dropbear: keyimport.c annotate

annotate keyimport.c @ 994:5c5ade336926

Prefer stronger algorithms in algorithm negotiation. Prefer diffie-hellman-group14-sha1 (2048 bit) over diffie-hellman-group1-sha1 (1024 bit). Due to meet-in-the-middle attacks the effective key length of three key 3DES is 112 bits. AES is stronger and faster then 3DES. Prefer to delay the start of compression until after authentication has completed. This avoids exposing compression code to attacks from unauthenticated users. (github pull request #9)

author	Fedor Brunner <fedor.brunner@azet.sk>
date	Fri, 23 Jan 2015 23:00:25 +0800
parents	4f65c867fc99
children	97d1e54941fd

rev	line source
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 * Based on PuTTY's import.c for importing/exporting OpenSSH and SSH.com
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 * keyfiles.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5 * Modifications copyright 2003 Matt Johnston
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7 * PuTTY is copyright 1997-2003 Simon Tatham.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 * Portions copyright Robert de Bath, Joris van Rantwijk, Delian
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 * Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 * Justin Bradford, and CORE SDI S.A.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 * Permission is hereby granted, free of charge, to any person
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 * obtaining a copy of this software and associated documentation files
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 * (the "Software"), to deal in the Software without restriction,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 * including without limitation the rights to use, copy, modify, merge,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 * publish, distribute, sublicense, and/or sell copies of the Software,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 * and to permit persons to whom the Software is furnished to do so,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 * subject to the following conditions:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 * The above copyright notice and this permission notice shall be
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 * included in all copies or substantial portions of the Software.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 * NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28 * FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29 * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	30 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	31 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	32
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	33 #include "keyimport.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	34 #include "bignum.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	35 #include "buffer.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	36 #include "dbutil.h"
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	37 #include "ecc.h"
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	38
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	39 static const unsigned char OID_SEC256R1_BLOB[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07};
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	40 static const unsigned char OID_SEC384R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x22};
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	41 static const unsigned char OID_SEC521R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x23};
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	42
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	43 #define PUT_32BIT(cp, value) do { \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	44 (cp)[3] = (unsigned char)(value); \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	45 (cp)[2] = (unsigned char)((value) >> 8); \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	46 (cp)[1] = (unsigned char)((value) >> 16); \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	47 (cp)[0] = (unsigned char)((value) >> 24); } while (0)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	48
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	49 #define GET_32BIT(cp) \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	50 (((unsigned long)(unsigned char)(cp)[0] << 24) \| \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	51 ((unsigned long)(unsigned char)(cp)[1] << 16) \| \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	52 ((unsigned long)(unsigned char)(cp)[2] << 8) \| \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	53 ((unsigned long)(unsigned char)(cp)[3]))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	54
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	55 static int openssh_encrypted(const char *filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56 static sign_key openssh_read(const char filename, char *passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57 static int openssh_write(const char filename, sign_key key,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	58 char *passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	59
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	60 static int dropbear_write(const charfilename, sign_key key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	61 static sign_key dropbear_read(const char filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	62
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	63 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	64 static int sshcom_encrypted(const char filename, char *comment);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	65 static struct ssh2_userkey sshcom_read(const char filename, char *passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	66 static int sshcom_write(const char filename, struct ssh2_userkey key,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	67 char *passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	68 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	69
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	70 int import_encrypted(const char* filename, int filetype) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	71
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	72 if (filetype == KEYFILE_OPENSSH) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	73 return openssh_encrypted(filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	74 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	75 } else if (filetype == KEYFILE_SSHCOM) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	76 return sshcom_encrypted(filename, NULL);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	77 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	78 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	79 return 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	80 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	81
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	82 sign_key import_read(const char filename, char *passphrase, int filetype) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	83
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	84 if (filetype == KEYFILE_OPENSSH) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	85 return openssh_read(filename, passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	86 } else if (filetype == KEYFILE_DROPBEAR) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	87 return dropbear_read(filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	88 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	89 } else if (filetype == KEYFILE_SSHCOM) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	90 return sshcom_read(filename, passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	91 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	92 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	93 return NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	94 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	95
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	96 int import_write(const char filename, sign_key key, char *passphrase,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	97 int filetype) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	98
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	99 if (filetype == KEYFILE_OPENSSH) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	100 return openssh_write(filename, key, passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	101 } else if (filetype == KEYFILE_DROPBEAR) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	102 return dropbear_write(filename, key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	103 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	104 } else if (filetype == KEYFILE_SSHCOM) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	105 return sshcom_write(filename, key, passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	106 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	107 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	108 return 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	109 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	110
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	111 static sign_key dropbear_read(const char filename) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	112
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	113 buffer * buf = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	114 sign_key *ret = NULL;
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 845 diff changeset	115 enum signkey_type type;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	116
73 0bf5cebe622c Dropbearkey can now print out pubkey portions Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	117 buf = buf_new(MAX_PRIVKEY_SIZE);
0bf5cebe622c Dropbearkey can now print out pubkey portions Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	118 if (buf_readfile(buf, filename) == DROPBEAR_FAILURE) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	119 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	120 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	121
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	122 buf_setpos(buf, 0);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	123 ret = new_sign_key();
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	124
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	125 type = DROPBEAR_SIGNKEY_ANY;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	126 if (buf_get_priv_key(buf, ret, &type) == DROPBEAR_FAILURE){
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	127 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	128 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	129 buf_free(buf);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	130
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	131 ret->type = type;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	132
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	133 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	134
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	135 error:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	136 if (buf) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	137 buf_free(buf);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	138 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	139 if (ret) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	140 sign_key_free(ret);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	141 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	142 return NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	143 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	144
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	145 /* returns 0 on fail, 1 on success */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	146 static int dropbear_write(const charfilename, sign_key key) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	147
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	148 buffer * buf;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	149 FILE*fp;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	150 int len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	151 int ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	152
73 0bf5cebe622c Dropbearkey can now print out pubkey portions Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	153 buf = buf_new(MAX_PRIVKEY_SIZE);
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	154 buf_put_priv_key(buf, key, key->type);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	155
87 680a0bc9df0a Some small fixes for unused vars, and old messages Matt Johnston <matt@ucc.asn.au> parents: 73 diff changeset	156 fp = fopen(filename, "w");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	157 if (!fp) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	158 ret = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	159 goto out;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	160 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	161
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	162 buf_setpos(buf, 0);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	163 do {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	164 len = fwrite(buf_getptr(buf, buf->len - buf->pos),
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	165 1, buf->len - buf->pos, fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	166 buf_incrpos(buf, len);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	167 } while (len > 0 && buf->len != buf->pos);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	168
256 ac890087b8c1 * keyimport.c: fclose() the key file to make sure data gets written Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	169 fclose(fp);
ac890087b8c1 * keyimport.c: fclose() the key file to make sure data gets written Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	170
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	171 if (buf->pos != buf->len) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	172 ret = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	173 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	174 ret = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	175 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	176 out:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	177 buf_free(buf);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	178 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	179 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	180
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	181
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	182 /* ----------------------------------------------------------------------
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	183 * Helper routines. (The base64 ones are defined in sshpubk.c.)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	184 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	185
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	186 #define isbase64(c) ( ((c) >= 'A' && (c) <= 'Z') \|\| \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	187 ((c) >= 'a' && (c) <= 'z') \|\| \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	188 ((c) >= '0' && (c) <= '9') \|\| \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	189 (c) == '+' \|\| (c) == '/' \|\| (c) == '=' \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	190 )
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	191
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	192 /* cpl has to be less than 100 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	193 static void base64_encode_fp(FILE * fp, unsigned char *data,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	194 int datalen, int cpl)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	195 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	196 char out[100];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	197 int n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	198 unsigned long outlen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	199 int rawcpl;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	200 rawcpl = cpl * 3 / 4;
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	201 dropbear_assert((unsigned int)cpl < sizeof(out));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	202
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	203 while (datalen > 0) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	204 n = (datalen < rawcpl ? datalen : rawcpl);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	205 outlen = sizeof(out);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	206 base64_encode(data, n, out, &outlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	207 data += n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	208 datalen -= n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	209 fwrite(out, 1, outlen, fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	210 fputc('\n', fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	211 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	212 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	213 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	214 * Read an ASN.1/BER identifier and length pair.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	215 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	216 * Flags are a combination of the #defines listed below.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	217 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	218 * Returns -1 if unsuccessful; otherwise returns the number of
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	219 * bytes used out of the source data.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	220 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	221
