[u/mdw/putty] / sshpubk.c

/*
 * Generic SSH public-key handling operations. In particular,
 * reading of SSH public-key files, and also the generic `sign'
 * operation for ssh2 (which checks the type of the key and
 * dispatches to the appropriate key-type specific function).
 */

#include <stdio.h>
#include <stdlib.h>

#include "ssh.h"

#define GET_32BIT(cp) \
    (((unsigned long)(unsigned char)(cp)[0] << 24) | \
    ((unsigned long)(unsigned char)(cp)[1] << 16) | \
    ((unsigned long)(unsigned char)(cp)[2] << 8) | \
    ((unsigned long)(unsigned char)(cp)[3]))

#define rsa_signature "SSH PRIVATE KEY FILE FORMAT 1.1\n"

#define BASE64_TOINT(x) ( (x)-'A'<26 ? (x)-'A'+0 :\
                          (x)-'a'<26 ? (x)-'a'+26 :\
                          (x)-'0'<10 ? (x)-'0'+52 :\
                          (x)=='+' ? 62 : \
                          (x)=='/' ? 63 : 0 )

static int loadrsakey_main(FILE *fp, struct RSAKey *key,
                           char **commentptr, char *passphrase) {
    unsigned char buf[16384];
    unsigned char keybuf[16];
    int len;
    int i, j, ciphertype;
    int ret = 0;
    struct MD5Context md5c;
    char *comment;

    /* Slurp the whole file (minus the header) into a buffer. */
    len = fread(buf, 1, sizeof(buf), fp);
    fclose(fp);
    if (len < 0 || len == sizeof(buf))
        goto end;                      /* file too big or not read */

    i = 0;

    /*
     * A zero byte. (The signature includes a terminating NUL.)
     */
    if (len-i < 1 || buf[i] != 0)
        goto end;
    i++;

    /* One byte giving encryption type, and one reserved uint32. */
    if (len-i < 1)
        goto end;
    ciphertype = buf[i];
    if (ciphertype != 0 && ciphertype != SSH_CIPHER_3DES)
        goto end;
    i++;
    if (len-i < 4)
        goto end;                      /* reserved field not present */
    if (buf[i] != 0 || buf[i+1] != 0 || buf[i+2] != 0 || buf[i+3] != 0)
        goto end;                      /* reserved field nonzero, panic! */
    i += 4;

    /* Now the serious stuff. An ordinary SSH 1 public key. */
    i += makekey(buf+i, key, NULL, 1);
    if (len-i < 0)
        goto end;                      /* overran */

    /* Next, the comment field. */
    j = GET_32BIT(buf+i);
    i += 4;
    if (len-i < j) goto end;
    comment = malloc(j+1);
    if (comment) {
        memcpy(comment, buf+i, j);
        comment[j] = '\0';
    }
    i += j;
    if (commentptr)
        *commentptr = comment;
    if (key)
        key->comment = comment;
    if (!key) {
        return ciphertype != 0;
    }

    /*
     * Decrypt remainder of buffer.
     */
    if (ciphertype) {
        MD5Init(&md5c);
        MD5Update(&md5c, passphrase, strlen(passphrase));
        MD5Final(keybuf, &md5c);
        des3_decrypt_pubkey(keybuf, buf+i, (len-i+7)&~7);
        memset(keybuf, 0, sizeof(keybuf));    /* burn the evidence */
    }

    /*
     * We are now in the secret part of the key. The first four
     * bytes should be of the form a, b, a, b.
     */
    if (len-i < 4) goto end;
    if (buf[i] != buf[i+2] || buf[i+1] != buf[i+3]) { ret = -1; goto end; }
    i += 4;

    /*
     * After that, we have one further bignum which is our
     * decryption modulus, and then we're done.
     */
    i += makeprivate(buf+i, key);
    if (len-i < 0) goto end;

    ret = 1;
    end:
    memset(buf, 0, sizeof(buf));       /* burn the evidence */
    return ret;
}

int loadrsakey(char *filename, struct RSAKey *key, char *passphrase) {
    FILE *fp;
    unsigned char buf[64];

    fp = fopen(filename, "rb");
    if (!fp)
        return 0;                      /* doesn't even exist */

