Mercurial > dropbear
comparison keyimport.c @ 511:582cb38e4eb5 insecure-nocrypto
propagate from branch 'au.asn.ucc.matt.dropbear' (head cdcc3c729e29544e8b98a408e2dc60e4483dfd2a)
to branch 'au.asn.ucc.matt.dropbear.insecure-nocrypto' (head 0ca38a1cf349f7426ac9de34ebe4c3e3735effab)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 06 Nov 2008 13:16:55 +0000 |
parents | 9dbc0c443497 |
children | 76097ec1a29a 70625eed40c9 |
comparison
equal
deleted
inserted
replaced
361:461c4b1fb35f | 511:582cb38e4eb5 |
---|---|
359 }; | 359 }; |
360 | 360 |
361 static struct openssh_key *load_openssh_key(const char *filename) | 361 static struct openssh_key *load_openssh_key(const char *filename) |
362 { | 362 { |
363 struct openssh_key *ret; | 363 struct openssh_key *ret; |
364 FILE *fp; | 364 FILE *fp = NULL; |
365 char buffer[256]; | 365 char buffer[256]; |
366 char *errmsg = NULL, *p = NULL; | 366 char *errmsg = NULL, *p = NULL; |
367 int headers_done; | 367 int headers_done; |
368 unsigned long len, outlen; | 368 unsigned long len, outlen; |
369 | 369 |
480 m_free(ret->keyblob); | 480 m_free(ret->keyblob); |
481 } | 481 } |
482 memset(&ret, 0, sizeof(ret)); | 482 memset(&ret, 0, sizeof(ret)); |
483 m_free(ret); | 483 m_free(ret); |
484 } | 484 } |
485 if (fp) { | |
486 fclose(fp); | |
487 } | |
485 if (errmsg) { | 488 if (errmsg) { |
486 fprintf(stderr, "Error: %s\n", errmsg); | 489 fprintf(stderr, "Error: %s\n", errmsg); |
487 } | 490 } |
488 return NULL; | 491 return NULL; |
489 } | 492 } |
696 int outlen = -9999; | 699 int outlen = -9999; |
697 struct mpint_pos numbers[9]; | 700 struct mpint_pos numbers[9]; |
698 int nnumbers = -1, pos, len, seqlen, i; | 701 int nnumbers = -1, pos, len, seqlen, i; |
699 char *header = NULL, *footer = NULL; | 702 char *header = NULL, *footer = NULL; |
700 char zero[1]; | 703 char zero[1]; |
701 unsigned char iv[8]; | |
702 int ret = 0; | 704 int ret = 0; |
703 FILE *fp; | 705 FILE *fp; |
704 int keytype = -1; | 706 int keytype = -1; |
705 | 707 |
706 #ifdef DROPBEAR_RSA | 708 #ifdef DROPBEAR_RSA |
924 * Encrypt the key. | 926 * Encrypt the key. |
925 */ | 927 */ |
926 if (passphrase) { | 928 if (passphrase) { |
927 fprintf(stderr, "Encrypted keys aren't supported currently\n"); | 929 fprintf(stderr, "Encrypted keys aren't supported currently\n"); |
928 goto error; | 930 goto error; |
929 #if 0 | |
930 /* | |
931 * Invent an iv. Then derive encryption key from passphrase | |
932 * and iv/salt: | |
933 * | |
934 * - let block A equal MD5(passphrase || iv) | |
935 * - let block B equal MD5(A || passphrase || iv) | |
936 * - block C would be MD5(B || passphrase || iv) and so on | |
937 * - encryption key is the first N bytes of A || B | |
938 */ | |
939 struct MD5Context md5c; | |
940 unsigned char keybuf[32]; | |
941 | |
942 for (i = 0; i < 8; i++) iv[i] = random_byte(); | |
943 | |
944 MD5Init(&md5c); | |
945 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); | |
946 MD5Update(&md5c, iv, 8); | |
947 MD5Final(keybuf, &md5c); | |
948 | |
949 MD5Init(&md5c); | |
950 MD5Update(&md5c, keybuf, 16); | |
951 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); | |
952 MD5Update(&md5c, iv, 8); | |
953 MD5Final(keybuf+16, &md5c); | |
954 | |
955 /* | |
956 * Now encrypt the key blob. | |
957 */ | |
958 des3_encrypt_pubkey_ossh(keybuf, iv, outblob, outlen); | |
959 | |
960 memset(&md5c, 0, sizeof(md5c)); | |
961 memset(keybuf, 0, sizeof(keybuf)); | |
962 #endif | |
963 } | 931 } |
964 | 932 |
965 /* | 933 /* |
966 * And save it. We'll use Unix line endings just in case it's | 934 * And save it. We'll use Unix line endings just in case it's |
967 * subsequently transferred in binary mode. | 935 * subsequently transferred in binary mode. |
974 if (!fp) { | 942 if (!fp) { |
975 fprintf(stderr, "Failed opening output file\n"); | 943 fprintf(stderr, "Failed opening output file\n"); |
976 goto error; | 944 goto error; |
977 } | 945 } |
978 fputs(header, fp); | 946 fputs(header, fp); |
979 if (passphrase) { | |
980 fprintf(fp, "Proc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,"); | |
981 for (i = 0; i < 8; i++) | |
982 fprintf(fp, "%02X", iv[i]); | |
983 fprintf(fp, "\n\n"); | |
984 } | |
985 base64_encode_fp(fp, outblob, outlen, 64); | 947 base64_encode_fp(fp, outblob, outlen, 64); |
986 fputs(footer, fp); | 948 fputs(footer, fp); |
987 fclose(fp); | 949 fclose(fp); |
988 ret = 1; | 950 ret = 1; |
989 | 951 |