/** @brief import a base64 formated key from a memory c-string
*
* @param key The key to fill, created with ssh_key_new()
* @param session The ssh session
* @param b64_key The c-string holding the base64 encoded key
* @param passphrase The passphrase to decrypt the key, or NULL
*
* @return SSH_ERROR in case of error, SSH_OK otherwise
*/
int ssh_pki_import_privkey_base64(ssh_session session,
const char *b64_key,
const char *passphrase,
ssh_key *pkey) {
ssh_key key;
if (pkey == NULL || session == NULL) {
return SSH_ERROR;
}
if (b64_key == NULL || !*b64_key) {
return SSH_ERROR;
}
ssh_log(session, SSH_LOG_RARE, "Trying to decode privkey passphrase=%s",
passphrase ? "true" : "false");
key = pki_private_key_from_base64(session, b64_key, passphrase);
if (key == NULL) {
return SSH_ERROR;
}
*pkey = key;
return SSH_OK;
}
/**
* @brief import a base64 formated key from a memory c-string
*
* @param[in] b64_key The c-string holding the base64 encoded key
*
* @param[in] passphrase The passphrase to decrypt the key, or NULL
*
* @param[in] auth_fn An auth function you may want to use or NULL.
*
* @param[in] auth_data Private data passed to the auth function.
*
* @param[out] pkey A pointer where the allocated key can be stored. You
* need to free the memory.
*
* @return SSH_ERROR in case of error, SSH_OK otherwise.
*
* @see ssh_key_free()
*/
int ssh_pki_import_privkey_base64(const char *b64_key,
const char *passphrase,
ssh_auth_callback auth_fn,
void *auth_data,
ssh_key *pkey)
{
ssh_key key;
if (b64_key == NULL || pkey == NULL) {
return SSH_ERROR;
}
if (b64_key == NULL || !*b64_key) {
return SSH_ERROR;
}
ssh_pki_log("Trying to decode privkey passphrase=%s",
passphrase ? "true" : "false");
key = pki_private_key_from_base64(b64_key, passphrase, auth_fn, auth_data);
if (key == NULL) {
return SSH_ERROR;
}
*pkey = key;
return SSH_OK;
}
ssh_private_key privatekey_from_base64(ssh_session session,
const char *b64_pkey,
int type,
const char *passphrase) {
ssh_private_key privkey;
ssh_key key;
(void) type; /* unused */
key = pki_private_key_from_base64(session, b64_pkey, passphrase);
if (key == NULL) {
return NULL;
}
privkey = malloc(sizeof(struct ssh_private_key_struct));
if (privkey == NULL) {
ssh_key_free(key);
return NULL;
}
privkey->type = key->type;
privkey->dsa_priv = key->dsa;
privkey->rsa_priv = key->rsa;
return privkey;
}
/**
* @brief import a base64 formated key from a memory c-string
*
* @param[in] b64_key The c-string holding the base64 encoded key
*
* @param[in] passphrase The passphrase to decrypt the key, or NULL
*
* @param[in] auth_fn An auth function you may want to use or NULL.
*
* @param[in] auth_data Private data passed to the auth function.
*
* @param[out] pkey A pointer where the allocated key can be stored. You
* need to free the memory.
*
* @return SSH_ERROR in case of error, SSH_OK otherwise.
*
* @see ssh_key_free()
*/
int ssh_pki_import_privkey_base64(const char *b64_key,
const char *passphrase,
ssh_auth_callback auth_fn,
void *auth_data,
ssh_key *pkey)
{
ssh_key key;
int cmp;
if (b64_key == NULL || pkey == NULL) {
return SSH_ERROR;
}
if (b64_key == NULL || !*b64_key) {
return SSH_ERROR;
}
SSH_LOG(SSH_LOG_INFO,
"Trying to decode privkey passphrase=%s",
passphrase ? "true" : "false");
/* Test for OpenSSH key format first */
cmp = strncmp(b64_key, OPENSSH_HEADER_BEGIN, strlen(OPENSSH_HEADER_BEGIN));
if (cmp == 0) {
key = ssh_pki_openssh_privkey_import(b64_key,
passphrase,
auth_fn,
auth_data);
} else {
/* fallback on PEM decoder */
key = pki_private_key_from_base64(b64_key,
passphrase,
auth_fn,
auth_data);
}
if (key == NULL) {
return SSH_ERROR;
}
*pkey = key;
return SSH_OK;
}
/**
* @brief Import a key from a file.
