sshkeygenerator.cpp 6.47 KB
Newer Older
ck's avatar
ck committed
1
2
3
4
/**************************************************************************
**
** This file is part of Qt Creator
**
hjk's avatar
hjk committed
5
** Copyright (c) 2012 Nokia Corporation and/or its subsidiary(-ies).
ck's avatar
ck committed
6
**
7
** Contact: Nokia Corporation (qt-info@nokia.com)
ck's avatar
ck committed
8
9
10
11
**
**
** GNU Lesser General Public License Usage
**
hjk's avatar
hjk committed
12
13
14
15
16
17
** This file may be used under the terms of the GNU Lesser General Public
** License version 2.1 as published by the Free Software Foundation and
** appearing in the file LICENSE.LGPL included in the packaging of this file.
** Please review the following information to ensure the GNU Lesser General
** Public License version 2.1 requirements will be met:
** http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html.
ck's avatar
ck committed
18
**
con's avatar
con committed
19
** In addition, as a special exception, Nokia gives you certain additional
hjk's avatar
hjk committed
20
** rights. These rights are described in the Nokia Qt LGPL Exception
con's avatar
con committed
21
22
** version 1.1, included in the file LGPL_EXCEPTION.txt in this package.
**
hjk's avatar
hjk committed
23
24
25
26
27
** Other Usage
**
** Alternatively, this file may be used in accordance with the terms and
** conditions contained in a signed written agreement between you and Nokia.
**
con's avatar
con committed
28
** If you have questions regarding the use of this file, please contact
29
** Nokia at qt-info@nokia.com.
ck's avatar
ck committed
30
31
32
**
**************************************************************************/

33
34
#include "sshkeygenerator.h"

ck's avatar
ck committed
35
36
37
#include "sshbotanconversions_p.h"
#include "sshcapabilities_p.h"
#include "sshpacket_p.h"
38

ck's avatar
ck committed
39
40
41
42
43
44
45
46
#include <botan/auto_rng.h>
#include <botan/bigint.h>
#include <botan/der_enc.h>
#include <botan/dsa.h>
#include <botan/pem.h>
#include <botan/pkcs8.h>
#include <botan/rsa.h>
#include <botan/x509_key.h>
47

48
49
#include <QDateTime>
#include <QInputDialog>
50
51

#include <string>
52

53
namespace Utils {
54

ck's avatar
ck committed
55
56
using namespace Botan;
using namespace Internal;
57

58
SshKeyGenerator::SshKeyGenerator() : m_type(Rsa)
kh1's avatar
kh1 committed
59
60
{
}
ck's avatar
ck committed
61

62
63
bool SshKeyGenerator::generateKeys(KeyType type, PrivateKeyFormat format, int keySize,
    EncryptionMode encryptionMode)
64
{
kh1's avatar
kh1 committed
65
    m_type = type;
66
    m_encryptionMode = encryptionMode;
kh1's avatar
kh1 committed
67

ck's avatar
ck committed
68
69
70
    try {
        AutoSeeded_RNG rng;
        KeyPtr key;
kh1's avatar
kh1 committed
71
        if (m_type == Rsa)
ck's avatar
ck committed
72
73
            key = KeyPtr(new RSA_PrivateKey(rng, keySize));
        else
74
75
76
            key = KeyPtr(new DSA_PrivateKey(rng, DL_Group(rng, DL_Group::DSA_Kosherizer, keySize)));
        switch (format) {
        case Pkcs8:
77
            generatePkcs8KeyStrings(key, rng);
78
79
80
81
82
83
            break;
        case OpenSsl:
            generateOpenSslKeyStrings(key);
            break;
        case Mixed:
        default:
84
            generatePkcs8KeyString(key, true, rng);
85
86
87
            generateOpenSslPublicKeyString(key);
        }
        return true;
ck's avatar
ck committed
88
    } catch (Botan::Exception &e) {
89
        m_error = tr("Error generating key: %1").arg(QString::fromAscii(e.what()));
90
91
        return false;
    }
ck's avatar
ck committed
92
}
93

94
void SshKeyGenerator::generatePkcs8KeyStrings(const KeyPtr &key, Botan::RandomNumberGenerator &rng)
ck's avatar
ck committed
95
{
96
97
    generatePkcs8KeyString(key, false, rng);
    generatePkcs8KeyString(key, true, rng);
ck's avatar
ck committed
98
99
}

