aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/src
diff options
context:
space:
mode:
Diffstat (limited to 'lib/public_key/src')
-rw-r--r--lib/public_key/src/pubkey_cert.erl4
-rw-r--r--lib/public_key/src/pubkey_ssh.erl246
2 files changed, 137 insertions, 113 deletions
diff --git a/lib/public_key/src/pubkey_cert.erl b/lib/public_key/src/pubkey_cert.erl
index b76e32a2a0..f9e2025479 100644
--- a/lib/public_key/src/pubkey_cert.erl
+++ b/lib/public_key/src/pubkey_cert.erl
@@ -376,8 +376,12 @@ encoded_tbs_cert(Cert) ->
digest_type(?sha1WithRSAEncryption) ->
sha;
+digest_type(?sha224WithRSAEncryption) ->
+ sha224;
digest_type(?sha256WithRSAEncryption) ->
sha256;
+digest_type(?sha384WithRSAEncryption) ->
+ sha384;
digest_type(?sha512WithRSAEncryption) ->
sha512;
digest_type(?md5WithRSAEncryption) ->
diff --git a/lib/public_key/src/pubkey_ssh.erl b/lib/public_key/src/pubkey_ssh.erl
index f0c94e29a5..008ea96dd3 100644
--- a/lib/public_key/src/pubkey_ssh.erl
+++ b/lib/public_key/src/pubkey_ssh.erl
@@ -47,7 +47,7 @@ decode(Bin, public_key)->
rfc4716_decode(Bin)
end;
decode(Bin, rfc4716_public_key) ->
- rfc4716_decode(Bin);
+ rfc4716_decode(Bin);
decode(Bin, Type) ->
openssh_decode(Bin, Type).
@@ -58,7 +58,7 @@ decode(Bin, Type) ->
%% Description: Encodes a list of ssh file entries.
%%--------------------------------------------------------------------
encode(Entries, Type) ->
- erlang:iolist_to_binary(lists:map(fun({Key, Attributes}) ->
+ iolist_to_binary(lists:map(fun({Key, Attributes}) ->
do_encode(Type, Key, Attributes)
end, Entries)).
@@ -106,7 +106,7 @@ rfc4716_decode_line(Line, Lines, Acc) ->
_ ->
{Body, Rest} = join_entry([Line | Lines], []),
{lists:reverse(Acc), rfc4716_pubkey_decode(base64:mime_decode(Body)), Rest}
- end.
+ end.
join_entry([<<"---- END SSH2 PUBLIC KEY ----", _/binary>>| Lines], Entry) ->
{lists:reverse(Entry), Lines};
@@ -115,16 +115,16 @@ join_entry([Line | Lines], Entry) ->
rfc4716_pubkey_decode(<<?UINT32(Len), Type:Len/binary,
- ?UINT32(SizeE), E:SizeE/binary,
- ?UINT32(SizeN), N:SizeN/binary>>) when Type == <<"ssh-rsa">> ->
+ ?UINT32(SizeE), E:SizeE/binary,
+ ?UINT32(SizeN), N:SizeN/binary>>) when Type == <<"ssh-rsa">> ->
#'RSAPublicKey'{modulus = erlint(SizeN, N),
publicExponent = erlint(SizeE, E)};
rfc4716_pubkey_decode(<<?UINT32(Len), Type:Len/binary,
- ?UINT32(SizeP), P:SizeP/binary,
- ?UINT32(SizeQ), Q:SizeQ/binary,
- ?UINT32(SizeG), G:SizeG/binary,
- ?UINT32(SizeY), Y:SizeY/binary>>) when Type == <<"ssh-dss">> ->
+ ?UINT32(SizeP), P:SizeP/binary,
+ ?UINT32(SizeQ), Q:SizeQ/binary,
+ ?UINT32(SizeG), G:SizeG/binary,
+ ?UINT32(SizeY), Y:SizeY/binary>>) when Type == <<"ssh-dss">> ->
{erlint(SizeY, Y),
#'Dss-Parms'{p = erlint(SizeP, P),
q = erlint(SizeQ, Q),
@@ -143,94 +143,63 @@ do_openssh_decode(FileType, [<<>> | Lines], Acc) ->
do_openssh_decode(FileType,[<<"#", _/binary>> | Lines], Acc) ->
do_openssh_decode(FileType, Lines, Acc);
do_openssh_decode(auth_keys = FileType, [Line | Lines], Acc) ->
- Split = binary:split(Line, <<" ">>, [global]),
- case mend_split(Split, []) of
- %% ssh2
- [KeyType, Base64Enc, Comment] ->
+ case decode_auth_keys(Line) of
