2 * Generic SSH public-key handling operations. In particular,
3 * reading of SSH public-key files, and also the generic `sign'
4 * operation for ssh2 (which checks the type of the key and
5 * dispatches to the appropriate key-type specific function).
13 #define GET_32BIT(cp) \
14 (((unsigned long)(unsigned char)(cp)[0] << 24) | \
15 ((unsigned long)(unsigned char)(cp)[1] << 16) | \
16 ((unsigned long)(unsigned char)(cp)[2] << 8) | \
17 ((unsigned long)(unsigned char)(cp)[3]))
19 #define rsa_signature "SSH PRIVATE KEY FILE FORMAT 1.1\n"
21 #define BASE64_TOINT(x) ( (x)-'A'<26 ? (x)-'A'+0 :\
22 (x)-'a'<26 ? (x)-'a'+26 :\
23 (x)-'0'<10 ? (x)-'0'+52 :\
27 static int loadrsakey_main(FILE *fp, struct RSAKey *key,
28 char **commentptr, char *passphrase) {
29 unsigned char buf[16384];
30 unsigned char keybuf[16];
34 struct MD5Context md5c;
37 /* Slurp the whole file (minus the header) into a buffer. */
38 len = fread(buf, 1, sizeof(buf), fp);
40 if (len < 0 || len == sizeof(buf))
41 goto end; /* file too big or not read */
46 * A zero byte. (The signature includes a terminating NUL.)
48 if (len-i < 1 || buf[i] != 0)
52 /* One byte giving encryption type, and one reserved uint32. */
56 if (ciphertype != 0 && ciphertype != SSH_CIPHER_3DES)
60 goto end; /* reserved field not present */
61 if (buf[i] != 0 || buf[i+1] != 0 || buf[i+2] != 0 || buf[i+3] != 0)
62 goto end; /* reserved field nonzero, panic! */
65 /* Now the serious stuff. An ordinary SSH 1 public key. */
66 i += makekey(buf+i, key, NULL, 1);
68 goto end; /* overran */
70 /* Next, the comment field. */
73 if (len-i < j) goto end;
74 comment = malloc(j+1);
76 memcpy(comment, buf+i, j);
81 *commentptr = comment;
83 key->comment = comment;
85 return ciphertype != 0;
89 * Decrypt remainder of buffer.
93 MD5Update(&md5c, passphrase, strlen(passphrase));
94 MD5Final(keybuf, &md5c);
95 des3_decrypt_pubkey(keybuf, buf+i, (len-i+7)&~7);
96 memset(keybuf, 0, sizeof(keybuf)); /* burn the evidence */
100 * We are now in the secret part of the key. The first four
101 * bytes should be of the form a, b, a, b.
103 if (len-i < 4) goto end;
104 if (buf[i] != buf[i+2] || buf[i+1] != buf[i+3]) { ret = -1; goto end; }
108 * After that, we have one further bignum which is our
109 * decryption modulus, and then we're done.
111 i += makeprivate(buf+i, key);
112 if (len-i < 0) goto end;
116 memset(buf, 0, sizeof(buf)); /* burn the evidence */
120 int loadrsakey(char *filename, struct RSAKey *key, char *passphrase) {
122 unsigned char buf[64];
124 fp = fopen(filename, "rb");
126 return 0; /* doesn't even exist */
129 * Read the first line of the file and see if it's a v1 private
132 if (fgets(buf, sizeof(buf), fp) &&
133 !strcmp(buf, rsa_signature)) {
134 return loadrsakey_main(fp, key, NULL, passphrase);
138 * Otherwise, we have nothing. Return empty-handed.
145 * See whether an RSA key is encrypted. Return its comment field as
148 int rsakey_encrypted(char *filename, char **comment) {
150 unsigned char buf[64];
152 fp = fopen(filename, "rb");
154 return 0; /* doesn't even exist */
157 * Read the first line of the file and see if it's a v1 private
160 if (fgets(buf, sizeof(buf), fp) &&
161 !strcmp(buf, rsa_signature)) {
162 return loadrsakey_main(fp, NULL, comment, NULL);
164 return 0; /* wasn't the right kind of file */