dropbear: keyimport.c annotate

annotate keyimport.c @ 1156:a8f4dade70e5

avoid getpass when not used some systems (like android's bionic) do not provide getpass. you can disable ENABLE_CLI_PASSWORD_AUTH & ENABLE_CLI_INTERACT_AUTH to avoid its use (and rely on pubkey auth), but the link still fails because the support file calls getpass. do not define this func if both of those auth methods are not used.

author	Mike Frysinger <vapier@gentoo.org>
date	Wed, 21 Oct 2015 22:39:55 +0800
parents	6aeadee3f16b
children	2bb4c662d1c2

rev	line source
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	2 * Based on PuTTY's import.c for importing/exporting OpenSSH and SSH.com
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	3 * keyfiles.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	4 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	5 * Modifications copyright 2003 Matt Johnston
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	6 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	7 * PuTTY is copyright 1997-2003 Simon Tatham.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	8 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	9 * Portions copyright Robert de Bath, Joris van Rantwijk, Delian
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	10 * Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	11 * Justin Bradford, and CORE SDI S.A.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	12 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	13 * Permission is hereby granted, free of charge, to any person
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	14 * obtaining a copy of this software and associated documentation files
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	15 * (the "Software"), to deal in the Software without restriction,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	16 * including without limitation the rights to use, copy, modify, merge,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	17 * publish, distribute, sublicense, and/or sell copies of the Software,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	18 * and to permit persons to whom the Software is furnished to do so,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	19 * subject to the following conditions:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	20 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	21 * The above copyright notice and this permission notice shall be
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	22 * included in all copies or substantial portions of the Software.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	23 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	27 * NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	28 * FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	29 * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	30 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	31 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	32
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	33 #include "keyimport.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	34 #include "bignum.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	35 #include "buffer.h"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	36 #include "dbutil.h"
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	37 #include "ecc.h"
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	38
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	39 static const unsigned char OID_SEC256R1_BLOB[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07};
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	40 static const unsigned char OID_SEC384R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x22};
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	41 static const unsigned char OID_SEC521R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x23};
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	42
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	43 #define PUT_32BIT(cp, value) do { \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	44 (cp)[3] = (unsigned char)(value); \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	45 (cp)[2] = (unsigned char)((value) >> 8); \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	46 (cp)[1] = (unsigned char)((value) >> 16); \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	47 (cp)[0] = (unsigned char)((value) >> 24); } while (0)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	48
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	49 #define GET_32BIT(cp) \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	50 (((unsigned long)(unsigned char)(cp)[0] << 24) \| \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	51 ((unsigned long)(unsigned char)(cp)[1] << 16) \| \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	52 ((unsigned long)(unsigned char)(cp)[2] << 8) \| \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	53 ((unsigned long)(unsigned char)(cp)[3]))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	54
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	55 static int openssh_encrypted(const char *filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	56 static sign_key openssh_read(const char filename, char *passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	57 static int openssh_write(const char filename, sign_key key,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	58 char *passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	59
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	60 static int dropbear_write(const charfilename, sign_key key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	61 static sign_key dropbear_read(const char filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	62
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	63 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	64 static int sshcom_encrypted(const char filename, char *comment);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	65 static struct ssh2_userkey sshcom_read(const char filename, char *passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	66 static int sshcom_write(const char filename, struct ssh2_userkey key,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	67 char *passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	68 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	69
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	70 int import_encrypted(const char* filename, int filetype) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	71
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	72 if (filetype == KEYFILE_OPENSSH) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	73 return openssh_encrypted(filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	74 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	75 } else if (filetype == KEYFILE_SSHCOM) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	76 return sshcom_encrypted(filename, NULL);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	77 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	78 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	79 return 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	80 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	81
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	82 sign_key import_read(const char filename, char *passphrase, int filetype) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	83
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	84 if (filetype == KEYFILE_OPENSSH) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	85 return openssh_read(filename, passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	86 } else if (filetype == KEYFILE_DROPBEAR) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	87 return dropbear_read(filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	88 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	89 } else if (filetype == KEYFILE_SSHCOM) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	90 return sshcom_read(filename, passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	91 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	92 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	93 return NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	94 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	95
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	96 int import_write(const char filename, sign_key key, char *passphrase,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	97 int filetype) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	98
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	99 if (filetype == KEYFILE_OPENSSH) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	100 return openssh_write(filename, key, passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	101 } else if (filetype == KEYFILE_DROPBEAR) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	102 return dropbear_write(filename, key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	103 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	104 } else if (filetype == KEYFILE_SSHCOM) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	105 return sshcom_write(filename, key, passphrase);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	106 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	107 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	108 return 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	109 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	110
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	111 static sign_key dropbear_read(const char filename) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	112
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	113 buffer * buf = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	114 sign_key *ret = NULL;
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 845 diff changeset	115 enum signkey_type type;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	116
73 0bf5cebe622c Dropbearkey can now print out pubkey portions Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	117 buf = buf_new(MAX_PRIVKEY_SIZE);
0bf5cebe622c Dropbearkey can now print out pubkey portions Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	118 if (buf_readfile(buf, filename) == DROPBEAR_FAILURE) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	119 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	120 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	121
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	122 buf_setpos(buf, 0);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	123 ret = new_sign_key();
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	124
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	125 type = DROPBEAR_SIGNKEY_ANY;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	126 if (buf_get_priv_key(buf, ret, &type) == DROPBEAR_FAILURE){
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	127 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	128 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	129 buf_free(buf);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	130
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	131 ret->type = type;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	132
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	133 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	134
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	135 error:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	136 if (buf) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	137 buf_free(buf);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	138 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	139 if (ret) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	140 sign_key_free(ret);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	141 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	142 return NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	143 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	144
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	145 /* returns 0 on fail, 1 on success */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	146 static int dropbear_write(const charfilename, sign_key key) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	147
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	148 buffer * buf;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	149 FILE*fp;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	150 int len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	151 int ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	152
73 0bf5cebe622c Dropbearkey can now print out pubkey portions Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	153 buf = buf_new(MAX_PRIVKEY_SIZE);
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	154 buf_put_priv_key(buf, key, key->type);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	155
87 680a0bc9df0a Some small fixes for unused vars, and old messages Matt Johnston <matt@ucc.asn.au> parents: 73 diff changeset	156 fp = fopen(filename, "w");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	157 if (!fp) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	158 ret = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	159 goto out;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	160 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	161
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	162 buf_setpos(buf, 0);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	163 do {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	164 len = fwrite(buf_getptr(buf, buf->len - buf->pos),
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	165 1, buf->len - buf->pos, fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	166 buf_incrpos(buf, len);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	167 } while (len > 0 && buf->len != buf->pos);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	168
256 ac890087b8c1 * keyimport.c: fclose() the key file to make sure data gets written Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	169 fclose(fp);
ac890087b8c1 * keyimport.c: fclose() the key file to make sure data gets written Matt Johnston <matt@ucc.asn.au> parents: 241 diff changeset	170
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	171 if (buf->pos != buf->len) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	172 ret = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	173 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	174 ret = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	175 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	176 out:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	177 buf_free(buf);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	178 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	179 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	180
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	181
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	182 /* ----------------------------------------------------------------------
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	183 * Helper routines. (The base64 ones are defined in sshpubk.c.)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	184 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	185
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	186 #define isbase64(c) ( ((c) >= 'A' && (c) <= 'Z') \|\| \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	187 ((c) >= 'a' && (c) <= 'z') \|\| \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	188 ((c) >= '0' && (c) <= '9') \|\| \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	189 (c) == '+' \|\| (c) == '/' \|\| (c) == '=' \
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	190 )
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	191
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	192 /* cpl has to be less than 100 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	193 static void base64_encode_fp(FILE * fp, unsigned char *data,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	194 int datalen, int cpl)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	195 {
1094 c45d65392c1a Fix pointer differ in signess warnings [-Werror=pointer-sign] Gaël PORTAY <gael.portay@gmail.com> parents: 1089 diff changeset	196 unsigned char out[100];
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	197 int n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	198 unsigned long outlen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	199 int rawcpl;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	200 rawcpl = cpl * 3 / 4;
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	201 dropbear_assert((unsigned int)cpl < sizeof(out));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	202
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	203 while (datalen > 0) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	204 n = (datalen < rawcpl ? datalen : rawcpl);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	205 outlen = sizeof(out);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	206 base64_encode(data, n, out, &outlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	207 data += n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	208 datalen -= n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	209 fwrite(out, 1, outlen, fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	210 fputc('\n', fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	211 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	212 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	213 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	214 * Read an ASN.1/BER identifier and length pair.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	215 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	216 * Flags are a combination of the #defines listed below.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	217 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	218 * Returns -1 if unsuccessful; otherwise returns the number of
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	219 * bytes used out of the source data.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	220 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	221