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	222 /* ASN.1 tag classes. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	223 #define ASN1_CLASS_UNIVERSAL (0 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	224 #define ASN1_CLASS_APPLICATION (1 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	225 #define ASN1_CLASS_CONTEXT_SPECIFIC (2 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	226 #define ASN1_CLASS_PRIVATE (3 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	227 #define ASN1_CLASS_MASK (3 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	228
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	229 /* Primitive versus constructed bit. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	230 #define ASN1_CONSTRUCTED (1 << 5)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	231
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	232 static int ber_read_id_len(void *source, int sourcelen,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	233 int id, int length, int *flags)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	234 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	235 unsigned char p = (unsigned char ) source;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	236
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	237 if (sourcelen == 0)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	238 return -1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	239
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	240 flags = (p & 0xE0);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	241 if ((*p & 0x1F) == 0x1F) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	242 *id = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	243 while (*p & 0x80) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	244 id = (id << 7) \| (*p & 0x7F);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	245 p++, sourcelen--;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	246 if (sourcelen == 0)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	247 return -1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	248 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	249 id = (id << 7) \| (*p & 0x7F);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	250 p++, sourcelen--;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	251 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	252 id = p & 0x1F;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	253 p++, sourcelen--;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	254 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	255
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	256 if (sourcelen == 0)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	257 return -1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	258
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	259 if (*p & 0x80) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	260 int n = *p & 0x7F;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	261 p++, sourcelen--;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	262 if (sourcelen < n)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	263 return -1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	264 *length = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	265 while (n--)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	266 length = (length << 8) \| (*p++);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	267 sourcelen -= n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	268 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	269 length = p;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	270 p++, sourcelen--;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	271 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	272
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	273 return p - (unsigned char *) source;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	274 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	275
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	276 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	277 * Write an ASN.1/BER identifier and length pair. Returns the
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	278 * number of bytes consumed. Assumes dest contains enough space.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	279 * Will avoid writing anything if dest is NULL, but still return
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	280 * amount of space required.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	281 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	282 static int ber_write_id_len(void *dest, int id, int length, int flags)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	283 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	284 unsigned char d = (unsigned char )dest;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	285 int len = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	286
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	287 if (id <= 30) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	288 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	289 * Identifier is one byte.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	290 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	291 len++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	292 if (d) *d++ = id \| flags;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	293 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	294 int n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	295 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	296 * Identifier is multiple bytes: the first byte is 11111
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	297 * plus the flags, and subsequent bytes encode the value of
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	298 * the identifier, 7 bits at a time, with the top bit of
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	299 * each byte 1 except the last one which is 0.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	300 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	301 len++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	302 if (d) *d++ = 0x1F \| flags;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	303 for (n = 1; (id >> (7*n)) > 0; n++)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	304 continue; /* count the bytes */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	305 while (n--) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	306 len++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	307 if (d) d++ = (n ? 0x80 : 0) \| ((id >> (7n)) & 0x7F);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	308 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	309 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	310
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	311 if (length < 128) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	312 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	313 * Length is one byte.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	314 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	315 len++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	316 if (d) *d++ = length;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	317 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	318 int n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	319 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	320 * Length is multiple bytes. The first is 0x80 plus the
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	321 * number of subsequent bytes, and the subsequent bytes
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	322 * encode the actual length.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	323 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	324 for (n = 1; (length >> (8*n)) > 0; n++)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	325 continue; /* count the bytes */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	326 len++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	327 if (d) *d++ = 0x80 \| n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	328 while (n--) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	329 len++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	330 if (d) d++ = (length >> (8n)) & 0xFF;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	331 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	332 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	333
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	334 return len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	335 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	336
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	337
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	338 /* Simple structure to point to an mp-int within a blob. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	339 struct mpint_pos { void *start; int bytes; };
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	340
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	341 /* ----------------------------------------------------------------------
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	342 * Code to read and write OpenSSH private keys.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	343 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	344
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 491 diff changeset	345 enum { OSSH_DSA, OSSH_RSA, OSSH_EC };
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	346 struct openssh_key {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	347 int type;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	348 int encrypted;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	349 char iv[32];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	350 unsigned char *keyblob;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	351 unsigned int keyblob_len, keyblob_size;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	352 };
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	353
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	354 static struct openssh_key load_openssh_key(const char filename)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	355 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	356 struct openssh_key *ret;
340 454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 256 diff changeset	357 FILE *fp = NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	358 char buffer[256];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	359 char errmsg = NULL, p = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	360 int headers_done;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	361 unsigned long len, outlen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	362
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	363 ret = (struct openssh_key*)m_malloc(sizeof(struct openssh_key));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	364 ret->keyblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	365 ret->keyblob_len = ret->keyblob_size = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	366 ret->encrypted = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	367 memset(ret->iv, 0, sizeof(ret->iv));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	368
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	369 if (strlen(filename) == 1 && filename[0] == '-') {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	370 fp = stdin;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	371 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	372 fp = fopen(filename, "r");
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	373 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	374 if (!fp) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	375 errmsg = "Unable to open key file";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	376 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	377 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	378 if (!fgets(buffer, sizeof(buffer), fp) \|\|
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	379 0 != strncmp(buffer, "-----BEGIN ", 11) \|\|
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	380 0 != strcmp(buffer+strlen(buffer)-17, "PRIVATE KEY-----\n")) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	381 errmsg = "File does not begin with OpenSSH key header";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	382 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	383 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	384 if (!strcmp(buffer, "-----BEGIN RSA PRIVATE KEY-----\n"))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	385 ret->type = OSSH_RSA;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	386 else if (!strcmp(buffer, "-----BEGIN DSA PRIVATE KEY-----\n"))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	387 ret->type = OSSH_DSA;
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 491 diff changeset	388 else if (!strcmp(buffer, "-----BEGIN EC PRIVATE KEY-----\n"))
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 491 diff changeset	389 ret->type = OSSH_EC;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	390 else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	391 errmsg = "Unrecognised key type";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	392 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	393 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	394
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	395 headers_done = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	396 while (1) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	397 if (!fgets(buffer, sizeof(buffer), fp)) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	398 errmsg = "Unexpected end of file";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	399 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	400 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	401 if (0 == strncmp(buffer, "-----END ", 9) &&
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	402 0 == strcmp(buffer+strlen(buffer)-17, "PRIVATE KEY-----\n"))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	403 break; /* done */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	404 if ((p = strchr(buffer, ':')) != NULL) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	405 if (headers_done) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	406 errmsg = "Header found in body of key data";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	407 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	408 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	409 *p++ = '\0';
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	410 while (p && isspace((unsigned char)p)) p++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	411 if (!strcmp(buffer, "Proc-Type")) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	412 if (p[0] != '4' \|\| p[1] != ',') {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	413 errmsg = "Proc-Type is not 4 (only 4 is supported)";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	414 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	415 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	416 p += 2;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	417 if (!strcmp(p, "ENCRYPTED\n"))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	418 ret->encrypted = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	419 } else if (!strcmp(buffer, "DEK-Info")) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	420 int i, j;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	421
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	422 if (strncmp(p, "DES-EDE3-CBC,", 13)) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	423 errmsg = "Ciphers other than DES-EDE3-CBC not supported";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	424 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	425 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	426 p += 13;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	427 for (i = 0; i < 8; i++) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	428 if (1 != sscanf(p, "%2x", &j))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	429 break;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	430 ret->iv[i] = j;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	431 p += 2;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	432 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	433 if (i < 8) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	434 errmsg = "Expected 16-digit iv in DEK-Info";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	435 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	436 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	437 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	438 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	439 headers_done = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	440 len = strlen(buffer);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	441 outlen = len*4/3;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	442 if (ret->keyblob_len + outlen > ret->keyblob_size) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	443 ret->keyblob_size = ret->keyblob_len + outlen + 256;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	444 ret->keyblob = (unsigned char*)m_realloc(ret->keyblob,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	445 ret->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	446 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	447 outlen = ret->keyblob_size - ret->keyblob_len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	448 if (base64_decode(buffer, len,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	449 ret->keyblob + ret->keyblob_len, &outlen) != CRYPT_OK){
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	450 errmsg = "Error decoding base64";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	451 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	452 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	453 ret->keyblob_len += outlen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	454 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	455 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	456
