diff --git a/examples/client/common.c b/examples/client/common.c index 07c4359c..ae5cfd5f 100644 --- a/examples/client/common.c +++ b/examples/client/common.c @@ -60,7 +60,7 @@ static byte userPrivateKeyBuf[1191]; /* Size equal to hanselPrivateRsaSz. */ static byte* userPrivateKey = userPrivateKeyBuf; static word32 userPublicKeyTypeSz = 0; static byte userPrivateKeyAlloc = 0; -static word32 userPrivateKeySz = sizeof(userPrivateKeyBuf); +static word32 userPrivateKeySz = 0; static word32 userPrivateKeyTypeSz = 0; static byte isPrivate = 0; @@ -942,6 +942,7 @@ int ClientSetPrivateKey(const char* privKeyName, int userEcc, void* heap) if (privKeyName == NULL) { if (userEcc) { #ifndef WOLFSSH_NO_ECC + userPrivateKeySz = sizeof(userPrivateKeyBuf); ret = wolfSSH_ReadKey_buffer(hanselPrivateEcc, hanselPrivateEccSz, WOLFSSH_FORMAT_ASN1, &userPrivateKey, &userPrivateKeySz, &userPrivateKeyType, &userPrivateKeyTypeSz, heap); @@ -949,6 +950,7 @@ int ClientSetPrivateKey(const char* privKeyName, int userEcc, void* heap) } else { #ifndef WOLFSSH_NO_RSA + userPrivateKeySz = sizeof(userPrivateKeyBuf); ret = wolfSSH_ReadKey_buffer(hanselPrivateRsa, hanselPrivateRsaSz, WOLFSSH_FORMAT_ASN1, &userPrivateKey, &userPrivateKeySz, &userPrivateKeyType, &userPrivateKeyTypeSz, heap); @@ -973,6 +975,7 @@ int ClientSetPrivateKey(const char* privKeyName, int userEcc, void* heap) #elif !defined(NO_FILESYSTEM) userPrivateKey = NULL; /* create new buffer based on parsed input */ userPrivateKeyAlloc = 1; + userPrivateKeySz = sizeof(userPrivateKeyBuf); ret = wolfSSH_ReadKey_file(privKeyName, (byte**)&userPrivateKey, &userPrivateKeySz, (const byte**)&userPrivateKeyType, &userPrivateKeyTypeSz, diff --git a/src/internal.c b/src/internal.c index 25c2c91a..25443849 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1544,6 +1544,92 @@ static int GetOpenSshKeyEd25519(ed25519_key* key, return ret; } #endif + +#ifndef WOLFSSH_NO_ECDSA +static int GetOpenSshPublicKeyEcc(ecc_key* key, const byte* buf, word32 len, + word32* idx) +{ + int ret = WS_CRYPTO_FAILED; + (void)key; + (void)buf; + (void)len; + (void)idx; + /* TODO: Add ECC public key: See DoUserAuthRequestEcc and wc_ecc_import_x963 */ + return ret; +} +#endif +#ifndef WOLFSSH_NO_ED25519 +static int GetOpenSshKeyPublicEd25519(ed25519_key* key, const byte* buf, + word32 len, word32* idx) +{ + int ret = WS_CRYPTO_FAILED; + (void)key; + (void)buf; + (void)len; + (void)idx; + /* TODO: Add ECC public key: See DoUserAuthRequestEd25519 and wc_ed25519_import_public */ + return ret; +} +#endif +#ifndef WOLFSSH_NO_RSA +static int GetOpenSshPublicKeyRsa(RsaKey* key, const byte* buf, word32 len, + word32* idx) +{ + int ret; + const byte *n = NULL, *e = NULL; + word32 nSz = 0, eSz = 0; + + ret = GetMpint(&eSz, &e, buf, len, idx); + if (ret == WS_SUCCESS) { + ret = GetMpint(&nSz, &n, buf, len, idx); + } + if (ret == WS_SUCCESS) { + ret = wc_RsaPublicKeyDecodeRaw(n, nSz, e, eSz, key); + if (ret != 0) { + WLOG(WS_LOG_DEBUG, "Could not decode RSA public key"); + ret = WS_CRYPTO_FAILED; + } + } + return ret; +} +#endif + +static int GetOpenSshPublicKey(WS_KeySignature *key, + const byte* buf, word32 len, word32* idx) +{ + int ret = WS_SUCCESS; + const byte* publicKeyType; + word32 publicKeyTypeSz = 0; + byte keyId; + + ret = GetStringRef(&publicKeyTypeSz, &publicKeyType, buf, len, idx); + keyId = NameToId((const char*)publicKeyType, publicKeyTypeSz); + + switch (keyId) { + #ifndef WOLFSSH_NO_RSA + case ID_SSH_RSA: + ret = GetOpenSshPublicKeyRsa(&key->ks.rsa.key, buf, len, idx); + break; + #endif + #ifndef WOLFSSH_NO_ECDSA + case ID_ECDSA_SHA2_NISTP256: + case ID_ECDSA_SHA2_NISTP384: + case ID_ECDSA_SHA2_NISTP521: + ret = GetOpenSshPublicKeyEcc(&key->ks.ecc.key, buf, len, idx); + break; + #endif + #ifndef WOLFSSH_NO_ED25519 + case ID_ED25519: + ret = GetOpenSshKeyPublicEd25519(&key->ks.ed25519.key, buf, len, idx); + break; + #endif + default: + ret = WS_UNIMPLEMENTED_E; + break; + } + return ret; +} + /* * Decodes an OpenSSH format key. */ @@ -12696,24 +12782,18 @@ static int PrepareUserAuthRequestRsa(WOLFSSH* ssh, word32* payloadSz, ret = wc_RsaPublicKeyDecode(authData->sf.publicKey.publicKey, &idx, &keySig->ks.rsa.key, authData->sf.publicKey.publicKeySz); - } else + } + else #endif /* WOLFSSH_AGENT */ #ifdef WOLFSSH_TPM - { - #if 0 - ret = wc_RsaPublicKeyDecode(authData->sf.publicKey.publicKey, - &idx, &keySig->ks.rsa.key, - authData->sf.publicKey.publicKeySz); - #else - int sigSz = 256; - *payloadSz += (LENGTH_SZ * 3) + (word32)sigSz + - authData->sf.publicKey.publicKeyTypeSz; - keySig->sigSz = sigSz; - (void)idx; - return 0; - #endif + if (authData->sf.publicKey.privateKey == NULL || + authData->sf.publicKey.privateKeySz == 0) { + ret = GetOpenSshPublicKey(keySig, + authData->sf.publicKey.publicKey, + authData->sf.publicKey.publicKeySz, &idx); } - #else /* !WOLFSSH_TPM */ + else + #endif { ret = wc_RsaPrivateKeyDecode(authData->sf.publicKey.privateKey, &idx, &keySig->ks.rsa.key, @@ -12725,7 +12805,6 @@ static int PrepareUserAuthRequestRsa(WOLFSSH* ssh, word32* payloadSz, authData->sf.publicKey.privateKeySz, &idx); } } - #endif /* WOLFSSH_TPM */ } if (ret == WS_SUCCESS) {