|
public AddSsh1BigIntBlob ( |
||
| aBigInt | ||
| return | void | |
public byte[] SignRequest(ISshKey aKey, byte[] aSignData)
{
BlobBuilder builder = new BlobBuilder();
switch (aKey.Version)
{
case SshVersion.SSH1:
builder.AddBytes(aKey.GetPublicKeyBlob());
var engine = new Pkcs1Encoding(new RsaEngine());
engine.Init(true /* encrypt */, aKey.GetPublicKeyParameters());
var encryptedData = engine.ProcessBlock(aSignData, 0, aSignData.Length);
var challenge = new BigInteger(encryptedData);
builder.AddSsh1BigIntBlob(challenge);
builder.AddBytes(SessionId);
builder.AddInt(1); // response type - must be 1
builder.InsertHeader(Agent.Message.SSH1_AGENTC_RSA_CHALLENGE);
break;
case SshVersion.SSH2:
builder.AddBlob(aKey.GetPublicKeyBlob());
builder.AddBlob(aSignData);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST);
break;
default:
throw new Exception(cUnsupportedSshVersion);
}
BlobParser replyParser = SendMessage(builder);
var header = replyParser.ReadHeader();
switch (aKey.Version)
{
case SshVersion.SSH1:
if (header.Message != Agent.Message.SSH1_AGENT_RSA_RESPONSE)
{
throw new AgentFailureException();
}
byte[] response = new byte[16];
for (int i = 0; i < 16; i++)
{
response[i] = replyParser.ReadUInt8();
}
return(response);
case SshVersion.SSH2:
if (header.Message != Agent.Message.SSH2_AGENT_SIGN_RESPONSE)
{
throw new AgentFailureException();
}
return(replyParser.ReadBlob());
default:
throw new Exception(cUnsupportedSshVersion);
}
}
public override void Serialize(Stream aStream, object aObject)
{
/* check for required parameters */
if (aStream == null) {
throw new ArgumentNullException("aStream");
}
if (aObject == null) {
throw new ArgumentNullException("aObject");
}
PasswordFinder pwFinder = null;
if (GetPassphraseCallbackMethod != null) {
pwFinder = new PasswordFinder(GetPassphraseCallbackMethod);
}
PinnedArray<char> passphrase = null;
if (pwFinder != null) {
passphrase = new PinnedArray<char>(0);
passphrase.Data = pwFinder.GetPassword();
}
byte cipherType;
if (passphrase == null || passphrase.Data.Length == 0) {
cipherType = SSH_CIPHER_NONE;
} else {
cipherType = SSH_CIPHER_3DES;
}
BlobBuilder builder = new BlobBuilder();
ISshKey sshKey = aObject as ISshKey;
RsaKeyParameters publicKeyParams = sshKey.GetPublicKeyParameters()
as RsaKeyParameters;
RsaPrivateCrtKeyParameters privateKeyParams = sshKey.GetPrivateKeyParameters()
as RsaPrivateCrtKeyParameters;
/* writing info headers */
builder.AddBytes(Encoding.ASCII.GetBytes(FILE_HEADER_LINE + "\n"));
builder.AddByte(0); //end of string
builder.AddByte(cipherType); //cipher
builder.AddInt(0); //reserved
/* writing public key */
builder.AddInt(sshKey.Size);
builder.AddSsh1BigIntBlob(publicKeyParams.Modulus);
builder.AddSsh1BigIntBlob(publicKeyParams.Exponent);
builder.AddStringBlob(sshKey.Comment);
/* writing private key */
BlobBuilder privateKeyBuilder = new BlobBuilder();
/* adding some control values */
Random random = new Random();
byte[] resultCheck = new byte[2];
random.NextBytes(resultCheck);
privateKeyBuilder.AddByte(resultCheck[0]);
privateKeyBuilder.AddByte(resultCheck[1]);
privateKeyBuilder.AddByte(resultCheck[0]);
