}
} else
*passphrase = '\0';
- ret = loadrsakey(filename, key, NULL, passphrase);
+ ret = loadrsakey(filename, key, passphrase);
attempts++;
} while (ret == -1);
if (comment) sfree(comment);
SetForegroundWindow(hwnd);
SetWindowPos (hwnd, HWND_TOP, 0, 0, 0, 0,
SWP_NOMOVE | SWP_NOSIZE | SWP_SHOWWINDOW);
+
+ /*
+ * Centre the window.
+ */
+ { /* centre the window */
+ RECT rs, rd;
+ HWND hw;
+
+ hw = GetDesktopWindow();
+ if (GetWindowRect (hw, &rs) && GetWindowRect (hwnd, &rd))
+ MoveWindow (hwnd, (rs.right + rs.left + rd.left - rd.right)/2,
+ (rs.bottom + rs.top + rd.top - rd.bottom)/2,
+ rd.right-rd.left, rd.bottom-rd.top, TRUE);
+ }
+
p = (struct PassphraseProcStruct *)lParam;
passphrase = p->passphrase;
if (p->comment)
WPARAM wParam, LPARAM lParam) {
switch (msg) {
case WM_INITDIALOG:
+ /*
+ * Centre the window.
+ */
+ { /* centre the window */
+ RECT rs, rd;
+ HWND hw;
+
+ hw = GetDesktopWindow();
+ if (GetWindowRect (hw, &rs) && GetWindowRect (hwnd, &rd))
+ MoveWindow (hwnd, (rs.right + rs.left + rd.left - rd.right)/2,
+ (rs.bottom + rs.top + rd.top - rd.bottom)/2,
+ rd.right-rd.left, rd.bottom-rd.top, TRUE);
+ }
+
return 1;
case WM_COMMAND:
switch (LOWORD(wParam)) {
WPARAM wParam, LPARAM lParam) {
switch (msg) {
case WM_INITDIALOG:
+ /*
+ * Centre the window.
+ */
+ { /* centre the window */
+ RECT rs, rd;
+ HWND hw;
+
+ hw = GetDesktopWindow();
+ if (GetWindowRect (hw, &rs) && GetWindowRect (hwnd, &rd))
+ MoveWindow (hwnd, (rs.right + rs.left + rd.left - rd.right)/2,
+ (rs.bottom + rs.top + rd.top - rd.bottom)/2,
+ rd.right-rd.left, rd.bottom-rd.top, TRUE);
+ }
+
SetDlgItemText (hwnd, 100, ver);
return 1;
case WM_COMMAND:
HWND dialog; /* notify this on completion */
int keysize; /* bits in key */
struct RSAKey *key;
- struct RSAAux *aux;
};
static DWORD WINAPI generate_rsa_key_thread(void *param) {
struct rsa_key_thread_params *params =
struct progress prog;
prog.progbar = params->progressbar;
- rsa_generate(params->key, params->aux,
- params->keysize, progress_update, &prog);
+ rsa_generate(params->key, params->keysize, progress_update, &prog);
PostMessage(params->dialog, WM_DONEKEY, 0, 0);
int key_exists;
int entropy_got, entropy_required, entropy_size;
int keysize;
+ int ssh2;
+ char **commentptr; /* points to key.comment or ssh2key.comment */
+ struct ssh2_userkey ssh2key;
unsigned *entropy;
struct RSAKey key;
- struct RSAAux aux;
};
static void hidemany(HWND hwnd, const int *ids, int hideit) {
}
}
-static void setupbigedit(HWND hwnd, int id, struct RSAKey *key) {
+static void setupbigedit1(HWND hwnd, int id, struct RSAKey *key) {
char *buffer;
char *dec1, *dec2;
sfree(buffer);
}
+static void setupbigedit2(HWND hwnd, int id, struct ssh2_userkey *key) {
+ unsigned char *pub_blob;
+ char *buffer, *p;
+ int pub_len, buflen;
+ int i;
+
+ pub_blob = key->alg->public_blob(key->data, &pub_len);
+ buffer = smalloc(strlen(key->alg->name) + 4*((pub_len+2)/3) +
+ strlen(key->comment) + 3);
+ strcpy(buffer, key->alg->name);
+ p = buffer + strlen(buffer);
+ *p++ = ' ';
+ i = 0;
+ while (i < pub_len) {
+ int n = (pub_len-i < 3 ? pub_len-i : 3);
+ base64_encode_atom(pub_blob+i, n, p);
+ i += n;
+ p += 4;
+ }
+ *p++ = ' ';
+ strcpy(p, key->comment);
+ SetDlgItemText(hwnd, id, buffer);
+ sfree(pub_blob);
+ sfree(buffer);
+}
+
/*
* Dialog-box function for the main PuTTYgen dialog box.
*/
IDC_LOADSTATIC, IDC_LOAD,
IDC_SAVESTATIC, IDC_SAVE,
IDC_BOX_PARAMS,
+ IDC_TYPESTATIC, IDC_KEYSSH1, IDC_KEYSSH2RSA,
IDC_BITSSTATIC, IDC_BITS,
IDC_ABOUT,
};
switch (msg) {
case WM_INITDIALOG:
+ /*
+ * Centre the window.
+ */
+ { /* centre the window */
+ RECT rs, rd;
+ HWND hw;
+
+ hw = GetDesktopWindow();
+ if (GetWindowRect (hw, &rs) && GetWindowRect (hwnd, &rd))
+ MoveWindow (hwnd, (rs.right + rs.left + rd.left - rd.right)/2,
+ (rs.bottom + rs.top + rd.top - rd.bottom)/2,
+ rd.right-rd.left, rd.bottom-rd.top, TRUE);
+ }
+
state = smalloc(sizeof(*state));
state->generation_thread_exists = FALSE;
state->collecting_entropy = FALSE;
IDC_PKSTATIC, IDC_KEYDISPLAY, 7);
SendDlgItemMessage(hwnd, IDC_KEYDISPLAY, EM_SETREADONLY, 1, 0);
staticedit(&cp, "Key fingerprint:", IDC_FPSTATIC,
- IDC_FINGERPRINT, 70);
+ IDC_FINGERPRINT, 75);
SendDlgItemMessage(hwnd, IDC_FINGERPRINT, EM_SETREADONLY, 1, 0);
staticedit(&cp, "Key &comment:", IDC_COMMENTSTATIC,
- IDC_COMMENTEDIT, 70);
+ IDC_COMMENTEDIT, 75);
staticpassedit(&cp, "Key p&assphrase:", IDC_PASSPHRASE1STATIC,
- IDC_PASSPHRASE1EDIT, 70);
+ IDC_PASSPHRASE1EDIT, 75);
staticpassedit(&cp, "C&onfirm passphrase:", IDC_PASSPHRASE2STATIC,
- IDC_PASSPHRASE2EDIT, 70);
+ IDC_PASSPHRASE2EDIT, 75);
endbox(&cp);
beginbox(&cp, "Actions",
IDC_BOX_ACTIONS);
endbox(&cp);
beginbox(&cp, "Parameters",
IDC_BOX_PARAMS);
+ radioline(&cp, "Type of key to generate:", IDC_TYPESTATIC, 2,
+ "SSH&1 (RSA)", IDC_KEYSSH1,
+ "SSH2 &RSA", IDC_KEYSSH2RSA, NULL);
staticedit(&cp, "Number of &bits in a generated key:",
IDC_BITSSTATIC, IDC_BITS, 20);
endbox(&cp);
}
+ CheckRadioButton(hwnd, IDC_KEYSSH1, IDC_KEYSSH2RSA, IDC_KEYSSH1);
SetDlgItemInt(hwnd, IDC_BITS, DEFAULT_KEYSIZE, FALSE);
/*
params->dialog = hwnd;
params->keysize = state->keysize;
params->key = &state->key;
- params->aux = &state->aux;
if (!CreateThread(NULL, 0, generate_rsa_key_thread,
params, 0, &threadid)) {
if (state->key_exists) {
HWND editctl = GetDlgItem(hwnd, IDC_COMMENTEDIT);
int len = GetWindowTextLength(editctl);
- if (state->key.comment)
- sfree(state->key.comment);
- state->key.comment = smalloc(len+1);
- GetWindowText(editctl, state->key.comment, len+1);
+ if (*state->commentptr)
+ sfree(*state->commentptr);
+ *state->commentptr = smalloc(len+1);
+ GetWindowText(editctl, *state->commentptr, len+1);
}
}
break;
state->keysize = GetDlgItemInt(hwnd, IDC_BITS,
&ok, FALSE);
if (!ok) state->keysize = DEFAULT_KEYSIZE;
+ /* If we ever introduce a new key type, check it here! */
+ state->ssh2 = !IsDlgButtonChecked(hwnd, IDC_KEYSSH1);
if (state->keysize < 256) {
int ret = MessageBox(hwnd,
"PuTTYgen will not generate a key"
if (ret != IDYES)
break;
}
- ret = saversakey(filename, &state->key, &state->aux,
- *passphrase ? passphrase : NULL);
+ if (state->ssh2) {
+ ret = ssh2_save_userkey(filename, &state->ssh2key,
+ *passphrase ? passphrase : NULL);
+ } else {
+ ret = saversakey(filename, &state->key,
+ *passphrase ? passphrase : NULL);
+ }
if (ret <= 0) {
MessageBox(hwnd, "Unable to save key file",
"PuTTYgen Error",
filename, 0)) {
char passphrase[PASSPHRASE_MAXLEN];
int needs_pass;
+ int ver;
int ret;
char *comment;
struct PassphraseProcStruct pps;
- struct RSAKey newkey;
- struct RSAAux newaux;
+ struct RSAKey newkey1;
+ struct ssh2_userkey *newkey2;
+
+ ver = keyfile_version(filename);
+ if (ver == 0) {
+ MessageBox(NULL, "Couldn't load private key.",
+ "PuTTYgen Error", MB_OK | MB_ICONERROR);
+ break;
+ }
- needs_pass = rsakey_encrypted(filename, &comment);
+ comment = NULL;
+ if (ver == 1)
+ needs_pass = rsakey_encrypted(filename, &comment);
+ else
+ needs_pass = ssh2_userkey_encrypted(filename, &comment);
pps.passphrase = passphrase;
pps.comment = comment;
do {
}
} else
*passphrase = '\0';
- ret = loadrsakey(filename, &newkey, &newaux,
- passphrase);
+ if (ver == 1)
+ ret = loadrsakey(filename, &newkey1, passphrase);
+ else {
+ newkey2 = ssh2_load_userkey(filename, passphrase);
+ if (newkey2 == SSH2_WRONG_PASSPHRASE)
+ ret = -1;
+ else if (!newkey2)
+ ret = 0;
+ else
+ ret = 1;
+ }
} while (ret == -1);
if (comment) sfree(comment);
if (ret == 0) {
MessageBox(NULL, "Couldn't load private key.",
"PuTTYgen Error", MB_OK | MB_ICONERROR);
} else if (ret == 1) {
- state->key = newkey;
- state->aux = newaux;
-
EnableWindow(GetDlgItem(hwnd, IDC_GENERATE), 1);
EnableWindow(GetDlgItem(hwnd, IDC_LOAD), 1);
EnableWindow(GetDlgItem(hwnd, IDC_SAVE), 1);
* key data.
