1 /* $OpenBSD: ssh-rsa.c,v 1.80 2024/08/15 00:51:51 djm Exp $ */
2 /*
3 * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18 #include <sys/types.h>
19
20 #include <openssl/evp.h>
21 #include <openssl/err.h>
22
23 #include <string.h>
24
25 #include "sshbuf.h"
26 #include "ssherr.h"
27 #define SSHKEY_INTERNAL
28 #include "sshkey.h"
29 #include "digest.h"
30 #include "log.h"
31
32 static u_int
ssh_rsa_size(const struct sshkey * k)33 ssh_rsa_size(const struct sshkey *k)
34 {
35 if (k->pkey == NULL)
36 return 0;
37 return EVP_PKEY_bits(k->pkey);
38 }
39
40 static int
ssh_rsa_alloc(struct sshkey * k)41 ssh_rsa_alloc(struct sshkey *k)
42 {
43 if ((k->pkey = EVP_PKEY_new()) == NULL)
44 return SSH_ERR_ALLOC_FAIL;
45 return 0;
46 }
47
48 static void
ssh_rsa_cleanup(struct sshkey * k)49 ssh_rsa_cleanup(struct sshkey *k)
50 {
51 EVP_PKEY_free(k->pkey);
52 k->pkey = NULL;
53 }
54
55 static int
ssh_rsa_equal(const struct sshkey * a,const struct sshkey * b)56 ssh_rsa_equal(const struct sshkey *a, const struct sshkey *b)
57 {
58 if (a->pkey == NULL || b->pkey == NULL)
59 return 0;
60 return EVP_PKEY_cmp(a->pkey, b->pkey) == 1;
61 }
62
63 static int
ssh_rsa_serialize_public(const struct sshkey * key,struct sshbuf * b,enum sshkey_serialize_rep opts)64 ssh_rsa_serialize_public(const struct sshkey *key, struct sshbuf *b,
65 enum sshkey_serialize_rep opts)
66 {
67 int r;
68 const BIGNUM *rsa_n, *rsa_e;
69 const RSA *rsa;
70
71 if (key->pkey == NULL)
72 return SSH_ERR_INVALID_ARGUMENT;
73 if ((rsa = EVP_PKEY_get0_RSA(key->pkey)) == NULL)
74 return SSH_ERR_LIBCRYPTO_ERROR;
75
76 RSA_get0_key(rsa, &rsa_n, &rsa_e, NULL);
77 if ((r = sshbuf_put_bignum2(b, rsa_e)) != 0 ||
78 (r = sshbuf_put_bignum2(b, rsa_n)) != 0)
79 return r;
80
81 return 0;
82 }
83
84 static int
ssh_rsa_serialize_private(const struct sshkey * key,struct sshbuf * b,enum sshkey_serialize_rep opts)85 ssh_rsa_serialize_private(const struct sshkey *key, struct sshbuf *b,
86 enum sshkey_serialize_rep opts)
87 {
88 int r;
89 const BIGNUM *rsa_n, *rsa_e, *rsa_d, *rsa_iqmp, *rsa_p, *rsa_q;
90 const RSA *rsa;
91
92 if ((rsa = EVP_PKEY_get0_RSA(key->pkey)) == NULL)
93 return SSH_ERR_LIBCRYPTO_ERROR;
94 RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
95 RSA_get0_factors(rsa, &rsa_p, &rsa_q);
96 RSA_get0_crt_params(rsa, NULL, NULL, &rsa_iqmp);
97
98 if (!sshkey_is_cert(key)) {
99 /* Note: can't reuse ssh_rsa_serialize_public: e, n vs. n, e */
100 if ((r = sshbuf_put_bignum2(b, rsa_n)) != 0 ||
101 (r = sshbuf_put_bignum2(b, rsa_e)) != 0)
102 return r;
103 }
104 if ((r = sshbuf_put_bignum2(b, rsa_d)) != 0 ||
105 (r = sshbuf_put_bignum2(b, rsa_iqmp)) != 0 ||
