04-29 15:57:08 +02:00
|
|
|
#include "uuencode.h"
|
2000-11-13 12:57:25 +01:00
|
|
|
#include "buffer.h"
|
2001-01-22 06:34:40 +01:00
|
|
|
#include "log.h"
|
2000-03-26 05:04:51 +02:00
|
|
|
|
|
|
|
Key *
|
|
|
|
key_new(int type)
|
|
|
|
{
|
|
|
|
Key *k;
|
|
|
|
RSA *rsa;
|
|
|
|
DSA *dsa;
|
2006-03-26 05:19:21 +02:00
|
|
|
k = xcalloc(1, sizeof(*k));
|
2000-03-26 05:04:51 +02:00
|
|
|
k->type = type;
|
2000-04-29 15:57:08 +02:00
|
|
|
k->dsa = NULL;
|
|
|
|
k->rsa = NULL;
|
2000-03-26 05:04:51 +02:00
|
|
|
switch (k->type) {
|
2000-11-13 12:57:25 +01:00
|
|
|
case KEY_RSA1:
|
2000-03-26 05:04:51 +02:00
|
|
|
case KEY_RSA:
|
2002-01-22 13:09:22 +01:00
|
|
|
if ((rsa = RSA_new()) == NULL)
|
|
|
|
fatal("key_new: RSA_new failed");
|
|
|
|
if ((rsa->n = BN_new()) == NULL)
|
|
|
|
fatal("key_new: BN_new failed");
|
|
|
|
if ((rsa->e = BN_new()) == NULL)
|
|
|
|
fatal("key_new: BN_new failed");
|
2000-03-26 05:04:51 +02:00
|
|
|
k->rsa = rsa;
|
|
|
|
break;
|
|
|
|
case KEY_DSA:
|
2002-01-22 13:09:22 +01:00
|
|
|
if ((dsa = DSA_new()) == NULL)
|
|
|
|
fatal("key_new: DSA_new failed");
|
|
|
|
if ((dsa->p = BN_new()) == NULL)
|
|
|
|
fatal("key_new: BN_new failed");
|
|
|
|
if ((dsa->q = BN_new()) == NULL)
|
|
|
|
fatal("key_new: BN_new failed");
|
|
|
|
if ((dsa->g = BN_new()) == NULL)
|
|
|
|
fatal("key_new: BN_new failed");
|
|
|
|
if ((dsa->pub_key = BN_new()) == NULL)
|
|
|
|
fatal("key_new: BN_new failed");
|
2000-03-26 05:04:51 +02:00
|
|
|
k->dsa = dsa;
|
|
|
|
break;
|
2000-11-13 12:57:25 +01:00
|
|
|
case KEY_UNSPEC:
|
2000-03-26 05:04:51 +02:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
fatal("key_new: bad key type %d", k->type);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
return k;
|
|
|
|
}
|
2002-06-23 23:21:30 +02:00
|
|
|
|
2000-11-13 12:57:25 +01:00
|
|
|
Key *
|
|
|
|
key_new_private(int type)
|
|
|
|
{
|
|
|
|
Key *k = key_new(type);
|
|
|
|
switch (k->type) {
|
|
|
|
case KEY_RSA1:
|
|
|
|
case KEY_RSA:
|
2002-01-22 13:09:22 +01:00
|
|
|
if ((k->rsa->d = BN_new()) == NULL)
|
|
|
|
fatal("key_new_private: BN_new failed");
|
|
|
|
if ((k->rsa->iqmp = BN_new()) == NULL)
|
|
|
|
fatal("key_new_private: BN_new failed");
|
|
|
|
if ((k->rsa->q = BN_new()) == NULL)
|
|
|
|
fatal("key_new_private: BN_new failed");
|
|
|
|
if ((k->rsa->p = BN_new()) == NULL)
|
|
|
|
fatal("key_new_private: BN_new failed");
|
|
|
|
if ((k->rsa->dmq1 = BN_new()) == NULL)
|
|
|
|
fatal("key_new_private: BN_new failed");
|
|
|
|
if ((k->rsa->dmp1 = BN_new()) == NULL)
|
|
|
|
fatal("key_new_private: BN_new failed");
|
2000-11-13 12:57:25 +01:00
|
|
|
break;
|
|
|
|
case KEY_DSA:
|
2002-01-22 13:09:22 +01:00
|
|
|
if ((k->dsa->priv_key = BN_new()) == NULL)
|
|
|
|
fatal("key_new_private: BN_new failed");
|
2000-11-13 12:57:25 +01:00
|
|
|
break;
|
|
|
|
case KEY_UNSPEC:
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
return k;
|
|
|
|
}
|
2002-06-23 23:21:30 +02:00
|
|
|
|
2000-03-26 05:04:51 +02:00
|
|
|
void
|
|
|
|
key_free(Key *k)
|
|
|
|
{
|
2006-03-26 05:02:16 +02:00
|
|
|
if (k == NULL)
|
2006-03-26 05:03:03 +02:00
|
|
|
fatal("key_free: key is NULL");
|
2000-03-26 05:04:51 +02:00
|
|
|
switch (k->type) {
|
2000-11-13 12:57:25 +01:00
|
|
|
case KEY_RSA1:
|
2000-03-26 05:04:51 +02:00
|
|
|
case KEY_RSA:
|
|
|
|
if (k->rsa != NULL)
|
|
|
|
RSA_free(k->rsa);
|
|
|
|
k->rsa = NULL;
|
|
|
|
break;
|
|
|
|
case KEY_DSA:
|
|
|
|
if (k->dsa != NULL)
|
|
|
|
DSA_free(k->dsa);
|
|
|
|
k->dsa = NULL;
|
|
|
|
break;
|
2000-11-13 12:57:25 +01:00
|
|
|
case KEY_UNSPEC:
|
|
|
|
break;
|
2000-03-26 05:04:51 +02:00
|
|
|
default:
|
|
|
|
fatal("key_free: bad key type %d", k->type);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
xfree(k);
|
|
|
|
}
|
2003-11-17 11:18:23 +01:00
|
|
|
|
2000-03-26 05:04:51 +02:00
|
|
|
int
|
2003-11-17 11:18:23 +01:00
|
|
|
key_equal(const Key *a, const Key *b)
|
2000-03-26 05:04:51 +02:00
|
|
|
{
|
|
|
|
if (a == NULL || b == NULL || a->type != b->type)
|
|
|
|
return 0;
|
|
|
|
switch (a->type) {
|
2000-11-13 12:57:25 +01:00
|
|
|
case KEY_RSA1:
|
2000-03-26 05:04:51 +02:00
|
|
|
case KEY_RSA:
|
|
|
|
return a->rsa != NULL && b->rsa != NULL &&
|
|
|
|
BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
|
|
|
|
BN_cmp(a->rsa->n, b->rsa->n) == 0;
|
|
|
|
case KEY_DSA:
|
|
|
|
return a->dsa != NULL && b->dsa != NULL &&
|
|
|
|
BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
|
|
|
|
BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
|
|
|
|
BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
|
|
|
|
BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
|
|
|
|
default:
|
2000-04-29 15:57:08 +02:00
|
|
|
fatal("key_equal: bad key type %d", a->type);
|
2000-03-26 05:04:51 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2003-05-15 02:19:46 +02:00
|
|
|
u_char*
|
2003-11-17 11:18:23 +01:00
|
|
|
key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
|
|
|
|
u_int *dgst_raw_length)
|
2000-03-26 05:04:51 +02:00
|
|
|
{
|
2002-03-05 02:33:36 +01:00
|
|
|
const EVP_MD *md = NULL;
|
2001-03-12 03:59:31 +01:00
|
|
|
EVP_MD_CTX ctx;
|
2000-12-22 02:43:59 +01:00
|
|
|
u_char *blob = NULL;
