From 7c302d376c3c31b1d4a311e5813dc3632b387609 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Sun, 7 Aug 2011 17:48:31 +0200 Subject: pki: Move _privatekey_from_file to legacy.c. --- src/pki_gcrypt.c | 366 ------------------------------------------------------- 1 file changed, 366 deletions(-) (limited to 'src/pki_gcrypt.c') diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c index 55a96656..30448c2d 100644 --- a/src/pki_gcrypt.c +++ b/src/pki_gcrypt.c @@ -198,23 +198,6 @@ static int asn1_check_sequence(ssh_buffer buffer) { return 1; } -static int read_line(char *data, unsigned int len, FILE *fp) { - char tmp; - unsigned int i; - - for (i = 0; fread(&tmp, 1, 1, fp) && tmp != '\n' && i < len; data[i++] = tmp) - ; - if (tmp == '\n') { - return i; - } - - if (i >= len) { - return -1; - } - - return 0; -} - static int passphrase_to_key(char *data, unsigned int datalen, unsigned char *salt, unsigned char *key, unsigned int keylen) { MD5CTX md; @@ -488,117 +471,6 @@ static ssh_buffer privatekey_string_to_buffer(const char *pkey, int type, return out; } -static ssh_buffer privatekey_file_to_buffer(FILE *fp, int type, - ssh_auth_callback cb, void *userdata, const char *desc) { - ssh_buffer buffer = NULL; - ssh_buffer out = NULL; - char buf[MAXLINESIZE] = {0}; - unsigned char *iv = NULL; - const char *header_begin; - const char *header_end; - unsigned int header_begin_size; - unsigned int header_end_size; - unsigned int key_len = 0; - unsigned int iv_len = 0; - int algo = 0; - int mode = 0; - int len; - - buffer = ssh_buffer_new(); - if (buffer == NULL) { - return NULL; - } - - switch(type) { - case SSH_KEYTYPE_DSS: - header_begin = DSA_HEADER_BEGIN; - header_end = DSA_HEADER_END; - break; - case SSH_KEYTYPE_RSA: - header_begin = RSA_HEADER_BEGIN; - header_end = RSA_HEADER_END; - break; - default: - ssh_buffer_free(buffer); - return NULL; - } - - header_begin_size = strlen(header_begin); - header_end_size = strlen(header_end); - - while (read_line(buf, MAXLINESIZE, fp) && - strncmp(buf, header_begin, header_begin_size)) - ; - - len = read_line(buf, MAXLINESIZE, fp); - if (len > 11 && strncmp("Proc-Type: 4,ENCRYPTED", buf, 11) == 0) { - len = read_line(buf, MAXLINESIZE, fp); - if (len > 10 && strncmp("DEK-Info: ", buf, 10) == 0) { - if (privatekey_dek_header(buf + 10, len - 10, &algo, &mode, &key_len, - &iv, &iv_len) < 0) { - ssh_buffer_free(buffer); - SAFE_FREE(iv); - return NULL; - } - } else { - ssh_buffer_free(buffer); - SAFE_FREE(iv); - return NULL; - } - } else { - if (buffer_add_data(buffer, buf, len) < 0) { - ssh_buffer_free(buffer); - SAFE_FREE(iv); - return NULL; - } - } - - while ((len = read_line(buf,MAXLINESIZE,fp)) && - strncmp(buf, header_end, header_end_size) != 0) { - if (len == -1) { - ssh_buffer_free(buffer); - SAFE_FREE(iv); - return NULL; - } - if (buffer_add_data(buffer, buf, len) < 0) { - ssh_buffer_free(buffer); - SAFE_FREE(iv); - return NULL; - } - } - - if (strncmp(buf,header_end,header_end_size) != 0) { - ssh_buffer_free(buffer); - SAFE_FREE(iv); - return NULL; - } - - if (buffer_add_data(buffer, "\0", 1) < 0) { - ssh_buffer_free(buffer); - SAFE_FREE(iv); - return