Hello, all!
I have a strange issue with SharpSSH 1.1.1.13
I have no issues using SFTP session connect() method from my WinXP machine with a linux host (little-endian X86 PC), but when connecting to another linux server (unknown processor type and endianness), I get an exception in verify() method, line 84, SignatureDSA.cs. The error message is "Bad Data \r\n" and the stack trace is:
at System.Security.Cryptography.DSACryptoServiceProvider._ImportKey(IntPtr hCSP, Int32 algid, DSACspObject data)\r\n at System.Security.Cryptography.DSACryptoServiceProvider.ImportParameters(DSAParameters parameters)\r\n at Tamir.SharpSsh.jsch.jce.SignatureDSA.verify(Byte[] sig) in D:\\installs\\SharpSSH-1.1.1.13.src\\SharpSSH-1.1.1.13.src\\SharpSSH\\jsch\\jce\\SignatureDSA.cs:line 84\r\n at Tamir.SharpSsh.jsch.DHG1.next(Buffer _buf) in D:\\installs\\SharpSSH-1.1.1.13.src\\SharpSSH-1.1.1.13.src\\SharpSSH\\jsch\\DHG1.cs:line 293\r\n at Tamir.SharpSsh.jsch.Session.connect(Int32 connectTimeout) in D:\\installs\\SharpSSH-1.1.1.13.src\\SharpSSH-1.1.1.13.src\\SharpSSH\\jsch\\Session.cs:line 279
I don't know anything about the server that's causing the issue, since I don't have control over that machine. I was thinking that the issue may be that the other side is big-endian, and the DSA signature being verified is coming in in big-endian byte order. Of course, this is a guess, and I might be totally off here.
Does anyone have any suggestions on how to resolve the issue or what additional info is needed in order to help figure out what's going on?
Thank you in advance.
Regards,
Mark.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
2 years too late, but I had the same problem. The reason is that the crypto functions SharpSSH uses, only supports DSS with up to 1024-bit keys. New standards however support up to 3072-bits, and if you connect to a server that uses a >1024 DSS key, you get the Bad Data exception in ImportParameters.
My solution was to snag BigInteger.cs from the Mono project (and comment out the "Prime Testing" and "Prime Number Generation" regions). Then I replaced the "verify" function in SignatureDSA.cs with the code below (borrowed from PuTTY). As a side effect, going by the comment in PuTTY, this will also allow to correctly connect to commercial SSH servers which do not send the "ssh-dss" header.
publicboolverify(byte[]sig){cs.Close();BigIntegerr,s,w,gu1p,yu2p,gu1yu2p,u1,u2,sha,v;BigIntegerP=newBigInteger(DSAKeyInfo.P);BigIntegerQ=newBigInteger(DSAKeyInfo.Q);BigIntegerG=newBigInteger(DSAKeyInfo.G);BigIntegerY=newBigInteger(DSAKeyInfo.Y);//fromPuTTY:/**CommercialSSH (2.0.13)andOpenSSHdisagreeovertheformat*ofaDSAsignature.OpenSSHisinlinewiththeIETFdrafts:*itusesastring"ssh-dss",followedbya40-bytestring*containingtwo160-bitintegersend-to-end.CommercialSSH*can't be bothered with the header bit, and considers a DSA*signatureblobtobe_just_the40-bytestringcontaining*thetwo160-bitintegers.Wetellthemapartbymeasuring*thelength:length40meansthecommercial-SSHbug,anything*elseisassumedtobeIETF-compliant.*/longi=0;if(sig.Length!=40){intn=(int)((sig[i++]<<24)&0xff000000)|((sig[i++]<<16)&0x00ff0000)|((sig[i++]<<8)&0x0000ff00)|((sig[i++])&0x000000ff);if(n!=7||Util.getString(sig,(int)i,7)!="ssh-dss")thrownewSystem.Security.Cryptography.CryptographicException("Bad Data!\r\n");i+=7;n=(int)((sig[i++]<<24)&0xff000000)|((sig[i++]<<16)&0x00ff0000)|((sig[i++]<<8)&0x0000ff00)|((sig[i++])&0x000000ff);if(n!=40||i+40>sig.Length)thrownewSystem.Security.Cryptography.CryptographicException("Bad Data!\r\n");}//sigdata40bytes (2x20-byteblocks){byte[]tmp=newbyte[20];Array.Copy(sig,i,tmp,0,20);r=newBigInteger(tmp);tmp=newbyte[20];Array.Copy(sig,i+20,tmp,0,20);s=newBigInteger(tmp);}/**Step1.w<-s^-1modq.