From 1c2a93c4834e2cc84f29c997b16a28e2c9c4fb4d Mon Sep 17 00:00:00 2001 From: simon Date: Tue, 26 Sep 2000 14:26:21 +0000 Subject: [PATCH] Implement OpenSSH-compatible RSA key fingerprints and use them throughout git-svn-id: svn://svn.tartarus.org/sgt/putty@637 cda61777-01e9-0310-a592-d414129be87e --- pageant.c | 29 +++++++++------- pageant.rc | 2 +- ssh.c | 16 +++------ ssh.h | 1 + sshrsa.c | 109 ++++++++++++++++++++----------------------------------------- win_res.rc | 8 ++--- 6 files changed, 65 insertions(+), 100 deletions(-) diff --git a/pageant.c b/pageant.c index 950889d2..a9af585c 100644 --- a/pageant.c +++ b/pageant.c @@ -143,8 +143,16 @@ void keylist_update(void) { if (keylist) { SendDlgItemMessage(keylist, 100, LB_RESETCONTENT, 0, 0); for (key = first234(rsakeys, &e); key; key = next234(&e)) { + char listentry[512], *p; + /* + * Replace two spaces in the fingerprint with tabs, for + * nice alignment in the box. + */ + rsa_fingerprint(listentry, sizeof(listentry), key); + p = strchr(listentry, ' '); if (p) *p = '\t'; + p = strchr(listentry, ' '); if (p) *p = '\t'; SendDlgItemMessage (keylist, 100, LB_ADDSTRING, - 0, (LPARAM) key->comment); + 0, (LPARAM)listentry); } SendDlgItemMessage (keylist, 100, LB_SETCURSEL, (WPARAM) -1, 0); } @@ -327,6 +335,7 @@ void answer_msg(void *msg) { ret[4] = SSH_AGENT_SUCCESS; } else { freersakey(key); + free(key); } } break; @@ -413,10 +422,13 @@ static int CALLBACK KeyListProc(HWND hwnd, UINT msg, switch (msg) { case WM_INITDIALOG: - for (key = first234(rsakeys, &e); key; key = next234(&e)) { - SendDlgItemMessage (hwnd, 100, LB_ADDSTRING, - 0, (LPARAM) key->comment); - } + keylist = hwnd; + { + static int tabs[2] = {25, 175}; + SendDlgItemMessage (hwnd, 100, LB_SETTABSTOPS, 2, + (LPARAM) tabs); + } + keylist_update(); return 0; case WM_COMMAND: switch (LOWORD(wParam)) { @@ -463,12 +475,7 @@ static int CALLBACK KeyListProc(HWND hwnd, UINT msg, break; del234(rsakeys, key); freersakey(key); free(key); - SendDlgItemMessage(hwnd, 100, LB_RESETCONTENT, 0, 0); - for (key = first234(rsakeys, &e); key; key = next234(&e)) { - SendDlgItemMessage (hwnd, 100, LB_ADDSTRING, - 0, (LPARAM) key->comment); - } - SendDlgItemMessage (hwnd, 100, LB_SETCURSEL, (WPARAM) -1, 0); + keylist_update(); } return 0; } diff --git a/pageant.rc b/pageant.rc index d6390987..e17cbcb5 100644 --- a/pageant.rc +++ b/pageant.rc @@ -24,7 +24,7 @@ CAPTION "Pageant Key List" FONT 8, "MS Sans Serif" BEGIN LISTBOX 100, 10, 10, 280, 155, - LBS_HASSTRINGS | WS_VSCROLL | WS_TABSTOP + LBS_HASSTRINGS | LBS_USETABSTOPS | WS_VSCROLL | WS_TABSTOP PUSHBUTTON "&Add Key", 101, 60, 162, 60, 14 PUSHBUTTON "&Remove Key", 102, 180, 162, 60, 14 DEFPUSHBUTTON "&Close", IDOK, 240, 182, 50, 14 diff --git a/ssh.c b/ssh.c index 3b4fcb2a..0db92fc2 100644 --- a/ssh.c +++ b/ssh.c @@ -1100,21 +1100,15 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt) j = makekey(pktin.body+8+i, &hostkey, &keystr2, 0); /* - * Hash the host key and print the hash in the log box. Just as - * a last resort in case the registry's host key checking is - * compromised, we'll allow the user some ability to verify - * host keys by eye. + * Log the host key fingerprint. */ - MD5Init(&md5c); - MD5Update(&md5c, keystr2, hostkey.bytes); - MD5Final(session_id, &md5c); { char logmsg[80]; - int i; - logevent("Host key MD5 is:"); + logevent("Host key fingerprint is:"); strcpy(logmsg, " "); - for (i = 0; i < 16; i++) - sprintf(logmsg+strlen(logmsg), "%02x", session_id[i]); + hostkey.comment = NULL; + rsa_fingerprint(logmsg+strlen(logmsg), sizeof(logmsg)-strlen(logmsg), + &hostkey); logevent(logmsg); } diff --git a/ssh.h b/ssh.h index 058c5247..19a514cd 100644 --- a/ssh.h +++ b/ssh.h @@ -48,6 +48,7 @@ void rsasign(unsigned char *data, int length, struct RSAKey *key); void rsasanitise(struct RSAKey *key); int rsastr_len(struct RSAKey *key); void rsastr_fmt(char *str, struct RSAKey *key); +void rsa_fingerprint(char *str, int len, struct