private byte[] WriteToDataWriter()
{
SSH2DataWriter wr = new SSH2DataWriter();
wr.WriteString(SSH2Util.PublicKeyAlgorithmName(_hostkey.Algorithm));
if (_hostkey.Algorithm == PublicKeyAlgorithm.RSA)
{
RSAPublicKey rsa = (RSAPublicKey)_hostkey;
wr.WriteBigInteger(rsa.Exponent);
wr.WriteBigInteger(rsa.Modulus);
}
else if (_hostkey.Algorithm == PublicKeyAlgorithm.DSA)
{
DSAPublicKey dsa = (DSAPublicKey)_hostkey;
wr.WriteBigInteger(dsa.P);
wr.WriteBigInteger(dsa.Q);
wr.WriteBigInteger(dsa.G);
wr.WriteBigInteger(dsa.Y);
}
else
{
throw new SSHException("Host key algorithm is unsupported");
}
return(wr.ToByteArray());
}
public string DumpHostKeyInKnownHostsStyle()
{
StringBuilder bld = new StringBuilder();
bld.Append(SSH2Util.PublicKeyAlgorithmName(_hostkey.Algorithm));
bld.Append(' ');
SSH2DataWriter wr = new SSH2DataWriter();
wr.Write(SSH2Util.PublicKeyAlgorithmName(_hostkey.Algorithm));
if (_hostkey.Algorithm == PublicKeyAlgorithm.RSA)
{
RSAPublicKey rsa = (RSAPublicKey)_hostkey;
wr.Write(rsa.Exponent);
wr.Write(rsa.Modulus);
}
else if (_hostkey.Algorithm == PublicKeyAlgorithm.DSA)
{
DSAPublicKey dsa = (DSAPublicKey)_hostkey;
wr.Write(dsa.P);
wr.Write(dsa.Q);
wr.Write(dsa.G);
wr.Write(dsa.Y);
}
else
{
//throw new Exception("Host key algorithm is unsupported");
throw new Exception("Host key algorithm is unsupported");
}
byte[] tmpdata = Base64.Encode(wr.ToByteArray());
bld.Append(Encoding.UTF8.GetString(tmpdata, 0, tmpdata.Length));
return(bld.ToString());
}
public static byte[] fromDSAPublicKey(DSAPublicKey key)
{
DNSOutput @out = new DNSOutput();
Org.BouncyCastle.Crypto.Parameters.DsaPublicKeyParameters dp = key.PublicKey;
// BigInteger q = key.getParams().getQ();
Org.BouncyCastle.Math.BigInteger q = dp.Parameters.Q;
// BigInteger p = key.getParams().getP();
Org.BouncyCastle.Math.BigInteger p = dp.Parameters.P;
// BigInteger g = key.getParams().getG();
Org.BouncyCastle.Math.BigInteger g = dp.Parameters.G;
// BigInteger y = key.getY();
Org.BouncyCastle.Math.BigInteger y = dp.Y;
int t = (p.ToByteArray().Length - 64) / 8;
@out.writeU8(t);
Helpers.writeBigInteger(@out, q);
Helpers.writeBigInteger(@out, p);
Helpers.writePaddedBigInteger(@out, g, 8 * t + 64);
Helpers.writePaddedBigInteger(@out, y, 8 * t + 64);
return(@out.toByteArray());
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="hostName">host name</param>
/// <param name="portNumber">port number</param>
/// <param name="hostKey">host key</param>
public SSH2HostKeyInformationProvider(string hostName, int portNumber, PublicKey hostKey)
{
HostName = hostName;
PortNumber = portNumber;
_hostKey = hostKey;
_knownHostsString =
new Lazy <string>(
() => {
// Poderosa known_hosts format
return(new StringBuilder()
.Append(_hostKey.Algorithm.GetAlgorithmName())
.Append(' ')
.Append(Encoding.ASCII.GetString(Base64.Encode(_encodedHostKey.Value)))
.ToString());
},
false
);
_encodedHostKey =
new Lazy <byte[]>(
() => {
SSH2PayloadImageBuilder image = new SSH2PayloadImageBuilder(0x10000);
image.WriteString(_hostKey.Algorithm.GetAlgorithmName());
if (_hostKey is RSAPublicKey)
{
RSAPublicKey rsa = (RSAPublicKey)_hostKey;
image.WriteBigInteger(rsa.Exponent);
image.WriteBigInteger(rsa.Modulus);
}
else if (_hostKey is DSAPublicKey)
{
DSAPublicKey dsa = (DSAPublicKey)_hostKey;
image.WriteBigInteger(dsa.P);
image.WriteBigInteger(dsa.Q);
image.WriteBigInteger(dsa.G);
image.WriteBigInteger(dsa.Y);
}
else if (_hostKey is ECDSAPublicKey)
{
ECDSAPublicKey ec = (ECDSAPublicKey)_hostKey;
image.WriteString(ec.CurveName);
image.WriteAsString(ec.ToOctetString());
}
else if (_hostKey is EDDSAPublicKey)
{
EDDSAPublicKey ed = (EDDSAPublicKey)_hostKey;
image.WriteAsString(ed.Bytes);
}
else
{
throw new SSHException("Host key algorithm is unsupported");
}
return(image.GetBytes());
},
false
);
}
public void WritePrivatePartInSECSHStyleFile(Stream dest, string comment, string passphrase)
{
//step1 key body
SSH2DataWriter wr = new SSH2DataWriter();
