dropbear: keyimport.c annotate

annotate keyimport.c @ 1790:42745af83b7d

Introduce extra delay before closing unauthenticated sessions To make it harder for attackers, introduce a delay to keep an unauthenticated session open a bit longer, thus blocking a connection slot until after the delay. Without this, while there is a limit on the amount of attempts an attacker can make at the same time (MAX_UNAUTH_PER_IP), the time taken by dropbear to handle one attempt is still short and thus for each of the allowed parallel attempts many attempts can be chained one after the other. The attempt rate is then: "MAX_UNAUTH_PER_IP / <process time of one attempt>". With the delay, this rate becomes: "MAX_UNAUTH_PER_IP / UNAUTH_CLOSE_DELAY".

author	Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
date	Wed, 15 Feb 2017 13:53:04 +0100
parents	064f5be2fc45
children	3e0aacf0a4f3

rev	line source
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 * Based on PuTTY's import.c for importing/exporting OpenSSH and SSH.com
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 * keyfiles.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5 * Modifications copyright 2003 Matt Johnston
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7 * PuTTY is copyright 1997-2003 Simon Tatham.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 * Portions copyright Robert de Bath, Joris van Rantwijk, Delian
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 * Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 * Justin Bradford, and CORE SDI S.A.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 * Permission is hereby granted, free of charge, to any person
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 * obtaining a copy of this software and associated documentation files
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 * (the "Software"), to deal in the Software without restriction,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 * including without limitation the rights to use, copy, modify, merge,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 * publish, distribute, sublicense, and/or sell copies of the Software,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 * and to permit persons to whom the Software is furnished to do so,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 * subject to the following conditions:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 * The above copyright notice and this permission notice shall be
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 * included in all copies or substantial portions of the Software.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 * NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28 * FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29 * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	30 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	31 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	32
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	33 #include "keyimport.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	34 #include "bignum.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	35 #include "buffer.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	36 #include "dbutil.h"
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	37 #include "ecc.h"
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	38 #include "ssh.h"
1674 ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	39 #include "rsa.h"
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	40 #include "dss.h"
ba6fc7afe1c5 use sigtype where appropriate Matt Johnston <matt@ucc.asn.au> parents: 1659 diff changeset	41 #include "ed25519.h"
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	42
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	43 static const unsigned char OSSH_PKEY_BLOB[] =
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	44 "openssh-key-v1\0" /* AUTH_MAGIC */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	45 "\0\0\0\4none" /* cipher name*/
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	46 "\0\0\0\4none" /* kdf name */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	47 "\0\0\0\0" /* kdf */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	48 "\0\0\0\1"; /* key num */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	49 #define OSSH_PKEY_BLOBLEN (sizeof(OSSH_PKEY_BLOB) - 1)
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	50
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	51 #if DROPBEAR_ECDSA
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	52 static const unsigned char OID_SEC256R1_BLOB[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07};
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	53 static const unsigned char OID_SEC384R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x22};
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	54 static const unsigned char OID_SEC521R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x23};
1294 56aba7dedbea options for disabling "normal" DH Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	55 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57 #define PUT_32BIT(cp, value) do { \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	58 (cp)[3] = (unsigned char)(value); \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	59 (cp)[2] = (unsigned char)((value) >> 8); \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	60 (cp)[1] = (unsigned char)((value) >> 16); \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	61 (cp)[0] = (unsigned char)((value) >> 24); } while (0)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	62
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	63 #define GET_32BIT(cp) \
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	64 (((unsigned long)(unsigned char)(cp)[0] << 24) \| \
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	65 ((unsigned long)(unsigned char)(cp)[1] << 16) \| \
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	66 ((unsigned long)(unsigned char)(cp)[2] << 8) \| \
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	67 ((unsigned long)(unsigned char)(cp)[3]))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	68
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	69 static int openssh_encrypted(const char *filename);
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1395 diff changeset	70 static sign_key openssh_read(const char filename, const char *passphrase);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	71 static int openssh_write(const char filename, sign_key key,
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1395 diff changeset	72 const char *passphrase);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	73
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	74 static int dropbear_write(const charfilename, sign_key key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	75 static sign_key dropbear_read(const char filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	76
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	77 static int toint(unsigned u);
34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	78
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	79 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	80 static int sshcom_encrypted(const char filename, char *comment);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	81 static struct ssh2_userkey sshcom_read(const char filename, char *passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	82 static int sshcom_write(const char filename, struct ssh2_userkey key,
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	83 char *passphrase);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	84 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	85
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	86 int import_encrypted(const char* filename, int filetype) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	87
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	88 if (filetype == KEYFILE_OPENSSH) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	89 return openssh_encrypted(filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	90 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	91 } else if (filetype == KEYFILE_SSHCOM) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	92 return sshcom_encrypted(filename, NULL);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	93 #endif
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	94 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	95 return 0;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	96 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	97
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1395 diff changeset	98 sign_key import_read(const char filename, const char *passphrase, int filetype) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	99
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	100 if (filetype == KEYFILE_OPENSSH) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	101 return openssh_read(filename, passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	102 } else if (filetype == KEYFILE_DROPBEAR) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	103 return dropbear_read(filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	104 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	105 } else if (filetype == KEYFILE_SSHCOM) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	106 return sshcom_read(filename, passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	107 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	108 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	109 return NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	110 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	111
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1395 diff changeset	112 int import_write(const char filename, sign_key key, const char *passphrase,
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	113 int filetype) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	114
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	115 if (filetype == KEYFILE_OPENSSH) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	116 return openssh_write(filename, key, passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	117 } else if (filetype == KEYFILE_DROPBEAR) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	118 return dropbear_write(filename, key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	119 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	120 } else if (filetype == KEYFILE_SSHCOM) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	121 return sshcom_write(filename, key, passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	122 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	123 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	124 return 0;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	125 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	126
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	127 static sign_key dropbear_read(const char filename) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	128
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	129 buffer * buf = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	130 sign_key *ret = NULL;
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 845 diff changeset	131 enum signkey_type type;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	132
73 0bf5cebe622c Dropbearkey can now print out pubkey portions Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	133 buf = buf_new(MAX_PRIVKEY_SIZE);
0bf5cebe622c Dropbearkey can now print out pubkey portions Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	134 if (buf_readfile(buf, filename) == DROPBEAR_FAILURE) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	135 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	136 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	137
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	138 buf_setpos(buf, 0);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	139 ret = new_sign_key();
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	140
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	141 type = DROPBEAR_SIGNKEY_ANY;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	142 if (buf_get_priv_key(buf, ret, &type) == DROPBEAR_FAILURE){
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	143 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	144 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	145 buf_free(buf);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	146
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	147 ret->type = type;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	148
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	149 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	150
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	151 error:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	152 if (buf) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	153 buf_free(buf);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	154 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	155 if (ret) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	156 sign_key_free(ret);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	157 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	158 return NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	159 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	160
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	161 /* returns 0 on fail, 1 on success */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	162 static int dropbear_write(const charfilename, sign_key key) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	163
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	164 buffer * buf;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	165 FILE*fp;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	166 int len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	167 int ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	168
73 0bf5cebe622c Dropbearkey can now print out pubkey portions Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	169 buf = buf_new(MAX_PRIVKEY_SIZE);
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	170 buf_put_priv_key(buf, key, key->type);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	171
87 680a0bc9df0a Some small fixes for unused vars, and old messages Matt Johnston <matt@ucc.asn.au> parents: 73 diff changeset	172 fp = fopen(filename, "w");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	173 if (!fp) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	174 ret = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	175 goto out;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	176 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	177
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	178 buf_setpos(buf, 0);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	179 do {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	180 len = fwrite(buf_getptr(buf, buf->len - buf->pos),
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	181 1, buf->len - buf->pos, fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	182 buf_incrpos(buf, len);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	183 } while (len > 0 && buf->len != buf->pos);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	184
256 ac890087b8c1 * keyimport.c: fclose() the key file to make sure data gets written Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	185 fclose(fp);
ac890087b8c1 * keyimport.c: fclose() the key file to make sure data gets written Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	186
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	187 if (buf->pos != buf->len) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	188 ret = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	189 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	190 ret = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	191 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	192 out:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	193 buf_free(buf);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	194 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	195 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	196
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	197
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	198 /* ----------------------------------------------------------------------
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	199 * Helper routines. (The base64 ones are defined in sshpubk.c.)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	200 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	201
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	202 #define isbase64(c) ( ((c) >= 'A' && (c) <= 'Z') \|\| \
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	203 ((c) >= 'a' && (c) <= 'z') \|\| \
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	204 ((c) >= '0' && (c) <= '9') \|\| \
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	205 (c) == '+' \|\| (c) == '/' \|\| (c) == '=' \
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	206 )
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	207
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	208 /* cpl has to be less than 100 */
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1395 diff changeset	209 static void base64_encode_fp(FILE * fp, const unsigned char *data,
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	210 int datalen, int cpl)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	211 {
1094 c45d65392c1a Fix pointer differ in signess warnings [-Werror=pointer-sign] Gaël PORTAY <gael.portay@gmail.com> parents: 1089 diff changeset	212 unsigned char out[100];
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1124 diff changeset	213 int n;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	214 unsigned long outlen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	215 int rawcpl;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	216 rawcpl = cpl * 3 / 4;
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	217 dropbear_assert((unsigned int)cpl < sizeof(out));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	218
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1124 diff changeset	219 while (datalen > 0) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	220 n = (datalen < rawcpl ? datalen : rawcpl);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	221 outlen = sizeof(out);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	222 base64_encode(data, n, out, &outlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	223 data += n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	224 datalen -= n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	225 fwrite(out, 1, outlen, fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	226 fputc('\n', fp);
1250 2bb4c662d1c2 more hard tab Francois Perrad <francois.perrad@gadz.org> parents: 1124 diff changeset	227 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	228 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	229 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	230 * Read an ASN.1/BER identifier and length pair.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	231 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	232 * Flags are a combination of the #defines listed below.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	233 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	234 * Returns -1 if unsuccessful; otherwise returns the number of
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	235 * bytes used out of the source data.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	236 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	237
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	238 /* ASN.1 tag classes. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	239 #define ASN1_CLASS_UNIVERSAL (0 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	240 #define ASN1_CLASS_APPLICATION (1 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	241 #define ASN1_CLASS_CONTEXT_SPECIFIC (2 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	242 #define ASN1_CLASS_PRIVATE (3 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	243 #define ASN1_CLASS_MASK (3 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	244
