metasploit-framework/lib/net/ssh/key_factory.rb

104 lines
3.7 KiB
Ruby

# -*- coding: binary -*-
require 'net/ssh/transport/openssl'
require 'net/ssh/prompt'
module Net; module SSH
# A factory class for returning new Key classes. It is used for obtaining
# OpenSSL key instances via their SSH names, and for loading both public and
# private keys. It used used primarily by Net::SSH itself, internally, and
# will rarely (if ever) be directly used by consumers of the library.
#
# klass = Net::SSH::KeyFactory.get("rsa")
# assert klass.is_a?(OpenSSL::PKey::RSA)
#
# key = Net::SSH::KeyFacory.load_public_key("~/.ssh/id_dsa.pub")
class KeyFactory
# Specifies the mapping of SSH names to OpenSSL key classes.
MAP = {
"dh" => OpenSSL::PKey::DH,
"rsa" => OpenSSL::PKey::RSA,
"dsa" => OpenSSL::PKey::DSA
}
class <<self
include Prompt
# Fetch an OpenSSL key instance by its SSH name. It will be a new,
# empty key of the given type.
def get(name)
MAP.fetch(name).new
end
# Loads a private key from a file. It will correctly determine
# whether the file describes an RSA or DSA key, and will load it
# appropriately. The new key is returned. If the key itself is
# encrypted (requiring a passphrase to use), the user will be
# prompted to enter their password unless passphrase works.
def load_private_key(filename, passphrase=nil)
data = File.open(File.expand_path(filename), "rb") {|f| f.read(f.stat.size)}
load_data_private_key(data, passphrase, filename)
end
# Loads a private key. It will correctly determine
# whether the file describes an RSA or DSA key, and will load it
# appropriately. The new key is returned. If the key itself is
# encrypted (requiring a passphrase to use), the user will be
# prompted to enter their password unless passphrase works.
def load_data_private_key(data, passphrase=nil, filename="")
if data.match(/-----BEGIN DSA PRIVATE KEY-----/)
key_type = OpenSSL::PKey::DSA
elsif data.match(/-----BEGIN RSA PRIVATE KEY-----/)
key_type = OpenSSL::PKey::RSA
elsif data.match(/-----BEGIN (.*) PRIVATE KEY-----/)
raise OpenSSL::PKey::PKeyError, "not a supported key type '#{$1}'"
else
raise OpenSSL::PKey::PKeyError, "not a private key (#{filename})"
end
encrypted_key = data.match(/ENCRYPTED/)
tries = 0
begin
return key_type.new(data, passphrase || 'invalid')
rescue OpenSSL::PKey::RSAError, OpenSSL::PKey::DSAError => e
if encrypted_key
tries += 1
if tries <= 3
passphrase = prompt("Enter passphrase for #{filename}:", false)
retry
else
raise
end
else
raise
end
end
end
# Loads a public key from a file. It will correctly determine whether
# the file describes an RSA or DSA key, and will load it
# appropriately. The new public key is returned.
def load_public_key(filename)
data = File.read(File.expand_path(filename))
load_data_public_key(data, filename)
end
# Loads a public key. It will correctly determine whether
# the file describes an RSA or DSA key, and will load it
# appropriately. The new public key is returned.
def load_data_public_key(data, filename="")
type, blob = data.split(/ /)
raise Net::SSH::Exception, "public key at #{filename} is not valid" if blob.nil?
blob = blob.unpack("m*").first
reader = Net::SSH::Buffer.new(blob)
reader.read_key or raise OpenSSL::PKey::PKeyError, "not a public key #{filename.inspect}"
end
end
end
end; end