Mercurial > dropbear
annotate keyimport.c @ 1701:6e5037ae2c1c
Fix warning for unused prngd branch
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 28 May 2020 23:01:15 +0800 |
parents | 1051e4eea25a |
children | 064f5be2fc45 |
rev | line source |
---|---|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Based on PuTTY's import.c for importing/exporting OpenSSH and SSH.com |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * keyfiles. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * Modifications copyright 2003 Matt Johnston |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * PuTTY is copyright 1997-2003 Simon Tatham. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * Portions copyright Robert de Bath, Joris van Rantwijk, Delian |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * Justin Bradford, and CORE SDI S.A. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * Permission is hereby granted, free of charge, to any person |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * obtaining a copy of this software and associated documentation files |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * (the "Software"), to deal in the Software without restriction, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * including without limitation the rights to use, copy, modify, merge, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * publish, distribute, sublicense, and/or sell copies of the Software, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * and to permit persons to whom the Software is furnished to do so, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * subject to the following conditions: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * The above copyright notice and this permission notice shall be |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * included in all copies or substantial portions of the Software. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 * NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 * FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 #include "keyimport.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 #include "bignum.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 #include "buffer.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 #include "dbutil.h" |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
37 #include "ecc.h" |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
38 #include "ssh.h" |
1674
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
39 #include "rsa.h" |
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
40 #include "dss.h" |
ba6fc7afe1c5
use sigtype where appropriate
Matt Johnston <matt@ucc.asn.au>
parents:
1659
diff
changeset
|
41 #include "ed25519.h" |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
42 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
43 static const unsigned char OSSH_PKEY_BLOB[] = |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
44 "openssh-key-v1\0" /* AUTH_MAGIC */ |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
45 "\0\0\0\4none" /* cipher name*/ |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
46 "\0\0\0\4none" /* kdf name */ |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
47 "\0\0\0\0" /* kdf */ |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
48 "\0\0\0\1"; /* key num */ |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
49 #define OSSH_PKEY_BLOBLEN (sizeof(OSSH_PKEY_BLOB) - 1) |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
50 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
51 #if DROPBEAR_ECDSA |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
52 static const unsigned char OID_SEC256R1_BLOB[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07}; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
53 static const unsigned char OID_SEC384R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x22}; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
54 static const unsigned char OID_SEC521R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x23}; |
1294
56aba7dedbea
options for disabling "normal" DH
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
55 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
56 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
57 #define PUT_32BIT(cp, value) do { \ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
58 (cp)[3] = (unsigned char)(value); \ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 (cp)[2] = (unsigned char)((value) >> 8); \ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
60 (cp)[1] = (unsigned char)((value) >> 16); \ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
61 (cp)[0] = (unsigned char)((value) >> 24); } while (0) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
62 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
63 #define GET_32BIT(cp) \ |
1308 | 64 (((unsigned long)(unsigned char)(cp)[0] << 24) | \ |
65 ((unsigned long)(unsigned char)(cp)[1] << 16) | \ | |
66 ((unsigned long)(unsigned char)(cp)[2] << 8) | \ | |
67 ((unsigned long)(unsigned char)(cp)[3])) | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
68 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 static int openssh_encrypted(const char *filename); |
1459
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1395
diff
changeset
|
70 static sign_key *openssh_read(const char *filename, const char *passphrase); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 static int openssh_write(const char *filename, sign_key *key, |
1459
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1395
diff
changeset
|
72 const char *passphrase); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
73 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
74 static int dropbear_write(const char*filename, sign_key * key); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
75 static sign_key *dropbear_read(const char* filename); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
76 |
1306
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
77 static int toint(unsigned u); |
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
78 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
79 #if 0 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
80 static int sshcom_encrypted(const char *filename, char **comment); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
81 static struct ssh2_userkey *sshcom_read(const char *filename, char *passphrase); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
82 static int sshcom_write(const char *filename, struct ssh2_userkey *key, |
1308 | 83 char *passphrase); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
84 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
85 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
86 int import_encrypted(const char* filename, int filetype) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
87 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
88 if (filetype == KEYFILE_OPENSSH) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
89 return openssh_encrypted(filename); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
90 #if 0 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
91 } else if (filetype == KEYFILE_SSHCOM) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
92 return sshcom_encrypted(filename, NULL); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
93 #endif |
1308 | 94 } |
95 return 0; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
96 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
97 |
1459
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1395
diff
changeset
|
98 sign_key *import_read(const char *filename, const char *passphrase, int filetype) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
99 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
100 if (filetype == KEYFILE_OPENSSH) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
101 return openssh_read(filename, passphrase); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
102 } else if (filetype == KEYFILE_DROPBEAR) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
103 return dropbear_read(filename); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
104 #if 0 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
105 } else if (filetype == KEYFILE_SSHCOM) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
106 return sshcom_read(filename, passphrase); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
107 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
108 } |
1308 | 109 return NULL; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
110 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
111 |
1459
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1395
diff
changeset
|
112 int import_write(const char *filename, sign_key *key, const char *passphrase, |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
113 int filetype) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
114 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
115 if (filetype == KEYFILE_OPENSSH) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
116 return openssh_write(filename, key, passphrase); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
117 } else if (filetype == KEYFILE_DROPBEAR) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
118 return dropbear_write(filename, key); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
119 #if 0 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
120 } else if (filetype == KEYFILE_SSHCOM) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
121 return sshcom_write(filename, key, passphrase); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
122 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
123 } |
1308 | 124 return 0; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
125 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
126 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
127 static sign_key *dropbear_read(const char* filename) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
128 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 buffer * buf = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
130 sign_key *ret = NULL; |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
845
diff
changeset
|
131 enum signkey_type type; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
132 |
73
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
133 buf = buf_new(MAX_PRIVKEY_SIZE); |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
134 if (buf_readfile(buf, filename) == DROPBEAR_FAILURE) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
135 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
136 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
137 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
138 buf_setpos(buf, 0); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
139 ret = new_sign_key(); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
140 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
141 type = DROPBEAR_SIGNKEY_ANY; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
142 if (buf_get_priv_key(buf, ret, &type) == DROPBEAR_FAILURE){ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
143 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
144 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
145 buf_free(buf); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
146 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
147 ret->type = type; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
148 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
149 return ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
150 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
151 error: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
152 if (buf) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
153 buf_free(buf); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
154 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
155 if (ret) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
156 sign_key_free(ret); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
157 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
158 return NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
159 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
160 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
161 /* returns 0 on fail, 1 on success */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
162 static int dropbear_write(const char*filename, sign_key * key) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
163 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
164 buffer * buf; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
165 FILE*fp; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
166 int len; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
167 int ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
168 |
73
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
169 buf = buf_new(MAX_PRIVKEY_SIZE); |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
170 buf_put_priv_key(buf, key, key->type); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
171 |
87
680a0bc9df0a
Some small fixes for unused vars, and old messages
Matt Johnston <matt@ucc.asn.au>
parents:
73
diff
changeset
|
172 fp = fopen(filename, "w"); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
173 if (!fp) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
174 ret = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
175 goto out; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
176 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
177 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
178 buf_setpos(buf, 0); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
179 do { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
180 len = fwrite(buf_getptr(buf, buf->len - buf->pos), |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
181 1, buf->len - buf->pos, fp); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
182 buf_incrpos(buf, len); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
183 } while (len > 0 && buf->len != buf->pos); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
184 |
256
ac890087b8c1
* keyimport.c: fclose() the key file to make sure data gets written
Matt Johnston <matt@ucc.asn.au>
parents:
241
diff
changeset
|
185 fclose(fp); |
ac890087b8c1
* keyimport.c: fclose() the key file to make sure data gets written
Matt Johnston <matt@ucc.asn.au>
parents:
241
diff
changeset
|
186 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
187 if (buf->pos != buf->len) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
188 ret = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
189 } else { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
190 ret = 1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
191 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
192 out: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
193 buf_free(buf); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
194 return ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
195 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
196 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
197 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
198 /* ---------------------------------------------------------------------- |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
199 * Helper routines. (The base64 ones are defined in sshpubk.c.) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
200 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
201 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
202 #define isbase64(c) ( ((c) >= 'A' && (c) <= 'Z') || \ |
1308 | 203 ((c) >= 'a' && (c) <= 'z') || \ |
204 ((c) >= '0' && (c) <= '9') || \ | |
205 (c) == '+' || (c) == '/' || (c) == '=' \ | |
206 ) | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
207 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
208 /* cpl has to be less than 100 */ |
1459
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1395
diff
changeset
|
