New option to manually configure the expected host key(s).

[PuTTY.git] / misc.c

diff --git a/misc.c b/misc.c
index fb7cc8c2882df5fd2f99170ec84ce1c2545e9c58..24e42ebac5e77cef0725b9bd5e70dddbd4b51c7a 100644 (file)
--- a/misc.c
+++ b/misc.c
@@ -922,3 +922,100 @@ void smemclr(void *b, size_t n) {
     }
 }
 #endif
+
+/*
+ * Validate a manual host key specification (either entered in the
+ * GUI, or via -hostkey). If valid, we return TRUE, and update 'key'
+ * to contain a canonicalised version of the key string in 'key'
+ * (which is guaranteed to take up at most as much space as the
+ * original version), suitable for putting into the Conf. If not
+ * valid, we return FALSE.
+ */
+int validate_manual_hostkey(char *key)
+{
+    char *p, *q, *r, *s;
+
+    /*
+     * Step through the string word by word, looking for a word that's
+     * in one of the formats we like.
+     */
+    p = key;
+    while ((p += strspn(p, " \t"))[0]) {
+        q = p;
+        p += strcspn(p, " \t");
+        if (p) *p++ = '\0';
+
+        /*
+         * Now q is our word.
+         */
+
+        if (strlen(q) == 16*3 - 1 &&
+            q[strspn(q, "0123456789abcdefABCDEF:")] == 0) {
+            /*
+             * Might be a key fingerprint. Check the colons are in the
+             * right places, and if so, return the same fingerprint
+             * canonicalised into lowercase.
+             */
+            int i;
+            for (i = 0; i < 16; i++)
+                if (q[3*i] == ':' || q[3*i+1] == ':')
+                    goto not_fingerprint; /* sorry */
+            for (i = 0; i < 15; i++)
+                if (q[3*i+2] != ':')
+                    goto not_fingerprint; /* sorry */
+            for (i = 0; i < 16*3 - 1; i++)
+                key[i] = tolower(q[i]);
+            key[16*3 - 1] = '\0';
+            return TRUE;
+        }
+      not_fingerprint:;
+
+        /*
+         * Before we check for a public-key blob, trim newlines out of
+         * the middle of the word, in case someone's managed to paste
+         * in a public-key blob _with_ them.
+         */
+        for (r = s = q; *r; r++)
+            if (*r != '\n' && *r != '\r')
+                *s++ = *r;
+        *s = '\0';
+
+        if (strlen(q) % 4 == 0 && strlen(q) > 2*4 &&
+            q[strspn(q, "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+                     "abcdefghijklmnopqrstuvwxyz+/=")] == 0) {
+            /*
+             * Might be a base64-encoded SSH-2 public key blob. Check
+             * that it starts with a sensible algorithm string. No
+             * canonicalisation is necessary for this string type.
+             *
+             * The algorithm string must be at most 64 characters long
+             * (RFC 4251 section 6).
+             */
+            unsigned char decoded[6];
+            unsigned alglen;
+            int minlen;
+            int len = 0;
+
+            len += base64_decode_atom(q, decoded+len);
+            if (len < 3)
+                goto not_ssh2_blob;    /* sorry */
+            len += base64_decode_atom(q+4, decoded+len);
+            if (len < 4)
+                goto not_ssh2_blob;    /* sorry */
+
+            alglen = GET_32BIT_MSB_FIRST(decoded);
+            if (alglen > 64)
+                goto not_ssh2_blob;    /* sorry */
+
+            minlen = ((alglen + 4) + 2) / 3;
+            if (strlen(q) < minlen)
+                goto not_ssh2_blob;    /* sorry */
+
+            strcpy(key, q);
+            return TRUE;
+        }
+      not_ssh2_blob:;
+    }
+
+    return FALSE;
+}