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	245 /* Primitive versus constructed bit. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	246 #define ASN1_CONSTRUCTED (1 << 5)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	247
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	248 static int ber_read_id_len(void *source, int sourcelen,
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	249 int id, int length, int *flags)
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	250 {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	251 unsigned char p = (unsigned char ) source;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	252
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	253 if (sourcelen == 0)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	254 return -1;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	255
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	256 flags = (p & 0xE0);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	257 if ((*p & 0x1F) == 0x1F) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	258 *id = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	259 while (*p & 0x80) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	260 p++, sourcelen--;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	261 if (sourcelen == 0)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	262 return -1;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	263 id = (id << 7) \| (*p & 0x7F);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	264 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	265 p++, sourcelen--;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	266 } else {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	267 id = p & 0x1F;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	268 p++, sourcelen--;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	269 }
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	270
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	271 if (sourcelen == 0)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	272 return -1;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	273
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	274 if (*p & 0x80) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	275 unsigned len;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	276 int n = *p & 0x7F;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	277 p++, sourcelen--;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	278 if (sourcelen < n)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	279 return -1;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	280 len = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	281 while (n--)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	282 len = (len << 8) \| (*p++);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	283 sourcelen -= n;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	284 *length = toint(len);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	285 } else {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	286 length = p;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	287 p++, sourcelen--;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	288 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	289
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	290 if (*length < 0) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	291 printf("Negative ASN.1 length\n");
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	292 return -1;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	293 }
1307 ad9c40aca3bc add length checks for ecc too Matt Johnston <matt@ucc.asn.au> parents: 1306 diff changeset	294
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	295 return p - (unsigned char *) source;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	296 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	297
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	298 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	299 * Write an ASN.1/BER identifier and length pair. Returns the
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	300 * number of bytes consumed. Assumes dest contains enough space.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	301 * Will avoid writing anything if dest is NULL, but still return
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	302 * amount of space required.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	303 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	304 static int ber_write_id_len(void *dest, int id, int length, int flags)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	305 {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	306 unsigned char d = (unsigned char )dest;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	307 int len = 0;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	308
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	309 if (id <= 30) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	310 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	311 * Identifier is one byte.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	312 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	313 len++;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	314 if (d) *d++ = id \| flags;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	315 } else {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	316 int n;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	317 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	318 * Identifier is multiple bytes: the first byte is 11111
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	319 * plus the flags, and subsequent bytes encode the value of
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	320 * the identifier, 7 bits at a time, with the top bit of
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	321 * each byte 1 except the last one which is 0.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	322 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	323 len++;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	324 if (d) *d++ = 0x1F \| flags;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	325 for (n = 1; (id >> (7*n)) > 0; n++)
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	326 continue; /* count the bytes */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	327 while (n--) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	328 len++;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	329 if (d) d++ = (n ? 0x80 : 0) \| ((id >> (7n)) & 0x7F);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	330 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	331 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	332
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	333 if (length < 128) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	334 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	335 * Length is one byte.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	336 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	337 len++;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	338 if (d) *d++ = length;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	339 } else {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	340 int n;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	341 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	342 * Length is multiple bytes. The first is 0x80 plus the
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	343 * number of subsequent bytes, and the subsequent bytes
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	344 * encode the actual length.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	345 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	346 for (n = 1; (length >> (8*n)) > 0; n++)
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	347 continue; /* count the bytes */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	348 len++;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	349 if (d) *d++ = 0x80 \| n;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	350 while (n--) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	351 len++;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	352 if (d) d++ = (length >> (8n)) & 0xFF;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	353 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	354 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	355
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	356 return len;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	357 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	358
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	359
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	360 /* Simple structure to point to an mp-int within a blob. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	361 struct mpint_pos { void *start; int bytes; };
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	362
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	363 /* ----------------------------------------------------------------------
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	364 * Code to read and write OpenSSH private keys.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	365 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	366
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	367 enum { OSSH_DSA, OSSH_RSA, OSSH_EC, OSSH_PKEY };
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	368 struct openssh_key {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	369 int type;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	370 int encrypted;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	371 char iv[32];
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	372 unsigned char *keyblob;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	373 unsigned int keyblob_len, keyblob_size;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	374 };
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	375
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	376 static struct openssh_key load_openssh_key(const char filename)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	377 {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	378 struct openssh_key *ret;
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	379 buffer *buf = NULL;
340 454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 256 diff changeset	380 FILE *fp = NULL;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	381 char buffer[256];
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	382 char errmsg = NULL, p = NULL;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	383 int headers_done;
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	384 unsigned long len;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	385
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	386 ret = (struct openssh_key*)m_malloc(sizeof(struct openssh_key));
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	387 ret->keyblob = NULL;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	388 ret->keyblob_len = ret->keyblob_size = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	389 ret->encrypted = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	390 memset(ret->iv, 0, sizeof(ret->iv));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	391
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	392 if (strlen(filename) == 1 && filename[0] == '-') {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	393 fp = stdin;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	394 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	395 fp = fopen(filename, "r");
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	396 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	397 if (!fp) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	398 errmsg = "Unable to open key file";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	399 goto error;
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	400 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	401 if (!fgets(buffer, sizeof(buffer), fp) \|\|
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	402 0 != strncmp(buffer, "-----BEGIN ", 11) \|\|
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	403 0 != strcmp(buffer+strlen(buffer)-17, "PRIVATE KEY-----\n")) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	404 errmsg = "File does not begin with OpenSSH key header";
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	405 goto error;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	406 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	407 if (!strcmp(buffer, "-----BEGIN RSA PRIVATE KEY-----\n"))
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	408 ret->type = OSSH_RSA;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	409 else if (!strcmp(buffer, "-----BEGIN DSA PRIVATE KEY-----\n"))
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	410 ret->type = OSSH_DSA;
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 491 diff changeset	411 else if (!strcmp(buffer, "-----BEGIN EC PRIVATE KEY-----\n"))
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 491 diff changeset	412 ret->type = OSSH_EC;
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	413 else if (!strcmp(buffer, "-----BEGIN OPENSSH PRIVATE KEY-----\n"))
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	414 ret->type = OSSH_PKEY;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	415 else {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	416 errmsg = "Unrecognised key type";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	417 goto error;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	418 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	419
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	420 headers_done = 0;
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	421 buf = buf_new(0);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	422 while (1) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	423 if (!fgets(buffer, sizeof(buffer), fp)) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	424 errmsg = "Unexpected end of file";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	425 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	426 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	427 if (0 == strncmp(buffer, "-----END ", 9) &&
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	428 0 == strcmp(buffer+strlen(buffer)-17, "PRIVATE KEY-----\n"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	429 break; /* done */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	430 if ((p = strchr(buffer, ':')) != NULL) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	431 if (headers_done) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	432 errmsg = "Header found in body of key data";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	433 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	434 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	435 *p++ = '\0';
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	436 while (p && isspace((unsigned char)p)) p++;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	437 if (!strcmp(buffer, "Proc-Type")) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	438 if (p[0] != '4' \|\| p[1] != ',') {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	439 errmsg = "Proc-Type is not 4 (only 4 is supported)";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	440 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	441 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	442 p += 2;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	443 if (!strcmp(p, "ENCRYPTED\n"))
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	444 ret->encrypted = 1;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	445 } else if (!strcmp(buffer, "DEK-Info")) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	446 int i, j;
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	447
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	448 if (strncmp(p, "DES-EDE3-CBC,", 13)) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	449 errmsg = "Ciphers other than DES-EDE3-CBC not supported";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	450 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	451 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	452 p += 13;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	453 for (i = 0; i < 8; i++) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	454 if (1 != sscanf(p, "%2x", &j))
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	455 break;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	456 ret->iv[i] = j;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	457 p += 2;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	458 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	459 if (i < 8) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	460 errmsg = "Expected 16-digit iv in DEK-Info";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	461 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	462 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	463 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	464 } else {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	465 headers_done = 1;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	466 len = strlen(buffer);
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	467 buf = buf_resize(buf, buf->size + len);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	468 buf_putbytes(buf, buffer, len);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	469 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	470 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	471
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	472 if (buf && buf->len) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	473 ret->keyblob_size = ret->keyblob_len + buf->len*4/3 + 256;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	474 ret->keyblob = (unsigned char*)m_realloc(ret->keyblob, ret->keyblob_size);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	475 len = ret->keyblob_size;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	476 if (base64_decode((const unsigned char *)buf->data, buf->len,
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	477 ret->keyblob, &len) != CRYPT_OK){
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	478 errmsg = "Error decoding base64";
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	479 goto error;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	480 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	481 ret->keyblob_len = len;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	482 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	483
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	484 if (ret->type == OSSH_PKEY) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	485 if (ret->keyblob_len < OSSH_PKEY_BLOBLEN \|\|
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	486 memcmp(ret->keyblob, OSSH_PKEY_BLOB, OSSH_PKEY_BLOBLEN)) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	487 errmsg = "Error decoding OpenSSH key";
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	488 goto error;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	489 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	490 ret->keyblob_len -= OSSH_PKEY_BLOBLEN;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	491 memmove(ret->keyblob, ret->keyblob + OSSH_PKEY_BLOBLEN, ret->keyblob_len);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	492 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	493
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	494 if (ret->keyblob_len == 0 \|\| !ret->keyblob) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	495 errmsg = "Key body not present";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	496 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	497 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	498
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	499 if (ret->encrypted && ret->keyblob_len % 8 != 0) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	500 errmsg = "Encrypted key blob is not a multiple of cipher block size";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	501 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	502 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	503