*/
{
- char buf[128];
SetDlgItemText(hwnd, IDC_PASSPHRASE1EDIT,
passphrase);
SetDlgItemText(hwnd, IDC_PASSPHRASE2EDIT,
passphrase);
- SetDlgItemText(hwnd, IDC_COMMENTEDIT,
- state->key.comment);
- /*
- * Set the key fingerprint.
- */
- {
- char *savecomment = state->key.comment;
+ if (ver == 1) {
+ char buf[128];
+ char *savecomment;
+
+ state->ssh2 = FALSE;
+ state->commentptr = &state->key.comment;
+ state->key = newkey1;
+
+ /*
+ * Set the key fingerprint.
+ */
+ savecomment = state->key.comment;
state->key.comment = NULL;
rsa_fingerprint(buf, sizeof(buf), &state->key);
state->key.comment = savecomment;
- }
- SetDlgItemText(hwnd, IDC_FINGERPRINT, buf);
- /*
- * Construct a decimal representation
- * of the key, for pasting into
- * .ssh/authorized_keys on a Unix box.
- */
- setupbigedit(hwnd, IDC_KEYDISPLAY, &state->key);
+
+ SetDlgItemText(hwnd, IDC_FINGERPRINT, buf);
+ /*
+ * Construct a decimal representation
+ * of the key, for pasting into
+ * .ssh/authorized_keys on a Unix box.
+ */
+ setupbigedit1(hwnd, IDC_KEYDISPLAY, &state->key);
+ } else {
+ char *fp;
+ char *savecomment;
+
+ state->ssh2 = TRUE;
+ state->commentptr = &state->ssh2key.comment;
+ state->ssh2key = *newkey2; /* structure copy */
+ sfree(newkey2);
+
+ savecomment = state->ssh2key.comment;
+ state->ssh2key.comment = NULL;
+ fp = state->
+ ssh2key.alg->fingerprint(state->ssh2key.data);
+ state->ssh2key.comment = savecomment;
+
+ SetDlgItemText(hwnd, IDC_FINGERPRINT, fp);
+ sfree(fp);
+
+ setupbigedit2(hwnd, IDC_KEYDISPLAY, &state->ssh2key);
+ }
+ SetDlgItemText(hwnd, IDC_COMMENTEDIT,
+ *state->commentptr);
}
/*
* Finally, hide the progress bar and show
EnableWindow(GetDlgItem(hwnd, IDC_GENERATE), 1);
EnableWindow(GetDlgItem(hwnd, IDC_LOAD), 1);
EnableWindow(GetDlgItem(hwnd, IDC_SAVE), 1);
+ if (state->ssh2)
+ state->commentptr = &state->ssh2key.comment;
+ else
+ state->commentptr = &state->key.comment;
/*
* Invent a comment for the key. We'll do this by including
* the date in it. This will be so horrifyingly ugly that
* the user will immediately want to change it, which is
* what we want :-)
*/
- state->key.comment = smalloc(30);
+ *state->commentptr = smalloc(30);
{
time_t t;
struct tm *tm;
time(&t);
tm = localtime(&t);
- strftime(state->key.comment, 30, "rsa-key-%Y%m%d", tm);
+ strftime(*state->commentptr, 30, "rsa-key-%Y%m%d", tm);
}
/*
* Now update the key controls with all the key data.
*/
{
- char buf[128];
+ char *savecomment;
/*
* Blank passphrase, initially. This isn't dangerous,
* because we will warn (Are You Sure?) before allowing
/*
* Set the comment.
*/
- SetDlgItemText(hwnd, IDC_COMMENTEDIT, state->key.comment);
+ SetDlgItemText(hwnd, IDC_COMMENTEDIT, *state->commentptr);
/*
* Set the key fingerprint.
*/
- {
- char *savecomment = state->key.comment;
- state->key.comment = NULL;
+ savecomment = *state->commentptr;
+ *state->commentptr = NULL;
+ if (state->ssh2) {
+ char *fp;
+ fp = state->ssh2key.alg->fingerprint(state->ssh2key.data);
+ SetDlgItemText(hwnd, IDC_FINGERPRINT, fp);
+ sfree(fp);
+ } else {
+ char buf[128];
rsa_fingerprint(buf, sizeof(buf), &state->key);
- state->key.comment = savecomment;
+ SetDlgItemText(hwnd, IDC_FINGERPRINT, buf);
}
- SetDlgItemText(hwnd, IDC_FINGERPRINT, buf);
+ *state->commentptr = savecomment;
/*
* Construct a decimal representation of the key, for
* pasting into .ssh/authorized_keys on a Unix box.
*/
- setupbigedit(hwnd, IDC_KEYDISPLAY, &state->key);
+ if (state->ssh2) {
+ setupbigedit2(hwnd, IDC_KEYDISPLAY, &state->ssh2key);
+ } else {
+ setupbigedit1(hwnd, IDC_KEYDISPLAY, &state->key);
+ }
}
/*
* Finally, hide the progress bar and show the key data.
200 ICON "puttygen.ico"
-201 DIALOG DISCARDABLE 0, 0, 300, 276
+201 DIALOG DISCARDABLE 0, 0, 330, 296
STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "PuTTY Key Generator"
FONT 8, "MS Sans Serif"
#define crWaitUntil(c) do { crReturn(0); } while (!(c))
#define crWaitUntilV(c) do { crReturnV; } while (!(c))
-extern const struct ssh_cipher ssh_3des;
-extern const struct ssh2_ciphers ssh2_3des;
-extern const struct ssh_cipher ssh_des;
-extern const struct ssh2_ciphers ssh2_aes;
-extern const struct ssh_cipher ssh_blowfish_ssh1;
-extern const struct ssh2_ciphers ssh2_blowfish;
-
extern char *x11_init (Socket *, char *, void *);
extern void x11_close (Socket);
extern void x11_send (Socket , char *, int);
&ssh2_3des,
};
-extern const struct ssh_kex ssh_diffiehellman;
-extern const struct ssh_kex ssh_diffiehellman_gex;
const static struct ssh_kex *kex_algs[] = {
#ifdef DO_DIFFIE_HELLMAN_GEX
&ssh_diffiehellman_gex,
#endif
&ssh_diffiehellman };
-extern const struct ssh_signkey ssh_dss;
-extern const struct ssh_signkey ssh_rsa;
const static struct ssh_signkey *hostkey_algs[] = { &ssh_rsa, &ssh_dss };
-extern const struct ssh_mac ssh_md5, ssh_sha1, ssh_sha1_buggy;
-
static void nullmac_key(unsigned char *key) { }
static void nullmac_generate(unsigned char *blk, int len, unsigned long seq) { }
static int nullmac_verify(unsigned char *blk, int len, unsigned long seq) { return 1; }
static const struct ssh_compress *sccomp = NULL;
static const struct ssh_kex *kex = NULL;
static const struct ssh_signkey *hostkey = NULL;
+static unsigned char ssh2_session_id[20];
int (*ssh_get_password)(const char *prompt, char *str, int maxlen) = NULL;
static char *savedhost;
pktin.savedpos += 4;
return value;
}
+static int ssh2_pkt_getbool(void) {
+ unsigned long value;
+ if (pktin.length - pktin.savedpos < 1)
+ return 0; /* arrgh, no way to decline (FIXME?) */
+ value = pktin.data[pktin.savedpos] != 0;
+ pktin.savedpos++;
+ return value;
+}
static void ssh2_pkt_getstring(char **p, int *length) {
*p = NULL;
if (pktin.length - pktin.savedpos < 4)
static unsigned char buffer[32];
tried_publickey = 1;
- i = loadrsakey(cfg.keyfile, &pubkey, NULL, password);
+ i = loadrsakey(cfg.keyfile, &pubkey, password);
if (i == 0) {
c_write("Couldn't load public key from ", 30);
c_write(cfg.keyfile, strlen(cfg.keyfile));
static int hostkeylen, siglen;
static void *hkey; /* actual host key */
static unsigned char exchange_hash[20];
- static unsigned char first_exchange_hash[20];
static unsigned char keyspace[40];
static const struct ssh2_ciphers *preferred_cipher;
static const struct ssh_compress *preferred_comp;
* _first_ key exchange.