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	222 /* ASN.1 tag classes. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	223 #define ASN1_CLASS_UNIVERSAL (0 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	224 #define ASN1_CLASS_APPLICATION (1 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	225 #define ASN1_CLASS_CONTEXT_SPECIFIC (2 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	226 #define ASN1_CLASS_PRIVATE (3 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	227 #define ASN1_CLASS_MASK (3 << 6)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	228
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	229 /* Primitive versus constructed bit. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	230 #define ASN1_CONSTRUCTED (1 << 5)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	231
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	232 static int ber_read_id_len(void *source, int sourcelen,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	233 int id, int length, int *flags)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	234 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	235 unsigned char p = (unsigned char ) source;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	236
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	237 if (sourcelen == 0)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	238 return -1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	239
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	240 flags = (p & 0xE0);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	241 if ((*p & 0x1F) == 0x1F) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	242 *id = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	243 while (*p & 0x80) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	244 id = (id << 7) \| (*p & 0x7F);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	245 p++, sourcelen--;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	246 if (sourcelen == 0)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	247 return -1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	248 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	249 id = (id << 7) \| (*p & 0x7F);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	250 p++, sourcelen--;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	251 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	252 id = p & 0x1F;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	253 p++, sourcelen--;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	254 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	255
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	256 if (sourcelen == 0)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	257 return -1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	258
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	259 if (*p & 0x80) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	260 int n = *p & 0x7F;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	261 p++, sourcelen--;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	262 if (sourcelen < n)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	263 return -1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	264 *length = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	265 while (n--)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	266 length = (length << 8) \| (*p++);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	267 sourcelen -= n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	268 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	269 length = p;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	270 p++, sourcelen--;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	271 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	272
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	273 return p - (unsigned char *) source;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	274 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	275
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	276 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	277 * Write an ASN.1/BER identifier and length pair. Returns the
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	278 * number of bytes consumed. Assumes dest contains enough space.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	279 * Will avoid writing anything if dest is NULL, but still return
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	280 * amount of space required.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	281 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	282 static int ber_write_id_len(void *dest, int id, int length, int flags)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	283 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	284 unsigned char d = (unsigned char )dest;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	285 int len = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	286
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	287 if (id <= 30) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	288 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	289 * Identifier is one byte.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	290 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	291 len++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	292 if (d) *d++ = id \| flags;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	293 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	294 int n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	295 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	296 * Identifier is multiple bytes: the first byte is 11111
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	297 * plus the flags, and subsequent bytes encode the value of
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	298 * the identifier, 7 bits at a time, with the top bit of
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	299 * each byte 1 except the last one which is 0.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	300 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	301 len++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	302 if (d) *d++ = 0x1F \| flags;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	303 for (n = 1; (id >> (7*n)) > 0; n++)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	304 continue; /* count the bytes */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	305 while (n--) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	306 len++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	307 if (d) d++ = (n ? 0x80 : 0) \| ((id >> (7n)) & 0x7F);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	308 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	309 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	310
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	311 if (length < 128) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	312 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	313 * Length is one byte.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	314 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	315 len++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	316 if (d) *d++ = length;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	317 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	318 int n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	319 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	320 * Length is multiple bytes. The first is 0x80 plus the
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	321 * number of subsequent bytes, and the subsequent bytes
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	322 * encode the actual length.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	323 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	324 for (n = 1; (length >> (8*n)) > 0; n++)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	325 continue; /* count the bytes */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	326 len++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	327 if (d) *d++ = 0x80 \| n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	328 while (n--) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	329 len++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	330 if (d) d++ = (length >> (8n)) & 0xFF;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	331 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	332 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	333
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	334 return len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	335 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	336
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	337
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	338 /* Simple structure to point to an mp-int within a blob. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	339 struct mpint_pos { void *start; int bytes; };
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	340
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	341 /* ----------------------------------------------------------------------
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	342 * Code to read and write OpenSSH private keys.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	343 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	344
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 491 diff changeset	345 enum { OSSH_DSA, OSSH_RSA, OSSH_EC };
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	346 struct openssh_key {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	347 int type;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	348 int encrypted;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	349 char iv[32];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	350 unsigned char *keyblob;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	351 unsigned int keyblob_len, keyblob_size;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	352 };
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	353
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	354 static struct openssh_key load_openssh_key(const char filename)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	355 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	356 struct openssh_key *ret;
340 454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 256 diff changeset	357 FILE *fp = NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	358 char buffer[256];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	359 char errmsg = NULL, p = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	360 int headers_done;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	361 unsigned long len, outlen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	362
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	363 ret = (struct openssh_key*)m_malloc(sizeof(struct openssh_key));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	364 ret->keyblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	365 ret->keyblob_len = ret->keyblob_size = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	366 ret->encrypted = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	367 memset(ret->iv, 0, sizeof(ret->iv));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	368
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	369 if (strlen(filename) == 1 && filename[0] == '-') {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	370 fp = stdin;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	371 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	372 fp = fopen(filename, "r");
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	373 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	374 if (!fp) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	375 errmsg = "Unable to open key file";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	376 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	377 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	378 if (!fgets(buffer, sizeof(buffer), fp) \|\|
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	379 0 != strncmp(buffer, "-----BEGIN ", 11) \|\|
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	380 0 != strcmp(buffer+strlen(buffer)-17, "PRIVATE KEY-----\n")) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	381 errmsg = "File does not begin with OpenSSH key header";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	382 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	383 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	384 if (!strcmp(buffer, "-----BEGIN RSA PRIVATE KEY-----\n"))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	385 ret->type = OSSH_RSA;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	386 else if (!strcmp(buffer, "-----BEGIN DSA PRIVATE KEY-----\n"))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	387 ret->type = OSSH_DSA;
793 70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 491 diff changeset	388 else if (!strcmp(buffer, "-----BEGIN EC PRIVATE KEY-----\n"))
70625eed40c9 A bit of work on ecdsa for host/auth keys Matt Johnston <matt@ucc.asn.au> parents: 491 diff changeset	389 ret->type = OSSH_EC;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	390 else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	391 errmsg = "Unrecognised key type";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	392 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	393 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	394
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	395 headers_done = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	396 while (1) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	397 if (!fgets(buffer, sizeof(buffer), fp)) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	398 errmsg = "Unexpected end of file";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	399 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	400 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	401 if (0 == strncmp(buffer, "-----END ", 9) &&
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	402 0 == strcmp(buffer+strlen(buffer)-17, "PRIVATE KEY-----\n"))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	403 break; /* done */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	404 if ((p = strchr(buffer, ':')) != NULL) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	405 if (headers_done) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	406 errmsg = "Header found in body of key data";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	407 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	408 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	409 *p++ = '\0';
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	410 while (p && isspace((unsigned char)p)) p++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	411 if (!strcmp(buffer, "Proc-Type")) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	412 if (p[0] != '4' \|\| p[1] != ',') {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	413 errmsg = "Proc-Type is not 4 (only 4 is supported)";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	414 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	415 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	416 p += 2;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	417 if (!strcmp(p, "ENCRYPTED\n"))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	418 ret->encrypted = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	419 } else if (!strcmp(buffer, "DEK-Info")) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	420 int i, j;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	421
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	422 if (strncmp(p, "DES-EDE3-CBC,", 13)) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	423 errmsg = "Ciphers other than DES-EDE3-CBC not supported";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	424 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	425 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	426 p += 13;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	427 for (i = 0; i < 8; i++) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	428 if (1 != sscanf(p, "%2x", &j))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	429 break;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	430 ret->iv[i] = j;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	431 p += 2;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	432 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	433 if (i < 8) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	434 errmsg = "Expected 16-digit iv in DEK-Info";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	435 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	436 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	437 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	438 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	439 headers_done = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	440 len = strlen(buffer);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	441 outlen = len*4/3;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	442 if (ret->keyblob_len + outlen > ret->keyblob_size) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	443 ret->keyblob_size = ret->keyblob_len + outlen + 256;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	444 ret->keyblob = (unsigned char*)m_realloc(ret->keyblob,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	445 ret->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	446 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	447 outlen = ret->keyblob_size - ret->keyblob_len;
1094 c45d65392c1a Fix pointer differ in signess warnings [-Werror=pointer-sign] Gaël PORTAY <gael.portay@gmail.com> parents: 1089 diff changeset	448 if (base64_decode((const unsigned char *)buffer, len,
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	449 ret->keyblob + ret->keyblob_len, &outlen) != CRYPT_OK){
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	450 errmsg = "Error decoding base64";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	451 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	452 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	453 ret->keyblob_len += outlen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	454 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	455 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	456
