private static void DecryptPrivateKey(ref FileData fileData)
{
switch (fileData.privateKeyAlgorithm)
{
case PrivateKeyAlgorithm.None:
return;
case PrivateKeyAlgorithm.AES256_CBC:
/* create key from passphrase */
SHA1 sha = SHA1.Create();
sha.Initialize();
List <byte> key = new List <byte>();
using (PinnedArray <byte> hashData =
new PinnedArray <byte>(cPrivateKeyDecryptSalt1.Length +
fileData.passphrase.Length)) {
Array.Copy(Encoding.UTF8.GetBytes(cPrivateKeyDecryptSalt1),
hashData.Data, cPrivateKeyDecryptSalt1.Length);
IntPtr passphrasePtr =
Marshal.SecureStringToGlobalAllocUnicode(fileData.passphrase);
for (int i = 0; i < fileData.passphrase.Length; i++)
{
int unicodeChar = Marshal.ReadInt16(passphrasePtr + i * 2);
byte ansiChar = Util.UnicodeToAnsi(unicodeChar);
hashData.Data[cPrivateKeyDecryptSalt1.Length + i] = ansiChar;
Marshal.WriteByte(passphrasePtr, i, 0);
}
Marshal.ZeroFreeGlobalAllocUnicode(passphrasePtr);
sha.ComputeHash(hashData.Data);
key.AddRange(sha.Hash);
Array.Copy(Encoding.UTF8.GetBytes(cPrivateKeyDecryptSalt2),
hashData.Data, cPrivateKeyDecryptSalt2.Length);
sha.ComputeHash(hashData.Data);
key.AddRange(sha.Hash);
}
sha.Clear();
/* decrypt private key */
Aes aes = Aes.Create();
aes.KeySize = 256;
aes.Mode = CipherMode.CBC;
aes.Padding = PaddingMode.None;
int keySize = aes.KeySize / 8; // convert bits to bytes
key.RemoveRange(keySize, key.Count - keySize); // remove extra bytes
aes.Key = key.ToArray();
Util.ClearByteList(key);
aes.IV = new byte[aes.IV.Length];
ICryptoTransform decryptor = aes.CreateDecryptor();
fileData.privateKeyBlob.Data =
Util.GenericTransform(decryptor, fileData.privateKeyBlob.Data);
decryptor.Dispose();
aes.Clear();
break;
default:
throw new PpkFormatterException(PpkFormatterException.PpkErrorType.PrivateKeyEncryption);
}
}
public override void Serialize(Stream aStream, object aObject)
{
/* check for required parameters */
if (aStream == null)
{
throw new ArgumentNullException("aStream");
}
if (aObject == null)
{
throw new ArgumentNullException("aObject");
}
PasswordFinder pwFinder = null;
if (GetPassphraseCallbackMethod != null)
{
pwFinder = new PasswordFinder(GetPassphraseCallbackMethod);
}
StreamWriter streamWriter = new StreamWriter(aStream);
PemWriter writer = new PemWriter(streamWriter);
PinnedArray <char> passphrase = null;
if (pwFinder != null)
{
passphrase = new PinnedArray <char>(0);
passphrase.Data = pwFinder.GetPassword();
}
if (passphrase == null)
{
writer.WriteObject(aObject);
}
else
{
writer.WriteObject(aObject, null, passphrase.Data, null);
passphrase.Dispose();
}
}
public override void Serialize(Stream stream, object obj)
{
/* check for required parameters */
if (stream == null)
{
throw new ArgumentNullException("stream");
}
if (obj == null)
{
throw new ArgumentNullException("obj");
}
PinnedArray <char> passphrase = null;
string ciphername;
if (passphrase == null || passphrase.Data.Length == 0)
{
ciphername = KDFNAME_NONE;
}
else
{
ciphername = KDFNAME_BCRYPT;
}
var builder = new BlobBuilder();
ISshKey sshKey = obj as ISshKey;
if (sshKey == null)
{
throw new ArgumentException("Expected ISshKey", "obj");
}
var publicKeyParams = sshKey.GetPublicKeyParameters() as Ed25519PublicKeyParameter;
var privateKeyParams = sshKey.GetPrivateKeyParameters() as Ed25519PrivateKeyParameter;
/* writing info headers */
builder.AddBytes(Encoding.ASCII.GetBytes(AUTH_MAGIC));
builder.AddStringBlob(ciphername);
builder.AddStringBlob(ciphername); //kdfname
builder.AddBlob(new byte[0]); // kdfoptions
/* writing public key */
