Add an IV argument to aes_{en,de}crypt_pubkey.

No functional change: currently, the IV passed in is always zero (except in the test suite). But this prepares to change that in a future revision of the key file format.
2025-07-02 03:52:49 -05:00 · 2021-02-18 17:48:06 +00:00
parent 609502b04b
commit c61158aa34
6 changed files with 36 additions and 19 deletions
--- a/sshpubk.c
+++ b/sshpubk.c
@ -608,6 +608,8 @@ static int userkey_parse_line_counter(const char *text)
        return -1;
 }

+static const unsigned char zero_iv[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
+
 ssh2_userkey *ppk_load_s(BinarySource *src, const char *passphrase,
                         const char **errorstr)
 {
@ -729,7 +731,8 @@ ssh2_userkey *ppk_load_s(BinarySource *src, const char *passphrase,
            goto error;

        ssh2_ppk_derivekey(ptrlen_from_asciz(passphrase), key);
-        aes256_decrypt_pubkey(key, private_blob->u, private_blob->len);
+        aes256_decrypt_pubkey(key, zero_iv,
+                              private_blob->u, private_blob->len);
    }

    /*
@ -1323,7 +1326,8 @@ strbuf *ppk_save_sb(ssh2_userkey *key, const char *passphrase)
        unsigned char key[40];

        ssh2_ppk_derivekey(ptrlen_from_asciz(passphrase), key);
-        aes256_encrypt_pubkey(key, priv_blob_encrypted, priv_encrypted_len);
+        aes256_encrypt_pubkey(key, zero_iv,
+                              priv_blob_encrypted, priv_encrypted_len);

        smemclr(key, sizeof(key));
    }