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	504 if (buf) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	505 buf_burn(buf);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	506 buf_free(buf);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	507 }
1045 31727a8abd4b Use m_burn rather than memset Thorsten Horstmann <thorsten.horstmann@web.de> parents: 1038 diff changeset	508 m_burn(buffer, sizeof(buffer));
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	509 return ret;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	510
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	511 error:
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	512 if (buf) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	513 buf_burn(buf);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	514 buf_free(buf);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	515 }
1045 31727a8abd4b Use m_burn rather than memset Thorsten Horstmann <thorsten.horstmann@web.de> parents: 1038 diff changeset	516 m_burn(buffer, sizeof(buffer));
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	517 if (ret) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	518 if (ret->keyblob) {
1045 31727a8abd4b Use m_burn rather than memset Thorsten Horstmann <thorsten.horstmann@web.de> parents: 1038 diff changeset	519 m_burn(ret->keyblob, ret->keyblob_size);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	520 m_free(ret->keyblob);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	521 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	522 m_free(ret);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	523 }
340 454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 256 diff changeset	524 if (fp) {
454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 256 diff changeset	525 fclose(fp);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	526 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	527 if (errmsg) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	528 fprintf(stderr, "Error: %s\n", errmsg);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	529 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	530 return NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	531 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	532
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	533 static int openssh_encrypted(const char *filename)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	534 {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	535 struct openssh_key *key = load_openssh_key(filename);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	536 int ret;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	537
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	538 if (!key)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	539 return 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	540 ret = key->encrypted;
1045 31727a8abd4b Use m_burn rather than memset Thorsten Horstmann <thorsten.horstmann@web.de> parents: 1038 diff changeset	541 m_burn(key->keyblob, key->keyblob_size);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	542 m_free(key->keyblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	543 m_free(key);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	544 return ret;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	545 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	546
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1395 diff changeset	547 static sign_key openssh_read(const char filename, const char * UNUSED(passphrase))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	548 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	549 struct openssh_key *key;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	550 unsigned char *p;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	551 int ret, id, len, flags;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	552 int i, num_integers = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	553 sign_key *retval = NULL;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	554 char *errmsg;
1119 845922d73e9c Turn modptr local variable into unsigned char * Gaël PORTAY <gael.portay@gmail.com> parents: 1094 diff changeset	555 unsigned char *modptr = NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	556 int modlen = -9999;
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 845 diff changeset	557 enum signkey_type type;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	558
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	559 sign_key *retkey;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	560 buffer * blobbuf = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	561
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	562 retkey = new_sign_key();
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	563
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	564 key = load_openssh_key(filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	565
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	566 if (!key)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	567 return NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	568
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	569 if (key->encrypted) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	570 errmsg = "encrypted keys not supported currently";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	571 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	572 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	573 /* matt TODO */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	574 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	575 * Derive encryption key from passphrase and iv/salt:
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	576 *
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	577 * - let block A equal MD5(passphrase \|\| iv)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	578 * - let block B equal MD5(A \|\| passphrase \|\| iv)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	579 * - block C would be MD5(B \|\| passphrase \|\| iv) and so on
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	580 * - encryption key is the first N bytes of A \|\| B
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	581 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	582 struct MD5Context md5c;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	583 unsigned char keybuf[32];
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	584
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	585 MD5Init(&md5c);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	586 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	587 MD5Update(&md5c, (unsigned char *)key->iv, 8);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	588 MD5Final(keybuf, &md5c);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	589
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	590 MD5Init(&md5c);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	591 MD5Update(&md5c, keybuf, 16);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	592 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	593 MD5Update(&md5c, (unsigned char *)key->iv, 8);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	594 MD5Final(keybuf+16, &md5c);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	595
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	596 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	597 * Now decrypt the key blob.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	598 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	599 des3_decrypt_pubkey_ossh(keybuf, (unsigned char *)key->iv,
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	600 key->keyblob, key->keyblob_len);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	601
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	602 memset(&md5c, 0, sizeof(md5c));
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	603 memset(keybuf, 0, sizeof(keybuf));
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	604 #endif
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	605 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	606
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	607 /*
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	608 * Now we have a decrypted key blob, which contains OpenSSH
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	609 * encoded private key. We must now untangle the OpenSSH format.
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	610 */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	611 if (key->type == OSSH_PKEY) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	612 blobbuf = buf_new(key->keyblob_len);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	613 buf_putbytes(blobbuf, key->keyblob, key->keyblob_len);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	614 buf_setpos(blobbuf, 0);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	615
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	616 /* limit length of private key blob */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	617 len = buf_getint(blobbuf);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	618 buf_setlen(blobbuf, blobbuf->pos + len);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	619
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	620 type = DROPBEAR_SIGNKEY_ANY;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	621 if (buf_get_pub_key(blobbuf, retkey, &type)
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	622 != DROPBEAR_SUCCESS) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	623 errmsg = "Error parsing OpenSSH key";
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	624 goto ossh_error;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	625 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	626
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	627 /* restore full length */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	628 buf_setlen(blobbuf, key->keyblob_len);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	629
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	630 if (type != DROPBEAR_SIGNKEY_NONE) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	631 retkey->type = type;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	632 /* limit length of private key blob */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	633 len = buf_getint(blobbuf);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	634 buf_setlen(blobbuf, blobbuf->pos + len);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	635 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	636 if (type == DROPBEAR_SIGNKEY_ED25519) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	637 buf_incrpos(blobbuf, 8);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	638 buf_eatstring(blobbuf);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	639 buf_eatstring(blobbuf);
1754 064f5be2fc45 Add buf_decrpos() Matt Johnston <matt@ucc.asn.au> parents: 1692 diff changeset	640 buf_decrpos(blobbuf, SSH_SIGNKEY_ED25519_LEN+4);
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	641 if (buf_get_ed25519_priv_key(blobbuf, retkey->ed25519key)
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	642 == DROPBEAR_SUCCESS) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	643 errmsg = NULL;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	644 retval = retkey;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	645 goto error;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	646 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	647 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	648 #endif
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	649 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	650
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	651 errmsg = "Unsupported OpenSSH key type";
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	652 ossh_error:
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	653 sign_key_free(retkey);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	654 retkey = NULL;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	655 goto error;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	656 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	657
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	658 /*
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	659 * Now we have a decrypted key blob, which contains an ASN.1
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	660 * encoded private key. We must now untangle the ASN.1.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	661 *
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	662 * We expect the whole key blob to be formatted as a SEQUENCE
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	663 * (0x30 followed by a length code indicating that the rest of
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	664 * the blob is part of the sequence). Within that SEQUENCE we
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	665 * expect to see a bunch of INTEGERs. What those integers mean
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	666 * depends on the key type:
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	667 *
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	668 * - For RSA, we expect the integers to be 0, n, e, d, p, q,
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	669 * dmp1, dmq1, iqmp in that order. (The last three are d mod
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	670 * (p-1), d mod (q-1), inverse of q mod p respectively.)
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	671 *
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	672 * - For DSA, we expect them to be 0, p, q, g, y, x in that
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	673 * order.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	674 */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	675
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	676 p = key->keyblob;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	677
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	678 /* Expect the SEQUENCE header. Take its absence as a failure to decrypt. */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	679 ret = ber_read_id_len(p, key->keyblob_len, &id, &len, &flags);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	680 p += ret;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	681 if (ret < 0 \|\| id != 16 \|\| len < 0 \|\|
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	682 key->keyblob+key->keyblob_len-p < len) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	683 errmsg = "ASN.1 decoding failure";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	684 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	685 }
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	686
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	687 /* Expect a load of INTEGERs. */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	688 if (key->type == OSSH_RSA)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	689 num_integers = 9;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	690 else if (key->type == OSSH_DSA)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	691 num_integers = 6;
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	692 else if (key->type == OSSH_EC)
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	693 num_integers = 1;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	694
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	695 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	696 * Space to create key blob in.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	697 */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	698 blobbuf = buf_new(3000);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	699
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	700 #if DROPBEAR_DSS
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	701 if (key->type == OSSH_DSA) {
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1119 diff changeset	702 buf_putstring(blobbuf, "ssh-dss", 7);
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	703 retkey->type = DROPBEAR_SIGNKEY_DSS;
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	704 }
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	705 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	706 #if DROPBEAR_RSA
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	707 if (key->type == OSSH_RSA) {
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1119 diff changeset	708 buf_putstring(blobbuf, "ssh-rsa", 7);
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	709 retkey->type = DROPBEAR_SIGNKEY_RSA;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	710 }
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	711 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	712
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	713 for (i = 0; i < num_integers; i++) {
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	714 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	715 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	716 p += ret;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	717 if (ret < 0 \|\| id != 2 \|\| len < 0 \|\|
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	718 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	719 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	720 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	721 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	722
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	723 if (i == 0) {
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	724 /* First integer is a version indicator */
991 4f65c867fc99 Fix variables may be uninitialized. Like Ma <likemartinma@gmail.com> parents: 935 diff changeset	725 int expected = -1;
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	726 switch (key->type) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	727 case OSSH_RSA:
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	728 case OSSH_DSA:
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	729 expected = 0;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	730 break;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	731 case OSSH_EC:
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	732 expected = 1;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	733 break;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	734 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	735 if (len != 1 \|\| p[0] != expected) {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	736 errmsg = "Version number mismatch";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	737 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	738 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	739 } else if (key->type == OSSH_RSA) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	740 /*
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	741 * OpenSSH key order is n, e, d, p, q, dmp1, dmq1, iqmp
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	742 * but we want e, n, d, p, q
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	743 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	744 if (i == 1) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	745 /* Save the details for after we deal with number 2. */
1119 845922d73e9c Turn modptr local variable into unsigned char * Gaël PORTAY <gael.portay@gmail.com> parents: 1094 diff changeset	746 modptr = p;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	747 modlen = len;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	748 } else if (i >= 2 && i <= 5) {
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1119 diff changeset	749 buf_putstring(blobbuf, (const char*)p, len);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	750 if (i == 2) {
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1119 diff changeset	751 buf_putstring(blobbuf, (const char*)modptr, modlen);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	752 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	753 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	754 } else if (key->type == OSSH_DSA) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	755 /*
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	756 * OpenSSH key order is p, q, g, y, x,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	757 * we want the same.
