annotate keyimport.c @ 1659:d32bcb5c557d

Add Ed25519 support (#91) * Add support for Ed25519 as a public key type Ed25519 is a elliptic curve signature scheme that offers better security than ECDSA and DSA and good performance. It may be used for both user and host keys. OpenSSH key import and fuzzer are not supported yet. Initially inspired by Peter Szabo. * Add curve25519 and ed25519 fuzzers * Add import and export of Ed25519 keys
author Vladislav Grishenko <themiron@users.noreply.github.com>
date Wed, 11 Mar 2020 21:09:45 +0500
parents 315fcba6960e
children ba6fc7afe1c5
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 * Based on PuTTY's import.c for importing/exporting OpenSSH and SSH.com
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
3 * keyfiles.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
4 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5 * Modifications copyright 2003 Matt Johnston
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
6 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
7 * PuTTY is copyright 1997-2003 Simon Tatham.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
8 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
9 * Portions copyright Robert de Bath, Joris van Rantwijk, Delian
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10 * Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
11 * Justin Bradford, and CORE SDI S.A.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
12 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 * Permission is hereby granted, free of charge, to any person
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 * obtaining a copy of this software and associated documentation files
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15 * (the "Software"), to deal in the Software without restriction,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
16 * including without limitation the rights to use, copy, modify, merge,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 * publish, distribute, sublicense, and/or sell copies of the Software,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18 * and to permit persons to whom the Software is furnished to do so,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
19 * subject to the following conditions:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
20 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
21 * The above copyright notice and this permission notice shall be
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
22 * included in all copies or substantial portions of the Software.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
23 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
27 * NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 * FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
29 * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
30 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
33 #include "keyimport.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34 #include "bignum.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
35 #include "buffer.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
36 #include "dbutil.h"
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
37 #include "ecc.h"
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
38 #include "ssh.h"
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
39
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
40 static const unsigned char OSSH_PKEY_BLOB[] =
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
41 "openssh-key-v1\0" /* AUTH_MAGIC */
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
42 "\0\0\0\4none" /* cipher name*/
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
43 "\0\0\0\4none" /* kdf name */
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
44 "\0\0\0\0" /* kdf */
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
45 "\0\0\0\1"; /* key num */
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
46 #define OSSH_PKEY_BLOBLEN (sizeof(OSSH_PKEY_BLOB) - 1)
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
47
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1294
diff changeset
48 #if DROPBEAR_ECDSA
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
49 static const unsigned char OID_SEC256R1_BLOB[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07};
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
50 static const unsigned char OID_SEC384R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x22};
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
51 static const unsigned char OID_SEC521R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x23};
1294
56aba7dedbea options for disabling "normal" DH
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
52 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
53
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
54 #define PUT_32BIT(cp, value) do { \
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
55 (cp)[3] = (unsigned char)(value); \
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
56 (cp)[2] = (unsigned char)((value) >> 8); \
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
57 (cp)[1] = (unsigned char)((value) >> 16); \
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
58 (cp)[0] = (unsigned char)((value) >> 24); } while (0)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
59
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
60 #define GET_32BIT(cp) \
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
61 (((unsigned long)(unsigned char)(cp)[0] << 24) | \
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
62 ((unsigned long)(unsigned char)(cp)[1] << 16) | \
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
63 ((unsigned long)(unsigned char)(cp)[2] << 8) | \
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
64 ((unsigned long)(unsigned char)(cp)[3]))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
65
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
66 static int openssh_encrypted(const char *filename);
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1395
diff changeset
67 static sign_key *openssh_read(const char *filename, const char *passphrase);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
68 static int openssh_write(const char *filename, sign_key *key,
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1395
diff changeset
69 const char *passphrase);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
70
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
71 static int dropbear_write(const char*filename, sign_key * key);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
72 static sign_key *dropbear_read(const char* filename);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
73
1306
34e6127ef02e merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
74 static int toint(unsigned u);
34e6127ef02e merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
75
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
76 #if 0
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
77 static int sshcom_encrypted(const char *filename, char **comment);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
78 static struct ssh2_userkey *sshcom_read(const char *filename, char *passphrase);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
79 static int sshcom_write(const char *filename, struct ssh2_userkey *key,
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
80 char *passphrase);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
81 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
82
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
83 int import_encrypted(const char* filename, int filetype) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
84
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
85 if (filetype == KEYFILE_OPENSSH) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
86 return openssh_encrypted(filename);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
87 #if 0
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
88 } else if (filetype == KEYFILE_SSHCOM) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
89 return sshcom_encrypted(filename, NULL);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
90 #endif
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
91 }
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
92 return 0;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
93 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
94
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1395
diff changeset
95 sign_key *import_read(const char *filename, const char *passphrase, int filetype) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
96
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
97 if (filetype == KEYFILE_OPENSSH) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
98 return openssh_read(filename, passphrase);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
99 } else if (filetype == KEYFILE_DROPBEAR) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
100 return dropbear_read(filename);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
101 #if 0
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
102 } else if (filetype == KEYFILE_SSHCOM) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
103 return sshcom_read(filename, passphrase);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
104 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
105 }
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
106 return NULL;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
107 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
108
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1395
diff changeset
109 int import_write(const char *filename, sign_key *key, const char *passphrase,
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
110 int filetype) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
111
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
112 if (filetype == KEYFILE_OPENSSH) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
113 return openssh_write(filename, key, passphrase);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
114 } else if (filetype == KEYFILE_DROPBEAR) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
115 return dropbear_write(filename, key);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
116 #if 0
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
117 } else if (filetype == KEYFILE_SSHCOM) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
118 return sshcom_write(filename, key, passphrase);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
119 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
120 }
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
121 return 0;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
122 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
123
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
124 static sign_key *dropbear_read(const char* filename) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
125
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
126 buffer * buf = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
127 sign_key *ret = NULL;
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents: 845
diff changeset
128 enum signkey_type type;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
129
73
0bf5cebe622c Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
130 buf = buf_new(MAX_PRIVKEY_SIZE);
0bf5cebe622c Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
131 if (buf_readfile(buf, filename) == DROPBEAR_FAILURE) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
132 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
133 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
134
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
135 buf_setpos(buf, 0);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
136 ret = new_sign_key();
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
137
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
138 type = DROPBEAR_SIGNKEY_ANY;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
139 if (buf_get_priv_key(buf, ret, &type) == DROPBEAR_FAILURE){
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
140 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
141 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
142 buf_free(buf);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
143
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
144 ret->type = type;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
145
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
146 return ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
147
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
148 error:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
149 if (buf) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
150 buf_free(buf);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
151 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
152 if (ret) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
153 sign_key_free(ret);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