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	457 if (ret->keyblob_len == 0 \|\| !ret->keyblob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	458 errmsg = "Key body not present";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	459 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	460 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	461
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	462 if (ret->encrypted && ret->keyblob_len % 8 != 0) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	463 errmsg = "Encrypted key blob is not a multiple of cipher block size";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	464 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	465 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	466
1045 31727a8abd4b Use m_burn rather than memset Thorsten Horstmann <thorsten.horstmann@web.de> parents: 1038 diff changeset	467 m_burn(buffer, sizeof(buffer));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	468 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	469
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	470 error:
1045 31727a8abd4b Use m_burn rather than memset Thorsten Horstmann <thorsten.horstmann@web.de> parents: 1038 diff changeset	471 m_burn(buffer, sizeof(buffer));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	472 if (ret) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	473 if (ret->keyblob) {
1045 31727a8abd4b Use m_burn rather than memset Thorsten Horstmann <thorsten.horstmann@web.de> parents: 1038 diff changeset	474 m_burn(ret->keyblob, ret->keyblob_size);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	475 m_free(ret->keyblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	476 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	477 m_free(ret);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	478 }
340 454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 256 diff changeset	479 if (fp) {
454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 256 diff changeset	480 fclose(fp);
454a34b2dfd1 Fixes from Erik Hovland: Matt Johnston <matt@ucc.asn.au> parents: 256 diff changeset	481 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	482 if (errmsg) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	483 fprintf(stderr, "Error: %s\n", errmsg);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	484 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	485 return NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	486 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	487
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	488 static int openssh_encrypted(const char *filename)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	489 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	490 struct openssh_key *key = load_openssh_key(filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	491 int ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	492
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	493 if (!key)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	494 return 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	495 ret = key->encrypted;
1045 31727a8abd4b Use m_burn rather than memset Thorsten Horstmann <thorsten.horstmann@web.de> parents: 1038 diff changeset	496 m_burn(key->keyblob, key->keyblob_size);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	497 m_free(key->keyblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	498 m_free(key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	499 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	500 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	501
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 845 diff changeset	502 static sign_key openssh_read(const char filename, char * UNUSED(passphrase))
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	503 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	504 struct openssh_key *key;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	505 unsigned char *p;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	506 int ret, id, len, flags;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	507 int i, num_integers = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	508 sign_key *retval = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	509 char *errmsg;
1119 845922d73e9c Turn modptr local variable into unsigned char * Gaël PORTAY <gael.portay@gmail.com> parents: 1094 diff changeset	510 unsigned char *modptr = NULL;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	511 int modlen = -9999;
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 845 diff changeset	512 enum signkey_type type;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	513
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	514 sign_key *retkey;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	515 buffer * blobbuf = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	516
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	517 retkey = new_sign_key();
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	518
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	519 key = load_openssh_key(filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	520
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	521 if (!key)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	522 return NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	523
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	524 if (key->encrypted) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	525 errmsg = "encrypted keys not supported currently";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	526 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	527 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	528 /* matt TODO */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	529 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	530 * Derive encryption key from passphrase and iv/salt:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	531 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	532 * - let block A equal MD5(passphrase \|\| iv)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	533 * - let block B equal MD5(A \|\| passphrase \|\| iv)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	534 * - block C would be MD5(B \|\| passphrase \|\| iv) and so on
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	535 * - encryption key is the first N bytes of A \|\| B
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	536 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	537 struct MD5Context md5c;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	538 unsigned char keybuf[32];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	539
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	540 MD5Init(&md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	541 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	542 MD5Update(&md5c, (unsigned char *)key->iv, 8);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	543 MD5Final(keybuf, &md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	544
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	545 MD5Init(&md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	546 MD5Update(&md5c, keybuf, 16);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	547 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	548 MD5Update(&md5c, (unsigned char *)key->iv, 8);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	549 MD5Final(keybuf+16, &md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	550
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	551 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	552 * Now decrypt the key blob.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	553 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	554 des3_decrypt_pubkey_ossh(keybuf, (unsigned char *)key->iv,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	555 key->keyblob, key->keyblob_len);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	556
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	557 memset(&md5c, 0, sizeof(md5c));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	558 memset(keybuf, 0, sizeof(keybuf));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	559 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	560 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	561
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	562 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	563 * Now we have a decrypted key blob, which contains an ASN.1
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	564 * encoded private key. We must now untangle the ASN.1.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	565 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	566 * We expect the whole key blob to be formatted as a SEQUENCE
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	567 * (0x30 followed by a length code indicating that the rest of
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	568 * the blob is part of the sequence). Within that SEQUENCE we
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	569 * expect to see a bunch of INTEGERs. What those integers mean
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	570 * depends on the key type:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	571 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	572 * - For RSA, we expect the integers to be 0, n, e, d, p, q,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	573 * dmp1, dmq1, iqmp in that order. (The last three are d mod
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	574 * (p-1), d mod (q-1), inverse of q mod p respectively.)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	575 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	576 * - For DSA, we expect them to be 0, p, q, g, y, x in that
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	577 * order.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	578 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	579
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	580 p = key->keyblob;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	581
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	582 /* Expect the SEQUENCE header. Take its absence as a failure to decrypt. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	583 ret = ber_read_id_len(p, key->keyblob_len, &id, &len, &flags);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	584 p += ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	585 if (ret < 0 \|\| id != 16) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	586 errmsg = "ASN.1 decoding failure - wrong password?";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	587 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	588 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	589
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	590 /* Expect a load of INTEGERs. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	591 if (key->type == OSSH_RSA)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	592 num_integers = 9;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	593 else if (key->type == OSSH_DSA)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	594 num_integers = 6;
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	595 else if (key->type == OSSH_EC)
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	596 num_integers = 1;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	597
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	598 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	599 * Space to create key blob in.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	600 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	601 blobbuf = buf_new(3000);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	602
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	603 #ifdef DROPBEAR_DSS
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	604 if (key->type == OSSH_DSA) {
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1119 diff changeset	605 buf_putstring(blobbuf, "ssh-dss", 7);
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	606 retkey->type = DROPBEAR_SIGNKEY_DSS;
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	607 }
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	608 #endif
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	609 #ifdef DROPBEAR_RSA
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	610 if (key->type == OSSH_RSA) {
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1119 diff changeset	611 buf_putstring(blobbuf, "ssh-rsa", 7);
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	612 retkey->type = DROPBEAR_SIGNKEY_RSA;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	613 }
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	614 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	615
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	616 for (i = 0; i < num_integers; i++) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	617 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	618 &id, &len, &flags);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	619 p += ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	620 if (ret < 0 \|\| id != 2 \|\|
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	621 key->keyblob+key->keyblob_len-p < len) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	622 errmsg = "ASN.1 decoding failure";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	623 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	624 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	625
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	626 if (i == 0) {
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	627 /* First integer is a version indicator */
991 4f65c867fc99 Fix variables may be uninitialized. Like Ma <likemartinma@gmail.com> parents: 935 diff changeset	628 int expected = -1;
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	629 switch (key->type) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	630 case OSSH_RSA:
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	631 case OSSH_DSA:
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	632 expected = 0;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	633 break;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	634 case OSSH_EC:
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	635 expected = 1;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	636 break;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	637 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	638 if (len != 1 \|\| p[0] != expected) {
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	639 errmsg = "Version number mismatch";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	640 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	641 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	642 } else if (key->type == OSSH_RSA) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	643 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	644 * OpenSSH key order is n, e, d, p, q, dmp1, dmq1, iqmp
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	645 * but we want e, n, d, p, q
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	646 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	647 if (i == 1) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	648 /* Save the details for after we deal with number 2. */
1119 845922d73e9c Turn modptr local variable into unsigned char * Gaël PORTAY <gael.portay@gmail.com> parents: 1094 diff changeset	649 modptr = p;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	650 modlen = len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	651 } else if (i >= 2 && i <= 5) {
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1119 diff changeset	652 buf_putstring(blobbuf, (const char*)p, len);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	653 if (i == 2) {
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1119 diff changeset	654 buf_putstring(blobbuf, (const char*)modptr, modlen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	655 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	656 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	657 } else if (key->type == OSSH_DSA) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	658 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	659 * OpenSSH key order is p, q, g, y, x,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	660 * we want the same.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	661 */
1122 aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings Matt Johnston <matt@ucc.asn.au> parents: 1119 diff changeset	662 buf_putstring(blobbuf, (const char*)p, len);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	663 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	664
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	665 /* Skip past the number. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	666 p += len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	667 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	668
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	669 #ifdef DROPBEAR_ECDSA
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	670 if (key->type == OSSH_EC) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	671 unsigned char* private_key_bytes = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	672 int private_key_len = 0;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	673 unsigned char* public_key_bytes = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	674 int public_key_len = 0;
807 75509065db53 have separate ecdsa keys for each size Matt Johnston <matt@ucc.asn.au> parents: 806 diff changeset	675 ecc_key *ecc = NULL;
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	676 const struct dropbear_ecc_curve *curve = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	677
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	678 /* See SEC1 v2, Appendix C.4 */
c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	679 /* OpenSSL (so OpenSSH) seems to include the optional parts. */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	680
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	681 /* privateKey OCTET STRING, */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	682 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	683 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	684 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	685 /* id==4 for octet string */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	686 if (ret < 0 \|\| id != 4 \|\|
