File: ssh-utils.c

package info (click to toggle)
gnupg2 2.0.19-2%2Bdeb7u2
  • links: PTS, VCS
  • area: main
  • in suites: wheezy
  • size: 23,152 kB
  • sloc: ansic: 145,470; sh: 7,566; makefile: 795; perl: 196; awk: 126; sed: 16
file content (187 lines) | stat: -rw-r--r-- 5,130 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
 
/* ssh-utils.c - Secure Shell helper functions
 * Copyright (C) 2011 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
 * GnuPG is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * GnuPG is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see <http://www.gnu.org/licenses/>.
 */

#include <config.h>
#include <stdlib.h>
#include <errno.h>
#include <ctype.h>
#include <assert.h>

#include "util.h"
#include "ssh-utils.h"



/* Return the Secure Shell type fingerprint for KEY.  The length of
   the fingerprint is returned at R_LEN and the fingerprint itself at
   R_FPR.  In case of a error code is returned and NULL stored at
   R_FPR.  This function is usually called via the ssh_get_fingerprint
   macro which makes sure to use the correct value for ERRSOURCE. */
static gpg_error_t
get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len,
                 gpg_err_source_t errsource, int as_string)
{
  gpg_error_t err;
  gcry_sexp_t list = NULL;
  gcry_sexp_t l2 = NULL;
  const char *s;
  char *name = NULL;
  int idx;
  const char *elems;
  gcry_md_hd_t md = NULL;

  *r_fpr = NULL;
  *r_len = 0;

  /* Check that the first element is valid. */
  list = gcry_sexp_find_token (key, "public-key", 0);
  if (!list)
    list = gcry_sexp_find_token (key, "private-key", 0);
  if (!list)
    list = gcry_sexp_find_token (key, "protected-private-key", 0);
  if (!list)
    list = gcry_sexp_find_token (key, "shadowed-private-key", 0);
  if (!list)
    {
      err = gpg_err_make (errsource, GPG_ERR_UNKNOWN_SEXP);
      goto leave;
    }

  l2 = gcry_sexp_cadr (list);
  gcry_sexp_release (list);
  list = l2;
  l2 = NULL;

  name = gcry_sexp_nth_string (list, 0);
  if (!name)
    {
      err = gpg_err_make (errsource, GPG_ERR_INV_SEXP);
      goto leave;
    }

  err = gcry_md_open (&md, GCRY_MD_MD5, 0);
  if (err)
    goto leave;

  switch (gcry_pk_map_name (name))
    {
    case GCRY_PK_RSA:
      elems = "en";
      gcry_md_write (md, "\0\0\0\x07ssh-rsa", 11);
      break;
    case GCRY_PK_DSA:
      elems = "pqgy";
      gcry_md_write (md, "\0\0\0\x07ssh-dss", 11);
      break;
    default:
      elems = "";
      err = gpg_err_make (errsource, GPG_ERR_PUBKEY_ALGO);
      break;
    }
  if (err)
    goto leave;

  for (idx = 0, s = elems; *s; s++, idx++)
    {
      gcry_mpi_t a;
      unsigned char *buf;
      size_t buflen;

      l2 = gcry_sexp_find_token (list, s, 1);
      if (!l2)
        {
          err = gpg_err_make (errsource, GPG_ERR_INV_SEXP);
          goto leave;
        }
      a = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
      gcry_sexp_release (l2);
      l2 = NULL;
      if (!a)
        {
          err = gpg_err_make (errsource, GPG_ERR_INV_SEXP);
          goto leave;
        }

      err = gcry_mpi_aprint (GCRYMPI_FMT_SSH, &buf, &buflen, a);
      gcry_mpi_release (a);
      if (err)
        goto leave;
      gcry_md_write (md, buf, buflen);
      gcry_free (buf);
    }

  *r_fpr = gcry_malloc (as_string? 61:20);
  if (!*r_fpr)
    {
      err = gpg_err_make (errsource, gpg_err_code_from_syserror ());
      goto leave;
    }

  if (as_string)
    {
      bin2hexcolon (gcry_md_read (md, GCRY_MD_MD5), 16, *r_fpr);
      *r_len = 3*16+1;
      strlwr (*r_fpr);
    }
  else
    {
      memcpy (*r_fpr, gcry_md_read (md, GCRY_MD_MD5), 16);
      *r_len = 16;
    }
  err = 0;

 leave:
  gcry_free (name);
  gcry_sexp_release (l2);
  gcry_md_close (md);
  gcry_sexp_release (list);
  return err;
}

/* Return the Secure Shell type fingerprint for KEY.  The length of
   the fingerprint is returned at R_LEN and the fingerprint itself at
   R_FPR.  In case of an error an error code is returned and NULL
   stored at R_FPR.  This function is usually called via the
   ssh_get_fingerprint macro which makes sure to use the correct value
   for ERRSOURCE. */
gpg_error_t
_ssh_get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len,
                      gpg_err_source_t errsource)
{
  return get_fingerprint (key, r_fpr, r_len, errsource, 0);
}


/* Return the Secure Shell type fingerprint for KEY as a string.  The
   fingerprint is mallcoed and stored at R_FPRSTR.  In case of an
   error an error code is returned and NULL stored at R_FPRSTR.  This
   function is usually called via the ssh_get_fingerprint_string macro
   which makes sure to use the correct value for ERRSOURCE. */
gpg_error_t
_ssh_get_fingerprint_string (gcry_sexp_t key, char **r_fprstr,
                             gpg_err_source_t errsource)
{
  gpg_error_t err;
  size_t dummy;
  void *string;

  err = get_fingerprint (key, &string, &dummy, errsource, 1);
  *r_fprstr = string;
  return err;
}