*/w=modinv(s,Q);/**Step2.u1<-SHA(message)*wmodq.*/if(sha1.Hash.Length!=20)thrownewSystem.Security.Cryptography.CryptographicException("Bad Data!\r\n");sha=newBigInteger(sha1.Hash);u1=modmul(sha,w,Q);/**Step3.u2<-r*wmodq.*/u2=modmul(r,w,Q);/**Step4.v<-(g^u1*y^u2modp)modq.*/gu1p=modpow(G,u1,P);yu2p=modpow(Y,u2,P);gu1yu2p=modmul(gu1p,yu2p,P);v=BigInteger.Modulus(gu1yu2p,Q);//v=modmul(gu1yu2p,One,Q);/**Step5.vshouldnowbeequaltor.*/returnbignum_cmp(v,r)==0;}privateBigIntegermodinv(BigIntegera,BigIntegerb){returna.ModInverse(b);}privateBigIntegermodmul(BigIntegera,BigIntegerb,BigIntegern){returnBigInteger.Modulus(a*b,n);}privateBigIntegermodpow(BigIntegera,BigIntegerexp,BigIntegern){returna.ModPow(exp,n);}privateBigInteger.Signbignum_cmp(BigIntegera,BigIntegerb){returna.Compare(b);}privateBigIntegerbigmod(BigIntegera,BigIntegerb){returnBigInteger.Modulus(a,b);}
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello, all!
I have a strange issue with SharpSSH 1.1.1.13
I have no issues using SFTP session connect() method from my WinXP machine with a linux host (little-endian X86 PC), but when connecting to another linux server (unknown processor type and endianness), I get an exception in verify() method, line 84, SignatureDSA.cs. The error message is "Bad Data \r\n" and the stack trace is:
at System.Security.Cryptography.DSACryptoServiceProvider._ImportKey(IntPtr hCSP, Int32 algid, DSACspObject data)\r\n at System.Security.Cryptography.DSACryptoServiceProvider.ImportParameters(DSAParameters parameters)\r\n at Tamir.SharpSsh.jsch.jce.SignatureDSA.verify(Byte[] sig) in D:\\installs\\SharpSSH-1.1.1.13.src\\SharpSSH-1.1.1.13.src\\SharpSSH\\jsch\\jce\\SignatureDSA.cs:line 84\r\n at Tamir.SharpSsh.jsch.DHG1.next(Buffer _buf) in D:\\installs\\SharpSSH-1.1.1.13.src\\SharpSSH-1.1.1.13.src\\SharpSSH\\jsch\\DHG1.cs:line 293\r\n at Tamir.SharpSsh.jsch.Session.connect(Int32 connectTimeout) in D:\\installs\\SharpSSH-1.1.1.13.src\\SharpSSH-1.1.1.13.src\\SharpSSH\\jsch\\Session.cs:line 279
I don't know anything about the server that's causing the issue, since I don't have control over that machine. I was thinking that the issue may be that the other side is big-endian, and the DSA signature being verified is coming in in big-endian byte order. Of course, this is a guess, and I might be totally off here.
Does anyone have any suggestions on how to resolve the issue or what additional info is needed in order to help figure out what's going on?
Thank you in advance.
Regards,
Mark.
2 years too late, but I had the same problem. The reason is that the crypto functions SharpSSH uses, only supports DSS with up to 1024-bit keys. New standards however support up to 3072-bits, and if you connect to a server that uses a >1024 DSS key, you get the Bad Data exception in ImportParameters.
My solution was to snag BigInteger.cs from the Mono project (and comment out the "Prime Testing" and "Prime Number Generation" regions). Then I replaced the "verify" function in SignatureDSA.cs with the code below (borrowed from PuTTY). As a side effect, going by the comment in PuTTY, this will also allow to correctly connect to commercial SSH servers which do not send the "ssh-dss" header.
Forgot to mention that "Allow unsafe code" has to be enabled for this to work, because BigInteger has a couple of unsafe functions.
Works great. Just change the
by
in the new verify method given by SnowCoder in the
block.
Check this archive for corrected version of the files (thanks to Daniel Cai):
(error in wiki editor)
the correction is: sig
Ok I got it.
The Sourceforge forum does not show the characters "OpeningBracket" - "i" - "PlusPlus" - "ClosingBracket"