*/
if (first_kex)
- memcpy(first_exchange_hash, exchange_hash, sizeof(exchange_hash));
- ssh2_mkkey(K, exchange_hash, first_exchange_hash, 'C', keyspace);
+ memcpy(ssh2_session_id, exchange_hash, sizeof(exchange_hash));
+ ssh2_mkkey(K, exchange_hash, ssh2_session_id, 'C', keyspace);
cscipher->setcskey(keyspace);
- ssh2_mkkey(K, exchange_hash, first_exchange_hash, 'D', keyspace);
+ ssh2_mkkey(K, exchange_hash, ssh2_session_id, 'D', keyspace);
sccipher->setsckey(keyspace);
- ssh2_mkkey(K, exchange_hash, first_exchange_hash, 'A', keyspace);
+ ssh2_mkkey(K, exchange_hash, ssh2_session_id, 'A', keyspace);
cscipher->setcsiv(keyspace);
- ssh2_mkkey(K, exchange_hash, first_exchange_hash, 'B', keyspace);
+ ssh2_mkkey(K, exchange_hash, ssh2_session_id, 'B', keyspace);
sccipher->setsciv(keyspace);
- ssh2_mkkey(K, exchange_hash, first_exchange_hash, 'E', keyspace);
+ ssh2_mkkey(K, exchange_hash, ssh2_session_id, 'E', keyspace);
csmac->setcskey(keyspace);
- ssh2_mkkey(K, exchange_hash, first_exchange_hash, 'F', keyspace);
+ ssh2_mkkey(K, exchange_hash, ssh2_session_id, 'F', keyspace);
scmac->setsckey(keyspace);
/*
{
static unsigned long remote_winsize;
static unsigned long remote_maxpkt;
+ static enum {
+ AUTH_INVALID, AUTH_PUBLICKEY_AGENT, AUTH_PUBLICKEY_FILE, AUTH_PASSWORD
+ } method;
+ static int gotit, need_pw, can_pubkey, can_passwd, tried_pubkey_config;
+ static char username[100];
+ static char pwprompt[200];
+ static char password[100];
crBegin;
}
/*
- * FIXME: currently we support only password authentication.
- * (This places us technically in violation of the SSH2 spec.
- * We must fix this.)
+ * Get a username.
*/
- while (1) {
- /*
- * Get a username and a password.
- */
- static char username[100];
- static char password[100];
+ {
static int pos = 0;
static char c;
if ((flags & FLAG_INTERACTIVE) && !*cfg.username) {
c_write("login as: ", 10);
- ssh_send_ok = 1;
+ ssh_send_ok = 1;
while (pos >= 0) {
crWaitUntilV(!ispkt);
while (inlen--) switch (c = *in++) {
break;
default:
if (((c >= ' ' && c <= '~') ||
- ((unsigned char)c >= 160)) && pos < 40) {
+ ((unsigned char)c >= 160)) && pos < 40) {
username[pos++] = c;
c_write(&c, 1);
}
char stuff[200];
strncpy(username, cfg.username, 99);
username[99] = '\0';
- if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) {
+ if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) {
sprintf(stuff, "Using username \"%s\".\r\n", username);
c_write(stuff, strlen(stuff));
}
}
+ }
- if (ssh_get_password) {
- char prompt[200];
- sprintf(prompt, "%.90s@%.90s's password: ", username, savedhost);
- if (!ssh_get_password(prompt, password, sizeof(password))) {
- /*
- * get_password failed to get a password (for
- * example because one was supplied on the command
- * line which has already failed to work).
- * Terminate.
- */
- logevent("No more passwords to try");
- ssh_state = SSH_STATE_CLOSED;
- crReturnV;
- }
- } else {
- c_write("password: ", 10);
- ssh_send_ok = 1;
+ /*
+ * Send an authentication request using method "none": (a)
+ * just in case it succeeds, and (b) so that we know what
+ * authentication methods we can usefully try next.
+ */
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("none"); /* method */
+ ssh2_pkt_send();
+ logevent("Attempting null authentication");
+ gotit = FALSE;
- pos = 0;
- while (pos >= 0) {
- crWaitUntilV(!ispkt);
- while (inlen--) switch (c = *in++) {
- case 10: case 13:
- password[pos] = 0;
- pos = -1;
- break;
- case 8: case 127:
- if (pos > 0)
- pos--;
- break;
- case 21: case 27:
- pos = 0;
- break;
- case 3: case 4:
- random_save_seed();
- exit(0);
- break;
- default:
- if (((c >= ' ' && c <= '~') ||
- ((unsigned char)c >= 160)) && pos < 40)
- password[pos++] = c;
- break;
- }
- }
- c_write("\r\n", 2);
+ while (1) {
+ /*
+ * Wait for the result of the last authentication request.
+ */
+ if (!gotit)
+ crWaitUntilV(ispkt);
+ while (pktin.type == SSH2_MSG_USERAUTH_BANNER) {
+ /* FIXME: should support this */
+ crWaitUntilV(ispkt);
}
-
- /*
- * We send the password packet lumped tightly together with
- * an SSH_MSG_IGNORE packet. The IGNORE packet contains a
- * string long enough to make the total length of the two
- * packets constant. This should ensure that a passive
- * listener doing traffic analyis can't work out the length
- * of the password.
- *
- * For this to work, we need an assumption about the
- * maximum length of the password packet. I think 256 is
- * pretty conservative. Anyone using a password longer than
- * that probably doesn't have much to worry about from
- * people who find out how long their password is!
- */
- ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
- ssh2_pkt_addstring(username);
- ssh2_pkt_addstring("ssh-connection"); /* service requested */
- ssh2_pkt_addstring("password");
- ssh2_pkt_addbool(FALSE);
- ssh2_pkt_addstring(password);
- ssh2_pkt_defer();
- /*
- * We'll include a string that's an exact multiple of the
- * cipher block size. If the cipher is NULL for some
- * reason, we don't do this trick at all because we gain
- * nothing by it.
- */
- if (cscipher) {
- int i, j;
- ssh2_pkt_init(SSH2_MSG_IGNORE);
- ssh2_pkt_addstring_start();
- for (i = deferred_len; i <= 256; i += cscipher->blksize) {
- for (j = 0; j < cscipher->blksize; j++) {
- char c = (char)random_byte();
- ssh2_pkt_addstring_data(&c, 1);
- }
- }
- ssh2_pkt_defer();
+ if (pktin.type == SSH2_MSG_USERAUTH_SUCCESS) {
+ logevent("Access granted");
+ break;
}
- ssh2_pkt_defersend();
- crWaitUntilV(ispkt);
- if (pktin.type != SSH2_MSG_USERAUTH_SUCCESS) {
- c_write("Access denied\r\n", 15);
- logevent("Authentication refused");
- } else
- break;
+ if (pktin.type != SSH2_MSG_USERAUTH_FAILURE) {
+ bombout(("Strange packet received during authentication: type %d",
+ pktin.type));
+ }
+
+ gotit = FALSE;
+
+ /*
+ * OK, we're now sitting on a USERAUTH_FAILURE message, so
+ * we can look at the string in it and know what we can
+ * helpfully try next.
+ */
+ {
+ char *methods;
+ int methlen;
+ ssh2_pkt_getstring(&methods, &methlen);
+ if (!ssh2_pkt_getbool()) {
+ /*
+ * FIXME: these messages are often inappropriate.
+ */
+ c_write("Access denied\r\n", 15);
+ logevent("Access denied");
+ } else {
+ c_write("Authentication partially successful\r\n", 37);
+ logevent("Authentication partially successful");
+ }
+
+ can_pubkey = in_commasep_string("publickey", methods, methlen);
+ can_passwd = in_commasep_string("password", methods, methlen);
+ }
+
+ method = 0;
+
+ if (!method && can_pubkey && *cfg.keyfile && !tried_pubkey_config) {
+ unsigned char *pub_blob;
+ char *algorithm, *comment;
+ int pub_blob_len;
+
+ tried_pubkey_config = TRUE;
+
+ /*
+ * Try the public key supplied in the configuration.
+ *
+ * First, offer the public blob to see if the server is
+ * willing to accept it.
+ */
+ pub_blob = ssh2_userkey_loadpub(cfg.keyfile, &algorithm,
+ &pub_blob_len);
+ if (pub_blob) {
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("publickey");/* method */
+ ssh2_pkt_addbool(FALSE); /* no signature included */
+ ssh2_pkt_addstring(algorithm);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(pub_blob, pub_blob_len);
+ ssh2_pkt_send();
+ logevent("Offered public key"); /* FIXME */
+
+ crWaitUntilV(ispkt);
+ if (pktin.type != SSH2_MSG_USERAUTH_PK_OK) {
+ gotit = TRUE;
+ continue; /* key refused; give up on it */
+ }
+
+ logevent("Offer of public key accepted");
+ /*
+ * Actually attempt a serious authentication using
+ * the key.
+ */
+ if (ssh2_userkey_encrypted(cfg.keyfile, &comment)) {
+ sprintf(pwprompt, "Passphrase for key \"%.100s\": ", comment);
+ need_pw = TRUE;
+ } else {
+ need_pw = FALSE;
+ }
+ method = AUTH_PUBLICKEY_FILE;
+ }
+ }
+
+ if (!method && can_passwd) {
+ method = AUTH_PASSWORD;
+ sprintf(pwprompt, "%.90s@%.90s's password: ", username, savedhost);
+ need_pw = TRUE;
+ }
+
+ if (need_pw) {
+ if (ssh_get_password) {
+ if (!ssh_get_password(pwprompt, password, sizeof(password))) {
+ /*
+ * get_password failed to get a password (for
+ * example because one was supplied on the command
+ * line which has already failed to work).
+ * Terminate.
