public byte[] SignRequest(ISshKey aKey, byte[] aSignData)
{
BlobBuilder builder = new BlobBuilder();
switch (aKey.Version)
{
case SshVersion.SSH1:
builder.AddBytes(aKey.GetPublicKeyBlob());
var engine = new Pkcs1Encoding(new RsaEngine());
engine.Init(true /* encrypt */, aKey.GetPublicKeyParameters());
var encryptedData = engine.ProcessBlock(aSignData, 0, aSignData.Length);
var challenge = new BigInteger(encryptedData);
builder.AddSsh1BigIntBlob(challenge);
builder.AddBytes(SessionId);
builder.AddInt(1); // response type - must be 1
builder.InsertHeader(Agent.Message.SSH1_AGENTC_RSA_CHALLENGE);
break;
case SshVersion.SSH2:
builder.AddBlob(aKey.GetPublicKeyBlob());
builder.AddBlob(aSignData);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST);
break;
default:
throw new Exception(cUnsupportedSshVersion);
}
BlobParser replyParser = SendMessage(builder);
var header = replyParser.ReadHeader();
switch (aKey.Version)
{
case SshVersion.SSH1:
if (header.Message != Agent.Message.SSH1_AGENT_RSA_RESPONSE)
{
throw new AgentFailureException();
}
byte[] response = new byte[16];
for (int i = 0; i < 16; i++)
{
response[i] = replyParser.ReadUInt8();
}
return(response);
case SshVersion.SSH2:
if (header.Message != Agent.Message.SSH2_AGENT_SIGN_RESPONSE)
{
throw new AgentFailureException();
}
return(replyParser.ReadBlob());
default:
throw new Exception(cUnsupportedSshVersion);
}
}
public override void Serialize(Stream stream, object obj)
{
/* check for required parameters */
if (stream == null) {
throw new ArgumentNullException("stream");
}
if (obj == null) {
throw new ArgumentNullException("obj");
}
PinnedArray<char> passphrase = null;
string ciphername;
if (passphrase == null || passphrase.Data.Length == 0) {
ciphername = KDFNAME_NONE;
} else {
ciphername = KDFNAME_BCRYPT;
}
var builder = new BlobBuilder();
ISshKey sshKey = obj as ISshKey;
if (sshKey == null) {
throw new ArgumentException("Expected ISshKey", "obj");
}
var publicKeyParams = sshKey.GetPublicKeyParameters() as Ed25519PublicKeyParameter;
var privateKeyParams = sshKey.GetPrivateKeyParameters() as Ed25519PrivateKeyParameter;
/* writing info headers */
builder.AddBytes(Encoding.ASCII.GetBytes(AUTH_MAGIC));
builder.AddStringBlob(ciphername);
builder.AddStringBlob(ciphername); //kdfname
builder.AddBlob(new byte[0]); // kdfoptions
/* writing public key */
builder.AddInt(1); // number of keys N
var publicKeyBuilder = new BlobBuilder();
publicKeyBuilder.AddStringBlob(PublicKeyAlgorithm.ED25519.GetIdentifierString());
publicKeyBuilder.AddBlob(publicKeyParams.Key);
builder.AddBlob(publicKeyBuilder.GetBlob());
/* writing private key */
BlobBuilder privateKeyBuilder = new BlobBuilder();
var checkint = new SecureRandom().NextInt();
privateKeyBuilder.AddInt(checkint);
privateKeyBuilder.AddInt(checkint);
privateKeyBuilder.AddStringBlob(PublicKeyAlgorithm.ED25519.GetIdentifierString());
privateKeyBuilder.AddBlob(publicKeyParams.Key);
privateKeyBuilder.AddBlob(privateKeyParams.Signature);
privateKeyBuilder.AddStringBlob(sshKey.Comment);
if (ciphername == KDFNAME_NONE) {
/* plain-text */
builder.AddBlob(privateKeyBuilder.GetBlobAsPinnedByteArray().Data);
} else {
byte[] keydata;
using (MD5 md5 = MD5.Create()) {
keydata = md5.ComputeHash(Encoding.ASCII.GetBytes(passphrase.Data));
}
passphrase.Dispose();
}
/* writing result to file */
var builderOutput = builder.GetBlobAsPinnedByteArray();
using (var writer = new StreamWriter(stream)) {
writer.NewLine = "\n";
writer.WriteLine(MARK_BEGIN);
var base64Data = Util.ToBase64(builderOutput.Data);
var base64String = Encoding.UTF8.GetString(base64Data);
var offset = 0;
while (offset < base64String.Length) {
const int maxLineLength = 70;
if (offset + maxLineLength > base64String.Length) {
writer.WriteLine(base64String.Substring(offset));
} else {
writer.WriteLine(base64String.Substring(offset, maxLineLength));
}
offset += maxLineLength;
}
writer.WriteLine(MARK_END);
}
}
/// <summary>
/// Gets OpenSsh formatted bytes from public key
/// </summary>
/// <param name="key">The key.</param>
/// <param name="cert">When set to <c>true</c> and the key has a certificate, the certificate blob will be used.</param>
/// <returns>byte array containing key information</returns>
public static byte[] GetPublicKeyBlob(this ISshKey key, bool cert = true)
{
if (cert && key.Certificate != null)
{
return(key.Certificate.Blob);
}
AsymmetricKeyParameter parameters = key.GetPublicKeyParameters();
BlobBuilder builder = new BlobBuilder();
if (parameters is RsaKeyParameters)
{
RsaKeyParameters rsaPublicKeyParameters = (RsaKeyParameters)parameters;
if (key.Version == SshVersion.SSH1)
{
builder.AddInt(key.Size);
builder.AddSsh1BigIntBlob(rsaPublicKeyParameters.Exponent);
builder.AddSsh1BigIntBlob(rsaPublicKeyParameters.Modulus);
}
else
{
builder.AddStringBlob(PublicKeyAlgorithm.SSH_RSA.GetIdentifierString());
builder.AddBigIntBlob(rsaPublicKeyParameters.Exponent);
builder.AddBigIntBlob(rsaPublicKeyParameters.Modulus);
