|
public ReadSsh2KeyData ( |
||
| publicKeyParameter | ||
| Результат | ||
public AsymmetricCipherKeyPair ReadSsh2KeyData(
AsymmetricKeyParameter publicKeyParameter)
{
if (publicKeyParameter is RsaKeyParameters) {
var rsaD = new BigInteger(1, ReadBlob());
var rsaIQMP = new BigInteger(1, ReadBlob());
var rsaP = new BigInteger(1, ReadBlob());
var rsaQ = new BigInteger(1, ReadBlob());
/* compute missing parameters */
var rsaDP = rsaD.Remainder(rsaP.Subtract(BigInteger.One));
var rsaDQ = rsaD.Remainder(rsaQ.Subtract(BigInteger.One));
var rsaPublicKeyParams = publicKeyParameter as RsaKeyParameters;
var rsaPrivateKeyParams = new RsaPrivateCrtKeyParameters(
rsaPublicKeyParams.Modulus, rsaPublicKeyParams.Exponent,
rsaD, rsaP, rsaQ, rsaDP, rsaDQ, rsaIQMP);
return new AsymmetricCipherKeyPair(rsaPublicKeyParams, rsaPrivateKeyParams);
} else if (publicKeyParameter is DsaPublicKeyParameters) {
var dsaX = new BigInteger(1, ReadBlob()); // private key
var dsaPublicKeyParams = publicKeyParameter as DsaPublicKeyParameters;
DsaPrivateKeyParameters dsaPrivateKeyParams =
new DsaPrivateKeyParameters(dsaX, dsaPublicKeyParams.Parameters);
return new AsymmetricCipherKeyPair(dsaPublicKeyParams, dsaPrivateKeyParams);
} else if (publicKeyParameter is ECPublicKeyParameters) {
var ecdsaPrivate = new BigInteger(1, ReadBlob());
var ecPublicKeyParams = publicKeyParameter as ECPublicKeyParameters;
ECPrivateKeyParameters ecPrivateKeyParams =
new ECPrivateKeyParameters(ecdsaPrivate, ecPublicKeyParams.Parameters);
return new AsymmetricCipherKeyPair(ecPublicKeyParams, ecPrivateKeyParams);
} else if (publicKeyParameter is Ed25519PublicKeyParameter) {
var ed25519Signature = ReadBlob();
var ed25519PrivateKey = new Ed25519PrivateKeyParameter(ed25519Signature);
return new AsymmetricCipherKeyPair(publicKeyParameter, ed25519PrivateKey);
} else {
// unsupported encryption algorithm
throw new Exception("Unsupported algorithm");
}
}
public override object Deserialize(Stream stream)
{
/* check for required parameters */
if (stream == null)
{
throw new ArgumentNullException("stream");
}
try {
var reader = new StreamReader(stream);
var firstLine = reader.ReadLine();
if (firstLine != MARK_BEGIN)
{
throw new KeyFormatterException("Bad file format - does not have expected header.");
}
var base64String = new StringBuilder();
while (true)
{
var line = reader.ReadLine();
if (line == MARK_END)
{
break;
}
base64String.Append(line);
}
/* reading unencrypted part */
BlobParser parser = new BlobParser(Util.FromBase64(base64String.ToString()));
var magicBytes = parser.ReadBytes((uint)AUTH_MAGIC.Length);
if (Encoding.UTF8.GetString(magicBytes) != AUTH_MAGIC)
{
throw new KeyFormatterException("Bad data - missing AUTH_MAGIC.");
}
var ciphername = parser.ReadString();
if (!IsSupportCipher(ciphername))
{
throw new KeyFormatterException("Unsupported cyphername: " + ciphername);
}
var kdfname = parser.ReadString();
if (kdfname != KDFNAME_BCRYPT && kdfname != KDFNAME_NONE)
{
throw new KeyFormatterException("Unsupported kdfname: " + ciphername);
}
if (kdfname == KDFNAME_NONE && ciphername != CIPHERNAME_NONE)
{
throw new KeyFormatterException("Invalid format.");
}
var kdfoptions = parser.ReadBlob();
var keyCount = parser.ReadUInt32();
if (keyCount != 1)
{
throw new KeyFormatterException("Only one key allowed.");
}
var publicKeys = new List <byte[]>();
for (int i = 0; i < keyCount; i++)
{
publicKeys.Add(parser.ReadBlob());
}
var privateKeys = parser.ReadBlob();
var keyAndIV = new byte[32 + 16];
if (kdfname == KDFNAME_BCRYPT)
{
var kdfOptionsParser = new BlobParser(kdfoptions);
var salt = kdfOptionsParser.ReadBlob();
var rounds = kdfOptionsParser.ReadUInt32();
var passphrase = GetPassphraseCallbackMethod(null);
var passphraseChars = new char[passphrase.Length];
var passphrasePtr = Marshal.SecureStringToGlobalAllocUnicode(passphrase);
for (int i = 0; i < passphrase.Length; i++)
{
passphraseChars[i] = (char)Marshal.ReadInt16(passphrasePtr, i * 2);
}
Marshal.ZeroFreeGlobalAllocUnicode(passphrasePtr);
BCrypt.HashUsingOpensshBCryptPbkdf(passphraseChars, salt, ref keyAndIV, rounds);
Array.Clear(passphraseChars, 0, passphraseChars.Length);
}
var key = new byte[32];
Array.Copy(keyAndIV, key, key.Length);
var iv = new byte[16];
Array.Copy(keyAndIV, key.Length, iv, 0, iv.Length);
switch (ciphername)
{
case CIPHERNAME_AES256_CBC:
var aes = Aes.Create();
aes.KeySize = 256;
aes.Mode = CipherMode.CBC;
aes.Padding = PaddingMode.None;
aes.Key = key;
aes.IV = iv;
if (privateKeys.Length < aes.BlockSize / 8 || privateKeys.Length % (aes.BlockSize / 8) != 0)
{
throw new KeyFormatterException("Bad private key encrypted length.");
}
using (ICryptoTransform decryptor = aes.CreateDecryptor()) {
privateKeys = Util.GenericTransform(decryptor, privateKeys);
}
aes.Clear();
break;
case CIPHERNAME_AES256_CTR:
var ctrCipher = CipherUtilities.GetCipher("AES/CTR/NoPadding");
ctrCipher.Init(false, new ParametersWithIV(new KeyParameter(key), iv));
privateKeys = ctrCipher.DoFinal(privateKeys);
break;
}
parser = new BlobParser(privateKeys);
var checkint1 = parser.ReadUInt32();
var checkint2 = parser.ReadUInt32();
if (checkint1 != checkint2)
{
throw new KeyFormatterException("checkint does not match in private key.");
}
var keys = new List <SshKey>();
for (int i = 0; i < keyCount; i++)
{
OpensshCertificate cert;
var publicKey = parser.ReadSsh2PublicKeyData(out cert);
var keyPair = parser.ReadSsh2KeyData(publicKey);
var comment = parser.ReadString();
var sshKey = new SshKey(SshVersion.SSH2, keyPair, comment, cert);
keys.Add(sshKey);
}
return(keys[0]);
} catch (KeyFormatterException) {
throw;
} catch (Exception ex) {
throw new KeyFormatterException("see inner exception", ex);
}
}