1 /* ssh-utils.c - Secure Shell helper functions
2 * Copyright (C) 2011 Free Software Foundation, Inc.
4 * This file is part of GnuPG.
6 * This file is free software; you can redistribute it and/or modify
7 * it under the terms of either
9 * - the GNU Lesser General Public License as published by the Free
10 * Software Foundation; either version 3 of the License, or (at
11 * your option) any later version.
15 * - the GNU General Public License as published by the Free
16 * Software Foundation; either version 2 of the License, or (at
17 * your option) any later version.
19 * or both in parallel, as here.
21 * This file is distributed in the hope that it will be useful,
22 * but WITHOUT ANY WARRANTY; without even the implied warranty of
23 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 * GNU General Public License for more details.
26 * You should have received a copy of the GNU General Public License
27 * along with this program; if not, see <https://www.gnu.org/licenses/>.
37 #include "ssh-utils.h"
38 #include "openpgpdefs.h"
41 /* Return true if KEYPARMS holds an EdDSA key. */
43 is_eddsa (gcry_sexp_t keyparms)
51 list = gcry_sexp_find_token (keyparms, "flags", 0);
52 for (i = list ? gcry_sexp_length (list)-1 : 0; i > 0; i--)
54 s = gcry_sexp_nth_data (list, i, &n);
56 continue; /* Not a data element. */
58 if (n == 5 && !memcmp (s, "eddsa", 5))
64 gcry_sexp_release (list);
68 /* Dummy functions for es_mopen. */
69 static void *dummy_realloc (void *mem, size_t size) { (void) size; return mem; }
70 static void dummy_free (void *mem) { (void) mem; }
72 /* Return the Secure Shell type fingerprint for KEY using digest ALGO.
73 The length of the fingerprint is returned at R_LEN and the
74 fingerprint itself at R_FPR. In case of a error code is returned
75 and NULL stored at R_FPR. */
77 get_fingerprint (gcry_sexp_t key, int algo,
78 void **r_fpr, size_t *r_len, int as_string)
81 gcry_sexp_t list = NULL;
82 gcry_sexp_t l2 = NULL;
87 gcry_md_hd_t md = NULL;
93 /* Check that the first element is valid. */
94 list = gcry_sexp_find_token (key, "public-key", 0);
96 list = gcry_sexp_find_token (key, "private-key", 0);
98 list = gcry_sexp_find_token (key, "protected-private-key", 0);
100 list = gcry_sexp_find_token (key, "shadowed-private-key", 0);
103 err = gpg_err_make (default_errsource, GPG_ERR_UNKNOWN_SEXP);
107 l2 = gcry_sexp_cadr (list);
108 gcry_sexp_release (list);
112 name = gcry_sexp_nth_string (list, 0);
115 err = gpg_err_make (default_errsource, GPG_ERR_INV_SEXP);
119 err = gcry_md_open (&md, algo, 0);
123 switch (gcry_pk_map_name (name))
127 gcry_md_write (md, "\0\0\0\x07ssh-rsa", 11);
132 gcry_md_write (md, "\0\0\0\x07ssh-dss", 11);
140 /* For now there is just one curve, thus no need to switch
142 gcry_md_write (md, "\0\0\0\x0b" "ssh-ed25519", 15);
146 /* We only support the 3 standard curves for now. It is
147 just a quick hack. */
149 gcry_md_write (md, "\0\0\0\x13" "ecdsa-sha2-nistp", 20);
150 l2 = gcry_sexp_find_token (list, "curve", 0);
156 name = gcry_sexp_nth_string (l2, 1);
157 gcry_sexp_release (l2);
161 else if (!strcmp (name, "NIST P-256")||!strcmp (name, "nistp256"))
