annotate signkey_ossh.c @ 1908:eadd023fde4d

Support RSA OpenSSH new format in dropbearconvert Added support for reading and writing. PEM writing support has been removed. OpenSSH file format routines have been moved to signkey_ossh.c
author Matt Johnston <matt@ucc.asn.au>
date Tue, 29 Mar 2022 22:27:55 +0800
parents
children ced53051e200
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1908
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 #include "includes.h"
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 #include "dbutil.h"
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
3 #include "ssh.h"
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
4 #include "signkey_ossh.h"
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5 #include "bignum.h"
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
6 #include "ecdsa.h"
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
7 #include "sk-ecdsa.h"
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
8 #include "sk-ed25519.h"
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
9 #include "rsa.h"
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10 #include "dss.h"
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
11 #include "ed25519.h"
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
12
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 #if DROPBEAR_RSA
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 /* OpenSSH raw private RSA format is
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15 string "ssh-rsa"
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
16 mpint n
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 mpint e
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18 mpint d
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
19 mpint iqmp (q^-1) mod p
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
20 mpint p
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
21 mpint q
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
22 */
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
23
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
24 void buf_put_rsa_priv_ossh(buffer *buf, const sign_key *akey) {
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
25 const dropbear_rsa_key *key = akey->rsakey;
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
26 mp_int iqmp;
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
27
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 dropbear_assert(key != NULL);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
29 if (!(key->p && key->q)) {
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
30 dropbear_exit("Pre-0.33 Dropbear keys cannot be converted to OpenSSH keys.\n");
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31 }
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
33 m_mp_init(&iqmp);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34 /* iqmp = (q^-1) mod p */
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
35 if (mp_invmod(key->q, key->p, &iqmp) != MP_OKAY) {
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
36 dropbear_exit("Bignum error for iqmp\n");
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
37 }
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
38 buf_putstring(buf, SSH_SIGNKEY_RSA, SSH_SIGNKEY_RSA_LEN);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
39 buf_putmpint(buf, key->n);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
40 buf_putmpint(buf, key->e);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
41 buf_putmpint(buf, key->d);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
42 buf_putmpint(buf, &iqmp);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
43 buf_putmpint(buf, key->p);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
44 buf_putmpint(buf, key->q);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
45 mp_clear(&iqmp);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
46 }
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
47
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48 int buf_get_rsa_priv_ossh(buffer *buf, sign_key *akey) {
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
49 int ret = DROPBEAR_FAILURE;
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
50 dropbear_rsa_key *key = NULL;
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
51 mp_int iqmp;
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
52
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
53 rsa_key_free(akey->rsakey);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
54 akey->rsakey = m_malloc(sizeof(*akey->rsakey));
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
55 key = akey->rsakey;
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
56 m_mp_alloc_init_multi(&key->e, &key->n, &key->d, &key->p, &key->q, NULL);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
57
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
58 buf_eatstring(buf);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
59 m_mp_init(&iqmp);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
60 if (buf_getmpint(buf, key->n) == DROPBEAR_SUCCESS
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
61 && buf_getmpint(buf, key->e) == DROPBEAR_SUCCESS
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
62 && buf_getmpint(buf, key->d) == DROPBEAR_SUCCESS
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
63 && buf_getmpint(buf, &iqmp) == DROPBEAR_SUCCESS
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
64 && buf_getmpint(buf, key->p) == DROPBEAR_SUCCESS
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
65 && buf_getmpint(buf, key->q) == DROPBEAR_SUCCESS) {
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
66 ret = DROPBEAR_SUCCESS;
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
67 }
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
68 mp_clear(&iqmp);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
69 return ret;
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
70 }
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
71
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
72 #endif /* DROPBEAR_RSA */
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
73
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
74 #if DROPBEAR_ED25519
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
75 /* OpenSSH raw private ed25519 format is
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
76 string "ssh-ed25519"
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
77 uint32 32
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
78 byte[32] pubkey
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
79 uint32 64
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
80 byte[32] privkey
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
81 byte[32] pubkey
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
82 */
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
83
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
84 void buf_put_ed25519_priv_ossh(buffer *buf, const sign_key *akey) {
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
85 const dropbear_ed25519_key *key = akey->ed25519key;
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
86 dropbear_assert(key != NULL);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
87 buf_putstring(buf, SSH_SIGNKEY_ED25519, SSH_SIGNKEY_ED25519_LEN);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
88 buf_putint(buf, CURVE25519_LEN);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
89 buf_putbytes(buf, key->pub, CURVE25519_LEN);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
90 buf_putint(buf, CURVE25519_LEN*2);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
91 buf_putbytes(buf, key->priv, CURVE25519_LEN);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
92 buf_putbytes(buf, key->pub, CURVE25519_LEN);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
93 }
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
94
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
95 int buf_get_ed25519_priv_ossh(buffer *buf, sign_key *akey) {
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
96 dropbear_ed25519_key *key = NULL;
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
97 uint32_t len;
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
98
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
99 ed25519_key_free(akey->ed25519key);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
100 akey->ed25519key = m_malloc(sizeof(*akey->ed25519key));
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
101 key = akey->ed25519key;
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
102
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
103 /* Parse past the first string and pubkey */
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
104 if (buf_get_ed25519_pub_key(buf, key, DROPBEAR_SIGNKEY_ED25519)
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
105 == DROPBEAR_FAILURE) {
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
106 dropbear_log(LOG_ERR, "Error parsing ed25519 key, pubkey");
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
107 return DROPBEAR_FAILURE;
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
108 }
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
109 len = buf_getint(buf);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
110 if (len != 2*CURVE25519_LEN) {
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
111 dropbear_log(LOG_ERR, "Error parsing ed25519 key, bad length");
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
112 return DROPBEAR_FAILURE;
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
113 }
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
114 memcpy(key->priv, buf_getptr(buf, CURVE25519_LEN), CURVE25519_LEN);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
115 buf_incrpos(buf, CURVE25519_LEN);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
116
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
117 /* Sanity check */
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
118 if (memcmp(buf_getptr(buf, CURVE25519_LEN), key->pub,
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
119 CURVE25519_LEN) != 0) {
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
120 dropbear_log(LOG_ERR, "Error parsing ed25519 key, mismatch pubkey");
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
121 return DROPBEAR_FAILURE;
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
122 }
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
123 return DROPBEAR_SUCCESS;
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
124 }
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
125 #endif /* DROPBEAR_ED255219 */