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	687 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	688 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	689 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	690 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	691 private_key_bytes = p;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	692 private_key_len = len;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	693 p += len;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	694
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	695 /* parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL, */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	696 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	697 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	698 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	699 /* id==0 */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	700 if (ret < 0 \|\| id != 0) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	701 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	702 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	703 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	704
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	705 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	706 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	707 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	708 /* id==6 for object */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	709 if (ret < 0 \|\| id != 6 \|\|
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	710 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	711 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	712 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	713 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	714
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	715 if (0) {}
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	716 #ifdef DROPBEAR_ECC_256
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	717 else if (len == sizeof(OID_SEC256R1_BLOB)
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	718 && memcmp(p, OID_SEC256R1_BLOB, len) == 0) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	719 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP256;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	720 curve = &ecc_curve_nistp256;
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	721 }
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	722 #endif
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	723 #ifdef DROPBEAR_ECC_384
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	724 else if (len == sizeof(OID_SEC384R1_BLOB)
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	725 && memcmp(p, OID_SEC384R1_BLOB, len) == 0) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	726 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP384;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	727 curve = &ecc_curve_nistp384;
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	728 }
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	729 #endif
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	730 #ifdef DROPBEAR_ECC_521
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	731 else if (len == sizeof(OID_SEC521R1_BLOB)
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	732 && memcmp(p, OID_SEC521R1_BLOB, len) == 0) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	733 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP521;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	734 curve = &ecc_curve_nistp521;
847 f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	735 }
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	736 #endif
f4bb964c8678 Add '-R' for delayed hostkey option Matt Johnston <matt@ucc.asn.au> parents: 846 diff changeset	737 else {
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	738 errmsg = "Unknown ECC key type";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	739 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	740 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	741 p += len;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	742
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	743 /* publicKey [1] BIT STRING OPTIONAL */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	744 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	745 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	746 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	747 /* id==1 */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	748 if (ret < 0 \|\| id != 1) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	749 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	750 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	751 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	752
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	753 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	754 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	755 p += ret;
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	756 /* id==3 for bit string */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	757 if (ret < 0 \|\| id != 3 \|\|
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	758 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	759 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	760 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	761 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	762 public_key_bytes = p+1;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	763 public_key_len = len-1;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	764 p += len;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	765
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	766 buf_putbytes(blobbuf, public_key_bytes, public_key_len);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	767 ecc = buf_get_ecc_raw_pubkey(blobbuf, curve);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	768 if (!ecc) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	769 errmsg = "Error parsing ECC key";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	770 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	771 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	772 m_mp_alloc_init_multi((mp_int**)&ecc->k, NULL);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	773 if (mp_read_unsigned_bin(ecc->k, private_key_bytes, private_key_len)
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	774 != MP_OKAY) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	775 errmsg = "Error parsing ECC key";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	776 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	777 }
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	778
841 d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	779 *signkey_key_ptr(retkey, retkey->type) = ecc;
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	780 }
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	781 #endif /* DROPBEAR_ECDSA */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	782
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	783 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	784 * Now put together the actual key. Simplest way to do this is
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	785 * to assemble our own key blobs and feed them to the createkey
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	786 * functions; this is a bit faffy but it does mean we get all
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	787 * the sanity checks for free.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	788 */
806 71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	789 if (key->type == OSSH_RSA \|\| key->type == OSSH_DSA) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	790 buf_setpos(blobbuf, 0);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	791 type = DROPBEAR_SIGNKEY_ANY;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	792 if (buf_get_priv_key(blobbuf, retkey, &type)
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	793 != DROPBEAR_SUCCESS) {
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	794 errmsg = "unable to create key structure";
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	795 sign_key_free(retkey);
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	796 retkey = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	797 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH Matt Johnston <matt@ucc.asn.au> parents: 793 diff changeset	798 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	799 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	800
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	801 errmsg = NULL; /* no error */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	802 retval = retkey;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	803
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	804 error:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	805 if (blobbuf) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	806 buf_burn(blobbuf);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	807 buf_free(blobbuf);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	808 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	809 m_burn(key->keyblob, key->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	810 m_free(key->keyblob);
1002 97d1e54941fd When clearing the memory of 'key' in function openssh_read(), only the size Christian Engelmayer <cengelma@gmx.at> parents: 991 diff changeset	811 m_burn(key, sizeof(*key));
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	812 m_free(key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	813 if (errmsg) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	814 fprintf(stderr, "Error: %s\n", errmsg);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	815 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	816 return retval;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	817 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	818
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	819 static int openssh_write(const char filename, sign_key key,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	820 char *passphrase)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	821 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	822 buffer * keyblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	823 buffer * extrablob = NULL; /* used for calculated values to write */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	824 unsigned char *outblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	825 int outlen = -9999;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	826 struct mpint_pos numbers[9];
991 4f65c867fc99 Fix variables may be uninitialized. Like Ma <likemartinma@gmail.com> parents: 935 diff changeset	827 int nnumbers = -1, pos = 0, len = 0, seqlen, i;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	828 char header = NULL, footer = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	829 char zero[1];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	830 int ret = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	831 FILE *fp;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	832
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	833 #ifdef DROPBEAR_RSA
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	834 mp_int dmp1, dmq1, iqmp, tmpval; /* for rsa */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	835 #endif
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	836
935 25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	837 if (
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	838 #ifdef DROPBEAR_RSA
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	839 key->type == DROPBEAR_SIGNKEY_RSA \|\|
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	840 #endif
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	841 #ifdef DROPBEAR_DSS
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	842 key->type == DROPBEAR_SIGNKEY_DSS \|\|
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	843 #endif
25692c60479e Fix compiling with ECDSA and DSS disabled Matt Johnston <matt@ucc.asn.au> parents: 867 diff changeset	844 0)
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	845 {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	846 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	847 * Fetch the key blobs.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	848 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	849 keyblob = buf_new(3000);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	850 buf_put_priv_key(keyblob, key, key->type);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	851
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	852 buf_setpos(keyblob, 0);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	853 /* skip the "ssh-rsa" or "ssh-dss" header */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	854 buf_incrpos(keyblob, buf_getint(keyblob));
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	855
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	856 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	857 * Find the sequence of integers to be encoded into the OpenSSH
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	858 * key blob, and also decide on the header line.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	859 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	860 numbers[0].start = zero; numbers[0].bytes = 1; zero[0] = '\0';
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	861
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	862 #ifdef DROPBEAR_RSA
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	863 if (key->type == DROPBEAR_SIGNKEY_RSA) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	864
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	865 if (key->rsakey->p == NULL \|\| key->rsakey->q == NULL) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	866 fprintf(stderr, "Pre-0.33 Dropbear keys cannot be converted to OpenSSH keys.\n");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	867 goto error;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	868 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	869
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	870 /* e */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	871 numbers[2].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	872 numbers[2].start = buf_getptr(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	873 buf_incrpos(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	874
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	875 /* n */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	876 numbers[1].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	877 numbers[1].start = buf_getptr(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	878 buf_incrpos(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	879
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	880 /* d */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	881 numbers[3].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	882 numbers[3].start = buf_getptr(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	883 buf_incrpos(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	884
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	885 /* p */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	886 numbers[4].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	887 numbers[4].start = buf_getptr(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	888 buf_incrpos(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	889
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	890 /* q */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	891 numbers[5].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	892 numbers[5].start = buf_getptr(keyblob, numbers[5].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	893 buf_incrpos(keyblob, numbers[5].bytes);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	894
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	895 /* now calculate some extra parameters: */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	896 m_mp_init(&tmpval);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	897 m_mp_init(&dmp1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	898 m_mp_init(&dmq1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	899 m_mp_init(&iqmp);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	900
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	901 /* dmp1 = d mod (p-1) */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	902 if (mp_sub_d(key->rsakey->p, 1, &tmpval) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	903 fprintf(stderr, "Bignum error for p-1\n");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	904 goto error;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	905 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	906 if (mp_mod(key->rsakey->d, &tmpval, &dmp1) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	907 fprintf(stderr, "Bignum error for dmp1\n");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	908 goto error;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	909 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	910
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	911 /* dmq1 = d mod (q-1) */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	912 if (mp_sub_d(key->rsakey->q, 1, &tmpval) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	913 fprintf(stderr, "Bignum error for q-1\n");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	914 goto error;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	915 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	916 if (mp_mod(key->rsakey->d, &tmpval, &dmq1) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	917 fprintf(stderr, "Bignum error for dmq1\n");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	918 goto error;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	919 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	920
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	921 /* iqmp = (q^-1) mod p */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	922 if (mp_invmod(key->rsakey->q, key->rsakey->p, &iqmp) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	923 fprintf(stderr, "Bignum error for iqmp\n");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	924 goto error;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	925 }