+ */
+ logevent("No more passwords to try");
+ ssh_state = SSH_STATE_CLOSED;
+ crReturnV;
+ }
+ } else {
+ static int pos = 0;
+ static char c;
+
+ c_write(pwprompt, strlen(pwprompt));
+ ssh_send_ok = 1;
+
+ pos = 0;
+ while (pos >= 0) {
+ crWaitUntilV(!ispkt);
+ while (inlen--) switch (c = *in++) {
+ case 10: case 13:
+ password[pos] = 0;
+ pos = -1;
+ break;
+ case 8: case 127:
+ if (pos > 0)
+ pos--;
+ break;
+ case 21: case 27:
+ pos = 0;
+ break;
+ case 3: case 4:
+ random_save_seed();
+ exit(0);
+ break;
+ default:
+ if (((c >= ' ' && c <= '~') ||
+ ((unsigned char)c >= 160)) && pos < 40)
+ password[pos++] = c;
+ break;
+ }
+ }
+ c_write("\r\n", 2);
+ }
+ }
+
+ if (method == AUTH_PUBLICKEY_FILE) {
+ /*
+ * We have our passphrase. Now try the actual authentication.
+ */
+ struct ssh2_userkey *key;
+
+ key = ssh2_load_userkey(cfg.keyfile, password);
+ if (key == SSH2_WRONG_PASSPHRASE) {
+ c_write("Wrong passphrase\r\n", 18);
+ tried_pubkey_config = FALSE;
+ /* Send a spurious AUTH_NONE to return to the top. */
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("none"); /* method */
+ ssh2_pkt_send();
+ } else if (key == NULL) {
+ c_write("Unable to load private key\r\n",28);
+ tried_pubkey_config = TRUE;
+ /* Send a spurious AUTH_NONE to return to the top. */
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("none"); /* method */
+ ssh2_pkt_send();
+ } else {
+ unsigned char *blob, *sigdata;
+ int blob_len, sigdata_len;
+
+ /*
+ * We have loaded the private key and the server
+ * has announced that it's willing to accept it.
+ * Hallelujah. Generate a signature and send it.
+ */
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("publickey"); /* method */
+ ssh2_pkt_addbool(TRUE);
+ ssh2_pkt_addstring(key->alg->name);
+ blob = key->alg->public_blob(key->data, &blob_len);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(blob, blob_len);
+ sfree(blob);
+
+ /*
+ * The data to be signed is:
+ *
+ * string session-id
+ *
+ * followed by everything so far placed in the
+ * outgoing packet.
+ */
+ sigdata_len = pktout.length - 5 + 4 + 20;
+ sigdata = smalloc(sigdata_len);
+ PUT_32BIT(sigdata, 20);
+ memcpy(sigdata+4, ssh2_session_id, 20);
+ memcpy(sigdata+24, pktout.data+5, pktout.length-5);
+ blob = key->alg->sign(key->data, sigdata, sigdata_len, &blob_len);
+ ssh2_pkt_addstring_start();
+ ssh2_pkt_addstring_data(blob, blob_len);
+ sfree(blob);
+ sfree(sigdata);
+
+ ssh2_pkt_send();
+ }
+ } else if (method == AUTH_PASSWORD) {
+ /*
+ * We send the password packet lumped tightly together with
+ * an SSH_MSG_IGNORE packet. The IGNORE packet contains a
+ * string long enough to make the total length of the two
+ * packets constant. This should ensure that a passive
+ * listener doing traffic analyis can't work out the length
+ * of the password.
+ *
+ * For this to work, we need an assumption about the
+ * maximum length of the password packet. I think 256 is
+ * pretty conservative. Anyone using a password longer than
+ * that probably doesn't have much to worry about from
+ * people who find out how long their password is!
+ */
+ ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
+ ssh2_pkt_addstring(username);
+ ssh2_pkt_addstring("ssh-connection"); /* service requested */
+ ssh2_pkt_addstring("password");
+ ssh2_pkt_addbool(FALSE);
+ ssh2_pkt_addstring(password);
+ ssh2_pkt_defer();
+ /*
+ * We'll include a string that's an exact multiple of the
+ * cipher block size. If the cipher is NULL for some
+ * reason, we don't do this trick at all because we gain
+ * nothing by it.
+ */
+ if (cscipher) {
+ int i, j;
+ ssh2_pkt_init(SSH2_MSG_IGNORE);
+ ssh2_pkt_addstring_start();
+ for (i = deferred_len; i <= 256; i += cscipher->blksize) {
+ for (j = 0; j < cscipher->blksize; j++) {
+ char c = (char)random_byte();
+ ssh2_pkt_addstring_data(&c, 1);
+ }
+ }
+ ssh2_pkt_defer();
+ }
+ ssh2_pkt_defersend();
+ } else {
+ c_write("No supported authentication methods left to try!\r\n", 50);
+ logevent("No supported authentications offered. Disconnecting");
+ ssh2_pkt_init(SSH2_MSG_DISCONNECT);
+ ssh2_pkt_adduint32(SSH2_DISCONNECT_BY_APPLICATION);
+ ssh2_pkt_addstring("No supported authentication methods available");
+ ssh2_pkt_addstring("en"); /* language tag */
+ ssh2_pkt_send();
+ ssh_state = SSH_STATE_CLOSED;
+ crReturnV;
+ }
}
/*
Bignum modulus;
Bignum exponent;
Bignum private_exponent;
-#endif
- char *comment;
-};
-
-struct RSAAux {
Bignum p;
Bignum q;
Bignum iqmp;
+#endif
+ char *comment;
};
int makekey(unsigned char *data, struct RSAKey *result,
struct ssh2_ciphers {
int nciphers;
- struct ssh2_cipher **list;
+ const struct ssh2_cipher *const *list;
};
struct ssh_mac {
void *(*newkey)(char *data, int len);
void (*freekey)(void *key);
char *(*fmtkey)(void *key);
+ unsigned char *(*public_blob)(void *key, int *len);
+ unsigned char *(*private_blob)(void *key, int *len);
+ void *(*createkey)(unsigned char *pub_blob, int pub_len,
+ unsigned char *priv_blob, int priv_len);
char *(*fingerprint)(void *key);
int (*verifysig)(void *key, char *sig, int siglen,
char *data, int datalen);
- int (*sign)(void *key, char *sig, int siglen,
- char *data, int datalen);
+ unsigned char *(*sign)(void *key, char *data, int datalen, int *siglen);
char *name;
char *keytype; /* for host key cache */
};
unsigned char **outblock, int *outlen);
};
+struct ssh2_userkey {
+ const struct ssh_signkey *alg; /* the key algorithm */
+ void *data; /* the key data */
+ char *comment; /* the key comment */
+};
+
+extern const struct ssh_cipher ssh_3des;
+extern const struct ssh_cipher ssh_des;
+extern const struct ssh_cipher ssh_blowfish_ssh1;
+extern const struct ssh2_ciphers ssh2_3des;
+extern const struct ssh2_ciphers ssh2_aes;
+extern const struct ssh2_ciphers ssh2_blowfish;
+extern const struct ssh_kex ssh_diffiehellman;
+extern const struct ssh_kex ssh_diffiehellman_gex;
+extern const struct ssh_signkey ssh_dss;
+extern const struct ssh_signkey ssh_rsa;
+extern const struct ssh_mac ssh_md5;
+extern const struct ssh_mac ssh_sha1;
+extern const struct ssh_mac ssh_sha1_buggy;
+
#ifndef MSCRYPTOAPI
void SHATransform(word32 *digest, word32 *data);
#endif
Bignum dh_create_e(void);
Bignum dh_find_K(Bignum f);
-int loadrsakey(char *filename, struct RSAKey *key, struct RSAAux *aux,
- char *passphrase);
+int loadrsakey(char *filename, struct RSAKey *key, char *passphrase);
int rsakey_encrypted(char *filename, char **comment);
-int saversakey(char *filename, struct RSAKey *key, struct RSAAux *aux,
- char *passphrase);
+int saversakey(char *filename, struct RSAKey *key, char *passphrase);
+
+void base64_encode_atom(unsigned char *data, int n, char *out);
+
+/* ssh2_load_userkey can return this as an error */
+extern struct ssh2_userkey ssh2_wrong_passphrase;
+#define SSH2_WRONG_PASSPHRASE (&ssh2_wrong_passphrase)
+
+int ssh2_userkey_encrypted(char *filename, char **comment);
+struct ssh2_userkey *ssh2_load_userkey(char *filename, char *passphrase);
+char *ssh2_userkey_loadpub(char *filename, char **algorithm, int *pub_blob_len);
+int ssh2_save_userkey(char *filename, struct ssh2_userkey *key, char *passphrase);
+
+int keyfile_version(char *filename);
-void des3_decrypt_pubkey(unsigned char *key,
- unsigned char *blk, int len);
-void des3_encrypt_pubkey(unsigned char *key,
- unsigned char *blk, int len);
+void des3_decrypt_pubkey(unsigned char *key, unsigned char *blk, int len);
+void des3_encrypt_pubkey(unsigned char *key, unsigned char *blk, int len);
+void aes256_encrypt_pubkey(unsigned char *key, unsigned char *blk, int len);
+void aes256_decrypt_pubkey(unsigned char *key, unsigned char *blk, int len);
/*
* For progress updates in the key generation utility.
