Mercurial > dropbear
annotate keyimport.c @ 1060:4c733310c21d nocircbuffer
reword comment for clarity
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sun, 01 Mar 2015 23:26:42 +0800 |
parents | 31727a8abd4b |
children | d144a6bece53 |
rev | line source |
---|---|
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 * Based on PuTTY's import.c for importing/exporting OpenSSH and SSH.com |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 * keyfiles. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 * Modifications copyright 2003 Matt Johnston |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 * PuTTY is copyright 1997-2003 Simon Tatham. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 * Portions copyright Robert de Bath, Joris van Rantwijk, Delian |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
10 * Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 * Justin Bradford, and CORE SDI S.A. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 * Permission is hereby granted, free of charge, to any person |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 * obtaining a copy of this software and associated documentation files |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 * (the "Software"), to deal in the Software without restriction, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 * including without limitation the rights to use, copy, modify, merge, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 * publish, distribute, sublicense, and/or sell copies of the Software, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 * and to permit persons to whom the Software is furnished to do so, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 * subject to the following conditions: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 * The above copyright notice and this permission notice shall be |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 * included in all copies or substantial portions of the Software. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 * NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 * FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 #include "keyimport.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 #include "bignum.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 #include "buffer.h" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
36 #include "dbutil.h" |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
37 #include "ecc.h" |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
38 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
39 static const unsigned char OID_SEC256R1_BLOB[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07}; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
40 static const unsigned char OID_SEC384R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x22}; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
41 static const unsigned char OID_SEC521R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x23}; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
42 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
43 #define PUT_32BIT(cp, value) do { \ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
44 (cp)[3] = (unsigned char)(value); \ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
45 (cp)[2] = (unsigned char)((value) >> 8); \ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
46 (cp)[1] = (unsigned char)((value) >> 16); \ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
47 (cp)[0] = (unsigned char)((value) >> 24); } while (0) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
48 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
49 #define GET_32BIT(cp) \ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
50 (((unsigned long)(unsigned char)(cp)[0] << 24) | \ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
51 ((unsigned long)(unsigned char)(cp)[1] << 16) | \ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
52 ((unsigned long)(unsigned char)(cp)[2] << 8) | \ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
53 ((unsigned long)(unsigned char)(cp)[3])) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
54 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
55 static int openssh_encrypted(const char *filename); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
56 static sign_key *openssh_read(const char *filename, char *passphrase); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
57 static int openssh_write(const char *filename, sign_key *key, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
58 char *passphrase); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
59 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
60 static int dropbear_write(const char*filename, sign_key * key); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
61 static sign_key *dropbear_read(const char* filename); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
62 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
63 #if 0 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
64 static int sshcom_encrypted(const char *filename, char **comment); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
65 static struct ssh2_userkey *sshcom_read(const char *filename, char *passphrase); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
66 static int sshcom_write(const char *filename, struct ssh2_userkey *key, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
67 char *passphrase); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
68 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
69 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
70 int import_encrypted(const char* filename, int filetype) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
71 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
72 if (filetype == KEYFILE_OPENSSH) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
73 return openssh_encrypted(filename); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
74 #if 0 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
75 } else if (filetype == KEYFILE_SSHCOM) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
76 return sshcom_encrypted(filename, NULL); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
77 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
78 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
79 return 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
80 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
81 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
82 sign_key *import_read(const char *filename, char *passphrase, int filetype) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
83 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
84 if (filetype == KEYFILE_OPENSSH) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
85 return openssh_read(filename, passphrase); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
86 } else if (filetype == KEYFILE_DROPBEAR) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
87 return dropbear_read(filename); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
88 #if 0 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
89 } else if (filetype == KEYFILE_SSHCOM) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
90 return sshcom_read(filename, passphrase); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
91 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
92 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
93 return NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
94 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
95 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
96 int import_write(const char *filename, sign_key *key, char *passphrase, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
97 int filetype) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
98 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
99 if (filetype == KEYFILE_OPENSSH) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
100 return openssh_write(filename, key, passphrase); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
101 } else if (filetype == KEYFILE_DROPBEAR) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
102 return dropbear_write(filename, key); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
103 #if 0 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
104 } else if (filetype == KEYFILE_SSHCOM) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
105 return sshcom_write(filename, key, passphrase); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
106 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
107 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
108 return 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
109 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
110 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
111 static sign_key *dropbear_read(const char* filename) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
112 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
113 buffer * buf = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
114 sign_key *ret = NULL; |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
845
diff
changeset
|
115 enum signkey_type type; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
116 |
73
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
117 buf = buf_new(MAX_PRIVKEY_SIZE); |
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
118 if (buf_readfile(buf, filename) == DROPBEAR_FAILURE) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
119 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
120 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
121 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
122 buf_setpos(buf, 0); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
123 ret = new_sign_key(); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
124 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
125 type = DROPBEAR_SIGNKEY_ANY; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
126 if (buf_get_priv_key(buf, ret, &type) == DROPBEAR_FAILURE){ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
127 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
128 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
129 buf_free(buf); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
130 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
131 ret->type = type; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
132 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
133 return ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
134 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
135 error: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
136 if (buf) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
137 buf_free(buf); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
138 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
139 if (ret) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
140 sign_key_free(ret); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
141 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
142 return NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
143 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
144 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
145 /* returns 0 on fail, 1 on success */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
146 static int dropbear_write(const char*filename, sign_key * key) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
147 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
148 buffer * buf; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
149 FILE*fp; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
150 int len; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
151 int ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
152 |
73
0bf5cebe622c
Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents:
4
diff
changeset
|
153 buf = buf_new(MAX_PRIVKEY_SIZE); |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
154 buf_put_priv_key(buf, key, key->type); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
155 |
87
680a0bc9df0a
Some small fixes for unused vars, and old messages
Matt Johnston <matt@ucc.asn.au>
parents:
73
diff
changeset
|
156 fp = fopen(filename, "w"); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
157 if (!fp) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
158 ret = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
159 goto out; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
160 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
161 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
162 buf_setpos(buf, 0); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
163 do { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
164 len = fwrite(buf_getptr(buf, buf->len - buf->pos), |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
165 1, buf->len - buf->pos, fp); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
166 buf_incrpos(buf, len); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
167 } while (len > 0 && buf->len != buf->pos); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
168 |
256
ac890087b8c1
* keyimport.c: fclose() the key file to make sure data gets written
Matt Johnston <matt@ucc.asn.au>
parents:
241
diff
changeset
|
169 fclose(fp); |
ac890087b8c1
* keyimport.c: fclose() the key file to make sure data gets written
Matt Johnston <matt@ucc.asn.au>
parents:
241
diff
changeset
|
170 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
171 if (buf->pos != buf->len) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
172 ret = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
173 } else { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
174 ret = 1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
175 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
176 out: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
177 buf_free(buf); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
178 return ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
179 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
180 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
181 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
182 /* ---------------------------------------------------------------------- |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
183 * Helper routines. (The base64 ones are defined in sshpubk.c.) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
184 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
185 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
186 #define isbase64(c) ( ((c) >= 'A' && (c) <= 'Z') || \ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
187 ((c) >= 'a' && (c) <= 'z') || \ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
188 ((c) >= '0' && (c) <= '9') || \ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
189 (c) == '+' || (c) == '/' || (c) == '=' \ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
190 ) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
191 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
192 /* cpl has to be less than 100 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
193 static void base64_encode_fp(FILE * fp, unsigned char *data, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
194 int datalen, int cpl) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
195 { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
196 char out[100]; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
197 int n; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
198 unsigned long outlen; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
199 int rawcpl; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
200 rawcpl = cpl * 3 / 4; |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
87
diff
changeset
|
201 dropbear_assert((unsigned int)cpl < sizeof(out)); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
202 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
203 while (datalen > 0) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
204 n = (datalen < rawcpl ? datalen : rawcpl); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
205 outlen = sizeof(out); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
206 base64_encode(data, n, out, &outlen); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
207 data += n; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
208 datalen -= n; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
209 fwrite(out, 1, outlen, fp); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
210 fputc('\n', fp); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
211 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
212 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
213 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
214 * Read an ASN.1/BER identifier and length pair. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
215 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
216 * Flags are a combination of the #defines listed below. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
217 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
218 * Returns -1 if unsuccessful; otherwise returns the number of |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
219 * bytes used out of the source data. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
220 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
221 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
222 /* ASN.1 tag classes. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
223 #define ASN1_CLASS_UNIVERSAL (0 << 6) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
224 #define ASN1_CLASS_APPLICATION (1 << 6) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
225 #define ASN1_CLASS_CONTEXT_SPECIFIC (2 << 6) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
226 #define ASN1_CLASS_PRIVATE (3 << 6) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
227 #define ASN1_CLASS_MASK (3 << 6) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
228 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
229 /* Primitive versus constructed bit. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
230 #define ASN1_CONSTRUCTED (1 << 5) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
231 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
232 static int ber_read_id_len(void *source, int sourcelen, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
233 int *id, int *length, int *flags) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
234 { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
235 unsigned char *p = (unsigned char *) source; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
236 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
237 if (sourcelen == 0) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
238 return -1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
239 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
240 *flags = (*p & 0xE0); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
241 if ((*p & 0x1F) == 0x1F) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
242 *id = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