}
}
else if (parameters is DsaPublicKeyParameters)
{
DsaPublicKeyParameters dsaParameters =
(DsaPublicKeyParameters)parameters;
builder.AddStringBlob(PublicKeyAlgorithm.SSH_DSS.GetIdentifierString());
builder.AddBigIntBlob(dsaParameters.Parameters.P);
builder.AddBigIntBlob(dsaParameters.Parameters.Q);
builder.AddBigIntBlob(dsaParameters.Parameters.G);
builder.AddBigIntBlob(dsaParameters.Y);
}
else if (parameters is ECPublicKeyParameters)
{
ECPublicKeyParameters ecdsaParameters =
(ECPublicKeyParameters)parameters;
string algorithm;
switch (ecdsaParameters.Parameters.Curve.FieldSize)
{
case 256:
algorithm = PublicKeyAlgorithm.ECDSA_SHA2_NISTP256.GetIdentifierString();
break;
case 384:
algorithm = PublicKeyAlgorithm.ECDSA_SHA2_NISTP384.GetIdentifierString();
break;
case 521:
algorithm = PublicKeyAlgorithm.ECDSA_SHA2_NISTP521.GetIdentifierString();
break;
default:
throw new ArgumentException("Unsupported EC size: " +
ecdsaParameters.Parameters.Curve.FieldSize);
}
builder.AddStringBlob(algorithm);
algorithm =
algorithm.Replace(PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_PREFIX,
string.Empty);
builder.AddStringBlob(algorithm);
builder.AddBlob(ecdsaParameters.Q.GetEncoded());
}
else if (parameters is Ed25519PublicKeyParameter)
{
builder.AddStringBlob(PublicKeyAlgorithm.ED25519.GetIdentifierString());
builder.AddBlob(((Ed25519PublicKeyParameter)parameters).Key);
}
else
{
throw new ArgumentException(parameters.GetType() + " is not supported");
}
byte[] result = builder.GetBlob();
builder.Clear();
return(result);
}
BlobBuilder CreatePrivateKeyBlob(ISshKey key)
{
var builder = new BlobBuilder();
switch (key.Version)
{
case SshVersion.SSH1:
var privateKeyParams =
key.GetPrivateKeyParameters() as RsaPrivateCrtKeyParameters;
builder.AddInt(key.Size);
builder.AddSsh1BigIntBlob(privateKeyParams.Modulus);
builder.AddSsh1BigIntBlob(privateKeyParams.PublicExponent);
builder.AddSsh1BigIntBlob(privateKeyParams.Exponent);
builder.AddSsh1BigIntBlob(privateKeyParams.QInv);
builder.AddSsh1BigIntBlob(privateKeyParams.Q);
builder.AddSsh1BigIntBlob(privateKeyParams.P);
break;
case SshVersion.SSH2:
builder.AddStringBlob(key.Algorithm.GetIdentifierString());
switch (key.Algorithm)
{
case PublicKeyAlgorithm.SSH_DSS:
var dsaPublicKeyParameters = key.GetPublicKeyParameters() as
DsaPublicKeyParameters;
var dsaPrivateKeyParamters = key.GetPrivateKeyParameters() as
DsaPrivateKeyParameters;
builder.AddBigIntBlob(dsaPublicKeyParameters.Parameters.P);
builder.AddBigIntBlob(dsaPublicKeyParameters.Parameters.Q);
builder.AddBigIntBlob(dsaPublicKeyParameters.Parameters.G);
builder.AddBigIntBlob(dsaPublicKeyParameters.Y);
builder.AddBigIntBlob(dsaPrivateKeyParamters.X);
break;
case PublicKeyAlgorithm.ECDSA_SHA2_NISTP256:
case PublicKeyAlgorithm.ECDSA_SHA2_NISTP384:
case PublicKeyAlgorithm.ECDSA_SHA2_NISTP521:
var ecdsaPublicKeyParameters = key.GetPublicKeyParameters() as
ECPublicKeyParameters;
var ecdsaPrivateKeyParameters = key.GetPrivateKeyParameters() as
ECPrivateKeyParameters;
builder.AddStringBlob(key.Algorithm.GetIdentifierString()
.Replace(PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_PREFIX,
string.Empty));
builder.AddBlob(ecdsaPublicKeyParameters.Q.GetEncoded());
builder.AddBigIntBlob(ecdsaPrivateKeyParameters.D);
break;
case PublicKeyAlgorithm.SSH_RSA:
var rsaPrivateKeyParameters = key.GetPrivateKeyParameters() as
RsaPrivateCrtKeyParameters;
builder.AddBigIntBlob(rsaPrivateKeyParameters.Modulus);
builder.AddBigIntBlob(rsaPrivateKeyParameters.PublicExponent);
builder.AddBigIntBlob(rsaPrivateKeyParameters.Exponent);
builder.AddBigIntBlob(rsaPrivateKeyParameters.QInv);
builder.AddBigIntBlob(rsaPrivateKeyParameters.P);
builder.AddBigIntBlob(rsaPrivateKeyParameters.Q);
break;
case PublicKeyAlgorithm.ED25519:
var ed25519PublicKeyParameters = key.GetPublicKeyParameters() as
Ed25519PublicKeyParameter;
var ed25519PrivateKeyParameters = key.GetPrivateKeyParameters() as
Ed25519PrivateKeyParameter;
builder.AddBlob(ed25519PublicKeyParameters.Key);
builder.AddBlob(ed25519PrivateKeyParameters.Signature);
break;
default:
throw new Exception("Unsupported algorithm");
}
break;
default:
throw new Exception(cUnsupportedSshVersion);
}
builder.AddStringBlob(key.Comment);
return(builder);
}
private static void VerifyIntegrity(FileData fileData)
{
BlobBuilder builder = new BlobBuilder();
if (fileData.ppkFileVersion != Version.V1) {
builder.AddStringBlob(fileData.publicKeyAlgorithm.GetIdentifierString());
builder.AddStringBlob(fileData.privateKeyAlgorithm.GetIdentifierString());
builder.AddBlob(Encoding.GetEncoding(1252).GetBytes(fileData.comment));
builder.AddBlob(fileData.publicKeyBlob);
builder.AddInt(fileData.privateKeyBlob.Data.Length);
}
builder.AddBytes(fileData.privateKeyBlob.Data);
byte[] computedHash;
SHA1 sha = SHA1.Create();
if (fileData.isHMAC) {
HMAC hmac = HMACSHA1.Create();
if (fileData.passphrase != null) {
using (PinnedArray<byte> hashData =
new PinnedArray<byte>(cMACKeySalt.Length +
