diff options
Diffstat (limited to 'lib/public_key/src/pubkey_ssh.erl')
| -rw-r--r-- | lib/public_key/src/pubkey_ssh.erl | 246 | 
1 files changed, 133 insertions, 113 deletions
| diff --git a/lib/public_key/src/pubkey_ssh.erl b/lib/public_key/src/pubkey_ssh.erl index f0c94e29a5..008ea96dd3 100644 --- a/lib/public_key/src/pubkey_ssh.erl +++ b/lib/public_key/src/pubkey_ssh.erl @@ -47,7 +47,7 @@ decode(Bin, public_key)->  	    rfc4716_decode(Bin)      end;  decode(Bin, rfc4716_public_key) -> -     rfc4716_decode(Bin); +    rfc4716_decode(Bin);  decode(Bin, Type) ->      openssh_decode(Bin, Type). @@ -58,7 +58,7 @@ decode(Bin, Type) ->  %% Description: Encodes a list of ssh file entries.  %%--------------------------------------------------------------------  encode(Entries, Type) -> -    erlang:iolist_to_binary(lists:map(fun({Key, Attributes}) -> +    iolist_to_binary(lists:map(fun({Key, Attributes}) ->  					      do_encode(Type, Key, Attributes)  				      end, Entries)). @@ -106,7 +106,7 @@ rfc4716_decode_line(Line, Lines, Acc) ->  	_ ->  	    {Body, Rest} = join_entry([Line | Lines], []),  	    {lists:reverse(Acc), rfc4716_pubkey_decode(base64:mime_decode(Body)), Rest} -      end. +    end.  join_entry([<<"---- END SSH2 PUBLIC KEY ----", _/binary>>| Lines], Entry) ->      {lists:reverse(Entry), Lines}; @@ -115,16 +115,16 @@ join_entry([Line | Lines], Entry) ->  rfc4716_pubkey_decode(<<?UINT32(Len), Type:Len/binary, -	      ?UINT32(SizeE), E:SizeE/binary, -	      ?UINT32(SizeN), N:SizeN/binary>>) when Type == <<"ssh-rsa">> -> +			?UINT32(SizeE), E:SizeE/binary, +			?UINT32(SizeN), N:SizeN/binary>>) when Type == <<"ssh-rsa">> ->      #'RSAPublicKey'{modulus = erlint(SizeN, N),  		    publicExponent = erlint(SizeE, E)};  rfc4716_pubkey_decode(<<?UINT32(Len), Type:Len/binary, -	      ?UINT32(SizeP), P:SizeP/binary, -	      ?UINT32(SizeQ), Q:SizeQ/binary, -	      ?UINT32(SizeG), G:SizeG/binary, -	      ?UINT32(SizeY), Y:SizeY/binary>>) when Type == <<"ssh-dss">> -> +			?UINT32(SizeP), P:SizeP/binary, +			?UINT32(SizeQ), Q:SizeQ/binary, +			?UINT32(SizeG), G:SizeG/binary, +			?UINT32(SizeY), Y:SizeY/binary>>) when Type == <<"ssh-dss">> ->      {erlint(SizeY, Y),       #'Dss-Parms'{p = erlint(SizeP, P),  		  q = erlint(SizeQ, Q), @@ -143,94 +143,63 @@ do_openssh_decode(FileType, [<<>> | Lines], Acc) ->  do_openssh_decode(FileType,[<<"#", _/binary>> | Lines], Acc) ->      do_openssh_decode(FileType, Lines, Acc);  do_openssh_decode(auth_keys = FileType, [Line | Lines], Acc) -> -    Split = binary:split(Line, <<" ">>, [global]), -    case mend_split(Split, []) of -	%% ssh2 -	[KeyType, Base64Enc, Comment] -> +    case decode_auth_keys(Line) of +	{ssh2,  {options, [Options, KeyType, Base64Enc| Comment]}} ->  	    do_openssh_decode(FileType, Lines, -			      [{openssh_pubkey_decode(KeyType, Base64Enc), -				[{comment, string_decode(Comment)}]} | Acc]); -	%% ssh1 -	[Options, Bits, Exponent, Modulus, Comment] -> +			      [{openssh_pubkey_decode(KeyType, Base64Enc),  +				decode_comment(Comment) ++ [{options, comma_list_decode(Options)}]} | Acc]); +	{ssh2, {no_options, [KeyType, Base64Enc| Comment]}} -> +	    do_openssh_decode(FileType, Lines, +			      [{openssh_pubkey_decode(KeyType, Base64Enc),  +				decode_comment(Comment)} | Acc]); +	{ssh1, {options, [Options, Bits, Exponent, Modulus | Comment]}} ->  	    do_openssh_decode(FileType, Lines,  			      [{ssh1_rsa_pubkey_decode(Modulus, Exponent), -				[{comment, string_decode(Comment)}, -				 {options, comma_list_decode(Options)}, -				 {bits, integer_decode(Bits)}]} | Acc]); -	[A, B, C, D]  -> -	    