209 static void base64_encode_fp(FILE * fp, const unsigned char *data, |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
210 int datalen, int cpl) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
211 { |
1094
c45d65392c1a
Fix pointer differ in signess warnings [-Werror=pointer-sign]
Gaël PORTAY <gael.portay@gmail.com>
parents:
1089
diff
changeset
|
212 unsigned char out[100]; |
1250 | 213 int n; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
214 unsigned long outlen; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
215 int rawcpl; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
216 rawcpl = cpl * 3 / 4; |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
87
diff
changeset
|
217 dropbear_assert((unsigned int)cpl < sizeof(out)); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
218 |
1250 | 219 while (datalen > 0) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
220 n = (datalen < rawcpl ? datalen : rawcpl); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
221 outlen = sizeof(out); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
222 base64_encode(data, n, out, &outlen); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
223 data += n; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
224 datalen -= n; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
225 fwrite(out, 1, outlen, fp); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
226 fputc('\n', fp); |
1250 | 227 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
228 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
229 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
230 * Read an ASN.1/BER identifier and length pair. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
231 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
232 * Flags are a combination of the #defines listed below. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
233 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
234 * Returns -1 if unsuccessful; otherwise returns the number of |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
235 * bytes used out of the source data. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
236 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
237 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
238 /* ASN.1 tag classes. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
239 #define ASN1_CLASS_UNIVERSAL (0 << 6) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
240 #define ASN1_CLASS_APPLICATION (1 << 6) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
241 #define ASN1_CLASS_CONTEXT_SPECIFIC (2 << 6) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
242 #define ASN1_CLASS_PRIVATE (3 << 6) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
243 #define ASN1_CLASS_MASK (3 << 6) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
244 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
245 /* Primitive versus constructed bit. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
246 #define ASN1_CONSTRUCTED (1 << 5) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
247 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
248 static int ber_read_id_len(void *source, int sourcelen, |
1308 | 249 int *id, int *length, int *flags) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
250 { |
1308 | 251 unsigned char *p = (unsigned char *) source; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
252 |
1308 | 253 if (sourcelen == 0) |
254 return -1; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
255 |
1308 | 256 *flags = (*p & 0xE0); |
257 if ((*p & 0x1F) == 0x1F) { | |
258 *id = 0; | |
259 while (*p & 0x80) { | |
260 p++, sourcelen--; | |
261 if (sourcelen == 0) | |
262 return -1; | |
263 *id = (*id << 7) | (*p & 0x7F); | |
264 } | |
265 p++, sourcelen--; | |
266 } else { | |
267 *id = *p & 0x1F; | |
268 p++, sourcelen--; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
269 } |
1306
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
270 |
1308 | 271 if (sourcelen == 0) |
272 return -1; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
273 |
1308 | 274 if (*p & 0x80) { |
275 unsigned len; | |
276 int n = *p & 0x7F; | |
277 p++, sourcelen--; | |
278 if (sourcelen < n) | |
279 return -1; | |
280 len = 0; | |
281 while (n--) | |
282 len = (len << 8) | (*p++); | |
283 sourcelen -= n; | |
284 *length = toint(len); | |
285 } else { | |
286 *length = *p; | |
287 p++, sourcelen--; | |
288 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
289 |
1308 | 290 if (*length < 0) { |
291 printf("Negative ASN.1 length\n"); | |
292 return -1; | |
293 } | |
1307
ad9c40aca3bc
add length checks for ecc too
Matt Johnston <matt@ucc.asn.au>
parents:
1306
diff
changeset
|
294 |
1308 | 295 return p - (unsigned char *) source; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
296 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
297 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
298 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
299 * Write an ASN.1/BER identifier and length pair. Returns the |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
300 * number of bytes consumed. Assumes dest contains enough space. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
301 * Will avoid writing anything if dest is NULL, but still return |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
302 * amount of space required. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
303 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
304 static int ber_write_id_len(void *dest, int id, int length, int flags) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
305 { |
1308 | 306 unsigned char *d = (unsigned char *)dest; |
307 int len = 0; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
308 |
1308 | 309 if (id <= 30) { |
310 /* | |
311 * Identifier is one byte. | |
312 */ | |
313 len++; | |
314 if (d) *d++ = id | flags; | |
315 } else { | |
316 int n; | |
317 /* | |
318 * Identifier is multiple bytes: the first byte is 11111 | |
319 * plus the flags, and subsequent bytes encode the value of | |
320 * the identifier, 7 bits at a time, with the top bit of | |
321 * each byte 1 except the last one which is 0. | |
322 */ | |
323 len++; | |
324 if (d) *d++ = 0x1F | flags; | |
325 for (n = 1; (id >> (7*n)) > 0; n++) | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
326 continue; /* count the bytes */ |
1308 | 327 while (n--) { |
328 len++; | |
329 if (d) *d++ = (n ? 0x80 : 0) | ((id >> (7*n)) & 0x7F); | |
330 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
331 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
332 |
1308 | 333 if (length < 128) { |
334 /* | |
335 * Length is one byte. | |
336 */ | |
337 len++; | |
338 if (d) *d++ = length; | |
339 } else { | |
340 int n; | |
341 /* | |
342 * Length is multiple bytes. The first is 0x80 plus the | |
343 * number of subsequent bytes, and the subsequent bytes | |
344 * encode the actual length. | |
345 */ | |
346 for (n = 1; (length >> (8*n)) > 0; n++) | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
347 continue; /* count the bytes */ |
1308 | 348 len++; |
349 if (d) *d++ = 0x80 | n; | |
350 while (n--) { | |
351 len++; | |
352 if (d) *d++ = (length >> (8*n)) & 0xFF; | |
353 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
354 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
355 |
1308 | 356 return len; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
357 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
358 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
359 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
360 /* Simple structure to point to an mp-int within a blob. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
361 struct mpint_pos { void *start; int bytes; }; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
362 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
363 /* ---------------------------------------------------------------------- |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
364 * Code to read and write OpenSSH private keys. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
365 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
366 |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
367 enum { OSSH_DSA, OSSH_RSA, OSSH_EC, OSSH_PKEY }; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
368 struct openssh_key { |
1308 | 369 int type; |
370 int encrypted; | |
371 char iv[32]; | |
372 unsigned char *keyblob; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
373 unsigned int keyblob_len, keyblob_size; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
374 }; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
375 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
376 static struct openssh_key *load_openssh_key(const char *filename) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
377 { |
1308 | 378 struct openssh_key *ret; |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
379 buffer *buf = NULL; |
340 | 380 FILE *fp = NULL; |
1308 | 381 char buffer[256]; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
382 char *errmsg = NULL, *p = NULL; |
1308 | 383 int headers_done; |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
384 unsigned long len; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
385 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
386 ret = (struct openssh_key*)m_malloc(sizeof(struct openssh_key)); |
1308 | 387 ret->keyblob = NULL; |
388 ret->keyblob_len = ret->keyblob_size = 0; | |
389 ret->encrypted = 0; | |
390 memset(ret->iv, 0, sizeof(ret->iv)); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
391 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
392 if (strlen(filename) == 1 && filename[0] == '-') { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
393 fp = stdin; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
394 } else { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
395 fp = fopen(filename, "r"); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
396 } |
1308 | 397 if (!fp) { |
398 errmsg = "Unable to open key file"; | |
399 goto error; | |
1306
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
400 } |
1308 | 401 if (!fgets(buffer, sizeof(buffer), fp) || |
402 0 != strncmp(buffer, "-----BEGIN ", 11) || | |
403 0 != strcmp(buffer+strlen(buffer)-17, "PRIVATE KEY-----\n")) { | |
404 errmsg = "File does not begin with OpenSSH key header"; | |
1306
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
405 goto error; |
1308 | 406 } |
407 if (!strcmp(buffer, "-----BEGIN RSA PRIVATE KEY-----\n")) | |
408 ret->type = OSSH_RSA; | |
409 else if (!strcmp(buffer, "-----BEGIN DSA PRIVATE KEY-----\n")) | |
410 ret->type = OSSH_DSA; | |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
491
diff
changeset
|
411 else if (!strcmp(buffer, "-----BEGIN EC PRIVATE KEY-----\n")) |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
491
diff
changeset
|
412 ret->type = OSSH_EC; |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
413 else if (!strcmp(buffer, "-----BEGIN OPENSSH PRIVATE KEY-----\n")) |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
414 ret->type = OSSH_PKEY; |
1308 | 415 else { |
416 errmsg = "Unrecognised key type"; | |
417 goto error; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
418 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
419 |
1308 | 420 headers_done = 0; |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
421 buf = buf_new(0); |
1308 | 422 while (1) { |
423 if (!fgets(buffer, sizeof(buffer), fp)) { | |
424 errmsg = "Unexpected end of file"; | |
425 goto error; | |
426 } | |
427 if (0 == strncmp(buffer, "-----END ", 9) && | |
428 0 == strcmp(buffer+strlen(buffer)-17, "PRIVATE KEY-----\n")) | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
429 break; /* done */ |
1308 | 430 if ((p = strchr(buffer, ':')) != NULL) { |
431 if (headers_done) { | |
432 errmsg = "Header found in body of key data"; | |
433 goto error; | |
434 } | |
435 *p++ = '\0'; | |
436 while (*p && isspace((unsigned char)*p)) p++; | |
437 if (!strcmp(buffer, "Proc-Type")) { | |
438 if (p[0] != '4' || p[1] != ',') { | |
439 errmsg = "Proc-Type is not 4 (only 4 is supported)"; | |
440 goto error; | |
441 } | |
442 p += 2; | |
443 if (!strcmp(p, "ENCRYPTED\n")) | |
444 ret->encrypted = 1; | |
445 } else if (!strcmp(buffer, "DEK-Info")) { | |
446 int i, j; | |
1306
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
447 |
1308 | 448 if (strncmp(p, "DES-EDE3-CBC,", 13)) { |
449 errmsg = "Ciphers other than DES-EDE3-CBC not supported"; | |
450 goto error; | |
451 } | |
452 p += 13; | |
453 for (i = 0; i < 8; i++) { | |
454 if (1 != sscanf(p, "%2x", &j)) | |
455 break; | |
456 ret->iv[i] = j; | |
457 p += 2; | |
458 } | |
459 if (i < 8) { | |
460 errmsg = "Expected 16-digit iv in DEK-Info"; | |
461 goto error; | |
462 } | |
463 } | |
464 } else { | |
465 headers_done = 1; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
466 len = strlen(buffer); |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
467 buf = buf_resize(buf, buf->size + len); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
468 buf_putbytes(buf, buffer, len); |
1308 | 469 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
470 } |
1308 | 471 |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
472 if (buf && buf->len) { |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
473 ret->keyblob_size = ret->keyblob_len + buf->len*4/3 + 256; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
474 ret->keyblob = (unsigned char*)m_realloc(ret->keyblob, ret->keyblob_size); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
475 len = ret->keyblob_size; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
476 if (base64_decode((const unsigned char *)buf->data, buf->len, |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
477 ret->keyblob, &len) != CRYPT_OK){ |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
478 errmsg = "Error decoding base64"; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
479 goto error; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
480 } |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
481 ret->keyblob_len = len; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
482 } |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
483 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
484 if (ret->type == OSSH_PKEY) { |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
485 if (ret->keyblob_len < OSSH_PKEY_BLOBLEN || |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
486 memcmp(ret->keyblob, OSSH_PKEY_BLOB, OSSH_PKEY_BLOBLEN)) { |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
487 errmsg = "Error decoding OpenSSH key"; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
488 goto error; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
489 } |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
490 ret->keyblob_len -= OSSH_PKEY_BLOBLEN; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
491 memmove(ret->keyblob, ret->keyblob + OSSH_PKEY_BLOBLEN, ret->keyblob_len); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
492 } |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
493 |
1308 | 494 if (ret->keyblob_len == 0 || !ret->keyblob) { |
495 errmsg = "Key body not present"; | |
496 goto error; | |
497 } | |
498 | |
499 if (ret->encrypted && ret->keyblob_len % 8 != 0) { | |
500 errmsg = "Encrypted key blob is not a multiple of cipher block size"; | |
501 goto error; | |
502 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
503 |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
504 if (buf) { |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
505 buf_burn(buf); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
506 buf_free(buf); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
507 } |
1045
31727a8abd4b
Use m_burn rather than memset
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
1038
diff
changeset
|
508 m_burn(buffer, sizeof(buffer)); |
1308 | 509 return ret; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
510 |
1308 | 511 error: |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