+ {ssh2, {options, [Options, KeyType, Base64Enc| Comment]}} ->
do_openssh_decode(FileType, Lines,
- [{openssh_pubkey_decode(KeyType, Base64Enc),
- [{comment, string_decode(Comment)}]} | Acc]);
- %% ssh1
- [Options, Bits, Exponent, Modulus, Comment] ->
+ [{openssh_pubkey_decode(KeyType, Base64Enc),
+ decode_comment(Comment) ++ [{options, comma_list_decode(Options)}]} | Acc]);
+ {ssh2, {no_options, [KeyType, Base64Enc| Comment]}} ->
+ do_openssh_decode(FileType, Lines,
+ [{openssh_pubkey_decode(KeyType, Base64Enc),
+ decode_comment(Comment)} | Acc]);
+ {ssh1, {options, [Options, Bits, Exponent, Modulus | Comment]}} ->
do_openssh_decode(FileType, Lines,
[{ssh1_rsa_pubkey_decode(Modulus, Exponent),
- [{comment, string_decode(Comment)},
- {options, comma_list_decode(Options)},
- {bits, integer_decode(Bits)}]} | Acc]);
- [A, B, C, D] ->
- ssh_2_or_1(FileType, Lines, Acc, A,B,C,D)
+ decode_comment(Comment) ++ [{options, comma_list_decode(Options)},
+ {bits, integer_decode(Bits)}]
+ } | Acc]);
+ {ssh1, {no_options, [Bits, Exponent, Modulus | Comment]}} ->
+ do_openssh_decode(FileType, Lines,
+ [{ssh1_rsa_pubkey_decode(Modulus, Exponent),
+ decode_comment(Comment) ++ [{bits, integer_decode(Bits)}]
+ } | Acc])
end;
do_openssh_decode(known_hosts = FileType, [Line | Lines], Acc) ->
- Split = binary:split(Line, <<" ">>, [global]),
- case mend_split(Split, []) of
- %% ssh 2
- [HostNames, KeyType, Base64Enc] ->
+ case decode_known_hosts(Line) of
+ {ssh2, [HostNames, KeyType, Base64Enc| Comment]} ->
do_openssh_decode(FileType, Lines,
- [{openssh_pubkey_decode(KeyType, Base64Enc),
- [{hostnames, comma_list_decode(HostNames)}]}| Acc]);
- [A, B, C, D] ->
- ssh_2_or_1(FileType, Lines, Acc, A, B, C, D);
- %% ssh 1
- [HostNames, Bits, Exponent, Modulus, Comment] ->
+ [{openssh_pubkey_decode(KeyType, Base64Enc),
+ decode_comment(Comment) ++
+ [{hostnames, comma_list_decode(HostNames)}]}| Acc]);
+ {ssh1, [HostNames, Bits, Exponent, Modulus | Comment]} ->
do_openssh_decode(FileType, Lines,
- [{ssh1_rsa_pubkey_decode(Modulus, Exponent),
- [{comment, string_decode(Comment)},
- {hostnames, comma_list_decode(HostNames)},
- {bits, integer_decode(Bits)}]} | Acc])
- end;
+ [{ssh1_rsa_pubkey_decode(Modulus, Exponent),
+ decode_comment(Comment) ++
+ [{hostnames, comma_list_decode(HostNames)},
+ {bits, integer_decode(Bits)}]}
+ | Acc])
+ end;
do_openssh_decode(openssh_public_key = FileType, [Line | Lines], Acc) ->
- Split = binary:split(Line, <<" ">>, [global]),
- case mend_split(Split, []) of
- [KeyType, Base64Enc, Comment0] when KeyType == <<"ssh-rsa">>;
- KeyType == <<"ssh-dss">> ->
- Comment = string:strip(binary_to_list(Comment0), right, $\n),
+ case split_n(2, Line, []) of
+ [KeyType, Base64Enc] when KeyType == <<"ssh-rsa">>;
+ KeyType == <<"ssh-dss">> ->
+ do_openssh_decode(FileType, Lines,
+ [{openssh_pubkey_decode(KeyType, Base64Enc),
+ []} | Acc]);
+ [KeyType, Base64Enc | Comment0] when KeyType == <<"ssh-rsa">>;
+ KeyType == <<"ssh-dss">> ->
+ Comment = string:strip(string_decode(iolist_to_binary(Comment0)), right, $\n),
do_openssh_decode(FileType, Lines,
[{openssh_pubkey_decode(KeyType, Base64Enc),
[{comment, Comment}]} | Acc])
end.