|
2001-03-11 21:03:44 +01:00
|
|
|
u_char *retval = NULL;
|
2002-02-26 19:09:42 +01:00
|
|
|
u_int len = 0;
|
2000-04-29 15:57:08 +02:00
|
|
|
int nlen, elen;
|
2000-03-26 05:04:51 +02:00
|
|
|
|
2001-03-11 21:03:44 +01:00
|
|
|
*dgst_raw_length = 0;
|
|
|
|
|
2001-03-12 03:59:31 +01:00
|
|
|
switch (dgst_type) {
|
|
|
|
case SSH_FP_MD5:
|
|
|
|
md = EVP_md5();
|
|
|
|
break;
|
|
|
|
case SSH_FP_SHA1:
|
|
|
|
md = EVP_sha1();
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
fatal("key_fingerprint_raw: bad digest type %d",
|
|
|
|
dgst_type);
|
|
|
|
}
|
2000-03-26 05:04:51 +02:00
|
|
|
switch (k->type) {
|
2000-11-13 12:57:25 +01:00
|
|
|
case KEY_RSA1:
|
2000-03-26 05:04:51 +02:00
|
|
|
nlen = BN_num_bytes(k->rsa->n);
|
|
|
|
elen = BN_num_bytes(k->rsa->e);
|
|
|
|
len = nlen + elen;
|
2000-04-29 15:57:08 +02:00
|
|
|
blob = xmalloc(len);
|
|
|
|
BN_bn2bin(k->rsa->n, blob);
|
|
|
|
BN_bn2bin(k->rsa->e, blob + nlen);
|
2000-03-26 05:04:51 +02:00
|
|
|
break;
|
|
|
|
case KEY_DSA:
|
2000-11-13 12:57:25 +01:00
|
|
|
case KEY_RSA:
|
|
|
|
key_to_blob(k, &blob, &len);
|
|
|
|
break;
|
|
|
|
case KEY_UNSPEC:
|
|
|
|
return retval;
|
2000-03-26 05:04:51 +02:00
|
|
|
default:
|
2001-03-11 21:03:44 +01:00
|
|
|
fatal("key_fingerprint_raw: bad key type %d", k->type);
|
2000-03-26 05:04:51 +02:00
|
|
|
break;
|
|
|
|
}
|
2000-04-29 15:57:08 +02:00
|
|
|
if (blob != NULL) {
|
2001-03-11 21:03:44 +01:00
|
|
|
retval = xmalloc(EVP_MAX_MD_SIZE);
|
2000-06-22 13:32:31 +02:00
|
|
|
EVP_DigestInit(&ctx, md);
|
|
|
|
EVP_DigestUpdate(&ctx, blob, len);
|
2002-02-05 01:54:07 +01:00
|
|
|
EVP_DigestFinal(&ctx, retval, dgst_raw_length);
|
2000-04-29 15:57:08 +02:00
|
|
|
memset(blob, 0, len);
|
|
|
|
xfree(blob);
|
2001-03-11 21:03:44 +01:00
|
|
|
} else {
|
|
|
|
fatal("key_fingerprint_raw: blob is null");
|
2000-03-26 05:04:51 +02:00
|
|
|
}
|
|
|
|
return retval;
|
|
|
|
}
|
|
|
|
|
2002-07-04 02:14:17 +02:00
|
|
|
static char *
|
|
|
|
key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len)
|
2001-03-11 21:03:44 +01:00
|
|
|
{
|
|
|
|
char *retval;
|
2005-06-17 04:59:34 +02:00
|
|
|
u_int i;
|
2001-03-11 21:03:44 +01:00
|
|
|
|
2006-03-26 05:19:21 +02:00
|
|
|
retval = xcalloc(1, dgst_raw_len * 3 + 1);
|
2001-12-21 04:45:46 +01:00
|
|
|
for (i = 0; i < dgst_raw_len; i++) {
|
2001-03-11 21:03:44 +01:00
|
|
|
char hex[4];
|
|
|
|
snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
|
2003-07-14 09:28:34 +02:00
|
|
|
strlcat(retval, hex, dgst_raw_len * 3 + 1);
|
2001-03-11 21:03:44 +01:00
|
|
|
}
|
2003-07-14 09:28:34 +02:00
|
|
|
|
|
|
|
/* Remove the trailing ':' character */
|
2001-03-11 21:03:44 +01:00
|
|
|
retval[(dgst_raw_len * 3) - 1] = '\0';
|
|
|
|
return retval;
|
|
|
|
}
|
|
|
|
|
2002-07-04 02:14:17 +02:00
|
|
|
static char *
|
|
|
|
key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len)
|
2001-03-11 21:03:44 +01:00
|
|
|
{
|
|
|
|
char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' };
|
|
|
|
char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm',
|
|
|
|
'n', 'p', 'r', 's', 't', 'v', 'z', 'x' };
|
2001-03-11 21:06:59 +01:00
|
|
|
u_int i, j = 0, rounds, seed = 1;
|
2001-03-11 21:03:44 +01:00
|
|
|
char *retval;
|
|
|
|
|
|
|
|
rounds = (dgst_raw_len / 2) + 1;
|
2006-03-26 05:19:21 +02:00
|
|
|
retval = xcalloc((rounds * 6), sizeof(char));
|
2001-03-11 21:06:59 +01:00
|
|
|
retval[j++] = 'x';
|
|
|
|
for (i = 0; i < rounds; i++) {
|
2001-03-11 21:03:44 +01:00
|
|
|
u_int idx0, idx1, idx2, idx3, idx4;
|
2001-03-11 21:06:59 +01:00
|
|
|
if ((i + 1 < rounds) || (dgst_raw_len % 2 != 0)) {
|
|
|
|
idx0 = (((((u_int)(dgst_raw[2 * i])) >> 6) & 3) +
|
2001-03-11 21:03:44 +01:00
|
|
|
seed) % 6;
|
2001-03-11 21:06:59 +01:00
|
|
|
idx1 = (((u_int)(dgst_raw[2 * i])) >> 2) & 15;
|
|
|
|
idx2 = ((((u_int)(dgst_raw[2 * i])) & 3) +
|
2001-03-11 21:03:44 +01:00
|
|
|
(seed / 6)) % 6;
|
2001-03-11 21:06:59 +01:00
|
|
|
retval[j++] = vowels[idx0];
|
|
|
|
retval[j++] = consonants[idx1];
|
|
|
|
retval[j++] = vowels[idx2];
|
|
|
|
if ((i + 1) < rounds) {
|
|
|
|
idx3 = (((u_int)(dgst_raw[(2 * i) + 1])) >> 4) & 15;
|
|
|
|
idx4 = (((u_int)(dgst_raw[(2 * i) + 1]))) & 15;
|
|
|
|
retval[j++] = consonants[idx3];
|
|
|
|
retval[j++] = '-';
|
|
|
|
retval[j++] = consonants[idx4];
|
2001-03-11 21:03:44 +01:00
|
|
|
seed = ((seed * 5) +
|
2001-03-11 21:06:59 +01:00
|
|
|
((((u_int)(dgst_raw[2 * i])) * 7) +
|
|
|
|
((u_int)(dgst_raw[(2 * i) + 1])))) % 36;
|
2001-03-11 21:03:44 +01:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
idx0 = seed % 6;
|
|
|
|
idx1 = 16;
|
|
|
|
idx2 = seed / 6;
|
2001-03-11 21:06:59 +01:00
|
|
|
retval[j++] = vowels[idx0];
|
|
|
|
retval[j++] = consonants[idx1];
|
|
|
|
retval[j++] = vowels[idx2];
|
2001-03-11 21:03:44 +01:00
|
|
|
}
|
|
|
|
}
|
2001-03-11 21:06:59 +01:00
|
|
|
retval[j++] = 'x';
|
|
|
|
retval[j++] = '\0';
|
2001-03-11 21:03:44 +01:00
|
|
|
return retval;
|
|
|
|
}
|
|
|
|
|
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
/*
|
|
|
|
* Draw an ASCII-Art representing the fingerprint so human brain can
|
|
|
|
* profit from its built-in pattern recognition ability.