243 while (*p & 0x80) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
244 *id = (*id << 7) | (*p & 0x7F); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
245 p++, sourcelen--; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
246 if (sourcelen == 0) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
247 return -1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
248 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
249 *id = (*id << 7) | (*p & 0x7F); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
250 p++, sourcelen--; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
251 } else { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
252 *id = *p & 0x1F; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
253 p++, sourcelen--; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
254 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
255 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
256 if (sourcelen == 0) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
257 return -1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
258 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
259 if (*p & 0x80) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
260 int n = *p & 0x7F; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
261 p++, sourcelen--; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
262 if (sourcelen < n) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
263 return -1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
264 *length = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
265 while (n--) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
266 *length = (*length << 8) | (*p++); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
267 sourcelen -= n; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
268 } else { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
269 *length = *p; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
270 p++, sourcelen--; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
271 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
272 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
273 return p - (unsigned char *) source; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
274 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
275 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
276 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
277 * Write an ASN.1/BER identifier and length pair. Returns the |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
278 * number of bytes consumed. Assumes dest contains enough space. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
279 * Will avoid writing anything if dest is NULL, but still return |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
280 * amount of space required. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
281 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
282 static int ber_write_id_len(void *dest, int id, int length, int flags) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
283 { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
284 unsigned char *d = (unsigned char *)dest; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
285 int len = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
286 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
287 if (id <= 30) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
288 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
289 * Identifier is one byte. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
290 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
291 len++; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
292 if (d) *d++ = id | flags; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
293 } else { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
294 int n; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
295 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
296 * Identifier is multiple bytes: the first byte is 11111 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
297 * plus the flags, and subsequent bytes encode the value of |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
298 * the identifier, 7 bits at a time, with the top bit of |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
299 * each byte 1 except the last one which is 0. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
300 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
301 len++; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
302 if (d) *d++ = 0x1F | flags; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
303 for (n = 1; (id >> (7*n)) > 0; n++) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
304 continue; /* count the bytes */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
305 while (n--) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
306 len++; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
307 if (d) *d++ = (n ? 0x80 : 0) | ((id >> (7*n)) & 0x7F); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
308 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
309 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
310 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
311 if (length < 128) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
312 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
313 * Length is one byte. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
314 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
315 len++; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
316 if (d) *d++ = length; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
317 } else { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
318 int n; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
319 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
320 * Length is multiple bytes. The first is 0x80 plus the |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
321 * number of subsequent bytes, and the subsequent bytes |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
322 * encode the actual length. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
323 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
324 for (n = 1; (length >> (8*n)) > 0; n++) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
325 continue; /* count the bytes */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
326 len++; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
327 if (d) *d++ = 0x80 | n; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
328 while (n--) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
329 len++; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
330 if (d) *d++ = (length >> (8*n)) & 0xFF; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
331 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
332 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
333 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
334 return len; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
335 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
336 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
337 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
338 /* Simple structure to point to an mp-int within a blob. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
339 struct mpint_pos { void *start; int bytes; }; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
340 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
341 /* ---------------------------------------------------------------------- |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
342 * Code to read and write OpenSSH private keys. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
343 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
344 |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
491
diff
changeset
|
345 enum { OSSH_DSA, OSSH_RSA, OSSH_EC }; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
346 struct openssh_key { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
347 int type; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
348 int encrypted; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
349 char iv[32]; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
350 unsigned char *keyblob; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
351 unsigned int keyblob_len, keyblob_size; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
352 }; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
353 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
354 static struct openssh_key *load_openssh_key(const char *filename) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
355 { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
356 struct openssh_key *ret; |
340 | 357 FILE *fp = NULL; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
358 char buffer[256]; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
359 char *errmsg = NULL, *p = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
360 int headers_done; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
361 unsigned long len, outlen; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
362 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
363 ret = (struct openssh_key*)m_malloc(sizeof(struct openssh_key)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
364 ret->keyblob = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
365 ret->keyblob_len = ret->keyblob_size = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
366 ret->encrypted = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
367 memset(ret->iv, 0, sizeof(ret->iv)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
368 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
369 if (strlen(filename) == 1 && filename[0] == '-') { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
370 fp = stdin; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
371 } else { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
372 fp = fopen(filename, "r"); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
373 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
374 if (!fp) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
375 errmsg = "Unable to open key file"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
376 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
377 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
378 if (!fgets(buffer, sizeof(buffer), fp) || |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
379 0 != strncmp(buffer, "-----BEGIN ", 11) || |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
380 0 != strcmp(buffer+strlen(buffer)-17, "PRIVATE KEY-----\n")) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
381 errmsg = "File does not begin with OpenSSH key header"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
382 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
383 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
384 if (!strcmp(buffer, "-----BEGIN RSA PRIVATE KEY-----\n")) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
385 ret->type = OSSH_RSA; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
386 else if (!strcmp(buffer, "-----BEGIN DSA PRIVATE KEY-----\n")) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
387 ret->type = OSSH_DSA; |
793
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
491
diff
changeset
|
388 else if (!strcmp(buffer, "-----BEGIN EC PRIVATE KEY-----\n")) |
70625eed40c9
A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents:
491
diff
changeset
|
389 ret->type = OSSH_EC; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
390 else { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
391 errmsg = "Unrecognised key type"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
392 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
393 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
394 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
395 headers_done = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
396 while (1) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
397 if (!fgets(buffer, sizeof(buffer), fp)) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
398 errmsg = "Unexpected end of file"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
399 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
400 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
401 if (0 == strncmp(buffer, "-----END ", 9) && |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
402 0 == strcmp(buffer+strlen(buffer)-17, "PRIVATE KEY-----\n")) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
403 break; /* done */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
404 if ((p = strchr(buffer, ':')) != NULL) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
405 if (headers_done) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
406 errmsg = "Header found in body of key data"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
407 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
408 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
409 *p++ = '\0'; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
410 while (*p && isspace((unsigned char)*p)) p++; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
411 if (!strcmp(buffer, "Proc-Type")) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
412 if (p[0] != '4' || p[1] != ',') { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
413 errmsg = "Proc-Type is not 4 (only 4 is supported)"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
414 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
415 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
416 p += 2; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
417 if (!strcmp(p, "ENCRYPTED\n")) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
418 ret->encrypted = 1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
419 } else if (!strcmp(buffer, "DEK-Info")) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
420 int i, j; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
421 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
422 if (strncmp(p, "DES-EDE3-CBC,", 13)) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
423 errmsg = "Ciphers other than DES-EDE3-CBC not supported"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
424 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
425 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
426 p += 13; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
427 for (i = 0; i < 8; i++) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
428 if (1 != sscanf(p, "%2x", &j)) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
429 break; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
430 ret->iv[i] = j; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
431 p += 2; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
432 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
433 if (i < 8) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
434 errmsg = "Expected 16-digit iv in DEK-Info"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
435 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
436 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
437 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
438 } else { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
439 headers_done = 1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
440 len = strlen(buffer); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
441 outlen = len*4/3; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
442 if (ret->keyblob_len + outlen > ret->keyblob_size) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
443 ret->keyblob_size = ret->keyblob_len + outlen + 256; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
444 ret->keyblob = (unsigned char*)m_realloc(ret->keyblob, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
445 ret->keyblob_size); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
446 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
447 outlen = ret->keyblob_size - ret->keyblob_len; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
448 if (base64_decode(buffer, len, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
449 ret->keyblob + ret->keyblob_len, &outlen) != CRYPT_OK){ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
450 errmsg = "Error decoding base64"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
451 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
452 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
453 ret->keyblob_len += outlen; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
454 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
455 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
456 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
457 if (ret->keyblob_len == 0 || !ret->keyblob) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
458 errmsg = "Key body not present"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
459 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
460 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
461 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
462 if (ret->encrypted && ret->keyblob_len % 8 != 0) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
463 errmsg = "Encrypted key blob is not a multiple of cipher block size"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
464 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
465 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
466 |
1045
31727a8abd4b
Use m_burn rather than memset
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
1038
diff
changeset
|
467 m_burn(buffer, sizeof(buffer)); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
468 return ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
469 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
470 error: |
1045
31727a8abd4b
Use m_burn rather than memset
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
1038
diff
changeset
|
471 m_burn(buffer, sizeof(buffer)); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
472 if (ret) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
473 if (ret->keyblob) { |
1045
31727a8abd4b
Use m_burn rather than memset
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
1038
diff
changeset
|
474 m_burn(ret->keyblob, ret->keyblob_size); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
475 m_free(ret->keyblob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
476 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
477 m_free(ret); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
478 } |
340 | 479 if (fp) { |
480 fclose(fp); | |
481 } | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
482 if (errmsg) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
483 fprintf(stderr, "Error: %s\n", errmsg); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
484 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
485 return NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
486 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
487 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
488 static int openssh_encrypted(const char *filename) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
489 { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
