Example #1
0
 public SshKey(SshVersion version, AsymmetricKeyParameter publicKeyParameter,
               AsymmetricKeyParameter privateKeyParameter = null, string comment = "",
               OpensshCertificate certificate             = null)
 {
     if (publicKeyParameter == null)
     {
         throw new ArgumentNullException("publicKeyParameter");
     }
     IsPublicOnly             = (privateKeyParameter == null);
     Version                  = version;
     this.publicKeyParameter  = publicKeyParameter;
     this.privateKeyParameter = privateKeyParameter;
     Certificate              = certificate;
     Comment                  = comment;
     keyConstraints           = new List <Agent.KeyConstraint>();
 }
Example #2
0
 public SshKey(SshVersion version, AsymmetricCipherKeyPair cipherKeyPair,
               string comment = "", OpensshCertificate certificate = null)
     : this(version, cipherKeyPair.Public, cipherKeyPair.Private, comment, certificate)
 {
 }
Example #3
0
        /// <summary>
        /// reads OpenSSH formatted public key blob and creates
        /// an AsymmetricKeyParameter object
        /// </summary>
        /// <returns>AsymmetricKeyParameter containing the public key</returns>
        public AsymmetricKeyParameter ReadSsh2PublicKeyData(out OpensshCertificate cert)
        {
            cert = null;
            var algorithm   = Encoding.UTF8.GetString(ReadBlob());
            var certBuilder = new BlobBuilder();

            certBuilder.AddStringBlob(algorithm);

            switch (algorithm)
            {
            case PublicKeyAlgorithmExt.ALGORITHM_RSA_KEY: {
                var n = new BigInteger(1, ReadBlob()); // modulus
                var e = new BigInteger(1, ReadBlob()); // exponent
                if (n.BitLength < e.BitLength)
                {
                    // In some cases, the modulus is first. We can always tell because
                    // it is significantly larget than the exponent.
                    return(new RsaKeyParameters(false, e, n));
                }
                return(new RsaKeyParameters(false, n, e));
            }

            case PublicKeyAlgorithmExt.ALGORITHM_RSA_CERT_V1: {
                var nonce = ReadBlob();
                if (nonce.Length != 32)
                {
                    // we are being called from SSH2_AGENTC_ADD_IDENTITY and this blob
                    // is the whole certificate, not the nonce
                    var certParser = new BlobParser(nonce);
                    return(certParser.ReadSsh2PublicKeyData(out cert));
                }
                else
                {
                    certBuilder.AddBlob(nonce);
                    var e = new BigInteger(1, ReadBlob());
                    certBuilder.AddBigIntBlob(e);
                    var n = new BigInteger(1, ReadBlob());
                    certBuilder.AddBigIntBlob(n);

                    cert = ReadCertificate(certBuilder);

                    return(new RsaKeyParameters(false, n, e));
                }
            }

            case PublicKeyAlgorithmExt.ALGORITHM_DSA_KEY: {
                var p = new BigInteger(1, ReadBlob());
                var q = new BigInteger(1, ReadBlob());
                var g = new BigInteger(1, ReadBlob());
                var y = new BigInteger(1, ReadBlob());

                var dsaParams = new DsaParameters(p, q, g);
                return(new DsaPublicKeyParameters(y, dsaParams));
            }

            case PublicKeyAlgorithmExt.ALGORITHM_DSA_CERT_V1: {
                var nonce = ReadBlob();
                if (nonce.Length != 32)
                {
                    // we are being called from SSH2_AGENTC_ADD_IDENTITY and this blob
                    // is the whole certificate, not the nonce
                    var certParser = new BlobParser(nonce);
                    return(certParser.ReadSsh2PublicKeyData(out cert));
                }
                else
                {
                    certBuilder.AddBlob(nonce);
                    var p = new BigInteger(1, ReadBlob());
                    certBuilder.AddBigIntBlob(p);
                    var q = new BigInteger(1, ReadBlob());
                    certBuilder.AddBigIntBlob(q);
                    var g = new BigInteger(1, ReadBlob());
                    certBuilder.AddBigIntBlob(g);
                    var y = new BigInteger(1, ReadBlob());
                    certBuilder.AddBigIntBlob(y);

                    cert = ReadCertificate(certBuilder);

                    var dsaParams = new DsaParameters(p, q, g);
                    return(new DsaPublicKeyParameters(y, dsaParams));
                }
            }

            case PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_NISTP256_KEY:
            case PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_NISTP384_KEY:
            case PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_NISTP521_KEY: {
                var curveName = ReadString();
                var publicKey = ReadBlob();

                var x9Params     = SecNamedCurves.GetByName(EcCurveToAlgorithm(curveName));
                var domainParams = new ECDomainParameters(x9Params.Curve, x9Params.G, x9Params.N, x9Params.H);
                var point        = x9Params.Curve.DecodePoint(publicKey);
                return(new ECPublicKeyParameters(point, domainParams));
            }

            case PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_NISTP256_CERT_V1:
            case PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_NISTP384_CERT_V1:
            case PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_NISTP521_CERT_V1: {
                var nonce = ReadBlob();
                if (nonce.Length != 32)
                {
                    // we are being called from SSH2_AGENTC_ADD_IDENTITY and this blob
                    // is the whole certificate, not the nonce
                    var certParser = new BlobParser(nonce);
                    return(certParser.ReadSsh2PublicKeyData(out cert));
                }
                else
                {
                    certBuilder.AddBlob(nonce);
                    var curveName = ReadString();
                    certBuilder.AddStringBlob(curveName);
                    var publicKey = ReadBlob();
                    certBuilder.AddBlob(publicKey);

                    cert = ReadCertificate(certBuilder);

                    var x9Params     = SecNamedCurves.GetByName(EcCurveToAlgorithm(curveName));
                    var domainParams = new ECDomainParameters(x9Params.Curve, x9Params.G, x9Params.N, x9Params.H);
                    var point        = x9Params.Curve.DecodePoint(publicKey);

                    return(new ECPublicKeyParameters(point, domainParams));
                }
            }

            case PublicKeyAlgorithmExt.ALGORITHM_ED25519: {
                var publicKey = ReadBlob();
                return(new Ed25519PublicKeyParameter(publicKey));
            }

            case PublicKeyAlgorithmExt.ALGORITHM_ED25519_CERT_V1: {
                var nonce = ReadBlob();
                if (nonce.Length != 32)
                {
                    // we are being called from SSH2_AGENTC_ADD_IDENTITY and this blob
                    // is the whole certificate, not the nonce
                    var certParser = new BlobParser(nonce);
                    certParser.ReadSsh2PublicKeyData(out cert);
                    var publicKey = ReadBlob();

                    return(new Ed25519PublicKeyParameter(publicKey));
                }
                else
                {
                    certBuilder.AddBlob(nonce);
                    var publicKey = ReadBlob();
                    certBuilder.AddBlob(publicKey);

                    cert = ReadCertificate(certBuilder);

                    return(new Ed25519PublicKeyParameter(publicKey));
                }
            }

            default:
                // unsupported encryption algorithm
                throw new Exception("Unsupported algorithm");
            }
        }