106 (r = sshbuf_put_bignum2(b, rsa_p)) != 0 ||
107 (r = sshbuf_put_bignum2(b, rsa_q)) != 0)
108 return r;
109
110 return 0;
111 }
112
113 static int
ssh_rsa_generate(struct sshkey * k,int bits)114 ssh_rsa_generate(struct sshkey *k, int bits)
115 {
116 EVP_PKEY_CTX *ctx = NULL;
117 EVP_PKEY *res = NULL;
118
119 int ret = SSH_ERR_INTERNAL_ERROR;
120
121 if (bits < SSH_RSA_MINIMUM_MODULUS_SIZE ||
122 bits > SSHBUF_MAX_BIGNUM * 8)
123 return SSH_ERR_KEY_LENGTH;
124
125 if ((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL) {
126 ret = SSH_ERR_ALLOC_FAIL;
127 goto out;
128 }
129 if (EVP_PKEY_keygen_init(ctx) <= 0) {
130 ret = SSH_ERR_LIBCRYPTO_ERROR;
131 goto out;
132 }
133 if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) <= 0) {
134 ret = SSH_ERR_KEY_LENGTH;
135 goto out;
136 }
137 if (EVP_PKEY_keygen(ctx, &res) <= 0 || res == NULL) {
138 ret = SSH_ERR_LIBCRYPTO_ERROR;
139 goto out;
140 }
141 /* success */
142 k->pkey = res;
143 ret = 0;
144 out:
145 EVP_PKEY_CTX_free(ctx);
146 return ret;
147 }
148
149 static int
ssh_rsa_copy_public(const struct sshkey * from,struct sshkey * to)150 ssh_rsa_copy_public(const struct sshkey *from, struct sshkey *to)
151 {
152 const BIGNUM *rsa_n, *rsa_e;
153 BIGNUM *rsa_n_dup = NULL, *rsa_e_dup = NULL;
154 int r = SSH_ERR_INTERNAL_ERROR;
155 const RSA *rsa_from;
156 RSA *rsa_to = NULL;
157
158 if ((rsa_from = EVP_PKEY_get0_RSA(from->pkey)) == NULL ||
159 (rsa_to = RSA_new()) == NULL)
160 return SSH_ERR_LIBCRYPTO_ERROR;
161
162 RSA_get0_key(rsa_from, &rsa_n, &rsa_e, NULL);
163 if ((rsa_n_dup = BN_dup(rsa_n)) == NULL ||
164 (rsa_e_dup = BN_dup(rsa_e)) == NULL) {
165 r = SSH_ERR_ALLOC_FAIL;
166 goto out;
167 }
168 if (!RSA_set0_key(rsa_to, rsa_n_dup, rsa_e_dup, NULL)) {
169 r = SSH_ERR_LIBCRYPTO_ERROR;
170 goto out;
171 }
172 rsa_n_dup = rsa_e_dup = NULL; /* transferred */
173
174 if (EVP_PKEY_set1_RSA(to->pkey, rsa_to) != 1) {
175 r = SSH_ERR_LIBCRYPTO_ERROR;
176 goto out;
177 }
178 /* success */
179 r = 0;
180 out:
181 RSA_free(rsa_to);
182 BN_clear_free(rsa_n_dup);
183 BN_clear_free(rsa_e_dup);
184 return r;
185 }
186
187 static int
ssh_rsa_deserialize_public(const char * ktype,struct sshbuf * b,struct sshkey * key)188 ssh_rsa_deserialize_public(const char *ktype, struct sshbuf *b,
189 struct sshkey *key)
190 {
191 int ret = SSH_ERR_INTERNAL_ERROR;
192 BIGNUM *rsa_n = NULL, *rsa_e = NULL;
193 RSA *rsa = NULL;
194
195 if ((rsa = RSA_new()) == NULL)
196 return SSH_ERR_LIBCRYPTO_ERROR;
197
198 if (sshbuf_get_bignum2(b, &rsa_e) != 0 ||
199 sshbuf_get_bignum2(b, &rsa_n) != 0) {
200 ret = SSH_ERR_INVALID_FORMAT;
201 goto out;
