+ if (!strcmp(b, "aes256-cbc"))
+ ret = 1;
+ else
+ ret = 0;
+ sfree(b);
+ return ret;
+}
+
+int base64_lines(int datalen)
+{
+ /* When encoding, we use 64 chars/line, which equals 48 real chars. */
+ return (datalen + 47) / 48;
+}
+
+void base64_encode(FILE *fp, const unsigned char *data, int datalen, int cpl)
+{
+ int linelen = 0;
+ char out[4];
+ int n, i;
+
+ while (datalen > 0) {
+ n = (datalen < 3 ? datalen : 3);
+ base64_encode_atom(data, n, out);
+ data += n;
+ datalen -= n;
+ for (i = 0; i < 4; i++) {
+ if (linelen >= cpl) {
+ linelen = 0;
+ fputc('\n', fp);
+ }
+ fputc(out[i], fp);
+ linelen++;
+ }
+ }
+ fputc('\n', fp);
+}
+
+int ssh2_save_userkey(const Filename *filename, struct ssh2_userkey *key,
+ char *passphrase)
+{
+ FILE *fp;
+ unsigned char *pub_blob, *priv_blob, *priv_blob_encrypted;
+ int pub_blob_len, priv_blob_len, priv_encrypted_len;
+ int passlen;
+ int cipherblk;
+ int i;
+ const char *cipherstr;
+ unsigned char priv_mac[20];
+
+ /*
+ * Fetch the key component blobs.
+ */
+ pub_blob = key->alg->public_blob(key->data, &pub_blob_len);
+ priv_blob = key->alg->private_blob(key->data, &priv_blob_len);
+ if (!pub_blob || !priv_blob) {
+ sfree(pub_blob);
+ sfree(priv_blob);
+ return 0;
+ }
+
+ /*
+ * Determine encryption details, and encrypt the private blob.
+ */
+ if (passphrase) {
+ cipherstr = "aes256-cbc";
+ cipherblk = 16;
+ } else {
+ cipherstr = "none";
+ cipherblk = 1;
+ }
+ priv_encrypted_len = priv_blob_len + cipherblk - 1;
+ priv_encrypted_len -= priv_encrypted_len % cipherblk;
+ priv_blob_encrypted = snewn(priv_encrypted_len, unsigned char);
+ memset(priv_blob_encrypted, 0, priv_encrypted_len);
+ memcpy(priv_blob_encrypted, priv_blob, priv_blob_len);
+ /* Create padding based on the SHA hash of the unpadded blob. This prevents
+ * too easy a known-plaintext attack on the last block. */
+ SHA_Simple(priv_blob, priv_blob_len, priv_mac);
+ assert(priv_encrypted_len - priv_blob_len < 20);
+ memcpy(priv_blob_encrypted + priv_blob_len, priv_mac,
+ priv_encrypted_len - priv_blob_len);
+
+ /* Now create the MAC. */
+ {
+ unsigned char *macdata;
+ int maclen;
+ unsigned char *p;
+ int namelen = strlen(key->alg->name);
+ int enclen = strlen(cipherstr);
+ int commlen = strlen(key->comment);
+ SHA_State s;
+ unsigned char mackey[20];
+ char header[] = "putty-private-key-file-mac-key";
+
+ maclen = (4 + namelen +
+ 4 + enclen +
+ 4 + commlen +
+ 4 + pub_blob_len +
+ 4 + priv_encrypted_len);
+ macdata = snewn(maclen, unsigned char);
+ p = macdata;
+#define DO_STR(s,len) PUT_32BIT(p,(len));memcpy(p+4,(s),(len));p+=4+(len)
+ DO_STR(key->alg->name, namelen);
+ DO_STR(cipherstr, enclen);
+ DO_STR(key->comment, commlen);
+ DO_STR(pub_blob, pub_blob_len);
+ DO_STR(priv_blob_encrypted, priv_encrypted_len);
+
+ SHA_Init(&s);
+ SHA_Bytes(&s, header, sizeof(header)-1);
+ if (passphrase)
+ SHA_Bytes(&s, passphrase, strlen(passphrase));
+ SHA_Final(&s, mackey);
+ hmac_sha1_simple(mackey, 20, macdata, maclen, priv_mac);
+ smemclr(macdata, maclen);
+ sfree(macdata);
+ smemclr(mackey, sizeof(mackey));
+ smemclr(&s, sizeof(s));
+ }
+
+ if (passphrase) {
+ unsigned char key[40];
+ SHA_State s;
+
+ passlen = strlen(passphrase);
+
+ SHA_Init(&s);
+ SHA_Bytes(&s, "\0\0\0\0", 4);
+ SHA_Bytes(&s, passphrase, passlen);
+ SHA_Final(&s, key + 0);
+ SHA_Init(&s);
+ SHA_Bytes(&s, "\0\0\0\1", 4);
+ SHA_Bytes(&s, passphrase, passlen);
+ SHA_Final(&s, key + 20);
+ aes256_encrypt_pubkey(key, priv_blob_encrypted,
+ priv_encrypted_len);
+
+ smemclr(key, sizeof(key));
+ smemclr(&s, sizeof(s));
+ }
+
+ fp = f_open(filename, "w", TRUE);
+ if (!fp) {
+ sfree(pub_blob);
+ smemclr(priv_blob, priv_blob_len);
+ sfree(priv_blob);
+ smemclr(priv_blob_encrypted, priv_blob_len);
+ sfree(priv_blob_encrypted);
+ return 0;
+ }
+ fprintf(fp, "PuTTY-User-Key-File-2: %s\n", key->alg->name);
+ fprintf(fp, "Encryption: %s\n", cipherstr);
+ fprintf(fp, "Comment: %s\n", key->comment);
+ fprintf(fp, "Public-Lines: %d\n", base64_lines(pub_blob_len));
+ base64_encode(fp, pub_blob, pub_blob_len, 64);
+ fprintf(fp, "Private-Lines: %d\n", base64_lines(priv_encrypted_len));
+ base64_encode(fp, priv_blob_encrypted, priv_encrypted_len, 64);
+ fprintf(fp, "Private-MAC: ");
+ for (i = 0; i < 20; i++)
+ fprintf(fp, "%02x", priv_mac[i]);
+ fprintf(fp, "\n");
+ fclose(fp);
+
+ sfree(pub_blob);
+ smemclr(priv_blob, priv_blob_len);
+ sfree(priv_blob);
+ smemclr(priv_blob_encrypted, priv_blob_len);
+ sfree(priv_blob_encrypted);
+ return 1;
+}
+
+/* ----------------------------------------------------------------------
+ * Output public keys.
+ */
+char *ssh1_pubkey_str(struct RSAKey *key)
+{
+ char *buffer;
+ char *dec1, *dec2;
+
+ dec1 = bignum_decimal(key->exponent);
+ dec2 = bignum_decimal(key->modulus);
+ buffer = dupprintf("%d %s %s%s%s", bignum_bitcount(key->modulus),
+ dec1, dec2,
+ key->comment ? " " : "",
+ key->comment ? key->comment : "");
+ sfree(dec1);
+ sfree(dec2);
+ return buffer;
+}
+
+void ssh1_write_pubkey(FILE *fp, struct RSAKey *key)
+{
+ char *buffer = ssh1_pubkey_str(key);
+ fprintf(fp, "%s\n", buffer);
+ sfree(buffer);
+}
+
+static char *ssh2_pubkey_openssh_str_internal(const char *comment,
+ const void *v_pub_blob,
+ int pub_len)
+{
+ const unsigned char *ssh2blob = (const unsigned char *)v_pub_blob;
+ const char *alg;
+ int alglen;
+ char *buffer, *p;
+ int i;
+
+ if (pub_len < 4) {
+ alg = NULL;
+ } else {
+ alglen = GET_32BIT(ssh2blob);
+ if (alglen > 0 && alglen < pub_len - 4) {
+ alg = (const char *)ssh2blob + 4;
+ } else {
+ alg = NULL;
+ }
+ }
+
+ if (!alg) {
+ alg = "INVALID-ALGORITHM";
+ alglen = strlen(alg);
+ }
+
+ buffer = snewn(alglen +
+ 4 * ((pub_len+2) / 3) +
+ (comment ? strlen(comment) : 0) + 3, char);
+ p = buffer + sprintf(buffer, "%.*s ", alglen, alg);
+ i = 0;
+ while (i < pub_len) {
+ int n = (pub_len - i < 3 ? pub_len - i : 3);
+ base64_encode_atom(ssh2blob + i, n, p);
+ i += n;
+ p += 4;
+ }
+ if (*comment) {
+ *p++ = ' ';
+ strcpy(p, comment);
+ } else
+ *p++ = '\0';
+
+ return buffer;
+}
+
+char *ssh2_pubkey_openssh_str(struct ssh2_userkey *key)
+{
+ int bloblen;
+ unsigned char *blob;
+ char *ret;
+
+ blob = key->alg->public_blob(key->data, &bloblen);
+ ret = ssh2_pubkey_openssh_str_internal(key->comment, blob, bloblen);
+ sfree(blob);
+
+ return ret;
+}
+
+void ssh2_write_pubkey(FILE *fp, const char *comment,
+ const void *v_pub_blob, int pub_len,
+ int keytype)
+{
+ unsigned char *pub_blob = (unsigned char *)v_pub_blob;
+
+ if (keytype == SSH_KEYTYPE_SSH2_PUBLIC_RFC4716) {
+ const char *p;
+ int i, column;
+
+ fprintf(fp, "---- BEGIN SSH2 PUBLIC KEY ----\n");
+
+ if (comment) {
+ fprintf(fp, "Comment: \"");
+ for (p = comment; *p; p++) {
+ if (*p == '\\' || *p == '\"')
+ fputc('\\', fp);
+ fputc(*p, fp);
+ }
+ fprintf(fp, "\"\n");
+ }
+
+ i = 0;
+ column = 0;
+ while (i < pub_len) {
+ char buf[5];
+ int n = (pub_len - i < 3 ? pub_len - i : 3);
+ base64_encode_atom(pub_blob + i, n, buf);
+ i += n;
+ buf[4] = '\0';
+ fputs(buf, fp);
+ if (++column >= 16) {
+ fputc('\n', fp);
+ column = 0;
+ }
+ }
+ if (column > 0)
+ fputc('\n', fp);
+
+ fprintf(fp, "---- END SSH2 PUBLIC KEY ----\n");
+ } else if (keytype == SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH) {
+ char *buffer = ssh2_pubkey_openssh_str_internal(comment,
+ v_pub_blob, pub_len);
+ fprintf(fp, "%s\n", buffer);
+ sfree(buffer);
+ } else {
+ assert(0 && "Bad key type in ssh2_write_pubkey");
+ }
+}
+
+/* ----------------------------------------------------------------------
+ * Utility functions to compute SSH-2 fingerprints in a uniform way.
+ */
+char *ssh2_fingerprint_blob(const void *blob, int bloblen)
+{
+ unsigned char digest[16];
+ char fingerprint_str[16*3];
+ const char *algstr;
+ int alglen;
+ const struct ssh_signkey *alg;
+ int i;
+
+ /*
+ * The fingerprint hash itself is always just the MD5 of the blob.
+ */
+ MD5Simple(blob, bloblen, digest);
+ for (i = 0; i < 16; i++)
+ sprintf(fingerprint_str + i*3, "%02x%s", digest[i], i==15 ? "" : ":");
+
+ /*
+ * Identify the key algorithm, if possible.
+ */
+ alglen = toint(GET_32BIT((const unsigned char *)blob));
+ if (alglen > 0 && alglen < bloblen-4) {
+ algstr = (const char *)blob + 4;
+
+ /*
+ * If we can actually identify the algorithm as one we know
+ * about, get hold of the key's bit count too.
+ */
+ alg = find_pubkey_alg_len(alglen, algstr);
+ if (alg) {
+ int bits = alg->pubkey_bits(alg, blob, bloblen);
+ return dupprintf("%.*s %d %s", alglen, algstr,
+ bits, fingerprint_str);
+ } else {
+ return dupprintf("%.*s %s", alglen, algstr, fingerprint_str);
+ }
+ } else {
+ /*
+ * No algorithm available (which means a seriously confused
+ * key blob, but there we go). Return only the hash.
+ */
+ return dupstr(fingerprint_str);
+ }
+}
+
+char *ssh2_fingerprint(const struct ssh_signkey *alg, void *data)
+{
+ int len;
+ unsigned char *blob = alg->public_blob(data, &len);
+ char *ret = ssh2_fingerprint_blob(blob, len);
+ sfree(blob);
+ return ret;
+}
+
+/* ----------------------------------------------------------------------
+ * Determine the type of a private key file.