privateKeyBuilder.AddByte(resultCheck[1]);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.Exponent);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.DQ);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.P);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.Q);
if (cipherType == SSH_CIPHER_NONE) {
/* plain-text */
builder.AddBytes(privateKeyBuilder.GetBlobAsPinnedByteArray().Data);
} else {
byte[] keydata;
using (MD5 md5 = MD5.Create()) {
keydata = md5.ComputeHash(Encoding.ASCII.GetBytes(passphrase.Data));
}
/* encryption */
DesSsh1Engine desEngine = new DesSsh1Engine();
desEngine.Init(true, new KeyParameter(keydata));
BufferedBlockCipher bufferedBlockCipher = new BufferedBlockCipher(desEngine);
byte[] ouputBuffer = bufferedBlockCipher.ProcessBytes(
privateKeyBuilder.GetBlobAsPinnedByteArray().Data);
builder.AddBytes(ouputBuffer);
passphrase.Dispose();
}
/* writing result to file */
var builderOutput = builder.GetBlobAsPinnedByteArray();
aStream.Write(builderOutput.Data, 0, builderOutput.Data.Length);
aStream.Close();
}
/// <summary>
/// Gets OpenSsh formatted bytes from public key
/// </summary>
/// <param name="key">The key.</param>
/// <param name="cert">When set to <c>true</c> and the key has a certificate, the certificate blob will be used.</param>
/// <returns>byte array containing key information</returns>
public static byte[] GetPublicKeyBlob(this ISshKey key, bool cert = true)
{
if (cert && key.Certificate != null)
{
return(key.Certificate.Blob);
}
AsymmetricKeyParameter parameters = key.GetPublicKeyParameters();
BlobBuilder builder = new BlobBuilder();
if (parameters is RsaKeyParameters)
{
RsaKeyParameters rsaPublicKeyParameters = (RsaKeyParameters)parameters;
if (key.Version == SshVersion.SSH1)
{
builder.AddInt(key.Size);
builder.AddSsh1BigIntBlob(rsaPublicKeyParameters.Exponent);
builder.AddSsh1BigIntBlob(rsaPublicKeyParameters.Modulus);
}
else
{
builder.AddStringBlob(PublicKeyAlgorithm.SSH_RSA.GetIdentifierString());
builder.AddBigIntBlob(rsaPublicKeyParameters.Exponent);
builder.AddBigIntBlob(rsaPublicKeyParameters.Modulus);
}
}
else if (parameters is DsaPublicKeyParameters)
{
DsaPublicKeyParameters dsaParameters =
(DsaPublicKeyParameters)parameters;
builder.AddStringBlob(PublicKeyAlgorithm.SSH_DSS.GetIdentifierString());
builder.AddBigIntBlob(dsaParameters.Parameters.P);
builder.AddBigIntBlob(dsaParameters.Parameters.Q);
builder.AddBigIntBlob(dsaParameters.Parameters.G);
builder.AddBigIntBlob(dsaParameters.Y);
}
else if (parameters is ECPublicKeyParameters)
{
ECPublicKeyParameters ecdsaParameters =
(ECPublicKeyParameters)parameters;
string algorithm;
switch (ecdsaParameters.Parameters.Curve.FieldSize)
{
case 256:
algorithm = PublicKeyAlgorithm.ECDSA_SHA2_NISTP256.GetIdentifierString();
break;
case 384:
algorithm = PublicKeyAlgorithm.ECDSA_SHA2_NISTP384.GetIdentifierString();
break;
case 521:
algorithm = PublicKeyAlgorithm.ECDSA_SHA2_NISTP521.GetIdentifierString();
break;
default:
throw new ArgumentException("Unsupported EC size: " +
ecdsaParameters.Parameters.Curve.FieldSize);
}
builder.AddStringBlob(algorithm);
algorithm =
