diff options
author | Jakub Jelen <jjelen@redhat.com> | 2019-02-04 23:02:15 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-02-07 10:30:05 +0100 |
commit | 128015bb1795898ef83460f0387eacc9b10ed798 (patch) | |
tree | 4cc39f404e38c6481bd9d3075ea2dbdbe591fb05 /src/pki_container_openssh.c | |
parent | 5700477f3e69c261608a14b1b2ff6c17104147fd (diff) | |
download | libssh-128015bb1795898ef83460f0387eacc9b10ed798.tar.gz libssh-128015bb1795898ef83460f0387eacc9b10ed798.tar.xz libssh-128015bb1795898ef83460f0387eacc9b10ed798.zip |
pki_container_openssh: Add padding to be compatible with OpenSSH
OpenSSH has a block size of 8 so we need to always add padding.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/pki_container_openssh.c')
-rw-r--r-- | src/pki_container_openssh.c | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/src/pki_container_openssh.c b/src/pki_container_openssh.c index 2daba150..9119a8bb 100644 --- a/src/pki_container_openssh.c +++ b/src/pki_container_openssh.c @@ -411,7 +411,7 @@ static int pki_openssh_export_privkey_blob(const ssh_key privkey, return SSH_ERROR; } if (privkey->ed25519_privkey == NULL || - privkey->ed25519_pubkey == NULL){ + privkey->ed25519_pubkey == NULL) { return SSH_ERROR; } rc = ssh_buffer_pack(buffer, @@ -444,7 +444,6 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer, char passphrase_buffer[128]; int rc; int i; - uint8_t padding = 1; int cmp; cmp = strcmp(ciphername, "none"); @@ -471,14 +470,6 @@ static int pki_private_key_encrypt(ssh_buffer privkey_buffer, SSH_LOG(SSH_LOG_WARN, "Unsupported KDF %s", kdfname); return SSH_ERROR; } - while (ssh_buffer_get_len(privkey_buffer) % cipher.blocksize != 0) { - rc = ssh_buffer_add_u8(privkey_buffer, padding); - if (rc < 0) { - return SSH_ERROR; - } - padding++; - } - /* We need material for key (keysize bits / 8) and IV (blocksize) */ key_material_len = cipher.keysize/8 + cipher.blocksize; if (key_material_len > sizeof(key_material)){ @@ -555,6 +546,7 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey, int to_encrypt=0; unsigned char *b64; uint32_t str_len, len; + uint8_t padding = 1; int ok; int rc; @@ -605,6 +597,18 @@ ssh_string ssh_pki_openssh_privkey_export(const ssh_key privkey, goto error; } + /* Add padding regardless encryption because it is expected + * by OpenSSH tools. + * XXX Using 16 B as we use only AES cipher below anyway. + */ + while (ssh_buffer_get_len(privkey_buffer) % 16 != 0) { + rc = ssh_buffer_add_u8(privkey_buffer, padding); + if (rc < 0) { + goto error; + } + padding++; + } + if (to_encrypt){ ssh_buffer kdf_buf; |