    /*
     * Read the first line of the file and see if it's a v1 private
     * key file.
     */
    if (fgets(buf, sizeof(buf), fp) &&
        !strcmp(buf, rsa_signature)) {
        return loadrsakey_main(fp, key, NULL, passphrase);
    }

    /*
     * Otherwise, we have nothing. Return empty-handed.
     */
    fclose(fp);
    return 0;
}

/*
 * See whether an RSA key is encrypted. Return its comment field as
 * well.
 */
int rsakey_encrypted(char *filename, char **comment) {
    FILE *fp;
    unsigned char buf[64];

    fp = fopen(filename, "rb");
    if (!fp)
        return 0;                      /* doesn't even exist */

    /*
     * Read the first line of the file and see if it's a v1 private
     * key file.
     */
    if (fgets(buf, sizeof(buf), fp) &&
        !strcmp(buf, rsa_signature)) {
        return loadrsakey_main(fp, NULL, comment, NULL);
    }
    return 0;                          /* wasn't the right kind of file */
}
Commit	Line	Data
3eca8453	1	/*
a52f067e	2	* Generic SSH public-key handling operations. In particular,
	3	* reading of SSH public-key files, and also the generic `sign'
	4	* operation for ssh2 (which checks the type of the key and
	5	* dispatches to the appropriate key-type specific function).
3eca8453	6	*/
	7
	8	#include <stdio.h>
a52f067e	9	#include <stdlib.h>
3eca8453	10
3eca8453	11	#include "ssh.h"
	12
	13	#define GET_32BIT(cp) \
	14	(((unsigned long)(unsigned char)(cp)[0] << 24) \| \
	15	((unsigned long)(unsigned char)(cp)[1] << 16) \| \
	16	((unsigned long)(unsigned char)(cp)[2] << 8) \| \
	17	((unsigned long)(unsigned char)(cp)[3]))
	18
	19	#define rsa_signature "SSH PRIVATE KEY FILE FORMAT 1.1\n"
	20
a52f067e	21	#define BASE64_TOINT(x) ( (x)-'A'<26 ? (x)-'A'+0 :\
	22	(x)-'a'<26 ? (x)-'a'+26 :\
	23	(x)-'0'<10 ? (x)-'0'+52 :\
	24	(x)=='+' ? 62 : \
	25	(x)=='/' ? 63 : 0 )
	26
	27	static int loadrsakey_main(FILE fp, struct RSAKey key,
	28	char *commentptr, char passphrase) {
3eca8453	29	unsigned char buf[16384];
	30	unsigned char keybuf[16];
	31	int len;
	32	int i, j, ciphertype;
	33	int ret = 0;
	34	struct MD5Context md5c;
a52f067e	35	char *comment;
3eca8453	36
a52f067e	37	/* Slurp the whole file (minus the header) into a buffer. */
3eca8453	38	len = fread(buf, 1, sizeof(buf), fp);
	39	fclose(fp);
	40	if (len < 0 \|\| len == sizeof(buf))
	41	goto end; /* file too big or not read */
	42
a52f067e	43	i = 0;
3eca8453	44
a52f067e	45	/*
	46	* A zero byte. (The signature includes a terminating NUL.)
	47	*/
	48	if (len-i < 1 \|\| buf[i] != 0)
	49	goto end;
	50	i++;
3eca8453	51
a52f067e	52	/* One byte giving encryption type, and one reserved uint32. */
3eca8453	53	if (len-i < 1)
	54	goto end;
	55	ciphertype = buf[i];
	56	if (ciphertype != 0 && ciphertype != SSH_CIPHER_3DES)
	57	goto end;
	58	i++;
	59	if (len-i < 4)
	60	goto end; /* reserved field not present */
