Use OpenSSL cipher directly to decrypt SSH private keys

jas14 · jas14 · commit b4e4c998af90 · 2026-02-20T16:39:02.000-08:00
diff --git a/lib/net/ssh/authentication/ed25519.rb b/lib/net/ssh/authentication/ed25519.rb
@@ -80,9 +80,31 @@ def self.read(datafull, password)
               key = '\x00' * (keylen + ivlen)
             end
 
-            cipher = CipherFactory.get(ciphername, key: key[0...keylen], iv: key[keylen...keylen + ivlen], decrypt: true)
+            if ciphername == 'none'
+              cipher = Transport::IdentityCipher
+            else
+              cipher = OpenSSL::Cipher.new(CipherFactory::SSH_TO_OSSL[ciphername])
+              cipher.decrypt
+              cipher.key = key[0...keylen]
+              cipher.iv  = key[keylen...keylen + ivlen]
+              cipher.padding = 0
+            end
+
+            encrypted_data = buffer.remainder_as_buffer.to_s
+
+            # TODO: test with chacha poly
+            decoded = if cipher.authenticated?
+                        # tested with GCM
+                        ciphertext = encrypted_data[0...-16]
+                        auth_tag = encrypted_data[-16..]
+                        cipher.auth_tag = auth_tag
+                        cipher.auth_data = ''
+                        cipher.update(ciphertext)
+                      else
+                        # tested with CBC
+                        cipher.update(encrypted_data)
+                      end
 
-            decoded = cipher.update(buffer.remainder_as_buffer.to_s)
             decoded << cipher.final
 
             decoded = Net::SSH::Buffer.new(decoded)
diff --git a/lib/net/ssh/transport/chacha20_poly1305_cipher.rb b/lib/net/ssh/transport/chacha20_poly1305_cipher.rb
@@ -111,6 +111,10 @@ def self.block_size
         def self.key_length
           64
         end
+
+        def self.iv_len
+          12
+        end
       end
     end
   end
diff --git a/lib/net/ssh/transport/cipher_factory.rb b/lib/net/ssh/transport/cipher_factory.rb
@@ -30,6 +30,10 @@ class CipherFactory
           "aes128-ctr" => ::OpenSSL::Cipher.ciphers.include?("aes-128-ctr") ? "aes-128-ctr" : "aes-128-ecb",
           'cast128-ctr' => 'cast5-ecb',
 
+          'aes128-gcm@openssh.com' => 'aes-128-gcm',
+          'aes256-gcm@openssh.com' => 'aes-256-gcm',
+          'chacha20-poly1305@openssh.com' => 'chacha20-poly1305',
+
           'none' => 'none'
         }
 
diff --git a/lib/net/ssh/transport/identity_cipher.rb b/lib/net/ssh/transport/identity_cipher.rb
@@ -58,6 +58,10 @@ def reset
           def implicit_mac?
             false
           end
+
+          def authenticated?
+            false
+          end
         end
       end
     end

Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,10 @@ class CipherFactory`
`30`	`30`	`"aes128-ctr" => ::OpenSSL::Cipher.ciphers.include?("aes-128-ctr") ? "aes-128-ctr" : "aes-128-ecb",`
`31`	`31`	`'cast128-ctr' => 'cast5-ecb',`
`32`	`32`
	`33`	`+ 'aes128-gcm@openssh.com' => 'aes-128-gcm',`
	`34`	`+ 'aes256-gcm@openssh.com' => 'aes-256-gcm',`
	`35`	`+ 'chacha20-poly1305@openssh.com' => 'chacha20-poly1305',`
	`36`	`+`
`33`	`37`	`'none' => 'none'`
`34`	`38`	`}`
`35`	`39`