-ssh_2_or_1(known_hosts = FileType, Lines, Acc, A, B, C, D) ->
- try integer_decode(B) of
- Int ->
- file_type_decode_ssh1(FileType, Lines, Acc, A, Int, C,D)
- catch
- error:badarg ->
- file_type_decode_ssh2(FileType, Lines, Acc, A,B,C,D)
- end;
-ssh_2_or_1(auth_keys = FileType, Lines, Acc, A, B, C, D) ->
- try integer_decode(A) of
- Int ->
- file_type_decode_ssh1(FileType, Lines, Acc, Int, B, C,D)
- catch
- error:badarg ->
- file_type_decode_ssh2(FileType, Lines, Acc, A,B,C,D)
- end.
-
-file_type_decode_ssh1(known_hosts = FileType, Lines, Acc, HostNames, Bits, Exponent, Modulus) ->
- do_openssh_decode(FileType, Lines,
- [{ssh1_rsa_pubkey_decode(Modulus, Exponent),
- [{comment, []},
- {hostnames, comma_list_decode(HostNames)},
- {bits, Bits}]} | Acc]);
-file_type_decode_ssh1(auth_keys = FileType, Lines, Acc, Bits, Exponent, Modulus, Comment) ->
- do_openssh_decode(FileType, Lines,
- [{ssh1_rsa_pubkey_decode(Modulus, Exponent),
- [{comment, string_decode(Comment)},
- {bits, Bits}]} | Acc]).
-
-file_type_decode_ssh2(known_hosts = FileType, Lines, Acc, HostNames, KeyType, Base64Enc, Comment) ->
- do_openssh_decode(FileType, Lines,
- [{openssh_pubkey_decode(KeyType, Base64Enc),
- [{comment, string_decode(Comment)},
- {hostnames, comma_list_decode(HostNames)}]} | Acc]);
-file_type_decode_ssh2(auth_keys = FileType, Lines, Acc, Options, KeyType, Base64Enc, Comment) ->
- do_openssh_decode(FileType, Lines,
- [{openssh_pubkey_decode(KeyType, Base64Enc),
- [{comment, string_decode(Comment)},
- {options, comma_list_decode(Options)}]}
- | Acc]).
+decode_comment([]) ->
+ [];
+decode_comment(Comment) ->
+ [{comment, string_decode(iolist_to_binary(Comment))}].
openssh_pubkey_decode(<<"ssh-rsa">>, Base64Enc) ->
<<?UINT32(StrLen), _:StrLen/binary,
@@ -267,7 +236,7 @@ integer_decode(BinStr) ->
list_to_integer(binary_to_list(BinStr)).
string_decode(BinStr) ->
- binary_to_list(BinStr).
+ unicode_decode(BinStr).
unicode_decode(BinStr) ->
unicode:characters_to_list(BinStr).