fileData.passphrase.Length)) {
Array.Copy(Encoding.UTF8.GetBytes(cMACKeySalt),
hashData.Data, cMACKeySalt.Length);
IntPtr passphrasePtr =
Marshal.SecureStringToGlobalAllocUnicode(fileData.passphrase);
for (int i = 0; i < fileData.passphrase.Length; i++) {
int unicodeChar = Marshal.ReadInt16(passphrasePtr + i * 2);
byte ansiChar = Util.UnicodeToAnsi(unicodeChar);
hashData.Data[cMACKeySalt.Length + i] = ansiChar;
Marshal.WriteByte(passphrasePtr, i * 2, 0);
}
Marshal.ZeroFreeGlobalAllocUnicode(passphrasePtr);
hmac.Key = sha.ComputeHash(hashData.Data);
}
} else {
hmac.Key = sha.ComputeHash(Encoding.UTF8.GetBytes(cMACKeySalt));
}
computedHash = hmac.ComputeHash(builder.GetBlob());
hmac.Clear();
} else {
computedHash = sha.ComputeHash(builder.GetBlob());
}
sha.Clear();
builder.Clear();
try {
int macLength = computedHash.Length;
bool failed = false;
if (fileData.privateMAC.Length == macLength) {
for (int i = 0; i < macLength; i++) {
if (fileData.privateMAC[i] != computedHash[i]) {
failed = true;
break;
}
}
} else {
failed = true;
}
if (failed) {
// private key data should start with 3 bytes with value 0 if it was
// properly decrypted or does not require decryption
if ((fileData.privateKeyBlob.Data[0] == 0) &&
(fileData.privateKeyBlob.Data[1] == 0) &&
(fileData.privateKeyBlob.Data[2] == 0)) {
// so if they bytes are there, passphrase decrypted properly and
// something else is wrong with the file contents
throw new PpkFormatterException(PpkFormatterException.PpkErrorType.FileCorrupt);
} else {
// if the bytes are not zeros, we assume that the data was not
// properly decrypted because the passphrase was incorrect.
throw new PpkFormatterException(PpkFormatterException.PpkErrorType.BadPassphrase);
}
}
} catch {
throw;
} finally {
Array.Clear(computedHash, 0, computedHash.Length);
}
}
/// <summary>
/// Gets OpenSsh formatted bytes from public key
/// </summary>
/// <param name="Algorithm">AsymmetricAlgorithm to convert.</param>
/// <returns>byte array containing key information</returns>
/// <exception cref="ArgumentException">
/// AsymmetricAlgorithm is not supported
/// </exception>
/// <remarks>
/// Currently only supports RSA and DSA public keys
/// </remarks>
public static byte[] GetPublicKeyBlob(this ISshKey aKey)
{
AsymmetricKeyParameter parameters = aKey.GetPublicKeyParameters();
BlobBuilder builder = new BlobBuilder();
if (parameters is RsaKeyParameters) {
RsaKeyParameters rsaPublicKeyParameters = (RsaKeyParameters)parameters;
if (aKey.Version == SshVersion.SSH1) {
builder.AddInt(aKey.Size);
builder.AddSsh1BigIntBlob(rsaPublicKeyParameters.Exponent);
builder.AddSsh1BigIntBlob(rsaPublicKeyParameters.Modulus);
} else {
builder.AddStringBlob(PublicKeyAlgorithm.SSH_RSA.GetIdentifierString());
builder.AddBigIntBlob(rsaPublicKeyParameters.Exponent);
builder.AddBigIntBlob(rsaPublicKeyParameters.Modulus);
}
} else if (parameters is DsaPublicKeyParameters) {
DsaPublicKeyParameters dsaParameters =
(DsaPublicKeyParameters)parameters;
builder.AddStringBlob(PublicKeyAlgorithm.SSH_DSS.GetIdentifierString());
builder.AddBigIntBlob(dsaParameters.Parameters.P);
builder.AddBigIntBlob(dsaParameters.Parameters.Q);
builder.AddBigIntBlob(dsaParameters.Parameters.G);
builder.AddBigIntBlob(dsaParameters.Y);
} else if (parameters is ECPublicKeyParameters) {
ECPublicKeyParameters ecdsaParameters =
(ECPublicKeyParameters)parameters;
string algorithm;
switch (ecdsaParameters.Parameters.Curve.FieldSize) {
case 256:
algorithm = PublicKeyAlgorithm.ECDSA_SHA2_NISTP256.GetIdentifierString();
break;
case 384:
algorithm = PublicKeyAlgorithm.ECDSA_SHA2_NISTP384.GetIdentifierString();
break;
case 521:
algorithm = PublicKeyAlgorithm.ECDSA_SHA2_NISTP521.GetIdentifierString();
break;
default:
throw new ArgumentException("Unsupported EC size: " +
ecdsaParameters.Parameters.Curve.FieldSize);
}
builder.AddStringBlob(algorithm);
algorithm =
algorithm.Replace(PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_PREFIX,
string.Empty);
builder.AddStringBlob(algorithm);
builder.AddBlob(ecdsaParameters.Q.GetEncoded());
} else if (parameters is Ed25519PublicKeyParameter) {
builder.AddStringBlob(PublicKeyAlgorithm.ED25519.GetIdentifierString());
builder.AddBlob(((Ed25519PublicKeyParameter)parameters).Key);
} else {
throw new ArgumentException(parameters.GetType() + " is not supported");
}
byte[] result = builder.GetBlob();
builder.Clear();
return result;
}
public override void Serialize(Stream aStream, object aObject)
{
/* check for required parameters */
if (aStream == null)
{
throw new ArgumentNullException("aStream");
}
if (aObject == null)
{
throw new ArgumentNullException("aObject");
}
PasswordFinder pwFinder = null;
if (GetPassphraseCallbackMethod != null)
{
pwFinder = new PasswordFinder(GetPassphraseCallbackMethod);
}
PinnedArray <char> passphrase = null;
if (pwFinder != null)
{
passphrase = new PinnedArray <char>(0);
passphrase.Data = pwFinder.GetPassword();
}
byte cipherType;