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	926
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	927 extrablob = buf_new(2000);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	928 buf_putmpint(extrablob, &dmp1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	929 buf_putmpint(extrablob, &dmq1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	930 buf_putmpint(extrablob, &iqmp);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	931 buf_setpos(extrablob, 0);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	932 mp_clear(&dmp1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	933 mp_clear(&dmq1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	934 mp_clear(&iqmp);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	935 mp_clear(&tmpval);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	936
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	937 /* dmp1 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	938 numbers[6].bytes = buf_getint(extrablob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	939 numbers[6].start = buf_getptr(extrablob, numbers[6].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	940 buf_incrpos(extrablob, numbers[6].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	941
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	942 /* dmq1 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	943 numbers[7].bytes = buf_getint(extrablob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	944 numbers[7].start = buf_getptr(extrablob, numbers[7].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	945 buf_incrpos(extrablob, numbers[7].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	946
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	947 /* iqmp */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	948 numbers[8].bytes = buf_getint(extrablob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	949 numbers[8].start = buf_getptr(extrablob, numbers[8].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	950 buf_incrpos(extrablob, numbers[8].bytes);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	951
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	952 nnumbers = 9;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	953 header = "-----BEGIN RSA PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	954 footer = "-----END RSA PRIVATE KEY-----\n";
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	955 }
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	956 #endif /* DROPBEAR_RSA */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	957
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	958 #ifdef DROPBEAR_DSS
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	959 if (key->type == DROPBEAR_SIGNKEY_DSS) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	960
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	961 /* p */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	962 numbers[1].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	963 numbers[1].start = buf_getptr(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	964 buf_incrpos(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	965
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	966 /* q */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	967 numbers[2].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	968 numbers[2].start = buf_getptr(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	969 buf_incrpos(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	970
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	971 /* g */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	972 numbers[3].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	973 numbers[3].start = buf_getptr(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	974 buf_incrpos(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	975
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	976 /* y */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	977 numbers[4].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	978 numbers[4].start = buf_getptr(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	979 buf_incrpos(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	980
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	981 /* x */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	982 numbers[5].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	983 numbers[5].start = buf_getptr(keyblob, numbers[5].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	984 buf_incrpos(keyblob, numbers[5].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	985
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	986 nnumbers = 6;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	987 header = "-----BEGIN DSA PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	988 footer = "-----END DSA PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	989 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	990 #endif /* DROPBEAR_DSS */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	991
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	992 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	993 * Now count up the total size of the ASN.1 encoded integers,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	994 * so as to determine the length of the containing SEQUENCE.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	995 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	996 len = 0;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	997 for (i = 0; i < nnumbers; i++) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	998 len += ber_write_id_len(NULL, 2, numbers[i].bytes, 0);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	999 len += numbers[i].bytes;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1000 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1001 seqlen = len;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1002 /* Now add on the SEQUENCE header. */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1003 len += ber_write_id_len(NULL, 16, seqlen, ASN1_CONSTRUCTED);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1004 /* Round up to the cipher block size, ensuring we have at least one
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1005 * byte of padding (see below). */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1006 outlen = len;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1007 if (passphrase)
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1008 outlen = (outlen+8) &~ 7;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1009
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1010 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1011 * Now we know how big outblob needs to be. Allocate it.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1012 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1013 outblob = (unsigned char*)m_malloc(outlen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1014
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1015 /*
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1016 * And write the data into it.
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1017 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1018 pos = 0;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1019 pos += ber_write_id_len(outblob+pos, 16, seqlen, ASN1_CONSTRUCTED);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1020 for (i = 0; i < nnumbers; i++) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1021 pos += ber_write_id_len(outblob+pos, 2, numbers[i].bytes, 0);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1022 memcpy(outblob+pos, numbers[i].start, numbers[i].bytes);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1023 pos += numbers[i].bytes;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1024 }
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	1025 } /* end RSA and DSS handling */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1026
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1027 #ifdef DROPBEAR_ECDSA
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1028 if (key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP256
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1029 \|\| key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP384
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1030 \|\| key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1031
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1032 /* SEC1 V2 appendix c.4
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1033 ECPrivateKey ::= SEQUENCE {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1034 version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1035 privateKey OCTET STRING,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1036 parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1037 publicKey [1] BIT STRING OPTIONAL
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1038 }
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1039 */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1040 buffer *seq_buf = buf_new(400);
846 b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 845 diff changeset	1041 ecc_key eck = (ecc_key)signkey_key_ptr(key, key->type);
b298bb438625 refactor key generation, make it generate as required. Matt Johnston <matt@ucc.asn.au> parents: 845 diff changeset	1042 const long curve_size = (*eck)->dp->size;
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1043 int curve_oid_len = 0;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1044 const void* curve_oid = NULL;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1045 unsigned long pubkey_size = 2*curve_size+1;
1089 d144a6bece53 Uses k_size as an signed integer Gaël PORTAY <gael.portay@gmail.com> parents: 1045 diff changeset	1046 int k_size;
1038 d3925ed45a85 Fix for old compilers, variable declarations at beginning of functions Thorsten Horstmann <thorsten.horstmann@web.de> parents: 1002 diff changeset	1047 int err = 0;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1048
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1049 /* version. less than 10 bytes */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1050 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1051 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 2, 1, 0));
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1052 buf_putbyte(seq_buf, 1);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1053
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1054 /* privateKey */
867 d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	1055 k_size = mp_unsigned_bin_size((*eck)->k);
d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	1056 dropbear_assert(k_size <= curve_size);
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1057 buf_incrwritepos(seq_buf,
867 d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	1058 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 4, k_size, 0));
d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	1059 mp_to_unsigned_bin((*eck)->k, buf_getwriteptr(seq_buf, k_size));
d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	1060 buf_incrwritepos(seq_buf, k_size);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1061
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1062 /* SECGCurveNames */
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1063 switch (key->type)
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1064 {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1065 case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1066 curve_oid_len = sizeof(OID_SEC256R1_BLOB);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1067 curve_oid = OID_SEC256R1_BLOB;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1068 break;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1069 case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1070 curve_oid_len = sizeof(OID_SEC384R1_BLOB);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1071 curve_oid = OID_SEC384R1_BLOB;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1072 break;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1073 case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1074 curve_oid_len = sizeof(OID_SEC521R1_BLOB);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1075 curve_oid = OID_SEC521R1_BLOB;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1076 break;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1077 default:
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1078 dropbear_exit("Internal error");
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1079 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1080
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1081 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1082 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 0, 2+curve_oid_len, 0xa0));
857 c19acba28590 use oldstyle comments Matt Johnston <matt@ucc.asn.au> parents: 849 diff changeset	1083 /* object == 6 */
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1084 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1085 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 6, curve_oid_len, 0));
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1086 buf_putbytes(seq_buf, curve_oid, curve_oid_len);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1087
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1088 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1089 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 1, 2+1+pubkey_size, 0xa0));
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1090 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1091 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 3, 1+pubkey_size, 0));
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1092 buf_putbyte(seq_buf, 0);
1038 d3925ed45a85 Fix for old compilers, variable declarations at beginning of functions Thorsten Horstmann <thorsten.horstmann@web.de> parents: 1002 diff changeset	1093 err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size);
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1094 if (err != CRYPT_OK) {
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1095 dropbear_exit("ECC error");
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1096 }
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1097 buf_incrwritepos(seq_buf, pubkey_size);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1098
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1099 buf_setpos(seq_buf, 0);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1100
867 d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key Matt Johnston <matt@ucc.asn.au> parents: 857 diff changeset	1101 outblob = (unsigned char*)m_malloc(1000);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1102
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1103 pos = 0;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1104 pos += ber_write_id_len(outblob+pos, 16, seq_buf->len, ASN1_CONSTRUCTED);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1105 memcpy(&outblob[pos], seq_buf->data, seq_buf->len);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1106 pos += seq_buf->len;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1107 len = pos;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1108 outlen = len;
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1109
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1110 buf_burn(seq_buf);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1111 buf_free(seq_buf);
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1112 seq_buf = NULL;
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1113
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1114 header = "-----BEGIN EC PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1115 footer = "-----END EC PRIVATE KEY-----\n";
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1116 }
836 d7d9f1612d51 writing out openssh ecc keys works Matt Johnston <matt@ucc.asn.au> parents: 807 diff changeset	1117 #endif
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1118
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1119 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1120 * Padding on OpenSSH keys is deterministic. The number of
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1121 * padding bytes is always more than zero, and always at most
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1122 * the cipher block length. The value of each padding byte is
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1123 * equal to the number of padding bytes. So a plaintext that's
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1124 * an exact multiple of the block size will be padded with 08
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1125 * 08 08 08 08 08 08 08 (assuming a 64-bit block cipher); a
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1126 * plaintext one byte less than a multiple of the block size
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1127 * will be padded with just 01.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1128 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1129 * This enables the OpenSSL key decryption function to strip
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1130 * off the padding algorithmically and return the unpadded
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1131 * plaintext to the next layer: it looks at the final byte, and
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1132 * then expects to find that many bytes at the end of the data
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1133 * with the same value. Those are all removed and the rest is
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1134 * returned.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1135 */
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1136 dropbear_assert(pos == len);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1137 while (pos < outlen) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1138 outblob[pos++] = outlen - len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1139 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1140
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1141 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1142 * Encrypt the key.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1143 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1144 if (passphrase) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1145 fprintf(stderr, "Encrypted keys aren't supported currently\n");