490 struct openssh_key *key = load_openssh_key(filename); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
491 int ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
492 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
493 if (!key) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
494 return 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
495 ret = key->encrypted; |
1045
31727a8abd4b
Use m_burn rather than memset
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
1038
diff
changeset
|
496 m_burn(key->keyblob, key->keyblob_size); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
497 m_free(key->keyblob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
498 m_free(key); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
499 return ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
500 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
501 |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
845
diff
changeset
|
502 static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase)) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
503 { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
504 struct openssh_key *key; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
505 unsigned char *p; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
506 int ret, id, len, flags; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
507 int i, num_integers = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
508 sign_key *retval = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
509 char *errmsg; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
510 char *modptr = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
511 int modlen = -9999; |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
845
diff
changeset
|
512 enum signkey_type type; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
513 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
514 sign_key *retkey; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
515 buffer * blobbuf = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
516 |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
517 retkey = new_sign_key(); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
518 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
519 key = load_openssh_key(filename); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
520 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
521 if (!key) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
522 return NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
523 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
524 if (key->encrypted) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
525 errmsg = "encrypted keys not supported currently"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
526 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
527 #if 0 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
528 /* matt TODO */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
529 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
530 * Derive encryption key from passphrase and iv/salt: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
531 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
532 * - let block A equal MD5(passphrase || iv) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
533 * - let block B equal MD5(A || passphrase || iv) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
534 * - block C would be MD5(B || passphrase || iv) and so on |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
535 * - encryption key is the first N bytes of A || B |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
536 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
537 struct MD5Context md5c; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
538 unsigned char keybuf[32]; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
539 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
540 MD5Init(&md5c); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
541 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
542 MD5Update(&md5c, (unsigned char *)key->iv, 8); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
543 MD5Final(keybuf, &md5c); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
544 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
545 MD5Init(&md5c); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
546 MD5Update(&md5c, keybuf, 16); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
547 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
548 MD5Update(&md5c, (unsigned char *)key->iv, 8); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
549 MD5Final(keybuf+16, &md5c); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
550 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
551 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
552 * Now decrypt the key blob. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
553 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
554 des3_decrypt_pubkey_ossh(keybuf, (unsigned char *)key->iv, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
555 key->keyblob, key->keyblob_len); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
556 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
557 memset(&md5c, 0, sizeof(md5c)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
558 memset(keybuf, 0, sizeof(keybuf)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
559 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
560 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
561 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
562 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
563 * Now we have a decrypted key blob, which contains an ASN.1 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
564 * encoded private key. We must now untangle the ASN.1. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
565 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
566 * We expect the whole key blob to be formatted as a SEQUENCE |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
567 * (0x30 followed by a length code indicating that the rest of |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
568 * the blob is part of the sequence). Within that SEQUENCE we |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
569 * expect to see a bunch of INTEGERs. What those integers mean |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
570 * depends on the key type: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
571 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
572 * - For RSA, we expect the integers to be 0, n, e, d, p, q, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
573 * dmp1, dmq1, iqmp in that order. (The last three are d mod |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
574 * (p-1), d mod (q-1), inverse of q mod p respectively.) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
575 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
576 * - For DSA, we expect them to be 0, p, q, g, y, x in that |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
577 * order. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
578 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
579 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
580 p = key->keyblob; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
581 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
582 /* Expect the SEQUENCE header. Take its absence as a failure to decrypt. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
583 ret = ber_read_id_len(p, key->keyblob_len, &id, &len, &flags); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
584 p += ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
585 if (ret < 0 || id != 16) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
586 errmsg = "ASN.1 decoding failure - wrong password?"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
587 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
588 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
589 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
590 /* Expect a load of INTEGERs. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
591 if (key->type == OSSH_RSA) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
592 num_integers = 9; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
593 else if (key->type == OSSH_DSA) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
594 num_integers = 6; |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
595 else if (key->type == OSSH_EC) |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
596 num_integers = 1; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
597 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
598 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
599 * Space to create key blob in. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
600 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
601 blobbuf = buf_new(3000); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
602 |
935
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
603 #ifdef DROPBEAR_DSS |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
604 if (key->type == OSSH_DSA) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
605 buf_putstring(blobbuf, "ssh-dss", 7); |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
606 retkey->type = DROPBEAR_SIGNKEY_DSS; |
935
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
607 } |
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
608 #endif |
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
609 #ifdef DROPBEAR_RSA |
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
610 if (key->type == OSSH_RSA) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
611 buf_putstring(blobbuf, "ssh-rsa", 7); |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
612 retkey->type = DROPBEAR_SIGNKEY_RSA; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
613 } |
935
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
614 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
615 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
616 for (i = 0; i < num_integers; i++) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
617 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
618 &id, &len, &flags); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
619 p += ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
620 if (ret < 0 || id != 2 || |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
621 key->keyblob+key->keyblob_len-p < len) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
622 errmsg = "ASN.1 decoding failure"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
623 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
624 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
625 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
626 if (i == 0) { |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
627 /* First integer is a version indicator */ |
991
4f65c867fc99
Fix variables may be uninitialized.
Like Ma <likemartinma@gmail.com>
parents:
935
diff
changeset
|
628 int expected = -1; |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
629 switch (key->type) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
630 case OSSH_RSA: |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
631 case OSSH_DSA: |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
632 expected = 0; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
633 break; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
634 case OSSH_EC: |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
635 expected = 1; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
636 break; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
637 } |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
638 if (len != 1 || p[0] != expected) { |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
639 errmsg = "Version number mismatch"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
640 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
641 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
642 } else if (key->type == OSSH_RSA) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
643 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
644 * OpenSSH key order is n, e, d, p, q, dmp1, dmq1, iqmp |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
645 * but we want e, n, d, p, q |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
646 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
647 if (i == 1) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
648 /* Save the details for after we deal with number 2. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
649 modptr = (char *)p; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
650 modlen = len; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
651 } else if (i >= 2 && i <= 5) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
652 buf_putstring(blobbuf, p, len); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
653 if (i == 2) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
654 buf_putstring(blobbuf, modptr, modlen); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
655 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
656 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
657 } else if (key->type == OSSH_DSA) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
658 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
659 * OpenSSH key order is p, q, g, y, x, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
660 * we want the same. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
661 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
662 buf_putstring(blobbuf, p, len); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
663 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
664 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
665 /* Skip past the number. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
666 p += len; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
667 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
668 |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
669 #ifdef DROPBEAR_ECDSA |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
670 if (key->type == OSSH_EC) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
671 unsigned char* private_key_bytes = NULL; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
672 int private_key_len = 0; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
673 unsigned char* public_key_bytes = NULL; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
674 int public_key_len = 0; |
807
75509065db53
have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents:
806
diff
changeset
|
675 ecc_key *ecc = NULL; |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
676 const struct dropbear_ecc_curve *curve = NULL; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
677 |
857 | 678 /* See SEC1 v2, Appendix C.4 */ |
679 /* OpenSSL (so OpenSSH) seems to include the optional parts. */ | |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
680 |
857 | 681 /* privateKey OCTET STRING, */ |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
682 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p, |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
683 &id, &len, &flags); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
684 p += ret; |
857 | 685 /* id==4 for octet string */ |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
686 if (ret < 0 || id != 4 || |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
687 key->keyblob+key->keyblob_len-p < len) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
688 errmsg = "ASN.1 decoding failure"; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
689 goto error; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
690 } |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
691 private_key_bytes = p; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
692 private_key_len = len; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
693 p += len; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
694 |
857 | 695 /* parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL, */ |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
696 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p, |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
697 &id, &len, &flags); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
698 p += ret; |
857 | 699 /* id==0 */ |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
700 if (ret < 0 || id != 0) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
701 errmsg = "ASN.1 decoding failure"; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
702 goto error; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
703 } |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
704 |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
705 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p, |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
706 &id, &len, &flags); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
707 p += ret; |
857 | 708 /* id==6 for object */ |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
709 if (ret < 0 || id != 6 || |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
710 key->keyblob+key->keyblob_len-p < len) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
711 errmsg = "ASN.1 decoding failure"; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
712 goto error; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
713 } |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
714 |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
715 if (0) {} |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
716 #ifdef DROPBEAR_ECC_256 |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
717 else if (len == sizeof(OID_SEC256R1_BLOB) |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
718 && memcmp(p, OID_SEC256R1_BLOB, len) == 0) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
719 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP256; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
720 curve = &ecc_curve_nistp256; |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
721 } |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
722 #endif |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
723 #ifdef DROPBEAR_ECC_384 |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
724 else if (len == sizeof(OID_SEC384R1_BLOB) |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
725 && memcmp(p, OID_SEC384R1_BLOB, len) == 0) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
726 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP384; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
727 curve = &ecc_curve_nistp384; |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
728 } |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
729 #endif |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
730 #ifdef DROPBEAR_ECC_521 |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
731 else if (len == sizeof(OID_SEC521R1_BLOB) |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
732 && memcmp(p, OID_SEC521R1_BLOB, len) == 0) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
