2013-10-05 15:08:04 +05:30
|
|
|
/*
|
|
|
|
* An implementation of convertion from OpenSSL to OpenSSH public key format
|
|
|
|
*
|
|
|
|
* Copyright (c) 2008 Mounir IDRASSI <mounir.idrassi@idrix.fr>. All rights reserved.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
|
|
* or FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
*/
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <assert.h>
|
|
|
|
|
|
|
|
#include <openssl/bio.h>
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
#include <openssl/pem.h>
|
|
|
|
#include <openssl/err.h>
|
|
|
|
|
|
|
|
#include "xbps_api_impl.h"
|
|
|
|
|
|
|
|
static unsigned char pSshHeader[11] = {
|
|
|
|
0x00, 0x00, 0x00, 0x07, 0x73, 0x73, 0x68, 0x2D, 0x72, 0x73, 0x61
|
|
|
|
};
|
|
|
|
|
2013-11-08 16:58:01 +05:30
|
|
|
static int
|
|
|
|
SshEncodeBuffer(unsigned char *pEncoding, int bufferLen, unsigned char *pBuffer)
|
2013-10-05 15:08:04 +05:30
|
|
|
{
|
|
|
|
int adjustedLen = bufferLen, index;
|
|
|
|
|
|
|
|
if (*pBuffer & 0x80) {
|
|
|
|
adjustedLen++;
|
|
|
|
pEncoding[4] = 0;
|
|
|
|
index = 5;
|
|
|
|
} else {
|
|
|
|
index = 4;
|
|
|
|
}
|
|
|
|
pEncoding[0] = (unsigned char) (adjustedLen >> 24);
|
|
|
|
pEncoding[1] = (unsigned char) (adjustedLen >> 16);
|
|
|
|
pEncoding[2] = (unsigned char) (adjustedLen >> 8);
|
|
|
|
pEncoding[3] = (unsigned char) (adjustedLen );
|
|
|
|
memcpy(&pEncoding[index], pBuffer, bufferLen);
|
|
|
|
return index + bufferLen;
|
|
|
|
}
|
|
|
|
|
2013-11-18 20:35:46 +05:30
|
|
|
static char *
|
|
|
|
fp2str(unsigned const char *fp, unsigned int len)
|
|
|
|
{
|
|
|
|
unsigned int i, c = 0;
|
|
|
|
char res[48], cur[4];
|
|
|
|
|
|
|
|
for (i = 0; i < len; i++) {
|
|
|
|
if (i > 0)
|
|
|
|
c = i*3;
|
|
|
|
sprintf(cur, "%02x", fp[i]);
|
|
|
|
res[c] = cur[0];
|
|
|
|
res[c+1] = cur[1];
|
|
|
|
res[c+2] = ':';
|
|
|
|
}
|
|
|
|
res[c+2] = '\0';
|
|
|
|
|
|
|
|
return strdup(res);
|
|
|
|
}
|
|
|
|
|
|
|
|
char *
|
2013-10-05 15:08:04 +05:30
|
|
|
xbps_pubkey2fp(struct xbps_handle *xhp, xbps_data_t pubkey)
|
|
|
|
{
|
|
|
|
EVP_MD_CTX mdctx;
|
|
|
|
EVP_PKEY *pPubKey = NULL;
|
|
|
|
RSA *pRsa = NULL;
|
|
|
|
BIO *bio = NULL;
|
|
|
|
const void *pubkeydata;
|
2013-11-18 20:35:46 +05:30
|
|
|
unsigned char md_value[EVP_MAX_MD_SIZE];
|
2013-10-05 15:08:04 +05:30
|
|
|
unsigned char *nBytes = NULL, *eBytes = NULL, *pEncoding = NULL;
|
|
|
|
unsigned int md_len = 0;
|
2013-11-18 20:35:46 +05:30
|
|
|
char *hexfpstr = NULL;
|
2013-10-05 15:08:04 +05:30
|
|
|
int index = 0, nLen = 0, eLen = 0, encodingLength = 0;
|
|
|
|
|
|
|
|
ERR_load_crypto_strings();
|
|
|
|
OpenSSL_add_all_algorithms();
|
|
|
|
|
|
|
|
pubkeydata = xbps_data_data_nocopy(pubkey);
|
|
|
|
bio = BIO_new_mem_buf(__UNCONST(pubkeydata), xbps_data_size(pubkey));
|
|
|
|
assert(bio);
|
|
|
|
|
|
|
|
pPubKey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
|
|
|
|
if (!pPubKey) {
|
|
|
|
xbps_dbg_printf(xhp,
|
|
|
|
"unable to decode public key from the given file: %s\n",
