Git-Mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2024-10-01 01:26:01 -04:00
Code Issues Packages Projects Releases Wiki Activity

SSH Agent: Store raw key data as complete blobs

Browse Source 
This is a prerequisite for security key backed keys.
This commit is contained in:
Toni Spets 2021-02-21 11:22:12 +02:00 committed by Jonathan White
parent 17d51b558e
commit 6ded326de7
3 changed files with 45 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
src/sshagent/ASN1Key.cpp
View File

@ -109,18 +109,20 @@ bool ASN1Key::parseDSA(QByteArray& ba, OpenSSHKey& key)
readInt(stream, y);
readInt(stream, x);
QList<QByteArray> publicData;
publicData.append(p);
publicData.append(q);
publicData.append(g);
publicData.append(y);
QByteArray publicData;
BinaryStream publicDataStream(&publicData);
publicDataStream.writeString(p);
publicDataStream.writeString(q);
publicDataStream.writeString(g);
publicDataStream.writeString(y);
QList<QByteArray> privateData;
privateData.append(p);
privateData.append(q);
privateData.append(g);
privateData.append(y);
privateData.append(x);
QByteArray privateData;
BinaryStream privateDataStream(&privateData);
privateDataStream.writeString(p);
privateDataStream.writeString(q);
privateDataStream.writeString(g);
privateDataStream.writeString(y);
privateDataStream.writeString(x);
key.setType("ssh-dss");
key.setPublicData(publicData);
@ -148,17 +150,19 @@ bool ASN1Key::parseRSA(QByteArray& ba, OpenSSHKey& key)
readInt(stream, qinv);
// Note: To properly calculate the key fingerprint, e and n are reversed per RFC 4253
QList<QByteArray> publicData;
publicData.append(e);
publicData.append(n);
QByteArray publicData;
BinaryStream publicDataStream(&publicData);
publicDataStream.writeString(e);
publicDataStream.writeString(n);
QList<QByteArray> privateData;
privateData.append(n);
privateData.append(e);
privateData.append(d);
privateData.append(qinv);
privateData.append(p);
privateData.append(q);
QByteArray privateData;
BinaryStream privateDataStream(&privateData);
privateDataStream.writeString(n);
privateDataStream.writeString(e);
privateDataStream.writeString(d);
privateDataStream.writeString(qinv);
privateDataStream.writeString(p);
privateDataStream.writeString(q);
key.setType("ssh-rsa");
key.setPublicData(publicData);

40
src/sshagent/OpenSSHKey.cpp
View File

@ -39,8 +39,8 @@ OpenSSHKey::OpenSSHKey(QObject* parent)
, m_kdfOptions(QByteArray())
, m_rawType(QString())
, m_rawData(QByteArray())
, m_rawPublicData(QList<QByteArray>())
, m_rawPrivateData(QList<QByteArray>())
, m_rawPublicData(QByteArray())
, m_rawPrivateData(QByteArray())
, m_comment(QString())
, m_error(QString())
{
@ -87,10 +87,7 @@ const QString OpenSSHKey::fingerprint(QCryptographicHash::Algorithm algo) const
BinaryStream stream(&publicKey);
stream.writeString(m_type);
for (const QByteArray& ba : m_rawPublicData) {
stream.writeString(ba);
}
stream.write(m_rawPublicData);
QByteArray rawHash = QCryptographicHash::hash(publicKey, algo);
@ -123,10 +120,7 @@ const QString OpenSSHKey::publicKey() const
BinaryStream stream(&publicKey);
stream.writeString(m_type);
for (QByteArray ba : m_rawPublicData) {
stream.writeString(ba);
}
stream.write(m_rawPublicData);
return m_type + " " + QString::fromLatin1(publicKey.toBase64()) + " " + m_comment;
}
@ -141,12 +135,12 @@ void OpenSSHKey::setType(const QString& type)
m_type = type;
}
void OpenSSHKey::setPublicData(const QList<QByteArray>& data)
void OpenSSHKey::setPublicData(const QByteArray& data)
{
m_rawPublicData = data;
}
void OpenSSHKey::setPrivateData(const QList<QByteArray>& data)
void OpenSSHKey::setPrivateData(const QByteArray& data)
{
m_rawPrivateData = data;
}
@ -437,6 +431,7 @@ bool OpenSSHKey::openKey(const QString& passphrase)
bool OpenSSHKey::readPublic(BinaryStream& stream)
{
m_rawPublicData.clear();
BinaryStream rawPublicDataStream(&m_rawPublicData);
if (!stream.readString(m_type)) {
m_error = tr("Unexpected EOF while reading public key");
@ -465,7 +460,7 @@ bool OpenSSHKey::readPublic(BinaryStream& stream)
return false;
}
m_rawPublicData.append(t);
rawPublicDataStream.writeString(t);
}
return true;
@ -474,6 +469,7 @@ bool OpenSSHKey::readPublic(BinaryStream& stream)
bool OpenSSHKey::readPrivate(BinaryStream& stream)
{
m_rawPrivateData.clear();
BinaryStream rawPrivateDataStream(&m_rawPrivateData);
if (!stream.readString(m_type)) {
m_error = tr("Unexpected EOF while reading private key");
@ -502,7 +498,7 @@ bool OpenSSHKey::readPrivate(BinaryStream& stream)
return false;
}
m_rawPrivateData.append(t);
rawPrivateDataStream.writeString(t);
}
if (!stream.readString(m_comment)) {
@ -525,11 +521,9 @@ bool OpenSSHKey::writePublic(BinaryStream& stream)
return false;
}
for (QByteArray t : m_rawPublicData) {
if (!stream.writeString(t)) {
m_error = tr("Unexpected EOF when writing public key");
return false;
}
if (!stream.write(m_rawPublicData)) {
m_error = tr("Unexpected EOF when writing public key");
return false;
}
return true;
@ -547,11 +541,9 @@ bool OpenSSHKey::writePrivate(BinaryStream& stream)
return false;
}
for (QByteArray t : m_rawPrivateData) {
if (!stream.writeString(t)) {
m_error = tr("Unexpected EOF when writing private key");
return false;
}
if (!stream.write(m_rawPrivateData)) {
m_error = tr("Unexpected EOF when writing private key");
return false;
}
if (!stream.writeString(m_comment)) {

8
src/sshagent/OpenSSHKey.h
View File

@ -44,8 +44,8 @@ public:
const QString errorString() const;
void setType(const QString& type);
void setPublicData(const QList<QByteArray>& data);
void setPrivateData(const QList<QByteArray>& data);
void setPublicData(const QByteArray& data);
void setPrivateData(const QByteArray& data);
void setComment(const QString& comment);
void clearPrivate();
@ -70,8 +70,8 @@ private:
QString m_rawType;
QByteArray m_rawData;
QList<QByteArray> m_rawPublicData;
QList<QByteArray> m_rawPrivateData;
QByteArray m_rawPublicData;
QByteArray m_rawPrivateData;
QString m_comment;
QString m_error;
};