dropbear: keyimport.c annotate

annotate keyimport.c @ 1930:299f4f19ba19

Add /usr/sbin and /sbin to default root PATH When dropbear is used in a very restricted environment (such as in a initrd), the default user shell is often also very restricted and doesn't take care of setting the PATH so the user ends up with the PATH set by dropbear. Unfortunately, dropbear always sets "/usr/bin:/bin" as default PATH even for the root user which should have /usr/sbin and /sbin too. For a concrete instance of this problem, see the "Remote Unlocking" section in this tutorial: https://paxswill.com/blog/2013/11/04/encrypted-raspberry-pi/ It speaks of a bug in the initramfs script because it's written "blkid" instead of "/sbin/blkid"... this is just because the scripts from the initramfs do not expect to have a PATH without the sbin directories and because dropbear is not setting the PATH appropriately for the root user. I'm thus suggesting to use the attached patch to fix this misbehaviour (I did not test it, but it's easy enough). It might seem anecdotic but multiple Kali users have been bitten by this. From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903403

author	Raphael Hertzog <hertzog@debian.org>
date	Mon, 09 Jul 2018 16:27:53 +0200
parents	f978a15194ba
children

rev	line source
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 * Based on PuTTY's import.c for importing/exporting OpenSSH and SSH.com
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 * keyfiles.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 *
1914 f978a15194ba Remove commented ssh.com code from keyimport Matt Johnston <matt@ucc.asn.au> parents: 1913 diff changeset	5 * Modifications copyright 2003-2022 Matt Johnston
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7 * PuTTY is copyright 1997-2003 Simon Tatham.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 * Portions copyright Robert de Bath, Joris van Rantwijk, Delian
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 * Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 * Justin Bradford, and CORE SDI S.A.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 * Permission is hereby granted, free of charge, to any person
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 * obtaining a copy of this software and associated documentation files
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 * (the "Software"), to deal in the Software without restriction,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 * including without limitation the rights to use, copy, modify, merge,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 * publish, distribute, sublicense, and/or sell copies of the Software,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 * and to permit persons to whom the Software is furnished to do so,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 * subject to the following conditions:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 * The above copyright notice and this permission notice shall be
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 * included in all copies or substantial portions of the Software.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 * NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28 * FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29 * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	30 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	31 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	32
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	33 #include "keyimport.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	34 #include "bignum.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	35 #include "buffer.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	36 #include "dbutil.h"
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	37 #include "ecc.h"
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	38 #include "ssh.h"
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	39 #include "rsa.h"
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	40 #include "dss.h"
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	41 #include "ed25519.h"
1911 ced53051e200 Add ecdsa OpenSSH format for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1908 diff changeset	42 #include "ecdsa.h"
1908 eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	43 #include "signkey_ossh.h"
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	44
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	45 static const unsigned char OSSH_PKEY_BLOB[] =
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	46 "openssh-key-v1\0" /* AUTH_MAGIC */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	47 "\0\0\0\4none" /* cipher name*/
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	48 "\0\0\0\4none" /* kdf name */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	49 "\0\0\0\0" /* kdf */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	50 "\0\0\0\1"; /* key num */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	51 #define OSSH_PKEY_BLOBLEN (sizeof(OSSH_PKEY_BLOB) - 1)
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	52 #if DROPBEAR_ECDSA
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	53 static const unsigned char OID_SEC256R1_BLOB[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07};
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	54 static const unsigned char OID_SEC384R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x22};
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	55 static const unsigned char OID_SEC521R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x23};
1294 56aba7dedbea options for disabling "normal" DH Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	56 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	58 #define PUT_32BIT(cp, value) do { \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	59 (cp)[3] = (unsigned char)(value); \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	60 (cp)[2] = (unsigned char)((value) >> 8); \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	61 (cp)[1] = (unsigned char)((value) >> 16); \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	62 (cp)[0] = (unsigned char)((value) >> 24); } while (0)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	63
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	64 #define GET_32BIT(cp) \
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	65 (((unsigned long)(unsigned char)(cp)[0] << 24) \| \
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	66 ((unsigned long)(unsigned char)(cp)[1] << 16) \| \
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	67 ((unsigned long)(unsigned char)(cp)[2] << 8) \| \
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	68 ((unsigned long)(unsigned char)(cp)[3]))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	69
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	70 static int openssh_encrypted(const char *filename);
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1395 diff changeset	71 static sign_key openssh_read(const char filename, const char *passphrase);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	72 static int openssh_write(const char filename, sign_key key,
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1395 diff changeset	73 const char *passphrase);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	74
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	75 static int dropbear_write(const charfilename, sign_key key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	76 static sign_key dropbear_read(const char filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	77
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	78 static int toint(unsigned u);
34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	79
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	80 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	81 static int sshcom_encrypted(const char filename, char *comment);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	82 static struct ssh2_userkey sshcom_read(const char filename, char *passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	83 static int sshcom_write(const char filename, struct ssh2_userkey key,
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	84 char *passphrase);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	85 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	86
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	87 int import_encrypted(const char* filename, int filetype) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	88
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	89 if (filetype == KEYFILE_OPENSSH) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	90 return openssh_encrypted(filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	91 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	92 } else if (filetype == KEYFILE_SSHCOM) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	93 return sshcom_encrypted(filename, NULL);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	94 #endif
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	95 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	96 return 0;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	97 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	98
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1395 diff changeset	99 sign_key import_read(const char filename, const char *passphrase, int filetype) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	100
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	101 if (filetype == KEYFILE_OPENSSH) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	102 return openssh_read(filename, passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	103 } else if (filetype == KEYFILE_DROPBEAR) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	104 return dropbear_read(filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	105 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	106 } else if (filetype == KEYFILE_SSHCOM) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	107 return sshcom_read(filename, passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	108 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	109 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	110 return NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	111 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	112
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1395 diff changeset	113 int import_write(const char filename, sign_key key, const char *passphrase,
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	114 int filetype) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	115
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	116 if (filetype == KEYFILE_OPENSSH) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	117 return openssh_write(filename, key, passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	118 } else if (filetype == KEYFILE_DROPBEAR) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	119 return dropbear_write(filename, key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	120 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	121 } else if (filetype == KEYFILE_SSHCOM) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	122 return sshcom_write(filename, key, passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	123 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	124 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	125 return 0;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	126 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	127
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	128 static sign_key dropbear_read(const char filename) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	129
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	130 buffer * buf = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	131 sign_key *ret = NULL;