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	758 */
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1119 diff changeset	759 buf_putstring(blobbuf, (const char*)p, len);
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	760 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	761
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	762 /* Skip past the number. */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	763 p += len;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	764 }
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	765
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	766 #if DROPBEAR_ECDSA
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	767 if (key->type == OSSH_EC) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	768 unsigned char* private_key_bytes = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	769 int private_key_len = 0;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	770 unsigned char* public_key_bytes = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	771 int public_key_len = 0;
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 806 diff changeset	772 ecc_key *ecc = NULL;
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	773 const struct dropbear_ecc_curve *curve = NULL;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	774
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	775 /* See SEC1 v2, Appendix C.4 */
c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	776 /* OpenSSL (so OpenSSH) seems to include the optional parts. */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	777
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	778 /* privateKey OCTET STRING, */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	779 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	780 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	781 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	782 /* id==4 for octet string */
1395 77c0d57a4410 fix indentation Francois Perrad <francois.perrad@gadz.org> parents: 1316 diff changeset	783 if (ret < 0 \|\| id != 4 \|\| len < 0 \|\|
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	784 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	785 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	786 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	787 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	788 private_key_bytes = p;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	789 private_key_len = len;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	790 p += len;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	791
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	792 /* parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL, */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	793 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	794 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	795 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	796 /* id==0 */
1395 77c0d57a4410 fix indentation Francois Perrad <francois.perrad@gadz.org> parents: 1316 diff changeset	797 if (ret < 0 \|\| id != 0 \|\| len < 0) {
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	798 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	799 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	800 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	801
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	802 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	803 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	804 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	805 /* id==6 for object */
1395 77c0d57a4410 fix indentation Francois Perrad <francois.perrad@gadz.org> parents: 1316 diff changeset	806 if (ret < 0 \|\| id != 6 \|\| len < 0 \|\|
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	807 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	808 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	809 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	810 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	811
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	812 if (0) {}
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	813 #if DROPBEAR_ECC_256
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	814 else if (len == sizeof(OID_SEC256R1_BLOB)
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	815 && memcmp(p, OID_SEC256R1_BLOB, len) == 0) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	816 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP256;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	817 curve = &ecc_curve_nistp256;
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	818 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	819 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	820 #if DROPBEAR_ECC_384
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	821 else if (len == sizeof(OID_SEC384R1_BLOB)
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	822 && memcmp(p, OID_SEC384R1_BLOB, len) == 0) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	823 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP384;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	824 curve = &ecc_curve_nistp384;
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	825 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	826 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	827 #if DROPBEAR_ECC_521
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	828 else if (len == sizeof(OID_SEC521R1_BLOB)
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	829 && memcmp(p, OID_SEC521R1_BLOB, len) == 0) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	830 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP521;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	831 curve = &ecc_curve_nistp521;
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	832 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	833 #endif
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	834 else {
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	835 errmsg = "Unknown ECC key type";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	836 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	837 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	838 p += len;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	839
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	840 /* publicKey [1] BIT STRING OPTIONAL */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	841 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	842 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	843 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	844 /* id==1 */
1395 77c0d57a4410 fix indentation Francois Perrad <francois.perrad@gadz.org> parents: 1316 diff changeset	845 if (ret < 0 \|\| id != 1 \|\| len < 0) {
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	846 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	847 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	848 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	849
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	850 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	851 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	852 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	853 /* id==3 for bit string */
1395 77c0d57a4410 fix indentation Francois Perrad <francois.perrad@gadz.org> parents: 1316 diff changeset	854 if (ret < 0 \|\| id != 3 \|\| len < 0 \|\|
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	855 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	856 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	857 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	858 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	859 public_key_bytes = p+1;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	860 public_key_len = len-1;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	861 p += len;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	862
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	863 buf_putbytes(blobbuf, public_key_bytes, public_key_len);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	864 ecc = buf_get_ecc_raw_pubkey(blobbuf, curve);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	865 if (!ecc) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	866 errmsg = "Error parsing ECC key";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	867 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	868 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	869 m_mp_alloc_init_multi((mp_int**)&ecc->k, NULL);
1692 1051e4eea25a Update LibTomMath to 1.2.0 (#84) Steffen Jaeckel <s@jaeckel.eu> parents: 1674 diff changeset	870 if (mp_from_ubin(ecc->k, private_key_bytes, private_key_len)
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	871 != MP_OKAY) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	872 errmsg = "Error parsing ECC key";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	873 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	874 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	875
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	876 *signkey_key_ptr(retkey, retkey->type) = ecc;
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	877 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	878 #endif /* DROPBEAR_ECDSA */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	879
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	880 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	881 * Now put together the actual key. Simplest way to do this is
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	882 * to assemble our own key blobs and feed them to the createkey
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	883 * functions; this is a bit faffy but it does mean we get all
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	884 * the sanity checks for free.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	885 */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	886 if (key->type == OSSH_RSA \|\| key->type == OSSH_DSA) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	887 buf_setpos(blobbuf, 0);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	888 type = DROPBEAR_SIGNKEY_ANY;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	889 if (buf_get_priv_key(blobbuf, retkey, &type)
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	890 != DROPBEAR_SUCCESS) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	891 errmsg = "unable to create key structure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	892 sign_key_free(retkey);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	893 retkey = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	894 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	895 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	896 }
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	897
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	898 errmsg = NULL; /* no error */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	899 retval = retkey;
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	900
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	901 error:
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	902 if (blobbuf) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	903 buf_burn(blobbuf);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	904 buf_free(blobbuf);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	905 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	906 m_burn(key->keyblob, key->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	907 m_free(key->keyblob);
1002 97d1e54941fd When clearing the memory of 'key' in function openssh_read(), only the size Christian Engelmayer <cengelma@gmx.at> parents: 991 diff changeset	908 m_burn(key, sizeof(*key));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	909 m_free(key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	910 if (errmsg) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	911 fprintf(stderr, "Error: %s\n", errmsg);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	912 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	913 return retval;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	914 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	915
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	916 static int openssh_write(const char filename, sign_key key,
1459 06d52bcb8094 Pointer parameter could be declared as pointing to const Francois Perrad <francois.perrad@gadz.org> parents: 1395 diff changeset	917 const char *passphrase)
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	918 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	919 buffer * keyblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	920 buffer * extrablob = NULL; /* used for calculated values to write */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	921 unsigned char *outblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	922 int outlen = -9999;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	923 struct mpint_pos numbers[9];
991 4f65c867fc99 Fix variables may be uninitialized. Like Ma <likemartinma@gmail.com> parents: 935 diff changeset	924 int nnumbers = -1, pos = 0, len = 0, seqlen, i;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	925 char header = NULL, footer = NULL;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	926 char zero[1];
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	927 int ret = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	928 FILE *fp;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	929
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	930 #if DROPBEAR_RSA
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	931 mp_int dmp1, dmq1, iqmp, tmpval; /* for rsa */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	932 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	933
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	934 if (
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	935 #if DROPBEAR_RSA
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	936 key->type == DROPBEAR_SIGNKEY_RSA \|\|
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	937 #endif
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	938 #if DROPBEAR_DSS
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	939 key->type == DROPBEAR_SIGNKEY_DSS \|\|
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	940 #endif
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	941 0)
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	942 {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	943 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	944 * Fetch the key blobs.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	945 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	946 keyblob = buf_new(3000);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	947 buf_put_priv_key(keyblob, key, key->type);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	948
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	949 buf_setpos(keyblob, 0);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	950 /* skip the "ssh-rsa" or "ssh-dss" header */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	951 buf_incrpos(keyblob, buf_getint(keyblob));
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	952
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	953 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	954 * Find the sequence of integers to be encoded into the OpenSSH
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	955 * key blob, and also decide on the header line.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	956 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	957 numbers[0].start = zero; numbers[0].bytes = 1; zero[0] = '\0';
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	958
1499 2d450c1056e3 options: Complete the transition to numeric toggles (`#if') Michael Witten <mfwitten@gmail.com> parents: 1459 diff changeset	959 #if DROPBEAR_RSA
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	960 if (key->type == DROPBEAR_SIGNKEY_RSA) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	961
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	962 if (key->rsakey->p == NULL \|\| key->rsakey->q == NULL) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	963 fprintf(stderr, "Pre-0.33 Dropbear keys cannot be converted to OpenSSH keys.\n");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	964 goto error;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	965 }
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	966
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	967 /* e */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	968 numbers[2].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	969 numbers[2].start = buf_getptr(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	970 buf_incrpos(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	971
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	972 /* n */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	973 numbers[1].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	974 numbers[1].start = buf_getptr(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	975 buf_incrpos(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	976
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	977 /* d */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	978 numbers[3].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	979 numbers[3].start = buf_getptr(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	980 buf_incrpos(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	981
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	982 /* p */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	983 numbers[4].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	984 numbers[4].start = buf_getptr(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	985 buf_incrpos(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	986
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	987 /* q */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	988 numbers[5].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	989 numbers[5].start = buf_getptr(keyblob, numbers[5].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	990 buf_incrpos(keyblob, numbers[5].bytes);
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	991
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	992 /* now calculate some extra parameters: */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	993 m_mp_init(&tmpval);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	994 m_mp_init(&dmp1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	995 m_mp_init(&dmq1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	996 m_mp_init(&iqmp);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	997
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	998 /* dmp1 = d mod (p-1) */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	999 if (mp_sub_d(key->rsakey->p, 1, &tmpval) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1000 fprintf(stderr, "Bignum error for p-1\n");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1001 goto error;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1002 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1003 if (mp_mod(key->rsakey->d, &tmpval, &dmp1) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1004 fprintf(stderr, "Bignum error for dmp1\n");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1005 goto error;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1006 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1007
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1008 /* dmq1 = d mod (q-1) */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1009 if (mp_sub_d(key->rsakey->q, 1, &tmpval) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1010 fprintf(stderr, "Bignum error for q-1\n");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1011 goto error;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1012 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1013 if (mp_mod(key->rsakey->d, &tmpval, &dmq1) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1014 fprintf(stderr, "Bignum error for dmq1\n");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1015 goto error;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1016 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1017