builder.AddInt(1); // number of keys N
var publicKeyBuilder = new BlobBuilder();
publicKeyBuilder.AddStringBlob(PublicKeyAlgorithm.ED25519.GetIdentifierString());
publicKeyBuilder.AddBlob(publicKeyParams.Key);
builder.AddBlob(publicKeyBuilder.GetBlob());
/* writing private key */
BlobBuilder privateKeyBuilder = new BlobBuilder();
var checkint = new SecureRandom().NextInt();
privateKeyBuilder.AddInt(checkint);
privateKeyBuilder.AddInt(checkint);
privateKeyBuilder.AddStringBlob(PublicKeyAlgorithm.ED25519.GetIdentifierString());
privateKeyBuilder.AddBlob(publicKeyParams.Key);
privateKeyBuilder.AddBlob(privateKeyParams.Signature);
privateKeyBuilder.AddStringBlob(sshKey.Comment);
if (ciphername == KDFNAME_NONE)
{
/* plain-text */
builder.AddBlob(privateKeyBuilder.GetBlobAsPinnedByteArray().Data);
}
else
{
byte[] keydata;
using (MD5 md5 = MD5.Create()) {
keydata = md5.ComputeHash(Encoding.ASCII.GetBytes(passphrase.Data));
}
passphrase.Dispose();
}
/* writing result to file */
var builderOutput = builder.GetBlobAsPinnedByteArray();
using (var writer = new StreamWriter(stream)) {
writer.NewLine = "\n";
writer.WriteLine(MARK_BEGIN);
var base64Data = Util.ToBase64(builderOutput.Data);
var base64String = Encoding.UTF8.GetString(base64Data);
var offset = 0;
while (offset < base64String.Length)
{
const int maxLineLength = 70;
if (offset + maxLineLength > base64String.Length)
{
writer.WriteLine(base64String.Substring(offset));
}
else
{
writer.WriteLine(base64String.Substring(offset, maxLineLength));
}
offset += maxLineLength;
}
writer.WriteLine(MARK_END);
}
}
/// <summary>
/// Answers the message.
/// </summary>
/// <param name='messageStream'>Message stream.</param>
/// <param name="process">The calling process or <c>null</c> if the process
/// could not be obtained.</param>
/// <remarks>code based on winpgnt.c from PuTTY source code</remarks>
public void AnswerMessage(Stream messageStream, Process process = null)
{
if (messageStream.CanTimeout)
{
messageStream.ReadTimeout = 5000;
}
var messageParser = new BlobParser(messageStream);
var responseBuilder = new BlobBuilder();
BlobHeader header;
try {
header = messageParser.ReadHeader();
if (MessageReceived != null)
{
var eventArgs = new MessageReceivedEventArgs(header);
MessageReceived(this, eventArgs);
if (eventArgs.Fail)
{
throw new Exception();
}
}
} catch (Exception) {
header = new BlobHeader();
header.Message = Message.UNKNOWN;
// this will cause the switch statement below to use the default case
// which returns an error to the stream.
}
switch (header.Message)
{
case Message.SSH1_AGENTC_REQUEST_RSA_IDENTITIES:
/*
* Reply with SSH1_AGENT_RSA_IDENTITIES_ANSWER.
*/
try {
if (header.BlobLength > 1)
{
// ruby net-ssh tries to send a SSH2_AGENT_REQUEST_VERSION message
// which has the same id number as SSH1_AGENTC_REQUEST_RSA_IDENTITIES
// with a string tacked on. We need to read the string from the
// stream, but it is not used for anything.
messageParser.ReadString();
}
var keyList = ListKeys(SshVersion.SSH1);
if (FilterKeyListCallback != null)
{
keyList = FilterKeyListCallback(keyList);
}
foreach (SshKey key in keyList)
{
responseBuilder.AddBytes(key.GetPublicKeyBlob());
responseBuilder.AddStringBlob(key.Comment);
}
responseBuilder.InsertHeader(Message.SSH1_AGENT_RSA_IDENTITIES_ANSWER,
keyList.Count);
// TODO may want to check that there is enough room in the message stream
break; // succeeded
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default; // failed
case Message.SSH2_AGENTC_REQUEST_IDENTITIES:
/*
* Reply with SSH2_AGENT_IDENTITIES_ANSWER.
