2 * Generic SSH public-key handling operations. In particular,
3 * reading of SSH public-key files, and also the generic `sign'
4 * operation for ssh2 (which checks the type of the key and
5 * dispatches to the appropriate key-type specific function).
11 #include <stdarg.h> /* FIXME */
12 #include <windows.h> /* FIXME */
17 #define GET_32BIT(cp) \
18 (((unsigned long)(unsigned char)(cp)[0] << 24) | \
19 ((unsigned long)(unsigned char)(cp)[1] << 16) | \
20 ((unsigned long)(unsigned char)(cp)[2] << 8) | \
21 ((unsigned long)(unsigned char)(cp)[3]))
23 #define rsa_signature "SSH PRIVATE KEY FILE FORMAT 1.1\n"
24 #define dss_signature "-----BEGIN DSA PRIVATE KEY-----\n"
26 #define BASE64_TOINT(x) ( (x)-'A'<26 ? (x)-'A'+0 :\
27 (x)-'a'<26 ? (x)-'a'+26 :\
28 (x)-'0'<10 ? (x)-'0'+52 :\
32 static int loadrsakey_main(FILE *fp
, struct RSAKey
*key
,
33 char **commentptr
, char *passphrase
) {
34 unsigned char buf
[16384];
35 unsigned char keybuf
[16];
39 struct MD5Context md5c
;
42 /* Slurp the whole file (minus the header) into a buffer. */
43 len
= fread(buf
, 1, sizeof(buf
), fp
);
45 if (len
< 0 || len
== sizeof(buf
))
46 goto end
; /* file too big or not read */
51 * A zero byte. (The signature includes a terminating NUL.)
53 if (len
-i
< 1 || buf
[i
] != 0)
57 /* One byte giving encryption type, and one reserved uint32. */
61 if (ciphertype
!= 0 && ciphertype
!= SSH_CIPHER_3DES
)
65 goto end
; /* reserved field not present */
66 if (buf
[i
] != 0 || buf
[i
+1] != 0 || buf
[i
+2] != 0 || buf
[i
+3] != 0)
67 goto end
; /* reserved field nonzero, panic! */
70 /* Now the serious stuff. An ordinary SSH 1 public key. */
71 i
+= makekey(buf
+i
, key
, NULL
, 1);
73 goto end
; /* overran */
75 /* Next, the comment field. */
78 if (len
-i
< j
) goto end
;
79 comment
= malloc(j
+1);
81 memcpy(comment
, buf
+i
, j
);
86 *commentptr
= comment
;
88 key
->comment
= comment
;
90 return ciphertype
!= 0;
94 * Decrypt remainder of buffer.
98 MD5Update(&md5c
, passphrase
, strlen(passphrase
));
99 MD5Final(keybuf
, &md5c
);
100 des3_decrypt_pubkey(keybuf
, buf
+i
, (len
-i
+7)&~7);
101 memset(keybuf
, 0, sizeof(keybuf
)); /* burn the evidence */
105 * We are now in the secret part of the key. The first four
106 * bytes should be of the form a, b, a, b.
108 if (len
-i
< 4) goto end
;
109 if (buf
[i
] != buf
[i
+2] || buf
[i
+1] != buf
[i
+3]) { ret
= -1; goto end
; }
113 * After that, we have one further bignum which is our
114 * decryption modulus, and then we're done.
116 i
+= makeprivate(buf
+i
, key
);
117 if (len
-i
< 0) goto end
;
121 memset(buf
, 0, sizeof(buf
)); /* burn the evidence */
125 int loadrsakey(char *filename
, struct RSAKey
*key
, char *passphrase
) {
127 unsigned char buf
[64];
129 fp
= fopen(filename
, "rb");
131 return 0; /* doesn't even exist */
134 * Read the first line of the file and see if it's a v1 private
137 if (fgets(buf
, sizeof(buf
), fp
) &&
138 !strcmp(buf
, rsa_signature
)) {
139 return loadrsakey_main(fp
, key
, NULL
, passphrase
);
143 * Otherwise, we have nothing. Return empty-handed.
150 * See whether an RSA key is encrypted. Return its comment field as
153 int rsakey_encrypted(char *filename
, char **comment
) {
155 unsigned char buf
[64];
157 fp
= fopen(filename
, "rb");
159 return 0; /* doesn't even exist */
162 * Read the first line of the file and see if it's a v1 private
165 if (fgets(buf
, sizeof(buf
), fp
) &&
166 !strcmp(buf
, rsa_signature
)) {
167 return loadrsakey_main(fp
, NULL
, comment
, NULL
);
169 return 0; /* wasn't the right kind of file */