annotate keyimport.c @ 1060:4c733310c21d nocircbuffer

reword comment for clarity
author Matt Johnston <matt@ucc.asn.au>
date Sun, 01 Mar 2015 23:26:42 +0800
parents 31727a8abd4b
children d144a6bece53
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
2 * Based on PuTTY's import.c for importing/exporting OpenSSH and SSH.com
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
3 * keyfiles.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
4 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
5 * Modifications copyright 2003 Matt Johnston
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
6 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
7 * PuTTY is copyright 1997-2003 Simon Tatham.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
8 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
9 * Portions copyright Robert de Bath, Joris van Rantwijk, Delian
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10 * Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
11 * Justin Bradford, and CORE SDI S.A.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
12 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 * Permission is hereby granted, free of charge, to any person
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 * obtaining a copy of this software and associated documentation files
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15 * (the "Software"), to deal in the Software without restriction,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
16 * including without limitation the rights to use, copy, modify, merge,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 * publish, distribute, sublicense, and/or sell copies of the Software,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18 * and to permit persons to whom the Software is furnished to do so,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
19 * subject to the following conditions:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
20 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
21 * The above copyright notice and this permission notice shall be
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
22 * included in all copies or substantial portions of the Software.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
23 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
27 * NONINFRINGEMENT. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 * FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
29 * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
30 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
33 #include "keyimport.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34 #include "bignum.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
35 #include "buffer.h"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
36 #include "dbutil.h"
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
37 #include "ecc.h"
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
38
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
39 static const unsigned char OID_SEC256R1_BLOB[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07};
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
40 static const unsigned char OID_SEC384R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x22};
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
41 static const unsigned char OID_SEC521R1_BLOB[] = {0x2b, 0x81, 0x04, 0x00, 0x23};
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
42
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
43 #define PUT_32BIT(cp, value) do { \
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
44 (cp)[3] = (unsigned char)(value); \
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
45 (cp)[2] = (unsigned char)((value) >> 8); \
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
46 (cp)[1] = (unsigned char)((value) >> 16); \
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
47 (cp)[0] = (unsigned char)((value) >> 24); } while (0)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
49 #define GET_32BIT(cp) \
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
50 (((unsigned long)(unsigned char)(cp)[0] << 24) | \
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
51 ((unsigned long)(unsigned char)(cp)[1] << 16) | \
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
52 ((unsigned long)(unsigned char)(cp)[2] << 8) | \
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
53 ((unsigned long)(unsigned char)(cp)[3]))
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
54
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
55 static int openssh_encrypted(const char *filename);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
56 static sign_key *openssh_read(const char *filename, char *passphrase);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
57 static int openssh_write(const char *filename, sign_key *key,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
58 char *passphrase);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
59
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
60 static int dropbear_write(const char*filename, sign_key * key);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
61 static sign_key *dropbear_read(const char* filename);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
62
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
63 #if 0
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
64 static int sshcom_encrypted(const char *filename, char **comment);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
65 static struct ssh2_userkey *sshcom_read(const char *filename, char *passphrase);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
66 static int sshcom_write(const char *filename, struct ssh2_userkey *key,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
67 char *passphrase);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
68 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
69
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
70 int import_encrypted(const char* filename, int filetype) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
71
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
72 if (filetype == KEYFILE_OPENSSH) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
73 return openssh_encrypted(filename);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
74 #if 0
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
75 } else if (filetype == KEYFILE_SSHCOM) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
76 return sshcom_encrypted(filename, NULL);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
77 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
78 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
79 return 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
80 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
81
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
82 sign_key *import_read(const char *filename, char *passphrase, int filetype) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
83
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
84 if (filetype == KEYFILE_OPENSSH) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
85 return openssh_read(filename, passphrase);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
86 } else if (filetype == KEYFILE_DROPBEAR) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
87 return dropbear_read(filename);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
88 #if 0
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
89 } else if (filetype == KEYFILE_SSHCOM) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
90 return sshcom_read(filename, passphrase);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
91 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
92 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
93 return NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
94 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
95
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
96 int import_write(const char *filename, sign_key *key, char *passphrase,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
97 int filetype) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
98
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
99 if (filetype == KEYFILE_OPENSSH) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
100 return openssh_write(filename, key, passphrase);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
101 } else if (filetype == KEYFILE_DROPBEAR) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
102 return dropbear_write(filename, key);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
103 #if 0
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
104 } else if (filetype == KEYFILE_SSHCOM) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
105 return sshcom_write(filename, key, passphrase);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
106 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
107 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
108 return 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
109 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
110
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
111 static sign_key *dropbear_read(const char* filename) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
112
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
113 buffer * buf = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
114 sign_key *ret = NULL;
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents: 845
diff changeset
115 enum signkey_type type;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
116
73
0bf5cebe622c Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
117 buf = buf_new(MAX_PRIVKEY_SIZE);
0bf5cebe622c Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
118 if (buf_readfile(buf, filename) == DROPBEAR_FAILURE) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
119 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
120 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
121
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
122 buf_setpos(buf, 0);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
123 ret = new_sign_key();
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
124
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
125 type = DROPBEAR_SIGNKEY_ANY;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
126 if (buf_get_priv_key(buf, ret, &type) == DROPBEAR_FAILURE){
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
127 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
128 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
129 buf_free(buf);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
130
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
131 ret->type = type;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
132
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
133 return ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
134
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
135 error:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
136 if (buf) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
137 buf_free(buf);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
138 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
139 if (ret) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
140 sign_key_free(ret);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
141 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
142 return NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
143 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
144
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
145 /* returns 0 on fail, 1 on success */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
146 static int dropbear_write(const char*filename, sign_key * key) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
147
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
148 buffer * buf;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
149 FILE*fp;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
150 int len;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
151 int ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
152
73
0bf5cebe622c Dropbearkey can now print out pubkey portions
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
153 buf = buf_new(MAX_PRIVKEY_SIZE);
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
154 buf_put_priv_key(buf, key, key->type);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
155
87
680a0bc9df0a Some small fixes for unused vars, and old messages
Matt Johnston <matt@ucc.asn.au>
parents: 73
diff changeset
156 fp = fopen(filename, "w");
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
157 if (!fp) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
158 ret = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
159 goto out;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
160 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
161
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
162 buf_setpos(buf, 0);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
163 do {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
164 len = fwrite(buf_getptr(buf, buf->len - buf->pos),
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
165 1, buf->len - buf->pos, fp);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
166 buf_incrpos(buf, len);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
167 } while (len > 0 && buf->len != buf->pos);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
168
256
ac890087b8c1 * keyimport.c: fclose() the key file to make sure data gets written
Matt Johnston <matt@ucc.asn.au>
parents: 241
diff changeset
169 fclose(fp);
ac890087b8c1 * keyimport.c: fclose() the key file to make sure data gets written
Matt Johnston <matt@ucc.asn.au>
parents: 241
diff changeset
170
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
171 if (buf->pos != buf->len) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
172 ret = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
173 } else {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
174 ret = 1;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
175 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
176 out:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
177 buf_free(buf);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
178 return ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
179 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
180
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
181
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
182 /* ----------------------------------------------------------------------
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
183 * Helper routines. (The base64 ones are defined in sshpubk.c.)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
184 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
185
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
186 #define isbase64(c) ( ((c) >= 'A' && (c) <= 'Z') || \
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
187 ((c) >= 'a' && (c) <= 'z') || \
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
188 ((c) >= '0' && (c) <= '9') || \
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
189 (c) == '+' || (c) == '/' || (c) == '=' \
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
190 )
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
191
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
192 /* cpl has to be less than 100 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
193 static void base64_encode_fp(FILE * fp, unsigned char *data,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
194 int datalen, int cpl)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
195 {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
196 char out[100];
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
197 int n;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
198 unsigned long outlen;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
199 int rawcpl;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
200 rawcpl = cpl * 3 / 4;
241
c5d3ef11155f * use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents: 87
diff changeset
201 dropbear_assert((unsigned int)cpl < sizeof(out));
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
202
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
203 while (datalen > 0) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
204 n = (datalen < rawcpl ? datalen : rawcpl);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
205 outlen = sizeof(out);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
206 base64_encode(data, n, out, &outlen);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
207 data += n;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
208 datalen -= n;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
209 fwrite(out, 1, outlen, fp);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
210 fputc('\n', fp);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
211 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
212 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
213 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
214 * Read an ASN.1/BER identifier and length pair.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
215 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
216 * Flags are a combination of the #defines listed below.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
217 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
218 * Returns -1 if unsuccessful; otherwise returns the number of
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
219 * bytes used out of the source data.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
220 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
221
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
222 /* ASN.1 tag classes. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
223 #define ASN1_CLASS_UNIVERSAL (0 << 6)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
224 #define ASN1_CLASS_APPLICATION (1 << 6)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
225 #define ASN1_CLASS_CONTEXT_SPECIFIC (2 << 6)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
226 #define ASN1_CLASS_PRIVATE (3 << 6)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
227 #define ASN1_CLASS_MASK (3 << 6)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
228
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
229 /* Primitive versus constructed bit. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
230 #define ASN1_CONSTRUCTED (1 << 5)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
231
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
232 static int ber_read_id_len(void *source, int sourcelen,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
233 int *id, int *length, int *flags)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
234 {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
235 unsigned char *p = (unsigned char *) source;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
236
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
237 if (sourcelen == 0)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
238 return -1;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
239
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
240 *flags = (*p & 0xE0);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
241 if ((*p & 0x1F) == 0x1F) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
242 *id = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
243 while (*p & 0x80) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
244 *id = (*id << 7) | (*p & 0x7F);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
