/// <summary> /// Read private key parameters. /// </summary> /// <param name="passphrase">passphrase for decrypt the key file</param> /// <param name="keyPair">key pair</param> /// <param name="comment">comment or empty if it didn't exist</param> public void Load(string passphrase, out KeyPair keyPair, out string comment) { PEMKeyType keyType; String base64Text; bool encrypted = false; CipherAlgorithm? encryption = null; byte[] iv = null; int keySize = 0; int ivSize = 0; using (StreamReader sreader = GetStreamReader()) { string line = sreader.ReadLine(); if (line == null) throw new SSHException(Strings.GetString("NotValidPrivateKeyFile") + " (unexpected eof)"); if (line == PrivateKeyFileHeader.SSH2_OPENSSH_HEADER_RSA) keyType = PEMKeyType.RSA; else if (line == PrivateKeyFileHeader.SSH2_OPENSSH_HEADER_DSA) keyType = PEMKeyType.DSA; else if (line == PrivateKeyFileHeader.SSH2_OPENSSH_HEADER_ECDSA) keyType = PEMKeyType.ECDSA; else throw new SSHException(Strings.GetString("NotValidPrivateKeyFile") + " (unexpected key type)"); string footer = line.Replace("BEGIN", "END"); StringBuilder buf = new StringBuilder(); comment = String.Empty; while (true) { line = sreader.ReadLine(); if (line == null) throw new SSHException(Strings.GetString("NotValidPrivateKeyFile") + " (unexpected eof)"); if (line == footer) break; if (line.IndexOf(':') >= 0) { if (line.StartsWith("Proc-Type:")) { string[] w = line.Substring("Proc-Type:".Length).Trim().Split(','); if (w.Length < 1) throw new SSHException(Strings.GetString("NotValidPrivateKeyFile") + " (invalid Proc-Type)"); if (w[0] != "4") throw new SSHException(Strings.GetString("UnsupportedPrivateKeyFormat") + " (" + Strings.GetString("Reason_UnsupportedProcType") + ")"); if (w.Length >= 2 && w[1] == "ENCRYPTED") encrypted = true; } else if (line.StartsWith("DEK-Info:")) { string[] w = line.Substring("DEK-Info:".Length).Trim().Split(','); if (w.Length < 2) throw new SSHException(Strings.GetString("NotValidPrivateKeyFile") + " (invalid DEK-Info)"); switch (w[0]) { case "DES-EDE3-CBC": encryption = CipherAlgorithm.TripleDES; ivSize = 8; keySize = 24; break; case "AES-128-CBC": encryption = CipherAlgorithm.AES128; ivSize = 16; keySize = 16; break; default: throw new SSHException(Strings.GetString("UnsupportedPrivateKeyFormat") + " (" + Strings.GetString("Reason_UnsupportedEncryptionType") + ")"); } iv = HexToByteArray(w[1]); if (iv == null || iv.Length != ivSize) throw new SSHException(Strings.GetString("NotValidPrivateKeyFile") + " (invalid IV)"); } } else buf.Append(line); } base64Text = buf.ToString(); } byte[] keydata = Base64.Decode(Encoding.ASCII.GetBytes(base64Text)); if (encrypted) { if (!encryption.HasValue || iv == null) throw new SSHException(Strings.GetString("NotValidPrivateKeyFile") + " (missing encryption type or IV)"); byte[] key = PassphraseToKey(passphrase, iv, keySize); Cipher cipher = CipherFactory.CreateCipher(SSHProtocol.SSH2, encryption.Value, key, iv); if (keydata.Length % cipher.BlockSize != 0) throw new SSHException(Strings.GetString("NotValidPrivateKeyFile") + " (invalid key data size)"); cipher.Decrypt(keydata, 0, keydata.Length, keydata, 0); } using (MemoryStream keyDataStream = new MemoryStream(keydata, false)) { BERReader reader = new BERReader(keyDataStream); if (!reader.ReadSequence()) throw new SSHException(Strings.GetString("WrongPassphrase")); if (keyType == PEMKeyType.RSA) { /* from OpenSSL rsa_asn1.c * * ASN1_SIMPLE(RSA, version, LONG), * ASN1_SIMPLE(RSA, n, BIGNUM), * ASN1_SIMPLE(RSA, e, BIGNUM), * ASN1_SIMPLE(RSA, d, BIGNUM), * ASN1_SIMPLE(RSA, p, BIGNUM), * ASN1_SIMPLE(RSA, q, BIGNUM), * ASN1_SIMPLE(RSA, dmp1, BIGNUM), * ASN1_SIMPLE(RSA, dmq1, BIGNUM), * ASN1_SIMPLE(RSA, iqmp, BIGNUM) */ BigInteger v, n, e, d, p, q, dmp1, dmq1, iqmp; if (!reader.ReadInteger(out v) || !reader.ReadInteger(out n) || !reader.ReadInteger(out e) || !reader.ReadInteger(out d) || !reader.ReadInteger(out