512 if (buf) { |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
513 buf_burn(buf); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
514 buf_free(buf); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
515 } |
1045
31727a8abd4b
Use m_burn rather than memset
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
1038
diff
changeset
|
516 m_burn(buffer, sizeof(buffer)); |
1308 | 517 if (ret) { |
518 if (ret->keyblob) { | |
1045
31727a8abd4b
Use m_burn rather than memset
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
1038
diff
changeset
|
519 m_burn(ret->keyblob, ret->keyblob_size); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
520 m_free(ret->keyblob); |
1308 | 521 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
522 m_free(ret); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
523 } |
340 | 524 if (fp) { |
525 fclose(fp); | |
1308 | 526 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
527 if (errmsg) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
528 fprintf(stderr, "Error: %s\n", errmsg); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
529 } |
1308 | 530 return NULL; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
531 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
532 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
533 static int openssh_encrypted(const char *filename) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
534 { |
1308 | 535 struct openssh_key *key = load_openssh_key(filename); |
536 int ret; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
537 |
1308 | 538 if (!key) |
539 return 0; | |
540 ret = key->encrypted; | |
1045
31727a8abd4b
Use m_burn rather than memset
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
1038
diff
changeset
|
541 m_burn(key->keyblob, key->keyblob_size); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
542 m_free(key->keyblob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
543 m_free(key); |
1308 | 544 return ret; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
545 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
546 |
1459
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1395
diff
changeset
|
547 static sign_key *openssh_read(const char *filename, const char * UNUSED(passphrase)) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
548 { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
549 struct openssh_key *key; |
1308 | 550 unsigned char *p; |
551 int ret, id, len, flags; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
552 int i, num_integers = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
553 sign_key *retval = NULL; |
1308 | 554 char *errmsg; |
1119
845922d73e9c
Turn modptr local variable into unsigned char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
555 unsigned char *modptr = NULL; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
556 int modlen = -9999; |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
845
diff
changeset
|
557 enum signkey_type type; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
558 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
559 sign_key *retkey; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
560 buffer * blobbuf = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
561 |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
562 retkey = new_sign_key(); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
563 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
564 key = load_openssh_key(filename); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
565 |
1308 | 566 if (!key) |
567 return NULL; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
568 |
1308 | 569 if (key->encrypted) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
570 errmsg = "encrypted keys not supported currently"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
571 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
572 #if 0 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
573 /* matt TODO */ |
1308 | 574 /* |
575 * Derive encryption key from passphrase and iv/salt: | |
576 * | |
577 * - let block A equal MD5(passphrase || iv) | |
578 * - let block B equal MD5(A || passphrase || iv) | |
579 * - block C would be MD5(B || passphrase || iv) and so on | |
580 * - encryption key is the first N bytes of A || B | |
581 */ | |
582 struct MD5Context md5c; | |
583 unsigned char keybuf[32]; | |
584 | |
585 MD5Init(&md5c); | |
586 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); | |
587 MD5Update(&md5c, (unsigned char *)key->iv, 8); | |
588 MD5Final(keybuf, &md5c); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
589 |
1308 | 590 MD5Init(&md5c); |
591 MD5Update(&md5c, keybuf, 16); | |
592 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); | |
593 MD5Update(&md5c, (unsigned char *)key->iv, 8); | |
594 MD5Final(keybuf+16, &md5c); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
595 |
1308 | 596 /* |
597 * Now decrypt the key blob. | |
598 */ | |
599 des3_decrypt_pubkey_ossh(keybuf, (unsigned char *)key->iv, | |
600 key->keyblob, key->keyblob_len); | |
601 | |
602 memset(&md5c, 0, sizeof(md5c)); | |
603 memset(keybuf, 0, sizeof(keybuf)); | |
604 #endif | |
605 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
606 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
607 /* |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
608 * Now we have a decrypted key blob, which contains OpenSSH |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
609 * encoded private key. We must now untangle the OpenSSH format. |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
610 */ |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
611 if (key->type == OSSH_PKEY) { |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
612 blobbuf = buf_new(key->keyblob_len); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
613 buf_putbytes(blobbuf, key->keyblob, key->keyblob_len); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
614 buf_setpos(blobbuf, 0); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
615 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
616 /* limit length of private key blob */ |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
617 len = buf_getint(blobbuf); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
618 buf_setlen(blobbuf, blobbuf->pos + len); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
619 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
620 type = DROPBEAR_SIGNKEY_ANY; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
621 if (buf_get_pub_key(blobbuf, retkey, &type) |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
622 != DROPBEAR_SUCCESS) { |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
623 errmsg = "Error parsing OpenSSH key"; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
624 goto ossh_error; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
625 } |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
626 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
627 /* restore full length */ |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
628 buf_setlen(blobbuf, key->keyblob_len); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
629 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
630 if (type != DROPBEAR_SIGNKEY_NONE) { |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
631 retkey->type = type; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
632 /* limit length of private key blob */ |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
633 len = buf_getint(blobbuf); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
634 buf_setlen(blobbuf, blobbuf->pos + len); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
635 #if DROPBEAR_ED25519 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
636 if (type == DROPBEAR_SIGNKEY_ED25519) { |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
637 buf_incrpos(blobbuf, 8); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
638 buf_eatstring(blobbuf); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
639 buf_eatstring(blobbuf); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
640 buf_incrpos(blobbuf, -SSH_SIGNKEY_ED25519_LEN-4); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
641 if (buf_get_ed25519_priv_key(blobbuf, retkey->ed25519key) |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
642 == DROPBEAR_SUCCESS) { |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
643 errmsg = NULL; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
644 retval = retkey; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
645 goto error; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
646 } |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
647 } |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
648 #endif |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
649 } |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
650 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
651 errmsg = "Unsupported OpenSSH key type"; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
652 ossh_error: |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
653 sign_key_free(retkey); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
654 retkey = NULL; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
655 goto error; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
656 } |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
657 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
658 /* |
1308 | 659 * Now we have a decrypted key blob, which contains an ASN.1 |
660 * encoded private key. We must now untangle the ASN.1. | |
661 * | |
662 * We expect the whole key blob to be formatted as a SEQUENCE | |
663 * (0x30 followed by a length code indicating that the rest of | |
664 * the blob is part of the sequence). Within that SEQUENCE we | |
665 * expect to see a bunch of INTEGERs. What those integers mean | |
666 * depends on the key type: | |
667 * | |
668 * - For RSA, we expect the integers to be 0, n, e, d, p, q, | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
669 * dmp1, dmq1, iqmp in that order. (The last three are d mod |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
670 * (p-1), d mod (q-1), inverse of q mod p respectively.) |
1308 | 671 * |
672 * - For DSA, we expect them to be 0, p, q, g, y, x in that | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
673 * order. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
674 */ |
1308 | 675 |
676 p = key->keyblob; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
677 |
1308 | 678 /* Expect the SEQUENCE header. Take its absence as a failure to decrypt. */ |
679 ret = ber_read_id_len(p, key->keyblob_len, &id, &len, &flags); | |
680 p += ret; | |
681 if (ret < 0 || id != 16 || len < 0 || | |
682 key->keyblob+key->keyblob_len-p < len) { | |
683 errmsg = "ASN.1 decoding failure"; | |
684 goto error; | |
685 } | |
1306
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
686 |
1308 | 687 /* Expect a load of INTEGERs. */ |
688 if (key->type == OSSH_RSA) | |
689 num_integers = 9; | |
690 else if (key->type == OSSH_DSA) | |
691 num_integers = 6; | |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
692 else if (key->type == OSSH_EC) |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
693 num_integers = 1; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
694 |
1308 | 695 /* |
696 * Space to create key blob in. | |
697 */ | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
698 blobbuf = buf_new(3000); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
699 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
700 #if DROPBEAR_DSS |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
701 if (key->type == OSSH_DSA) { |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1119
diff
changeset
|
702 buf_putstring(blobbuf, "ssh-dss", 7); |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
703 retkey->type = DROPBEAR_SIGNKEY_DSS; |
935
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
704 } |
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
705 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
706 #if DROPBEAR_RSA |
935
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
707 if (key->type == OSSH_RSA) { |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1119
diff
changeset
|
708 buf_putstring(blobbuf, "ssh-rsa", 7); |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
709 retkey->type = DROPBEAR_SIGNKEY_RSA; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
710 } |
935
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
711 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
712 |
1308 | 713 for (i = 0; i < num_integers; i++) { |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
714 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p, |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
715 &id, &len, &flags); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
716 p += ret; |
1308 | 717 if (ret < 0 || id != 2 || len < 0 || |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
718 key->keyblob+key->keyblob_len-p < len) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
719 errmsg = "ASN.1 decoding failure"; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
720 goto error; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
721 } |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
722 |
1308 | 723 if (i == 0) { |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
724 /* First integer is a version indicator */ |
991
4f65c867fc99
Fix variables may be uninitialized.
Like Ma <likemartinma@gmail.com>
parents:
935
diff
changeset
|
725 int expected = -1; |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
726 switch (key->type) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
727 case OSSH_RSA: |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
728 case OSSH_DSA: |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
729 expected = 0; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
730 break; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
731 case OSSH_EC: |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
732 expected = 1; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
733 break; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
734 } |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
735 if (len != 1 || p[0] != expected) { |
1308 | 736 errmsg = "Version number mismatch"; |
737 goto error; | |
738 } | |
739 } else if (key->type == OSSH_RSA) { | |
740 /* | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
741 * OpenSSH key order is n, e, d, p, q, dmp1, dmq1, iqmp |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
742 * but we want e, n, d, p, q |
1308 | 743 */ |
744 if (i == 1) { | |
745 /* Save the details for after we deal with number 2. */ | |
1119
845922d73e9c
Turn modptr local variable into unsigned char *
Gaël PORTAY <gael.portay@gmail.com>
parents:
1094
diff
changeset
|
746 modptr = p; |
1308 | 747 modlen = len; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
748 } else if (i >= 2 && i <= 5) { |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1119
diff
changeset
|
749 buf_putstring(blobbuf, (const char*)p, len); |
1308 | 750 if (i == 2) { |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1119
diff
changeset
|
751 buf_putstring(blobbuf, (const char*)modptr, modlen); |
1308 | 752 } |
753 } | |
754 } else if (key->type == OSSH_DSA) { | |
755 /* | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
756 * OpenSSH key order is p, q, g, y, x, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
757 * we want the same. |
1308 | 758 */ |
1122
aaf576b27a10
Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents:
1119
diff
changeset
|
759 buf_putstring(blobbuf, (const char*)p, len); |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
760 } |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
761 |
1308 | 762 /* Skip past the number. */ |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
763 p += len; |
1308 | 764 } |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
765 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