*/
typedef void (*progfn_t)(void *param, int phase, int progress);
-int rsa_generate(struct RSAKey *key, struct RSAAux *aux, int bits,
- progfn_t pfn, void *pfnparam);
+int rsa_generate(struct RSAKey *key, int bits, progfn_t pfn, void *pfnparam);
Bignum primegen(int bits, int modulus, int residue,
int phase, progfn_t pfn, void *pfnparam);
aes_decrypt_cbc(blk, len, &scctx);
}
-static struct ssh2_cipher ssh_aes128 = {
+void aes256_encrypt_pubkey(unsigned char *key, unsigned char *blk, int len) {
+ AESContext ctx;
+ aes_setup(&ctx, 16, key, 32);
+ memset(ctx.iv, 0, sizeof(ctx.iv));
+ aes_encrypt_cbc(blk, len, &ctx);
+}
+
+void aes256_decrypt_pubkey(unsigned char *key, unsigned char *blk, int len) {
+ AESContext ctx;
+ aes_setup(&ctx, 16, key, 32);
+ memset(ctx.iv, 0, sizeof(ctx.iv));
+ aes_decrypt_cbc(blk, len, &ctx);
+}
+
+static const struct ssh2_cipher ssh_aes128 = {
aes_csiv, aes128_cskey,
aes_sciv, aes128_sckey,
aes_ssh2_encrypt_blk,
16, 128
};
-static struct ssh2_cipher ssh_aes192 = {
+static const struct ssh2_cipher ssh_aes192 = {
aes_csiv, aes192_cskey,
aes_sciv, aes192_sckey,
aes_ssh2_encrypt_blk,
16, 192
};
-static struct ssh2_cipher ssh_aes256 = {
+static const struct ssh2_cipher ssh_aes256 = {
aes_csiv, aes256_cskey,
aes_sciv, aes256_sckey,
aes_ssh2_encrypt_blk,
16, 256
};
-static struct ssh2_cipher ssh_rijndael128 = {
+static const struct ssh2_cipher ssh_rijndael128 = {
aes_csiv, aes128_cskey,
aes_sciv, aes128_sckey,
aes_ssh2_encrypt_blk,
16, 128
};
-static struct ssh2_cipher ssh_rijndael192 = {
+static const struct ssh2_cipher ssh_rijndael192 = {
aes_csiv, aes192_cskey,
aes_sciv, aes192_sckey,
aes_ssh2_encrypt_blk,
16, 192
};
-static struct ssh2_cipher ssh_rijndael256 = {
+static const struct ssh2_cipher ssh_rijndael256 = {
aes_csiv, aes256_cskey,
aes_sciv, aes256_sckey,
aes_ssh2_encrypt_blk,
16, 256
};
-static struct ssh2_cipher ssh_rijndael_lysator = {
+static const struct ssh2_cipher ssh_rijndael_lysator = {
aes_csiv, aes256_cskey,
aes_sciv, aes256_sckey,
aes_ssh2_encrypt_blk,
16, 256
};
-static struct ssh2_cipher *aes_list[] = {
+static const struct ssh2_cipher *const aes_list[] = {
&ssh_aes256,
&ssh_rijndael256,
&ssh_rijndael_lysator,
&ssh_rijndael128,
};
-struct ssh2_ciphers ssh2_aes = {
+const struct ssh2_ciphers ssh2_aes = {
sizeof(aes_list) / sizeof(*aes_list),
aes_list
};
blowfish_msb_decrypt_cbc(blk, len, &dctx);
}
-struct ssh_cipher ssh_blowfish_ssh1 = {
+const struct ssh_cipher ssh_blowfish_ssh1 = {
blowfish_sesskey,
blowfish_ssh1_encrypt_blk,
blowfish_ssh1_decrypt_blk,
8
};
-static struct ssh2_cipher ssh_blowfish_ssh2 = {
+static const struct ssh2_cipher ssh_blowfish_ssh2 = {
blowfish_csiv, blowfish_cskey,
blowfish_sciv, blowfish_sckey,
blowfish_ssh2_encrypt_blk,
8, 128
};
-static struct ssh2_cipher *blowfish_list[] = {
+static const struct ssh2_cipher *const blowfish_list[] = {
&ssh_blowfish_ssh2
};
-struct ssh2_ciphers ssh2_blowfish = {
+const struct ssh2_ciphers ssh2_blowfish = {
sizeof(blowfish_list) / sizeof(*blowfish_list),
blowfish_list
};
des_3cbc_encrypt(blk, blk, len, ourkeys);
}
-static struct ssh2_cipher ssh_3des_ssh2 = {
+static const struct ssh2_cipher ssh_3des_ssh2 = {
des3_csiv, des3_cskey,
des3_sciv, des3_sckey,
des3_ssh2_encrypt_blk,
8, 168
};
-static struct ssh2_cipher *des3_list[] = {
+static const struct ssh2_cipher *const des3_list[] = {
&ssh_3des_ssh2
};
-struct ssh2_ciphers ssh2_3des = {
+const struct ssh2_ciphers ssh2_3des = {
sizeof(des3_list) / sizeof(*des3_list),
des3_list
};
-struct ssh_cipher ssh_3des = {
+const struct ssh_cipher ssh_3des = {
des3_sesskey,
des3_encrypt_blk,
des3_decrypt_blk,
des_cbc_decrypt(blk, blk, len, cskeys);
}
-struct ssh_cipher ssh_des = {
+const struct ssh_cipher ssh_des = {
des_sesskey,
des_encrypt_blk,
des_decrypt_blk,
#include "ssh.h"
-struct ssh_kex ssh_diffiehellman = {
+const struct ssh_kex ssh_diffiehellman = {
"diffie-hellman-group1-sha1"
};
-struct ssh_kex ssh_diffiehellman_gex = {
+const struct ssh_kex ssh_diffiehellman_gex = {
"diffie-hellman-group-exchange-sha1"
};
#include <stdio.h>
#include <stdlib.h>
+#include <assert.h>
#include "ssh.h"
return ret;
}
-int dss_sign(void *key, char *sig, int siglen,
- char *data, int datalen) {
- return 0; /* do nothing */
+static unsigned char *dss_public_blob(void *key, int *len) {
+ struct dss_key *dss = (struct dss_key *)key;
+ int plen, qlen, glen, ylen, bloblen;
+ int i;
+ unsigned char *blob, *p;
+
+ plen = (ssh1_bignum_bitcount(dss->p)+8)/8;
+ qlen = (ssh1_bignum_bitcount(dss->q)+8)/8;
+ glen = (ssh1_bignum_bitcount(dss->g)+8)/8;
+ ylen = (ssh1_bignum_bitcount(dss->y)+8)/8;
+
+ /*
+ * string "ssh-dss", mpint p, mpint q, mpint g, mpint y. Total
+ * 27 + sum of lengths. (five length fields, 20+7=27).
+ */
+ bloblen = 27+plen+qlen+glen+ylen;
+ blob = smalloc(bloblen);
+ p = blob;
+ PUT_32BIT(p, 7); p += 4;
+ memcpy(p, "ssh-dss", 7); p += 7;
+ PUT_32BIT(p, plen); p += 4;
+ for (i = plen; i-- ;) *p++ = bignum_byte(dss->p, i);
+ PUT_32BIT(p, qlen); p += 4;
+ for (i = qlen; i-- ;) *p++ = bignum_byte(dss->q, i);
+ PUT_32BIT(p, glen); p += 4;
+ for (i = glen; i-- ;) *p++ = bignum_byte(dss->g, i);
+ PUT_32BIT(p, ylen); p += 4;
+ for (i = ylen; i-- ;) *p++ = bignum_byte(dss->y, i);
+ assert(p == blob + bloblen);
+ *len = bloblen;
+ return blob;
+}
+
+static unsigned char *dss_private_blob(void *key, int *len) {
+ return NULL; /* can't handle DSS private keys */
+}
+
+static void *dss_createkey(unsigned char *pub_blob, int pub_len,
+ unsigned char *priv_blob, int priv_len) {
+ return NULL; /* can't handle DSS private keys */
+}
+
+unsigned char *dss_sign(void *key, char *data, int datalen, int *siglen) {
+ return NULL; /* can't handle DSS private keys */
}
-struct ssh_signkey ssh_dss = {
+const struct ssh_signkey ssh_dss = {
dss_newkey,
dss_freekey,
dss_fmtkey,
+ dss_public_blob,
+ dss_private_blob,
+ dss_createkey,
dss_fingerprint,
dss_verifysig,
dss_sign,
return !memcmp(correct, blk+len, 16);
}
-struct ssh_mac ssh_md5 = {
+const struct ssh_mac ssh_md5 = {
md5_cskey, md5_sckey,
md5_generate,
md5_verify,
#include <stdio.h>
#include <stdlib.h>
+#include <assert.h>
#include "ssh.h"
(x)=='+' ? 62 : \
(x)=='/' ? 63 : 0 )
-static int loadrsakey_main(FILE *fp, struct RSAKey *key, struct RSAAux *aux,
+static int loadrsakey_main(FILE *fp, struct RSAKey *key,
char **commentptr, char *passphrase) {
unsigned char buf[16384];
unsigned char keybuf[16];
*/
i += makeprivate(buf+i, key);
if (len-i < 0) goto end;
- if (aux) {
- i += ssh1_read_bignum(buf+i, &aux->iqmp);
- if (len-i < 0) goto end;
- i += ssh1_read_bignum(buf+i, &aux->q);
- if (len-i < 0) goto end;
- i += ssh1_read_bignum(buf+i, &aux->p);
- if (len-i < 0) goto end;
- }
+ i += ssh1_read_bignum(buf+i, &key->iqmp);
+ if (len-i < 0) goto end;
+ i += ssh1_read_bignum(buf+i, &key->q);
+ if (len-i < 0) goto end;
+ i += ssh1_read_bignum(buf+i, &key->p);
+ if (len-i < 0) goto end;
ret = 1;
end:
return ret;
}
-int loadrsakey(char *filename, struct RSAKey *key, struct RSAAux *aux,
- char *passphrase) {
+int loadrsakey(char *filename, struct RSAKey *key, char *passphrase) {
FILE *fp;
unsigned char buf[64];
*/
if (fgets(buf, sizeof(buf), fp) &&
!strcmp(buf, rsa_signature)) {
- return loadrsakey_main(fp, key, aux, NULL, passphrase);
+ return loadrsakey_main(fp, key, NULL, passphrase);
}
/*
*/
if (fgets(buf, sizeof(buf), fp) &&
!strcmp(buf, rsa_signature)) {
- return loadrsakey_main(fp, NULL, NULL, comment, NULL);
+ return loadrsakey_main(fp, NULL, comment, NULL);
}
fclose(fp);
return 0; /* wasn't the right kind of file */
/*
* Save an RSA key file. Return nonzero on success.