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	457 if (ret->keyblob_len == 0 \|\| !ret->keyblob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	458 errmsg = "Key body not present";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	459 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	460 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	461
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	462 if (ret->encrypted && ret->keyblob_len % 8 != 0) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	463 errmsg = "Encrypted key blob is not a multiple of cipher block size";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	464 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	465 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	466
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	467 memset(buffer, 0, sizeof(buffer));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	468 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	469
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	470 error:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	471 memset(buffer, 0, sizeof(buffer));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	472 if (ret) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	473 if (ret->keyblob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	474 memset(ret->keyblob, 0, ret->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	475 m_free(ret->keyblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	476 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	477 memset(&ret, 0, sizeof(ret));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	478 m_free(ret);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	479 }
340 454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 256 diff changeset	480 if (fp) {
454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 256 diff changeset	481 fclose(fp);
454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 256 diff changeset	482 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	483 if (errmsg) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	484 fprintf(stderr, "Error: %s\n", errmsg);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	485 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	486 return NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	487 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	488
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	489 static int openssh_encrypted(const char *filename)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	490 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	491 struct openssh_key *key = load_openssh_key(filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	492 int ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	493
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	494 if (!key)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	495 return 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	496 ret = key->encrypted;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	497 memset(key->keyblob, 0, key->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	498 m_free(key->keyblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	499 memset(&key, 0, sizeof(key));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	500 m_free(key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	501 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	502 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	503
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 845 diff changeset	504 static sign_key openssh_read(const char filename, char * UNUSED(passphrase))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	505 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	506 struct openssh_key *key;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	507 unsigned char *p;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	508 int ret, id, len, flags;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	509 int i, num_integers = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	510 sign_key *retval = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	511 char *errmsg;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	512 char *modptr = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	513 int modlen = -9999;
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 845 diff changeset	514 enum signkey_type type;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	515
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	516 sign_key *retkey;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	517 buffer * blobbuf = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	518
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	519 retkey = new_sign_key();
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	520
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	521 key = load_openssh_key(filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	522
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	523 if (!key)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	524 return NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	525
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	526 if (key->encrypted) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	527 errmsg = "encrypted keys not supported currently";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	528 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	529 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	530 /* matt TODO */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	531 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	532 * Derive encryption key from passphrase and iv/salt:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	533 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	534 * - let block A equal MD5(passphrase \|\| iv)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	535 * - let block B equal MD5(A \|\| passphrase \|\| iv)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	536 * - block C would be MD5(B \|\| passphrase \|\| iv) and so on
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	537 * - encryption key is the first N bytes of A \|\| B
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	538 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	539 struct MD5Context md5c;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	540 unsigned char keybuf[32];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	541
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	542 MD5Init(&md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	543 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	544 MD5Update(&md5c, (unsigned char *)key->iv, 8);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	545 MD5Final(keybuf, &md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	546
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	547 MD5Init(&md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	548 MD5Update(&md5c, keybuf, 16);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	549 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	550 MD5Update(&md5c, (unsigned char *)key->iv, 8);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	551 MD5Final(keybuf+16, &md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	552
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	553 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	554 * Now decrypt the key blob.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	555 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	556 des3_decrypt_pubkey_ossh(keybuf, (unsigned char *)key->iv,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	557 key->keyblob, key->keyblob_len);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	558
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	559 memset(&md5c, 0, sizeof(md5c));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	560 memset(keybuf, 0, sizeof(keybuf));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	561 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	562 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	563
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	564 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	565 * Now we have a decrypted key blob, which contains an ASN.1
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	566 * encoded private key. We must now untangle the ASN.1.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	567 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	568 * We expect the whole key blob to be formatted as a SEQUENCE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	569 * (0x30 followed by a length code indicating that the rest of
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	570 * the blob is part of the sequence). Within that SEQUENCE we
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	571 * expect to see a bunch of INTEGERs. What those integers mean
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	572 * depends on the key type:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	573 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	574 * - For RSA, we expect the integers to be 0, n, e, d, p, q,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	575 * dmp1, dmq1, iqmp in that order. (The last three are d mod
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	576 * (p-1), d mod (q-1), inverse of q mod p respectively.)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	577 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	578 * - For DSA, we expect them to be 0, p, q, g, y, x in that
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	579 * order.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	580 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	581
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	582 p = key->keyblob;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	583
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	584 /* Expect the SEQUENCE header. Take its absence as a failure to decrypt. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	585 ret = ber_read_id_len(p, key->keyblob_len, &id, &len, &flags);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	586 p += ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	587 if (ret < 0 \|\| id != 16) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	588 errmsg = "ASN.1 decoding failure - wrong password?";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	589 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	590 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	591
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	592 /* Expect a load of INTEGERs. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	593 if (key->type == OSSH_RSA)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	594 num_integers = 9;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	595 else if (key->type == OSSH_DSA)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	596 num_integers = 6;
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	597 else if (key->type == OSSH_EC)
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	598 num_integers = 1;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	599
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	600 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	601 * Space to create key blob in.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	602 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	603 blobbuf = buf_new(3000);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	604
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	605 #ifdef DROPBEAR_DSS
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	606 if (key->type == OSSH_DSA) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	607 buf_putstring(blobbuf, "ssh-dss", 7);
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	608 retkey->type = DROPBEAR_SIGNKEY_DSS;
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	609 }
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	610 #endif
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	611 #ifdef DROPBEAR_RSA
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	612 if (key->type == OSSH_RSA) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	613 buf_putstring(blobbuf, "ssh-rsa", 7);
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	614 retkey->type = DROPBEAR_SIGNKEY_RSA;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	615 }
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	616 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	617
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	618 for (i = 0; i < num_integers; i++) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	619 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	620 &id, &len, &flags);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	621 p += ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	622 if (ret < 0 \|\| id != 2 \|\|
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	623 key->keyblob+key->keyblob_len-p < len) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	624 errmsg = "ASN.1 decoding failure";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	625 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	626 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	627
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	628 if (i == 0) {
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	629 /* First integer is a version indicator */
991 4f65c867fc99 Fix variables may be uninitialized. Like Ma <likemartinma@gmail.com> parents: 935 diff changeset	630 int expected = -1;
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	631 switch (key->type) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	632 case OSSH_RSA:
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	633 case OSSH_DSA:
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	634 expected = 0;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	635 break;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	636 case OSSH_EC:
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	637 expected = 1;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	638 break;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	639 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	640 if (len != 1 \|\| p[0] != expected) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	641 errmsg = "Version number mismatch";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	642 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	643 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	644 } else if (key->type == OSSH_RSA) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	645 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	646 * OpenSSH key order is n, e, d, p, q, dmp1, dmq1, iqmp
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	647 * but we want e, n, d, p, q
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	648 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	649 if (i == 1) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	650 /* Save the details for after we deal with number 2. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	651 modptr = (char *)p;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	652 modlen = len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	653 } else if (i >= 2 && i <= 5) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	654 buf_putstring(blobbuf, p, len);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	655 if (i == 2) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	656 buf_putstring(blobbuf, modptr, modlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	657 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	658 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	659 } else if (key->type == OSSH_DSA) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	660 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	661 * OpenSSH key order is p, q, g, y, x,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	662 * we want the same.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	663 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	664 buf_putstring(blobbuf, p, len);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	665 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	666
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	667 /* Skip past the number. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	668 p += len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	669 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	670
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	671 #ifdef DROPBEAR_ECDSA
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	672 if (key->type == OSSH_EC) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	673 unsigned char* private_key_bytes = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	674 int private_key_len = 0;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	675 unsigned char* public_key_bytes = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	676 int public_key_len = 0;
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 806 diff changeset	677 ecc_key *ecc = NULL;
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	678 const struct dropbear_ecc_curve *curve = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	679
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	680 /* See SEC1 v2, Appendix C.4 */
c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	681 /* OpenSSL (so OpenSSH) seems to include the optional parts. */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	682
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	683 /* privateKey OCTET STRING, */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	684 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	685 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	686 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	687 /* id==4 for octet string */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	688 if (ret < 0 \|\| id != 4 \|\|