245 p++, sourcelen--;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
246 if (sourcelen == 0)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
247 return -1;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
248 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
249 *id = (*id << 7) | (*p & 0x7F);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
250 p++, sourcelen--;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
251 } else {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
252 *id = *p & 0x1F;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
253 p++, sourcelen--;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
254 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
255
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
256 if (sourcelen == 0)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
257 return -1;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
258
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
259 if (*p & 0x80) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
260 int n = *p & 0x7F;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
261 p++, sourcelen--;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
262 if (sourcelen < n)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
263 return -1;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
264 *length = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
265 while (n--)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
266 *length = (*length << 8) | (*p++);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
267 sourcelen -= n;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
268 } else {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
269 *length = *p;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
270 p++, sourcelen--;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
271 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
272
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
273 return p - (unsigned char *) source;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
274 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
275
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
276 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
277 * Write an ASN.1/BER identifier and length pair. Returns the
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
278 * number of bytes consumed. Assumes dest contains enough space.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
279 * Will avoid writing anything if dest is NULL, but still return
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
280 * amount of space required.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
281 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
282 static int ber_write_id_len(void *dest, int id, int length, int flags)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
283 {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
284 unsigned char *d = (unsigned char *)dest;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
285 int len = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
286
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
287 if (id <= 30) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
288 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
289 * Identifier is one byte.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
290 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
291 len++;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
292 if (d) *d++ = id | flags;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
293 } else {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
294 int n;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
295 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
296 * Identifier is multiple bytes: the first byte is 11111
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
297 * plus the flags, and subsequent bytes encode the value of
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
298 * the identifier, 7 bits at a time, with the top bit of
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
299 * each byte 1 except the last one which is 0.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
300 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
301 len++;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
302 if (d) *d++ = 0x1F | flags;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
303 for (n = 1; (id >> (7*n)) > 0; n++)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
304 continue; /* count the bytes */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
305 while (n--) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
306 len++;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
307 if (d) *d++ = (n ? 0x80 : 0) | ((id >> (7*n)) & 0x7F);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
308 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
309 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
310
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
311 if (length < 128) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
312 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
313 * Length is one byte.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
314 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
315 len++;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
316 if (d) *d++ = length;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
317 } else {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
318 int n;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
319 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
320 * Length is multiple bytes. The first is 0x80 plus the
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
321 * number of subsequent bytes, and the subsequent bytes
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
322 * encode the actual length.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
323 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
324 for (n = 1; (length >> (8*n)) > 0; n++)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
325 continue; /* count the bytes */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
326 len++;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
327 if (d) *d++ = 0x80 | n;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
328 while (n--) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
329 len++;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
330 if (d) *d++ = (length >> (8*n)) & 0xFF;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
331 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
332 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
333
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
334 return len;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
335 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
336
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
337
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
338 /* Simple structure to point to an mp-int within a blob. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
339 struct mpint_pos { void *start; int bytes; };
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
340
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
341 /* ----------------------------------------------------------------------
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
342 * Code to read and write OpenSSH private keys.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
343 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
344
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 491
diff changeset
345 enum { OSSH_DSA, OSSH_RSA, OSSH_EC };
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
346 struct openssh_key {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
347 int type;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
348 int encrypted;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
349 char iv[32];
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
350 unsigned char *keyblob;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
351 unsigned int keyblob_len, keyblob_size;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
352 };
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
353
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
354 static struct openssh_key *load_openssh_key(const char *filename)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
355 {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
356 struct openssh_key *ret;
340
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 256
diff changeset
357 FILE *fp = NULL;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
358 char buffer[256];
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
359 char *errmsg = NULL, *p = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
360 int headers_done;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
361 unsigned long len, outlen;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
362
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
363 ret = (struct openssh_key*)m_malloc(sizeof(struct openssh_key));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
364 ret->keyblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
365 ret->keyblob_len = ret->keyblob_size = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
366 ret->encrypted = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
367 memset(ret->iv, 0, sizeof(ret->iv));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
368
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
369 if (strlen(filename) == 1 && filename[0] == '-') {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
370 fp = stdin;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
371 } else {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
372 fp = fopen(filename, "r");
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
373 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
374 if (!fp) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
375 errmsg = "Unable to open key file";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
376 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
377 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
378 if (!fgets(buffer, sizeof(buffer), fp) ||
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
379 0 != strncmp(buffer, "-----BEGIN ", 11) ||
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
380 0 != strcmp(buffer+strlen(buffer)-17, "PRIVATE KEY-----\n")) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
381 errmsg = "File does not begin with OpenSSH key header";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
382 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
383 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
384 if (!strcmp(buffer, "-----BEGIN RSA PRIVATE KEY-----\n"))
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
385 ret->type = OSSH_RSA;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
386 else if (!strcmp(buffer, "-----BEGIN DSA PRIVATE KEY-----\n"))
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
387 ret->type = OSSH_DSA;
793
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 491
diff changeset
388 else if (!strcmp(buffer, "-----BEGIN EC PRIVATE KEY-----\n"))
70625eed40c9 A bit of work on ecdsa for host/auth keys
Matt Johnston <matt@ucc.asn.au>
parents: 491
diff changeset
389 ret->type = OSSH_EC;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
390 else {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
391 errmsg = "Unrecognised key type";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
392 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
393 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
394
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
395 headers_done = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
396 while (1) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
397 if (!fgets(buffer, sizeof(buffer), fp)) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
398 errmsg = "Unexpected end of file";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
399 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
400 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
401 if (0 == strncmp(buffer, "-----END ", 9) &&
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
402 0 == strcmp(buffer+strlen(buffer)-17, "PRIVATE KEY-----\n"))
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
403 break; /* done */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
404 if ((p = strchr(buffer, ':')) != NULL) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
405 if (headers_done) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
406 errmsg = "Header found in body of key data";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
407 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
408 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
409 *p++ = '\0';
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
410 while (*p && isspace((unsigned char)*p)) p++;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
411 if (!strcmp(buffer, "Proc-Type")) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
412 if (p[0] != '4' || p[1] != ',') {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
413 errmsg = "Proc-Type is not 4 (only 4 is supported)";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
414 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
415 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
416 p += 2;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
417 if (!strcmp(p, "ENCRYPTED\n"))
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
418 ret->encrypted = 1;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
419 } else if (!strcmp(buffer, "DEK-Info")) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
420 int i, j;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
421
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
422 if (strncmp(p, "DES-EDE3-CBC,", 13)) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
423 errmsg = "Ciphers other than DES-EDE3-CBC not supported";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
424 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
425 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
426 p += 13;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
427 for (i = 0; i < 8; i++) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
428 if (1 != sscanf(p, "%2x", &j))
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
429 break;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
430 ret->iv[i] = j;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
431 p += 2;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
432 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
433 if (i < 8) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
434 errmsg = "Expected 16-digit iv in DEK-Info";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
435 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
436 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
437 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
438 } else {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
439 headers_done = 1;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
440 len = strlen(buffer);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
441 outlen = len*4/3;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
442 if (ret->keyblob_len + outlen > ret->keyblob_size) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
443 ret->keyblob_size = ret->keyblob_len + outlen + 256;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
444 ret->keyblob = (unsigned char*)m_realloc(ret->keyblob,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
445 ret->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
446 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
447 outlen = ret->keyblob_size - ret->keyblob_len;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
448 if (base64_decode(buffer, len,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
449 ret->keyblob + ret->keyblob_len, &outlen) != CRYPT_OK){
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
450 errmsg = "Error decoding base64";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
451 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
452 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
453 ret->keyblob_len += outlen;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
454 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
455 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
456
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
457 if (ret->keyblob_len == 0 || !ret->keyblob) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
458 errmsg = "Key body not present";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
459 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
460 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
461
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
462 if (ret->encrypted && ret->keyblob_len % 8 != 0) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
463 errmsg = "Encrypted key blob is not a multiple of cipher block size";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
464 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
465 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
466
1045
31727a8abd4b Use m_burn rather than memset
Thorsten Horstmann <thorsten.horstmann@web.de>
parents: 1038
diff changeset
467 m_burn(buffer, sizeof(buffer));
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
468 return ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
469
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
470 error:
1045
31727a8abd4b Use m_burn rather than memset
Thorsten Horstmann <thorsten.horstmann@web.de>
parents: 1038
diff changeset
471 m_burn(buffer, sizeof(buffer));
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
472 if (ret) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
473 if (ret->keyblob) {
1045
31727a8abd4b Use m_burn rather than memset
Thorsten Horstmann <thorsten.horstmann@web.de>
parents: 1038
diff changeset
474 m_burn(ret->keyblob, ret->keyblob_size);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
475 m_free(ret->keyblob);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
476 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
477 m_free(ret);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
478 }
340
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 256
diff changeset
479 if (fp) {
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 256
diff changeset
480 fclose(fp);
454a34b2dfd1 Fixes from Erik Hovland:
Matt Johnston <matt@ucc.asn.au>
parents: 256
diff changeset
481 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
482 if (errmsg) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
483 fprintf(stderr, "Error: %s\n", errmsg);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
484 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
485 return NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
486 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
487
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
488 static int openssh_encrypted(const char *filename)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
489 {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
490 struct openssh_key *key = load_openssh_key(filename);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
491 int ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
492
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
493 if (!key)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
494 return 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
495 ret = key->encrypted;
