/* Version identification string for identity files. */
#define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n"
-/* Saves the authentication (private) key in a file, encrypting it with
- passphrase. The identification of the file (lowest 64 bits of n)
- will precede the key to provide identification of the key without
- needing a passphrase. */
+/*
+ * Saves the authentication (private) key in a file, encrypting it with
+ * passphrase. The identification of the file (lowest 64 bits of n) will
+ * precede the key to provide identification of the key without needing a
+ * passphrase.
+ */
int
save_private_key(const char *filename, const char *passphrase,
{
Buffer buffer, encrypted;
char buf[100], *cp;
- int f, i;
+ int fd, i;
CipherContext cipher;
int cipher_type;
u_int32_t rand;
- /* If the passphrase is empty, use SSH_CIPHER_NONE to ease
- converting to another cipher; otherwise use
- SSH_AUTHFILE_CIPHER. */
+ /*
+ * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting
+ * to another cipher; otherwise use SSH_AUTHFILE_CIPHER.
+ */
if (strcmp(passphrase, "") == 0)
cipher_type = SSH_CIPHER_NONE;
else
buf[3] = buf[1];
buffer_append(&buffer, buf, 4);
- /* Store the private key (n and e will not be stored because they
- will be stored in plain text, and storing them also in
- encrypted format would just give known plaintext). */
+ /*
+ * Store the private key (n and e will not be stored because they
+ * will be stored in plain text, and storing them also in encrypted
+ * format would just give known plaintext).
+ */
buffer_put_bignum(&buffer, key->d);
buffer_put_bignum(&buffer, key->iqmp);
buffer_put_bignum(&buffer, key->q); /* reverse from SSL p */
memset(buf, 0, sizeof(buf));
buffer_free(&buffer);
- /* Write to a file. */
- f = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
- if (f < 0)
+ fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+ if (fd < 0)
return 0;
-
- if (write(f, buffer_ptr(&encrypted), buffer_len(&encrypted)) !=
+ if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) !=
buffer_len(&encrypted)) {
debug("Write to key file %.200s failed: %.100s", filename,
strerror(errno));
buffer_free(&encrypted);
- close(f);
+ close(fd);
remove(filename);
return 0;
}
- close(f);
+ close(fd);
buffer_free(&encrypted);
return 1;
}
-/* Loads the public part of the key file. Returns 0 if an error
- was encountered (the file does not exist or is not readable), and
- non-zero otherwise. */
+/*
+ * Loads the public part of the key file. Returns 0 if an error was
+ * encountered (the file does not exist or is not readable), and non-zero
+ * otherwise.
+ */
int
load_public_key(const char *filename, RSA * pub,
char **comment_return)
{
- int f, i;
+ int fd, i;
off_t len;
Buffer buffer;
char *cp;
- /* Read data from the file into the buffer. */
- f = open(filename, O_RDONLY);
- if (f < 0)
+ fd = open(filename, O_RDONLY);
+ if (fd < 0)
return 0;
-
- len = lseek(f, (off_t) 0, SEEK_END);
- lseek(f, (off_t) 0, SEEK_SET);
+ len = lseek(fd, (off_t) 0, SEEK_END);
+ lseek(fd, (off_t) 0, SEEK_SET);
buffer_init(&buffer);
buffer_append_space(&buffer, &cp, len);
- if (read(f, cp, (size_t) len) != (size_t) len) {
+ if (read(fd, cp, (size_t) len) != (size_t) len) {
debug("Read from key file %.200s failed: %.100s", filename,
strerror(errno));
buffer_free(&buffer);
- close(f);
+ close(fd);
return 0;
}
- close(f);
+ close(fd);
/* Check that it is at least big enought to contain the ID string. */
if (len < strlen(AUTHFILE_ID_STRING) + 1) {
buffer_free(&buffer);
return 0;
}
- /* Make sure it begins with the id string. Consume the id string
- from the buffer. */
+ /*
+ * Make sure it begins with the id string. Consume the id string
+ * from the buffer.
+ */
for (i = 0; i < (unsigned int) strlen(AUTHFILE_ID_STRING) + 1; i++)
- if (buffer_get_char(&buffer) != (unsigned char) AUTHFILE_ID_STRING[i]) {
+ if (buffer_get_char(&buffer) != (u_char) AUTHFILE_ID_STRING[i]) {
debug("Bad key file %.200s.", filename);
buffer_free(&buffer);
return 0;
return 1;
}
-/* Loads the private key from the file. Returns 0 if an error is encountered
- (file does not exist or is not readable, or passphrase is bad).
- This initializes the private key. */
+/*
+ * Loads the private key from the file. Returns 0 if an error is encountered
+ * (file does not exist or is not readable, or passphrase is bad). This
+ * initializes the private key.
+ * Assumes we are called under uid of the owner of the file.
+ */
int
load_private_key(const char *filename, const char *passphrase,
RSA * prv, char **comment_return)
{
- int f, i, check1, check2, cipher_type;
+ int fd, i, check1, check2, cipher_type;
off_t len;
Buffer buffer, decrypted;
char *cp;
BIGNUM *aux;
struct stat st;
- /* Read the file into the buffer. */
- f = open(filename, O_RDONLY);
- if (f < 0)
+ fd = open(filename, O_RDONLY);
+ if (fd < 0)
return 0;
- /* We assume we are called under uid of the owner of the file */
- if (fstat(f, &st) < 0 ||
+ /* check owner and modes */
+ if (fstat(fd, &st) < 0 ||
(st.st_uid != 0 && st.st_uid != getuid()) ||
(st.st_mode & 077) != 0) {
+ close(fd);
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("It is recommended that your private key files are NOT accessible by others.");
return 0;
}
- len = lseek(f, (off_t) 0, SEEK_END);
- lseek(f, (off_t) 0, SEEK_SET);
+ len = lseek(fd, (off_t) 0, SEEK_END);
+ lseek(fd, (off_t) 0, SEEK_SET);
buffer_init(&buffer);
buffer_append_space(&buffer, &cp, len);
- if (read(f, cp, (size_t) len) != (size_t) len) {
+ if (read(fd, cp, (size_t) len) != (size_t) len) {
debug("Read from key file %.200s failed: %.100s", filename,
strerror(errno));
buffer_free(&buffer);
- close(f);
+ close(fd);
return 0;
}
- close(f);
+ close(fd);
/* Check that it is at least big enought to contain the ID string. */
if (len < strlen(AUTHFILE_ID_STRING) + 1) {
buffer_free(&buffer);
return 0;
}
- /* Make sure it begins with the id string. Consume the id string
- from the buffer. */
+ /*
+ * Make sure it begins with the id string. Consume the id string
+ * from the buffer.
+ */
for (i = 0; i < (unsigned int) strlen(AUTHFILE_ID_STRING) + 1; i++)
if (buffer_get_char(&buffer) != (unsigned char) AUTHFILE_ID_STRING[i]) {
debug("Bad key file %.200s.", filename);
andersk / openssh.git / blobdiff