if (passphrase == null || passphrase.Data.Length == 0)
{
cipherType = SSH_CIPHER_NONE;
}
else
{
cipherType = SSH_CIPHER_3DES;
}
BlobBuilder builder = new BlobBuilder();
ISshKey sshKey = aObject as ISshKey;
RsaKeyParameters publicKeyParams = sshKey.GetPublicKeyParameters()
as RsaKeyParameters;
RsaPrivateCrtKeyParameters privateKeyParams = sshKey.GetPrivateKeyParameters()
as RsaPrivateCrtKeyParameters;
/* writing info headers */
builder.AddBytes(Encoding.ASCII.GetBytes(FILE_HEADER_LINE + "\n"));
builder.AddUInt8(0); //end of string
builder.AddUInt8(cipherType); //cipher
builder.AddInt(0); //reserved
/* writing public key */
builder.AddInt(sshKey.Size);
builder.AddSsh1BigIntBlob(publicKeyParams.Modulus);
builder.AddSsh1BigIntBlob(publicKeyParams.Exponent);
builder.AddStringBlob(sshKey.Comment);
/* writing private key */
BlobBuilder privateKeyBuilder = new BlobBuilder();
/* adding some control values */
Random random = new Random();
byte[] resultCheck = new byte[2];
random.NextBytes(resultCheck);
privateKeyBuilder.AddUInt8(resultCheck[0]);
privateKeyBuilder.AddUInt8(resultCheck[1]);
privateKeyBuilder.AddUInt8(resultCheck[0]);
privateKeyBuilder.AddUInt8(resultCheck[1]);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.Exponent);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.DQ);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.P);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.Q);
if (cipherType == SSH_CIPHER_NONE)
{
/* plain-text */
builder.AddBytes(privateKeyBuilder.GetBlobAsPinnedByteArray().Data);
}
else
{
byte[] keydata;
using (MD5 md5 = MD5.Create()) {
keydata = md5.ComputeHash(Encoding.ASCII.GetBytes(passphrase.Data));
}
/* encryption */
DesSsh1Engine desEngine = new DesSsh1Engine();
desEngine.Init(true, new KeyParameter(keydata));
BufferedBlockCipher bufferedBlockCipher = new BufferedBlockCipher(desEngine);
byte[] ouputBuffer = bufferedBlockCipher.ProcessBytes(
privateKeyBuilder.GetBlobAsPinnedByteArray().Data);
builder.AddBytes(ouputBuffer);
passphrase.Dispose();
}
/* writing result to file */
var builderOutput = builder.GetBlobAsPinnedByteArray();
aStream.Write(builderOutput.Data, 0, builderOutput.Data.Length);
aStream.Close();
}
public void TestAnswerSSH1_AGENTC_ADD_RSA_IDENTITY()
{
Agent agent = new TestAgent();
/* test adding RSA key */
BlobBuilder builder = new BlobBuilder();
RsaPrivateCrtKeyParameters rsaParameters =
(RsaPrivateCrtKeyParameters)rsa1Key.GetPrivateKeyParameters();
builder.AddInt(rsa1Key.Size);
builder.AddSsh1BigIntBlob(rsaParameters.Modulus);
builder.AddSsh1BigIntBlob(rsaParameters.PublicExponent);
builder.AddSsh1BigIntBlob(rsaParameters.Exponent);
builder.AddSsh1BigIntBlob(rsaParameters.QInv);
builder.AddSsh1BigIntBlob(rsaParameters.P);
builder.AddSsh1BigIntBlob(rsaParameters.Q);
builder.AddStringBlob(rsa1Key.Comment);
builder.InsertHeader(Agent.Message.SSH1_AGENTC_ADD_RSA_IDENTITY);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
Agent.BlobHeader header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
ISshKey returnedKey = agent.GetAllKeys().First();
Assert.That(returnedKey.GetPublicKeyParameters(),
Is.InstanceOf<RsaKeyParameters>());
Assert.That(returnedKey.GetPrivateKeyParameters(),
Is.InstanceOf<RsaKeyParameters>());
Assert.That(returnedKey.Size, Is.EqualTo(rsa1Key.Size));
Assert.That(returnedKey.Comment, Is.EqualTo(rsa1Key.Comment));
Assert.That(returnedKey.GetMD5Fingerprint(), Is.EqualTo(rsa1Key.GetMD5Fingerprint()));
}
public byte[] SignRequest(ISshKey aKey, byte[] aSignData)
{
BlobBuilder builder = new BlobBuilder();
switch (aKey.Version) {
case SshVersion.SSH1:
builder.AddBytes(aKey.GetPublicKeyBlob());
var engine = new Pkcs1Encoding(new RsaEngine());
engine.Init(true /* encrypt */, aKey.GetPublicKeyParameters());
var encryptedData = engine.ProcessBlock(aSignData, 0, aSignData.Length);
var challenge = new BigInteger(encryptedData);
builder.AddSsh1BigIntBlob(challenge);
builder.AddBytes(SessionId);
builder.AddInt(1); // response type - must be 1
builder.InsertHeader(Agent.Message.SSH1_AGENTC_RSA_CHALLENGE);
break;
case SshVersion.SSH2:
builder.AddBlob(aKey.GetPublicKeyBlob());
builder.AddBlob(aSignData);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST);
break;
default:
throw new Exception(cUnsupportedSshVersion);
}
BlobParser replyParser = SendMessage(builder);
var header = replyParser.ReadHeader();
switch (aKey.Version) {
case SshVersion.SSH1:
if (header.Message != Agent.Message.SSH1_AGENT_RSA_RESPONSE) {
throw new AgentFailureException();
}
byte[] response = new byte[16];
for (int i = 0; i < 16; i++) {
response[i] = replyParser.ReadByte();
}
return response;
case SshVersion.SSH2:
if (header.Message != Agent.Message.SSH2_AGENT_SIGN_RESPONSE) {
throw new AgentFailureException();
}
return replyParser.ReadBlob();
default:
throw new Exception(cUnsupportedSshVersion);
}
}
BlobBuilder CreatePrivateKeyBlob(ISshKey key)
{
var builder = new BlobBuilder();
switch (key.Version) {
case SshVersion.SSH1:
var privateKeyParams =
key.GetPrivateKeyParameters() as RsaPrivateCrtKeyParameters;
builder.AddInt(key.Size);
builder.AddSsh1BigIntBlob(privateKeyParams.Modulus);
builder.AddSsh1BigIntBlob(privateKeyParams.PublicExponent);
builder.AddSsh1BigIntBlob(privateKeyParams.Exponent);
builder.AddSsh1BigIntBlob(privateKeyParams.QInv);
builder.AddSsh1BigIntBlob(privateKeyParams.Q);
builder.AddSsh1BigIntBlob(privateKeyParams.P);
break;
case SshVersion.SSH2:
builder.AddStringBlob(key.Algorithm.GetIdentifierString());
switch (key.Algorithm) {
case PublicKeyAlgorithm.SSH_DSS:
var dsaPublicKeyParameters = key.GetPublicKeyParameters() as
DsaPublicKeyParameters;
var dsaPrivateKeyParamters = key.GetPrivateKeyParameters() as
DsaPrivateKeyParameters;
builder.AddBigIntBlob(dsaPublicKeyParameters.Parameters.P);
builder.AddBigIntBlob(dsaPublicKeyParameters.Parameters.Q);
builder.AddBigIntBlob(dsaPublicKeyParameters.Parameters.G);
builder.AddBigIntBlob(dsaPublicKeyParameters.Y);
builder.AddBigIntBlob(dsaPrivateKeyParamters.X);
break;
case PublicKeyAlgorithm.ECDSA_SHA2_NISTP256:
case PublicKeyAlgorithm.ECDSA_SHA2_NISTP384:
case PublicKeyAlgorithm.ECDSA_SHA2_NISTP521:
var ecdsaPublicKeyParameters = key.GetPublicKeyParameters() as
ECPublicKeyParameters;
var ecdsaPrivateKeyParameters = key.GetPrivateKeyParameters() as
ECPrivateKeyParameters;
builder.AddStringBlob(key.Algorithm.GetIdentifierString()
.Replace(PublicKeyAlgorithmExt.ALGORITHM_ECDSA_SHA2_PREFIX,
string.Empty));
builder.AddBlob(ecdsaPublicKeyParameters.Q.GetEncoded());
builder.AddBigIntBlob(ecdsaPrivateKeyParameters.D);
break;
case PublicKeyAlgorithm.SSH_RSA:
var rsaPrivateKeyParameters = key.GetPrivateKeyParameters() as
RsaPrivateCrtKeyParameters;
builder.AddBigIntBlob(rsaPrivateKeyParameters.Modulus);
builder.AddBigIntBlob(rsaPrivateKeyParameters.PublicExponent);
builder.AddBigIntBlob(rsaPrivateKeyParameters.Exponent);
builder.AddBigIntBlob(rsaPrivateKeyParameters.QInv);
builder.AddBigIntBlob(rsaPrivateKeyParameters.P);
builder.AddBigIntBlob(rsaPrivateKeyParameters.Q);
break;
case PublicKeyAlgorithm.ED25519:
var ed25519PublicKeyParameters = key.GetPublicKeyParameters() as
Ed25519PublicKeyParameter;
var ed25519PrivateKeyParameters = key.GetPrivateKeyParameters() as
Ed25519PrivateKeyParameter;
builder.AddBlob(ed25519PublicKeyParameters.Key);
builder.AddBlob(ed25519PrivateKeyParameters.Signature);
break;
default:
throw new Exception("Unsupported algorithm");
}
break;
default:
throw new Exception(cUnsupportedSshVersion);
}
builder.AddStringBlob(key.Comment);
return builder;
}
public void TestAnswerSSH2_AGENTC_SIGN_REQUEST()
{
const string signatureData = "this is the data that gets signed";
byte[] signatureDataBytes = Encoding.UTF8.GetBytes(signatureData);
BlobBuilder builder = new BlobBuilder();
Agent agent = new TestAgent(allKeys);
Agent.BlobHeader header;
byte[] signatureBlob;
BlobParser signatureParser;
string algorithm;
byte[] signature;
ISigner signer;
bool signatureOk;
BigInteger r, s;
DerSequence seq;
/* test signatures */
foreach (ISshKey key in allKeys.Where(key => key.Version == SshVersion.SSH2)) {
builder.Clear();
builder.AddBlob(key.GetPublicKeyBlob());
builder.AddStringBlob(signatureData);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
/* check that proper response type was received */
header = parser.ReadHeader();
Assert.That(header.Message,
Is.EqualTo(Agent.Message.SSH2_AGENT_SIGN_RESPONSE));
signatureBlob = parser.ReadBlob();
signatureParser = new BlobParser(signatureBlob);
algorithm = signatureParser.ReadString();
Assert.That(algorithm, Is.EqualTo(key.Algorithm.GetIdentifierString()));
signature = signatureParser.ReadBlob();
if (key.Algorithm == PublicKeyAlgorithm.SSH_RSA) {
Assert.That(signature.Length == key.Size / 8);
} else if (key.Algorithm == PublicKeyAlgorithm.SSH_DSS) {
Assert.That(signature.Length, Is.EqualTo(40));
r = new BigInteger(1, signature, 0, 20);
s = new BigInteger(1, signature, 20, 20);
seq = new DerSequence(new DerInteger(r), new DerInteger(s));
signature = seq.GetDerEncoded();
} else if (key.Algorithm == PublicKeyAlgorithm.ECDSA_SHA2_NISTP256 ||
key.Algorithm == PublicKeyAlgorithm.ECDSA_SHA2_NISTP384 ||
key.Algorithm == PublicKeyAlgorithm.ECDSA_SHA2_NISTP521) {
Assert.That(signature.Length, Is.AtLeast(key.Size / 4 + 8));
Assert.That(signature.Length, Is.AtMost(key.Size / 4 + 10));
BlobParser sigParser = new BlobParser(signature);
r = new BigInteger(sigParser.ReadBlob());
s = new BigInteger(sigParser.ReadBlob());
seq = new DerSequence(new DerInteger(r), new DerInteger(s));
signature = seq.GetDerEncoded();
} else if (key.Algorithm == PublicKeyAlgorithm.ED25519) {
Assert.That(signature.Length, Is.EqualTo(64));
}
signer = key.GetSigner();
signer.Init(false, key.GetPublicKeyParameters());
signer.BlockUpdate(signatureDataBytes, 0, signatureDataBytes.Length);
signatureOk = signer.VerifySignature(signature);
Assert.That(signatureOk, Is.True, "invalid signature");
Assert.That(header.BlobLength, Is.EqualTo(stream.Position - 4));