*/
try {
var keyList = ListKeys(SshVersion.SSH2);
if (FilterKeyListCallback != null)
{
keyList = FilterKeyListCallback(keyList);
}
foreach (SshKey key in keyList)
{
responseBuilder.AddBlob(key.GetPublicKeyBlob());
responseBuilder.AddStringBlob(key.Comment);
}
responseBuilder.InsertHeader(Message.SSH2_AGENT_IDENTITIES_ANSWER,
keyList.Count);
// TODO may want to check that there is enough room in the message stream
break; // succeeded
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default; // failed
case Message.SSH1_AGENTC_RSA_CHALLENGE:
/*
* Reply with either SSH1_AGENT_RSA_RESPONSE or
* SSH_AGENT_FAILURE, depending on whether we have that key
* or not.
*/
try {
//Reading publicKey information
var publicKeyParams = messageParser.ReadSsh1PublicKeyData(true);
//Searching for Key here
var matchingKey = mKeyList.Where(key => key.Version == SshVersion.SSH1 &&
(key.GetPublicKeyParameters().Equals(publicKeyParams))).Single();
//Reading challenge
var encryptedChallenge = messageParser.ReadSsh1BigIntBlob();
var sessionId = messageParser.ReadBytes(16);
//Checking responseType field
if (messageParser.ReadUInt32() != 1)
{
goto default; //responseType !=1 is not longer supported
}
//Answering to the challenge
var engine = new Pkcs1Encoding(new RsaEngine());
engine.Init(false /* decrypt */, matchingKey.GetPrivateKeyParameters());
var decryptedChallenge = engine.ProcessBlock(encryptedChallenge,
0, encryptedChallenge.Length);
using (MD5 md5 = MD5.Create()) {
var md5Buffer = new byte[48];
decryptedChallenge.CopyTo(md5Buffer, 0);
sessionId.CopyTo(md5Buffer, 32);
responseBuilder.AddBytes(md5.ComputeHash(md5Buffer));
responseBuilder.InsertHeader(Message.SSH1_AGENT_RSA_RESPONSE);
break;
}
} catch (InvalidOperationException) {
// this is expected if there is not a matching key
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default; // failed
case Message.SSH2_AGENTC_SIGN_REQUEST:
/*
* Reply with either SSH2_AGENT_SIGN_RESPONSE or SSH_AGENT_FAILURE,
* depending on whether we have that key or not.
*/
try {
var keyBlob = messageParser.ReadBlob();
var reqData = messageParser.ReadBlob();
var flags = new SignRequestFlags();
try {
// usually, there are no flags, so parser will throw
flags = (SignRequestFlags)messageParser.ReadUInt32();
} catch { }
var matchingKey =
mKeyList.Where(key => key.Version == SshVersion.SSH2 &&
key.GetPublicKeyBlob().SequenceEqual(keyBlob)).First();
var confirmConstraints = matchingKey.Constraints
.Where(constraint => constraint.Type ==
KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM);
if (confirmConstraints.Count() > 0)
{
if (!ConfirmUserPermissionCallback.Invoke(matchingKey, process))
{
goto default;
}
}
/* create signature */
var signKey = matchingKey;
var signer = signKey.GetSigner();
var algName = signKey.Algorithm.GetIdentifierString();
signer.Init(true, signKey.GetPrivateKeyParameters());
signer.BlockUpdate(reqData, 0, reqData.Length);
byte[] signature = signer.GenerateSignature();
signature = signKey.FormatSignature(signature);
BlobBuilder signatureBuilder = new BlobBuilder();
if (!flags.HasFlag(SignRequestFlags.SSH_AGENT_OLD_SIGNATURE))
{
signatureBuilder.AddStringBlob(algName);
}
signatureBuilder.AddBlob(signature);
responseBuilder.AddBlob(signatureBuilder.GetBlob());
responseBuilder.InsertHeader(Message.SSH2_AGENT_SIGN_RESPONSE);
try {
KeyUsed(this, new KeyUsedEventArgs(signKey, process));
} catch { }
break; // succeeded
} catch (InvalidOperationException) {
// this is expected if there is not a matching key
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default; // failure
case Message.SSH1_AGENTC_ADD_RSA_IDENTITY:
case Message.SSH1_AGENTC_ADD_RSA_ID_CONSTRAINED:
/*
* Add to the list and return SSH_AGENT_SUCCESS, or
* SSH_AGENT_FAILURE if the key was malformed.
