6 #define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n"
10 struct rsaprivkey_if ops;
17 struct rsapubkey_if ops;
22 /* Sign data. NB data must be smaller than modulus */
24 static char *hexchars="0123456789abcdef";
26 static string_t rsa_sign(void *sst, uint8_t *data, uint32_t datalen)
28 struct rsapriv *st=sst;
37 msize=mpz_sizeinbase(&st->n, 16);
39 if (datalen*2+4>=msize) {
40 fatal("rsa_sign: message too big");
45 for (i=0; i<datalen; i++) {
46 buff[4+i*2]=hexchars[(data[i]&0xf0)>>4];
47 buff[5+i*2]=hexchars[data[i]&0xf];
51 for (i=datalen*2+4; i<msize; i++)
56 mpz_set_str(&a, buff, 16);
58 mpz_powm(&b, &a, &st->d, &st->n);
60 signature=write_mpstring(&b);
67 static bool_t rsa_sig_check(void *sst, uint8_t *data, uint32_t datalen,
70 struct rsapub *st=sst;
80 msize=mpz_sizeinbase(&st->n, 16);
84 for (i=0; i<datalen; i++) {
85 buff[4+i*2]=hexchars[(data[i]&0xf0)>>4];
86 buff[5+i*2]=hexchars[data[i]&0xf];
90 for (i=datalen*2+4; i<msize; i++)
95 mpz_set_str(&a, buff, 16);
97 mpz_set_str(&b, signature, 16);
99 mpz_powm(&c, &b, &st->e, &st->n);
101 ok=(mpz_cmp(&a, &c)==0);
110 static list_t *rsapub_apply(closure_t *self, struct cloc loc, dict_t *context,
117 st=safe_malloc(sizeof(*st),"rsapub_apply");
118 st->cl.description="rsapub";
119 st->cl.type=CL_RSAPUBKEY;
121 st->cl.interface=&st->ops;
123 st->ops.check=rsa_sig_check;
128 if (i->type!=t_string) {
129 cfgfatal(i->loc,"rsa-public","first argument must be a string");
132 if (mpz_init_set_str(&st->e,e,10)!=0) {
133 cfgfatal(i->loc,"rsa-public","encryption key \"%s\" is not a "
134 "decimal number string\n",e);
137 cfgfatal(loc,"rsa-public","you must provide an encryption key\n");
142 if (i->type!=t_string) {
143 cfgfatal(i->loc,"rsa-public","second argument must be a string");
146 if (mpz_init_set_str(&st->n,n,10)!=0) {
147 cfgfatal(i->loc,"rsa-public","modulus \"%s\" is not a decimal "
148 "number string\n",n);
151 cfgfatal(loc,"rsa-public","you must provide a modulus\n");
153 return new_closure(&st->cl);
156 static uint32_t keyfile_get_int(struct cloc loc, FILE *f)
163 cfgfile_postreadcheck(loc,f);
167 static uint16_t keyfile_get_short(struct cloc loc, FILE *f)
172 cfgfile_postreadcheck(loc,f);
176 static list_t *rsapriv_apply(closure_t *self, struct cloc loc, dict_t *context,
186 MP_INT e,sig,plain,check;
188 st=safe_malloc(sizeof(*st),"rsapriv_apply");
189 st->cl.description="rsapriv";
190 st->cl.type=CL_RSAPRIVKEY;
192 st->cl.interface=&st->ops;
194 st->ops.sign=rsa_sign;
197 /* Argument is filename pointing to SSH1 private key file */
200 if (i->type!=t_string) {
201 cfgfatal(i->loc,"rsa-public","first argument must be a string");
203 filename=i->data.string;
205 filename=""; /* Make compiler happy */
206 cfgfatal(loc,"rsa-private","you must provide a filename\n");
209 f=fopen(filename,"rb");
211 if (just_check_config) {
212 Message(M_WARNING,"rsa-private (%s:%d): cannot open keyfile "
213 "\"%s\"; assuming it's valid while we check the "
