Module: SSHData::Encoding

Extended by:
Encoding
Included in:
Encoding
Defined in:
lib/ssh_data/encoding.rb

Constant Summary collapse

OPENSSH_PRIVATE_KEY_MAGIC =
"openssh-key-v1\x00"
OPENSSH_SIGNATURE_MAGIC =
"SSHSIG"
OPENSSH_SIGNATURE_VERSION =
0x01
OPENSSH_SIGNATURE_FIELDS =
[
  [:sigversion,     :uint32],
  [:publickey,      :string],
  [:namespace,      :string],
  [:reserved,       :string],
  [:hash_algorithm, :string],
  [:signature,      :string],
]
OPENSSH_PRIVATE_KEY_FIELDS =
[
  [:ciphername, :string],
  [:kdfname,    :string],
  [:kdfoptions, :string],
  [:nkeys,      :uint32],
]
RSA_PRIVATE_KEY_FIELDS =

Fields in an RSA private key

[
  [:n,       :mpint],
  [:e,       :mpint],
  [:d,       :mpint],
  [:iqmp,    :mpint],
  [:p,       :mpint],
  [:q,       :mpint],
]
DSA_PRIVATE_KEY_FIELDS =

Fields in a DSA private key

[
  [:p, :mpint],
  [:q, :mpint],
  [:g, :mpint],
  [:y, :mpint],
  [:x, :mpint]
]
ECDSA_PRIVATE_KEY_FIELDS =

Fields in a ECDSA private key

[
  [:curve,       :string],
  [:public_key,  :string],
  [:private_key, :mpint],
]
ED25519_PRIVATE_KEY_FIELDS =

Fields in a ED25519 private key

[
  [:pk, :string],
  [:sk, :string]
]
RSA_KEY_FIELDS =

Fields in an RSA public key

[
  [:e, :mpint],
  [:n, :mpint]
]
DSA_KEY_FIELDS =

Fields in a DSA public key

[
  [:p, :mpint],
  [:q, :mpint],
  [:g, :mpint],
  [:y, :mpint]
]
ECDSA_KEY_FIELDS =

Fields in an ECDSA public key

[
  [:curve,      :string],
  [:public_key, :string]
]
SKECDSA_KEY_FIELDS =

Fields in an SK-ECDSA public key

[
  [:curve,      :string],
  [:public_key, :string],
  [:application, :string]
]
ED25519_KEY_FIELDS =

Fields in a ED25519 public key

[
  [:pk, :string]
]
SKED25519_KEY_FIELDS =

Fields in a SK-ED25519 public key

[
  [:pk, :string],
  [:application, :string]
]
PUBLIC_KEY_ALGO_BY_CERT_ALGO =
{
  Certificate::ALGO_RSA        => PublicKey::ALGO_RSA,
  Certificate::ALGO_DSA        => PublicKey::ALGO_DSA,
  Certificate::ALGO_ECDSA256   => PublicKey::ALGO_ECDSA256,
  Certificate::ALGO_ECDSA384   => PublicKey::ALGO_ECDSA384,
  Certificate::ALGO_ECDSA521   => PublicKey::ALGO_ECDSA521,
  Certificate::ALGO_ED25519    => PublicKey::ALGO_ED25519,
  Certificate::ALGO_SKECDSA256 => PublicKey::ALGO_SKECDSA256,
  Certificate::ALGO_SKED25519  => PublicKey::ALGO_SKED25519,
}
CERT_ALGO_BY_PUBLIC_KEY_ALGO =
{
  PublicKey::ALGO_RSA        => Certificate::ALGO_RSA,
  PublicKey::ALGO_DSA        => Certificate::ALGO_DSA,
  PublicKey::ALGO_ECDSA256   => Certificate::ALGO_ECDSA256,
  PublicKey::ALGO_ECDSA384   => Certificate::ALGO_ECDSA384,
  PublicKey::ALGO_ECDSA521   => Certificate::ALGO_ECDSA521,
  PublicKey::ALGO_ED25519    => Certificate::ALGO_ED25519,
  PublicKey::ALGO_SKECDSA256 => Certificate::ALGO_SKECDSA256,
  PublicKey::ALGO_SKED25519  => Certificate::ALGO_SKED25519,
}
KEY_FIELDS_BY_PUBLIC_KEY_ALGO =
{
  PublicKey::ALGO_RSA      => RSA_KEY_FIELDS,
  PublicKey::ALGO_DSA      => DSA_KEY_FIELDS,
  PublicKey::ALGO_ECDSA256 => ECDSA_KEY_FIELDS,
  PublicKey::ALGO_ECDSA384 => ECDSA_KEY_FIELDS,
  PublicKey::ALGO_ECDSA521 => ECDSA_KEY_FIELDS,
  PublicKey::ALGO_ED25519  => ED25519_KEY_FIELDS,
  PublicKey::ALGO_SKED25519 => SKED25519_KEY_FIELDS,
  PublicKey::ALGO_SKECDSA256 => SKECDSA_KEY_FIELDS,
}
KEY_FIELDS_BY_PRIVATE_KEY_ALGO =
{
  PublicKey::ALGO_RSA      => RSA_PRIVATE_KEY_FIELDS,
  PublicKey::ALGO_DSA      => DSA_PRIVATE_KEY_FIELDS,
  PublicKey::ALGO_ECDSA256 => ECDSA_PRIVATE_KEY_FIELDS,
  PublicKey::ALGO_ECDSA384 => ECDSA_PRIVATE_KEY_FIELDS,
  PublicKey::ALGO_ECDSA521 => ECDSA_PRIVATE_KEY_FIELDS,
  PublicKey::ALGO_ED25519  => ED25519_PRIVATE_KEY_FIELDS,
}

