Mercurial > dropbear
comparison keyimport.c @ 398:59c7938af2bd
merge of '1250b8af44b62d8f4fe0f8d9fc7e7a1cc34e7e1c'
and '7f8670ac3bb975f40967f3979d09d2199b7e90c8'
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sat, 03 Feb 2007 08:20:30 +0000 |
| parents | 454a34b2dfd1 |
| children | 9dbc0c443497 |
comparison
equal
deleted
inserted
replaced
| 396:e7c1a77d2921 | 398:59c7938af2bd |
|---|---|
| 359 }; | 359 }; |
| 360 | 360 |
| 361 static struct openssh_key *load_openssh_key(const char *filename) | 361 static struct openssh_key *load_openssh_key(const char *filename) |
| 362 { | 362 { |
| 363 struct openssh_key *ret; | 363 struct openssh_key *ret; |
| 364 FILE *fp; | 364 FILE *fp = NULL; |
| 365 char buffer[256]; | 365 char buffer[256]; |
| 366 char *errmsg = NULL, *p = NULL; | 366 char *errmsg = NULL, *p = NULL; |
| 367 int headers_done; | 367 int headers_done; |
| 368 unsigned long len, outlen; | 368 unsigned long len, outlen; |
| 369 | 369 |
| 480 m_free(ret->keyblob); | 480 m_free(ret->keyblob); |
| 481 } | 481 } |
| 482 memset(&ret, 0, sizeof(ret)); | 482 memset(&ret, 0, sizeof(ret)); |
| 483 m_free(ret); | 483 m_free(ret); |
| 484 } | 484 } |
| 485 if (fp) { | |
| 486 fclose(fp); | |
| 487 } | |
| 485 if (errmsg) { | 488 if (errmsg) { |
| 486 fprintf(stderr, "Error: %s\n", errmsg); | 489 fprintf(stderr, "Error: %s\n", errmsg); |
| 487 } | 490 } |
| 488 return NULL; | 491 return NULL; |
| 489 } | 492 } |
| 924 * Encrypt the key. | 927 * Encrypt the key. |
| 925 */ | 928 */ |
| 926 if (passphrase) { | 929 if (passphrase) { |
| 927 fprintf(stderr, "Encrypted keys aren't supported currently\n"); | 930 fprintf(stderr, "Encrypted keys aren't supported currently\n"); |
| 928 goto error; | 931 goto error; |
| 929 #if 0 | |
| 930 /* | |
| 931 * Invent an iv. Then derive encryption key from passphrase | |
| 932 * and iv/salt: | |
| 933 * | |
| 934 * - let block A equal MD5(passphrase || iv) | |
| 935 * - let block B equal MD5(A || passphrase || iv) | |
| 936 * - block C would be MD5(B || passphrase || iv) and so on | |
| 937 * - encryption key is the first N bytes of A || B | |
| 938 */ | |
| 939 struct MD5Context md5c; | |
| 940 unsigned char keybuf[32]; | |
| 941 | |
| 942 for (i = 0; i < 8; i++) iv[i] = random_byte(); | |
| 943 | |
| 944 MD5Init(&md5c); | |
| 945 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); | |
| 946 MD5Update(&md5c, iv, 8); | |
| 947 MD5Final(keybuf, &md5c); | |
| 948 | |
| 949 MD5Init(&md5c); | |
| 950 MD5Update(&md5c, keybuf, 16); | |
| 951 MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); | |
| 952 MD5Update(&md5c, iv, 8); | |
| 953 MD5Final(keybuf+16, &md5c); | |
| 954 | |
| 955 /* | |
| 956 * Now encrypt the key blob. | |
| 957 */ | |
| 958 des3_encrypt_pubkey_ossh(keybuf, iv, outblob, outlen); | |
| 959 | |
| 960 memset(&md5c, 0, sizeof(md5c)); | |
| 961 memset(keybuf, 0, sizeof(keybuf)); | |
| 962 #endif | |
| 963 } | 932 } |
| 964 | 933 |
| 965 /* | 934 /* |
| 966 * And save it. We'll use Unix line endings just in case it's | 935 * And save it. We'll use Unix line endings just in case it's |
| 967 * subsequently transferred in binary mode. | 936 * subsequently transferred in binary mode. |
| 974 if (!fp) { | 943 if (!fp) { |
| 975 fprintf(stderr, "Failed opening output file\n"); | 944 fprintf(stderr, "Failed opening output file\n"); |
| 976 goto error; | 945 goto error; |
| 977 } | 946 } |
| 978 fputs(header, fp); | 947 fputs(header, fp); |
| 979 if (passphrase) { | |
| 980 fprintf(fp, "Proc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,"); | |
| 981 for (i = 0; i < 8; i++) | |
| 982 fprintf(fp, "%02X", iv[i]); | |
| 983 fprintf(fp, "\n\n"); | |
| 984 } | |
| 985 base64_encode_fp(fp, outblob, outlen, 64); | 948 base64_encode_fp(fp, outblob, outlen, 64); |
| 986 fputs(footer, fp); | 949 fputs(footer, fp); |
| 987 fclose(fp); | 950 fclose(fp); |
| 988 ret = 1; | 951 ret = 1; |
| 989 | 952 |