svnno****@sourc*****
svnno****@sourc*****
2014年 3月 12日 (水) 00:07:31 JST
Tera TermRevision: 5531
http://sourceforge.jp/projects/ttssh2/scm/svn/commits/5531
Author: yutakapon
Date: 2014-03-12 00:07:30 +0900 (Wed, 12 Mar 2014)
Log Message:
-----------
ED25519 秘密鍵のファイル読み込み処理の更新。
まだ、途中です。
Modified Paths:
--------------
branches/ssh_ed25519/ttssh2/ttxssh/buffer.c
branches/ssh_ed25519/ttssh2/ttxssh/keyfiles.c
-------------- next part --------------
Modified: branches/ssh_ed25519/ttssh2/ttxssh/buffer.c
===================================================================
--- branches/ssh_ed25519/ttssh2/ttxssh/buffer.c 2014-03-11 12:49:21 UTC (rev 5530)
+++ branches/ssh_ed25519/ttssh2/ttxssh/buffer.c 2014-03-11 15:07:30 UTC (rev 5531)
@@ -499,26 +499,22 @@
// \x83o\x83b\x83t\x83@\x82̃I\x83t\x83Z\x83b\x83g\x82\xF0\x90i\x82߂\xE9\x81B
void buffer_consume(buffer_t *buf, int shift_byte)
{
- int n;
-
- n = buf->offset + shift_byte;
- if (n < buf->maxlen) {
- buf->offset += shift_byte;
- } else {
+ if (shift_byte > buf->len - buf->offset) {
// TODO: fatal error
+ } else {
+ buf->offset += shift_byte;
+ // len\x82͕ς\xA6\x82Ȃ\xA2\x81B
}
}
// \x83o\x83b\x83t\x83@\x82̖\x96\x94\xF6\x82\xF0\x8Fk\x91ނ\xB7\x82\xE9\x81B
void buffer_consume_end(buffer_t *buf, int shift_byte)
{
- int n;
-
- n = buf->offset - shift_byte;
- if (n >= 0) {
- buf->offset -= shift_byte;
- } else {
+ if (shift_byte > buf->len - buf->offset) {
// TODO: fatal error
+ } else {
+ buf->len -= shift_byte;
+ // offset\x82͕ς\xA6\x82Ȃ\xA2\x81B
}
}
Modified: branches/ssh_ed25519/ttssh2/ttxssh/keyfiles.c
===================================================================
--- branches/ssh_ed25519/ttssh2/ttxssh/keyfiles.c 2014-03-11 12:49:21 UTC (rev 5530)
+++ branches/ssh_ed25519/ttssh2/ttxssh/keyfiles.c 2014-03-11 15:07:30 UTC (rev 5531)
@@ -352,27 +352,34 @@
char *errmsg,
int errmsg_len)
{
+ /* (A)
+ * buffer_consume\x8Cn\x8A\x94\x82\xF0\x8Eg\x82\xA4\x8Fꍇ\x82́Abuffer_len\x82\xC6buffer_ptr\x82\xAA\x8Eg\x82\xA6\x82Ȃ\xA2\x82̂ŁA
+ * buffer_len -> buffer_remain_len
+ * buffer_ptr -> buffer_tail_ptr
+ * \x82\xF0\x91\xE3\x91֎g\x97p\x82\xB7\x82邱\x82ƁB
+ */
buffer_t *blob = NULL;
buffer_t *b = NULL;
buffer_t *kdf = NULL;
buffer_t *encoded = NULL;
- buffer_t *copy = NULL;
- Key *key = NULL;
+ buffer_t *copy_consumed = NULL; // (A)
+ Key *keyfmt = NULL;
unsigned char buf[1024];
unsigned char *cp, last;
- char *ciphername = NULL, *kdfname = NULL, *kdfp = NULL;
- unsigned int len, klen, nkeys, blocksize;
+ char *ciphername = NULL, *kdfname = NULL, *kdfp = NULL, *key = NULL, *salt = NULL;
+ unsigned int len, klen, nkeys, blocksize, keylen, ivlen, slen, rounds;
unsigned int check1, check2, m1len, m2len;
int dlen;
SSHCipher ciphernameval;