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 845 diff changeset	132 enum signkey_type type;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	133
73 0bf5cebe622c Dropbearkey can now print out pubkey portions Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	134 buf = buf_new(MAX_PRIVKEY_SIZE);
0bf5cebe622c Dropbearkey can now print out pubkey portions Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	135 if (buf_readfile(buf, filename) == DROPBEAR_FAILURE) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	136 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	137 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	138
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	139 buf_setpos(buf, 0);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	140 ret = new_sign_key();
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	141
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	142 type = DROPBEAR_SIGNKEY_ANY;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	143 if (buf_get_priv_key(buf, ret, &type) == DROPBEAR_FAILURE){
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	144 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	145 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	146 buf_free(buf);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	147
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	148 ret->type = type;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	149
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	150 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	151
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	152 error:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	153 if (buf) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	154 buf_free(buf);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	155 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	156 if (ret) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	157 sign_key_free(ret);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	158 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	159 return NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	160 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	161
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	162 /* returns 0 on fail, 1 on success */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	163 static int dropbear_write(const charfilename, sign_key key) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	164
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	165 buffer * buf;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	166 FILE*fp;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	167 int len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	168 int ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	169
73 0bf5cebe622c Dropbearkey can now print out pubkey portions Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	170 buf = buf_new(MAX_PRIVKEY_SIZE);
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	171 buf_put_priv_key(buf, key, key->type);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	172
87 680a0bc9df0a Some small fixes for unused vars, and old messages Matt Johnston <matt@ucc.asn.au> parents: 73 diff changeset	173 fp = fopen(filename, "w");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	174 if (!fp) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	175 ret = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	176 goto out;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	177 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	178
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	179 buf_setpos(buf, 0);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	180 do {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	181 len = fwrite(buf_getptr(buf, buf->len - buf->pos),
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	182 1, buf->len - buf->pos, fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	183 buf_incrpos(buf, len);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	184 } while (len > 0 && buf->len != buf->pos);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	185
256 ac890087b8c1 * keyimport.c: fclose() the key file to make sure data gets written Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	186 fclose(fp);
ac890087b8c1 * keyimport.c: fclose() the key file to make sure data gets written Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	187
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	188 if (buf->pos != buf->len) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	189 ret = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	190 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	191 ret = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	192 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	193 out:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	194 buf_free(buf);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	195 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	196 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	197
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	198
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	199 /* ----------------------------------------------------------------------
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	200 * Helper routines. (The base64 ones are defined in sshpubk.c.)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	201 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	202
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	203 #define isbase64(c) ( ((c) >= 'A' && (c) <= 'Z') \|\| \
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	204 ((c) >= 'a' && (c) <= 'z') \|\| \
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	205 ((c) >= '0' && (c) <= '9') \|\| \
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	206 (c) == '+' \|\| (c) == '/' \|\| (c) == '=' \
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	207 )
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	208
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	209 /* cpl has to be less than 100 */
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1395 diff changeset	210 static void base64_encode_fp(FILE * fp, const unsigned char *data,
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	211 int datalen, int cpl)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	212 {
1094 c45d65392c1a Fix pointer differ in signess warnings [-Werror=pointer-sign] Gaël PORTAY <gael.portay@gmail.com> parents: 1089 diff changeset	213 unsigned char out[100];
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1124 diff changeset	214 int n;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	215 unsigned long outlen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	216 int rawcpl;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	217 rawcpl = cpl * 3 / 4;
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	218 dropbear_assert((unsigned int)cpl < sizeof(out));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	219
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1124 diff changeset	220 while (datalen > 0) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	221 n = (datalen < rawcpl ? datalen : rawcpl);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	222 outlen = sizeof(out);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	223 base64_encode(data, n, out, &outlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	224 data += n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	225 datalen -= n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	226 fwrite(out, 1, outlen, fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	227 fputc('\n', fp);
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1124 diff changeset	228 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	229 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	230 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	231 * Read an ASN.1/BER identifier and length pair.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	232 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	233 * Flags are a combination of the #defines listed below.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	234 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	235 * Returns -1 if unsuccessful; otherwise returns the number of
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	236 * bytes used out of the source data.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	237 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	238
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	239 /* ASN.1 tag classes. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	240 #define ASN1_CLASS_UNIVERSAL (0 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	241 #define ASN1_CLASS_APPLICATION (1 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	242 #define ASN1_CLASS_CONTEXT_SPECIFIC (2 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	243 #define ASN1_CLASS_PRIVATE (3 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	244 #define ASN1_CLASS_MASK (3 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	245
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	246 /* Primitive versus constructed bit. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	247 #define ASN1_CONSTRUCTED (1 << 5)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	248
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	249 static int ber_read_id_len(void *source, int sourcelen,
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	250 int id, int length, int *flags)
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	251 {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	252 unsigned char p = (unsigned char ) source;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	253
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	254 if (sourcelen == 0)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	255 return -1;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	256
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	257 flags = (p & 0xE0);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	258 if ((*p & 0x1F) == 0x1F) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	259 *id = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	260 while (*p & 0x80) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	261 p++, sourcelen--;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	262 if (sourcelen == 0)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	263 return -1;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	264 id = (id << 7) \| (*p & 0x7F);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	265 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	266 p++, sourcelen--;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	267 } else {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	268 id = p & 0x1F;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	269 p++, sourcelen--;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	270 }
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	271
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	272 if (sourcelen == 0)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	273 return -1;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	274