Instance Method Summary collapse

Instance Method Details

#decode_certificate(raw, offset = 0) ⇒ Object

Decode the fields in a certificate.

raw - Binary String certificate as described by RFC4253 section 6.6. offset - Integer number of bytes into ‘raw` at which we should start

reading.

Returns an Array containing a Hash describing the certificate and the Integer number of bytes read.



352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
# File 'lib/ssh_data/encoding.rb', line 352

def decode_certificate(raw, offset=0)
  total_read = 0

  algo, read = decode_string(raw, offset + total_read)
  total_read += read

  unless key_algo = PUBLIC_KEY_ALGO_BY_CERT_ALGO[algo]
    raise AlgorithmError, "unknown algorithm: #{algo.inspect}"
  end

  data, read = decode_fields(raw, [
    [:nonce,            :string],
    [:public_key,       :public_key, key_algo],
    [:serial,           :uint64],
    [:type,             :uint32],
    [:key_id,           :string],
    [:valid_principals, :list],
    [:valid_after,      :time],
    [:valid_before,     :time],
    [:critical_options, :options],
    [:extensions,       :options],
    [:reserved,         :string],
    [:signature_key,    :string_public_key],
    [:signature,        :string],
  ], offset + total_read)
  total_read += read

  data[:algo] = algo

  [data, total_read]
end

#decode_fields(raw, fields, offset = 0) ⇒ Object

Decode all of the given fields from raw.

raw - A binary String. fields - An Array of Arrays, each containing a symbol describing the field

and a Symbol describing the type of the field (:mpint, :string,
:uint64, or :uint32).

offset - The offset into raw at which to read (default 0).

Returns an Array containing a Hash mapping the provided field keys to the decoded values and the Integer number of bytes read.



394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
# File 'lib/ssh_data/encoding.rb', line 394

def decode_fields(raw, fields, offset=0)
  hash = {}
  total_read = 0

  fields.each do |key, type, *args|
    hash[key], read = case type
    when :string
      decode_string(raw, offset + total_read, *args)
    when :list
      decode_list(raw, offset + total_read, *args)
    when :mpint
      decode_mpint(raw, offset + total_read, *args)
    when :time
      decode_time(raw, offset + total_read, *args)
    when :uint64
      decode_uint64(raw, offset + total_read, *args)
    when :uint32
      decode_uint32(raw, offset + total_read, *args)
    when :public_key
      decode_public_key(raw, offset + total_read, *args)
    when :string_public_key
      decode_string_public_key(raw, offset + total_read, *args)
    when :options
      decode_options(raw, offset + total_read, *args)
    else
      raise DecodeError
    end
    total_read += read
  end

  [hash, total_read]
end

#decode_list(raw, offset = 0) ⇒ Object

Read a series of strings out of the provided raw data.

raw - A binary String. offset - The offset into raw at which to read (default 0).