733 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP521; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
734 curve = &ecc_curve_nistp521; |
847
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
735 } |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
736 #endif |
f4bb964c8678
Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents:
846
diff
changeset
|
737 else { |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
738 errmsg = "Unknown ECC key type"; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
739 goto error; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
740 } |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
741 p += len; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
742 |
857 | 743 /* publicKey [1] BIT STRING OPTIONAL */ |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
744 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p, |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
745 &id, &len, &flags); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
746 p += ret; |
857 | 747 /* id==1 */ |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
748 if (ret < 0 || id != 1) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
749 errmsg = "ASN.1 decoding failure"; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
750 goto error; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
751 } |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
752 |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
753 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p, |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
754 &id, &len, &flags); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
755 p += ret; |
857 | 756 /* id==3 for bit string */ |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
757 if (ret < 0 || id != 3 || |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
758 key->keyblob+key->keyblob_len-p < len) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
759 errmsg = "ASN.1 decoding failure"; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
760 goto error; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
761 } |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
762 public_key_bytes = p+1; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
763 public_key_len = len-1; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
764 p += len; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
765 |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
766 buf_putbytes(blobbuf, public_key_bytes, public_key_len); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
767 ecc = buf_get_ecc_raw_pubkey(blobbuf, curve); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
768 if (!ecc) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
769 errmsg = "Error parsing ECC key"; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
770 goto error; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
771 } |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
772 m_mp_alloc_init_multi((mp_int**)&ecc->k, NULL); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
773 if (mp_read_unsigned_bin(ecc->k, private_key_bytes, private_key_len) |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
774 != MP_OKAY) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
775 errmsg = "Error parsing ECC key"; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
776 goto error; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
777 } |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
778 |
841
d4ce5269a439
Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
779 *signkey_key_ptr(retkey, retkey->type) = ecc; |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
780 } |
857 | 781 #endif /* DROPBEAR_ECDSA */ |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
782 |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
783 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
784 * Now put together the actual key. Simplest way to do this is |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
785 * to assemble our own key blobs and feed them to the createkey |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
786 * functions; this is a bit faffy but it does mean we get all |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
787 * the sanity checks for free. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
788 */ |
806
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
789 if (key->type == OSSH_RSA || key->type == OSSH_DSA) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
790 buf_setpos(blobbuf, 0); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
791 type = DROPBEAR_SIGNKEY_ANY; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
792 if (buf_get_priv_key(blobbuf, retkey, &type) |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
793 != DROPBEAR_SUCCESS) { |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
794 errmsg = "unable to create key structure"; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
795 sign_key_free(retkey); |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
796 retkey = NULL; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
797 goto error; |
71e7d31f7671
hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents:
793
diff
changeset
|
798 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
799 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
800 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
801 errmsg = NULL; /* no error */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
802 retval = retkey; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
803 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
804 error: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
805 if (blobbuf) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
806 buf_burn(blobbuf); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
807 buf_free(blobbuf); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
808 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
809 m_burn(key->keyblob, key->keyblob_size); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
810 m_free(key->keyblob); |
1002
97d1e54941fd
When clearing the memory of 'key' in function openssh_read(), only the size
Christian Engelmayer <cengelma@gmx.at>
parents:
991
diff
changeset
|
811 m_burn(key, sizeof(*key)); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
812 m_free(key); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
813 if (errmsg) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
814 fprintf(stderr, "Error: %s\n", errmsg); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
815 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
816 return retval; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
817 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
818 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
819 static int openssh_write(const char *filename, sign_key *key, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
820 char *passphrase) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
821 { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
822 buffer * keyblob = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
823 buffer * extrablob = NULL; /* used for calculated values to write */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
824 unsigned char *outblob = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
825 int outlen = -9999; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
826 struct mpint_pos numbers[9]; |
991
4f65c867fc99
Fix variables may be uninitialized.
Like Ma <likemartinma@gmail.com>
parents:
935
diff
changeset
|
827 int nnumbers = -1, pos = 0, len = 0, seqlen, i; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
828 char *header = NULL, *footer = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
829 char zero[1]; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
830 int ret = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
831 FILE *fp; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
832 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
833 #ifdef DROPBEAR_RSA |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
834 mp_int dmp1, dmq1, iqmp, tmpval; /* for rsa */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
835 #endif |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
836 |
935
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
837 if ( |
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
838 #ifdef DROPBEAR_RSA |
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
839 key->type == DROPBEAR_SIGNKEY_RSA || |
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
840 #endif |
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
841 #ifdef DROPBEAR_DSS |
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
842 key->type == DROPBEAR_SIGNKEY_DSS || |
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
843 #endif |
25692c60479e
Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents:
867
diff
changeset
|
844 0) |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
845 { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
846 /* |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
847 * Fetch the key blobs. |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
848 */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
849 keyblob = buf_new(3000); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
850 buf_put_priv_key(keyblob, key, key->type); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
851 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
852 buf_setpos(keyblob, 0); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
853 /* skip the "ssh-rsa" or "ssh-dss" header */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
854 buf_incrpos(keyblob, buf_getint(keyblob)); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
855 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
856 /* |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
857 * Find the sequence of integers to be encoded into the OpenSSH |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
858 * key blob, and also decide on the header line. |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
859 */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
860 numbers[0].start = zero; numbers[0].bytes = 1; zero[0] = '\0'; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
861 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
862 #ifdef DROPBEAR_RSA |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
863 if (key->type == DROPBEAR_SIGNKEY_RSA) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
864 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
865 if (key->rsakey->p == NULL || key->rsakey->q == NULL) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
866 fprintf(stderr, "Pre-0.33 Dropbear keys cannot be converted to OpenSSH keys.\n"); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
867 goto error; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
868 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
869 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
870 /* e */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
871 numbers[2].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
872 numbers[2].start = buf_getptr(keyblob, numbers[2].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
873 buf_incrpos(keyblob, numbers[2].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
874 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
875 /* n */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
876 numbers[1].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
877 numbers[1].start = buf_getptr(keyblob, numbers[1].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
878 buf_incrpos(keyblob, numbers[1].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
879 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
880 /* d */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
881 numbers[3].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
882 numbers[3].start = buf_getptr(keyblob, numbers[3].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
883 buf_incrpos(keyblob, numbers[3].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
884 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
885 /* p */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
886 numbers[4].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
887 numbers[4].start = buf_getptr(keyblob, numbers[4].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
888 buf_incrpos(keyblob, numbers[4].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
889 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
890 /* q */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
891 numbers[5].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
892 numbers[5].start = buf_getptr(keyblob, numbers[5].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
893 buf_incrpos(keyblob, numbers[5].bytes); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
894 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
895 /* now calculate some extra parameters: */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
896 m_mp_init(&tmpval); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
897 m_mp_init(&dmp1); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
898 m_mp_init(&dmq1); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
899 m_mp_init(&iqmp); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
900 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
901 /* dmp1 = d mod (p-1) */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
902 if (mp_sub_d(key->rsakey->p, 1, &tmpval) != MP_OKAY) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
903 fprintf(stderr, "Bignum error for p-1\n"); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
904 goto error; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
905 } |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
906 if (mp_mod(key->rsakey->d, &tmpval, &dmp1) != MP_OKAY) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
907 fprintf(stderr, "Bignum error for dmp1\n"); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
908 goto error; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
909 } |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
910 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
911 /* dmq1 = d mod (q-1) */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
912 if (mp_sub_d(key->rsakey->q, 1, &tmpval) != MP_OKAY) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
913 fprintf(stderr, "Bignum error for q-1\n"); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
914 goto error; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
915 } |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
916 if (mp_mod(key->rsakey->d, &tmpval, &dmq1) != MP_OKAY) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
917 fprintf(stderr, "Bignum error for dmq1\n"); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
918 goto error; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
919 } |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
920 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
921 /* iqmp = (q^-1) mod p */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
922 if (mp_invmod(key->rsakey->q, key->rsakey->p, &iqmp) != MP_OKAY) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
923 fprintf(stderr, "Bignum error for iqmp\n"); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
924 goto error; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
925 } |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
926 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
927 extrablob = buf_new(2000); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
928 buf_putmpint(extrablob, &dmp1); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
929 buf_putmpint(extrablob, &dmq1); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
930 buf_putmpint(extrablob, &iqmp); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
931 buf_setpos(extrablob, 0); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
932 mp_clear(&dmp1); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
933 mp_clear(&dmq1); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
934 mp_clear(&iqmp); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
935 mp_clear(&tmpval); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
936 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
937 /* dmp1 */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
938 numbers[6].bytes = buf_getint(extrablob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
939 numbers[6].start = buf_getptr(extrablob, numbers[6].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
940 buf_incrpos(extrablob, numbers[6].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
941 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
942 /* dmq1 */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
943 numbers[7].bytes = buf_getint(extrablob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
944 numbers[7].start = buf_getptr(extrablob, numbers[7].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
945 buf_incrpos(extrablob, numbers[7].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
946 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
947 /* iqmp */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
948 numbers[8].bytes = buf_getint(extrablob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
949 numbers[8].start = buf_getptr(extrablob, numbers[8].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
950 buf_incrpos(extrablob, numbers[8].bytes); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
951 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
952 nnumbers = 9; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
953 header = "-----BEGIN RSA PRIVATE KEY-----\n"; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
954 footer = "-----END RSA PRIVATE KEY-----\n"; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
955 } |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
956 #endif /* DROPBEAR_RSA */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
957 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
958 #ifdef DROPBEAR_DSS |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
959 if (key->type == DROPBEAR_SIGNKEY_DSS) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
960 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
961 /* p */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
962 numbers[1].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
963 numbers[1].start = buf_getptr(keyblob, numbers[1].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
964 buf_incrpos(keyblob, numbers[1].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
965 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
966 /* q */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
967 numbers[2].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
968 numbers[2].start = buf_getptr(keyblob, numbers[2].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
969 buf_incrpos(keyblob, numbers[2].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
970 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