p) || !reader.ReadInteger(out q) || !reader.ReadInteger(out dmp1) || !reader.ReadInteger(out dmq1) || !reader.ReadInteger(out iqmp)) { throw new SSHException(Strings.GetString("WrongPassphrase")); } BigInteger u = p.ModInverse(q); // inverse of p mod q keyPair = new RSAKeyPair(e, d, n, u, p, q); } else if (keyType == PEMKeyType.DSA) { /* from OpenSSL dsa_asn1.c * * ASN1_SIMPLE(DSA, version, LONG), * ASN1_SIMPLE(DSA, p, BIGNUM), * ASN1_SIMPLE(DSA, q, BIGNUM), * ASN1_SIMPLE(DSA, g, BIGNUM), * ASN1_SIMPLE(DSA, pub_key, BIGNUM), * ASN1_SIMPLE(DSA, priv_key, BIGNUM) */ BigInteger v, p, q, g, y, x; if (!reader.ReadInteger(out v) || !reader.ReadInteger(out p) || !reader.ReadInteger(out q) || !reader.ReadInteger(out g) || !reader.ReadInteger(out y) || !reader.ReadInteger(out x)) { throw new SSHException(Strings.GetString("WrongPassphrase")); } keyPair = new DSAKeyPair(p, g, q, y, x); } else if (keyType == PEMKeyType.ECDSA) { /* from OpenSSL ec_asn1.c * * ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG), * ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING), * ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0), * ------ * ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT), * ------ * ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1) */ int len; byte[] privateKey; byte[] publicKey; string namedCurve; BigInteger v; if (!reader.ReadInteger(out v) || !reader.ReadOctetString(out privateKey) || !reader.ReadTag(BERReader.TagClass.ContextSpecific, true, 0, out len) || !reader.ReadObjectIdentifier(out namedCurve) || !reader.ReadTag(BERReader.TagClass.ContextSpecific, true, 1, out len) || !reader.ReadBitString(out publicKey)) { throw new SSHException(Strings.GetString("WrongPassphrase")); } EllipticCurve curve = EllipticCurve.FindByOID(namedCurve); if (curve == null) { throw new SSHException(Strings.GetString("UnsupportedEllipticCurveInKeyPair")); } ECPoint ecPublicKeyPoint; if (!ECPoint.Parse(publicKey, curve, out ecPublicKeyPoint)) { throw new SSHException(Strings.GetString("KeysAreBroken")); } var ecKeyPair = new ECDSAKeyPair(curve, new ECDSAPublicKey(curve, ecPublicKeyPoint), new BigInteger(privateKey)); if (!ecKeyPair.CheckKeyConsistency()) { throw new SSHException(Strings.GetString("KeysAreBroken")); } keyPair = ecKeyPair; } else { throw new SSHException("Unknown file type. This should not happen."); } } }
// Tests key pair validation using test vectors from NIST CAVP. // http://csrc.nist.gov/groups/STM/cavp/digital-signatures.html internal static void TestKeyPair() { using (var reader = new System.IO.StreamReader(@"186-3ecdsatestvectors\KeyPair.rsp")) { EllipticCurve curve = null; string ds = null; BigInteger d = null; BigInteger qx = null; BigInteger qy = null; int testCount = 0; while (true) { string line = reader.ReadLine(); if (line == null) { break; } var match = System.Text.RegularExpressions.Regex.Match(line, @"\[([-\w]+)\]"); if (match.Success) { string curveName = "nist" + match.Groups[1].Value.ToLowerInvariant().Replace("-", ""); curve = FindByName(curveName); if (curve != null) { Debug.WriteLine("Test " + curve.CurveName); } d = qx = qy = null; ds = null; testCount = 0; continue; } if (line.StartsWith("d = ") && curve != null) { ds = line.Substring(4).Trim(); d = new BigInteger(BigIntegerConverter.ParseHex(ds)); continue; } if (line.StartsWith("Qx = ") && curve != null) { qx = new BigInteger(BigIntegerConverter.ParseHex(line.Substring(5).Trim())); continue; } if (line.StartsWith("Qy = ") && curve != null) { qy = new BigInteger(BigIntegerConverter.ParseHex(line.Substring(5).Trim())); if (d != null && qx != null) { var pk = new ECDSAPublicKey(curve, new ECPoint(qx, qy)); var kp = new ECDSAKeyPair(curve, pk, d); if (!kp.CheckKeyConsistency()) { throw new Exception("validation failed"); } ++testCount; Debug.WriteLine("Pass #{0} : {1}", testCount, ds); } d = qx = qy = null; ds = null; } } } }