wr.Write(0); //this field is filled later
if (_keypair.Algorithm == PublicKeyAlgorithm.RSA)
{
RSAKeyPair rsa = (RSAKeyPair)_keypair;
RSAPublicKey pub = (RSAPublicKey)_keypair.PublicKey;
wr.WriteBigIntWithBits(pub.Exponent);
wr.WriteBigIntWithBits(rsa.D);
wr.WriteBigIntWithBits(pub.Modulus);
wr.WriteBigIntWithBits(rsa.U);
wr.WriteBigIntWithBits(rsa.P);
wr.WriteBigIntWithBits(rsa.Q);
}
else
{
DSAKeyPair dsa = (DSAKeyPair)_keypair;
DSAPublicKey pub = (DSAPublicKey)_keypair.PublicKey;
wr.Write(0);
wr.WriteBigIntWithBits(pub.P);
wr.WriteBigIntWithBits(pub.G);
wr.WriteBigIntWithBits(pub.Q);
wr.WriteBigIntWithBits(pub.Y);
wr.WriteBigIntWithBits(dsa.X);
}
int padding_len = 0;
if (passphrase != null)
{
padding_len = 8 - (int)wr.Length % 8;
wr.Write(new byte[padding_len]);
}
byte[] encrypted_body = wr.ToByteArray();
SSHUtil.WriteIntToByteArray(encrypted_body, 0, encrypted_body.Length - padding_len - 4);
//encrypt if necessary
if (passphrase != null)
{
Cipher c = CipherFactory.CreateCipher(SSHProtocol.SSH2, CipherAlgorithm.TripleDES, PassphraseToKey(passphrase, 24));
Debug.Assert(encrypted_body.Length % 8 == 0);
byte[] tmp = new Byte[encrypted_body.Length];
c.Encrypt(encrypted_body, 0, encrypted_body.Length, tmp, 0);
encrypted_body = tmp;
}
//step2 make binary key data
wr = new SSH2DataWriter();
wr.Write(MAGIC_VAL);
wr.Write(0); //for total size
wr.Write(_keypair.Algorithm == PublicKeyAlgorithm.RSA?
"if-modn{sign{rsa-pkcs1-sha1},encrypt{rsa-pkcs1v2-oaep}}" :
"dl-modp{sign{dsa-nist-sha1},dh{plain}}");
wr.Write(passphrase == null? "none" : "3des-cbc");
wr.WriteAsString(encrypted_body);
byte[] rawdata = wr.ToByteArray();
SSHUtil.WriteIntToByteArray(rawdata, 4, rawdata.Length); //fix total length
//step3 write final data
StreamWriter sw = new StreamWriter(dest, Encoding.ASCII);
sw.WriteLine("---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----");
if (comment != null)
{
WriteKeyFileBlock(sw, "Comment: " + comment, true);
}
WriteKeyFileBlock(sw, Encoding.ASCII.GetString(Base64.Encode(rawdata)), false);
sw.WriteLine("---- END SSH2 ENCRYPTED PRIVATE KEY ----");
sw.Close();
}
public byte[] ToByteArray(string passphrase)
{
//step1 key body
SSH2DataWriter wr = new SSH2DataWriter();
wr.Write(0); //this field is filled later
if (_keypair.Algorithm == PublicKeyAlgorithm.RSA)
{
RSAKeyPair rsa = (RSAKeyPair)_keypair;
RSAPublicKey pub = (RSAPublicKey)_keypair.PublicKey;
wr.WriteBigIntWithBits(pub.Exponent);
wr.WriteBigIntWithBits(rsa.D);
wr.WriteBigIntWithBits(pub.Modulus);
wr.WriteBigIntWithBits(rsa.U);
wr.WriteBigIntWithBits(rsa.P);
wr.WriteBigIntWithBits(rsa.Q);
}
else
{
DSAKeyPair dsa = (DSAKeyPair)_keypair;
DSAPublicKey pub = (DSAPublicKey)_keypair.PublicKey;
wr.Write(0);
wr.WriteBigIntWithBits(pub.P);
wr.WriteBigIntWithBits(pub.G);
wr.WriteBigIntWithBits(pub.Q);
wr.WriteBigIntWithBits(pub.Y);
wr.WriteBigIntWithBits(dsa.X);
}
int padding_len = 0;
if (passphrase != null)
{
padding_len = 8 - (int)wr.Length % 8;
wr.Write(new byte[padding_len]);
}
byte[] encrypted_body = wr.ToByteArray();
SSHUtil.WriteIntToByteArray(encrypted_body, 0, encrypted_body.Length - padding_len - 4);
//encrypt if necessary
if (passphrase != null)
{
Cipher c = CipherFactory.CreateCipher(SSHProtocol.SSH2, CipherAlgorithm.TripleDES, PassphraseToKey(passphrase, 24));
Debug.Assert(encrypted_body.Length % 8 == 0);
byte[] tmp = new Byte[encrypted_body.Length];
c.Encrypt(encrypted_body, 0, encrypted_body.Length, tmp, 0);
encrypted_body = tmp;
}
//step2 make binary key data
wr = new SSH2DataWriter();
wr.Write(MAGIC_VAL);
wr.Write(0); //for total size
wr.Write(_keypair.Algorithm == PublicKeyAlgorithm.RSA ?
"if-modn{sign{rsa-pkcs1-sha1},encrypt{rsa-pkcs1v2-oaep}}" :
"dl-modp{sign{dsa-nist-sha1},dh{plain}}");
wr.Write(passphrase == null ? "none" : "3des-cbc");
wr.WriteAsString(encrypted_body);
byte[] rawdata = wr.ToByteArray();
SSHUtil.WriteIntToByteArray(rawdata, 4, rawdata.Length); //fix total length
return(rawdata);
}