|
|
|
|
* This technique is called "random art" and can be found in some
|
|
|
|
* scientific publications like this original paper:
|
|
|
|
*
|
|
|
|
* "Hash Visualization: a New Technique to improve Real-World Security",
|
|
|
|
* Perrig A. and Song D., 1999, International Workshop on Cryptographic
|
|
|
|
* Techniques and E-Commerce (CrypTEC '99)
|
|
|
|
* sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
|
|
|
|
*
|
|
|
|
* The subject came up in a talk by Dan Kaminsky, too.
|
|
|
|
*
|
|
|
|
* If you see the picture is different, the key is different.
|
|
|
|
* If the picture looks the same, you still know nothing.
|
|
|
|
*
|
|
|
|
* The algorithm used here is a worm crawling over a discrete plane,
|
|
|
|
* leaving a trace (augmenting the field) everywhere it goes.
|
|
|
|
* Movement is taken from dgst_raw 2bit-wise. Bumping into walls
|
|
|
|
* makes the respective movement vector be ignored for this turn.
|
|
|
|
* Graphs are not unambiguous, because circles in graphs can be
|
|
|
|
* walked in either direction.
|
|
|
|
*/
|
2008-06-12 20:54:40 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Field sizes for the random art. Have to be odd, so the starting point
|
|
|
|
* can be in the exact middle of the picture, and FLDBASE should be >=8 .
|
|
|
|
* Else pictures would be too dense, and drawing the frame would
|
|
|
|
* fail, too, because the key type would not fit in anymore.
|
|
|
|
*/
|
|
|
|
#define FLDBASE 8
|
|
|
|
#define FLDSIZE_Y (FLDBASE + 1)
|
|
|
|
#define FLDSIZE_X (FLDBASE * 2 + 1)
|
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
static char *
|
2008-06-12 20:54:40 +02:00
|
|
|
key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k)
|
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Chars to be used after each other every time the worm
|
|
|
|
* intersects with itself. Matter of taste.
|
|
|
|
*/
|
2008-06-12 20:55:10 +02:00
|
|
|
char *augmentation_string = " .o+=*BOX@%&#/^SE";
|
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
char *retval, *p;
|
2008-06-12 20:43:51 +02:00
|
|
|
u_char field[FLDSIZE_X][FLDSIZE_Y];
|
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
u_int i, b;
|
|
|
|
int x, y;
|
2008-06-12 20:45:50 +02:00
|
|
|
size_t len = strlen(augmentation_string) - 1;
|
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
|
|
|
|
retval = xcalloc(1, (FLDSIZE_X + 3) * (FLDSIZE_Y + 2));
|
|
|
|
|
|
|
|
/* initialize field */
|
2008-06-12 20:43:51 +02:00
|
|
|
memset(field, 0, FLDSIZE_X * FLDSIZE_Y * sizeof(char));
|
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
x = FLDSIZE_X / 2;
|
|
|
|
y = FLDSIZE_Y / 2;
|
|
|
|
|
|
|
|
/* process raw key */
|
|
|
|
for (i = 0; i < dgst_raw_len; i++) {
|
|
|
|
int input;
|
|
|
|
/* each byte conveys four 2-bit move commands */
|
|
|
|
input = dgst_raw[i];
|
|
|
|
for (b = 0; b < 4; b++) {
|
|
|
|
/* evaluate 2 bit, rest is shifted later */
|
|
|
|
x += (input & 0x1) ? 1 : -1;
|
|
|
|
y += (input & 0x2) ? 1 : -1;
|
|
|
|
|
|
|
|
/* assure we are still in bounds */
|
|
|
|
x = MAX(x, 0);
|
|
|
|
y = MAX(y, 0);
|
|
|
|
x = MIN(x, FLDSIZE_X - 1);
|
|
|
|
y = MIN(y, FLDSIZE_Y - 1);
|
|
|
|
|
|
|
|
/* augment the field */
|
2008-06-12 20:43:51 +02:00
|
|
|
field[x][y]++;
|
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
input = input >> 2;
|
|
|
|
}
|
|
|
|
}
|
2008-06-12 20:55:10 +02:00
|
|
|
|
|
|
|
/* mark starting point and end point*/
|
|
|
|
field[FLDSIZE_X / 2][FLDSIZE_Y / 2] = len - 1;
|
|
|
|
field[x][y] = len;
|
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
|
|
|
|
/* fill in retval */
|
2008-06-12 20:54:40 +02:00
|
|
|
snprintf(retval, 10, "+--[%4s]", key_type(k));
|
|
|
|
p = strchr(retval, '\0');
|
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
|
|
|
|
/* output upper border */
|
2008-06-12 20:54:40 +02:00
|
|
|
for (i = 0; i < FLDSIZE_X - 8; i++)
|
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
*p++ = '-';
|
|
|
|
*p++ = '+';
|
|
|
|
*p++ = '\n';
|
|
|
|
|
|
|
|
/* output content */
|
|
|
|
for (y = 0; y < FLDSIZE_Y; y++) {
|
|
|
|
*p++ = '|';
|
|
|
|
for (x = 0; x < FLDSIZE_X; x++)
|
2008-06-12 20:45:50 +02:00
|
|
|
*p++ = augmentation_string[MIN(field[x][y], len)];
|
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
*p++ = '|';
|
|
|
|
*p++ = '\n';
|
|
|
|
}
|
|
|
|
|
|
|
|
/* output lower border */
|
|
|
|
*p++ = '+';
|
|
|
|
for (i = 0; i < FLDSIZE_X; i++)
|
|
|
|
*p++ = '-';
|
|
|
|
*p++ = '+';
|
|
|
|
|
|
|
|
return retval;
|
|
|
|
}
|
|
|
|
|
2002-07-04 02:14:17 +02:00
|
|
|
char *
|
2003-11-17 11:18:23 +01:00
|
|
|
key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
|
2001-03-11 21:03:44 +01:00
