Add an IV argument to aes_{en,de}crypt_pubkey.

No functional change: currently, the IV passed in is always zero (except in the test suite). But this prepares to change that in a future revision of the key file format.
2025-06-30 19:12:48 -05:00 · 2021-02-18 17:48:06 +00:00
parent 609502b04b
commit c61158aa34
6 changed files with 36 additions and 19 deletions
--- a/sshauxcrypt.c
+++ b/sshauxcrypt.c
@ -11,30 +11,28 @@

 #include "ssh.h"

-static ssh_cipher *aes256_pubkey_cipher(const void *key)
+static ssh_cipher *aes256_pubkey_cipher(const void *key, const void *iv)
 {
    /*
     * PuTTY's own .PPK format for SSH-2 private key files is
     * encrypted with 256-bit AES in CBC mode.
     */
-    char iv[16];
-    memset(iv, 0, 16);
    ssh_cipher *cipher = ssh_cipher_new(&ssh_aes256_cbc);
    ssh_cipher_setkey(cipher, key);
    ssh_cipher_setiv(cipher, iv);
    return cipher;
 }

-void aes256_encrypt_pubkey(const void *key, void *blk, int len)
+void aes256_encrypt_pubkey(const void *key, const void *iv, void *blk, int len)
 {
-    ssh_cipher *c = aes256_pubkey_cipher(key);
+    ssh_cipher *c = aes256_pubkey_cipher(key, iv);
    ssh_cipher_encrypt(c, blk, len);
    ssh_cipher_free(c);
 }

-void aes256_decrypt_pubkey(const void *key, void *blk, int len)
+void aes256_decrypt_pubkey(const void *key, const void *iv, void *blk, int len)
 {
-    ssh_cipher *c = aes256_pubkey_cipher(key);
+    ssh_cipher *c = aes256_pubkey_cipher(key, iv);
    ssh_cipher_decrypt(c, blk, len);
    ssh_cipher_free(c);
 }