algorithm.Replace(PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_PREFIX,
string.Empty);
builder.AddStringBlob(algorithm);
builder.AddBlob(ecdsaParameters.Q.GetEncoded());
}
else if (parameters is Ed25519PublicKeyParameter)
{
builder.AddStringBlob(PublicKeyAlgorithm.ED25519.GetIdentifierString());
builder.AddBlob(((Ed25519PublicKeyParameter)parameters).Key);
}
else
{
throw new ArgumentException(parameters.GetType() + " is not supported");
}
byte[] result = builder.GetBlob();
builder.Clear();
return(result);
}
BlobBuilder CreatePrivateKeyBlob(ISshKey key)
{
var builder = new BlobBuilder();
switch (key.Version)
{
case SshVersion.SSH1:
var privateKeyParams =
key.GetPrivateKeyParameters() as RsaPrivateCrtKeyParameters;
builder.AddInt(key.Size);
builder.AddSsh1BigIntBlob(privateKeyParams.Modulus);
builder.AddSsh1BigIntBlob(privateKeyParams.PublicExponent);
builder.AddSsh1BigIntBlob(privateKeyParams.Exponent);
builder.AddSsh1BigIntBlob(privateKeyParams.QInv);
builder.AddSsh1BigIntBlob(privateKeyParams.Q);
builder.AddSsh1BigIntBlob(privateKeyParams.P);
break;
case SshVersion.SSH2:
builder.AddStringBlob(key.Algorithm.GetIdentifierString());
switch (key.Algorithm)
{
case PublicKeyAlgorithm.SSH_DSS:
var dsaPublicKeyParameters = key.GetPublicKeyParameters() as
DsaPublicKeyParameters;
var dsaPrivateKeyParamters = key.GetPrivateKeyParameters() as
DsaPrivateKeyParameters;
builder.AddBigIntBlob(dsaPublicKeyParameters.Parameters.P);
builder.AddBigIntBlob(dsaPublicKeyParameters.Parameters.Q);
builder.AddBigIntBlob(dsaPublicKeyParameters.Parameters.G);
builder.AddBigIntBlob(dsaPublicKeyParameters.Y);
builder.AddBigIntBlob(dsaPrivateKeyParamters.X);
break;
case PublicKeyAlgorithm.ECDSA_SHA2_NISTP256:
case PublicKeyAlgorithm.ECDSA_SHA2_NISTP384:
case PublicKeyAlgorithm.ECDSA_SHA2_NISTP521:
var ecdsaPublicKeyParameters = key.GetPublicKeyParameters() as
ECPublicKeyParameters;
var ecdsaPrivateKeyParameters = key.GetPrivateKeyParameters() as
ECPrivateKeyParameters;
builder.AddStringBlob(key.Algorithm.GetIdentifierString()
.Replace(PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_PREFIX,
string.Empty));
builder.AddBlob(ecdsaPublicKeyParameters.Q.GetEncoded());
builder.AddBigIntBlob(ecdsaPrivateKeyParameters.D);
break;
case PublicKeyAlgorithm.SSH_RSA:
var rsaPrivateKeyParameters = key.GetPrivateKeyParameters() as
RsaPrivateCrtKeyParameters;
builder.AddBigIntBlob(rsaPrivateKeyParameters.Modulus);
builder.AddBigIntBlob(rsaPrivateKeyParameters.PublicExponent);
builder.AddBigIntBlob(rsaPrivateKeyParameters.Exponent);
builder.AddBigIntBlob(rsaPrivateKeyParameters.QInv);
builder.AddBigIntBlob(rsaPrivateKeyParameters.P);
builder.AddBigIntBlob(rsaPrivateKeyParameters.Q);
break;
case PublicKeyAlgorithm.ED25519:
var ed25519PublicKeyParameters = key.GetPublicKeyParameters() as
Ed25519PublicKeyParameter;
var ed25519PrivateKeyParameters = key.GetPrivateKeyParameters() as
Ed25519PrivateKeyParameter;
builder.AddBlob(ed25519PublicKeyParameters.Key);
builder.AddBlob(ed25519PrivateKeyParameters.Signature);
break;
default:
throw new Exception("Unsupported algorithm");
}
break;
default:
throw new Exception(cUnsupportedSshVersion);
}
builder.AddStringBlob(key.Comment);
return(builder);
}
/// <summary>
/// Gets OpenSsh formatted bytes from public key
/// </summary>
/// <param name="Algorithm">AsymmetricAlgorithm to convert.</param>
/// <returns>byte array containing key information</returns>
/// <exception cref="ArgumentException">
/// AsymmetricAlgorithm is not supported
/// </exception>
/// <remarks>
/// Currently only supports RSA and DSA public keys
/// </remarks>
public static byte[] GetPublicKeyBlob(this ISshKey aKey)
{
AsymmetricKeyParameter parameters = aKey.GetPublicKeyParameters();
BlobBuilder builder = new BlobBuilder();
if (parameters is RsaKeyParameters) {
RsaKeyParameters rsaPublicKeyParameters = (RsaKeyParameters)parameters;
if (aKey.Version == SshVersion.SSH1) {
builder.AddInt(aKey.Size);
builder.AddSsh1BigIntBlob(rsaPublicKeyParameters.Exponent);
builder.AddSsh1BigIntBlob(rsaPublicKeyParameters.Modulus);
} else {
builder.AddStringBlob(PublicKeyAlgorithm.SSH_RSA.GetIdentifierString());
builder.AddBigIntBlob(rsaPublicKeyParameters.Exponent);
builder.AddBigIntBlob(rsaPublicKeyParameters.Modulus);
}
} else if (parameters is DsaPublicKeyParameters) {
DsaPublicKeyParameters dsaParameters =
(DsaPublicKeyParameters)parameters;
builder.AddStringBlob(PublicKeyAlgorithm.SSH_DSS.GetIdentifierString());
builder.AddBigIntBlob(dsaParameters.Parameters.P);
builder.AddBigIntBlob(dsaParameters.Parameters.Q);
builder.AddBigIntBlob(dsaParameters.Parameters.G);
builder.AddBigIntBlob(dsaParameters.Y);
} else if (parameters is ECPublicKeyParameters) {
ECPublicKeyParameters ecdsaParameters =
(ECPublicKeyParameters)parameters;
string algorithm;
switch (ecdsaParameters.Parameters.Curve.FieldSize) {
case 256:
algorithm = PublicKeyAlgorithm.ECDSA_SHA2_NISTP256.GetIdentifierString();
break;
case 384:
algorithm = PublicKeyAlgorithm.ECDSA_SHA2_NISTP384.GetIdentifierString();
break;
case 521:
algorithm = PublicKeyAlgorithm.ECDSA_SHA2_NISTP521.GetIdentifierString();
break;
default:
throw new ArgumentException("Unsupported EC size: " +
ecdsaParameters.Parameters.Curve.FieldSize);
}
builder.AddStringBlob(algorithm);
algorithm =
algorithm.Replace(PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_PREFIX,
string.Empty);
builder.AddStringBlob(algorithm);
builder.AddBlob(ecdsaParameters.Q.GetEncoded());
} else if (parameters is Ed25519PublicKeyParameter) {
builder.AddStringBlob(PublicKeyAlgorithm.ED25519.GetIdentifierString());
builder.AddBlob(((Ed25519PublicKeyParameter)parameters).Key);
} else {
throw new ArgumentException(parameters.GetType() + " is not supported");
}
byte[] result = builder.GetBlob();
builder.Clear();
return result;
}
public override void Serialize(Stream aStream, object aObject)
{
/* check for required parameters */
if (aStream == null)
{
throw new ArgumentNullException("aStream");
}
if (aObject == null)
{
throw new ArgumentNullException("aObject");
}
PasswordFinder pwFinder = null;
if (GetPassphraseCallbackMethod != null)
{
pwFinder = new PasswordFinder(GetPassphraseCallbackMethod);
}
PinnedArray <char> passphrase = null;
if (pwFinder != null)
{
