Ejemplo n.º 1
0
/*
* Decode BER encoded parameters
*/
void DL_Group::BER_decode(const std::vector<byte>& data,
                          Format format)
   {
   BigInt new_p, new_q, new_g;

   BER_Decoder decoder(data);
   BER_Decoder ber = decoder.start_cons(SEQUENCE);

   if(format == ANSI_X9_57)
      {
      ber.decode(new_p)
         .decode(new_q)
         .decode(new_g)
         .verify_end();
      }
   else if(format == ANSI_X9_42)
      {
      ber.decode(new_p)
         .decode(new_g)
         .decode(new_q)
         .discard_remaining();
      }
   else if(format == PKCS_3)
      {
      ber.decode(new_p)
         .decode(new_g)
         .discard_remaining();
      }
   else
      throw Invalid_Argument("Unknown DL_Group encoding " + std::to_string(format));

   initialize(new_p, new_q, new_g);
   }
Ejemplo n.º 2
0
/*
* Decode a BER encoded CRL_Entry
*/
void CRL_Entry::decode_from(BER_Decoder& source)
   {
   BigInt serial_number_bn;

   std::unique_ptr<CRL_Entry_Data> data(new CRL_Entry_Data);

   BER_Decoder entry = source.start_cons(SEQUENCE);

   entry.decode(serial_number_bn).decode(data->m_time);
   data->m_serial = BigInt::encode(serial_number_bn);

   if(entry.more_items())
      {
      entry.decode(data->m_extensions);
      if(auto ext = data->m_extensions.get_extension_object_as<Cert_Extension::CRL_ReasonCode>())
         {
         data->m_reason = ext->get_reason();
         }
      else
         {
         data->m_reason = UNSPECIFIED;
         }
      }

   entry.end_cons();

   m_data.reset(data.release());
   }
Ejemplo n.º 3
0
/*
* Decode a BER encoded CRL_Entry
*/
void CRL_Entry::decode_from(BER_Decoder& source)
   {
   BigInt serial_number_bn;
   reason = UNSPECIFIED;

   BER_Decoder entry = source.start_cons(SEQUENCE);

   entry.decode(serial_number_bn).decode(time);

   if(entry.more_items())
      {
      Extensions extensions(throw_on_unknown_critical);
      entry.decode(extensions);
      Data_Store info;
      extensions.contents_to(info, info);
      reason = CRL_Code(info.get1_u32bit("X509v3.CRLReasonCode"));
      }

   entry.end_cons();

   serial = BigInt::encode(serial_number_bn);
   }
Ejemplo n.º 4
0
bool SshEncryptionFacility::createAuthenticationKeyFromOpenSSL(const QByteArray &privKeyFileContents,
    QList<BigInt> &pubKeyParams, QList<BigInt> &allKeyParams, QString &error)
{
    try {
        bool syntaxOk = true;
        QList<QByteArray> lines = privKeyFileContents.split('\n');
        while (lines.last().isEmpty())
            lines.removeLast();
        if (lines.count() < 3) {
            syntaxOk = false;
        } else if (lines.first() == PrivKeyFileStartLineRsa) {
            if (lines.last() != PrivKeyFileEndLineRsa)
                syntaxOk = false;
            else
                m_authKeyAlgoName = SshCapabilities::PubKeyRsa;
        } else if (lines.first() == PrivKeyFileStartLineDsa) {
            if (lines.last() != PrivKeyFileEndLineDsa)
                syntaxOk = false;
            else
                m_authKeyAlgoName = SshCapabilities::PubKeyDss;
        } else {
            syntaxOk = false;
        }
        if (!syntaxOk) {
            error = SSH_TR("Unexpected format.");
            return false;
        }

        QByteArray privateKeyBlob;
        for (int i = 1; i < lines.size() - 1; ++i)
            privateKeyBlob += lines.at(i);
        privateKeyBlob = QByteArray::fromBase64(privateKeyBlob);

        BER_Decoder decoder(convertByteArray(privateKeyBlob), privateKeyBlob.size());
        BER_Decoder sequence = decoder.start_cons(SEQUENCE);
        size_t version;
        sequence.decode (version);
        if (version != 0) {
            error = SSH_TR("Key encoding has version %1, expected 0.").arg(version);
            return false;
        }

        if (m_authKeyAlgoName == SshCapabilities::PubKeyDss) {
            BigInt p, q, g, y, x;
            sequence.decode (p).decode (q).decode (g).decode (y).decode (x);
            DSA_PrivateKey * const dsaKey = new DSA_PrivateKey(m_rng, DL_Group(p, q, g), x);
            m_authKey.reset(dsaKey);
            pubKeyParams << p << q << g << y;
            allKeyParams << pubKeyParams << x;
        } else {
            BigInt p, q, e, d, n;
            sequence.decode(n).decode(e).decode(d).decode(p).decode(q);
            RSA_PrivateKey * const rsaKey = new RSA_PrivateKey(m_rng, p, q, e, d, n);
            m_authKey.reset(rsaKey);
            pubKeyParams << e << n;
            allKeyParams << pubKeyParams << p << q << d;
        }