100
101
void SshKeyGenerator::generatePkcs8KeyString(const KeyPtr &key, bool privateKey,
    Botan::RandomNumberGenerator &rng)
ck's avatar
ck committed
102
103
104
105
106
{
    Pipe pipe;
    pipe.start_msg();
    QByteArray *keyData;
    if (privateKey) {
107
        QString password;
108
109
110
        if (m_encryptionMode == DoOfferEncryption)
            password = getPassword();
        if (!password.isEmpty())
111
112
113
            PKCS8::encrypt_key(*key, pipe, rng, password.toLocal8Bit().data());
        else
            PKCS8::encode(*key, pipe);
ck's avatar
ck committed
114
115
116
117
        keyData = &m_privateKey;
    } else {
        X509::encode(*key, pipe);
        keyData = &m_publicKey;
118
    }
ck's avatar
ck committed
119
120
121
122
123
    pipe.end_msg();
    keyData->resize(pipe.remaining(pipe.message_count() - 1));
    pipe.read(convertByteArray(*keyData), keyData->size(),
        pipe.message_count() - 1);
}
124

125
void SshKeyGenerator::generateOpenSslKeyStrings(const KeyPtr &key)
ck's avatar
ck committed
126
{
127
128
129
130
131
132
133
    generateOpenSslPublicKeyString(key);
    generateOpenSslPrivateKeyString(key);
}

void SshKeyGenerator::generateOpenSslPublicKeyString(const KeyPtr &key)
{
    QList<BigInt> params;
ck's avatar
ck committed
134
    QByteArray keyId;
kh1's avatar
kh1 committed
135
    if (m_type == Rsa) {
136
137
        const QSharedPointer<RSA_PrivateKey> rsaKey = key.dynamicCast<RSA_PrivateKey>();
        params << rsaKey->get_e() << rsaKey->get_n();
ck's avatar
ck committed
138
139
        keyId = SshCapabilities::PubKeyRsa;
    } else {
140
141
        const QSharedPointer<DSA_PrivateKey> dsaKey = key.dynamicCast<DSA_PrivateKey>();
        params << dsaKey->group_p() << dsaKey->group_q() << dsaKey->group_g() << dsaKey->get_y();
ck's avatar
ck committed
142
        keyId = SshCapabilities::PubKeyDss;
143
144
    }

ck's avatar
ck committed
145
    QByteArray publicKeyBlob = AbstractSshPacket::encodeString(keyId);
146
    foreach (const BigInt &b, params)
ck's avatar
ck committed
147
148
149
150
151
        publicKeyBlob += AbstractSshPacket::encodeMpInt(b);
    publicKeyBlob = publicKeyBlob.toBase64();
    const QByteArray id = "QtCreator/"
        + QDateTime::currentDateTime().toString(Qt::ISODate).toUtf8();
    m_publicKey = keyId + ' ' + publicKeyBlob + ' ' + id;
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
}

void SshKeyGenerator::generateOpenSslPrivateKeyString(const KeyPtr &key)
{
    QList<BigInt> params;
    QByteArray keyId;
    const char *label;
    if (m_type == Rsa) {
        const QSharedPointer<RSA_PrivateKey> rsaKey
            = key.dynamicCast<RSA_PrivateKey>();
        params << rsaKey->get_n() << rsaKey->get_e() << rsaKey->get_d() << rsaKey->get_p()
            << rsaKey->get_q();
        keyId = SshCapabilities::PubKeyRsa;
        label = "RSA PRIVATE KEY";
    } else {
        const QSharedPointer<DSA_PrivateKey> dsaKey = key.dynamicCast<DSA_PrivateKey>();
        params << dsaKey->group_p() << dsaKey->group_q() << dsaKey->group_g() << dsaKey->get_y()
            << dsaKey->get_x();
        keyId = SshCapabilities::PubKeyDss;
        label = "DSA PRIVATE KEY";
    }
ck's avatar
ck committed
173
174

    DER_Encoder encoder;
175
176
    encoder.start_cons(SEQUENCE).encode(0U);
    foreach (const BigInt &b, params)
ck's avatar
ck committed
177
178
        encoder.encode(b);
    encoder.end_cons();
179
    m_privateKey = QByteArray(PEM_Code::encode (encoder.get_contents(), label).c_str());
180
181
}

182
183
184
185
186
187
188
189
QString SshKeyGenerator::getPassword() const
{
    QInputDialog d;
    d.setInputMode(QInputDialog::TextInput);
    d.setTextEchoMode(QLineEdit::Password);
    d.setWindowTitle(tr("Password for Private Key"));
    d.setLabelText(tr("It is recommended that you secure your private key\n"
        "with a password, which you can enter below."));
Christian Kandeler's avatar
Christian Kandeler committed
190
191
    d.setOkButtonText(tr("Encrypt Key File"));
    d.setCancelButtonText(tr("Do Not Encrypt Key File"));
192
193
194
195
196
197
198
199
200
    int result = QDialog::Accepted;
    QString password;
    while (result == QDialog::Accepted && password.isEmpty()) {
        result = d.exec();
        password = d.textValue();
    }
    return result == QDialog::Accepted ? password : QString();
}

201
} // namespace Utils