1 /* Copyright (C) 2009, 2010 Simon Josefsson
2 * Copyright (C) 2006, 2007 The Written Word, Inc. All rights reserved.
3 * Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
4 *
5 * Author: Simon Josefsson
6 *
7 * Redistribution and use in source and binary forms,
8 * with or without modification, are permitted provided
9 * that the following conditions are met:
10 *
11 * Redistributions of source code must retain the above
12 * copyright notice, this list of conditions and the
13 * following disclaimer.
14 *
15 * Redistributions in binary form must reproduce the above
16 * copyright notice, this list of conditions and the following
17 * disclaimer in the documentation and/or other materials
18 * provided with the distribution.
19 *
20 * Neither the name of the copyright holder nor the names
21 * of any other contributors may be used to endorse or
22 * promote products derived from this software without
23 * specific prior written permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
26 * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
27 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
30 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
31 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
32 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
33 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
34 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
35 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
36 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
37 * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
38 * OF SUCH DAMAGE.
39 */
40
41 #include "libssh2_priv.h"
42
43 #ifdef LIBSSH2_OPENSSL /* compile only if we build with openssl */
44
45 #include <string.h>
46 #include "misc.h"
47
48 #ifndef EVP_MAX_BLOCK_LENGTH
49 #define EVP_MAX_BLOCK_LENGTH 32
50 #endif
51
52 int
53 read_openssh_private_key_from_memory(void **key_ctx, LIBSSH2_SESSION *session,
54 const char *key_type,
55 const char *filedata,
56 size_t filedata_len,
57 unsigned const char *passphrase);
58
59 static unsigned char *
write_bn(unsigned char * buf,const BIGNUM * bn,int bn_bytes)60 write_bn(unsigned char *buf, const BIGNUM *bn, int bn_bytes)
61 {
62 unsigned char *p = buf;
63
64 /* Left space for bn size which will be written below. */
65 p += 4;
66
67 *p = 0;
68 BN_bn2bin(bn, p + 1);
69 if(!(*(p + 1) & 0x80)) {
70 memmove(p, p + 1, --bn_bytes);
71 }
72 _libssh2_htonu32(p - 4, bn_bytes); /* Post write bn size. */
73
74 return p + bn_bytes;
75 }
76
77 int
_libssh2_rsa_new(libssh2_rsa_ctx ** rsa,const unsigned char * edata,unsigned long elen,const unsigned char * ndata,unsigned long nlen,const unsigned char * ddata,unsigned long dlen,const unsigned char * pdata,unsigned long plen,const unsigned char * qdata,unsigned long qlen,const unsigned char * e1data,unsigned long e1len,const unsigned char * e2data,unsigned long e2len,const unsigned char * coeffdata,unsigned long coefflen)78 _libssh2_rsa_new(libssh2_rsa_ctx ** rsa,
79 const unsigned char *edata,
80 unsigned long elen,
81 const unsigned char *ndata,
82 unsigned long nlen,
83 const unsigned char *ddata,
84 unsigned long dlen,
85 const unsigned char *pdata,
86 unsigned long plen,
87 const unsigned char *qdata,
88 unsigned long qlen,
89 const unsigned char *e1data,
90 unsigned long e1len,
91 const unsigned char *e2data,
92 unsigned long e2len,
93 const unsigned char *coeffdata, unsigned long coefflen)
94 {
95 BIGNUM * e;
96 BIGNUM * n;
97 BIGNUM * d = 0;
98 BIGNUM * p = 0;
99 BIGNUM * q = 0;
100 BIGNUM * dmp1 = 0;
101 BIGNUM * dmq1 = 0;
102 BIGNUM * iqmp = 0;
103
104 e = BN_new();
105 BN_bin2bn(edata, elen, e);
106
107 n = BN_new();
108 BN_bin2bn(ndata, nlen, n);
109
110 if(ddata) {
111 d = BN_new();
112 BN_bin2bn(ddata, dlen, d);
113
114 p = BN_new();
115 BN_bin2bn(pdata, plen, p);
116
117 q = BN_new();
118 BN_bin2bn(qdata, qlen, q);
119
120 dmp1 = BN_new();
121 BN_bin2bn(e1data, e1len, dmp1);
122
123 dmq1 = BN_new();
124 BN_bin2bn(e2data, e2len, dmq1);
125
126 iqmp = BN_new();
127 BN_bin2bn(coeffdata, coefflen, iqmp);
128 }
129
130 *rsa = RSA_new();
131 #ifdef HAVE_OPAQUE_STRUCTS
132 RSA_set0_key(*rsa, n, e, d);
133 #else
134 (*rsa)->e = e;
135 (*rsa)->n = n;
136 (*rsa)->d = d;
137 #endif
138
139 #ifdef HAVE_OPAQUE_STRUCTS
140 RSA_set0_factors(*rsa, p, q);
141 #else
142 (*rsa)->p = p;
143 (*rsa)->q = q;
144 #endif
145
146 #ifdef HAVE_OPAQUE_STRUCTS
147 RSA_set0_crt_params(*rsa, dmp1, dmq1, iqmp);
148 #else
149 (*rsa)->dmp1 = dmp1;
150 (*rsa)->dmq1 = dmq1;
151 (*rsa)->iqmp = iqmp;
152 #endif
153 return 0;
154 }
155
156 int
_libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsactx,const unsigned char * sig,unsigned long sig_len,const unsigned char * m,unsigned long m_len)157 _libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsactx,
158 const unsigned char *sig,
159 unsigned long sig_len,
160 const unsigned char *m, unsigned long m_len)
161 {
162 unsigned char hash[SHA_DIGEST_LENGTH];
163 int ret;
164
165 if(_libssh2_sha1(m, m_len, hash))
166 return -1; /* failure */
167 ret = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH,
168 (unsigned char *) sig, sig_len, rsactx);
169 return (ret == 1) ? 0 : -1;
170 }
171
172 #if LIBSSH2_DSA
173 int
_libssh2_dsa_new(libssh2_dsa_ctx ** dsactx,const unsigned char * p,unsigned long p_len,const unsigned char * q,unsigned long q_len,const unsigned char * g,unsigned long g_len,const unsigned char * y,unsigned long y_len,const unsigned char * x,unsigned long x_len)174 _libssh2_dsa_new(libssh2_dsa_ctx ** dsactx,
175 const unsigned char *p,
176 unsigned long p_len,
177 const unsigned char *q,
178 unsigned long q_len,
179 const unsigned char *g,
180 unsigned long g_len,
181 const unsigned char *y,
182 unsigned long y_len,
183 const unsigned char *x, unsigned long x_len)
184 {
185 BIGNUM * p_bn;
186 BIGNUM * q_bn;
187 BIGNUM * g_bn;
188 BIGNUM * pub_key;
189 BIGNUM * priv_key = NULL;
190
191 p_bn = BN_new();
192 BN_bin2bn(p, p_len, p_bn);
193
194 q_bn = BN_new();
195 BN_bin2bn(q, q_len, q_bn);
196
197 g_bn = BN_new();
198 BN_bin2bn(g, g_len, g_bn);
199
200 pub_key = BN_new();
201 BN_bin2bn(y, y_len, pub_key);
202
203 if(x_len) {
204 priv_key = BN_new();
205 BN_bin2bn(x, x_len, priv_key);
206 }
207
208 *dsactx = DSA_new();
209
210 #ifdef HAVE_OPAQUE_STRUCTS
211 DSA_set0_pqg(*dsactx, p_bn, q_bn, g_bn);
212 #else
213 (*dsactx)->p = p_bn;
214 (*dsactx)->g = g_bn;
215 (*dsactx)->q = q_bn;
216 #endif
217
218 #ifdef HAVE_OPAQUE_STRUCTS
219 DSA_set0_key(*dsactx, pub_key, priv_key);
220 #else
221 (*dsactx)->pub_key = pub_key;
222 (*dsactx)->priv_key = priv_key;
223 #endif
224 return 0;
225 }
226
227 int
_libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx,const unsigned char * sig,const unsigned char * m,unsigned long m_len)228 _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx,
229 const unsigned char *sig,
230 const unsigned char *m, unsigned long m_len)
231 {
232 unsigned char hash[SHA_DIGEST_LENGTH];
233 DSA_SIG * dsasig;
234 BIGNUM * r;
235 BIGNUM * s;
236 int ret = -1;
237
238 r = BN_new();
239 BN_bin2bn(sig, 20, r);
240 s = BN_new();
241 BN_bin2bn(sig + 20, 20, s);
242
243 dsasig = DSA_SIG_new();
244 #ifdef HAVE_OPAQUE_STRUCTS
245 DSA_SIG_set0(dsasig, r, s);
246 #else
247 dsasig->r = r;
248 dsasig->s = s;
249 #endif
250 if(!_libssh2_sha1(m, m_len, hash))
251 /* _libssh2_sha1() succeeded */
252 ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, dsasig, dsactx);
253
254 DSA_SIG_free(dsasig);
255
256 return (ret == 1) ? 0 : -1;
257 }
258 #endif /* LIBSSH_DSA */
259
260 #if LIBSSH2_ECDSA
261
262 /* _libssh2_ecdsa_get_curve_type
263 *
264 * returns key curve type that maps to libssh2_curve_type
265 *
266 */
267
268 libssh2_curve_type
_libssh2_ecdsa_get_curve_type(libssh2_ecdsa_ctx * ec_ctx)269 _libssh2_ecdsa_get_curve_type(libssh2_ecdsa_ctx *ec_ctx)
270 {
271 const EC_GROUP *group = EC_KEY_get0_group(ec_ctx);
272 return EC_GROUP_get_curve_name(group);
273 }
274
275 /* _libssh2_ecdsa_curve_type_from_name
276 *
277 * returns 0 for success, key curve type that maps to libssh2_curve_type
278 *
279 */
280
281 int
_libssh2_ecdsa_curve_type_from_name(const char * name,libssh2_curve_type * out_type)282 _libssh2_ecdsa_curve_type_from_name(const char *name,
283 libssh2_curve_type *out_type)
284 {
285 int ret = 0;
286 libssh2_curve_type type;
287
288 if(name == NULL || strlen(name) != 19)
289 return -1;
290
291 if(strcmp(name, "ecdsa-sha2-nistp256") == 0)
292 type = LIBSSH2_EC_CURVE_NISTP256;
293 else if(strcmp(name, "ecdsa-sha2-nistp384") == 0)
294 type = LIBSSH2_EC_CURVE_NISTP384;
295 else if(strcmp(name, "ecdsa-sha2-nistp521") == 0)
296 type = LIBSSH2_EC_CURVE_NISTP521;
297 else {
298 ret = -1;
299 }
300
301 if(ret == 0 && out_type) {
302 *out_type = type;
303 }
304
305 return ret;
306 }
307
308 /* _libssh2_ecdsa_curve_name_with_octal_new
309 *
310 * Creates a new public key given an octal string, length and type
311 *
312 */
313
314 int
_libssh2_ecdsa_curve_name_with_octal_new(libssh2_ecdsa_ctx ** ec_ctx,const unsigned char * k,size_t k_len,libssh2_curve_type curve)315 _libssh2_ecdsa_curve_name_with_octal_new(libssh2_ecdsa_ctx ** ec_ctx,
316 const unsigned char *k,
317 size_t k_len, libssh2_curve_type curve)
318 {
319
320 int ret = 0;
321 const EC_GROUP *ec_group = NULL;
322 EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve);
323 EC_POINT *point = NULL;
324
325 if(ec_key) {
326 ec_group = EC_KEY_get0_group(ec_key);
327 point = EC_POINT_new(ec_group);
328 ret = EC_POINT_oct2point(ec_group, point, k, k_len, NULL);
329 ret = EC_KEY_set_public_key(ec_key, point);
330
331 if(point != NULL)
332 EC_POINT_free(point);
333
334 if(ec_ctx != NULL)
335 *ec_ctx = ec_key;
336 }
337
338 return (ret == 1) ? 0 : -1;
339 }
340
341 #define LIBSSH2_ECDSA_VERIFY(digest_type) \
342 { \
343 unsigned char hash[SHA##digest_type##_DIGEST_LENGTH]; \
344 libssh2_sha##digest_type(m, m_len, hash); \
345 ret = ECDSA_do_verify(hash, SHA##digest_type##_DIGEST_LENGTH, \
346 ecdsa_sig, ec_key); \
347 \
348 }
349
350 int
_libssh2_ecdsa_verify(libssh2_ecdsa_ctx * ctx,const unsigned char * r,size_t r_len,const unsigned char * s,size_t s_len,const unsigned char * m,size_t m_len)351 _libssh2_ecdsa_verify(libssh2_ecdsa_ctx * ctx,
352 const unsigned char *r, size_t r_len,
353 const unsigned char *s, size_t s_len,
354 const unsigned char *m, size_t m_len)
355 {
356 int ret = 0;
357 EC_KEY *ec_key = (EC_KEY*)ctx;
358 libssh2_curve_type type = _libssh2_ecdsa_get_curve_type(ec_key);
359
360 #ifdef HAVE_OPAQUE_STRUCTS
361 ECDSA_SIG *ecdsa_sig = ECDSA_SIG_new();
362 BIGNUM *pr = BN_new();
363 BIGNUM *ps = BN_new();
364
365 BN_bin2bn(r, r_len, pr);
366 BN_bin2bn(s, s_len, ps);
367 ECDSA_SIG_set0(ecdsa_sig, pr, ps);
368
369 #else
370 ECDSA_SIG ecdsa_sig_;
371 ECDSA_SIG *ecdsa_sig = &ecdsa_sig_;
372 ecdsa_sig_.r = BN_new();
373 BN_bin2bn(r, r_len, ecdsa_sig_.r);
374 ecdsa_sig_.s = BN_new();
375 BN_bin2bn(s, s_len, ecdsa_sig_.s);
376 #endif
377
378 if(type == LIBSSH2_EC_CURVE_NISTP256) {
379 LIBSSH2_ECDSA_VERIFY(256);
380 }
381 else if(type == LIBSSH2_EC_CURVE_NISTP384) {
382 LIBSSH2_ECDSA_VERIFY(384);
383 }
384 else if(type == LIBSSH2_EC_CURVE_NISTP521) {
385 LIBSSH2_ECDSA_VERIFY(512);
386 }
387
388 #ifdef HAVE_OPAQUE_STRUCTS
389 if(ecdsa_sig)
390 ECDSA_SIG_free(ecdsa_sig);
391 #else
392 BN_clear_free(ecdsa_sig_.s);
