[key.c key.h]
     add improved fingerprint functions. based on work by Carsten
     Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
This commit is contained in:
Ben Lindstrom 2001-03-11 20:03:44 +00:00
parent b54873ad24
commit 96e8ea6a31
3 changed files with 147 additions and 22 deletions

View File

@ -3,6 +3,10 @@
- markus@cvs.openbsd.org 2001/03/11 13:25:36 - markus@cvs.openbsd.org 2001/03/11 13:25:36
[auth2.c key.c] [auth2.c key.c]
debug debug
- jakob@cvs.openbsd.org 2001/03/11 15:03:16
[key.c key.h]
add improved fingerprint functions. based on work by Carsten
Raskgaard <cara@int.tele.dk> and modified by me. ok markus@.
20010311 20010311
- OpenBSD CVS Sync - OpenBSD CVS Sync
@ -4496,4 +4500,4 @@
- Wrote replacements for strlcpy and mkdtemp - Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1 - Released 1.0pre1
$Id: ChangeLog,v 1.940 2001/03/11 20:01:55 mouring Exp $ $Id: ChangeLog,v 1.941 2001/03/11 20:03:44 mouring Exp $

152
key.c
View File

@ -32,7 +32,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: key.c,v 1.18 2001/03/11 13:25:36 markus Exp $"); RCSID("$OpenBSD: key.c,v 1.19 2001/03/11 15:03:15 jakob Exp $");
#include <openssl/evp.h> #include <openssl/evp.h>
@ -153,19 +153,16 @@ key_equal(Key *a, Key *b)
return 0; return 0;
} }
/* u_char*
* Generate key fingerprint in ascii format. key_fingerprint_raw(Key *k, enum fp_type dgst_type, size_t *dgst_raw_length)
* Based on ideas and code from Bjoern Groenvall <bg@sics.se>
*/
char *
key_fingerprint(Key *k)
{ {
static char retval[(EVP_MAX_MD_SIZE+1)*3];
u_char *blob = NULL; u_char *blob = NULL;
u_char *retval = NULL;
int len = 0; int len = 0;
int nlen, elen; int nlen, elen;
retval[0] = '\0'; *dgst_raw_length = 0;
switch (k->type) { switch (k->type) {
case KEY_RSA1: case KEY_RSA1:
nlen = BN_num_bytes(k->rsa->n); nlen = BN_num_bytes(k->rsa->n);
@ -183,29 +180,144 @@ key_fingerprint(Key *k)
return retval; return retval;
break; break;
default: default:
fatal("key_fingerprint: bad key type %d", k->type); fatal("key_fingerprint_raw: bad key type %d", k->type);
break; break;
} }
if (blob != NULL) { if (blob != NULL) {
int i; EVP_MD *md = NULL;
u_char digest[EVP_MAX_MD_SIZE];
EVP_MD *md = EVP_md5();
EVP_MD_CTX ctx; EVP_MD_CTX ctx;
retval = xmalloc(EVP_MAX_MD_SIZE);
switch (dgst_type) {
case SSH_FP_MD5:
md = EVP_md5();
break;
case SSH_FP_SHA1:
md = EVP_sha1();
break;
default:
fatal("key_fingerprint_raw: bad digest type %d",
dgst_type);
}
EVP_DigestInit(&ctx, md); EVP_DigestInit(&ctx, md);
EVP_DigestUpdate(&ctx, blob, len); EVP_DigestUpdate(&ctx, blob, len);
EVP_DigestFinal(&ctx, digest, NULL); EVP_DigestFinal(&ctx, retval, NULL);
for(i = 0; i < md->md_size; i++) { *dgst_raw_length = md->md_size;
char hex[4];
snprintf(hex, sizeof(hex), "%02x:", digest[i]);
strlcat(retval, hex, sizeof(retval));
}
retval[strlen(retval) - 1] = '\0';
memset(blob, 0, len); memset(blob, 0, len);
xfree(blob); xfree(blob);
} else {
fatal("key_fingerprint_raw: blob is null");
} }
return retval; return retval;
} }
char*
key_fingerprint_hex(u_char* dgst_raw, size_t dgst_raw_len)
{
char *retval;
int i;
retval = xmalloc(dgst_raw_len * 3);
retval[0] = '\0';
for(i = 0; i < dgst_raw_len; i++) {
char hex[4];
snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
strlcat(retval, hex, dgst_raw_len * 3);
}
retval[(dgst_raw_len * 3) - 1] = '\0';
return retval;
}
char*
key_fingerprint_bubblebabble(u_char* dgst_raw, size_t dgst_raw_len)
{