162 gcry_md_write (md, "256\0\0\0\x08nistp256", 15);
163 else if (!strcmp (name, "NIST P-384")||!strcmp (name, "nistp384"))
164 gcry_md_write (md, "384\0\0\0\x08nistp384", 15);
165 else if (!strcmp (name, "NIST P-521")||!strcmp (name, "nistp521"))
166 gcry_md_write (md, "521\0\0\0\x08nistp521", 15);
171 err = gpg_err_make (default_errsource, GPG_ERR_UNKNOWN_CURVE);
177 err = gpg_err_make (default_errsource, GPG_ERR_PUBKEY_ALGO);
184 for (idx = 0, s = elems; *s; s++, idx++)
186 l2 = gcry_sexp_find_token (list, s, 1);
189 err = gpg_err_make (default_errsource, GPG_ERR_INV_SEXP);
196 unsigned char lenbuf[4];
198 blob = gcry_sexp_nth_data (l2, 1, &bloblen);
201 err = gpg_err_make (default_errsource, GPG_ERR_INV_SEXP);
206 lenbuf[0] = bloblen >> 24;
207 lenbuf[1] = bloblen >> 16;
208 lenbuf[2] = bloblen >> 8;
210 gcry_md_write (md, lenbuf, 4);
211 gcry_md_write (md, blob, bloblen);
219 a = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
220 gcry_sexp_release (l2);
224 err = gpg_err_make (default_errsource, GPG_ERR_INV_SEXP);
228 err = gcry_mpi_aprint (GCRYMPI_FMT_SSH, &buf, &buflen, a);
229 gcry_mpi_release (a);
232 gcry_md_write (md, buf, buflen);
239 const char *algo_name;
242 /* Prefix string with the algorithm name and a colon. */
243 algo_name = gcry_md_algo_name (algo);
244 *r_fpr = xtrymalloc (strlen (algo_name) + 1 + 3 * gcry_md_get_algo_dlen (algo) + 1);
247 err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
251 memcpy (*r_fpr, algo_name, strlen (algo_name));
252 fpr = (char *) *r_fpr + strlen (algo_name);
255 if (algo == GCRY_MD_MD5)
257 bin2hexcolon (gcry_md_read (md, algo), gcry_md_get_algo_dlen (algo), fpr);
262 struct b64state b64s;
267 /* Write the base64-encoded hash to fpr. */
268 stream = es_mopen (fpr, 3 * gcry_md_get_algo_dlen (algo) + 1, 0,
269 0, dummy_realloc, dummy_free, "w");
272 err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
276 err = b64enc_start_es (&b64s, stream, "");
283 err = b64enc_write (&b64s,
284 gcry_md_read (md, algo), gcry_md_get_algo_dlen (algo));
291 /* Finish, get the length, and close the stream. */
292 err = b64enc_finish (&b64s);
293 len = es_ftell (stream);
301 /* Strip the trailing padding characters. */
302 for (p = fpr + len - 1; p > fpr && *p == '='; p--)
306 *r_len = strlen (*r_fpr) + 1;
310 *r_len = gcry_md_get_algo_dlen (algo);
311 *r_fpr = xtrymalloc (*r_len);
314 err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
317 memcpy (*r_fpr, gcry_md_read (md, algo), *r_len);
323 gcry_sexp_release (l2);
325 gcry_sexp_release (list);
329 /* Return the Secure Shell type fingerprint for KEY using digest ALGO.
330 The length of the fingerprint is returned at R_LEN and the
331 fingerprint itself at R_FPR. In case of an error an error code is
332 returned and NULL stored at R_FPR. */
334 ssh_get_fingerprint (gcry_sexp_t key, int algo,
335 void **r_fpr, size_t *r_len)
337 return get_fingerprint (key, algo, r_fpr, r_len, 0);
341 /* Return the Secure Shell type fingerprint for KEY using digest ALGO
342 as a string. The fingerprint is mallcoed and stored at R_FPRSTR.
