/*

* pki_crypto.c - PKI infrastructure using OpenSSL

*

* This file is part of the SSH Library

*

* Copyright (c) 2003-2009 by Aris Adamantiadis

* Copyright (c) 2009-2013 by Andreas Schneider <asn@cryptomilk.org>

* Copyright (c) 2019 by Sahana Prasad <sahana@redhat.com>

*

* The SSH Library is free software; you can redistribute it and/or modify

* it under the terms of the GNU Lesser General Public License as published by

* the Free Software Foundation; either version 2.1 of the License, or (at your

* option) any later version.

*

* The SSH Library is distributed in the hope that it will be useful, but

* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY

* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public

* License for more details.

*

* You should have received a copy of the GNU Lesser General Public License

* along with the SSH Library; see the file COPYING. If not, write to

* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,

* MA 02111-1307, USA.

*/

#ifndef _PKI_CRYPTO_H

#define _PKI_CRYPTO_H

#include "config.h"

#include "libssh/priv.h"

#include "libcrypto-compat.h"

#include <openssl/pem.h>

#include <openssl/evp.h>

#include <openssl/engine.h>

#include <openssl/err.h>

#if OPENSSL_VERSION_NUMBER < 0x30000000L

#include <openssl/dsa.h>

#include <openssl/rsa.h>

#else

#include <openssl/params.h>

#include <openssl/core_names.h>

#include <openssl/param_build.h>

#endif /* OPENSSL_VERSION_NUMBER */

#ifdef HAVE_OPENSSL_EC_H

#include <openssl/ec.h>

#endif

#ifdef HAVE_OPENSSL_ECDSA_H

#include <openssl/ecdsa.h>

#endif

#include "libssh/libssh.h"

#include "libssh/buffer.h"

#include "libssh/session.h"

#include "libssh/pki.h"

#include "libssh/pki_priv.h"

#include "libssh/bignum.h"

struct pem_get_password_struct {

ssh_auth_callback fn;

void *data;

};

static int pem_get_password(char *buf, int size, int rwflag, void *userdata) {

struct pem_get_password_struct *pgp = userdata;

(void) rwflag; /* unused */

if (buf == NULL) {

return 0;

}

memset(buf, '\0', size);

if (pgp) {

int rc;

rc = pgp->fn("Passphrase for private key:",

buf, size, 0, 0,

pgp->data);

if (rc == 0) {

return strlen(buf);

}

}

return 0;

}

void pki_key_clean(ssh_key key)

{

if (key == NULL)

return;

#if OPENSSL_VERSION_NUMBER < 0x30000000L

DSA_free(key->dsa);

key->dsa = NULL;

RSA_free(key->rsa);

key->rsa = NULL;

#endif /* OPENSSL_VERSION_NUMBER */

#ifdef HAVE_OPENSSL_ECC

/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys

* https://github.com/openssl/openssl/pull/16624

* Move whole HAVE_OPENSSL_ECC into #if < 0x3 above

*/

#if 1

EC_KEY_free(key->ecdsa);

key->ecdsa = NULL;

#endif

#endif /* HAVE_OPENSSL_ECC */

EVP_PKEY_free(key->key);

key->key = NULL;

}

#ifdef HAVE_OPENSSL_ECC

/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys

* https://github.com/openssl/openssl/pull/16624

* #if OPENSSL_VERSION_NUMBER < 0x30000000L

*/

#if 1

static int pki_key_ecdsa_to_nid(EC_KEY *k)

{

const EC_GROUP *g = EC_KEY_get0_group(k);

int nid;

nid = EC_GROUP_get_curve_name(g);

if (nid) {

return nid;

}

return -1;

}

#else

static int pki_key_ecdsa_to_nid(EVP_PKEY *k)

{

char gname[25] = { 0 };

int nid, rc;

rc = EVP_PKEY_get_utf8_string_param(k, "group", gname, 25, NULL);

if (rc != 1)

return -1;

if (strcmp(gname, NISTP256) == 0

|| strcmp(gname, "secp256r1") == 0

|| strcmp(gname, "prime256v1") == 0) {

nid = NID_X9_62_prime256v1;