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1018 /* iqmp = (q^-1) mod p */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1019 if (mp_invmod(key->rsakey->q, key->rsakey->p, &iqmp) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1020 fprintf(stderr, "Bignum error for iqmp\n");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1021 goto error;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1022 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1023
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1024 extrablob = buf_new(2000);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1025 buf_putmpint(extrablob, &dmp1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1026 buf_putmpint(extrablob, &dmq1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1027 buf_putmpint(extrablob, &iqmp);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1028 buf_setpos(extrablob, 0);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1029 mp_clear(&dmp1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1030 mp_clear(&dmq1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1031 mp_clear(&iqmp);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1032 mp_clear(&tmpval);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1033
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1034 /* dmp1 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1035 numbers[6].bytes = buf_getint(extrablob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1036 numbers[6].start = buf_getptr(extrablob, numbers[6].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1037 buf_incrpos(extrablob, numbers[6].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1038
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1039 /* dmq1 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1040 numbers[7].bytes = buf_getint(extrablob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1041 numbers[7].start = buf_getptr(extrablob, numbers[7].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1042 buf_incrpos(extrablob, numbers[7].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1043
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1044 /* iqmp */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1045 numbers[8].bytes = buf_getint(extrablob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1046 numbers[8].start = buf_getptr(extrablob, numbers[8].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1047 buf_incrpos(extrablob, numbers[8].bytes);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1048
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1049 nnumbers = 9;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1050 header = "-----BEGIN RSA PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1051 footer = "-----END RSA PRIVATE KEY-----\n";
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1052 }
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1053 #endif /* DROPBEAR_RSA */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1054
1499 2d450c1056e3 options: Complete the transition to numeric toggles (`#if') Michael Witten <mfwitten@gmail.com> parents: 1459 diff changeset	1055 #if DROPBEAR_DSS
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1056 if (key->type == DROPBEAR_SIGNKEY_DSS) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1057
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1058 /* p */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1059 numbers[1].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1060 numbers[1].start = buf_getptr(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1061 buf_incrpos(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1062
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1063 /* q */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1064 numbers[2].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1065 numbers[2].start = buf_getptr(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1066 buf_incrpos(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1067
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1068 /* g */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1069 numbers[3].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1070 numbers[3].start = buf_getptr(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1071 buf_incrpos(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1072
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1073 /* y */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1074 numbers[4].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1075 numbers[4].start = buf_getptr(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1076 buf_incrpos(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1077
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1078 /* x */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1079 numbers[5].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1080 numbers[5].start = buf_getptr(keyblob, numbers[5].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1081 buf_incrpos(keyblob, numbers[5].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1082
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1083 nnumbers = 6;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1084 header = "-----BEGIN DSA PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1085 footer = "-----END DSA PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1086 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1087 #endif /* DROPBEAR_DSS */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1088
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1089 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1090 * Now count up the total size of the ASN.1 encoded integers,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1091 * so as to determine the length of the containing SEQUENCE.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1092 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1093 len = 0;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1094 for (i = 0; i < nnumbers; i++) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1095 len += ber_write_id_len(NULL, 2, numbers[i].bytes, 0);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1096 len += numbers[i].bytes;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1097 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1098 seqlen = len;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1099 /* Now add on the SEQUENCE header. */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1100 len += ber_write_id_len(NULL, 16, seqlen, ASN1_CONSTRUCTED);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1101 /* Round up to the cipher block size, ensuring we have at least one
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1102 * byte of padding (see below). */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1103 outlen = len;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1104 if (passphrase)
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1105 outlen = (outlen+8) &~ 7;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1106
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1107 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1108 * Now we know how big outblob needs to be. Allocate it.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1109 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1110 outblob = (unsigned char*)m_malloc(outlen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1111
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1112 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1113 * And write the data into it.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1114 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1115 pos = 0;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1116 pos += ber_write_id_len(outblob+pos, 16, seqlen, ASN1_CONSTRUCTED);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1117 for (i = 0; i < nnumbers; i++) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1118 pos += ber_write_id_len(outblob+pos, 2, numbers[i].bytes, 0);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1119 memcpy(outblob+pos, numbers[i].start, numbers[i].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1120 pos += numbers[i].bytes;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1121 }
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	1122 } /* end RSA and DSS handling */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1123
1295 750ec4ec4cbe Convert #ifdef to #if, other build changes Matt Johnston <matt@ucc.asn.au> parents: 1294 diff changeset	1124 #if DROPBEAR_ECDSA
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1125 if (key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP256
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1126 \|\| key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP384
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1127 \|\| key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1128
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1129 /* SEC1 V2 appendix c.4
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1130 ECPrivateKey ::= SEQUENCE {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1131 version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1132 privateKey OCTET STRING,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1133 parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1134 publicKey [1] BIT STRING OPTIONAL
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1135 }
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1136 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1137 buffer *seq_buf = buf_new(400);
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 845 diff changeset	1138 ecc_key eck = (ecc_key)signkey_key_ptr(key, key->type);
b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 845 diff changeset	1139 const long curve_size = (*eck)->dp->size;
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1140 int curve_oid_len = 0;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1141 const void* curve_oid = NULL;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1142 unsigned long pubkey_size = 2*curve_size+1;
1089 d144a6bece53 Uses k_size as an signed integer Gaël PORTAY <gael.portay@gmail.com> parents: 1045 diff changeset	1143 int k_size;
1038 d3925ed45a85 Fix for old compilers, variable declarations at beginning of functions Thorsten Horstmann <thorsten.horstmann@web.de> parents: 1002 diff changeset	1144 int err = 0;
1692 1051e4eea25a Update LibTomMath to 1.2.0 (#84) Steffen Jaeckel <s@jaeckel.eu> parents: 1674 diff changeset	1145 size_t written;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1146
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1147 /* version. less than 10 bytes */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1148 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1149 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 2, 1, 0));
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1150 buf_putbyte(seq_buf, 1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1151
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1152 /* privateKey */
1692 1051e4eea25a Update LibTomMath to 1.2.0 (#84) Steffen Jaeckel <s@jaeckel.eu> parents: 1674 diff changeset	1153 k_size = mp_ubin_size((*eck)->k);
867 d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	1154 dropbear_assert(k_size <= curve_size);
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1155 buf_incrwritepos(seq_buf,
867 d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	1156 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 4, k_size, 0));
1692 1051e4eea25a Update LibTomMath to 1.2.0 (#84) Steffen Jaeckel <s@jaeckel.eu> parents: 1674 diff changeset	1157 if (mp_to_ubin((*eck)->k, buf_getwriteptr(seq_buf, k_size), k_size, &written) != MP_OKAY) {
1051e4eea25a Update LibTomMath to 1.2.0 (#84) Steffen Jaeckel <s@jaeckel.eu> parents: 1674 diff changeset	1158 dropbear_exit("ECC error");
1051e4eea25a Update LibTomMath to 1.2.0 (#84) Steffen Jaeckel <s@jaeckel.eu> parents: 1674 diff changeset	1159 }
1051e4eea25a Update LibTomMath to 1.2.0 (#84) Steffen Jaeckel <s@jaeckel.eu> parents: 1674 diff changeset	1160 buf_incrwritepos(seq_buf, written);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1161
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1162 /* SECGCurveNames */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1163 switch (key->type)
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1164 {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1165 case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1166 curve_oid_len = sizeof(OID_SEC256R1_BLOB);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1167 curve_oid = OID_SEC256R1_BLOB;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1168 break;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1169 case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1170 curve_oid_len = sizeof(OID_SEC384R1_BLOB);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1171 curve_oid = OID_SEC384R1_BLOB;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1172 break;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1173 case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1174 curve_oid_len = sizeof(OID_SEC521R1_BLOB);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1175 curve_oid = OID_SEC521R1_BLOB;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1176 break;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1177 default:
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1178 dropbear_exit("Internal error");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1179 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1180
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1181 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1182 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 0, 2+curve_oid_len, 0xa0));
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	1183 /* object == 6 */
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1184 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1185 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 6, curve_oid_len, 0));
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1186 buf_putbytes(seq_buf, curve_oid, curve_oid_len);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1187
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1188 buf_incrwritepos(seq_buf,
1638 315fcba6960e dropbearconvert: keyimport.c: fix BER encoding of secp521r1 keys (#69) Christian Hohnstädt <christian@hohnstaedt.de> parents: 1499 diff changeset	1189 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 1,
315fcba6960e dropbearconvert: keyimport.c: fix BER encoding of secp521r1 keys (#69) Christian Hohnstädt <christian@hohnstaedt.de> parents: 1499 diff changeset	1190 (pubkey_size +1 < 128 ? 2 : 3 ) +1 +pubkey_size, 0xa0));
315fcba6960e dropbearconvert: keyimport.c: fix BER encoding of secp521r1 keys (#69) Christian Hohnstädt <christian@hohnstaedt.de> parents: 1499 diff changeset	1191
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1192 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1193 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 3, 1+pubkey_size, 0));
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1194 buf_putbyte(seq_buf, 0);
1038 d3925ed45a85 Fix for old compilers, variable declarations at beginning of functions Thorsten Horstmann <thorsten.horstmann@web.de> parents: 1002 diff changeset	1195 err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size);
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1196 if (err != CRYPT_OK) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1197 dropbear_exit("ECC error");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1198 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1199 buf_incrwritepos(seq_buf, pubkey_size);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1200
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1201 buf_setpos(seq_buf, 0);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1202
867 d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	1203 outblob = (unsigned char*)m_malloc(1000);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1204
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1205 pos = 0;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1206 pos += ber_write_id_len(outblob+pos, 16, seq_buf->len, ASN1_CONSTRUCTED);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1207 memcpy(&outblob[pos], seq_buf->data, seq_buf->len);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1208 pos += seq_buf->len;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1209 len = pos;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1210 outlen = len;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1211
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1212 buf_burn(seq_buf);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1213 buf_free(seq_buf);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1214 seq_buf = NULL;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1215
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1216 header = "-----BEGIN EC PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1217 footer = "-----END EC PRIVATE KEY-----\n";
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1218 }
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1219 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1220
1659 d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1221 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1222 if (key->type == DROPBEAR_SIGNKEY_ED25519) {
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1223 buffer *buf = buf_new(300);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1224 keyblob = buf_new(100);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1225 extrablob = buf_new(200);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1226
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1227 /* private key blob w/o header */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1228 buf_put_priv_key(keyblob, key, key->type);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1229 buf_setpos(keyblob, 0);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1230 buf_incrpos(keyblob, buf_getint(keyblob));
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1231 len = buf_getint(keyblob);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1232
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1233 /* header */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1234 buf_putbytes(buf, OSSH_PKEY_BLOB, OSSH_PKEY_BLOBLEN);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1235
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1236 /* public key */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1237 buf_put_pub_key(buf, key, key->type);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1238
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1239 /* private key */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1240 buf_incrwritepos(extrablob, 4);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1241 buf_put_pub_key(extrablob, key, key->type);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1242 buf_putstring(extrablob, buf_getptr(keyblob, len), len);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1243 /* comment */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1244 buf_putstring(extrablob, "", 0);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1245 /* padding to cipher block length */
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1246 len = (extrablob->len+8) & ~7;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1247 for (i = 1; len - extrablob->len > 0; i++)
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1248 buf_putbyte(extrablob, i);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1249 buf_setpos(extrablob, 0);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1250 buf_putbytes(extrablob, "\0\0\0\0\0\0\0\0", 8);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1251 buf_putbufstring(buf, extrablob);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1252