}
/* test DSA key old signature format */
builder.Clear();
builder.AddBlob(dsaKey.GetPublicKeyBlob());
builder.AddStringBlob(signatureData);
builder.AddInt((uint)Agent.SignRequestFlags.SSH_AGENT_OLD_SIGNATURE);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.Message,
Is.EqualTo(Agent.Message.SSH2_AGENT_SIGN_RESPONSE));
signatureBlob = parser.ReadBlob();
signatureParser = new BlobParser(signatureBlob);
signature = signatureParser.ReadBlob();
Assert.That(signature.Length == 40);
r = new BigInteger(1, signature, 0, 20);
s = new BigInteger(1, signature, 20, 20);
seq = new DerSequence(new DerInteger(r), new DerInteger(s));
signature = seq.GetDerEncoded();
signer = dsaKey.GetSigner();
signer.Init(false, dsaKey.GetPublicKeyParameters());
signer.BlockUpdate(signatureDataBytes, 0, signatureDataBytes.Length);
signatureOk = signer.VerifySignature(signature);
Assert.That(signatureOk, Is.True, "invalid signature");
Assert.That(header.BlobLength, Is.EqualTo(stream.Position - 4));
/* test key not found */
agent = new TestAgent();
builder.Clear();
builder.AddBlob(dsaKey.GetPublicKeyBlob());
builder.AddStringBlob(signatureData);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
Agent.BlobHeader header2 = parser.ReadHeader();
Assert.That(header2.BlobLength, Is.EqualTo(1));
Assert.That(header2.Message, Is.EqualTo(Agent.Message.SSH_AGENT_FAILURE));
/* test confirm constraint */
agent = new TestAgent();
Agent.KeyConstraint testConstraint = new Agent.KeyConstraint();
testConstraint.Type = Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM;
SshKey testKey = dsaKey.Clone();
bool confirmCallbackReturnValue = false;
agent.ConfirmUserPermissionCallback = delegate(ISshKey k, Process p)
{
return confirmCallbackReturnValue;
};
testKey.AddConstraint(testConstraint);
agent.AddKey(testKey);
builder.Clear();
builder.AddBlob(dsaKey.GetPublicKeyBlob());
builder.AddStringBlob(signatureData);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_SIGN_REQUEST);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header2 = parser.ReadHeader();
Assert.That(header2.BlobLength, Is.EqualTo(1));
Assert.That(header2.Message, Is.EqualTo(Agent.Message.SSH_AGENT_FAILURE));
confirmCallbackReturnValue = true;
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header2 = parser.ReadHeader();
Assert.That(header2.BlobLength, Is.Not.EqualTo(1));
Assert.That(header2.Message, Is.EqualTo(Agent.Message.SSH2_AGENT_SIGN_RESPONSE));
}
public void TestAnswerSSH1_AGENTC_RSA_CHALLENGE()
{
Agent agent = new TestAgent(allKeys);
/* test answering to RSA challenge */
BlobBuilder builder = new BlobBuilder();
RsaPrivateCrtKeyParameters rsaParameters =
(RsaPrivateCrtKeyParameters)rsa1Key.GetPrivateKeyParameters();
builder.AddInt(rsa1Key.Size);
builder.AddSsh1BigIntBlob(rsaParameters.PublicExponent);
builder.AddSsh1BigIntBlob(rsaParameters.Modulus);
byte[] decryptedChallenge = new byte[8];
byte[] sessionId = new byte[16];
Random random = new Random();
random.NextBytes(decryptedChallenge);
random.NextBytes(sessionId);
IAsymmetricBlockCipher engine = new Pkcs1Encoding(new RsaEngine());
engine.Init(true, rsa1Key.GetPublicKeyParameters());
byte[] encryptedChallenge = engine.ProcessBlock(decryptedChallenge, 0,
decryptedChallenge.Length);
BigInteger chal = new BigInteger(encryptedChallenge);
builder.AddSsh1BigIntBlob(chal);
builder.AddBytes(sessionId);
builder.AddInt(1);
builder.InsertHeader(Agent.Message.SSH1_AGENTC_RSA_CHALLENGE);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
Agent.BlobHeader header = parser.ReadHeader();
byte[] md5Received = parser.ReadBytes(16);
/* check that proper response type was received */
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH1_AGENT_RSA_RESPONSE));
using (MD5 md5 = MD5.Create())
{
byte[] md5Buffer = new byte[48];
decryptedChallenge.CopyTo(md5Buffer, 0);
sessionId.CopyTo(md5Buffer, 32);
byte[] md5Expected = md5.ComputeHash(md5Buffer);
/* check the encrypted challenge was successfully read */
Assert.That(md5Received, Is.EqualTo(md5Expected));
}
}
public void TestAnswerSSH2_AGENTC_ADD_ID_CONSTRAINED()
{
/* most code is shared with SSH2_AGENTC_ADD_IDENTITY, so we just
* need to test the differences */
Agent.ConfirmUserPermissionDelegate confirmCallback =
delegate(ISshKey k, Process p) { return true; };
Agent agent = new TestAgent();
/* test that no confirmation callback returns failure */
BlobBuilder builder = new BlobBuilder();
RsaPrivateCrtKeyParameters rsaParameters =
(RsaPrivateCrtKeyParameters)rsaKey.GetPrivateKeyParameters();
builder.AddStringBlob(rsaKey.Algorithm.GetIdentifierString());
builder.AddBigIntBlob(rsaParameters.Modulus);
builder.AddBigIntBlob(rsaParameters.PublicExponent);
builder.AddBigIntBlob(rsaParameters.Exponent);
builder.AddBigIntBlob(rsaParameters.QInv);
builder.AddBigIntBlob(rsaParameters.P);
builder.AddBigIntBlob(rsaParameters.Q);
builder.AddStringBlob(rsaKey.Comment);
//save blob so far so we don't have to repeat later.