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1146 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1147 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1148
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1149 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1150 * And save it. We'll use Unix line endings just in case it's
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1151 * subsequently transferred in binary mode.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1152 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1153 if (strlen(filename) == 1 && filename[0] == '-') {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1154 fp = stdout;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1155 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1156 fp = fopen(filename, "wb"); /* ensure Unix line endings */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1157 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1158 if (!fp) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1159 fprintf(stderr, "Failed opening output file\n");
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1160 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1161 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1162 fputs(header, fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1163 base64_encode_fp(fp, outblob, outlen, 64);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1164 fputs(footer, fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1165 fclose(fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1166 ret = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1167
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1168 error:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1169 if (outblob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1170 memset(outblob, 0, outlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1171 m_free(outblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1172 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1173 if (keyblob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1174 buf_burn(keyblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1175 buf_free(keyblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1176 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1177 if (extrablob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1178 buf_burn(extrablob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1179 buf_free(extrablob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1180 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1181 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1182 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1183
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1184 #if 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1185 /* XXX TODO ssh.com stuff isn't going yet */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1186
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1187 /* ----------------------------------------------------------------------
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1188 * Code to read ssh.com private keys.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1189 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1190
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1191 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1192 * The format of the base64 blob is largely ssh2-packet-formatted,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1193 * except that mpints are a bit different: they're more like the
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1194 * old ssh1 mpint. You have a 32-bit bit count N, followed by
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1195 * (N+7)/8 bytes of data.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1196 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1197 * So. The blob contains:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1198 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1199 * - uint32 0x3f6ff9eb (magic number)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1200 * - uint32 size (total blob size)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1201 * - string key-type (see below)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1202 * - string cipher-type (tells you if key is encrypted)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1203 * - string encrypted-blob
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1204 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1205 * (The first size field includes the size field itself and the
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1206 * magic number before it. All other size fields are ordinary ssh2
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1207 * strings, so the size field indicates how much data is to
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1208 * _follow_.)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1209 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1210 * The encrypted blob, once decrypted, contains a single string
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1211 * which in turn contains the payload. (This allows padding to be
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1212 * added after that string while still making it clear where the
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1213 * real payload ends. Also it probably makes for a reasonable
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1214 * decryption check.)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1215 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1216 * The payload blob, for an RSA key, contains:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1217 * - mpint e
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1218 * - mpint d
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1219 * - mpint n (yes, the public and private stuff is intermixed)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1220 * - mpint u (presumably inverse of p mod q)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1221 * - mpint p (p is the smaller prime)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1222 * - mpint q (q is the larger)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1223 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1224 * For a DSA key, the payload blob contains:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1225 * - uint32 0
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1226 * - mpint p
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1227 * - mpint g
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1228 * - mpint q
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1229 * - mpint y
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1230 * - mpint x
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1231 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1232 * Alternatively, if the parameters are `predefined', that
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1233 * (0,p,g,q) sequence can be replaced by a uint32 1 and a string
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1234 * containing some predefined parameter specification. shudder,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1235 * but I doubt we'll encounter this in real life.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1236 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1237 * The key type strings are ghastly. The RSA key I looked at had a
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1238 * type string of
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1239 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1240 * `if-modn{sign{rsa-pkcs1-sha1},encrypt{rsa-pkcs1v2-oaep}}'
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1241 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1242 * and the DSA key wasn't much better:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1243 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1244 * `dl-modp{sign{dsa-nist-sha1},dh{plain}}'
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1245 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1246 * It isn't clear that these will always be the same. I think it
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1247 * might be wise just to look at the `if-modn{sign{rsa' and
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1248 * `dl-modp{sign{dsa' prefixes.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1249 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1250 * Finally, the encryption. The cipher-type string appears to be
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1251 * either `none' or `3des-cbc'. Looks as if this is SSH2-style
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1252 * 3des-cbc (i.e. outer cbc rather than inner). The key is created
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1253 * from the passphrase by means of yet another hashing faff:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1254 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1255 * - first 16 bytes are MD5(passphrase)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1256 * - next 16 bytes are MD5(passphrase \|\| first 16 bytes)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1257 * - if there were more, they'd be MD5(passphrase \|\| first 32),
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1258 * and so on.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1259 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1260
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1261 #define SSHCOM_MAGIC_NUMBER 0x3f6ff9eb
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1262
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1263 struct sshcom_key {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1264 char comment[256]; /* allowing any length is overkill */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1265 unsigned char *keyblob;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1266 int keyblob_len, keyblob_size;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1267 };
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1268
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1269 static struct sshcom_key load_sshcom_key(const char filename)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1270 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1271 struct sshcom_key *ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1272 FILE *fp;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1273 char buffer[256];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1274 int len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1275 char errmsg, p;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1276 int headers_done;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1277 char base64_bit[4];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1278 int base64_chars = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1279
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1280 ret = snew(struct sshcom_key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1281 ret->comment[0] = '\0';
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1282 ret->keyblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1283 ret->keyblob_len = ret->keyblob_size = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1284
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1285 fp = fopen(filename, "r");
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1286 if (!fp) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1287 errmsg = "Unable to open key file";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1288 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1289 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1290 if (!fgets(buffer, sizeof(buffer), fp) \|\|
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1291 0 != strcmp(buffer, "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----\n")) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1292 errmsg = "File does not begin with ssh.com key header";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1293 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1294 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1295
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1296 headers_done = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1297 while (1) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1298 if (!fgets(buffer, sizeof(buffer), fp)) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1299 errmsg = "Unexpected end of file";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1300 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1301 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1302 if (!strcmp(buffer, "---- END SSH2 ENCRYPTED PRIVATE KEY ----\n"))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1303 break; /* done */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1304 if ((p = strchr(buffer, ':')) != NULL) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1305 if (headers_done) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1306 errmsg = "Header found in body of key data";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1307 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1308 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1309 *p++ = '\0';
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1310 while (p && isspace((unsigned char)p)) p++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1311 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1312 * Header lines can end in a trailing backslash for
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1313 * continuation.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1314 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1315 while ((len = strlen(p)) > (int)(sizeof(buffer) - (p-buffer) -1) \|\|
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1316 p[len-1] != '\n' \|\| p[len-2] == '\\') {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1317 if (len > (int)((p-buffer) + sizeof(buffer)-2)) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1318 errmsg = "Header line too long to deal with";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1319 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1320 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1321 if (!fgets(p+len-2, sizeof(buffer)-(p-buffer)-(len-2), fp)) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1322 errmsg = "Unexpected end of file";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1323 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1324 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1325 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1326 p[strcspn(p, "\n")] = '\0';
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1327 if (!strcmp(buffer, "Comment")) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1328 /* Strip quotes in comment if present. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1329 if (p[0] == '"' && p[strlen(p)-1] == '"') {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1330 p++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1331 p[strlen(p)-1] = '\0';
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1332 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1333 strncpy(ret->comment, p, sizeof(ret->comment));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1334 ret->comment[sizeof(ret->comment)-1] = '\0';
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1335 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1336 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1337 headers_done = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1338
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1339 p = buffer;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1340 while (isbase64(*p)) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1341 base64_bit[base64_chars++] = *p;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1342 if (base64_chars == 4) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1343 unsigned char out[3];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1344
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1345 base64_chars = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1346
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1347 len = base64_decode_atom(base64_bit, out);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1348
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1349 if (len <= 0) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1350 errmsg = "Invalid base64 encoding";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1351 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1352 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1353
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1354 if (ret->keyblob_len + len > ret->keyblob_size) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1355 ret->keyblob_size = ret->keyblob_len + len + 256;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1356 ret->keyblob = sresize(ret->keyblob, ret->keyblob_size,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1357 unsigned char);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1358 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1359
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1360 memcpy(ret->keyblob + ret->keyblob_len, out, len);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1361 ret->keyblob_len += len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1362 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1363
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1364 p++;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1365 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1366 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1367 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1368
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1369 if (ret->keyblob_len == 0 \|\| !ret->keyblob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1370 errmsg = "Key body not present";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1371 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1372 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1373
