return gcry_strerror(gcry_err_code(gret));
}
-/** Private keys start with this header. */
-#define PRIVATE_KEY_HEADER "-----BEGIN RSA PRIVATE KEY-----"
-/** Private keys end with this footer. */
-#define PRIVATE_KEY_FOOTER "-----END RSA PRIVATE KEY-----"
-
-static int decode_key(const char *key_file, unsigned char **result,
- size_t *blob_size)
-{
- int ret, ret2, i, j;
- void *map;
- size_t map_size, key_size;
- unsigned char *blob = NULL;
- char *begin, *footer, *key;
-
- ret = mmap_full_file(key_file, O_RDONLY, &map, &map_size, NULL);
- if (ret < 0)
- goto out;
- ret = -E_KEY_MARKER;
- if (strncmp(map, PRIVATE_KEY_HEADER, strlen(PRIVATE_KEY_HEADER)))
- goto unmap;
- footer = strstr(map, PRIVATE_KEY_FOOTER);
- ret = -E_KEY_MARKER;
- if (!footer)
- goto unmap;
- begin = map + strlen(PRIVATE_KEY_HEADER);
- /* skip whitespace at the beginning */
- for (; begin < footer; begin++) {
- if (para_isspace(*begin))
- continue;
- break;
- }
- ret = -E_KEY_MARKER;
- if (begin >= footer)
- goto unmap;
-
- key_size = footer - begin;
- key = para_malloc(key_size + 1);
- for (i = 0, j = 0; begin + i < footer; i++) {
- if (para_isspace(begin[i]))
- continue;
- key[j++] = begin[i];
- }
- key[j] = '\0';
- ret = base64_decode(key, j, (char **)&blob, blob_size);
- free(key);
-unmap:
- ret2 = para_munmap(map, map_size);
- if (ret >= 0 && ret2 < 0)
- ret = ret2;
- if (ret < 0) {
- free(blob);
- blob = NULL;
- }
-out:
- *result = blob;
- return ret;
-}
-
/** ASN Types and their code. */
enum asn1_types {
/** The next object is an integer. */
* bitsp because the latter does not include the ASN.1 prefix and a leading
* zero is not considered as an additional byte for the number of bits.
*/
-static int read_bignum(unsigned char *start, unsigned char *end, gcry_mpi_t *bn,
+static int read_pem_bignum(unsigned char *start, unsigned char *end, gcry_mpi_t *bn,
unsigned *bitsp)
{
int i, bn_size;
unsigned bits;
int ret;
- ret = read_bignum(cp, end, &p->n, &bits);
+ ret = read_pem_bignum(cp, end, &p->n, &bits);
if (ret < 0)
return ret;
cp += ret;
- ret = read_bignum(cp, end, &p->e, NULL);
+ ret = read_pem_bignum(cp, end, &p->e, NULL);
if (ret < 0)
goto release_n;
cp += ret;
- ret = read_bignum(cp, end, &p->d, NULL);
+ ret = read_pem_bignum(cp, end, &p->d, NULL);
if (ret < 0)
goto release_e;
cp += ret;
- ret = read_bignum(cp, end, &p->p, NULL);
+ ret = read_pem_bignum(cp, end, &p->p, NULL);
if (ret < 0)
goto release_d;
cp += ret;
- ret = read_bignum(cp, end, &p->q, NULL);
+ ret = read_pem_bignum(cp, end, &p->q, NULL);
if (ret < 0)
goto release_p;
cp += ret;
- ret = read_bignum(cp, end, &p->u, NULL);
+ ret = read_pem_bignum(cp, end, &p->u, NULL);
if (ret < 0)
goto release_q;
return bits;
return ret;
}
-static int find_privkey_bignum_offset(const unsigned char *data, int len)
+static int find_pem_bignum_offset(const unsigned char *data, int len)
{
const unsigned char *p = data, *end = data + len;
return nscanned;
}
+static int read_openssh_rsa_params(unsigned char *start, unsigned char *end,
+ struct rsa_params *p)
+{
+ unsigned char *cp = start;
+ unsigned bits;
+ int ret;
+
+ ret = read_openssh_bignum(cp, end, &p->n, &bits);
+ if (ret < 0)
+ return ret;
+ cp += ret;
+ ret = read_openssh_bignum(cp, end, &p->e, NULL);
+ if (ret < 0)
+ goto release_n;
+ cp += ret;
+ ret = read_openssh_bignum(cp, end, &p->d, NULL);
+ if (ret < 0)
+ goto release_e;
+ cp += ret;
+ ret = read_openssh_bignum(cp, end, &p->u, NULL);
+ if (ret < 0)
+ goto release_d;
+ cp += ret;
+ ret = read_openssh_bignum(cp, end, &p->p, NULL);
+ if (ret < 0)
+ goto release_u;
+ cp += ret;
+ ret = read_openssh_bignum(cp, end, &p->q, NULL);
+ if (ret < 0)
+ goto release_p;
+ return bits;
+release_p:
+ gcry_mpi_release(p->p);
+release_u:
+ gcry_mpi_release(p->u);
+release_d:
+ gcry_mpi_release(p->d);
+release_e:
+ gcry_mpi_release(p->e);
+release_n:
+ gcry_mpi_release(p->n);
+ return ret;
+}
+
static int get_private_key(const char *key_file, struct asymmetric_key **result)
{
struct rsa_params params;
unsigned char *blob, *end;
- int ret;
unsigned bits;
+ int ret, key_type;
gcry_error_t gret;
size_t erroff, blob_size;
gcry_sexp_t sexp;
struct asymmetric_key *key;
*result = NULL;
- ret = decode_key(key_file, &blob, &blob_size);
+ ret = decode_private_key(key_file, &blob, &blob_size);
if (ret < 0)
return ret;
+ key_type = ret;
end = blob + blob_size;
- ret = find_privkey_bignum_offset(blob, blob_size);
+ if (key_type == PKT_PEM)
+ ret = find_pem_bignum_offset(blob, blob_size);
+ else
+ ret = find_openssh_bignum_offset(blob, blob_size);
if (ret < 0)
goto free_blob;
PARA_INFO_LOG("reading RSA params at offset %d\n", ret);
- ret = read_pem_rsa_params(blob + ret, end, ¶ms);
+ if (key_type == PKT_PEM)
+ ret = read_pem_rsa_params(blob + ret, end, ¶ms);
+ else
+ ret = read_openssh_rsa_params(blob + ret, end, ¶ms);
if (ret < 0)
goto free_blob;
bits = ret;
struct asymmetric_key *key;
unsigned bits;
- ret = decode_ssh_key(key_file, &blob, &decoded_size);
+ ret = decode_public_key(key_file, &blob, &decoded_size);
if (ret < 0)
return ret;
p = blob + ret;
projects / paraslash.git / blobdiff