Skip to content

Commit

Permalink
Minimize the change
Browse files Browse the repository at this point in the history
  • Loading branch information
scott-xu committed Sep 20, 2024
1 parent 623308f commit 0c3bcae
Show file tree
Hide file tree
Showing 4 changed files with 70 additions and 35 deletions.
86 changes: 67 additions & 19 deletions src/Renci.SshNet/PrivateKeyFile.cs
Original file line number Diff line number Diff line change
Expand Up @@ -314,25 +314,80 @@ private void Open(Stream privateKey, string? passPhrase)
switch (keyName)
{
case "RSA PRIVATE KEY":
_key = new RsaKey(decryptedData);
var rsaKey = new RsaKey(decryptedData);
_key = rsaKey;
_hostAlgorithms.Add(new KeyHostAlgorithm("ssh-rsa", _key));
#pragma warning disable CA2000 // Dispose objects before losing scope
_hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-512", _key, new RsaDigitalSignature(rsaKey, HashAlgorithmName.SHA512)));
_hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-256", _key, new RsaDigitalSignature(rsaKey, HashAlgorithmName.SHA256)));
#pragma warning restore CA2000 // Dispose objects before losing scope
break;
case "DSA PRIVATE KEY":
_key = new DsaKey(decryptedData);
_hostAlgorithms.Add(new KeyHostAlgorithm("ssh-dss", _key));
break;
case "EC PRIVATE KEY":
_key = new EcdsaKey(decryptedData);
_hostAlgorithms.Add(new KeyHostAlgorithm(_key.ToString(), _key));
break;
case "PRIVATE KEY":
var privateKeyInfo = PrivateKeyInfo.GetInstance(binaryData);
_key = ParseOpenSslPkcs8PrivateKey(privateKeyInfo);
if (_key is RsaKey parsedRsaKey)
{
_hostAlgorithms.Add(new KeyHostAlgorithm("ssh-rsa", _key));
#pragma warning disable CA2000 // Dispose objects before losing scope
_hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-512", _key, new RsaDigitalSignature(parsedRsaKey, HashAlgorithmName.SHA512)));
_hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-256", _key, new RsaDigitalSignature(parsedRsaKey, HashAlgorithmName.SHA256)));
#pragma warning restore CA2000 // Dispose objects before losing scope
}
else if (_key is DsaKey parsedDsaKey)
{
_hostAlgorithms.Add(new KeyHostAlgorithm("ssh-dss", _key));
}
else
{
_hostAlgorithms.Add(new KeyHostAlgorithm(_key.ToString(), _key));
}

break;
case "ENCRYPTED PRIVATE KEY":
var encryptedPrivateKeyInfo = EncryptedPrivateKeyInfo.GetInstance(binaryData);
privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(passPhrase?.ToCharArray(), encryptedPrivateKeyInfo);
_key = ParseOpenSslPkcs8PrivateKey(privateKeyInfo);
if (_key is RsaKey parsedRsaKey2)
{
_hostAlgorithms.Add(new KeyHostAlgorithm("ssh-rsa", _key));
#pragma warning disable CA2000 // Dispose objects before losing scope
_hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-512", _key, new RsaDigitalSignature(parsedRsaKey2, HashAlgorithmName.SHA512)));
_hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-256", _key, new RsaDigitalSignature(parsedRsaKey2, HashAlgorithmName.SHA256)));
#pragma warning restore CA2000 // Dispose objects before losing scope
}
else if (_key is DsaKey parsedDsaKey)
{
_hostAlgorithms.Add(new KeyHostAlgorithm("ssh-dss", _key));
}
else
{
_hostAlgorithms.Add(new KeyHostAlgorithm(_key.ToString(), _key));
}

break;
case "OPENSSH PRIVATE KEY":
_key = ParseOpenSshV1Key(decryptedData, passPhrase);
if (_key is RsaKey parsedRsaKey3)
{
_hostAlgorithms.Add(new KeyHostAlgorithm("ssh-rsa", _key));
#pragma warning disable CA2000 // Dispose objects before losing scope
_hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-512", _key, new RsaDigitalSignature(parsedRsaKey3, HashAlgorithmName.SHA512)));
_hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-256", _key, new RsaDigitalSignature(parsedRsaKey3, HashAlgorithmName.SHA256)));
#pragma warning restore CA2000 // Dispose objects before losing scope
}
else
{
_hostAlgorithms.Add(new KeyHostAlgorithm(_key.ToString(), _key));
}