393 BN_clear_free(ecdsa_sig_.r);
394 #endif
395
396 return (ret == 1) ? 0 : -1;
397 }
398
399 #endif /* LIBSSH2_ECDSA */
400
401 int
_libssh2_cipher_init(_libssh2_cipher_ctx * h,_libssh2_cipher_type (algo),unsigned char * iv,unsigned char * secret,int encrypt)402 _libssh2_cipher_init(_libssh2_cipher_ctx * h,
403 _libssh2_cipher_type(algo),
404 unsigned char *iv, unsigned char *secret, int encrypt)
405 {
406 #ifdef HAVE_OPAQUE_STRUCTS
407 *h = EVP_CIPHER_CTX_new();
408 return !EVP_CipherInit(*h, algo(), secret, iv, encrypt);
409 #else
410 EVP_CIPHER_CTX_init(h);
411 return !EVP_CipherInit(h, algo(), secret, iv, encrypt);
412 #endif
413 }
414
415 int
_libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,_libssh2_cipher_type (algo),int encrypt,unsigned char * block,size_t blocksize)416 _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
417 _libssh2_cipher_type(algo),
418 int encrypt, unsigned char *block, size_t blocksize)
419 {
420 unsigned char buf[EVP_MAX_BLOCK_LENGTH];
421 int ret;
422 (void) algo;
423 (void) encrypt;
424
425 #ifdef HAVE_OPAQUE_STRUCTS
426 ret = EVP_Cipher(*ctx, buf, block, blocksize);
427 #else
428 ret = EVP_Cipher(ctx, buf, block, blocksize);
429 #endif
430 if(ret == 1) {
431 memcpy(block, buf, blocksize);
432 }
433 return ret == 1 ? 0 : 1;
434 }
435
436 #if LIBSSH2_AES_CTR && !defined(HAVE_EVP_AES_128_CTR)
437
438 #include <openssl/aes.h>
439 #include <openssl/evp.h>
440
441 typedef struct
442 {
443 AES_KEY key;
444 EVP_CIPHER_CTX *aes_ctx;
445 unsigned char ctr[AES_BLOCK_SIZE];
446 } aes_ctr_ctx;
447
448 static EVP_CIPHER * aes_128_ctr_cipher = NULL;
449 static EVP_CIPHER * aes_192_ctr_cipher = NULL;
450 static EVP_CIPHER * aes_256_ctr_cipher = NULL;
451
452 static int
aes_ctr_init(EVP_CIPHER_CTX * ctx,const unsigned char * key,const unsigned char * iv,int enc)453 aes_ctr_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
454 const unsigned char *iv, int enc) /* init key */
455 {
456 /*
457 * variable "c" is leaked from this scope, but is later freed
458 * in aes_ctr_cleanup
459 */
460 aes_ctr_ctx *c;
461 const EVP_CIPHER *aes_cipher;
462 (void) enc;
463
464 switch(EVP_CIPHER_CTX_key_length(ctx)) {
465 case 16:
466 aes_cipher = EVP_aes_128_ecb();
467 break;
468 case 24:
469 aes_cipher = EVP_aes_192_ecb();
470 break;
471 case 32:
472 aes_cipher = EVP_aes_256_ecb();
473 break;
474 default:
475 return 0;
476 }
477
478 c = malloc(sizeof(*c));
479 if(c == NULL)
480 return 0;
481
482 #ifdef HAVE_OPAQUE_STRUCTS
483 c->aes_ctx = EVP_CIPHER_CTX_new();
484 #else
485 c->aes_ctx = malloc(sizeof(EVP_CIPHER_CTX));
486 #endif
487 if(c->aes_ctx == NULL) {
488 free(c);
489 return 0;
490 }
491
492 if(EVP_EncryptInit(c->aes_ctx, aes_cipher, key, NULL) != 1) {
493 #ifdef HAVE_OPAQUE_STRUCTS
494 EVP_CIPHER_CTX_free(c->aes_ctx);
495 #else
496 free(c->aes_ctx);
497 #endif
498 free(c);
499 return 0;
500 }
501
502 EVP_CIPHER_CTX_set_padding(c->aes_ctx, 0);
503
504 memcpy(c->ctr, iv, AES_BLOCK_SIZE);
505
506 EVP_CIPHER_CTX_set_app_data(ctx, c);
507
508 return 1;
509 }
510
511 static int
aes_ctr_do_cipher(EVP_CIPHER_CTX * ctx,unsigned char * out,const unsigned char * in,size_t inl)512 aes_ctr_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
513 const unsigned char *in,
514 size_t inl) /* encrypt/decrypt data */
515 {
516 aes_ctr_ctx *c = EVP_CIPHER_CTX_get_app_data(ctx);
517 unsigned char b1[AES_BLOCK_SIZE];
518 int outlen = 0;
519
520 if(inl != 16) /* libssh2 only ever encrypt one block */
521 return 0;
522
523 if(c == NULL) {
524 return 0;
525 }
526
527 /*
528 To encrypt a packet P=P1||P2||...||Pn (where P1, P2, ..., Pn are each
529 blocks of length L), the encryptor first encrypts <X> with <cipher>
530 to obtain a block B1. The block B1 is then XORed with P1 to generate
531 the ciphertext block C1. The counter X is then incremented
532 */
533
534 if(EVP_EncryptUpdate(c->aes_ctx, b1, &outlen,
535 c->ctr, AES_BLOCK_SIZE) != 1) {
536 return 0;
537 }
538
539 _libssh2_xor_data(out, in, b1, AES_BLOCK_SIZE);
540 _libssh2_aes_ctr_increment(c->ctr, AES_BLOCK_SIZE);
541
542 return 1;
543 }
544
545 static int
aes_ctr_cleanup(EVP_CIPHER_CTX * ctx)546 aes_ctr_cleanup(EVP_CIPHER_CTX *ctx) /* cleanup ctx */
547 {
548 aes_ctr_ctx *c = EVP_CIPHER_CTX_get_app_data(ctx);
549
550 if(c == NULL) {
551 return 1;
552 }
553
554 if(c->aes_ctx != NULL) {
555 #ifdef HAVE_OPAQUE_STRUCTS
556 EVP_CIPHER_CTX_free(c->aes_ctx);
557 #else
558 _libssh2_cipher_dtor(c->aes_ctx);
559 free(c->aes_ctx);
560 #endif
561 }
562
563 free(c);
564
565 return 1;
566 }
567
568 static const EVP_CIPHER *
make_ctr_evp(size_t keylen,EVP_CIPHER ** aes_ctr_cipher,int type)569 make_ctr_evp (size_t keylen, EVP_CIPHER **aes_ctr_cipher, int type)
570 {
571 #ifdef HAVE_OPAQUE_STRUCTS
572 *aes_ctr_cipher = EVP_CIPHER_meth_new(type, 16, keylen);
573 if(*aes_ctr_cipher) {
574 EVP_CIPHER_meth_set_iv_length(*aes_ctr_cipher, 16);
575 EVP_CIPHER_meth_set_init(*aes_ctr_cipher, aes_ctr_init);
576 EVP_CIPHER_meth_set_do_cipher(*aes_ctr_cipher, aes_ctr_do_cipher);
577 EVP_CIPHER_meth_set_cleanup(*aes_ctr_cipher, aes_ctr_cleanup);
578 }
579 #else
580 (*aes_ctr_cipher)->nid = type;
581 (*aes_ctr_cipher)->block_size = 16;
582 (*aes_ctr_cipher)->key_len = keylen;
583 (*aes_ctr_cipher)->iv_len = 16;
584 (*aes_ctr_cipher)->init = aes_ctr_init;
585 (*aes_ctr_cipher)->do_cipher = aes_ctr_do_cipher;
586 (*aes_ctr_cipher)->cleanup = aes_ctr_cleanup;
587 #endif
588
589 return *aes_ctr_cipher;
590 }
591
592 const EVP_CIPHER *
_libssh2_EVP_aes_128_ctr(void)593 _libssh2_EVP_aes_128_ctr(void)
594 {
595 #ifdef HAVE_OPAQUE_STRUCTS
596 return !aes_128_ctr_cipher ?
597 make_ctr_evp(16, &aes_128_ctr_cipher, NID_aes_128_ctr) :
598 aes_128_ctr_cipher;
599 #else
600 static EVP_CIPHER aes_ctr_cipher;
601 if(!aes_128_ctr_cipher) {
602 aes_128_ctr_cipher = &aes_ctr_cipher;
603 make_ctr_evp(16, &aes_128_ctr_cipher, 0);
604 }
605 return aes_128_ctr_cipher;
606 #endif
607 }
608
609 const EVP_CIPHER *
_libssh2_EVP_aes_192_ctr(void)610 _libssh2_EVP_aes_192_ctr(void)
611 {
612 #ifdef HAVE_OPAQUE_STRUCTS
613 return !aes_192_ctr_cipher ?
614 make_ctr_evp(24, &aes_192_ctr_cipher, NID_aes_192_ctr) :
615 aes_192_ctr_cipher;
616 #else
617 static EVP_CIPHER aes_ctr_cipher;
618 if(!aes_192_ctr_cipher) {
619 aes_192_ctr_cipher = &aes_ctr_cipher;
620 make_ctr_evp(24, &aes_192_ctr_cipher, 0);
621 }
622 return aes_192_ctr_cipher;
623 #endif
624 }
625
626 const EVP_CIPHER *
_libssh2_EVP_aes_256_ctr(void)627 _libssh2_EVP_aes_256_ctr(void)
628 {
629 #ifdef HAVE_OPAQUE_STRUCTS
630 return !aes_256_ctr_cipher ?
631 make_ctr_evp(32, &aes_256_ctr_cipher, NID_aes_256_ctr) :
632 aes_256_ctr_cipher;
633 #else
634 static EVP_CIPHER aes_ctr_cipher;
635 if(!aes_256_ctr_cipher) {
636 aes_256_ctr_cipher = &aes_ctr_cipher;
637 make_ctr_evp(32, &aes_256_ctr_cipher, 0);
638 }
639 return aes_256_ctr_cipher;
640 #endif
641 }
642
643 #endif /* LIBSSH2_AES_CTR && !defined(HAVE_EVP_AES_128_CTR) */
644
_libssh2_openssl_crypto_init(void)645 void _libssh2_openssl_crypto_init(void)
646 {
647 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
648 !defined(LIBRESSL_VERSION_NUMBER)
649 #ifndef OPENSSL_NO_ENGINE
650 ENGINE_load_builtin_engines();
651 ENGINE_register_all_complete();
652 #endif
653 #else
654 OpenSSL_add_all_algorithms();
655 OpenSSL_add_all_ciphers();
656 OpenSSL_add_all_digests();
657 #ifndef OPENSSL_NO_ENGINE
658 ENGINE_load_builtin_engines();
659 ENGINE_register_all_complete();
660 #endif
661 #endif
662 #if LIBSSH2_AES_CTR && !defined(HAVE_EVP_AES_128_CTR)
663 aes_128_ctr_cipher = (EVP_CIPHER *) _libssh2_EVP_aes_128_ctr();
664 aes_192_ctr_cipher = (EVP_CIPHER *) _libssh2_EVP_aes_192_ctr();
665 aes_256_ctr_cipher = (EVP_CIPHER *) _libssh2_EVP_aes_256_ctr();
666 #endif
667 }
668
_libssh2_openssl_crypto_exit(void)669 void _libssh2_openssl_crypto_exit(void)
670 {
671 #if LIBSSH2_AES_CTR && !defined(HAVE_EVP_AES_128_CTR)
672 #ifdef HAVE_OPAQUE_STRUCTS
673 if(aes_128_ctr_cipher) {
674 EVP_CIPHER_meth_free(aes_128_ctr_cipher);
675 }
676
677 if(aes_192_ctr_cipher) {
678 EVP_CIPHER_meth_free(aes_192_ctr_cipher);
679 }
680
681 if(aes_256_ctr_cipher) {
682 EVP_CIPHER_meth_free(aes_256_ctr_cipher);
683 }
684 #endif
685
686 aes_128_ctr_cipher = NULL;
687 aes_192_ctr_cipher = NULL;
688 aes_256_ctr_cipher = NULL;
689 #endif
690 }
691
692 /* TODO: Optionally call a passphrase callback specified by the
693 * calling program
694 */
695 static int
passphrase_cb(char * buf,int size,int rwflag,char * passphrase)696 passphrase_cb(char *buf, int size, int rwflag, char *passphrase)
697 {
698 int passphrase_len = strlen(passphrase);
699 (void) rwflag;
700
701 if(passphrase_len > (size - 1)) {
702 passphrase_len = size - 1;
703 }
704 memcpy(buf, passphrase, passphrase_len);
705 buf[passphrase_len] = '\0';
706
707 return passphrase_len;
708 }
709
710 typedef void * (*pem_read_bio_func)(BIO *, void **, pem_password_cb *,
711 void *u);
712
713 static int
read_private_key_from_memory(void ** key_ctx,pem_read_bio_func read_private_key,const char * filedata,size_t filedata_len,unsigned const char * passphrase)714 read_private_key_from_memory(void **key_ctx,
715 pem_read_bio_func read_private_key,
716 const char *filedata,
717 size_t filedata_len,
718 unsigned const char *passphrase)
719 {
720 BIO * bp;
721
722 *key_ctx = NULL;
723
724 bp = BIO_new_mem_buf((char *)filedata, filedata_len);
725 if(!bp) {
726 return -1;
727 }
728 *key_ctx = read_private_key(bp, NULL, (pem_password_cb *) passphrase_cb,
729 (void *) passphrase);
730
731 BIO_free(bp);
732 return (*key_ctx) ? 0 : -1;
733 }
734
735
736
737 static int
read_private_key_from_file(void ** key_ctx,pem_read_bio_func read_private_key,const char * filename,unsigned const char * passphrase)738 read_private_key_from_file(void **key_ctx,
739 pem_read_bio_func read_private_key,
740 const char *filename,
741 unsigned const char *passphrase)
742 {
743 BIO * bp;
744
745 *key_ctx = NULL;
746
747 bp = BIO_new_file(filename, "r");
748 if(!bp) {
749 return -1;
750 }
751
752 *key_ctx = read_private_key(bp, NULL, (pem_password_cb *) passphrase_cb,
753 (void *) passphrase);
754
755 BIO_free(bp);
756 return (*key_ctx) ? 0 : -1;
757 }
758
759 int
_libssh2_rsa_new_private_frommemory(libssh2_rsa_ctx ** rsa,LIBSSH2_SESSION * session,const char * filedata,size_t filedata_len,unsigned const char * passphrase)760 _libssh2_rsa_new_private_frommemory(libssh2_rsa_ctx ** rsa,
761 LIBSSH2_SESSION * session,
762 const char *filedata, size_t filedata_len,
763 unsigned const char *passphrase)
764 {
765 int rc;
766
767 pem_read_bio_func read_rsa =
768 (pem_read_bio_func) &PEM_read_bio_RSAPrivateKey;
769
770 _libssh2_init_if_needed();
771
772 rc = read_private_key_from_memory((void **) rsa, read_rsa,
773 filedata, filedata_len, passphrase);
774
775 if(rc) {
776 rc = read_openssh_private_key_from_memory((void **)rsa, session,
777 "ssh-rsa", filedata, filedata_len, passphrase);
778 }
779
780 return rc;
781 }
782
783 static unsigned char *
gen_publickey_from_rsa(LIBSSH2_SESSION * session,RSA * rsa,size_t * key_len)784 gen_publickey_from_rsa(LIBSSH2_SESSION *session, RSA *rsa,
785 size_t *key_len)
786 {
787 int e_bytes, n_bytes;
788 unsigned long len;
789 unsigned char *key;
790 unsigned char *p;
791 const BIGNUM * e;
792 const BIGNUM * n;
793 #ifdef HAVE_OPAQUE_STRUCTS
