Search in sources :

Example 1 with KeyDecryptionFailedException

use of com.hierynomus.sshj.common.KeyDecryptionFailedException in project sshj by hierynomus.

the class OpenSSHKeyV1KeyFile method readUnencrypted.

private KeyPair readUnencrypted(final PlainBuffer keyBuffer, final PublicKey publicKey) throws IOException, GeneralSecurityException {
    int privKeyListSize = keyBuffer.available();
    if (privKeyListSize % 8 != 0) {
        throw new IOException("The private key section must be a multiple of the block size (8)");
    }
    // uint32 checkint1
    int checkInt1 = keyBuffer.readUInt32AsInt();
    // uint32 checkint2
    int checkInt2 = keyBuffer.readUInt32AsInt();
    if (checkInt1 != checkInt2) {
        throw new KeyDecryptionFailedException();
    }
    // The private key section contains both the public key and the private key
    // string keytype
    String keyType = keyBuffer.readString();
    KeyType kt = KeyType.fromString(keyType);
    logger.info("Read key type: {}", keyType, kt);
    KeyPair kp;
    switch(kt) {
        case ED25519:
            // string publickey (again...)
            keyBuffer.readBytes();
            // length of privatekey+publickey
            keyBuffer.readUInt32();
            byte[] privKey = new byte[32];
            // string privatekey
            keyBuffer.readRawBytes(privKey);
            // string publickey (again...)
            keyBuffer.readRawBytes(new byte[32]);
            kp = new KeyPair(publicKey, new EdDSAPrivateKey(new EdDSAPrivateKeySpec(privKey, EdDSANamedCurveTable.getByName("Ed25519"))));
            break;
        case RSA:
            final RSAPrivateCrtKeySpec rsaPrivateCrtKeySpec = readRsaPrivateKeySpec(keyBuffer);
            final PrivateKey privateKey = SecurityUtils.getKeyFactory(KeyAlgorithm.RSA).generatePrivate(rsaPrivateCrtKeySpec);
            kp = new KeyPair(publicKey, privateKey);
            break;
        case ECDSA256:
            kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, "P-256"));
            break;
        case ECDSA384:
            kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, "P-384"));
            break;
        case ECDSA521:
            kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, "P-521"));
            break;
        default:
            throw new IOException("Cannot decode keytype " + keyType + " in openssh-key-v1 files (yet).");
    }
    // string comment
    keyBuffer.readString();
    byte[] padding = new byte[keyBuffer.available()];
    // char[] padding
    keyBuffer.readRawBytes(padding);
    for (int i = 0; i < padding.length; i++) {
        if ((int) padding[i] != i + 1) {
            throw new IOException("Padding of key format contained wrong byte at position: " + i);
        }
    }
    return kp;
}
Also used : RSAPrivateCrtKeySpec(java.security.spec.RSAPrivateCrtKeySpec) EdDSAPrivateKey(net.i2p.crypto.eddsa.EdDSAPrivateKey) KeyDecryptionFailedException(com.hierynomus.sshj.common.KeyDecryptionFailedException) EdDSAPrivateKey(net.i2p.crypto.eddsa.EdDSAPrivateKey) IOException(java.io.IOException) EdDSAPrivateKeySpec(net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec)

Example 2 with KeyDecryptionFailedException

use of com.hierynomus.sshj.common.KeyDecryptionFailedException in project sshj by hierynomus.

the class PKCS8KeyFile method readKeyPair.

protected KeyPair readKeyPair() throws IOException {
    KeyPair kp = null;
    for (PEMParser r = null; ; ) {
        // while the PasswordFinder tells us we should retry
        try {
            r = new PEMParser(resource.getReader());
            final Object o = r.readObject();
            final JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
            if (SecurityUtils.getSecurityProvider() != null) {
                pemConverter.setProvider(SecurityUtils.getSecurityProvider());
            }
            if (o instanceof PEMEncryptedKeyPair) {
                final PEMEncryptedKeyPair encryptedKeyPair = (PEMEncryptedKeyPair) o;
                final PEMKeyPair pemKeyPair = readEncryptedKeyPair(encryptedKeyPair);
                kp = pemConverter.getKeyPair(pemKeyPair);
            } else if (o instanceof PEMKeyPair) {
                kp = pemConverter.getKeyPair((PEMKeyPair) o);
            } else if (o instanceof PrivateKeyInfo) {
                final PrivateKeyInfo privateKeyInfo = (PrivateKeyInfo) o;
                final PEMKeyPair pemKeyPair = privateKeyInfoKeyPairConverter.getKeyPair(privateKeyInfo);
                kp = pemConverter.getKeyPair(pemKeyPair);
            } else if (o instanceof PKCS8EncryptedPrivateKeyInfo) {
                final PKCS8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) o;
                final PrivateKeyInfo privateKeyInfo = readEncryptedPrivateKeyInfo(encryptedPrivateKeyInfo);
                final PEMKeyPair pemKeyPair = privateKeyInfoKeyPairConverter.getKeyPair(privateKeyInfo);
                kp = pemConverter.getKeyPair(pemKeyPair);
            } else {
                log.warn("Unexpected PKCS8 PEM Object [{}]", o);
            }
        } catch (EncryptionException e) {
            if (pwdf != null && pwdf.shouldRetry(resource))
                continue;
            else
                throw new KeyDecryptionFailedException(e);
        } finally {
            IOUtils.closeQuietly(r);
        }
        break;
    }
    if (kp == null)
        throw new IOException("Could not read key pair from: " + resource);
    return kp;
}
Also used : PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair) KeyPair(java.security.KeyPair) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair) KeyDecryptionFailedException(com.hierynomus.sshj.common.KeyDecryptionFailedException) PEMParser(org.bouncycastle.openssl.PEMParser) EncryptionException(org.bouncycastle.openssl.EncryptionException) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) IOException(java.io.IOException) PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo) PrivateKeyInfo(org.bouncycastle.asn1.pkcs.PrivateKeyInfo)