@@ -285,11 +254,11 @@ do_encode(Type, Key, Attributes) ->
openssh_encode(Type, Key, Attributes).
rfc4716_encode(Key, [],[]) ->
- erlang:iolist_to_binary([begin_marker(),"\n",
+ iolist_to_binary([begin_marker(),"\n",
split_lines(base64:encode(ssh2_pubkey_encode(Key))),
"\n", end_marker(), "\n"]);
rfc4716_encode(Key, [], [_|_] = Acc) ->
- erlang:iolist_to_binary([begin_marker(), "\n",
+ iolist_to_binary([begin_marker(), "\n",
lists:reverse(Acc),
split_lines(base64:encode(ssh2_pubkey_encode(Key))),
"\n", end_marker(), "\n"]);
@@ -319,9 +288,9 @@ rfc4716_encode_value(Value) ->
end.
openssh_encode(openssh_public_key, Key, Attributes) ->
- Comment = proplists:get_value(comment, Attributes),
+ Comment = proplists:get_value(comment, Attributes, ""),
Enc = base64:encode(ssh2_pubkey_encode(Key)),
- erlang:iolist_to_binary([key_type(Key), " ", Enc, " ", Comment, "\n"]);
+ iolist_to_binary([key_type(Key), " ", Enc, " ", Comment, "\n"]);
openssh_encode(auth_keys, Key, Attributes) ->
Comment = proplists:get_value(comment, Attributes, ""),
@@ -345,30 +314,30 @@ openssh_encode(known_hosts, Key, Attributes) ->
end.
openssh_ssh2_auth_keys_encode(undefined, Key, Comment) ->
- erlang:iolist_to_binary([key_type(Key)," ", base64:encode(ssh2_pubkey_encode(Key)), line_end(Comment)]);
+ iolist_to_binary([key_type(Key)," ", base64:encode(ssh2_pubkey_encode(Key)), line_end(Comment)]);
openssh_ssh2_auth_keys_encode(Options, Key, Comment) ->
- erlang:iolist_to_binary([comma_list_encode(Options, []), " ",
+ iolist_to_binary([comma_list_encode(Options, []), " ",
key_type(Key)," ", base64:encode(ssh2_pubkey_encode(Key)), line_end(Comment)]).
openssh_ssh1_auth_keys_encode(undefined, Bits,
#'RSAPublicKey'{modulus = N, publicExponent = E},
Comment) ->
- erlang:iolist_to_binary([integer_to_list(Bits), " ", integer_to_list(E), " ", integer_to_list(N),
+ iolist_to_binary([integer_to_list(Bits), " ", integer_to_list(E), " ", integer_to_list(N),
line_end(Comment)]);
openssh_ssh1_auth_keys_encode(Options, Bits,
#'RSAPublicKey'{modulus = N, publicExponent = E},
Comment) ->
- erlang:iolist_to_binary([comma_list_encode(Options, []), " ", integer_to_list(Bits),
+ iolist_to_binary([comma_list_encode(Options, []), " ", integer_to_list(Bits),
" ", integer_to_list(E), " ", integer_to_list(N), line_end(Comment)]).
openssh_ssh2_know_hosts_encode(Hostnames, Key, Comment) ->
- erlang:iolist_to_binary([comma_list_encode(Hostnames, []), " ",
+ iolist_to_binary([comma_list_encode(Hostnames, []), " ",
key_type(Key)," ", base64:encode(ssh2_pubkey_encode(Key)), line_end(Comment)]).
openssh_ssh1_known_hosts_encode(Hostnames, Bits,
- #'RSAPublicKey'{modulus = N, publicExponent = E},
- Comment) ->
- erlang:iolist_to_binary([comma_list_encode(Hostnames, [])," ", integer_to_list(Bits)," ",
+ #'RSAPublicKey'{modulus = N, publicExponent = E},
+ Comment) ->
+ iolist_to_binary([comma_list_encode(Hostnames, [])," ", integer_to_list(Bits)," ",
integer_to_list(E)," ", integer_to_list(N), line_end(Comment)]).
line_end("") ->
@@ -411,24 +380,6 @@ ssh2_pubkey_encode({Y, #'Dss-Parms'{p = P, q = Q, g = G}}) ->
GBin/binary,
YBin/binary>>.