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1253 outlen = len = pos = buf->len;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1254 outblob = (unsigned char*)m_malloc(outlen);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1255 memcpy(outblob, buf->data, buf->len);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1256
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1257 buf_burn(buf);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1258 buf_free(buf);
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1259 buf = NULL;
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1260
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1261 header = "-----BEGIN OPENSSH PRIVATE KEY-----\n";
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1262 footer = "-----END OPENSSH PRIVATE KEY-----\n";
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1263 }
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1264 #endif
d32bcb5c557d Add Ed25519 support (#91) Vladislav Grishenko <themiron@users.noreply.github.com> parents: 1638 diff changeset	1265
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1266 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1267 * Padding on OpenSSH keys is deterministic. The number of
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1268 * padding bytes is always more than zero, and always at most
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1269 * the cipher block length. The value of each padding byte is
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1270 * equal to the number of padding bytes. So a plaintext that's
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1271 * an exact multiple of the block size will be padded with 08
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1272 * 08 08 08 08 08 08 08 (assuming a 64-bit block cipher); a
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1273 * plaintext one byte less than a multiple of the block size
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1274 * will be padded with just 01.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1275 *
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1276 * This enables the OpenSSL key decryption function to strip
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1277 * off the padding algorithmically and return the unpadded
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1278 * plaintext to the next layer: it looks at the final byte, and
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1279 * then expects to find that many bytes at the end of the data
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1280 * with the same value. Those are all removed and the rest is
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1281 * returned.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1282 */
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1283 dropbear_assert(pos == len);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1284 while (pos < outlen) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1285 outblob[pos++] = outlen - len;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1286 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1287
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1288 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1289 * Encrypt the key.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1290 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1291 if (passphrase) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1292 fprintf(stderr, "Encrypted keys aren't supported currently\n");
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1293 goto error;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1294 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1295
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1296 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1297 * And save it. We'll use Unix line endings just in case it's
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1298 * subsequently transferred in binary mode.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1299 */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1300 if (strlen(filename) == 1 && filename[0] == '-') {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1301 fp = stdout;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1302 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1303 fp = fopen(filename, "wb"); /* ensure Unix line endings */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1304 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1305 if (!fp) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1306 fprintf(stderr, "Failed opening output file\n");
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1307 goto error;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1308 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1309 fputs(header, fp);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1310 base64_encode_fp(fp, outblob, outlen, 64);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1311 fputs(footer, fp);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1312 fclose(fp);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1313 ret = 1;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1314
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1315 error:
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1316 if (outblob) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1317 memset(outblob, 0, outlen);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1318 m_free(outblob);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1319 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1320 if (keyblob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1321 buf_burn(keyblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1322 buf_free(keyblob);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1323 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1324 if (extrablob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1325 buf_burn(extrablob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1326 buf_free(extrablob);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1327 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1328 return ret;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1329 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1330
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1331 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1332 /* XXX TODO ssh.com stuff isn't going yet */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1333
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1334 /* ----------------------------------------------------------------------
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1335 * Code to read ssh.com private keys.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1336 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1337
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1338 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1339 * The format of the base64 blob is largely ssh2-packet-formatted,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1340 * except that mpints are a bit different: they're more like the
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1341 * old ssh1 mpint. You have a 32-bit bit count N, followed by
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1342 * (N+7)/8 bytes of data.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1343 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1344 * So. The blob contains:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1345 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1346 * - uint32 0x3f6ff9eb (magic number)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1347 * - uint32 size (total blob size)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1348 * - string key-type (see below)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1349 * - string cipher-type (tells you if key is encrypted)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1350 * - string encrypted-blob
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1351 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1352 * (The first size field includes the size field itself and the
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1353 * magic number before it. All other size fields are ordinary ssh2
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1354 * strings, so the size field indicates how much data is to
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1355 * _follow_.)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1356 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1357 * The encrypted blob, once decrypted, contains a single string
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1358 * which in turn contains the payload. (This allows padding to be
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1359 * added after that string while still making it clear where the
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1360 * real payload ends. Also it probably makes for a reasonable
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1361 * decryption check.)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1362 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1363 * The payload blob, for an RSA key, contains:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1364 * - mpint e
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1365 * - mpint d
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1366 * - mpint n (yes, the public and private stuff is intermixed)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1367 * - mpint u (presumably inverse of p mod q)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1368 * - mpint p (p is the smaller prime)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1369 * - mpint q (q is the larger)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1370 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1371 * For a DSA key, the payload blob contains:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1372 * - uint32 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1373 * - mpint p
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1374 * - mpint g
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1375 * - mpint q
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1376 * - mpint y
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1377 * - mpint x
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1378 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1379 * Alternatively, if the parameters are `predefined', that
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1380 * (0,p,g,q) sequence can be replaced by a uint32 1 and a string
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1381 * containing some predefined parameter specification. shudder,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1382 * but I doubt we'll encounter this in real life.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1383 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1384 * The key type strings are ghastly. The RSA key I looked at had a
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1385 * type string of
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1386 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1387 * `if-modn{sign{rsa-pkcs1-sha1},encrypt{rsa-pkcs1v2-oaep}}'
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1388 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1389 * and the DSA key wasn't much better:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1390 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1391 * `dl-modp{sign{dsa-nist-sha1},dh{plain}}'
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1392 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1393 * It isn't clear that these will always be the same. I think it
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1394 * might be wise just to look at the `if-modn{sign{rsa' and
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1395 * `dl-modp{sign{dsa' prefixes.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1396 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1397 * Finally, the encryption. The cipher-type string appears to be
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1398 * either `none' or `3des-cbc'. Looks as if this is SSH2-style
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1399 * 3des-cbc (i.e. outer cbc rather than inner). The key is created
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1400 * from the passphrase by means of yet another hashing faff:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1401 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1402 * - first 16 bytes are MD5(passphrase)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1403 * - next 16 bytes are MD5(passphrase \|\| first 16 bytes)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1404 * - if there were more, they'd be MD5(passphrase \|\| first 32),
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1405 * and so on.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1406 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1407
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1408 #define SSHCOM_MAGIC_NUMBER 0x3f6ff9eb
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1409
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1410 struct sshcom_key {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1411 char comment[256]; /* allowing any length is overkill */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1412 unsigned char *keyblob;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1413 int keyblob_len, keyblob_size;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1414 };
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1415
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1416 static struct sshcom_key load_sshcom_key(const char filename)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1417 {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1418 struct sshcom_key *ret;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1419 FILE *fp;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1420 char buffer[256];
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1421 int len;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1422 char errmsg, p;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1423 int headers_done;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1424 char base64_bit[4];
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1425 int base64_chars = 0;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1426
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1427 ret = snew(struct sshcom_key);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1428 ret->comment[0] = '\0';
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1429 ret->keyblob = NULL;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1430 ret->keyblob_len = ret->keyblob_size = 0;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1431
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1432 fp = fopen(filename, "r");
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1433 if (!fp) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1434 errmsg = "Unable to open key file";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1435 goto error;
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	1436 }
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1437 if (!fgets(buffer, sizeof(buffer), fp) \|\|
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1438 0 != strcmp(buffer, "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----\n")) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1439 errmsg = "File does not begin with ssh.com key header";
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	1440 goto error;
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1441 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1442
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1443 headers_done = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1444 while (1) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1445 if (!fgets(buffer, sizeof(buffer), fp)) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1446 errmsg = "Unexpected end of file";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1447 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1448 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1449 if (!strcmp(buffer, "---- END SSH2 ENCRYPTED PRIVATE KEY ----\n"))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1450 break; /* done */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1451 if ((p = strchr(buffer, ':')) != NULL) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1452 if (headers_done) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1453 errmsg = "Header found in body of key data";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1454 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1455 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1456 *p++ = '\0';
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1457 while (p && isspace((unsigned char)p)) p++;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1458 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1459 * Header lines can end in a trailing backslash for
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1460 * continuation.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1461 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1462 while ((len = strlen(p)) > (int)(sizeof(buffer) - (p-buffer) -1) \|\|
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1463 p[len-1] != '\n' \|\| p[len-2] == '\\') {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1464 if (len > (int)((p-buffer) + sizeof(buffer)-2)) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1465 errmsg = "Header line too long to deal with";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1466 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1467 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1468 if (!fgets(p+len-2, sizeof(buffer)-(p-buffer)-(len-2), fp)) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1469 errmsg = "Unexpected end of file";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1470 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1471 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1472 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1473 p[strcspn(p, "\n")] = '\0';
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1474 if (!strcmp(buffer, "Comment")) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1475 /* Strip quotes in comment if present. */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1476 if (p[0] == '"' && p[strlen(p)-1] == '"') {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1477 p++;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1478 p[strlen(p)-1] = '\0';
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1479 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1480 strncpy(ret->comment, p, sizeof(ret->comment));
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1481 ret->comment[sizeof(ret->comment)-1] = '\0';
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1482 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1483 } else {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1484 headers_done = 1;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1485
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1486 p = buffer;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1487 while (isbase64(*p)) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1488 base64_bit[base64_chars++] = *p;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1489 if (base64_chars == 4) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1490 unsigned char out[3];
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1491
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1492 base64_chars = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1493
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1494 len = base64_decode_atom(base64_bit, out);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1495