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	689 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	690 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	691 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	692 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	693 private_key_bytes = p;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	694 private_key_len = len;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	695 p += len;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	696
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	697 /* parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL, */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	698 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	699 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	700 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	701 /* id==0 */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	702 if (ret < 0 \|\| id != 0) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	703 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	704 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	705 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	706
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	707 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	708 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	709 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	710 /* id==6 for object */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	711 if (ret < 0 \|\| id != 6 \|\|
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	712 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	713 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	714 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	715 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	716
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	717 if (0) {}
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	718 #ifdef DROPBEAR_ECC_256
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	719 else if (len == sizeof(OID_SEC256R1_BLOB)
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	720 && memcmp(p, OID_SEC256R1_BLOB, len) == 0) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	721 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP256;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	722 curve = &ecc_curve_nistp256;
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	723 }
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	724 #endif
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	725 #ifdef DROPBEAR_ECC_384
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	726 else if (len == sizeof(OID_SEC384R1_BLOB)
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	727 && memcmp(p, OID_SEC384R1_BLOB, len) == 0) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	728 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP384;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	729 curve = &ecc_curve_nistp384;
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	730 }
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	731 #endif
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	732 #ifdef DROPBEAR_ECC_521
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	733 else if (len == sizeof(OID_SEC521R1_BLOB)
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	734 && memcmp(p, OID_SEC521R1_BLOB, len) == 0) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	735 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP521;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	736 curve = &ecc_curve_nistp521;
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	737 }
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	738 #endif
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	739 else {
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	740 errmsg = "Unknown ECC key type";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	741 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	742 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	743 p += len;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	744
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	745 /* publicKey [1] BIT STRING OPTIONAL */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	746 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	747 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	748 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	749 /* id==1 */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	750 if (ret < 0 \|\| id != 1) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	751 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	752 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	753 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	754
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	755 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	756 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	757 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	758 /* id==3 for bit string */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	759 if (ret < 0 \|\| id != 3 \|\|
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	760 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	761 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	762 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	763 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	764 public_key_bytes = p+1;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	765 public_key_len = len-1;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	766 p += len;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	767
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	768 buf_putbytes(blobbuf, public_key_bytes, public_key_len);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	769 ecc = buf_get_ecc_raw_pubkey(blobbuf, curve);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	770 if (!ecc) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	771 errmsg = "Error parsing ECC key";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	772 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	773 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	774 m_mp_alloc_init_multi((mp_int**)&ecc->k, NULL);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	775 if (mp_read_unsigned_bin(ecc->k, private_key_bytes, private_key_len)
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	776 != MP_OKAY) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	777 errmsg = "Error parsing ECC key";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	778 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	779 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	780
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	781 *signkey_key_ptr(retkey, retkey->type) = ecc;
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	782 }
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	783 #endif /* DROPBEAR_ECDSA */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	784
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	785 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	786 * Now put together the actual key. Simplest way to do this is
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	787 * to assemble our own key blobs and feed them to the createkey
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	788 * functions; this is a bit faffy but it does mean we get all
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	789 * the sanity checks for free.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	790 */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	791 if (key->type == OSSH_RSA \|\| key->type == OSSH_DSA) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	792 buf_setpos(blobbuf, 0);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	793 type = DROPBEAR_SIGNKEY_ANY;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	794 if (buf_get_priv_key(blobbuf, retkey, &type)
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	795 != DROPBEAR_SUCCESS) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	796 errmsg = "unable to create key structure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	797 sign_key_free(retkey);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	798 retkey = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	799 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	800 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	801 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	802
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	803 errmsg = NULL; /* no error */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	804 retval = retkey;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	805
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	806 error:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	807 if (blobbuf) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	808 buf_burn(blobbuf);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	809 buf_free(blobbuf);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	810 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	811 m_burn(key->keyblob, key->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	812 m_free(key->keyblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	813 m_burn(key, sizeof(key));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	814 m_free(key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	815 if (errmsg) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	816 fprintf(stderr, "Error: %s\n", errmsg);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	817 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	818 return retval;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	819 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	820
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	821 static int openssh_write(const char filename, sign_key key,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	822 char *passphrase)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	823 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	824 buffer * keyblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	825 buffer * extrablob = NULL; /* used for calculated values to write */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	826 unsigned char *outblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	827 int outlen = -9999;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	828 struct mpint_pos numbers[9];
991 4f65c867fc99 Fix variables may be uninitialized. Like Ma <likemartinma@gmail.com> parents: 935 diff changeset	829 int nnumbers = -1, pos = 0, len = 0, seqlen, i;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	830 char header = NULL, footer = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	831 char zero[1];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	832 int ret = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	833 FILE *fp;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	834
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	835 #ifdef DROPBEAR_RSA
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	836 mp_int dmp1, dmq1, iqmp, tmpval; /* for rsa */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	837 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	838
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	839 if (
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	840 #ifdef DROPBEAR_RSA
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	841 key->type == DROPBEAR_SIGNKEY_RSA \|\|
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	842 #endif
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	843 #ifdef DROPBEAR_DSS
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	844 key->type == DROPBEAR_SIGNKEY_DSS \|\|
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	845 #endif
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	846 0)
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	847 {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	848 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	849 * Fetch the key blobs.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	850 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	851 keyblob = buf_new(3000);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	852 buf_put_priv_key(keyblob, key, key->type);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	853
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	854 buf_setpos(keyblob, 0);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	855 /* skip the "ssh-rsa" or "ssh-dss" header */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	856 buf_incrpos(keyblob, buf_getint(keyblob));
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	857
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	858 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	859 * Find the sequence of integers to be encoded into the OpenSSH
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	860 * key blob, and also decide on the header line.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	861 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	862 numbers[0].start = zero; numbers[0].bytes = 1; zero[0] = '\0';
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	863
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	864 #ifdef DROPBEAR_RSA
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	865 if (key->type == DROPBEAR_SIGNKEY_RSA) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	866
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	867 if (key->rsakey->p == NULL \|\| key->rsakey->q == NULL) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	868 fprintf(stderr, "Pre-0.33 Dropbear keys cannot be converted to OpenSSH keys.\n");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	869 goto error;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	870 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	871
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	872 /* e */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	873 numbers[2].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	874 numbers[2].start = buf_getptr(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	875 buf_incrpos(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	876
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	877 /* n */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	878 numbers[1].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	879 numbers[1].start = buf_getptr(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	880 buf_incrpos(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	881
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	882 /* d */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	883 numbers[3].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	884 numbers[3].start = buf_getptr(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	885 buf_incrpos(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	886
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	887 /* p */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	888 numbers[4].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	889 numbers[4].start = buf_getptr(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	890 buf_incrpos(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	891
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	892 /* q */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	893 numbers[5].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	894 numbers[5].start = buf_getptr(keyblob, numbers[5].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	895 buf_incrpos(keyblob, numbers[5].bytes);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	896
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	897 /* now calculate some extra parameters: */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	898 m_mp_init(&tmpval);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	899 m_mp_init(&dmp1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	900 m_mp_init(&dmq1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	901 m_mp_init(&iqmp);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	902
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	903 /* dmp1 = d mod (p-1) */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	904 if (mp_sub_d(key->rsakey->p, 1, &tmpval) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	905 fprintf(stderr, "Bignum error for p-1\n");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	906 goto error;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	907 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	908 if (mp_mod(key->rsakey->d, &tmpval, &dmp1) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	909 fprintf(stderr, "Bignum error for dmp1\n");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	910 goto error;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	911 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	912
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	913 /* dmq1 = d mod (q-1) */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	914 if (mp_sub_d(key->rsakey->q, 1, &tmpval) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	915 fprintf(stderr, "Bignum error for q-1\n");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	916 goto error;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	917 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	918 if (mp_mod(key->rsakey->d, &tmpval, &dmq1) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	919 fprintf(stderr, "Bignum error for dmq1\n");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	920 goto error;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	921 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	922
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	923 /* iqmp = (q^-1) mod p */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	924 if (mp_invmod(key->rsakey->q, key->rsakey->p, &iqmp) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	925 fprintf(stderr, "Bignum error for iqmp\n");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	926 goto error;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	927 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	928
