static void recv_rexec_state(int fd, Buffer *conf) { Buffer m; char *cp; u_int len; debug3("%s: entering fd = %d", __func__, fd); buffer_init(&m); if (ssh_msg_recv(fd, &m) == -1) fatal("%s: ssh_msg_recv failed", __func__); if (buffer_get_char(&m) != 0) fatal("%s: rexec version mismatch", __func__); cp = buffer_get_string(&m, &len); if (conf != NULL) buffer_append(conf, cp, len + 1); xfree(cp); if (buffer_get_int(&m)) { if (sensitive_data.server_key != NULL) key_free(sensitive_data.server_key); sensitive_data.server_key = key_new_private(KEY_RSA1); buffer_get_bignum(&m, sensitive_data.server_key->rsa->e); buffer_get_bignum(&m, sensitive_data.server_key->rsa->n); buffer_get_bignum(&m, sensitive_data.server_key->rsa->d); buffer_get_bignum(&m, sensitive_data.server_key->rsa->iqmp); buffer_get_bignum(&m, sensitive_data.server_key->rsa->p); buffer_get_bignum(&m, sensitive_data.server_key->rsa->q); rsa_generate_additional_parameters( sensitive_data.server_key->rsa); } buffer_free(&m); debug3("%s: done", __func__); }
Key *key_private_deserialize(buffer_t *blob) { int success = 0; char *type_name = NULL; Key *k = NULL; unsigned int pklen, sklen; int type; type_name = buffer_get_string_msg(blob, NULL); if (type_name == NULL) goto error; type = get_keytype_from_name(type_name); k = key_new_private(type); switch (type) { case KEY_RSA: buffer_get_bignum2_msg(blob, k->rsa->n); buffer_get_bignum2_msg(blob, k->rsa->e); buffer_get_bignum2_msg(blob, k->rsa->d); buffer_get_bignum2_msg(blob, k->rsa->iqmp); buffer_get_bignum2_msg(blob, k->rsa->p); buffer_get_bignum2_msg(blob, k->rsa->q); /* Generate additional parameters */ rsa_generate_additional_parameters(k->rsa); break; case KEY_DSA: buffer_get_bignum2_msg(blob, k->dsa->p); buffer_get_bignum2_msg(blob, k->dsa->q); buffer_get_bignum2_msg(blob, k->dsa->g); buffer_get_bignum2_msg(blob, k->dsa->pub_key); buffer_get_bignum2_msg(blob, k->dsa->priv_key); break; case KEY_ECDSA256: case KEY_ECDSA384: case KEY_ECDSA521: { int success = 0; unsigned int nid; char *curve = NULL; ssh_keytype skt; BIGNUM *exponent = NULL; EC_POINT *q = NULL; nid = keytype_to_cipher_nid(type); curve = buffer_get_string_msg(blob, NULL); skt = key_curve_name_to_keytype(curve); if (nid != keytype_to_cipher_nid(skt)) goto ecdsa_error; k->ecdsa = EC_KEY_new_by_curve_name(nid); if (k->ecdsa == NULL) goto ecdsa_error; q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa)); if (q == NULL) goto ecdsa_error; if ((exponent = BN_new()) == NULL) goto ecdsa_error; buffer_get_ecpoint_msg(blob, EC_KEY_get0_group(k->ecdsa), q); buffer_get_bignum2_msg(blob, exponent); if (EC_KEY_set_public_key(k->ecdsa, q) != 1) goto ecdsa_error; if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) goto ecdsa_error; if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), EC_KEY_get0_public_key(k->ecdsa)) != 0) goto ecdsa_error; if (key_ec_validate_private(k->ecdsa) != 0) goto ecdsa_error; success = 1; ecdsa_error: free(curve); if (exponent) BN_clear_free(exponent); if (q) EC_POINT_free(q); if (success == 0) goto error; } break; case KEY_ED25519: k->ed25519_pk = buffer_get_string_msg(blob, &pklen); k->ed25519_sk = buffer_get_string_msg(blob, &sklen); if (pklen != ED25519_PK_SZ) goto error; if (sklen != ED25519_SK_SZ) goto error; break; default: goto error; break; } /* enable blinding */ switch (k->type) { case KEY_RSA1: case KEY_RSA: if (RSA_blinding_on(k->rsa, NULL) != 1) goto error; break; } success = 1; error: free(type_name); if (success == 0) { key_free(k); k = NULL; } return (k); }