byte[] commonBlob = builder.GetBlob();
builder.AddByte((byte)Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_ADD_ID_CONSTRAINED);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
Agent.BlobHeader header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_FAILURE));
/* test adding key with confirm constraint */
agent = new TestAgent();
agent.ConfirmUserPermissionCallback = confirmCallback;
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
ISshKey returnedKey = agent.GetAllKeys().First();
Assert.That(returnedKey.Constraints.Count(), Is.EqualTo(1));
Assert.That(returnedKey.Constraints[0].Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM));
Assert.That(returnedKey.Constraints[0].Data, Is.Null);
/* test adding key with lifetime constraint */
agent = new TestAgent();
builder.Clear();
builder.AddBytes(commonBlob);
builder.AddByte((byte)Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME);
builder.AddInt(10);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_ADD_ID_CONSTRAINED);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
returnedKey = agent.GetAllKeys().First();
Assert.That(returnedKey.Constraints.Count(), Is.EqualTo(1));
Assert.That(returnedKey.Constraints[0].Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME));
Assert.That(returnedKey.Constraints[0].Data.GetType(),
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME.GetDataType()));
Assert.That(returnedKey.Constraints[0].Data, Is.EqualTo(10));
/* test adding key with multiple constraints */
agent = new TestAgent();
agent.ConfirmUserPermissionCallback = confirmCallback;
builder.Clear();
builder.AddBytes(commonBlob);
builder.AddByte((byte)Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM);
builder.AddByte((byte)Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME);
builder.AddInt(10);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_ADD_ID_CONSTRAINED);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
returnedKey = agent.GetAllKeys().First();
Assert.That(returnedKey.Constraints.Count(), Is.EqualTo(2));
Assert.That(returnedKey.Constraints[0].Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM));
Assert.That(returnedKey.Constraints[0].Data, Is.Null);
Assert.That(returnedKey.Constraints[1].Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME));
Assert.That(returnedKey.Constraints[1].Data, Is.EqualTo(10));
/* test adding key with multiple constraints in different order */
agent = new TestAgent();
agent.ConfirmUserPermissionCallback = confirmCallback;
builder.Clear();
builder.AddBytes(commonBlob);
builder.AddByte((byte)Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME);
builder.AddInt(10);
builder.AddByte((byte)Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM);
builder.InsertHeader(Agent.Message.SSH2_AGENTC_ADD_ID_CONSTRAINED);
PrepareMessage(builder);
agent.AnswerMessage(stream);
RewindStream();
header = parser.ReadHeader();
Assert.That(header.BlobLength, Is.EqualTo(1));
Assert.That(header.Message, Is.EqualTo(Agent.Message.SSH_AGENT_SUCCESS));
returnedKey = agent.GetAllKeys().First();
Assert.That(returnedKey.Constraints.Count(), Is.EqualTo(2));
Assert.That(returnedKey.Constraints[0].Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_LIFETIME));
Assert.That(returnedKey.Constraints[0].Data, Is.EqualTo(10));
Assert.That(returnedKey.Constraints[1].Type,
Is.EqualTo(Agent.KeyConstraintType.SSH_AGENT_CONSTRAIN_CONFIRM));
Assert.That(returnedKey.Constraints[1].Data, Is.Null);
}
public override void Serialize(Stream stream, object obj)
{
/* check for required parameters */
if (stream == null)
{
throw new ArgumentNullException("stream");
}
if (obj == null)
{
throw new ArgumentNullException("obj");
}
PinnedArray <char> passphrase = null;
string ciphername;
if (passphrase == null || passphrase.Data.Length == 0)
{
ciphername = KDFNAME_NONE;
}
else
{
ciphername = KDFNAME_BCRYPT;
}
var builder = new BlobBuilder();
ISshKey sshKey = obj as ISshKey;
if (sshKey == null)
{
throw new ArgumentException("Expected ISshKey", "obj");
}
var publicKeyParams = sshKey.GetPublicKeyParameters() as Ed25519PublicKeyParameter;
var privateKeyParams = sshKey.GetPrivateKeyParameters() as Ed25519PrivateKeyParameter;
/* writing info headers */
builder.AddBytes(Encoding.ASCII.GetBytes(AUTH_MAGIC));
builder.AddStringBlob(ciphername);
builder.AddStringBlob(ciphername); //kdfname
builder.AddBlob(new byte[0]); // kdfoptions
/* writing public key */
builder.AddInt(1); // number of keys N
var publicKeyBuilder = new BlobBuilder();
publicKeyBuilder.AddStringBlob(PublicKeyAlgorithm.ED25519.GetIdentifierString());
publicKeyBuilder.AddBlob(publicKeyParams.Key);
builder.AddBlob(publicKeyBuilder.GetBlob());
/* writing private key */
BlobBuilder privateKeyBuilder = new BlobBuilder();
var checkint = new SecureRandom().NextInt();
privateKeyBuilder.AddInt(checkint);
privateKeyBuilder.AddInt(checkint);
privateKeyBuilder.AddStringBlob(PublicKeyAlgorithm.ED25519.GetIdentifierString());
privateKeyBuilder.AddBlob(publicKeyParams.Key);
privateKeyBuilder.AddBlob(privateKeyParams.Signature);
privateKeyBuilder.AddStringBlob(sshKey.Comment);
if (ciphername == KDFNAME_NONE)
{
/* plain-text */
builder.AddBlob(privateKeyBuilder.GetBlobAsPinnedByteArray().Data);
}
else
{
byte[] keydata;
using (MD5 md5 = MD5.Create()) {
keydata = md5.ComputeHash(Encoding.ASCII.GetBytes(passphrase.Data));
}
passphrase.Dispose();
}
/* writing result to file */
var builderOutput = builder.GetBlobAsPinnedByteArray();
using (var writer = new StreamWriter(stream)) {
writer.NewLine = "\n";
writer.WriteLine(MARK_BEGIN);
var base64Data = Util.ToBase64(builderOutput.Data);
var base64String = Encoding.UTF8.GetString(base64Data);
var offset = 0;
while (offset < base64String.Length)