char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' };
char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm',
'n', 'p', 'r', 's', 't', 'v', 'z', 'x' };
u_int rounds, idx, retval_idx, seed;
char *retval;
rounds = (dgst_raw_len / 2) + 1;
retval = xmalloc(sizeof(char) * (rounds*6));
seed = 1;
retval_idx = 0;
retval[retval_idx++] = 'x';
for (idx=0;idx<rounds;idx++) {
u_int idx0, idx1, idx2, idx3, idx4;
if ((idx + 1 < rounds) || (dgst_raw_len % 2 != 0)) {
idx0 = (((((u_int)(dgst_raw[2 * idx])) >> 6) & 3) +
seed) % 6;
idx1 = (((u_int)(dgst_raw[2 * idx])) >> 2) & 15;
idx2 = ((((u_int)(dgst_raw[2 * idx])) & 3) +
(seed / 6)) % 6;
retval[retval_idx++] = vowels[idx0];
retval[retval_idx++] = consonants[idx1];
retval[retval_idx++] = vowels[idx2];
if ((idx + 1) < rounds) {
idx3 = (((u_int)(dgst_raw[(2 * idx) + 1])) >> 4) & 15;
idx4 = (((u_int)(dgst_raw[(2 * idx) + 1]))) & 15;
retval[retval_idx++] = consonants[idx3];
retval[retval_idx++] = '-';
retval[retval_idx++] = consonants[idx4];
seed = ((seed * 5) +
((((u_int)(dgst_raw[2 * idx])) * 7) +
((u_int)(dgst_raw[(2 * idx) + 1])))) % 36;
}
} else {
idx0 = seed % 6;
idx1 = 16;
idx2 = seed / 6;
retval[retval_idx++] = vowels[idx0];
retval[retval_idx++] = consonants[idx1];
retval[retval_idx++] = vowels[idx2];
}
}
retval[retval_idx++] = 'x';
retval[retval_idx++] = '\0';
return retval;
}
char*
key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
{
char *retval = NULL;
u_char *dgst_raw;
size_t dgst_raw_len;
dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len);
if (!dgst_raw)
fatal("key_fingerprint_ex: null value returned from key_fingerprint_raw()");
switch(dgst_rep) {
case SSH_FP_HEX:
retval = key_fingerprint_hex(dgst_raw, dgst_raw_len);
break;
case SSH_FP_BUBBLEBABBLE:
retval = key_fingerprint_bubblebabble(dgst_raw, dgst_raw_len);
break;
default:
fatal("key_fingerprint_ex: bad digest representation %d",
dgst_rep);
break;
}
memset(dgst_raw, 0, dgst_raw_len);
xfree(dgst_raw);
return retval;
}
char *
key_fingerprint(Key *k)
{
static char retval[(EVP_MAX_MD_SIZE + 1) * 3];
char *digest;
digest = key_fingerprint_ex(k, SSH_FP_MD5, SSH_FP_HEX);
strlcpy(retval, digest, sizeof(retval));
xfree(digest);
return retval;
}
/* /*
* Reads a multiple-precision integer in decimal from the buffer, and advances * Reads a multiple-precision integer in decimal from the buffer, and advances
* the pointer. The integer must already be initialized. This function is * the pointer. The integer must already be initialized. This function is

11
key.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: key.h,v 1.9 2001/01/29 01:58:16 niklas Exp $ */ /* $OpenBSD: key.h,v 1.10 2001/03/11 15:03:16 jakob Exp $ */
/* /*
* Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -36,6 +36,14 @@ enum types {
KEY_DSA, KEY_DSA,
KEY_UNSPEC KEY_UNSPEC
}; };
enum fp_type {
SSH_FP_SHA1,
SSH_FP_MD5
};
enum fp_rep {
SSH_FP_HEX,
SSH_FP_BUBBLEBABBLE
};
struct Key { struct Key {
int type; int type;
RSA *rsa; RSA *rsa;
@ -46,6 +54,7 @@ Key *key_new(int type);
Key *key_new_private(int type); Key *key_new_private(int type);
void key_free(Key *k); void key_free(Key *k);
int key_equal(Key *a, Key *b); int key_equal(Key *a, Key *b);
char *key_fingerprint_ex(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep);
char *key_fingerprint(Key *k); char *key_fingerprint(Key *k);
char *key_type(Key *k); char *key_type(Key *k);
int key_write(Key *key, FILE *f); int key_write(Key *key, FILE *f);