202 }
203 if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
204 ret = SSH_ERR_LIBCRYPTO_ERROR;
205 goto out;
206 }
207 rsa_n = rsa_e = NULL; /* transferred */
208 if (EVP_PKEY_set1_RSA(key->pkey, rsa) != 1) {
209 ret = SSH_ERR_LIBCRYPTO_ERROR;
210 goto out;
211 }
212 if ((ret = sshkey_check_rsa_length(key, 0)) != 0)
213 goto out;
214 #ifdef DEBUG_PK
215 RSA_print_fp(stderr, rsa, 8);
216 #endif
217 /* success */
218 ret = 0;
219 out:
220 RSA_free(rsa);
221 BN_clear_free(rsa_n);
222 BN_clear_free(rsa_e);
223 return ret;
224 }
225
226 static int
ssh_rsa_deserialize_private(const char * ktype,struct sshbuf * b,struct sshkey * key)227 ssh_rsa_deserialize_private(const char *ktype, struct sshbuf *b,
228 struct sshkey *key)
229 {
230 int r;
231 BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL;
232 BIGNUM *rsa_iqmp = NULL, *rsa_p = NULL, *rsa_q = NULL;
233 BIGNUM *rsa_dmp1 = NULL, *rsa_dmq1 = NULL;
234 RSA *rsa = NULL;
235
236 if (sshkey_is_cert(key)) {
237 /* sshkey_private_deserialize already has pubkey from cert */
238 if ((rsa = EVP_PKEY_get1_RSA(key->pkey)) == NULL) {
239 r = SSH_ERR_LIBCRYPTO_ERROR;
240 goto out;
241 }
242 } else {
243 if ((rsa = RSA_new()) == NULL) {
244 r = SSH_ERR_LIBCRYPTO_ERROR;
245 goto out;
246 }
247 /* Note: can't reuse ssh_rsa_deserialize_public: e,n vs. n,e */
248 if ((r = sshbuf_get_bignum2(b, &rsa_n)) != 0 ||
249 (r = sshbuf_get_bignum2(b, &rsa_e)) != 0)
250 goto out;
251 if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
252 r = SSH_ERR_LIBCRYPTO_ERROR;
253 goto out;
254 }
255 rsa_n = rsa_e = NULL; /* transferred */
256 }
257 if ((r = sshbuf_get_bignum2(b, &rsa_d)) != 0 ||
258 (r = sshbuf_get_bignum2(b, &rsa_iqmp)) != 0 ||
259 (r = sshbuf_get_bignum2(b, &rsa_p)) != 0 ||
260 (r = sshbuf_get_bignum2(b, &rsa_q)) != 0)
261 goto out;
262 if ((r = ssh_rsa_complete_crt_parameters(rsa_d, rsa_p, rsa_q,
263 rsa_iqmp, &rsa_dmp1, &rsa_dmq1)) != 0)
264 goto out;
265 if (!RSA_set0_key(rsa, NULL, NULL, rsa_d)) {
266 r = SSH_ERR_LIBCRYPTO_ERROR;
267 goto out;
268 }
269 rsa_d = NULL; /* transferred */
270 if (!RSA_set0_factors(rsa, rsa_p, rsa_q)) {
271 r = SSH_ERR_LIBCRYPTO_ERROR;
272 goto out;
273 }
274 rsa_p = rsa_q = NULL; /* transferred */
275 if (!RSA_set0_crt_params(rsa, rsa_dmp1, rsa_dmq1, rsa_iqmp)) {
276 r = SSH_ERR_LIBCRYPTO_ERROR;
277 goto out;
278 }
279 rsa_dmp1 = rsa_dmq1 = rsa_iqmp = NULL;
280 if (RSA_blinding_on(rsa, NULL) != 1) {
281 r = SSH_ERR_LIBCRYPTO_ERROR;
282 goto out;
283 }
284 if (EVP_PKEY_set1_RSA(key->pkey, rsa) != 1) {
285 r = SSH_ERR_LIBCRYPTO_ERROR;
286 goto out;
287 }
288 if ((r = sshkey_check_rsa_length(key, 0)) != 0)