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	929 extrablob = buf_new(2000);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	930 buf_putmpint(extrablob, &dmp1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	931 buf_putmpint(extrablob, &dmq1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	932 buf_putmpint(extrablob, &iqmp);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	933 buf_setpos(extrablob, 0);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	934 mp_clear(&dmp1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	935 mp_clear(&dmq1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	936 mp_clear(&iqmp);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	937 mp_clear(&tmpval);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	938
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	939 /* dmp1 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	940 numbers[6].bytes = buf_getint(extrablob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	941 numbers[6].start = buf_getptr(extrablob, numbers[6].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	942 buf_incrpos(extrablob, numbers[6].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	943
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	944 /* dmq1 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	945 numbers[7].bytes = buf_getint(extrablob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	946 numbers[7].start = buf_getptr(extrablob, numbers[7].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	947 buf_incrpos(extrablob, numbers[7].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	948
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	949 /* iqmp */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	950 numbers[8].bytes = buf_getint(extrablob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	951 numbers[8].start = buf_getptr(extrablob, numbers[8].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	952 buf_incrpos(extrablob, numbers[8].bytes);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	953
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	954 nnumbers = 9;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	955 header = "-----BEGIN RSA PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	956 footer = "-----END RSA PRIVATE KEY-----\n";
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	957 }
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	958 #endif /* DROPBEAR_RSA */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	959
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	960 #ifdef DROPBEAR_DSS
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	961 if (key->type == DROPBEAR_SIGNKEY_DSS) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	962
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	963 /* p */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	964 numbers[1].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	965 numbers[1].start = buf_getptr(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	966 buf_incrpos(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	967
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	968 /* q */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	969 numbers[2].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	970 numbers[2].start = buf_getptr(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	971 buf_incrpos(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	972
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	973 /* g */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	974 numbers[3].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	975 numbers[3].start = buf_getptr(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	976 buf_incrpos(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	977
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	978 /* y */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	979 numbers[4].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	980 numbers[4].start = buf_getptr(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	981 buf_incrpos(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	982
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	983 /* x */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	984 numbers[5].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	985 numbers[5].start = buf_getptr(keyblob, numbers[5].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	986 buf_incrpos(keyblob, numbers[5].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	987
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	988 nnumbers = 6;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	989 header = "-----BEGIN DSA PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	990 footer = "-----END DSA PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	991 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	992 #endif /* DROPBEAR_DSS */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	993
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	994 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	995 * Now count up the total size of the ASN.1 encoded integers,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	996 * so as to determine the length of the containing SEQUENCE.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	997 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	998 len = 0;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	999 for (i = 0; i < nnumbers; i++) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1000 len += ber_write_id_len(NULL, 2, numbers[i].bytes, 0);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1001 len += numbers[i].bytes;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1002 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1003 seqlen = len;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1004 /* Now add on the SEQUENCE header. */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1005 len += ber_write_id_len(NULL, 16, seqlen, ASN1_CONSTRUCTED);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1006 /* Round up to the cipher block size, ensuring we have at least one
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1007 * byte of padding (see below). */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1008 outlen = len;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1009 if (passphrase)
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1010 outlen = (outlen+8) &~ 7;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1011
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1012 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1013 * Now we know how big outblob needs to be. Allocate it.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1014 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1015 outblob = (unsigned char*)m_malloc(outlen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1016
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1017 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1018 * And write the data into it.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1019 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1020 pos = 0;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1021 pos += ber_write_id_len(outblob+pos, 16, seqlen, ASN1_CONSTRUCTED);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1022 for (i = 0; i < nnumbers; i++) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1023 pos += ber_write_id_len(outblob+pos, 2, numbers[i].bytes, 0);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1024 memcpy(outblob+pos, numbers[i].start, numbers[i].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1025 pos += numbers[i].bytes;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1026 }
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	1027 } /* end RSA and DSS handling */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1028
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1029 #ifdef DROPBEAR_ECDSA
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1030 if (key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP256
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1031 \|\| key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP384
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1032 \|\| key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1033
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1034 /* SEC1 V2 appendix c.4
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1035 ECPrivateKey ::= SEQUENCE {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1036 version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1037 privateKey OCTET STRING,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1038 parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1039 publicKey [1] BIT STRING OPTIONAL
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1040 }
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1041 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1042 buffer *seq_buf = buf_new(400);
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 845 diff changeset	1043 ecc_key eck = (ecc_key)signkey_key_ptr(key, key->type);
b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 845 diff changeset	1044 const long curve_size = (*eck)->dp->size;
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1045 int curve_oid_len = 0;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1046 const void* curve_oid = NULL;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1047 unsigned long pubkey_size = 2*curve_size+1;
867 d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	1048 unsigned int k_size;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1049
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1050 /* version. less than 10 bytes */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1051 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1052 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 2, 1, 0));
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1053 buf_putbyte(seq_buf, 1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1054
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1055 /* privateKey */
867 d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	1056 k_size = mp_unsigned_bin_size((*eck)->k);
d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	1057 dropbear_assert(k_size <= curve_size);
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1058 buf_incrwritepos(seq_buf,
867 d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	1059 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 4, k_size, 0));
d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	1060 mp_to_unsigned_bin((*eck)->k, buf_getwriteptr(seq_buf, k_size));
d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	1061 buf_incrwritepos(seq_buf, k_size);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1062
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1063 /* SECGCurveNames */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1064 switch (key->type)
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1065 {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1066 case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1067 curve_oid_len = sizeof(OID_SEC256R1_BLOB);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1068 curve_oid = OID_SEC256R1_BLOB;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1069 break;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1070 case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1071 curve_oid_len = sizeof(OID_SEC384R1_BLOB);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1072 curve_oid = OID_SEC384R1_BLOB;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1073 break;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1074 case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1075 curve_oid_len = sizeof(OID_SEC521R1_BLOB);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1076 curve_oid = OID_SEC521R1_BLOB;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1077 break;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1078 default:
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1079 dropbear_exit("Internal error");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1080 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1081
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1082 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1083 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 0, 2+curve_oid_len, 0xa0));
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	1084 /* object == 6 */
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1085 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1086 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 6, curve_oid_len, 0));
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1087 buf_putbytes(seq_buf, curve_oid, curve_oid_len);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1088
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1089 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1090 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 1, 2+1+pubkey_size, 0xa0));
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1091 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1092 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 3, 1+pubkey_size, 0));
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1093 buf_putbyte(seq_buf, 0);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1094 int err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1095 if (err != CRYPT_OK) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1096 dropbear_exit("ECC error");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1097 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1098 buf_incrwritepos(seq_buf, pubkey_size);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1099
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1100 buf_setpos(seq_buf, 0);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1101
867 d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	1102 outblob = (unsigned char*)m_malloc(1000);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1103
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1104 pos = 0;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1105 pos += ber_write_id_len(outblob+pos, 16, seq_buf->len, ASN1_CONSTRUCTED);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1106 memcpy(&outblob[pos], seq_buf->data, seq_buf->len);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1107 pos += seq_buf->len;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1108 len = pos;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1109 outlen = len;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1110
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1111 buf_burn(seq_buf);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1112 buf_free(seq_buf);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1113 seq_buf = NULL;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1114
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1115 header = "-----BEGIN EC PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1116 footer = "-----END EC PRIVATE KEY-----\n";
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1117 }
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1118 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1119
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1120 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1121 * Padding on OpenSSH keys is deterministic. The number of
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1122 * padding bytes is always more than zero, and always at most
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1123 * the cipher block length. The value of each padding byte is
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1124 * equal to the number of padding bytes. So a plaintext that's
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1125 * an exact multiple of the block size will be padded with 08
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1126 * 08 08 08 08 08 08 08 (assuming a 64-bit block cipher); a
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1127 * plaintext one byte less than a multiple of the block size
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1128 * will be padded with just 01.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1129 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1130 * This enables the OpenSSL key decryption function to strip
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1131 * off the padding algorithmically and return the unpadded
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1132 * plaintext to the next layer: it looks at the final byte, and
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1133 * then expects to find that many bytes at the end of the data
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1134 * with the same value. Those are all removed and the rest is
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1135 * returned.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1136 */
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1137 dropbear_assert(pos == len);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1138 while (pos < outlen) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1139 outblob[pos++] = outlen - len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1140 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1141
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1142 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1143 * Encrypt the key.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1144 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1145 if (passphrase) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1146 fprintf(stderr, "Encrypted keys aren't supported currently\n");
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1147 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1148 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1149
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1150 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1151 * And save it. We'll use Unix line endings just in case it's
