openwall · peshev · Dec 29, 2024 · Dec 29, 2024
diff --git a/run/ssh2john.py b/run/ssh2john.py
@@ -186,7 +186,7 @@ def read_private_key(filename):
         if keysize == 24 and encryption_type == "AES-192-CBC" and (ktype == 0 or ktype == 1):  # RSA, DSA keys using AES-192
             hashline = "%s%s:$sshng$%s$%s$%s$%s$%s" % (f.name, filename_idx, 4, len(saltstr) // 2,
                 saltstr, len(data) // 2, data)
-        elif keysize == 32 and encryption_type == "AES-256-CBC" and (ktype == 0 or ktype == 1 or ktype == 3):  # RSA, DSA, EC keys using AES-256
+        elif keysize == 32 and encryption_type == "AES-256-CBC" and (ktype == 0 or ktype == 1):  # RSA, DSA keys using AES-256
             hashline = "%s%s:$sshng$%s$%s$%s$%s$%s" % (f.name, filename_idx, 5, len(saltstr) // 2,
                 saltstr, len(data) // 2, data)
         elif keysize == 24:
@@ -198,6 +198,9 @@ def read_private_key(filename):
         elif keysize == 16 and ktype == 3:  # EC keys using AES-128
             hashline = "%s%s:$sshng$%s$%s$%s$%s$%s" % (f.name, filename_idx, 3, len(saltstr) // 2,
                 saltstr, len(data) // 2, data)
+        elif keysize == 32 and ktype == 3:  # EC keys using AES-256
+            hashline = "%s%s:$sshng$%s$%s$%s$%s$%s" % (f.name, filename_idx, 7, len(saltstr) // 2,
+                saltstr, len(data) // 2, data)
         elif keysize == 32 and encryption_type == "AES-256-CBC" and ktype == 2:  # bcrypt pbkdf + aes-256-cbc
             hashline = "%s%s:$sshng$%s$%s$%s$%s$%s$%d$%d" % (f.name, filename_idx, 2, len(saltstr) // 2,
                 saltstr, len(data) // 2, data, rounds, ciphertext_begin_offset)

diff --git a/src/ssh_common_plug.c b/src/ssh_common_plug.c
@@ -63,7 +63,7 @@ int ssh_valid(char *ciphertext, struct fmt_main *self)
 		       goto err;
 	}
 
-	if (cipher < 0 || cipher > 6) {
+	if (cipher < 0 || cipher > 7) {
 		fprintf(stderr, "[%s] cipher value of %d is not supported!\n",
 		        self->params.label, cipher);
 		goto err;

diff --git a/src/ssh_fmt_plug.c b/src/ssh_fmt_plug.c
@@ -380,6 +380,16 @@ static void common_crypt_code(char *password, unsigned char *out, int full_decry
 		AES_set_decrypt_key(key, 128, &akey);
 		// full decrypt
 		AES_cbc_encrypt(cur_salt->ct, out, cur_salt->ctl, &akey, iv, AES_DECRYPT);
+	} else if (cur_salt->cipher == 7) { // EC keys with AES-256
+		unsigned char key[32];
+		AES_KEY akey;
+		unsigned char iv[16];
+
+		memcpy(iv, cur_salt->salt, 16);
+		generate_key_bytes(32, (unsigned char*)password, key);
+		AES_set_decrypt_key(key, 256, &akey);
+		// full decrypt
+		AES_cbc_encrypt(cur_salt->ct, out, cur_salt->ctl, &akey, iv, AES_DECRYPT);
 	} else if (cur_salt->cipher == 4) { // RSA/DSA keys with AES-192
 		unsigned char key[24];
 		AES_KEY akey;
@@ -438,7 +448,7 @@ static int crypt_all(int *pcount, struct db_salt *salt)
 		} else if (cur_salt->cipher == 2 || cur_salt->cipher == 6) {  // new ssh key format handling
 			cracked[index] =
 				!check_structure_bcrypt(out, cur_salt->ctl);
-		} else if (cur_salt->cipher == 3) { // EC keys
+		} else if (cur_salt->cipher == 3 || cur_salt->cipher == 7) { // EC keys
 			cracked[index] =
 				!check_padding_and_structure_EC(out, cur_salt->ctl, 0);
 		} else if (cur_salt->cipher == 4) {  // AES-192
@@ -481,7 +491,7 @@ static int cmp_exact(char *source, int index)
 		return !check_padding_and_structure(out, cur_salt->ctl, 1, 16);
 	} else if (cur_salt->cipher == 2 || cur_salt->cipher == 6) {  /* new ssh key format handling */
 		return 1; // XXX add more checks!
-	} else if (cur_salt->cipher == 3) { // EC keys
+	} else if (cur_salt->cipher == 3 || cur_salt->cipher == 7) { // EC keys
 		return 1;
 	} else if (cur_salt->cipher == 4) {
 		return !check_padding_and_structure(out, cur_salt->ctl, 1, 16);