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1374 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1375
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1376 error:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1377 if (ret) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1378 if (ret->keyblob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1379 memset(ret->keyblob, 0, ret->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1380 m_free(ret->keyblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1381 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1382 memset(&ret, 0, sizeof(ret));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1383 m_free(ret);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1384 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1385 return NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1386 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1387
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1388 int sshcom_encrypted(const char filename, char *comment)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1389 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1390 struct sshcom_key *key = load_sshcom_key(filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1391 int pos, len, answer;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1392
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1393 *comment = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1394 if (!key)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1395 return 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1396
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1397 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1398 * Check magic number.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1399 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1400 if (GET_32BIT(key->keyblob) != 0x3f6ff9eb)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1401 return 0; /* key is invalid */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1402
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1403 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1404 * Find the cipher-type string.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1405 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1406 answer = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1407 pos = 8;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1408 if (key->keyblob_len < pos+4)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1409 goto done; /* key is far too short */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1410 pos += 4 + GET_32BIT(key->keyblob + pos); /* skip key type */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1411 if (key->keyblob_len < pos+4)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1412 goto done; /* key is far too short */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1413 len = GET_32BIT(key->keyblob + pos); /* find cipher-type length */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1414 if (key->keyblob_len < pos+4+len)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1415 goto done; /* cipher type string is incomplete */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1416 if (len != 4 \|\| 0 != memcmp(key->keyblob + pos + 4, "none", 4))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1417 answer = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1418
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1419 done:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1420 *comment = dupstr(key->comment);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1421 memset(key->keyblob, 0, key->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1422 m_free(key->keyblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1423 memset(&key, 0, sizeof(key));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1424 m_free(key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1425 return answer;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1426 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1427
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1428 static int sshcom_read_mpint(void data, int len, struct mpint_pos ret)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1429 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1430 int bits;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1431 int bytes;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1432 unsigned char d = (unsigned char ) data;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1433
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1434 if (len < 4)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1435 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1436 bits = GET_32BIT(d);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1437
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1438 bytes = (bits + 7) / 8;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1439 if (len < 4+bytes)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1440 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1441
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1442 ret->start = d + 4;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1443 ret->bytes = bytes;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1444 return bytes+4;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1445
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1446 error:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1447 ret->start = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1448 ret->bytes = -1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1449 return len; /* ensure further calls fail as well */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1450 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1451
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1452 static int sshcom_put_mpint(void target, void data, int len)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1453 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1454 unsigned char d = (unsigned char )target;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1455 unsigned char i = (unsigned char )data;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1456 int bits = len * 8 - 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1457
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1458 while (bits > 0) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1459 if (*i & (1 << (bits & 7)))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1460 break;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1461 if (!(bits-- & 7))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1462 i++, len--;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1463 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1464
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1465 PUT_32BIT(d, bits+1);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1466 memcpy(d+4, i, len);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1467 return len+4;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1468 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1469
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1470 sign_key sshcom_read(const char filename, char *passphrase)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1471 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1472 struct sshcom_key *key = load_sshcom_key(filename);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1473 char *errmsg;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1474 int pos, len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1475 const char prefix_rsa[] = "if-modn{sign{rsa";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1476 const char prefix_dsa[] = "dl-modp{sign{dsa";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1477 enum { RSA, DSA } type;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1478 int encrypted;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1479 char *ciphertext;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1480 int cipherlen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1481 struct ssh2_userkey ret = NULL, retkey;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1482 const struct ssh_signkey *alg;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1483 unsigned char *blob = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1484 int blobsize, publen, privlen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1485
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1486 if (!key)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1487 return NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1488
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1489 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1490 * Check magic number.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1491 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1492 if (GET_32BIT(key->keyblob) != SSHCOM_MAGIC_NUMBER) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1493 errmsg = "Key does not begin with magic number";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1494 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1495 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1496
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1497 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1498 * Determine the key type.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1499 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1500 pos = 8;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1501 if (key->keyblob_len < pos+4 \|\|
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1502 (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1503 errmsg = "Key blob does not contain a key type string";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1504 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1505 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1506 if (len > sizeof(prefix_rsa) - 1 &&
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1507 !memcmp(key->keyblob+pos+4, prefix_rsa, sizeof(prefix_rsa) - 1)) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1508 type = RSA;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1509 } else if (len > sizeof(prefix_dsa) - 1 &&
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1510 !memcmp(key->keyblob+pos+4, prefix_dsa, sizeof(prefix_dsa) - 1)) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1511 type = DSA;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1512 } else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1513 errmsg = "Key is of unknown type";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1514 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1515 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1516 pos += 4+len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1517
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1518 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1519 * Determine the cipher type.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1520 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1521 if (key->keyblob_len < pos+4 \|\|
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1522 (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1523 errmsg = "Key blob does not contain a cipher type string";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1524 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1525 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1526 if (len == 4 && !memcmp(key->keyblob+pos+4, "none", 4))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1527 encrypted = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1528 else if (len == 8 && !memcmp(key->keyblob+pos+4, "3des-cbc", 8))
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1529 encrypted = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1530 else {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1531 errmsg = "Key encryption is of unknown type";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1532 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1533 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1534 pos += 4+len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1535
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1536 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1537 * Get hold of the encrypted part of the key.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1538 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1539 if (key->keyblob_len < pos+4 \|\|
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1540 (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1541 errmsg = "Key blob does not contain actual key data";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1542 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1543 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1544 ciphertext = (char *)key->keyblob + pos + 4;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1545 cipherlen = len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1546 if (cipherlen == 0) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1547 errmsg = "Length of key data is zero";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1548 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1549 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1550
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1551 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1552 * Decrypt it if necessary.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1553 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1554 if (encrypted) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1555 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1556 * Derive encryption key from passphrase and iv/salt:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1557 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1558 * - let block A equal MD5(passphrase)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1559 * - let block B equal MD5(passphrase \|\| A)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1560 * - block C would be MD5(passphrase \|\| A \|\| B) and so on
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1561 * - encryption key is the first N bytes of A \|\| B
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1562 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1563 struct MD5Context md5c;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1564 unsigned char keybuf[32], iv[8];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1565
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1566 if (cipherlen % 8 != 0) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1567 errmsg = "Encrypted part of key is not a multiple of cipher block"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1568 " size";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1569 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1570 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1571
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1572 MD5Init(&md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1573 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1574 MD5Final(keybuf, &md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1575
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1576 MD5Init(&md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1577 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1578 MD5Update(&md5c, keybuf, 16);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1579 MD5Final(keybuf+16, &md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1580
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1581 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1582 * Now decrypt the key blob.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1583 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1584 memset(iv, 0, sizeof(iv));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1585 des3_decrypt_pubkey_ossh(keybuf, iv, (unsigned char *)ciphertext,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1586 cipherlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1587
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1588 memset(&md5c, 0, sizeof(md5c));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1589 memset(keybuf, 0, sizeof(keybuf));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1590
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1591 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1592 * Hereafter we return WRONG_PASSPHRASE for any parsing
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1593 * error. (But only if we've just tried to decrypt it!
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1594 * Returning WRONG_PASSPHRASE for an unencrypted key is
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1595 * automatic doom.)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1596 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1597 if (encrypted)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1598 ret = SSH2_WRONG_PASSPHRASE;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1599 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1600
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1601 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1602 * Strip away the containing string to get to the real meat.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1603 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1604 len = GET_32BIT(ciphertext);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1605 if (len > cipherlen-4) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1606 errmsg = "containing string was ill-formed";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1607 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1608 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1609 ciphertext += 4;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1610 cipherlen = len;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1611
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1612 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1613 * Now we break down into RSA versus DSA. In either case we'll
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1614 * construct public and private blobs in our own format, and
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1615 * end up feeding them to alg->createkey().
