зеркало из https://github.com/github/putty.git
Support importing of new-style OpenSSH private keys (encrypted by
AES rather than 3DES). [originally from svn r8916]
This commit is contained in:
Simon Tatham
Родитель
332f233503
Коммит
108791e15c
43
import.c
43
import.c
|
|
@ -308,9 +308,10 @@ static int ssh2_read_mpint(void *data, int len, struct mpint_pos *ret)
|
|||
*/
|
||||
|
||||
enum { OSSH_DSA, OSSH_RSA };
|
||||
enum { OSSH_ENC_3DES, OSSH_ENC_AES };
|
||||
struct openssh_key {
|
||||
int type;
|
||||
int encrypted;
|
||||
int encrypted, encryption;
|
||||
char iv[32];
|
||||
unsigned char *keyblob;
|
||||
int keyblob_len, keyblob_size;
|
||||
|
|
@ -387,21 +388,29 @@ static struct openssh_key *load_openssh_key(const Filename *filename,
|
|||
if (!strcmp(p, "ENCRYPTED"))
|
||||
ret->encrypted = 1;
|
||||
} else if (!strcmp(line, "DEK-Info")) {
|
||||
int i, j;
|
||||
int i, j, ivlen;
|
||||
|
||||
if (strncmp(p, "DES-EDE3-CBC,", 13)) {
|
||||
errmsg = "ciphers other than DES-EDE3-CBC not supported";
|
||||
if (!strncmp(p, "DES-EDE3-CBC,", 13)) {
|
||||
ret->encryption = OSSH_ENC_3DES;
|
||||
ivlen = 8;
|
||||
} else if (!strncmp(p, "AES-128-CBC,", 12)) {
|
||||
ret->encryption = OSSH_ENC_AES;
|
||||
ivlen = 16;
|
||||
} else {
|
||||
errmsg = "unsupported cipher";
|
||||
goto error;
|
||||
}
|
||||
p += 13;
|
||||
for (i = 0; i < 8; i++) {
|
||||
if (1 != sscanf(p, "%2x", &j))
|
||||
break;
|
||||
p = strchr(p, ',') + 1;/* always non-NULL, by above checks */
|
||||
for (i = 0; i < ivlen; i++) {
|
||||
if (1 != sscanf(p, "%2x", &j)) {
|
||||
errmsg = "expected more iv data in DEK-Info";
|
||||
goto error;
|
||||
}
|
||||
ret->iv[i] = j;
|
||||
p += 2;
|
||||
}
|
||||
if (i < 8) {
|
||||
errmsg = "expected 16-digit iv in DEK-Info";
|
||||
if (*p) {
|
||||
errmsg = "more iv data than expected in DEK-Info";
|
||||
goto error;
|
||||
}
|
||||
}
|
||||
|
|
@ -538,8 +547,18 @@ struct ssh2_userkey *openssh_read(const Filename *filename, char *passphrase,
|
|||
/*
|
||||
* Now decrypt the key blob.
