Re: [JSch-users] Problem with using a AES-256-CBC private key for authentification

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

Here is a quick hack to support the private key ciphered by AES-256-CBC,

diff -Naur jsch-0.1.40/src/com/jcraft/jsch/IdentityFile.java jsch-0.1.41/src/com/jcraft/jsch/IdentityFile.java

--- jsch-0.1.40/src/com/jcraft/jsch/IdentityFile.java	Mon Jan 21 05:47:55 2008
+++ jsch-0.1.41/src/com/jcraft/jsch/IdentityFile.java	Thu Oct 23 02:36:12 2008
@@ -172,6 +172,20 @@
           i+=3;
 	  continue;
 	}
+        if(buf[i]=='A'&& buf[i+1]=='E'&& buf[i+2]=='S'&& buf[i+3]=='-' && 
+           buf[i+4]=='2'&& buf[i+5]=='5'&& buf[i+6]=='6'&& buf[i+7]=='-'){
+          i+=8;
+          if(Session.checkCipher((String)jsch.getConfig("aes256-cbc"))){
+            c=Class.forName((String)jsch.getConfig("aes256-cbc"));
+            cipher=(Cipher)(c.newInstance());
+            key=new byte[cipher.getBlockSize()];
+            iv=new byte[cipher.getIVSize()];
+          }
+          else{
+            throw new JSchException("privatekey: aes256-cbc is not available "+identity);
+          }
+          continue;
+        }
         if(buf[i]=='C'&& buf[i+1]=='B'&& buf[i+2]=='C'&& buf[i+3]==','){
           i+=4;
 	  for(int ii=0; ii<iv.length; ii++){
@@ -362,7 +376,7 @@
 	  for(int index=0; index+hsize<=hn.length;){
 	    if(tmp!=null){ hash.update(tmp, 0, tmp.length); }
 	    hash.update(passphrase, 0, passphrase.length);
-	    hash.update(iv, 0, iv.length);
+	    hash.update(iv, 0, iv.length > 8 ? 8: iv.length);
 	    tmp=hash.digest();
 	    System.arraycopy(tmp, 0, hn, index, tmp.length);
 	    index+=tmp.length;
diff -Naur jsch-0.1.40/src/com/jcraft/jsch/Session.java jsch-0.1.41/src/com/jcraft/jsch/Session.java
--- jsch-0.1.40/src/com/jcraft/jsch/Session.java	Fri Sep 26 09:00:48 2008
+++ jsch-0.1.41/src/com/jcraft/jsch/Session.java	Thu Oct 23 02:37:04 2008
@@ -1858,14 +1858,7 @@
     java.util.Vector result=new java.util.Vector();
     String[] _ciphers=Util.split(ciphers, ",");
     for(int i=0; i<_ciphers.length; i++){
-      try{
-        Class c=Class.forName(getConfig(_ciphers[i]));
-        Cipher _c=(Cipher)(c.newInstance());
-        _c.init(Cipher.ENCRYPT_MODE, 
-                new byte[_c.getBlockSize()],
-                new byte[_c.getIVSize()]);
-      }
-      catch(Exception e){
+      if(!checkCipher(getConfig(_ciphers[i]))){
         result.addElement(_ciphers[i]);
       }
     }
@@ -1883,4 +1876,18 @@
 
     return foo;
   }
+
+  static boolean checkCipher(String cipher){
+    try{
+      Class c=Class.forName(cipher);
+      Cipher _c=(Cipher)(c.newInstance());
+      _c.init(Cipher.ENCRYPT_MODE, 
+              new byte[_c.getBlockSize()],
+              new byte[_c.getIVSize()]);
+      return true;
+    }
+    catch(Exception e){
+      return false;
+    }
+  }
 }