{
const int maxLineLength = 70;
if (offset + maxLineLength > base64String.Length)
{
writer.WriteLine(base64String.Substring(offset));
}
else
{
writer.WriteLine(base64String.Substring(offset, maxLineLength));
}
offset += maxLineLength;
}
writer.WriteLine(MARK_END);
}
}
public void TestAddInt()
{
BlobBuilder builder = new BlobBuilder();
UInt32 value = 12345;
builder.AddInt(value);
Assert.That(builder.GetBlob(), Is.EqualTo(value.ToBytes()));
}
public override void Serialize(Stream aStream, object aObject)
{
/* check for required parameters */
if (aStream == null) {
throw new ArgumentNullException("aStream");
}
if (aObject == null) {
throw new ArgumentNullException("aObject");
}
PasswordFinder pwFinder = null;
if (GetPassphraseCallbackMethod != null) {
pwFinder = new PasswordFinder(GetPassphraseCallbackMethod);
}
PinnedArray<char> passphrase = null;
if (pwFinder != null) {
passphrase = new PinnedArray<char>(0);
passphrase.Data = pwFinder.GetPassword();
}
byte cipherType;
if (passphrase == null || passphrase.Data.Length == 0) {
cipherType = SSH_CIPHER_NONE;
} else {
cipherType = SSH_CIPHER_3DES;
}
BlobBuilder builder = new BlobBuilder();
ISshKey sshKey = aObject as ISshKey;
RsaKeyParameters publicKeyParams = sshKey.GetPublicKeyParameters()
as RsaKeyParameters;
RsaPrivateCrtKeyParameters privateKeyParams = sshKey.GetPrivateKeyParameters()
as RsaPrivateCrtKeyParameters;
/* writing info headers */
builder.AddBytes(Encoding.ASCII.GetBytes(FILE_HEADER_LINE + "\n"));
builder.AddByte(0); //end of string
builder.AddByte(cipherType); //cipher
builder.AddInt(0); //reserved
/* writing public key */
builder.AddInt(sshKey.Size);
builder.AddSsh1BigIntBlob(publicKeyParams.Modulus);
builder.AddSsh1BigIntBlob(publicKeyParams.Exponent);
builder.AddStringBlob(sshKey.Comment);
/* writing private key */
BlobBuilder privateKeyBuilder = new BlobBuilder();
/* adding some control values */
Random random = new Random();
byte[] resultCheck = new byte[2];
random.NextBytes(resultCheck);
privateKeyBuilder.AddByte(resultCheck[0]);
privateKeyBuilder.AddByte(resultCheck[1]);
privateKeyBuilder.AddByte(resultCheck[0]);
privateKeyBuilder.AddByte(resultCheck[1]);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.Exponent);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.DQ);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.P);
privateKeyBuilder.AddSsh1BigIntBlob(privateKeyParams.Q);
if (cipherType == SSH_CIPHER_NONE) {
/* plain-text */
builder.AddBytes(privateKeyBuilder.GetBlobAsPinnedByteArray().Data);
} else {
byte[] keydata;
using (MD5 md5 = MD5.Create()) {
keydata = md5.ComputeHash(Encoding.ASCII.GetBytes(passphrase.Data));
}
/* encryption */
DesSsh1Engine desEngine = new DesSsh1Engine();
desEngine.Init(true, new KeyParameter(keydata));
BufferedBlockCipher bufferedBlockCipher = new BufferedBlockCipher(desEngine);
byte[] ouputBuffer = bufferedBlockCipher.ProcessBytes(
privateKeyBuilder.GetBlobAsPinnedByteArray().Data);
builder.AddBytes(ouputBuffer);
passphrase.Dispose();
}
/* writing result to file */
var builderOutput = builder.GetBlobAsPinnedByteArray();
aStream.Write(builderOutput.Data, 0, builderOutput.Data.Length);
aStream.Close();
}
private static void VerifyIntegrity(FileData fileData)
{
BlobBuilder builder = new BlobBuilder();
if (fileData.ppkFileVersion != Version.V1)
{
builder.AddStringBlob(fileData.publicKeyAlgorithm.GetIdentifierString());
builder.AddStringBlob(fileData.privateKeyAlgorithm.GetIdentifierString());
builder.AddBlob(Encoding.GetEncoding(1252).GetBytes(fileData.comment));
builder.AddBlob(fileData.publicKeyBlob);
builder.AddInt(fileData.privateKeyBlob.Data.Length);
}
builder.AddBytes(fileData.privateKeyBlob.Data);
byte[] computedHash;
SHA1 sha = SHA1.Create();
if (fileData.isHMAC)
{
HMAC hmac = HMACSHA1.Create();
if (fileData.passphrase != null)
{
using (PinnedArray <byte> hashData =
new PinnedArray <byte>(cMACKeySalt.Length +
fileData.passphrase.Length)) {
Array.Copy(Encoding.UTF8.GetBytes(cMACKeySalt),
hashData.Data, cMACKeySalt.Length);
IntPtr passphrasePtr =
Marshal.SecureStringToGlobalAllocUnicode(fileData.passphrase);
for (int i = 0; i < fileData.passphrase.Length; i++)
{
int unicodeChar = Marshal.ReadInt16(passphrasePtr + i * 2);
byte ansiChar = Util.UnicodeToAnsi(unicodeChar);
hashData.Data[cMACKeySalt.Length + i] = ansiChar;
Marshal.WriteByte(passphrasePtr, i * 2, 0);
}
Marshal.ZeroFreeGlobalAllocUnicode(passphrasePtr);
hmac.Key = sha.ComputeHash(hashData.Data);
}
}
else
{
hmac.Key = sha.ComputeHash(Encoding.UTF8.GetBytes(cMACKeySalt));
}
computedHash = hmac.ComputeHash(builder.GetBlob());
hmac.Clear();
}
else
{
computedHash = sha.ComputeHash(builder.GetBlob());
}
sha.Clear();
builder.Clear();
try {
int macLength = computedHash.Length;
bool failed = false;
if (fileData.privateMAC.Length == macLength)
{
for (int i = 0; i < macLength; i++)
{
if (fileData.privateMAC[i] != computedHash[i])
{
failed = true;
break;
}
}
}
else
{
failed = true;
}
if (failed)
{
// private key data should start with 3 bytes with value 0 if it was
// properly decrypted or does not require decryption
if ((fileData.privateKeyBlob.Data[0] == 0) &&
(fileData.privateKeyBlob.Data[1] == 0) &&
(fileData.privateKeyBlob.Data[2] == 0))
{
// so if they bytes are there, passphrase decrypted properly and
// something else is wrong with the file contents
throw new PpkFormatterException(PpkFormatterException.PpkErrorType.FileCorrupt);
}
else
{
// if the bytes are not zeros, we assume that the data was not
// properly decrypted because the passphrase was incorrect.
throw new PpkFormatterException(PpkFormatterException.PpkErrorType.BadPassphrase);
}
}
} catch {
throw;
} finally {
Array.Clear(computedHash, 0, computedHash.Length);
}
}
