private byte[] GenerateSessionKey() { //session key(256bits) byte[] session_key = new byte[32]; RngManager.GetSecureRng().GetBytes(session_key); return(session_key); }
// Derived class can override this method to modify the buffer. public virtual DataFragment Close(Cipher cipher, MAC mac, int sequence) { if (!_isOpen) { throw new SSHException("internal state error"); } int blocksize = cipher == null ? 8 : cipher.BlockSize; int payloadLength = _writer.Length - (SEQUENCE_MARGIN + LENGTH_MARGIN + PADDING_MARGIN); int paddingLength = 11 - payloadLength % blocksize; while (paddingLength < 4) { paddingLength += blocksize; } int packetLength = PADDING_MARGIN + payloadLength + paddingLength; int imageLength = packetLength + LENGTH_MARGIN; //fill padding byte[] tmp = new byte[4]; Rng rng = RngManager.GetSecureRng(); for (int i = 0; i < paddingLength; i += 4) { rng.GetBytes(tmp); _writer.Write(tmp); } //manipulate stream byte[] rawbuf = _writer.UnderlyingBuffer; SSHUtil.WriteIntToByteArray(rawbuf, 0, sequence); SSHUtil.WriteIntToByteArray(rawbuf, SEQUENCE_MARGIN, packetLength); rawbuf[SEQUENCE_MARGIN + LENGTH_MARGIN] = (byte)paddingLength; //mac if (mac != null) { byte[] macCode = mac.ComputeHash(rawbuf, 0, packetLength + LENGTH_MARGIN + SEQUENCE_MARGIN); Array.Copy(macCode, 0, rawbuf, packetLength + LENGTH_MARGIN + SEQUENCE_MARGIN, macCode.Length); imageLength += macCode.Length; } //encrypt if (cipher != null) { cipher.Encrypt(rawbuf, SEQUENCE_MARGIN, packetLength + LENGTH_MARGIN, rawbuf, SEQUENCE_MARGIN); } _dataFragment.Init(rawbuf, SEQUENCE_MARGIN, imageLength); _isOpen = false; return(_dataFragment); }
//Tutorial: Generating a new DSA key for user authentication private static void GenerateDSAKey() { //DSA KEY GENERATION TEST byte[] testdata = Encoding.ASCII.GetBytes("CHRISTIAN VIERI"); DSAKeyPair kp = DSAKeyPair.GenerateNew(2048, RngManager.GetSecureRng()); //sign and verify test byte[] sig = kp.Sign(testdata); kp.Verify(sig, testdata); //export / import test SSH2UserAuthKey key = new SSH2UserAuthKey(kp); key.WritePublicPartInOpenSSHStyle(new FileStream("newdsakey.pub", FileMode.Create)); key.WritePrivatePartInSECSHStyleFile(new FileStream("newrsakey.bin", FileMode.Create), "comment", "passphrase"); //read test SSH2UserAuthKey newpk = SSH2UserAuthKey.FromSECSHStyleFile("newrsakey.bin", "passphrase"); }
private void SendSessionKey(byte[] session_key) { try { //step1 XOR with session_id byte[] working_data = new byte[session_key.Length]; byte[] session_id = CalcSessionID(); Array.Copy(session_key, 0, working_data, 0, session_key.Length); for (int i = 0; i < session_id.Length; i++) { working_data[i] ^= session_id[i]; } //step2 decrypts with RSA RSAPublicKey first_encryption; RSAPublicKey second_encryption; SSHServerInfo si = _cInfo._serverinfo; int first_key_bytelen, second_key_bytelen; if (si.server_key_bits < si.host_key_bits) { first_encryption = new RSAPublicKey(si.server_key_public_exponent, si.server_key_public_modulus); second_encryption = new RSAPublicKey(si.host_key_public_exponent, si.host_key_public_modulus); first_key_bytelen = (si.server_key_bits + 7) / 8; second_key_bytelen = (si.host_key_bits + 7) / 8; } else { first_encryption = new RSAPublicKey(si.host_key_public_exponent, si.host_key_public_modulus); second_encryption = new RSAPublicKey(si.server_key_public_exponent, si.server_key_public_modulus); first_key_bytelen = (si.host_key_bits + 7) / 8; second_key_bytelen = (si.server_key_bits + 7) / 8; } Rng rng = RngManager.GetSecureRng(); BigInteger first_result = RSAUtil.PKCS1PadType2(new BigInteger(working_data), first_key_bytelen, rng).modPow(first_encryption.Exponent, first_encryption.Modulus); BigInteger second_result = RSAUtil.PKCS1PadType2(first_result, second_key_bytelen, rng).modPow(second_encryption.Exponent, second_encryption.Modulus); //output SSH1DataWriter writer = new SSH1DataWriter(); writer.WriteByte((byte)_cInfo._algorithmForTransmittion); writer.Write(si.anti_spoofing_cookie); writer.WriteBigInteger(second_result); writer.WriteInt32(0); //protocol flags //send TraceTransmissionEvent(PacketType.SSH_CMSG_SESSION_KEY, "sent encrypted session-keys"); SSH1Packet packet = SSH1Packet.FromPlainPayload(PacketType.SSH_CMSG_SESSION_KEY, writer.ToByteArray()); packet.WriteTo(_stream); _sessionID = session_id; } catch (Exception e) { if (e is IOException) { throw (IOException)e; } else { string t = e.StackTrace; throw new SSHException(e.Message); //IOException以外はみなSSHExceptionにしてしまう } } }