1045
31727a8abd4b Use m_burn rather than memset
Thorsten Horstmann <thorsten.horstmann@web.de>
parents: 1038
diff changeset
496 m_burn(key->keyblob, key->keyblob_size);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
497 m_free(key->keyblob);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
498 m_free(key);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
499 return ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
500 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
501
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents: 845
diff changeset
502 static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase))
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
503 {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
504 struct openssh_key *key;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
505 unsigned char *p;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
506 int ret, id, len, flags;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
507 int i, num_integers = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
508 sign_key *retval = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
509 char *errmsg;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
510 char *modptr = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
511 int modlen = -9999;
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents: 845
diff changeset
512 enum signkey_type type;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
513
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
514 sign_key *retkey;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
515 buffer * blobbuf = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
516
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
517 retkey = new_sign_key();
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
518
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
519 key = load_openssh_key(filename);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
520
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
521 if (!key)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
522 return NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
523
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
524 if (key->encrypted) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
525 errmsg = "encrypted keys not supported currently";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
526 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
527 #if 0
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
528 /* matt TODO */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
529 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
530 * Derive encryption key from passphrase and iv/salt:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
531 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
532 * - let block A equal MD5(passphrase || iv)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
533 * - let block B equal MD5(A || passphrase || iv)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
534 * - block C would be MD5(B || passphrase || iv) and so on
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
535 * - encryption key is the first N bytes of A || B
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
536 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
537 struct MD5Context md5c;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
538 unsigned char keybuf[32];
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
539
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
540 MD5Init(&md5c);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
541 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
542 MD5Update(&md5c, (unsigned char *)key->iv, 8);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
543 MD5Final(keybuf, &md5c);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
544
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
545 MD5Init(&md5c);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
546 MD5Update(&md5c, keybuf, 16);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
547 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
548 MD5Update(&md5c, (unsigned char *)key->iv, 8);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
549 MD5Final(keybuf+16, &md5c);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
550
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
551 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
552 * Now decrypt the key blob.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
553 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
554 des3_decrypt_pubkey_ossh(keybuf, (unsigned char *)key->iv,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
555 key->keyblob, key->keyblob_len);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
556
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
557 memset(&md5c, 0, sizeof(md5c));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
558 memset(keybuf, 0, sizeof(keybuf));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
559 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
560 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
561
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
562 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
563 * Now we have a decrypted key blob, which contains an ASN.1
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
564 * encoded private key. We must now untangle the ASN.1.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
565 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
566 * We expect the whole key blob to be formatted as a SEQUENCE
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
567 * (0x30 followed by a length code indicating that the rest of
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
568 * the blob is part of the sequence). Within that SEQUENCE we
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
569 * expect to see a bunch of INTEGERs. What those integers mean
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
570 * depends on the key type:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
571 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
572 * - For RSA, we expect the integers to be 0, n, e, d, p, q,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
573 * dmp1, dmq1, iqmp in that order. (The last three are d mod
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
574 * (p-1), d mod (q-1), inverse of q mod p respectively.)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
575 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
576 * - For DSA, we expect them to be 0, p, q, g, y, x in that
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
577 * order.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
578 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
579
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
580 p = key->keyblob;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
581
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
582 /* Expect the SEQUENCE header. Take its absence as a failure to decrypt. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
583 ret = ber_read_id_len(p, key->keyblob_len, &id, &len, &flags);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
584 p += ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
585 if (ret < 0 || id != 16) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
586 errmsg = "ASN.1 decoding failure - wrong password?";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
587 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
588 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
589
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
590 /* Expect a load of INTEGERs. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
591 if (key->type == OSSH_RSA)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
592 num_integers = 9;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
593 else if (key->type == OSSH_DSA)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
594 num_integers = 6;
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
595 else if (key->type == OSSH_EC)
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
596 num_integers = 1;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
597
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
598 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
599 * Space to create key blob in.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
600 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
601 blobbuf = buf_new(3000);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
602
935
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
603 #ifdef DROPBEAR_DSS
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
604 if (key->type == OSSH_DSA) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
605 buf_putstring(blobbuf, "ssh-dss", 7);
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
606 retkey->type = DROPBEAR_SIGNKEY_DSS;
935
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
607 }
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
608 #endif
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
609 #ifdef DROPBEAR_RSA
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
610 if (key->type == OSSH_RSA) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
611 buf_putstring(blobbuf, "ssh-rsa", 7);
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
612 retkey->type = DROPBEAR_SIGNKEY_RSA;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
613 }
935
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
614 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
615
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
616 for (i = 0; i < num_integers; i++) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
617 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
618 &id, &len, &flags);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
619 p += ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
620 if (ret < 0 || id != 2 ||
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
621 key->keyblob+key->keyblob_len-p < len) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
622 errmsg = "ASN.1 decoding failure";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
623 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
624 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
625
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
626 if (i == 0) {
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
627 /* First integer is a version indicator */
991
4f65c867fc99 Fix variables may be uninitialized.
Like Ma <likemartinma@gmail.com>
parents: 935
diff changeset
628 int expected = -1;
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
629 switch (key->type) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
630 case OSSH_RSA:
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
631 case OSSH_DSA:
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
632 expected = 0;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
633 break;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
634 case OSSH_EC:
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
635 expected = 1;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
636 break;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
637 }
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
638 if (len != 1 || p[0] != expected) {
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
639 errmsg = "Version number mismatch";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
640 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
641 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
642 } else if (key->type == OSSH_RSA) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
643 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
644 * OpenSSH key order is n, e, d, p, q, dmp1, dmq1, iqmp
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
645 * but we want e, n, d, p, q
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
646 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
647 if (i == 1) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
648 /* Save the details for after we deal with number 2. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
649 modptr = (char *)p;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
650 modlen = len;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
651 } else if (i >= 2 && i <= 5) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
652 buf_putstring(blobbuf, p, len);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
653 if (i == 2) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
654 buf_putstring(blobbuf, modptr, modlen);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
655 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
656 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
657 } else if (key->type == OSSH_DSA) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
658 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
659 * OpenSSH key order is p, q, g, y, x,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
660 * we want the same.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
661 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
662 buf_putstring(blobbuf, p, len);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
663 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
664
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
665 /* Skip past the number. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
666 p += len;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
667 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
668
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
669 #ifdef DROPBEAR_ECDSA
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
670 if (key->type == OSSH_EC) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
671 unsigned char* private_key_bytes = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
672 int private_key_len = 0;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
673 unsigned char* public_key_bytes = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
674 int public_key_len = 0;
807
75509065db53 have separate ecdsa keys for each size
Matt Johnston <matt@ucc.asn.au>
parents: 806
diff changeset
675 ecc_key *ecc = NULL;
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
676 const struct dropbear_ecc_curve *curve = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
677
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
678 /* See SEC1 v2, Appendix C.4 */
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
679 /* OpenSSL (so OpenSSH) seems to include the optional parts. */
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
680
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
681 /* privateKey OCTET STRING, */
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
682 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
683 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
684 p += ret;
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
685 /* id==4 for octet string */
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
686 if (ret < 0 || id != 4 ||
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
687 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
688 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
689 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
690 }
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
691 private_key_bytes = p;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
692 private_key_len = len;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
693 p += len;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
694
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
695 /* parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL, */
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
696 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
697 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
698 p += ret;
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
699 /* id==0 */
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
700 if (ret < 0 || id != 0) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
701 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
702 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
703 }
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
704
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
705 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
706 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
707 p += ret;
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
708 /* id==6 for object */
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
709 if (ret < 0 || id != 6 ||
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
710 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
711 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
712 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
713 }
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
714
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
715 if (0) {}
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
716 #ifdef DROPBEAR_ECC_256
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
717 else if (len == sizeof(OID_SEC256R1_BLOB)
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
718 && memcmp(p, OID_SEC256R1_BLOB, len) == 0) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
719 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP256;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
720 curve = &ecc_curve_nistp256;
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
721 }
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
722 #endif
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
723 #ifdef DROPBEAR_ECC_384
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
724 else if (len == sizeof(OID_SEC384R1_BLOB)
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
725 && memcmp(p, OID_SEC384R1_BLOB, len) == 0) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
726 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP384;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
727 curve = &ecc_curve_nistp384;
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
728 }
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
729 #endif
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
730 #ifdef DROPBEAR_ECC_521
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
731 else if (len == sizeof(OID_SEC521R1_BLOB)
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
732 && memcmp(p, OID_SEC521R1_BLOB, len) == 0) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
733 retkey->type = DROPBEAR_SIGNKEY_ECDSA_NISTP521;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
734 curve = &ecc_curve_nistp521;
847
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
735 }
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
736 #endif
f4bb964c8678 Add '-R' for delayed hostkey option
Matt Johnston <matt@ucc.asn.au>
parents: 846
diff changeset
737 else {
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
738 errmsg = "Unknown ECC key type";
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
739 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
740 }
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
741 p += len;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
742
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
743 /* publicKey [1] BIT STRING OPTIONAL */
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
744 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
745 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
746 p += ret;
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
747 /* id==1 */