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1616 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1617 blobsize = cipherlen + 256;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1618 blob = snewn(blobsize, unsigned char);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1619 privlen = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1620 if (type == RSA) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1621 struct mpint_pos n, e, d, u, p, q;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1622 int pos = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1623 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &e);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1624 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &d);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1625 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &n);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1626 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &u);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1627 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &p);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1628 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &q);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1629 if (!q.start) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1630 errmsg = "key data did not contain six integers";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1631 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1632 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1633
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1634 alg = &ssh_rsa;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1635 pos = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1636 pos += put_string(blob+pos, "ssh-rsa", 7);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1637 pos += put_mp(blob+pos, e.start, e.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1638 pos += put_mp(blob+pos, n.start, n.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1639 publen = pos;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1640 pos += put_string(blob+pos, d.start, d.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1641 pos += put_mp(blob+pos, q.start, q.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1642 pos += put_mp(blob+pos, p.start, p.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1643 pos += put_mp(blob+pos, u.start, u.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1644 privlen = pos - publen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1645 } else if (type == DSA) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1646 struct mpint_pos p, q, g, x, y;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1647 int pos = 4;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1648 if (GET_32BIT(ciphertext) != 0) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1649 errmsg = "predefined DSA parameters not supported";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1650 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1651 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1652 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &p);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1653 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &g);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1654 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &q);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1655 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &y);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1656 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &x);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1657 if (!x.start) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1658 errmsg = "key data did not contain five integers";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1659 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1660 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1661
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1662 alg = &ssh_dss;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1663 pos = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1664 pos += put_string(blob+pos, "ssh-dss", 7);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1665 pos += put_mp(blob+pos, p.start, p.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1666 pos += put_mp(blob+pos, q.start, q.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1667 pos += put_mp(blob+pos, g.start, g.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1668 pos += put_mp(blob+pos, y.start, y.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1669 publen = pos;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1670 pos += put_mp(blob+pos, x.start, x.bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1671 privlen = pos - publen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1672 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1673
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1674 dropbear_assert(privlen > 0); /* should have bombed by now if not */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1675
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1676 retkey = snew(struct ssh2_userkey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1677 retkey->alg = alg;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1678 retkey->data = alg->createkey(blob, publen, blob+publen, privlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1679 if (!retkey->data) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1680 m_free(retkey);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1681 errmsg = "unable to create key data structure";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1682 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1683 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1684 retkey->comment = dupstr(key->comment);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1685
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1686 errmsg = NULL; /* no error */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1687 ret = retkey;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1688
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1689 error:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1690 if (blob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1691 memset(blob, 0, blobsize);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1692 m_free(blob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1693 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1694 memset(key->keyblob, 0, key->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1695 m_free(key->keyblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1696 memset(&key, 0, sizeof(key));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1697 m_free(key);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1698 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1699 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1700
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1701 int sshcom_write(const char filename, sign_key key,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1702 char *passphrase)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1703 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1704 unsigned char pubblob, privblob;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1705 int publen, privlen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1706 unsigned char *outblob;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1707 int outlen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1708 struct mpint_pos numbers[6];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1709 int nnumbers, initial_zero, pos, lenpos, i;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1710 char *type;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1711 char *ciphertext;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1712 int cipherlen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1713 int ret = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1714 FILE *fp;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1715
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1716 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1717 * Fetch the key blobs.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1718 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1719 pubblob = key->alg->public_blob(key->data, &publen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1720 privblob = key->alg->private_blob(key->data, &privlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1721 outblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1722
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1723 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1724 * Find the sequence of integers to be encoded into the OpenSSH
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1725 * key blob, and also decide on the header line.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1726 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1727 if (key->alg == &ssh_rsa) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1728 int pos;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1729 struct mpint_pos n, e, d, p, q, iqmp;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1730
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1731 pos = 4 + GET_32BIT(pubblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1732 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &e);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1733 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &n);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1734 pos = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1735 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &d);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1736 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &p);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1737 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &q);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1738 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &iqmp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1739
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1740 dropbear_assert(e.start && iqmp.start); /* can't go wrong */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1741
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1742 numbers[0] = e;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1743 numbers[1] = d;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1744 numbers[2] = n;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1745 numbers[3] = iqmp;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1746 numbers[4] = q;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1747 numbers[5] = p;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1748
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1749 nnumbers = 6;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1750 initial_zero = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1751 type = "if-modn{sign{rsa-pkcs1-sha1},encrypt{rsa-pkcs1v2-oaep}}";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1752 } else if (key->alg == &ssh_dss) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1753 int pos;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1754 struct mpint_pos p, q, g, y, x;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1755
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1756 pos = 4 + GET_32BIT(pubblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1757 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &p);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1758 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &q);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1759 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &g);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1760 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &y);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1761 pos = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1762 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &x);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1763
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1764 dropbear_assert(y.start && x.start); /* can't go wrong */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1765
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1766 numbers[0] = p;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1767 numbers[1] = g;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1768 numbers[2] = q;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1769 numbers[3] = y;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1770 numbers[4] = x;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1771
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1772 nnumbers = 5;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1773 initial_zero = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1774 type = "dl-modp{sign{dsa-nist-sha1},dh{plain}}";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1775 } else {
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1776 dropbear_assert(0); /* zoinks! */
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1777 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1778
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1779 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1780 * Total size of key blob will be somewhere under 512 plus
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1781 * combined length of integers. We'll calculate the more
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1782 * precise size as we construct the blob.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1783 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1784 outlen = 512;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1785 for (i = 0; i < nnumbers; i++)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1786 outlen += 4 + numbers[i].bytes;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1787 outblob = snewn(outlen, unsigned char);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1788
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1789 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1790 * Create the unencrypted key blob.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1791 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1792 pos = 0;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1793 PUT_32BIT(outblob+pos, SSHCOM_MAGIC_NUMBER); pos += 4;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1794 pos += 4; /* length field, fill in later */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1795 pos += put_string(outblob+pos, type, strlen(type));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1796 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1797 char *ciphertype = passphrase ? "3des-cbc" : "none";
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1798 pos += put_string(outblob+pos, ciphertype, strlen(ciphertype));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1799 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1800 lenpos = pos; /* remember this position */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1801 pos += 4; /* encrypted-blob size */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1802 pos += 4; /* encrypted-payload size */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1803 if (initial_zero) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1804 PUT_32BIT(outblob+pos, 0);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1805 pos += 4;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1806 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1807 for (i = 0; i < nnumbers; i++)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1808 pos += sshcom_put_mpint(outblob+pos,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1809 numbers[i].start, numbers[i].bytes);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1810 /* Now wrap up the encrypted payload. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1811 PUT_32BIT(outblob+lenpos+4, pos - (lenpos+8));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1812 /* Pad encrypted blob to a multiple of cipher block size. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1813 if (passphrase) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1814 int padding = -(pos - (lenpos+4)) & 7;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1815 while (padding--)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1816 outblob[pos++] = random_byte();
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1817 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1818 ciphertext = (char *)outblob+lenpos+4;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1819 cipherlen = pos - (lenpos+4);
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1820 dropbear_assert(!passphrase \|\| cipherlen % 8 == 0);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1821 /* Wrap up the encrypted blob string. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1822 PUT_32BIT(outblob+lenpos, cipherlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1823 /* And finally fill in the total length field. */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1824 PUT_32BIT(outblob+4, pos);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1825
241 c5d3ef11155f * use own assertions which should get logged properly Matt Johnston <matt@ucc.asn.au> parents: 87 diff changeset	1826 dropbear_assert(pos < outlen);
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1827
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1828 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1829 * Encrypt the key.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1830 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1831 if (passphrase) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1832 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1833 * Derive encryption key from passphrase and iv/salt:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1834 *
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1835 * - let block A equal MD5(passphrase)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1836 * - let block B equal MD5(passphrase \|\| A)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1837 * - block C would be MD5(passphrase \|\| A \|\| B) and so on
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1838 * - encryption key is the first N bytes of A \|\| B
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1839 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1840 struct MD5Context md5c;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1841 unsigned char keybuf[32], iv[8];
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1842
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1843 MD5Init(&md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1844 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1845 MD5Final(keybuf, &md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1846
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1847 MD5Init(&md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1848 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1849 MD5Update(&md5c, keybuf, 16);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1850 MD5Final(keybuf+16, &md5c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1851
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1852 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1853 * Now decrypt the key blob.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1854 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1855 memset(iv, 0, sizeof(iv));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1856 des3_encrypt_pubkey_ossh(keybuf, iv, (unsigned char *)ciphertext,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1857 cipherlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1858
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1859 memset(&md5c, 0, sizeof(md5c));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1860 memset(keybuf, 0, sizeof(keybuf));
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1861 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1862
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1863 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1864 * And save it. We'll use Unix line endings just in case it's
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1865 * subsequently transferred in binary mode.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1866 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1867 fp = fopen(filename, "wb"); /* ensure Unix line endings */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1868 if (!fp)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1869 goto error;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1870 fputs("---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----\n", fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1871 fprintf(fp, "Comment: \"");
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1872 /*
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1873 * Comment header is broken with backslash-newline if it goes
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1874 * over 70 chars. Although it's surrounded by quotes, it
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1875 * _doesn't_ escape backslashes or quotes within the string.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1876 * Don't ask me, I didn't design it.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1877 */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1878 {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1879 int slen = 60; /* starts at 60 due to "Comment: " */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1880 char *c = key->comment;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1881 while ((int)strlen(c) > slen) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1882 fprintf(fp, "%.*s\\\n", slen, c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1883 c += slen;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1884 slen = 70; /* allow 70 chars on subsequent lines */
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1885 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1886 fprintf(fp, "%s\"\n", c);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1887 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1888 base64_encode_fp(fp, outblob, pos, 70);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1889 fputs("---- END SSH2 ENCRYPTED PRIVATE KEY ----\n", fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1890 fclose(fp);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1891 ret = 1;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1892
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1893 error:
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1894 if (outblob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1895 memset(outblob, 0, outlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1896 m_free(outblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1897 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1898 if (privblob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1899 memset(privblob, 0, privlen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1900 m_free(privblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1901 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1902 if (pubblob) {
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1903 memset(pubblob, 0, publen);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1904 m_free(pubblob);
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1905 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1906 return ret;
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1907 }
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1908 #endif /* ssh.com stuff disabled */

Mercurial > dropbear

annotate keyimport.c @ 1156:a8f4dade70e5