use of com.hierynomus.sshj.common.KeyDecryptionFailedException in project sshj by hierynomus.
the class OpenSSHKeyV1KeyFile method readUnencrypted.
private KeyPair readUnencrypted(final PlainBuffer keyBuffer, final PublicKey publicKey) throws IOException, GeneralSecurityException {
int privKeyListSize = keyBuffer.available();
if (privKeyListSize % 8 != 0) {
throw new IOException("The private key section must be a multiple of the block size (8)");
}
// uint32 checkint1
int checkInt1 = keyBuffer.readUInt32AsInt();
// uint32 checkint2
int checkInt2 = keyBuffer.readUInt32AsInt();
if (checkInt1 != checkInt2) {
throw new KeyDecryptionFailedException();
}
// The private key section contains both the public key and the private key
// string keytype
String keyType = keyBuffer.readString();
KeyType kt = KeyType.fromString(keyType);
logger.info("Read key type: {}", keyType, kt);
KeyPair kp;
switch(kt) {
case ED25519:
// string publickey (again...)
keyBuffer.readBytes();
// length of privatekey+publickey
keyBuffer.readUInt32();
byte[] privKey = new byte[32];
// string privatekey
keyBuffer.readRawBytes(privKey);
// string publickey (again...)
keyBuffer.readRawBytes(new byte[32]);
kp = new KeyPair(publicKey, new EdDSAPrivateKey(new EdDSAPrivateKeySpec(privKey, EdDSANamedCurveTable.getByName("Ed25519"))));
break;
case RSA:
final RSAPrivateCrtKeySpec rsaPrivateCrtKeySpec = readRsaPrivateKeySpec(keyBuffer);
final PrivateKey privateKey = SecurityUtils.getKeyFactory(KeyAlgorithm.RSA).generatePrivate(rsaPrivateCrtKeySpec);
kp = new KeyPair(publicKey, privateKey);
break;
case ECDSA256:
kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, "P-256"));
break;
case ECDSA384:
kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, "P-384"));
break;
case ECDSA521:
kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, "P-521"));
break;
default:
throw new IOException("Cannot decode keytype " + keyType + " in openssh-key-v1 files (yet).");
}
// string comment
keyBuffer.readString();
byte[] padding = new byte[keyBuffer.available()];
// char[] padding
keyBuffer.readRawBytes(padding);
for (int i = 0; i < padding.length; i++) {
if ((int) padding[i] != i + 1) {
throw new IOException("Padding of key format contained wrong byte at position: " + i);
}
}
return kp;
}
use of com.hierynomus.sshj.common.KeyDecryptionFailedException in project sshj by hierynomus.
the class PKCS8KeyFile method readKeyPair.
protected KeyPair readKeyPair() throws IOException {
KeyPair kp = null;
for (PEMParser r = null; ; ) {
// while the PasswordFinder tells us we should retry
try {
r = new PEMParser(resource.getReader());
final Object o = r.readObject();
final JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
if (SecurityUtils.getSecurityProvider() != null) {
pemConverter.setProvider(SecurityUtils.getSecurityProvider());
}
if (o instanceof PEMEncryptedKeyPair) {
final PEMEncryptedKeyPair encryptedKeyPair = (PEMEncryptedKeyPair) o;
final PEMKeyPair pemKeyPair = readEncryptedKeyPair(encryptedKeyPair);
kp = pemConverter.getKeyPair(pemKeyPair);
} else if (o instanceof PEMKeyPair) {
kp = pemConverter.getKeyPair((PEMKeyPair) o);
} else if (o instanceof PrivateKeyInfo) {
final PrivateKeyInfo privateKeyInfo = (PrivateKeyInfo) o;
final PEMKeyPair pemKeyPair = privateKeyInfoKeyPairConverter.getKeyPair(privateKeyInfo);
kp = pemConverter.getKeyPair(pemKeyPair);
} else if (o instanceof PKCS8EncryptedPrivateKeyInfo) {
final PKCS8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) o;
final PrivateKeyInfo privateKeyInfo = readEncryptedPrivateKeyInfo(encryptedPrivateKeyInfo);
final PEMKeyPair pemKeyPair = privateKeyInfoKeyPairConverter.getKeyPair(privateKeyInfo);
kp = pemConverter.getKeyPair(pemKeyPair);
} else {
log.warn("Unexpected PKCS8 PEM Object [{}]", o);
}
} catch (EncryptionException e) {
if (pwdf != null && pwdf.shouldRetry(resource))
continue;
else
throw new KeyDecryptionFailedException(e);
} finally {
IOUtils.closeQuietly(r);
}
break;
}
if (kp == null)
throw new IOException("Could not read key pair from: " + resource);
return kp;
}
use of com.hierynomus.sshj.common.KeyDecryptionFailedException in project sshj by hierynomus.
the class OpenSSHKeyV1KeyFile method readDecodedKeyPair.
private KeyPair readDecodedKeyPair(final PlainBuffer keyBuffer) throws IOException, GeneralSecurityException {
byte[] bytes = new byte[AUTH_MAGIC.length];
// byte[] AUTH_MAGIC
keyBuffer.readRawBytes(bytes);
if (!ByteArrayUtils.equals(bytes, 0, AUTH_MAGIC, 0, AUTH_MAGIC.length)) {
throw new IOException("This key does not contain the 'openssh-key-v1' format magic header");
}
// string ciphername
String cipherName = keyBuffer.readString();
// string kdfname
String kdfName = keyBuffer.readString();
// string kdfoptions
byte[] kdfOptions = keyBuffer.readBytes();
// int number of keys N; Should be 1
int nrKeys = keyBuffer.readUInt32AsInt();
if (nrKeys != 1) {
throw new IOException("We don't support having more than 1 key in the file (yet).");
}
PublicKey publicKey = pubKey;
if (publicKey == null) {
publicKey = readPublicKey(new PlainBuffer(keyBuffer.readBytes()));
} else {
keyBuffer.readBytes();
}
// string (possibly) encrypted, padded list of private keys
PlainBuffer privateKeyBuffer = new PlainBuffer(keyBuffer.readBytes());
if ("none".equals(cipherName)) {
logger.debug("Reading unencrypted keypair");
return readUnencrypted(privateKeyBuffer, publicKey);
} else {
logger.info("Keypair is encrypted with: " + cipherName + ", " + kdfName + ", " + Arrays.toString(kdfOptions));
while (true) {
PlainBuffer decryptionBuffer = new PlainBuffer(privateKeyBuffer);
PlainBuffer decrypted = decryptBuffer(decryptionBuffer, cipherName, kdfName, kdfOptions);
try {
return readUnencrypted(decrypted, publicKey);
} catch (KeyDecryptionFailedException e) {
if (pwdf == null || !pwdf.shouldRetry(resource))
throw e;
}
}
// throw new IOException("Cannot read encrypted keypair with " + cipherName + " yet.");
}
}
Aggregations