|
|
|
{
|
2001-04-06 01:26:32 +02:00
|
|
|
char *retval = NULL;
|
2001-03-11 21:03:44 +01:00
|
|
|
u_char *dgst_raw;
|
2002-02-05 01:54:07 +01:00
|
|
|
u_int dgst_raw_len;
|
2001-12-21 04:45:46 +01:00
|
|
|
|
2001-03-11 21:03:44 +01:00
|
|
|
dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len);
|
|
|
|
if (!dgst_raw)
|
2001-03-13 05:57:58 +01:00
|
|
|
fatal("key_fingerprint: null from key_fingerprint_raw()");
|
2001-12-06 19:00:18 +01:00
|
|
|
switch (dgst_rep) {
|
2001-03-11 21:03:44 +01:00
|
|
|
case SSH_FP_HEX:
|
|
|
|
retval = key_fingerprint_hex(dgst_raw, dgst_raw_len);
|
|
|
|
break;
|
|
|
|
case SSH_FP_BUBBLEBABBLE:
|
|
|
|
retval = key_fingerprint_bubblebabble(dgst_raw, dgst_raw_len);
|
|
|
|
break;
|
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
case SSH_FP_RANDOMART:
|
2008-06-12 20:54:40 +02:00
|
|
|
retval = key_fingerprint_randomart(dgst_raw, dgst_raw_len, k);
|
- grunk@cvs.openbsd.org 2008/06/11 21:01:35
[ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
sshconnect.c]
Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
graphical hash visualization schemes known as "random art", and by
Dan Kaminsky's musings on the subject during a BlackOp talk at the
23C3 in Berlin.
Scientific publication (original paper):
"Hash Visualization: a New Technique to improve Real-World Security",
Perrig A. and Song D., 1999, International Workshop on Cryptographic
Techniques and E-Commerce (CrypTEC '99)
http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
The algorithm used here is a worm crawling over a discrete plane,
leaving a trace (augmenting the field) everywhere it goes.
Movement is taken from dgst_raw 2bit-wise. Bumping into walls
makes the respective movement vector be ignored for this turn,
thus switching to the other color of the chessboard.
Graphs are not unambiguous for now, because circles in graphs can be
walked in either direction.
discussions with several people,
help, corrections and ok markus@ djm@
2008-06-12 20:40:35 +02:00
|
|
|
break;
|
2001-03-11 21:03:44 +01:00
|
|
|
default:
|
|
|
|
fatal("key_fingerprint_ex: bad digest representation %d",
|
|
|
|
dgst_rep);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
memset(dgst_raw, 0, dgst_raw_len);
|
|
|
|
xfree(dgst_raw);
|
|
|
|
return retval;
|
|
|
|
}
|
|
|
|
|
2000-03-26 05:04:51 +02:00
|
|
|
/*
|
|
|
|
* Reads a multiple-precision integer in decimal from the buffer, and advances
|
|
|
|
* the pointer. The integer must already be initialized. This function is
|
|
|
|
* permitted to modify the buffer. This leaves *cpp to point just beyond the
|
|
|
|
* last processed (and maybe modified) character. Note that this may modify
|
|
|
|
* the buffer containing the number.
|
|
|
|
*/
|
2001-06-25 07:01:22 +02:00
|
|
|
static int
|
2000-03-26 05:04:51 +02:00
|
|
|
read_bignum(char **cpp, BIGNUM * value)
|
|
|
|
{
|
|
|
|
char *cp = *cpp;
|
|
|
|
int old;
|
|
|
|
|
|
|
|
/* Skip any leading whitespace. */
|
|
|
|
for (; *cp == ' ' || *cp == '\t'; cp++)
|
|
|
|
;
|
|
|
|
|
|
|
|
/* Check that it begins with a decimal digit. */
|
|
|
|
if (*cp < '0' || *cp > '9')
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
/* Save starting position. */
|
|
|
|
*cpp = cp;
|
|
|
|
|
|
|
|
/* Move forward until all decimal digits skipped. */
|
|
|
|
for (; *cp >= '0' && *cp <= '9'; cp++)
|
|
|
|
;
|
|
|
|
|
|
|
|
/* Save the old terminating character, and replace it by \0. */
|
|
|
|
old = *cp;
|
|
|
|
*cp = 0;
|
|
|
|
|
|
|
|
/* Parse the number. */
|
|
|
|
if (BN_dec2bn(&value, *cpp) == 0)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
/* Restore old terminating character. */
|
|
|
|
*cp = old;
|
|
|
|
|
|
|
|
/* Move beyond the number and return success. */
|
|
|
|
*cpp = cp;
|
|
|
|
return 1;
|
|
|
|
}
|
2002-06-23 23:21:30 +02:00
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static int
|
2000-03-26 05:04:51 +02:00
|
|
|
write_bignum(FILE *f, BIGNUM *num)
|
|
|
|
{
|
|
|
|
char *buf = BN_bn2dec(num);
|
|
|
|
if (buf == NULL) {
|
|
|
|
error("write_bignum: BN_bn2dec() failed");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
fprintf(f, " %s", buf);
|
2001-10-10 07:00:49 +02:00
|
|
|
OPENSSL_free(buf);
|
2000-03-26 05:04:51 +02:00
|
|
|
return 1;
|
|
|
|
}
|
2000-11-13 12:57:25 +01:00
|
|
|
|
2001-09-20 02:55:53 +02:00
|
|
|
/* returns 1 ok, -1 error */
|
2000-11-13 12:57:25 +01:00
|
|
|
int
|
2000-04-29 15:57:08 +02:00
|
|
|
key_read(Key *ret, char **cpp)
|
2000-03-26 05:04:51 +02:00
|
|
|
{
|
2000-04-29 15:57:08 +02:00
|
|
|
Key *k;
|
2000-11-13 12:57:25 +01:00
|
|
|
int success = -1;
|
|
|
|
char *cp, *space;
|
|
|
|
int len, n, type;
|
|
|
|
u_int bits;
|
2000-12-22 02:43:59 +01:00
|
|
|
u_char *blob;
|
2000-04-29 15:57:08 +02:00
|
|
|
|
|
|
|
cp = *cpp;
|
|
|
|
|
2001-12-06 19:00:18 +01:00
|
|
|
switch (ret->type) {
|
2000-11-13 12:57:25 +01:00
|
|
|
case KEY_RSA1:
|
2000-04-29 15:57:08 +02:00
|
|
|
/* Get number of bits. */
|
|
|
|
if (*cp < '0' || *cp > '9')
|
2000-11-13 12:57:25 +01:00
|
|
|
return -1; /* Bad bit count... */
|
2000-04-29 15:57:08 +02:00
|
|
|
for (bits = 0; *cp >= '0' && *cp <= '9'; cp++)
|
|
|
|
bits = 10 * bits + *cp - '0';
|
2000-03-26 05:04:51 +02:00
|
|
|
if (bits == 0)
|
2000-11-13 12:57:25 +01:00
|
|
|
return -1;
|
2000-04-29 15:57:08 +02:00
|
|
|
*cpp = cp;
|
2000-03-26 05:04:51 +02:00
|
|
|
/* Get public exponent, public modulus. */
|
|
|
|
if (!read_bignum(cpp, ret->rsa->e))
|
2000-11-13 12:57:25 +01:00
|
|
|
return -1;
|
2000-03-26 05:04:51 +02:00
|
|
|
if (!read_bignum(cpp, ret->rsa->n))
|
2000-11-13 12:57:25 +01:00
|
|
|
return -1;
|
|
|
|
success = 1;
|
2000-03-26 05:04:51 +02:00
|
|
|
break;
|
2000-11-13 12:57:25 +01:00
|
|
|
case KEY_UNSPEC:
|
|
|
|
case KEY_RSA:
|
2000-03-26 05:04:51 +02:00
|
|
|
case KEY_DSA:
|
2000-11-13 12:57:25 +01:00
|
|
|
space = strchr(cp, ' ');
|
|
|
|
if (space == NULL) {
|
2003-02-24 01:54:57 +01:00
|
|
|
debug3("key_read: missing whitespace");
|
2000-11-13 12:57:25 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
*space = '\0';
|
|
|
|
type = key_type_from_name(cp);
|
|
|
|
*space = ' ';
|
|
|
|
if (type == KEY_UNSPEC) {
|
2003-02-24 01:54:57 +01:00
|
|
|
debug3("key_read: missing keytype");
|
2000-11-13 12:57:25 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
cp = space+1;
|
|
|
|
if (*cp == '\0') {
|
|
|
|
debug3("key_read: short string");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (ret->type == KEY_UNSPEC) {
|
|
|
|
ret->type = type;
|
|
|
|
} else if (ret->type != type) {
|
|
|
|
/* is a key, but different type */
|
|
|
|
debug3("key_read: type mismatch");
|
2001-09-20 02:55:53 +02:00
|
|
|
return -1;
|
2000-11-13 12:57:25 +01:00
|
|
|
}
|
2000-04-29 15:57:08 +02:00
|
|
|
len = 2*strlen(cp);
|
|
|
|
blob = xmalloc(len);
|
|
|
|
n = uudecode(cp, blob, len);
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 04:03:14 +02:00
|
|
|
if (n < 0) {
|
2000-05-30 05:44:51 +02:00
|
|
|
error("key_read: uudecode %s failed", cp);
|
2001-12-06 17:41:41 +01:00
|
|
|
xfree(blob);
|
2000-11-13 12:57:25 +01:00
|
|
|
return -1;
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 04:03:14 +02:00
|
|
|
}
|
2003-06-28 04:38:01 +02:00
|
|
|
k = key_from_blob(blob, (u_int)n);
|
2001-12-06 17:41:41 +01:00
|
|
|
xfree(blob);
|
2000-05-30 05:44:51 +02:00
|
|
|
if (k == NULL) {
|
2000-11-13 12:57:25 +01:00
|
|
|
error("key_read: key_from_blob %s failed", cp);
|
|
|
|
return -1;
|
2000-05-30 05:44:51 +02:00
|
|
|
}
|
2000-11-13 12:57:25 +01:00
|
|
|
if (k->type != type) {
|
|
|
|
error("key_read: type mismatch: encoding error");
|
|
|
|
key_free(k);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
/*XXXX*/
|
|
|
|
if (ret->type == KEY_RSA) {
|
|
|
|
if (ret->rsa != NULL)
|
|
|
|
RSA_free(ret->rsa);
|
|
|
|
ret->rsa = k->rsa;
|
|
|
|
k->rsa = NULL;
|
|
|
|
success = 1;
|
|
|
|
#ifdef DEBUG_PK
|
|
|
|
RSA_print_fp(stderr, ret->rsa, 8);
|
|
|
|
#endif
|
|
|
|
} else {
|
|
|
|
if (ret->dsa != NULL)
|
|
|
|
DSA_free(ret->dsa);
|
|
|
|
ret->dsa = k->dsa;
|
|
|
|
k->dsa = NULL;
|
|
|
|
success = 1;
|
|
|
|
#ifdef DEBUG_PK
|
|
|
|
DSA_print_fp(stderr, ret->dsa, 8);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
/*XXXX*/
|
2001-12-06 17:41:41 +01:00
|
|
|
key_free(k);
|
2000-11-13 12:57:25 +01:00
|
|
|
if (success != 1)
|
|
|
|
break;
|
2000-05-30 05:44:51 +02:00
|
|
|
/* advance cp: skip whitespace and data */
|
|
|
|
while (*cp == ' ' || *cp == '\t')
|
|
|
|
cp++;
|
|
|
|
while (*cp != '\0' && *cp != ' ' && *cp != '\t')
|
|
|
|
cp++;
|
|
|
|
*cpp = cp;
|
2000-03-26 05:04:51 +02:00
|
|
|
break;
|
|
|
|
default:
|
2000-04-29 15:57:08 +02:00
|
|
|
fatal("key_read: bad key type: %d", ret->type);
|
2000-03-26 05:04:51 +02:00
|
|
|
break;
|
|
|
|
}
|
2000-11-13 12:57:25 +01:00
|
|
|
return success;
|
2000-03-26 05:04:51 +02:00
|
|
|
}
|
2002-06-23 23:21:30 +02:00
|
|
|
|
2000-03-26 05:04:51 +02:00
|
|
|
int
|
2003-11-17 11:18:23 +01:00
|
|
|
key_write(const Key *key, FILE *f)
|
2000-03-26 05:04:51 +02:00
|
|
|
{
|
2002-02-26 19:09:42 +01:00
|
|
|
int n, success = 0;
|
|
|
|
u_int len, bits = 0;
|
2002-09-12 01:49:15 +02:00
|
|
|
u_char *blob;
|
|
|
|
char *uu;
|
2000-03-26 05:04:51 +02:00
|
|
|
|
2000-11-13 12:57:25 +01:00
|
|
|
if (key->type == KEY_RSA1 && key->rsa != NULL) {
|
2000-03-26 05:04:51 +02:00
|
|
|
/* size of modulus 'n' */
|
|
|
|
bits = BN_num_bits(key->rsa->n);
|
|
|
|
fprintf(f, "%u", bits);
|
|
|
|
if (write_bignum(f, key->rsa->e) &&
|
|
|
|
write_bignum(f, key->rsa->n)) {
|
|
|
|
success = 1;
|
|
|
|
} else {
|
|
|
|
error("key_write: failed for RSA key");
|
|
|
|
}
|
2000-11-13 12:57:25 +01:00
|
|
|
} else if ((key->type == KEY_DSA && key->dsa != NULL) ||
|
|
|
|
(key->type == KEY_RSA && key->rsa != NULL)) {
|
|
|
|
key_to_blob(key, &blob, &len);
|
2000-04-29 15:57:08 +02:00
|
|
|
uu = xmalloc(2*len);
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 04:03:14 +02:00
|
|
|
n = uuencode(blob, len, uu, 2*len);
|
|
|
|
if (n > 0) {
|
2000-11-13 12:57:25 +01:00
|
|
|
fprintf(f, "%s %s", key_ssh_name(key), uu);
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 04:03:14 +02:00
|
|
|
success = 1;
|
|
|
|
}
|
2000-04-29 15:57:08 +02:00
|
|
|
xfree(blob);
|
|
|
|
xfree(uu);
|
2000-03-26 05:04:51 +02:00
|
|
|
}
|
|
|
|
return success;
|
|
|
|
}
|
2002-06-23 23:21:30 +02:00
|
|
|
|
2003-11-17 11:18:23 +01:00
|
|
|
const char *
|
|
|
|
key_type(const Key *k)
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 04:03:14 +02:00
|
|
|
{
|
|
|
|
switch (k->type) {
|
2000-11-13 12:57:25 +01:00
|
|
|
case KEY_RSA1:
|
|
|
|
return "RSA1";
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 04:03:14 +02:00
|
|
|
case KEY_RSA:
|
|
|
|
return "RSA";
|
|
|
|
case KEY_DSA:
|
|
|
|
return "DSA";
|
|
|
|
}
|
|
|
|
return "unknown";
|
|
|
|
}
|
2002-06-23 23:21:30 +02:00
|
|
|
|
2003-11-17 11:18:23 +01:00
|
|
|
const char *
|
|
|
|
key_ssh_name(const Key *k)
|
2000-11-13 12:57:25 +01:00
|
|
|
{
|
|
|
|
switch (k->type) {
|
|
|
|
case KEY_RSA:
|
|
|
|
return "ssh-rsa";
|
|
|
|
case KEY_DSA:
|
|
|
|
return "ssh-dss";
|
|
|
|
}
|
|
|
|
return "ssh-unknown";
|
|
|
|
}
|
2002-06-23 23:21:30 +02:00
|
|
|
|
2000-11-13 12:57:25 +01:00
|
|
|
u_int
|
2003-11-17 11:18:23 +01:00
|
|
|
key_size(const Key *k)
|
2001-12-06 19:00:18 +01:00
|
|
|
{
|
2000-08-23 02:46:23 +02:00
|
|
|
switch (k->type) {
|
2000-11-13 12:57:25 +01:00
|
|
|
case KEY_RSA1:
|
2000-08-23 02:46:23 +02:00
|
|
|
case KEY_RSA:
|
|
|
|
return BN_num_bits(k->rsa->n);
|
|
|
|
case KEY_DSA:
|
|
|
|
return BN_num_bits(k->dsa->p);
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
2000-11-13 12:57:25 +01:00
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static RSA *
|
2000-12-22 02:43:59 +01:00
|
|
|
rsa_generate_private_key(u_int bits)
|
2000-11-13 12:57:25 +01:00
|
|
|
{
|
2001-02-05 13:42:17 +01:00
|
|
|
RSA *private;
|
2006-03-26 05:02:35 +02:00
|
|
|
|
2001-02-05 13:42:17 +01:00
|
|
|
private = RSA_generate_key(bits, 35, NULL, NULL);
|
|
|
|
if (private == NULL)
|
|
|
|
fatal("rsa_generate_private_key: key generation failed.");
|
|
|
|
return private;
|
2000-11-13 12:57:25 +01:00
|
|
|
}
|
|
|
|
|
2001-06-25 07:01:22 +02:00
|
|
|
static DSA*
|
2000-12-22 02:43:59 +01:00
|
|
|
dsa_generate_private_key(u_int bits)
|
2000-11-13 12:57:25 +01:00
|
|
|
{
|
|
|
|
DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
|
2006-03-26 05:02:35 +02:00
|
|
|
|
2000-11-13 12:57:25 +01:00
|
|
|
if (private == NULL)
|
|
|
|
fatal("dsa_generate_private_key: DSA_generate_parameters failed");
|
|
|
|
if (!DSA_generate_key(private))
|
2001-02-05 13:42:17 +01:00
|
|
|
fatal("dsa_generate_private_key: DSA_generate_key failed.");
|
|
|
|
if (private == NULL)
|
|
|
|
fatal("dsa_generate_private_key: NULL.");
|
2000-11-13 12:57:25 +01:00
|
|
|
return private;
|
|
|
|
}
|
|
|
|
|
|
|
|
Key *
|
2000-12-22 02:43:59 +01:00
|
|
|
key_generate(int type, u_int bits)
|
2000-11-13 12:57:25 +01:00
|
|
|
{
|
|
|
|
Key *k = key_new(KEY_UNSPEC);
|
|
|
|
switch (type) {
|
2001-02-05 13:42:17 +01:00
|
|
|
case KEY_DSA:
|
2000-11-13 12:57:25 +01:00
|
|
|
k->dsa = dsa_generate_private_key(bits);
|
|
|
|
break;
|
|
|
|
case KEY_RSA:
|
|
|
|
case KEY_RSA1:
|
|
|
|
k->rsa = rsa_generate_private_key(bits);
|
|
|
|
break;
|
|
|
|
default:
|
2001-02-05 13:42:17 +01:00
|
|
|
fatal("key_generate: unknown type %d", type);
|
2000-11-13 12:57:25 +01:00
|
|
|
}
|
2001-02-05 13:42:17 +01:00
|
|
|
k->type = type;
|
2000-11-13 12:57:25 +01:00
|
|
|
return k;
|
|
|
|
}
|
|
|
|
|
|
|
|
Key *
|
2003-11-17 11:18:23 +01:00
|
|
|
key_from_private(const Key *k)
|
2000-11-13 12:57:25 +01:00
|
|
|
{
|
|
|
|
Key *n = NULL;
|
|
|
|
switch (k->type) {
|
2001-02-05 13:42:17 +01:00
|
|
|
case KEY_DSA:
|
2000-11-13 12:57:25 +01:00
|
|
|
n = key_new(k->type);
|
2006-11-07 13:14:41 +01:00
|
|
|
if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) ||
|
|
|
|
(BN_copy(n->dsa->q, k->dsa->q) == NULL) ||
|
|
|
|
(BN_copy(n->dsa->g, k->dsa->g) == NULL) ||