} else if (strcmp(gname, NISTP384) == 0

|| strcmp(gname, "secp384r1") == 0) {

nid = NID_secp384r1;

} else if (strcmp(gname, NISTP521) == 0

|| strcmp(gname, "secp521r1") == 0) {

nid = NID_secp521r1;

} else

return -1;

return nid;

}

#endif /* OPENSSL_VERSION_NUMBER */

/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys

* https://github.com/openssl/openssl/pull/16624

* #if OPENSSL_VERSION_NUMBER < 0x30000000L

*/

#if 1

static enum ssh_keytypes_e pki_key_ecdsa_to_key_type(EC_KEY *k)

#else

static enum ssh_keytypes_e pki_key_ecdsa_to_key_type(EVP_PKEY *k)

#endif /* OPENSSL_VERSION_NUMBER */

{

int nid;

nid = pki_key_ecdsa_to_nid(k);

switch (nid) {

case NID_X9_62_prime256v1:

return SSH_KEYTYPE_ECDSA_P256;

case NID_secp384r1:

return SSH_KEYTYPE_ECDSA_P384;

case NID_secp521r1:

return SSH_KEYTYPE_ECDSA_P521;

default:

return SSH_KEYTYPE_UNKNOWN;

}

}

const char *pki_key_ecdsa_nid_to_name(int nid)

{

switch (nid) {

case NID_X9_62_prime256v1:

return "ecdsa-sha2-nistp256";

case NID_secp384r1:

return "ecdsa-sha2-nistp384";

case NID_secp521r1:

return "ecdsa-sha2-nistp521";

default:

break;

}

return "unknown";

}

static const char *pki_key_ecdsa_nid_to_char(int nid)

{

switch (nid) {

case NID_X9_62_prime256v1:

return "nistp256";

case NID_secp384r1:

return "nistp384";

case NID_secp521r1:

return "nistp521";

default:

break;

}

return "unknown";

}

int pki_key_ecdsa_nid_from_name(const char *name)

{

if (strcmp(name, "nistp256") == 0) {

return NID_X9_62_prime256v1;

} else if (strcmp(name, "nistp384") == 0) {

return NID_secp384r1;

} else if (strcmp(name, "nistp521") == 0) {

return NID_secp521r1;

}

return -1;

}

/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys

* https://github.com/openssl/openssl/pull/16624

* #if OPENSSL_VERSION_NUMBER < 0x30000000L

*/

#if 1

static ssh_string make_ecpoint_string(const EC_GROUP *g,

const EC_POINT *p)

{

ssh_string s;

size_t len;

len = EC_POINT_point2oct(g,

p,

POINT_CONVERSION_UNCOMPRESSED,

NULL,

0,

NULL);

if (len == 0) {

return NULL;

}

s = ssh_string_new(len);

if (s == NULL) {

return NULL;

}

len = EC_POINT_point2oct(g,

p,

POINT_CONVERSION_UNCOMPRESSED,

ssh_string_data(s),

ssh_string_len(s),

NULL);

if (len != ssh_string_len(s)) {

SSH_STRING_FREE(s);

return NULL;

}

return s;

}

#endif /* OPENSSL_VERSION_NUMBER */

int pki_privkey_build_ecdsa(ssh_key key, int nid, ssh_string e, ssh_string exp)

{

/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys

* https://github.com/openssl/openssl/pull/16624

* #if OPENSSL_VERSION_NUMBER < 0x30000000L

*/

#if 1

EC_POINT *p = NULL;

const EC_GROUP *g = NULL;

int ok;

BIGNUM *bexp = NULL;

#else

int rc;

const BIGNUM *expb;

const char *group_name = OSSL_EC_curve_nid2name(nid);

OSSL_PARAM_BLD *param_bld = NULL;

if (group_name == NULL) {

return -1;

}

expb = ssh_make_string_bn(exp);

#endif /* OPENSSL_VERSION_NUMBER */

key->ecdsa_nid = nid;

key->type_c = pki_key_ecdsa_nid_to_name(nid);

/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys

* https://github.com/openssl/openssl/pull/16624

* #if OPENSSL_VERSION_NUMBER < 0x30000000L

*/

#if 1

key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid);

if (key->ecdsa == NULL) {

return -1;

}

g = EC_KEY_get0_group(key->ecdsa);

p = EC_POINT_new(g);

if (p == NULL) {

return -1;

}

ok = EC_POINT_oct2point(g,

p,

ssh_string_data(e),

ssh_string_len(e),

NULL);

if (!ok) {

EC_POINT_free(p);

return -1;

}

/* EC_KEY_set_public_key duplicates p */

ok = EC_KEY_set_public_key(key->ecdsa, p);

EC_POINT_free(p);

if (!ok) {

return -1;

}

bexp = ssh_make_string_bn(exp);

if (bexp == NULL) {

EC_KEY_free(key->ecdsa);

return -1;

}

/* EC_KEY_set_private_key duplicates exp */

ok = EC_KEY_set_private_key(key->ecdsa, bexp);

BN_free(bexp);

if (!ok) {

EC_KEY_free(key->ecdsa);

return -1;

}

return 0;

#else

param_bld = OSSL_PARAM_BLD_new();

if (param_bld == NULL)

goto err;

rc = OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_PKEY_PARAM_GROUP_NAME,

group_name, strlen(group_name));

if (rc != 1)

goto err;

rc = OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_PKEY_PARAM_PUB_KEY,

ssh_string_data(e), ssh_string_len(e));

if (rc != 1)

goto err;

rc = OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, expb);

if (rc != 1)

goto err;

rc = evp_build_pkey("EC", param_bld, &(key->key), EVP_PKEY_KEYPAIR);

OSSL_PARAM_BLD_free(param_bld);

return rc;

err:

OSSL_PARAM_BLD_free(param_bld);

return -1;

#endif /* OPENSSL_VERSION_NUMBER */

}

int pki_pubkey_build_ecdsa(ssh_key key, int nid, ssh_string e)

{

/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys

* https://github.com/openssl/openssl/pull/16624

* #if OPENSSL_VERSION_NUMBER < 0x30000000L

*/

#if 1

EC_POINT *p = NULL;

const EC_GROUP *g = NULL;

int ok;

#else

int rc;

const char *group_name = OSSL_EC_curve_nid2name(nid);

OSSL_PARAM_BLD *param_bld;

#endif /* OPENSSL_VERSION_NUMBER */

key->ecdsa_nid = nid;

key->type_c = pki_key_ecdsa_nid_to_name(nid);

/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys

* https://github.com/openssl/openssl/pull/16624

* #if OPENSSL_VERSION_NUMBER < 0x30000000L

*/

#if 1

key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid);

if (key->ecdsa == NULL) {

return -1;

}

g = EC_KEY_get0_group(key->ecdsa);

p = EC_POINT_new(g);

if (p == NULL) {

return -1;

}

ok = EC_POINT_oct2point(g,

p,

ssh_string_data(e),

ssh_string_len(e),

NULL);

if (!ok) {

EC_POINT_free(p);

return -1;

}

/* EC_KEY_set_public_key duplicates p */

ok = EC_KEY_set_public_key(key->ecdsa, p);

EC_POINT_free(p);

if (!ok) {

return -1;

}

return 0;

#else

param_bld = OSSL_PARAM_BLD_new();

if (param_bld == NULL)

goto err;

rc = OSSL_PARAM_BLD_push_utf8_string(param_bld, OSSL_PKEY_PARAM_GROUP_NAME,

group_name, strlen(group_name));

if (rc != 1)

goto err;

rc = OSSL_PARAM_BLD_push_octet_string(param_bld, OSSL_PKEY_PARAM_PUB_KEY,

ssh_string_data(e), ssh_string_len(e));

if (rc != 1)

goto err;

rc = evp_build_pkey("EC", param_bld, &(key->key), EVP_PKEY_PUBLIC_KEY);

OSSL_PARAM_BLD_free(param_bld);

return rc;

err:

OSSL_PARAM_BLD_free(param_bld);

return -1;

#endif /* OPENSSL_VERSION_NUMBER */

}

#endif /* HAVE_OPENSSL_ECC */

ssh_key pki_key_dup(const ssh_key key, int demote)

{

ssh_key new = NULL;

int rc;

new = ssh_key_new();

if (new == NULL) {

return NULL;

