1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
|
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Nist;
using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Asn1.Sec;
using Org.BouncyCastle.Asn1.X9;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Pkcs;
namespace Org.BouncyCastle.Utilities.SSH
{
public class OpenSSHPrivateKeyUtil
{
private OpenSSHPrivateKeyUtil()
{
}
/**
* Magic value for proprietary OpenSSH private key.
**/
static readonly byte[] AUTH_MAGIC = Strings.ToByteArray("openssh-key-v1\0"); // C string so null terminated
/**
* Encode a cipher parameters into an OpenSSH private key.
* This does not add headers like ----BEGIN RSA PRIVATE KEY----
*
* @param parameters the cipher parameters.
* @return a byte array
*/
public static byte[] EncodePrivateKey(AsymmetricKeyParameter parameters)
{
if (parameters == null)
{
throw new ArgumentException("parameters is null");
}
if (parameters is RsaPrivateCrtKeyParameters || parameters is ECPrivateKeyParameters)
{
PrivateKeyInfo pInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(parameters);
return pInfo.ParsePrivateKey().GetEncoded();
}
else if (parameters is DsaPrivateKeyParameters dsaPrivateKey)
{
DsaParameters dsaparameters = dsaPrivateKey.Parameters;
Asn1EncodableVector vec = new Asn1EncodableVector
{
new DerInteger(0),
new DerInteger(dsaparameters.P),
new DerInteger(dsaparameters.Q),
new DerInteger(dsaparameters.G)
};
// public key = g.modPow(x, p);
BigInteger pubKey = dsaparameters.P.ModPow(dsaPrivateKey.X, dsaparameters.P);
vec.Add(new DerInteger(pubKey));
vec.Add(new DerInteger(dsaPrivateKey.X));
try
{
return new DerSequence(vec).GetEncoded();
}
catch (Exception ex)
{
throw new InvalidOperationException("unable to encode DSAPrivateKeyParameters " + ex.Message);
}
}
else if (parameters is Ed25519PrivateKeyParameters ed25519PrivateKey)
{
Ed25519PublicKeyParameters publicKeyParameters = ed25519PrivateKey.GeneratePublicKey();
SSHBuilder builder = new SSHBuilder();
builder.WriteBytes(AUTH_MAGIC);
builder.WriteString("none"); // cipher name
builder.WriteString("none"); // KDF name
builder.WriteString(""); // KDF options
builder.U32(1); // Number of keys
{
byte[] pkEncoded = OpenSSHPublicKeyUtil.EncodePublicKey(publicKeyParameters);
builder.WriteBlock(pkEncoded);
}
{
SSHBuilder pkBuild = new SSHBuilder();
int checkint = CryptoServicesRegistrar.GetSecureRandom().NextInt();
pkBuild.U32((uint)checkint);
pkBuild.U32((uint)checkint);
pkBuild.WriteString("ssh-ed25519");
// Public key (as part of private key pair)
byte[] pubKeyEncoded = publicKeyParameters.GetEncoded();
pkBuild.WriteBlock(pubKeyEncoded);
// The private key in SSH is 64 bytes long and is the concatenation of the private and the public keys
pkBuild.WriteBlock(Arrays.Concatenate(ed25519PrivateKey.GetEncoded(), pubKeyEncoded));
// Comment for this private key (empty)
pkBuild.WriteString("");
builder.WriteBlock(pkBuild.GetPaddedBytes());
}
return builder.GetBytes();
}
throw new ArgumentException("unable to convert " + parameters.GetType().Name + " to openssh private key");
}
/**
* Parse a private key.
* <p>
* This method accepts the body of the OpenSSH private key.
* The easiest way to extract the body is to use PemReader, for example:
* <p>
* byte[] blob = new PemReader([reader]).readPemObject().getContent();
* CipherParameters params = parsePrivateKeyBlob(blob);
*
* @param blob The key.
* @return A cipher parameters instance.
