Mercurial > dropbear
comparison keyimport.c @ 511:582cb38e4eb5 insecure-nocrypto
propagate from branch 'au.asn.ucc.matt.dropbear' (head cdcc3c729e29544e8b98a408e2dc60e4483dfd2a)
to branch 'au.asn.ucc.matt.dropbear.insecure-nocrypto' (head 0ca38a1cf349f7426ac9de34ebe4c3e3735effab)
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 06 Nov 2008 13:16:55 +0000 |
| parents | 9dbc0c443497 |
| children | 76097ec1a29a 70625eed40c9 |
comparison
equal
deleted
inserted
replaced
| 361:461c4b1fb35f | 511:582cb38e4eb5 |
|---|---|
| 359 }; | 359 }; |
| 360 | 360 |
| 361 static struct openssh_key *load_openssh_key(const char *filename) | 361 static struct openssh_key *load_openssh_key(const char *filename) |
| 362 { | 362 { |
| 363 struct openssh_key *ret; | 363 struct openssh_key *ret; |
| 364 FILE *fp; | 364 FILE *fp = NULL; |
| 365 char buffer[256]; | 365 char buffer[256]; |
| 366 char *errmsg = NULL, *p = NULL; | 366 char *errmsg = NULL, *p = NULL; |
| 367 int headers_done; | 367 int headers_done; |
| 368 unsigned long len, outlen; | 368 unsigned long len, outlen; |
| 369 | 369 |
| 480 m_free(ret->keyblob); | 480 m_free(ret->keyblob); |
| 481 } | 481 } |
| 482 memset(&ret, 0, sizeof(ret)); | 482 memset(&ret, 0, sizeof(ret)); |
| 483 m_free(ret); | 483 m_free(ret); |
| 484 } | 484 } |
| 485 if (fp) { | |
| 486 fclose(fp); | |
| 487 } | |
| 485 if (errmsg) { | 488 if (errmsg) { |
| 486 fprintf(stderr, "Error: %s\n", errmsg); | 489 fprintf(stderr, "Error: %s\n", errmsg); |
| 487 } | 490 } |
| 488 return NULL; | 491 return NULL; |
| 489 } | 492 } |
| 696 int outlen = -9999; | 699 int outlen = -9999; |
| 697 struct mpint_pos numbers[9]; | 700 struct mpint_pos numbers[9]; |
| 698 int nnumbers = -1, pos, len, seqlen, i; | 701 int nnumbers = -1, pos, len, seqlen, i; |
| 699 char *header = NULL, *footer = NULL; | 702 char *header = NULL, *footer = NULL; |
| 700 char zero[1]; | 703 char zero[1]; |
| 701 unsigned char iv[8]; | |
| 702 int ret = 0; | 704 int ret = 0; |
| 703 FILE *fp; | 705 FILE *fp; |
| 704 int keytype = -1; | 706 int keytype = -1; |
| 705 | 707 |
| 706 #ifdef DROPBEAR_RSA | 708 #ifdef DROPBEAR_RSA |
| 924 * Encrypt the key. | 926 * Encrypt the key. |
| 925 */ | 927 */ |
| 926 if (passphrase) { | 928 if (passphrase) { |
| 927 fprintf(stderr, "Encrypted keys aren't supported currently\n"); | 929 fprintf(stderr, "Encrypted keys aren't supported currently\n"); |
| 928 goto error; | 930 goto error; |
| 929 #if 0 | |
| 930 /* | |
| 931 * Invent an iv. Then derive encryption key from passphrase | |
| 932 * and iv/salt: | |
| 933 * | |
| 934 * - let block A equal MD5(passphrase || iv) | |
| 935 * - let block B equal MD5(A || passphrase || iv) | |
| 936 * - block C would be MD5(B || passphrase || iv) and so on | |
| 937 * - encryption key is the first N bytes of A || B | |
| 938 */ | |
| 939 struct MD5Context md5c; | |
| 940 unsigned char keybuf[32]; | |
| 941 | |
| 942 for (i = 0; i < 8; i++) iv[i] = random_byte(); | |
| 943 | |
| 944 MD5Init(&md5c); | |
| 945 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); | |
| 946 MD5Update(&md5c, iv, 8); | |
| 947 MD5Final(keybuf, &md5c); | |
| 948 | |
| 949 MD5Init(&md5c); | |
| 950 MD5Update(&md5c, keybuf, 16); | |
| 951 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); | |
| 952 MD5Update(&md5c, iv, 8); | |
| 953 MD5Final(keybuf+16, &md5c); | |
| 954 | |
| 955 /* | |
| 956 * Now encrypt the key blob. | |
| 957 */ | |
| 958 des3_encrypt_pubkey_ossh(keybuf, iv, outblob, outlen); | |
| 959 | |
| 960 memset(&md5c, 0, sizeof(md5c)); | |
| 961 memset(keybuf, 0, sizeof(keybuf)); | |
| 962 #endif | |
| 963 } | 931 } |
| 964 | 932 |
| 965 /* | 933 /* |
| 966 * And save it. We'll use Unix line endings just in case it's | 934 * And save it. We'll use Unix line endings just in case it's |
| 967 * subsequently transferred in binary mode. | 935 * subsequently transferred in binary mode. |
| 974 if (!fp) { | 942 if (!fp) { |
| 975 fprintf(stderr, "Failed opening output file\n"); | 943 fprintf(stderr, "Failed opening output file\n"); |
| 976 goto error; | 944 goto error; |
| 977 } | 945 } |
| 978 fputs(header, fp); | 946 fputs(header, fp); |
| 979 if (passphrase) { | |
| 980 fprintf(fp, "Proc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,"); | |
| 981 for (i = 0; i < 8; i++) | |
| 982 fprintf(fp, "%02X", iv[i]); | |
| 983 fprintf(fp, "\n\n"); | |
| 984 } | |
| 985 base64_encode_fp(fp, outblob, outlen, 64); | 947 base64_encode_fp(fp, outblob, outlen, 64); |
| 986 fputs(footer, fp); | 948 fputs(footer, fp); |
| 987 fclose(fp); | 949 fclose(fp); |
| 988 ret = 1; | 950 ret = 1; |
| 989 | 951 |