*
* @param[in] session The SSH Session to use. If a authentication callback is
* set, it will be used to ask for the passphrase.
*
* @param[in] filename The filename of the the private key.
*
* @param[in] passphrase The passphrase to decrypt the private key. Set to NULL
* if none is needed or it is unknown.
*
* @param[out] pkey A pointer to store the ssh_key. You need to free the
* key.
*
* @returns SSH_OK on success, SSH_ERROR otherwise.
*
* @see ssh_key_free()
**/
int ssh_pki_import_privkey_file(ssh_session session,
const char *filename,
const char *passphrase,
ssh_key *pkey) {
struct stat sb;
char *key_buf;
ssh_key key;
FILE *file;
off_t size;
int rc;
if (session == NULL || pkey == NULL) {
return SSH_ERROR;
}
if (filename == NULL || *filename == '\0') {
return SSH_ERROR;
}
rc = stat(filename, &sb);
if (rc < 0) {
ssh_set_error(session, SSH_REQUEST_DENIED,
"Error gettint stat of %s: %s",
filename, strerror(errno));
return SSH_ERROR;
}
file = fopen(filename, "r");
if (file == NULL) {
ssh_set_error(session, SSH_REQUEST_DENIED,
"Error opening %s: %s",
filename, strerror(errno));
return SSH_ERROR;
}
key_buf = malloc(sb.st_size + 1);
if (key_buf == NULL) {
ssh_set_error_oom(session);
return SSH_ERROR;
}
size = fread(key_buf, 1, sb.st_size, file);
fclose(file);
if (size != sb.st_size) {
SAFE_FREE(key_buf);
ssh_set_error(session, SSH_FATAL,
"Error reading %s: %s",
filename, strerror(errno));
return SSH_ERROR;
}
key = pki_private_key_from_base64(session, key_buf, passphrase);
SAFE_FREE(key_buf);
if (key == NULL) {
return SSH_ERROR;
}
*pkey = key;
return SSH_OK;
}
/**
* @brief Import a key from a file.
*
* @param[in] filename The filename of the the private key.
*
* @param[in] passphrase The passphrase to decrypt the private key. Set to NULL
* if none is needed or it is unknown.
*
* @param[in] auth_fn An auth function you may want to use or NULL.
*
* @param[in] auth_data Private data passed to the auth function.
*
* @param[out] pkey A pointer to store the allocated ssh_key. You need to
* free the key.
*
* @returns SSH_OK on success, SSH_EOF if the file doesn't exist or permission
* denied, SSH_ERROR otherwise.
*
* @see ssh_key_free()
**/
int ssh_pki_import_privkey_file(const char *filename,
const char *passphrase,
ssh_auth_callback auth_fn,
void *auth_data,
ssh_key *pkey) {
struct stat sb;
char *key_buf;
ssh_key key;
FILE *file;
off_t size;
int rc;
if (pkey == NULL || filename == NULL || *filename == '\0') {
return SSH_ERROR;
}
file = fopen(filename, "rb");
if (file == NULL) {
ssh_pki_log("Error opening %s: %s",
filename, strerror(errno));
return SSH_EOF;
}
rc = fstat(fileno(file), &sb);
if (rc < 0) {
fclose(file);
ssh_pki_log("Error getting stat of %s: %s",
filename, strerror(errno));
switch (errno) {
case ENOENT:
case EACCES:
return SSH_EOF;
}
return SSH_ERROR;
}
if (sb.st_size > MAX_PRIVKEY_SIZE) {
ssh_pki_log("Private key is bigger than 4M.");
fclose(file);
return SSH_ERROR;
}
key_buf = malloc(sb.st_size + 1);
if (key_buf == NULL) {
fclose(file);
ssh_pki_log("Out of memory!");
return SSH_ERROR;
}
size = fread(key_buf, 1, sb.st_size, file);
fclose(file);
if (size != sb.st_size) {
SAFE_FREE(key_buf);
ssh_pki_log("Error reading %s: %s",
filename, strerror(errno));
return SSH_ERROR;
}
key_buf[size] = 0;
key = pki_private_key_from_base64(key_buf, passphrase, auth_fn, auth_data);
SAFE_FREE(key_buf);
if (key == NULL) {
return SSH_ERROR;
}
*pkey = key;
return SSH_OK;
}
