📄 import.c
字号:
* plaintext one byte less than a multiple of the block size * will be padded with just 01. * * This enables the OpenSSL key decryption function to strip * off the padding algorithmically and return the unpadded * plaintext to the next layer: it looks at the final byte, and * then expects to find that many bytes at the end of the data * with the same value. Those are all removed and the rest is * returned. */ assert(pos == len); while (pos < outlen) { outblob[pos++] = outlen - len; } /* * Encrypt the key. */ if (passphrase) { /* * Invent an iv. Then derive encryption key from passphrase * and iv/salt: * * - let block A equal MD5(passphrase || iv) * - let block B equal MD5(A || passphrase || iv) * - block C would be MD5(B || passphrase || iv) and so on * - encryption key is the first N bytes of A || B */ struct MD5Context md5c; unsigned char keybuf[32]; for (i = 0; i < 8; i++) iv[i] = random_byte(); MD5Init(&md5c); MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); MD5Update(&md5c, iv, 8); MD5Final(keybuf, &md5c); MD5Init(&md5c); MD5Update(&md5c, keybuf, 16); MD5Update(&md5c, (unsigned char *)passphrase, strlen(passphrase)); MD5Update(&md5c, iv, 8); MD5Final(keybuf+16, &md5c); /* * Now encrypt the key blob. */ des3_encrypt_pubkey_ossh(keybuf, iv, outblob, outlen); memset(&md5c, 0, sizeof(md5c)); memset(keybuf, 0, sizeof(keybuf)); } /* * And save it. We'll use Unix line endings just in case it's * subsequently transferred in binary mode. */ fp = f_open(*filename, "wb"); /* ensure Unix line endings */ if (!fp) goto error; fputs(header, fp); if (passphrase) { fprintf(fp, "Proc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,"); for (i = 0; i < 8; i++) fprintf(fp, "%02X", iv[i]); fprintf(fp, "\n\n"); } base64_encode(fp, outblob, outlen, 64); fputs(footer, fp); fclose(fp); ret = 1; error: if (outblob) { memset(outblob, 0, outlen); sfree(outblob); } if (spareblob) { memset(spareblob, 0, sparelen); sfree(spareblob); } if (privblob) { memset(privblob, 0, privlen); sfree(privblob); } if (pubblob) { memset(pubblob, 0, publen); sfree(pubblob); } return ret;}/* ---------------------------------------------------------------------- * Code to read ssh.com private keys. *//* * The format of the base64 blob is largely ssh2-packet-formatted, * except that mpints are a bit different: they're more like the * old ssh1 mpint. You have a 32-bit bit count N, followed by * (N+7)/8 bytes of data. * * So. The blob contains: * * - uint32 0x3f6ff9eb (magic number) * - uint32 size (total blob size) * - string key-type (see below) * - string cipher-type (tells you if key is encrypted) * - string encrypted-blob * * (The first size field includes the size field itself and the * magic number before it. All other size fields are ordinary ssh2 * strings, so the size field indicates how much data is to * _follow_.) * * The encrypted blob, once decrypted, contains a single string * which in turn contains the payload. (This allows padding to be * added after that string while still making it clear where the * real payload ends. Also it probably makes for a reasonable * decryption check.) * * The payload blob, for an RSA key, contains: * - mpint e * - mpint d * - mpint n (yes, the public and private stuff is intermixed) * - mpint u (presumably inverse of p mod q) * - mpint p (p is the smaller prime) * - mpint q (q is the larger) * * For a DSA key, the payload blob contains: * - uint32 0 * - mpint p * - mpint g * - mpint q * - mpint y * - mpint x * * Alternatively, if the parameters are `predefined', that * (0,p,g,q) sequence can be replaced by a uint32 1 and a string * containing some predefined parameter specification. *shudder*, * but I doubt we'll encounter this in real life. * * The key type strings are ghastly. The RSA key I looked at had a * type string of * * `if-modn{sign{rsa-pkcs1-sha1},encrypt{rsa-pkcs1v2-oaep}}' * * and the DSA key wasn't much better: * * `dl-modp{sign{dsa-nist-sha1},dh{plain}}' * * It isn't clear that these will always be the same. I think it * might be wise just to look at the `if-modn{sign{rsa' and * `dl-modp{sign{dsa' prefixes. * * Finally, the encryption. The cipher-type string appears to be * either `none' or `3des-cbc'. Looks as if this is SSH2-style * 3des-cbc (i.e. outer cbc rather than inner). The key is created * from the passphrase by means of yet another hashing faff: * * - first 16 bytes are MD5(passphrase) * - next 16 bytes are MD5(passphrase || first 16 bytes) * - if there were more, they'd be MD5(passphrase || first 32), * and so on. */#define SSHCOM_MAGIC_NUMBER 0x3f6ff9ebstruct sshcom_key { char comment[256]; /* allowing any length is overkill */ unsigned char *keyblob; int keyblob_len, keyblob_size;};static struct sshcom_key *load_sshcom_key(const Filename *filename){ struct sshcom_key *ret; FILE *fp; char buffer[256]; int len; char *errmsg, *p; int headers_done; char base64_bit[4]; int base64_chars = 0; ret = snew(struct sshcom_key); ret->comment[0] = '\0'; ret->keyblob = NULL; ret->keyblob_len = ret->keyblob_size = 0; fp = f_open(*filename, "r"); if (!fp) { errmsg = "Unable to open key file"; goto error; } if (!fgets(buffer, sizeof(buffer), fp) || 0 != strcmp(buffer, "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----\n")) { errmsg = "File does not begin with ssh.com key header"; goto error; } headers_done = 0; while (1) { if (!fgets(buffer, sizeof(buffer), fp)) { errmsg = "Unexpected end of file"; goto error; } if (!strcmp(buffer, "---- END SSH2 ENCRYPTED PRIVATE KEY ----\n")) break; /* done */ if ((p = strchr(buffer, ':')) != NULL) { if (headers_done) { errmsg = "Header found in body of key data"; goto error; } *p++ = '\0'; while (*p && isspace((unsigned char)*p)) p++; /* * Header lines can end in a trailing backslash for * continuation. */ while ((len = strlen(p)) > (int)(sizeof(buffer) - (p-buffer) -1) || p[len-1] != '\n' || p[len-2] == '\\') { if (len > (int)((p-buffer) + sizeof(buffer)-2)) { errmsg = "Header line too long to deal with"; goto error; } if (!fgets(p+len-2, sizeof(buffer)-(p-buffer)-(len-2), fp)) { errmsg = "Unexpected end of file"; goto error; } } p[strcspn(p, "\n")] = '\0'; if (!strcmp(buffer, "Comment")) { /* Strip quotes in comment if present. */ if (p[0] == '"' && p[strlen(p)-1] == '"') { p++; p[strlen(p)-1] = '\0'; } strncpy(ret->comment, p, sizeof(ret->comment)); ret->comment[sizeof(ret->comment)-1] = '\0'; } } else { headers_done = 1; p = buffer; while (isbase64(*p)) { base64_bit[base64_chars++] = *p; if (base64_chars == 4) { unsigned char out[3]; base64_chars = 0; len = base64_decode_atom(base64_bit, out); if (len <= 0) { errmsg = "Invalid base64 encoding"; goto error; } if (ret->keyblob_len + len > ret->keyblob_size) { ret->keyblob_size = ret->keyblob_len + len + 256; ret->keyblob = sresize(ret->keyblob, ret->keyblob_size, unsigned char); } memcpy(ret->keyblob + ret->keyblob_len, out, len); ret->keyblob_len += len; } p++; } } } if (ret->keyblob_len == 0 || !ret->keyblob) { errmsg = "Key body not present"; goto error; } return ret; error: if (ret) { if (ret->keyblob) { memset(ret->keyblob, 0, ret->keyblob_size); sfree(ret->keyblob); } memset(&ret, 0, sizeof(ret)); sfree(ret); } return NULL;}int sshcom_encrypted(const Filename *filename, char **comment){ struct sshcom_key *key = load_sshcom_key(filename); int pos, len, answer; *comment = NULL; if (!key) return 0; /* * Check magic number. */ if (GET_32BIT(key->keyblob) != 0x3f6ff9eb) return 0; /* key is invalid */ /* * Find the cipher-type string. */ answer = 0; pos = 8; if (key->keyblob_len < pos+4) goto done; /* key is far too short */ pos += 4 + GET_32BIT(key->keyblob + pos); /* skip key type */ if (key->keyblob_len < pos+4) goto done; /* key is far too short */ len = GET_32BIT(key->keyblob + pos); /* find cipher-type length */ if (key->keyblob_len < pos+4+len) goto done; /* cipher type string is incomplete */ if (len != 4 || 0 != memcmp(key->keyblob + pos + 4, "none", 4)) answer = 1; done: *comment = dupstr(key->comment); memset(key->keyblob, 0, key->keyblob_size); sfree(key->keyblob); memset(&key, 0, sizeof(key)); sfree(key); return answer;}static int sshcom_read_mpint(void *data, int len, struct mpint_pos *ret){ int bits; int bytes; unsigned char *d = (unsigned char *) data; if (len < 4) goto error; bits = GET_32BIT(d); bytes = (bits + 7) / 8; if (len < 4+bytes) goto error; ret->start = d + 4; ret->bytes = bytes; return bytes+4; error: ret->start = NULL; ret->bytes = -1; return len; /* ensure further calls fail as well */}static int sshcom_put_mpint(void *target, void *data, int len){ unsigned char *d = (unsigned char *)target; unsigned char *i = (unsigned char *)data; int bits = len * 8 - 1; while (bits > 0) { if (*i & (1 << (bits & 7))) break; if (!(bits-- & 7)) i++, len--; } PUT_32BIT(d, bits+1); memcpy(d+4, i, len); return len+4;}struct ssh2_userkey *sshcom_read(const Filename *filename, char *passphrase){ struct sshcom_key *key = load_sshcom_key(filename); char *errmsg; int pos, len; const char prefix_rsa[] = "if-modn{sign{rsa"; const char prefix_dsa[] = "dl-modp{sign{dsa"; enum { RSA, DSA } type; int encrypted; char *ciphertext; int cipherlen; struct ssh2_userkey *ret = NULL, *retkey; const struct ssh_signkey *alg; unsigned char *blob = NULL; int blobsize = 0, publen, privlen; if (!key) return NULL; /* * Check magic number. */ if (GET_32BIT(key->keyblob) != SSHCOM_MAGIC_NUMBER) { errmsg = "Key does not begin with magic number"; goto error; } /* * Determine the key type. */ pos = 8; if (key->keyblob_len < pos+4 || (len = GET_32BIT(key->keyblob + pos)) > key->keyblob_len - pos - 4) {⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -