1 /* $OpenBSD: key.c,v 1.131 2017/05/30 14:16:41 markus Exp $ */
3 * placed in the public domain
14 #define SSH_KEY_NO_DEFINE
24 fatal_on_fatal_errors(int r, const char *func, int extra_fatal)
26 if (r == SSH_ERR_INTERNAL_ERROR ||
27 r == SSH_ERR_ALLOC_FAIL ||
28 (extra_fatal != 0 && r == extra_fatal))
29 fatal("%s: %s", func, ssh_err(r));
33 key_from_blob(const u_char *blob, u_int blen)
38 if ((r = sshkey_from_blob(blob, blen, &ret)) != 0) {
39 fatal_on_fatal_errors(r, __func__, 0);
40 error("%s: %s", __func__, ssh_err(r));
47 key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
57 if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) {
58 fatal_on_fatal_errors(r, __func__, 0);
59 error("%s: %s", __func__, ssh_err(r));
63 fatal("%s: giant len %zu", __func__, blen);
72 key_sign(const Key *key, u_char **sigp, u_int *lenp,
73 const u_char *data, u_int datalen, const char *alg)
83 if ((r = sshkey_sign(key, &sig, &siglen,
84 data, datalen, alg, datafellows)) != 0) {
85 fatal_on_fatal_errors(r, __func__, 0);
86 error("%s: %s", __func__, ssh_err(r));
90 fatal("%s: giant len %zu", __func__, siglen);
99 key_verify(const Key *key, const u_char *signature, u_int signaturelen,
100 const u_char *data, u_int datalen)
104 if ((r = sshkey_verify(key, signature, signaturelen,
105 data, datalen, datafellows)) != 0) {
106 fatal_on_fatal_errors(r, __func__, 0);
107 error("%s: %s", __func__, ssh_err(r));
108 return r == SSH_ERR_SIGNATURE_INVALID ? 0 : -1;
114 key_demote(const Key *k)
119 if ((r = sshkey_demote(k, &ret)) != 0)
120 fatal("%s: %s", __func__, ssh_err(r));
125 key_drop_cert(Key *k)
129 if ((r = sshkey_drop_cert(k)) != 0) {
130 fatal_on_fatal_errors(r, __func__, 0);
131 error("%s: %s", __func__, ssh_err(r));
138 key_cert_check_authority(const Key *k, int want_host, int require_principal,
139 const char *name, const char **reason)
143 if ((r = sshkey_cert_check_authority(k, want_host, require_principal,
144 name, reason)) != 0) {
145 fatal_on_fatal_errors(r, __func__, 0);
146 error("%s: %s", __func__, ssh_err(r));
155 key_load_cert(const char *filename)
160 if ((r = sshkey_load_cert(filename, &ret)) != 0) {
161 fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
162 /* Old authfile.c ignored all file errors. */
163 if (r == SSH_ERR_SYSTEM_ERROR)
164 debug("%s: %s", __func__, ssh_err(r));
166 error("%s: %s", __func__, ssh_err(r));
174 key_load_public(const char *filename, char **commentp)
179 if ((r = sshkey_load_public(filename, &ret, commentp)) != 0) {
180 fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
181 /* Old authfile.c ignored all file errors. */
182 if (r == SSH_ERR_SYSTEM_ERROR)
183 debug("%s: %s", __func__, ssh_err(r));
185 error("%s: %s", __func__, ssh_err(r));
192 key_load_private(const char *path, const char *passphrase,
198 if ((r = sshkey_load_private(path, passphrase, &ret, commentp)) != 0) {
199 fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
200 /* Old authfile.c ignored all file errors. */
201 if (r == SSH_ERR_SYSTEM_ERROR ||
202 r == SSH_ERR_KEY_WRONG_PASSPHRASE)
203 debug("%s: %s", __func__, ssh_err(r));
205 error("%s: %s", __func__, ssh_err(r));
212 key_load_private_cert(int type, const char *filename, const char *passphrase,
218 if ((r = sshkey_load_private_cert(type, filename, passphrase,
219 &ret, perm_ok)) != 0) {
220 fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
221 /* Old authfile.c ignored all file errors. */
222 if (r == SSH_ERR_SYSTEM_ERROR ||
223 r == SSH_ERR_KEY_WRONG_PASSPHRASE)
224 debug("%s: %s", __func__, ssh_err(r));
226 error("%s: %s", __func__, ssh_err(r));
233 key_load_private_type(int type, const char *filename, const char *passphrase,
234 char **commentp, int *perm_ok)
239 if ((r = sshkey_load_private_type(type, filename, passphrase,
240 &ret, commentp, perm_ok)) != 0) {
241 fatal_on_fatal_errors(r, __func__, SSH_ERR_LIBCRYPTO_ERROR);
242 /* Old authfile.c ignored all file errors. */
243 if (r == SSH_ERR_SYSTEM_ERROR ||
244 (r == SSH_ERR_KEY_WRONG_PASSPHRASE))
245 debug("%s: %s", __func__, ssh_err(r));
247 error("%s: %s", __func__, ssh_err(r));