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
748 if (ret < 0 || id != 1) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
749 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
750 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
751 }
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
752
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
753 ret = ber_read_id_len(p, key->keyblob+key->keyblob_len-p,
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
754 &id, &len, &flags);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
755 p += ret;
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
756 /* id==3 for bit string */
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
757 if (ret < 0 || id != 3 ||
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
758 key->keyblob+key->keyblob_len-p < len) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
759 errmsg = "ASN.1 decoding failure";
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
760 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
761 }
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
762 public_key_bytes = p+1;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
763 public_key_len = len-1;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
764 p += len;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
765
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
766 buf_putbytes(blobbuf, public_key_bytes, public_key_len);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
767 ecc = buf_get_ecc_raw_pubkey(blobbuf, curve);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
768 if (!ecc) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
769 errmsg = "Error parsing ECC key";
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
770 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
771 }
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
772 m_mp_alloc_init_multi((mp_int**)&ecc->k, NULL);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
773 if (mp_read_unsigned_bin(ecc->k, private_key_bytes, private_key_len)
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
774 != MP_OKAY) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
775 errmsg = "Error parsing ECC key";
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
776 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
777 }
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
778
841
d4ce5269a439 Fix specifying a keysize for key generation, fix key name arguments
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
779 *signkey_key_ptr(retkey, retkey->type) = ecc;
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
780 }
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
781 #endif /* DROPBEAR_ECDSA */
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
782
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
783 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
784 * Now put together the actual key. Simplest way to do this is
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
785 * to assemble our own key blobs and feed them to the createkey
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
786 * functions; this is a bit faffy but it does mean we get all
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
787 * the sanity checks for free.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
788 */
806
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
789 if (key->type == OSSH_RSA || key->type == OSSH_DSA) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
790 buf_setpos(blobbuf, 0);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
791 type = DROPBEAR_SIGNKEY_ANY;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
792 if (buf_get_priv_key(blobbuf, retkey, &type)
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
793 != DROPBEAR_SUCCESS) {
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
794 errmsg = "unable to create key structure";
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
795 sign_key_free(retkey);
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
796 retkey = NULL;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
797 goto error;
71e7d31f7671 hackish ECC import code from OpenSSH
Matt Johnston <matt@ucc.asn.au>
parents: 793
diff changeset
798 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
799 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
800
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
801 errmsg = NULL; /* no error */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
802 retval = retkey;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
803
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
804 error:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
805 if (blobbuf) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
806 buf_burn(blobbuf);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
807 buf_free(blobbuf);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
808 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
809 m_burn(key->keyblob, key->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
810 m_free(key->keyblob);
1002
97d1e54941fd When clearing the memory of 'key' in function openssh_read(), only the size
Christian Engelmayer <cengelma@gmx.at>
parents: 991
diff changeset
811 m_burn(key, sizeof(*key));
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
812 m_free(key);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
813 if (errmsg) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
814 fprintf(stderr, "Error: %s\n", errmsg);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
815 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
816 return retval;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
817 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
818
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
819 static int openssh_write(const char *filename, sign_key *key,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
820 char *passphrase)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
821 {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
822 buffer * keyblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
823 buffer * extrablob = NULL; /* used for calculated values to write */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
824 unsigned char *outblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
825 int outlen = -9999;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
826 struct mpint_pos numbers[9];
991
4f65c867fc99 Fix variables may be uninitialized.
Like Ma <likemartinma@gmail.com>
parents: 935
diff changeset
827 int nnumbers = -1, pos = 0, len = 0, seqlen, i;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
828 char *header = NULL, *footer = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
829 char zero[1];
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
830 int ret = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
831 FILE *fp;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
832
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
833 #ifdef DROPBEAR_RSA
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
834 mp_int dmp1, dmq1, iqmp, tmpval; /* for rsa */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
835 #endif
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
836
935
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
837 if (
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
838 #ifdef DROPBEAR_RSA
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
839 key->type == DROPBEAR_SIGNKEY_RSA ||
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
840 #endif
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
841 #ifdef DROPBEAR_DSS
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
842 key->type == DROPBEAR_SIGNKEY_DSS ||
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
843 #endif
25692c60479e Fix compiling with ECDSA and DSS disabled
Matt Johnston <matt@ucc.asn.au>
parents: 867
diff changeset
844 0)
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
845 {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
846 /*
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
847 * Fetch the key blobs.
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
848 */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
849 keyblob = buf_new(3000);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
850 buf_put_priv_key(keyblob, key, key->type);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
851
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
852 buf_setpos(keyblob, 0);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
853 /* skip the "ssh-rsa" or "ssh-dss" header */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
854 buf_incrpos(keyblob, buf_getint(keyblob));
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
855
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
856 /*
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
857 * Find the sequence of integers to be encoded into the OpenSSH
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
858 * key blob, and also decide on the header line.
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
859 */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
860 numbers[0].start = zero; numbers[0].bytes = 1; zero[0] = '\0';
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
861
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
862 #ifdef DROPBEAR_RSA
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
863 if (key->type == DROPBEAR_SIGNKEY_RSA) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
864
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
865 if (key->rsakey->p == NULL || key->rsakey->q == NULL) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
866 fprintf(stderr, "Pre-0.33 Dropbear keys cannot be converted to OpenSSH keys.\n");
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
867 goto error;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
868 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
869
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
870 /* e */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
871 numbers[2].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
872 numbers[2].start = buf_getptr(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
873 buf_incrpos(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
874
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
875 /* n */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
876 numbers[1].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
877 numbers[1].start = buf_getptr(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
878 buf_incrpos(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
879
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
880 /* d */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
881 numbers[3].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
882 numbers[3].start = buf_getptr(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
883 buf_incrpos(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
884
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
885 /* p */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
886 numbers[4].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
887 numbers[4].start = buf_getptr(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
888 buf_incrpos(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
889
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
890 /* q */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
891 numbers[5].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
892 numbers[5].start = buf_getptr(keyblob, numbers[5].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
893 buf_incrpos(keyblob, numbers[5].bytes);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
894
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
895 /* now calculate some extra parameters: */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
896 m_mp_init(&tmpval);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
897 m_mp_init(&dmp1);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
898 m_mp_init(&dmq1);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
899 m_mp_init(&iqmp);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
900
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
901 /* dmp1 = d mod (p-1) */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
902 if (mp_sub_d(key->rsakey->p, 1, &tmpval) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
903 fprintf(stderr, "Bignum error for p-1\n");
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
904 goto error;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
905 }
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
906 if (mp_mod(key->rsakey->d, &tmpval, &dmp1) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
907 fprintf(stderr, "Bignum error for dmp1\n");
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
908 goto error;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
909 }
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
910
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
911 /* dmq1 = d mod (q-1) */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
912 if (mp_sub_d(key->rsakey->q, 1, &tmpval) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
913 fprintf(stderr, "Bignum error for q-1\n");
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
914 goto error;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
915 }
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
916 if (mp_mod(key->rsakey->d, &tmpval, &dmq1) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
917 fprintf(stderr, "Bignum error for dmq1\n");
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
918 goto error;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
919 }
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
920
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
921 /* iqmp = (q^-1) mod p */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
922 if (mp_invmod(key->rsakey->q, key->rsakey->p, &iqmp) != MP_OKAY) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
923 fprintf(stderr, "Bignum error for iqmp\n");
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
924 goto error;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
925 }
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
926
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
927 extrablob = buf_new(2000);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
928 buf_putmpint(extrablob, &dmp1);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
929 buf_putmpint(extrablob, &dmq1);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
930 buf_putmpint(extrablob, &iqmp);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
931 buf_setpos(extrablob, 0);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
932 mp_clear(&dmp1);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
933 mp_clear(&dmq1);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
934 mp_clear(&iqmp);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
935 mp_clear(&tmpval);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
936
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
937 /* dmp1 */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
938 numbers[6].bytes = buf_getint(extrablob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
939 numbers[6].start = buf_getptr(extrablob, numbers[6].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
940 buf_incrpos(extrablob, numbers[6].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
941
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
942 /* dmq1 */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
943 numbers[7].bytes = buf_getint(extrablob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
944 numbers[7].start = buf_getptr(extrablob, numbers[7].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
945 buf_incrpos(extrablob, numbers[7].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
946
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
947 /* iqmp */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
948 numbers[8].bytes = buf_getint(extrablob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
949 numbers[8].start = buf_getptr(extrablob, numbers[8].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
950 buf_incrpos(extrablob, numbers[8].bytes);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
951
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
952 nnumbers = 9;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
953 header = "-----BEGIN RSA PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
954 footer = "-----END RSA PRIVATE KEY-----\n";
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
955 }
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
956 #endif /* DROPBEAR_RSA */
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
957
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
958 #ifdef DROPBEAR_DSS
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
959 if (key->type == DROPBEAR_SIGNKEY_DSS) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
960
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
961 /* p */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
962 numbers[1].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
963 numbers[1].start = buf_getptr(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
964 buf_incrpos(keyblob, numbers[1].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
965
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
966 /* q */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
967 numbers[2].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
968 numbers[2].start = buf_getptr(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
969 buf_incrpos(keyblob, numbers[2].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
970
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
971 /* g */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
972 numbers[3].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
973 numbers[3].start = buf_getptr(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
974 buf_incrpos(keyblob, numbers[3].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
975
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
976 /* y */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
977 numbers[4].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
978 numbers[4].start = buf_getptr(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
979 buf_incrpos(keyblob, numbers[4].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
980
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
981 /* x */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
982 numbers[5].bytes = buf_getint(keyblob);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
983 numbers[5].start = buf_getptr(keyblob, numbers[5].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
984 buf_incrpos(keyblob, numbers[5].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
985
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
986 nnumbers = 6;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
987 header = "-----BEGIN DSA PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
988 footer = "-----END DSA PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
989 }
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
990 #endif /* DROPBEAR_DSS */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
991
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
992 /*
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
993 * Now count up the total size of the ASN.1 encoded integers,
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
994 * so as to determine the length of the containing SEQUENCE.