154 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
155 return NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
156 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
157
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
158 /* returns 0 on fail, 1 on success */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
159 static int dropbear_write(const char*filename, sign_key * key) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
160
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
161 buffer * buf;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
162 FILE*fp;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
163 int len;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
164 int ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
165
73
0bf5cebe622c Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
166 buf = buf_new(MAX_PRIVKEY_SIZE);
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
167 buf_put_priv_key(buf, key, key->type);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
168
87
680a0bc9df0a Some small fixes for unused vars, and old messages
Matt Johnston <matt@ucc.asn.au>
parents: 73
diff changeset
169 fp = fopen(filename, "w");
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
170 if (!fp) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
171 ret = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
172 goto out;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
173 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
174
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
175 buf_setpos(buf, 0);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
176 do {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
177 len = fwrite(buf_getptr(buf, buf->len - buf->pos),
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
178 1, buf->len - buf->pos, fp);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
179 buf_incrpos(buf, len);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
180 } while (len > 0 && buf->len != buf->pos);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
181
256
ac890087b8c1 * keyimport.c: fclose() the key file to make sure data gets written
Matt Johnston <matt@ucc.asn.au>
parents: 241
diff changeset
182 fclose(fp);
ac890087b8c1 * keyimport.c: fclose() the key file to make sure data gets written
Matt Johnston <matt@ucc.asn.au>
parents: 241
diff changeset
183
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
184 if (buf->pos != buf->len) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
185 ret = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
186 } else {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
187 ret = 1;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
188 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
189 out:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
190 buf_free(buf);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
191 return ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
192 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
193
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
194
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
195 /* ----------------------------------------------------------------------
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
196 * Helper routines. (The base64 ones are defined in sshpubk.c.)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
197 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
198
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
199 #define isbase64(c) ( ((c) >= 'A' && (c) <= 'Z') || \
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
200 ((c) >= 'a' && (c) <= 'z') || \
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
201 ((c) >= '0' && (c) <= '9') || \
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
202 (c) == '+' || (c) == '/' || (c) == '=' \
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
203 )
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
204
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
205 /* cpl has to be less than 100 */
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1395
diff changeset
206 static void base64_encode_fp(FILE * fp, const unsigned char *data,
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
207 int datalen, int cpl)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
208 {
1094
c45d65392c1a Fix pointer differ in signess warnings [-Werror=pointer-sign]
Gaël PORTAY <gael.portay@gmail.com>
parents: 1089
diff changeset
209 unsigned char out[100];
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1124
diff changeset
210 int n;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
211 unsigned long outlen;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
212 int rawcpl;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
213 rawcpl = cpl * 3 / 4;
241
c5d3ef11155f * use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents: 87
diff changeset
214 dropbear_assert((unsigned int)cpl < sizeof(out));
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
215
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1124
diff changeset
216 while (datalen > 0) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
217 n = (datalen < rawcpl ? datalen : rawcpl);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
218 outlen = sizeof(out);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
219 base64_encode(data, n, out, &outlen);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
220 data += n;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
221 datalen -= n;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
222 fwrite(out, 1, outlen, fp);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
223 fputc('\n', fp);
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1124
diff changeset
224 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
225 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
226 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
227 * Read an ASN.1/BER identifier and length pair.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
228 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
229 * Flags are a combination of the #defines listed below.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
230 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
231 * Returns -1 if unsuccessful; otherwise returns the number of
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
232 * bytes used out of the source data.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
233 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
234
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
235 /* ASN.1 tag classes. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
236 #define ASN1_CLASS_UNIVERSAL (0 << 6)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
237 #define ASN1_CLASS_APPLICATION (1 << 6)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
238 #define ASN1_CLASS_CONTEXT_SPECIFIC (2 << 6)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
239 #define ASN1_CLASS_PRIVATE (3 << 6)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
240 #define ASN1_CLASS_MASK (3 << 6)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
241
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
242 /* Primitive versus constructed bit. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
243 #define ASN1_CONSTRUCTED (1 << 5)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
244
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
245 static int ber_read_id_len(void *source, int sourcelen,
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
246 int *id, int *length, int *flags)
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
247 {
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
248 unsigned char *p = (unsigned char *) source;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
249
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
250 if (sourcelen == 0)
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
251 return -1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
252
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
253 *flags = (*p & 0xE0);
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
254 if ((*p & 0x1F) == 0x1F) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
255 *id = 0;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
256 while (*p & 0x80) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
257 p++, sourcelen--;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
258 if (sourcelen == 0)
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
259 return -1;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
260 *id = (*id << 7) | (*p & 0x7F);
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
261 }
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
262 p++, sourcelen--;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
263 } else {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
264 *id = *p & 0x1F;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
265 p++, sourcelen--;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
266 }
1306
34e6127ef02e merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
267
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
268 if (sourcelen == 0)
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
269 return -1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
270
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
271 if (*p & 0x80) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
272 unsigned len;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
273 int n = *p & 0x7F;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
274 p++, sourcelen--;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
275 if (sourcelen < n)
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
276 return -1;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
277 len = 0;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
278 while (n--)
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
279 len = (len << 8) | (*p++);
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
280 sourcelen -= n;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
281 *length = toint(len);
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
282 } else {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
283 *length = *p;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
284 p++, sourcelen--;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
285 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
286
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
287 if (*length < 0) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
288 printf("Negative ASN.1 length\n");
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
289 return -1;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
290 }
1307
ad9c40aca3bc add length checks for ecc too
Matt Johnston <matt@ucc.asn.au>
parents: 1306
diff changeset
291
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
292 return p - (unsigned char *) source;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
293 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
294
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
295 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
296 * Write an ASN.1/BER identifier and length pair. Returns the
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
297 * number of bytes consumed. Assumes dest contains enough space.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
298 * Will avoid writing anything if dest is NULL, but still return
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
299 * amount of space required.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
300 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
301 static int ber_write_id_len(void *dest, int id, int length, int flags)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
302 {
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
303 unsigned char *d = (unsigned char *)dest;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
304 int len = 0;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
305
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
306 if (id <= 30) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
307 /*
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
308 * Identifier is one byte.
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
309 */
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
310 len++;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
311 if (d) *d++ = id | flags;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
312 } else {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
313 int n;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
314 /*
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
315 * Identifier is multiple bytes: the first byte is 11111
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
316 * plus the flags, and subsequent bytes encode the value of
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
317 * the identifier, 7 bits at a time, with the top bit of
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
318 * each byte 1 except the last one which is 0.