static Key * key_load_private_rsa1(int fd, const char *filename, const char *passphrase, char **commentp) { int i, check1, check2, cipher_type; off_t len; Buffer buffer, decrypted; u_char *cp; CipherContext ciphercontext; Cipher *cipher; Key *prv = NULL; struct stat st; if (fstat(fd, &st) < 0) { error("fstat for key file %.200s failed: %.100s", filename, strerror(errno)); close(fd); return NULL; } len = st.st_size; buffer_init(&buffer); cp = buffer_append_space(&buffer, len); if (read(fd, cp, (size_t) len) != (size_t) len) { debug("Read from key file %.200s failed: %.100s", filename, strerror(errno)); buffer_free(&buffer); close(fd); return NULL; } /* Check that it is at least big enough to contain the ID string. */ if (len < sizeof(authfile_id_string)) { debug3("Not a RSA1 key file %.200s.", filename); buffer_free(&buffer); close(fd); return NULL; } /* * Make sure it begins with the id string. Consume the id string * from the buffer. */ for (i = 0; i < sizeof(authfile_id_string); i++) if (buffer_get_char(&buffer) != authfile_id_string[i]) { debug3("Not a RSA1 key file %.200s.", filename); buffer_free(&buffer); close(fd); return NULL; } /* Read cipher type. */ cipher_type = buffer_get_char(&buffer); (void) buffer_get_int(&buffer); /* Reserved data. */ /* Read the public key from the buffer. */ (void) buffer_get_int(&buffer); prv = key_new_private(KEY_RSA1); buffer_get_bignum(&buffer, prv->rsa->n); buffer_get_bignum(&buffer, prv->rsa->e); if (commentp) *commentp = buffer_get_string(&buffer, NULL); else xfree(buffer_get_string(&buffer, NULL)); /* Check that it is a supported cipher. */ cipher = cipher_by_number(cipher_type); if (cipher == NULL) { debug("Unsupported cipher %d used in key file %.200s.", cipher_type, filename); buffer_free(&buffer); goto fail; } /* Initialize space for decrypted data. */ buffer_init(&decrypted); cp = buffer_append_space(&decrypted, buffer_len(&buffer)); /* Rest of the buffer is encrypted. Decrypt it using the passphrase. */ cipher_set_key_string(&ciphercontext, cipher, passphrase, CIPHER_DECRYPT); cipher_crypt(&ciphercontext, cp, buffer_ptr(&buffer), buffer_len(&buffer)); cipher_cleanup(&ciphercontext); memset(&ciphercontext, 0, sizeof(ciphercontext)); buffer_free(&buffer); check1 = buffer_get_char(&decrypted); check2 = buffer_get_char(&decrypted); if (check1 != buffer_get_char(&decrypted) || check2 != buffer_get_char(&decrypted)) { if (strcmp(passphrase, "") != 0) debug("Bad passphrase supplied for key file %.200s.", filename); /* Bad passphrase. */ buffer_free(&decrypted); goto fail; } /* Read the rest of the private key. */ buffer_get_bignum(&decrypted, prv->rsa->d); buffer_get_bignum(&decrypted, prv->rsa->iqmp); /* u */ /* in SSL and SSH v1 p and q are exchanged */ buffer_get_bignum(&decrypted, prv->rsa->q); /* p */ buffer_get_bignum(&decrypted, prv->rsa->p); /* q */ /* calculate p-1 and q-1 */ rsa_generate_additional_parameters(prv->rsa); buffer_free(&decrypted); /* enable blinding */ if (RSA_blinding_on(prv->rsa, NULL) != 1) { error("key_load_private_rsa1: RSA_blinding_on failed"); goto fail; } close(fd); return prv; fail: if (commentp) xfree(*commentp); close(fd); key_free(prv); return NULL; }