766 #if DROPBEAR_ECDSA |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
767 if (key->type == OSSH_EC) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
768 unsigned char* private_key_bytes = NULL; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
769 int private_key_len = 0; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
770 unsigned char* public_key_bytes = NULL; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
771 int public_key_len = 0; |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
806
diff
changeset
|
772 ecc_key *ecc = NULL; |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
773 const struct dropbear_ecc_curve *curve = NULL; |
1308 | 774 |
857 | 775 /* See SEC1 v2, Appendix C.4 */ |
776 /* OpenSSL (so OpenSSH) seems to include the optional parts. */ | |
1308 | 777 |
857 | 778 /* privateKey OCTET STRING, */ |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
779 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p, |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
780 &id, &len, &flags); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
781 p += ret; |
857 | 782 /* id==4 for octet string */ |
1395
77c0d57a4410
fix indentation
Francois Perrad <francois.perrad@gadz.org>
parents:
1316
diff
changeset
|
783 if (ret < 0 || id != 4 || len < 0 || |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
784 key->keyblob+key->keyblob_len-p < len) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
785 errmsg = "ASN.1 decoding failure"; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
786 goto error; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
787 } |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
788 private_key_bytes = p; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
789 private_key_len = len; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
790 p += len; |
1308 | 791 |
857 | 792 /* parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL, */ |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
793 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p, |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
794 &id, &len, &flags); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
795 p += ret; |
857 | 796 /* id==0 */ |
1395
77c0d57a4410
fix indentation
Francois Perrad <francois.perrad@gadz.org>
parents:
1316
diff
changeset
|
797 if (ret < 0 || id != 0 || len < 0) { |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
798 errmsg = "ASN.1 decoding failure"; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
799 goto error; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
800 } |
1308 | 801 |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
802 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p, |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
803 &id, &len, &flags); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
804 p += ret; |
857 | 805 /* id==6 for object */ |
1395
77c0d57a4410
fix indentation
Francois Perrad <francois.perrad@gadz.org>
parents:
1316
diff
changeset
|
806 if (ret < 0 || id != 6 || len < 0 || |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
807 key->keyblob+key->keyblob_len-p < len) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
808 errmsg = "ASN.1 decoding failure"; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
809 goto error; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
810 } |
1308 | 811 |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
812 if (0) {} |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
813 #if DROPBEAR_ECC_256 |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
814 else if (len == sizeof(OID_SEC256R1_BLOB) |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
815 && memcmp(p, OID_SEC256R1_BLOB, len) == 0) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
816 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP256; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
817 curve = &ecc_curve_nistp256; |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
818 } |
1308 | 819 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
820 #if DROPBEAR_ECC_384 |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
821 else if (len == sizeof(OID_SEC384R1_BLOB) |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
822 && memcmp(p, OID_SEC384R1_BLOB, len) == 0) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
823 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP384; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
824 curve = &ecc_curve_nistp384; |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
825 } |
1308 | 826 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
827 #if DROPBEAR_ECC_521 |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
828 else if (len == sizeof(OID_SEC521R1_BLOB) |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
829 && memcmp(p, OID_SEC521R1_BLOB, len) == 0) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
830 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP521; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
831 curve = &ecc_curve_nistp521; |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
832 } |
1308 | 833 #endif |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
834 else { |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
835 errmsg = "Unknown ECC key type"; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
836 goto error; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
837 } |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
838 p += len; |
1308 | 839 |
857 | 840 /* publicKey [1] BIT STRING OPTIONAL */ |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
841 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p, |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
842 &id, &len, &flags); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
843 p += ret; |
857 | 844 /* id==1 */ |
1395
77c0d57a4410
fix indentation
Francois Perrad <francois.perrad@gadz.org>
parents:
1316
diff
changeset
|
845 if (ret < 0 || id != 1 || len < 0) { |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
846 errmsg = "ASN.1 decoding failure"; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
847 goto error; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
848 } |
1308 | 849 |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
850 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p, |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
851 &id, &len, &flags); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
852 p += ret; |
857 | 853 /* id==3 for bit string */ |
1395
77c0d57a4410
fix indentation
Francois Perrad <francois.perrad@gadz.org>
parents:
1316
diff
changeset
|
854 if (ret < 0 || id != 3 || len < 0 || |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
855 key->keyblob+key->keyblob_len-p < len) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
856 errmsg = "ASN.1 decoding failure"; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
857 goto error; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
858 } |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
859 public_key_bytes = p+1; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
860 public_key_len = len-1; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
861 p += len; |
1308 | 862 |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
863 buf_putbytes(blobbuf, public_key_bytes, public_key_len); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
864 ecc = buf_get_ecc_raw_pubkey(blobbuf, curve); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
865 if (!ecc) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
866 errmsg = "Error parsing ECC key"; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
867 goto error; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
868 } |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
869 m_mp_alloc_init_multi((mp_int**)&ecc->k, NULL); |
1692
1051e4eea25a
Update LibTomMath to 1.2.0 (#84)
Steffen Jaeckel <s@jaeckel.eu>
parents:
1674
diff
changeset
|
870 if (mp_from_ubin(ecc->k, private_key_bytes, private_key_len) |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
871 != MP_OKAY) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
872 errmsg = "Error parsing ECC key"; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
873 goto error; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
874 } |
1308 | 875 |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
876 *signkey_key_ptr(retkey, retkey->type) = ecc; |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
877 } |
1308 | 878 #endif /* DROPBEAR_ECDSA */ |
879 | |
880 /* | |
881 * Now put together the actual key. Simplest way to do this is | |
882 * to assemble our own key blobs and feed them to the createkey | |
883 * functions; this is a bit faffy but it does mean we get all | |
884 * the sanity checks for free. | |
885 */ | |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
886 if (key->type == OSSH_RSA || key->type == OSSH_DSA) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
887 buf_setpos(blobbuf, 0); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
888 type = DROPBEAR_SIGNKEY_ANY; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
889 if (buf_get_priv_key(blobbuf, retkey, &type) |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
890 != DROPBEAR_SUCCESS) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
891 errmsg = "unable to create key structure"; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
892 sign_key_free(retkey); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
893 retkey = NULL; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
894 goto error; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
895 } |
1308 | 896 } |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
897 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
898 errmsg = NULL; /* no error */ |
1308 | 899 retval = retkey; |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
900 |
1308 | 901 error: |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
902 if (blobbuf) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
903 buf_burn(blobbuf); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
904 buf_free(blobbuf); |
1308 | 905 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
906 m_burn(key->keyblob, key->keyblob_size); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
907 m_free(key->keyblob); |
1002
97d1e54941fd
When clearing the memory of 'key' in function openssh_read(), only the size
Christian Engelmayer <cengelma@gmx.at>
parents:
991
diff
changeset
|
908 m_burn(key, sizeof(*key)); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
909 m_free(key); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
910 if (errmsg) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
911 fprintf(stderr, "Error: %s\n", errmsg); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
912 } |
1308 | 913 return retval; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
914 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
915 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
916 static int openssh_write(const char *filename, sign_key *key, |
1459
06d52bcb8094
Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents:
1395
diff
changeset
|
917 const char *passphrase) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
918 { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
919 buffer * keyblob = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
920 buffer * extrablob = NULL; /* used for calculated values to write */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
921 unsigned char *outblob = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
922 int outlen = -9999; |
1308 | 923 struct mpint_pos numbers[9]; |
991
4f65c867fc99
Fix variables may be uninitialized.
Like Ma <likemartinma@gmail.com>
parents:
935
diff
changeset
|
924 int nnumbers = -1, pos = 0, len = 0, seqlen, i; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
925 char *header = NULL, *footer = NULL; |
1308 | 926 char zero[1]; |
927 int ret = 0; | |
928 FILE *fp; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
929 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
930 #if DROPBEAR_RSA |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
931 mp_int dmp1, dmq1, iqmp, tmpval; /* for rsa */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
932 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
933 |
935
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
934 if ( |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
935 #if DROPBEAR_RSA |
935
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
936 key->type == DROPBEAR_SIGNKEY_RSA || |
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
937 #endif |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
938 #if DROPBEAR_DSS |
935
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
939 key->type == DROPBEAR_SIGNKEY_DSS || |
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
940 #endif |
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
941 0) |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
942 { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
943 /* |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
944 * Fetch the key blobs. |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
945 */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
946 keyblob = buf_new(3000); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
947 buf_put_priv_key(keyblob, key, key->type); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
948 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
949 buf_setpos(keyblob, 0); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
950 /* skip the "ssh-rsa" or "ssh-dss" header */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
951 buf_incrpos(keyblob, buf_getint(keyblob)); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
952 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
953 /* |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
954 * Find the sequence of integers to be encoded into the OpenSSH |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
955 * key blob, and also decide on the header line. |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
956 */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
957 numbers[0].start = zero; numbers[0].bytes = 1; zero[0] = '\0'; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
958 |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1459
diff
changeset
|
959 #if DROPBEAR_RSA |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
960 if (key->type == DROPBEAR_SIGNKEY_RSA) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
961 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
962 if (key->rsakey->p == NULL || key->rsakey->q == NULL) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
963 fprintf(stderr, "Pre-0.33 Dropbear keys cannot be converted to OpenSSH keys.\n"); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
964 goto error; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
965 } |
1306
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
966 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
967 /* e */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
968 numbers[2].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
969 numbers[2].start = buf_getptr(keyblob, numbers[2].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
970 buf_incrpos(keyblob, numbers[2].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
971 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
972 /* n */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
973 numbers[1].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
974 numbers[1].start = buf_getptr(keyblob, numbers[1].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
975 buf_incrpos(keyblob, numbers[1].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
976 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
977 /* d */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
978 numbers[3].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