Returns an Array including the Array of decoded Strings and the Integer number of bytes read.



499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
# File 'lib/ssh_data/encoding.rb', line 499

def decode_list(raw, offset=0)
  list_raw, str_read = decode_string(raw, offset)

  list_read = 0
  list = []

  while list_raw.bytesize > list_read
    value, read = decode_string(list_raw, list_read)
    list << value
    list_read += read
  end

  if list_read != list_raw.bytesize
    raise DecodeError, "bad strings list"
  end

  [list, str_read]
end

#decode_mpint(raw, offset = 0) ⇒ Object

raw - A binary String. offset - The offset into raw at which to read (default 0).

Returns an Array including the decoded mpint as an OpenSSL::BN and the Integer number of bytes read.



534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
# File 'lib/ssh_data/encoding.rb', line 534

def decode_mpint(raw, offset=0)
  if raw.bytesize < offset + 4
    raise DecodeError, "data too short"
  end

  str_size_s = raw.byteslice(offset, 4)
  str_size = str_size_s.unpack("L>").first
  mpi_size = str_size + 4

  if raw.bytesize < offset + mpi_size
    raise DecodeError, "data too short"
  end

  mpi_s = raw.slice(offset, mpi_size)

  # This calls OpenSSL's BN_mpi2bn() function. As far as I can tell, this
  # matches up with with MPI type defined in RFC4251 Section 5 with the
  # exception that OpenSSL doesn't enforce minimal length. We could enforce
  # this ourselves, but it doesn't seem worth the added complexity.
  mpi = OpenSSL::BN.new(mpi_s, 0)

  [mpi, mpi_size]
end

#decode_n_strings(raw, offset = 0, n) ⇒ Object

Read the specified number of strings out of the provided raw data.

raw - A binary String. offset - The offset into raw at which to read (default 0). n - The Integer number of Strings to read.

Returns an Array including the Array of decoded Strings and the Integer number of bytes read.



596
597
598
599
600
601
602
603
604
605
606
# File 'lib/ssh_data/encoding.rb', line 596

def decode_n_strings(raw, offset=0, n)
  total_read = 0
  strs = []

  n.times do |i|
    strs[i], read = decode_string(raw, offset + total_read)
    total_read += read
  end

  [strs, total_read]
end

#decode_openssh_private_key(raw) ⇒ Object

Decode an OpenSSH private key.

raw - The binary String private key.

Returns an Array containing a Hash describing the private key and the Integer number of bytes read.



188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
# File 'lib/ssh_data/encoding.rb', line 188

def decode_openssh_private_key(raw)
  total_read = 0

  magic = raw.byteslice(total_read, OPENSSH_PRIVATE_KEY_MAGIC.bytesize)
  unless magic == OPENSSH_PRIVATE_KEY_MAGIC
    raise DecodeError, "bad OpenSSH private key"
  end
  total_read += OPENSSH_PRIVATE_KEY_MAGIC.bytesize

  data, read = decode_fields(raw, OPENSSH_PRIVATE_KEY_FIELDS, total_read)
  total_read += read

  # TODO: add support for encrypted private keys
  unless data[:ciphername] == "none" && data[:kdfname] == "none"
    raise DecryptError, "cannot decode encrypted private keys"
  end

  data[:public_keys], read = decode_n_strings(raw, total_read, data[:nkeys])
  total_read += read

  privs, read = decode_string(raw, total_read)
  total_read += read

  privs_read = 0

  data[:checkint1], read = decode_uint32(privs, privs_read)
  privs_read += read

  data[:checkint2], read = decode_uint32(privs, privs_read)
  privs_read += read

  unless data[:checkint1] == data[:checkint2]
    raise DecryptError, "bad private key checksum"
  end

  data[:private_keys] = data[:nkeys].times.map do
    algo, read = decode_string(privs, privs_read)
    privs_read += read

    unless fields = KEY_FIELDS_BY_PRIVATE_KEY_ALGO[algo]
      raise AlgorithmError, "unknown algorithm: #{algo.inspect}"
    end

    priv_data, read = decode_fields(privs, fields, privs_read)
    privs_read += read

    comment, read = decode_string(privs, privs_read)
    privs_read += read

    priv_data.merge(algo: algo, comment: comment)
  end

  # padding at end is bytes 1, 2, 3, 4, etc...
  data[:padding] = privs.byteslice(privs_read..-1)
  unless data[:padding].bytes.each_with_index.all? { |b, i| b == (i + 1) % 255 }
    raise DecodeError, "bad padding: #{data[:padding].inspect}"
  end