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
319 */
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
320 len++;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
321 if (d) *d++ = 0x1F | flags;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
322 for (n = 1; (id >> (7*n)) > 0; n++)
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
323 continue; /* count the bytes */
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
324 while (n--) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
325 len++;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
326 if (d) *d++ = (n ? 0x80 : 0) | ((id >> (7*n)) & 0x7F);
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
327 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
328 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
329
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
330 if (length < 128) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
331 /*
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
332 * Length is one byte.
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
333 */
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
334 len++;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
335 if (d) *d++ = length;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
336 } else {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
337 int n;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
338 /*
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
339 * Length is multiple bytes. The first is 0x80 plus the
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
340 * number of subsequent bytes, and the subsequent bytes
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
341 * encode the actual length.
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
342 */
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
343 for (n = 1; (length >> (8*n)) > 0; n++)
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
344 continue; /* count the bytes */
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
345 len++;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
346 if (d) *d++ = 0x80 | n;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
347 while (n--) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
348 len++;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
349 if (d) *d++ = (length >> (8*n)) & 0xFF;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
350 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
351 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
352
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
353 return len;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
354 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
355
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
356
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
357 /* Simple structure to point to an mp-int within a blob. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
358 struct mpint_pos { void *start; int bytes; };
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
359
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
360 /* ----------------------------------------------------------------------
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
361 * Code to read and write OpenSSH private keys.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
362 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
363
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
364 enum { OSSH_DSA, OSSH_RSA, OSSH_EC, OSSH_PKEY };
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
365 struct openssh_key {
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
366 int type;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
367 int encrypted;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
368 char iv[32];
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
369 unsigned char *keyblob;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
370 unsigned int keyblob_len, keyblob_size;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
371 };
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
372
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
373 static struct openssh_key *load_openssh_key(const char *filename)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
374 {
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
375 struct openssh_key *ret;
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
376 buffer *buf = NULL;
340
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 256
diff changeset
377 FILE *fp = NULL;
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
378 char buffer[256];
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
379 char *errmsg = NULL, *p = NULL;
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
380 int headers_done;
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
381 unsigned long len;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
382
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
383 ret = (struct openssh_key*)m_malloc(sizeof(struct openssh_key));
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
384 ret->keyblob = NULL;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
385 ret->keyblob_len = ret->keyblob_size = 0;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
386 ret->encrypted = 0;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
387 memset(ret->iv, 0, sizeof(ret->iv));
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
388
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
389 if (strlen(filename) == 1 && filename[0] == '-') {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
390 fp = stdin;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
391 } else {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
392 fp = fopen(filename, "r");
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
393 }
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
394 if (!fp) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
395 errmsg = "Unable to open key file";
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
396 goto error;
1306
34e6127ef02e merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
397 }
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
398 if (!fgets(buffer, sizeof(buffer), fp) ||
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
399 0 != strncmp(buffer, "-----BEGIN ", 11) ||
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
400 0 != strcmp(buffer+strlen(buffer)-17, "PRIVATE KEY-----\n")) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
401 errmsg = "File does not begin with OpenSSH key header";
1306
34e6127ef02e merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
402 goto error;
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
403 }
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
404 if (!strcmp(buffer, "-----BEGIN RSA PRIVATE KEY-----\n"))
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
405 ret->type = OSSH_RSA;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
406 else if (!strcmp(buffer, "-----BEGIN DSA PRIVATE KEY-----\n"))
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
407 ret->type = OSSH_DSA;
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 491
diff changeset
408 else if (!strcmp(buffer, "-----BEGIN EC PRIVATE KEY-----\n"))
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 491
diff changeset
409 ret->type = OSSH_EC;
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
410 else if (!strcmp(buffer, "-----BEGIN OPENSSH PRIVATE KEY-----\n"))
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
411 ret->type = OSSH_PKEY;
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
412 else {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
413 errmsg = "Unrecognised key type";
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
414 goto error;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
415 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
416
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
417 headers_done = 0;
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
418 buf = buf_new(0);
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
419 while (1) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
420 if (!fgets(buffer, sizeof(buffer), fp)) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
421 errmsg = "Unexpected end of file";
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
422 goto error;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
423 }
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
424 if (0 == strncmp(buffer, "-----END ", 9) &&
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
425 0 == strcmp(buffer+strlen(buffer)-17, "PRIVATE KEY-----\n"))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
426 break; /* done */
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
427 if ((p = strchr(buffer, ':')) != NULL) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
428 if (headers_done) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
429 errmsg = "Header found in body of key data";
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
430 goto error;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
431 }
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
432 *p++ = '\0';
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
433 while (*p && isspace((unsigned char)*p)) p++;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
434 if (!strcmp(buffer, "Proc-Type")) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
435 if (p[0] != '4' || p[1] != ',') {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
436 errmsg = "Proc-Type is not 4 (only 4 is supported)";
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
437 goto error;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
438 }
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
439 p += 2;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
440 if (!strcmp(p, "ENCRYPTED\n"))
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
441 ret->encrypted = 1;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
442 } else if (!strcmp(buffer, "DEK-Info")) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
443 int i, j;
1306
34e6127ef02e merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
444
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
445 if (strncmp(p, "DES-EDE3-CBC,", 13)) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
446 errmsg = "Ciphers other than DES-EDE3-CBC not supported";
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
447 goto error;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
448 }
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
449 p += 13;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
450 for (i = 0; i < 8; i++) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
451 if (1 != sscanf(p, "%2x", &j))
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
452 break;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
453 ret->iv[i] = j;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
454 p += 2;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
455 }
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
456 if (i < 8) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
457 errmsg = "Expected 16-digit iv in DEK-Info";
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
458 goto error;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
459 }
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
460 }
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
461 } else {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
462 headers_done = 1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
463 len = strlen(buffer);
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
464 buf = buf_resize(buf, buf->size + len);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
465 buf_putbytes(buf, buffer, len);
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
466 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
467 }
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
468
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
469 if (buf && buf->len) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
470 ret->keyblob_size = ret->keyblob_len + buf->len*4/3 + 256;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
471 ret->keyblob = (unsigned char*)m_realloc(ret->keyblob, ret->keyblob_size);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
472 len = ret->keyblob_size;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
473 if (base64_decode((const unsigned char *)buf->data, buf->len,
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
474 ret->keyblob, &len) != CRYPT_OK){
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
475 errmsg = "Error decoding base64";
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
476 goto error;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
477 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
478 ret->keyblob_len = len;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
479 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
480
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
481 if (ret->type == OSSH_PKEY) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
482 if (ret->keyblob_len < OSSH_PKEY_BLOBLEN ||
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
483 memcmp(ret->keyblob, OSSH_PKEY_BLOB, OSSH_PKEY_BLOBLEN)) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
484 errmsg = "Error decoding OpenSSH key";
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
485 goto error;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
486 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