289 goto out;
290 /* success */
291 r = 0;
292 out:
293 RSA_free(rsa);
294 BN_clear_free(rsa_n);
295 BN_clear_free(rsa_e);
296 BN_clear_free(rsa_d);
297 BN_clear_free(rsa_p);
298 BN_clear_free(rsa_q);
299 BN_clear_free(rsa_iqmp);
300 BN_clear_free(rsa_dmp1);
301 BN_clear_free(rsa_dmq1);
302 return r;
303 }
304
305 static const char *
rsa_hash_alg_ident(int hash_alg)306 rsa_hash_alg_ident(int hash_alg)
307 {
308 switch (hash_alg) {
309 case SSH_DIGEST_SHA1:
310 return "ssh-rsa";
311 case SSH_DIGEST_SHA256:
312 return "rsa-sha2-256";
313 case SSH_DIGEST_SHA512:
314 return "rsa-sha2-512";
315 }
316 return NULL;
317 }
318
319 /*
320 * Returns the hash algorithm ID for a given algorithm identifier as used
321 * inside the signature blob,
322 */
323 static int
rsa_hash_id_from_ident(const char * ident)324 rsa_hash_id_from_ident(const char *ident)
325 {
326 if (strcmp(ident, "ssh-rsa") == 0)
327 return SSH_DIGEST_SHA1;
328 if (strcmp(ident, "rsa-sha2-256") == 0)
329 return SSH_DIGEST_SHA256;
330 if (strcmp(ident, "rsa-sha2-512") == 0)
331 return SSH_DIGEST_SHA512;
332 return -1;
333 }
334
335 /*
336 * Return the hash algorithm ID for the specified key name. This includes
337 * all the cases of rsa_hash_id_from_ident() but also the certificate key
338 * types.
339 */
340 static int
rsa_hash_id_from_keyname(const char * alg)341 rsa_hash_id_from_keyname(const char *alg)
342 {
343 int r;
344
345 if ((r = rsa_hash_id_from_ident(alg)) != -1)
346 return r;
347 if (strcmp(alg, "ssh-rsa-cert-v01@openssh.com") == 0)
348 return SSH_DIGEST_SHA1;
349 if (strcmp(alg, "rsa-sha2-256-cert-v01@openssh.com") == 0)
350 return SSH_DIGEST_SHA256;
351 if (strcmp(alg, "rsa-sha2-512-cert-v01@openssh.com") == 0)
352 return SSH_DIGEST_SHA512;
353 return -1;
354 }
355
356 int
ssh_rsa_complete_crt_parameters(const BIGNUM * rsa_d,const BIGNUM * rsa_p,const BIGNUM * rsa_q,const BIGNUM * rsa_iqmp,BIGNUM ** rsa_dmp1,BIGNUM ** rsa_dmq1)357 ssh_rsa_complete_crt_parameters(const BIGNUM *rsa_d, const BIGNUM *rsa_p,
358 const BIGNUM *rsa_q, const BIGNUM *rsa_iqmp, BIGNUM **rsa_dmp1,
359 BIGNUM **rsa_dmq1)
360 {
361 BIGNUM *aux = NULL, *d_consttime = NULL;
362 BN_CTX *ctx = NULL;
363 int r;
364
365 *rsa_dmq1 = *rsa_dmp1 = NULL;
366 if ((ctx = BN_CTX_new()) == NULL)
367 return SSH_ERR_ALLOC_FAIL;
368 if ((aux = BN_new()) == NULL ||
369 (*rsa_dmq1 = BN_new()) == NULL ||
370 (*rsa_dmp1 = BN_new()) == NULL)
371 return SSH_ERR_ALLOC_FAIL;
372 if ((d_consttime = BN_dup(rsa_d)) == NULL) {
373 r = SSH_ERR_ALLOC_FAIL;
374 goto out;
375 }
376 BN_set_flags(aux, BN_FLG_CONSTTIME);
377 BN_set_flags(d_consttime, BN_FLG_CONSTTIME);
378