794 RSA_get0_key(rsa, &n, &e, NULL);
795 #else
796 e = rsa->e;
797 n = rsa->n;
798 #endif
799 e_bytes = BN_num_bytes(e) + 1;
800 n_bytes = BN_num_bytes(n) + 1;
801
802 /* Key form is "ssh-rsa" + e + n. */
803 len = 4 + 7 + 4 + e_bytes + 4 + n_bytes;
804
805 key = LIBSSH2_ALLOC(session, len);
806 if(key == NULL) {
807 return NULL;
808 }
809
810 /* Process key encoding. */
811 p = key;
812
813 _libssh2_htonu32(p, 7); /* Key type. */
814 p += 4;
815 memcpy(p, "ssh-rsa", 7);
816 p += 7;
817
818 p = write_bn(p, e, e_bytes);
819 p = write_bn(p, n, n_bytes);
820
821 *key_len = (size_t)(p - key);
822 return key;
823 }
824
825 static int
gen_publickey_from_rsa_evp(LIBSSH2_SESSION * session,unsigned char ** method,size_t * method_len,unsigned char ** pubkeydata,size_t * pubkeydata_len,EVP_PKEY * pk)826 gen_publickey_from_rsa_evp(LIBSSH2_SESSION *session,
827 unsigned char **method,
828 size_t *method_len,
829 unsigned char **pubkeydata,
830 size_t *pubkeydata_len,
831 EVP_PKEY *pk)
832 {
833 RSA* rsa = NULL;
834 unsigned char *key;
835 unsigned char *method_buf = NULL;
836 size_t key_len;
837
838 _libssh2_debug(session,
839 LIBSSH2_TRACE_AUTH,
840 "Computing public key from RSA private key envelope");
841
842 rsa = EVP_PKEY_get1_RSA(pk);
843 if(rsa == NULL) {
844 /* Assume memory allocation error... what else could it be ? */
845 goto __alloc_error;
846 }
847
848 method_buf = LIBSSH2_ALLOC(session, 7); /* ssh-rsa. */
849 if(method_buf == NULL) {
850 goto __alloc_error;
851 }
852
853 key = gen_publickey_from_rsa(session, rsa, &key_len);
854 if(key == NULL) {
855 goto __alloc_error;
856 }
857 RSA_free(rsa);
858
859 memcpy(method_buf, "ssh-rsa", 7);
860 *method = method_buf;
861 *method_len = 7;
862 *pubkeydata = key;
863 *pubkeydata_len = key_len;
864 return 0;
865
866 __alloc_error:
867 if(rsa != NULL) {
868 RSA_free(rsa);
869 }
870 if(method_buf != NULL) {
871 LIBSSH2_FREE(session, method_buf);
872 }
873
874 return _libssh2_error(session,
875 LIBSSH2_ERROR_ALLOC,
876 "Unable to allocate memory for private key data");
877 }
878
_libssh2_rsa_new_additional_parameters(RSA * rsa)879 static int _libssh2_rsa_new_additional_parameters(RSA *rsa)
880 {
881 BN_CTX *ctx = NULL;
882 BIGNUM *aux = NULL;
883 BIGNUM *dmp1 = NULL;
884 BIGNUM *dmq1 = NULL;
885 const BIGNUM *p = NULL;
886 const BIGNUM *q = NULL;
887 const BIGNUM *d = NULL;
888 int rc = 0;
889
890 #ifdef HAVE_OPAQUE_STRUCTS
891 RSA_get0_key(rsa, NULL, NULL, &d);
892 RSA_get0_factors(rsa, &p, &q);
893 #else
894 d = (*rsa).d;
895 p = (*rsa).p;
896 q = (*rsa).q;
897 #endif
898
899 ctx = BN_CTX_new();
900 if(ctx == NULL)
901 return -1;
902
903 aux = BN_new();
904 if(aux == NULL) {
905 rc = -1;
906 goto out;
907 }
908
909 dmp1 = BN_new();
910 if(dmp1 == NULL) {
911 rc = -1;
912 goto out;
913 }
914
915 dmq1 = BN_new();
916 if(dmq1 == NULL) {
917 rc = -1;
918 goto out;
919 }
920
921 if((BN_sub(aux, q, BN_value_one()) == 0) ||
922 (BN_mod(dmq1, d, aux, ctx) == 0) ||
923 (BN_sub(aux, p, BN_value_one()) == 0) ||
924 (BN_mod(dmp1, d, aux, ctx) == 0)) {
925 rc = -1;
926 goto out;
927 }
928
929 #ifdef HAVE_OPAQUE_STRUCTS
930 RSA_set0_crt_params(rsa, dmp1, dmq1, NULL);
931 #else
932 (*rsa).dmp1 = dmp1;
933 (*rsa).dmq1 = dmq1;
934 #endif
935
936 out:
937 if(aux)
938 BN_clear_free(aux);
939 BN_CTX_free(ctx);
940
941 if(rc != 0) {
942 if(dmp1)
943 BN_clear_free(dmp1);
944 if(dmq1)
945 BN_clear_free(dmq1);
946 }
947
948 return rc;
949 }
950
951 static int
gen_publickey_from_rsa_openssh_priv_data(LIBSSH2_SESSION * session,struct string_buf * decrypted,unsigned char ** method,size_t * method_len,unsigned char ** pubkeydata,size_t * pubkeydata_len,libssh2_rsa_ctx ** rsa_ctx)952 gen_publickey_from_rsa_openssh_priv_data(LIBSSH2_SESSION *session,
953 struct string_buf *decrypted,
954 unsigned char **method,
955 size_t *method_len,
956 unsigned char **pubkeydata,
957 size_t *pubkeydata_len,
958 libssh2_rsa_ctx **rsa_ctx)
959 {
960 int rc = 0;
961 size_t nlen, elen, dlen, plen, qlen, coefflen, commentlen;
962 unsigned char *n, *e, *d, *p, *q, *coeff, *comment;
963 RSA *rsa = NULL;
964
965 _libssh2_debug(session,
966 LIBSSH2_TRACE_AUTH,
967 "Computing RSA keys from private key data");
968
969 /* public key data */
970 if(_libssh2_get_bignum_bytes(decrypted, &n, &nlen)) {
971 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
972 "RSA no n");
973 return -1;
974 }
975
976 if(_libssh2_get_bignum_bytes(decrypted, &e, &elen)) {
977 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
978 "RSA no e");
979 return -1;
980 }
981
982 /* private key data */
983 if(_libssh2_get_bignum_bytes(decrypted, &d, &dlen)) {
984 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
985 "RSA no d");
986 return -1;
987 }
988
989 if(_libssh2_get_bignum_bytes(decrypted, &coeff, &coefflen)) {
990 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
991 "RSA no coeff");
992 return -1;
993 }
994
995 if(_libssh2_get_bignum_bytes(decrypted, &p, &plen)) {
996 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
997 "RSA no p");
998 return -1;
999 }
1000
1001 if(_libssh2_get_bignum_bytes(decrypted, &q, &qlen)) {
1002 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1003 "RSA no q");
1004 return -1;
1005 }
1006
1007 if(_libssh2_get_string(decrypted, &comment, &commentlen)) {
1008 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1009 "RSA no comment");
1010 return -1;
1011 }
1012
1013 if((rc = _libssh2_rsa_new(&rsa, e, elen, n, nlen, d, dlen, p, plen,
1014 q, qlen, NULL, 0, NULL, 0,
1015 coeff, coefflen)) != 0) {
1016 _libssh2_debug(session,
1017 LIBSSH2_TRACE_AUTH,
1018 "Could not create RSA private key");
1019 goto fail;
1020 }
1021
1022 if(rsa != NULL)
1023 rc = _libssh2_rsa_new_additional_parameters(rsa);
1024
1025 if(rsa != NULL && pubkeydata != NULL && method != NULL) {
1026 EVP_PKEY *pk = EVP_PKEY_new();
1027 EVP_PKEY_set1_RSA(pk, rsa);
1028
1029 rc = gen_publickey_from_rsa_evp(session, method, method_len,
1030 pubkeydata, pubkeydata_len,
1031 pk);
1032
1033 if(pk)
1034 EVP_PKEY_free(pk);
1035 }
1036
1037 if(rsa_ctx != NULL)
1038 *rsa_ctx = rsa;
1039 else
1040 RSA_free(rsa);
1041
1042 return rc;
1043
1044 fail:
1045
1046 if(rsa != NULL)
1047 RSA_free(rsa);
1048
1049 return _libssh2_error(session,
1050 LIBSSH2_ERROR_ALLOC,
1051 "Unable to allocate memory for private key data");
1052 }
1053
1054 static int
_libssh2_rsa_new_openssh_private(libssh2_rsa_ctx ** rsa,LIBSSH2_SESSION * session,const char * filename,unsigned const char * passphrase)1055 _libssh2_rsa_new_openssh_private(libssh2_rsa_ctx ** rsa,
1056 LIBSSH2_SESSION * session,
1057 const char *filename,
1058 unsigned const char *passphrase)
1059 {
1060 FILE *fp;
1061 int rc;
1062 unsigned char *buf = NULL;
1063 struct string_buf *decrypted = NULL;
1064
1065 if(session == NULL) {
1066 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1067 "Session is required");
1068 return -1;
1069 }
1070
1071 _libssh2_init_if_needed();
1072
1073 fp = fopen(filename, "r");
1074 if(!fp) {
1075 _libssh2_error(session, LIBSSH2_ERROR_FILE,
1076 "Unable to open OpenSSH RSA private key file");
1077 return -1;
1078 }
1079
1080 rc = _libssh2_openssh_pem_parse(session, passphrase, fp, &decrypted);
1081 fclose(fp);
1082 if(rc) {
1083 return rc;
1084 }
1085
1086 /* We have a new key file, now try and parse it using supported types */
1087 rc = _libssh2_get_string(decrypted, &buf, NULL);
1088
1089 if(rc != 0 || buf == NULL) {
1090 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1091 "Public key type in decrypted key data not found");
1092 return -1;
1093 }
1094
1095 if(strcmp("ssh-rsa", (const char *)buf) == 0) {
1096 rc = gen_publickey_from_rsa_openssh_priv_data(session, decrypted,
1097 NULL, 0,
1098 NULL, 0, rsa);
1099 }
1100 else {
1101 rc = -1;
1102 }
1103
1104 if(decrypted)
1105 _libssh2_string_buf_free(session, decrypted);
1106
1107 return rc;
1108 }
1109
1110 int
_libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,LIBSSH2_SESSION * session,const char * filename,unsigned const char * passphrase)1111 _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
1112 LIBSSH2_SESSION * session,
1113 const char *filename, unsigned const char *passphrase)
1114 {
1115 int rc;
1116
1117 pem_read_bio_func read_rsa =
1118 (pem_read_bio_func) &PEM_read_bio_RSAPrivateKey;
1119
1120 _libssh2_init_if_needed();
1121
1122 rc = read_private_key_from_file((void **) rsa, read_rsa,
1123 filename, passphrase);
1124
1125 if(rc) {
1126 rc = _libssh2_rsa_new_openssh_private(rsa, session,
1127 filename, passphrase);
1128 }
1129
1130 return rc;
1131 }
1132
1133 #if LIBSSH2_DSA
1134 int
_libssh2_dsa_new_private_frommemory(libssh2_dsa_ctx ** dsa,LIBSSH2_SESSION * session,const char * filedata,size_t filedata_len,unsigned const char * passphrase)1135 _libssh2_dsa_new_private_frommemory(libssh2_dsa_ctx ** dsa,
1136 LIBSSH2_SESSION * session,
1137 const char *filedata, size_t filedata_len,
1138 unsigned const char *passphrase)
1139 {
1140 int rc;
1141
1142 pem_read_bio_func read_dsa =
1143 (pem_read_bio_func) &PEM_read_bio_DSAPrivateKey;
1144
1145 _libssh2_init_if_needed();
1146
1147 rc = read_private_key_from_memory((void **)dsa, read_dsa,
1148 filedata, filedata_len, passphrase);
1149
1150 if(rc) {
1151 rc = read_openssh_private_key_from_memory((void **)dsa, session,
1152 "ssh-dsa", filedata, filedata_len, passphrase);
1153 }
1154
1155 return rc;
1156 }
1157
1158 static unsigned char *
gen_publickey_from_dsa(LIBSSH2_SESSION * session,DSA * dsa,size_t * key_len)1159 gen_publickey_from_dsa(LIBSSH2_SESSION* session, DSA *dsa,
1160 size_t *key_len)
1161 {
1162 int p_bytes, q_bytes, g_bytes, k_bytes;
1163 unsigned long len;
1164 unsigned char *key;
1165 unsigned char *p;
1166
1167 const BIGNUM * p_bn;
1168 const BIGNUM * q;
1169 const BIGNUM * g;
1170 const BIGNUM * pub_key;
1171 #ifdef HAVE_OPAQUE_STRUCTS
1172 DSA_get0_pqg(dsa, &p_bn, &q, &g);
1173 #else
1174 p_bn = dsa->p;
1175 q = dsa->q;
1176 g = dsa->g;
1177 #endif
1178
1179 #ifdef HAVE_OPAQUE_STRUCTS
1180 DSA_get0_key(dsa, &pub_key, NULL);
1181 #else
1182 pub_key = dsa->pub_key;
1183 #endif
1184 p_bytes = BN_num_bytes(p_bn) + 1;
1185 q_bytes = BN_num_bytes(q) + 1;
1186 g_bytes = BN_num_bytes(g) + 1;
1187 k_bytes = BN_num_bytes(pub_key) + 1;
1188
1189 /* Key form is "ssh-dss" + p + q + g + pub_key. */
1190 len = 4 + 7 + 4 + p_bytes + 4 + q_bytes + 4 + g_bytes + 4 + k_bytes;
1191
1192 key = LIBSSH2_ALLOC(session, len);
1193 if(key == NULL) {
1194 return NULL;
1195 }
1196
1197 /* Process key encoding. */
1198 p = key;
1199
1200 _libssh2_htonu32(p, 7); /* Key type. */
1201 p += 4;
1202 memcpy(p, "ssh-dss", 7);
1203 p += 7;
1204
1205 p = write_bn(p, p_bn, p_bytes);
1206 p = write_bn(p, q, q_bytes);
1207 p = write_bn(p, g, g_bytes);
1208 p = write_bn(p, pub_key, k_bytes);
1209
1210 *key_len = (size_t)(p - key);
1211 return key;
1212 }
1213
1214 static int
gen_publickey_from_dsa_evp(LIBSSH2_SESSION * session,unsigned char ** method,size_t * method_len,unsigned char ** pubkeydata,size_t * pubkeydata_len,EVP_PKEY * pk)1215 gen_publickey_from_dsa_evp(LIBSSH2_SESSION *session,
1216 unsigned char **method,
1217 size_t *method_len,
1218 unsigned char **pubkeydata,
1219 size_t *pubkeydata_len,
1220 EVP_PKEY *pk)
1221 {
1222 DSA* dsa = NULL;
1223 unsigned char *key;
1224 unsigned char *method_buf = NULL;
1225 size_t key_len;
1226