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1496 if (len <= 0) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1497 errmsg = "Invalid base64 encoding";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1498 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1499 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1500
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1501 if (ret->keyblob_len + len > ret->keyblob_size) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1502 ret->keyblob_size = ret->keyblob_len + len + 256;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1503 ret->keyblob = sresize(ret->keyblob, ret->keyblob_size,
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1504 unsigned char);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1505 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1506
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1507 memcpy(ret->keyblob + ret->keyblob_len, out, len);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1508 ret->keyblob_len += len;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1509 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1510
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1511 p++;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1512 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1513 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1514 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1515
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1516 if (ret->keyblob_len == 0 \|\| !ret->keyblob) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1517 errmsg = "Key body not present";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1518 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1519 }
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	1520
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1521 return ret;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1522
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1523 error:
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1524 if (ret) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1525 if (ret->keyblob) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1526 memset(ret->keyblob, 0, ret->keyblob_size);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1527 m_free(ret->keyblob);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1528 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1529 memset(ret, 0, sizeof(*ret));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1530 m_free(ret);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1531 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1532 return NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1533 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1534
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1535 int sshcom_encrypted(const char filename, char *comment)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1536 {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1537 struct sshcom_key *key = load_sshcom_key(filename);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1538 int pos, len, answer;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1539
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1540 *comment = NULL;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1541 if (!key)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1542 return 0;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1543
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1544 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1545 * Check magic number.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1546 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1547 if (GET_32BIT(key->keyblob) != 0x3f6ff9eb)
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1548 return 0; /* key is invalid */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1549
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1550 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1551 * Find the cipher-type string.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1552 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1553 answer = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1554 pos = 8;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1555 if (key->keyblob_len < pos+4)
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1556 goto done; /* key is far too short */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1557 len = toint(GET_32BIT(key->keyblob + pos));
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1558 if (len < 0 \|\| len > key->keyblob_len - pos - 4)
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1559 goto done; /* key is far too short */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1560 pos += 4 + len; /* skip key type */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1561 len = toint(GET_32BIT(key->keyblob + pos)); /* find cipher-type length */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1562 if (len < 0 \|\| len > key->keyblob_len - pos - 4)
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1563 goto done; /* cipher type string is incomplete */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1564 if (len != 4 \|\| 0 != memcmp(key->keyblob + pos + 4, "none", 4))
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1565 answer = 1;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1566
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1567 done:
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1568 *comment = dupstr(key->comment);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1569 memset(key->keyblob, 0, key->keyblob_size);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1570 m_free(key->keyblob);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1571 memset(key, 0, sizeof(*key));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1572 m_free(key);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1573 return answer;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1574 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1575
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1576 static int sshcom_read_mpint(void data, int len, struct mpint_pos ret)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1577 {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1578 unsigned bits, bytes;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1579 unsigned char d = (unsigned char ) data;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1580
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1581 if (len < 4)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1582 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1583 bits = GET_32BIT(d);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1584
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1585 bytes = (bits + 7) / 8;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1586 if (len < 4+bytes)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1587 goto error;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1588
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1589 ret->start = d + 4;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1590 ret->bytes = bytes;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1591 return bytes+4;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1592
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1593 error:
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1594 ret->start = NULL;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1595 ret->bytes = -1;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1596 return len; /* ensure further calls fail as well */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1597 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1598
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1599 static int sshcom_put_mpint(void target, void data, int len)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1600 {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1601 unsigned char d = (unsigned char )target;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1602 unsigned char i = (unsigned char )data;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1603 int bits = len * 8 - 1;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1604
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1605 while (bits > 0) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1606 if (*i & (1 << (bits & 7)))
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1607 break;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1608 if (!(bits-- & 7))
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1609 i++, len--;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1610 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1611
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1612 PUT_32BIT(d, bits+1);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1613 memcpy(d+4, i, len);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1614 return len+4;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1615 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1616
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1617 sign_key sshcom_read(const char filename, char *passphrase)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1618 {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1619 struct sshcom_key *key = load_sshcom_key(filename);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1620 char *errmsg;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1621 int pos, len;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1622 const char prefix_rsa[] = "if-modn{sign{rsa";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1623 const char prefix_dsa[] = "dl-modp{sign{dsa";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1624 enum { RSA, DSA } type;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1625 int encrypted;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1626 char *ciphertext;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1627 int cipherlen;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1628 struct ssh2_userkey ret = NULL, retkey;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1629 const struct ssh_signkey *alg;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1630 unsigned char *blob = NULL;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1631 int blobsize = 0, publen, privlen;
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	1632
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1633 if (!key)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1634 return NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1635
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1636 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1637 * Check magic number.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1638 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1639 if (GET_32BIT(key->keyblob) != SSHCOM_MAGIC_NUMBER) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1640 errmsg = "Key does not begin with magic number";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1641 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1642 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1643
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1644 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1645 * Determine the key type.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1646 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1647 pos = 8;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1648 if (key->keyblob_len < pos+4 \|\|
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1649 (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1650 errmsg = "Key blob does not contain a key type string";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1651 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1652 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1653 if (len > sizeof(prefix_rsa) - 1 &&
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1654 !memcmp(key->keyblob+pos+4, prefix_rsa, sizeof(prefix_rsa) - 1)) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1655 type = RSA;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1656 } else if (len > sizeof(prefix_dsa) - 1 &&
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1657 !memcmp(key->keyblob+pos+4, prefix_dsa, sizeof(prefix_dsa) - 1)) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1658 type = DSA;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1659 } else {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1660 errmsg = "Key is of unknown type";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1661 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1662 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1663 pos += 4+len;
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	1664
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1665 /*
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1666 * Determine the cipher type.
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1667 */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1668 if (key->keyblob_len < pos+4 \|\|
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1669 (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1670 errmsg = "Key blob does not contain a cipher type string";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1671 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1672 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1673 if (len == 4 && !memcmp(key->keyblob+pos+4, "none", 4))
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1674 encrypted = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1675 else if (len == 8 && !memcmp(key->keyblob+pos+4, "3des-cbc", 8))
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1676 encrypted = 1;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1677 else {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1678 errmsg = "Key encryption is of unknown type";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1679 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1680 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1681 pos += 4+len;
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	1682
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1683 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1684 * Get hold of the encrypted part of the key.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1685 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1686 if (key->keyblob_len < pos+4 \|\|
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1687 (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1688 errmsg = "Key blob does not contain actual key data";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1689 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1690 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1691 ciphertext = (char *)key->keyblob + pos + 4;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1692 cipherlen = len;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1693 if (cipherlen == 0) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1694 errmsg = "Length of key data is zero";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1695 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1696 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1697
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1698 /*
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1699 * Decrypt it if necessary.
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1700 */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1701 if (encrypted) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1702 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1703 * Derive encryption key from passphrase and iv/salt:
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1704 *
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1705 * - let block A equal MD5(passphrase)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1706 * - let block B equal MD5(passphrase \|\| A)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1707 * - block C would be MD5(passphrase \|\| A \|\| B) and so on
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1708 * - encryption key is the first N bytes of A \|\| B
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1709 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1710 struct MD5Context md5c;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1711 unsigned char keybuf[32], iv[8];
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1712
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1713 if (cipherlen % 8 != 0) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1714 errmsg = "Encrypted part of key is not a multiple of cipher block"
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1715 " size";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1716 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1717 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1718
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1719 MD5Init(&md5c);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1720 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1721 MD5Final(keybuf, &md5c);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1722
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1723 MD5Init(&md5c);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1724 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1725 MD5Update(&md5c, keybuf, 16);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1726 MD5Final(keybuf+16, &md5c);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1727
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1728 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1729 * Now decrypt the key blob.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1730 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1731 memset(iv, 0, sizeof(iv));
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1732 des3_decrypt_pubkey_ossh(keybuf, iv, (unsigned char *)ciphertext,
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1733 cipherlen);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1734
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1735 memset(&md5c, 0, sizeof(md5c));
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1736 memset(keybuf, 0, sizeof(keybuf));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1737
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1738 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1739 * Hereafter we return WRONG_PASSPHRASE for any parsing
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1740 * error. (But only if we've just tried to decrypt it!
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1741 * Returning WRONG_PASSPHRASE for an unencrypted key is
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1742 * automatic doom.)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1743 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1744 if (encrypted)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1745 ret = SSH2_WRONG_PASSPHRASE;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1746 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1747
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1748 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1749 * Strip away the containing string to get to the real meat.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1750 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1751 len = toint(GET_32BIT(ciphertext));
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1752 if (len < 0 \|\| len > cipherlen-4) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1753 errmsg = "containing string was ill-formed";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1754 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1755 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1756 ciphertext += 4;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1757 cipherlen = len;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1758
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1759 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1760 * Now we break down into RSA versus DSA. In either case we'll
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1761 * construct public and private blobs in our own format, and
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1762 * end up feeding them to alg->createkey().