|
|
|
|
ERR_error_string(ERR_get_error(), NULL));
|
2014-10-07 13:04:14 +05:30
|
|
|
goto out;
|
2013-10-05 15:08:04 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
if (EVP_PKEY_type(pPubKey->type) != EVP_PKEY_RSA) {
|
|
|
|
xbps_dbg_printf(xhp, "only RSA public keys are currently supported\n");
|
2014-10-07 13:04:14 +05:30
|
|
|
goto out;
|
2013-10-05 15:08:04 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
pRsa = EVP_PKEY_get1_RSA(pPubKey);
|
|
|
|
if (!pRsa) {
|
|
|
|
xbps_dbg_printf(xhp, "failed to get RSA public key : %s\n",
|
|
|
|
ERR_error_string(ERR_get_error(), NULL));
|
2014-10-07 13:04:14 +05:30
|
|
|
goto out;
|
2013-10-05 15:08:04 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
// reading the modulus
|
|
|
|
nLen = BN_num_bytes(pRsa->n);
|
|
|
|
nBytes = (unsigned char*) malloc(nLen);
|
2014-10-07 13:04:14 +05:30
|
|
|
if (nBytes == NULL)
|
|
|
|
goto out;
|
2013-10-05 15:08:04 +05:30
|
|
|
BN_bn2bin(pRsa->n, nBytes);
|
|
|
|
|
|
|
|
// reading the public exponent
|
|
|
|
eLen = BN_num_bytes(pRsa->e);
|
|
|
|
eBytes = (unsigned char*) malloc(eLen);
|
2014-10-07 13:04:14 +05:30
|
|
|
if (eBytes == NULL)
|
|
|
|
goto out;
|
2013-10-05 15:08:04 +05:30
|
|
|
BN_bn2bin(pRsa->e, eBytes);
|
|
|
|
|
|
|
|
encodingLength = 11 + 4 + eLen + 4 + nLen;
|
|
|
|
// correct depending on the MSB of e and N
|
|
|
|
if (eBytes[0] & 0x80)
|
|
|
|
encodingLength++;
|
|
|
|
if (nBytes[0] & 0x80)
|
|
|
|
encodingLength++;
|
|
|
|
|
|
|
|
pEncoding = malloc(encodingLength);
|
2014-10-06 11:47:53 +05:30
|
|
|
assert(pEncoding);
|
|
|
|
|
2013-10-05 15:08:04 +05:30
|
|
|
memcpy(pEncoding, pSshHeader, 11);
|
|
|
|
|
|
|
|
index = SshEncodeBuffer(&pEncoding[11], eLen, eBytes);
|
2014-04-20 13:32:54 +05:30
|
|
|
(void)SshEncodeBuffer(&pEncoding[11 + index], nLen, nBytes);
|
2013-10-05 15:08:04 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* Compute the RSA fingerprint (MD5).
|
|
|
|
*/
|
|
|
|
EVP_MD_CTX_init(&mdctx);
|
|
|
|
EVP_DigestInit_ex(&mdctx, EVP_md5(), NULL);
|
2013-11-08 13:40:40 +05:30
|
|
|
EVP_DigestUpdate(&mdctx, pEncoding, encodingLength);
|
2013-11-18 20:35:46 +05:30
|
|
|
if (EVP_DigestFinal_ex(&mdctx, md_value, &md_len) == 0)
|
2014-10-07 13:04:14 +05:30
|
|
|
goto out;
|
2013-10-05 15:08:04 +05:30
|
|
|
EVP_MD_CTX_cleanup(&mdctx);
|
2013-11-18 20:35:46 +05:30
|
|
|
/*
|
|
|
|
* Convert result to a compatible OpenSSH hex fingerprint.
|
|
|
|
*/
|
|
|
|
hexfpstr = fp2str(md_value, md_len);
|
2013-10-05 15:08:04 +05:30
|
|
|
|
2014-10-07 13:04:14 +05:30
|
|
|
out:
|
2013-10-05 15:08:04 +05:30
|
|
|
if (bio)
|
|
|
|
BIO_free_all(bio);
|
|
|
|
if (pRsa)
|
|
|
|
RSA_free(pRsa);
|
|
|
|
if (pPubKey)
|
|
|
|
EVP_PKEY_free(pPubKey);
|
|
|
|
if (nBytes)
|
|
|
|
free(nBytes);
|
|
|
|
if (eBytes)
|
|
|
|
free(eBytes);
|
|
|
|
if (pEncoding)
|
|
|
|
free(pEncoding);
|
|
|
|
|
2013-11-18 20:35:46 +05:30
|
|
|
return hexfpstr;
|
2013-10-05 15:08:04 +05:30
|
|
|
}
|