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	275 if (*p & 0x80) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	276 unsigned len;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	277 int n = *p & 0x7F;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	278 p++, sourcelen--;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	279 if (sourcelen < n)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	280 return -1;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	281 len = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	282 while (n--)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	283 len = (len << 8) \| (*p++);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	284 sourcelen -= n;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	285 *length = toint(len);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	286 } else {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	287 length = p;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	288 p++, sourcelen--;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	289 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	290
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	291 if (*length < 0) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	292 printf("Negative ASN.1 length\n");
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	293 return -1;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	294 }
1307 ad9c40aca3bc add length checks for ecc too Matt Johnston <matt@ucc.asn.au> parents: 1306 diff changeset	295
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	296 return p - (unsigned char *) source;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	297 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	298
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	299 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	300 * Write an ASN.1/BER identifier and length pair. Returns the
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	301 * number of bytes consumed. Assumes dest contains enough space.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	302 * Will avoid writing anything if dest is NULL, but still return
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	303 * amount of space required.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	304 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	305 static int ber_write_id_len(void *dest, int id, int length, int flags)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	306 {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	307 unsigned char d = (unsigned char )dest;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	308 int len = 0;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	309
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	310 if (id <= 30) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	311 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	312 * Identifier is one byte.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	313 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	314 len++;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	315 if (d) *d++ = id \| flags;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	316 } else {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	317 int n;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	318 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	319 * Identifier is multiple bytes: the first byte is 11111
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	320 * plus the flags, and subsequent bytes encode the value of
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	321 * the identifier, 7 bits at a time, with the top bit of
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	322 * each byte 1 except the last one which is 0.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	323 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	324 len++;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	325 if (d) *d++ = 0x1F \| flags;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	326 for (n = 1; (id >> (7*n)) > 0; n++)
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	327 continue; /* count the bytes */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	328 while (n--) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	329 len++;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	330 if (d) d++ = (n ? 0x80 : 0) \| ((id >> (7n)) & 0x7F);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	331 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	332 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	333
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	334 if (length < 128) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	335 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	336 * Length is one byte.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	337 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	338 len++;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	339 if (d) *d++ = length;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	340 } else {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	341 int n;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	342 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	343 * Length is multiple bytes. The first is 0x80 plus the
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	344 * number of subsequent bytes, and the subsequent bytes
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	345 * encode the actual length.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	346 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	347 for (n = 1; (length >> (8*n)) > 0; n++)
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	348 continue; /* count the bytes */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	349 len++;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	350 if (d) *d++ = 0x80 \| n;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	351 while (n--) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	352 len++;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	353 if (d) d++ = (length >> (8n)) & 0xFF;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	354 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	355 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	356
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	357 return len;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	358 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	359
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	360
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	361 /* Simple structure to point to an mp-int within a blob. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	362 struct mpint_pos { void *start; int bytes; };
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	363
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	364 /* ----------------------------------------------------------------------
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	365 * Code to read and write OpenSSH private keys.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	366 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	367
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	368 enum { OSSH_DSA, OSSH_RSA, OSSH_EC, OSSH_PKEY };
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	369 struct openssh_key {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	370 int type;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	371 int encrypted;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	372 char iv[32];
1907 3e0aacf0a4f3 Fix ed25519 dropbear to openssh conversion Matt Johnston <matt@ucc.asn.au> parents: 1754 diff changeset	373 /* keyblob is publickey1 onwards (ref OpenSSH PROTOCOL.key) */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	374 unsigned char *keyblob;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	375 unsigned int keyblob_len, keyblob_size;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	376 };
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	377
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	378 static struct openssh_key load_openssh_key(const char filename)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	379 {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	380 struct openssh_key *ret;
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	381 buffer *buf = NULL;
340 454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 256 diff changeset	382 FILE *fp = NULL;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	383 char buffer[256];
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	384 char errmsg = NULL, p = NULL;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	385 int headers_done;
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	386 unsigned long len;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	387
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	388 ret = (struct openssh_key*)m_malloc(sizeof(struct openssh_key));
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	389 ret->keyblob = NULL;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	390 ret->keyblob_len = ret->keyblob_size = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	391 ret->encrypted = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	392 memset(ret->iv, 0, sizeof(ret->iv));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	393
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	394 if (strlen(filename) == 1 && filename[0] == '-') {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	395 fp = stdin;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	396 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	397 fp = fopen(filename, "r");
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	398 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	399 if (!fp) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	400 errmsg = "Unable to open key file";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	401 goto error;
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	402 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	403 if (!fgets(buffer, sizeof(buffer), fp) \|\|
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	404 0 != strncmp(buffer, "-----BEGIN ", 11) \|\|
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	405 0 != strcmp(buffer+strlen(buffer)-17, "PRIVATE KEY-----\n")) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	406 errmsg = "File does not begin with OpenSSH key header";
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	407 goto error;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	408 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	409 if (!strcmp(buffer, "-----BEGIN RSA PRIVATE KEY-----\n"))
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	410 ret->type = OSSH_RSA;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	411 else if (!strcmp(buffer, "-----BEGIN DSA PRIVATE KEY-----\n"))
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	412 ret->type = OSSH_DSA;
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 491 diff changeset	413 else if (!strcmp(buffer, "-----BEGIN EC PRIVATE KEY-----\n"))
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 491 diff changeset	414 ret->type = OSSH_EC;
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	415 else if (!strcmp(buffer, "-----BEGIN OPENSSH PRIVATE KEY-----\n"))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	416 ret->type = OSSH_PKEY;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	417 else {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	418 errmsg = "Unrecognised key type";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	419 goto error;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	420 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	421
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	422 headers_done = 0;
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	423 buf = buf_new(0);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	424 while (1) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	425 if (!fgets(buffer, sizeof(buffer), fp)) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	426 errmsg = "Unexpected end of file";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	427 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	428 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	429 if (0 == strncmp(buffer, "-----END ", 9) &&