|
||||
*/
|
||||
des3_decrypt_pubkey_ossh(keybuf, (unsigned char *)key->iv,
|
||||
key->keyblob, key->keyblob_len);
|
||||
if (key->encryption == OSSH_ENC_3DES)
|
||||
des3_decrypt_pubkey_ossh(keybuf, (unsigned char *)key->iv,
|
||||
key->keyblob, key->keyblob_len);
|
||||
else {
|
||||
void *ctx;
|
||||
assert(key->encryption == OSSH_ENC_AES);
|
||||
ctx = aes_make_context();
|
||||
aes128_key(ctx, keybuf);
|
||||
aes_iv(ctx, (unsigned char *)key->iv);
|
||||
aes_ssh2_decrypt_blk(ctx, key->keyblob, key->keyblob_len);
|
||||
aes_free_context(ctx);
|
||||
}
|
||||
|
||||
memset(&md5c, 0, sizeof(md5c));
|
||||
memset(keybuf, 0, sizeof(keybuf));
|
||||
|
|
|
|||
8
ssh.h
8
ssh.h
|
|
@ -290,6 +290,14 @@ extern const struct ssh_mac ssh_hmac_sha1_buggy;
|
|||
extern const struct ssh_mac ssh_hmac_sha1_96;
|
||||
extern const struct ssh_mac ssh_hmac_sha1_96_buggy;
|
||||
|
||||
void *aes_make_context(void);
|
||||
void aes_free_context(void *handle);
|
||||
void aes128_key(void *handle, unsigned char *key);
|
||||
void aes192_key(void *handle, unsigned char *key);
|
||||
void aes256_key(void *handle, unsigned char *key);
|
||||
void aes_iv(void *handle, unsigned char *iv);
|
||||
void aes_ssh2_encrypt_blk(void *handle, unsigned char *blk, int len);
|
||||
void aes_ssh2_decrypt_blk(void *handle, unsigned char *blk, int len);
|
||||
|
||||
/*
|
||||
* PuTTY version number formatted as an SSH version string.
|
||||
|
|
|
|||
16
sshaes.c
16
sshaes.c
|
|
@ -1097,35 +1097,35 @@ static void aes_sdctr(unsigned char *blk, int len, AESContext *ctx)
|
|||
memcpy(ctx->iv, iv, sizeof(iv));
|
||||
}
|
||||
|
||||
static void *aes_make_context(void)
|
||||
void *aes_make_context(void)
|
||||
{
|
||||
return snew(AESContext);
|
||||
}
|
||||
|
||||
static void aes_free_context(void *handle)
|
||||
void aes_free_context(void *handle)
|
||||
{
|
||||
sfree(handle);
|
||||
}
|
||||
|
||||
static void aes128_key(void *handle, unsigned char *key)
|
||||
void aes128_key(void *handle, unsigned char *key)
|
||||
{
|
||||
AESContext *ctx = (AESContext *)handle;
|
||||
aes_setup(ctx, 16, key, 16);
|
||||
}
|
||||
|
||||
static void aes192_key(void *handle, unsigned char *key)
|
||||
void aes192_key(void *handle, unsigned char *key)
|
||||
{
|
||||
AESContext *ctx = (AESContext *)handle;
|
||||
aes_setup(ctx, 16, key, 24);
|
||||
}
|
||||
|
||||
static void aes256_key(void *handle, unsigned char *key)
|
||||
void aes256_key(void *handle, unsigned char *key)
|
||||
{
|
||||
AESContext *ctx = (AESContext *)handle;
|
||||
aes_setup(ctx, 16, key, 32);
|
||||
}
|
||||
|
||||
static void aes_iv(void *handle, unsigned char *iv)
|
||||
void aes_iv(void *handle, unsigned char *iv)
|
||||
{
|
||||
AESContext *ctx = (AESContext *)handle;
|
||||
int i;
|
||||
|
|
@ -1133,13 +1133,13 @@ static void aes_iv(void *handle, unsigned char *iv)
|
|||
ctx->iv[i] = GET_32BIT_MSB_FIRST(iv + 4 * i);
|
||||
}
|
||||
|
||||
static void aes_ssh2_encrypt_blk(void *handle, unsigned char *blk, int len)
|
||||
void aes_ssh2_encrypt_blk(void *handle, unsigned char *blk, int len)
|
||||
{
|
||||
AESContext *ctx = (AESContext *)handle;
|
||||
aes_encrypt_cbc(blk, len, ctx);
|
||||
}
|
||||
|
||||
static void aes_ssh2_decrypt_blk(void *handle, unsigned char *blk, int len)
|
||||
void aes_ssh2_decrypt_blk(void *handle, unsigned char *blk, int len)
|
||||
{
|
||||
AESContext *ctx = (AESContext *)handle;
|
||||
aes_decrypt_cbc(blk, len, ctx);
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче