Support aes256-ctr encryption when imported OpenSSH keys.

OpenSSH 7.6 switched from aes256-cbc to aes256-ctr for encrypting new-style private keys.
2025-01-09 17:38:00 +00:00 · 2018-04-09 09:28:43 +02:00 · 2018-04-09 09:28:43 +02:00 · eaac8768e4
commit eaac8768e4
parent f41d365029
3 changed files with 15 additions and 4 deletions
--- a/import.c
+++ b/import.c
@ -1270,7 +1270,7 @@ int openssh_pem_write(const Filename *filename, struct ssh2_userkey *key,
 */

 typedef enum {
-    ON_E_NONE, ON_E_AES256CBC
+    ON_E_NONE, ON_E_AES256CBC, ON_E_AES256CTR
 } openssh_new_cipher;
 typedef enum {
    ON_K_NONE, ON_K_BCRYPT
@ -1409,6 +1409,8 @@ static struct openssh_new_key *load_openssh_new_key(const Filename *filename,
        ret->cipher = ON_E_NONE;
    } else if (match_ssh_id(stringlen, string, "aes256-cbc")) {
        ret->cipher = ON_E_AES256CBC;
+    } else if (match_ssh_id(stringlen, string, "aes256-ctr")) {
+        ret->cipher = ON_E_AES256CTR;
    } else {
        errmsg = "unrecognised cipher name\n";
        goto error;
@ -1568,6 +1570,7 @@ struct ssh2_userkey *openssh_new_read(const Filename *filename,
            keysize = 0;
            break;
          case ON_E_AES256CBC:
+          case ON_E_AES256CTR:
            keysize = 48;              /* 32 byte key + 16 byte IV */
            break;
          default:
@ -1592,6 +1595,7 @@ struct ssh2_userkey *openssh_new_read(const Filename *filename,
          case ON_E_NONE:
            break;
          case ON_E_AES256CBC:
+          case ON_E_AES256CTR:
            if (key->privatelen % 16 != 0) {
                errmsg = "private key container length is not a"
                    " multiple of AES block size\n";
@ -1601,8 +1605,14 @@ struct ssh2_userkey *openssh_new_read(const Filename *filename,
                void *ctx = aes_make_context();
                aes256_key(ctx, keybuf);
                aes_iv(ctx, keybuf + 32);
-                aes_ssh2_decrypt_blk(ctx, key->privatestr,
-                                     key->privatelen);
+                if (key->cipher == ON_E_AES256CBC) {
+                    aes_ssh2_decrypt_blk(ctx, key->privatestr,
+                                         key->privatelen);
+                }
+                else {
+                    aes_ssh2_sdctr(ctx, key->privatestr,
+                                   key->privatelen);
+                }
                aes_free_context(ctx);
            }
            break;
--- a/ssh.h
+++ b/ssh.h
@ -489,6 +489,7 @@ void aes256_key(void *handle, unsigned char *key);
 void aes_iv(void *handle, unsigned char *iv);
 void aes_ssh2_encrypt_blk(void *handle, unsigned char *blk, int len);
 void aes_ssh2_decrypt_blk(void *handle, unsigned char *blk, int len);
+void aes_ssh2_sdctr(void *handle, unsigned char *blk, int len);

 /*
 * PuTTY version number formatted as an SSH version string. 
--- a/sshaes.c
+++ b/sshaes.c
@ -1022,7 +1022,7 @@ void aes_ssh2_decrypt_blk(void *handle, unsigned char *blk, int len)
    aes_decrypt_cbc(blk, len, ctx);
 }

-static void aes_ssh2_sdctr(void *handle, unsigned char *blk, int len)
+void aes_ssh2_sdctr(void *handle, unsigned char *blk, int len)
 {
    AESContext *ctx = (AESContext *)handle;
    aes_sdctr(blk, len, ctx);