ssh_2_or_1(FileType, Lines, Acc, A,B,C,D) +				decode_comment(Comment) ++ [{options, comma_list_decode(Options)}, +							    {bits, integer_decode(Bits)}] +			       } | Acc]); +	{ssh1, {no_options, [Bits, Exponent, Modulus | Comment]}} -> +	    do_openssh_decode(FileType, Lines, +			      [{ssh1_rsa_pubkey_decode(Modulus, Exponent), +				decode_comment(Comment) ++ [{bits, integer_decode(Bits)}] +			       } | Acc])      end;  do_openssh_decode(known_hosts = FileType, [Line | Lines], Acc) -> -    Split = binary:split(Line, <<" ">>, [global]), -    case mend_split(Split, []) of -	%% ssh 2 -	[HostNames, KeyType, Base64Enc] -> +    case decode_known_hosts(Line) of +	{ssh2, [HostNames, KeyType, Base64Enc| Comment]} ->  	    do_openssh_decode(FileType, Lines, -			      [{openssh_pubkey_decode(KeyType, Base64Enc), -				[{hostnames, comma_list_decode(HostNames)}]}| Acc]); -	[A, B, C, D] -> -	    ssh_2_or_1(FileType, Lines, Acc, A, B, C, D);			   -	%% ssh 1 -	[HostNames, Bits, Exponent, Modulus, Comment] -> +			      [{openssh_pubkey_decode(KeyType, Base64Enc),  +				decode_comment(Comment) ++  +				    [{hostnames, comma_list_decode(HostNames)}]}| Acc]); +	{ssh1, [HostNames, Bits, Exponent, Modulus | Comment]} ->  	    do_openssh_decode(FileType, Lines, -			      [{ssh1_rsa_pubkey_decode(Modulus, Exponent), -				[{comment, string_decode(Comment)}, -				 {hostnames, comma_list_decode(HostNames)}, -				 {bits, integer_decode(Bits)}]} | Acc]) -	end; +			      [{ssh1_rsa_pubkey_decode(Modulus, Exponent),  +				decode_comment(Comment) ++  +				    [{hostnames, comma_list_decode(HostNames)}, +				     {bits, integer_decode(Bits)}]}  +			       | Acc]) +    end;  do_openssh_decode(openssh_public_key = FileType, [Line | Lines], Acc) -> -    Split = binary:split(Line, <<" ">>, [global]), -    case mend_split(Split, []) of -	[KeyType, Base64Enc, Comment0] when KeyType == <<"ssh-rsa">>; -					    KeyType == <<"ssh-dss">> -> -	    Comment = string:strip(binary_to_list(Comment0), right, $\n), +    case split_n(2, Line, []) of +	[KeyType, Base64Enc] when KeyType == <<"ssh-rsa">>; +				  KeyType == <<"ssh-dss">> -> +	    do_openssh_decode(FileType, Lines, +			      [{openssh_pubkey_decode(KeyType, Base64Enc), +				[]} | Acc]); +	[KeyType, Base64Enc | Comment0] when KeyType == <<"ssh-rsa">>; +					     KeyType == <<"ssh-dss">> -> +	    Comment = string:strip(string_decode(iolist_to_binary(Comment0)), right, $\n),  	    do_openssh_decode(FileType, Lines,  			      [{openssh_pubkey_decode(KeyType, Base64Enc),  				[{comment, Comment}]} | Acc])      end. -ssh_2_or_1(known_hosts = FileType, Lines, Acc, A, B, C, D) -> -    try integer_decode(B) of -	Int ->  -	    file_type_decode_ssh1(FileType, Lines, Acc, A, Int, C,D) -    catch -	error:badarg  -> -	    file_type_decode_ssh2(FileType, Lines, Acc, A,B,C,D) -    end; -ssh_2_or_1(auth_keys = FileType, Lines, Acc, A, B, C, D) -> -  try integer_decode(A) of -	Int ->  -	    file_type_decode_ssh1(FileType, Lines, Acc, Int, B, C,D) -    catch -	error:badarg  -> -	    file_type_decode_ssh2(FileType, Lines, Acc, A,B,C,D) -    end. - -file_type_decode_ssh1(known_hosts = FileType, Lines, Acc, HostNames, Bits, Exponent, Modulus) -> -    do_openssh_decode(FileType, Lines, -		      [{ssh1_rsa_pubkey_decode(Modulus, Exponent), -			[{comment, []}, -			 {hostnames, comma_list_decode(HostNames)}, -			 {bits, Bits}]} | Acc]);   -file_type_decode_ssh1(auth_keys = FileType, Lines, Acc, Bits, Exponent, Modulus, Comment) -> -    do_openssh_decode(FileType, Lines, -		      [{ssh1_rsa_pubkey_decode(Modulus, Exponent), -			[{comment, string_decode(Comment)}, -			 {bits, Bits}]} | Acc]). - -file_type_decode_ssh2(known_hosts = FileType, Lines, Acc, HostNames, KeyType, Base64Enc, Comment) -> -    do_openssh_decode(FileType, Lines, -		      [{openssh_pubkey_decode(KeyType, Base64Enc), -			[{comment, string_decode(Comment)}, -			 {hostnames, comma_list_decode(HostNames)}]} | Acc]); -file_type_decode_ssh2(auth_keys = FileType, Lines, Acc, Options, KeyType, Base64Enc, Comment) -> -    do_openssh_decode(FileType, Lines, -		      [{openssh_pubkey_decode(KeyType, Base64Enc), -			[{comment, string_decode(Comment)}, -			 {options, comma_list_decode(Options)}]} -		       | Acc]). +decode_comment([]) -> +    []; +decode_comment(Comment) -> +    [{comment, string_decode(iolist_to_binary(Comment))}].  openssh_pubkey_decode(<<"ssh-rsa">>, Base64Enc) ->      <<?UINT32(StrLen), _:StrLen/binary, @@ -267,7 +236,7 @@ integer_decode(BinStr) ->      list_to_integer(binary_to_list(BinStr)).  string_decode(BinStr) -> -    binary_to_list(BinStr). +    unicode_decode(BinStr).  unicode_decode(BinStr) ->      unicode:characters_to_list(BinStr). @@ -285,11 +254,11 @@ do_encode(Type, Key, Attributes) ->      openssh_encode(Type, Key, Attributes).  rfc4716_encode(Key, [],[]) -> -    erlang:iolist_to_binary([begin_marker(),"\n", +    iolist_to_binary([begin_marker(),"\n",  			     split_lines(base64:encode(ssh2_pubkey_encode(Key))),  			     "\n", end_marker(), "\n"]);  rfc4716_encode(Key, [], [_|_] = Acc) -> -    erlang:iolist_to_binary([begin_marker(), "\n", +    iolist_to_binary([begin_marker(), "\n",  			     lists:reverse(Acc),  			     split_lines(base64:encode(ssh2_pubkey_encode(Key))),  			     "\n", end_marker(), "\n"]); @@ -319,9 +288,9 @@ rfc4716_encode_value(Value) ->      end.  openssh_encode(openssh_public_key, Key, Attributes) -> -    Comment = proplists:get_value(comment, Attributes), +    Comment = proplists:get_value(comment, Attributes, ""),      Enc = base64:encode(ssh2_pubkey_encode(Key)), -    erlang:iolist_to_binary([key_type(Key), " ",  Enc,  " ", Comment, "\n"]); +    iolist_to_binary([key_type(Key), " ",  Enc,  " ", Comment, "\n"]);  openssh_encode(auth_keys, Key, Attributes) ->      Comment = proplists:get_value(comment, Attributes, ""), @@ -345,30 +314,30 @@ openssh_encode(known_hosts, Key, Attributes) ->      end.  openssh_ssh2_auth_keys_encode(undefined, Key, Comment) -> -    erlang:iolist_to_binary([key_type(Key)," ",  base64:encode(ssh2_pubkey_encode(Key)), line_end(Comment)]); +    iolist_to_binary([key_type(Key)," ",  base64:encode(ssh2_pubkey_encode(Key)), line_end(Comment)]);  openssh_ssh2_auth_keys_encode(Options, Key, Comment) -> -    erlang:iolist_to_binary([comma_list_encode(Options, []), " ", +    iolist_to_binary([comma_list_encode(Options, []), " ",  			     key_type(Key)," ", base64:encode(ssh2_pubkey_encode(Key)), line_end(Comment)]).  openssh_ssh1_auth_keys_encode(undefined, Bits,  			      #'RSAPublicKey'{modulus = N, publicExponent = E},  			      Comment) -> -    erlang:iolist_to_binary([integer_to_list(Bits), " ", integer_to_list(E), " ", integer_to_list(N), +    iolist_to_binary([integer_to_list(Bits), " ", integer_to_list(E), " ", integer_to_list(N),  			     line_end(Comment)]);  openssh_ssh1_auth_keys_encode(Options, Bits,  			      #'RSAPublicKey'{modulus = N, publicExponent = E},  			      Comment) -> -    erlang:iolist_to_binary([comma_list_encode(Options, []), " ", integer_to_list(Bits), +    iolist_to_binary([comma_list_encode(Options, []), " ", integer_to_list(Bits),  			     " ", integer_to_list(E), " ", integer_to_list(N), line_end(Comment)]).  