}

new->type = key->type;

new->type_c = key->type_c;

if (demote) {

new->flags = SSH_KEY_FLAG_PUBLIC;

} else {

new->flags = key->flags;

}

switch (key->type) {

case SSH_KEYTYPE_DSS: {

#if OPENSSL_VERSION_NUMBER < 0x30000000L

const BIGNUM *p = NULL, *q = NULL, *g = NULL,

*pub_key = NULL, *priv_key = NULL;

BIGNUM *np, *nq, *ng, *npub_key, *npriv_key;

new->dsa = DSA_new();

if (new->dsa == NULL) {

goto fail;

}

/*

* p = public prime number

* q = public 160-bit subprime, q | p-1

* g = public generator of subgroup

* pub_key = public key y = g^x

* priv_key = private key x

*/

DSA_get0_pqg(key->dsa, &p, &q, &g);

np = BN_dup(p);

nq = BN_dup(q);

ng = BN_dup(g);

if (np == NULL || nq == NULL || ng == NULL) {

BN_free(np);

BN_free(nq);

BN_free(ng);

goto fail;

}

/* Memory management of np, nq and ng is transferred to DSA object */

rc = DSA_set0_pqg(new->dsa, np, nq, ng);

if (rc == 0) {

BN_free(np);

BN_free(nq);

BN_free(ng);

goto fail;

}

DSA_get0_key(key->dsa, &pub_key, &priv_key);

npub_key = BN_dup(pub_key);

if (npub_key == NULL) {

goto fail;

}

/* Memory management of npubkey is transferred to DSA object */

rc = DSA_set0_key(new->dsa, npub_key, NULL);

if (rc == 0) {

goto fail;

}

if (!demote && (key->flags & SSH_KEY_FLAG_PRIVATE)) {

npriv_key = BN_dup(priv_key);

if (npriv_key == NULL) {

goto fail;

}

/* Memory management of npriv_key is transferred to DSA object */

rc = DSA_set0_key(new->dsa, NULL, npriv_key);

if (rc == 0) {

goto fail;

}

}

#else

rc = evp_dup_dsa_pkey(key, new, demote);

if (rc != SSH_OK) {

goto fail;

}

#endif /* OPENSSL_VERSION_NUMBER */

break;

}

case SSH_KEYTYPE_RSA:

case SSH_KEYTYPE_RSA1: {

#if OPENSSL_VERSION_NUMBER < 0x30000000L

const BIGNUM *n = NULL, *e = NULL, *d = NULL;

BIGNUM *nn, *ne, *nd;

#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L */

#ifdef WITH_PKCS11_URI

/* Take the PKCS#11 keys as they are */

if (key->flags & SSH_KEY_FLAG_PKCS11_URI && !demote) {

rc = EVP_PKEY_up_ref(key->key);

if (rc != 1) {

goto fail;

}

new->key = key->key;

return new;

}

#endif /* WITH_PKCS11_URI */

#if OPENSSL_VERSION_NUMBER < 0x30000000L

new->rsa = RSA_new();

if (new->rsa == NULL) {

goto fail;

}

/*

* n = public modulus

* e = public exponent

* d = private exponent

* p = secret prime factor

* q = secret prime factor

* dmp1 = d mod (p-1)

* dmq1 = d mod (q-1)

* iqmp = q^-1 mod p

*/

RSA_get0_key(key->rsa, &n, &e, &d);

nn = BN_dup(n);

ne = BN_dup(e);

if (nn == NULL || ne == NULL) {

BN_free(nn);

BN_free(ne);

goto fail;

}

/* Memory management of nn and ne is transferred to RSA object */

rc = RSA_set0_key(new->rsa, nn, ne, NULL);

if (rc == 0) {

BN_free(nn);

BN_free(ne);

goto fail;

}

if (!demote && (key->flags & SSH_KEY_FLAG_PRIVATE)) {

const BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL,

*dmq1 = NULL, *iqmp = NULL;

BIGNUM *np, *nq, *ndmp1, *ndmq1, *niqmp;

nd = BN_dup(d);

if (nd == NULL) {

goto fail;

}

/* Memory management of nd is transferred to RSA object */

rc = RSA_set0_key(new->rsa, NULL, NULL, nd);

if (rc == 0) {

goto fail;

}

/* p, q, dmp1, dmq1 and iqmp may be NULL in private keys, but the

* RSA operations are much faster when these values are available.

