retkey = NULL;
for (key_index = 0; key_index < key->nkeys; key_index++) {
unsigned char *thiskey;
- int thiskeylen, npieces;
+ int thiskeylen;
/*
* Read the key type, which will tell us how to scan over
* of strings, so we just need to know how many of them to
* skip over. (The numbers below exclude the key comment.)
*/
- if (match_ssh_id(stringlen, string, "ssh-rsa")) {
- alg = &ssh_rsa;
- npieces = 6; /* n,e,d,iqmp,q,p */
- } else if (match_ssh_id(stringlen, string, "ssh-dss")) {
- alg = &ssh_dss;
- npieces = 5; /* p,q,g,y,x */
- } else if (match_ssh_id(stringlen, string,
- "ecdsa-sha2-nistp256")) {
- alg = &ssh_ecdsa_nistp256;
- npieces = 3; /* curve name, point, private exponent */
- } else if (match_ssh_id(stringlen, string,
- "ecdsa-sha2-nistp384")) {
- alg = &ssh_ecdsa_nistp384;
- npieces = 3; /* curve name, point, private exponent */
- } else if (match_ssh_id(stringlen, string,
- "ecdsa-sha2-nistp521")) {
- alg = &ssh_ecdsa_nistp521;
- npieces = 3; /* curve name, point, private exponent */
- } else {
- errmsg = "private key did not start with type string\n";
+ {
+ /* find_pubkey_alg needs a zero-terminated copy of the
+ * algorithm name */
+ char *name_zt = dupprintf("%.*s", stringlen, (char *)string);
+ alg = find_pubkey_alg(name_zt);
+ sfree(name_zt);
+ }
+
+ if (!alg) {
+ errmsg = "private key type not recognised\n";
goto error;
}
/*
* Skip over the pieces of key.
*/
- for (i = 0; i < npieces; i++) {
+ for (i = 0; i < alg->openssh_private_npieces; i++) {
if (!(string = get_ssh_string(&privlen, &priv, &stringlen))) {
errmsg = "ran out of data in mid-private-key";
goto error;
unsigned char *priv_blob, int priv_len);
void *(*openssh_createkey) (unsigned char **blob, int *len);
int (*openssh_fmtkey) (void *key, unsigned char *blob, int len);
+ /* OpenSSH private key blobs, as created by openssh_fmtkey and
+ * consumed by openssh_createkey, always (at least so far...) take
+ * the form of a number of SSH-2 strings / mpints concatenated
+ * end-to-end. Because the new-style OpenSSH private key format
+ * stores those blobs without a containing string wrapper, we need
+ * to know how many strings each one consists of, so that we can
+ * skip over the right number to find the next key in the file.
+ * openssh_private_npieces gives that information. */
+ int openssh_private_npieces;
int (*pubkey_bits) (void *blob, int len);
char *(*fingerprint) (void *key);
int (*verifysig) (void *key, char *sig, int siglen,