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
995 */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
996 len = 0;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
997 for (i = 0; i < nnumbers; i++) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
998 len += ber_write_id_len(NULL, 2, numbers[i].bytes, 0);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
999 len += numbers[i].bytes;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1000 }
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1001 seqlen = len;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1002 /* Now add on the SEQUENCE header. */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1003 len += ber_write_id_len(NULL, 16, seqlen, ASN1_CONSTRUCTED);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1004 /* Round up to the cipher block size, ensuring we have at least one
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1005 * byte of padding (see below). */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1006 outlen = len;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1007 if (passphrase)
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1008 outlen = (outlen+8) &~ 7;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1009
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1010 /*
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1011 * Now we know how big outblob needs to be. Allocate it.
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1012 */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1013 outblob = (unsigned char*)m_malloc(outlen);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1014
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1015 /*
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1016 * And write the data into it.
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1017 */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1018 pos = 0;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1019 pos += ber_write_id_len(outblob+pos, 16, seqlen, ASN1_CONSTRUCTED);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1020 for (i = 0; i < nnumbers; i++) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1021 pos += ber_write_id_len(outblob+pos, 2, numbers[i].bytes, 0);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1022 memcpy(outblob+pos, numbers[i].start, numbers[i].bytes);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1023 pos += numbers[i].bytes;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1024 }
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
1025 } /* end RSA and DSS handling */
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1026
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1027 #ifdef DROPBEAR_ECDSA
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1028 if (key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP256
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1029 || key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP384
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1030 || key->type == DROPBEAR_SIGNKEY_ECDSA_NISTP521) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1031
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1032 /* SEC1 V2 appendix c.4
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1033 ECPrivateKey ::= SEQUENCE {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1034 version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1035 privateKey OCTET STRING,
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1036 parameters [0] ECDomainParameters {{ SECGCurveNames }} OPTIONAL,
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1037 publicKey [1] BIT STRING OPTIONAL
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1038 }
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1039 */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1040 buffer *seq_buf = buf_new(400);
846
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents: 845
diff changeset
1041 ecc_key **eck = (ecc_key**)signkey_key_ptr(key, key->type);
b298bb438625 refactor key generation, make it generate as required.
Matt Johnston <matt@ucc.asn.au>
parents: 845
diff changeset
1042 const long curve_size = (*eck)->dp->size;
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1043 int curve_oid_len = 0;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1044 const void* curve_oid = NULL;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1045 unsigned long pubkey_size = 2*curve_size+1;
867
d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
1046 unsigned int k_size;
1038
d3925ed45a85 Fix for old compilers, variable declarations at beginning of functions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents: 1002
diff changeset
1047 int err = 0;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1048
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1049 /* version. less than 10 bytes */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1050 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1051 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 2, 1, 0));
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1052 buf_putbyte(seq_buf, 1);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1053
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1054 /* privateKey */
867
d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
1055 k_size = mp_unsigned_bin_size((*eck)->k);
d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
1056 dropbear_assert(k_size <= curve_size);
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1057 buf_incrwritepos(seq_buf,
867
d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
1058 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 4, k_size, 0));
d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
1059 mp_to_unsigned_bin((*eck)->k, buf_getwriteptr(seq_buf, k_size));
d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
1060 buf_incrwritepos(seq_buf, k_size);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1061
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1062 /* SECGCurveNames */
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1063 switch (key->type)
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1064 {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1065 case DROPBEAR_SIGNKEY_ECDSA_NISTP256:
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1066 curve_oid_len = sizeof(OID_SEC256R1_BLOB);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1067 curve_oid = OID_SEC256R1_BLOB;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1068 break;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1069 case DROPBEAR_SIGNKEY_ECDSA_NISTP384:
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1070 curve_oid_len = sizeof(OID_SEC384R1_BLOB);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1071 curve_oid = OID_SEC384R1_BLOB;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1072 break;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1073 case DROPBEAR_SIGNKEY_ECDSA_NISTP521:
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1074 curve_oid_len = sizeof(OID_SEC521R1_BLOB);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1075 curve_oid = OID_SEC521R1_BLOB;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1076 break;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1077 default:
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1078 dropbear_exit("Internal error");
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1079 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1080
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1081 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1082 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 0, 2+curve_oid_len, 0xa0));
857
c19acba28590 use oldstyle comments
Matt Johnston <matt@ucc.asn.au>
parents: 849
diff changeset
1083 /* object == 6 */
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1084 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1085 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 6, curve_oid_len, 0));
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1086 buf_putbytes(seq_buf, curve_oid, curve_oid_len);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1087
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1088 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1089 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 1, 2+1+pubkey_size, 0xa0));
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1090 buf_incrwritepos(seq_buf,
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1091 ber_write_id_len(buf_getwriteptr(seq_buf, 10), 3, 1+pubkey_size, 0));
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1092 buf_putbyte(seq_buf, 0);
1038
d3925ed45a85 Fix for old compilers, variable declarations at beginning of functions
Thorsten Horstmann <thorsten.horstmann@web.de>
parents: 1002
diff changeset
1093 err = ecc_ansi_x963_export(*eck, buf_getwriteptr(seq_buf, pubkey_size), &pubkey_size);
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1094 if (err != CRYPT_OK) {
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1095 dropbear_exit("ECC error");
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1096 }
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1097 buf_incrwritepos(seq_buf, pubkey_size);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1098
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1099 buf_setpos(seq_buf, 0);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1100
867
d2d624c951ca - Increase buffer size, fixes converting 521bit ECC key
Matt Johnston <matt@ucc.asn.au>
parents: 857
diff changeset
1101 outblob = (unsigned char*)m_malloc(1000);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1102
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1103 pos = 0;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1104 pos += ber_write_id_len(outblob+pos, 16, seq_buf->len, ASN1_CONSTRUCTED);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1105 memcpy(&outblob[pos], seq_buf->data, seq_buf->len);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1106 pos += seq_buf->len;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1107 len = pos;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1108 outlen = len;
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1109
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1110 buf_burn(seq_buf);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1111 buf_free(seq_buf);
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1112 seq_buf = NULL;
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1113
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1114 header = "-----BEGIN EC PRIVATE KEY-----\n";
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1115 footer = "-----END EC PRIVATE KEY-----\n";
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1116 }
836
d7d9f1612d51 writing out openssh ecc keys works
Matt Johnston <matt@ucc.asn.au>
parents: 807
diff changeset
1117 #endif
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1118
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1119 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1120 * Padding on OpenSSH keys is deterministic. The number of
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1121 * padding bytes is always more than zero, and always at most
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1122 * the cipher block length. The value of each padding byte is
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1123 * equal to the number of padding bytes. So a plaintext that's
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1124 * an exact multiple of the block size will be padded with 08
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1125 * 08 08 08 08 08 08 08 (assuming a 64-bit block cipher); a
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1126 * plaintext one byte less than a multiple of the block size
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1127 * will be padded with just 01.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1128 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1129 * This enables the OpenSSL key decryption function to strip
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1130 * off the padding algorithmically and return the unpadded
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1131 * plaintext to the next layer: it looks at the final byte, and
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1132 * then expects to find that many bytes at the end of the data
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1133 * with the same value. Those are all removed and the rest is
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1134 * returned.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1135 */
241
c5d3ef11155f * use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents: 87
diff changeset
1136 dropbear_assert(pos == len);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1137 while (pos < outlen) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1138 outblob[pos++] = outlen - len;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1139 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1140
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1141 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1142 * Encrypt the key.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1143 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1144 if (passphrase) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1145 fprintf(stderr, "Encrypted keys aren't supported currently\n");
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1146 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1147 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1148
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1149 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1150 * And save it. We'll use Unix line endings just in case it's
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1151 * subsequently transferred in binary mode.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1152 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1153 if (strlen(filename) == 1 && filename[0] == '-') {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1154 fp = stdout;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1155 } else {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1156 fp = fopen(filename, "wb"); /* ensure Unix line endings */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1157 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1158 if (!fp) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1159 fprintf(stderr, "Failed opening output file\n");
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1160 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1161 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1162 fputs(header, fp);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1163 base64_encode_fp(fp, outblob, outlen, 64);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1164 fputs(footer, fp);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1165 fclose(fp);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1166 ret = 1;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1167
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1168 error:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1169 if (outblob) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1170 memset(outblob, 0, outlen);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1171 m_free(outblob);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1172 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1173 if (keyblob) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1174 buf_burn(keyblob);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1175 buf_free(keyblob);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1176 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1177 if (extrablob) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1178 buf_burn(extrablob);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1179 buf_free(extrablob);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1180 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1181 return ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1182 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1183
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1184 #if 0
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1185 /* XXX TODO ssh.com stuff isn't going yet */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1186
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1187 /* ----------------------------------------------------------------------
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1188 * Code to read ssh.com private keys.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1189 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1190