1227 _libssh2_debug(session,
1228 LIBSSH2_TRACE_AUTH,
1229 "Computing public key from DSA private key envelope");
1230
1231 dsa = EVP_PKEY_get1_DSA(pk);
1232 if(dsa == NULL) {
1233 /* Assume memory allocation error... what else could it be ? */
1234 goto __alloc_error;
1235 }
1236
1237 method_buf = LIBSSH2_ALLOC(session, 7); /* ssh-dss. */
1238 if(method_buf == NULL) {
1239 goto __alloc_error;
1240 }
1241
1242 key = gen_publickey_from_dsa(session, dsa, &key_len);
1243 if(key == NULL) {
1244 goto __alloc_error;
1245 }
1246 DSA_free(dsa);
1247
1248 memcpy(method_buf, "ssh-dss", 7);
1249 *method = method_buf;
1250 *method_len = 7;
1251 *pubkeydata = key;
1252 *pubkeydata_len = key_len;
1253 return 0;
1254
1255 __alloc_error:
1256 if(dsa != NULL) {
1257 DSA_free(dsa);
1258 }
1259 if(method_buf != NULL) {
1260 LIBSSH2_FREE(session, method_buf);
1261 }
1262
1263 return _libssh2_error(session,
1264 LIBSSH2_ERROR_ALLOC,
1265 "Unable to allocate memory for private key data");
1266 }
1267
1268 static int
gen_publickey_from_dsa_openssh_priv_data(LIBSSH2_SESSION * session,struct string_buf * decrypted,unsigned char ** method,size_t * method_len,unsigned char ** pubkeydata,size_t * pubkeydata_len,libssh2_dsa_ctx ** dsa_ctx)1269 gen_publickey_from_dsa_openssh_priv_data(LIBSSH2_SESSION *session,
1270 struct string_buf *decrypted,
1271 unsigned char **method,
1272 size_t *method_len,
1273 unsigned char **pubkeydata,
1274 size_t *pubkeydata_len,
1275 libssh2_dsa_ctx **dsa_ctx)
1276 {
1277 int rc = 0;
1278 size_t plen, qlen, glen, pub_len, priv_len;
1279 unsigned char *p, *q, *g, *pub_key, *priv_key;
1280 DSA *dsa = NULL;
1281
1282 _libssh2_debug(session,
1283 LIBSSH2_TRACE_AUTH,
1284 "Computing DSA keys from private key data");
1285
1286 if(_libssh2_get_bignum_bytes(decrypted, &p, &plen)) {
1287 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1288 "DSA no p");
1289 return -1;
1290 }
1291
1292 if(_libssh2_get_bignum_bytes(decrypted, &q, &qlen)) {
1293 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1294 "DSA no q");
1295 return -1;
1296 }
1297
1298 if(_libssh2_get_bignum_bytes(decrypted, &g, &glen)) {
1299 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1300 "DSA no g");
1301 return -1;
1302 }
1303
1304 if(_libssh2_get_bignum_bytes(decrypted, &pub_key, &pub_len)) {
1305 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1306 "DSA no public key");
1307 return -1;
1308 }
1309
1310 if(_libssh2_get_bignum_bytes(decrypted, &priv_key, &priv_len)) {
1311 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1312 "DSA no private key");
1313 return -1;
1314 }
1315
1316 rc = _libssh2_dsa_new(&dsa, p, plen, q, qlen, g, glen, pub_key, pub_len,
1317 priv_key, priv_len);
1318 if(rc != 0) {
1319 _libssh2_debug(session,
1320 LIBSSH2_ERROR_PROTO,
1321 "Could not create DSA private key");
1322 goto fail;
1323 }
1324
1325 if(dsa != NULL && pubkeydata != NULL && method != NULL) {
1326 EVP_PKEY *pk = EVP_PKEY_new();
1327 EVP_PKEY_set1_DSA(pk, dsa);
1328
1329 rc = gen_publickey_from_dsa_evp(session, method, method_len,
1330 pubkeydata, pubkeydata_len,
1331 pk);
1332
1333 if(pk)
1334 EVP_PKEY_free(pk);
1335 }
1336
1337 if(dsa_ctx != NULL)
1338 *dsa_ctx = dsa;
1339 else
1340 DSA_free(dsa);
1341
1342 return rc;
1343
1344 fail:
1345
1346 if(dsa != NULL)
1347 DSA_free(dsa);
1348
1349 return _libssh2_error(session,
1350 LIBSSH2_ERROR_ALLOC,
1351 "Unable to allocate memory for private key data");
1352 }
1353
1354 static int
_libssh2_dsa_new_openssh_private(libssh2_dsa_ctx ** dsa,LIBSSH2_SESSION * session,const char * filename,unsigned const char * passphrase)1355 _libssh2_dsa_new_openssh_private(libssh2_dsa_ctx ** dsa,
1356 LIBSSH2_SESSION * session,
1357 const char *filename,
1358 unsigned const char *passphrase)
1359 {
1360 FILE *fp;
1361 int rc;
1362 unsigned char *buf = NULL;
1363 struct string_buf *decrypted = NULL;
1364
1365 if(session == NULL) {
1366 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1367 "Session is required");
1368 return -1;
1369 }
1370
1371 _libssh2_init_if_needed();
1372
1373 fp = fopen(filename, "r");
1374 if(!fp) {
1375 _libssh2_error(session, LIBSSH2_ERROR_FILE,
1376 "Unable to open OpenSSH DSA private key file");
1377 return -1;
1378 }
1379
1380 rc = _libssh2_openssh_pem_parse(session, passphrase, fp, &decrypted);
1381 fclose(fp);
1382 if(rc) {
1383 return rc;
1384 }
1385
1386 /* We have a new key file, now try and parse it using supported types */
1387 rc = _libssh2_get_string(decrypted, &buf, NULL);
1388
1389 if(rc != 0 || buf == NULL) {
1390 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1391 "Public key type in decrypted key data not found");
1392 return -1;
1393 }
1394
1395 if(strcmp("ssh-dss", (const char *)buf) == 0) {
1396 rc = gen_publickey_from_dsa_openssh_priv_data(session, decrypted,
1397 NULL, 0,
1398 NULL, 0, dsa);
1399 }
1400 else {
1401 rc = -1;
1402 }
1403
1404 if(decrypted)
1405 _libssh2_string_buf_free(session, decrypted);
1406
1407 return rc;
1408 }
1409
1410 int
_libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,LIBSSH2_SESSION * session,const char * filename,unsigned const char * passphrase)1411 _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
1412 LIBSSH2_SESSION * session,
1413 const char *filename, unsigned const char *passphrase)
1414 {
1415 int rc;
1416
1417 pem_read_bio_func read_dsa =
1418 (pem_read_bio_func) &PEM_read_bio_DSAPrivateKey;
1419
1420 _libssh2_init_if_needed();
1421
1422 rc = read_private_key_from_file((void **) dsa, read_dsa,
1423 filename, passphrase);
1424
1425 if(rc) {
1426 rc = _libssh2_dsa_new_openssh_private(dsa, session,
1427 filename, passphrase);
1428 }
1429
1430 return rc;
1431 }
1432
1433 #endif /* LIBSSH_DSA */
1434
1435 #if LIBSSH2_ECDSA
1436
1437 int
_libssh2_ecdsa_new_private_frommemory(libssh2_ecdsa_ctx ** ec_ctx,LIBSSH2_SESSION * session,const char * filedata,size_t filedata_len,unsigned const char * passphrase)1438 _libssh2_ecdsa_new_private_frommemory(libssh2_ecdsa_ctx ** ec_ctx,
1439 LIBSSH2_SESSION * session,
1440 const char *filedata, size_t filedata_len,
1441 unsigned const char *passphrase)
1442 {
1443 int rc;
1444
1445 pem_read_bio_func read_ec =
1446 (pem_read_bio_func) &PEM_read_bio_ECPrivateKey;
1447
1448 _libssh2_init_if_needed();
1449
1450 rc = read_private_key_from_memory((void **) ec_ctx, read_ec,
1451 filedata, filedata_len, passphrase);
1452
1453 if(rc) {
1454 rc = read_openssh_private_key_from_memory((void **)ec_ctx, session,
1455 "ssh-ecdsa", filedata,
1456 filedata_len, passphrase);
1457 }
1458
1459 return rc;
1460 }
1461
1462 #endif /* LIBSSH2_ECDSA */
1463
1464
1465 #if LIBSSH2_ED25519
1466
1467 int
_libssh2_curve25519_new(LIBSSH2_SESSION * session,unsigned char ** out_public_key,unsigned char ** out_private_key)1468 _libssh2_curve25519_new(LIBSSH2_SESSION *session,
1469 unsigned char **out_public_key,
1470 unsigned char **out_private_key)
1471 {
1472 EVP_PKEY *key = NULL;
1473 EVP_PKEY_CTX *pctx = NULL;
1474 unsigned char *priv = NULL, *pub = NULL;
1475 size_t privLen, pubLen;
1476 int rc = -1;
1477
1478 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_X25519, NULL);
1479 if(pctx == NULL)
1480 return -1;
1481
1482 if(EVP_PKEY_keygen_init(pctx) != 1 ||
1483 EVP_PKEY_keygen(pctx, &key) != 1) {
1484 goto cleanExit;
1485 }
1486
1487 if(out_private_key != NULL) {
1488 privLen = LIBSSH2_ED25519_KEY_LEN;
1489 priv = LIBSSH2_ALLOC(session, privLen);
1490 if(priv == NULL)
1491 goto cleanExit;
1492
1493 if(EVP_PKEY_get_raw_private_key(key, priv, &privLen) != 1 ||
1494 privLen != LIBSSH2_ED25519_KEY_LEN) {
1495 goto cleanExit;
1496 }
1497
1498 *out_private_key = priv;
1499 priv = NULL;
1500 }
1501
1502 if(out_public_key != NULL) {
1503 pubLen = LIBSSH2_ED25519_KEY_LEN;
1504 pub = LIBSSH2_ALLOC(session, pubLen);
1505 if(pub == NULL)
1506 goto cleanExit;
1507
1508 if(EVP_PKEY_get_raw_public_key(key, pub, &pubLen) != 1 ||
1509 pubLen != LIBSSH2_ED25519_KEY_LEN) {
1510 goto cleanExit;
1511 }
1512
1513 *out_public_key = pub;
1514 pub = NULL;
1515 }
1516
1517 /* success */
1518 rc = 0;
1519
1520 cleanExit:
1521
1522 if(pctx)
1523 EVP_PKEY_CTX_free(pctx);
1524 if(key)
1525 EVP_PKEY_free(key);
1526 if(priv)
1527 LIBSSH2_FREE(session, priv);
1528 if(pub)
1529 LIBSSH2_FREE(session, pub);
1530
1531 return rc;
1532 }
1533
1534
1535 static int
gen_publickey_from_ed_evp(LIBSSH2_SESSION * session,unsigned char ** method,size_t * method_len,unsigned char ** pubkeydata,size_t * pubkeydata_len,EVP_PKEY * pk)1536 gen_publickey_from_ed_evp(LIBSSH2_SESSION *session,
1537 unsigned char **method,
1538 size_t *method_len,
1539 unsigned char **pubkeydata,
1540 size_t *pubkeydata_len,
1541 EVP_PKEY *pk)
1542 {
1543 const char methodName[] = "ssh-ed25519";
1544 unsigned char *methodBuf = NULL;
1545 size_t rawKeyLen = 0;
1546 unsigned char *keyBuf = NULL;
1547 size_t bufLen = 0;
1548 unsigned char *bufPos = NULL;
1549
1550 _libssh2_debug(session, LIBSSH2_TRACE_AUTH,
1551 "Computing public key from ED private key envelope");
1552
1553 methodBuf = LIBSSH2_ALLOC(session, sizeof(methodName) - 1);
1554 if(!methodBuf) {
1555 _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
1556 "Unable to allocate memory for private key data");
1557 goto fail;
1558 }
1559 memcpy(methodBuf, methodName, sizeof(methodName) - 1);
1560
1561 if(EVP_PKEY_get_raw_public_key(pk, NULL, &rawKeyLen) != 1) {
1562 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1563 "EVP_PKEY_get_raw_public_key failed");
1564 goto fail;
1565 }
1566
1567 /* Key form is: type_len(4) + type(11) + pub_key_len(4) + pub_key(32). */
1568 bufLen = 4 + sizeof(methodName) - 1 + 4 + rawKeyLen;
1569 bufPos = keyBuf = LIBSSH2_ALLOC(session, bufLen);
1570 if(!keyBuf) {
1571 _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
1572 "Unable to allocate memory for private key data");
1573 goto fail;
1574 }
1575
1576 _libssh2_store_str(&bufPos, methodName, sizeof(methodName) - 1);
1577 _libssh2_store_u32(&bufPos, rawKeyLen);
1578
1579 if(EVP_PKEY_get_raw_public_key(pk, bufPos, &rawKeyLen) != 1) {
1580 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1581 "EVP_PKEY_get_raw_public_key failed");
1582 goto fail;
1583 }
1584
1585 *method = methodBuf;
1586 *method_len = sizeof(methodName) - 1;
1587 *pubkeydata = keyBuf;
1588 *pubkeydata_len = bufLen;
1589 return 0;
1590
1591 fail:
1592 if(methodBuf)
1593 LIBSSH2_FREE(session, methodBuf);
1594 if(keyBuf)
1595 LIBSSH2_FREE(session, keyBuf);
1596 return -1;
1597 }
1598
1599
1600 static int
gen_publickey_from_ed25519_openssh_priv_data(LIBSSH2_SESSION * session,struct string_buf * decrypted,unsigned char ** method,size_t * method_len,unsigned char ** pubkeydata,size_t * pubkeydata_len,libssh2_ed25519_ctx ** out_ctx)1601 gen_publickey_from_ed25519_openssh_priv_data(LIBSSH2_SESSION *session,
1602 struct string_buf *decrypted,
1603 unsigned char **method,
1604 size_t *method_len,
1605 unsigned char **pubkeydata,
1606 size_t *pubkeydata_len,
1607 libssh2_ed25519_ctx **out_ctx)
1608 {
1609 libssh2_ed25519_ctx *ctx = NULL;
1610 unsigned char *method_buf = NULL;
1611 unsigned char *key = NULL;
1612 int i, ret = 0;
1613 unsigned char *pub_key, *priv_key, *buf;
1614 size_t key_len = 0, tmp_len = 0;
1615 unsigned char *p;
1616
1617 _libssh2_debug(session,
1618 LIBSSH2_TRACE_AUTH,
1619 "Computing ED25519 keys from private key data");