*/
public static AsymmetricKeyParameter ParsePrivateKeyBlob(byte[] blob)
{
AsymmetricKeyParameter result = null;
if (blob[0] == 0x30)
{
Asn1Sequence sequence = Asn1Sequence.GetInstance(blob);
if (sequence.Count == 6)
{
if (AllIntegers(sequence) && ((DerInteger)sequence[0]).PositiveValue.Equals(BigIntegers.Zero))
{
// length of 6 and all Integers -- DSA
result = new DsaPrivateKeyParameters(
((DerInteger)sequence[5]).PositiveValue,
new DsaParameters(
((DerInteger)sequence[1]).PositiveValue,
((DerInteger)sequence[2]).PositiveValue,
((DerInteger)sequence[3]).PositiveValue)
);
}
}
else if (sequence.Count == 9)
{
if (AllIntegers(sequence) && ((DerInteger)sequence[0]).PositiveValue.Equals(BigIntegers.Zero))
{
// length of 8 and all Integers -- RSA
RsaPrivateKeyStructure rsaPrivateKey = RsaPrivateKeyStructure.GetInstance(sequence);
result = new RsaPrivateCrtKeyParameters(
rsaPrivateKey.Modulus,
rsaPrivateKey.PublicExponent,
rsaPrivateKey.PrivateExponent,
rsaPrivateKey.Prime1,
rsaPrivateKey.Prime2,
rsaPrivateKey.Exponent1,
rsaPrivateKey.Exponent2,
rsaPrivateKey.Coefficient);
}
}
else if (sequence.Count == 4)
{
if (sequence[3] is Asn1TaggedObject && sequence[2] is Asn1TaggedObject)
{
ECPrivateKeyStructure ecPrivateKey = ECPrivateKeyStructure.GetInstance(sequence);
DerObjectIdentifier curveOID = DerObjectIdentifier.GetInstance(ecPrivateKey.GetParameters());
X9ECParameters x9Params = ECNamedCurveTable.GetByOid(curveOID);
result = new ECPrivateKeyParameters(
ecPrivateKey.GetKey(),
new ECNamedDomainParameters(
curveOID,
x9Params));
}
}
}
else
{
SSHBuffer kIn = new SSHBuffer(AUTH_MAGIC, blob);
String cipherName = kIn.ReadString();
if (!"none".Equals(cipherName))
{
throw new InvalidOperationException("encrypted keys not supported");
}
// KDF name
kIn.SkipBlock();
// KDF options
kIn.SkipBlock();
int publicKeyCount = kIn.ReadU32();
if (publicKeyCount != 1)
{
throw new InvalidOperationException("multiple keys not supported");
}
// Burn off public key.
OpenSSHPublicKeyUtil.ParsePublicKey(kIn.ReadBlock());
byte[] privateKeyBlock = kIn.ReadPaddedBlock();
if (kIn.HasRemaining())
{
throw new InvalidOperationException("decoded key has trailing data");
}
SSHBuffer pkIn = new SSHBuffer(privateKeyBlock);
int check1 = pkIn.ReadU32();
int check2 = pkIn.ReadU32();
if (check1 != check2)
{
throw new InvalidOperationException("private key check values are not the same");
}
String keyType = pkIn.ReadString();
if ("ssh-ed25519".Equals(keyType))
{
// Public key
pkIn.ReadBlock();
// Private key value..
byte[] edPrivateKey = pkIn.ReadBlock();
if (edPrivateKey.Length != Ed25519PrivateKeyParameters.KeySize + Ed25519PublicKeyParameters.KeySize)
{
throw new InvalidOperationException("private key value of wrong length");
}
result = new Ed25519PrivateKeyParameters(edPrivateKey, 0);
}
else if (keyType.StartsWith("ecdsa"))
{
DerObjectIdentifier oid = SSHNamedCurves.GetByName(Strings.FromByteArray(pkIn.ReadBlock())) ??
throw new InvalidOperationException("OID not found for: " + keyType);
X9ECParameters curveParams = NistNamedCurves.GetByOid(oid) ?? throw new InvalidOperationException("Curve not found for: " + oid);
// Skip public key.
pkIn.ReadBlock();
byte[] privKey = pkIn.ReadBlock();
result = new ECPrivateKeyParameters(new BigInteger(1, privKey),
new ECNamedDomainParameters(oid, curveParams));
}
else if (keyType.StartsWith("ssh-rsa"))
{
BigInteger modulus = new BigInteger(1, pkIn.ReadBlock());
BigInteger pubExp = new BigInteger(1, pkIn.ReadBlock());
BigInteger privExp = new BigInteger(1, pkIn.ReadBlock());
BigInteger coef = new BigInteger(1, pkIn.ReadBlock());
BigInteger p = new BigInteger(1, pkIn.ReadBlock());
BigInteger q = new BigInteger(1, pkIn.ReadBlock());
BigInteger pSub1 = p.Subtract(BigIntegers.One);
BigInteger qSub1 = q.Subtract(BigIntegers.One);
BigInteger dP = privExp.Remainder(pSub1);
BigInteger dQ = privExp.Remainder(qSub1);
result = new RsaPrivateCrtKeyParameters(
modulus,
pubExp,
privExp,
p,
q,
dP,
dQ,
coef);
}
// Comment for private key
pkIn.SkipBlock();
if (pkIn.HasRemaining())
{
throw new ArgumentException("private key block has trailing data");
}
}
if (result == null)
{
throw new ArgumentException("unable to parse key");
}
return result;
}
/**
* allIntegers returns true if the sequence holds only DerInteger types.
**/
private static Boolean AllIntegers(Asn1Sequence sequence)
{
for (int t = 0; t < sequence.Count; t++)
{
if (!(sequence[t] is DerInteger))
{
return false;
}
}
return true;
}
}
}
|