  [data, total_read]
end

#decode_openssh_signature(raw, offset = 0) ⇒ Object



329
330
331
332
333
334
335
336
337
338
339
340
341
342
# File 'lib/ssh_data/encoding.rb', line 329

def decode_openssh_signature(raw, offset=0)
  total_read = 0

  magic = raw.byteslice(offset, OPENSSH_SIGNATURE_MAGIC.bytesize)
  unless magic == OPENSSH_SIGNATURE_MAGIC
    raise DecodeError, "bad OpenSSH signature"
  end

  total_read += OPENSSH_SIGNATURE_MAGIC.bytesize
  offset += total_read
  data, read = decode_fields(raw, OPENSSH_SIGNATURE_FIELDS, offset)
  total_read += read
  [data, total_read]
end

#decode_options(raw, offset = 0) ⇒ Object

Read a series of key/value pairs out of the provided raw data.

raw - A binary String. offset - The offset into raw at which to read (default 0).

Returns an Array including the Hash of decoded keys/values and the Integer number of bytes read.



615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
# File 'lib/ssh_data/encoding.rb', line 615

def decode_options(raw, offset=0)
  opts_raw, str_read = decode_string(raw, offset)

  opts_read = 0
  opts = {}

  while opts_raw.bytesize > opts_read
    key, read = decode_string(opts_raw, opts_read)
    opts_read += read

    value_raw, read = decode_string(opts_raw, opts_read)
    opts_read += read

    if value_raw.bytesize > 0
      opts[key], read = decode_string(value_raw)
      if read != value_raw.bytesize
        raise DecodeError, "bad options data"
      end
    else
      opts[key] = true
    end
  end

  if opts_read != opts_raw.bytesize
    raise DecodeError, "bad options"
  end

  [opts, str_read]
end

#decode_pem(pem, type) ⇒ Object

Get the raw data from a PEM encoded blob.

pem - The PEM encoded String to decode. type - The String PEM type we’re expecting.

Returns the decoded String.



164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
# File 'lib/ssh_data/encoding.rb', line 164

def decode_pem(pem, type)
  lines = pem.split("\n").map(&:strip)

  unless lines.shift == "-----BEGIN #{type}-----"
    raise DecodeError, "bad PEM header"
  end

  unless lines.pop == "-----END #{type}-----"
    raise DecodeError, "bad PEM footer"
  end

  begin
    Base64.strict_decode64(lines.join)
  rescue ArgumentError
    raise DecodeError, "bad PEM data"
  end
end

#decode_public_key(raw, offset = 0, algo = nil) ⇒ Object

Decode the fields in a public key.

raw - Binary String public key as described by RFC4253 section 6.6. algo - String public key algorithm identifier (optional). offset - Integer number of bytes into ‘raw` at which we should start

reading.

Returns an Array containing a Hash describing the public key and the Integer number of bytes read.



288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
# File 'lib/ssh_data/encoding.rb', line 288

def decode_public_key(raw, offset=0, algo=nil)
  total_read = 0

  if algo.nil?
    algo, read = decode_string(raw, offset + total_read)
    total_read += read
  end

  unless fields = KEY_FIELDS_BY_PUBLIC_KEY_ALGO[algo]
    raise AlgorithmError, "unknown algorithm: #{algo.inspect}"
  end

  data, read = decode_fields(raw, fields, offset + total_read)
  total_read += read

  data[:algo] = algo

  [data, total_read]
end

#decode_signature(raw, offset = 0) ⇒ Object

Decode the signature.

raw - The binary String signature as described by RFC4253 section 6.6. offset - Integer number of bytes into ‘raw` at which we should start

reading.