1620
1621 if(_libssh2_get_string(decrypted, &pub_key, &tmp_len) ||
1622 tmp_len != LIBSSH2_ED25519_KEY_LEN) {
1623 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1624 "Wrong public key length");
1625 return -1;
1626 }
1627
1628 if(_libssh2_get_string(decrypted, &priv_key, &tmp_len) ||
1629 tmp_len != LIBSSH2_ED25519_PRIVATE_KEY_LEN) {
1630 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1631 "Wrong private key length");
1632 ret = -1;
1633 goto clean_exit;
1634 }
1635
1636 /* first 32 bytes of priv_key is the private key, the last 32 bytes are
1637 the public key */
1638 ctx = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, NULL,
1639 (const unsigned char *)priv_key,
1640 LIBSSH2_ED25519_KEY_LEN);
1641
1642 /* comment */
1643 if(_libssh2_get_string(decrypted, &buf, &tmp_len)) {
1644 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1645 "Unable to read comment");
1646 ret = -1;
1647 goto clean_exit;
1648 }
1649
1650 if(tmp_len > 0) {
1651 unsigned char *comment = LIBSSH2_CALLOC(session, tmp_len + 1);
1652 if(comment != NULL) {
1653 memcpy(comment, buf, tmp_len);
1654 memcpy(comment + tmp_len, "\0", 1);
1655
1656 _libssh2_debug(session, LIBSSH2_TRACE_AUTH, "Key comment: %s",
1657 comment);
1658
1659 LIBSSH2_FREE(session, comment);
1660 }
1661 }
1662
1663 /* Padding */
1664 i = 1;
1665 while(decrypted->dataptr < decrypted->data + decrypted->len) {
1666 if(*decrypted->dataptr != i) {
1667 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1668 "Wrong padding");
1669 ret = -1;
1670 goto clean_exit;
1671 }
1672 i++;
1673 decrypted->dataptr++;
1674 }
1675
1676 if(ret == 0) {
1677 _libssh2_debug(session,
1678 LIBSSH2_TRACE_AUTH,
1679 "Computing public key from ED25519 "
1680 "private key envelope");
1681
1682 method_buf = LIBSSH2_ALLOC(session, 11); /* ssh-ed25519. */
1683 if(method_buf == NULL) {
1684 goto clean_exit;
1685 }
1686
1687 /* Key form is: type_len(4) + type(11) + pub_key_len(4) +
1688 pub_key(32). */
1689 key_len = LIBSSH2_ED25519_KEY_LEN + 19;
1690 key = LIBSSH2_CALLOC(session, key_len);
1691 if(key == NULL) {
1692 goto clean_exit;
1693 }
1694
1695 p = key;
1696
1697 _libssh2_store_str(&p, "ssh-ed25519", 11);
1698 _libssh2_store_str(&p, (const char *)pub_key, LIBSSH2_ED25519_KEY_LEN);
1699
1700 memcpy(method_buf, "ssh-ed25519", 11);
1701
1702 if(method != NULL)
1703 *method = method_buf;
1704 else
1705 LIBSSH2_FREE(session, method_buf);
1706
1707 if(method_len != NULL)
1708 *method_len = 11;
1709
1710 if(pubkeydata != NULL)
1711 *pubkeydata = key;
1712 else
1713 LIBSSH2_FREE(session, key);
1714
1715 if(pubkeydata_len != NULL)
1716 *pubkeydata_len = key_len;
1717
1718 if(out_ctx != NULL)
1719 *out_ctx = ctx;
1720 else if(ctx != NULL)
1721 _libssh2_ed25519_free(ctx);
1722
1723 return 0;
1724 }
1725
1726 clean_exit:
1727
1728 if(ctx)
1729 _libssh2_ed25519_free(ctx);
1730
1731 if(method_buf)
1732 LIBSSH2_FREE(session, method_buf);
1733
1734 if(key)
1735 LIBSSH2_FREE(session, key);
1736
1737 return -1;
1738 }
1739
1740 int
_libssh2_ed25519_new_private(libssh2_ed25519_ctx ** ed_ctx,LIBSSH2_SESSION * session,const char * filename,const uint8_t * passphrase)1741 _libssh2_ed25519_new_private(libssh2_ed25519_ctx ** ed_ctx,
1742 LIBSSH2_SESSION * session,
1743 const char *filename, const uint8_t *passphrase)
1744 {
1745 int rc;
1746 FILE *fp;
1747 unsigned char *buf;
1748 struct string_buf *decrypted = NULL;
1749 libssh2_ed25519_ctx *ctx = NULL;
1750
1751 if(session == NULL) {
1752 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1753 "Session is required");
1754 return -1;
1755 }
1756
1757 _libssh2_init_if_needed();
1758
1759 fp = fopen(filename, "r");
1760 if(!fp) {
1761 _libssh2_error(session, LIBSSH2_ERROR_FILE,
1762 "Unable to open ED25519 private key file");
1763 return -1;
1764 }
1765
1766 rc = _libssh2_openssh_pem_parse(session, passphrase, fp, &decrypted);
1767 fclose(fp);
1768 if(rc) {
1769 return rc;
1770 }
1771
1772 /* We have a new key file, now try and parse it using supported types */
1773 rc = _libssh2_get_string(decrypted, &buf, NULL);
1774
1775 if(rc != 0 || buf == NULL) {
1776 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1777 "Public key type in decrypted key data not found");
1778 return -1;
1779 }
1780
1781 if(strcmp("ssh-ed25519", (const char *)buf) == 0) {
1782 rc = gen_publickey_from_ed25519_openssh_priv_data(session,
1783 decrypted,
1784 NULL,
1785 NULL,
1786 NULL,
1787 NULL,
1788 &ctx);
1789 }
1790 else {
1791 rc = -1;
1792 }
1793
1794 if(decrypted)
1795 _libssh2_string_buf_free(session, decrypted);
1796
1797 if(rc == 0) {
1798 if(ed_ctx != NULL)
1799 *ed_ctx = ctx;
1800 else if(ctx != NULL)
1801 _libssh2_ed25519_free(ctx);
1802 }
1803
1804 return rc;
1805 }
1806
1807 int
_libssh2_ed25519_new_private_frommemory(libssh2_ed25519_ctx ** ed_ctx,LIBSSH2_SESSION * session,const char * filedata,size_t filedata_len,unsigned const char * passphrase)1808 _libssh2_ed25519_new_private_frommemory(libssh2_ed25519_ctx ** ed_ctx,
1809 LIBSSH2_SESSION * session,
1810 const char *filedata,
1811 size_t filedata_len,
1812 unsigned const char *passphrase)
1813 {
1814 libssh2_ed25519_ctx *ctx = NULL;
1815
1816 _libssh2_init_if_needed();
1817
1818 if(read_private_key_from_memory((void **)&ctx,
1819 (pem_read_bio_func)
1820 &PEM_read_bio_PrivateKey,
1821 filedata, filedata_len, passphrase) == 0) {
1822 if(EVP_PKEY_id(ctx) != EVP_PKEY_ED25519) {
1823 _libssh2_ed25519_free(ctx);
1824 return _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1825 "Private key is not an ED25519 key");
1826 }
1827
1828 *ed_ctx = ctx;
1829 return 0;
1830 }
1831
1832 return read_openssh_private_key_from_memory((void **)ed_ctx, session,
1833 "ssh-ed25519",
1834 filedata, filedata_len,
1835 passphrase);
1836 }
1837
1838 int
_libssh2_ed25519_new_public(libssh2_ed25519_ctx ** ed_ctx,LIBSSH2_SESSION * session,const unsigned char * raw_pub_key,const uint8_t key_len)1839 _libssh2_ed25519_new_public(libssh2_ed25519_ctx ** ed_ctx,
1840 LIBSSH2_SESSION * session,
1841 const unsigned char *raw_pub_key,
1842 const uint8_t key_len)
1843 {
1844 libssh2_ed25519_ctx *ctx = NULL;
1845
1846 if(ed_ctx == NULL)
1847 return -1;
1848
1849 ctx = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL,
1850 raw_pub_key, key_len);
1851 if(!ctx)
1852 return _libssh2_error(session, LIBSSH2_ERROR_PROTO,
1853 "could not create ED25519 public key");
1854
1855 if(ed_ctx != NULL)
1856 *ed_ctx = ctx;
1857 else if(ctx)
1858 _libssh2_ed25519_free(ctx);
1859
1860 return 0;
1861 }
1862 #endif /* LIBSSH2_ED25519 */
1863
1864
1865 int
_libssh2_rsa_sha1_sign(LIBSSH2_SESSION * session,libssh2_rsa_ctx * rsactx,const unsigned char * hash,size_t hash_len,unsigned char ** signature,size_t * signature_len)1866 _libssh2_rsa_sha1_sign(LIBSSH2_SESSION * session,
1867 libssh2_rsa_ctx * rsactx,
1868 const unsigned char *hash,
1869 size_t hash_len,
1870 unsigned char **signature, size_t *signature_len)
1871 {
1872 int ret;
1873 unsigned char *sig;
1874 unsigned int sig_len;
1875
1876 sig_len = RSA_size(rsactx);
1877 sig = LIBSSH2_ALLOC(session, sig_len);
1878
1879 if(!sig) {
1880 return -1;
1881 }
1882
1883 ret = RSA_sign(NID_sha1, hash, hash_len, sig, &sig_len, rsactx);
1884
1885 if(!ret) {
1886 LIBSSH2_FREE(session, sig);
1887 return -1;
1888 }
1889
1890 *signature = sig;
1891 *signature_len = sig_len;
1892
1893 return 0;
1894 }
1895
1896 #if LIBSSH2_DSA
1897 int
_libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,const unsigned char * hash,unsigned long hash_len,unsigned char * signature)1898 _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
1899 const unsigned char *hash,
1900 unsigned long hash_len, unsigned char *signature)
1901 {
1902 DSA_SIG *sig;
1903 const BIGNUM * r;
1904 const BIGNUM * s;
1905 int r_len, s_len;
1906 (void) hash_len;
1907
1908 sig = DSA_do_sign(hash, SHA_DIGEST_LENGTH, dsactx);
1909 if(!sig) {
1910 return -1;
1911 }
1912
1913 #ifdef HAVE_OPAQUE_STRUCTS
1914 DSA_SIG_get0(sig, &r, &s);
1915 #else
1916 r = sig->r;
1917 s = sig->s;
1918 #endif
1919 r_len = BN_num_bytes(r);
1920 if(r_len < 1 || r_len > 20) {
1921 DSA_SIG_free(sig);
1922 return -1;
1923 }
1924 s_len = BN_num_bytes(s);
1925 if(s_len < 1 || s_len > 20) {
1926 DSA_SIG_free(sig);
1927 return -1;
1928 }
1929
1930 memset(signature, 0, 40);
1931
1932 BN_bn2bin(r, signature + (20 - r_len));
1933 BN_bn2bin(s, signature + 20 + (20 - s_len));
1934
1935 DSA_SIG_free(sig);
1936
1937 return 0;
1938 }
1939 #endif /* LIBSSH_DSA */
1940
1941 #if LIBSSH2_ECDSA
1942
1943 int
_libssh2_ecdsa_sign(LIBSSH2_SESSION * session,libssh2_ecdsa_ctx * ec_ctx,const unsigned char * hash,unsigned long hash_len,unsigned char ** signature,size_t * signature_len)1944 _libssh2_ecdsa_sign(LIBSSH2_SESSION * session, libssh2_ecdsa_ctx * ec_ctx,
1945 const unsigned char *hash, unsigned long hash_len,
1946 unsigned char **signature, size_t *signature_len)
1947 {
1948 int r_len, s_len;
1949 int rc = 0;
1950 size_t out_buffer_len = 0;
1951 unsigned char *sp;
1952 const BIGNUM *pr = NULL, *ps = NULL;
1953 unsigned char *temp_buffer = NULL;
1954 unsigned char *out_buffer = NULL;
1955
1956 ECDSA_SIG *sig = ECDSA_do_sign(hash, hash_len, ec_ctx);
1957 if(sig == NULL)
1958 return -1;
1959 #ifdef HAVE_OPAQUE_STRUCTS
1960 ECDSA_SIG_get0(sig, &pr, &ps);
1961 #else
1962 pr = sig->r;
1963 ps = sig->s;
1964 #endif
1965
1966 r_len = BN_num_bytes(pr) + 1;
1967 s_len = BN_num_bytes(ps) + 1;
1968
1969 temp_buffer = malloc(r_len + s_len + 8);
1970 if(temp_buffer == NULL) {
1971 rc = -1;
1972 goto clean_exit;
1973 }
1974
1975 sp = temp_buffer;
1976 sp = write_bn(sp, pr, r_len);
1977 sp = write_bn(sp, ps, s_len);
1978
1979 out_buffer_len = (size_t)(sp - temp_buffer);
1980
1981 out_buffer = LIBSSH2_CALLOC(session, out_buffer_len);
1982 if(out_buffer == NULL) {
1983 rc = -1;
1984 goto clean_exit;
1985 }
1986
1987 memcpy(out_buffer, temp_buffer, out_buffer_len);
1988
1989 *signature = out_buffer;
1990 *signature_len = out_buffer_len;
1991
1992 clean_exit:
1993
1994 if(temp_buffer != NULL)
1995 free(temp_buffer);
1996
1997 if(sig)
1998 ECDSA_SIG_free(sig);
1999
2000 return rc;
2001 }
2002 #endif /* LIBSSH2_ECDSA */
2003
2004 int
_libssh2_sha1_init(libssh2_sha1_ctx * ctx)2005 _libssh2_sha1_init(libssh2_sha1_ctx *ctx)
2006 {
2007 #ifdef HAVE_OPAQUE_STRUCTS
2008 *ctx = EVP_MD_CTX_new();
2009
2010 if(*ctx == NULL)
2011 return 0;
2012
2013 if(EVP_DigestInit(*ctx, EVP_get_digestbyname("sha1")))
2014 return 1;
2015
2016 EVP_MD_CTX_free(*ctx);
2017 *ctx = NULL;
2018
2019 return 0;
2020 #else
2021 EVP_MD_CTX_init(ctx);
2022 return EVP_DigestInit(ctx, EVP_get_digestbyname("sha1"));
2023 #endif
2024 }
2025
2026 int
_libssh2_sha1(const unsigned char * message,unsigned long len,unsigned char * out)2027 _libssh2_sha1(const unsigned char *message, unsigned long len,
2028 unsigned char *out)
2029 {
2030 #ifdef HAVE_OPAQUE_STRUCTS
2031 EVP_MD_CTX * ctx = EVP_MD_CTX_new();
2032
2033 if(ctx == NULL)
2034 return 1; /* error */
2035
2036 if(EVP_DigestInit(ctx, EVP_get_digestbyname("sha1"))) {
2037 EVP_DigestUpdate(ctx, message, len);
2038 EVP_DigestFinal(ctx, out, NULL);
2039 EVP_MD_CTX_free(ctx);
2040 return 0; /* success */
2041 }
2042 EVP_MD_CTX_free(ctx);
2043 #else
2044 EVP_MD_CTX ctx;
2045
2046 EVP_MD_CTX_init(&ctx);
2047 if(EVP_DigestInit(&ctx, EVP_get_digestbyname("sha1"))) {