487 ret->keyblob_len -= OSSH_PKEY_BLOBLEN;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
488 memmove(ret->keyblob, ret->keyblob + OSSH_PKEY_BLOBLEN, ret->keyblob_len);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
489 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
490
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
491 if (ret->keyblob_len == 0 || !ret->keyblob) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
492 errmsg = "Key body not present";
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
493 goto error;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
494 }
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
495
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
496 if (ret->encrypted && ret->keyblob_len % 8 != 0) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
497 errmsg = "Encrypted key blob is not a multiple of cipher block size";
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
498 goto error;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
499 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
500
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
501 if (buf) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
502 buf_burn(buf);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
503 buf_free(buf);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
504 }
1045
31727a8abd4b Use m_burn rather than memset
Thorsten Horstmann <thorsten.horstmann@web.de>
parents: 1038
diff changeset
505 m_burn(buffer, sizeof(buffer));
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
506 return ret;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
507
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
508 error:
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
509 if (buf) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
510 buf_burn(buf);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
511 buf_free(buf);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
512 }
1045
31727a8abd4b Use m_burn rather than memset
Thorsten Horstmann <thorsten.horstmann@web.de>
parents: 1038
diff changeset
513 m_burn(buffer, sizeof(buffer));
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
514 if (ret) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
515 if (ret->keyblob) {
1045
31727a8abd4b Use m_burn rather than memset
Thorsten Horstmann <thorsten.horstmann@web.de>
parents: 1038
diff changeset
516 m_burn(ret->keyblob, ret->keyblob_size);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
517 m_free(ret->keyblob);
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
518 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
519 m_free(ret);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
520 }
340
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 256
diff changeset
521 if (fp) {
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 256
diff changeset
522 fclose(fp);
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
523 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
524 if (errmsg) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
525 fprintf(stderr, "Error: %s\n", errmsg);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
526 }
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
527 return NULL;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
528 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
529
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
530 static int openssh_encrypted(const char *filename)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
531 {
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
532 struct openssh_key *key = load_openssh_key(filename);
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
533 int ret;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
534
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
535 if (!key)
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
536 return 0;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
537 ret = key->encrypted;
1045
31727a8abd4b Use m_burn rather than memset
Thorsten Horstmann <thorsten.horstmann@web.de>
parents: 1038
diff changeset
538 m_burn(key->keyblob, key->keyblob_size);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
539 m_free(key->keyblob);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
540 m_free(key);
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
541 return ret;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
542 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
543
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1395
diff changeset
544 static sign_key *openssh_read(const char *filename, const char * UNUSED(passphrase))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
545 {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
546 struct openssh_key *key;
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
547 unsigned char *p;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
548 int ret, id, len, flags;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
549 int i, num_integers = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
550 sign_key *retval = NULL;
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
551 char *errmsg;
1119
845922d73e9c Turn modptr local variable into unsigned char *
Gaël PORTAY <gael.portay@gmail.com>
parents: 1094
diff changeset
552 unsigned char *modptr = NULL;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
553 int modlen = -9999;
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents: 845
diff changeset
554 enum signkey_type type;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
555
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
556 sign_key *retkey;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
557 buffer * blobbuf = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
558
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
559 retkey = new_sign_key();
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
560
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
561 key = load_openssh_key(filename);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
562
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
563 if (!key)
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
564 return NULL;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
565
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
566 if (key->encrypted) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
567 errmsg = "encrypted keys not supported currently";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
568 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
569 #if 0
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
570 /* matt TODO */
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
571 /*
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
572 * Derive encryption key from passphrase and iv/salt:
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
573 *
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
574 * - let block A equal MD5(passphrase || iv)
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
575 * - let block B equal MD5(A || passphrase || iv)
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
576 * - block C would be MD5(B || passphrase || iv) and so on
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
577 * - encryption key is the first N bytes of A || B
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
578 */
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
579 struct MD5Context md5c;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
580 unsigned char keybuf[32];
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
581
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
582 MD5Init(&md5c);
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
583 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
584 MD5Update(&md5c, (unsigned char *)key->iv, 8);
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
585 MD5Final(keybuf, &md5c);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
586
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
587 MD5Init(&md5c);
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
588 MD5Update(&md5c, keybuf, 16);
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
589 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
590 MD5Update(&md5c, (unsigned char *)key->iv, 8);
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
591 MD5Final(keybuf+16, &md5c);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
592
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
593 /*
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
594 * Now decrypt the key blob.
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
595 */
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
596 des3_decrypt_pubkey_ossh(keybuf, (unsigned char *)key->iv,
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
597 key->keyblob, key->keyblob_len);
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
598
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
599 memset(&md5c, 0, sizeof(md5c));
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
600 memset(keybuf, 0, sizeof(keybuf));
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
601 #endif
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
602 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
603
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
604 /*
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
605 * Now we have a decrypted key blob, which contains OpenSSH
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
606 * encoded private key. We must now untangle the OpenSSH format.
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
607 */
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
608 if (key->type == OSSH_PKEY) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
609 blobbuf = buf_new(key->keyblob_len);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
610 buf_putbytes(blobbuf, key->keyblob, key->keyblob_len);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
611 buf_setpos(blobbuf, 0);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
612
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
613 /* limit length of private key blob */
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
614 len = buf_getint(blobbuf);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
615 buf_setlen(blobbuf, blobbuf->pos + len);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
616
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
617 type = DROPBEAR_SIGNKEY_ANY;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
618 if (buf_get_pub_key(blobbuf, retkey, &type)
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
619 != DROPBEAR_SUCCESS) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
620 errmsg = "Error parsing OpenSSH key";
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
621 goto ossh_error;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
622 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
623
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
624 /* restore full length */
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
625 buf_setlen(blobbuf, key->keyblob_len);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
626
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
627 if (type != DROPBEAR_SIGNKEY_NONE) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
628 retkey->type = type;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
629 /* limit length of private key blob */
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
630 len = buf_getint(blobbuf);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
631 buf_setlen(blobbuf, blobbuf->pos + len);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
632 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
633 if (type == DROPBEAR_SIGNKEY_ED25519) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
634 buf_incrpos(blobbuf, 8);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
635 buf_eatstring(blobbuf);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
636 buf_eatstring(blobbuf);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
637 buf_incrpos(blobbuf, -SSH_SIGNKEY_ED25519_LEN-4);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
638 if (buf_get_ed25519_priv_key(blobbuf, retkey->ed25519key)
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
639 == DROPBEAR_SUCCESS) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
640 errmsg = NULL;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
641 retval = retkey;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
642 goto error;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
643 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
644 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
645 #endif
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
646 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
647
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
648 errmsg = "Unsupported OpenSSH key type";
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
649 ossh_error:
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
650 sign_key_free(retkey);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
651 retkey = NULL;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
652 goto error;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
653 }
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
654
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
655 /*
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
656 * Now we have a decrypted key blob, which contains an ASN.1
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
657 * encoded private key. We must now untangle the ASN.1.