379 if ((BN_sub(aux, rsa_q, BN_value_one()) == 0) ||
380 (BN_mod(*rsa_dmq1, d_consttime, aux, ctx) == 0) ||
381 (BN_sub(aux, rsa_p, BN_value_one()) == 0) ||
382 (BN_mod(*rsa_dmp1, d_consttime, aux, ctx) == 0)) {
383 r = SSH_ERR_LIBCRYPTO_ERROR;
384 goto out;
385 }
386 /* success */
387 r = 0;
388 out:
389 BN_clear_free(aux);
390 BN_clear_free(d_consttime);
391 BN_CTX_free(ctx);
392 return r;
393 }
394
395 /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
396 static int
ssh_rsa_sign(struct sshkey * key,u_char ** sigp,size_t * lenp,const u_char * data,size_t datalen,const char * alg,const char * sk_provider,const char * sk_pin,u_int compat)397 ssh_rsa_sign(struct sshkey *key,
398 u_char **sigp, size_t *lenp,
399 const u_char *data, size_t datalen,
400 const char *alg, const char *sk_provider, const char *sk_pin, u_int compat)
401 {
402 u_char *sig = NULL;
403 size_t diff, len = 0;
404 int slen = 0;
405 int hash_alg, ret = SSH_ERR_INTERNAL_ERROR;
406 struct sshbuf *b = NULL;
407
408 if (lenp != NULL)
409 *lenp = 0;
410 if (sigp != NULL)
411 *sigp = NULL;
412
413 if (alg == NULL || strlen(alg) == 0)
414 hash_alg = SSH_DIGEST_SHA1;
415 else
416 hash_alg = rsa_hash_id_from_keyname(alg);
417
418 if (key == NULL || key->pkey == NULL || hash_alg == -1 ||
419 sshkey_type_plain(key->type) != KEY_RSA)
420 return SSH_ERR_INVALID_ARGUMENT;
421 slen = EVP_PKEY_size(key->pkey);
422 if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
423 return SSH_ERR_INVALID_ARGUMENT;
424 if (EVP_PKEY_bits(key->pkey) < SSH_RSA_MINIMUM_MODULUS_SIZE)
425 return SSH_ERR_KEY_LENGTH;
426
427 if ((ret = sshkey_pkey_digest_sign(key->pkey, hash_alg, &sig, &len,
428 data, datalen)) < 0)
429 goto out;
430 if (len < (size_t)slen) {
431 diff = slen - len;
432 memmove(sig + diff, sig, len);
433 explicit_bzero(sig, diff);
434 } else if (len > (size_t)slen) {
435 ret = SSH_ERR_INTERNAL_ERROR;
436 goto out;
437 }
438
439 /* encode signature */
440 if ((b = sshbuf_new()) == NULL) {
441 ret = SSH_ERR_ALLOC_FAIL;
442 goto out;
443 }
444 if ((ret = sshbuf_put_cstring(b, rsa_hash_alg_ident(hash_alg))) != 0 ||
445 (ret = sshbuf_put_string(b, sig, slen)) != 0)
446 goto out;
447 len = sshbuf_len(b);
448 if (sigp != NULL) {
449 if ((*sigp = malloc(len)) == NULL) {
450 ret = SSH_ERR_ALLOC_FAIL;
451 goto out;
452 }
453 memcpy(*sigp, sshbuf_ptr(b), len);
454 }
455 if (lenp != NULL)
456 *lenp = len;
457 ret = 0;
458 out:
459 freezero(sig, slen);
460 sshbuf_free(b);
461 return ret;
462 }
463
464 static int
ssh_rsa_verify(const struct sshkey * key,const u_char * sig,size_t siglen,const u_char * data,size_t dlen,const char * alg,u_int compat,struct sshkey_sig_details ** detailsp)465 ssh_rsa_verify(const struct sshkey *key,