-mend_split([Part1, Part2 | Rest] = List, Acc) ->
- case option_end(Part1, Part2) of
- true ->
- lists:reverse(Acc) ++ List;
- false ->
- case length(binary:matches(Part1, <<"\"">>)) of
- N when N rem 2 == 0 ->
- mend_split(Rest, [Part1 | Acc]);
- _ ->
- mend_split([<<Part1/binary, Part2/binary>> | Rest], Acc)
- end
- end.
-
-option_end(Part1, Part2) ->
- (is_key_field(Part1) orelse is_bits_field(Part1))
- orelse
- (is_key_field(Part2) orelse is_bits_field(Part2)).
-
is_key_field(<<"ssh-dss">>) ->
true;
is_key_field(<<"ssh-rsa">>) ->
@@ -456,3 +407,72 @@ split_lines(<<Text:?ENCODED_LINE_LENGTH/binary, Rest/binary>>) ->
[Text, $\n | split_lines(Rest)];
split_lines(Bin) ->
[Bin].
+
+decode_auth_keys(Line) ->
+ [First, Rest] = binary:split(Line, <<" ">>, []),
+ case is_key_field(First) of
+ true ->
+ {ssh2, decode_auth_keys_ssh2(First, Rest)};
+ false ->
+ case is_bits_field(First) of
+ true ->
+ {ssh1, decode_auth_keys_ssh1(First, Rest)};
+ false ->
+ decode_auth_keys(First, Rest)
+ end
+ end.
+
+decode_auth_keys(First, Line) ->
+ [Second, Rest] = binary:split(Line, <<" ">>, []),
+ case is_key_field(Second) of
+ true ->
+ {ssh2, decode_auth_keys_ssh2(First, Second, Rest)};
+ false ->
+ case is_bits_field(Second) of
+ true ->
+ {ssh1, decode_auth_keys_ssh1(First, Second, Rest)};
+ false ->
+ decode_auth_keys(<<First/binary, Second/binary>>, Rest)
+ end
+ end.
+
+decode_auth_keys_ssh2(KeyType, Rest) ->
+ {no_options, [KeyType | split_n(1, Rest, [])]}.
+
+decode_auth_keys_ssh2(Options, Next, Rest) ->
+ {options, [Options, Next | split_n(1, Rest, [])]}.
+
+decode_auth_keys_ssh1(Options, Next, Rest) ->
+ {options, [Options, Next | split_n(2, Rest, [])]}.
+
+decode_auth_keys_ssh1(First, Rest) ->
+ {no_options, [First | split_n(2, Rest, [])]}.
+
+decode_known_hosts(Line) ->
+ [First, Rest] = binary:split(Line, <<" ">>, []),
+ [Second, Rest1] = binary:split(Rest, <<" ">>, []),
+
+ case is_bits_field(Second) of
+ true ->
+ {ssh1, decode_known_hosts_ssh1(First, Second, Rest1)};
+ false ->
+ {ssh2, decode_known_hosts_ssh2(First, Second, Rest1)}
+ end.
+
+decode_known_hosts_ssh1(Hostnames, Bits, Rest) ->
+ [Hostnames, Bits | split_n(2, Rest, [])].
+
+decode_known_hosts_ssh2(Hostnames, KeyType, Rest) ->
+ [Hostnames, KeyType | split_n(1, Rest, [])].
+
+split_n(0, <<>>, Acc) ->
+ lists:reverse(Acc);
+split_n(0, Bin, Acc) ->
+ lists:reverse([Bin | Acc]);
+split_n(N, Bin, Acc) ->
+ case binary:split(Bin, <<" ">>, []) of
+ [First, Rest] ->
+ split_n(N-1, Rest, [First | Acc]);
+ [Last] ->
+ split_n(0, <<>>, [Last | Acc])
+ end.