diff options
author | Jakub Jelen <jjelen@redhat.com> | 2019-02-04 23:02:15 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-02-07 13:53:03 +0100 |
commit | e69fb89e98b769ef76525ec10bca4fd81dd17431 (patch) | |
tree | aa52a70553efa9093fbd517d7bd06dab282adc83 | |
parent | f9beb3c690ab737d22f79af4d5036ec5e8d43420 (diff) | |
download | libssh-e69fb89e98b769ef76525ec10bca4fd81dd17431.tar.gz libssh-e69fb89e98b769ef76525ec10bca4fd81dd17431.tar.xz libssh-e69fb89e98b769ef76525ec10bca4fd81dd17431.zip |
pki_container_openssh: Add padding to be compatible with OpenSSH
OpenSSH has a block size of 8 so we need to always add padding.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 128015bb1795898ef83460f0387eacc9b10ed798)
-rw-r--r-- | src/pki_container_openssh.c | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/src/pki_container_openssh.c b/src/pki_container_openssh.c index a287d71d..3ef54f83 100644 --- a/src/pki_container_openssh.c +++ b/src/pki_container_openssh.c @@ -409,7 +409,7 @@ static int pki_openssh_export_privkey_blob(const ssh_key privkey, return SSH_ERROR; } if (privkey->ed25519_privkey == NULL || - privkey->ed25519_pubkey == NULL){ + privkey->ed25519_pubkey == NULL) { return SSH_ERROR; } rc = ssh_buffer_pack(buffer, @@ -442,7 +442,6 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer, char passphrase_buffer[128]; int rc; int i; - uint8_t padding = 1; int cmp; cmp = strcmp(ciphername, "none"); @@ -469,14 +468,6 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer, SSH_LOG(SSH_LOG_WARN, "Unsupported KDF %s", kdfname); return SSH_ERROR; } - while (ssh_buffer_get_len(privkey_buffer) % cipher.blocksize != 0) { - rc = ssh_buffer_add_u8(privkey_buffer, padding); - if (rc < 0) { - return SSH_ERROR; - } - padding++; - } - /* We need material for key (keysize bits / 8) and IV (blocksize) */ key_material_len = cipher.keysize/8 + cipher.blocksize; if (key_material_len > sizeof(key_material)){ @@ -553,6 +544,7 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey, int to_encrypt=0; unsigned char *b64; uint32_t str_len, len; + uint8_t padding = 1; int ok; int rc; @@ -603,6 +595,18 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey, goto error; } + /* Add padding regardless encryption because it is expected + * by OpenSSH tools. + * XXX Using 16 B as we use only AES cipher below anyway. + */ + while (ssh_buffer_get_len(privkey_buffer) % 16 != 0) { + rc = ssh_buffer_add_u8(privkey_buffer, padding); + if (rc < 0) { + goto error; + } + padding++; + } + if (to_encrypt){ ssh_buffer kdf_buf; |