diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2001-03-26 23:23:25 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2001-03-26 23:23:25 +0000 |
commit | b02cfdb4d486c8235ef9170295922555ebdc50b6 (patch) | |
tree | dc0d0b9fb8546907c451f9295a2582749ed0a711 /usr.bin | |
parent | 80fc4e2f1398e92c610189f0dcc887d91869c474 (diff) |
try to read private f-secure ssh v2 rsa keys.
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/ssh/rsa.c | 22 | ||||
-rw-r--r-- | usr.bin/ssh/rsa.h | 4 | ||||
-rw-r--r-- | usr.bin/ssh/ssh-agent.c | 25 | ||||
-rw-r--r-- | usr.bin/ssh/ssh-keygen.c | 71 |
4 files changed, 81 insertions, 41 deletions
diff --git a/usr.bin/ssh/rsa.c b/usr.bin/ssh/rsa.c index 62655314952..f69f99606bb 100644 --- a/usr.bin/ssh/rsa.c +++ b/usr.bin/ssh/rsa.c @@ -60,7 +60,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: rsa.c,v 1.21 2001/02/04 15:32:24 stevesk Exp $"); +RCSID("$OpenBSD: rsa.c,v 1.22 2001/03/26 23:23:23 markus Exp $"); #include "rsa.h" #include "log.h" @@ -119,3 +119,23 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) xfree(inbuf); return len; } + +void +generate_additional_parameters(RSA *rsa) +{ + BIGNUM *aux; + BN_CTX *ctx; + /* Generate additional parameters */ + aux = BN_new(); + ctx = BN_CTX_new(); + + BN_sub(aux, rsa->q, BN_value_one()); + BN_mod(rsa->dmq1, rsa->d, aux, ctx); + + BN_sub(aux, rsa->p, BN_value_one()); + BN_mod(rsa->dmp1, rsa->d, aux, ctx); + + BN_clear_free(aux); + BN_CTX_free(ctx); +} + diff --git a/usr.bin/ssh/rsa.h b/usr.bin/ssh/rsa.h index 713d3128191..d3d2c996427 100644 --- a/usr.bin/ssh/rsa.h +++ b/usr.bin/ssh/rsa.h @@ -11,7 +11,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* RCSID("$OpenBSD: rsa.h,v 1.10 2001/01/29 19:47:30 markus Exp $"); */ +/* RCSID("$OpenBSD: rsa.h,v 1.11 2001/03/26 23:23:24 markus Exp $"); */ #ifndef RSA_H #define RSA_H @@ -22,4 +22,6 @@ void rsa_public_encrypt __P((BIGNUM * out, BIGNUM * in, RSA * prv)); int rsa_private_decrypt __P((BIGNUM * out, BIGNUM * in, RSA * prv)); +void generate_additional_parameters __P((RSA *rsa)); + #endif /* RSA_H */ diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index 23ca3200b55..92edcb407b1 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.52 2001/03/06 00:33:04 deraadt Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.53 2001/03/26 23:23:24 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.52 2001/03/06 00:33:04 deraadt Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.53 2001/03/26 23:23:24 markus Exp $"); #include <openssl/evp.h> #include <openssl/md5.h> @@ -357,25 +357,6 @@ process_remove_all_identities(SocketEntry *e, int version) } void -generate_additional_parameters(RSA *rsa) -{ - BIGNUM *aux; - BN_CTX *ctx; - /* Generate additional parameters */ - aux = BN_new(); - ctx = BN_CTX_new(); - - BN_sub(aux, rsa->q, BN_value_one()); - BN_mod(rsa->dmq1, rsa->d, aux, ctx); - - BN_sub(aux, rsa->p, BN_value_one()); - BN_mod(rsa->dmp1, rsa->d, aux, ctx); - - BN_clear_free(aux); - BN_CTX_free(ctx); -} - -void process_add_identity(SocketEntry *e, int version) { Key *k = NULL; @@ -732,6 +713,8 @@ main(int ac, char **av) extern int optind; fd_set *readsetp = NULL, *writesetp = NULL; + SSLeay_add_all_algorithms(); + while ((ch = getopt(ac, av, "cks")) != -1) { switch (ch) { case 'c': diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 51108bc6a53..94d1f0a5b90 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -12,13 +12,14 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.52 2001/03/26 08:07:09 markus Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.53 2001/03/26 23:23:24 markus Exp $"); #include <openssl/evp.h> #include <openssl/pem.h> #include "xmalloc.h" #include "key.h" +#include "rsa.h" #include "authfile.h" #include "uuencode.h" #include "buffer.h" @@ -165,8 +166,10 @@ buffer_get_bignum_bits(Buffer *b, BIGNUM *value) { int bits = buffer_get_int(b); int bytes = (bits + 7) / 8; + if (buffer_len(b) < bytes) - fatal("buffer_get_bignum_bits: input buffer too small"); + fatal("buffer_get_bignum_bits: input buffer too small: " + "need %d have %d", bytes, buffer_len(b)); BN_bin2bn((u_char *)buffer_ptr(b), bytes, value); buffer_consume(b, bytes); } @@ -175,9 +178,8 @@ Key * do_convert_private_ssh2_from_blob(char *blob, int blen) { Buffer b; - DSA *dsa; Key *key = NULL; - int ignore, magic, rlen; + int ignore, magic, rlen, ktype; char *type, *cipher; buffer_init(&b); @@ -195,33 +197,64 @@ do_convert_private_ssh2_from_blob(char *blob, int blen) ignore = buffer_get_int(&b); ignore = buffer_get_int(&b); ignore = buffer_get_int(&b); - xfree(type); if (strcmp(cipher, "none") != 0) { error("unsupported cipher %s", cipher); xfree(cipher); buffer_free(&b); + xfree(type); return NULL; } xfree(cipher); - key = key_new(KEY_DSA); - dsa = key->dsa; - dsa->priv_key = BN_new(); - if (dsa->priv_key == NULL) { - error("alloc priv_key failed"); - key_free(key); + if (strstr(type, "dsa")) { + ktype = KEY_DSA; + } else if (strstr(type, "rsa")) { + ktype = KEY_RSA; + } else { + xfree(type); return NULL; } - buffer_get_bignum_bits(&b, dsa->p); - buffer_get_bignum_bits(&b, dsa->g); - buffer_get_bignum_bits(&b, dsa->q); - buffer_get_bignum_bits(&b, dsa->pub_key); - buffer_get_bignum_bits(&b, dsa->priv_key); + key = key_new_private(ktype); + xfree(type); + + switch (key->type) { + case KEY_DSA: + buffer_get_bignum_bits(&b, key->dsa->p); + buffer_get_bignum_bits(&b, key->dsa->g); + buffer_get_bignum_bits(&b, key->dsa->q); + buffer_get_bignum_bits(&b, key->dsa->pub_key); + buffer_get_bignum_bits(&b, key->dsa->priv_key); + break; + case KEY_RSA: + if (!BN_set_word(key->rsa->e, (u_long) buffer_get_char(&b))) { + buffer_free(&b); + key_free(key); + return NULL; + } + buffer_get_bignum_bits(&b, key->rsa->d); + buffer_get_bignum_bits(&b, key->rsa->n); + buffer_get_bignum_bits(&b, key->rsa->iqmp); + buffer_get_bignum_bits(&b, key->rsa->q); + buffer_get_bignum_bits(&b, key->rsa->p); + generate_additional_parameters(key->rsa); + break; + } rlen = buffer_len(&b); if(rlen != 0) - error("do_convert_private_ssh2_from_blob: remaining bytes in key blob %d", rlen); + error("do_convert_private_ssh2_from_blob: " + "remaining bytes in key blob %d", rlen); buffer_free(&b); +#ifdef DEBUG_PK + { + u_int slen; + u_char *sig, data[10] = "abcde12345"; + + key_sign(key, &sig, &slen, data, sizeof data); + key_verify(key, sig, slen, data, sizeof data); + free(sig); + } +#endif return key; } @@ -284,7 +317,9 @@ do_convert_from_ssh2(struct passwd *pw) exit(1); } ok = private ? - PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, NULL, 0, NULL, NULL) : + (k->type == KEY_DSA ? + PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, NULL, 0, NULL, NULL) : + PEM_write_RSAPrivateKey(stdout, k->rsa, NULL, NULL, 0, NULL, NULL)) : key_write(k, stdout); if (!ok) { fprintf(stderr, "key write failed"); |