        sequence.discard_remaining();
        sequence.verify_end();
    } catch (const Botan::Exception &ex) {
        error = QLatin1String(ex.what());
        return false;
    } catch (const Botan::Decoding_Error &ex) {
        error = QLatin1String(ex.what());
        return false;
    }
    return true;
}
Ejemplo n.º 5
0
bool SshEncryptionFacility::createAuthenticationKeyFromOpenSSL(const QByteArray &privKeyFileContents,
    QList<BigInt> &pubKeyParams, QList<BigInt> &allKeyParams, QString &error)
{
    try {
        bool syntaxOk = true;
        QList<QByteArray> lines = privKeyFileContents.split('\n');
        while (lines.last().isEmpty())
            lines.removeLast();
        if (lines.count() < 3) {
            syntaxOk = false;
        } else if (lines.first() == PrivKeyFileStartLineRsa) {
            if (lines.last() != PrivKeyFileEndLineRsa)
                syntaxOk = false;
            else
                m_authKeyAlgoName = SshCapabilities::PubKeyRsa;
        } else if (lines.first() == PrivKeyFileStartLineDsa) {
            if (lines.last() != PrivKeyFileEndLineDsa)
                syntaxOk = false;
            else
                m_authKeyAlgoName = SshCapabilities::PubKeyDss;
        } else if (lines.first() == PrivKeyFileStartLineEcdsa) {
            if (lines.last() != PrivKeyFileEndLineEcdsa)
                syntaxOk = false;
            // m_authKeyAlgoName set below, as we don't know the size yet.
        } else {
            syntaxOk = false;
        }
        if (!syntaxOk) {
            error = SSH_TR("Unexpected format.");
            return false;
        }

        QByteArray privateKeyBlob;
        for (int i = 1; i < lines.size() - 1; ++i)
            privateKeyBlob += lines.at(i);
        privateKeyBlob = QByteArray::fromBase64(privateKeyBlob);

        BER_Decoder decoder(convertByteArray(privateKeyBlob), privateKeyBlob.size());
        BER_Decoder sequence = decoder.start_cons(SEQUENCE);
        size_t version;
        sequence.decode (version);
        const size_t expectedVersion = m_authKeyAlgoName.isEmpty() ? 1 : 0;
        if (version != expectedVersion) {
            error = SSH_TR("Key encoding has version %1, expected %2.")
                    .arg(version).arg(expectedVersion);
            return false;
        }

        if (m_authKeyAlgoName == SshCapabilities::PubKeyDss) {
            BigInt p, q, g, y, x;
            sequence.decode (p).decode (q).decode (g).decode (y).decode (x);
            DSA_PrivateKey * const dsaKey = new DSA_PrivateKey(m_rng, DL_Group(p, q, g), x);
            m_authKey.reset(dsaKey);
            pubKeyParams << p << q << g << y;
            allKeyParams << pubKeyParams << x;
        } else if (m_authKeyAlgoName == SshCapabilities::PubKeyRsa) {
            BigInt p, q, e, d, n;
            sequence.decode(n).decode(e).decode(d).decode(p).decode(q);
            RSA_PrivateKey * const rsaKey = new RSA_PrivateKey(m_rng, p, q, e, d, n);
            m_authKey.reset(rsaKey);
            pubKeyParams << e << n;
            allKeyParams << pubKeyParams << p << q << d;
        } else {
            BigInt privKey;
            sequence.decode_octet_string_bigint(privKey);
            m_authKeyAlgoName = SshCapabilities::ecdsaPubKeyAlgoForKeyWidth(
                        static_cast<int>(privKey.bytes()));
            const EC_Group group(SshCapabilities::oid(m_authKeyAlgoName));
            auto * const key = new ECDSA_PrivateKey(m_rng, group, privKey);
            m_authKey.reset(key);
            pubKeyParams << key->public_point().get_affine_x()
                         << key->public_point().get_affine_y();
            allKeyParams << pubKeyParams << privKey;
        }

        sequence.discard_remaining();
        sequence.verify_end();
    } catch (const Exception &ex) {
        error = QLatin1String(ex.what());
        return false;
    } catch (const Decoding_Error &ex) {
        error = QLatin1String(ex.what());
        return false;
    }
    return true;
}
Ejemplo n.º 6
0
bool ne7ssh_keys::getRSAKeys (char* buffer, uint32 size)
{
  const char* headerRSA = "-----BEGIN RSA PRIVATE KEY-----\n";
  const char* footerRSA = "-----END RSA PRIVATE KEY-----\n";
  SecureVector<Botan::byte> keyDataRaw;
  BigInt p, q, e, d, n;
  char *start;
  uint32 version;

  start = buffer + strlen(headerRSA);
  Pipe base64dec (new Base64_Decoder);
  base64dec.process_msg ((Botan::byte*)start, size - strlen(footerRSA) - strlen(headerRSA));
  keyDataRaw = base64dec.read_all (PIPE_DEFAULT_MESSAGE);