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
658 *
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
659 * We expect the whole key blob to be formatted as a SEQUENCE
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
660 * (0x30 followed by a length code indicating that the rest of
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
661 * the blob is part of the sequence). Within that SEQUENCE we
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
662 * expect to see a bunch of INTEGERs. What those integers mean
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
663 * depends on the key type:
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
664 *
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
665 * - For RSA, we expect the integers to be 0, n, e, d, p, q,
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
666 * dmp1, dmq1, iqmp in that order. (The last three are d mod
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
667 * (p-1), d mod (q-1), inverse of q mod p respectively.)
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
668 *
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
669 * - For DSA, we expect them to be 0, p, q, g, y, x in that
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
670 * order.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
671 */
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
672
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
673 p = key->keyblob;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
674
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
675 /* Expect the SEQUENCE header. Take its absence as a failure to decrypt. */
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
676 ret = ber_read_id_len(p, key->keyblob_len, &id, &len, &flags);
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
677 p += ret;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
678 if (ret < 0 || id != 16 || len < 0 ||
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
679 key->keyblob+key->keyblob_len-p < len) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
680 errmsg = "ASN.1 decoding failure";
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
681 goto error;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
682 }
1306
34e6127ef02e merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
683
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
684 /* Expect a load of INTEGERs. */
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
685 if (key->type == OSSH_RSA)
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
686 num_integers = 9;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
687 else if (key->type == OSSH_DSA)
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
688 num_integers = 6;
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
689 else if (key->type == OSSH_EC)
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
690 num_integers = 1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
691
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
692 /*
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
693 * Space to create key blob in.
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
694 */
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
695 blobbuf = buf_new(3000);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
696
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1294
diff changeset
697 #if DROPBEAR_DSS
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
698 if (key->type == OSSH_DSA) {
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1119
diff changeset
699 buf_putstring(blobbuf, "ssh-dss", 7);
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
700 retkey->type = DROPBEAR_SIGNKEY_DSS;
935
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
701 }
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
702 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1294
diff changeset
703 #if DROPBEAR_RSA
935
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
704 if (key->type == OSSH_RSA) {
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1119
diff changeset
705 buf_putstring(blobbuf, "ssh-rsa", 7);
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
706 retkey->type = DROPBEAR_SIGNKEY_RSA;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
707 }
935
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
708 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
709
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
710 for (i = 0; i < num_integers; i++) {
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
711 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
712 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
713 p += ret;
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
714 if (ret < 0 || id != 2 || len < 0 ||
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
715 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
716 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
717 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
718 }
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
719
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
720 if (i == 0) {
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
721 /* First integer is a version indicator */
991
4f65c867fc99 Fix variables may be uninitialized.
Like Ma <likemartinma@gmail.com>
parents: 935
diff changeset
722 int expected = -1;
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
723 switch (key->type) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
724 case OSSH_RSA:
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
725 case OSSH_DSA:
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
726 expected = 0;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
727 break;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
728 case OSSH_EC:
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
729 expected = 1;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
730 break;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
731 }
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
732 if (len != 1 || p[0] != expected) {
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
733 errmsg = "Version number mismatch";
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
734 goto error;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
735 }
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
736 } else if (key->type == OSSH_RSA) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
737 /*
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
738 * OpenSSH key order is n, e, d, p, q, dmp1, dmq1, iqmp
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
739 * but we want e, n, d, p, q
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
740 */
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
741 if (i == 1) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
742 /* Save the details for after we deal with number 2. */
1119
845922d73e9c Turn modptr local variable into unsigned char *
Gaël PORTAY <gael.portay@gmail.com>
parents: 1094
diff changeset
743 modptr = p;
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
744 modlen = len;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
745 } else if (i >= 2 && i <= 5) {
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1119
diff changeset
746 buf_putstring(blobbuf, (const char*)p, len);
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
747 if (i == 2) {
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1119
diff changeset
748 buf_putstring(blobbuf, (const char*)modptr, modlen);
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
749 }
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
750 }
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
751 } else if (key->type == OSSH_DSA) {
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
752 /*
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
753 * OpenSSH key order is p, q, g, y, x,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
754 * we want the same.
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
755 */
1122
aaf576b27a10 Merge pull request #13 from gazoo74/fix-warnings
Matt Johnston <matt@ucc.asn.au>
parents: 1119
diff changeset
756 buf_putstring(blobbuf, (const char*)p, len);
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
757 }
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
758
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
759 /* Skip past the number. */
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
760 p += len;
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
761 }
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
762
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1294
diff changeset
763 #if DROPBEAR_ECDSA
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
764 if (key->type == OSSH_EC) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
765 unsigned char* private_key_bytes = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
766 int private_key_len = 0;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
767 unsigned char* public_key_bytes = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
768 int public_key_len = 0;
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 806
diff changeset
769 ecc_key *ecc = NULL;
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
770 const struct dropbear_ecc_curve *curve = NULL;
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
771
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
772 /* See SEC1 v2, Appendix C.4 */
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
773 /* OpenSSL (so OpenSSH) seems to include the optional parts. */
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
774
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
775 /* privateKey OCTET STRING, */
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
776 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
777 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
778 p += ret;
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
779 /* id==4 for octet string */
1395
77c0d57a4410 fix indentation
Francois Perrad <francois.perrad@gadz.org>
parents: 1316
diff changeset
780 if (ret < 0 || id != 4 || len < 0 ||
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
781 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
782 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
783 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
784 }
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
785 private_key_bytes = p;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
786 private_key_len = len;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
787 p += len;
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
788
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
789 /* parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL, */
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
790 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
791 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
792 p += ret;
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
793 /* id==0 */
1395
77c0d57a4410 fix indentation
Francois Perrad <francois.perrad@gadz.org>
parents: 1316
diff changeset
794 if (ret < 0 || id != 0 || len < 0) {
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
795 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
796 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
797 }
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
798
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
799 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
800 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
801 p += ret;
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
802 /* id==6 for object */
1395
77c0d57a4410 fix indentation
Francois Perrad <francois.perrad@gadz.org>
parents: 1316
diff changeset
803 if (ret < 0 || id != 6 || len < 0 ||
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