RSAKey *key); void freersakey(struct RSAKey *key); typedef unsigned int word32; diff --git a/sshrsa.c b/sshrsa.c index 324fbd1d..5ea4cc72 100644 --- a/sshrsa.c +++ b/sshrsa.c @@ -9,35 +9,9 @@ #include #include -#if defined TESTMODE || defined RSADEBUG -#ifndef DLVL -#define DLVL 10000 -#endif -#define debug(x) bndebug(#x,x) -static int level = 0; -static void bndebug(char *name, Bignum b) { - int i; - int w = 50-level-strlen(name)-5*b[0]; - if (level >= DLVL) - return; - if (w < 0) w = 0; - dprintf("%*s%s%*s", level, "", name, w, ""); - for (i=b[0]; i>0; i--) - dprintf(" %04x", b[i]); - dprintf("\n"); -} -#define dmsg(x) do {if(levelexponent); - memmove(data+key->bytes-length, data, length); data[0] = 0; data[1] = 2; @@ -106,12 +78,8 @@ void rsaencrypt(unsigned char *data, int length, struct RSAKey *key) { b1[1+i/2] |= byte; } - debug(b1); - modpow(b1, key->exponent, key->modulus, b2); - debug(b2); - p = data; for (i=key->bytes; i-- ;) { unsigned char b; @@ -160,49 +128,44 @@ void rsastr_fmt(char *str, struct RSAKey *key) { str[len] = '\0'; } +/* + * Generate a fingerprint string for the key. Compatible with the + * OpenSSH fingerprint code. + */ +void rsa_fingerprint(char *str, int len, struct RSAKey *key) { + struct MD5Context md5c; + unsigned char digest[16]; + char buffer[16*3+40]; + int numlen, slen, i; + + MD5Init(&md5c); + numlen = ssh1_bignum_length(key->modulus) - 2; + for (i = numlen; i-- ;) { + unsigned char c = bignum_byte(key->modulus, i); + MD5Update(&md5c, &c, 1); + } + numlen = ssh1_bignum_length(key->exponent) - 2; + for (i = numlen; i-- ;) { + unsigned char c = bignum_byte(key->exponent, i); + MD5Update(&md5c, &c, 1); + } + MD5Final(digest, &md5c); + + sprintf(buffer, "%d ", ssh1_bignum_bitcount(key->modulus)); + for (i = 0; i < 16; i++) + sprintf(buffer+strlen(buffer), "%s%02x", i?":":"", digest[i]); + strncpy(str, buffer, len); str[len-1] = '\0'; + slen = strlen(str); + if (key->comment && slen < len-1) { + str[slen] = ' '; + strncpy(str+slen+1, key->comment, len-slen-1); + str[len-1] = '\0'; + } +} + void freersakey(struct RSAKey *key) { if (key->modulus) freebn(key->modulus); if (key->exponent) freebn(key->exponent); if (key->private_exponent) freebn(key->private_exponent); if (key->comment) free(key->comment); } - -#ifdef TESTMODE - -#ifndef NODDY -#define p1 10007 -#define p2 10069 -#define p3 10177 -#else -#define p1 3 -#define p2 7 -#define p3 13 -#endif - -unsigned short P1[2] = { 1, p1 }; -unsigned short P2[2] = { 1, p2 }; -unsigned short P3[2] = { 1, p3 }; -unsigned short bigmod[5] = { 4, 0, 0, 0, 32768U }; -unsigned short mod[5] = { 4, 0, 0, 0, 0 }; -unsigned short a[5] = { 4, 0, 0, 0, 0 }; -unsigned short b[5] = { 4, 0, 0, 0, 0 }; -unsigned short c[5] = { 4, 0, 0, 0, 0 }; -unsigned short One[2] = { 1, 1 }; -unsigned short Two[2] = { 1, 2 }; - -int main(void) { - modmult(P1, P2, bigmod, a); debug(a); - modmult(a, P3, bigmod, mod); debug(mod); - - sub(P1, One, a); debug(a); - sub(P2, One, b); debug(b); - modmult(a, b, bigmod, c); debug(c); - sub(P3, One, a); debug(a); - modmult(a, c, bigmod, b); debug(b); - - modpow(Two, b, mod, a); debug(a); - - return 0; -} - -#endif diff --git a/win_res.rc b/win_res.rc index 1bf3bb72..eb89218a 100644 --- a/win_res.rc +++ b/win_res.rc @@ -341,14 +341,14 @@ BEGIN END /* Accelerators used: co */ -IDD_LOGBOX DIALOG DISCARDABLE 100, 20, 160, 119 +IDD_LOGBOX DIALOG DISCARDABLE 100, 20, 260, 119 STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "PuTTY Event Log" FONT 8, "MS Sans Serif" BEGIN - DEFPUSHBUTTON "&Close", IDOK, 85, 102, 44, 14 - PUSHBUTTON "C&opy", IDN_COPY, 31, 102, 44, 14 - LISTBOX IDN_LIST, 3, 3, 154, 95, LBS_HASSTRINGS | LBS_USETABSTOPS | WS_VSCROLL | LBS_EXTENDEDSEL + DEFPUSHBUTTON "&Close", IDOK, 135, 102, 44, 14 + PUSHBUTTON "C&opy", IDN_COPY, 81, 102, 44, 14 + LISTBOX IDN_LIST, 3, 3, 254, 95, LBS_HASSTRINGS | LBS_USETABSTOPS | WS_VSCROLL | LBS_EXTENDEDSEL END /* No accelerators used */ -- 2.11.0