NULL; - } - - out = base64_to_bin(ssh_buffer_get_begin(buffer)); - ssh_buffer_free(buffer); - if (out == NULL) { - SAFE_FREE(iv); - return NULL; - } - - if (algo) { - if (privatekey_decrypt(algo, mode, key_len, iv, iv_len, out, - cb, userdata, desc) < 0) { - ssh_buffer_free(out); - SAFE_FREE(iv); - return NULL; - } - } - SAFE_FREE(iv); - - return out; -} - static int b64decode_rsa_privatekey(const char *pkey, gcry_sexp_t *r, ssh_auth_callback cb, void *userdata, const char *desc) { ssh_string n = NULL; @@ -671,138 +543,6 @@ error: return rc; } -static int read_rsa_privatekey(FILE *fp, gcry_sexp_t *r, - ssh_auth_callback cb, void *userdata, const char *desc) { - ssh_string n = NULL; - ssh_string e = NULL; - ssh_string d = NULL; - ssh_string p = NULL; - ssh_string q = NULL; - ssh_string unused1 = NULL; - ssh_string unused2 = NULL; - ssh_string u = NULL; - ssh_string v = NULL; - ssh_buffer buffer = NULL; - int rc = 1; - - buffer = privatekey_file_to_buffer(fp, SSH_KEYTYPE_RSA, cb, userdata, desc); - if (buffer == NULL) { - return 0; - } - - if (!asn1_check_sequence(buffer)) { - ssh_buffer_free(buffer); - return 0; - } - - v = asn1_get_int(buffer); - if (ntohl(v->size) != 1 || v->string[0] != 0) { - ssh_buffer_free(buffer); - return 0; - } - - n = asn1_get_int(buffer); - e = asn1_get_int(buffer); - d = asn1_get_int(buffer); - q = asn1_get_int(buffer); - p = asn1_get_int(buffer); - unused1 = asn1_get_int(buffer); - unused2 = asn1_get_int(buffer); - u = asn1_get_int(buffer); - - ssh_buffer_free(buffer); - - if (n == NULL || e == NULL || d == NULL || p == NULL || q == NULL || - unused1 == NULL || unused2 == NULL|| u == NULL) { - rc = 0; - goto error; - } - - if (gcry_sexp_build(r, NULL, - "(private-key(rsa(n %b)(e %b)(d %b)(p %b)(q %b)(u %b)))", - ntohl(n->size), n->string, - ntohl(e->size), e->string, - ntohl(d->size), d->string, - ntohl(p->size), p->string, - ntohl(q->size), q->string, - ntohl(u->size), u->string)) { - rc = 0; - } - -error: - ssh_string_free(n); - ssh_string_free(e); - ssh_string_free(d); - ssh_string_free(p); - ssh_string_free(q); - ssh_string_free(unused1); - ssh_string_free(unused2); - ssh_string_free(u); - ssh_string_free(v); - - return rc; -} - -static int read_dsa_privatekey(FILE *fp, gcry_sexp_t *r, ssh_auth_callback cb, - void *userdata, const char *desc) { - ssh_buffer buffer = NULL; - ssh_string p = NULL; - ssh_string q = NULL; - ssh_string g = NULL; - ssh_string y = NULL; - ssh_string x = NULL; - ssh_string v = NULL; - int rc = 1; - - buffer = privatekey_file_to_buffer(fp, SSH_KEYTYPE_DSS, cb, userdata, desc); - if (buffer == NULL) { - return 0; - } - - if (!asn1_check_sequence(buffer)) { - ssh_buffer_free(buffer); - return 0; - } - - v = asn1_get_int(buffer); - if (ntohl(v->size) != 1 || v->string[0] != 0) { - ssh_buffer_free(buffer); - return 0; - } - - p = asn1_get_int(buffer); - q = asn1_get_int(buffer); - g = asn1_get_int(buffer); - y = asn1_get_int(buffer); - x = asn1_get_int(buffer); - ssh_buffer_free(buffer); - - if (p == NULL || q == NULL || g == NULL || y == NULL || x == NULL) { - rc = 0; - goto error; - } - - if (gcry_sexp_build(r, NULL, - "(private-key(dsa(p %b)(q %b)(g %b)(y %b)(x %b)))", - ntohl(p->size), p->string, - ntohl(q->size), q->string, - ntohl(g->size), g->string, - ntohl(y->size), y->string, - ntohl(x->size), x->string)) { - rc = 0; - } - -error: - ssh_string_free(p); - ssh_string_free(q); - ssh_string_free(g); - ssh_string_free(y); - ssh_string_free(x); - ssh_string_free(v); - - return rc; -} - static int b64decode_dsa_privatekey(const char *pkey, gcry_sexp_t *r, ssh_auth_callback cb, void *userdata, const char *desc) { ssh_buffer buffer = NULL; @@ -1138,112 +878,6 @@ enum ssh_keytypes_e ssh_privatekey_type(ssh_private_key privatekey){ return privatekey->type; } -/* same that privatekey_from_file() but without any passphrase things. */ -ssh_private_key _privatekey_from_file(void *session, const char *filename, - int type) { - ssh_private_key privkey = NULL; -#ifdef HAVE_LIBGCRYPT - FILE *file = NULL; - gcry_sexp_t dsa = NULL; - gcry_sexp_t rsa = NULL; - int valid; -#elif defined HAVE_LIBCRYPTO - DSA *dsa = NULL; - RSA *rsa = NULL; - BIO *bio = NULL; -#endif - -#ifdef HAVE_LIBGCRYPT - file = fopen(filename,"r"); - if (file == NULL) { - ssh_set_error(session, SSH_REQUEST_DENIED, - "Error opening %s: %s", filename, strerror(errno)); - return NULL; - } -#elif defined HAVE_LIBCRYPTO - bio = BIO_new_file(filename,"r"); - if (bio == NULL) { - ssh_set_error(session, SSH_FATAL, "Could not create BIO."); - return NULL; - } -#endif - - switch (type) { - case SSH_KEYTYPE_DSS: -#ifdef HAVE_LIBGCRYPT - valid = read_dsa_privatekey(file, &dsa, NULL, NULL, NULL); - - fclose(file); - - if (!valid) { - ssh_set_error(session, SSH_FATAL, "Parsing private key %s", filename); -#elif defined HAVE_LIBCRYPTO - dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL); - - BIO_free(bio); - - if (dsa == NULL) { - ssh_set_error(session, SSH_FATAL, - "Parsing private key %s: %s", - filename, ERR_error_string(ERR_get_error(), NULL)); -#else - { -#endif - return NULL; - } - break; - case SSH_KEYTYPE_RSA: -#ifdef HAVE_LIBGCRYPT - valid = read_rsa_privatekey(file, &rsa, NULL, NULL, NULL); - - fclose(file); - - if (!valid) { - ssh_set_error(session, SSH_FATAL, "Parsing private key %s", filename); -#elif defined HAVE_LIBCRYPTO - rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL); - - BIO_free(bio); - - if (rsa == NULL) { - ssh_set_error(session, SSH_FATAL, - "Parsing private key %s: %s", - filename, ERR_error_string(ERR_get_error(), NULL)); -#else - { -#endif - return NULL; - } - break; - default: -#ifdef HAVE_LIBGCRYPT - fclose(file); -#elif defined HAVE_LIBCRYPTO - BIO_free(bio); -#endif - ssh_set_error(session, SSH_FATAL, "Invalid private key type %d", type); - return NULL; - } - - privkey = malloc(sizeof(struct ssh_private_key_struct)); - if (privkey == NULL) { -#ifdef HAVE_LIBGCRYPT - gcry_sexp_release(dsa); - gcry_sexp_release(rsa); -#elif defined HAVE_LIBCRYPTO - DSA_free(dsa); - RSA_free(rsa); -#endif - return NULL; - } - - privkey->type = type; - privkey->dsa_priv = dsa; - privkey->rsa_priv = rsa; - - return privkey; -} - /** * @brief Deallocate a private key object. * -- cgit v1.2.3