*/
if (IsLocked)
{
goto default;
}
bool ssh1constrained = (header.Message == Message.SSH1_AGENTC_ADD_RSA_ID_CONSTRAINED);
try {
var publicKeyParams = messageParser.ReadSsh1PublicKeyData(false);
var keyPair = messageParser.ReadSsh1KeyData(publicKeyParams);
SshKey key = new SshKey(SshVersion.SSH1, keyPair);
key.Comment = messageParser.ReadString();
key.Source = "External client";
if (ssh1constrained)
{
while (messageStream.Position < header.BlobLength + 4)
{
KeyConstraint constraint = new KeyConstraint();
constraint.Type = (KeyConstraintType)messageParser.ReadUInt8();
if (constraint.Type ==
KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME)
{
constraint.Data = messageParser.ReadUInt32();
}
key.AddConstraint(constraint);
}
}
AddKey(key);
responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS);
break;
} catch (CallbackNullException) {
// this is expected
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default; // failed
case Message.SSH2_AGENTC_ADD_IDENTITY:
case Message.SSH2_AGENTC_ADD_ID_CONSTRAINED:
/*
* Add to the list and return SSH_AGENT_SUCCESS, or
* SSH_AGENT_FAILURE if the key was malformed.
*/
if (IsLocked)
{
goto default;
}
bool constrained = (header.Message ==
Message.SSH2_AGENTC_ADD_ID_CONSTRAINED);
try {
OpensshCertificate cert;
var publicKeyParams = messageParser.ReadSsh2PublicKeyData(out cert);
var keyPair = messageParser.ReadSsh2KeyData(publicKeyParams);
SshKey key = new SshKey(SshVersion.SSH2, keyPair, null, cert);
key.Comment = messageParser.ReadString();
key.Source = "External client";
if (constrained)
{
while (messageStream.Position < header.BlobLength + 4)
{
KeyConstraint constraint = new KeyConstraint();
constraint.Type =
(KeyConstraintType)messageParser.ReadUInt8();
if (constraint.Type ==
KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME)
{
constraint.Data = messageParser.ReadUInt32();
}
key.AddConstraint(constraint);
}
}
AddKey(key);
responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS);
break; // success!
} catch (CallbackNullException) {
// this is expected
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default; // failed
case Message.SSH1_AGENTC_REMOVE_RSA_IDENTITY:
case Message.SSH2_AGENTC_REMOVE_IDENTITY:
/*
* Remove from the list and return SSH_AGENT_SUCCESS, or
* perhaps SSH_AGENT_FAILURE if it wasn't in the list to
* start with.
*/
if (IsLocked)
{
goto default;
}
SshVersion removeVersion;
byte[] rKeyBlob;
if (header.Message == Message.SSH1_AGENTC_REMOVE_RSA_IDENTITY)
{
removeVersion = SshVersion.SSH1;
rKeyBlob = messageParser.ReadBytes(header.BlobLength - 1);
}
else if (header.Message == Message.SSH2_AGENTC_REMOVE_IDENTITY)
{
removeVersion = SshVersion.SSH2;
rKeyBlob = messageParser.ReadBlob();
}
else
{
Debug.Fail("Should not get here.");
goto default;
}
try {
var matchingKey = mKeyList.Get(removeVersion, rKeyBlob);
var startKeyListLength = mKeyList.Count;
RemoveKey(matchingKey);
// only succeed if key was removed
if (mKeyList.Count == startKeyListLength - 1)
{
responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS);
break; //success!
}
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default; // failed
case Message.SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES:
case Message.SSH2_AGENTC_REMOVE_ALL_IDENTITIES:
/*
* Remove all SSH-1 or SSH-2 keys.