466 const u_char *sig, size_t siglen,
467 const u_char *data, size_t dlen, const char *alg, u_int compat,
468 struct sshkey_sig_details **detailsp)
469 {
470 char *sigtype = NULL;
471 int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR;
472 size_t len = 0, diff, modlen, rsasize;
473 struct sshbuf *b = NULL;
474 u_char digest[SSH_DIGEST_MAX_LENGTH], *osigblob, *sigblob = NULL;
475
476 if (key == NULL || key->pkey == NULL ||
477 sshkey_type_plain(key->type) != KEY_RSA ||
478 sig == NULL || siglen == 0)
479 return SSH_ERR_INVALID_ARGUMENT;
480 if (EVP_PKEY_bits(key->pkey) < SSH_RSA_MINIMUM_MODULUS_SIZE)
481 return SSH_ERR_KEY_LENGTH;
482
483 if ((b = sshbuf_from(sig, siglen)) == NULL)
484 return SSH_ERR_ALLOC_FAIL;
485 if (sshbuf_get_cstring(b, &sigtype, NULL) != 0) {
486 ret = SSH_ERR_INVALID_FORMAT;
487 goto out;
488 }
489 if ((hash_alg = rsa_hash_id_from_ident(sigtype)) == -1) {
490 ret = SSH_ERR_KEY_TYPE_MISMATCH;
491 goto out;
492 }
493 /*
494 * Allow ssh-rsa-cert-v01 certs to generate SHA2 signatures for
495 * legacy reasons, but otherwise the signature type should match.
496 */
497 if (alg != NULL && strcmp(alg, "ssh-rsa-cert-v01@openssh.com") != 0) {
498 if ((want_alg = rsa_hash_id_from_keyname(alg)) == -1) {
499 ret = SSH_ERR_INVALID_ARGUMENT;
500 goto out;
501 }
502 if (hash_alg != want_alg) {
503 ret = SSH_ERR_SIGNATURE_INVALID;
504 goto out;
505 }
506 }
507 if (sshbuf_get_string(b, &sigblob, &len) != 0) {
508 ret = SSH_ERR_INVALID_FORMAT;
509 goto out;
510 }
511 if (sshbuf_len(b) != 0) {
512 ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
513 goto out;
514 }
515 /* RSA_verify expects a signature of RSA_size */
516 modlen = EVP_PKEY_size(key->pkey);
517 if (len > modlen) {
518 ret = SSH_ERR_KEY_BITS_MISMATCH;
519 goto out;
520 } else if (len < modlen) {
521 diff = modlen - len;
522 osigblob = sigblob;
523 if ((sigblob = realloc(sigblob, modlen)) == NULL) {
524 sigblob = osigblob; /* put it back for clear/free */
525 ret = SSH_ERR_ALLOC_FAIL;
526 goto out;
527 }
528 memmove(sigblob + diff, sigblob, len);
529 explicit_bzero(sigblob, diff);
530 len = modlen;
531 }
532
533 rsasize = EVP_PKEY_size(key->pkey);
534 if (rsasize <= 0 || rsasize > SSHBUF_MAX_BIGNUM ||
535 len == 0 || len > rsasize) {
536 ret = SSH_ERR_INVALID_ARGUMENT;
537 goto out;
538 }
539 ret = sshkey_pkey_digest_verify(key->pkey, hash_alg, data, dlen,
540 sigblob, len);
541
542 out:
543 freezero(sigblob, len);
544 free(sigtype);
545 sshbuf_free(b);
546 explicit_bzero(digest, sizeof(digest));
547 return ret;
548 }
549
