X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=gcrypt.c;h=dbe4900862fef83a552d9c60d9ac21d4c8253d5e;hp=8431cc24c5a8d44f339937bb1f1aefb1a5c0bb42;hb=1eeb434d731702fd5c0c85c62bf6d18dd3463d8a;hpb=3e0533843c8d4add881a6c2d383bd2c80129e27b diff --git a/gcrypt.c b/gcrypt.c index 8431cc24..dbe49008 100644 --- a/gcrypt.c +++ b/gcrypt.c @@ -106,64 +106,6 @@ static const char *gcrypt_strerror(gcry_error_t gret) return gcry_strerror(gcry_err_code(gret)); } -/** Private keys start with this header. */ -#define PRIVATE_KEY_HEADER "-----BEGIN RSA PRIVATE KEY-----" -/** Private keys end with this footer. */ -#define PRIVATE_KEY_FOOTER "-----END RSA PRIVATE KEY-----" - -static int decode_private_key(const char *key_file, unsigned char **result, - size_t *blob_size) -{ - int ret, ret2, i, j; - void *map; - size_t map_size, key_size; - unsigned char *blob = NULL; - char *begin, *footer, *key; - - ret = mmap_full_file(key_file, O_RDONLY, &map, &map_size, NULL); - if (ret < 0) - goto out; - ret = -E_KEY_MARKER; - if (strncmp(map, PRIVATE_KEY_HEADER, strlen(PRIVATE_KEY_HEADER))) - goto unmap; - footer = strstr(map, PRIVATE_KEY_FOOTER); - ret = -E_KEY_MARKER; - if (!footer) - goto unmap; - begin = map + strlen(PRIVATE_KEY_HEADER); - /* skip whitespace at the beginning */ - for (; begin < footer; begin++) { - if (para_isspace(*begin)) - continue; - break; - } - ret = -E_KEY_MARKER; - if (begin >= footer) - goto unmap; - - key_size = footer - begin; - key = para_malloc(key_size + 1); - for (i = 0, j = 0; begin + i < footer; i++) { - if (para_isspace(begin[i])) - continue; - key[j++] = begin[i]; - } - key[j] = '\0'; - ret = base64_decode(key, j, (char **)&blob, blob_size); - free(key); -unmap: - ret2 = para_munmap(map, map_size); - if (ret >= 0 && ret2 < 0) - ret = ret2; - if (ret < 0) { - free(blob); - blob = NULL; - } -out: - *result = blob; - return ret; -} - /** ASN Types and their code. */ enum asn1_types { /** The next object is an integer. */ @@ -208,7 +150,7 @@ static inline int get_long_form_num_length_bytes(unsigned char c) * bitsp because the latter does not include the ASN.1 prefix and a leading * zero is not considered as an additional byte for the number of bits. */ -static int read_bignum(unsigned char *start, unsigned char *end, gcry_mpi_t *bn, +static int read_pem_bignum(unsigned char *start, unsigned char *end, gcry_mpi_t *bn, unsigned *bitsp) { int i, bn_size; @@ -267,27 +209,27 @@ static int read_pem_rsa_params(unsigned char *start, unsigned char *end, unsigned bits; int ret; - ret = read_bignum(cp, end, &p->n, &bits); + ret = read_pem_bignum(cp, end, &p->n, &bits); if (ret < 0) return ret; cp += ret; - ret = read_bignum(cp, end, &p->e, NULL); + ret = read_pem_bignum(cp, end, &p->e, NULL); if (ret < 0) goto release_n; cp += ret; - ret = read_bignum(cp, end, &p->d, NULL); + ret = read_pem_bignum(cp, end, &p->d, NULL); if (ret < 0) goto release_e; cp += ret; - ret = read_bignum(cp, end, &p->p, NULL); + ret = read_pem_bignum(cp, end, &p->p, NULL); if (ret < 0) goto release_d; cp += ret; - ret = read_bignum(cp, end, &p->q, NULL); + ret = read_pem_bignum(cp, end, &p->q, NULL); if (ret < 0) goto release_p; cp += ret; - ret = read_bignum(cp, end, &p->u, NULL); + ret = read_pem_bignum(cp, end, &p->u, NULL); if (ret < 0) goto release_q; return bits; @@ -304,7 +246,7 @@ release_n: return ret; } -static int find_privkey_bignum_offset(const unsigned char *data, int len) +static int find_pem_bignum_offset(const unsigned char *data, int len) { const unsigned char *p = data, *end = data + len; @@ -356,12 +298,56 @@ static int read_openssh_bignum(unsigned char *start, unsigned char *end, return nscanned; } +static int read_openssh_rsa_params(unsigned char *start, unsigned char *end, + struct rsa_params *p) +{ + unsigned char *cp = start; + unsigned bits; + int ret; + + ret = read_openssh_bignum(cp, end, &p->n, &bits); + if (ret < 0) + return ret; + cp += ret; + ret = read_openssh_bignum(cp, end, &p->e, NULL); + if (ret < 0) + goto release_n; + cp += ret; + ret = read_openssh_bignum(cp, end, &p->d, NULL); + if (ret < 0) + goto release_e; + cp += ret; + ret = read_openssh_bignum(cp, end, &p->u, NULL); + if (ret < 0) + goto release_d; + cp += ret; + ret = read_openssh_bignum(cp, end, &p->p, NULL); + if (ret < 0) + goto release_u; + cp += ret; + ret = read_openssh_bignum(cp, end, &p->q, NULL); + if (ret < 0) + goto release_p; + return bits; +release_p: + gcry_mpi_release(p->p); +release_u: + gcry_mpi_release(p->u); +release_d: + gcry_mpi_release(p->d); +release_e: + gcry_mpi_release(p->e); +release_n: + gcry_mpi_release(p->n); + return ret; +} + static int get_private_key(const char *key_file, struct asymmetric_key **result) { struct rsa_params params; unsigned char *blob, *end; - int ret; unsigned bits; + int ret, key_type; gcry_error_t gret; size_t erroff, blob_size; gcry_sexp_t sexp; @@ -371,12 +357,19 @@ static int get_private_key(const char *key_file, struct asymmetric_key **result) ret = decode_private_key(key_file, &blob, &blob_size); if (ret < 0) return ret; + key_type = ret; end = blob + blob_size; - ret = find_privkey_bignum_offset(blob, blob_size); + if (key_type == PKT_PEM) + ret = find_pem_bignum_offset(blob, blob_size); + else + ret = find_openssh_bignum_offset(blob, blob_size); if (ret < 0) goto free_blob; PARA_INFO_LOG("reading RSA params at offset %d\n", ret); - ret = read_pem_rsa_params(blob + ret, end, ¶ms); + if (key_type == PKT_PEM) + ret = read_pem_rsa_params(blob + ret, end, ¶ms); + else + ret = read_openssh_rsa_params(blob + ret, end, ¶ms); if (ret < 0) goto free_blob; bits = ret;