Git-Mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2025-01-27 23:07:11 -05:00
Code Issues Packages Projects Releases Wiki Activity

SSH Agent: Store raw key data as complete blobs

Browse Source 
This is a prerequisite for security key backed keys.
This commit is contained in:
Toni Spets 2021-02-21 11:22:12 +02:00 committed by Jonathan White
parent 17d51b558e
commit 6ded326de7
3 changed files with 45 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
src/sshagent/ASN1Key.cpp
View File

@ -109,18 +109,20 @@ bool ASN1Key::parseDSA(QByteArray& ba, OpenSSHKey& key)
readInt(stream, y); readInt(stream, y);
readInt(stream, x); readInt(stream, x);
QList<QByteArray> publicData; QByteArray publicData;
publicData.append(p); BinaryStream publicDataStream(&publicData);
publicData.append(q); publicDataStream.writeString(p);
publicData.append(g); publicDataStream.writeString(q);
publicData.append(y); publicDataStream.writeString(g);
publicDataStream.writeString(y);
QList<QByteArray> privateData; QByteArray privateData;
privateData.append(p); BinaryStream privateDataStream(&privateData);
privateData.append(q); privateDataStream.writeString(p);
privateData.append(g); privateDataStream.writeString(q);
privateData.append(y); privateDataStream.writeString(g);
privateData.append(x); privateDataStream.writeString(y);
privateDataStream.writeString(x);
key.setType("ssh-dss"); key.setType("ssh-dss");
key.setPublicData(publicData); key.setPublicData(publicData);
@ -148,17 +150,19 @@ bool ASN1Key::parseRSA(QByteArray& ba, OpenSSHKey& key)
readInt(stream, qinv); readInt(stream, qinv);
// Note: To properly calculate the key fingerprint, e and n are reversed per RFC 4253 // Note: To properly calculate the key fingerprint, e and n are reversed per RFC 4253
QList<QByteArray> publicData; QByteArray publicData;
publicData.append(e); BinaryStream publicDataStream(&publicData);
publicData.append(n); publicDataStream.writeString(e);
publicDataStream.writeString(n);
QList<QByteArray> privateData; QByteArray privateData;
privateData.append(n); BinaryStream privateDataStream(&privateData);
privateData.append(e); privateDataStream.writeString(n);
privateData.append(d); privateDataStream.writeString(e);
privateData.append(qinv); privateDataStream.writeString(d);
privateData.append(p); privateDataStream.writeString(qinv);
privateData.append(q); privateDataStream.writeString(p);
privateDataStream.writeString(q);
key.setType("ssh-rsa"); key.setType("ssh-rsa");
key.setPublicData(publicData); key.setPublicData(publicData);