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	430 0 == strcmp(buffer+strlen(buffer)-17, "PRIVATE KEY-----\n"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	431 break; /* done */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	432 if ((p = strchr(buffer, ':')) != NULL) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	433 if (headers_done) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	434 errmsg = "Header found in body of key data";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	435 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	436 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	437 *p++ = '\0';
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	438 while (p && isspace((unsigned char)p)) p++;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	439 if (!strcmp(buffer, "Proc-Type")) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	440 if (p[0] != '4' \|\| p[1] != ',') {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	441 errmsg = "Proc-Type is not 4 (only 4 is supported)";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	442 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	443 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	444 p += 2;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	445 if (!strcmp(p, "ENCRYPTED\n"))
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	446 ret->encrypted = 1;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	447 } else if (!strcmp(buffer, "DEK-Info")) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	448 int i, j;
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	449
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	450 if (strncmp(p, "DES-EDE3-CBC,", 13)) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	451 errmsg = "Ciphers other than DES-EDE3-CBC not supported";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	452 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	453 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	454 p += 13;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	455 for (i = 0; i < 8; i++) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	456 if (1 != sscanf(p, "%2x", &j))
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	457 break;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	458 ret->iv[i] = j;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	459 p += 2;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	460 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	461 if (i < 8) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	462 errmsg = "Expected 16-digit iv in DEK-Info";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	463 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	464 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	465 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	466 } else {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	467 headers_done = 1;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	468 len = strlen(buffer);
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	469 buf = buf_resize(buf, buf->size + len);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	470 buf_putbytes(buf, buffer, len);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	471 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	472 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	473
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	474 if (buf && buf->len) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	475 ret->keyblob_size = ret->keyblob_len + buf->len*4/3 + 256;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	476 ret->keyblob = (unsigned char*)m_realloc(ret->keyblob, ret->keyblob_size);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	477 len = ret->keyblob_size;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	478 if (base64_decode((const unsigned char *)buf->data, buf->len,
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	479 ret->keyblob, &len) != CRYPT_OK){
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	480 errmsg = "Error decoding base64";
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	481 goto error;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	482 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	483 ret->keyblob_len = len;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	484 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	485
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	486 if (ret->type == OSSH_PKEY) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	487 if (ret->keyblob_len < OSSH_PKEY_BLOBLEN \|\|
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	488 memcmp(ret->keyblob, OSSH_PKEY_BLOB, OSSH_PKEY_BLOBLEN)) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	489 errmsg = "Error decoding OpenSSH key";
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	490 goto error;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	491 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	492 ret->keyblob_len -= OSSH_PKEY_BLOBLEN;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	493 memmove(ret->keyblob, ret->keyblob + OSSH_PKEY_BLOBLEN, ret->keyblob_len);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	494 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	495
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	496 if (ret->keyblob_len == 0 \|\| !ret->keyblob) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	497 errmsg = "Key body not present";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	498 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	499 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	500
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	501 if (ret->encrypted && ret->keyblob_len % 8 != 0) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	502 errmsg = "Encrypted key blob is not a multiple of cipher block size";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	503 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	504 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	505
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	506 if (buf) {
1912 8b4274d34fe8 Use buf_burn_free() instead of two calls Matt Johnston <matt@ucc.asn.au> parents: 1911 diff changeset	507 buf_burn_free(buf);
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	508 }
1045 31727a8abd4b Use m_burn rather than memset Thorsten Horstmann <thorsten.horstmann@web.de> parents: 1038 diff changeset	509 m_burn(buffer, sizeof(buffer));
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	510 return ret;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	511
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	512 error:
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	513 if (buf) {
1912 8b4274d34fe8 Use buf_burn_free() instead of two calls Matt Johnston <matt@ucc.asn.au> parents: 1911 diff changeset	514 buf_burn_free(buf);
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	515 }
1045 31727a8abd4b Use m_burn rather than memset Thorsten Horstmann <thorsten.horstmann@web.de> parents: 1038 diff changeset	516 m_burn(buffer, sizeof(buffer));
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	517 if (ret) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	518 if (ret->keyblob) {
1045 31727a8abd4b Use m_burn rather than memset Thorsten Horstmann <thorsten.horstmann@web.de> parents: 1038 diff changeset	519 m_burn(ret->keyblob, ret->keyblob_size);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	520 m_free(ret->keyblob);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	521 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	522 m_free(ret);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	523 }
340 454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 256 diff changeset	524 if (fp) {
454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 256 diff changeset	525 fclose(fp);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	526 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	527 if (errmsg) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	528 fprintf(stderr, "Error: %s\n", errmsg);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	529 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	530 return NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	531 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	532
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	533 static int openssh_encrypted(const char *filename)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	534 {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	535 struct openssh_key *key = load_openssh_key(filename);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	536 int ret;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	537
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	538 if (!key)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	539 return 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	540 ret = key->encrypted;
1045 31727a8abd4b Use m_burn rather than memset Thorsten Horstmann <thorsten.horstmann@web.de> parents: 1038 diff changeset	541 m_burn(key->keyblob, key->keyblob_size);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	542 m_free(key->keyblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	543 m_free(key);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	544 return ret;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	545 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	546
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1395 diff changeset	547 static sign_key openssh_read(const char filename, const char * UNUSED(passphrase))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	548 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	549 struct openssh_key *key;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	550 unsigned char *p;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	551 int ret, id, len, flags;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	552 int i, num_integers = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	553 sign_key *retval = NULL;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	554 char *errmsg;
1119 845922d73e9c Turn modptr local variable into unsigned char * Gaël PORTAY <gael.portay@gmail.com> parents: 1094 diff changeset	555 unsigned char *modptr = NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	556 int modlen = -9999;
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 845 diff changeset	557 enum signkey_type type;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	558
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	559 sign_key *retkey;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	560 buffer * blobbuf = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	561
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	562 retkey = new_sign_key();
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	563
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	564 key = load_openssh_key(filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	565
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	566 if (!key)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	567 return NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	568
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	569 if (key->encrypted) {
1908 eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	570 errmsg = "Encrypted keys are not supported. Please convert with ssh-keygen first";
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	571 goto error;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	572 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	573
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	574 /*
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	575 * Now we have a decrypted key blob, which contains OpenSSH
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	576 * encoded private key. We must now untangle the OpenSSH format.