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1191 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1192 * The format of the base64 blob is largely ssh2-packet-formatted,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1193 * except that mpints are a bit different: they're more like the
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1194 * old ssh1 mpint. You have a 32-bit bit count N, followed by
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1195 * (N+7)/8 bytes of data.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1196 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1197 * So. The blob contains:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1198 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1199 * - uint32 0x3f6ff9eb (magic number)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1200 * - uint32 size (total blob size)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1201 * - string key-type (see below)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1202 * - string cipher-type (tells you if key is encrypted)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1203 * - string encrypted-blob
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1204 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1205 * (The first size field includes the size field itself and the
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1206 * magic number before it. All other size fields are ordinary ssh2
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1207 * strings, so the size field indicates how much data is to
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1208 * _follow_.)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1209 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1210 * The encrypted blob, once decrypted, contains a single string
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1211 * which in turn contains the payload. (This allows padding to be
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1212 * added after that string while still making it clear where the
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1213 * real payload ends. Also it probably makes for a reasonable
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1214 * decryption check.)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1215 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1216 * The payload blob, for an RSA key, contains:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1217 * - mpint e
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1218 * - mpint d
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1219 * - mpint n (yes, the public and private stuff is intermixed)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1220 * - mpint u (presumably inverse of p mod q)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1221 * - mpint p (p is the smaller prime)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1222 * - mpint q (q is the larger)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1223 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1224 * For a DSA key, the payload blob contains:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1225 * - uint32 0
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1226 * - mpint p
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1227 * - mpint g
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1228 * - mpint q
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1229 * - mpint y
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1230 * - mpint x
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1231 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1232 * Alternatively, if the parameters are `predefined', that
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1233 * (0,p,g,q) sequence can be replaced by a uint32 1 and a string
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1234 * containing some predefined parameter specification. *shudder*,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1235 * but I doubt we'll encounter this in real life.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1236 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1237 * The key type strings are ghastly. The RSA key I looked at had a
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1238 * type string of
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1239 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1240 * `if-modn{sign{rsa-pkcs1-sha1},encrypt{rsa-pkcs1v2-oaep}}'
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1241 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1242 * and the DSA key wasn't much better:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1243 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1244 * `dl-modp{sign{dsa-nist-sha1},dh{plain}}'
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1245 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1246 * It isn't clear that these will always be the same. I think it
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1247 * might be wise just to look at the `if-modn{sign{rsa' and
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1248 * `dl-modp{sign{dsa' prefixes.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1249 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1250 * Finally, the encryption. The cipher-type string appears to be
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1251 * either `none' or `3des-cbc'. Looks as if this is SSH2-style
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1252 * 3des-cbc (i.e. outer cbc rather than inner). The key is created
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1253 * from the passphrase by means of yet another hashing faff:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1254 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1255 * - first 16 bytes are MD5(passphrase)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1256 * - next 16 bytes are MD5(passphrase || first 16 bytes)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1257 * - if there were more, they'd be MD5(passphrase || first 32),
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1258 * and so on.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1259 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1260
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1261 #define SSHCOM_MAGIC_NUMBER 0x3f6ff9eb
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1262
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1263 struct sshcom_key {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1264 char comment[256]; /* allowing any length is overkill */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1265 unsigned char *keyblob;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1266 int keyblob_len, keyblob_size;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1267 };
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1268
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1269 static struct sshcom_key *load_sshcom_key(const char *filename)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1270 {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1271 struct sshcom_key *ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1272 FILE *fp;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1273 char buffer[256];
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1274 int len;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1275 char *errmsg, *p;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1276 int headers_done;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1277 char base64_bit[4];
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1278 int base64_chars = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1279
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1280 ret = snew(struct sshcom_key);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1281 ret->comment[0] = '\0';
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1282 ret->keyblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1283 ret->keyblob_len = ret->keyblob_size = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1284
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1285 fp = fopen(filename, "r");
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1286 if (!fp) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1287 errmsg = "Unable to open key file";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1288 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1289 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1290 if (!fgets(buffer, sizeof(buffer), fp) ||
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1291 0 != strcmp(buffer, "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----\n")) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1292 errmsg = "File does not begin with ssh.com key header";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1293 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1294 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1295
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1296 headers_done = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1297 while (1) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1298 if (!fgets(buffer, sizeof(buffer), fp)) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1299 errmsg = "Unexpected end of file";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1300 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1301 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1302 if (!strcmp(buffer, "---- END SSH2 ENCRYPTED PRIVATE KEY ----\n"))
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1303 break; /* done */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1304 if ((p = strchr(buffer, ':')) != NULL) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1305 if (headers_done) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1306 errmsg = "Header found in body of key data";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1307 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1308 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1309 *p++ = '\0';
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1310 while (*p && isspace((unsigned char)*p)) p++;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1311 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1312 * Header lines can end in a trailing backslash for
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1313 * continuation.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1314 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1315 while ((len = strlen(p)) > (int)(sizeof(buffer) - (p-buffer) -1) ||
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1316 p[len-1] != '\n' || p[len-2] == '\\') {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1317 if (len > (int)((p-buffer) + sizeof(buffer)-2)) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1318 errmsg = "Header line too long to deal with";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1319 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1320 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1321 if (!fgets(p+len-2, sizeof(buffer)-(p-buffer)-(len-2), fp)) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1322 errmsg = "Unexpected end of file";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1323 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1324 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1325 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1326 p[strcspn(p, "\n")] = '\0';
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1327 if (!strcmp(buffer, "Comment")) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1328 /* Strip quotes in comment if present. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1329 if (p[0] == '"' && p[strlen(p)-1] == '"') {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1330 p++;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1331 p[strlen(p)-1] = '\0';
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1332 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1333 strncpy(ret->comment, p, sizeof(ret->comment));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1334 ret->comment[sizeof(ret->comment)-1] = '\0';
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1335 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1336 } else {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1337 headers_done = 1;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1338
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1339 p = buffer;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1340 while (isbase64(*p)) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1341 base64_bit[base64_chars++] = *p;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1342 if (base64_chars == 4) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1343 unsigned char out[3];
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1344
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1345 base64_chars = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1346
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1347 len = base64_decode_atom(base64_bit, out);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1348
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1349 if (len <= 0) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1350 errmsg = "Invalid base64 encoding";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1351 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1352 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1353
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1354 if (ret->keyblob_len + len > ret->keyblob_size) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1355 ret->keyblob_size = ret->keyblob_len + len + 256;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1356 ret->keyblob = sresize(ret->keyblob, ret->keyblob_size,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1357 unsigned char);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1358 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1359
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1360 memcpy(ret->keyblob + ret->keyblob_len, out, len);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1361 ret->keyblob_len += len;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1362 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1363
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1364 p++;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1365 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1366 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1367 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1368
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1369 if (ret->keyblob_len == 0 || !ret->keyblob) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1370 errmsg = "Key body not present";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1371 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1372 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1373
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1374 return ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1375
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1376 error:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1377 if (ret) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1378 if (ret->keyblob) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1379 memset(ret->keyblob, 0, ret->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1380 m_free(ret->keyblob);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1381 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1382 memset(&ret, 0, sizeof(ret));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1383 m_free(ret);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1384 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1385 return NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1386 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1387
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1388 int sshcom_encrypted(const char *filename, char **comment)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1389 {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1390 struct sshcom_key *key = load_sshcom_key(filename);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1391 int pos, len, answer;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1392
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1393 *comment = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1394 if (!key)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1395 return 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1396