|
|
|
|
(BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL))
|
|
|
|
fatal("key_from_private: BN_copy failed");
|
2000-11-13 12:57:25 +01:00
|
|
|
break;
|
|
|
|
case KEY_RSA:
|
|
|
|
case KEY_RSA1:
|
|
|
|
n = key_new(k->type);
|
2006-11-07 13:14:41 +01:00
|
|
|
if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
|
|
|
|
(BN_copy(n->rsa->e, k->rsa->e) == NULL))
|
|
|
|
fatal("key_from_private: BN_copy failed");
|
2000-11-13 12:57:25 +01:00
|
|
|
break;
|
|
|
|
default:
|
2001-02-05 13:42:17 +01:00
|
|
|
fatal("key_from_private: unknown type %d", k->type);
|
2000-11-13 12:57:25 +01:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
return n;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
key_type_from_name(char *name)
|
|
|
|
{
|
2001-12-06 19:00:18 +01:00
|
|
|
if (strcmp(name, "rsa1") == 0) {
|
2000-11-13 12:57:25 +01:00
|
|
|
return KEY_RSA1;
|
2001-12-06 19:00:18 +01:00
|
|
|
} else if (strcmp(name, "rsa") == 0) {
|
2000-11-13 12:57:25 +01:00
|
|
|
return KEY_RSA;
|
2001-12-06 19:00:18 +01:00
|
|
|
} else if (strcmp(name, "dsa") == 0) {
|
2000-11-13 12:57:25 +01:00
|
|
|
return KEY_DSA;
|
2001-12-06 19:00:18 +01:00
|
|
|
} else if (strcmp(name, "ssh-rsa") == 0) {
|
2000-11-13 12:57:25 +01:00
|
|
|
return KEY_RSA;
|
2001-12-06 19:00:18 +01:00
|
|
|
} else if (strcmp(name, "ssh-dss") == 0) {
|
2000-11-13 12:57:25 +01:00
|
|
|
return KEY_DSA;
|
|
|
|
}
|
2001-03-11 21:01:55 +01:00
|
|
|
debug2("key_type_from_name: unknown key type '%s'", name);
|
2000-11-13 12:57:25 +01:00
|
|
|
return KEY_UNSPEC;
|
|
|
|
}
|
|
|
|
|
2001-04-17 20:11:36 +02:00
|
|
|
int
|
|
|
|
key_names_valid2(const char *names)
|
|
|
|
{
|
|
|
|
char *s, *cp, *p;
|
|
|
|
|
|
|
|
if (names == NULL || strcmp(names, "") == 0)
|
|
|
|
return 0;
|
|
|
|
s = cp = xstrdup(names);
|
|
|
|
for ((p = strsep(&cp, ",")); p && *p != '\0';
|
2001-12-21 04:45:46 +01:00
|
|
|
(p = strsep(&cp, ","))) {
|
2001-04-17 20:11:36 +02:00
|
|
|
switch (key_type_from_name(p)) {
|
|
|
|
case KEY_RSA1:
|
|
|
|
case KEY_UNSPEC:
|
|
|
|
xfree(s);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
debug3("key names ok: [%s]", names);
|
|
|
|
xfree(s);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2000-11-13 12:57:25 +01:00
|
|
|
Key *
|
2003-11-17 11:18:23 +01:00
|
|
|
key_from_blob(const u_char *blob, u_int blen)
|
2000-11-13 12:57:25 +01:00
|
|
|
{
|
|
|
|
Buffer b;
|
|
|
|
int rlen, type;
|
2004-11-05 10:42:28 +01:00
|
|
|
char *ktype = NULL;
|
2000-11-13 12:57:25 +01:00
|
|
|
Key *key = NULL;
|
|
|
|
|
|
|
|
#ifdef DEBUG_PK
|
|
|
|
dump_base64(stderr, blob, blen);
|
|
|
|
#endif
|
|
|
|
buffer_init(&b);
|
|
|
|
buffer_append(&b, blob, blen);
|
2004-11-05 10:42:28 +01:00
|
|
|
if ((ktype = buffer_get_string_ret(&b, NULL)) == NULL) {
|
|
|
|
error("key_from_blob: can't read key type");
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2000-11-13 12:57:25 +01:00
|
|
|
type = key_type_from_name(ktype);
|
|
|
|
|
2001-12-06 19:00:18 +01:00
|
|
|
switch (type) {
|
2000-11-13 12:57:25 +01:00
|
|
|
case KEY_RSA:
|
|
|
|
key = key_new(type);
|
2004-11-05 10:42:28 +01:00
|
|
|
if (buffer_get_bignum2_ret(&b, key->rsa->e) == -1 ||
|
|
|
|
buffer_get_bignum2_ret(&b, key->rsa->n) == -1) {
|
|
|
|
error("key_from_blob: can't read rsa key");
|
|
|
|
key_free(key);
|
|
|
|
key = NULL;
|
|
|
|
goto out;
|
|
|
|
}
|
2000-11-13 12:57:25 +01:00
|
|
|
#ifdef DEBUG_PK
|
|
|
|
RSA_print_fp(stderr, key->rsa, 8);
|
|
|
|
#endif
|
|
|
|
break;
|
|
|
|
case KEY_DSA:
|
|
|
|
key = key_new(type);
|
2004-11-05 10:42:28 +01:00
|
|
|
if (buffer_get_bignum2_ret(&b, key->dsa->p) == -1 ||
|
|
|
|
buffer_get_bignum2_ret(&b, key->dsa->q) == -1 ||
|
|
|
|
buffer_get_bignum2_ret(&b, key->dsa->g) == -1 ||
|
|
|
|
buffer_get_bignum2_ret(&b, key->dsa->pub_key) == -1) {
|
|
|
|
error("key_from_blob: can't read dsa key");
|
|
|
|
key_free(key);
|
|
|
|
key = NULL;
|
|
|
|
goto out;
|
|
|
|
}
|
2000-11-13 12:57:25 +01:00
|
|
|
#ifdef DEBUG_PK
|
|
|
|
DSA_print_fp(stderr, key->dsa, 8);
|
|
|
|
#endif
|
|
|
|
break;
|
|
|
|
case KEY_UNSPEC:
|
|
|
|
key = key_new(type);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
error("key_from_blob: cannot handle type %s", ktype);
|
2004-11-05 10:42:28 +01:00
|
|
|
goto out;
|
2000-11-13 12:57:25 +01:00
|
|
|
}
|
|
|
|
rlen = buffer_len(&b);
|
|
|
|
if (key != NULL && rlen != 0)
|
|
|
|
error("key_from_blob: remaining bytes in key blob %d", rlen);
|
2004-11-05 10:42:28 +01:00
|
|
|
out:
|
|
|
|
if (ktype != NULL)
|
|
|
|
xfree(ktype);
|
2000-11-13 12:57:25 +01:00
|
|
|
buffer_free(&b);
|
|
|
|
return key;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2003-11-17 11:18:23 +01:00