2048 EVP_DigestUpdate(&ctx, message, len);
2049 EVP_DigestFinal(&ctx, out, NULL);
2050 return 0; /* success */
2051 }
2052 #endif
2053 return 1; /* error */
2054 }
2055
2056 int
_libssh2_sha256_init(libssh2_sha256_ctx * ctx)2057 _libssh2_sha256_init(libssh2_sha256_ctx *ctx)
2058 {
2059 #ifdef HAVE_OPAQUE_STRUCTS
2060 *ctx = EVP_MD_CTX_new();
2061
2062 if(*ctx == NULL)
2063 return 0;
2064
2065 if(EVP_DigestInit(*ctx, EVP_get_digestbyname("sha256")))
2066 return 1;
2067
2068 EVP_MD_CTX_free(*ctx);
2069 *ctx = NULL;
2070
2071 return 0;
2072 #else
2073 EVP_MD_CTX_init(ctx);
2074 return EVP_DigestInit(ctx, EVP_get_digestbyname("sha256"));
2075 #endif
2076 }
2077
2078 int
_libssh2_sha256(const unsigned char * message,unsigned long len,unsigned char * out)2079 _libssh2_sha256(const unsigned char *message, unsigned long len,
2080 unsigned char *out)
2081 {
2082 #ifdef HAVE_OPAQUE_STRUCTS
2083 EVP_MD_CTX * ctx = EVP_MD_CTX_new();
2084
2085 if(ctx == NULL)
2086 return 1; /* error */
2087
2088 if(EVP_DigestInit(ctx, EVP_get_digestbyname("sha256"))) {
2089 EVP_DigestUpdate(ctx, message, len);
2090 EVP_DigestFinal(ctx, out, NULL);
2091 EVP_MD_CTX_free(ctx);
2092 return 0; /* success */
2093 }
2094 EVP_MD_CTX_free(ctx);
2095 #else
2096 EVP_MD_CTX ctx;
2097
2098 EVP_MD_CTX_init(&ctx);
2099 if(EVP_DigestInit(&ctx, EVP_get_digestbyname("sha256"))) {
2100 EVP_DigestUpdate(&ctx, message, len);
2101 EVP_DigestFinal(&ctx, out, NULL);
2102 return 0; /* success */
2103 }
2104 #endif
2105 return 1; /* error */
2106 }
2107
2108 int
_libssh2_sha384_init(libssh2_sha384_ctx * ctx)2109 _libssh2_sha384_init(libssh2_sha384_ctx *ctx)
2110 {
2111 #ifdef HAVE_OPAQUE_STRUCTS
2112 *ctx = EVP_MD_CTX_new();
2113
2114 if(*ctx == NULL)
2115 return 0;
2116
2117 if(EVP_DigestInit(*ctx, EVP_get_digestbyname("sha384")))
2118 return 1;
2119
2120 EVP_MD_CTX_free(*ctx);
2121 *ctx = NULL;
2122
2123 return 0;
2124 #else
2125 EVP_MD_CTX_init(ctx);
2126 return EVP_DigestInit(ctx, EVP_get_digestbyname("sha384"));
2127 #endif
2128 }
2129
2130 int
_libssh2_sha384(const unsigned char * message,unsigned long len,unsigned char * out)2131 _libssh2_sha384(const unsigned char *message, unsigned long len,
2132 unsigned char *out)
2133 {
2134 #ifdef HAVE_OPAQUE_STRUCTS
2135 EVP_MD_CTX * ctx = EVP_MD_CTX_new();
2136
2137 if(ctx == NULL)
2138 return 1; /* error */
2139
2140 if(EVP_DigestInit(ctx, EVP_get_digestbyname("sha384"))) {
2141 EVP_DigestUpdate(ctx, message, len);
2142 EVP_DigestFinal(ctx, out, NULL);
2143 EVP_MD_CTX_free(ctx);
2144 return 0; /* success */
2145 }
2146 EVP_MD_CTX_free(ctx);
2147 #else
2148 EVP_MD_CTX ctx;
2149
2150 EVP_MD_CTX_init(&ctx);
2151 if(EVP_DigestInit(&ctx, EVP_get_digestbyname("sha384"))) {
2152 EVP_DigestUpdate(&ctx, message, len);
2153 EVP_DigestFinal(&ctx, out, NULL);
2154 return 0; /* success */
2155 }
2156 #endif
2157 return 1; /* error */
2158 }
2159
2160 int
_libssh2_sha512_init(libssh2_sha512_ctx * ctx)2161 _libssh2_sha512_init(libssh2_sha512_ctx *ctx)
2162 {
2163 #ifdef HAVE_OPAQUE_STRUCTS
2164 *ctx = EVP_MD_CTX_new();
2165
2166 if(*ctx == NULL)
2167 return 0;
2168
2169 if(EVP_DigestInit(*ctx, EVP_get_digestbyname("sha512")))
2170 return 1;
2171
2172 EVP_MD_CTX_free(*ctx);
2173 *ctx = NULL;
2174
2175 return 0;
2176 #else
2177 EVP_MD_CTX_init(ctx);
2178 return EVP_DigestInit(ctx, EVP_get_digestbyname("sha512"));
2179 #endif
2180 }
2181
2182 int
_libssh2_sha512(const unsigned char * message,unsigned long len,unsigned char * out)2183 _libssh2_sha512(const unsigned char *message, unsigned long len,
2184 unsigned char *out)
2185 {
2186 #ifdef HAVE_OPAQUE_STRUCTS
2187 EVP_MD_CTX * ctx = EVP_MD_CTX_new();
2188
2189 if(ctx == NULL)
2190 return 1; /* error */
2191
2192 if(EVP_DigestInit(ctx, EVP_get_digestbyname("sha512"))) {
2193 EVP_DigestUpdate(ctx, message, len);
2194 EVP_DigestFinal(ctx, out, NULL);
2195 EVP_MD_CTX_free(ctx);
2196 return 0; /* success */
2197 }
2198 EVP_MD_CTX_free(ctx);
2199 #else
2200 EVP_MD_CTX ctx;
2201
2202 EVP_MD_CTX_init(&ctx);
2203 if(EVP_DigestInit(&ctx, EVP_get_digestbyname("sha512"))) {
2204 EVP_DigestUpdate(&ctx, message, len);
2205 EVP_DigestFinal(&ctx, out, NULL);
2206 return 0; /* success */
2207 }
2208 #endif
2209 return 1; /* error */
2210 }
2211
2212 int
_libssh2_md5_init(libssh2_md5_ctx * ctx)2213 _libssh2_md5_init(libssh2_md5_ctx *ctx)
2214 {
2215 #ifdef HAVE_OPAQUE_STRUCTS
2216 *ctx = EVP_MD_CTX_new();
2217
2218 if(*ctx == NULL)
2219 return 0;
2220
2221 if(EVP_DigestInit(*ctx, EVP_get_digestbyname("md5")))
2222 return 1;
2223
2224 EVP_MD_CTX_free(*ctx);
2225 *ctx = NULL;
2226
2227 return 0;
2228 #else
2229 EVP_MD_CTX_init(ctx);
2230 return EVP_DigestInit(ctx, EVP_get_digestbyname("md5"));
2231 #endif
2232 }
2233
2234 #if LIBSSH2_ECDSA
2235
2236 static int
gen_publickey_from_ec_evp(LIBSSH2_SESSION * session,unsigned char ** method,size_t * method_len,unsigned char ** pubkeydata,size_t * pubkeydata_len,EVP_PKEY * pk)2237 gen_publickey_from_ec_evp(LIBSSH2_SESSION *session,
2238 unsigned char **method,
2239 size_t *method_len,
2240 unsigned char **pubkeydata,
2241 size_t *pubkeydata_len,
2242 EVP_PKEY *pk)
2243 {
2244 int rc = 0;
2245 EC_KEY *ec = NULL;
2246 unsigned char *p;
2247 unsigned char *method_buf = NULL;
2248 unsigned char *key;
2249 size_t key_len = 0;
2250 unsigned char *octal_value = NULL;
2251 size_t octal_len;
2252 const EC_POINT *public_key;
2253 const EC_GROUP *group;
2254 BN_CTX *bn_ctx;
2255 libssh2_curve_type type;
2256
2257 _libssh2_debug(session,
2258 LIBSSH2_TRACE_AUTH,
2259 "Computing public key from EC private key envelope");
2260
2261 bn_ctx = BN_CTX_new();
2262 if(bn_ctx == NULL)
2263 return -1;
2264
2265 ec = EVP_PKEY_get1_EC_KEY(pk);
2266 if(ec == NULL) {
2267 rc = -1;
2268 goto clean_exit;
2269 }
2270
2271 public_key = EC_KEY_get0_public_key(ec);
2272 group = EC_KEY_get0_group(ec);
2273 type = _libssh2_ecdsa_get_curve_type(ec);
2274
2275 method_buf = LIBSSH2_ALLOC(session, 19);
2276 if(method_buf == NULL) {
2277 return _libssh2_error(session, LIBSSH2_ERROR_ALLOC,
2278 "out of memory");
2279 }
2280
2281 if(type == LIBSSH2_EC_CURVE_NISTP256)
2282 memcpy(method_buf, "ecdsa-sha2-nistp256", 19);
2283 else if(type == LIBSSH2_EC_CURVE_NISTP384)
2284 memcpy(method_buf, "ecdsa-sha2-nistp384", 19);
2285 else if(type == LIBSSH2_EC_CURVE_NISTP521)
2286 memcpy(method_buf, "ecdsa-sha2-nistp521", 19);
2287 else {
2288 _libssh2_debug(session,
2289 LIBSSH2_TRACE_ERROR,
2290 "Unsupported EC private key type");
2291 rc = -1;
2292 goto clean_exit;
2293 }
2294
2295 /* get length */
2296 octal_len = EC_POINT_point2oct(group, public_key,
2297 POINT_CONVERSION_UNCOMPRESSED,
2298 NULL, 0, bn_ctx);
2299 if(octal_len > EC_MAX_POINT_LEN) {
2300 rc = -1;
2301 goto clean_exit;
2302 }
2303
2304 octal_value = malloc(octal_len);
2305 if(octal_value == NULL) {
2306 rc = -1;
2307 goto clean_exit;
2308 }
2309
2310 /* convert to octal */
2311 if(EC_POINT_point2oct(group, public_key, POINT_CONVERSION_UNCOMPRESSED,
2312 octal_value, octal_len, bn_ctx) != octal_len) {
2313 rc = -1;
2314 goto clean_exit;
2315 }
2316
2317 /* Key form is: type_len(4) + type(19) + domain_len(4) + domain(8) +
2318 pub_key_len(4) + pub_key(~65). */
2319 key_len = 4 + 19 + 4 + 8 + 4 + octal_len;
2320 key = LIBSSH2_ALLOC(session, key_len);
2321 if(key == NULL) {
2322 rc = -1;
2323 goto clean_exit;
2324 }
2325
2326 /* Process key encoding. */
2327 p = key;
2328
2329 /* Key type */
2330 _libssh2_store_str(&p, (const char *)method_buf, 19);
2331
2332 /* Name domain */
2333 _libssh2_store_str(&p, (const char *)method_buf + 11, 8);
2334
2335 /* Public key */
2336 _libssh2_store_str(&p, (const char *)octal_value, octal_len);
2337
2338 *method = method_buf;
2339 *method_len = 19;
2340 *pubkeydata = key;
2341 *pubkeydata_len = key_len;
2342
2343 clean_exit:
2344
2345 if(ec != NULL)
2346 EC_KEY_free(ec);
2347
2348 if(bn_ctx != NULL) {
2349 BN_CTX_free(bn_ctx);
2350 }
2351
2352 if(octal_value != NULL)
2353 free(octal_value);
2354
2355 if(rc == 0)
2356 return 0;
2357
2358 if(method_buf != NULL)
2359 LIBSSH2_FREE(session, method_buf);
2360
2361 return -1;
2362 }
2363
2364 static int
gen_publickey_from_ecdsa_openssh_priv_data(LIBSSH2_SESSION * session,libssh2_curve_type curve_type,struct string_buf * decrypted,unsigned char ** method,size_t * method_len,unsigned char ** pubkeydata,size_t * pubkeydata_len,libssh2_ecdsa_ctx ** ec_ctx)2365 gen_publickey_from_ecdsa_openssh_priv_data(LIBSSH2_SESSION *session,
2366 libssh2_curve_type curve_type,
2367 struct string_buf *decrypted,
2368 unsigned char **method,
2369 size_t *method_len,
2370 unsigned char **pubkeydata,
2371 size_t *pubkeydata_len,
2372 libssh2_ecdsa_ctx **ec_ctx)
2373 {
2374 int rc = 0;
2375 size_t curvelen, exponentlen, pointlen;
2376 unsigned char *curve, *exponent, *point_buf;
2377 EC_KEY *ec_key = NULL;
2378 BIGNUM *bn_exponent;
2379
2380 _libssh2_debug(session,
2381 LIBSSH2_TRACE_AUTH,
2382 "Computing ECDSA keys from private key data");
2383
2384 if(_libssh2_get_string(decrypted, &curve, &curvelen) ||
2385 curvelen == 0) {
2386 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
2387 "ECDSA no curve");
2388 return -1;
2389 }
2390
2391 if(_libssh2_get_string(decrypted, &point_buf, &pointlen)) {
2392 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
2393 "ECDSA no point");
2394 return -1;
2395 }
2396
2397 if(_libssh2_get_bignum_bytes(decrypted, &exponent, &exponentlen)) {
2398 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
2399 "ECDSA no exponent");
2400 return -1;
2401 }
2402
2403 if((rc = _libssh2_ecdsa_curve_name_with_octal_new(&ec_key, point_buf,
2404 pointlen, curve_type)) != 0) {
2405 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
2406 "ECDSA could not create key");
2407 goto fail;
2408 }
2409
2410 bn_exponent = BN_new();
2411 if(bn_exponent == NULL) {
2412 rc = -1;
2413 goto fail;
2414 }
2415
2416 BN_bin2bn(exponent, exponentlen, bn_exponent);
2417 rc = (EC_KEY_set_private_key(ec_key, bn_exponent) != 1);
2418
2419 if(rc == 0 && ec_key != NULL && pubkeydata != NULL && method != NULL) {
2420 EVP_PKEY *pk = EVP_PKEY_new();
2421 EVP_PKEY_set1_EC_KEY(pk, ec_key);
2422
2423 rc = gen_publickey_from_ec_evp(session, method, method_len,
2424 pubkeydata, pubkeydata_len,
2425 pk);
2426
2427 if(pk)
2428 EVP_PKEY_free(pk);
2429 }
2430
2431 if(ec_ctx != NULL)
2432 *ec_ctx = ec_key;
2433 else
2434 EC_KEY_free(ec_key);
2435
2436 return rc;
2437
2438 fail:
2439
2440 if(ec_key != NULL)
2441 EC_KEY_free(ec_key);
2442
2443 return _libssh2_error(session,
2444 LIBSSH2_ERROR_ALLOC,
2445 "Unable to allocate memory for private key data");
2446
2447
2448 }
2449
2450 static int
_libssh2_ecdsa_new_openssh_private(libssh2_ecdsa_ctx ** ec_ctx,LIBSSH2_SESSION * session,const char * filename,unsigned const char * passphrase)2451 _libssh2_ecdsa_new_openssh_private(libssh2_ecdsa_ctx ** ec_ctx,
2452 LIBSSH2_SESSION * session,
2453 const char *filename,
2454 unsigned const char *passphrase)
2455 {
2456 FILE *fp;
2457 int rc;
2458 unsigned char *buf = NULL;
2459 libssh2_curve_type type;
2460 struct string_buf *decrypted = NULL;
2461
2462 if(session == NULL) {
2463 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
2464 "Session is required");
2465 return -1;
2466 }
2467
2468 _libssh2_init_if_needed();
2469
2470 fp = fopen(filename, "r");
2471 if(!fp) {
