diff options
Diffstat (limited to 'lib/public_key/src')
-rw-r--r-- | lib/public_key/src/pubkey_cert.erl | 4 | ||||
-rw-r--r-- | lib/public_key/src/pubkey_ssh.erl | 246 |
2 files changed, 137 insertions, 113 deletions
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl index b76e32a2a0..f9e2025479 100644 --- a/lib/public_key/src/pubkey_cert.erl +++ b/lib/public_key/src/pubkey_cert.erl @@ -376,8 +376,12 @@ encoded_tbs_cert(Cert) -> digest_type(?sha1WithRSAEncryption) -> sha; +digest_type(?sha224WithRSAEncryption) -> + sha224; digest_type(?sha256WithRSAEncryption) -> sha256; +digest_type(?sha384WithRSAEncryption) -> + sha384; digest_type(?sha512WithRSAEncryption) -> sha512; digest_type(?md5WithRSAEncryption) -> diff --git a/lib/public_key/src/pubkey_ssh.erl b/lib/public_key/src/pubkey_ssh.erl index f0c94e29a5..008ea96dd3 100644 --- a/lib/public_key/src/pubkey_ssh.erl +++ b/lib/public_key/src/pubkey_ssh.erl @@ -47,7 +47,7 @@ decode(Bin, public_key)-> rfc4716_decode(Bin) end; decode(Bin, rfc4716_public_key) -> - rfc4716_decode(Bin); + rfc4716_decode(Bin); decode(Bin, Type) -> openssh_decode(Bin, Type). @@ -58,7 +58,7 @@ decode(Bin, Type) -> %% Description: Encodes a list of ssh file entries. %%-------------------------------------------------------------------- encode(Entries, Type) -> - erlang:iolist_to_binary(lists:map(fun({Key, Attributes}) -> + iolist_to_binary(lists:map(fun({Key, Attributes}) -> do_encode(Type, Key, Attributes) end, Entries)). @@ -106,7 +106,7 @@ rfc4716_decode_line(Line, Lines, Acc) -> _ -> {Body, Rest} = join_entry([Line | Lines], []), {lists:reverse(Acc), rfc4716_pubkey_decode(base64:mime_decode(Body)), Rest} - end. + end. join_entry([<<"---- END SSH2 PUBLIC KEY ----", _/binary>>| Lines], Entry) -> {lists:reverse(Entry), Lines}; @@ -115,16 +115,16 @@ join_entry([Line | Lines], Entry) -> rfc4716_pubkey_decode(<<?UINT32(Len), Type:Len/binary, - ?UINT32(SizeE), E:SizeE/binary, - ?UINT32(SizeN), N:SizeN/binary>>) when Type == <<"ssh-rsa">> -> + ?UINT32(SizeE), E:SizeE/binary, + ?UINT32(SizeN), N:SizeN/binary>>) when Type == <<"ssh-rsa">> -> #'RSAPublicKey'{modulus = erlint(SizeN, N), publicExponent = erlint(SizeE, E)}; rfc4716_pubkey_decode(<<?UINT32(Len), Type:Len/binary, - ?UINT32(SizeP), P:SizeP/binary, - ?UINT32(SizeQ), Q:SizeQ/binary, - ?UINT32(SizeG), G:SizeG/binary, - ?UINT32(SizeY), Y:SizeY/binary>>) when Type == <<"ssh-dss">> -> + ?UINT32(SizeP), P:SizeP/binary, + ?UINT32(SizeQ), Q:SizeQ/binary, + ?UINT32(SizeG), G:SizeG/binary, + ?UINT32(SizeY), Y:SizeY/binary>>) when Type == <<"ssh-dss">> -> {erlint(SizeY, Y), #'Dss-Parms'{p = erlint(SizeP, P), q = erlint(SizeQ, Q), @@ -143,94 +143,63 @@ do_openssh_decode(FileType, [<<>> | Lines], Acc) -> do_openssh_decode(FileType,[<<"#", _/binary>> | Lines], Acc) -> do_openssh_decode(FileType, Lines, Acc); do_openssh_decode(auth_keys = FileType, [Line | Lines], Acc) -> - Split = binary:split(Line, <<" ">>, [global]), - case mend_split(Split, []) of - %% ssh2 - [KeyType, Base64Enc, Comment] -> + case decode_auth_keys(Line) of + {ssh2, {options, [Options, KeyType, Base64Enc| Comment]}} -> do_openssh_decode(FileType, Lines, - [{openssh_pubkey_decode(KeyType, Base64Enc), - [{comment, string_decode(Comment)}]} | Acc]); - %% ssh1 - [Options, Bits, Exponent, Modulus, Comment] -> + [{openssh_pubkey_decode(KeyType, Base64Enc), + decode_comment(Comment) ++ [{options, comma_list_decode(Options)}]} | Acc]); + {ssh2, {no_options, [KeyType, Base64Enc| Comment]}} -> + do_openssh_decode(FileType, Lines, + [{openssh_pubkey_decode(KeyType, Base64Enc), + decode_comment(Comment)} | Acc]); + {ssh1, {options, [Options, Bits, Exponent, Modulus | Comment]}} -> do_openssh_decode(FileType, Lines, [{ssh1_rsa_pubkey_decode(Modulus, Exponent), - [{comment, string_decode(Comment)}, - {options, comma_list_decode(Options)}, - {bits, integer_decode(Bits)}]} | Acc]); - [A, B, C, D] -> - ssh_2_or_1(FileType, Lines, Acc, A,B,C,D) + decode_comment(Comment) ++ [{options, comma_list_decode(Options)}, + {bits, integer_decode(Bits)}] + } | Acc]); + {ssh1, {no_options, [Bits, Exponent, Modulus | Comment]}} -> + do_openssh_decode(FileType, Lines, + [{ssh1_rsa_pubkey_decode(Modulus, Exponent), + decode_comment(Comment) ++ [{bits, integer_decode(Bits)}] + } | Acc]) end; do_openssh_decode(known_hosts = FileType, [Line | Lines], Acc) -> - Split = binary:split(Line, <<" ">>, [global]), - case mend_split(Split, []) of - %% ssh 2 - [HostNames, KeyType, Base64Enc] -> + case decode_known_hosts(Line) of + {ssh2, [HostNames, KeyType, Base64Enc| Comment]} -> do_openssh_decode(FileType, Lines, - [{openssh_pubkey_decode(KeyType, Base64Enc), - [{hostnames, comma_list_decode(HostNames)}]}| Acc]); - [A, B, C, D] -> - ssh_2_or_1(FileType, Lines, Acc, A, B, C, D); - %% ssh 1 - [HostNames, Bits, Exponent, Modulus, Comment] -> + [{openssh_pubkey_decode(KeyType, Base64Enc), + decode_comment(Comment) ++ + [{hostnames, comma_list_decode(HostNames)}]}| Acc]); + {ssh1, [HostNames, Bits, Exponent, Modulus | Comment]} -> do_openssh_decode(FileType, Lines, - [{ssh1_rsa_pubkey_decode(Modulus, Exponent), - [{comment, string_decode(Comment)}, - {hostnames, comma_list_decode(HostNames)}, - {bits, integer_decode(Bits)}]} | Acc]) - end; + [{ssh1_rsa_pubkey_decode(Modulus, Exponent), + decode_comment(Comment) ++ + [{hostnames, comma_list_decode(HostNames)}, + {bits, integer_decode(Bits)}]} + | Acc]) + end; do_openssh_decode(openssh_public_key = FileType, [Line | Lines], Acc) -> - Split = binary:split(Line, <<" ">>, [global]), - case mend_split(Split, []) of - [KeyType, Base64Enc, Comment0] when KeyType == <<"ssh-rsa">>; - KeyType == <<"ssh-dss">> -> - Comment = string:strip(binary_to_list(Comment0), right, $\n), + case split_n(2, Line, []) of + [KeyType, Base64Enc] when KeyType == <<"ssh-rsa">>; + KeyType == <<"ssh-dss">> -> + do_openssh_decode(FileType, Lines, + [{openssh_pubkey_decode(KeyType, Base64Enc), + []} | Acc]); + [KeyType, Base64Enc | Comment0] when KeyType == <<"ssh-rsa">>; + KeyType == <<"ssh-dss">> -> + Comment = string:strip(string_decode(iolist_to_binary(Comment0)), right, $\n), do_openssh_decode(FileType, Lines, [{openssh_pubkey_decode(KeyType, Base64Enc), [{comment, Comment}]} | Acc]) end. -ssh_2_or_1(known_hosts = FileType, Lines, Acc, A, B, C, D) -> - try integer_decode(B) of - Int -> - file_type_decode_ssh1(FileType, Lines, Acc, A, Int, C,D) - catch - error:badarg -> - file_type_decode_ssh2(FileType, Lines, Acc, A,B,C,D) - end; -ssh_2_or_1(auth_keys = FileType, Lines, Acc, A, B, C, D) -> - try integer_decode(A) of - Int -> - file_type_decode_ssh1(FileType, Lines, Acc, Int, B, C,D) - catch - error:badarg -> - file_type_decode_ssh2(FileType, Lines, Acc, A,B,C,D) - end. - -file_type_decode_ssh1(known_hosts = FileType, Lines, Acc, HostNames, Bits, Exponent, Modulus) -> - do_openssh_decode(FileType, Lines, - [{ssh1_rsa_pubkey_decode(Modulus, Exponent), - [{comment, []}, - {hostnames, comma_list_decode(HostNames)}, - {bits, Bits}]} | Acc]); -file_type_decode_ssh1(auth_keys = FileType, Lines, Acc, Bits, Exponent, Modulus, Comment) -> - do_openssh_decode(FileType, Lines, - [{ssh1_rsa_pubkey_decode(Modulus, Exponent), - [{comment, string_decode(Comment)}, - {bits, Bits}]} | Acc]). - -file_type_decode_ssh2(known_hosts = FileType, Lines, Acc, HostNames, KeyType, Base64Enc, Comment) -> - do_openssh_decode(FileType, Lines, - [{openssh_pubkey_decode(KeyType, Base64Enc), - [{comment, string_decode(Comment)}, - {hostnames, comma_list_decode(HostNames)}]} | Acc]); -file_type_decode_ssh2(auth_keys = FileType, Lines, Acc, Options, KeyType, Base64Enc, Comment) -> - do_openssh_decode(FileType, Lines, - [{openssh_pubkey_decode(KeyType, Base64Enc), - [{comment, string_decode(Comment)}, - {options, comma_list_decode(Options)}]} - | Acc]). +decode_comment([]) -> + []; +decode_comment(Comment) -> + [{comment, string_decode(iolist_to_binary(Comment))}]. openssh_pubkey_decode(<<"ssh-rsa">>, Base64Enc) -> <<?UINT32(StrLen), _:StrLen/binary, @@ -267,7 +236,7 @@ integer_decode(BinStr) -> list_to_integer(binary_to_list(BinStr)). string_decode(BinStr) -> - binary_to_list(BinStr). + unicode_decode(BinStr). unicode_decode(BinStr) -> unicode:characters_to_list(BinStr). @@ -285,11 +254,11 @@ do_encode(Type, Key, Attributes) -> openssh_encode(Type, Key, Attributes). rfc4716_encode(Key, [],[]) -> - erlang:iolist_to_binary([begin_marker(),"\n", + iolist_to_binary([begin_marker(),"\n", split_lines(base64:encode(ssh2_pubkey_encode(Key))), "\n", end_marker(), "\n"]); rfc4716_encode(Key, [], [_|_] = Acc) -> - erlang:iolist_to_binary([begin_marker(), "\n", + iolist_to_binary([begin_marker(), "\n", lists:reverse(Acc), split_lines(base64:encode(ssh2_pubkey_encode(Key))), "\n", end_marker(), "\n"]); @@ -319,9 +288,9 @@ rfc4716_encode_value(Value) -> end. openssh_encode(openssh_public_key, Key, Attributes) -> - Comment = proplists:get_value(comment, Attributes), + Comment = proplists:get_value(comment, Attributes, ""), Enc = base64:encode(ssh2_pubkey_encode(Key)), - erlang:iolist_to_binary([key_type(Key), " ", Enc, " ", Comment, "\n"]); + iolist_to_binary([key_type(Key), " ", Enc, " ", Comment, "\n"]); openssh_encode(auth_keys, Key, Attributes) -> Comment = proplists:get_value(comment, Attributes, ""), @@ -345,30 +314,30 @@ openssh_encode(known_hosts, Key, Attributes) -> end. openssh_ssh2_auth_keys_encode(undefined, Key, Comment) -> - erlang:iolist_to_binary([key_type(Key)," ", base64:encode(ssh2_pubkey_encode(Key)), line_end(Comment)]); + iolist_to_binary([key_type(Key)," ", base64:encode(ssh2_pubkey_encode(Key)), line_end(Comment)]); openssh_ssh2_auth_keys_encode(Options, Key, Comment) -> - erlang:iolist_to_binary([comma_list_encode(Options, []), " ", + iolist_to_binary([comma_list_encode(Options, []), " ", key_type(Key)," ", base64:encode(ssh2_pubkey_encode(Key)), line_end(Comment)]). openssh_ssh1_auth_keys_encode(undefined, Bits, #'RSAPublicKey'{modulus = N, publicExponent = E}, Comment) -> - erlang:iolist_to_binary([integer_to_list(Bits), " ", integer_to_list(E), " ", integer_to_list(N), + iolist_to_binary([integer_to_list(Bits), " ", integer_to_list(E), " ", integer_to_list(N), line_end(Comment)]); openssh_ssh1_auth_keys_encode(Options, Bits, #'RSAPublicKey'{modulus = N, publicExponent = E}, Comment) -> - erlang:iolist_to_binary([comma_list_encode(Options, []), " ", integer_to_list(Bits), + iolist_to_binary([comma_list_encode(Options, []), " ", integer_to_list(Bits), " ", integer_to_list(E), " ", integer_to_list(N), line_end(Comment)]). openssh_ssh2_know_hosts_encode(Hostnames, Key, Comment) -> - erlang:iolist_to_binary([comma_list_encode(Hostnames, []), " ", + iolist_to_binary([comma_list_encode(Hostnames, []), " ", key_type(Key)," ", base64:encode(ssh2_pubkey_encode(Key)), line_end(Comment)]). openssh_ssh1_known_hosts_encode(Hostnames, Bits, - #'RSAPublicKey'{modulus = N, publicExponent = E}, - Comment) -> - erlang:iolist_to_binary([comma_list_encode(Hostnames, [])," ", integer_to_list(Bits)," ", + #'RSAPublicKey'{modulus = N, publicExponent = E}, + Comment) -> + iolist_to_binary([comma_list_encode(Hostnames, [])," ", integer_to_list(Bits)," ", integer_to_list(E)," ", integer_to_list(N), line_end(Comment)]). line_end("") -> @@ -411,24 +380,6 @@ ssh2_pubkey_encode({Y, #'Dss-Parms'{p = P, q = Q, g = G}}) -> GBin/binary, YBin/binary>>. -mend_split([Part1, Part2 | Rest] = List, Acc) -> - case option_end(Part1, Part2) of - true -> - lists:reverse(Acc) ++ List; - false -> - case length(binary:matches(Part1, <<"\"">>)) of - N when N rem 2 == 0 -> - mend_split(Rest, [Part1 | Acc]); - _ -> - mend_split([<<Part1/binary, Part2/binary>> | Rest], Acc) - end - end. - -option_end(Part1, Part2) -> - (is_key_field(Part1) orelse is_bits_field(Part1)) - orelse - (is_key_field(Part2) orelse is_bits_field(Part2)). - is_key_field(<<"ssh-dss">>) -> true; is_key_field(<<"ssh-rsa">>) -> @@ -456,3 +407,72 @@ split_lines(<<Text:?ENCODED_LINE_LENGTH/binary, Rest/binary>>) -> [Text, $\n | split_lines(Rest)]; split_lines(Bin) -> [Bin]. + +decode_auth_keys(Line) -> + [First, Rest] = binary:split(Line, <<" ">>, []), + case is_key_field(First) of + true -> + {ssh2, decode_auth_keys_ssh2(First, Rest)}; + false -> + case is_bits_field(First) of + true -> + {ssh1, decode_auth_keys_ssh1(First, Rest)}; + false -> + decode_auth_keys(First, Rest) + end + end. + +decode_auth_keys(First, Line) -> + [Second, Rest] = binary:split(Line, <<" ">>, []), + case is_key_field(Second) of + true -> + {ssh2, decode_auth_keys_ssh2(First, Second, Rest)}; + false -> + case is_bits_field(Second) of + true -> + {ssh1, decode_auth_keys_ssh1(First, Second, Rest)}; + false -> + decode_auth_keys(<<First/binary, Second/binary>>, Rest) + end + end. + +decode_auth_keys_ssh2(KeyType, Rest) -> + {no_options, [KeyType | split_n(1, Rest, [])]}. + +decode_auth_keys_ssh2(Options, Next, Rest) -> + {options, [Options, Next | split_n(1, Rest, [])]}. + +decode_auth_keys_ssh1(Options, Next, Rest) -> + {options, [Options, Next | split_n(2, Rest, [])]}. + +decode_auth_keys_ssh1(First, Rest) -> + {no_options, [First | split_n(2, Rest, [])]}. + +decode_known_hosts(Line) -> + [First, Rest] = binary:split(Line, <<" ">>, []), + [Second, Rest1] = binary:split(Rest, <<" ">>, []), + + case is_bits_field(Second) of + true -> + {ssh1, decode_known_hosts_ssh1(First, Second, Rest1)}; + false -> + {ssh2, decode_known_hosts_ssh2(First, Second, Rest1)} + end. + +decode_known_hosts_ssh1(Hostnames, Bits, Rest) -> + [Hostnames, Bits | split_n(2, Rest, [])]. + +decode_known_hosts_ssh2(Hostnames, KeyType, Rest) -> + [Hostnames, KeyType | split_n(1, Rest, [])]. + +split_n(0, <<>>, Acc) -> + lists:reverse(Acc); +split_n(0, Bin, Acc) -> + lists:reverse([Bin | Acc]); +split_n(N, Bin, Acc) -> + case binary:split(Bin, <<" ">>, []) of + [First, Rest] -> + split_n(N-1, Rest, [First | Acc]); + [Last] -> + split_n(0, <<>>, [Last | Acc]) + end. |