+ */
+static int key_type_fp(FILE *fp)
+{
+ char buf[1024];
+ const char public_std_sig[] = "---- BEGIN SSH2 PUBLIC KEY";
+ const char putty2_sig[] = "PuTTY-User-Key-File-";
+ const char sshcom_sig[] = "---- BEGIN SSH2 ENCRYPTED PRIVAT";
+ const char openssh_new_sig[] = "-----BEGIN OPENSSH PRIVATE KEY";
+ const char openssh_sig[] = "-----BEGIN ";
+ int i;
+ char *p;
+
+ i = fread(buf, 1, sizeof(buf)-1, fp);
+ rewind(fp);
+
+ if (i < 0)
+ return SSH_KEYTYPE_UNOPENABLE;
+ if (i < 32)
+ return SSH_KEYTYPE_UNKNOWN;
+ assert(i > 0 && i < sizeof(buf));
+ buf[i] = '\0';
+ if (!memcmp(buf, rsa_signature, sizeof(rsa_signature)-1))
+ return SSH_KEYTYPE_SSH1;
+ if (!memcmp(buf, public_std_sig, sizeof(public_std_sig)-1))
+ return SSH_KEYTYPE_SSH2_PUBLIC_RFC4716;
+ if (!memcmp(buf, putty2_sig, sizeof(putty2_sig)-1))
+ return SSH_KEYTYPE_SSH2;
+ if (!memcmp(buf, openssh_new_sig, sizeof(openssh_new_sig)-1))
+ return SSH_KEYTYPE_OPENSSH_NEW;
+ if (!memcmp(buf, openssh_sig, sizeof(openssh_sig)-1))
+ return SSH_KEYTYPE_OPENSSH_PEM;
+ if (!memcmp(buf, sshcom_sig, sizeof(sshcom_sig)-1))
+ return SSH_KEYTYPE_SSHCOM;
+ if ((p = buf + strspn(buf, "0123456789"), *p == ' ') &&
+ (p = p+1 + strspn(p+1, "0123456789"), *p == ' ') &&
+ (p = p+1 + strspn(p+1, "0123456789"), *p == ' ' || *p == '\n' || !*p))
+ return SSH_KEYTYPE_SSH1_PUBLIC;
+ if ((p = buf + strcspn(buf, " "), find_pubkey_alg_len(p-buf, buf)) &&
+ (p = p+1 + strspn(p+1, "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghij"
+ "klmnopqrstuvwxyz+/="),
+ *p == ' ' || *p == '\n' || !*p))
+ return SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH;
+ return SSH_KEYTYPE_UNKNOWN; /* unrecognised or EOF */
+}
+
+int key_type(const Filename *filename)
+{
+ FILE *fp;
+ int ret;
+
+ fp = f_open(filename, "r", FALSE);
+ if (!fp)
+ return SSH_KEYTYPE_UNOPENABLE;
+ ret = key_type_fp(fp);
+ fclose(fp);
+ return ret;
+}
+
+/*
+ * Convert the type word to a string, for `wrong type' error
+ * messages.
+ */
+const char *key_type_to_str(int type)
+{
+ switch (type) {
+ case SSH_KEYTYPE_UNOPENABLE: return "unable to open file"; break;
+ case SSH_KEYTYPE_UNKNOWN: return "not a recognised key file format"; break;
+ case SSH_KEYTYPE_SSH1_PUBLIC: return "SSH-1 public key"; break;
+ case SSH_KEYTYPE_SSH2_PUBLIC_RFC4716: return "SSH-2 public key (RFC 4716 format)"; break;
+ case SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH: return "SSH-2 public key (OpenSSH format)"; break;
+ case SSH_KEYTYPE_SSH1: return "SSH-1 private key"; break;
+ case SSH_KEYTYPE_SSH2: return "PuTTY SSH-2 private key"; break;
+ case SSH_KEYTYPE_OPENSSH_PEM: return "OpenSSH SSH-2 private key (old PEM format)"; break;
+ case SSH_KEYTYPE_OPENSSH_NEW: return "OpenSSH SSH-2 private key (new format)"; break;
+ case SSH_KEYTYPE_SSHCOM: return "ssh.com SSH-2 private key"; break;
+ /*
+ * This function is called with a key type derived from
+ * looking at an actual key file, so the output-only type
+ * OPENSSH_AUTO should never get here, and is much an INTERNAL
+ * ERROR as a code we don't even understand.
+ */
+ case SSH_KEYTYPE_OPENSSH_AUTO: return "INTERNAL ERROR (OPENSSH_AUTO)"; break;
+ default: return "INTERNAL ERROR"; break;
+ }