804 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
805 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
806 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
807 }
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
808
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
809 if (0) {}
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1294
diff changeset
810 #if DROPBEAR_ECC_256
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
811 else if (len == sizeof(OID_SEC256R1_BLOB)
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
812 && memcmp(p, OID_SEC256R1_BLOB, len) == 0) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
813 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP256;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
814 curve = &ecc_curve_nistp256;
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
815 }
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
816 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1294
diff changeset
817 #if DROPBEAR_ECC_384
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
818 else if (len == sizeof(OID_SEC384R1_BLOB)
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
819 && memcmp(p, OID_SEC384R1_BLOB, len) == 0) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
820 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP384;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
821 curve = &ecc_curve_nistp384;
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
822 }
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
823 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1294
diff changeset
824 #if DROPBEAR_ECC_521
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
825 else if (len == sizeof(OID_SEC521R1_BLOB)
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
826 && memcmp(p, OID_SEC521R1_BLOB, len) == 0) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
827 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP521;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
828 curve = &ecc_curve_nistp521;
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
829 }
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
830 #endif
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
831 else {
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
832 errmsg = "Unknown ECC key type";
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
833 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
834 }
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
835 p += len;
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
836
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
837 /* publicKey [1] BIT STRING OPTIONAL */
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
838 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
839 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
840 p += ret;
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
841 /* id==1 */
1395
77c0d57a4410 fix indentation
Francois Perrad <francois.perrad@gadz.org>
parents: 1316
diff changeset
842 if (ret < 0 || id != 1 || len < 0) {
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
843 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
844 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
845 }
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
846
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
847 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
848 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
849 p += ret;
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
850 /* id==3 for bit string */
1395
77c0d57a4410 fix indentation
Francois Perrad <francois.perrad@gadz.org>
parents: 1316
diff changeset
851 if (ret < 0 || id != 3 || len < 0 ||
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
852 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
853 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
854 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
855 }
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
856 public_key_bytes = p+1;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
857 public_key_len = len-1;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
858 p += len;
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
859
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
860 buf_putbytes(blobbuf, public_key_bytes, public_key_len);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
861 ecc = buf_get_ecc_raw_pubkey(blobbuf, curve);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
862 if (!ecc) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
863 errmsg = "Error parsing ECC key";
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
864 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
865 }
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
866 m_mp_alloc_init_multi((mp_int**)&ecc->k, NULL);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
867 if (mp_read_unsigned_bin(ecc->k, private_key_bytes, private_key_len)
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
868 != MP_OKAY) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
869 errmsg = "Error parsing ECC key";
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
870 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
871 }
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
872
841
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
873 *signkey_key_ptr(retkey, retkey->type) = ecc;
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
874 }
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
875 #endif /* DROPBEAR_ECDSA */
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
876
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
877 /*
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
878 * Now put together the actual key. Simplest way to do this is
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
879 * to assemble our own key blobs and feed them to the createkey
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
880 * functions; this is a bit faffy but it does mean we get all
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
881 * the sanity checks for free.
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
882 */
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
883 if (key->type == OSSH_RSA || key->type == OSSH_DSA) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
884 buf_setpos(blobbuf, 0);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
885 type = DROPBEAR_SIGNKEY_ANY;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
886 if (buf_get_priv_key(blobbuf, retkey, &type)
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
887 != DROPBEAR_SUCCESS) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
888 errmsg = "unable to create key structure";
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
889 sign_key_free(retkey);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
890 retkey = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
891 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
892 }
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
893 }
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
894
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
895 errmsg = NULL; /* no error */
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
896 retval = retkey;
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
897
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
898 error:
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
899 if (blobbuf) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
900 buf_burn(blobbuf);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
901 buf_free(blobbuf);
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
902 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
903 m_burn(key->keyblob, key->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
904 m_free(key->keyblob);
1002
97d1e54941fd When clearing the memory of 'key' in function openssh_read(), only the size
Christian Engelmayer <cengelma@gmx.at>
parents: 991
diff changeset
905 m_burn(key, sizeof(*key));
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
906 m_free(key);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
907 if (errmsg) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
908 fprintf(stderr, "Error: %s\n", errmsg);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
909 }
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
910 return retval;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
911 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
912
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
913 static int openssh_write(const char *filename, sign_key *key,
1459
06d52bcb8094 Pointer parameter could be declared as pointing to const
Francois Perrad <francois.perrad@gadz.org>
parents: 1395
diff changeset
914 const char *passphrase)
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
915 {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
916 buffer * keyblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
917 buffer * extrablob = NULL; /* used for calculated values to write */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
918 unsigned char *outblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
919 int outlen = -9999;
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
920 struct mpint_pos numbers[9];
991
4f65c867fc99 Fix variables may be uninitialized.
Like Ma <likemartinma@gmail.com>
parents: 935
diff changeset
921 int nnumbers = -1, pos = 0, len = 0, seqlen, i;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
922 char *header = NULL, *footer = NULL;
1308
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
923 char zero[1];
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
924 int ret = 0;
8678e2cc1e53 make indenting consistent
Matt Johnston <matt@ucc.asn.au>
parents: 1307
diff changeset
925 FILE *fp;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
926
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1294
diff changeset
927 #if DROPBEAR_RSA
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
928 mp_int dmp1, dmq1, iqmp, tmpval; /* for rsa */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
929 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
930
935
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
931 if (
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1294
diff changeset
932 #if DROPBEAR_RSA
935
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
933 key->type == DROPBEAR_SIGNKEY_RSA ||
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
934 #endif
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1294
diff changeset
935 #if DROPBEAR_DSS
935
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
936 key->type == DROPBEAR_SIGNKEY_DSS ||
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
937 #endif
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
938 0)
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
939 {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
940 /*
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
941 * Fetch the key blobs.
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
942 */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
943 keyblob = buf_new(3000);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
944 buf_put_priv_key(keyblob, key, key->type);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
945
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
946 buf_setpos(keyblob, 0);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
947 /* skip the "ssh-rsa" or "ssh-dss" header */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
948 buf_incrpos(keyblob, buf_getint(keyblob));
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
949
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
950 /*
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
951 * Find the sequence of integers to be encoded into the OpenSSH
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
952 * key blob, and also decide on the header line.