214 "rest of the configuration\n",loc.file,loc.line,filename);
217 fatal_perror("rsa-private (%s:%d): cannot open file \"%s\"",
218 loc.file,loc.line,filename);
222 /* Check that the ID string is correct */
223 length=strlen(AUTHFILE_ID_STRING)+1;
224 b=safe_malloc(length,"rsapriv_apply");
225 if (fread(b,length,1,f)!=1 || memcmp(b,AUTHFILE_ID_STRING,length)!=0) {
226 cfgfatal_maybefile(f,loc,"rsa-private","failed to read magic ID"
227 " string from SSH1 private keyfile \"%s\"\n",
232 cipher_type=fgetc(f);
233 keyfile_get_int(loc,f); /* "Reserved data" */
234 if (cipher_type != 0) {
235 cfgfatal(loc,"rsa-private","we don't support encrypted keyfiles\n");
238 /* Read the public key */
239 keyfile_get_int(loc,f); /* Not sure what this is */
240 length=(keyfile_get_short(loc,f)+7)/8;
242 cfgfatal(loc,"rsa-private","implausible length %ld for modulus\n",
245 b=safe_malloc(length,"rsapriv_apply");
246 if (fread(b,length,1,f) != 1) {
247 cfgfatal_maybefile(f,loc,"rsa-private","error reading modulus");
250 read_mpbin(&st->n,b,length);
252 length=(keyfile_get_short(loc,f)+7)/8;
254 cfgfatal(loc,"rsa-private","implausible length %ld for e\n",length);
256 b=safe_malloc(length,"rsapriv_apply");
257 if (fread(b,length,1,f)!=1) {
258 cfgfatal_maybefile(f,loc,"rsa-private","error reading e\n");
261 read_mpbin(&e,b,length);
264 length=keyfile_get_int(loc,f);
266 cfgfatal(loc,"rsa-private","implausibly long (%ld) key comment\n",
269 c=safe_malloc(length+1,"rsapriv_apply");
270 if (fread(c,length,1,f)!=1) {
271 cfgfatal_maybefile(f,loc,"rsa-private","error reading key comment\n");
275 /* Check that the next two pairs of characters are identical - the
276 keyfile is not encrypted, so they should be */
278 if (keyfile_get_short(loc,f) != keyfile_get_short(loc,f)) {
279 cfgfatal(loc,"rsa-private","corrupt keyfile\n");
283 length=(keyfile_get_short(loc,f)+7)/8;
285 cfgfatal(loc,"rsa-private","implausibly long (%ld) decryption key\n",
288 b=safe_malloc(length,"rsapriv_apply");
289 if (fread(b,length,1,f)!=1) {
290 cfgfatal_maybefile(f,loc,"rsa-private",
291 "error reading decryption key\n");
294 read_mpbin(&st->d,b,length);
298 fatal_perror("rsa-private (%s:%d): fclose",loc.file,loc.line);
301 /* Now do trial signature/check to make sure it's a real keypair:
302 sign the comment string! */
304 if (i && i->type==t_bool && i->data.bool==False) {
305 Message(M_INFO,"rsa-private (%s:%d): skipping RSA key validity "
306 "check\n",loc.file,loc.line);
311 read_mpbin(&plain,c,strlen(c));
312 mpz_powm(&sig, &plain, &st->d, &st->n);
313 mpz_powm(&check, &sig, &e, &st->n);
314 if (mpz_cmp(&plain,&check)!=0) {
315 cfgfatal(loc,"rsa-private","file \"%s\" does not contain a "
316 "valid RSA key!\n",filename);
327 return new_closure(&st->cl);
330 init_module rsa_module;
331 void rsa_module(dict_t *dict)
333 add_closure(dict,"rsa-private",rsapriv_apply);
334 add_closure(dict,"rsa-public",rsapub_apply);