*/
-int saversakey(char *filename, struct RSAKey *key, struct RSAAux *aux,
- char *passphrase) {
+int saversakey(char *filename, struct RSAKey *key, char *passphrase) {
unsigned char buf[16384];
unsigned char keybuf[16];
struct MD5Context md5c;
* q, then p.
*/
p += ssh1_write_bignum(p, key->private_exponent);
- p += ssh1_write_bignum(p, aux->iqmp);
- p += ssh1_write_bignum(p, aux->q);
- p += ssh1_write_bignum(p, aux->p);
+ p += ssh1_write_bignum(p, key->iqmp);
+ p += ssh1_write_bignum(p, key->q);
+ p += ssh1_write_bignum(p, key->p);
/*
* Now write zeros until the encrypted portion is a multiple of
} else
return 0;
}
+
+/* ----------------------------------------------------------------------
+ * SSH2 private key load/store functions.
+ */
+
+/*
+ * PuTTY's own format for SSH2 keys is as follows:
+ *
+ * The file is text. Lines are terminated by CRLF, although CR-only
+ * and LF-only are tolerated on input.
+ *
+ * The first line says "PuTTY-User-Key-File-1: " plus the name of the
+ * algorithm ("ssh-dss", "ssh-rsa" etc. Although, of course, this
+ * being PuTTY, "ssh-dss" is not supported.)
+ *
+ * The next line says "Encryption: " plus an encryption type.
+ * Currently the only supported encryption types are "aes256-cbc"
+ * and "none".
+ *
+ * The next line says "Comment: " plus the comment string.
+ *
+ * Next there is a line saying "Public-Lines: " plus a number N.
+ * The following N lines contain a base64 encoding of the public
+ * part of the key. This is encoded as the standard SSH2 public key
+ * blob (with no initial length): so for RSA, for example, it will
+ * read
+ *
+ * string "ssh-rsa"
+ * mpint exponent
+ * mpint modulus
+ *
+ * Next, there is a line saying "Private-Lines: " plus a number N,
+ * and then N lines containing the (potentially encrypted) private
+ * part of the key. For the key type "ssh-rsa", this will be
+ * composed of
+ *
+ * mpint private_exponent
+ * mpint p (the larger of the two primes)
+ * mpint q (the smaller prime)
+ * mpint iqmp (the inverse of q modulo p)
+ * data padding (to reach a multiple of the cipher block size)
+ *
+ * Finally, there is a line saying "Private-Hash: " plus a hex
+ * representation of a SHA-1 hash of the plaintext version of the
+ * private part, including the final padding.
+ *
+ * If the key is encrypted, the encryption key is derived from the
+ * passphrase by means of a succession of SHA-1 hashes. Each hash
+ * is the hash of:
+ *
+ * uint32 sequence-number
+ * string passphrase
+ *
+ * where the sequence-number increases from zero. As many of these
+ * hashes are used as necessary.
+ */
+
+static int read_header(FILE *fp, char *header) {
+ int len = 39;
+ int c;
+
+ while (len > 0) {
+ c = fgetc(fp);
+ if (c == '\n' || c == '\r' || c == EOF)
+ return 0; /* failure */
+ if (c == ':') {
+ c = fgetc(fp);
+ if (c != ' ')
+ return 0;
+ *header = '\0';
+ return 1; /* success! */
+ }
+ if (len == 0)
+ return 0; /* failure */
+ *header++ = c;
+ len--;
+ }
+ return 0; /* failure */
+}
+
+static char *read_body(FILE *fp) {
+ char *text;
+ int len;
+ int size;
+ int c;
+
+ size = 128;
+ text = smalloc(size);
+ len = 0;
+ text[len] = '\0';
+
+ while (1) {
+ c = fgetc(fp);
+ if (c == '\r' || c == '\n') {
+ c = fgetc(fp);
+ if (c != '\r' && c != '\n' && c != EOF)
+ ungetc(c, fp);
+ return text;
+ }
+ if (c == EOF) {
+ sfree(text);
+ return NULL;
+ }
+ if (len + 1 > size) {
+ size += 128;
+ text = srealloc(text, size);
+ }
+ text[len++] = c;
+ text[len] = '\0';
+ }
+}
+
+int base64_decode_atom(char *atom, unsigned char *out) {
+ int vals[4];
+ int i, v, len;
+ unsigned word;
+ char c;
+
+ for (i = 0; i < 4; i++) {
+ c = atom[i];
+ if (c >= 'A' && c <= 'Z')
+ v = c - 'A';
+ else if (c >= 'a' && c <= 'z')
+ v = c - 'a' + 26;
+ else if (c >= '0' && c <= '9')
+ v = c - '0' + 52;
+ else if (c == '+')
+ v = 62;
+ else if (c == '/')
+ v = 63;
+ else if (c == '=')
+ v = -1;
+ else
+ return 0; /* invalid atom */
+ vals[i] = v;
+ }
+
+ if (vals[0] == -1 || vals[1] == -1)
+ return 0;
+ if (vals[2] == -1 && vals[3] != -1)
+ return 0;
+
+ if (vals[3] != -1)
+ len = 3;
+ else if (vals[2] != -1)
+ len = 2;
+ else
+ len = 1;
+
+ word = ((vals[0] << 18) |
+ (vals[1] << 12) |
+ ((vals[2] & 0x3F) << 6) |
+ (vals[3] & 0x3F));
+ out[0] = (word >> 16) & 0xFF;
+ if (len > 1)
+ out[1] = (word >> 8) & 0xFF;
+ if (len > 2)
+ out[2] = word & 0xFF;
+ return len;
+}
+
+static char *read_blob(FILE *fp, int nlines, int *bloblen) {
+ unsigned char *blob;
+ char *line;
+ int linelen, len;
+ int i, j, k;
+
+ /* We expect at most 64 base64 characters, ie 48 real bytes, per line. */
+ blob = smalloc(48 * nlines);
+ len = 0;
+ for (i = 0; i < nlines; i++) {
+ line = read_body(fp);
+ if (!line) {
+ sfree(blob);
+ return NULL;
+ }
+ linelen = strlen(line);
+ if (linelen % 4 != 0 || linelen > 64) {
+ sfree(blob);
+ sfree(line);
+ return NULL;
+ }
+ for (j = 0; j < linelen; j += 4) {
+ k = base64_decode_atom(line+j, blob+len);
+ if (!k) {
+ sfree(line);
+ sfree(blob);
+ return NULL;
+ }
+ len += k;
+ }
+ sfree(line);
+ }
+ *bloblen = len;
+ return blob;
+}
+
+/*
+ * Magic error return value for when the passphrase is wrong.
+ */
+struct ssh2_userkey ssh2_wrong_passphrase = {
+ NULL, NULL, NULL
+};
+
+struct ssh2_userkey *ssh2_load_userkey(char *filename, char *passphrase) {
+ FILE *fp;
+ char header[40], *b, *comment, *hash;
+ const struct ssh_signkey *alg;
+ struct ssh2_userkey *ret;
+ int cipher, cipherblk;
+ unsigned char *public_blob, *private_blob;
+ int public_blob_len, private_blob_len;
+ int i;
+
+ ret = NULL; /* return NULL for most errors */
+ comment = hash = NULL;
+ public_blob = private_blob = NULL;
+
+ fp = fopen(filename, "rb");
+ if (!fp)
+ goto error;
+
+ /* Read the first header line which contains the key type. */
+ if (!read_header(fp, header) || 0!=strcmp(header, "PuTTY-User-Key-File-1"))
+ goto error;
+ if ((b = read_body(fp)) == NULL)
+ goto error;
+ /* Select key algorithm structure. Currently only ssh-rsa. */
+ if (!strcmp(b, "ssh-rsa"))
+ alg = &ssh_rsa;
+ else {
+ sfree(b);
+ goto error;
+ }
+ sfree(b);
+
+ /* Read the Encryption header line. */
+ if (!read_header(fp, header) || 0!=strcmp(header, "Encryption"))
+ goto error;
+ if ((b = read_body(fp)) == NULL)
+ goto error;
+ if (!strcmp(b, "aes256-cbc")) {
+ cipher = 1; cipherblk = 16;
+ } else if (!strcmp(b, "none")) {
+ cipher = 0; cipherblk = 1;
+ } else {
+ sfree(b);
+ goto error;
+ }
+ sfree(b);
+
+ /* Read the Comment header line. */
+ if (!read_header(fp, header) || 0!=strcmp(header, "Comment"))
+ goto error;
+ if ((comment = read_body(fp)) == NULL)
+ goto error;
+
+ /* Read the Public-Lines header line and the public blob. */
+ if (!read_header(fp, header) || 0!=strcmp(header, "Public-Lines"))
+ goto error;
+ if ((b = read_body(fp)) == NULL)
+ goto error;
+ i = atoi(b);
+ sfree(b);
+ if ((public_blob = read_blob(fp, i, &public_blob_len)) == NULL)
+ goto error;
+
+ /* Read the Private-Lines header line and the Private blob. */
+ if (!read_header(fp, header) || 0!=strcmp(header, "Private-Lines"))
+ goto error;
+ if ((b = read_body(fp)) == NULL)
+ goto error;
+ i = atoi(b);
+ sfree(b);
+ if ((private_blob = read_blob(fp, i, &private_blob_len)) == NULL)
+ goto error;
+
+ /* Read the Private-Hash header line. */
+ if (!read_header(fp, header) || 0!=strcmp(header, "Private-Hash"))
+ goto error;
+ if ((hash = read_body(fp)) == NULL)
+ goto error;
+
+ fclose(fp);
+ fp = NULL;
+
+ /*
+ * Decrypt the private blob.