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1152 * subsequently transferred in binary mode.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1153 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1154 if (strlen(filename) == 1 && filename[0] == '-') {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1155 fp = stdout;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1156 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1157 fp = fopen(filename, "wb"); /* ensure Unix line endings */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1158 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1159 if (!fp) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1160 fprintf(stderr, "Failed opening output file\n");
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1161 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1162 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1163 fputs(header, fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1164 base64_encode_fp(fp, outblob, outlen, 64);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1165 fputs(footer, fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1166 fclose(fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1167 ret = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1168
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1169 error:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1170 if (outblob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1171 memset(outblob, 0, outlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1172 m_free(outblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1173 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1174 if (keyblob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1175 buf_burn(keyblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1176 buf_free(keyblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1177 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1178 if (extrablob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1179 buf_burn(extrablob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1180 buf_free(extrablob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1181 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1182 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1183 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1184
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1185 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1186 /* XXX TODO ssh.com stuff isn't going yet */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1187
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1188 /* ----------------------------------------------------------------------
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1189 * Code to read ssh.com private keys.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1190 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1191
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1192 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1193 * The format of the base64 blob is largely ssh2-packet-formatted,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1194 * except that mpints are a bit different: they're more like the
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1195 * old ssh1 mpint. You have a 32-bit bit count N, followed by
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1196 * (N+7)/8 bytes of data.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1197 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1198 * So. The blob contains:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1199 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1200 * - uint32 0x3f6ff9eb (magic number)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1201 * - uint32 size (total blob size)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1202 * - string key-type (see below)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1203 * - string cipher-type (tells you if key is encrypted)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1204 * - string encrypted-blob
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1205 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1206 * (The first size field includes the size field itself and the
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1207 * magic number before it. All other size fields are ordinary ssh2
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1208 * strings, so the size field indicates how much data is to
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1209 * _follow_.)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1210 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1211 * The encrypted blob, once decrypted, contains a single string
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1212 * which in turn contains the payload. (This allows padding to be
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1213 * added after that string while still making it clear where the
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1214 * real payload ends. Also it probably makes for a reasonable
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1215 * decryption check.)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1216 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1217 * The payload blob, for an RSA key, contains:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1218 * - mpint e
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1219 * - mpint d
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1220 * - mpint n (yes, the public and private stuff is intermixed)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1221 * - mpint u (presumably inverse of p mod q)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1222 * - mpint p (p is the smaller prime)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1223 * - mpint q (q is the larger)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1224 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1225 * For a DSA key, the payload blob contains:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1226 * - uint32 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1227 * - mpint p
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1228 * - mpint g
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1229 * - mpint q
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1230 * - mpint y
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1231 * - mpint x
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1232 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1233 * Alternatively, if the parameters are `predefined', that
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1234 * (0,p,g,q) sequence can be replaced by a uint32 1 and a string
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1235 * containing some predefined parameter specification. shudder,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1236 * but I doubt we'll encounter this in real life.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1237 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1238 * The key type strings are ghastly. The RSA key I looked at had a
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1239 * type string of
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1240 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1241 * `if-modn{sign{rsa-pkcs1-sha1},encrypt{rsa-pkcs1v2-oaep}}'
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1242 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1243 * and the DSA key wasn't much better:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1244 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1245 * `dl-modp{sign{dsa-nist-sha1},dh{plain}}'
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1246 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1247 * It isn't clear that these will always be the same. I think it
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1248 * might be wise just to look at the `if-modn{sign{rsa' and
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1249 * `dl-modp{sign{dsa' prefixes.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1250 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1251 * Finally, the encryption. The cipher-type string appears to be
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1252 * either `none' or `3des-cbc'. Looks as if this is SSH2-style
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1253 * 3des-cbc (i.e. outer cbc rather than inner). The key is created
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1254 * from the passphrase by means of yet another hashing faff:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1255 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1256 * - first 16 bytes are MD5(passphrase)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1257 * - next 16 bytes are MD5(passphrase \|\| first 16 bytes)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1258 * - if there were more, they'd be MD5(passphrase \|\| first 32),
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1259 * and so on.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1260 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1261
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1262 #define SSHCOM_MAGIC_NUMBER 0x3f6ff9eb
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1263
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1264 struct sshcom_key {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1265 char comment[256]; /* allowing any length is overkill */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1266 unsigned char *keyblob;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1267 int keyblob_len, keyblob_size;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1268 };
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1269
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1270 static struct sshcom_key load_sshcom_key(const char filename)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1271 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1272 struct sshcom_key *ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1273 FILE *fp;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1274 char buffer[256];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1275 int len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1276 char errmsg, p;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1277 int headers_done;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1278 char base64_bit[4];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1279 int base64_chars = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1280
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1281 ret = snew(struct sshcom_key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1282 ret->comment[0] = '\0';
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1283 ret->keyblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1284 ret->keyblob_len = ret->keyblob_size = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1285
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1286 fp = fopen(filename, "r");
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1287 if (!fp) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1288 errmsg = "Unable to open key file";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1289 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1290 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1291 if (!fgets(buffer, sizeof(buffer), fp) \|\|
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1292 0 != strcmp(buffer, "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----\n")) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1293 errmsg = "File does not begin with ssh.com key header";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1294 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1295 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1296
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1297 headers_done = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1298 while (1) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1299 if (!fgets(buffer, sizeof(buffer), fp)) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1300 errmsg = "Unexpected end of file";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1301 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1302 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1303 if (!strcmp(buffer, "---- END SSH2 ENCRYPTED PRIVATE KEY ----\n"))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1304 break; /* done */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1305 if ((p = strchr(buffer, ':')) != NULL) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1306 if (headers_done) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1307 errmsg = "Header found in body of key data";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1308 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1309 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1310 *p++ = '\0';
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1311 while (p && isspace((unsigned char)p)) p++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1312 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1313 * Header lines can end in a trailing backslash for
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1314 * continuation.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1315 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1316 while ((len = strlen(p)) > (int)(sizeof(buffer) - (p-buffer) -1) \|\|
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1317 p[len-1] != '\n' \|\| p[len-2] == '\\') {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1318 if (len > (int)((p-buffer) + sizeof(buffer)-2)) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1319 errmsg = "Header line too long to deal with";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1320 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1321 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1322 if (!fgets(p+len-2, sizeof(buffer)-(p-buffer)-(len-2), fp)) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1323 errmsg = "Unexpected end of file";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1324 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1325 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1326 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1327 p[strcspn(p, "\n")] = '\0';
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1328 if (!strcmp(buffer, "Comment")) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1329 /* Strip quotes in comment if present. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1330 if (p[0] == '"' && p[strlen(p)-1] == '"') {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1331 p++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1332 p[strlen(p)-1] = '\0';
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1333 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1334 strncpy(ret->comment, p, sizeof(ret->comment));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1335 ret->comment[sizeof(ret->comment)-1] = '\0';
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1336 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1337 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1338 headers_done = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1339
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1340 p = buffer;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1341 while (isbase64(*p)) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1342 base64_bit[base64_chars++] = *p;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1343 if (base64_chars == 4) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1344 unsigned char out[3];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1345
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1346 base64_chars = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1347
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1348 len = base64_decode_atom(base64_bit, out);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1349
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1350 if (len <= 0) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1351 errmsg = "Invalid base64 encoding";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1352 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1353 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1354
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1355 if (ret->keyblob_len + len > ret->keyblob_size) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1356 ret->keyblob_size = ret->keyblob_len + len + 256;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1357 ret->keyblob = sresize(ret->keyblob, ret->keyblob_size,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1358 unsigned char);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1359 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1360
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1361 memcpy(ret->keyblob + ret->keyblob_len, out, len);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1362 ret->keyblob_len += len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1363 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1364
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1365 p++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1366 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1367 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1368 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1369
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1370 if (ret->keyblob_len == 0 \|\| !ret->keyblob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1371 errmsg = "Key body not present";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1372 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1373 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1374
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1375 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1376