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1397 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1398 * Check magic number.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1399 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1400 if (GET_32BIT(key->keyblob) != 0x3f6ff9eb)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1401 return 0; /* key is invalid */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1402
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1403 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1404 * Find the cipher-type string.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1405 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1406 answer = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1407 pos = 8;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1408 if (key->keyblob_len < pos+4)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1409 goto done; /* key is far too short */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1410 pos += 4 + GET_32BIT(key->keyblob + pos); /* skip key type */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1411 if (key->keyblob_len < pos+4)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1412 goto done; /* key is far too short */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1413 len = GET_32BIT(key->keyblob + pos); /* find cipher-type length */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1414 if (key->keyblob_len < pos+4+len)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1415 goto done; /* cipher type string is incomplete */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1416 if (len != 4 || 0 != memcmp(key->keyblob + pos + 4, "none", 4))
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1417 answer = 1;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1418
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1419 done:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1420 *comment = dupstr(key->comment);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1421 memset(key->keyblob, 0, key->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1422 m_free(key->keyblob);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1423 memset(&key, 0, sizeof(key));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1424 m_free(key);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1425 return answer;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1426 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1427
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1428 static int sshcom_read_mpint(void *data, int len, struct mpint_pos *ret)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1429 {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1430 int bits;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1431 int bytes;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1432 unsigned char *d = (unsigned char *) data;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1433
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1434 if (len < 4)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1435 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1436 bits = GET_32BIT(d);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1437
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1438 bytes = (bits + 7) / 8;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1439 if (len < 4+bytes)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1440 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1441
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1442 ret->start = d + 4;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1443 ret->bytes = bytes;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1444 return bytes+4;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1445
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1446 error:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1447 ret->start = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1448 ret->bytes = -1;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1449 return len; /* ensure further calls fail as well */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1450 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1451
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1452 static int sshcom_put_mpint(void *target, void *data, int len)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1453 {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1454 unsigned char *d = (unsigned char *)target;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1455 unsigned char *i = (unsigned char *)data;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1456 int bits = len * 8 - 1;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1457
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1458 while (bits > 0) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1459 if (*i & (1 << (bits & 7)))
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1460 break;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1461 if (!(bits-- & 7))
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1462 i++, len--;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1463 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1464
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1465 PUT_32BIT(d, bits+1);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1466 memcpy(d+4, i, len);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1467 return len+4;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1468 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1469
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1470 sign_key *sshcom_read(const char *filename, char *passphrase)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1471 {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1472 struct sshcom_key *key = load_sshcom_key(filename);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1473 char *errmsg;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1474 int pos, len;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1475 const char prefix_rsa[] = "if-modn{sign{rsa";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1476 const char prefix_dsa[] = "dl-modp{sign{dsa";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1477 enum { RSA, DSA } type;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1478 int encrypted;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1479 char *ciphertext;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1480 int cipherlen;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1481 struct ssh2_userkey *ret = NULL, *retkey;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1482 const struct ssh_signkey *alg;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1483 unsigned char *blob = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1484 int blobsize, publen, privlen;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1485
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1486 if (!key)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1487 return NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1488
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1489 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1490 * Check magic number.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1491 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1492 if (GET_32BIT(key->keyblob) != SSHCOM_MAGIC_NUMBER) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1493 errmsg = "Key does not begin with magic number";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1494 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1495 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1496
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1497 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1498 * Determine the key type.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1499 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1500 pos = 8;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1501 if (key->keyblob_len < pos+4 ||
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1502 (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1503 errmsg = "Key blob does not contain a key type string";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1504 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1505 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1506 if (len > sizeof(prefix_rsa) - 1 &&
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1507 !memcmp(key->keyblob+pos+4, prefix_rsa, sizeof(prefix_rsa) - 1)) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1508 type = RSA;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1509 } else if (len > sizeof(prefix_dsa) - 1 &&
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1510 !memcmp(key->keyblob+pos+4, prefix_dsa, sizeof(prefix_dsa) - 1)) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1511 type = DSA;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1512 } else {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1513 errmsg = "Key is of unknown type";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1514 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1515 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1516 pos += 4+len;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1517
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1518 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1519 * Determine the cipher type.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1520 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1521 if (key->keyblob_len < pos+4 ||
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1522 (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1523 errmsg = "Key blob does not contain a cipher type string";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1524 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1525 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1526 if (len == 4 && !memcmp(key->keyblob+pos+4, "none", 4))
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1527 encrypted = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1528 else if (len == 8 && !memcmp(key->keyblob+pos+4, "3des-cbc", 8))
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1529 encrypted = 1;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1530 else {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1531 errmsg = "Key encryption is of unknown type";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1532 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1533 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1534 pos += 4+len;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1535
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1536 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1537 * Get hold of the encrypted part of the key.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1538 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1539 if (key->keyblob_len < pos+4 ||
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1540 (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1541 errmsg = "Key blob does not contain actual key data";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1542 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1543 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1544 ciphertext = (char *)key->keyblob + pos + 4;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1545 cipherlen = len;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1546 if (cipherlen == 0) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1547 errmsg = "Length of key data is zero";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1548 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1549 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1550
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1551 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1552 * Decrypt it if necessary.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1553 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1554 if (encrypted) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1555 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1556 * Derive encryption key from passphrase and iv/salt:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1557 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1558 * - let block A equal MD5(passphrase)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1559 * - let block B equal MD5(passphrase || A)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1560 * - block C would be MD5(passphrase || A || B) and so on
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1561 * - encryption key is the first N bytes of A || B
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1562 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1563 struct MD5Context md5c;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1564 unsigned char keybuf[32], iv[8];
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1565
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1566 if (cipherlen % 8 != 0) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1567 errmsg = "Encrypted part of key is not a multiple of cipher block"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1568 " size";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1569 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1570 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1571
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1572 MD5Init(&md5c);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1573 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1574 MD5Final(keybuf, &md5c);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1575
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1576 MD5Init(&md5c);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1577 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1578 MD5Update(&md5c, keybuf, 16);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1579 MD5Final(keybuf+16, &md5c);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1580
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1581 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1582 * Now decrypt the key blob.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1583 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1584 memset(iv, 0, sizeof(iv));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1585 des3_decrypt_pubkey_ossh(keybuf, iv, (unsigned char *)ciphertext,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1586 cipherlen);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1587
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1588 memset(&md5c, 0, sizeof(md5c));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1589 memset(keybuf, 0, sizeof(keybuf));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1590
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1591 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1592 * Hereafter we return WRONG_PASSPHRASE for any parsing
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1593 * error. (But only if we've just tried to decrypt it!
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1594 * Returning WRONG_PASSPHRASE for an unencrypted key is
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1595 * automatic doom.)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1596 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1597 if (encrypted)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1598 ret = SSH2_WRONG_PASSPHRASE;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1599 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1600
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1601 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1602 * Strip away the containing string to get to the real meat.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1603 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1604 len = GET_32BIT(ciphertext);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1605 if (len > cipherlen-4) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1606 errmsg = "containing string was ill-formed";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1607 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1608 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1609 ciphertext += 4;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1610 cipherlen = len;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1611
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1612 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1613 * Now we break down into RSA versus DSA. In either case we'll
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1614 * construct public and private blobs in our own format, and
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1615 * end up feeding them to alg->createkey().