979 numbers[3].start = buf_getptr(keyblob, numbers[3].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
980 buf_incrpos(keyblob, numbers[3].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
981 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
982 /* p */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
983 numbers[4].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
984 numbers[4].start = buf_getptr(keyblob, numbers[4].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
985 buf_incrpos(keyblob, numbers[4].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
986 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
987 /* q */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
988 numbers[5].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
989 numbers[5].start = buf_getptr(keyblob, numbers[5].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
990 buf_incrpos(keyblob, numbers[5].bytes); |
1306
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
991 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
992 /* now calculate some extra parameters: */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
993 m_mp_init(&tmpval); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
994 m_mp_init(&dmp1); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
995 m_mp_init(&dmq1); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
996 m_mp_init(&iqmp); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
997 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
998 /* dmp1 = d mod (p-1) */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
999 if (mp_sub_d(key->rsakey->p, 1, &tmpval) != MP_OKAY) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1000 fprintf(stderr, "Bignum error for p-1\n"); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1001 goto error; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1002 } |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1003 if (mp_mod(key->rsakey->d, &tmpval, &dmp1) != MP_OKAY) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1004 fprintf(stderr, "Bignum error for dmp1\n"); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1005 goto error; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1006 } |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1007 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1008 /* dmq1 = d mod (q-1) */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1009 if (mp_sub_d(key->rsakey->q, 1, &tmpval) != MP_OKAY) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1010 fprintf(stderr, "Bignum error for q-1\n"); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1011 goto error; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1012 } |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1013 if (mp_mod(key->rsakey->d, &tmpval, &dmq1) != MP_OKAY) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1014 fprintf(stderr, "Bignum error for dmq1\n"); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1015 goto error; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1016 } |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1017 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1018 /* iqmp = (q^-1) mod p */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1019 if (mp_invmod(key->rsakey->q, key->rsakey->p, &iqmp) != MP_OKAY) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1020 fprintf(stderr, "Bignum error for iqmp\n"); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1021 goto error; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1022 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1023 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1024 extrablob = buf_new(2000); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1025 buf_putmpint(extrablob, &dmp1); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1026 buf_putmpint(extrablob, &dmq1); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1027 buf_putmpint(extrablob, &iqmp); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1028 buf_setpos(extrablob, 0); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1029 mp_clear(&dmp1); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1030 mp_clear(&dmq1); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1031 mp_clear(&iqmp); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1032 mp_clear(&tmpval); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1033 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1034 /* dmp1 */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1035 numbers[6].bytes = buf_getint(extrablob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1036 numbers[6].start = buf_getptr(extrablob, numbers[6].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1037 buf_incrpos(extrablob, numbers[6].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1038 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1039 /* dmq1 */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1040 numbers[7].bytes = buf_getint(extrablob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1041 numbers[7].start = buf_getptr(extrablob, numbers[7].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1042 buf_incrpos(extrablob, numbers[7].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1043 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1044 /* iqmp */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1045 numbers[8].bytes = buf_getint(extrablob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1046 numbers[8].start = buf_getptr(extrablob, numbers[8].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1047 buf_incrpos(extrablob, numbers[8].bytes); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1048 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1049 nnumbers = 9; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1050 header = "-----BEGIN RSA PRIVATE KEY-----\n"; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1051 footer = "-----END RSA PRIVATE KEY-----\n"; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1052 } |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1053 #endif /* DROPBEAR_RSA */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1054 |
1499
2d450c1056e3
options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents:
1459
diff
changeset
|
1055 #if DROPBEAR_DSS |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1056 if (key->type == DROPBEAR_SIGNKEY_DSS) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1057 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1058 /* p */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1059 numbers[1].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1060 numbers[1].start = buf_getptr(keyblob, numbers[1].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1061 buf_incrpos(keyblob, numbers[1].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1062 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1063 /* q */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1064 numbers[2].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1065 numbers[2].start = buf_getptr(keyblob, numbers[2].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1066 buf_incrpos(keyblob, numbers[2].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1067 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1068 /* g */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1069 numbers[3].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1070 numbers[3].start = buf_getptr(keyblob, numbers[3].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1071 buf_incrpos(keyblob, numbers[3].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1072 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1073 /* y */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1074 numbers[4].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1075 numbers[4].start = buf_getptr(keyblob, numbers[4].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1076 buf_incrpos(keyblob, numbers[4].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1077 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1078 /* x */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1079 numbers[5].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1080 numbers[5].start = buf_getptr(keyblob, numbers[5].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1081 buf_incrpos(keyblob, numbers[5].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1082 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1083 nnumbers = 6; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1084 header = "-----BEGIN DSA PRIVATE KEY-----\n"; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1085 footer = "-----END DSA PRIVATE KEY-----\n"; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1086 } |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1087 #endif /* DROPBEAR_DSS */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1088 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1089 /* |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1090 * Now count up the total size of the ASN.1 encoded integers, |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1091 * so as to determine the length of the containing SEQUENCE. |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1092 */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1093 len = 0; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1094 for (i = 0; i < nnumbers; i++) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1095 len += ber_write_id_len(NULL, 2, numbers[i].bytes, 0); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1096 len += numbers[i].bytes; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1097 } |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1098 seqlen = len; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1099 /* Now add on the SEQUENCE header. */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1100 len += ber_write_id_len(NULL, 16, seqlen, ASN1_CONSTRUCTED); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1101 /* Round up to the cipher block size, ensuring we have at least one |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1102 * byte of padding (see below). */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1103 outlen = len; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1104 if (passphrase) |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1105 outlen = (outlen+8) &~ 7; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1106 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1107 /* |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1108 * Now we know how big outblob needs to be. Allocate it. |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1109 */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1110 outblob = (unsigned char*)m_malloc(outlen); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1111 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1112 /* |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1113 * And write the data into it. |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1114 */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1115 pos = 0; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1116 pos += ber_write_id_len(outblob+pos, 16, seqlen, ASN1_CONSTRUCTED); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1117 for (i = 0; i < nnumbers; i++) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1118 pos += ber_write_id_len(outblob+pos, 2, numbers[i].bytes, 0); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1119 memcpy(outblob+pos, numbers[i].start, numbers[i].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1120 pos += numbers[i].bytes; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1121 } |
857 | 1122 } /* end RSA and DSS handling */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1123 |
1295
750ec4ec4cbe
Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents:
1294
diff
changeset
|
1124 #if DROPBEAR_ECDSA |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1125 if (key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP256 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1126 || key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP384 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1127 || key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1128 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1129 /* SEC1 V2 appendix c.4 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1130 ECPrivateKey ::= SEQUENCE { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1131 version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1132 privateKey OCTET STRING, |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1133 parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL, |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1134 publicKey [1] BIT STRING OPTIONAL |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1135 } |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1136 */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1137 buffer *seq_buf = buf_new(400); |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
845
diff
changeset
|
1138 ecc_key **eck = (ecc_key**)signkey_key_ptr(key, key->type); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
845
diff
changeset
|
1139 const long curve_size = (*eck)->dp->size; |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1140 int curve_oid_len = 0; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1141 const void* curve_oid = NULL; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1142 unsigned long pubkey_size = 2*curve_size+1; |
1089
d144a6bece53
Uses k_size as an signed integer
Gaël PORTAY <gael.portay@gmail.com>
parents:
1045
diff
changeset
|
1143 int k_size; |
1038
d3925ed45a85
Fix for old compilers, variable declarations at beginning of functions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
1002
diff
changeset
|
1144 int err = 0; |
1692
1051e4eea25a
Update LibTomMath to 1.2.0 (#84)
Steffen Jaeckel <s@jaeckel.eu>
parents:
1674
diff
changeset
|
1145 size_t written; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1146 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1147 /* version. less than 10 bytes */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1148 buf_incrwritepos(seq_buf, |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1149 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 2, 1, 0)); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1150 buf_putbyte(seq_buf, 1); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1151 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1152 /* privateKey */ |
1692
1051e4eea25a
Update LibTomMath to 1.2.0 (#84)
Steffen Jaeckel <s@jaeckel.eu>
parents:
1674
diff
changeset
|
1153 k_size = mp_ubin_size((*eck)->k); |
867
d2d624c951ca
- Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
1154 dropbear_assert(k_size <= curve_size); |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1155 buf_incrwritepos(seq_buf, |
867
d2d624c951ca
- Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
1156 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 4, k_size, 0)); |
1692
1051e4eea25a
Update LibTomMath to 1.2.0 (#84)
Steffen Jaeckel <s@jaeckel.eu>
parents:
1674
diff
changeset
|
1157 if (mp_to_ubin((*eck)->k, buf_getwriteptr(seq_buf, k_size), k_size, &written) != MP_OKAY) { |
1051e4eea25a
Update LibTomMath to 1.2.0 (#84)
Steffen Jaeckel <s@jaeckel.eu>
parents:
1674
diff
changeset
|
1158 dropbear_exit("ECC error"); |
1051e4eea25a
Update LibTomMath to 1.2.0 (#84)
Steffen Jaeckel <s@jaeckel.eu>
parents:
1674
diff
changeset
|
1159 } |
1051e4eea25a
Update LibTomMath to 1.2.0 (#84)
Steffen Jaeckel <s@jaeckel.eu>
parents:
1674
diff
changeset
|
