version 1.19, 2000/09/07 20:27:49 |
version 1.20, 2000/10/11 20:27:23 |
|
|
#include "xmalloc.h" |
#include "xmalloc.h" |
#include "buffer.h" |
#include "buffer.h" |
#include "bufaux.h" |
#include "bufaux.h" |
#include "cipher.h" |
|
#include "ssh.h" |
#include "ssh.h" |
#include "key.h" |
#include "key.h" |
|
|
|
|
Buffer buffer, encrypted; |
Buffer buffer, encrypted; |
char buf[100], *cp; |
char buf[100], *cp; |
int fd, i; |
int fd, i; |
CipherContext cipher; |
CipherContext ciphercontext; |
int cipher_type; |
Cipher *cipher; |
u_int32_t rand; |
u_int32_t rand; |
|
|
/* |
/* |
|
|
* to another cipher; otherwise use SSH_AUTHFILE_CIPHER. |
* to another cipher; otherwise use SSH_AUTHFILE_CIPHER. |
*/ |
*/ |
if (strcmp(passphrase, "") == 0) |
if (strcmp(passphrase, "") == 0) |
cipher_type = SSH_CIPHER_NONE; |
cipher = cipher_by_number(SSH_CIPHER_NONE); |
else |
else |
cipher_type = SSH_AUTHFILE_CIPHER; |
cipher = cipher_by_number(SSH_AUTHFILE_CIPHER); |
|
if (cipher == NULL) |
|
fatal("save_private_key_rsa: bad cipher"); |
|
|
/* This buffer is used to built the secret part of the private key. */ |
/* This buffer is used to built the secret part of the private key. */ |
buffer_init(&buffer); |
buffer_init(&buffer); |
|
|
buffer_put_char(&encrypted, 0); |
buffer_put_char(&encrypted, 0); |
|
|
/* Store cipher type. */ |
/* Store cipher type. */ |
buffer_put_char(&encrypted, cipher_type); |
buffer_put_char(&encrypted, cipher->number); |
buffer_put_int(&encrypted, 0); /* For future extension */ |
buffer_put_int(&encrypted, 0); /* For future extension */ |
|
|
/* Store public key. This will be in plain text. */ |
/* Store public key. This will be in plain text. */ |
|
|
/* Allocate space for the private part of the key in the buffer. */ |
/* Allocate space for the private part of the key in the buffer. */ |
buffer_append_space(&encrypted, &cp, buffer_len(&buffer)); |
buffer_append_space(&encrypted, &cp, buffer_len(&buffer)); |
|
|
cipher_set_key_string(&cipher, cipher_type, passphrase); |
cipher_set_key_string(&ciphercontext, cipher, passphrase); |
cipher_encrypt(&cipher, (unsigned char *) cp, |
cipher_encrypt(&ciphercontext, (unsigned char *) cp, |
(unsigned char *) buffer_ptr(&buffer), |
(unsigned char *) buffer_ptr(&buffer), buffer_len(&buffer)); |
buffer_len(&buffer)); |
memset(&ciphercontext, 0, sizeof(ciphercontext)); |
memset(&cipher, 0, sizeof(cipher)); |
|
|
|
/* Destroy temporary data. */ |
/* Destroy temporary data. */ |
memset(buf, 0, sizeof(buf)); |
memset(buf, 0, sizeof(buf)); |
|
|
off_t len; |
off_t len; |
Buffer buffer, decrypted; |
Buffer buffer, decrypted; |
char *cp; |
char *cp; |
CipherContext cipher; |
CipherContext ciphercontext; |
|
Cipher *cipher; |
BN_CTX *ctx; |
BN_CTX *ctx; |
BIGNUM *aux; |
BIGNUM *aux; |
|
|
|
|
xfree(buffer_get_string(&buffer, NULL)); |
xfree(buffer_get_string(&buffer, NULL)); |
|
|
/* Check that it is a supported cipher. */ |
/* Check that it is a supported cipher. */ |
if (((cipher_mask1() | SSH_CIPHER_NONE | SSH_AUTHFILE_CIPHER) & |
cipher = cipher_by_number(cipher_type); |
(1 << cipher_type)) == 0) { |
if (cipher == NULL) { |
debug("Unsupported cipher %.100s used in key file %.200s.", |
debug("Unsupported cipher %d used in key file %.200s.", |
cipher_name(cipher_type), filename); |
cipher_type, filename); |
buffer_free(&buffer); |
buffer_free(&buffer); |
goto fail; |
goto fail; |
} |
} |
|
|
buffer_append_space(&decrypted, &cp, buffer_len(&buffer)); |
buffer_append_space(&decrypted, &cp, buffer_len(&buffer)); |
|
|
/* Rest of the buffer is encrypted. Decrypt it using the passphrase. */ |
/* Rest of the buffer is encrypted. Decrypt it using the passphrase. */ |
cipher_set_key_string(&cipher, cipher_type, passphrase); |
cipher_set_key_string(&ciphercontext, cipher, passphrase); |
cipher_decrypt(&cipher, (unsigned char *) cp, |
cipher_decrypt(&ciphercontext, (unsigned char *) cp, |
(unsigned char *) buffer_ptr(&buffer), |
(unsigned char *) buffer_ptr(&buffer), buffer_len(&buffer)); |
buffer_len(&buffer)); |
memset(&ciphercontext, 0, sizeof(ciphercontext)); |
|
|
buffer_free(&buffer); |
buffer_free(&buffer); |
|
|
check1 = buffer_get_char(&decrypted); |
check1 = buffer_get_char(&decrypted); |