40
src/sshagent/OpenSSHKey.cpp
View File

@ -39,8 +39,8 @@ OpenSSHKey::OpenSSHKey(QObject* parent)
, m_kdfOptions(QByteArray()) , m_kdfOptions(QByteArray())
, m_rawType(QString()) , m_rawType(QString())
, m_rawData(QByteArray()) , m_rawData(QByteArray())
, m_rawPublicData(QList<QByteArray>()) , m_rawPublicData(QByteArray())
, m_rawPrivateData(QList<QByteArray>()) , m_rawPrivateData(QByteArray())
, m_comment(QString()) , m_comment(QString())
, m_error(QString()) , m_error(QString())
{ {
@ -87,10 +87,7 @@ const QString OpenSSHKey::fingerprint(QCryptographicHash::Algorithm algo) const
BinaryStream stream(&publicKey); BinaryStream stream(&publicKey);
stream.writeString(m_type); stream.writeString(m_type);
stream.write(m_rawPublicData);
for (const QByteArray& ba : m_rawPublicData) {
stream.writeString(ba);
}
QByteArray rawHash = QCryptographicHash::hash(publicKey, algo); QByteArray rawHash = QCryptographicHash::hash(publicKey, algo);
@ -123,10 +120,7 @@ const QString OpenSSHKey::publicKey() const
BinaryStream stream(&publicKey); BinaryStream stream(&publicKey);
stream.writeString(m_type); stream.writeString(m_type);
stream.write(m_rawPublicData);
for (QByteArray ba : m_rawPublicData) {
stream.writeString(ba);
}
return m_type + " " + QString::fromLatin1(publicKey.toBase64()) + " " + m_comment; return m_type + " " + QString::fromLatin1(publicKey.toBase64()) + " " + m_comment;
} }
@ -141,12 +135,12 @@ void OpenSSHKey::setType(const QString& type)
m_type = type; m_type = type;
} }
void OpenSSHKey::setPublicData(const QList<QByteArray>& data) void OpenSSHKey::setPublicData(const QByteArray& data)
{ {
m_rawPublicData = data; m_rawPublicData = data;
} }
void OpenSSHKey::setPrivateData(const QList<QByteArray>& data) void OpenSSHKey::setPrivateData(const QByteArray& data)
{ {
m_rawPrivateData = data; m_rawPrivateData = data;
} }
@ -437,6 +431,7 @@ bool OpenSSHKey::openKey(const QString& passphrase)
bool OpenSSHKey::readPublic(BinaryStream& stream) bool OpenSSHKey::readPublic(BinaryStream& stream)
{ {
m_rawPublicData.clear(); m_rawPublicData.clear();
BinaryStream rawPublicDataStream(&m_rawPublicData);
if (!stream.readString(m_type)) { if (!stream.readString(m_type)) {
m_error = tr("Unexpected EOF while reading public key"); m_error = tr("Unexpected EOF while reading public key");
@ -465,7 +460,7 @@ bool OpenSSHKey::readPublic(BinaryStream& stream)
return false; return false;
} }
m_rawPublicData.append(t); rawPublicDataStream.writeString(t);
} }
return true; return true;
@ -474,6 +469,7 @@ bool OpenSSHKey::readPublic(BinaryStream& stream)
bool OpenSSHKey::readPrivate(BinaryStream& stream) bool OpenSSHKey::readPrivate(BinaryStream& stream)
{ {
m_rawPrivateData.clear(); m_rawPrivateData.clear();
BinaryStream rawPrivateDataStream(&m_rawPrivateData);
if (!stream.readString(m_type)) { if (!stream.readString(m_type)) {
m_error = tr("Unexpected EOF while reading private key"); m_error = tr("Unexpected EOF while reading private key");
@ -502,7 +498,7 @@ bool OpenSSHKey::readPrivate(BinaryStream& stream)
return false; return false;
} }
m_rawPrivateData.append(t); rawPrivateDataStream.writeString(t);
} }
if (!stream.readString(m_comment)) { if (!stream.readString(m_comment)) {
@ -525,11 +521,9 @@ bool OpenSSHKey::writePublic(BinaryStream& stream)
return false; return false;
} }
for (QByteArray t : m_rawPublicData) { if (!stream.write(m_rawPublicData)) {
if (!stream.writeString(t)) { m_error = tr("Unexpected EOF when writing public key");
m_error = tr("Unexpected EOF when writing public key"); return false;
return false;
}
} }
return true; return true;
@ -547,11 +541,9 @@ bool OpenSSHKey::writePrivate(BinaryStream& stream)
return false; return false;
} }
for (QByteArray t : m_rawPrivateData) { if (!stream.write(m_rawPrivateData)) {
if (!stream.writeString(t)) { m_error = tr("Unexpected EOF when writing private key");
m_error = tr("Unexpected EOF when writing private key"); return false;
return false;
}
} }
if (!stream.writeString(m_comment)) { if (!stream.writeString(m_comment)) {

8
src/sshagent/OpenSSHKey.h
View File

@ -44,8 +44,8 @@ public:
const QString errorString() const; const QString errorString() const;
void setType(const QString& type); void setType(const QString& type);
void setPublicData(const QList<QByteArray>& data); void setPublicData(const QByteArray& data);
void setPrivateData(const QList<QByteArray>& data); void setPrivateData(const QByteArray& data);
void setComment(const QString& comment); void setComment(const QString& comment);
void clearPrivate(); void clearPrivate();
@ -70,8 +70,8 @@ private:
QString m_rawType; QString m_rawType;
QByteArray m_rawData; QByteArray m_rawData;
QList<QByteArray> m_rawPublicData; QByteArray m_rawPublicData;
QList<QByteArray> m_rawPrivateData; QByteArray m_rawPrivateData;
QString m_comment; QString m_comment;
QString m_error; QString m_error;
}; };