1160 buf_incrwritepos(seq_buf, written); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1161 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1162 /* SECGCurveNames */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1163 switch (key->type) |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1164 { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1165 case DROPBEAR_SIGNKEY_ECDSA_NISTP256: |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1166 curve_oid_len = sizeof(OID_SEC256R1_BLOB); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1167 curve_oid = OID_SEC256R1_BLOB; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1168 break; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1169 case DROPBEAR_SIGNKEY_ECDSA_NISTP384: |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1170 curve_oid_len = sizeof(OID_SEC384R1_BLOB); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1171 curve_oid = OID_SEC384R1_BLOB; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1172 break; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1173 case DROPBEAR_SIGNKEY_ECDSA_NISTP521: |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1174 curve_oid_len = sizeof(OID_SEC521R1_BLOB); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1175 curve_oid = OID_SEC521R1_BLOB; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1176 break; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1177 default: |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1178 dropbear_exit("Internal error"); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1179 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1180 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1181 buf_incrwritepos(seq_buf, |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1182 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 0, 2+curve_oid_len, 0xa0)); |
857 | 1183 /* object == 6 */ |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1184 buf_incrwritepos(seq_buf, |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1185 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 6, curve_oid_len, 0)); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1186 buf_putbytes(seq_buf, curve_oid, curve_oid_len); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1187 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1188 buf_incrwritepos(seq_buf, |
1638
315fcba6960e
dropbearconvert: keyimport.c: fix BER encoding of secp521r1 keys (#69)
Christian Hohnstädt <christian@hohnstaedt.de>
parents:
1499
diff
changeset
|
1189 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 1, |
315fcba6960e
dropbearconvert: keyimport.c: fix BER encoding of secp521r1 keys (#69)
Christian Hohnstädt <christian@hohnstaedt.de>
parents:
1499
diff
changeset
|
1190 (pubkey_size +1 < 128 ? 2 : 3 ) +1 +pubkey_size, 0xa0)); |
315fcba6960e
dropbearconvert: keyimport.c: fix BER encoding of secp521r1 keys (#69)
Christian Hohnstädt <christian@hohnstaedt.de>
parents:
1499
diff
changeset
|
1191 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1192 buf_incrwritepos(seq_buf, |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1193 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 3, 1+pubkey_size, 0)); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1194 buf_putbyte(seq_buf, 0); |
1038
d3925ed45a85
Fix for old compilers, variable declarations at beginning of functions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
1002
diff
changeset
|
1195 err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size); |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1196 if (err != CRYPT_OK) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1197 dropbear_exit("ECC error"); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1198 } |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1199 buf_incrwritepos(seq_buf, pubkey_size); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1200 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1201 buf_setpos(seq_buf, 0); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1202 |
867
d2d624c951ca
- Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
1203 outblob = (unsigned char*)m_malloc(1000); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1204 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1205 pos = 0; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1206 pos += ber_write_id_len(outblob+pos, 16, seq_buf->len, ASN1_CONSTRUCTED); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1207 memcpy(&outblob[pos], seq_buf->data, seq_buf->len); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1208 pos += seq_buf->len; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1209 len = pos; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1210 outlen = len; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1211 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1212 buf_burn(seq_buf); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1213 buf_free(seq_buf); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1214 seq_buf = NULL; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1215 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1216 header = "-----BEGIN EC PRIVATE KEY-----\n"; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1217 footer = "-----END EC PRIVATE KEY-----\n"; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1218 } |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1219 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1220 |
1659
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1221 #if DROPBEAR_ED25519 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1222 if (key->type == DROPBEAR_SIGNKEY_ED25519) { |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1223 buffer *buf = buf_new(300); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1224 keyblob = buf_new(100); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1225 extrablob = buf_new(200); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1226 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1227 /* private key blob w/o header */ |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1228 buf_put_priv_key(keyblob, key, key->type); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1229 buf_setpos(keyblob, 0); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1230 buf_incrpos(keyblob, buf_getint(keyblob)); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1231 len = buf_getint(keyblob); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1232 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1233 /* header */ |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1234 buf_putbytes(buf, OSSH_PKEY_BLOB, OSSH_PKEY_BLOBLEN); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1235 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1236 /* public key */ |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1237 buf_put_pub_key(buf, key, key->type); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1238 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1239 /* private key */ |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1240 buf_incrwritepos(extrablob, 4); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1241 buf_put_pub_key(extrablob, key, key->type); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1242 buf_putstring(extrablob, buf_getptr(keyblob, len), len); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1243 /* comment */ |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1244 buf_putstring(extrablob, "", 0); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1245 /* padding to cipher block length */ |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1246 len = (extrablob->len+8) & ~7; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1247 for (i = 1; len - extrablob->len > 0; i++) |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1248 buf_putbyte(extrablob, i); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1249 buf_setpos(extrablob, 0); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1250 buf_putbytes(extrablob, "\0\0\0\0\0\0\0\0", 8); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1251 buf_putbufstring(buf, extrablob); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1252 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1253 outlen = len = pos = buf->len; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1254 outblob = (unsigned char*)m_malloc(outlen); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1255 memcpy(outblob, buf->data, buf->len); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1256 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1257 buf_burn(buf); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1258 buf_free(buf); |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1259 buf = NULL; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1260 |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1261 header = "-----BEGIN OPENSSH PRIVATE KEY-----\n"; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1262 footer = "-----END OPENSSH PRIVATE KEY-----\n"; |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1263 } |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1264 #endif |
d32bcb5c557d
Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents:
1638
diff
changeset
|
1265 |
1308 | 1266 /* |
1267 * Padding on OpenSSH keys is deterministic. The number of | |
1268 * padding bytes is always more than zero, and always at most | |
1269 * the cipher block length. The value of each padding byte is | |
1270 * equal to the number of padding bytes. So a plaintext that's | |
1271 * an exact multiple of the block size will be padded with 08 | |
1272 * 08 08 08 08 08 08 08 (assuming a 64-bit block cipher); a | |
1273 * plaintext one byte less than a multiple of the block size | |
1274 * will be padded with just 01. | |
1275 * | |
1276 * This enables the OpenSSL key decryption function to strip | |
1277 * off the padding algorithmically and return the unpadded | |
1278 * plaintext to the next layer: it looks at the final byte, and | |
1279 * then expects to find that many bytes at the end of the data | |
1280 * with the same value. Those are all removed and the rest is | |
1281 * returned. | |
1282 */ | |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
87
diff
changeset
|
1283 dropbear_assert(pos == len); |
1308 | 1284 while (pos < outlen) { |
1285 outblob[pos++] = outlen - len; | |
1286 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1287 |
1308 | 1288 /* |
1289 * Encrypt the key. | |
1290 */ | |
1291 if (passphrase) { | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1292 fprintf(stderr, "Encrypted keys aren't supported currently\n"); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1293 goto error; |
1308 | 1294 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1295 |
1308 | 1296 /* |
1297 * And save it. We'll use Unix line endings just in case it's | |
1298 * subsequently transferred in binary mode. | |
1299 */ | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1300 if (strlen(filename) == 1 && filename[0] == '-') { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1301 fp = stdout; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1302 } else { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1303 fp = fopen(filename, "wb"); /* ensure Unix line endings */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1304 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1305 if (!fp) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1306 fprintf(stderr, "Failed opening output file\n"); |
1308 | 1307 goto error; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1308 } |
1308 | 1309 fputs(header, fp); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1310 base64_encode_fp(fp, outblob, outlen, 64); |
1308 | 1311 fputs(footer, fp); |
1312 fclose(fp); | |
1313 ret = 1; | |
1314 | |
1315 error: | |
1316 if (outblob) { | |
1317 memset(outblob, 0, outlen); | |
1318 m_free(outblob); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1319 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1320 if (keyblob) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1321 buf_burn(keyblob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1322 buf_free(keyblob); |
1308 | 1323 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1324 if (extrablob) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1325 buf_burn(extrablob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1326 buf_free(extrablob); |
1308 | 1327 } |
1328 return ret; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1329 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1330 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1331 #if 0 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1332 /* XXX TODO ssh.com stuff isn't going yet */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1333 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1334 /* ---------------------------------------------------------------------- |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1335 * Code to read ssh.com private keys. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1336 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1337 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1338 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1339 * The format of the base64 blob is largely ssh2-packet-formatted, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1340 * except that mpints are a bit different: they're more like the |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1341 * old ssh1 mpint. You have a 32-bit bit count N, followed by |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1342 * (N+7)/8 bytes of data. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1343 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1344 * So. The blob contains: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1345 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1346 * - uint32 0x3f6ff9eb (magic number) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1347 * - uint32 size (total blob size) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1348 * - string key-type (see below) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1349 * - string cipher-type (tells you if key is encrypted) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1350 * - string encrypted-blob |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1351 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1352 * (The first size field includes the size field itself and the |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1353 * magic number before it. All other size fields are ordinary ssh2 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1354 * strings, so the size field indicates how much data is to |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1355 * _follow_.) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1356 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1357 * The encrypted blob, once decrypted, contains a single string |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1358 * which in turn contains the payload. (This allows padding to be |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1359 * added after that string while still making it clear where the |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1360 * real payload ends. Also it probably makes for a reasonable |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1361 * decryption check.) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1362 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1363 * The payload blob, for an RSA key, contains: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1364 * - mpint e |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1365 * - mpint d |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1366 * - mpint n (yes, the public and private stuff is intermixed) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1367 * - mpint u (presumably inverse of p mod q) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1368 * - mpint p (p is the smaller prime) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1369 * - mpint q (q is the larger) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1370 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1371 * For a DSA key, the payload blob contains: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1372 * - uint32 0 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1373 * - mpint p |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1374 * - mpint g |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1375 * - mpint q |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1376 * - mpint y |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1377 * - mpint x |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1378 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1379 * Alternatively, if the parameters are `predefined', that |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1380 * (0,p,g,q) sequence can be replaced by a uint32 1 and a string |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1381 * containing some predefined parameter specification. *shudder*, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1382 * but I doubt we'll encounter this in real life. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1383 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1384 * The key type strings are ghastly. The RSA key I looked at had a |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1385 * type string of |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1386 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1387 * `if-modn{sign{rsa-pkcs1-sha1},encrypt{rsa-pkcs1v2-oaep}}' |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1388 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1389 * and the DSA key wasn't much better: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1390 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1391 * `dl-modp{sign{dsa-nist-sha1},dh{plain}}' |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1392 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1393 * It isn't clear that these will always be the same. I think it |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1394 * might be wise just to look at the `if-modn{sign{rsa' and |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1395 * `dl-modp{sign{dsa' prefixes. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1396 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1397 * Finally, the encryption. The cipher-type string appears to be |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1398 * either `none' or `3des-cbc'. Looks as if this is SSH2-style |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1399 * 3des-cbc (i.e. outer cbc rather than inner). The key is created |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1400 * from the passphrase by means of yet another hashing faff: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1401 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1402 * - first 16 bytes are MD5(passphrase) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1403 * - next 16 bytes are MD5(passphrase || first 16 bytes) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1404 * - if there were more, they'd be MD5(passphrase || first 32), |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1405 * and so on. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1406 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1407 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1408 #define SSHCOM_MAGIC_NUMBER 0x3f6ff9eb |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1409 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1410 struct sshcom_key { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1411 char comment[256]; /* allowing any length is overkill */ |
1308 | 1412 unsigned char *keyblob; |
1413 int keyblob_len, keyblob_size; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1414 }; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1415 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1416 static struct sshcom_key *load_sshcom_key(const char *filename) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1417 { |
1308 | 1418 struct sshcom_key *ret; |
1419 FILE *fp; | |
1420 char buffer[256]; | |
1421 int len; | |
1422 char *errmsg, *p; | |
1423 int headers_done; | |
1424 char base64_bit[4]; | |
1425 int base64_chars = 0; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1426 |
1308 | 1427 ret = snew(struct sshcom_key); |
1428 ret->comment[0] = '\0'; | |
1429 ret->keyblob = NULL; | |
1430 ret->keyblob_len = ret->keyblob_size = 0; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1431 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1432 fp = fopen(filename, "r"); |
1308 | 1433 if (!fp) { |
1434 errmsg = "Unable to open key file"; | |
1435 goto error; | |
1306
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
1436 } |
1308 | 1437 if (!fgets(buffer, sizeof(buffer), fp) || |
1438 0 != strcmp(buffer, "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----\n")) { | |
1439 errmsg = "File does not begin with ssh.com key header"; | |
1306
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
1440 goto error; |
1308 | 1441 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1442 |
1308 | 1443 headers_done = 0; |
1444 while (1) { | |
1445 if (!fgets(buffer, sizeof(buffer), fp)) { | |
1446 errmsg = "Unexpected end of file"; | |
1447 goto error; | |
1448 } | |
1449 if (!strcmp(buffer, "---- END SSH2 ENCRYPTED PRIVATE KEY ----\n")) | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1450 break; /* done */ |
1308 | 1451 if ((p = strchr(buffer, ':')) != NULL) { |
1452 if (headers_done) { | |
1453 errmsg = "Header found in body of key data"; | |
1454 goto error; | |
1455 } | |
1456 *p++ = '\0'; | |
1457 while (*p && isspace((unsigned char)*p)) p++; | |
1458 /* | |
1459 * Header lines can end in a trailing backslash for | |
1460 * continuation. | |
1461 */ | |
1462 while ((len = strlen(p)) > (int)(sizeof(buffer) - (p-buffer) -1) || | |
1463 p[len-1] != '\n' || p[len-2] == '\\') { | |
1464 if (len > (int)((p-buffer) + sizeof(buffer)-2)) { | |
1465 errmsg = "Header line too long to deal with"; | |
1466 goto error; | |
1467 } | |
1468 if (!fgets(p+len-2, sizeof(buffer)-(p-buffer)-(len-2), fp)) { | |
1469 errmsg = "Unexpected end of file"; | |
1470 goto error; | |
1471 } | |
1472 } | |
1473 p[strcspn(p, "\n")] = '\0'; | |
1474 if (!strcmp(buffer, "Comment")) { | |
1475 /* Strip quotes in comment if present. */ | |
1476 if (p[0] == '"' && p[strlen(p)-1] == '"') { | |
1477 p++; | |
1478 p[strlen(p)-1] = '\0'; | |
1479 } | |
1480 strncpy(ret->comment, p, sizeof(ret->comment)); | |
1481 ret->comment[sizeof(ret->comment)-1] = '\0'; | |
1482 } | |
1483 } else { | |
1484 headers_done = 1; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1485 |
1308 | 1486 p = buffer; |
1487 while (isbase64(*p)) { | |
1488 base64_bit[base64_chars++] = *p; | |
1489 if (base64_chars == 4) { | |
1490 unsigned char out[3]; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1491 |
1308 | 1492 base64_chars = 0; |
1493 | |
1494 len = base64_decode_atom(base64_bit, out); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1495 |
1308 | 1496 if (len <= 0) { |
1497 errmsg = "Invalid base64 encoding"; | |
1498 goto error; | |
1499 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1500 |
1308 | 1501 if (ret->keyblob_len + len > ret->keyblob_size) { |
1502 ret->keyblob_size = ret->keyblob_len + len + 256; | |
1503 ret->keyblob = sresize(ret->keyblob, ret->keyblob_size, | |
1504 unsigned char); | |
1505 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1506 |
1308 | 1507 memcpy(ret->keyblob + ret->keyblob_len, out, len); |
1508 ret->keyblob_len += len; | |
1509 } | |
1510 | |
1511 p++; | |
1512 } | |
1513 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1514 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1515 |
1308 | 1516 if (ret->keyblob_len == 0 || !ret->keyblob) { |
1517 errmsg = "Key body not present"; | |
1518 goto error; | |
1519 } | |
1306
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
1520 |
1308 | 1521 return ret; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1522 |
1308 | 1523 error: |
1524 if (ret) { | |
1525 if (ret->keyblob) { | |
1526 memset(ret->keyblob, 0, ret->keyblob_size); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1527 m_free(ret->keyblob); |
1308 | 1528 } |
1529 memset(ret, 0, sizeof(*ret)); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1530 m_free(ret); |
1308 | 1531 } |
1532 return NULL; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1533 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1534 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1535 int sshcom_encrypted(const char *filename, char **comment) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1536 { |
1308 | 1537 struct sshcom_key *key = load_sshcom_key(filename); |
1538 int pos, len, answer; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1539 |
1308 | 1540 *comment = NULL; |
1541 if (!key) | |
1542 return 0; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1543 |
1308 | 1544 /* |
1545 * Check magic number. | |
1546 */ | |
1547 if (GET_32BIT(key->keyblob) != 0x3f6ff9eb) | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1548 return 0; /* key is invalid */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1549 |
1308 | 1550 /* |
1551 * Find the cipher-type string. | |
1552 */ | |
1553 answer = 0; | |
1554 pos = 8; | |
1555 if (key->keyblob_len < pos+4) | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1556 goto done; /* key is far too short */ |
1308 | 1557 len = toint(GET_32BIT(key->keyblob + pos)); |
1558 if (len < 0 || len > key->keyblob_len - pos - 4) | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1559 goto done; /* key is far too short */ |
1308 | 1560 pos += 4 + len; /* skip key type */ |
1561 len = toint(GET_32BIT(key->keyblob + pos)); /* find cipher-type length */ | |
1562 if (len < 0 || len > key->keyblob_len - pos - 4) | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1563 goto done; /* cipher type string is incomplete */ |
1308 | 1564 if (len != 4 || 0 != memcmp(key->keyblob + pos + 4, "none", 4)) |
1565 answer = 1; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1566 |
1308 | 1567 done: |
1568 *comment = dupstr(key->comment); | |
1569 memset(key->keyblob, 0, key->keyblob_size); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1570 m_free(key->keyblob); |
1308 | 1571 memset(key, 0, sizeof(*key)); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1572 m_free(key); |
1308 | 1573 return answer; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1574 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1575 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1576 static int sshcom_read_mpint(void *data, int len, struct mpint_pos *ret) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1577 { |
1308 | 1578 unsigned bits, bytes; |
1579 unsigned char *d = (unsigned char *) data; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1580 |
1308 | 1581 if (len < 4) |
1582 goto error; | |
1583 bits = GET_32BIT(d); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1584 |
1308 | 1585 bytes = (bits + 7) / 8; |
1586 if (len < 4+bytes) | |
1587 goto error; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1588 |
1308 | 1589 ret->start = d + 4; |
1590 ret->bytes = bytes; | |
1591 return bytes+4; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1592 |
1308 | 1593 error: |
1594 ret->start = NULL; | |
1595 ret->bytes = -1; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1596 return len; /* ensure further calls fail as well */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1597 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1598 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1599 static int sshcom_put_mpint(void *target, void *data, int len) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1600 { |
1308 | 1601 unsigned char *d = (unsigned char *)target; |
1602 unsigned char *i = (unsigned char *)data; | |
1603 int bits = len * 8 - 1; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1604 |
1308 | 1605 while (bits > 0) { |
1606 if (*i & (1 << (bits & 7))) | |
1607 break; | |
1608 if (!(bits-- & 7)) | |
1609 i++, len--; | |
1610 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1611 |
1308 | 1612 PUT_32BIT(d, bits+1); |
1613 memcpy(d+4, i, len); | |
1614 return len+4; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1615 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1616 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1617 sign_key *sshcom_read(const char *filename, char *passphrase) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1618 { |
1308 | 1619 struct sshcom_key *key = load_sshcom_key(filename); |
1620 char *errmsg; | |
1621 int pos, len; | |
1622 const char prefix_rsa[] = "if-modn{sign{rsa"; | |
1623 const char prefix_dsa[] = "dl-modp{sign{dsa"; | |
1624 enum { RSA, DSA } type; | |
1625 int encrypted; | |
1626 char *ciphertext; | |
1627 int cipherlen; | |
1628 struct ssh2_userkey *ret = NULL, *retkey; | |
1629 const struct ssh_signkey *alg; | |
1630 unsigned char *blob = NULL; | |
1631 int blobsize = 0, publen, privlen; | |
1306
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
1632 |
1308 | 1633 if (!key) |
1634 return NULL; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1635 |
1308 | 1636 /* |
1637 * Check magic number. | |
1638 */ | |
1639 if (GET_32BIT(key->keyblob) != SSHCOM_MAGIC_NUMBER) { | |
1640 errmsg = "Key does not begin with magic number"; | |
1641 goto error; | |
1642 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1643 |
1308 | 1644 /* |
1645 * Determine the key type. | |
1646 */ | |
1647 pos = 8; | |
1648 if (key->keyblob_len < pos+4 || | |
1649 (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) { | |
1650 errmsg = "Key blob does not contain a key type string"; | |
1651 goto error; | |
1652 } | |
1653 if (len > sizeof(prefix_rsa) - 1 && | |
1654 !memcmp(key->keyblob+pos+4, prefix_rsa, sizeof(prefix_rsa) - 1)) { | |
1655 type = RSA; | |
1656 } else if (len > sizeof(prefix_dsa) - 1 && | |
1657 !memcmp(key->keyblob+pos+4, prefix_dsa, sizeof(prefix_dsa) - 1)) { | |
1658 type = DSA; | |
1659 } else { | |
1660 errmsg = "Key is of unknown type"; | |
1661 goto error; | |
1662 } | |
1663 pos += 4+len; | |
1306
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
1664 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1665 /* |
1308 | 1666 * Determine the cipher type. |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1667 */ |
1308 | 1668 if (key->keyblob_len < pos+4 || |
1669 (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) { | |
1670 errmsg = "Key blob does not contain a cipher type string"; | |
1671 goto error; | |
1672 } | |
1673 if (len == 4 && !memcmp(key->keyblob+pos+4, "none", 4)) | |
1674 encrypted = 0; | |
1675 else if (len == 8 && !memcmp(key->keyblob+pos+4, "3des-cbc", 8)) | |
1676 encrypted = 1; | |
1677 else { | |
1678 errmsg = "Key encryption is of unknown type"; | |
1679 goto error; | |
1680 } | |
1681 pos += 4+len; | |
1306
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
1682 |
1308 | 1683 /* |
1684 * Get hold of the encrypted part of the key. | |
1685 */ | |
1686 if (key->keyblob_len < pos+4 || | |
1687 (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) { | |
1688 errmsg = "Key blob does not contain actual key data"; | |
1689 goto error; | |
1690 } | |
1691 ciphertext = (char *)key->keyblob + pos + 4; | |
1692 cipherlen = len; | |
1693 if (cipherlen == 0) { | |
1694 errmsg = "Length of key data is zero"; | |
1695 goto error; | |
1696 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1697 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1698 /* |
1308 | 1699 * Decrypt it if necessary. |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1700 */ |
1308 | 1701 if (encrypted) { |
1702 /* | |
1703 * Derive encryption key from passphrase and iv/salt: | |
1704 * | |
1705 * - let block A equal MD5(passphrase) | |
1706 * - let block B equal MD5(passphrase || A) | |
1707 * - block C would be MD5(passphrase || A || B) and so on | |
1708 * - encryption key is the first N bytes of A || B | |
1709 */ | |
1710 struct MD5Context md5c; | |
1711 unsigned char keybuf[32], iv[8]; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1712 |
1308 | 1713 if (cipherlen % 8 != 0) { |
1714 errmsg = "Encrypted part of key is not a multiple of cipher block" | |