Example 3 with KeyDecryptionFailedException

use of com.hierynomus.sshj.common.KeyDecryptionFailedException in project sshj by hierynomus.

the class OpenSSHKeyV1KeyFile method readDecodedKeyPair.

private KeyPair readDecodedKeyPair(final PlainBuffer keyBuffer) throws IOException, GeneralSecurityException {
    byte[] bytes = new byte[AUTH_MAGIC.length];
    // byte[] AUTH_MAGIC
    keyBuffer.readRawBytes(bytes);
    if (!ByteArrayUtils.equals(bytes, 0, AUTH_MAGIC, 0, AUTH_MAGIC.length)) {
        throw new IOException("This key does not contain the 'openssh-key-v1' format magic header");
    }
    // string ciphername
    String cipherName = keyBuffer.readString();
    // string kdfname
    String kdfName = keyBuffer.readString();
    // string kdfoptions
    byte[] kdfOptions = keyBuffer.readBytes();
    // int number of keys N; Should be 1
    int nrKeys = keyBuffer.readUInt32AsInt();
    if (nrKeys != 1) {
        throw new IOException("We don't support having more than 1 key in the file (yet).");
    }
    PublicKey publicKey = pubKey;
    if (publicKey == null) {
        publicKey = readPublicKey(new PlainBuffer(keyBuffer.readBytes()));
    } else {
        keyBuffer.readBytes();
    }
    // string (possibly) encrypted, padded list of private keys
    PlainBuffer privateKeyBuffer = new PlainBuffer(keyBuffer.readBytes());
    if ("none".equals(cipherName)) {
        logger.debug("Reading unencrypted keypair");
        return readUnencrypted(privateKeyBuffer, publicKey);
    } else {
        logger.info("Keypair is encrypted with: " + cipherName + ", " + kdfName + ", " + Arrays.toString(kdfOptions));
        while (true) {
            PlainBuffer decryptionBuffer = new PlainBuffer(privateKeyBuffer);
            PlainBuffer decrypted = decryptBuffer(decryptionBuffer, cipherName, kdfName, kdfOptions);
            try {
                return readUnencrypted(decrypted, publicKey);
            } catch (KeyDecryptionFailedException e) {
                if (pwdf == null || !pwdf.shouldRetry(resource))
                    throw e;
            }
        }
    // throw new IOException("Cannot read encrypted keypair with " + cipherName + " yet.");
    }
}
Also used : PlainBuffer(net.schmizz.sshj.common.Buffer.PlainBuffer) KeyDecryptionFailedException(com.hierynomus.sshj.common.KeyDecryptionFailedException) IOException(java.io.IOException)

Aggregations

KeyDecryptionFailedException (com.hierynomus.sshj.common.KeyDecryptionFailedException)3 IOException (java.io.IOException)3 KeyPair (java.security.KeyPair)1 RSAPrivateCrtKeySpec (java.security.spec.RSAPrivateCrtKeySpec)1 EdDSAPrivateKey (net.i2p.crypto.eddsa.EdDSAPrivateKey)1 EdDSAPrivateKeySpec (net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec)1 PlainBuffer (net.schmizz.sshj.common.Buffer.PlainBuffer)1 PrivateKeyInfo (org.bouncycastle.asn1.pkcs.PrivateKeyInfo)1 EncryptionException (org.bouncycastle.openssl.EncryptionException)1 PEMEncryptedKeyPair (org.bouncycastle.openssl.PEMEncryptedKeyPair)1 PEMKeyPair (org.bouncycastle.openssl.PEMKeyPair)1 PEMParser (org.bouncycastle.openssl.PEMParser)1 JcaPEMKeyConverter (org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter)1 PKCS8EncryptedPrivateKeyInfo (org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)1