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1763 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1764 blobsize = cipherlen + 256;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1765 blob = snewn(blobsize, unsigned char);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1766 privlen = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1767 if (type == RSA) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1768 struct mpint_pos n, e, d, u, p, q;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1769 int pos = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1770 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &e);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1771 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &d);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1772 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &n);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1773 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &u);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1774 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &p);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1775 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &q);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1776 if (!q.start) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1777 errmsg = "key data did not contain six integers";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1778 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1779 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1780
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1781 alg = &ssh_rsa;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1782 pos = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1783 pos += put_string(blob+pos, "ssh-rsa", 7);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1784 pos += put_mp(blob+pos, e.start, e.bytes);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1785 pos += put_mp(blob+pos, n.start, n.bytes);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1786 publen = pos;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1787 pos += put_string(blob+pos, d.start, d.bytes);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1788 pos += put_mp(blob+pos, q.start, q.bytes);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1789 pos += put_mp(blob+pos, p.start, p.bytes);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1790 pos += put_mp(blob+pos, u.start, u.bytes);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1791 privlen = pos - publen;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1792 } else if (type == DSA) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1793 struct mpint_pos p, q, g, x, y;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1794 int pos = 4;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1795 if (GET_32BIT(ciphertext) != 0) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1796 errmsg = "predefined DSA parameters not supported";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1797 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1798 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1799 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &p);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1800 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &g);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1801 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &q);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1802 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &y);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1803 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &x);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1804 if (!x.start) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1805 errmsg = "key data did not contain five integers";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1806 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1807 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1808
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1809 alg = &ssh_dss;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1810 pos = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1811 pos += put_string(blob+pos, "ssh-dss", 7);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1812 pos += put_mp(blob+pos, p.start, p.bytes);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1813 pos += put_mp(blob+pos, q.start, q.bytes);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1814 pos += put_mp(blob+pos, g.start, g.bytes);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1815 pos += put_mp(blob+pos, y.start, y.bytes);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1816 publen = pos;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1817 pos += put_mp(blob+pos, x.start, x.bytes);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1818 privlen = pos - publen;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1819 } else
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1820 return NULL;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1821
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1822 dropbear_assert(privlen > 0); /* should have bombed by now if not */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1823
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1824 retkey = snew(struct ssh2_userkey);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1825 retkey->alg = alg;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1826 retkey->data = alg->createkey(blob, publen, blob+publen, privlen);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1827 if (!retkey->data) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1828 m_free(retkey);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1829 errmsg = "unable to create key data structure";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1830 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1831 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1832 retkey->comment = dupstr(key->comment);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1833
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1834 errmsg = NULL; /* no error */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1835 ret = retkey;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1836
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1837 error:
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1838 if (blob) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1839 memset(blob, 0, blobsize);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1840 m_free(blob);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1841 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1842 memset(key->keyblob, 0, key->keyblob_size);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1843 m_free(key->keyblob);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1844 memset(key, 0, sizeof(*key));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1845 m_free(key);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1846 return ret;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1847 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1848
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1849 int sshcom_write(const char filename, sign_key key,
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1850 char *passphrase)
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1851 {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1852 unsigned char pubblob, privblob;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1853 int publen, privlen;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1854 unsigned char *outblob;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1855 int outlen;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1856 struct mpint_pos numbers[6];
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1857 int nnumbers, initial_zero, pos, lenpos, i;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1858 char *type;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1859 char *ciphertext;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1860 int cipherlen;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1861 int ret = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1862 FILE *fp;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1863
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1864 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1865 * Fetch the key blobs.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1866 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1867 pubblob = key->alg->public_blob(key->data, &publen);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1868 privblob = key->alg->private_blob(key->data, &privlen);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1869 outblob = NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1870
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1871 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1872 * Find the sequence of integers to be encoded into the OpenSSH
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1873 * key blob, and also decide on the header line.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1874 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1875 if (key->alg == &ssh_rsa) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1876 int pos;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1877 struct mpint_pos n, e, d, p, q, iqmp;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1878
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1879 pos = 4 + GET_32BIT(pubblob);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1880 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &e);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1881 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &n);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1882 pos = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1883 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &d);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1884 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &p);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1885 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &q);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1886 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &iqmp);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1887
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1888 dropbear_assert(e.start && iqmp.start); /* can't go wrong */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1889
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1890 numbers[0] = e;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1891 numbers[1] = d;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1892 numbers[2] = n;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1893 numbers[3] = iqmp;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1894 numbers[4] = q;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1895 numbers[5] = p;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1896
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1897 nnumbers = 6;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1898 initial_zero = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1899 type = "if-modn{sign{rsa-pkcs1-sha1},encrypt{rsa-pkcs1v2-oaep}}";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1900 } else if (key->alg == &ssh_dss) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1901 int pos;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1902 struct mpint_pos p, q, g, y, x;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1903
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1904 pos = 4 + GET_32BIT(pubblob);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1905 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &p);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1906 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &q);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1907 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &g);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1908 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &y);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1909 pos = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1910 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &x);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1911
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1912 dropbear_assert(y.start && x.start); /* can't go wrong */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1913
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1914 numbers[0] = p;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1915 numbers[1] = g;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1916 numbers[2] = q;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1917 numbers[3] = y;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1918 numbers[4] = x;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1919
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1920 nnumbers = 5;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1921 initial_zero = 1;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1922 type = "dl-modp{sign{dsa-nist-sha1},dh{plain}}";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1923 } else {
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1924 dropbear_assert(0); /* zoinks! */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1925 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1926
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1927 /*
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1928 * Total size of key blob will be somewhere under 512 plus
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1929 * combined length of integers. We'll calculate the more
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1930 * precise size as we construct the blob.
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1931 */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1932 outlen = 512;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1933 for (i = 0; i < nnumbers; i++)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1934 outlen += 4 + numbers[i].bytes;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1935 outblob = snewn(outlen, unsigned char);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1936
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1937 /*
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1938 * Create the unencrypted key blob.
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1939 */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1940 pos = 0;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1941 PUT_32BIT(outblob+pos, SSHCOM_MAGIC_NUMBER); pos += 4;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1942 pos += 4; /* length field, fill in later */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1943 pos += put_string(outblob+pos, type, strlen(type));
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1944 {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1945 char *ciphertype = passphrase ? "3des-cbc" : "none";
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1946 pos += put_string(outblob+pos, ciphertype, strlen(ciphertype));
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1947 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1948 lenpos = pos; /* remember this position */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1949 pos += 4; /* encrypted-blob size */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1950 pos += 4; /* encrypted-payload size */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1951 if (initial_zero) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1952 PUT_32BIT(outblob+pos, 0);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1953 pos += 4;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1954 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1955 for (i = 0; i < nnumbers; i++)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1956 pos += sshcom_put_mpint(outblob+pos,
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1957 numbers[i].start, numbers[i].bytes);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1958 /* Now wrap up the encrypted payload. */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1959 PUT_32BIT(outblob+lenpos+4, pos - (lenpos+8));
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1960 /* Pad encrypted blob to a multiple of cipher block size. */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1961 if (passphrase) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1962 int padding = -(pos - (lenpos+4)) & 7;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1963 while (padding--)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1964 outblob[pos++] = random_byte();
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1965 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1966 ciphertext = (char *)outblob+lenpos+4;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1967 cipherlen = pos - (lenpos+4);
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1968 dropbear_assert(!passphrase \|\| cipherlen % 8 == 0);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1969 /* Wrap up the encrypted blob string. */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1970 PUT_32BIT(outblob+lenpos, cipherlen);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1971 /* And finally fill in the total length field. */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1972 PUT_32BIT(outblob+4, pos);
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	1973
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1974 dropbear_assert(pos < outlen);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1975
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1976 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1977 * Encrypt the key.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1978 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1979 if (passphrase) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1980 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1981 * Derive encryption key from passphrase and iv/salt:
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1982 *
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1983 * - let block A equal MD5(passphrase)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1984 * - let block B equal MD5(passphrase \|\| A)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1985 * - block C would be MD5(passphrase \|\| A \|\| B) and so on
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1986 * - encryption key is the first N bytes of A \|\| B
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1987 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1988 struct MD5Context md5c;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1989 unsigned char keybuf[32], iv[8];
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1990
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1991 MD5Init(&md5c);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1992 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1993 MD5Final(keybuf, &md5c);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1994
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1995 MD5Init(&md5c);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1996 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1997 MD5Update(&md5c, keybuf, 16);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1998 MD5Final(keybuf+16, &md5c);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	1999
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2000 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2001 * Now decrypt the key blob.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2002 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2003 memset(iv, 0, sizeof(iv));
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2004 des3_encrypt_pubkey_ossh(keybuf, iv, (unsigned char *)ciphertext,
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2005 cipherlen);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2006
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2007 memset(&md5c, 0, sizeof(md5c));
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2008 memset(keybuf, 0, sizeof(keybuf));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2009 }
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	2010
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2011 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2012 * And save it. We'll use Unix line endings just in case it's
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2013 * subsequently transferred in binary mode.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2014 */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2015 fp = fopen(filename, "wb"); /* ensure Unix line endings */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2016 if (!fp)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2017 goto error;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2018 fputs("---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----\n", fp);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2019 fprintf(fp, "Comment: \"");
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2020 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2021 * Comment header is broken with backslash-newline if it goes
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2022 * over 70 chars. Although it's surrounded by quotes, it
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2023 * _doesn't_ escape backslashes or quotes within the string.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2024 * Don't ask me, I didn't design it.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2025 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2026 {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2027 int slen = 60; /* starts at 60 due to "Comment: " */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2028 char *c = key->comment;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2029 while ((int)strlen(c) > slen) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2030 fprintf(fp, "%.*s\\\n", slen, c);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2031 c += slen;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2032 slen = 70; /* allow 70 chars on subsequent lines */
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2033 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2034 fprintf(fp, "%s\"\n", c);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2035 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2036 base64_encode_fp(fp, outblob, pos, 70);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2037 fputs("---- END SSH2 ENCRYPTED PRIVATE KEY ----\n", fp);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2038 fclose(fp);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2039 ret = 1;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2040
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2041 error:
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2042 if (outblob) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2043 memset(outblob, 0, outlen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2044 m_free(outblob);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2045 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2046 if (privblob) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2047 memset(privblob, 0, privlen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2048 m_free(privblob);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2049 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2050 if (pubblob) {
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2051 memset(pubblob, 0, publen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2052 m_free(pubblob);
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2053 }
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2054 return ret;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2055 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2056 #endif /* ssh.com stuff disabled */
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	2057
34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	2058 /* From PuTTY misc.c */
34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	2059 static int toint(unsigned u)
34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	2060 {
1308 8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2061 /*
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2062 * Convert an unsigned to an int, without running into the
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2063 * undefined behaviour which happens by the strict C standard if
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2064 * the value overflows. You'd hope that sensible compilers would
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2065 * do the sensible thing in response to a cast, but actually I
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2066 * don't trust modern compilers not to do silly things like
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2067 * assuming that _obviously_ you wouldn't have caused an overflow
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2068 * and so they can elide an 'if (i < 0)' test immediately after
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2069 * the cast.
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2070 *
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2071 * Sensible compilers ought of course to optimise this entire
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2072 * function into 'just return the input value'!
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2073 */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2074 if (u <= (unsigned)INT_MAX)
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2075 return (int)u;
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2076 else if (u >= (unsigned)INT_MIN) /* wrap in cast _to_ unsigned is OK */
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2077 return INT_MIN + (int)(u - (unsigned)INT_MIN);
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2078 else
8678e2cc1e53 make indenting consistent Matt Johnston <matt@ucc.asn.au> parents: 1307 diff changeset	2079 return INT_MIN; /* fallback; should never occur on binary machines */
1306 34e6127ef02e merge fixes from PuTTY import.c Matt Johnston <matt@ucc.asn.au> parents: 1250 diff changeset	2080 }

Mercurial > dropbear

annotate keyimport.c @ 1790:42745af83b7d