Returns an Array containing the decoded algorithm String, the decoded binary signature String, and the Integer number of bytes read.



257
258
259
260
261
262
263
264
265
266
267
# File 'lib/ssh_data/encoding.rb', line 257

def decode_signature(raw, offset=0)
  total_read = 0

  algo, read = decode_string(raw, offset + total_read)
  total_read += read

  sig, read = decode_string(raw, offset + total_read)
  total_read += read

  [algo, sig, total_read]
end

#decode_string(raw, offset = 0) ⇒ Object

Read a string out of the provided raw data.

raw - A binary String. offset - The offset into raw at which to read (default 0).

Returns an Array including the decoded String and the Integer number of bytes read.



465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
# File 'lib/ssh_data/encoding.rb', line 465

def decode_string(raw, offset=0)
  if raw.bytesize < offset + 4
    raise DecodeError, "data too short"
  end

  size_s = raw.byteslice(offset, 4)

  size = size_s.unpack("L>").first

  if raw.bytesize < offset + 4 + size
    raise DecodeError, "data too short"
  end

  string = raw.byteslice(offset + 4, size)

  [string, 4 + size]
end

#decode_string_public_key(raw, offset = 0, algo = nil) ⇒ Object

Decode the fields in a public key encoded as an SSH string.

raw - Binary public key as described by RFC4253 section 6.6 wrapped in

an SSH string..

algo - String public key algorithm identifier (optional). offset - Integer number of bytes into ‘raw` at which we should start

reading.

Returns an Array containing a Hash describing the public key and the Integer number of bytes read.



318
319
320
321
322
323
324
325
326
327
# File 'lib/ssh_data/encoding.rb', line 318

def decode_string_public_key(raw, offset=0, algo=nil)
  key_raw, str_read = decode_string(raw, offset)
  key, cert_read = decode_public_key(key_raw, 0, algo)

  if cert_read != key_raw.bytesize
    raise DecodeError, "unexpected trailing data"
  end

  [key, str_read]
end

#decode_time(raw, offset = 0) ⇒ Object

Read a time from the provided raw data.

raw - A binary String. offset - The offset into raw at which to read (default 0).

Returns an Array including the decoded Time and the Integer number of bytes read.



574
575
576
577
# File 'lib/ssh_data/encoding.rb', line 574

def decode_time(raw, offset=0)
  time_raw, read = decode_uint64(raw, offset)
  [Time.at(time_raw), read]
end

#decode_uint32(raw, offset = 0) ⇒ Object

Read a uint32 from the provided raw data.

raw - A binary String. offset - The offset into raw at which to read (default 0).

Returns an Array including the decoded uint32 as an Integer and the Integer number of bytes read.



692
693
694
695
696
697
698
699
700
# File 'lib/ssh_data/encoding.rb', line 692

def decode_uint32(raw, offset=0)
  if raw.bytesize < offset + 4
    raise DecodeError, "data too short"
  end

  uint32 = raw.byteslice(offset, 4).unpack("L>").first

  [uint32, 4]
end

#decode_uint64(raw, offset = 0) ⇒ Object

Read a uint64 from the provided raw data.

raw - A binary String. offset - The offset into raw at which to read (default 0).

Returns an Array including the decoded uint64 as an Integer and the Integer number of bytes read.



666
667
668
669
670
671
672
673
674
# File 'lib/ssh_data/encoding.rb', line 666

def decode_uint64(raw, offset=0)
  if raw.bytesize < offset + 8
    raise DecodeError, "data too short"
  end

  uint64 = raw.byteslice(offset, 8).unpack("Q>").first

  [uint64, 8]
end

#decode_uint8(raw, offset = 0) ⇒ Object

Read a uint8 from the provided raw data.

raw - A binary String. offset - The offset into raw at which to read (default 0).

Returns an Array including the decoded uint8 as an Integer and the Integer number of bytes read.



718
719
720
721
722
723
724
725
726
# File 'lib/ssh_data/encoding.rb', line 718

def decode_uint8(raw, offset=0)
  if raw.bytesize < offset + 1
    raise DecodeError, "data too short"
  end

  uint8 = raw.byteslice(offset, 1).unpack("C").first

  [uint8, 1]
end

#encode_fields(*fields) ⇒ Object

Encode the series of fields into a binary string.

fields - A series of Arrays, each containing a Symbol type and a value to

encode.

