pki: Search OpenSSH header not only at the beginning

Try to find the OpenSSH private key header not only at the beginning of the file. This makes the parser to skip comments and white spaces. Fixes: T76 Fixes: T123 Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> 2019-07-29 13:31:22 +0200
committer: Andreas Schneider <asn@cryptomilk.org> 2019-07-29 19:14:24 +0200
commit: 88d777e6782330be8d6916f672ae106a5bd32b10 (patch)
tree: 24aba7940bde50f60730ee6c4035d3d8c201f384
parent: 0a85f3a58da85c8c36b8436d8075b38ac93123fb (diff)
download: libssh-88d777e6782330be8d6916f672ae106a5bd32b10.tar.gz
libssh-88d777e6782330be8d6916f672ae106a5bd32b10.tar.xz
libssh-88d777e6782330be8d6916f672ae106a5bd32b10.zip
2 files changed, 88 insertions, 4 deletions
diff --git a/src/pki.c b/src/pki.c
index 482c58c2..a4985114 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -724,7 +724,7 @@ int ssh_pki_import_privkey_base64(const char *b64_key,
                                   ssh_key *pkey)
 {
     ssh_key key;
-    int cmp;
+    char *openssh_header = NULL;
 
     if (b64_key == NULL || pkey == NULL) {
         return SSH_ERROR;
@@ -739,9 +739,9 @@ int ssh_pki_import_privkey_base64(const char *b64_key,
             passphrase ? "true" : "false");
 
     /* Test for OpenSSH key format first */
-    cmp = strncmp(b64_key, OPENSSH_HEADER_BEGIN, strlen(OPENSSH_HEADER_BEGIN));
-    if (cmp == 0) {
-        key = ssh_pki_openssh_privkey_import(b64_key,
+    openssh_header = strstr(b64_key, OPENSSH_HEADER_BEGIN);
+    if (openssh_header != NULL) {
+        key = ssh_pki_openssh_privkey_import(openssh_header,
                                              passphrase,
                                              auth_fn,
                                              auth_data);
diff --git a/tests/unittests/torture_pki_ed25519.c b/tests/unittests/torture_pki_ed25519.c
index 0ace82c6..56b3e0b1 100644
--- a/tests/unittests/torture_pki_ed25519.c
+++ b/tests/unittests/torture_pki_ed25519.c
@@ -149,6 +149,84 @@ static void torture_pki_ed25519_import_privkey_base64(void **state)
 
 }
 
+static void torture_pki_ed25519_import_privkey_base64_comment(void **state)
+{
+    int rc, file_str_len;
+    const char *comment_str = "#this is line-comment\n#this is another\n";
+    char *key_str = NULL, *file_str = NULL;
+    ssh_key key = NULL;
+    const char *passphrase = torture_get_testkey_passphrase();
+    enum ssh_keytypes_e type;
+
+    (void) state; /* unused */
+
+    key_str = torture_pki_read_file(LIBSSH_ED25519_TESTKEY);
+    assert_non_null(key_str);
+
+    file_str_len = strlen(comment_str) + strlen(key_str) + 1;
+    file_str = malloc(file_str_len);
+    assert_non_null(file_str);
+    rc = snprintf(file_str, file_str_len, "%s%s", comment_str, key_str);
+    assert_int_equal(rc, file_str_len - 1);
+
+    rc = ssh_pki_import_privkey_base64(file_str, passphrase, NULL, NULL, &key);
+    assert_true(rc == 0);
+    assert_non_null(key);
+
+    type = ssh_key_type(key);
+    assert_true(type == SSH_KEYTYPE_ED25519);
+
+    rc = ssh_key_is_private(key);
+    assert_true(rc == 1);
+
+    rc = ssh_key_is_public(key);
+    assert_true(rc == 1);
+
+    free(key_str);
+    free(file_str);
+    SSH_KEY_FREE(key);
+
+}
+
+static void torture_pki_ed25519_import_privkey_base64_whitespace(void **state)
+{
+    int rc, file_str_len;
+    const char *whitespace_str = "      \n\t\t\t\t\t\n\n\n\n\n";
+    char *key_str = NULL, *file_str = NULL;
+    ssh_key key = NULL;
+    const char *passphrase = torture_get_testkey_passphrase();
+    enum ssh_keytypes_e type;
+
+    (void) state; /* unused */
+
+    key_str = torture_pki_read_file(LIBSSH_ED25519_TESTKEY);
+    assert_non_null(key_str);
+
+    file_str_len = strlen(whitespace_str) + strlen(key_str) + 1;
+    file_str = malloc(file_str_len);
+    assert_non_null(file_str);
+    rc = snprintf(file_str, file_str_len, "%s%s", whitespace_str, key_str);
+    assert_int_equal(rc, file_str_len - 1);
+
+    rc = ssh_pki_import_privkey_base64(file_str, passphrase, NULL, NULL, &key);
+    assert_true(rc == 0);
+    assert_non_null(key);
+
+    type = ssh_key_type(key);
+    assert_true(type == SSH_KEYTYPE_ED25519);
+
+    rc = ssh_key_is_private(key);
+    assert_true(rc == 1);
+
+    rc = ssh_key_is_public(key);
+    assert_true(rc == 1);
+
+    free(key_str);
+    free(file_str);
+    SSH_KEY_FREE(key);
+
+}
+
 static void torture_pki_ed25519_import_export_privkey_base64(void **state)
 {
     char *b64_key = NULL;
@@ -730,6 +808,12 @@ int torture_run_tests(void) {
         cmocka_unit_test_setup_teardown(torture_pki_ed25519_import_privkey_base64,
                                         setup_ed25519_key,
                                         teardown),
+        cmocka_unit_test_setup_teardown(torture_pki_ed25519_import_privkey_base64_comment,
+                                        setup_ed25519_key,
+                                        teardown),
+        cmocka_unit_test_setup_teardown(torture_pki_ed25519_import_privkey_base64_whitespace,
+                                        setup_ed25519_key,
+                                        teardown),
         cmocka_unit_test_setup_teardown(torture_pki_ed25519_import_export_privkey_base64,
                                         setup_ed25519_key,
                                         teardown),
author	Anderson Toshiyuki Sasaki <ansasaki@redhat.com>	2019-07-29 13:31:22 +0200
committer	Andreas Schneider <asn@cryptomilk.org>	2019-07-29 19:14:24 +0200
commit	88d777e6782330be8d6916f672ae106a5bd32b10 (patch)
tree	24aba7940bde50f60730ee6c4035d3d8c201f384
parent	0a85f3a58da85c8c36b8436d8075b38ac93123fb (diff)
download	libssh-88d777e6782330be8d6916f672ae106a5bd32b10.tar.gz libssh-88d777e6782330be8d6916f672ae106a5bd32b10.tar.xz libssh-88d777e6782330be8d6916f672ae106a5bd32b10.zip