added opensshpubkey pkc support

diff --git a/Changelog b/Changelog
index 4f5e0ae982abb73edb66a70595a6fa130653478b..6c50e6c9973a7b9b063f2515d28d97bc288f5aa8 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -12,9 +12,10 @@ msva-perl (0.6~pre) upstream;
     (closes MS #2567)
   * report server implementation name and version with every query (closes
     MS # 2564)
-  * support x509pem PKC format in addition to x509der (addresses MS #2566)
+  * support x509pem and opensshpubkey PKC formats in addition to x509der
+    (addresses MS #2566)
 
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Fri, 29 Oct 2010 00:53:37 -0400
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Fri, 29 Oct 2010 02:55:37 -0400
 
 msva-perl (0.5) upstream;
 

diff --git a/Crypt/Monkeysphere/MSVA.pm b/Crypt/Monkeysphere/MSVA.pm
index a425204fa41f280288963289ad336d06e0724495..d1d6b1294ecf6f25133a2c357246712a5e46ba02 100755 (executable)
--- a/Crypt/Monkeysphere/MSVA.pm
+++ b/Crypt/Monkeysphere/MSVA.pm
@@ -135,23 +135,41 @@
                      };
   }
 
-  # returns an empty list if bad key found.
-  sub parse_openssh_pubkey {
+  sub opensshpubkey2key {
     my $data = shift;
+    # FIXME: do we care that the label matches the type of key?
     my ($label, $prop) = split(/ +/, $data);
-    $prop = decode_base64($prop) or return ();
 
-    msvalog('debug', "key properties: %s\n", unpack('H*', $prop));
-    my @out;
-    while (length($prop) > 4) {
-      my $size = unpack('N', substr($prop, 0, 4));
+    my $out = parse_rfc4716body($prop);
+
+    return $out;
+  }
+
+  sub parse_rfc4716body {
+    my $data = shift;
+    $data = decode_base64($data) or return undef;
+
+    msvalog('debug', "key properties: %s\n", unpack('H*', $data));
+    my $out = [ ];
+    while (length($data) > 4) {
+      my $size = unpack('N', substr($data, 0, 4));
       msvalog('debug', "size: 0x%08x\n", $size);
-      return () if (length($prop) < $size + 4);
-      push(@out, substr($prop, 4, $size));
-      $prop = substr($prop, 4 + $size);
+      return undef if (length($data) < $size + 4);
+      push(@{$out}, substr($data, 4, $size));
+      $data = substr($data, 4 + $size);
     }
-    return () if ($label ne $out[0]);
-    return @out;
+
+    if ($out->[0] ne "ssh-rsa") {
+      return {error => 'Not an RSA key'};
+    }
+
+    if (scalar(@{$out}) != 3) {
+      return {error => 'Does not contain the right number of bigints for RSA'};
+    }
+
+    return { exponent => Math::BigInt->from_hex('0x'.unpack('H*', $out->[1])),
+             modulus => Math::BigInt->from_hex('0x'.unpack('H*', $out->[2])),
+           } ;
   }
 
 
@@ -394,7 +412,6 @@
     my @lines = split(/\n/, $pem);
     my @goodlines = ();
     my $ready = 0;
-    use MIME::Base64;
     foreach my $line (@lines) {
       if ($line eq '-----END CERTIFICATE-----') {
         last;
@@ -554,6 +571,8 @@
       $key = der2key(join('', map(chr, @{$data->{pkc}->{data}})));
     } elsif (lc($data->{pkc}->{type}) eq 'x509pem') {
       $key = der2key(pem2der($data->{pkc}->{data}));
+    } elsif (lc($data->{pkc}->{type}) eq 'opensshpubkey') {
+      $key = opensshpubkey2key($data->{pkc}->{data});
     } else {
       $ret->{message} = sprintf("Don't know this public key carrier type: %s", $data->{pkc}->{type});
       return $status,$ret;

diff --git a/Crypt/Monkeysphere/MSVA/Client.pm b/Crypt/Monkeysphere/MSVA/Client.pm
index a6d1ed7d312d34f65066fd92daa8ccb0bad619b2..623e9e8a792fcaa765c27798ece74bae781f3d93 100644 (file)
--- a/Crypt/Monkeysphere/MSVA/Client.pm
+++ b/Crypt/Monkeysphere/MSVA/Client.pm
@@ -108,7 +108,8 @@
       }
       # remap raw pkc data into numeric array
       $transformed_data = [map(ord, split(//,$pkcdata))];
-    } elsif ($pkctype eq 'x509pem') {
+    } elsif ($pkctype eq 'x509pem' ||
+             $pkctype eq 'opensshpubkey') {
       $transformed_data = $pkcdata;
     } else {
       $self->log('error', "unknown pkc type '%s'.\n", $pkctype);