*/

RSA_get0_factors(key->rsa, &p, &q);

if (p != NULL && q != NULL) { /* need to set both of them */

np = BN_dup(p);

nq = BN_dup(q);

if (np == NULL || nq == NULL) {

BN_free(np);

BN_free(nq);

goto fail;

}

/* Memory management of np and nq is transferred to RSA object */

rc = RSA_set0_factors(new->rsa, np, nq);

if (rc == 0) {

BN_free(np);

BN_free(nq);

goto fail;

}

}

RSA_get0_crt_params(key->rsa, &dmp1, &dmq1, &iqmp);

if (dmp1 != NULL || dmq1 != NULL || iqmp != NULL) {

ndmp1 = BN_dup(dmp1);

ndmq1 = BN_dup(dmq1);

niqmp = BN_dup(iqmp);

if (ndmp1 == NULL || ndmq1 == NULL || niqmp == NULL) {

BN_free(ndmp1);

BN_free(ndmq1);

BN_free(niqmp);

goto fail;

}

/* Memory management of ndmp1, ndmq1 and niqmp is transferred

* to RSA object */

rc = RSA_set0_crt_params(new->rsa, ndmp1, ndmq1, niqmp);

if (rc == 0) {

BN_free(ndmp1);

BN_free(ndmq1);

BN_free(niqmp);

goto fail;

}

}

}

#else

rc = evp_dup_rsa_pkey(key, new, demote);

if (rc != SSH_OK) {

goto fail;

}

#endif /* OPENSSL_VERSION_NUMBER */

break;

}

case SSH_KEYTYPE_ECDSA_P256:

case SSH_KEYTYPE_ECDSA_P384:

case SSH_KEYTYPE_ECDSA_P521:

#ifdef HAVE_OPENSSL_ECC

new->ecdsa_nid = key->ecdsa_nid;

#ifdef WITH_PKCS11_URI

/* Take the PKCS#11 keys as they are */

if (key->flags & SSH_KEY_FLAG_PKCS11_URI && !demote) {

rc = EVP_PKEY_up_ref(key->key);

if (rc != 1) {

goto fail;

}

new->key = key->key;

rc = EC_KEY_up_ref(key->ecdsa);

if (rc != 1) {

goto fail;

}

new->ecdsa = key->ecdsa;

return new;

}

#endif /* WITH_PKCS11_URI */

/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys

* https://github.com/openssl/openssl/pull/16624

* #if OPENSSL_VERSION_NUMBER < 0x30000000L

*/

#if 1

/* privkey -> pubkey */

if (demote && ssh_key_is_private(key)) {

const EC_POINT *p;

int ok;

new->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid);

if (new->ecdsa == NULL) {

goto fail;

}

p = EC_KEY_get0_public_key(key->ecdsa);

if (p == NULL) {

goto fail;

}

ok = EC_KEY_set_public_key(new->ecdsa, p);

if (!ok) {

goto fail;

}

} else {

rc = EC_KEY_up_ref(key->ecdsa);

if (rc != 1) {

goto fail;

}

new->ecdsa = key->ecdsa;

}

#else

rc = evp_dup_ecdsa_pkey(key, new, demote);

if (rc != SSH_OK) {

goto fail;

}

#endif /* OPENSSL_VERSION_NUMBER */

break;

#endif /* HAVE_OPENSSL_ECC */

case SSH_KEYTYPE_ED25519:

rc = pki_ed25519_key_dup(new, key);

if (rc != SSH_OK) {

goto fail;

}

break;

case SSH_KEYTYPE_UNKNOWN:

default:

ssh_key_free(new);

return NULL;

}

return new;

fail:

ssh_key_free(new);

return NULL;

}

int pki_key_generate_rsa(ssh_key key, int parameter){

int rc;

#if OPENSSL_VERSION_NUMBER < 0x30000000L

BIGNUM *e;

#else

OSSL_PARAM params[3];

EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);

unsigned e = 65537;