	61	if (buf[i] != 0 \|\| buf[i+1] != 0 \|\| buf[i+2] != 0 \|\| buf[i+3] != 0)
	62	goto end; /* reserved field nonzero, panic! */
	63	i += 4;
	64
	65	/* Now the serious stuff. An ordinary SSH 1 public key. */
	66	i += makekey(buf+i, key, NULL, 1);
	67	if (len-i < 0)
	68	goto end; /* overran */
	69
	70	/* Next, the comment field. */
	71	j = GET_32BIT(buf+i);
5c58ad2d	72	i += 4;
5c58ad2d	73	if (len-i < j) goto end;
a52f067e	74	comment = malloc(j+1);
	75	if (comment) {
	76	memcpy(comment, buf+i, j);
	77	comment[j] = '\0';
5c58ad2d	78	}
5c58ad2d	79	i += j;
a52f067e	80	if (commentptr)
	81	*commentptr = comment;
	82	if (key)
	83	key->comment = comment;
	84	if (!key) {
	85	return ciphertype != 0;
	86	}
3eca8453	87
	88	/*
	89	* Decrypt remainder of buffer.
	90	*/
	91	if (ciphertype) {
	92	MD5Init(&md5c);
	93	MD5Update(&md5c, passphrase, strlen(passphrase));
	94	MD5Final(keybuf, &md5c);
	95	des3_decrypt_pubkey(keybuf, buf+i, (len-i+7)&~7);
5c58ad2d	96	memset(keybuf, 0, sizeof(keybuf)); /* burn the evidence */
3eca8453	97	}
	98
	99	/*
	100	* We are now in the secret part of the key. The first four
	101	* bytes should be of the form a, b, a, b.
	102	*/
	103	if (len-i < 4) goto end;
	104	if (buf[i] != buf[i+2] \|\| buf[i+1] != buf[i+3]) { ret = -1; goto end; }
	105	i += 4;
	106
	107	/*
	108	* After that, we have one further bignum which is our
	109	* decryption modulus, and then we're done.
	110	*/
	111	i += makeprivate(buf+i, key);
	112	if (len-i < 0) goto end;
	113
	114	ret = 1;
	115	end:
	116	memset(buf, 0, sizeof(buf)); /* burn the evidence */
	117	return ret;
	118	}
	119
a52f067e	120	int loadrsakey(char filename, struct RSAKey key, char *passphrase) {
3eca8453	121	FILE *fp;
a52f067e	122	unsigned char buf[64];
3eca8453	123
	124	fp = fopen(filename, "rb");
	125	if (!fp)
	126	return 0; /* doesn't even exist */
	127
a52f067e	128	/*
	129	* Read the first line of the file and see if it's a v1 private
	130	* key file.
	131	*/
	132	if (fgets(buf, sizeof(buf), fp) &&
	133	!strcmp(buf, rsa_signature)) {
	134	return loadrsakey_main(fp, key, NULL, passphrase);
	135	}
	136
	137	/*
	138	* Otherwise, we have nothing. Return empty-handed.
	139	*/
3eca8453	140	fclose(fp);
3eca8453	141	return 0;
3eca8453	142	}
a52f067e	143
	144	/*
	145	* See whether an RSA key is encrypted. Return its comment field as
	146	* well.
	147	*/
	148	int rsakey_encrypted(char filename, char *comment) {
	149	FILE *fp;
	150	unsigned char buf[64];
	151
	152	fp = fopen(filename, "rb");
	153	if (!fp)
	154	return 0; /* doesn't even exist */
	155
	156	/*
	157	* Read the first line of the file and see if it's a v1 private
	158	* key file.
	159	*/
	160	if (fgets(buf, sizeof(buf), fp) &&
	161	!strcmp(buf, rsa_signature)) {
	162	return loadrsakey_main(fp, NULL, comment, NULL);
	163	}
	164	return 0; /* wasn't the right kind of file */
	165	}