size_t authlen;
+ EVP_CIPHER_CTX cipher_ctx;
blob = buffer_init();
b = buffer_init();
kdf = buffer_init();
encoded = buffer_init();
- copy = buffer_init();
- if (blob == NULL || b == NULL || kdf == NULL || encoded == NULL || copy == NULL)
+ copy_consumed = buffer_init();
+ if (blob == NULL || b == NULL || kdf == NULL || encoded == NULL || copy_consumed == NULL)
goto error;
// \x83t\x83@\x83C\x83\x8B\x82\xF0\x82\xB7\x82ׂēǂݍ\x9E\x82\xDE
@@ -417,7 +424,7 @@
// \x83t\x83@\x83C\x83\x8B\x82̃X\x83L\x83\x83\x83\x93\x82\xAA\x8FI\x82\xED\x82\xC1\x82\xBD\x82̂ŁAuudecode\x82\xB7\x82\xE9\x81B
len = buffer_len(encoded);
- if ((cp = buffer_append_space(copy, len)) == NULL) {
+ if ((cp = buffer_append_space(copy_consumed, len)) == NULL) {
//error("%s: buffer_append_space", __func__);
goto error;
}
@@ -430,19 +437,19 @@
goto error;
}
- buffer_consume_end(copy, len - dlen);
- if (buffer_len(copy) < sizeof(AUTH_MAGIC) ||
- memcmp(buffer_ptr(copy), AUTH_MAGIC, sizeof(AUTH_MAGIC))) {
+ buffer_consume_end(copy_consumed, len - dlen);
+ if (buffer_remain_len(copy_consumed) < sizeof(AUTH_MAGIC) ||
+ memcmp(buffer_tail_ptr(copy_consumed), AUTH_MAGIC, sizeof(AUTH_MAGIC))) {
//error("%s: bad magic", __func__);
goto error;
}
- buffer_consume(copy, sizeof(AUTH_MAGIC));
+ buffer_consume(copy_consumed, sizeof(AUTH_MAGIC));
/*
* \x83f\x83R\x81[\x83h\x82\xB5\x82\xBD\x83f\x81[\x83^\x82\xF0\x89\xF0\x90͂\xB7\x82\xE9\x81B
*/
// \x88Í\x86\x89\xBB\x83A\x83\x8B\x83S\x83\x8A\x83Y\x83\x80\x82̖\xBC\x91O
- ciphername = buffer_get_string_msg(copy, NULL);
+ ciphername = buffer_get_string_msg(copy_consumed, NULL);
ciphernameval = get_cipher_by_name(ciphername);
if (ciphernameval == SSH_CIPHER_NONE) {
//error("%s: unknown cipher name", __func__);
@@ -454,14 +461,14 @@
goto error;
}
- kdfname = buffer_get_string_msg(copy, NULL);
+ kdfname = buffer_get_string_msg(copy_consumed, NULL);
if (kdfname == NULL || strcmp(kdfname, KDFNAME) != 0) {
//error("%s: unknown kdf name", __func__);
goto error;
}
/* kdf options */
- kdfp = buffer_get_string_msg(copy, &klen);
+ kdfp = buffer_get_string_msg(copy_consumed, &klen);
if (kdfp == NULL) {
//error("%s: kdf options not set", __func__);
goto error;
@@ -475,7 +482,7 @@
}
/* number of keys */
- if (buffer_get_int_ret(&nkeys, copy) < 0) {
+ if (buffer_get_int_ret(&nkeys, copy_consumed) < 0) {
//error("%s: key counter missing", __func__);
goto error;
}
@@ -485,7 +492,7 @@
}
/* pubkey */
- cp = buffer_get_string_msg(copy, &len);
+ cp = buffer_get_string_msg(copy_consumed, &len);
if (cp == NULL) {
//error("%s: pubkey not found", __func__);
goto error;
@@ -493,7 +500,7 @@
free(cp); /* XXX check pubkey against decrypted private key */
/* size of encrypted key blob */
- len = buffer_get_int(copy);