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	577 */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	578 if (key->type == OSSH_PKEY) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	579 blobbuf = buf_new(key->keyblob_len);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	580 buf_putbytes(blobbuf, key->keyblob, key->keyblob_len);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	581 buf_setpos(blobbuf, 0);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	582
1907 3e0aacf0a4f3 Fix ed25519 dropbear to openssh conversion Matt Johnston <matt@ucc.asn.au> parents: 1754 diff changeset	583 /* limit length of public key blob */
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	584 len = buf_getint(blobbuf);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	585
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	586 type = DROPBEAR_SIGNKEY_ANY;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	587 if (buf_get_pub_key(blobbuf, retkey, &type)
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	588 != DROPBEAR_SUCCESS) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	589 errmsg = "Error parsing OpenSSH key";
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	590 goto ossh_error;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	591 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	592
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	593 /* restore full length */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	594 buf_setlen(blobbuf, key->keyblob_len);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	595
1907 3e0aacf0a4f3 Fix ed25519 dropbear to openssh conversion Matt Johnston <matt@ucc.asn.au> parents: 1754 diff changeset	596 /* length of private key part. we can discard it */
3e0aacf0a4f3 Fix ed25519 dropbear to openssh conversion Matt Johnston <matt@ucc.asn.au> parents: 1754 diff changeset	597 buf_getint(blobbuf);
3e0aacf0a4f3 Fix ed25519 dropbear to openssh conversion Matt Johnston <matt@ucc.asn.au> parents: 1754 diff changeset	598
3e0aacf0a4f3 Fix ed25519 dropbear to openssh conversion Matt Johnston <matt@ucc.asn.au> parents: 1754 diff changeset	599 /* discard checkkey1 */
3e0aacf0a4f3 Fix ed25519 dropbear to openssh conversion Matt Johnston <matt@ucc.asn.au> parents: 1754 diff changeset	600 buf_getint(blobbuf);
3e0aacf0a4f3 Fix ed25519 dropbear to openssh conversion Matt Johnston <matt@ucc.asn.au> parents: 1754 diff changeset	601 /* discard checkkey2 */
3e0aacf0a4f3 Fix ed25519 dropbear to openssh conversion Matt Johnston <matt@ucc.asn.au> parents: 1754 diff changeset	602 buf_getint(blobbuf);
3e0aacf0a4f3 Fix ed25519 dropbear to openssh conversion Matt Johnston <matt@ucc.asn.au> parents: 1754 diff changeset	603
1913 38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	604 errmsg = "Unsupported OpenSSH key type";
38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	605 retkey->type = type;
38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	606 ret = DROPBEAR_FAILURE;
38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	607 /* Parse private key part */
1908 eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	608 #if DROPBEAR_RSA
1913 38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	609 if (type == DROPBEAR_SIGNKEY_RSA) {
38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	610 errmsg = "Error parsing OpenSSH RSA key";
38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	611 ret = buf_get_rsa_priv_ossh(blobbuf, retkey);
38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	612 }
1908 eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	613 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	614 #if DROPBEAR_ED25519
1913 38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	615 if (type == DROPBEAR_SIGNKEY_ED25519) {
38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	616 errmsg = "Error parsing OpenSSH ed25519 key";
38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	617 ret = buf_get_ed25519_priv_ossh(blobbuf, retkey);
38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	618 }
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	619 #endif
1911 ced53051e200 Add ecdsa OpenSSH format for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1908 diff changeset	620 #if DROPBEAR_ECDSA
1913 38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	621 if (signkey_is_ecdsa(type)) {
38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	622 errmsg = "Error parsing OpenSSH ecdsa key";
38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	623 ret = buf_get_ecdsa_priv_ossh(blobbuf, retkey);
38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	624 }
1911 ced53051e200 Add ecdsa OpenSSH format for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1908 diff changeset	625 #endif
1913 38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	626 if (ret == DROPBEAR_SUCCESS) {
38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	627 errmsg = NULL;
38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	628 retval = retkey;
38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	629 goto error;
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	630 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	631
1913 38c6fd7d7a82 Fix dropbearconvert ecdsa parsing error typo Matt Johnston <matt@ucc.asn.au> parents: 1912 diff changeset	632 ossh_error:
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	633 sign_key_free(retkey);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	634 retkey = NULL;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	635 goto error;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	636 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	637
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	638 /*
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	639 * Now we have a decrypted key blob, which contains an ASN.1
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	640 * encoded private key. We must now untangle the ASN.1.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	641 *
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	642 * We expect the whole key blob to be formatted as a SEQUENCE
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	643 * (0x30 followed by a length code indicating that the rest of
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	644 * the blob is part of the sequence). Within that SEQUENCE we
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	645 * expect to see a bunch of INTEGERs. What those integers mean
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	646 * depends on the key type:
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	647 *
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	648 * - For RSA, we expect the integers to be 0, n, e, d, p, q,
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	649 * dmp1, dmq1, iqmp in that order. (The last three are d mod
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	650 * (p-1), d mod (q-1), inverse of q mod p respectively.)
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	651 *
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	652 * - For DSA, we expect them to be 0, p, q, g, y, x in that
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	653 * order.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	654 */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	655
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	656 p = key->keyblob;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	657
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	658 /* Expect the SEQUENCE header. Take its absence as a failure to decrypt. */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	659 ret = ber_read_id_len(p, key->keyblob_len, &id, &len, &flags);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	660 p += ret;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	661 if (ret < 0 \|\| id != 16 \|\| len < 0 \|\|
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	662 key->keyblob+key->keyblob_len-p < len) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	663 errmsg = "ASN.1 decoding failure";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	664 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	665 }
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	666
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	667 /* Expect a load of INTEGERs. */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	668 if (key->type == OSSH_RSA)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	669 num_integers = 9;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	670 else if (key->type == OSSH_DSA)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	671 num_integers = 6;
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	672 else if (key->type == OSSH_EC)
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	673 num_integers = 1;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	674
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	675 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	676 * Space to create key blob in.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	677 */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	678 blobbuf = buf_new(3000);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	679
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	680 #if DROPBEAR_DSS
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	681 if (key->type == OSSH_DSA) {
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1119 diff changeset	682 buf_putstring(blobbuf, "ssh-dss", 7);
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	683 retkey->type = DROPBEAR_SIGNKEY_DSS;
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	684 }
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	685 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	686 #if DROPBEAR_RSA
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	687 if (key->type == OSSH_RSA) {
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1119 diff changeset	688 buf_putstring(blobbuf, "ssh-rsa", 7);
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	689 retkey->type = DROPBEAR_SIGNKEY_RSA;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	690 }
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	691 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	692
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	693 for (i = 0; i < num_integers; i++) {
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	694 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	695 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	696 p += ret;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	697 if (ret < 0 \|\| id != 2 \|\| len < 0 \|\|
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	698 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	699 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	700 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	701 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	702
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	703 if (i == 0) {
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	704 /* First integer is a version indicator */
991 4f65c867fc99 Fix variables may be uninitialized. Like Ma <likemartinma@gmail.com> parents: 935 diff changeset	705 int expected = -1;
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	706 switch (key->type) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	707 case OSSH_RSA:
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	708 case OSSH_DSA:
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	709 expected = 0;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	710 break;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	711 case OSSH_EC:
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	712 expected = 1;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	713 break;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	714 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	715 if (len != 1 \|\| p[0] != expected) {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	716 errmsg = "Version number mismatch";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	717 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	718 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	719 } else if (key->type == OSSH_RSA) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	720 /*
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	721 * OpenSSH key order is n, e, d, p, q, dmp1, dmq1, iqmp
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	722 * but we want e, n, d, p, q
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	723 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	724 if (i == 1) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	725 /* Save the details for after we deal with number 2. */
1119 845922d73e9c Turn modptr local variable into unsigned char * Gaël PORTAY <gael.portay@gmail.com> parents: 1094 diff changeset	726 modptr = p;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	727 modlen = len;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	728 } else if (i >= 2 && i <= 5) {
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1119 diff changeset	729 buf_putstring(blobbuf, (const char*)p, len);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	730 if (i == 2) {
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1119 diff changeset	731 buf_putstring(blobbuf, (const char*)modptr, modlen);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	732 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	733 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	734 } else if (key->type == OSSH_DSA) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	735 /*
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	736 * OpenSSH key order is p, q, g, y, x,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	737 * we want the same.