2472 _libssh2_error(session, LIBSSH2_ERROR_FILE,
2473 "Unable to open OpenSSH ECDSA private key file");
2474 return -1;
2475 }
2476
2477 rc = _libssh2_openssh_pem_parse(session, passphrase, fp, &decrypted);
2478 fclose(fp);
2479 if(rc) {
2480 return rc;
2481 }
2482
2483 /* We have a new key file, now try and parse it using supported types */
2484 rc = _libssh2_get_string(decrypted, &buf, NULL);
2485
2486 if(rc != 0 || buf == NULL) {
2487 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
2488 "Public key type in decrypted key data not found");
2489 return -1;
2490 }
2491
2492 rc = _libssh2_ecdsa_curve_type_from_name((const char *)buf, &type);
2493
2494 if(rc == 0) {
2495 rc = gen_publickey_from_ecdsa_openssh_priv_data(session, type,
2496 decrypted, NULL, 0,
2497 NULL, 0, ec_ctx);
2498 }
2499 else {
2500 rc = -1;
2501 }
2502
2503 if(decrypted)
2504 _libssh2_string_buf_free(session, decrypted);
2505
2506 return rc;
2507 }
2508
2509 int
_libssh2_ecdsa_new_private(libssh2_ecdsa_ctx ** ec_ctx,LIBSSH2_SESSION * session,const char * filename,unsigned const char * passphrase)2510 _libssh2_ecdsa_new_private(libssh2_ecdsa_ctx ** ec_ctx,
2511 LIBSSH2_SESSION * session,
2512 const char *filename, unsigned const char *passphrase)
2513 {
2514 int rc;
2515
2516 pem_read_bio_func read_ec = (pem_read_bio_func) &PEM_read_bio_ECPrivateKey;
2517
2518 _libssh2_init_if_needed();
2519
2520 rc = read_private_key_from_file((void **) ec_ctx, read_ec,
2521 filename, passphrase);
2522
2523 if(rc) {
2524 return _libssh2_ecdsa_new_openssh_private(ec_ctx, session,
2525 filename, passphrase);
2526 }
2527
2528 return rc;
2529 }
2530
2531 /*
2532 * _libssh2_ecdsa_create_key
2533 *
2534 * Creates a local private key based on input curve
2535 * and returns octal value and octal length
2536 *
2537 */
2538
2539 int
_libssh2_ecdsa_create_key(LIBSSH2_SESSION * session,_libssh2_ec_key ** out_private_key,unsigned char ** out_public_key_octal,size_t * out_public_key_octal_len,libssh2_curve_type curve_type)2540 _libssh2_ecdsa_create_key(LIBSSH2_SESSION *session,
2541 _libssh2_ec_key **out_private_key,
2542 unsigned char **out_public_key_octal,
2543 size_t *out_public_key_octal_len,
2544 libssh2_curve_type curve_type)
2545 {
2546 int ret = 1;
2547 size_t octal_len = 0;
2548 unsigned char octal_value[EC_MAX_POINT_LEN];
2549 const EC_POINT *public_key = NULL;
2550 EC_KEY *private_key = NULL;
2551 const EC_GROUP *group = NULL;
2552
2553 /* create key */
2554 BN_CTX *bn_ctx = BN_CTX_new();
2555 if(!bn_ctx)
2556 return -1;
2557
2558 private_key = EC_KEY_new_by_curve_name(curve_type);
2559 group = EC_KEY_get0_group(private_key);
2560
2561 EC_KEY_generate_key(private_key);
2562 public_key = EC_KEY_get0_public_key(private_key);
2563
2564 /* get length */
2565 octal_len = EC_POINT_point2oct(group, public_key,
2566 POINT_CONVERSION_UNCOMPRESSED,
2567 NULL, 0, bn_ctx);
2568 if(octal_len > EC_MAX_POINT_LEN) {
2569 ret = -1;
2570 goto clean_exit;
2571 }
2572
2573 /* convert to octal */
2574 if(EC_POINT_point2oct(group, public_key, POINT_CONVERSION_UNCOMPRESSED,
2575 octal_value, octal_len, bn_ctx) != octal_len) {
2576 ret = -1;
2577 goto clean_exit;
2578 }
2579
2580 if(out_private_key != NULL)
2581 *out_private_key = private_key;
2582
2583 if(out_public_key_octal) {
2584 *out_public_key_octal = LIBSSH2_ALLOC(session, octal_len);
2585 if(*out_public_key_octal == NULL) {
2586 ret = -1;
2587 goto clean_exit;
2588 }
2589
2590 memcpy(*out_public_key_octal, octal_value, octal_len);
2591 }
2592
2593 if(out_public_key_octal_len != NULL)
2594 *out_public_key_octal_len = octal_len;
2595
2596 clean_exit:
2597
2598 if(bn_ctx)
2599 BN_CTX_free(bn_ctx);
2600
2601 return (ret == 1) ? 0 : -1;
2602 }
2603
2604 /* _libssh2_ecdh_gen_k
2605 *
2606 * Computes the shared secret K given a local private key,
2607 * remote public key and length
2608 */
2609
2610 int
_libssh2_ecdh_gen_k(_libssh2_bn ** k,_libssh2_ec_key * private_key,const unsigned char * server_public_key,size_t server_public_key_len)2611 _libssh2_ecdh_gen_k(_libssh2_bn **k, _libssh2_ec_key *private_key,
2612 const unsigned char *server_public_key, size_t server_public_key_len)
2613 {
2614 int ret = 0;
2615 int rc;
2616 size_t secret_len;
2617 unsigned char *secret = NULL;
2618 const EC_GROUP *private_key_group;
2619 EC_POINT *server_public_key_point;
2620
2621 BN_CTX *bn_ctx = BN_CTX_new();
2622
2623 if(!bn_ctx)
2624 return -1;
2625
2626 if(k == NULL)
2627 return -1;
2628
2629 private_key_group = EC_KEY_get0_group(private_key);
2630
2631 server_public_key_point = EC_POINT_new(private_key_group);
2632 if(server_public_key_point == NULL)
2633 return -1;
2634
2635 rc = EC_POINT_oct2point(private_key_group, server_public_key_point,
2636 server_public_key, server_public_key_len, bn_ctx);
2637 if(rc != 1) {
2638 ret = -1;
2639 goto clean_exit;
2640 }
2641
2642 secret_len = (EC_GROUP_get_degree(private_key_group) + 7) / 8;
2643 secret = malloc(secret_len);
2644 if(!secret) {
2645 ret = -1;
2646 goto clean_exit;
2647 }
2648
2649 secret_len = ECDH_compute_key(secret, secret_len, server_public_key_point,
2650 private_key, NULL);
2651
2652 if(secret_len <= 0 || secret_len > EC_MAX_POINT_LEN) {
2653 ret = -1;
2654 goto clean_exit;
2655 }
2656
2657 BN_bin2bn(secret, secret_len, *k);
2658
2659 clean_exit:
2660
2661 if(server_public_key_point != NULL)
2662 EC_POINT_free(server_public_key_point);
2663
2664 if(bn_ctx != NULL)
2665 BN_CTX_free(bn_ctx);
2666
2667 if(secret != NULL)
2668 free(secret);
2669
2670 return ret;
2671 }
2672
2673
2674 #endif /* LIBSSH2_ECDSA */
2675
2676 #if LIBSSH2_ED25519
2677
2678 int
_libssh2_ed25519_sign(libssh2_ed25519_ctx * ctx,LIBSSH2_SESSION * session,uint8_t ** out_sig,size_t * out_sig_len,const uint8_t * message,size_t message_len)2679 _libssh2_ed25519_sign(libssh2_ed25519_ctx *ctx, LIBSSH2_SESSION *session,
2680 uint8_t **out_sig, size_t *out_sig_len,
2681 const uint8_t *message, size_t message_len)
2682 {
2683 int rc = -1;
2684 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
2685 size_t sig_len = 0;
2686 unsigned char *sig = NULL;
2687
2688 if(md_ctx != NULL) {
2689 if(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, ctx) != 1)
2690 goto clean_exit;
2691 if(EVP_DigestSign(md_ctx, NULL, &sig_len, message, message_len) != 1)
2692 goto clean_exit;
2693
2694 if(sig_len != LIBSSH2_ED25519_SIG_LEN)
2695 goto clean_exit;
2696
2697 sig = LIBSSH2_CALLOC(session, sig_len);
2698 if(sig == NULL)
2699 goto clean_exit;
2700
2701 rc = EVP_DigestSign(md_ctx, sig, &sig_len, message, message_len);
2702 }
2703
2704 if(rc == 1) {
2705 *out_sig = sig;
2706 *out_sig_len = sig_len;
2707 }
2708 else {
2709 *out_sig_len = 0;
2710 *out_sig = NULL;
2711 LIBSSH2_FREE(session, sig);
2712 }
2713
2714 clean_exit:
2715
2716 if(md_ctx)
2717 EVP_MD_CTX_free(md_ctx);
2718
2719 return (rc == 1 ? 0 : -1);
2720 }
2721
2722 int
_libssh2_curve25519_gen_k(_libssh2_bn ** k,uint8_t private_key[LIBSSH2_ED25519_KEY_LEN],uint8_t server_public_key[LIBSSH2_ED25519_KEY_LEN])2723 _libssh2_curve25519_gen_k(_libssh2_bn **k,
2724 uint8_t private_key[LIBSSH2_ED25519_KEY_LEN],
2725 uint8_t server_public_key[LIBSSH2_ED25519_KEY_LEN])
2726 {
2727 int rc = -1;
2728 unsigned char out_shared_key[LIBSSH2_ED25519_KEY_LEN];
2729 EVP_PKEY *peer_key = NULL, *server_key = NULL;
2730 EVP_PKEY_CTX *server_key_ctx = NULL;
2731 BN_CTX *bn_ctx = NULL;
2732 size_t out_len = 0;
2733
2734 if(k == NULL || *k == NULL)
2735 return -1;
2736
2737 bn_ctx = BN_CTX_new();
2738 if(bn_ctx == NULL)
2739 return -1;
2740
2741 peer_key = EVP_PKEY_new_raw_public_key(EVP_PKEY_X25519, NULL,
2742 server_public_key,
2743 LIBSSH2_ED25519_KEY_LEN);
2744
2745 server_key = EVP_PKEY_new_raw_private_key(EVP_PKEY_X25519, NULL,
2746 private_key,
2747 LIBSSH2_ED25519_KEY_LEN);
2748
2749 if(peer_key == NULL || server_key == NULL) {
2750 goto cleanExit;
2751 }
2752
2753 server_key_ctx = EVP_PKEY_CTX_new(server_key, NULL);
2754 if(server_key_ctx == NULL) {
2755 goto cleanExit;
2756 }
2757
2758 rc = EVP_PKEY_derive_init(server_key_ctx);
2759 if(rc <= 0) goto cleanExit;
2760
2761 rc = EVP_PKEY_derive_set_peer(server_key_ctx, peer_key);
2762 if(rc <= 0) goto cleanExit;
2763
2764 rc = EVP_PKEY_derive(server_key_ctx, NULL, &out_len);
2765 if(rc <= 0) goto cleanExit;
2766
2767 if(out_len != LIBSSH2_ED25519_KEY_LEN) {
2768 rc = -1;
2769 goto cleanExit;
2770 }
2771
2772 rc = EVP_PKEY_derive(server_key_ctx, out_shared_key, &out_len);
2773
2774 if(rc == 1 && out_len == LIBSSH2_ED25519_KEY_LEN) {
2775 BN_bin2bn(out_shared_key, LIBSSH2_ED25519_KEY_LEN, *k);
2776 }
2777 else {
2778 rc = -1;
2779 }
2780
2781 cleanExit:
2782
2783 if(server_key_ctx)
2784 EVP_PKEY_CTX_free(server_key_ctx);
2785 if(peer_key)
2786 EVP_PKEY_free(peer_key);
2787 if(server_key)
2788 EVP_PKEY_free(server_key);
2789 if(bn_ctx != NULL)
2790 BN_CTX_free(bn_ctx);
2791
2792 return (rc == 1) ? 0 : -1;
2793 }
2794
2795
2796 int
_libssh2_ed25519_verify(libssh2_ed25519_ctx * ctx,const uint8_t * s,size_t s_len,const uint8_t * m,size_t m_len)2797 _libssh2_ed25519_verify(libssh2_ed25519_ctx *ctx, const uint8_t *s,
2798 size_t s_len, const uint8_t *m, size_t m_len)
2799 {
2800 int ret = -1;
2801
2802 EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
2803 if(NULL == md_ctx)
2804 return -1;
2805
2806 ret = EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, ctx);
2807 if(ret != 1)
2808 goto clean_exit;
2809
2810 ret = EVP_DigestVerify(md_ctx, s, s_len, m, m_len);
2811
2812 clean_exit:
2813
2814 EVP_MD_CTX_free(md_ctx);
2815
2816 return (ret == 1) ? 0 : -1;
2817 }
2818
2819 #endif /* LIBSSH2_ED25519 */
2820
2821 static int
_libssh2_pub_priv_openssh_keyfile(LIBSSH2_SESSION * session,unsigned char ** method,size_t * method_len,unsigned char ** pubkeydata,size_t * pubkeydata_len,const char * privatekey,const char * passphrase)2822 _libssh2_pub_priv_openssh_keyfile(LIBSSH2_SESSION *session,
2823 unsigned char **method,
2824 size_t *method_len,
2825 unsigned char **pubkeydata,
2826 size_t *pubkeydata_len,
2827 const char *privatekey,
2828 const char *passphrase)
2829 {
2830 FILE *fp;
2831 unsigned char *buf = NULL;
2832 struct string_buf *decrypted = NULL;
2833 int rc = 0;
2834
2835 if(session == NULL) {
2836 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
2837 "Session is required");
2838 return -1;
2839 }
2840
2841 _libssh2_init_if_needed();
2842
2843 fp = fopen(privatekey, "r");
2844 if(!fp) {
2845 _libssh2_error(session, LIBSSH2_ERROR_FILE,
2846 "Unable to open private key file");
2847 return -1;
2848 }
2849
2850 rc = _libssh2_openssh_pem_parse(session, (const unsigned char *)passphrase,
2851 fp, &decrypted);
2852 fclose(fp);
2853 if(rc) {
2854 _libssh2_error(session, LIBSSH2_ERROR_FILE,
2855 "Not an OpenSSH key file");
2856 return rc;
2857 }
2858
2859 /* We have a new key file, now try and parse it using supported types */
2860 rc = _libssh2_get_string(decrypted, &buf, NULL);
2861
2862 if(rc != 0 || buf == NULL) {
2863 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
2864 "Public key type in decrypted key data not found");
2865 return -1;
2866 }
2867
2868 rc = -1;
2869
2870 #if LIBSSH2_ED25519
2871 if(strcmp("ssh-ed25519", (const char *)buf) == 0) {
2872 rc = gen_publickey_from_ed25519_openssh_priv_data(session, decrypted,
2873 method, method_len,
2874 pubkeydata,
2875 pubkeydata_len,