break;
case "SSH2 ENCRYPTED PRIVATE KEY":
var reader = new SshDataReader(decryptedData);
Expand Down Expand Up @@ -389,7 +444,13 @@ private void Open(Stream privateKey, string? passPhrase)
var inverseQ = reader.ReadBigIntWithBits(); // u
var q = reader.ReadBigIntWithBits(); // p
var p = reader.ReadBigIntWithBits(); // q
_key = new RsaKey(modulus, exponent, d, p, q, inverseQ);
var decryptedRsaKey = new RsaKey(modulus, exponent, d, p, q, inverseQ);
_key = decryptedRsaKey;
_hostAlgorithms.Add(new KeyHostAlgorithm("ssh-rsa", _key));
#pragma warning disable CA2000 // Dispose objects before losing scope
_hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-512", _key, new RsaDigitalSignature(decryptedRsaKey, HashAlgorithmName.SHA512)));
_hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-256", _key, new RsaDigitalSignature(decryptedRsaKey, HashAlgorithmName.SHA256)));
#pragma warning restore CA2000 // Dispose objects before losing scope
}
else if (keyType.Contains("dsa"))
{
Expand All @@ -405,6 +466,7 @@ private void Open(Stream privateKey, string? passPhrase)
var y = reader.ReadBigIntWithBits();
var x = reader.ReadBigIntWithBits();
_key = new DsaKey(p, q, g, y, x);
_hostAlgorithms.Add(new KeyHostAlgorithm("ssh-dss", _key));
}
else
{
Expand All @@ -415,19 +477,6 @@ private void Open(Stream privateKey, string? passPhrase)
default:
throw new NotSupportedException(string.Format(CultureInfo.CurrentCulture, "Key '{0}' is not supported.", keyName));
}

if (_key is RsaKey parsedRsaKey)
{
_hostAlgorithms.Add(new KeyHostAlgorithm("ssh-rsa", _key));
#pragma warning disable CA2000 // Dispose objects before losing scope
_hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-512", _key, new RsaDigitalSignature(parsedRsaKey, HashAlgorithmName.SHA512)));
_hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-256", _key, new RsaDigitalSignature(parsedRsaKey, HashAlgorithmName.SHA256)));
#pragma warning restore CA2000 // Dispose objects before losing scope
}
else
{
_hostAlgorithms.Add(new KeyHostAlgorithm(_key.ToString(), _key));
}
}

private static byte[] GetCipherKey(string passphrase, int length)
Expand Down Expand Up @@ -692,15 +741,14 @@ private static Key ParseOpenSshV1Key(byte[] keyFileData, string? passPhrase)
case "ecdsa-sha2-nistp521":
// curve
var len = (int)privateKeyReader.ReadUInt32();
var curveName = Encoding.ASCII.GetString(privateKeyReader.ReadBytes(len));
var curveOid = SshNamedCurves.GetOid(curveName).GetID();
var curve = Encoding.ASCII.GetString(privateKeyReader.ReadBytes(len));

// public key
publicKey = privateKeyReader.ReadBignum2();

// private key
unencryptedPrivateKey = privateKeyReader.ReadBignum2();
parsedKey = new EcdsaKey(curveOid, publicKey, unencryptedPrivateKey);
parsedKey = new EcdsaKey(curve, publicKey, unencryptedPrivateKey.TrimLeadingZeros());
break;
case "ssh-rsa":
var modulus = privateKeyReader.ReadBignum(); // n
Expand Down Expand Up @@ -796,7 +844,7 @@ private static Key ParseOpenSslPkcs8PrivateKey(PrivateKeyInfo privateKeyInfo)

sequenceReader.ThrowIfNotEmpty();

return new EcdsaKey(curve, publickey, privatekey);
return new EcdsaKey(curve, publickey, privatekey.TrimLeadingZeros());
}

if (algorithmOid.Equals(EdECObjectIdentifiers.id_Ed25519))
Expand Down
16 changes: 1 addition & 15 deletions src/Renci.SshNet/Security/Cryptography/DsaKey.cs
Original file line number Diff line number Diff line change
Expand Up @@ -16,17 +16,6 @@ public class DsaKey : Key, IDisposable
{
private DsaDigitalSignature? _digitalSignature;

/// <summary>
/// Gets the SSH name of the DSA Key.
/// </summary>
/// <returns>
/// The SSH name of the DSA Key.
/// </returns>
public override string ToString()
{
return "ssh-dss";
}

internal DSA DSA { get; }

/// <summary>
Expand Down Expand Up @@ -122,10 +111,7 @@ public DsaKey(SshKeyData publicKeyData)
/// <param name="privateKeyData">DER encoded private key data.</param>
public DsaKey(byte[] privateKeyData)
{
if (privateKeyData is null)
{
throw new ArgumentNullException(nameof(privateKeyData));
}
ThrowHelper.ThrowIfNull(privateKeyData);

var der = new AsnReader(privateKeyData, AsnEncodingRules.DER).ReadSequence();
_ = der.ReadInteger(); // skip version
Expand Down
2 changes: 1 addition & 1 deletion src/Renci.SshNet/Security/Cryptography/EcdsaKey.cs
Original file line number Diff line number Diff line change
Expand Up @@ -209,7 +209,7 @@ public EcdsaKey(SshKeyData publicKeyData)
/// <param name="privatekey">Value of privatekey.</param>
public EcdsaKey(string curve, byte[] publickey, byte[] privatekey)
{
_impl = Import(GetCurveOid(curve), publickey, privatekey.TrimLeadingZeros());
_impl = Import(GetCurveOid(curve), publickey, privatekey);
}

/// <summary>
Expand Down
1 change: 1 addition & 0 deletions src/Renci.SshNet/Security/Cryptography/RsaKey.cs
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,7 @@ public RsaKey(byte[] privateKeyData)
InverseQ = der.ReadInteger();

der.ThrowIfNotEmpty();

RSA = RSA.Create();
RSA.ImportParameters(GetRSAParameters());
}
Expand Down

0 comments on commit 0c3bcae

Please sign in to comment.