+ */
+ if (cipher) {
+ unsigned char key[40];
+ SHA_State s;
+ int passlen;
+
+ if (!passphrase)
+ goto error;
+ if (private_blob_len % cipherblk)
+ goto error;
+
+ passlen = strlen(passphrase);
+
+ SHA_Init(&s);
+ SHA_Bytes(&s, "\0\0\0\0", 4);
+ SHA_Bytes(&s, passphrase, passlen);
+ SHA_Final(&s, key+0);
+ SHA_Init(&s);
+ SHA_Bytes(&s, "\0\0\0\1", 4);
+ SHA_Bytes(&s, passphrase, passlen);
+ SHA_Final(&s, key+20);
+ aes256_decrypt_pubkey(key, private_blob, private_blob_len);
+ }
+
+ /*
+ * Verify the private hash.
+ */
+ {
+ char realhash[41];
+ unsigned char binary[20];
+ SHA_State s;
+
+ SHA_Simple(private_blob, private_blob_len, binary);
+ for (i = 0; i < 20; i++)
+ sprintf(realhash+2*i, "%02x", binary[i]);
+
+ if (strcmp(hash, realhash)) {
+ /* An incorrect hash is an unconditional Error if the key is
+ * unencrypted. Otherwise, it means Wrong Passphrase. */
+ ret = cipher ? SSH2_WRONG_PASSPHRASE : NULL;
+ goto error;
+ }
+ }
+ sfree(hash);
+
+ /*
+ * Create and return the key.
+ */
+ ret = smalloc(sizeof(struct ssh2_userkey));
+ ret->alg = alg;
+ ret->comment = comment;
+ ret->data = alg->createkey(public_blob, public_blob_len,
+ private_blob, private_blob_len);
+ sfree(public_blob);
+ sfree(private_blob);
+ return ret;
+
+ /*
+ * Error processing.
+ */
+ error:
+ if (fp) fclose(fp);
+ if (comment) sfree(comment);
+ if (hash) sfree(hash);
+ if (public_blob) sfree(public_blob);
+ if (private_blob) sfree(private_blob);
+ return ret;
+}
+
+char *ssh2_userkey_loadpub(char *filename, char **algorithm, int *pub_blob_len) {
+ FILE *fp;
+ char header[40], *b;
+ const struct ssh_signkey *alg;
+ int cipher, cipherblk;
+ unsigned char *public_blob;
+ int public_blob_len;
+ int i;
+
+ public_blob = NULL;
+
+ fp = fopen(filename, "rb");
+ if (!fp)
+ goto error;
+
+ /* Read the first header line which contains the key type. */
+ if (!read_header(fp, header) || 0!=strcmp(header, "PuTTY-User-Key-File-1"))
+ goto error;
+ if ((b = read_body(fp)) == NULL)
+ goto error;
+ /* Select key algorithm structure. Currently only ssh-rsa. */
+ if (!strcmp(b, "ssh-rsa"))
+ alg = &ssh_rsa;
+ else {
+ sfree(b);
+ goto error;
+ }
+ sfree(b);
+
+ /* Read the Encryption header line. */
+ if (!read_header(fp, header) || 0!=strcmp(header, "Encryption"))
+ goto error;
+ if ((b = read_body(fp)) == NULL)
+ goto error;
+ sfree(b); /* we don't care */
+
+ /* Read the Comment header line. */
+ if (!read_header(fp, header) || 0!=strcmp(header, "Comment"))
+ goto error;
+ if ((b = read_body(fp)) == NULL)
+ goto error;
+ sfree(b); /* we don't care */
+
+ /* Read the Public-Lines header line and the public blob. */
+ if (!read_header(fp, header) || 0!=strcmp(header, "Public-Lines"))
+ goto error;
+ if ((b = read_body(fp)) == NULL)
+ goto error;
+ i = atoi(b);
+ sfree(b);
+ if ((public_blob = read_blob(fp, i, &public_blob_len)) == NULL)
+ goto error;
+
+ fclose(fp);
+ *pub_blob_len = public_blob_len;
+ *algorithm = alg->name;
+ return public_blob;
+
+ /*
+ * Error processing.
+ */
+ error:
+ if (fp) fclose(fp);
+ if (public_blob) sfree(public_blob);
+ return NULL;
+}
+
+int ssh2_userkey_encrypted(char *filename, char **commentptr) {
+ FILE *fp;
+ char header[40], *b, *comment;
+ int ret;
+
+ if (commentptr) *commentptr = NULL;
+
+ fp = fopen(filename, "rb");
+ if (!fp)
+ return 0;
+ if (!read_header(fp, header) || 0!=strcmp(header, "PuTTY-User-Key-File-1")) {
+ fclose(fp); return 0;
+ }
+ if ((b = read_body(fp)) == NULL) {
+ fclose(fp); return 0;
+ }
+ sfree(b); /* we don't care about key type here */
+ /* Read the Encryption header line. */
+ if (!read_header(fp, header) || 0!=strcmp(header, "Encryption")) {
+ fclose(fp); return 0;
+ }
+ if ((b = read_body(fp)) == NULL) {
+ fclose(fp); return 0;
+ }
+
+ /* Read the Comment header line. */
+ if (!read_header(fp, header) || 0!=strcmp(header, "Comment")) {
+ fclose(fp); sfree(b); return 1;
+ }
+ if ((comment = read_body(fp)) == NULL) {
+ fclose(fp); sfree(b); return 1;
+ }
+
+ if (commentptr) *commentptr = comment;
+
+ fclose(fp);
+ if (!strcmp(b, "aes256-cbc"))
+ ret = 1;
+ else
+ ret = 0;
+ sfree(b);
+ return ret;
+}
+
+int base64_lines(int datalen) {
+ /* When encoding, we use 64 chars/line, which equals 48 real chars. */
+ return (datalen+47) / 48;
+}
+
+void base64_encode_atom(unsigned char *data, int n, char *out) {
+ static const char base64_chars[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+ unsigned word;
+
+ word = data[0] << 16;
+ if (n > 1)
+ word |= data[1] << 8;
+ if (n > 2)
+ word |= data[2];
+ out[0] = base64_chars[(word >> 18) & 0x3F];
+ out[1] = base64_chars[(word >> 12) & 0x3F];
+ if (n > 1)
+ out[2] = base64_chars[(word >> 6) & 0x3F];
+ else
+ out[2] = '=';
+ if (n > 2)
+ out[3] = base64_chars[word & 0x3F];
+ else
+ out[3] = '=';
+}
+
+void base64_encode(FILE *fp, unsigned char *data, int datalen) {
+ int linelen = 0;
+ char out[4];
+ int n;
+
+ while (datalen > 0) {
+ if (linelen >= 64) {
+ linelen = 0;
+ fputc('\n', fp);
+ }
+ n = (datalen < 3 ? datalen : 3);
+ base64_encode_atom(data, n, out);
+ data += n;
+ datalen -= n;
+ fwrite(out, 1, 4, fp);
+ linelen += 4;
+ }
+ fputc('\n', fp);
+}
+
+int ssh2_save_userkey(char *filename, struct ssh2_userkey *key, char *passphrase) {
+ FILE *fp;
+ unsigned char *pub_blob, *priv_blob, *priv_blob_encrypted;
+ int pub_blob_len, priv_blob_len, priv_encrypted_len;
+ int passlen;
+ int cipherblk;
+ int i;
+ char *cipherstr;
+ unsigned char priv_hash[20];
+
+ /*
+ * Fetch the key component blobs.
+ */
+ pub_blob = key->alg->public_blob(key->data, &pub_blob_len);
+ priv_blob = key->alg->private_blob(key->data, &priv_blob_len);
+ if (!pub_blob || !priv_blob) {
+ sfree(pub_blob);
+ sfree(priv_blob);
+ return 0;
+ }
+
+ /*
+ * Determine encryption details, and encrypt the private blob.
+ */
+ if (passphrase) {
+ cipherstr = "aes256-cbc";
+ cipherblk = 16;
+ } else {
+ cipherstr = "none";
+ cipherblk = 1;
+ }
+ priv_encrypted_len = priv_blob_len + cipherblk - 1;
+ priv_encrypted_len -= priv_encrypted_len % cipherblk;
+ priv_blob_encrypted = smalloc(priv_encrypted_len);
+ memset(priv_blob_encrypted, 0, priv_encrypted_len);
+ memcpy(priv_blob_encrypted, priv_blob, priv_blob_len);
+ /* Create padding based on the SHA hash of the unpadded blob. This prevents
+ * too easy a known-plaintext attack on the last block. */
+ SHA_Simple(priv_blob, priv_blob_len, priv_hash);
+ assert(priv_encrypted_len - priv_blob_len < 20);
+ memcpy(priv_blob_encrypted + priv_blob_len, priv_hash,
+ priv_encrypted_len - priv_blob_len);
+
+ /* Now create the _real_ private hash. */
+ SHA_Simple(priv_blob_encrypted, priv_encrypted_len, priv_hash);
+
+ if (passphrase) {
+ char key[40];
+ SHA_State s;
+
+ passlen = strlen(passphrase);
+
+ SHA_Init(&s);
+ SHA_Bytes(&s, "\0\0\0\0", 4);
+ SHA_Bytes(&s, passphrase, passlen);
+ SHA_Final(&s, key+0);
+ SHA_Init(&s);
+ SHA_Bytes(&s, "\0\0\0\1", 4);
+ SHA_Bytes(&s, passphrase, passlen);
+ SHA_Final(&s, key+20);
+ aes256_encrypt_pubkey(key, priv_blob_encrypted, priv_encrypted_len);
+ }
+
+ fp = fopen(filename, "w");
+ if (!fp)
+ return 0;
+ fprintf(fp, "PuTTY-User-Key-File-1: %s\n", key->alg->name);
+ fprintf(fp, "Encryption: %s\n", cipherstr);
+ fprintf(fp, "Comment: %s\n", key->comment);
+ fprintf(fp, "Public-Lines: %d\n", base64_lines(pub_blob_len));
+ base64_encode(fp, pub_blob, pub_blob_len);
+ fprintf(fp, "Private-Lines: %d\n", base64_lines(priv_encrypted_len));
+ base64_encode(fp, priv_blob_encrypted, priv_encrypted_len);
+ fprintf(fp, "Private-Hash: ");
+ for (i = 0; i < 20; i++)
+ fprintf(fp, "%02x", priv_hash[i]);
+ fprintf(fp, "\n");
+ fclose(fp);
+ return 1;
+}
+
+/* ----------------------------------------------------------------------
+ * A function to determine which version of SSH to try on a private
+ * key file. Returns 0 on failure, 1 or 2 on success.