openssh_ssh2_know_hosts_encode(Hostnames, Key, Comment) -> -    erlang:iolist_to_binary([comma_list_encode(Hostnames, []), " ", +    iolist_to_binary([comma_list_encode(Hostnames, []), " ",  			     key_type(Key)," ",  base64:encode(ssh2_pubkey_encode(Key)), line_end(Comment)]).  openssh_ssh1_known_hosts_encode(Hostnames, Bits, -			      #'RSAPublicKey'{modulus = N, publicExponent = E}, -			      Comment) -> -    erlang:iolist_to_binary([comma_list_encode(Hostnames, [])," ", integer_to_list(Bits)," ", +				#'RSAPublicKey'{modulus = N, publicExponent = E}, +				Comment) -> +    iolist_to_binary([comma_list_encode(Hostnames, [])," ", integer_to_list(Bits)," ",  			     integer_to_list(E)," ", integer_to_list(N), line_end(Comment)]).  line_end("") -> @@ -411,24 +380,6 @@ ssh2_pubkey_encode({Y,  #'Dss-Parms'{p = P, q = Q, g = G}}) ->        GBin/binary,        YBin/binary>>. -mend_split([Part1, Part2 | Rest] = List, Acc) -> -    case option_end(Part1, Part2) of -	true -> -	    lists:reverse(Acc) ++ List; -	false -> -	    case length(binary:matches(Part1, <<"\"">>)) of -		N  when N rem 2 == 0 -> -		    mend_split(Rest, [Part1 | Acc]); -		_ -> -		    mend_split([<<Part1/binary, Part2/binary>> | Rest], Acc) -	    end -    end. - -option_end(Part1, Part2) -> -    (is_key_field(Part1) orelse is_bits_field(Part1)) -	orelse -	  (is_key_field(Part2) orelse is_bits_field(Part2)). -  is_key_field(<<"ssh-dss">>) ->      true;  is_key_field(<<"ssh-rsa">>) -> @@ -456,3 +407,72 @@ split_lines(<<Text:?ENCODED_LINE_LENGTH/binary, Rest/binary>>) ->      [Text, $\n | split_lines(Rest)];  split_lines(Bin) ->      [Bin]. + +decode_auth_keys(Line) -> +    [First, Rest] = binary:split(Line, <<" ">>, []), +    case is_key_field(First) of +	true  -> +	    {ssh2, decode_auth_keys_ssh2(First, Rest)}; +	false -> +	    case is_bits_field(First) of +		true -> +		    {ssh1, decode_auth_keys_ssh1(First, Rest)}; +		false -> +		    decode_auth_keys(First, Rest) +	    end +    end. + +decode_auth_keys(First, Line) -> +    [Second, Rest] = binary:split(Line, <<" ">>, []), +    case is_key_field(Second) of +	true ->  +	    {ssh2, decode_auth_keys_ssh2(First, Second, Rest)}; +	false -> +	    case is_bits_field(Second) of +		true ->  +		    {ssh1, decode_auth_keys_ssh1(First, Second, Rest)}; +		false -> +		    decode_auth_keys(<<First/binary, Second/binary>>, Rest) +	    end +    end. + +decode_auth_keys_ssh2(KeyType, Rest) -> +    {no_options, [KeyType | split_n(1, Rest,  [])]}. + +decode_auth_keys_ssh2(Options, Next, Rest) -> +    {options, [Options, Next | split_n(1, Rest,  [])]}. + +decode_auth_keys_ssh1(Options, Next, Rest) -> +    {options, [Options, Next | split_n(2, Rest,  [])]}. + +decode_auth_keys_ssh1(First, Rest) -> +    {no_options, [First | split_n(2, Rest, [])]}. + +decode_known_hosts(Line) -> +    [First, Rest] = binary:split(Line, <<" ">>, []), +    [Second, Rest1] = binary:split(Rest, <<" ">>, []), + +    case is_bits_field(Second) of +	true -> +	    {ssh1, decode_known_hosts_ssh1(First, Second, Rest1)}; +	false -> +	    {ssh2, decode_known_hosts_ssh2(First, Second, Rest1)} +    end. + +decode_known_hosts_ssh1(Hostnames, Bits, Rest) -> +    [Hostnames, Bits | split_n(2, Rest,  [])]. + +decode_known_hosts_ssh2(Hostnames, KeyType, Rest) -> +    [Hostnames, KeyType | split_n(1, Rest,  [])]. + +split_n(0, <<>>, Acc) -> +    lists:reverse(Acc); +split_n(0, Bin, Acc) -> +    lists:reverse([Bin | Acc]); +split_n(N, Bin, Acc) -> +    case binary:split(Bin, <<" ">>, []) of +	[First, Rest] -> +	    split_n(N-1, Rest, [First | Acc]); +	[Last] -> +	    split_n(0, <<>>, [Last | Acc]) +    end. | 