2876 NULL);
2877 }
2878 #endif
2879 #if LIBSSH2_RSA
2880 if(strcmp("ssh-rsa", (const char *)buf) == 0) {
2881 rc = gen_publickey_from_rsa_openssh_priv_data(session, decrypted,
2882 method, method_len,
2883 pubkeydata,
2884 pubkeydata_len,
2885 NULL);
2886 }
2887 #endif
2888 #if LIBSSH2_DSA
2889 if(strcmp("ssh-dss", (const char *)buf) == 0) {
2890 rc = gen_publickey_from_dsa_openssh_priv_data(session, decrypted,
2891 method, method_len,
2892 pubkeydata,
2893 pubkeydata_len,
2894 NULL);
2895 }
2896 #endif
2897 #if LIBSSH2_ECDSA
2898 {
2899 libssh2_curve_type type;
2900
2901 if(_libssh2_ecdsa_curve_type_from_name((const char *)buf,
2902 &type) == 0) {
2903 rc = gen_publickey_from_ecdsa_openssh_priv_data(session, type,
2904 decrypted,
2905 method, method_len,
2906 pubkeydata,
2907 pubkeydata_len,
2908 NULL);
2909 }
2910 }
2911 #endif
2912
2913 if(decrypted)
2914 _libssh2_string_buf_free(session, decrypted);
2915
2916 if(rc != 0) {
2917 _libssh2_error(session, LIBSSH2_ERROR_FILE,
2918 "Unsupported OpenSSH key type");
2919 }
2920
2921 return rc;
2922 }
2923
2924 int
_libssh2_pub_priv_keyfile(LIBSSH2_SESSION * session,unsigned char ** method,size_t * method_len,unsigned char ** pubkeydata,size_t * pubkeydata_len,const char * privatekey,const char * passphrase)2925 _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
2926 unsigned char **method,
2927 size_t *method_len,
2928 unsigned char **pubkeydata,
2929 size_t *pubkeydata_len,
2930 const char *privatekey,
2931 const char *passphrase)
2932 {
2933 int st;
2934 BIO* bp;
2935 EVP_PKEY* pk;
2936 int pktype;
2937 int rc;
2938
2939 _libssh2_debug(session,
2940 LIBSSH2_TRACE_AUTH,
2941 "Computing public key from private key file: %s",
2942 privatekey);
2943
2944 bp = BIO_new_file(privatekey, "r");
2945 if(bp == NULL) {
2946 return _libssh2_error(session,
2947 LIBSSH2_ERROR_FILE,
2948 "Unable to extract public key from private key "
2949 "file: Unable to open private key file");
2950 }
2951
2952 BIO_reset(bp);
2953 pk = PEM_read_bio_PrivateKey(bp, NULL, NULL, (void *)passphrase);
2954 BIO_free(bp);
2955
2956 if(pk == NULL) {
2957
2958 /* Try OpenSSH format */
2959 rc = _libssh2_pub_priv_openssh_keyfile(session,
2960 method,
2961 method_len,
2962 pubkeydata, pubkeydata_len,
2963 privatekey, passphrase);
2964 if(rc != 0) {
2965 return _libssh2_error(session,
2966 LIBSSH2_ERROR_FILE,
2967 "Unable to extract public key "
2968 "from private key file: "
2969 "Wrong passphrase or invalid/unrecognized "
2970 "private key file format");
2971 }
2972
2973 return 0;
2974 }
2975
2976 #ifdef HAVE_OPAQUE_STRUCTS
2977 pktype = EVP_PKEY_id(pk);
2978 #else
2979 pktype = pk->type;
2980 #endif
2981
2982 switch(pktype) {
2983 #if LIBSSH2_ED25519
2984 case EVP_PKEY_ED25519 :
2985 st = gen_publickey_from_ed_evp(
2986 session, method, method_len, pubkeydata, pubkeydata_len, pk);
2987 break;
2988 #endif /* LIBSSH2_ED25519 */
2989 case EVP_PKEY_RSA :
2990 st = gen_publickey_from_rsa_evp(
2991 session, method, method_len, pubkeydata, pubkeydata_len, pk);
2992 break;
2993
2994 #if LIBSSH2_DSA
2995 case EVP_PKEY_DSA :
2996 st = gen_publickey_from_dsa_evp(
2997 session, method, method_len, pubkeydata, pubkeydata_len, pk);
2998 break;
2999 #endif /* LIBSSH_DSA */
3000
3001 #if LIBSSH2_ECDSA
3002 case EVP_PKEY_EC :
3003 st = gen_publickey_from_ec_evp(
3004 session, method, method_len, pubkeydata, pubkeydata_len, pk);
3005 break;
3006 #endif
3007
3008 default :
3009 st = _libssh2_error(session,
3010 LIBSSH2_ERROR_FILE,
3011 "Unable to extract public key "
3012 "from private key file: "
3013 "Unsupported private key file format");
3014 break;
3015 }
3016
3017 EVP_PKEY_free(pk);
3018 return st;
3019 }
3020
3021 static int
_libssh2_pub_priv_openssh_keyfilememory(LIBSSH2_SESSION * session,void ** key_ctx,const char * key_type,unsigned char ** method,size_t * method_len,unsigned char ** pubkeydata,size_t * pubkeydata_len,const char * privatekeydata,size_t privatekeydata_len,unsigned const char * passphrase)3022 _libssh2_pub_priv_openssh_keyfilememory(LIBSSH2_SESSION *session,
3023 void **key_ctx,
3024 const char *key_type,
3025 unsigned char **method,
3026 size_t *method_len,
3027 unsigned char **pubkeydata,
3028 size_t *pubkeydata_len,
3029 const char *privatekeydata,
3030 size_t privatekeydata_len,
3031 unsigned const char *passphrase)
3032 {
3033 int rc;
3034 unsigned char *buf = NULL;
3035 struct string_buf *decrypted = NULL;
3036
3037 if(key_ctx != NULL)
3038 *key_ctx = NULL;
3039
3040 if(session == NULL) {
3041 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
3042 "Session is required");
3043 return -1;
3044 }
3045
3046 if(key_type != NULL && (strlen(key_type) > 11 || strlen(key_type) < 7)) {
3047 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
3048 "type is invalid");
3049 return -1;
3050 }
3051
3052 _libssh2_init_if_needed();
3053
3054 rc = _libssh2_openssh_pem_parse_memory(session, passphrase,
3055 privatekeydata,
3056 privatekeydata_len, &decrypted);
3057
3058 if(rc) {
3059 return rc;
3060 }
3061
3062 /* We have a new key file, now try and parse it using supported types */
3063 rc = _libssh2_get_string(decrypted, &buf, NULL);
3064
3065 if(rc != 0 || buf == NULL) {
3066 _libssh2_error(session, LIBSSH2_ERROR_PROTO,
3067 "Public key type in decrypted key data not found");
3068 return -1;
3069 }
3070
3071 rc = -1;
3072
3073 #if LIBSSH2_ED25519
3074 if(strcmp("ssh-ed25519", (const char *)buf) == 0) {
3075 if(key_type == NULL || strcmp("ssh-ed25519", key_type) == 0) {
3076 rc = gen_publickey_from_ed25519_openssh_priv_data(session,
3077 decrypted,
3078 method,
3079 method_len,
3080 pubkeydata,
3081 pubkeydata_len,
3082 (libssh2_ed25519_ctx**)key_ctx);
3083 }
3084 }
3085 #endif
3086 #if LIBSSH2_RSA
3087 if(strcmp("ssh-rsa", (const char *)buf) == 0) {
3088 if(key_type == NULL || strcmp("ssh-rsa", key_type) == 0) {
3089 rc = gen_publickey_from_rsa_openssh_priv_data(session, decrypted,
3090 method, method_len,
3091 pubkeydata,
3092 pubkeydata_len,
3093 (libssh2_rsa_ctx**)key_ctx);
3094 }
3095 }
3096 #endif
3097 #if LIBSSH2_DSA
3098 if(strcmp("ssh-dss", (const char *)buf) == 0) {
3099 if(key_type == NULL || strcmp("ssh-dss", key_type) == 0) {
3100 rc = gen_publickey_from_dsa_openssh_priv_data(session, decrypted,
3101 method, method_len,
3102 pubkeydata,
3103 pubkeydata_len,
3104 (libssh2_dsa_ctx**)key_ctx);
3105 }
3106 }
3107 #endif
3108 #if LIBSSH2_ECDSA
3109 {
3110 libssh2_curve_type type;
3111
3112 if(_libssh2_ecdsa_curve_type_from_name((const char *)buf, &type) == 0) {
3113 if(key_type == NULL || strcmp("ssh-ecdsa", key_type) == 0) {
3114 rc = gen_publickey_from_ecdsa_openssh_priv_data(session, type,
3115 decrypted,
3116 method, method_len,
3117 pubkeydata,
3118 pubkeydata_len,
3119 (libssh2_ecdsa_ctx**)key_ctx);
3120 }
3121 }
3122 }
3123 #endif
3124
3125 if(decrypted)
3126 _libssh2_string_buf_free(session, decrypted);
3127
3128 return rc;
3129 }
3130
3131 int
read_openssh_private_key_from_memory(void ** key_ctx,LIBSSH2_SESSION * session,const char * key_type,const char * filedata,size_t filedata_len,unsigned const char * passphrase)3132 read_openssh_private_key_from_memory(void **key_ctx, LIBSSH2_SESSION *session,
3133 const char *key_type,
3134 const char *filedata,
3135 size_t filedata_len,
3136 unsigned const char *passphrase)
3137 {
3138 return _libssh2_pub_priv_openssh_keyfilememory(session, key_ctx, key_type,
3139 NULL, NULL, NULL, NULL,
3140 filedata, filedata_len,
3141 passphrase);
3142 }
3143
3144 int
_libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION * session,unsigned char ** method,size_t * method_len,unsigned char ** pubkeydata,size_t * pubkeydata_len,const char * privatekeydata,size_t privatekeydata_len,const char * passphrase)3145 _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
3146 unsigned char **method,
3147 size_t *method_len,
3148 unsigned char **pubkeydata,
3149 size_t *pubkeydata_len,
3150 const char *privatekeydata,
3151 size_t privatekeydata_len,
3152 const char *passphrase)
3153 {
3154 int st;
3155 BIO* bp;
3156 EVP_PKEY* pk;
3157 int pktype;
3158
3159 _libssh2_debug(session,
3160 LIBSSH2_TRACE_AUTH,
3161 "Computing public key from private key.");
3162
3163 bp = BIO_new_mem_buf((char *)privatekeydata, privatekeydata_len);
3164 if(!bp) {
3165 return -1;
3166 }
3167
3168 BIO_reset(bp);
3169 pk = PEM_read_bio_PrivateKey(bp, NULL, NULL, (void *)passphrase);
3170 BIO_free(bp);
3171
3172 if(pk == NULL) {
3173 /* Try OpenSSH format */
3174 st = _libssh2_pub_priv_openssh_keyfilememory(session, NULL, NULL,
3175 method,
3176 method_len,
3177 pubkeydata,
3178 pubkeydata_len,
3179 privatekeydata,
3180 privatekeydata_len,
3181 (unsigned const char *)passphrase);
3182 if(st != 0) {
3183 return _libssh2_error(session,
3184 LIBSSH2_ERROR_FILE,
3185 "Unable to extract public key "
3186 "from private key file: "
3187 "Wrong passphrase or invalid/unrecognized "
3188 "private key file format");
3189 }
3190
3191 return 0;
3192 }
3193
3194 #ifdef HAVE_OPAQUE_STRUCTS
3195 pktype = EVP_PKEY_id(pk);
3196 #else
3197 pktype = pk->type;
3198 #endif
3199
3200 switch(pktype) {
3201 #if LIBSSH2_ED25519
3202 case EVP_PKEY_ED25519 :
3203 st = gen_publickey_from_ed_evp(
3204 session, method, method_len, pubkeydata, pubkeydata_len, pk);
3205 break;
3206 #endif /* LIBSSH2_ED25519 */
3207 case EVP_PKEY_RSA :
3208 st = gen_publickey_from_rsa_evp(session, method, method_len,
3209 pubkeydata, pubkeydata_len, pk);
3210 break;
3211 #if LIBSSH2_DSA
3212 case EVP_PKEY_DSA :
3213 st = gen_publickey_from_dsa_evp(session, method, method_len,
3214 pubkeydata, pubkeydata_len, pk);
3215 break;
3216 #endif /* LIBSSH_DSA */
3217 #if LIBSSH2_ECDSA
3218 case EVP_PKEY_EC :
3219 st = gen_publickey_from_ec_evp(session, method, method_len,
3220 pubkeydata, pubkeydata_len, pk);
3221 break;
3222 #endif /* LIBSSH2_ECDSA */
3223 default :
3224 st = _libssh2_error(session,
3225 LIBSSH2_ERROR_FILE,
3226 "Unable to extract public key "
3227 "from private key file: "
3228 "Unsupported private key file format");
3229 break;
3230 }
3231
3232 EVP_PKEY_free(pk);
3233 return st;
3234 }
3235
3236 void
_libssh2_dh_init(_libssh2_dh_ctx * dhctx)3237 _libssh2_dh_init(_libssh2_dh_ctx *dhctx)
3238 {
3239 *dhctx = BN_new(); /* Random from client */
3240 }
3241
3242 int
_libssh2_dh_key_pair(_libssh2_dh_ctx * dhctx,_libssh2_bn * public,_libssh2_bn * g,_libssh2_bn * p,int group_order,_libssh2_bn_ctx * bnctx)3243 _libssh2_dh_key_pair(_libssh2_dh_ctx *dhctx, _libssh2_bn *public,
3244 _libssh2_bn *g, _libssh2_bn *p, int group_order,
3245 _libssh2_bn_ctx *bnctx)
3246 {
3247 /* Generate x and e */
3248 BN_rand(*dhctx, group_order * 8 - 1, 0, -1);
3249 BN_mod_exp(public, g, *dhctx, p, bnctx);
3250 return 0;
3251 }
3252
3253 int
_libssh2_dh_secret(_libssh2_dh_ctx * dhctx,_libssh2_bn * secret,_libssh2_bn * f,_libssh2_bn * p,_libssh2_bn_ctx * bnctx)3254 _libssh2_dh_secret(_libssh2_dh_ctx *dhctx, _libssh2_bn *secret,
3255 _libssh2_bn *f, _libssh2_bn *p,
3256 _libssh2_bn_ctx *bnctx)
3257 {
3258 /* Compute the shared secret */
3259 BN_mod_exp(secret, f, *dhctx, p, bnctx);
3260 return 0;
3261 }
3262
3263 void
_libssh2_dh_dtor(_libssh2_dh_ctx * dhctx)3264 _libssh2_dh_dtor(_libssh2_dh_ctx *dhctx)
3265 {
3266 BN_clear_free(*dhctx);
3267 *dhctx = NULL;
3268 }
3269
3270 #endif /* LIBSSH2_OPENSSL */
3271