+ */
+int keyfile_version(char *filename) {
+ FILE *fp;
+ int i;
+
+ fp = fopen(filename, "r");
+ if (!fp)
+ return 0;
+ i = fgetc(fp);
+ fclose(fp);
+ if (i == 'S')
+ return 1; /* "SSH PRIVATE KEY FORMAT" etc */
+ if (i == 'P') /* "PuTTY-User-Key-File" etc */
+ return 2;
+ return 0; /* unrecognised or EOF */
+}
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <assert.h>
+#include <windows.h> // FIXME
+#include "putty.h" // FIXME
#include "ssh.h"
return p;
}
+static unsigned char *rsa2_public_blob(void *key, int *len) {
+ struct RSAKey *rsa = (struct RSAKey *)key;
+ int elen, mlen, bloblen;
+ int i;
+ unsigned char *blob, *p;
+
+ elen = (ssh1_bignum_bitcount(rsa->exponent)+8)/8;
+ mlen = (ssh1_bignum_bitcount(rsa->modulus)+8)/8;
+
+ /*
+ * string "ssh-rsa", mpint exp, mpint mod. Total 19+elen+mlen.
+ * (three length fields, 12+7=19).
+ */
+ bloblen = 19+elen+mlen;
+ blob = smalloc(bloblen);
+ p = blob;
+ PUT_32BIT(p, 7); p += 4;
+ memcpy(p, "ssh-rsa", 7); p += 7;
+ PUT_32BIT(p, elen); p += 4;
+ for (i = elen; i-- ;) *p++ = bignum_byte(rsa->exponent, i);
+ PUT_32BIT(p, mlen); p += 4;
+ for (i = mlen; i-- ;) *p++ = bignum_byte(rsa->modulus, i);
+ assert(p == blob + bloblen);
+ *len = bloblen;
+ return blob;
+}
+
+static unsigned char *rsa2_private_blob(void *key, int *len) {
+ struct RSAKey *rsa = (struct RSAKey *)key;
+ int dlen, plen, qlen, ulen, bloblen;
+ int i;
+ unsigned char *blob, *p;
+
+ dlen = (ssh1_bignum_bitcount(rsa->private_exponent)+8)/8;
+ plen = (ssh1_bignum_bitcount(rsa->p)+8)/8;
+ qlen = (ssh1_bignum_bitcount(rsa->q)+8)/8;
+ ulen = (ssh1_bignum_bitcount(rsa->iqmp)+8)/8;
+
+ /*
+ * mpint private_exp, mpint p, mpint q, mpint iqmp. Total 16 +
+ * sum of lengths.
+ */
+ bloblen = 16+dlen+plen+qlen+ulen;
+ blob = smalloc(bloblen);
+ p = blob;
+ PUT_32BIT(p, dlen); p += 4;
+ for (i = dlen; i-- ;) *p++ = bignum_byte(rsa->private_exponent, i);
+ PUT_32BIT(p, plen); p += 4;
+ for (i = plen; i-- ;) *p++ = bignum_byte(rsa->p, i);
+ PUT_32BIT(p, qlen); p += 4;
+ for (i = qlen; i-- ;) *p++ = bignum_byte(rsa->q, i);
+ PUT_32BIT(p, ulen); p += 4;
+ for (i = ulen; i-- ;) *p++ = bignum_byte(rsa->iqmp, i);
+ assert(p == blob + bloblen);
+ *len = bloblen;
+ return blob;
+}
+
+static void *rsa2_createkey(unsigned char *pub_blob, int pub_len,
+ unsigned char *priv_blob, int priv_len) {
+ struct RSAKey *rsa;
+ char *pb = (char *)priv_blob;
+
+ rsa = rsa2_newkey((char *)pub_blob, pub_len);
+ rsa->private_exponent = getmp(&pb, &priv_len);
+ rsa->p = getmp(&pb, &priv_len);
+ rsa->q = getmp(&pb, &priv_len);
+ rsa->iqmp = getmp(&pb, &priv_len);
+
+ return rsa;
+}
+
static char *rsa2_fingerprint(void *key) {
struct RSAKey *rsa = (struct RSAKey *)key;
struct MD5Context md5c;
return ret;
}
-int rsa2_sign(void *key, char *sig, int siglen,
- char *data, int datalen) {
- return 0; /* FIXME */
+unsigned char *rsa2_sign(void *key, char *data, int datalen, int *siglen) {
+ struct RSAKey *rsa = (struct RSAKey *)key;
+ unsigned char *bytes;
+ int nbytes;
+ unsigned char hash[20];
+ Bignum in, out;
+ int i, j;
+
+ SHA_Simple(data, datalen, hash);
+
+ nbytes = (ssh1_bignum_bitcount(rsa->modulus)-1) / 8;
+ bytes = smalloc(nbytes);
+
+ bytes[0] = 1;
+ for (i = 1; i < nbytes-20-sizeof(asn1_weird_stuff); i++)
+ bytes[i] = 0xFF;
+ for (i = nbytes-20-sizeof(asn1_weird_stuff), j=0; i < nbytes-20; i++,j++)
+ bytes[i] = asn1_weird_stuff[j];
+ for (i = nbytes-20, j=0; i < nbytes; i++,j++)
+ bytes[i] = hash[j];
+
+ in = bignum_from_bytes(bytes, nbytes);
+ sfree(bytes);
+
+ out = modpow(in, rsa->private_exponent, rsa->modulus);
+ freebn(in);
+
+ nbytes = (ssh1_bignum_bitcount(out)+7)/8;
+ bytes = smalloc(4+7+4+nbytes);
+ PUT_32BIT(bytes, 7);
+ memcpy(bytes+4, "ssh-rsa", 7);
+ PUT_32BIT(bytes+4+7, nbytes);
+ for (i = 0; i < nbytes; i++)
+ bytes[4+7+4+i] = bignum_byte(out, nbytes-1-i);
+ freebn(out);
+
+ *siglen = 4+7+4+nbytes;
+ return bytes;
}
-struct ssh_signkey ssh_rsa = {
+const struct ssh_signkey ssh_rsa = {
rsa2_newkey,
rsa2_freekey,
rsa2_fmtkey,
+ rsa2_public_blob,
+ rsa2_private_blob,
+ rsa2_createkey,
rsa2_fingerprint,
rsa2_verifysig,
rsa2_sign,
}
#endif
-int rsa_generate(struct RSAKey *key, struct RSAAux *aux, int bits,
- progfn_t pfn, void *pfnparam) {
+int rsa_generate(struct RSAKey *key, int bits, progfn_t pfn, void *pfnparam) {
Bignum pm1, qm1, phi_n;
/*
* general that's slightly more fiddly to arrange. By choosing
* a prime e, we can simplify the criterion.)
*/
- aux->p = primegen(bits/2, RSA_EXPONENT, 1, 1, pfn, pfnparam);
- aux->q = primegen(bits - bits/2, RSA_EXPONENT, 1, 2, pfn, pfnparam);
+ key->p = primegen(bits/2, RSA_EXPONENT, 1, 1, pfn, pfnparam);
+ key->q = primegen(bits - bits/2, RSA_EXPONENT, 1, 2, pfn, pfnparam);
/*
* Ensure p > q, by swapping them if not.
*/
- if (bignum_cmp(aux->p, aux->q) < 0) {
- Bignum t = aux->p;
- aux->p = aux->q;
- aux->q = t;
+ if (bignum_cmp(key->p, key->q) < 0) {
+ Bignum t = key->p;
+ key->p = key->q;
+ key->q = t;
}
/*
* and (q^-1 mod p).
*/
pfn(pfnparam, 3, 1);
- key->modulus = bigmul(aux->p, aux->q);
+ key->modulus = bigmul(key->p, key->q);
pfn(pfnparam, 3, 2);
- pm1 = copybn(aux->p);
+ pm1 = copybn(key->p);
decbn(pm1);
- qm1 = copybn(aux->q);
+ qm1 = copybn(key->q);
decbn(qm1);
phi_n = bigmul(pm1, qm1);
pfn(pfnparam, 3, 3);
freebn(qm1);
key->private_exponent = modinv(key->exponent, phi_n);
pfn(pfnparam, 3, 4);
- aux->iqmp = modinv(aux->q, aux->p);
+ key->iqmp = modinv(key->q, key->p);
pfn(pfnparam, 3, 5);
/*
return !memcmp(correct, blk+len, 20);
}
-struct ssh_mac ssh_sha1 = {
+const struct ssh_mac ssh_sha1 = {
sha1_cskey, sha1_sckey,
sha1_generate,
sha1_verify,
20
};
-struct ssh_mac ssh_sha1_buggy = {
+const struct ssh_mac ssh_sha1_buggy = {
sha1_cskey_buggy, sha1_sckey_buggy,
sha1_generate,
sha1_verify,