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
953 */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
954 numbers[0].start = zero; numbers[0].bytes = 1; zero[0] = '\0';
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
955
1499
2d450c1056e3 options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents: 1459
diff changeset
956 #if DROPBEAR_RSA
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
957 if (key->type == DROPBEAR_SIGNKEY_RSA) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
958
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
959 if (key->rsakey->p == NULL || key->rsakey->q == NULL) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
960 fprintf(stderr, "Pre-0.33 Dropbear keys cannot be converted to OpenSSH keys.\n");
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
961 goto error;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
962 }
1306
34e6127ef02e merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
963
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
964 /* e */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
965 numbers[2].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
966 numbers[2].start = buf_getptr(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
967 buf_incrpos(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
968
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
969 /* n */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
970 numbers[1].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
971 numbers[1].start = buf_getptr(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
972 buf_incrpos(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
973
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
974 /* d */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
975 numbers[3].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
976 numbers[3].start = buf_getptr(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
977 buf_incrpos(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
978
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
979 /* p */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
980 numbers[4].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
981 numbers[4].start = buf_getptr(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
982 buf_incrpos(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
983
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
984 /* q */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
985 numbers[5].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
986 numbers[5].start = buf_getptr(keyblob, numbers[5].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
987 buf_incrpos(keyblob, numbers[5].bytes);
1306
34e6127ef02e merge fixes from PuTTY import.c
Matt Johnston <matt@ucc.asn.au>
parents: 1250
diff changeset
988
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
989 /* now calculate some extra parameters: */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
990 m_mp_init(&tmpval);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
991 m_mp_init(&dmp1);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
992 m_mp_init(&dmq1);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
993 m_mp_init(&iqmp);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
994
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
995 /* dmp1 = d mod (p-1) */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
996 if (mp_sub_d(key->rsakey->p, 1, &tmpval) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
997 fprintf(stderr, "Bignum error for p-1\n");
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
998 goto error;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
999 }
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1000 if (mp_mod(key->rsakey->d, &tmpval, &dmp1) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1001 fprintf(stderr, "Bignum error for dmp1\n");
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1002 goto error;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1003 }
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1004
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1005 /* dmq1 = d mod (q-1) */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1006 if (mp_sub_d(key->rsakey->q, 1, &tmpval) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1007 fprintf(stderr, "Bignum error for q-1\n");
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1008 goto error;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1009 }
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1010 if (mp_mod(key->rsakey->d, &tmpval, &dmq1) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1011 fprintf(stderr, "Bignum error for dmq1\n");
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1012 goto error;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1013 }
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1014
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1015 /* iqmp = (q^-1) mod p */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1016 if (mp_invmod(key->rsakey->q, key->rsakey->p, &iqmp) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1017 fprintf(stderr, "Bignum error for iqmp\n");
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1018 goto error;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1019 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1020
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1021 extrablob = buf_new(2000);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1022 buf_putmpint(extrablob, &dmp1);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1023 buf_putmpint(extrablob, &dmq1);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1024 buf_putmpint(extrablob, &iqmp);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1025 buf_setpos(extrablob, 0);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1026 mp_clear(&dmp1);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1027 mp_clear(&dmq1);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1028 mp_clear(&iqmp);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1029 mp_clear(&tmpval);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1030
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1031 /* dmp1 */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1032 numbers[6].bytes = buf_getint(extrablob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1033 numbers[6].start = buf_getptr(extrablob, numbers[6].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1034 buf_incrpos(extrablob, numbers[6].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1035
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1036 /* dmq1 */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1037 numbers[7].bytes = buf_getint(extrablob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1038 numbers[7].start = buf_getptr(extrablob, numbers[7].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1039 buf_incrpos(extrablob, numbers[7].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1040
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1041 /* iqmp */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1042 numbers[8].bytes = buf_getint(extrablob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1043 numbers[8].start = buf_getptr(extrablob, numbers[8].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1044 buf_incrpos(extrablob, numbers[8].bytes);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1045
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1046 nnumbers = 9;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1047 header = "-----BEGIN RSA PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1048 footer = "-----END RSA PRIVATE KEY-----\n";
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1049 }
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1050 #endif /* DROPBEAR_RSA */
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1051
1499
2d450c1056e3 options: Complete the transition to numeric toggles (`#if')
Michael Witten <mfwitten@gmail.com>
parents: 1459
diff changeset
1052 #if DROPBEAR_DSS
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1053 if (key->type == DROPBEAR_SIGNKEY_DSS) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1054
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1055 /* p */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1056 numbers[1].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1057 numbers[1].start = buf_getptr(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1058 buf_incrpos(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1059
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1060 /* q */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1061 numbers[2].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1062 numbers[2].start = buf_getptr(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1063 buf_incrpos(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1064
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1065 /* g */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1066 numbers[3].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1067 numbers[3].start = buf_getptr(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1068 buf_incrpos(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1069
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1070 /* y */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1071 numbers[4].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1072 numbers[4].start = buf_getptr(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1073 buf_incrpos(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1074
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1075 /* x */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1076 numbers[5].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1077 numbers[5].start = buf_getptr(keyblob, numbers[5].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1078 buf_incrpos(keyblob, numbers[5].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1079
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1080 nnumbers = 6;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1081 header = "-----BEGIN DSA PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1082 footer = "-----END DSA PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1083 }
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1084 #endif /* DROPBEAR_DSS */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1085
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1086 /*
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1087 * Now count up the total size of the ASN.1 encoded integers,
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1088 * so as to determine the length of the containing SEQUENCE.
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1089 */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1090 len = 0;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1091 for (i = 0; i < nnumbers; i++) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1092 len += ber_write_id_len(NULL, 2, numbers[i].bytes, 0);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1093 len += numbers[i].bytes;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1094 }
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1095 seqlen = len;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1096 /* Now add on the SEQUENCE header. */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1097 len += ber_write_id_len(NULL, 16, seqlen, ASN1_CONSTRUCTED);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1098 /* Round up to the cipher block size, ensuring we have at least one
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1099 * byte of padding (see below). */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1100 outlen = len;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1101 if (passphrase)
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1102 outlen = (outlen+8) &~ 7;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1103
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1104 /*
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1105 * Now we know how big outblob needs to be. Allocate it.
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1106 */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1107 outblob = (unsigned char*)m_malloc(outlen);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1108
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1109 /*
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1110 * And write the data into it.