*/
if (IsLocked)
{
goto default;
}
SshVersion removeAllVersion;
if (header.Message == Message.SSH1_AGENTC_REMOVE_ALL_RSA_IDENTITIES)
{
removeAllVersion = SshVersion.SSH1;
}
else if (header.Message == Message.SSH2_AGENTC_REMOVE_ALL_IDENTITIES)
{
removeAllVersion = SshVersion.SSH2;
}
else
{
Debug.Fail("Should not get here.");
goto default;
}
try {
RemoveAllKeys(removeAllVersion);
responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS);
break; //success!
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default; // failed
case Message.SSH_AGENTC_LOCK:
try {
var passphrase = new PinnedArray <byte>(messageParser.ReadBlob());
try {
Lock(passphrase.Data);
} finally {
passphrase.Clear();
}
if (IsLocked)
{
responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS);
break;
}
} catch (AgentLockedException) {
// This is expected
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default;
case Message.SSH_AGENTC_UNLOCK:
try {
var passphrase = new PinnedArray <byte>(messageParser.ReadBlob());
try {
Unlock(passphrase.Data);
} finally {
passphrase.Clear();
}
if (!IsLocked)
{
responseBuilder.InsertHeader(Message.SSH_AGENT_SUCCESS);
break;
}
} catch (AgentLockedException) {
// This is expected
} catch (PassphraseException) {
// This is expected
} catch (Exception ex) {
Debug.Fail(ex.ToString());
}
goto default;
default:
responseBuilder.Clear();
responseBuilder.InsertHeader(Message.SSH_AGENT_FAILURE);
break;
}
/* write response to stream */
if (messageStream.CanSeek)
{
messageStream.Position = 0;
}
messageStream.Write(responseBuilder.GetBlob(), 0, responseBuilder.Length);
messageStream.Flush();
}
public override void Serialize(Stream aStream, object aObject)
{
/* check for required parameters */
if (aStream == null)
{
throw new ArgumentNullException("aStream");
}
if (aObject == null)
{
throw new ArgumentNullException("aObject");
}
PasswordFinder pwFinder = null;
if (GetPassphraseCallbackMethod != null)
{
pwFinder = new PasswordFinder(GetPassphraseCallbackMethod);
}
PinnedArray <char> passphrase = null;
if (pwFinder != null)
{
passphrase = new PinnedArray <char>(0);
passphrase.Data = pwFinder.GetPassword();
}
byte cipherType;
if (passphrase == null || passphrase.Data.Length == 0)
{
cipherType = SSH_CIPHER_NONE;
}
else
{
cipherType = SSH_CIPHER_3DES;
}
BlobBuilder builder = new BlobBuilder();
ISshKey sshKey = aObject as ISshKey;
RsaKeyParameters publicKeyParams = sshKey.GetPublicKeyParameters()
as RsaKeyParameters;
RsaPrivateCrtKeyParameters privateKeyParams = sshKey.GetPrivateKeyParameters()
as RsaPrivateCrtKeyParameters;
/* writing info headers */
builder.AddBytes(Encoding.ASCII.GetBytes(FILE_HEADER_LINE + "\n"));
builder.AddUInt8(0); //end of string
builder.AddUInt8(cipherType); //cipher
builder.AddInt(0); //reserved
/* writing public key */
builder.AddInt(sshKey.Size);
builder.AddSsh1BigIntBlob(publicKeyParams.Modulus);
builder.AddSsh1BigIntBlob(publicKeyParams.Exponent);
builder.AddStringBlob(sshKey.Comment);
/* writing private key */
BlobBuilder privateKeyBuilder = new BlobBuilder();
/* adding some control values */
Random random = new Random();
byte[] resultCheck = new byte[2];
random.NextBytes(resultCheck);
privateKeyBuilder.AddUInt8(resultCheck[0]);
privateKeyBuilder.AddUInt8(resultCheck[1]);
privateKeyBuilder.AddUInt8(resultCheck[0]);
privateKeyBuilder.AddUInt8(resultCheck[1]);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.Exponent);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.DQ);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.P);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.Q);