971 /* g */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
972 numbers[3].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
973 numbers[3].start = buf_getptr(keyblob, numbers[3].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
974 buf_incrpos(keyblob, numbers[3].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
975 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
976 /* y */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
977 numbers[4].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
978 numbers[4].start = buf_getptr(keyblob, numbers[4].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
979 buf_incrpos(keyblob, numbers[4].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
980 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
981 /* x */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
982 numbers[5].bytes = buf_getint(keyblob); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
983 numbers[5].start = buf_getptr(keyblob, numbers[5].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
984 buf_incrpos(keyblob, numbers[5].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
985 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
986 nnumbers = 6; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
987 header = "-----BEGIN DSA PRIVATE KEY-----\n"; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
988 footer = "-----END DSA PRIVATE KEY-----\n"; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
989 } |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
990 #endif /* DROPBEAR_DSS */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
991 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
992 /* |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
993 * Now count up the total size of the ASN.1 encoded integers, |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
994 * so as to determine the length of the containing SEQUENCE. |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
995 */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
996 len = 0; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
997 for (i = 0; i < nnumbers; i++) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
998 len += ber_write_id_len(NULL, 2, numbers[i].bytes, 0); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
999 len += numbers[i].bytes; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1000 } |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1001 seqlen = len; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1002 /* Now add on the SEQUENCE header. */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1003 len += ber_write_id_len(NULL, 16, seqlen, ASN1_CONSTRUCTED); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1004 /* Round up to the cipher block size, ensuring we have at least one |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1005 * byte of padding (see below). */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1006 outlen = len; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1007 if (passphrase) |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1008 outlen = (outlen+8) &~ 7; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1009 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1010 /* |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1011 * Now we know how big outblob needs to be. Allocate it. |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1012 */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1013 outblob = (unsigned char*)m_malloc(outlen); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1014 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1015 /* |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1016 * And write the data into it. |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1017 */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1018 pos = 0; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1019 pos += ber_write_id_len(outblob+pos, 16, seqlen, ASN1_CONSTRUCTED); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1020 for (i = 0; i < nnumbers; i++) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1021 pos += ber_write_id_len(outblob+pos, 2, numbers[i].bytes, 0); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1022 memcpy(outblob+pos, numbers[i].start, numbers[i].bytes); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1023 pos += numbers[i].bytes; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1024 } |
857 | 1025 } /* end RSA and DSS handling */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1026 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1027 #ifdef DROPBEAR_ECDSA |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1028 if (key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP256 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1029 || key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP384 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1030 || key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1031 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1032 /* SEC1 V2 appendix c.4 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1033 ECPrivateKey ::= SEQUENCE { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1034 version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1035 privateKey OCTET STRING, |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1036 parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL, |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1037 publicKey [1] BIT STRING OPTIONAL |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1038 } |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1039 */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1040 buffer *seq_buf = buf_new(400); |
846
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
845
diff
changeset
|
1041 ecc_key **eck = (ecc_key**)signkey_key_ptr(key, key->type); |
b298bb438625
refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents:
845
diff
changeset
|
1042 const long curve_size = (*eck)->dp->size; |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1043 int curve_oid_len = 0; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1044 const void* curve_oid = NULL; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1045 unsigned long pubkey_size = 2*curve_size+1; |
867
d2d624c951ca
- Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
1046 unsigned int k_size; |
1038
d3925ed45a85
Fix for old compilers, variable declarations at beginning of functions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
1002
diff
changeset
|
1047 int err = 0; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1048 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1049 /* version. less than 10 bytes */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1050 buf_incrwritepos(seq_buf, |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1051 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 2, 1, 0)); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1052 buf_putbyte(seq_buf, 1); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1053 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1054 /* privateKey */ |
867
d2d624c951ca
- Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
1055 k_size = mp_unsigned_bin_size((*eck)->k); |
d2d624c951ca
- Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
1056 dropbear_assert(k_size <= curve_size); |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1057 buf_incrwritepos(seq_buf, |
867
d2d624c951ca
- Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
1058 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 4, k_size, 0)); |
d2d624c951ca
- Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
1059 mp_to_unsigned_bin((*eck)->k, buf_getwriteptr(seq_buf, k_size)); |
d2d624c951ca
- Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
1060 buf_incrwritepos(seq_buf, k_size); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1061 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1062 /* SECGCurveNames */ |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1063 switch (key->type) |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1064 { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1065 case DROPBEAR_SIGNKEY_ECDSA_NISTP256: |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1066 curve_oid_len = sizeof(OID_SEC256R1_BLOB); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1067 curve_oid = OID_SEC256R1_BLOB; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1068 break; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1069 case DROPBEAR_SIGNKEY_ECDSA_NISTP384: |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1070 curve_oid_len = sizeof(OID_SEC384R1_BLOB); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1071 curve_oid = OID_SEC384R1_BLOB; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1072 break; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1073 case DROPBEAR_SIGNKEY_ECDSA_NISTP521: |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1074 curve_oid_len = sizeof(OID_SEC521R1_BLOB); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1075 curve_oid = OID_SEC521R1_BLOB; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1076 break; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1077 default: |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1078 dropbear_exit("Internal error"); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1079 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1080 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1081 buf_incrwritepos(seq_buf, |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1082 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 0, 2+curve_oid_len, 0xa0)); |
857 | 1083 /* object == 6 */ |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1084 buf_incrwritepos(seq_buf, |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1085 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 6, curve_oid_len, 0)); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1086 buf_putbytes(seq_buf, curve_oid, curve_oid_len); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1087 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1088 buf_incrwritepos(seq_buf, |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1089 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 1, 2+1+pubkey_size, 0xa0)); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1090 buf_incrwritepos(seq_buf, |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1091 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 3, 1+pubkey_size, 0)); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1092 buf_putbyte(seq_buf, 0); |
1038
d3925ed45a85
Fix for old compilers, variable declarations at beginning of functions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents:
1002
diff
changeset
|
1093 err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size); |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1094 if (err != CRYPT_OK) { |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1095 dropbear_exit("ECC error"); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1096 } |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1097 buf_incrwritepos(seq_buf, pubkey_size); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1098 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1099 buf_setpos(seq_buf, 0); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1100 |
867
d2d624c951ca
- Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents:
857
diff
changeset
|
1101 outblob = (unsigned char*)m_malloc(1000); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1102 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1103 pos = 0; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1104 pos += ber_write_id_len(outblob+pos, 16, seq_buf->len, ASN1_CONSTRUCTED); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1105 memcpy(&outblob[pos], seq_buf->data, seq_buf->len); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1106 pos += seq_buf->len; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1107 len = pos; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1108 outlen = len; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1109 |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1110 buf_burn(seq_buf); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1111 buf_free(seq_buf); |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1112 seq_buf = NULL; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1113 |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1114 header = "-----BEGIN EC PRIVATE KEY-----\n"; |
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1115 footer = "-----END EC PRIVATE KEY-----\n"; |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1116 } |
836
d7d9f1612d51
writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents:
807
diff
changeset
|
1117 #endif |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1118 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1119 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1120 * Padding on OpenSSH keys is deterministic. The number of |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1121 * padding bytes is always more than zero, and always at most |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1122 * the cipher block length. The value of each padding byte is |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1123 * equal to the number of padding bytes. So a plaintext that's |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1124 * an exact multiple of the block size will be padded with 08 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1125 * 08 08 08 08 08 08 08 (assuming a 64-bit block cipher); a |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1126 * plaintext one byte less than a multiple of the block size |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1127 * will be padded with just 01. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1128 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1129 * This enables the OpenSSL key decryption function to strip |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1130 * off the padding algorithmically and return the unpadded |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1131 * plaintext to the next layer: it looks at the final byte, and |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1132 * then expects to find that many bytes at the end of the data |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1133 * with the same value. Those are all removed and the rest is |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1134 * returned. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1135 */ |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
87
diff
changeset
|
1136 dropbear_assert(pos == len); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1137 while (pos < outlen) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1138 outblob[pos++] = outlen - len; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1139 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1140 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1141 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1142 * Encrypt the key. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1143 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1144 if (passphrase) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1145 fprintf(stderr, "Encrypted keys aren't supported currently\n"); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1146 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1147 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1148 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1149 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1150 * And save it. We'll use Unix line endings just in case it's |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1151 * subsequently transferred in binary mode. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1152 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1153 if (strlen(filename) == 1 && filename[0] == '-') { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1154 fp = stdout; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1155 } else { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1156 fp = fopen(filename, "wb"); /* ensure Unix line endings */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1157 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1158 if (!fp) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1159 fprintf(stderr, "Failed opening output file\n"); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1160 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1161 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1162 fputs(header, fp); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1163 base64_encode_fp(fp, outblob, outlen, 64); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1164 fputs(footer, fp); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1165 fclose(fp); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1166 ret = 1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1167 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1168 error: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1169 if (outblob) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1170 memset(outblob, 0, outlen); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1171 m_free(outblob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1172 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1173 if (keyblob) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1174 buf_burn(keyblob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1175 buf_free(keyblob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1176 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1177 if (extrablob) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1178 buf_burn(extrablob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1179 buf_free(extrablob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1180 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1181 return ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1182 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1183 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1184 #if 0 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1185 /* XXX TODO ssh.com stuff isn't going yet */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1186 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1187 /* ---------------------------------------------------------------------- |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1188 * Code to read ssh.com private keys. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1189 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1190 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1191 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1192 * The format of the base64 blob is largely ssh2-packet-formatted, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1193 * except that mpints are a bit different: they're more like the |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1194 * old ssh1 mpint. You have a 32-bit bit count N, followed by |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1195 * (N+7)/8 bytes of data. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1196 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1197 * So. The blob contains: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1198 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1199 * - uint32 0x3f6ff9eb (magic number) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1200 * - uint32 size (total blob size) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1201 * - string key-type (see below) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1202 * - string cipher-type (tells you if key is encrypted) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1203 * - string encrypted-blob |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1204 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1205 * (The first size field includes the size field itself and the |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1206 * magic number before it. All other size fields are ordinary ssh2 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1207 * strings, so the size field indicates how much data is to |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1208 * _follow_.) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1209 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1210 * The encrypted blob, once decrypted, contains a single string |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1211 * which in turn contains the payload. (This allows padding to be |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1212 * added after that string while still making it clear where the |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1213 * real payload ends. Also it probably makes for a reasonable |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1214 * decryption check.) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1215 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1216 * The payload blob, for an RSA key, contains: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1217 * - mpint e |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1218 * - mpint d |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1219 * - mpint n (yes, the public and private stuff is intermixed) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1220 * - mpint u (presumably inverse of p mod q) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1221 * - mpint p (p is the smaller prime) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1222 * - mpint q (q is the larger) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1223 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1224 * For a DSA key, the payload blob contains: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1225 * - uint32 0 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1226 * - mpint p |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1227 * - mpint g |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1228 * - mpint q |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1229 * - mpint y |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1230 * - mpint x |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1231 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1232 * Alternatively, if the parameters are `predefined', that |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1233 * (0,p,g,q) sequence can be replaced by a uint32 1 and a string |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1234 * containing some predefined parameter specification. *shudder*, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1235 * but I doubt we'll encounter this in real life. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1236 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1237 * The key type strings are ghastly. The RSA key I looked at had a |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1238 * type string of |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1239 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1240 * `if-modn{sign{rsa-pkcs1-sha1},encrypt{rsa-pkcs1v2-oaep}}' |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1241 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1242 * and the DSA key wasn't much better: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1243 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1244 * `dl-modp{sign{dsa-nist-sha1},dh{plain}}' |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1245 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1246 * It isn't clear that these will always be the same. I think it |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1247 * might be wise just to look at the `if-modn{sign{rsa' and |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1248 * `dl-modp{sign{dsa' prefixes. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1249 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1250 * Finally, the encryption. The cipher-type string appears to be |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1251 * either `none' or `3des-cbc'. Looks as if this is SSH2-style |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1252 * 3des-cbc (i.e. outer cbc rather than inner). The key is created |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1253 * from the passphrase by means of yet another hashing faff: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1254 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1255 * - first 16 bytes are MD5(passphrase) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1256 * - next 16 bytes are MD5(passphrase || first 16 bytes) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1257 * - if there were more, they'd be MD5(passphrase || first 32), |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1258 * and so on. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1259 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1260 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1261 #define SSHCOM_MAGIC_NUMBER 0x3f6ff9eb |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1262 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1263 struct sshcom_key { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1264 char comment[256]; /* allowing any length is overkill */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1265 unsigned char *keyblob; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1266 int keyblob_len, keyblob_size; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1267 }; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1268 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1269 static struct sshcom_key *load_sshcom_key(const char *filename) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1270 { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1271 struct sshcom_key *ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1272 FILE *fp; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1273 char buffer[256]; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1274 int len; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1275 char *errmsg, *p; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1276 int headers_done; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1277 char base64_bit[4]; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1278 int base64_chars = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1279 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1280 ret = snew(struct sshcom_key); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1281 ret->comment[0] = '\0'; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1282 ret->keyblob = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1283 ret->keyblob_len = ret->keyblob_size = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1284 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1285 fp = fopen(filename, "r"); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1286 if (!fp) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1287 errmsg = "Unable to open key file"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1288 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1289 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1290 if (!fgets(buffer, sizeof(buffer), fp) || |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1291 0 != strcmp(buffer, "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----\n")) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1292 errmsg = "File does not begin with ssh.com key header"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1293 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1294 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1295 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1296 headers_done = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1297 while (1) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1298 if (!fgets(buffer, sizeof(buffer), fp)) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1299 errmsg = "Unexpected end of file"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1300 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1301 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1302 if (!strcmp(buffer, "---- END SSH2 ENCRYPTED PRIVATE KEY ----\n")) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1303 break; /* done */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1304 if ((p = strchr(buffer, ':')) != NULL) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1305 if (headers_done) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1306 errmsg = "Header found in body of key data"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1307 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1308 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1309 *p++ = '\0'; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1310 while (*p && isspace((unsigned char)*p)) p++; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1311 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1312 * Header lines can end in a trailing backslash for |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1313 * continuation. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1314 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1315 while ((len = strlen(p)) > (int)(sizeof(buffer) - (p-buffer) -1) || |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1316 p[len-1] != '\n' || p[len-2] == '\\') { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1317 if (len > (int)((p-buffer) + sizeof(buffer)-2)) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1318 errmsg = "Header line too long to deal with"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1319 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1320 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1321 if (!fgets(p+len-2, sizeof(buffer)-(p-buffer)-(len-2), fp)) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1322 errmsg = "Unexpected end of file"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1323 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1324 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1325 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1326 p[strcspn(p, "\n")] = '\0'; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1327 if (!strcmp(buffer, "Comment")) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1328 /* Strip quotes in comment if present. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1329 if (p[0] == '"' && p[strlen(p)-1] == '"') { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1330 p++; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1331 p[strlen(p)-1] = '\0'; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1332 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1333 strncpy(ret->comment, p, sizeof(ret->comment)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1334 ret->comment[sizeof(ret->comment)-1] = '\0'; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1335 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1336 } else { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1337 headers_done = 1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1338 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1339 p = buffer; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1340 while (isbase64(*p)) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1341 base64_bit[base64_chars++] = *p; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1342 if (base64_chars == 4) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1343 unsigned char out[3]; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1344 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1345 base64_chars = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1346 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1347 len = base64_decode_atom(base64_bit, out); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1348 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1349 if (len <= 0) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1350 errmsg = "Invalid base64 encoding"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1351 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1352 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1353 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1354 if (ret->keyblob_len + len > ret->keyblob_size) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1355 ret->keyblob_size = ret->keyblob_len + len + 256; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1356 ret->keyblob = sresize(ret->keyblob, ret->keyblob_size, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1357 unsigned char); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1358 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1359 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1360 memcpy(ret->keyblob + ret->keyblob_len, out, len); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1361 ret->keyblob_len += len; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1362 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1363 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1364 p++; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1365 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1366 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1367 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1368 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1369 if (ret->keyblob_len == 0 || !ret->keyblob) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1370 errmsg = "Key body not present"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1371 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1372 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1373 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1374 return ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1375 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1376 error: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1377 if (ret) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1378 if (ret->keyblob) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1379 memset(ret->keyblob, 0, ret->keyblob_size); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1380 m_free(ret->keyblob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1381 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1382 memset(&ret, 0, sizeof(ret)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1383 m_free(ret); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1384 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1385 return NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1386 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1387 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1388 int sshcom_encrypted(const char *filename, char **comment) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1389 { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1390 struct sshcom_key *key = load_sshcom_key(filename); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1391 int pos, len, answer; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1392 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1393 *comment = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1394 if (!key) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1395 return 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1396 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1397 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1398 * Check magic number. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1399 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1400 if (GET_32BIT(key->keyblob) != 0x3f6ff9eb) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1401 return 0; /* key is invalid */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1402 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1403 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1404 * Find the cipher-type string. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1405 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1406 answer = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1407 pos = 8; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1408 if (key->keyblob_len < pos+4) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1409 goto done; /* key is far too short */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1410 pos += 4 + GET_32BIT(key->keyblob + pos); /* skip key type */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1411 if (key->keyblob_len < pos+4) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1412 goto done; /* key is far too short */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1413 len = GET_32BIT(key->keyblob + pos); /* find cipher-type length */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1414 if (key->keyblob_len < pos+4+len) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1415 goto done; /* cipher type string is incomplete */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1416 if (len != 4 || 0 != memcmp(key->keyblob + pos + 4, "none", 4)) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1417 answer = 1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1418 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1419 done: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1420 *comment = dupstr(key->comment); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1421 memset(key->keyblob, 0, key->keyblob_size); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1422 m_free(key->keyblob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1423 memset(&key, 0, sizeof(key)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1424 m_free(key); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1425 return answer; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1426 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1427 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1428 static int sshcom_read_mpint(void *data, int len, struct mpint_pos *ret) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1429 { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1430 int bits; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1431 int bytes; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1432 unsigned char *d = (unsigned char *) data; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1433 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1434 if (len < 4) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1435 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1436 bits = GET_32BIT(d); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1437 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1438 bytes = (bits + 7) / 8; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1439 if (len < 4+bytes) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1440 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1441 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1442 ret->start = d + 4; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1443 ret->bytes = bytes; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1444 return bytes+4; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1445 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1446 error: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1447 ret->start = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1448 ret->bytes = -1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1449 return len; /* ensure further calls fail as well */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1450 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1451 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1452 static int sshcom_put_mpint(void *target, void *data, int len) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1453 { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1454 unsigned char *d = (unsigned char *)target; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1455 unsigned char *i = (unsigned char *)data; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1456 int bits = len * 8 - 1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1457 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1458 while (bits > 0) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1459 if (*i & (1 << (bits & 7))) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1460 break; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1461 if (!