343 In case of an error an error code is returned and NULL stored at
346 ssh_get_fingerprint_string (gcry_sexp_t key, int algo, char **r_fprstr)
352 err = get_fingerprint (key, algo, &string, &dummy, 1);
358 /* Write the uint32 contained in UINT32 to STREAM. */
360 stream_write_uint32 (estream_t stream, u32 uint32)
362 unsigned char buffer[4];
366 buffer[0] = uint32 >> 24;
367 buffer[1] = uint32 >> 16;
368 buffer[2] = uint32 >> 8;
369 buffer[3] = uint32 >> 0;
371 ret = es_write (stream, buffer, sizeof (buffer), NULL);
373 err = gpg_error_from_syserror ();
380 /* Write SIZE bytes from BUFFER to STREAM. */
382 stream_write_data (estream_t stream, const unsigned char *buffer, size_t size)
387 ret = es_write (stream, buffer, size, NULL);
389 err = gpg_error_from_syserror ();
396 /* Write a binary string from STRING of size STRING_N to STREAM. */
398 stream_write_string (estream_t stream,
399 const unsigned char *string, u32 string_n)
403 err = stream_write_uint32 (stream, string_n);
407 err = stream_write_data (stream, string, string_n);
414 /* Write a C-string from STRING to STREAM. */
416 stream_write_cstring (estream_t stream, const char *string)
420 err = stream_write_string (stream,
421 (const unsigned char *) string, strlen (string));
426 /* Write the MPI contained in MPINT to STREAM. */
428 stream_write_mpi (estream_t stream, gcry_mpi_t mpint)
430 unsigned char *mpi_buffer;
436 err = gcry_mpi_aprint (GCRYMPI_FMT_STD, &mpi_buffer, &mpi_buffer_n, mpint);
440 err = stream_write_string (stream, mpi_buffer, mpi_buffer_n);
450 /* Encode a key in SEXP, in SSH format. */
452 sexp_to_sshblob (gcry_sexp_t sexp, const char *identifier, int is_eddsa_flag,
453 const char *curve, const char *elems,
454 void **r_blob, size_t *r_blob_size)
457 gcry_sexp_t value_list = NULL;
458 gcry_sexp_t value_pair = NULL;
459 estream_t stream = NULL;
467 stream = es_fopenmem (0, "r+b");
470 err = gpg_error_from_syserror ();
474 /* Get key value list. */
475 value_list = gcry_sexp_cadr (sexp);
478 err = gpg_error (GPG_ERR_INV_SEXP);
482 err = stream_write_cstring (stream, identifier);
486 if (curve && !is_eddsa_flag)
488 /* ECDSA requires the curve name. */
489 err = stream_write_cstring (stream, curve);
494 /* Write the parameters. */
495 for (p_elems = elems; *p_elems; p_elems++)
497 gcry_sexp_release (value_pair);
498 value_pair = gcry_sexp_find_token (value_list, p_elems, 1);
501 err = gpg_error (GPG_ERR_INV_SEXP);
506 data = gcry_sexp_nth_data (value_pair, 1, &datalen);
509 err = gpg_error (GPG_ERR_INV_SEXP);
512 if ((datalen & 1) && *data == 0x40)
513 { /* Remove the prefix 0x40. */
517 err = stream_write_string (stream, data, datalen);
525 /* Note that we need to use STD format; i.e. prepend a 0x00
526 to indicate a positive number if the high bit is set. */
527 mpi = gcry_sexp_nth_mpi (value_pair, 1, GCRYMPI_FMT_STD);
530 err = gpg_error (GPG_ERR_INV_SEXP);
533 err = stream_write_mpi (stream, mpi);
534 gcry_mpi_release (mpi);
540 if (es_fclose_snatch (stream, r_blob, r_blob_size))
542 err = gpg_error_from_syserror ();
548 gcry_sexp_release (value_list);
549 gcry_sexp_release (value_pair);
555 /* For KEY in S-expression, write it in SSH base64 format to STREAM,
558 ssh_public_key_in_base64 (gcry_sexp_t key, estream_t stream,
563 int is_eddsa_flag = 0;
564 const char *curve = NULL;
565 const char *pub_elements = NULL;
566 const char *identifier = NULL;
569 struct b64state b64_state;
571 algo = get_pk_algo_from_key (key);
573 return gpg_error (GPG_ERR_PUBKEY_ALGO);
575 if (algo == GCRY_PK_ECC || algo == GCRY_PK_EDDSA)
577 curve = gcry_pk_get_curve (key, 0, NULL);
579 return gpg_error (GPG_ERR_INV_CURVE);
585 identifier = "ssh-rsa";
590 if (!strcmp (curve, "NIST P-256"))
591 identifier = "ecdsa-sha2-nistp256";
592 else if (!strcmp (curve, "NIST P-384"))
593 identifier = "ecdsa-sha2-nistp384";
594 else if (!strcmp (curve, "NIST P-521"))
595 identifier = "ecdsa-sha2-nistp521";
597 err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
603 if (!strcmp (curve, "Ed25519"))
604 identifier = "ssh-ed25519";
605 else if (!strcmp (curve, "Ed448"))
606 identifier = "ssh-ed448";
608 err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
613 err = gpg_error (GPG_ERR_PUBKEY_ALGO);
620 err = sexp_to_sshblob (key, identifier, is_eddsa_flag, curve, pub_elements,
625 es_fprintf (stream, "%s ", identifier);
627 err = b64enc_start_es (&b64_state, stream, "");
634 err = b64enc_write (&b64_state, blob, bloblen);
635 b64enc_finish (&b64_state);
641 es_fprintf (stream, " %s", comment);