Returns a binary String.



433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
# File 'lib/ssh_data/encoding.rb', line 433

def encode_fields(*fields)
  fields.map do |type, value|
    case type
    when :raw
      value
    when :string
      encode_string(value)
    when :list
      encode_list(value)
    when :mpint
      encode_mpint(value)
    when :time
      encode_time(value)
    when :uint64
      encode_uint64(value)
    when :uint32
      encode_uint32(value)
    when :options
      encode_options(value)
    else
      raise DecodeError, "bad type: #{type}"
    end
  end.join
end

#encode_list(value) ⇒ Object

Encode a list of strings.

value - The Array of Strings to encode.

Returns an encoded representation of the list.



523
524
525
# File 'lib/ssh_data/encoding.rb', line 523

def encode_list(value)
  encode_string(value.map { |s| encode_string(s) }.join)
end

#encode_mpint(value) ⇒ Object

Encode a BN as an mpint.

value - The OpenSSL::BN value to encode.

Returns an encoded representation of the BN.



563
564
565
# File 'lib/ssh_data/encoding.rb', line 563

def encode_mpint(value)
  value.to_s(0)
end

#encode_options(value) ⇒ Object

Encode series of key/value pairs.

value - The Hash value to encode.

Returns an encoded representation of the Hash.



650
651
652
653
654
655
656
657
# File 'lib/ssh_data/encoding.rb', line 650

def encode_options(value)
  opts_raw = value.reduce("") do |encoded, (key, value)|
    value_str = value == true ? "" : encode_string(value)
    encoded + encode_string(key) + encode_string(value_str)
  end

  encode_string(opts_raw)
end

#encode_signature(algo, signature) ⇒ Object

Encoding a signature.

algo - The String signature algorithm. signature - The String signature blob.

Returns an encoded String.



275
276
277
# File 'lib/ssh_data/encoding.rb', line 275

def encode_signature(algo, signature)
  encode_string(algo) + encode_string(signature)
end

#encode_string(value) ⇒ Object

Encoding a string.

value - The String value to encode.

Returns an encoded representation of the String.



488
489
490
# File 'lib/ssh_data/encoding.rb', line 488

def encode_string(value)
  [value.bytesize, value].pack("L>A*")
end

#encode_time(value) ⇒ Object

Encode a time.

value - The Time value to encode.

Returns an encoded representation of the Time.



584
585
586
# File 'lib/ssh_data/encoding.rb', line 584

def encode_time(value)
  encode_uint64(value.to_i)
end

#encode_uint32(value) ⇒ Object

Encoding an integer as a uint32.

value - The Integer value to encode.

Returns an encoded representation of the value.



707
708
709
# File 'lib/ssh_data/encoding.rb', line 707

def encode_uint32(value)
  [value].pack("L>")
end

#encode_uint64(value) ⇒ Object

Encoding an integer as a uint64.

value - The Integer value to encode.

Returns an encoded representation of the value.



681
682
683
# File 'lib/ssh_data/encoding.rb', line 681

def encode_uint64(value)
  [value].pack("Q>")
end

#encode_uint8(value) ⇒ Object

Encoding an integer as a uint8.

value - The Integer value to encode.

Returns an encoded representation of the value.



733
734
735
# File 'lib/ssh_data/encoding.rb', line 733

def encode_uint8(value)
  [value].pack("C")
end

#pem_type(pem) ⇒ Object

Get the type from a PEM encoded blob.

pem - A PEM encoded String.

Returns a String PEM type.



143
144
145
146
147
148
149
150
151
152
153
154
155
156
# File 'lib/ssh_data/encoding.rb', line 143

def pem_type(pem)
  head = pem.split("\n", 2).first.strip

  head_prefix = "-----BEGIN "
  head_suffix = "-----"

  unless head.start_with?(head_prefix) && head.end_with?(head_suffix)
    raise DecodeError, "bad PEM encoding"
  end

  type_size = head.bytesize - head_prefix.bytesize - head_suffix.bytesize

  head.byteslice(head_prefix.bytesize, type_size)
end