Examples with KeyDecryptionFailedException com.hierynomus.sshj.common.KeyDecryptionFailedException used on opensource projects

Example 1 with KeyDecryptionFailedException

use of com.hierynomus.sshj.common.KeyDecryptionFailedException in project sshj by hierynomus.

the class OpenSSHKeyV1KeyFile method readUnencrypted.

private KeyPair readUnencrypted(final PlainBuffer keyBuffer, final PublicKey publicKey) throws IOException, GeneralSecurityException {
    int privKeyListSize = keyBuffer.available();
    if (privKeyListSize % 8 != 0) {
        throw new IOException("The private key section must be a multiple of the block size (8)");
    }
    // uint32 checkint1
    int checkInt1 = keyBuffer.readUInt32AsInt();
    // uint32 checkint2
    int checkInt2 = keyBuffer.readUInt32AsInt();
    if (checkInt1 != checkInt2) {
        throw new KeyDecryptionFailedException();
    }
    // The private key section contains both the public key and the private key
    // string keytype
    String keyType = keyBuffer.readString();
    KeyType kt = KeyType.fromString(keyType);
    logger.info("Read key type: {}", keyType, kt);
    KeyPair kp;
    switch(kt) {
        case ED25519:
            // string publickey (again...)
            keyBuffer.readBytes();
            // length of privatekey+publickey
            keyBuffer.readUInt32();
            byte[] privKey = new byte[32];
            // string privatekey
            keyBuffer.readRawBytes(privKey);
            // string publickey (again...)
            keyBuffer.readRawBytes(new byte[32]);
            kp = new KeyPair(publicKey, new EdDSAPrivateKey(new EdDSAPrivateKeySpec(privKey, EdDSANamedCurveTable.getByName("Ed25519"))));
            break;
        case RSA:
            final RSAPrivateCrtKeySpec rsaPrivateCrtKeySpec = readRsaPrivateKeySpec(keyBuffer);
            final PrivateKey privateKey = SecurityUtils.getKeyFactory(KeyAlgorithm.RSA).generatePrivate(rsaPrivateCrtKeySpec);
            kp = new KeyPair(publicKey, privateKey);
            break;
        case ECDSA256:
            kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, "P-256"));
            break;
        case ECDSA384:
            kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, "P-384"));
            break;
        case ECDSA521:
            kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, "P-521"));
            break;
        default:
            throw new IOException("Cannot decode keytype " + keyType + " in openssh-key-v1 files (yet).");
    }
    // string comment
    keyBuffer.readString();
    byte[] padding = new byte[keyBuffer.available()];
    // char[] padding
    keyBuffer.readRawBytes(padding);
    for (int i = 0; i < padding.length; i++) {
        if ((int) padding[i] != i + 1) {
            throw new IOException("Padding of key format contained wrong byte at position: " + i);
        }
    }
    return kp;
}

Example 2 with KeyDecryptionFailedException

use of com.hierynomus.sshj.common.KeyDecryptionFailedException in project sshj by hierynomus.

the class PKCS8KeyFile method readKeyPair.

protected KeyPair readKeyPair() throws IOException {
    KeyPair kp = null;
    for (PEMParser r = null; ; ) {
        // while the PasswordFinder tells us we should retry
        try {
            r = new PEMParser(resource.getReader());
            final Object o = r.readObject();
            final JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
            if (SecurityUtils.getSecurityProvider() != null) {
                pemConverter.setProvider(SecurityUtils.getSecurityProvider());
            }
            if (o instanceof PEMEncryptedKeyPair) {
                final PEMEncryptedKeyPair encryptedKeyPair = (PEMEncryptedKeyPair) o;
                final PEMKeyPair pemKeyPair = readEncryptedKeyPair(encryptedKeyPair);
                kp = pemConverter.getKeyPair(pemKeyPair);
            } else if (o instanceof PEMKeyPair) {
                kp = pemConverter.getKeyPair((PEMKeyPair) o);
            } else if (o instanceof PrivateKeyInfo) {
                final PrivateKeyInfo privateKeyInfo = (PrivateKeyInfo) o;
                final PEMKeyPair pemKeyPair = privateKeyInfoKeyPairConverter.getKeyPair(privateKeyInfo);
                kp = pemConverter.getKeyPair(pemKeyPair);
            } else if (o instanceof PKCS8EncryptedPrivateKeyInfo) {
                final PKCS8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) o;
                final PrivateKeyInfo privateKeyInfo = readEncryptedPrivateKeyInfo(encryptedPrivateKeyInfo);
                final PEMKeyPair pemKeyPair = privateKeyInfoKeyPairConverter.getKeyPair(privateKeyInfo);
                kp = pemConverter.getKeyPair(pemKeyPair);
            } else {
                log.warn("Unexpected PKCS8 PEM Object [{}]", o);
            }
        } catch (EncryptionException e) {
            if (pwdf != null && pwdf.shouldRetry(resource))
                continue;
            else
                throw new KeyDecryptionFailedException(e);
        } finally {
            IOUtils.closeQuietly(r);
        }
        break;
    }
    if (kp == null)
        throw new IOException("Could not read key pair from: " + resource);
    return kp;
}

Example 3 with KeyDecryptionFailedException

use of com.hierynomus.sshj.common.KeyDecryptionFailedException in project sshj by hierynomus.

the class OpenSSHKeyV1KeyFile method readDecodedKeyPair.

private KeyPair readDecodedKeyPair(final PlainBuffer keyBuffer) throws IOException, GeneralSecurityException {
    byte[] bytes = new byte[AUTH_MAGIC.length];
    // byte[] AUTH_MAGIC
    keyBuffer.readRawBytes(bytes);
    if (!ByteArrayUtils.equals(bytes, 0, AUTH_MAGIC, 0, AUTH_MAGIC.length)) {
        throw new IOException("This key does not contain the 'openssh-key-v1' format magic header");
    }
    // string ciphername
    String cipherName = keyBuffer.readString();
    // string kdfname
    String kdfName = keyBuffer.readString();
    // string kdfoptions
    byte[] kdfOptions = keyBuffer.readBytes();
    // int number of keys N; Should be 1
    int nrKeys = keyBuffer.readUInt32AsInt();
    if (nrKeys != 1) {
        throw new IOException("We don't support having more than 1 key in the file (yet).");
    }
    PublicKey publicKey = pubKey;
    if (publicKey == null) {
        publicKey = readPublicKey(new PlainBuffer(keyBuffer.readBytes()));
    } else {
        keyBuffer.readBytes();
    }
    // string (possibly) encrypted, padded list of private keys
    PlainBuffer privateKeyBuffer = new PlainBuffer(keyBuffer.readBytes());
    if ("none".equals(cipherName)) {
        logger.debug("Reading unencrypted keypair");
        return readUnencrypted(privateKeyBuffer, publicKey);
    } else {
        logger.info("Keypair is encrypted with: " + cipherName + ", " + kdfName + ", " + Arrays.toString(kdfOptions));
        while (true) {
            PlainBuffer decryptionBuffer = new PlainBuffer(privateKeyBuffer);
            PlainBuffer decrypted = decryptBuffer(decryptionBuffer, cipherName, kdfName, kdfOptions);
            try {
                return readUnencrypted(decrypted, publicKey);
            } catch (KeyDecryptionFailedException e) {
                if (pwdf == null || !pwdf.shouldRetry(resource))
                    throw e;
            }
        }
    // throw new IOException("Cannot read encrypted keypair with " + cipherName + " yet.");
    }
}