From 51746e51f05accfb2ca0ab6cb59ce63bd6849110 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Wed, 14 May 2025 22:54:53 +0200 Subject: [PATCH] mbedcrypto: Refromat pki_key_to_blob() Signed-off-by: Jakub Jelen Reviewed-by: Eshan Kelkar (cherry picked from commit 7c34fa783d6ee2079576c0b9d619a334721f6be2) --- src/pki_mbedcrypto.c | 438 +++++++++++++++++++++---------------------- 1 file changed, 219 insertions(+), 219 deletions(-) diff --git a/src/pki_mbedcrypto.c b/src/pki_mbedcrypto.c index 2ebf93aa..c92f2d0e 100644 --- a/src/pki_mbedcrypto.c +++ b/src/pki_mbedcrypto.c @@ -909,186 +909,62 @@ ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type) } switch (key->type) { - case SSH_KEYTYPE_RSA: { - mbedtls_rsa_context *rsa; - if (mbedtls_pk_can_do(key->pk, MBEDTLS_PK_RSA) == 0) { - SSH_BUFFER_FREE(buffer); - return NULL; - } - - rsa = mbedtls_pk_rsa(*key->pk); - -#if MBEDTLS_VERSION_MAJOR > 2 - rc = mbedtls_rsa_export(rsa, &N, NULL, NULL, NULL, &E); - if (rc != 0) { - goto fail; - } - - e = ssh_make_bignum_string(&E); - if (e == NULL) { - goto fail; - } - - n = ssh_make_bignum_string(&N); - if (n == NULL) { - goto fail; - } -#else - e = ssh_make_bignum_string(&rsa->E); - if (e == NULL) { - goto fail; - } - - n = ssh_make_bignum_string(&rsa->N); - if (n == NULL) { - goto fail; - } -#endif - - if (type == SSH_KEY_PUBLIC) { - /* The N and E parts are swapped in the public key export ! */ - rc = ssh_buffer_add_ssh_string(buffer, e); - if (rc < 0) { - goto fail; - } - - rc = ssh_buffer_add_ssh_string(buffer, n); - if (rc < 0) { - goto fail; - } - } else if (type == SSH_KEY_PRIVATE) { - ssh_string p = NULL; - ssh_string q = NULL; - ssh_string d = NULL; - ssh_string iqmp = NULL; - - rc = ssh_buffer_add_ssh_string(buffer, n); - if (rc < 0) { - goto fail; - } - - rc = ssh_buffer_add_ssh_string(buffer, e); - if (rc < 0) { - goto fail; - } - -#if MBEDTLS_VERSION_MAJOR > 2 - rc = mbedtls_rsa_export(rsa, NULL, &P, &Q, &D, NULL); - if (rc != 0) { - goto fail; - } - - p = ssh_make_bignum_string(&P); - if (p == NULL) { - goto fail; - } - - q = ssh_make_bignum_string(&Q); - if (q == NULL) { - goto fail; - } - - d = ssh_make_bignum_string(&D); - if (d == NULL) { - goto fail; - } - rc = mbedtls_rsa_export_crt(rsa, NULL, NULL, &IQMP); - if (rc != 0) { - goto fail; - } - - iqmp = ssh_make_bignum_string(&IQMP); - if (iqmp == NULL) { - goto fail; - } - -#else - p = ssh_make_bignum_string(&rsa->P); - if (p == NULL) { - goto fail; - } - - q = ssh_make_bignum_string(&rsa->Q); - if (q == NULL) { - goto fail; - } - - d = ssh_make_bignum_string(&rsa->D); - if (d == NULL) { - goto fail; - } - - iqmp = ssh_make_bignum_string(&rsa->QP); - if (iqmp == NULL) { - goto fail; - } -#endif - - rc = ssh_buffer_add_ssh_string(buffer, d); - if (rc < 0) { - goto fail; - } - - rc = ssh_buffer_add_ssh_string(buffer, iqmp); - if (rc < 0) { - goto fail; - } - - rc = ssh_buffer_add_ssh_string(buffer, p); - if (rc < 0) { - goto fail; - } - - rc = ssh_buffer_add_ssh_string(buffer, q); - if (rc < 0) { - goto fail; - } - - ssh_string_burn(d); - SSH_STRING_FREE(d); - d = NULL; - ssh_string_burn(iqmp); - SSH_STRING_FREE(iqmp); - iqmp = NULL; - ssh_string_burn(p); - SSH_STRING_FREE(p); - p = NULL; - ssh_string_burn(q); - SSH_STRING_FREE(q); - q = NULL; - } - ssh_string_burn(e); - SSH_STRING_FREE(e); - e = NULL; - ssh_string_burn(n); - SSH_STRING_FREE(n); - n = NULL; - break; + case SSH_KEYTYPE_RSA: { + mbedtls_rsa_context *rsa = NULL; + if (mbedtls_pk_can_do(key->pk, MBEDTLS_PK_RSA) == 0) { + SSH_BUFFER_FREE(buffer); + return NULL; } - case SSH_KEYTYPE_ECDSA_P256: - case SSH_KEYTYPE_ECDSA_P384: - case SSH_KEYTYPE_ECDSA_P521: - case SSH_KEYTYPE_SK_ECDSA: - type_s = - ssh_string_from_char(pki_key_ecdsa_nid_to_char(key->ecdsa_nid)); - if (type_s == NULL) { - SSH_BUFFER_FREE(buffer); - return NULL; - } - rc = ssh_buffer_add_ssh_string(buffer, type_s); - SSH_STRING_FREE(type_s); + rsa = mbedtls_pk_rsa(*key->pk); + +#if MBEDTLS_VERSION_MAJOR > 2 + rc = mbedtls_rsa_export(rsa, &N, NULL, NULL, NULL, &E); + if (rc != 0) { + goto fail; + } + + e = ssh_make_bignum_string(&E); + if (e == NULL) { + goto fail; + } + + n = ssh_make_bignum_string(&N); + if (n == NULL) { + goto fail; + } +#else + e = ssh_make_bignum_string(&rsa->E); + if (e == NULL) { + goto fail; + } + + n = ssh_make_bignum_string(&rsa->N); + if (n == NULL) { + goto fail; + } +#endif + + if (type == SSH_KEY_PUBLIC) { + /* The N and E parts are swapped in the public key export ! */ + rc = ssh_buffer_add_ssh_string(buffer, e); if (rc < 0) { - SSH_BUFFER_FREE(buffer); - return NULL; + goto fail; } - e = make_ecpoint_string(&key->ecdsa->MBEDTLS_PRIVATE(grp), - &key->ecdsa->MBEDTLS_PRIVATE(Q)); + rc = ssh_buffer_add_ssh_string(buffer, n); + if (rc < 0) { + goto fail; + } + } else if (type == SSH_KEY_PRIVATE) { + ssh_string p = NULL; + ssh_string q = NULL; + ssh_string d = NULL; + ssh_string iqmp = NULL; - if (e == NULL) { - SSH_BUFFER_FREE(buffer); - return NULL; + rc = ssh_buffer_add_ssh_string(buffer, n); + if (rc < 0) { + goto fail; } rc = ssh_buffer_add_ssh_string(buffer, e); @@ -1096,59 +972,182 @@ ssh_string pki_key_to_blob(const ssh_key key, enum ssh_key_e type) goto fail; } - ssh_string_burn(e); - SSH_STRING_FREE(e); - e = NULL; +#if MBEDTLS_VERSION_MAJOR > 2 + rc = mbedtls_rsa_export(rsa, NULL, &P, &Q, &D, NULL); + if (rc != 0) { + goto fail; + } - if (type == SSH_KEY_PRIVATE) { - ssh_string d = NULL; - d = ssh_make_bignum_string(&key->ecdsa->MBEDTLS_PRIVATE(d)); + p = ssh_make_bignum_string(&P); + if (p == NULL) { + goto fail; + } - if (d == NULL) { - SSH_BUFFER_FREE(buffer); - return NULL; - } + q = ssh_make_bignum_string(&Q); + if (q == NULL) { + goto fail; + } - rc = ssh_buffer_add_ssh_string(buffer, d); - if (rc < 0) { - goto fail; - } + d = ssh_make_bignum_string(&D); + if (d == NULL) { + goto fail; + } + rc = mbedtls_rsa_export_crt(rsa, NULL, NULL, &IQMP); + if (rc != 0) { + goto fail; + } - ssh_string_burn(d); - SSH_STRING_FREE(d); - d = NULL; - } else if (key->type == SSH_KEYTYPE_SK_ECDSA) { - /* public key can contain certificate sk information */ + iqmp = ssh_make_bignum_string(&IQMP); + if (iqmp == NULL) { + goto fail; + } + +#else + p = ssh_make_bignum_string(&rsa->P); + if (p == NULL) { + goto fail; + } + + q = ssh_make_bignum_string(&rsa->Q); + if (q == NULL) { + goto fail; + } + + d = ssh_make_bignum_string(&rsa->D); + if (d == NULL) { + goto fail; + } + + iqmp = ssh_make_bignum_string(&rsa->QP); + if (iqmp == NULL) { + goto fail; + } +#endif + + rc = ssh_buffer_add_ssh_string(buffer, d); + if (rc < 0) { + goto fail; + } + + rc = ssh_buffer_add_ssh_string(buffer, iqmp); + if (rc < 0) { + goto fail; + } + + rc = ssh_buffer_add_ssh_string(buffer, p); + if (rc < 0) { + goto fail; + } + + rc = ssh_buffer_add_ssh_string(buffer, q); + if (rc < 0) { + goto fail; + } + + ssh_string_burn(d); + SSH_STRING_FREE(d); + d = NULL; + ssh_string_burn(iqmp); + SSH_STRING_FREE(iqmp); + iqmp = NULL; + ssh_string_burn(p); + SSH_STRING_FREE(p); + p = NULL; + ssh_string_burn(q); + SSH_STRING_FREE(q); + q = NULL; + } + ssh_string_burn(e); + SSH_STRING_FREE(e); + e = NULL; + ssh_string_burn(n); + SSH_STRING_FREE(n); + n = NULL; + break; + } + case SSH_KEYTYPE_ECDSA_P256: + case SSH_KEYTYPE_ECDSA_P384: + case SSH_KEYTYPE_ECDSA_P521: + case SSH_KEYTYPE_SK_ECDSA: + type_s = + ssh_string_from_char(pki_key_ecdsa_nid_to_char(key->ecdsa_nid)); + if (type_s == NULL) { + SSH_BUFFER_FREE(buffer); + return NULL; + } + + rc = ssh_buffer_add_ssh_string(buffer, type_s); + SSH_STRING_FREE(type_s); + if (rc < 0) { + SSH_BUFFER_FREE(buffer); + return NULL; + } + + e = make_ecpoint_string(&key->ecdsa->MBEDTLS_PRIVATE(grp), + &key->ecdsa->MBEDTLS_PRIVATE(Q)); + + if (e == NULL) { + SSH_BUFFER_FREE(buffer); + return NULL; + } + + rc = ssh_buffer_add_ssh_string(buffer, e); + if (rc < 0) { + goto fail; + } + + ssh_string_burn(e); + SSH_STRING_FREE(e); + e = NULL; + + if (type == SSH_KEY_PRIVATE) { + ssh_string d = NULL; + d = ssh_make_bignum_string(&key->ecdsa->MBEDTLS_PRIVATE(d)); + + if (d == NULL) { + SSH_BUFFER_FREE(buffer); + return NULL; + } + + rc = ssh_buffer_add_ssh_string(buffer, d); + if (rc < 0) { + goto fail; + } + + ssh_string_burn(d); + SSH_STRING_FREE(d); + d = NULL; + } else if (key->type == SSH_KEYTYPE_SK_ECDSA) { + /* public key can contain certificate sk information */ + rc = ssh_buffer_add_ssh_string(buffer, key->sk_application); + if (rc < 0) { + goto fail; + } + } + break; + case SSH_KEYTYPE_ED25519: + case SSH_KEYTYPE_SK_ED25519: + if (type == SSH_KEY_PUBLIC) { + rc = pki_ed25519_public_key_to_blob(buffer, key); + if (rc == SSH_ERROR) { + goto fail; + } + /* public key can contain certificate sk information */ + if (key->type == SSH_KEYTYPE_SK_ED25519) { rc = ssh_buffer_add_ssh_string(buffer, key->sk_application); if (rc < 0) { goto fail; } - } - break; - case SSH_KEYTYPE_ED25519: - case SSH_KEYTYPE_SK_ED25519: - if (type == SSH_KEY_PUBLIC) { - rc = pki_ed25519_public_key_to_blob(buffer, key); - if (rc == SSH_ERROR) { - goto fail; - } - /* public key can contain certificate sk information */ - if (key->type == SSH_KEYTYPE_SK_ED25519) { - rc = ssh_buffer_add_ssh_string(buffer, key->sk_application); - if (rc < 0) { - goto fail; - } - } - } else { - rc = pki_ed25519_private_key_to_blob(buffer, key); - if (rc == SSH_ERROR) { - goto fail; - } + } else { + rc = pki_ed25519_private_key_to_blob(buffer, key); + if (rc == SSH_ERROR) { + goto fail; } - break; - default: - goto fail; + } + break; + default: + goto fail; } makestring: str = ssh_string_new(ssh_buffer_get_len(buffer)); @@ -1156,8 +1155,9 @@ makestring: goto fail; } - rc = ssh_string_fill(str, ssh_buffer_get(buffer), - ssh_buffer_get_len(buffer)); + rc = ssh_string_fill(str, + ssh_buffer_get(buffer), + ssh_buffer_get_len(buffer)); if (rc < 0) { goto fail; }