+ len = buffer_get_int(copy_consumed);
blocksize = get_cipher_block_size(ciphernameval);
authlen = 0; // TODO: \x82Ƃ肠\x82\xA6\x82\xB8\x8CŒ艻
if (len < blocksize) {
@@ -505,28 +512,76 @@
goto error;
}
-#if 0
/* setup key */
- keylen = cipher_keylen(c);
- ivlen = cipher_ivlen(c);
- key = xcalloc(1, keylen + ivlen);
- if (!strcmp(kdfname, "bcrypt")) {
- if ((salt = buffer_get_string_ret(&kdf, &slen)) == NULL) {
- error("%s: salt not set", __func__);
- goto out;
+ keylen = get_cipher_key_len(ciphernameval);
+ ivlen = blocksize;
+ key = calloc(1, keylen + ivlen);
+ if (!strcmp(kdfname, KDFNAME)) {
+ salt = buffer_get_string_msg(kdf, &slen);
+ if (salt == NULL) {
+ //error("%s: salt not set", __func__);
+ goto error;
}
- if (buffer_get_int_ret(&rounds, &kdf) < 0) {
- error("%s: rounds not set", __func__);
- goto out;
- }
+ rounds = buffer_get_int(kdf);
+ // TODO: error check
if (bcrypt_pbkdf(passphrase, strlen(passphrase), salt, slen,
key, keylen + ivlen, rounds) < 0) {
- error("%s: bcrypt_pbkdf failed", __func__);
+ //error("%s: bcrypt_pbkdf failed", __func__);
+ goto error;
+ }
+ }
+
+ // \x95\x9C\x8D\x86\x89\xBB
+ cp = buffer_append_space(b, len);
+ cipher_init_SSH2(&cipher_ctx, key, keylen, key + keylen, ivlen, CIPHER_DECRYPT,
+ get_cipher_EVP_CIPHER(ciphernameval), 0, pvar);
+ if (EVP_Cipher(&cipher_ctx, cp, buffer_tail_ptr(copy_consumed), len) == 0) {
+ cipher_cleanup_SSH2(&cipher_ctx);
+ goto error;
+ }
+ cipher_cleanup_SSH2(&cipher_ctx);
+ buffer_consume(copy_consumed, len);
+
+ if (buffer_remain_len(copy_consumed) != 0) {
+ //error("%s: key blob has trailing data (len = %u)", __func__,
+ // buffer_len(©));
+ goto error;
+ }
+
+ /* check bytes */
+ if (buffer_get_int_ret(&check1, b) < 0 ||
+ buffer_get_int_ret(&check2, b) < 0) {
+ //error("check bytes missing");
+ goto error;
+ }
+ if (check1 != check2) {
+ //debug("%s: decrypt failed: 0x%08x != 0x%08x", __func__,
+ // check1, check2);
+ goto error;
+ }
+
+#if 0
+ keyfmt = key_private_deserialize(&b);
+
+ /* comment */
+ comment = buffer_get_cstring_ret(&b, NULL);
+
+ i = 0;
+ while (buffer_len(&b)) {
+ if (buffer_get_char_ret(&pad, &b) == -1 ||
+ pad != (++i & 0xff)) {
+ error("%s: bad padding", __func__);
+ key_free(k);
+ k = NULL;
goto out;
}
}
+
+ if (k && commentp) {
+ *commentp = comment;
+ comment = NULL;
+ }
#endif
-
/* success */
@@ -535,14 +590,16 @@
buffer_free(b);
buffer_free(kdf);
buffer_free(encoded);
- buffer_free(copy);
+ buffer_free(copy_consumed);
free(ciphername);
free(kdfname);
free(kdfp);
+ free(key);
+ free(salt);
// ED25519 \x82ł͂Ȃ\xA9\x82\xC1\x82\xBD
- if (key == NULL) {
+ if (keyfmt == NULL) {
fseek(fp, 0, SEEK_SET);
} else {
@@ -550,7 +607,7 @@
}
- return (key);
+ return (keyfmt);
}