1715 " size"; | |
1716 goto error; | |
1717 } | |
1718 | |
1719 MD5Init(&md5c); | |
1720 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); | |
1721 MD5Final(keybuf, &md5c); | |
1722 | |
1723 MD5Init(&md5c); | |
1724 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); | |
1725 MD5Update(&md5c, keybuf, 16); | |
1726 MD5Final(keybuf+16, &md5c); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1727 |
1308 | 1728 /* |
1729 * Now decrypt the key blob. | |
1730 */ | |
1731 memset(iv, 0, sizeof(iv)); | |
1732 des3_decrypt_pubkey_ossh(keybuf, iv, (unsigned char *)ciphertext, | |
1733 cipherlen); | |
1734 | |
1735 memset(&md5c, 0, sizeof(md5c)); | |
1736 memset(keybuf, 0, sizeof(keybuf)); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1737 |
1308 | 1738 /* |
1739 * Hereafter we return WRONG_PASSPHRASE for any parsing | |
1740 * error. (But only if we've just tried to decrypt it! | |
1741 * Returning WRONG_PASSPHRASE for an unencrypted key is | |
1742 * automatic doom.) | |
1743 */ | |
1744 if (encrypted) | |
1745 ret = SSH2_WRONG_PASSPHRASE; | |
1746 } | |
1747 | |
1748 /* | |
1749 * Strip away the containing string to get to the real meat. | |
1750 */ | |
1751 len = toint(GET_32BIT(ciphertext)); | |
1752 if (len < 0 || len > cipherlen-4) { | |
1753 errmsg = "containing string was ill-formed"; | |
1754 goto error; | |
1755 } | |
1756 ciphertext += 4; | |
1757 cipherlen = len; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1758 |
1308 | 1759 /* |
1760 * Now we break down into RSA versus DSA. In either case we'll | |
1761 * construct public and private blobs in our own format, and | |
1762 * end up feeding them to alg->createkey(). | |
1763 */ | |
1764 blobsize = cipherlen + 256; | |
1765 blob = snewn(blobsize, unsigned char); | |
1766 privlen = 0; | |
1767 if (type == RSA) { | |
1768 struct mpint_pos n, e, d, u, p, q; | |
1769 int pos = 0; | |
1770 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &e); | |
1771 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &d); | |
1772 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &n); | |
1773 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &u); | |
1774 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &p); | |
1775 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &q); | |
1776 if (!q.start) { | |
1777 errmsg = "key data did not contain six integers"; | |
1778 goto error; | |
1779 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1780 |
1308 | 1781 alg = &ssh_rsa; |
1782 pos = 0; | |
1783 pos += put_string(blob+pos, "ssh-rsa", 7); | |
1784 pos += put_mp(blob+pos, e.start, e.bytes); | |
1785 pos += put_mp(blob+pos, n.start, n.bytes); | |
1786 publen = pos; | |
1787 pos += put_string(blob+pos, d.start, d.bytes); | |
1788 pos += put_mp(blob+pos, q.start, q.bytes); | |
1789 pos += put_mp(blob+pos, p.start, p.bytes); | |
1790 pos += put_mp(blob+pos, u.start, u.bytes); | |
1791 privlen = pos - publen; | |
1792 } else if (type == DSA) { | |
1793 struct mpint_pos p, q, g, x, y; | |
1794 int pos = 4; | |
1795 if (GET_32BIT(ciphertext) != 0) { | |
1796 errmsg = "predefined DSA parameters not supported"; | |
1797 goto error; | |
1798 } | |
1799 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &p); | |
1800 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &g); | |
1801 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &q); | |
1802 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &y); | |
1803 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &x); | |
1804 if (!x.start) { | |
1805 errmsg = "key data did not contain five integers"; | |
1806 goto error; | |
1807 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1808 |
1308 | 1809 alg = &ssh_dss; |
1810 pos = 0; | |
1811 pos += put_string(blob+pos, "ssh-dss", 7); | |
1812 pos += put_mp(blob+pos, p.start, p.bytes); | |
1813 pos += put_mp(blob+pos, q.start, q.bytes); | |
1814 pos += put_mp(blob+pos, g.start, g.bytes); | |
1815 pos += put_mp(blob+pos, y.start, y.bytes); | |
1816 publen = pos; | |
1817 pos += put_mp(blob+pos, x.start, x.bytes); | |
1818 privlen = pos - publen; | |
1819 } else | |
1820 return NULL; | |
1821 | |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
87
diff
changeset
|
1822 dropbear_assert(privlen > 0); /* should have bombed by now if not */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1823 |
1308 | 1824 retkey = snew(struct ssh2_userkey); |
1825 retkey->alg = alg; | |
1826 retkey->data = alg->createkey(blob, publen, blob+publen, privlen); | |
1827 if (!retkey->data) { | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1828 m_free(retkey); |
1308 | 1829 errmsg = "unable to create key data structure"; |
1830 goto error; | |
1831 } | |
1832 retkey->comment = dupstr(key->comment); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1833 |
1308 | 1834 errmsg = NULL; /* no error */ |
1835 ret = retkey; | |
1836 | |
1837 error: | |
1838 if (blob) { | |
1839 memset(blob, 0, blobsize); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1840 m_free(blob); |
1308 | 1841 } |
1842 memset(key->keyblob, 0, key->keyblob_size); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1843 m_free(key->keyblob); |
1308 | 1844 memset(key, 0, sizeof(*key)); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1845 m_free(key); |
1308 | 1846 return ret; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1847 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1848 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1849 int sshcom_write(const char *filename, sign_key *key, |
1308 | 1850 char *passphrase) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1851 { |
1308 | 1852 unsigned char *pubblob, *privblob; |
1853 int publen, privlen; | |
1854 unsigned char *outblob; | |
1855 int outlen; | |
1856 struct mpint_pos numbers[6]; | |
1857 int nnumbers, initial_zero, pos, lenpos, i; | |
1858 char *type; | |
1859 char *ciphertext; | |
1860 int cipherlen; | |
1861 int ret = 0; | |
1862 FILE *fp; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1863 |
1308 | 1864 /* |
1865 * Fetch the key blobs. | |
1866 */ | |
1867 pubblob = key->alg->public_blob(key->data, &publen); | |
1868 privblob = key->alg->private_blob(key->data, &privlen); | |
1869 outblob = NULL; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1870 |
1308 | 1871 /* |
1872 * Find the sequence of integers to be encoded into the OpenSSH | |
1873 * key blob, and also decide on the header line. | |
1874 */ | |
1875 if (key->alg == &ssh_rsa) { | |
1876 int pos; | |
1877 struct mpint_pos n, e, d, p, q, iqmp; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1878 |
1308 | 1879 pos = 4 + GET_32BIT(pubblob); |
1880 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &e); | |
1881 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &n); | |
1882 pos = 0; | |
1883 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &d); | |
1884 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &p); | |
1885 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &q); | |
1886 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &iqmp); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1887 |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
87
diff
changeset
|
1888 dropbear_assert(e.start && iqmp.start); /* can't go wrong */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1889 |
1308 | 1890 numbers[0] = e; |
1891 numbers[1] = d; | |
1892 numbers[2] = n; | |
1893 numbers[3] = iqmp; | |
1894 numbers[4] = q; | |
1895 numbers[5] = p; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1896 |
1308 | 1897 nnumbers = 6; |
1898 initial_zero = 0; | |
1899 type = "if-modn{sign{rsa-pkcs1-sha1},encrypt{rsa-pkcs1v2-oaep}}"; | |
1900 } else if (key->alg == &ssh_dss) { | |
1901 int pos; | |
1902 struct mpint_pos p, q, g, y, x; | |
1903 | |
1904 pos = 4 + GET_32BIT(pubblob); | |
1905 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &p); | |
1906 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &q); | |
1907 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &g); | |
1908 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &y); | |
1909 pos = 0; | |
1910 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &x); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1911 |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
87
diff
changeset
|
1912 dropbear_assert(y.start && x.start); /* can't go wrong */ |
1308 | 1913 |
1914 numbers[0] = p; | |
1915 numbers[1] = g; | |
1916 numbers[2] = q; | |
1917 numbers[3] = y; | |
1918 numbers[4] = x; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1919 |
1308 | 1920 nnumbers = 5; |
1921 initial_zero = 1; | |
1922 type = "dl-modp{sign{dsa-nist-sha1},dh{plain}}"; | |
1923 } else { | |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
87
diff
changeset
|
1924 dropbear_assert(0); /* zoinks! */ |
1308 | 1925 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1926 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1927 /* |
1308 | 1928 * Total size of key blob will be somewhere under 512 plus |
1929 * combined length of integers. We'll calculate the more | |
1930 * precise size as we construct the blob. | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1931 */ |
1308 | 1932 outlen = 512; |
1933 for (i = 0; i < nnumbers; i++) | |
1934 outlen += 4 + numbers[i].bytes; | |
1935 outblob = snewn(outlen, unsigned char); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1936 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1937 /* |
1308 | 1938 * Create the unencrypted key blob. |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1939 */ |
1308 | 1940 pos = 0; |
1941 PUT_32BIT(outblob+pos, SSHCOM_MAGIC_NUMBER); pos += 4; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1942 pos += 4; /* length field, fill in later */ |
1308 | 1943 pos += put_string(outblob+pos, type, strlen(type)); |
1944 { | |
1945 char *ciphertype = passphrase ? "3des-cbc" : "none"; | |
1946 pos += put_string(outblob+pos, ciphertype, strlen(ciphertype)); | |
1947 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1948 lenpos = pos; /* remember this position */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1949 pos += 4; /* encrypted-blob size */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1950 pos += 4; /* encrypted-payload size */ |
1308 | 1951 if (initial_zero) { |
1952 PUT_32BIT(outblob+pos, 0); | |
1953 pos += 4; | |
1954 } | |
1955 for (i = 0; i < nnumbers; i++) | |
1956 pos += sshcom_put_mpint(outblob+pos, | |
1957 numbers[i].start, numbers[i].bytes); | |
1958 /* Now wrap up the encrypted payload. */ | |
1959 PUT_32BIT(outblob+lenpos+4, pos - (lenpos+8)); | |
1960 /* Pad encrypted blob to a multiple of cipher block size. */ | |
1961 if (passphrase) { | |
1962 int padding = -(pos - (lenpos+4)) & 7; | |
1963 while (padding--) | |
1964 outblob[pos++] = random_byte(); | |
1965 } | |
1966 ciphertext = (char *)outblob+lenpos+4; | |
1967 cipherlen = pos - (lenpos+4); | |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
87
diff
changeset
|
1968 dropbear_assert(!passphrase || cipherlen % 8 == 0); |
1308 | 1969 /* Wrap up the encrypted blob string. */ |
1970 PUT_32BIT(outblob+lenpos, cipherlen); | |
1971 /* And finally fill in the total length field. */ | |
1972 PUT_32BIT(outblob+4, pos); | |
1306
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
1973 |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
87
diff
changeset
|
1974 dropbear_assert(pos < outlen); |
1308 | 1975 |
1976 /* | |
1977 * Encrypt the key. | |
1978 */ | |
1979 if (passphrase) { | |
1980 /* | |
1981 * Derive encryption key from passphrase and iv/salt: | |
1982 * | |
1983 * - let block A equal MD5(passphrase) | |
1984 * - let block B equal MD5(passphrase || A) | |
1985 * - block C would be MD5(passphrase || A || B) and so on | |
1986 * - encryption key is the first N bytes of A || B | |
1987 */ | |
1988 struct MD5Context md5c; | |
1989 unsigned char keybuf[32], iv[8]; | |
1990 | |
1991 MD5Init(&md5c); | |
1992 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); | |
1993 MD5Final(keybuf, &md5c); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1994 |
1308 | 1995 MD5Init(&md5c); |
1996 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); | |
1997 MD5Update(&md5c, keybuf, 16); | |
1998 MD5Final(keybuf+16, &md5c); | |
1999 | |
2000 /* | |
2001 * Now decrypt the key blob. | |
2002 */ | |
2003 memset(iv, 0, sizeof(iv)); | |
2004 des3_encrypt_pubkey_ossh(keybuf, iv, (unsigned char *)ciphertext, | |
2005 cipherlen); | |
2006 | |
2007 memset(&md5c, 0, sizeof(md5c)); | |
2008 memset(keybuf, 0, sizeof(keybuf)); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2009 } |
1306
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
2010 |
1308 | 2011 /* |
2012 * And save it. We'll use Unix line endings just in case it's | |
2013 * subsequently transferred in binary mode. | |
2014 */ | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2015 fp = fopen(filename, "wb"); /* ensure Unix line endings */ |
1308 | 2016 if (!fp) |
2017 goto error; | |
2018 fputs("---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----\n", fp); | |
2019 fprintf(fp, "Comment: \""); | |
2020 /* | |
2021 * Comment header is broken with backslash-newline if it goes | |
2022 * over 70 chars. Although it's surrounded by quotes, it | |
2023 * _doesn't_ escape backslashes or quotes within the string. | |
2024 * Don't ask me, I didn't design it. | |
2025 */ | |
2026 { | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2027 int slen = 60; /* starts at 60 due to "Comment: " */ |
1308 | 2028 char *c = key->comment; |
2029 while ((int)strlen(c) > slen) { | |
2030 fprintf(fp, "%.*s\\\n", slen, c); | |
2031 c += slen; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2032 slen = 70; /* allow 70 chars on subsequent lines */ |
1308 | 2033 } |
2034 fprintf(fp, "%s\"\n", c); | |
2035 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2036 base64_encode_fp(fp, outblob, pos, 70); |
1308 | 2037 fputs("---- END SSH2 ENCRYPTED PRIVATE KEY ----\n", fp); |
2038 fclose(fp); | |
2039 ret = 1; | |
2040 | |
2041 error: | |
2042 if (outblob) { | |
2043 memset(outblob, 0, outlen); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2044 m_free(outblob); |
1308 | 2045 } |
2046 if (privblob) { | |
2047 memset(privblob, 0, privlen); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2048 m_free(privblob); |
1308 | 2049 } |
2050 if (pubblob) { | |
2051 memset(pubblob, 0, publen); | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2052 m_free(pubblob); |
1308 | 2053 } |
2054 return ret; | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2055 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2056 #endif /* ssh.com stuff disabled */ |
1306
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
2057 |
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
2058 /* From PuTTY misc.c */ |
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
2059 static int toint(unsigned u) |
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
2060 { |
1308 | 2061 /* |
2062 * Convert an unsigned to an int, without running into the | |
2063 * undefined behaviour which happens by the strict C standard if | |
2064 * the value overflows. You'd hope that sensible compilers would | |
2065 * do the sensible thing in response to a cast, but actually I | |
2066 * don't trust modern compilers not to do silly things like | |
2067 * assuming that _obviously_ you wouldn't have caused an overflow | |
2068 * and so they can elide an 'if (i < 0)' test immediately after | |
2069 * the cast. | |
2070 * | |
2071 * Sensible compilers ought of course to optimise this entire | |
2072 * function into 'just return the input value'! | |
2073 */ | |
2074 if (u <= (unsigned)INT_MAX) | |
2075 return (int)u; | |
2076 else if (u >= (unsigned)INT_MIN) /* wrap in cast _to_ unsigned is OK */ | |
2077 return INT_MIN + (int)(u - (unsigned)INT_MIN); | |
2078 else | |
2079 return INT_MIN; /* fallback; should never occur on binary machines */ | |
1306
34e6127ef02e
merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents:
1250
diff
changeset
|
2080 } |