diff options
| author | Christian Kandeler <[email protected]> | 2015-07-23 10:05:45 +0200 |
|---|---|---|
| committer | Christian Kandeler <[email protected]> | 2015-07-27 12:39:33 +0000 |
| commit | 8f5618c3ecc0daf971b19780646cc14a6db12931 (patch) | |
| tree | 56825d5845ac8e3214ef363e6b6c2bcc31af79d3 | |
| parent | 851054dee8dd87b7333596b59459f798deca1dea (diff) | |
SSH: Don't assume an exact width of ECDSA keys.
The number specified in the algorithm name is a maximum.
Change-Id: I70177a135be29adbf9b58d0dd3b9de339f0d3b7e
Reviewed-by: Joerg Bornemann <[email protected]>
| -rw-r--r-- | src/libs/ssh/sshcapabilities.cpp | 12 | ||||
| -rw-r--r-- | src/libs/ssh/sshcapabilities_p.h | 1 | ||||
| -rw-r--r-- | src/libs/ssh/sshcryptofacility.cpp | 16 |
3 files changed, 14 insertions, 15 deletions
diff --git a/src/libs/ssh/sshcapabilities.cpp b/src/libs/ssh/sshcapabilities.cpp index 6bef99b91de..6d368025bde 100644 --- a/src/libs/ssh/sshcapabilities.cpp +++ b/src/libs/ssh/sshcapabilities.cpp @@ -147,6 +147,18 @@ int SshCapabilities::ecdsaIntegerWidthInBytes(const QByteArray &ecdsaAlgo) .arg(QString::fromLatin1(ecdsaAlgo))); } +QByteArray SshCapabilities::ecdsaPubKeyAlgoForKeyWidth(int keyWidthInBytes) +{ + if (keyWidthInBytes <= 32) + return PubKeyEcdsa256; + if (keyWidthInBytes <= 48) + return PubKeyEcdsa384; + if (keyWidthInBytes <= 66) + return PubKeyEcdsa521; + throw SshClientException(SshInternalError, SSH_TR("Unexpected ecdsa key size (%1 bytes)") + .arg(keyWidthInBytes)); +} + const char *SshCapabilities::oid(const QByteArray &ecdsaAlgo) { if (ecdsaAlgo == PubKeyEcdsa256) diff --git a/src/libs/ssh/sshcapabilities_p.h b/src/libs/ssh/sshcapabilities_p.h index 9f6aa59e5f2..653f29763f2 100644 --- a/src/libs/ssh/sshcapabilities_p.h +++ b/src/libs/ssh/sshcapabilities_p.h @@ -81,6 +81,7 @@ public: const QList<QByteArray> &serverCapabilities); static int ecdsaIntegerWidthInBytes(const QByteArray &ecdsaAlgo); + static QByteArray ecdsaPubKeyAlgoForKeyWidth(int keyWidthInBytes); static const char *oid(const QByteArray &ecdsaAlgo); }; diff --git a/src/libs/ssh/sshcryptofacility.cpp b/src/libs/ssh/sshcryptofacility.cpp index c048b42d944..227c8df3ab5 100644 --- a/src/libs/ssh/sshcryptofacility.cpp +++ b/src/libs/ssh/sshcryptofacility.cpp @@ -349,21 +349,7 @@ bool SshEncryptionFacility::createAuthenticationKeyFromOpenSSL(const QByteArray } else { BigInt privKey; sequence.decode_octet_string_bigint(privKey); - switch (privKey.bytes()) { - case 32: - m_authKeyAlgoName = SshCapabilities::PubKeyEcdsa256; - break; - case 48: - m_authKeyAlgoName = SshCapabilities::PubKeyEcdsa384; - break; - case 66: - m_authKeyAlgoName = SshCapabilities::PubKeyEcdsa521; - break; - default: - error = SSH_TR("Unexpected ECDSA key width %1").arg(privKey.bytes()); - return false; - } - + m_authKeyAlgoName = SshCapabilities::ecdsaPubKeyAlgoForKeyWidth(privKey.bytes()); const EC_Group group(SshCapabilities::oid(m_authKeyAlgoName)); auto * const key = new ECDSA_PrivateKey(m_rng, group, privKey); m_authKey.reset(key); |