#endif /* OPENSSL_VERSION_NUMBER */

#if OPENSSL_VERSION_NUMBER < 0x30000000L

e = BN_new();

key->rsa = RSA_new();

BN_set_word(e, 65537);

rc = RSA_generate_key_ex(key->rsa, parameter, e, NULL);

BN_free(e);

if (rc <= 0 || key->rsa == NULL)

return SSH_ERROR;

#else

key->key = NULL;

rc = EVP_PKEY_keygen_init(pctx);

if (rc != 1) {

EVP_PKEY_CTX_free(pctx);

return SSH_ERROR;

}

params[0] = OSSL_PARAM_construct_int("bits", &parameter);

params[1] = OSSL_PARAM_construct_uint("e", &e);

params[2] = OSSL_PARAM_construct_end();

rc = EVP_PKEY_CTX_set_params(pctx, params);

if (rc != 1) {

EVP_PKEY_CTX_free(pctx);

return SSH_ERROR;

}

rc = EVP_PKEY_generate(pctx, &(key->key));

EVP_PKEY_CTX_free(pctx);

if (rc != 1 || key->key == NULL)

return SSH_ERROR;

#endif /* OPENSSL_VERSION_NUMBER */

return SSH_OK;

}

int pki_key_generate_dss(ssh_key key, int parameter){

int rc;

#if OPENSSL_VERSION_NUMBER < 0x30000000L

key->dsa = DSA_new();

if (key->dsa == NULL) {

return SSH_ERROR;

}

rc = DSA_generate_parameters_ex(key->dsa,

parameter,

NULL, /* seed */

0, /* seed_len */

NULL, /* counter_ret */

NULL, /* h_ret */

NULL); /* cb */

if (rc != 1) {

DSA_free(key->dsa);

key->dsa = NULL;

return SSH_ERROR;

}

rc = DSA_generate_key(key->dsa);

if (rc != 1) {

DSA_free(key->dsa);

key->dsa=NULL;

return SSH_ERROR;

}

#else

OSSL_PARAM params[3];

EVP_PKEY *param_key = NULL;

EVP_PKEY_CTX *pctx = NULL;

EVP_PKEY_CTX *gctx = NULL;

int qbits = parameter < 2048 ? 160 : 256;

key->key = EVP_PKEY_new();

if (key->key == NULL) {

return SSH_ERROR;

}

pctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL);

if (pctx == NULL) {

return SSH_ERROR;

}

rc = EVP_PKEY_paramgen_init(pctx);

if (rc != 1) {

EVP_PKEY_CTX_free(pctx);

return SSH_ERROR;

}

params[0] = OSSL_PARAM_construct_int("pbits", &parameter);

params[1] = OSSL_PARAM_construct_int("qbits", &qbits);

params[2] = OSSL_PARAM_construct_end();

rc = EVP_PKEY_CTX_set_params(pctx, params);

if (rc != 1) {

EVP_PKEY_CTX_free(pctx);

return SSH_ERROR;

}

/* generating the domain parameters */

rc = EVP_PKEY_generate(pctx, &param_key);

if (rc != 1) {

EVP_PKEY_CTX_free(pctx);

EVP_PKEY_free(param_key);

return SSH_ERROR;

}

EVP_PKEY_CTX_free(pctx);

gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL);

if (gctx == NULL) {

EVP_PKEY_free(param_key);

return SSH_ERROR;

}

EVP_PKEY_free(param_key);

rc = EVP_PKEY_keygen_init(gctx);

if (rc != 1) {

EVP_PKEY_CTX_free(gctx);

return SSH_ERROR;

}

/* generating the key from the domain parameters */

rc = EVP_PKEY_generate(gctx, &key->key);

if (rc != 1) {

EVP_PKEY_free(key->key);

key->key = NULL;

EVP_PKEY_CTX_free(gctx);

return SSH_ERROR;

}

EVP_PKEY_CTX_free(gctx);

#endif /* OPENSSL_VERSION_NUMBER */

return SSH_OK;

}

#ifdef HAVE_OPENSSL_ECC

int pki_key_generate_ecdsa(ssh_key key, int parameter) {

/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys

* https://github.com/openssl/openssl/pull/16624

* #if OPENSSL_VERSION_NUMBER < 0x30000000L

*/

#if 1

int ok;