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1111 */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1112 pos = 0;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1113 pos += ber_write_id_len(outblob+pos, 16, seqlen, ASN1_CONSTRUCTED);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1114 for (i = 0; i < nnumbers; i++) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1115 pos += ber_write_id_len(outblob+pos, 2, numbers[i].bytes, 0);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1116 memcpy(outblob+pos, numbers[i].start, numbers[i].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1117 pos += numbers[i].bytes;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1118 }
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
1119 } /* end RSA and DSS handling */
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1120
1295
750ec4ec4cbe Convert #ifdef to #if, other build changes
Matt Johnston <matt@ucc.asn.au>
parents: 1294
diff changeset
1121 #if DROPBEAR_ECDSA
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1122 if (key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP256
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1123 || key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP384
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1124 || key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1125
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1126 /* SEC1 V2 appendix c.4
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1127 ECPrivateKey ::= SEQUENCE {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1128 version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1129 privateKey OCTET STRING,
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1130 parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL,
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1131 publicKey [1] BIT STRING OPTIONAL
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1132 }
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1133 */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1134 buffer *seq_buf = buf_new(400);
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents: 845
diff changeset
1135 ecc_key **eck = (ecc_key**)signkey_key_ptr(key, key->type);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents: 845
diff changeset
1136 const long curve_size = (*eck)->dp->size;
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1137 int curve_oid_len = 0;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1138 const void* curve_oid = NULL;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1139 unsigned long pubkey_size = 2*curve_size+1;
1089
d144a6bece53 Uses k_size as an signed integer
Gaël PORTAY <gael.portay@gmail.com>
parents: 1045
diff changeset
1140 int k_size;
1038
d3925ed45a85 Fix for old compilers, variable declarations at beginning of functions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents: 1002
diff changeset
1141 int err = 0;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1142
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1143 /* version. less than 10 bytes */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1144 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1145 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 2, 1, 0));
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1146 buf_putbyte(seq_buf, 1);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1147
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1148 /* privateKey */
867
d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
1149 k_size = mp_unsigned_bin_size((*eck)->k);
d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
1150 dropbear_assert(k_size <= curve_size);
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1151 buf_incrwritepos(seq_buf,
867
d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
1152 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 4, k_size, 0));
1250
2bb4c662d1c2 more hard tab
Francois Perrad <francois.perrad@gadz.org>
parents: 1124
diff changeset
1153 mp_to_unsigned_bin((*eck)->k, buf_getwriteptr(seq_buf, k_size));
867
d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
1154 buf_incrwritepos(seq_buf, k_size);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1155
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1156 /* SECGCurveNames */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1157 switch (key->type)
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1158 {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1159 case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1160 curve_oid_len = sizeof(OID_SEC256R1_BLOB);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1161 curve_oid = OID_SEC256R1_BLOB;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1162 break;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1163 case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1164 curve_oid_len = sizeof(OID_SEC384R1_BLOB);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1165 curve_oid = OID_SEC384R1_BLOB;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1166 break;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1167 case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1168 curve_oid_len = sizeof(OID_SEC521R1_BLOB);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1169 curve_oid = OID_SEC521R1_BLOB;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1170 break;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1171 default:
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1172 dropbear_exit("Internal error");
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1173 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1174
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1175 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1176 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 0, 2+curve_oid_len, 0xa0));
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
1177 /* object == 6 */
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1178 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1179 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 6, curve_oid_len, 0));
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1180 buf_putbytes(seq_buf, curve_oid, curve_oid_len);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1181
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1182 buf_incrwritepos(seq_buf,
1638
315fcba6960e dropbearconvert: keyimport.c: fix BER encoding of secp521r1 keys (#69)
Christian Hohnstädt <christian@hohnstaedt.de>
parents: 1499
diff changeset
1183 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 1,
315fcba6960e dropbearconvert: keyimport.c: fix BER encoding of secp521r1 keys (#69)
Christian Hohnstädt <christian@hohnstaedt.de>
parents: 1499
diff changeset
1184 (pubkey_size +1 < 128 ? 2 : 3 ) +1 +pubkey_size, 0xa0));
315fcba6960e dropbearconvert: keyimport.c: fix BER encoding of secp521r1 keys (#69)
Christian Hohnstädt <christian@hohnstaedt.de>
parents: 1499
diff changeset
1185
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1186 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1187 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 3, 1+pubkey_size, 0));
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1188 buf_putbyte(seq_buf, 0);
1038
d3925ed45a85 Fix for old compilers, variable declarations at beginning of functions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents: 1002
diff changeset
1189 err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size);
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1190 if (err != CRYPT_OK) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1191 dropbear_exit("ECC error");
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1192 }
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1193 buf_incrwritepos(seq_buf, pubkey_size);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1194
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1195 buf_setpos(seq_buf, 0);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1196
867
d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
1197 outblob = (unsigned char*)m_malloc(1000);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1198
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1199 pos = 0;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1200 pos += ber_write_id_len(outblob+pos, 16, seq_buf->len, ASN1_CONSTRUCTED);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1201 memcpy(&outblob[pos], seq_buf->data, seq_buf->len);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1202 pos += seq_buf->len;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1203 len = pos;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1204 outlen = len;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1205
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1206 buf_burn(seq_buf);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1207 buf_free(seq_buf);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1208 seq_buf = NULL;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1209
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1210 header = "-----BEGIN EC PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1211 footer = "-----END EC PRIVATE KEY-----\n";
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1212 }
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1213 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1214
1659
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1215 #if DROPBEAR_ED25519
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1216 if (key->type == DROPBEAR_SIGNKEY_ED25519) {
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1217 buffer *buf = buf_new(300);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1218 keyblob = buf_new(100);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1219 extrablob = buf_new(200);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1220
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1221 /* private key blob w/o header */
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1222 buf_put_priv_key(keyblob, key, key->type);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1223 buf_setpos(keyblob, 0);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1224 buf_incrpos(keyblob, buf_getint(keyblob));
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1225 len = buf_getint(keyblob);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1226
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1227 /* header */
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1228 buf_putbytes(buf, OSSH_PKEY_BLOB, OSSH_PKEY_BLOBLEN);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1229
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1230 /* public key */
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1231 buf_put_pub_key(buf, key, key->type);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1232
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1233 /* private key */
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1234 buf_incrwritepos(extrablob, 4);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1235 buf_put_pub_key(extrablob, key, key->type);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1236 buf_putstring(extrablob, buf_getptr(keyblob, len), len);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1237 /* comment */
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1238 buf_putstring(extrablob, "", 0);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1239 /* padding to cipher block length */
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1240 len = (extrablob->len+8) & ~7;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1241 for (i = 1; len - extrablob->len > 0; i++)
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1242 buf_putbyte(extrablob, i);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1243 buf_setpos(extrablob, 0);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1244 buf_putbytes(extrablob, "\0\0\0\0\0\0\0\0", 8);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1245 buf_putbufstring(buf, extrablob);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1246
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1247 outlen = len = pos = buf->len;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1248 outblob = (unsigned char*)m_malloc(outlen);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1249 memcpy(outblob, buf->data, buf->len);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1250
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1251 buf_burn(buf);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1252 buf_free(buf);
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.github.com>
parents: 1638
diff changeset
1253 buf = NULL;
d32bcb5c557d Add Ed25519 support (#91)
Vladislav Grishenko <themiron@users.noreply.g&