|
|
|
key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
|
2000-11-13 12:57:25 +01:00
|
|
|
{
|
|
|
|
Buffer b;
|
|
|
|
int len;
|
|
|
|
|
|
|
|
if (key == NULL) {
|
|
|
|
error("key_to_blob: key == NULL");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
buffer_init(&b);
|
2001-12-06 19:00:18 +01:00
|
|
|
switch (key->type) {
|
2000-11-13 12:57:25 +01:00
|
|
|
case KEY_DSA:
|
|
|
|
buffer_put_cstring(&b, key_ssh_name(key));
|
|
|
|
buffer_put_bignum2(&b, key->dsa->p);
|
|
|
|
buffer_put_bignum2(&b, key->dsa->q);
|
|
|
|
buffer_put_bignum2(&b, key->dsa->g);
|
|
|
|
buffer_put_bignum2(&b, key->dsa->pub_key);
|
|
|
|
break;
|
|
|
|
case KEY_RSA:
|
|
|
|
buffer_put_cstring(&b, key_ssh_name(key));
|
|
|
|
buffer_put_bignum2(&b, key->rsa->e);
|
2001-01-18 03:04:35 +01:00
|
|
|
buffer_put_bignum2(&b, key->rsa->n);
|
2000-11-13 12:57:25 +01:00
|
|
|
break;
|
|
|
|
default:
|
2001-09-18 07:49:14 +02:00
|
|
|
error("key_to_blob: unsupported key type %d", key->type);
|
|
|
|
buffer_free(&b);
|
|
|
|
return 0;
|
2000-11-13 12:57:25 +01:00
|
|
|
}
|
|
|
|
len = buffer_len(&b);
|
|
|
|
if (lenp != NULL)
|
|
|
|
*lenp = len;
|
2002-07-08 00:13:31 +02:00
|
|
|
if (blobp != NULL) {
|
|
|
|
*blobp = xmalloc(len);
|
|
|
|
memcpy(*blobp, buffer_ptr(&b), len);
|
|
|
|
}
|
|
|
|
memset(buffer_ptr(&b), 0, len);
|
|
|
|
buffer_free(&b);
|
2000-11-13 12:57:25 +01:00
|
|
|
return len;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
key_sign(
|
2003-11-17 11:18:23 +01:00
|
|
|
const Key *key,
|
2002-02-26 19:09:42 +01:00
|
|
|
u_char **sigp, u_int *lenp,
|
2003-11-17 11:18:23 +01:00
|
|
|
const u_char *data, u_int datalen)
|
2000-11-13 12:57:25 +01:00
|
|
|
{
|
2001-12-06 19:00:18 +01:00
|
|
|
switch (key->type) {
|
2000-11-13 12:57:25 +01:00
|
|
|
case KEY_DSA:
|
|
|
|
return ssh_dss_sign(key, sigp, lenp, data, datalen);
|
|
|
|
case KEY_RSA:
|
|
|
|
return ssh_rsa_sign(key, sigp, lenp, data, datalen);
|
|
|
|
default:
|
2004-08-12 14:40:24 +02:00
|
|
|
error("key_sign: invalid key type %d", key->type);
|
2000-11-13 12:57:25 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2002-06-06 22:54:07 +02:00
|
|
|
/*
|
|
|
|
* key_verify returns 1 for a correct signature, 0 for an incorrect signature
|
|
|
|
* and -1 on error.
|
|
|
|
*/
|
2000-11-13 12:57:25 +01:00
|
|
|
int
|
|
|
|
key_verify(
|
2003-11-17 11:18:23 +01:00
|
|
|
const Key *key,
|
|
|
|
const u_char *signature, u_int signaturelen,
|
|
|
|
const u_char *data, u_int datalen)
|
2000-11-13 12:57:25 +01:00
|
|
|
{
|
2001-06-25 06:42:20 +02:00
|
|
|
if (signaturelen == 0)
|
|
|
|
return -1;
|
|
|
|
|
2001-12-06 19:00:18 +01:00
|
|
|
switch (key->type) {
|
2000-11-13 12:57:25 +01:00
|
|
|
case KEY_DSA:
|
|
|
|
return ssh_dss_verify(key, signature, signaturelen, data, datalen);
|
|
|
|
case KEY_RSA:
|
|
|
|
return ssh_rsa_verify(key, signature, signaturelen, data, datalen);
|
|
|
|
default:
|
2004-08-12 14:40:24 +02:00
|
|
|
error("key_verify: invalid key type %d", key->type);
|
2000-11-13 12:57:25 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
2002-03-22 02:45:53 +01:00
|
|
|
|
|
|
|
/* Converts a private to a public key */
|
|
|
|
Key *
|
2003-11-17 11:18:23 +01:00
|
|
|
key_demote(const Key *k)
|
2002-03-22 02:45:53 +01:00
|
|
|
{
|
|
|
|
Key *pk;
|
2002-03-22 03:54:23 +01:00
|
|
|
|
2006-03-26 05:19:21 +02:00
|
|
|
pk = xcalloc(1, sizeof(*pk));
|
2002-03-22 02:45:53 +01:00
|
|
|
pk->type = k->type;
|
|
|
|
pk->flags = k->flags;
|
|
|
|
pk->dsa = NULL;
|
|
|
|
pk->rsa = NULL;
|
|
|
|
|
|
|
|
switch (k->type) {
|
|
|
|
case KEY_RSA1:
|
|
|
|
case KEY_RSA:
|
|
|
|
if ((pk->rsa = RSA_new()) == NULL)
|
|
|
|
fatal("key_demote: RSA_new failed");
|
|
|
|
if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL)
|
|
|
|
fatal("key_demote: BN_dup failed");
|
|
|
|
if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL)
|
|
|
|
fatal("key_demote: BN_dup failed");
|
|
|
|
break;
|
|
|
|
case KEY_DSA:
|
|
|
|
if ((pk->dsa = DSA_new()) == NULL)
|
|
|
|
fatal("key_demote: DSA_new failed");
|
|
|
|
if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL)
|
|
|
|
fatal("key_demote: BN_dup failed");
|
|
|
|
if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL)
|
|
|
|
fatal("key_demote: BN_dup failed");
|
|
|
|
if ((pk->dsa->g = BN_dup(k->dsa->g)) == NULL)
|
|
|
|
fatal("key_demote: BN_dup failed");
|
|
|
|
if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL)
|
|
|
|
fatal("key_demote: BN_dup failed");
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
fatal("key_free: bad key type %d", k->type);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return (pk);
|
|
|
|
}
|