/* * Generate a fingerprint string for the key. Compatible with the * OpenSSH fingerprint code. */ void rsa_fingerprint(char *str, int len, struct RSAKey *key) { struct MD5Context md5c; unsigned char digest[16]; char buffer[16 * 3 + 40]; int numlen, slen, i; MD5Init(&md5c); numlen = ssh1_bignum_length(key->modulus) - 2; for (i = numlen; i--;) { unsigned char c = bignum_byte(key->modulus, i); MD5Update(&md5c, &c, 1); } numlen = ssh1_bignum_length(key->exponent) - 2; for (i = numlen; i--;) { unsigned char c = bignum_byte(key->exponent, i); MD5Update(&md5c, &c, 1); } MD5Final(digest, &md5c); sprintf(buffer, "%d ", bignum_bitcount(key->modulus)); for (i = 0; i < 16; i++) sprintf(buffer + strlen(buffer), "%s%02x", i ? ":" : "", digest[i]); strncpy(str, buffer, len); str[len - 1] = '\0'; slen = strlen(str); if (key->comment && slen < len - 1) { str[slen] = ' '; strncpy(str + slen + 1, key->comment, len - slen - 1); str[len - 1] = '\0'; } }
/* Public key blob as used by Pageant: exponent before modulus. */ unsigned char *rsa_public_blob(struct RSAKey *key, int *len) { int length, pos; unsigned char *ret; length = (ssh1_bignum_length(key->modulus) + ssh1_bignum_length(key->exponent) + 4); ret = snewn(length, unsigned char); PUT_32BIT(ret, bignum_bitcount(key->modulus)); pos = 4; pos += ssh1_write_bignum(ret + pos, key->exponent); pos += ssh1_write_bignum(ret + pos, key->modulus); *len = length; return ret; }
/* * DH stage 1: invent a number x between 1 and q, and compute e = * g^x mod p. Return e. * * If `nbits' is greater than zero, it is used as an upper limit * for the number of bits in x. This is safe provided that (a) you * use twice as many bits in x as the number of bits you expect to * use in your session key, and (b) the DH group is a safe prime * (which SSH demands that it must be). * * P. C. van Oorschot, M. J. Wiener * "On Diffie-Hellman Key Agreement with Short Exponents". * Advances in Cryptology: Proceedings of Eurocrypt '96 * Springer-Verlag, May 1996. */ Bignum dh_create_e(void *handle, int nbits) { struct dh_ctx *ctx = (struct dh_ctx *)handle; int i; int nbytes; unsigned char *buf; nbytes = ssh1_bignum_length(ctx->qmask); buf = snewn(nbytes, unsigned char); do { /* * Create a potential x, by ANDing a string of random bytes * with qmask. */ if (ctx->x) freebn(ctx->x); if (nbits == 0 || nbits > bignum_bitcount(ctx->qmask)) { ssh1_write_bignum(buf, ctx->qmask); for (i = 2; i < nbytes; i++) buf[i] &= random_byte(); ssh1_read_bignum(buf, nbytes, &ctx->x); /* can't fail */ } else { int b, nb; ctx->x = bn_power_2(nbits); b = nb = 0; for (i = 0; i < nbits; i++) { if (nb == 0) { nb = 8; b = random_byte(); } bignum_set_bit(ctx->x, i, b & 1); b >>= 1; nb--; } } } while (bignum_cmp(ctx->x, One) <= 0 || bignum_cmp(ctx->x, ctx->q) >= 0); sfree(buf); /* * Done. Now compute e = g^x mod p. */ ctx->e = modpow(ctx->g, ctx->x, ctx->p); return ctx->e; }