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	738 */
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1119 diff changeset	739 buf_putstring(blobbuf, (const char*)p, len);
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	740 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	741
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	742 /* Skip past the number. */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	743 p += len;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	744 }
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	745
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	746 #if DROPBEAR_ECDSA
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	747 if (key->type == OSSH_EC) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	748 unsigned char* private_key_bytes = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	749 int private_key_len = 0;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	750 unsigned char* public_key_bytes = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	751 int public_key_len = 0;
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 806 diff changeset	752 ecc_key *ecc = NULL;
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	753 const struct dropbear_ecc_curve *curve = NULL;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	754
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	755 /* See SEC1 v2, Appendix C.4 */
c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	756 /* OpenSSL (so OpenSSH) seems to include the optional parts. */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	757
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	758 /* privateKey OCTET STRING, */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	759 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	760 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	761 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	762 /* id==4 for octet string */
1395 77c0d57a4410 fix indentation Francois Perrad <francois.perrad@gadz.org> parents: 1316 diff changeset	763 if (ret < 0 \|\| id != 4 \|\| len < 0 \|\|
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	764 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	765 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	766 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	767 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	768 private_key_bytes = p;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	769 private_key_len = len;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	770 p += len;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	771
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	772 /* parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL, */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	773 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	774 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	775 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	776 /* id==0 */
1395 77c0d57a4410 fix indentation Francois Perrad <francois.perrad@gadz.org> parents: 1316 diff changeset	777 if (ret < 0 \|\| id != 0 \|\| len < 0) {
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	778 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	779 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	780 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	781
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	782 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	783 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	784 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	785 /* id==6 for object */
1395 77c0d57a4410 fix indentation Francois Perrad <francois.perrad@gadz.org> parents: 1316 diff changeset	786 if (ret < 0 \|\| id != 6 \|\| len < 0 \|\|
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	787 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	788 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	789 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	790 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	791
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	792 if (0) {}
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	793 #if DROPBEAR_ECC_256
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	794 else if (len == sizeof(OID_SEC256R1_BLOB)
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	795 && memcmp(p, OID_SEC256R1_BLOB, len) == 0) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	796 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP256;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	797 curve = &ecc_curve_nistp256;
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	798 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	799 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	800 #if DROPBEAR_ECC_384
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	801 else if (len == sizeof(OID_SEC384R1_BLOB)
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	802 && memcmp(p, OID_SEC384R1_BLOB, len) == 0) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	803 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP384;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	804 curve = &ecc_curve_nistp384;
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	805 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	806 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	807 #if DROPBEAR_ECC_521
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	808 else if (len == sizeof(OID_SEC521R1_BLOB)
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	809 && memcmp(p, OID_SEC521R1_BLOB, len) == 0) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	810 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP521;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	811 curve = &ecc_curve_nistp521;
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	812 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	813 #endif
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	814 else {
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	815 errmsg = "Unknown ECC key type";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	816 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	817 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	818 p += len;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	819
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	820 /* publicKey [1] BIT STRING OPTIONAL */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	821 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	822 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	823 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	824 /* id==1 */
1395 77c0d57a4410 fix indentation Francois Perrad <francois.perrad@gadz.org> parents: 1316 diff changeset	825 if (ret < 0 \|\| id != 1 \|\| len < 0) {
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	826 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	827 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	828 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	829
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	830 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	831 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	832 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	833 /* id==3 for bit string */
1395 77c0d57a4410 fix indentation Francois Perrad <francois.perrad@gadz.org> parents: 1316 diff changeset	834 if (ret < 0 \|\| id != 3 \|\| len < 0 \|\|
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	835 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	836 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	837 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	838 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	839 public_key_bytes = p+1;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	840 public_key_len = len-1;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	841 p += len;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	842
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	843 buf_putbytes(blobbuf, public_key_bytes, public_key_len);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	844 ecc = buf_get_ecc_raw_pubkey(blobbuf, curve);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	845 if (!ecc) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	846 errmsg = "Error parsing ECC key";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	847 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	848 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	849 m_mp_alloc_init_multi((mp_int**)&ecc->k, NULL);
1692 1051e4eea25a Update LibTomMath to 1.2.0 (#84) Steffen Jaeckel <s@jaeckel.eu> parents: 1674 diff changeset	850 if (mp_from_ubin(ecc->k, private_key_bytes, private_key_len)
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	851 != MP_OKAY) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	852 errmsg = "Error parsing ECC key";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	853 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	854 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	855
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	856 *signkey_key_ptr(retkey, retkey->type) = ecc;
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	857 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	858 #endif /* DROPBEAR_ECDSA */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	859
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	860 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	861 * Now put together the actual key. Simplest way to do this is
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	862 * to assemble our own key blobs and feed them to the createkey
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	863 * functions; this is a bit faffy but it does mean we get all
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	864 * the sanity checks for free.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	865 */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	866 if (key->type == OSSH_RSA \|\| key->type == OSSH_DSA) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	867 buf_setpos(blobbuf, 0);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	868 type = DROPBEAR_SIGNKEY_ANY;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	869 if (buf_get_priv_key(blobbuf, retkey, &type)
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	870 != DROPBEAR_SUCCESS) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	871 errmsg = "unable to create key structure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	872 sign_key_free(retkey);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	873 retkey = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	874 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	875 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	876 }
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	877
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	878 errmsg = NULL; /* no error */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	879 retval = retkey;
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	880
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	881 error:
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	882 if (blobbuf) {
1912 8b4274d34fe8 Use buf_burn_free() instead of two calls Matt Johnston <matt@ucc.asn.au> parents: 1911 diff changeset	883 buf_burn_free(blobbuf);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	884 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	885 m_burn(key->keyblob, key->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	886 m_free(key->keyblob);