#else

const char *group_name = NULL;

#endif /* OPENSSL_VERSION_NUMBER */

switch (parameter) {

case 256:

key->ecdsa_nid = NID_X9_62_prime256v1;

key->type = SSH_KEYTYPE_ECDSA_P256;

/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys

* https://github.com/openssl/openssl/pull/16624

* #if OPENSSL_VERSION_NUMBER >= 0x30000000L

*/

#if 0

group_name = NISTP256;

#endif /* OPENSSL_VERSION_NUMBER */

break;

case 384:

key->ecdsa_nid = NID_secp384r1;

key->type = SSH_KEYTYPE_ECDSA_P384;

/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys

* https://github.com/openssl/openssl/pull/16624

* #if OPENSSL_VERSION_NUMBER >= 0x30000000L

*/

#if 0

group_name = NISTP384;

#endif /* OPENSSL_VERSION_NUMBER */

break;

case 521:

key->ecdsa_nid = NID_secp521r1;

key->type = SSH_KEYTYPE_ECDSA_P521;

/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys

* https://github.com/openssl/openssl/pull/16624

* #if OPENSSL_VERSION_NUMBER >= 0x30000000L

*/

#if 0

group_name = NISTP521;

#endif /* OPENSSL_VERSION_NUMBER */

break;

default:

SSH_LOG(SSH_LOG_WARN, "Invalid parameter %d for ECDSA key "

"generation", parameter);

return SSH_ERROR;

}

/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys

* https://github.com/openssl/openssl/pull/16624

* #if OPENSSL_VERSION_NUMBER < 0x30000000L

*/

#if 1

key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid);

if (key->ecdsa == NULL) {

return SSH_ERROR;

}

#else

key->key = EVP_EC_gen(group_name);

if (key->key == NULL) {

return SSH_ERROR;

}

#endif /* OPENSSL_VERSION_NUMBER */

/* TODO Change to new API when the OpenSSL will support export of uncompressed EC keys

* https://github.com/openssl/openssl/pull/16624

* #if OPENSSL_VERSION_NUMBER < 0x30000000L

*/

#if 1

ok = EC_KEY_generate_key(key->ecdsa);

if (!ok) {

EC_KEY_free(key->ecdsa);

return SSH_ERROR;

}

EC_KEY_set_asn1_flag(key->ecdsa, OPENSSL_EC_NAMED_CURVE);

#endif /* OPENSSL_VERSION_NUMBER */

return SSH_OK;

}

#endif /* HAVE_OPENSSL_ECC */

/* With OpenSSL 3.0 and higher the parameter 'what'

* is ignored and the comparison is done by OpenSSL

*/

int pki_key_compare(const ssh_key k1,

const ssh_key k2,

enum ssh_keycmp_e what)

{

#if OPENSSL_VERSION_NUMBER >= 0x30000000L

int rc;

(void) what;

#endif /* OPENSSL_VERSION_NUMBER */

switch (k1->type) {

case SSH_KEYTYPE_DSS:

#if OPENSSL_VERSION_NUMBER < 0x30000000L

{

const BIGNUM *p1, *p2, *q1, *q2, *g1, *g2,

*pub_key1, *pub_key2, *priv_key1, *priv_key2;

if (DSA_size(k1->dsa) != DSA_size(k2->dsa)) {

return 1;

}

DSA_get0_pqg(k1->dsa, &p1, &q1, &g1);

DSA_get0_pqg(k2->dsa, &p2, &q2, &g2);

if (bignum_cmp(p1, p2) != 0) {

return 1;

}

if (bignum_cmp(q1, q2) != 0) {

return 1;

}

if (bignum_cmp(g1, g2) != 0) {

return 1;

}

DSA_get0_key(k1->dsa, &pub_key1, &priv_key1);

DSA_get0_key(k2->dsa, &pub_key2, &priv_key2);

if (bignum_cmp(pub_key1, pub_key2) != 0) {

return 1;

}

if (what == SSH_KEY_CMP_PRIVATE) {

if (bignum_cmp(priv_key1, priv_key2) != 0) {

return 1;

}

}

break;

}