passphrase = new PinnedArray <char>(0);
passphrase.Data = pwFinder.GetPassword();
}
byte cipherType;
if (passphrase == null || passphrase.Data.Length == 0)
{
cipherType = SSH_CIPHER_NONE;
}
else
{
cipherType = SSH_CIPHER_3DES;
}
BlobBuilder builder = new BlobBuilder();
ISshKey sshKey = aObject as ISshKey;
RsaKeyParameters publicKeyParams = sshKey.GetPublicKeyParameters()
as RsaKeyParameters;
RsaPrivateCrtKeyParameters privateKeyParams = sshKey.GetPrivateKeyParameters()
as RsaPrivateCrtKeyParameters;
/* writing info headers */
builder.AddBytes(Encoding.ASCII.GetBytes(FILE_HEADER_LINE + "\n"));
builder.AddUInt8(0); //end of string
builder.AddUInt8(cipherType); //cipher
builder.AddInt(0); //reserved
/* writing public key */
builder.AddInt(sshKey.Size);
builder.AddSsh1BigIntBlob(publicKeyParams.Modulus);
builder.AddSsh1BigIntBlob(publicKeyParams.Exponent);
builder.AddStringBlob(sshKey.Comment);
/* writing private key */
BlobBuilder privateKeyBuilder = new BlobBuilder();
/* adding some control values */
Random random = new Random();
byte[] resultCheck = new byte[2];
random.NextBytes(resultCheck);
privateKeyBuilder.AddUInt8(resultCheck[0]);
privateKeyBuilder.AddUInt8(resultCheck[1]);
privateKeyBuilder.AddUInt8(resultCheck[0]);
privateKeyBuilder.AddUInt8(resultCheck[1]);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.Exponent);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.DQ);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.P);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.Q);
if (cipherType == SSH_CIPHER_NONE)
{
/* plain-text */
builder.AddBytes(privateKeyBuilder.GetBlobAsPinnedByteArray().Data);
}
else
{
byte[] keydata;
using (MD5 md5 = MD5.Create()) {
keydata = md5.ComputeHash(Encoding.ASCII.GetBytes(passphrase.Data));
}
/* encryption */
DesSsh1Engine desEngine = new DesSsh1Engine();
desEngine.Init(true, new KeyParameter(keydata));
BufferedBlockCipher bufferedBlockCipher = new BufferedBlockCipher(desEngine);
byte[] ouputBuffer = bufferedBlockCipher.ProcessBytes(
privateKeyBuilder.GetBlobAsPinnedByteArray().Data);
builder.AddBytes(ouputBuffer);
passphrase.Dispose();
}
/* writing result to file */
var builderOutput = builder.GetBlobAsPinnedByteArray();
aStream.Write(builderOutput.Data, 0, builderOutput.Data.Length);
aStream.Close();
}
public void TestAddSsh1BigIntBlob()
{
BlobBuilder builder = new BlobBuilder();
BigInteger value = new BigInteger("12398259028592293582039293420948023");
builder.AddSsh1BigIntBlob(value);
byte[] valueBytes = value.ToByteArrayUnsigned();
byte[] expected = new byte[valueBytes.Length + 2];
ushort size = (ushort)(value.BitLength);
expected[0] = (byte)((size >> 8) & 0xFF);
expected[1] = (byte)(size & 0xFF);
Array.Copy(valueBytes, 0, expected, 2, valueBytes.Length);
Assert.That(builder.GetBlob(), Is.EqualTo(expected));
}
BlobBuilder CreatePrivateKeyBlob(ISshKey key)
{
var builder = new BlobBuilder();
switch (key.Version) {
case SshVersion.SSH1:
var privateKeyParams =
key.GetPrivateKeyParameters() as RsaPrivateCrtKeyParameters;
builder.AddInt(key.Size);
builder.AddSsh1BigIntBlob(privateKeyParams.Modulus);
builder.AddSsh1BigIntBlob(privateKeyParams.PublicExponent);