550 static const struct sshkey_impl_funcs sshkey_rsa_funcs = {
551 /* .size = */ ssh_rsa_size,
552 /* .alloc = */ ssh_rsa_alloc,
553 /* .cleanup = */ ssh_rsa_cleanup,
554 /* .equal = */ ssh_rsa_equal,
555 /* .ssh_serialize_public = */ ssh_rsa_serialize_public,
556 /* .ssh_deserialize_public = */ ssh_rsa_deserialize_public,
557 /* .ssh_serialize_private = */ ssh_rsa_serialize_private,
558 /* .ssh_deserialize_private = */ ssh_rsa_deserialize_private,
559 /* .generate = */ ssh_rsa_generate,
560 /* .copy_public = */ ssh_rsa_copy_public,
561 /* .sign = */ ssh_rsa_sign,
562 /* .verify = */ ssh_rsa_verify,
563 };
564
565 const struct sshkey_impl sshkey_rsa_impl = {
566 /* .name = */ "ssh-rsa",
567 /* .shortname = */ "RSA",
568 /* .sigalg = */ NULL,
569 /* .type = */ KEY_RSA,
570 /* .nid = */ 0,
571 /* .cert = */ 0,
572 /* .sigonly = */ 0,
573 /* .keybits = */ 0,
574 /* .funcs = */ &sshkey_rsa_funcs,
575 };
576
577 const struct sshkey_impl sshkey_rsa_cert_impl = {
578 /* .name = */ "ssh-rsa-cert-v01@openssh.com",
579 /* .shortname = */ "RSA-CERT",
580 /* .sigalg = */ NULL,
581 /* .type = */ KEY_RSA_CERT,
582 /* .nid = */ 0,
583 /* .cert = */ 1,
584 /* .sigonly = */ 0,
585 /* .keybits = */ 0,
586 /* .funcs = */ &sshkey_rsa_funcs,
587 };
588
589 /* SHA2 signature algorithms */
590
591 const struct sshkey_impl sshkey_rsa_sha256_impl = {
592 /* .name = */ "rsa-sha2-256",
593 /* .shortname = */ "RSA",
594 /* .sigalg = */ NULL,
595 /* .type = */ KEY_RSA,
596 /* .nid = */ 0,
597 /* .cert = */ 0,
598 /* .sigonly = */ 1,
599 /* .keybits = */ 0,
600 /* .funcs = */ &sshkey_rsa_funcs,
601 };
602
603 const struct sshkey_impl sshkey_rsa_sha512_impl = {
604 /* .name = */ "rsa-sha2-512",
605 /* .shortname = */ "RSA",
606 /* .sigalg = */ NULL,
607 /* .type = */ KEY_RSA,
608 /* .nid = */ 0,
609 /* .cert = */ 0,
610 /* .sigonly = */ 1,
611 /* .keybits = */ 0,
612 /* .funcs = */ &sshkey_rsa_funcs,
613 };
614
615 const struct sshkey_impl sshkey_rsa_sha256_cert_impl = {
616 /* .name = */ "rsa-sha2-256-cert-v01@openssh.com",
617 /* .shortname = */ "RSA-CERT",
618 /* .sigalg = */ "rsa-sha2-256",
619 /* .type = */ KEY_RSA_CERT,
620 /* .nid = */ 0,
621 /* .cert = */ 1,
622 /* .sigonly = */ 1,
623 /* .keybits = */ 0,
624 /* .funcs = */ &sshkey_rsa_funcs,
625 };
626
627 const struct sshkey_impl sshkey_rsa_sha512_cert_impl = {
628 /* .name = */ "rsa-sha2-512-cert-v01@openssh.com",
629 /* .shortname = */ "RSA-CERT",
630 /* .sigalg = */ "rsa-sha2-512",
631 /* .type = */ KEY_RSA_CERT,
632 /* .nid = */ 0,
633 /* .cert = */ 1,
634 /* .sigonly = */ 1,
635 /* .keybits = */ 0,
636 /* .funcs = */ &sshkey_rsa_funcs,
637 };
638