Greenbone Vulnerability Management Libraries  10.0.0
sshutils.c
Go to the documentation of this file.
1 /* Copyright (C) 2015-2019 Greenbone Networks GmbH
2  *
3  * SPDX-License-Identifier: GPL-2.0-or-later
4  *
5  * This program is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU General Public License
7  * as published by the Free Software Foundation; either version 2
8  * of the License, or (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18  */
19 
25 #include "sshutils.h"
26 
27 #include <glib.h> /* for g_free, g_strdup, g_strdup_printf */
28 #include <gnutls/gnutls.h> /* for gnutls_datum_t */
29 #include <gnutls/x509.h> /* for gnutls_x509_privkey_deinit, gnutls_x509_p... */
30 #include <libssh/libssh.h> /* for ssh_key_free, ssh_key_type, ssh_key_type_... */
31 #include <string.h> /* for strcmp, strlen */
32 
41 char *
42 gvm_ssh_pkcs8_decrypt (const char *pkcs8_key, const char *passphrase)
43 {
44  gnutls_datum_t data;
45  gnutls_x509_privkey_t key;
46  char buffer[16 * 2048];
47  int rc;
48  size_t size = sizeof (buffer);
49 
50  rc = gnutls_x509_privkey_init (&key);
51  if (rc)
52  return NULL;
53  data.size = strlen (pkcs8_key);
54  data.data = (void *) g_strdup (pkcs8_key);
55  rc = gnutls_x509_privkey_import_pkcs8 (key, &data, GNUTLS_X509_FMT_PEM,
56  passphrase ? passphrase : "", 0);
57  if (rc)
58  {
59  gnutls_x509_privkey_deinit (key);
60  return NULL;
61  }
62  g_free (data.data);
63  rc = gnutls_x509_privkey_export (key, GNUTLS_X509_FMT_PEM, buffer, &size);
64  gnutls_x509_privkey_deinit (key);
65  if (rc)
66  return NULL;
67  return g_strdup (buffer);
68 }
69 
79 char *
80 gvm_ssh_public_from_private (const char *private_key, const char *passphrase)
81 {
82  ssh_key priv;
83  char *pub_key, *decrypted_priv, *pub_str = NULL;
84  const char *type;
85  int ret;
86 
87  decrypted_priv = gvm_ssh_pkcs8_decrypt (private_key, passphrase);
88  ret = ssh_pki_import_privkey_base64 (decrypted_priv ? decrypted_priv
89  : private_key,
90  passphrase, NULL, NULL, &priv);
91  g_free (decrypted_priv);
92  if (ret)
93  return NULL;
94  ret = ssh_pki_export_pubkey_base64 (priv, &pub_key);
95  type = ssh_key_type_to_char (ssh_key_type (priv));
96 #if LIBSSH_VERSION_INT >= SSH_VERSION_INT(0, 6, 4)
97  if (!strcmp (type, "ssh-ecdsa"))
98  type = ssh_pki_key_ecdsa_name (priv);
99 #endif
100  ssh_key_free (priv);
101  if (ret)
102  return NULL;
103  pub_str = g_strdup_printf ("%s %s", type, pub_key);
104  g_free (pub_key);
105  return pub_str;
106 }
char * gvm_ssh_pkcs8_decrypt(const char *pkcs8_key, const char *passphrase)
Decrypts a base64 encrypted ssh private key.
Definition: sshutils.c:42
SSH related API.
char * gvm_ssh_public_from_private(const char *private_key, const char *passphrase)
Exports a base64 encoded public key from a private key and its passphrase.
Definition: sshutils.c:80