diff --git a/marshal.h b/marshal.h index 817620ea..bc020a8d 100644 --- a/marshal.h +++ b/marshal.h @@ -282,6 +282,8 @@ static inline void BinarySource_INIT__(BinarySource *src, ptrlen data) BinarySource_get_rsa_ssh1_pub(BinarySource_UPCAST(src), rsa, order) #define get_rsa_ssh1_priv(src, rsa) \ BinarySource_get_rsa_ssh1_priv(BinarySource_UPCAST(src), rsa) +#define get_rsa_ssh1_priv_agent(src) \ + BinarySource_get_rsa_ssh1_priv_agent(BinarySource_UPCAST(src)) #define get_err(src) (BinarySource_UPCAST(src)->err) #define get_avail(src) (BinarySource_UPCAST(src)->len - \ diff --git a/pageant.c b/pageant.c index c5cef934..70b21743 100644 --- a/pageant.c +++ b/pageant.c @@ -379,19 +379,7 @@ void pageant_handle_msg(BinarySink *bs, plog(logctx, logfn, "request: SSH1_AGENTC_ADD_RSA_IDENTITY"); - key = snew(RSAKey); - memset(key, 0, sizeof(RSAKey)); - - get_rsa_ssh1_pub(msg, key, RSA_SSH1_MODULUS_FIRST); - get_rsa_ssh1_priv(msg, key); - - /* SSH-1 names p and q the other way round, i.e. we have - * the inverse of p mod q and not of q mod p. We swap the - * names, because our internal RSA wants iqmp. */ - key->iqmp = get_mp_ssh1(msg); - key->q = get_mp_ssh1(msg); - key->p = get_mp_ssh1(msg); - + key = get_rsa_ssh1_priv_agent(msg); key->comment = mkstr(get_string(msg)); if (get_err(msg)) { diff --git a/ssh.h b/ssh.h index 06725247..af0f9d47 100644 --- a/ssh.h +++ b/ssh.h @@ -539,6 +539,7 @@ void BinarySource_get_rsa_ssh1_pub( BinarySource *src, RSAKey *result, RsaSsh1Order order); void BinarySource_get_rsa_ssh1_priv( BinarySource *src, RSAKey *rsa); +RSAKey *BinarySource_get_rsa_ssh1_priv_agent(BinarySource *src); bool rsa_ssh1_encrypt(unsigned char *data, int length, RSAKey *key); mp_int *rsa_ssh1_decrypt(mp_int *input, RSAKey *key); bool rsa_ssh1_decrypt_pkcs1(mp_int *input, RSAKey *key, strbuf *outbuf); diff --git a/sshrsa.c b/sshrsa.c index e30ca474..4b7f4b5d 100644 --- a/sshrsa.c +++ b/sshrsa.c @@ -43,6 +43,24 @@ void BinarySource_get_rsa_ssh1_priv( rsa->private_exponent = get_mp_ssh1(src); } +RSAKey *BinarySource_get_rsa_ssh1_priv_agent(BinarySource *src) +{ + RSAKey *rsa = snew(RSAKey); + memset(rsa, 0, sizeof(RSAKey)); + + get_rsa_ssh1_pub(src, rsa, RSA_SSH1_MODULUS_FIRST); + get_rsa_ssh1_priv(src, rsa); + + /* SSH-1 names p and q the other way round, i.e. we have the + * inverse of p mod q and not of q mod p. We swap the names, + * because our internal RSA wants iqmp. */ + rsa->iqmp = get_mp_ssh1(src); + rsa->q = get_mp_ssh1(src); + rsa->p = get_mp_ssh1(src); + + return rsa; +} + bool rsa_ssh1_encrypt(unsigned char *data, int length, RSAKey *key) { mp_int *b1, *b2; diff --git a/testcrypt.h b/testcrypt.h index 5f1fd612..7dc49cb8 100644 --- a/testcrypt.h +++ b/testcrypt.h @@ -187,12 +187,15 @@ FUNC2(void, ssh_ecdhkex_getpublic, val_ecdh, out_val_string_binarysink) FUNC2(val_mpint, ssh_ecdhkex_getkey, val_ecdh, val_string_ptrlen) /* - * RSA key exchange. + * RSA key exchange, and also the BinarySource get function + * get_ssh1_rsa_priv_agent, which is a convenient way to make an + * RSAKey for RSA kex testing purposes. */ FUNC1(val_rsakex, ssh_rsakex_newkey, val_string_ptrlen) FUNC1(uint, ssh_rsakex_klen, val_rsakex) FUNC3(val_string, ssh_rsakex_encrypt, val_rsakex, hashalg, val_string_ptrlen) FUNC3(val_mpint, ssh_rsakex_decrypt, val_rsakex, hashalg, val_string_ptrlen) +FUNC1(val_rsakex, get_rsa_ssh1_priv_agent, val_string_binarysource) /* * Bare RSA keys as used in SSH-1. The construction API functions