WIP

ejohnstown · Oct 2, 2023 · bc55c88 · bc55c88
1 parent 741d06e
commit bc55c88
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 50 deletions.
diff --git a/src/internal.c b/src/internal.c
@@ -13327,39 +13327,71 @@ int SendChannelSuccess(WOLFSSH* ssh, word32 channelId, int success)
 }
 
 
-static int DecodeRsaKey(RsaKey* key,
-        const byte* n, word32 nSz, const byte* e, word32 eSz,
-        const byte* d, word32 dSz, const byte* p, word32 pSz,
-        const byte* q, word32 qSz, const byte* iqmp, word32 iqmpSz)
-{
-    mp_read_unsigned_bin(&key->n, n, nSz);
-    mp_read_unsigned_bin(&key->e, e, eSz);
-    mp_read_unsigned_bin(&key->d, d, dSz);
-    mp_read_unsigned_bin(&key->p, p, pSz);
-    mp_read_unsigned_bin(&key->q, q, qSz);
-    mp_read_unsigned_bin(&key->u, iqmp, iqmpSz);
+typedef struct wolfSSH_KEY {
+    byte keyId;
+    byte* pubKey;
+    word32 pubKeySz;
+    union {
+        RsaKey rsa;
+        ecc_key ecc;
+    } key;
+} wolfSSH_KEY;
+
+
+static int GetRsaKey(RsaKey* key, const byte* buf, word32 len, word32* idx)
+{
+    const byte* val;
+    word32 valSz;
+
+    GetStringRef(&valSz, &val, buf, len, idx); /* n */
+    mp_read_unsigned_bin(&key->n, val, valSz);
+    GetStringRef(&valSz, &val, buf, len, idx); /* e */
+    mp_read_unsigned_bin(&key->e, val, valSz);
+    GetStringRef(&valSz, &val, buf, len, idx); /* d */
+    mp_read_unsigned_bin(&key->d, val, valSz);
+    GetStringRef(&valSz, &val, buf, len, idx); /* iqmp */
+    mp_read_unsigned_bin(&key->u, val, valSz);
+    GetStringRef(&valSz, &val, buf, len, idx); /* p */
+    mp_read_unsigned_bin(&key->p, val, valSz);
+    GetStringRef(&valSz, &val, buf, len, idx); /* q */
+    mp_read_unsigned_bin(&key->q, val, valSz);
+
+    return 0;
+}
+
+
+static int GetEccKey(ecc_key* key, const byte* buf, word32 len, word32* idx)
+{
+    const byte* val;
+    word32 valSz;
+    WOLFSSH_UNUSED(key);
+
+    GetStringRef(&valSz, &val, buf, len, idx); /* curve name */
+    GetStringRef(&valSz, &val, buf, len, idx); /* Q */
+    GetStringRef(&valSz, &val, buf, len, idx); /* d */
 
     return 0;
 }
 
 
 static const char* AuthMagic = "openssh-key-v1";
 
-int DecodeOpenSshKey(byte* key, word32 keySz)
+int GetOpenSSHKey(byte* buf, word32 len, word32* idx)
 {
+    wolfSSH_KEY key;
     const byte* str;
     int ret = WS_SUCCESS;
-    word32 len, idx = 0, keyCount, i, strSz;
+    word32 keyCount, i, strSz;
 
-    if (strcmp(AuthMagic, (const char*)key) != 0) {
+    if (strcmp(AuthMagic, (const char*)buf) != 0) {
         ret = -1;
     }
-    len = (word32)strlen(AuthMagic);
-    idx = len + 1;
+    strSz = (word32)strlen(AuthMagic);
+    *idx += strSz + 1;
 
-    GetStringRef(&strSz, &str, key, keySz, &idx); /* ciphername */
-    GetStringRef(&strSz, &str, key, keySz, &idx); /* kdfname */
-    GetStringRef(&strSz, &str, key, keySz, &idx); /* kdfoptions */
+    GetStringRef(&strSz, &str, buf, len, idx); /* ciphername */
+    GetStringRef(&strSz, &str, buf, len, idx); /* kdfname */
+    GetStringRef(&strSz, &str, buf, len, idx); /* kdfoptions */
 
     if (strSz > 0) {
         const byte* subStr;
@@ -13369,53 +13401,38 @@ int DecodeOpenSshKey(byte* key, word32 keySz)
         GetUint32(&i, str, strSz, &subIdx); /* rounds */
     }
 
-    GetUint32(&keyCount, key, keySz, &idx); /* key count */
+    GetUint32(&keyCount, buf, len, idx); /* key count */
 
     for (i = 0; i < keyCount; i++) {
-        GetStringRef(&strSz, &str, key, keySz, &idx); /* public key */
+        GetStringRef(&strSz, &str, buf, len, idx); /* public buf */
     }
 
-    GetStringRef(&strSz, &str, key, keySz, &idx); /* list of private keys */
+    GetStringRef(&strSz, &str, buf, len, idx); /* list of private keys */
 
     if (strSz > 0) {
         const byte* subStr;
         word32 subStrSz, subIdx = 0, check1 = 0, check2 = ~0;
-        byte keyId;
 
         idx = 0;
         GetUint32(&check1, str, strSz, &subIdx); /* checkint 1 */
         GetUint32(&check2, str, strSz, &subIdx); /* checkint 2 */
         if (check1 == check2) {
             for (i = 0; i < keyCount; i++) {
-                GetStringRef(&subStrSz, &subStr, str, strSz, &subIdx); /* private str */
-                keyId = NameToId((const char*)subStr, subStrSz);
-                switch (keyId) {
+                GetStringRef(&subStrSz, &subStr, str, strSz, &subIdx);
+                key.keyId = NameToId((const char*)subStr, subStrSz);
+                switch (key.keyId) {
                     case ID_SSH_RSA:
-                        {
-                            RsaKey rsa;
-                            const byte *n, *e, *d, *p, *q, *iqmp;
-                            word32 nSz, eSz, dSz, pSz, qSz, iqmpSz;
-
-                            printf("RSA\n");
-                            GetStringRef(&nSz, &n, str, strSz, &subIdx); /* n */
-                            GetStringRef(&eSz, &e, str, strSz, &subIdx); /* e */
-                            GetStringRef(&dSz, &d, str, strSz, &subIdx); /* d */
-                            GetStringRef(&iqmpSz, &iqmp, str, strSz, &subIdx); /* iqmp */
-                            GetStringRef(&pSz, &p, str, strSz, &subIdx); /* p */
-                            GetStringRef(&qSz, &q, str, strSz, &subIdx); /* q */
-                            wc_InitRsaKey(&rsa, NULL);
-                            DecodeRsaKey(&rsa, n, nSz, e, eSz, d, dSz, p, pSz, q, qSz, iqmp, iqmpSz);
-                            wc_FreeRsaKey(&rsa);
-                        }
+                        printf("RSA\n");
+                        wc_InitRsaKey(&key.key.rsa, NULL);
+                        GetRsaKey(&key.key.rsa, str, strSz, &subIdx);
+                        wc_FreeRsaKey(&key.key.rsa);
                         break;
 
                     case ID_ECDSA_SHA2_NISTP256:
-                        {
-                            printf("ECDSA\n");
-                            GetStringRef(&subStrSz, &subStr, str, strSz, &subIdx); /* curve name */
-                            GetStringRef(&subStrSz, &subStr, str, strSz, &subIdx); /* Q */
-                            GetStringRef(&subStrSz, &subStr, str, strSz, &subIdx); /* d */
-                        }
+                        printf("ECDSA\n");
+                        wc_ecc_init(&key.key.ecc);
+                        GetEccKey(&key.key.ecc, str, strSz, &subIdx);
+                        wc_ecc_free(&key.key.ecc);
                         break;
 
                     default:

diff --git a/src/ssh.c b/src/ssh.c
@@ -1639,6 +1639,7 @@ static int DoOpenSshKey(const byte* in, word32 inSz, byte** out,
     int ret = WS_SUCCESS;
     byte* newKey = NULL;
     word32 newKeySz = inSz; /* binary will be smaller than PEM */
+    word32 idx = 0;
 
     WOLFSSH_UNUSED(heap);
     (void)outType;
@@ -1664,7 +1665,7 @@ static int DoOpenSshKey(const byte* in, word32 inSz, byte** out,
 
     ret = Base64_Decode((byte*)in, inSz, newKey, &newKeySz);
     if (ret == 0) {
-        ret = DecodeOpenSshKey(newKey, newKeySz);
+        ret = GetOpenSSHKey(newKey, newKeySz, &idx);
     }
 
     return ret;

diff --git a/wolfssh/internal.h b/wolfssh/internal.h
@@ -873,6 +873,7 @@ WOLFSSH_LOCAL int GetStringAlloc(void* heap, char** s,
         const byte* buf, word32 len, word32* idx);
 WOLFSSH_LOCAL int GetStringRef(word32* strSz, const byte **str,
         const byte* buf, word32 len, word32* idx);
+WOLFSSH_LOCAL int GetOpenSSHKey(byte* buf, word32 len, word32* idx);
 
 
 #ifndef WOLFSSH_USER_IO
@@ -936,7 +937,6 @@ WOLFSSH_LOCAL int SendChannelAgentRequest(WOLFSSH* ssh);
 WOLFSSH_LOCAL int SendChannelSuccess(WOLFSSH*, word32, int);
 WOLFSSH_LOCAL int GenerateKey(byte, byte, byte*, word32, const byte*, word32,
                               const byte*, word32, const byte*, word32, byte doKeyPad);
-WOLFSSH_LOCAL int DecodeOpenSshKey(byte* key, word32 keySz);
 
 
 enum AcceptStates {