(bits-- & 7)) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1462 i++, len--; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1463 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1464 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1465 PUT_32BIT(d, bits+1); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1466 memcpy(d+4, i, len); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1467 return len+4; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1468 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1469 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1470 sign_key *sshcom_read(const char *filename, char *passphrase) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1471 { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1472 struct sshcom_key *key = load_sshcom_key(filename); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1473 char *errmsg; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1474 int pos, len; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1475 const char prefix_rsa[] = "if-modn{sign{rsa"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1476 const char prefix_dsa[] = "dl-modp{sign{dsa"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1477 enum { RSA, DSA } type; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1478 int encrypted; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1479 char *ciphertext; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1480 int cipherlen; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1481 struct ssh2_userkey *ret = NULL, *retkey; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1482 const struct ssh_signkey *alg; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1483 unsigned char *blob = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1484 int blobsize, publen, privlen; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1485 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1486 if (!key) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1487 return NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1488 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1489 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1490 * Check magic number. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1491 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1492 if (GET_32BIT(key->keyblob) != SSHCOM_MAGIC_NUMBER) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1493 errmsg = "Key does not begin with magic number"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1494 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1495 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1496 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1497 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1498 * Determine the key type. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1499 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1500 pos = 8; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1501 if (key->keyblob_len < pos+4 || |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1502 (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1503 errmsg = "Key blob does not contain a key type string"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1504 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1505 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1506 if (len > sizeof(prefix_rsa) - 1 && |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1507 !memcmp(key->keyblob+pos+4, prefix_rsa, sizeof(prefix_rsa) - 1)) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1508 type = RSA; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1509 } else if (len > sizeof(prefix_dsa) - 1 && |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1510 !memcmp(key->keyblob+pos+4, prefix_dsa, sizeof(prefix_dsa) - 1)) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1511 type = DSA; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1512 } else { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1513 errmsg = "Key is of unknown type"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1514 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1515 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1516 pos += 4+len; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1517 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1518 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1519 * Determine the cipher type. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1520 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1521 if (key->keyblob_len < pos+4 || |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1522 (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1523 errmsg = "Key blob does not contain a cipher type string"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1524 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1525 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1526 if (len == 4 && !memcmp(key->keyblob+pos+4, "none", 4)) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1527 encrypted = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1528 else if (len == 8 && !memcmp(key->keyblob+pos+4, "3des-cbc", 8)) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1529 encrypted = 1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1530 else { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1531 errmsg = "Key encryption is of unknown type"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1532 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1533 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1534 pos += 4+len; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1535 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1536 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1537 * Get hold of the encrypted part of the key. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1538 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1539 if (key->keyblob_len < pos+4 || |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1540 (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1541 errmsg = "Key blob does not contain actual key data"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1542 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1543 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1544 ciphertext = (char *)key->keyblob + pos + 4; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1545 cipherlen = len; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1546 if (cipherlen == 0) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1547 errmsg = "Length of key data is zero"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1548 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1549 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1550 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1551 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1552 * Decrypt it if necessary. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1553 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1554 if (encrypted) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1555 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1556 * Derive encryption key from passphrase and iv/salt: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1557 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1558 * - let block A equal MD5(passphrase) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1559 * - let block B equal MD5(passphrase || A) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1560 * - block C would be MD5(passphrase || A || B) and so on |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1561 * - encryption key is the first N bytes of A || B |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1562 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1563 struct MD5Context md5c; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1564 unsigned char keybuf[32], iv[8]; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1565 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1566 if (cipherlen % 8 != 0) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1567 errmsg = "Encrypted part of key is not a multiple of cipher block" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1568 " size"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1569 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1570 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1571 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1572 MD5Init(&md5c); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1573 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1574 MD5Final(keybuf, &md5c); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1575 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1576 MD5Init(&md5c); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1577 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1578 MD5Update(&md5c, keybuf, 16); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1579 MD5Final(keybuf+16, &md5c); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1580 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1581 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1582 * Now decrypt the key blob. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1583 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1584 memset(iv, 0, sizeof(iv)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1585 des3_decrypt_pubkey_ossh(keybuf, iv, (unsigned char *)ciphertext, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1586 cipherlen); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1587 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1588 memset(&md5c, 0, sizeof(md5c)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1589 memset(keybuf, 0, sizeof(keybuf)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1590 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1591 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1592 * Hereafter we return WRONG_PASSPHRASE for any parsing |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1593 * error. (But only if we've just tried to decrypt it! |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1594 * Returning WRONG_PASSPHRASE for an unencrypted key is |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1595 * automatic doom.) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1596 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1597 if (encrypted) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1598 ret = SSH2_WRONG_PASSPHRASE; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1599 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1600 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1601 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1602 * Strip away the containing string to get to the real meat. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1603 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1604 len = GET_32BIT(ciphertext); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1605 if (len > cipherlen-4) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1606 errmsg = "containing string was ill-formed"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1607 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1608 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1609 ciphertext += 4; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1610 cipherlen = len; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1611 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1612 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1613 * Now we break down into RSA versus DSA. In either case we'll |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1614 * construct public and private blobs in our own format, and |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1615 * end up feeding them to alg->createkey(). |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1616 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1617 blobsize = cipherlen + 256; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1618 blob = snewn(blobsize, unsigned char); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1619 privlen = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1620 if (type == RSA) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1621 struct mpint_pos n, e, d, u, p, q; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1622 int pos = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1623 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &e); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1624 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &d); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1625 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &n); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1626 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &u); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1627 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &p); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1628 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &q); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1629 if (!q.start) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1630 errmsg = "key data did not contain six integers"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1631 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1632 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1633 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1634 alg = &ssh_rsa; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1635 pos = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1636 pos += put_string(blob+pos, "ssh-rsa", 7); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1637 pos += put_mp(blob+pos, e.start, e.bytes); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1638 pos += put_mp(blob+pos, n.start, n.bytes); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1639 publen = pos; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1640 pos += put_string(blob+pos, d.start, d.bytes); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1641 pos += put_mp(blob+pos, q.start, q.bytes); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1642 pos += put_mp(blob+pos, p.start, p.bytes); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1643 pos += put_mp(blob+pos, u.start, u.bytes); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1644 privlen = pos - publen; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1645 } else if (type == DSA) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1646 struct mpint_pos p, q, g, x, y; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1647 int pos = 4; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1648 if (GET_32BIT(ciphertext) != 0) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1649 errmsg = "predefined DSA parameters not supported"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1650 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1651 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1652 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &p); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1653 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &g); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1654 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &q); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1655 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &y); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1656 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &x); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1657 if (!x.start) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1658 errmsg = "key data did not contain five integers"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1659 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1660 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1661 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1662 alg = &ssh_dss; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1663 pos = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1664 pos += put_string(blob+pos, "ssh-dss", 7); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1665 pos += put_mp(blob+pos, p.start, p.bytes); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1666 pos += put_mp(blob+pos, q.start, q.bytes); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1667 pos += put_mp(blob+pos, g.start, g.bytes); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1668 pos += put_mp(blob+pos, y.start, y.bytes); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1669 publen = pos; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1670 pos += put_mp(blob+pos, x.start, x.bytes); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1671 privlen = pos - publen; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1672 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1673 |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
87
diff
changeset
|