builder.AddSsh1BigIntBlob(privateKeyParams.Exponent);
builder.AddSsh1BigIntBlob(privateKeyParams.QInv);
builder.AddSsh1BigIntBlob(privateKeyParams.Q);
builder.AddSsh1BigIntBlob(privateKeyParams.P);
break;
case SshVersion.SSH2:
builder.AddStringBlob(key.Algorithm.GetIdentifierString());
switch (key.Algorithm) {
case PublicKeyAlgorithm.SSH_DSS:
var dsaPublicKeyParameters = key.GetPublicKeyParameters() as
DsaPublicKeyParameters;
var dsaPrivateKeyParamters = key.GetPrivateKeyParameters() as
DsaPrivateKeyParameters;
builder.AddBigIntBlob(dsaPublicKeyParameters.Parameters.P);
builder.AddBigIntBlob(dsaPublicKeyParameters.Parameters.Q);
builder.AddBigIntBlob(dsaPublicKeyParameters.Parameters.G);
builder.AddBigIntBlob(dsaPublicKeyParameters.Y);
builder.AddBigIntBlob(dsaPrivateKeyParamters.X);
break;
case PublicKeyAlgorithm.ECDSA_SHA2_NISTP256:
case PublicKeyAlgorithm.ECDSA_SHA2_NISTP384:
case PublicKeyAlgorithm.ECDSA_SHA2_NISTP521:
var ecdsaPublicKeyParameters = key.GetPublicKeyParameters() as
ECPublicKeyParameters;
var ecdsaPrivateKeyParameters = key.GetPrivateKeyParameters() as
ECPrivateKeyParameters;
builder.AddStringBlob(key.Algorithm.GetIdentifierString()
.Replace(PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_PREFIX,
string.Empty));
builder.AddBlob(ecdsaPublicKeyParameters.Q.GetEncoded());
builder.AddBigIntBlob(ecdsaPrivateKeyParameters.D);
break;
case PublicKeyAlgorithm.SSH_RSA:
var rsaPrivateKeyParameters = key.GetPrivateKeyParameters() as
RsaPrivateCrtKeyParameters;
builder.AddBigIntBlob(rsaPrivateKeyParameters.Modulus);
builder.AddBigIntBlob(rsaPrivateKeyParameters.PublicExponent);
builder.AddBigIntBlob(rsaPrivateKeyParameters.Exponent);
builder.AddBigIntBlob(rsaPrivateKeyParameters.QInv);
builder.AddBigIntBlob(rsaPrivateKeyParameters.P);
builder.AddBigIntBlob(rsaPrivateKeyParameters.Q);
break;
case PublicKeyAlgorithm.ED25519:
var ed25519PublicKeyParameters = key.GetPublicKeyParameters() as
Ed25519PublicKeyParameter;
var ed25519PrivateKeyParameters = key.GetPrivateKeyParameters() as
Ed25519PrivateKeyParameter;
builder.AddBlob(ed25519PublicKeyParameters.Key);
builder.AddBlob(ed25519PrivateKeyParameters.Signature);
break;
default:
throw new Exception("Unsupported algorithm");
}
break;
default:
throw new Exception(cUnsupportedSshVersion);
}
builder.AddStringBlob(key.Comment);
return builder;
}
public byte[] SignRequest(ISshKey aKey, byte[] aSignData)
{
BlobBuilder builder = new BlobBuilder();
switch (aKey.Version) {
case SshVersion.SSH1:
builder.AddBytes(aKey.GetPublicKeyBlob());
var engine = new Pkcs1Encoding(new RsaEngine());
engine.Init(true /* encrypt */, aKey.GetPublicKeyParameters());
var encryptedData = engine.ProcessBlock(aSignData, 0, aSignData.Length);
var challenge = new BigInteger(encryptedData);
builder.AddSsh1BigIntBlob(challenge);
builder.AddBytes(SessionId);
builder.AddInt(1); // response type - must be 1
builder.InsertHeader(Agent.Message.SSH1_AGENTC_RSA_CHALLENGE);
break;
case SshVersion.SSH2:
builder.AddBlob(aKey.GetPublicKeyBlob());
builder.AddBlob(aSignData);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST);