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1616 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1617 blobsize = cipherlen + 256;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1618 blob = snewn(blobsize, unsigned char);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1619 privlen = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1620 if (type == RSA) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1621 struct mpint_pos n, e, d, u, p, q;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1622 int pos = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1623 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &e);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1624 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &d);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1625 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &n);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1626 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &u);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1627 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &p);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1628 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &q);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1629 if (!q.start) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1630 errmsg = "key data did not contain six integers";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1631 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1632 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1633
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1634 alg = &ssh_rsa;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1635 pos = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1636 pos += put_string(blob+pos, "ssh-rsa", 7);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1637 pos += put_mp(blob+pos, e.start, e.bytes);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1638 pos += put_mp(blob+pos, n.start, n.bytes);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1639 publen = pos;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1640 pos += put_string(blob+pos, d.start, d.bytes);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1641 pos += put_mp(blob+pos, q.start, q.bytes);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1642 pos += put_mp(blob+pos, p.start, p.bytes);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1643 pos += put_mp(blob+pos, u.start, u.bytes);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1644 privlen = pos - publen;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1645 } else if (type == DSA) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1646 struct mpint_pos p, q, g, x, y;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1647 int pos = 4;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1648 if (GET_32BIT(ciphertext) != 0) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1649 errmsg = "predefined DSA parameters not supported";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1650 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1651 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1652 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &p);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1653 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &g);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1654 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &q);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1655 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &y);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1656 pos += sshcom_read_mpint(ciphertext+pos, cipherlen-pos, &x);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1657 if (!x.start) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1658 errmsg = "key data did not contain five integers";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1659 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1660 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1661
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1662 alg = &ssh_dss;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1663 pos = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1664 pos += put_string(blob+pos, "ssh-dss", 7);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1665 pos += put_mp(blob+pos, p.start, p.bytes);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1666 pos += put_mp(blob+pos, q.start, q.bytes);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1667 pos += put_mp(blob+pos, g.start, g.bytes);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1668 pos += put_mp(blob+pos, y.start, y.bytes);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1669 publen = pos;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1670 pos += put_mp(blob+pos, x.start, x.bytes);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1671 privlen = pos - publen;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1672 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1673
241
c5d3ef11155f * use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents: 87
diff changeset
1674 dropbear_assert(privlen > 0); /* should have bombed by now if not */
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1675
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1676 retkey = snew(struct ssh2_userkey);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1677 retkey->alg = alg;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1678 retkey->data = alg->createkey(blob, publen, blob+publen, privlen);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1679 if (!retkey->data) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1680 m_free(retkey);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1681 errmsg = "unable to create key data structure";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1682 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1683 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1684 retkey->comment = dupstr(key->comment);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1685
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1686 errmsg = NULL; /* no error */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1687 ret = retkey;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1688
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1689 error:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1690 if (blob) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1691 memset(blob, 0, blobsize);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1692 m_free(blob);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1693 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1694 memset(key->keyblob, 0, key->keyblob_size);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1695 m_free(key->keyblob);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1696 memset(&key, 0, sizeof(key));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1697 m_free(key);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1698 return ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1699 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1700
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1701 int sshcom_write(const char *filename, sign_key *key,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1702 char *passphrase)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1703 {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1704 unsigned char *pubblob, *privblob;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1705 int publen, privlen;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1706 unsigned char *outblob;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1707 int outlen;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1708 struct mpint_pos numbers[6];
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1709 int nnumbers, initial_zero, pos, lenpos, i;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1710 char *type;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1711 char *ciphertext;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1712 int cipherlen;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1713 int ret = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1714 FILE *fp;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1715
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1716 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1717 * Fetch the key blobs.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1718 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1719 pubblob = key->alg->public_blob(key->data, &publen);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1720 privblob = key->alg->private_blob(key->data, &privlen);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1721 outblob = NULL;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1722
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1723 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1724 * Find the sequence of integers to be encoded into the OpenSSH
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1725 * key blob, and also decide on the header line.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1726 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1727 if (key->alg == &ssh_rsa) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1728 int pos;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1729 struct mpint_pos n, e, d, p, q, iqmp;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1730
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1731 pos = 4 + GET_32BIT(pubblob);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1732 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &e);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1733 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &n);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1734 pos = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1735 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &d);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1736 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &p);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1737 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &q);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1738 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &iqmp);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1739
241
c5d3ef11155f * use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents: 87
diff changeset
1740 dropbear_assert(e.start && iqmp.start); /* can't go wrong */
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1741
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1742 numbers[0] = e;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1743 numbers[1] = d;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1744 numbers[2] = n;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1745 numbers[3] = iqmp;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1746 numbers[4] = q;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1747 numbers[5] = p;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1748
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1749 nnumbers = 6;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1750 initial_zero = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1751 type = "if-modn{sign{rsa-pkcs1-sha1},encrypt{rsa-pkcs1v2-oaep}}";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1752 } else if (key->alg == &ssh_dss) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1753 int pos;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1754 struct mpint_pos p, q, g, y, x;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1755
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1756 pos = 4 + GET_32BIT(pubblob);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1757 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &p);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1758 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &q);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1759 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &g);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1760 pos += ssh2_read_mpint(pubblob+pos, publen-pos, &y);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1761 pos = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1762 pos += ssh2_read_mpint(privblob+pos, privlen-pos, &x);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1763
241
c5d3ef11155f * use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents: 87
diff changeset
1764 dropbear_assert(y.start && x.start); /* can't go wrong */
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1765
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1766 numbers[0] = p;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1767 numbers[1] = g;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1768 numbers[2] = q;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1769 numbers[3] = y;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1770 numbers[4] = x;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1771
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1772 nnumbers = 5;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1773 initial_zero = 1;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1774 type = "dl-modp{sign{dsa-nist-sha1},dh{plain}}";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1775 } else {
241
c5d3ef11155f * use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents: 87
diff changeset
1776 dropbear_assert(0); /* zoinks! */
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1777 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1778
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1779 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1780 * Total size of key blob will be somewhere under 512 plus
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1781 * combined length of integers. We'll calculate the more
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1782 * precise size as we construct the blob.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1783 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1784 outlen = 512;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1785 for (i = 0; i < nnumbers; i++)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1786 outlen += 4 + numbers[i].bytes;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1787 outblob = snewn(outlen, unsigned char);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1788
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1789 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1790 * Create the unencrypted key blob.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1791 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1792 pos = 0;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1793 PUT_32BIT(outblob+pos, SSHCOM_MAGIC_NUMBER); pos += 4;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1794 pos += 4; /* length field, fill in later */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1795 pos += put_string(outblob+pos, type, strlen(type));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1796 {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1797 char *ciphertype = passphrase ? "3des-cbc" : "none";
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1798 pos += put_string(outblob+pos, ciphertype, strlen(ciphertype));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1799 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1800 lenpos = pos; /* remember this position */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1801 pos += 4; /* encrypted-blob size */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1802 pos += 4; /* encrypted-payload size */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1803 if (initial_zero) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1804 PUT_32BIT(outblob+pos, 0);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1805 pos += 4;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1806 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1807 for (i = 0; i < nnumbers; i++)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1808 pos += sshcom_put_mpint(outblob+pos,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1809 numbers[i].start, numbers[i].bytes);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1810 /* Now wrap up the encrypted payload. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1811 PUT_32BIT(outblob+lenpos+4, pos - (lenpos+8));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1812 /* Pad encrypted blob to a multiple of cipher block size. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1813 if (passphrase) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1814 int padding = -(pos - (lenpos+4)) & 7;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1815 while (padding--)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1816 outblob[pos++] = random_byte();
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1817 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1818 ciphertext = (char *)outblob+lenpos+4;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1819 cipherlen = pos - (lenpos+4);
241
c5d3ef11155f * use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents: 87
diff changeset
1820 dropbear_assert(!passphrase || cipherlen % 8 == 0);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1821 /* Wrap up the encrypted blob string. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1822 PUT_32BIT(outblob+lenpos, cipherlen);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1823 /* And finally fill in the total length field. */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1824 PUT_32BIT(outblob+4, pos);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1825
241
c5d3ef11155f * use own assertions which should get logged properly
Matt Johnston <matt@ucc.asn.au>
parents: 87
diff changeset
1826 dropbear_assert(pos < outlen);
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1827
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1828 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1829 * Encrypt the key.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1830 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1831 if (passphrase) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1832 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1833 * Derive encryption key from passphrase and iv/salt:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1834 *
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1835 * - let block A equal MD5(passphrase)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1836 * - let block B equal MD5(passphrase || A)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1837 * - block C would be MD5(passphrase || A || B) and so on
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1838 * - encryption key is the first N bytes of A || B
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1839 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1840 struct MD5Context md5c;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1841 unsigned char keybuf[32], iv[8];
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1842
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1843 MD5Init(&md5c);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1844 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1845 MD5Final(keybuf, &md5c);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1846
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1847 MD5Init(&md5c);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1848 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1849 MD5Update(&md5c, keybuf, 16);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1850 MD5Final(keybuf+16, &md5c);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1851
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1852 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1853 * Now decrypt the key blob.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1854 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1855 memset(iv, 0, sizeof(iv));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1856 des3_encrypt_pubkey_ossh(keybuf, iv, (unsigned char *)ciphertext,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1857 cipherlen);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1858
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1859 memset(&md5c, 0, sizeof(md5c));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1860 memset(keybuf, 0, sizeof(keybuf));
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1861 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1862
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1863 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1864 * And save it. We'll use Unix line endings just in case it's
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1865 * subsequently transferred in binary mode.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1866 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1867 fp = fopen(filename, "wb"); /* ensure Unix line endings */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1868 if (!fp)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1869 goto error;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1870 fputs("---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----\n", fp);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1871 fprintf(fp, "Comment: \"");
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1872 /*
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1873 * Comment header is broken with backslash-newline if it goes
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1874 * over 70 chars. Although it's surrounded by quotes, it
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1875 * _doesn't_ escape backslashes or quotes within the string.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1876 * Don't ask me, I didn't design it.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1877 */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1878 {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1879 int slen = 60; /* starts at 60 due to "Comment: " */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1880 char *c = key->comment;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1881 while ((int)strlen(c) > slen) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1882 fprintf(fp, "%.*s\\\n", slen, c);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1883 c += slen;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1884 slen = 70; /* allow 70 chars on subsequent lines */
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1885 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1886 fprintf(fp, "%s\"\n", c);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1887 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1888 base64_encode_fp(fp, outblob, pos, 70);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1889 fputs("---- END SSH2 ENCRYPTED PRIVATE KEY ----\n", fp);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1890 fclose(fp);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1891 ret = 1;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1892
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1893 error:
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1894 if (outblob) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1895 memset(outblob, 0, outlen);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1896 m_free(outblob);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1897 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1898 if (privblob) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1899 memset(privblob, 0, privlen);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1900 m_free(privblob);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1901 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1902 if (pubblob) {
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1903 memset(pubblob, 0, publen);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1904 m_free(pubblob);
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1905 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1906 return ret;
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1907 }
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1908 #endif /* ssh.com stuff disabled */