  BER_Decoder decoder (keyDataRaw);

#if BOTAN_PRE_15
  BER_Decoder sequence = BER::get_subsequence(decoder);
  BER::decode (sequence, version);
#else
  BER_Decoder sequence = decoder.start_cons(SEQUENCE);
  sequence.decode (version);
#endif

  if (version)
  {
    ne7ssh::errors()->push (-1, "Encountered unknown RSA key version.");
    return false;
  }

#if BOTAN_PRE_15
  BER::decode (sequence, n);
  BER::decode (sequence, e);
  BER::decode (sequence, d);
  BER::decode (sequence, p);
  BER::decode (sequence, q);
#else
  sequence.decode (n);
  sequence.decode (e);
  sequence.decode (d);
  sequence.decode (p);
  sequence.decode (q);
#endif

  sequence.discard_remaining();
  sequence.verify_end();

  if (n.is_zero() || e.is_zero() || d.is_zero() || p.is_zero() || q.is_zero())
  {
    ne7ssh::errors()->push (-1, "Could not decode the supplied RSA key.");
    return false;
  }

#if BOTAN_PRE_18 || BOTAN_PRE_15
  rsaPrivateKey = new RSA_PrivateKey (p, q, e, d, n);
#else
  rsaPrivateKey = new RSA_PrivateKey (*ne7ssh::rng, p, q, e, d, n);
#endif

  publicKeyBlob.clear();
  publicKeyBlob.addString ("ssh-rsa");
  publicKeyBlob.addBigInt (e);
  publicKeyBlob.addBigInt (n);

  return true;
}
Ejemplo n.º 7
0
bool ne7ssh_keys::getDSAKeys (char* buffer, uint32 size)
{
//  DataSource_Memory privKeyPEMSrc (privKeyPEMStr);
  const char* headerDSA = "-----BEGIN DSA PRIVATE KEY-----\n";
  const char* footerDSA = "-----END DSA PRIVATE KEY-----\n";
  SecureVector<Botan::byte> keyDataRaw;
  BigInt p, q, g, y, x;
  char *start;
  uint32 version;

  start = buffer + strlen(headerDSA);
  Pipe base64dec (new Base64_Decoder);
  base64dec.process_msg ((Botan::byte*)start, size - strlen(footerDSA) - strlen(headerDSA));
  keyDataRaw = base64dec.read_all (PIPE_DEFAULT_MESSAGE);

  BER_Decoder decoder (keyDataRaw);

#if BOTAN_PRE_15
  BER_Decoder sequence = BER::get_subsequence(decoder);
  BER::decode (sequence, version);
#else
  BER_Decoder sequence = decoder.start_cons (SEQUENCE);
  sequence.decode (version);
#endif

  if (version)
  {
    ne7ssh::errors()->push (-1, "Encountered unknown DSA key version.");
    return false;
  }

#if BOTAN_PRE_15
  BER::decode (sequence, p);
  BER::decode (sequence, q);
  BER::decode (sequence, g);
  BER::decode (sequence, y);
  BER::decode (sequence, x);
#else
  sequence.decode (p);
  sequence.decode (q);
  sequence.decode (g);
  sequence.decode (y);
  sequence.decode (x);
#endif


  sequence.discard_remaining();
  sequence.verify_end();

  if (p.is_zero() || q.is_zero() || g.is_zero() || y.is_zero() || x.is_zero())
  {
    ne7ssh::errors()->push (-1, "Could not decode the supplied DSA key.");
    return false;
  }

  DL_Group dsaGroup (p, q, g);

#if BOTAN_PRE_18 || BOTAN_PRE_15
  dsaPrivateKey = new DSA_PrivateKey (dsaGroup, x);
#else
  dsaPrivateKey = new DSA_PrivateKey (*ne7ssh::rng, dsaGroup, x);
#endif
  publicKeyBlob.clear();
  publicKeyBlob.addString ("ssh-dss");
  publicKeyBlob.addBigInt (p);
  publicKeyBlob.addBigInt (q);
  publicKeyBlob.addBigInt (g);
  publicKeyBlob.addBigInt (y);

  return true;

}