if (cipherType == SSH_CIPHER_NONE)
{
/* plain-text */
builder.AddBytes(privateKeyBuilder.GetBlobAsPinnedByteArray().Data);
}
else
{
byte[] keydata;
using (MD5 md5 = MD5.Create()) {
keydata = md5.ComputeHash(Encoding.ASCII.GetBytes(passphrase.Data));
}
/* encryption */
DesSsh1Engine desEngine = new DesSsh1Engine();
desEngine.Init(true, new KeyParameter(keydata));
BufferedBlockCipher bufferedBlockCipher = new BufferedBlockCipher(desEngine);
byte[] ouputBuffer = bufferedBlockCipher.ProcessBytes(
privateKeyBuilder.GetBlobAsPinnedByteArray().Data);
builder.AddBytes(ouputBuffer);
passphrase.Dispose();
}
/* writing result to file */
var builderOutput = builder.GetBlobAsPinnedByteArray();
aStream.Write(builderOutput.Data, 0, builderOutput.Data.Length);
aStream.Close();
}
private static void VerifyIntegrity(FileData fileData)
{
BlobBuilder builder = new BlobBuilder();
if (fileData.ppkFileVersion != Version.V1)
{
builder.AddStringBlob(fileData.publicKeyAlgorithm.GetIdentifierString());
builder.AddStringBlob(fileData.privateKeyAlgorithm.GetIdentifierString());
builder.AddBlob(Encoding.GetEncoding(1252).GetBytes(fileData.comment));
builder.AddBlob(fileData.publicKeyBlob);
builder.AddInt(fileData.privateKeyBlob.Data.Length);
}
builder.AddBytes(fileData.privateKeyBlob.Data);
byte[] computedHash;
SHA1 sha = SHA1.Create();
if (fileData.isHMAC)
{
HMAC hmac = HMACSHA1.Create();
if (fileData.passphrase != null)
{
using (PinnedArray <byte> hashData =
new PinnedArray <byte>(cMACKeySalt.Length +
fileData.passphrase.Length)) {
Array.Copy(Encoding.UTF8.GetBytes(cMACKeySalt),
hashData.Data, cMACKeySalt.Length);
IntPtr passphrasePtr =
Marshal.SecureStringToGlobalAllocUnicode(fileData.passphrase);
for (int i = 0; i < fileData.passphrase.Length; i++)
{
int unicodeChar = Marshal.ReadInt16(passphrasePtr + i * 2);
byte ansiChar = Util.UnicodeToAnsi(unicodeChar);
hashData.Data[cMACKeySalt.Length + i] = ansiChar;
Marshal.WriteByte(passphrasePtr, i * 2, 0);
}
Marshal.ZeroFreeGlobalAllocUnicode(passphrasePtr);
hmac.Key = sha.ComputeHash(hashData.Data);
}
}
else
{
hmac.Key = sha.ComputeHash(Encoding.UTF8.GetBytes(cMACKeySalt));
}
computedHash = hmac.ComputeHash(builder.GetBlob());
hmac.Clear();
}
else
{
computedHash = sha.ComputeHash(builder.GetBlob());
}
sha.Clear();
builder.Clear();
try {
int macLength = computedHash.Length;
bool failed = false;
if (fileData.privateMAC.Length == macLength)
{
for (int i = 0; i < macLength; i++)
{
if (fileData.privateMAC[i] != computedHash[i])
{
failed = true;
break;
}
}
}
else
{
failed = true;
}
if (failed)
{
// private key data should start with 3 bytes with value 0 if it was
// properly decrypted or does not require decryption
if ((fileData.privateKeyBlob.Data[0] == 0) &&
(fileData.privateKeyBlob.Data[1] == 0) &&
(fileData.privateKeyBlob.Data[2] == 0))
{
// so if they bytes are there, passphrase decrypted properly and
// something else is wrong with the file contents
throw new PpkFormatterException(PpkFormatterException.PpkErrorType.FileCorrupt);
}
else
{
// if the bytes are not zeros, we assume that the data was not
// properly decrypted because the passphrase was incorrect.
throw new PpkFormatterException(PpkFormatterException.PpkErrorType.BadPassphrase);
}
}
} catch {
throw;
} finally {
Array.Clear(computedHash, 0, computedHash.Length);
}
}
