Class: OmfCommon::Auth::SSHPubKeyConvert

Inherits:

Object

• Object
• OmfCommon::Auth::SSHPubKeyConvert

Defined in:

lib/omf_common/auth/ssh_pub_key_convert.rb

Overview

This file provides a converter that accepts an SSH public key string and converts it to an OpenSSL::PKey::RSA object for use in verifying received messages. (DSA support pending).

Class Method Summary

• .convert(keystring) ⇒ Object

  Convert a string in SSH public key format to a key object suitable for use with OpenSSL.

• .unpack_string(bytes, len) ⇒ Object

  Unpack a string from the bytes array.

• .unpack_u32(bytes) ⇒ Object

  Unpack a 4-byte unsigned integer from the bytes array.

Class Method Details

.convert(keystring) ⇒ Object

Convert a string in SSH public key format to a key object suitable for use with OpenSSL. If the key is an RSA key then an OpenSSL::PKey::RSA object is returned. If the key is a DSA key then an OpenSSL::PKey::DSA object is returned. In either case, the object returned is suitable for encrypting data or verifying signatures, but cannot be used for decrypting or signing.

The keystring should be a single line, as per an SSH public key file as generated by ssh-keygen, or a line from an SSH authorized_keys file.

Raises:

• (ArgumentError)

# File 'lib/omf_common/auth/ssh_pub_key_convert.rb', line 48

def self.convert(keystring)
  (type, b64, id) = keystring.split(' ')
  raise ArgumentError, "Invalid SSH public key '#{keystring}'" if b64.nil?

  decoded_key = Base64.decode64(b64)
  (n, bytes) = unpack_u32(decoded_key)
  (keytype, bytes) = unpack_string(bytes, n)

  if keytype == "ssh-rsa"
    (n, bytes) = unpack_u32(bytes)
    (estr, bytes) = unpack_string(bytes, n)
    (n, bytes) = unpack_u32(bytes)
    (nstr, bytes) = unpack_string(bytes, n)

    key = OpenSSL::PKey::RSA.new
    key.n = OpenSSL::BN.new(nstr, 2)
    key.e = OpenSSL::BN.new(estr, 2)
    key
  elsif keytype == 'ssh-dss'
    (n, bytes) = unpack_u32(bytes)
    (pstr, bytes) = unpack_string(bytes, n)
    (n, bytes) = unpack_u32(bytes)
    (qstr, bytes) = unpack_string(bytes, n)
    (n, bytes) = unpack_u32(bytes)
    (gstr, bytes) = unpack_string(bytes, n)
    (n, bytes) = unpack_u32(bytes)
    (pkstr, bytes) = unpack_string(bytes, n)

    key = OpenSSL::PKey::DSA.new
    key.p = OpenSSL::BN.new(pstr, 2)
    key.q = OpenSSL::BN.new(qstr, 2)
    key.g = OpenSSL::BN.new(gstr, 2)
    key.pub_key = OpenSSL::BN.new(pkstr, 2)
    key
  else
    raise ArgumentError, "Unknown key type '#{keytype}'"
  end
end

.unpack_string(bytes, len) ⇒ Object

Unpack a string from the bytes array. Exactly len bytes will be extracted.

Returns a pair (string, bytes), where string is the extracted string (of length len), and bytes is the remainder of the original bytes array that follows string.

# File 'lib/omf_common/auth/ssh_pub_key_convert.rb', line 33

def self.unpack_string(bytes, len)
  return bytes.unpack("A#{len}")[0], bytes[len..-1]
end

.unpack_u32(bytes) ⇒ Object

Unpack a 4-byte unsigned integer from the bytes array.

Returns a pair (u32, bytes), where u32 is the extracted unsigned integer, and bytes is the remainder of the original bytes array that follows u32.

# File 'lib/omf_common/auth/ssh_pub_key_convert.rb', line 22

def self.unpack_u32(bytes)
  return bytes.unpack("N")[0], bytes[4..-1]
end