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1377 error:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1378 if (ret) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1379 if (ret->keyblob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1380 memset(ret->keyblob, 0, ret->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1381 m_free(ret->keyblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1382 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1383 memset(&ret, 0, sizeof(ret));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1384 m_free(ret);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1385 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1386 return NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1387 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1388
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1389 int sshcom_encrypted(const char filename, char *comment)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1390 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1391 struct sshcom_key *key = load_sshcom_key(filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1392 int pos, len, answer;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1393
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1394 *comment = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1395 if (!key)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1396 return 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1397
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1398 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1399 * Check magic number.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1400 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1401 if (GET_32BIT(key->keyblob) != 0x3f6ff9eb)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1402 return 0; /* key is invalid */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1403
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1404 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1405 * Find the cipher-type string.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1406 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1407 answer = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1408 pos = 8;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1409 if (key->keyblob_len < pos+4)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1410 goto done; /* key is far too short */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1411 pos += 4 + GET_32BIT(key->keyblob + pos); /* skip key type */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1412 if (key->keyblob_len < pos+4)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1413 goto done; /* key is far too short */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1414 len = GET_32BIT(key->keyblob + pos); /* find cipher-type length */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1415 if (key->keyblob_len < pos+4+len)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1416 goto done; /* cipher type string is incomplete */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1417 if (len != 4 \|\| 0 != memcmp(key->keyblob + pos + 4, "none", 4))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1418 answer = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1419
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1420 done:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1421 *comment = dupstr(key->comment);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1422 memset(key->keyblob, 0, key->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1423 m_free(key->keyblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1424 memset(&key, 0, sizeof(key));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1425 m_free(key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1426 return answer;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1427 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1428
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1429 static int sshcom_read_mpint(void data, int len, struct mpint_pos ret)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1430 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1431 int bits;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1432 int bytes;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1433 unsigned char d = (unsigned char ) data;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1434
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1435 if (len < 4)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1436 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1437 bits = GET_32BIT(d);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1438
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1439 bytes = (bits + 7) / 8;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1440 if (len < 4+bytes)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1441 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1442
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1443 ret->start = d + 4;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1444 ret->bytes = bytes;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1445 return bytes+4;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1446
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1447 error:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1448 ret->start = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1449 ret->bytes = -1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1450 return len; /* ensure further calls fail as well */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1451 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1452
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1453 static int sshcom_put_mpint(void target, void data, int len)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1454 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1455 unsigned char d = (unsigned char )target;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1456 unsigned char i = (unsigned char )data;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1457 int bits = len * 8 - 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1458
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1459 while (bits > 0) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1460 if (*i & (1 << (bits & 7)))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1461 break;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1462 if (!(bits-- & 7))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1463 i++, len--;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1464 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1465
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1466 PUT_32BIT(d, bits+1);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1467 memcpy(d+4, i, len);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1468 return len+4;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1469 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1470
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1471 sign_key sshcom_read(const char filename, char *passphrase)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1472 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1473 struct sshcom_key *key = load_sshcom_key(filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1474 char *errmsg;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1475 int pos, len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1476 const char prefix_rsa[] = "if-modn{sign{rsa";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1477 const char prefix_dsa[] = "dl-modp{sign{dsa";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1478 enum { RSA, DSA } type;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1479 int encrypted;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1480 char *ciphertext;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1481 int cipherlen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1482 struct ssh2_userkey ret = NULL, retkey;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1483 const struct ssh_signkey *alg;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1484 unsigned char *blob = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1485 int blobsize, publen, privlen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1486
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1487 if (!key)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1488 return NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1489
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1490 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1491 * Check magic number.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1492 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1493 if (GET_32BIT(key->keyblob) != SSHCOM_MAGIC_NUMBER) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1494 errmsg = "Key does not begin with magic number";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1495 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1496 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1497
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1498 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1499 * Determine the key type.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1500 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1501 pos = 8;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1502 if (key->keyblob_len < pos+4 \|\|
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1503 (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1504 errmsg = "Key blob does not contain a key type string";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1505 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1506 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1507 if (len > sizeof(prefix_rsa) - 1 &&
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1508 !memcmp(key->keyblob+pos+4, prefix_rsa, sizeof(prefix_rsa) - 1)) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1509 type = RSA;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1510 } else if (len > sizeof(prefix_dsa) - 1 &&
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1511 !memcmp(key->keyblob+pos+4, prefix_dsa, sizeof(prefix_dsa) - 1)) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1512 type = DSA;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1513 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1514 errmsg = "Key is of unknown type";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1515 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1516 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1517 pos += 4+len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1518
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1519 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1520 * Determine the cipher type.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1521 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1522 if (key->keyblob_len < pos+4 \|\|
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1523 (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1524 errmsg = "Key blob does not contain a cipher type string";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1525 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1526 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1527 if (len == 4 && !memcmp(key->keyblob+pos+4, "none", 4))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1528 encrypted = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1529 else if (len == 8 && !memcmp(key->keyblob+pos+4, "3des-cbc", 8))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1530 encrypted = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1531 else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1532 errmsg = "Key encryption is of unknown type";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1533 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1534 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1535 pos += 4+len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1536
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1537 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1538 * Get hold of the encrypted part of the key.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1539 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1540 if (key->keyblob_len < pos+4 \|\|
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1541 (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1542 errmsg = "Key blob does not contain actual key data";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1543 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1544 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1545 ciphertext = (char *)key->keyblob + pos + 4;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1546 cipherlen = len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1547 if (cipherlen == 0) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1548 errmsg = "Length of key data is zero";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1549 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1550 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1551
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1552 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1553 * Decrypt it if necessary.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1554 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1555 if (encrypted) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1556 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1557 * Derive encryption key from passphrase and iv/salt:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1558 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1559 * - let block A equal MD5(passphrase)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1560 * - let block B equal MD5(passphrase \|\| A)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1561 * - block C would be MD5(passphrase \|\| A \|\| B) and so on
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1562 * - encryption key is the first N bytes of A \|\| B
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1563 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1564 struct MD5Context md5c;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1565 unsigned char keybuf[32], iv[8];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1566
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1567 if (cipherlen % 8 != 0) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1568 errmsg = "Encrypted part of key is not a multiple of cipher block"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1569 " size";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1570 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1571 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1572
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1573 MD5Init(&md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1574 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1575 MD5Final(keybuf, &md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1576
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1577 MD5Init(&md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1578 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1579 MD5Update(&md5c, keybuf, 16);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1580 MD5Final(keybuf+16, &md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1581
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1582 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1583 * Now decrypt the key blob.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1584 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1585 memset(iv, 0, sizeof(iv));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1586 des3_decrypt_pubkey_ossh(keybuf, iv, (unsigned char *)ciphertext,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1587 cipherlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1588
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1589 memset(&md5c, 0, sizeof(md5c));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1590 memset(keybuf, 0, sizeof(keybuf));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1591
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1592 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1593 * Hereafter we return WRONG_PASSPHRASE for any parsing
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1594 * error. (But only if we've just tried to decrypt it!
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1595 * Returning WRONG_PASSPHRASE for an unencrypted key is
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1596 * automatic doom.)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1597 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1598 if (encrypted)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1599 ret = SSH2_WRONG_PASSPHRASE;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1600 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1601
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1602 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1603 * Strip away the containing string to get to the real meat.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1604 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1605 len = GET_32BIT(ciphertext);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1606 if (len > cipherlen-4) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1607 errmsg = "containing string was ill-formed";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1608 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1609 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1610 ciphertext += 4;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1611 cipherlen = len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1612
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1613 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1614 * Now we break down into RSA versus DSA. In either case we'll
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1615 * construct public and private blobs in our own format, and
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1616 * end up feeding them to alg->createkey().
