/*
* sshauxcrypt.c: wrapper functions on crypto primitives for use in
* other contexts than the main SSH packet protocol, such as
* encrypting private key files and performing XDM-AUTHORIZATION-1.
*
* These all work through the standard cipher/hash/MAC APIs, so they
* don't need to live in the same actual source files as the ciphers
* they wrap, and I think it keeps things tidier to have them out of
* the way here instead.
*/
#include "ssh.h"
static ssh_cipher *aes256_pubkey_cipher(const void *key)
{
/*
* PuTTY's own .PPK format for SSH-2 private key files is
* encrypted with 256-bit AES in CBC mode.
*/
char iv[16];
memset(iv, 0, 16);
ssh_cipher *cipher = ssh_cipher_new(&ssh_aes256_cbc);
ssh_cipher_setkey(cipher, key);
ssh_cipher_setiv(cipher, iv);
return cipher;
}
void aes256_encrypt_pubkey(const void *key, void *blk, int len)
{
ssh_cipher *c = aes256_pubkey_cipher(key);
ssh_cipher_encrypt(c, blk, len);
ssh_cipher_free(c);
}
void aes256_decrypt_pubkey(const void *key, void *blk, int len)
{
ssh_cipher *c = aes256_pubkey_cipher(key);
ssh_cipher_decrypt(c, blk, len);
ssh_cipher_free(c);
}
static ssh_cipher *des3_pubkey_cipher(const void *vkey)
{
/*
* SSH-1 private key files are encrypted with triple-DES in SSH-1
* style (three separate CBC layers), but the same key is used for
* the first and third layers.
*/
ssh_cipher *c = ssh_cipher_new(&ssh_3des_ssh1);
uint8_t keys3[24], iv[8];
memcpy(keys3, vkey, 16);
memcpy(keys3 + 16, vkey, 8);
ssh_cipher_setkey(c, keys3);
smemclr(keys3, sizeof(keys3));
memset(iv, 0, 8);
ssh_cipher_setiv(c, iv);
return c;
}
void des3_decrypt_pubkey(const void *vkey, void *vblk, int len)
{
ssh_cipher *c = des3_pubkey_cipher(vkey);
ssh_cipher_decrypt(c, vblk, len);
ssh_cipher_free(c);
}
void des3_encrypt_pubkey(const void *vkey, void *vblk, int len)
{
ssh_cipher *c = des3_pubkey_cipher(vkey);
ssh_cipher_encrypt(c, vblk, len);
ssh_cipher_free(c);
}
static ssh_cipher *des3_pubkey_ossh_cipher(const void *vkey, const void *viv)
{
/*
* OpenSSH PEM private key files are encrypted with triple-DES in
* SSH-2 style (one CBC layer), with three distinct keys, and an
* IV also generated from the passphrase.
*/
ssh_cipher *c = ssh_cipher_new(&ssh_3des_ssh2);
ssh_cipher_setkey(c, vkey);
ssh_cipher_setiv(c, viv);
return c;
}
void des3_decrypt_pubkey_ossh(const void *vkey, const void *viv,
void *vblk, int len)
{
ssh_cipher *c = des3_pubkey_ossh_cipher(vkey, viv);
ssh_cipher_decrypt(c, vblk, len);
ssh_cipher_free(c);
}
void des3_encrypt_pubkey_ossh(const void *vkey, const void *viv,
void *vblk, int len)
{
ssh_cipher *c = des3_pubkey_ossh_cipher(vkey, viv);
ssh_cipher_encrypt(c, vblk, len);
ssh_cipher_free(c);
}
static ssh_cipher *des_xdmauth_cipher(const void *vkeydata)
{
/*
* XDM-AUTHORIZATION-1 uses single-DES, but packs the key into 7
* bytes, so here we have to repack it manually into the canonical
* form where it occupies 8 bytes each with the low bit unused.
*/
const unsigned char *keydata = (const unsigned char *)vkeydata;
unsigned char key[8];
int i, nbits, j;
unsigned int bits;
bits = 0;
nbits = 0;
j = 0;
for (i = 0; i < 8; i++) {
if (nbits < 7) {
bits = (bits << 8) | keydata[j];
nbits += 8;
j++;
}
key[i] = (bits >> (nbits - 7)) << 1;
bits &= ~(0x7F << (nbits - 7));
nbits -= 7;
}
ssh_cipher *c = ssh_cipher_new(&ssh_des);
ssh_cipher_setkey(c, key);
smemclr(key, sizeof(key));
ssh_cipher_setiv(c, key);
return c;
}
void des_encrypt_xdmauth(const void *keydata, void *blk, int len)
{
ssh_cipher *c = des_xdmauth_cipher(keydata);
ssh_cipher_encrypt(c, blk, len);
ssh_cipher_free(c);
}
void des_decrypt_xdmauth(const void *keydata, void *blk, int len)
{
ssh_cipher *c = des_xdmauth_cipher(keydata);
ssh_cipher_decrypt(c, blk, len);
ssh_cipher_free(c);
}
void hash_simple(const ssh_hashalg *alg, ptrlen data, void *output)
{
ssh_hash *hash = ssh_hash_new(alg);
put_datapl(hash, data);
ssh_hash_final(hash, output);
}
void mac_simple(const ssh2_macalg *alg, ptrlen key, ptrlen data, void *output)
{
ssh2_mac *mac = ssh2_mac_new(alg, NULL);
ssh2_mac_setkey(mac, key);
ssh2_mac_start(mac);
put_datapl(mac, data);
ssh2_mac_genresult(mac, output);
ssh2_mac_free(mac);
}