1674 dropbear_assert(privlen > 0); /* should have bombed by now if not */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1675 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1676 retkey = snew(struct ssh2_userkey); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1677 retkey->alg = alg; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1678 retkey->data = alg->createkey(blob, publen, blob+publen, privlen); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1679 if (!retkey->data) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1680 m_free(retkey); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1681 errmsg = "unable to create key data structure"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1682 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1683 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1684 retkey->comment = dupstr(key->comment); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1685 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1686 errmsg = NULL; /* no error */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1687 ret = retkey; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1688 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1689 error: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1690 if (blob) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1691 memset(blob, 0, blobsize); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1692 m_free(blob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1693 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1694 memset(key->keyblob, 0, key->keyblob_size); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1695 m_free(key->keyblob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1696 memset(&key, 0, sizeof(key)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1697 m_free(key); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1698 return ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1699 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1700 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1701 int sshcom_write(const char *filename, sign_key *key, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1702 char *passphrase) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1703 { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1704 unsigned char *pubblob, *privblob; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1705 int publen, privlen; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1706 unsigned char *outblob; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1707 int outlen; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1708 struct mpint_pos numbers[6]; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1709 int nnumbers, initial_zero, pos, lenpos, i; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1710 char *type; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1711 char *ciphertext; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1712 int cipherlen; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1713 int ret = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1714 FILE *fp; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1715 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1716 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1717 * Fetch the key blobs. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1718 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1719 pubblob = key->alg->public_blob(key->data, &publen); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1720 privblob = key->alg->private_blob(key->data, &privlen); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1721 outblob = NULL; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1722 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1723 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1724 * Find the sequence of integers to be encoded into the OpenSSH |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1725 * key blob, and also decide on the header line. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1726 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1727 if (key->alg == &ssh_rsa) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1728 int pos; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1729 struct mpint_pos n, e, d, p, q, iqmp; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1730 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1731 pos = 4 + GET_32BIT(pubblob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1732 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &e); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1733 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &n); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1734 pos = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1735 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &d); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1736 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &p); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1737 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &q); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1738 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &iqmp); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1739 |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
87
diff
changeset
|
1740 dropbear_assert(e.start && iqmp.start); /* can't go wrong */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1741 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1742 numbers[0] = e; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1743 numbers[1] = d; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1744 numbers[2] = n; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1745 numbers[3] = iqmp; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1746 numbers[4] = q; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1747 numbers[5] = p; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1748 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1749 nnumbers = 6; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1750 initial_zero = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1751 type = "if-modn{sign{rsa-pkcs1-sha1},encrypt{rsa-pkcs1v2-oaep}}"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1752 } else if (key->alg == &ssh_dss) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1753 int pos; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1754 struct mpint_pos p, q, g, y, x; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1755 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1756 pos = 4 + GET_32BIT(pubblob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1757 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &p); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1758 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &q); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1759 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &g); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1760 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &y); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1761 pos = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1762 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &x); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1763 |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
87
diff
changeset
|
1764 dropbear_assert(y.start && x.start); /* can't go wrong */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1765 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1766 numbers[0] = p; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1767 numbers[1] = g; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1768 numbers[2] = q; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1769 numbers[3] = y; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1770 numbers[4] = x; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1771 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1772 nnumbers = 5; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1773 initial_zero = 1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1774 type = "dl-modp{sign{dsa-nist-sha1},dh{plain}}"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1775 } else { |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
87
diff
changeset
|
1776 dropbear_assert(0); /* zoinks! */ |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1777 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1778 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1779 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1780 * Total size of key blob will be somewhere under 512 plus |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1781 * combined length of integers. We'll calculate the more |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1782 * precise size as we construct the blob. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1783 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1784 outlen = 512; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1785 for (i = 0; i < nnumbers; i++) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1786 outlen += 4 + numbers[i].bytes; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1787 outblob = snewn(outlen, unsigned char); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1788 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1789 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1790 * Create the unencrypted key blob. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1791 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1792 pos = 0; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1793 PUT_32BIT(outblob+pos, SSHCOM_MAGIC_NUMBER); pos += 4; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1794 pos += 4; /* length field, fill in later */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1795 pos += put_string(outblob+pos, type, strlen(type)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1796 { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1797 char *ciphertype = passphrase ? "3des-cbc" : "none"; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1798 pos += put_string(outblob+pos, ciphertype, strlen(ciphertype)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1799 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1800 lenpos = pos; /* remember this position */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1801 pos += 4; /* encrypted-blob size */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1802 pos += 4; /* encrypted-payload size */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1803 if (initial_zero) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1804 PUT_32BIT(outblob+pos, 0); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1805 pos += 4; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1806 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1807 for (i = 0; i < nnumbers; i++) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1808 pos += sshcom_put_mpint(outblob+pos, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1809 numbers[i].start, numbers[i].bytes); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1810 /* Now wrap up the encrypted payload. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1811 PUT_32BIT(outblob+lenpos+4, pos - (lenpos+8)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1812 /* Pad encrypted blob to a multiple of cipher block size. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1813 if (passphrase) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1814 int padding = -(pos - (lenpos+4)) & 7; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1815 while (padding--) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1816 outblob[pos++] = random_byte(); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1817 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1818 ciphertext = (char *)outblob+lenpos+4; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1819 cipherlen = pos - (lenpos+4); |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
87
diff
changeset
|
1820 dropbear_assert(!passphrase || cipherlen % 8 == 0); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1821 /* Wrap up the encrypted blob string. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1822 PUT_32BIT(outblob+lenpos, cipherlen); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1823 /* And finally fill in the total length field. */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1824 PUT_32BIT(outblob+4, pos); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1825 |
241
c5d3ef11155f
* use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents:
87
diff
changeset
|
1826 dropbear_assert(pos < outlen); |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1827 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1828 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1829 * Encrypt the key. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1830 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1831 if (passphrase) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1832 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1833 * Derive encryption key from passphrase and iv/salt: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1834 * |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1835 * - let block A equal MD5(passphrase) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1836 * - let block B equal MD5(passphrase || A) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1837 * - block C would be MD5(passphrase || A || B) and so on |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1838 * - encryption key is the first N bytes of A || B |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1839 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1840 struct MD5Context md5c; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1841 unsigned char keybuf[32], iv[8]; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1842 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1843 MD5Init(&md5c); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1844 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1845 MD5Final(keybuf, &md5c); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1846 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1847 MD5Init(&md5c); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1848 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1849 MD5Update(&md5c, keybuf, 16); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1850 MD5Final(keybuf+16, &md5c); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1851 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1852 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1853 * Now decrypt the key blob. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1854 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1855 memset(iv, 0, sizeof(iv)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1856 des3_encrypt_pubkey_ossh(keybuf, iv, (unsigned char *)ciphertext, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1857 cipherlen); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1858 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1859 memset(&md5c, 0, sizeof(md5c)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1860 memset(keybuf, 0, sizeof(keybuf)); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1861 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1862 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1863 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1864 * And save it. We'll use Unix line endings just in case it's |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1865 * subsequently transferred in binary mode. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1866 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1867 fp = fopen(filename, "wb"); /* ensure Unix line endings */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1868 if (!fp) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1869 goto error; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1870 fputs("---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----\n", fp); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1871 fprintf(fp, "Comment: \""); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1872 /* |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1873 * Comment header is broken with backslash-newline if it goes |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1874 * over 70 chars. Although it's surrounded by quotes, it |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1875 * _doesn't_ escape backslashes or quotes within the string. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1876 * Don't ask me, I didn't design it. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1877 */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1878 { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1879 int slen = 60; /* starts at 60 due to "Comment: " */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1880 char *c = key->comment; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1881 while ((int)strlen(c) > slen) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1882 fprintf(fp, "%.*s\\\n", slen, c); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1883 c += slen; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1884 slen = 70; /* allow 70 chars on subsequent lines */ |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1885 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1886 fprintf(fp, "%s\"\n", c); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1887 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1888 base64_encode_fp(fp, outblob, pos, 70); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1889 fputs("---- END SSH2 ENCRYPTED PRIVATE KEY ----\n", fp); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1890 fclose(fp); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1891 ret = 1; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1892 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1893 error: |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1894 if (outblob) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1895 memset(outblob, 0, outlen); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1896 m_free(outblob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1897 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1898 if (privblob) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1899 memset(privblob, 0, privlen); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1900 m_free(privblob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1901 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1902 if (pubblob) { |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1903 memset(pubblob, 0, publen); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1904 m_free(pubblob); |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1905 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1906 return ret; |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1907 } |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1908 #endif /* ssh.com stuff disabled */ |