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1617 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1618 blobsize = cipherlen + 256;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1619 blob = snewn(blobsize, unsigned char);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1620 privlen = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1621 if (type == RSA) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1622 struct mpint_pos n, e, d, u, p, q;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1623 int pos = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1624 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &e);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1625 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &d);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1626 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &n);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1627 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &u);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1628 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &p);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1629 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &q);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1630 if (!q.start) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1631 errmsg = "key data did not contain six integers";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1632 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1633 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1634
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1635 alg = &ssh_rsa;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1636 pos = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1637 pos += put_string(blob+pos, "ssh-rsa", 7);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1638 pos += put_mp(blob+pos, e.start, e.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1639 pos += put_mp(blob+pos, n.start, n.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1640 publen = pos;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1641 pos += put_string(blob+pos, d.start, d.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1642 pos += put_mp(blob+pos, q.start, q.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1643 pos += put_mp(blob+pos, p.start, p.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1644 pos += put_mp(blob+pos, u.start, u.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1645 privlen = pos - publen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1646 } else if (type == DSA) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1647 struct mpint_pos p, q, g, x, y;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1648 int pos = 4;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1649 if (GET_32BIT(ciphertext) != 0) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1650 errmsg = "predefined DSA parameters not supported";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1651 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1652 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1653 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &p);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1654 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &g);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1655 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &q);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1656 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &y);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1657 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &x);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1658 if (!x.start) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1659 errmsg = "key data did not contain five integers";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1660 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1661 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1662
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1663 alg = &ssh_dss;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1664 pos = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1665 pos += put_string(blob+pos, "ssh-dss", 7);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1666 pos += put_mp(blob+pos, p.start, p.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1667 pos += put_mp(blob+pos, q.start, q.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1668 pos += put_mp(blob+pos, g.start, g.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1669 pos += put_mp(blob+pos, y.start, y.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1670 publen = pos;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1671 pos += put_mp(blob+pos, x.start, x.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1672 privlen = pos - publen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1673 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1674
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1675 dropbear_assert(privlen > 0); /* should have bombed by now if not */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1676
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1677 retkey = snew(struct ssh2_userkey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1678 retkey->alg = alg;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1679 retkey->data = alg->createkey(blob, publen, blob+publen, privlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1680 if (!retkey->data) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1681 m_free(retkey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1682 errmsg = "unable to create key data structure";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1683 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1684 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1685 retkey->comment = dupstr(key->comment);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1686
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1687 errmsg = NULL; /* no error */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1688 ret = retkey;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1689
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1690 error:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1691 if (blob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1692 memset(blob, 0, blobsize);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1693 m_free(blob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1694 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1695 memset(key->keyblob, 0, key->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1696 m_free(key->keyblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1697 memset(&key, 0, sizeof(key));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1698 m_free(key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1699 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1700 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1701
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1702 int sshcom_write(const char filename, sign_key key,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1703 char *passphrase)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1704 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1705 unsigned char pubblob, privblob;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1706 int publen, privlen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1707 unsigned char *outblob;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1708 int outlen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1709 struct mpint_pos numbers[6];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1710 int nnumbers, initial_zero, pos, lenpos, i;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1711 char *type;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1712 char *ciphertext;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1713 int cipherlen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1714 int ret = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1715 FILE *fp;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1716
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1717 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1718 * Fetch the key blobs.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1719 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1720 pubblob = key->alg->public_blob(key->data, &publen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1721 privblob = key->alg->private_blob(key->data, &privlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1722 outblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1723
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1724 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1725 * Find the sequence of integers to be encoded into the OpenSSH
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1726 * key blob, and also decide on the header line.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1727 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1728 if (key->alg == &ssh_rsa) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1729 int pos;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1730 struct mpint_pos n, e, d, p, q, iqmp;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1731
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1732 pos = 4 + GET_32BIT(pubblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1733 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &e);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1734 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &n);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1735 pos = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1736 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &d);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1737 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &p);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1738 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &q);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1739 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &iqmp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1740
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1741 dropbear_assert(e.start && iqmp.start); /* can't go wrong */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1742
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1743 numbers[0] = e;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1744 numbers[1] = d;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1745 numbers[2] = n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1746 numbers[3] = iqmp;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1747 numbers[4] = q;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1748 numbers[5] = p;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1749
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1750 nnumbers = 6;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1751 initial_zero = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1752 type = "if-modn{sign{rsa-pkcs1-sha1},encrypt{rsa-pkcs1v2-oaep}}";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1753 } else if (key->alg == &ssh_dss) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1754 int pos;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1755 struct mpint_pos p, q, g, y, x;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1756
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1757 pos = 4 + GET_32BIT(pubblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1758 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &p);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1759 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &q);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1760 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &g);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1761 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &y);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1762 pos = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1763 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &x);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1764
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1765 dropbear_assert(y.start && x.start); /* can't go wrong */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1766
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1767 numbers[0] = p;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1768 numbers[1] = g;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1769 numbers[2] = q;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1770 numbers[3] = y;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1771 numbers[4] = x;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1772
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1773 nnumbers = 5;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1774 initial_zero = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1775 type = "dl-modp{sign{dsa-nist-sha1},dh{plain}}";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1776 } else {
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1777 dropbear_assert(0); /* zoinks! */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1778 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1779
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1780 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1781 * Total size of key blob will be somewhere under 512 plus
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1782 * combined length of integers. We'll calculate the more
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1783 * precise size as we construct the blob.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1784 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1785 outlen = 512;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1786 for (i = 0; i < nnumbers; i++)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1787 outlen += 4 + numbers[i].bytes;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1788 outblob = snewn(outlen, unsigned char);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1789
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1790 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1791 * Create the unencrypted key blob.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1792 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1793 pos = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1794 PUT_32BIT(outblob+pos, SSHCOM_MAGIC_NUMBER); pos += 4;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1795 pos += 4; /* length field, fill in later */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1796 pos += put_string(outblob+pos, type, strlen(type));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1797 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1798 char *ciphertype = passphrase ? "3des-cbc" : "none";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1799 pos += put_string(outblob+pos, ciphertype, strlen(ciphertype));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1800 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1801 lenpos = pos; /* remember this position */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1802 pos += 4; /* encrypted-blob size */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1803 pos += 4; /* encrypted-payload size */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1804 if (initial_zero) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1805 PUT_32BIT(outblob+pos, 0);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1806 pos += 4;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1807 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1808 for (i = 0; i < nnumbers; i++)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1809 pos += sshcom_put_mpint(outblob+pos,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1810 numbers[i].start, numbers[i].bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1811 /* Now wrap up the encrypted payload. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1812 PUT_32BIT(outblob+lenpos+4, pos - (lenpos+8));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1813 /* Pad encrypted blob to a multiple of cipher block size. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1814 if (passphrase) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1815 int padding = -(pos - (lenpos+4)) & 7;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1816 while (padding--)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1817 outblob[pos++] = random_byte();
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1818 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1819 ciphertext = (char *)outblob+lenpos+4;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1820 cipherlen = pos - (lenpos+4);
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1821 dropbear_assert(!passphrase \|\| cipherlen % 8 == 0);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1822 /* Wrap up the encrypted blob string. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1823 PUT_32BIT(outblob+lenpos, cipherlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1824 /* And finally fill in the total length field. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1825 PUT_32BIT(outblob+4, pos);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1826
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1827 dropbear_assert(pos < outlen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1828
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1829 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1830 * Encrypt the key.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1831 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1832 if (passphrase) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1833 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1834 * Derive encryption key from passphrase and iv/salt:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1835 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1836 * - let block A equal MD5(passphrase)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1837 * - let block B equal MD5(passphrase \|\| A)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1838 * - block C would be MD5(passphrase \|\| A \|\| B) and so on
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1839 * - encryption key is the first N bytes of A \|\| B
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1840 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1841 struct MD5Context md5c;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1842 unsigned char keybuf[32], iv[8];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1843
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1844 MD5Init(&md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1845 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1846 MD5Final(keybuf, &md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1847
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1848 MD5Init(&md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1849 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1850 MD5Update(&md5c, keybuf, 16);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1851 MD5Final(keybuf+16, &md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1852
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1853 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1854 * Now decrypt the key blob.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1855 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1856 memset(iv, 0, sizeof(iv));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1857 des3_encrypt_pubkey_ossh(keybuf, iv, (unsigned char *)ciphertext,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1858 cipherlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1859
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1860 memset(&md5c, 0, sizeof(md5c));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1861 memset(keybuf, 0, sizeof(keybuf));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1862 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1863
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1864 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1865 * And save it. We'll use Unix line endings just in case it's
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1866 * subsequently transferred in binary mode.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1867 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1868 fp = fopen(filename, "wb"); /* ensure Unix line endings */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1869 if (!fp)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1870 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1871 fputs("---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----\n", fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1872 fprintf(fp, "Comment: \"");
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1873 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1874 * Comment header is broken with backslash-newline if it goes
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1875 * over 70 chars. Although it's surrounded by quotes, it
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1876 * _doesn't_ escape backslashes or quotes within the string.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1877 * Don't ask me, I didn't design it.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1878 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1879 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1880 int slen = 60; /* starts at 60 due to "Comment: " */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1881 char *c = key->comment;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1882 while ((int)strlen(c) > slen) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1883 fprintf(fp, "%.*s\\\n", slen, c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1884 c += slen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1885 slen = 70; /* allow 70 chars on subsequent lines */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1886 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1887 fprintf(fp, "%s\"\n", c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1888 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1889 base64_encode_fp(fp, outblob, pos, 70);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1890 fputs("---- END SSH2 ENCRYPTED PRIVATE KEY ----\n", fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1891 fclose(fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1892 ret = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1893
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1894 error:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1895 if (outblob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1896 memset(outblob, 0, outlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1897 m_free(outblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1898 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1899 if (privblob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1900 memset(privblob, 0, privlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1901 m_free(privblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1902 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1903 if (pubblob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1904 memset(pubblob, 0, publen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1905 m_free(pubblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1906 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1907 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1908 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1909 #endif /* ssh.com stuff disabled */

Mercurial > dropbear

annotate keyimport.c @ 994:5c5ade336926