break;
default:
throw new Exception(cUnsupportedSshVersion);
}
BlobParser replyParser = SendMessage(builder);
var header = replyParser.ReadHeader();
switch (aKey.Version) {
case SshVersion.SSH1:
if (header.Message != Agent.Message.SSH1_AGENT_RSA_RESPONSE) {
throw new AgentFailureException();
}
byte[] response = new byte[16];
for (int i = 0; i < 16; i++) {
response[i] = replyParser.ReadByte();
}
return response;
case SshVersion.SSH2:
if (header.Message != Agent.Message.SSH2_AGENT_SIGN_RESPONSE) {
throw new AgentFailureException();
}
return replyParser.ReadBlob();
default:
throw new Exception(cUnsupportedSshVersion);
}
}
public void TestAnswerSSH1_AGENTC_RSA_CHALLENGE()
{
Agent agent = new TestAgent(allKeys);
/* test answering to RSA challenge */
BlobBuilder builder = new BlobBuilder();
RsaPrivateCrtKeyParameters rsaParameters =
(RsaPrivateCrtKeyParameters)rsa1Key.GetPrivateKeyParameters();
builder.AddInt(rsa1Key.Size);
builder.AddSsh1BigIntBlob(rsaParameters.PublicExponent);
builder.AddSsh1BigIntBlob(rsaParameters.Modulus);
byte[] decryptedChallenge = new byte[8];
byte[] sessionId = new byte[16];
Random random = new Random();
random.NextBytes(decryptedChallenge);
random.NextBytes(sessionId);
IAsymmetricBlockCipher engine = new Pkcs1Encoding(new RsaEngine());
engine.Init(true, rsa1Key.GetPublicKeyParameters());
byte[] encryptedChallenge = engine.ProcessBlock(decryptedChallenge, 0,
decryptedChallenge.Length);
BigInteger chal = new BigInteger(encryptedChallenge);
builder.AddSsh1BigIntBlob(chal);
builder.AddBytes(sessionId);
builder.AddInt(1);
builder.InsertHeader(Agent.Message.SSH1_AGENTC_RSA_CHALLENGE);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
Agent.BlobHeader header = parser.ReadHeader();
byte[] md5Received = parser.ReadBytes(16);
/* check that proper response type was received */
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH1_AGENT_RSA_RESPONSE));
using (MD5 md5 = MD5.Create())
{
byte[] md5Buffer = new byte[48];
decryptedChallenge.CopyTo(md5Buffer, 0);
sessionId.CopyTo(md5Buffer, 32);
byte[] md5Expected = md5.ComputeHash(md5Buffer);
/* check the encrypted challenge was successfully read */
Assert.That(md5Received, Is.EqualTo(md5Expected));
}
}
public void TestAnswerSSH1_AGENTC_ADD_RSA_ID_CONSTRAINED()
{
/* most code is shared with SSH1_AGENTC_ADD_RSA_IDENTITY, so we just
* need to test the differences */
Agent.ConfirmUserPermissionDelegate confirmCallback =
delegate(ISshKey k, Process p) { return true; };
Agent agent = new TestAgent();
/* test that no confirmation callback returns failure */
BlobBuilder builder = new BlobBuilder();
RsaPrivateCrtKeyParameters rsaParameters =
(RsaPrivateCrtKeyParameters)rsa1Key.GetPrivateKeyParameters();
builder.AddInt(rsa1Key.Size);
builder.AddSsh1BigIntBlob(rsaParameters.Modulus);
builder.AddSsh1BigIntBlob(rsaParameters.PublicExponent);
builder.AddSsh1BigIntBlob(rsaParameters.Exponent);
builder.AddSsh1BigIntBlob(rsaParameters.QInv);
builder.AddSsh1BigIntBlob(rsaParameters.P);
builder.AddSsh1BigIntBlob(rsaParameters.Q);
builder.AddStringBlob(rsa1Key.Comment);
//save blob so far so we don't have to repeat later.