1002 97d1e54941fd When clearing the memory of 'key' in function openssh_read(), only the size Christian Engelmayer <cengelma@gmx.at> parents: 991 diff changeset	887 m_burn(key, sizeof(*key));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	888 m_free(key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	889 if (errmsg) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	890 fprintf(stderr, "Error: %s\n", errmsg);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	891 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	892 return retval;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	893 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	894
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	895 static int openssh_write(const char filename, sign_key key,
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1395 diff changeset	896 const char *passphrase)
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	897 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	898 buffer * keyblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	899 buffer * extrablob = NULL; /* used for calculated values to write */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	900 unsigned char *outblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	901 int outlen = -9999;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	902 struct mpint_pos numbers[9];
991 4f65c867fc99 Fix variables may be uninitialized. Like Ma <likemartinma@gmail.com> parents: 935 diff changeset	903 int nnumbers = -1, pos = 0, len = 0, seqlen, i;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	904 char header = NULL, footer = NULL;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	905 char zero[1];
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	906 int ret = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	907 FILE *fp;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	908
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	909 #if DROPBEAR_DSS
1911 ced53051e200 Add ecdsa OpenSSH format for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1908 diff changeset	910 if (key->type == DROPBEAR_SIGNKEY_DSS) {
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	911 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	912 * Fetch the key blobs.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	913 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	914 keyblob = buf_new(3000);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	915 buf_put_priv_key(keyblob, key, key->type);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	916
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	917 buf_setpos(keyblob, 0);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	918 /* skip the "ssh-rsa" or "ssh-dss" header */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	919 buf_incrpos(keyblob, buf_getint(keyblob));
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	920
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	921 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	922 * Find the sequence of integers to be encoded into the OpenSSH
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	923 * key blob, and also decide on the header line.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	924 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	925 numbers[0].start = zero; numbers[0].bytes = 1; zero[0] = '\0';
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	926
1499 2d450c1056e3 options: Complete the transition to numeric toggles (`#if') Michael Witten <mfwitten@gmail.com> parents: 1459 diff changeset	927 #if DROPBEAR_DSS
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	928 if (key->type == DROPBEAR_SIGNKEY_DSS) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	929
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	930 /* p */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	931 numbers[1].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	932 numbers[1].start = buf_getptr(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	933 buf_incrpos(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	934
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	935 /* q */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	936 numbers[2].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	937 numbers[2].start = buf_getptr(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	938 buf_incrpos(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	939
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	940 /* g */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	941 numbers[3].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	942 numbers[3].start = buf_getptr(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	943 buf_incrpos(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	944
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	945 /* y */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	946 numbers[4].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	947 numbers[4].start = buf_getptr(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	948 buf_incrpos(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	949
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	950 /* x */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	951 numbers[5].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	952 numbers[5].start = buf_getptr(keyblob, numbers[5].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	953 buf_incrpos(keyblob, numbers[5].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	954
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	955 nnumbers = 6;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	956 header = "-----BEGIN DSA PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	957 footer = "-----END DSA PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	958 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	959 #endif /* DROPBEAR_DSS */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	960
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	961 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	962 * Now count up the total size of the ASN.1 encoded integers,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	963 * so as to determine the length of the containing SEQUENCE.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	964 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	965 len = 0;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	966 for (i = 0; i < nnumbers; i++) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	967 len += ber_write_id_len(NULL, 2, numbers[i].bytes, 0);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	968 len += numbers[i].bytes;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	969 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	970 seqlen = len;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	971 /* Now add on the SEQUENCE header. */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	972 len += ber_write_id_len(NULL, 16, seqlen, ASN1_CONSTRUCTED);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	973 /* Round up to the cipher block size, ensuring we have at least one
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	974 * byte of padding (see below). */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	975 outlen = len;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	976 if (passphrase)
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	977 outlen = (outlen+8) &~ 7;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	978
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	979 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	980 * Now we know how big outblob needs to be. Allocate it.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	981 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	982 outblob = (unsigned char*)m_malloc(outlen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	983
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	984 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	985 * And write the data into it.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	986 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	987 pos = 0;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	988 pos += ber_write_id_len(outblob+pos, 16, seqlen, ASN1_CONSTRUCTED);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	989 for (i = 0; i < nnumbers; i++) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	990 pos += ber_write_id_len(outblob+pos, 2, numbers[i].bytes, 0);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	991 memcpy(outblob+pos, numbers[i].start, numbers[i].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	992 pos += numbers[i].bytes;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	993 }
1908 eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	994 } /* end DSS handling */
1911 ced53051e200 Add ecdsa OpenSSH format for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1908 diff changeset	995 #endif /* DROPBEAR_DSS */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	996
1908 eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	997 if (0
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	998 #if DROPBEAR_RSA
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	999 \|\| key->type == DROPBEAR_SIGNKEY_RSA
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	1000 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1001 #if DROPBEAR_ED25519
1908 eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	1002 \|\| key->type == DROPBEAR_SIGNKEY_ED25519
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	1003 #endif
1911 ced53051e200 Add ecdsa OpenSSH format for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1908 diff changeset	1004 #if DROPBEAR_ECDSA
ced53051e200 Add ecdsa OpenSSH format for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1908 diff changeset	1005 \|\| signkey_is_ecdsa(key->type)
ced53051e200 Add ecdsa OpenSSH format for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1908 diff changeset	1006 #endif
1908 eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	1007 ) {
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	1008 buffer *buf = buf_new(3200);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	1009 keyblob = buf_new(3000);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	1010 extrablob = buf_new(3100);
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1011
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1012 /* private key blob w/o header */
1908 eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	1013 #if DROPBEAR_RSA
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	1014 if (key->type == DROPBEAR_SIGNKEY_RSA) {
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	1015 buf_put_rsa_priv_ossh(keyblob, key);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	1016 }
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	1017 #endif
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	1018 #if DROPBEAR_ED25519
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	1019 if (key->type == DROPBEAR_SIGNKEY_ED25519) {
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	1020 buf_put_ed25519_priv_ossh(keyblob, key);
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	1021 }