byte[] commonBlob = builder.GetBlob();
builder.AddByte((byte)Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM);
builder.InsertHeader(Agent.Message.SSH1_AGENTC_ADD_RSA_ID_CONSTRAINED);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
Agent.BlobHeader header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_FAILURE));
/* test adding key with confirm constraint */
agent = new TestAgent();
agent.ConfirmUserPermissionCallback = confirmCallback;
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
ISshKey returnedKey = agent.GetAllKeys().First();
Assert.That(returnedKey.Constraints.Count(), Is.EqualTo(1));
Assert.That(returnedKey.Constraints[0].Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM));
Assert.That(returnedKey.Constraints[0].Data, Is.Null);
/* test adding key with lifetime constraint */
agent = new TestAgent();
builder.Clear();
builder.AddBytes(commonBlob);
builder.AddByte((byte)Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME);
builder.AddInt(10);
builder.InsertHeader(Agent.Message.SSH1_AGENTC_ADD_RSA_ID_CONSTRAINED);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
returnedKey = agent.GetAllKeys().First();
Assert.That(returnedKey.Constraints.Count(), Is.EqualTo(1));
Assert.That(returnedKey.Constraints[0].Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME));
Assert.That(returnedKey.Constraints[0].Data.GetType(),
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME.GetDataType()));
Assert.That(returnedKey.Constraints[0].Data, Is.EqualTo(10));
/* test adding key with multiple constraints */
agent = new TestAgent();
agent.ConfirmUserPermissionCallback = confirmCallback;
builder.Clear();
builder.AddBytes(commonBlob);
builder.AddByte((byte)Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM);
builder.AddByte((byte)Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME);
builder.AddInt(10);
builder.InsertHeader(Agent.Message.SSH1_AGENTC_ADD_RSA_ID_CONSTRAINED);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
returnedKey = agent.GetAllKeys().First();
Assert.That(returnedKey.Constraints.Count(), Is.EqualTo(2));
Assert.That(returnedKey.Constraints[0].Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM));
Assert.That(returnedKey.Constraints[0].Data, Is.Null);
Assert.That(returnedKey.Constraints[1].Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME));
Assert.That(returnedKey.Constraints[1].Data, Is.EqualTo(10));
/* test adding key with multiple constraints in different order */
agent = new TestAgent();
agent.ConfirmUserPermissionCallback = confirmCallback;
builder.Clear();
builder.AddBytes(commonBlob);
builder.AddByte((byte)Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME);
builder.AddInt(10);
builder.AddByte((byte)Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM);
builder.InsertHeader(Agent.Message.SSH1_AGENTC_ADD_RSA_ID_CONSTRAINED);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
returnedKey = agent.GetAllKeys().First();
Assert.That(returnedKey.Constraints.Count(), Is.EqualTo(2));
Assert.That(returnedKey.Constraints[0].Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME));
Assert.That(returnedKey.Constraints[0].Data, Is.EqualTo(10));
Assert.That(returnedKey.Constraints[1].Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM));
Assert.That(returnedKey.Constraints[1].Data, Is.Null);
}
public void TestAnswerSSH1_AGENTC_ADD_RSA_IDENTITY()
{
Agent agent = new TestAgent();
/* test adding RSA key */
BlobBuilder builder = new BlobBuilder();
RsaPrivateCrtKeyParameters rsaParameters =
(RsaPrivateCrtKeyParameters)rsa1Key.GetPrivateKeyParameters();
builder.AddInt(rsa1Key.Size);
builder.AddSsh1BigIntBlob(rsaParameters.Modulus);
builder.AddSsh1BigIntBlob(rsaParameters.PublicExponent);
builder.AddSsh1BigIntBlob(rsaParameters.Exponent);
builder.AddSsh1BigIntBlob(rsaParameters.QInv);
builder.AddSsh1BigIntBlob(rsaParameters.P);
builder.AddSsh1BigIntBlob(rsaParameters.Q);
builder.AddStringBlob(rsa1Key.Comment);
builder.InsertHeader(Agent.Message.SSH1_AGENTC_ADD_RSA_IDENTITY);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
Agent.BlobHeader header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
ISshKey returnedKey = agent.GetAllKeys().First();
Assert.That(returnedKey.GetPublicKeyParameters(),
Is.InstanceOf<RsaKeyParameters>());
Assert.That(returnedKey.GetPrivateKeyParameters(),
Is.InstanceOf<RsaKeyParameters>());
Assert.That(returnedKey.Size, Is.EqualTo(rsa1Key.Size));
Assert.That(returnedKey.Comment, Is.EqualTo(rsa1Key.Comment));
Assert.That(returnedKey.GetMD5Fingerprint(), Is.EqualTo(rsa1Key.GetMD5Fingerprint()));
}