eadd023fde4d Support RSA OpenSSH new format in dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1907 diff changeset	1022 #endif
1911 ced53051e200 Add ecdsa OpenSSH format for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1908 diff changeset	1023 #if DROPBEAR_ECDSA
ced53051e200 Add ecdsa OpenSSH format for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1908 diff changeset	1024 if (signkey_is_ecdsa(key->type)) {
ced53051e200 Add ecdsa OpenSSH format for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1908 diff changeset	1025 buf_put_ecdsa_priv_ossh(keyblob, key);
ced53051e200 Add ecdsa OpenSSH format for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1908 diff changeset	1026 }
ced53051e200 Add ecdsa OpenSSH format for dropbearconvert Matt Johnston <matt@ucc.asn.au> parents: 1908 diff changeset	1027 #endif
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1028
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1029 /* header */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1030 buf_putbytes(buf, OSSH_PKEY_BLOB, OSSH_PKEY_BLOBLEN);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1031
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1032 /* public key */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1033 buf_put_pub_key(buf, key, key->type);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1034
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1035 /* private key */
1907 3e0aacf0a4f3 Fix ed25519 dropbear to openssh conversion Matt Johnston <matt@ucc.asn.au> parents: 1754 diff changeset	1036 buf_putint(extrablob, 0); /* checkint 1 */
3e0aacf0a4f3 Fix ed25519 dropbear to openssh conversion Matt Johnston <matt@ucc.asn.au> parents: 1754 diff changeset	1037 buf_putint(extrablob, 0); /* checkint 2 */
3e0aacf0a4f3 Fix ed25519 dropbear to openssh conversion Matt Johnston <matt@ucc.asn.au> parents: 1754 diff changeset	1038 /* raw openssh private key */
3e0aacf0a4f3 Fix ed25519 dropbear to openssh conversion Matt Johnston <matt@ucc.asn.au> parents: 1754 diff changeset	1039 buf_putbytes(extrablob, keyblob->data, keyblob->len);
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1040 /* comment */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1041 buf_putstring(extrablob, "", 0);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1042 /* padding to cipher block length */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1043 len = (extrablob->len+8) & ~7;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1044 for (i = 1; len - extrablob->len > 0; i++)
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1045 buf_putbyte(extrablob, i);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1046 buf_setpos(extrablob, 0);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1047 buf_putbytes(extrablob, "\0\0\0\0\0\0\0\0", 8);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1048 buf_putbufstring(buf, extrablob);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1049
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1050 outlen = len = pos = buf->len;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1051 outblob = (unsigned char*)m_malloc(outlen);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1052 memcpy(outblob, buf->data, buf->len);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1053
1912 8b4274d34fe8 Use buf_burn_free() instead of two calls Matt Johnston <matt@ucc.asn.au> parents: 1911 diff changeset	1054 buf_burn_free(buf);
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1055 buf = NULL;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1056
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1057 header = "-----BEGIN OPENSSH PRIVATE KEY-----\n";
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1058 footer = "-----END OPENSSH PRIVATE KEY-----\n";
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1059 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1060
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1061 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1062 * Padding on OpenSSH keys is deterministic. The number of
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1063 * padding bytes is always more than zero, and always at most
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1064 * the cipher block length. The value of each padding byte is
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1065 * equal to the number of padding bytes. So a plaintext that's
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1066 * an exact multiple of the block size will be padded with 08
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1067 * 08 08 08 08 08 08 08 (assuming a 64-bit block cipher); a
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1068 * plaintext one byte less than a multiple of the block size
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1069 * will be padded with just 01.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1070 *
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1071 * This enables the OpenSSL key decryption function to strip
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1072 * off the padding algorithmically and return the unpadded
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1073 * plaintext to the next layer: it looks at the final byte, and
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1074 * then expects to find that many bytes at the end of the data
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1075 * with the same value. Those are all removed and the rest is
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1076 * returned.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1077 */
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1078 dropbear_assert(pos == len);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1079 while (pos < outlen) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1080 outblob[pos++] = outlen - len;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1081 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1082
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1083 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1084 * Encrypt the key.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1085 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1086 if (passphrase) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1087 fprintf(stderr, "Encrypted keys aren't supported currently\n");
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1088 goto error;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1089 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1090
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1091 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1092 * And save it. We'll use Unix line endings just in case it's
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1093 * subsequently transferred in binary mode.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1094 */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1095 if (strlen(filename) == 1 && filename[0] == '-') {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1096 fp = stdout;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1097 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1098 fp = fopen(filename, "wb"); /* ensure Unix line endings */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1099 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1100 if (!fp) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1101 fprintf(stderr, "Failed opening output file\n");
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1102 goto error;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1103 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1104 fputs(header, fp);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1105 base64_encode_fp(fp, outblob, outlen, 64);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1106 fputs(footer, fp);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1107 fclose(fp);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1108 ret = 1;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1109
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1110 error:
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1111 if (outblob) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1112 memset(outblob, 0, outlen);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1113 m_free(outblob);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1114 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1115 if (keyblob) {
1912 8b4274d34fe8 Use buf_burn_free() instead of two calls Matt Johnston <matt@ucc.asn.au> parents: 1911 diff changeset	1116 buf_burn_free(keyblob);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1117 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1118 if (extrablob) {
1912 8b4274d34fe8 Use buf_burn_free() instead of two calls Matt Johnston <matt@ucc.asn.au> parents: 1911 diff changeset	1119 buf_burn_free(extrablob);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1120 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1121 return ret;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1122 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1123
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	1124 /* From PuTTY misc.c */
34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	1125 static int toint(unsigned u)
34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	1126 {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1127 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1128 * Convert an unsigned to an int, without running into the
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1129 * undefined behaviour which happens by the strict C standard if
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1130 * the value overflows. You'd hope that sensible compilers would
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1131 * do the sensible thing in response to a cast, but actually I
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1132 * don't trust modern compilers not to do silly things like
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1133 * assuming that _obviously_ you wouldn't have caused an overflow
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1134 * and so they can elide an 'if (i < 0)' test immediately after
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1135 * the cast.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1136 *
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1137 * Sensible compilers ought of course to optimise this entire
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1138 * function into 'just return the input value'!
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1139 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1140 if (u <= (unsigned)INT_MAX)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1141 return (int)u;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1142 else if (u >= (unsigned)INT_MIN) /* wrap in cast _to_ unsigned is OK */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1143 return INT_MIN + (int)(u - (unsigned)INT_MIN);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1144 else
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1145 return INT_MIN; /* fallback; should never occur on binary machines */
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	1146 }

Mercurial > dropbear

annotate keyimport.c @ 1930:299f4f19ba19