Re: modifying putty to include the symmetric key in the logs

From: Simon Tatham <anakin@xxxxxxxxx>
Date: 12 Feb 2009 07:35:09 +0000 (GMT)

On Feb 5, 2:57 pm, yawnmoth <terra1...@xxxxxxxxx> wrote:

I'm trying to modify putty to include the symmetric key in the logs
and had a few questions about it.

In ssh.c, there's this:

ssh->sccipher->setkey(ssh->sc_cipher_ctc, keyspace);

I added, after that, this:

logevent("key is:");
logevent((char *)keyspace);

'keyspace' is an array of 'unsigned char' values, each containing 8
bits of essentially random binary data.

logevent() is expecting a _string_: an array of char values, each
containing a printable ASCII character, and marked at the end with a
zero byte to indicate where it finishes. Naturally, if you feed it
an array of random bytes, it will print gibberish and unprintable
values, and will only terminate the string if you get lucky enough
to encounter a zero byte somewhere in between.

You need to convert the binary key data into some printable output
form. For instance, you might write something like

{
char keyoutput[256];
int i;
for (i = 0; i < 32; i++)
sprintf(keyoutput + i*3, "%02x%s", keyspace[i], i==31 ? "" : ":");
logevent("key is: %s", i);
}

I also tried logevent(keyspace) since that's what's done for the host
key fingerprint:

if (!s->got_session_id) { /* don't bother logging this in rekeys */
logevent("Host key fingerprint is:");
logevent(s->fingerprint);
}

That's completely different, because fingerprint _is_ a string
variable: the function that fills it in in (sshrsa.c or sshdss.c)
has deliberately filled it with printable ASCII.

That got me 64, 64, and 4, which I don't understand. Since AES-256
CBC is being used, shouldn't sizeof(keyspace) == 32?

'keyspace' is declared to be large enough to cope with any symmetric
key that any of PuTTY's algorithms might need. You're currently not
interested in its physical size: you want to know how much of the
data in it which is _currently considered interesting by the code_.
The compile-time sizeof() operator cannot tell you that, because the
compiler doesn't know it.

If you're having trouble with this sort of thing, I'd recommend
reading up on the basics of the C language a bit. You seem to be
expecting behaviour which requires complex run-time support to
provide, and C has none (which is the whole point of it, in a way).

Finally, a word about the thing you're trying to achieve, The PuTTY
team have considered a logging mode which saves symmetric keys and
Diffie-Hellman input values, with the intention of aiding debugging
of cryptographic algorithm implementations by providing all the
information required to independently verify every cryptographic
operation. We haven't yet done it, because we are concerned about
the security implications if used in a context where an attacker can
read your log file. Of course such an attacker would become able to
decrypt your session, but that's not critical (since the session is
logged in cleartext _in_ the log file, so an attacker able to read
the log file wouldn't _need_ to decrypt it). The danger is that an
attacker could _hijack_ your session, by acquiring all the key
material they need to encrypt and MAC convincing SSH messages.

You're not currently in danger of this if you only want to log the
AES key (because the really critical one is the MAC key, or the
Diffie-Hellman input from which it could be re-derived). I just make
you aware of the issue in case you decide to take this idea any
further.
--
Simon Tatham "My heart bleeds.
<anakin@xxxxxxxxx> (That's how it works.)" -- Gareth Taylor
.

Follow-Ups:
- Re: modifying putty to include the symmetric key in the logs
  - From: Simon Tatham

References:
- Re: modifying putty to include the symmetric key in the logs
  - From: yawnmoth

Prev by Date: SSH key limited ONLY to port forwarding? Possible?
Next by Date: Re: modifying putty to include the symmetric key in the logs
Previous by thread: Re: modifying putty to include the symmetric key in the logs
Next by thread: Re: modifying putty to include the symmetric key in the logs
Index(es):
- Date
- Thread

Relevant Pages

sizeof and character arrays?
... I was wondering the best way to define and loop through a character ... they can be much longer so what's the best way to determine the array ... char s; ... I can read each line of my log file using fgets, ...
(comp.lang.c)
Re: Window Management
... (* prompt is a string resource identifier specifying the string ... PROCEDURE YesNoCancel(prompt: ARRAY OF CHAR; ... VAR INOUT response: ARRAY OF CHAR): BOOLEAN; ...
(comp.lang.ada)
Window Management
... (* prompt is a string resource identifier specifying the string ... PROCEDURE YesNoCancel(prompt: ARRAY OF CHAR; ... VAR INOUT response: ARRAY OF CHAR): BOOLEAN; ...
(comp.lang.ada)
Re: Pointer
... require in input a pointer char: ... unsafe public static extern int OpenFile; ... What is it pointing to exactly, is it pointing to a "Unicode character" array or is it pointing to a "Single byte character" array or is it pointing to something else? ...
(microsoft.public.dotnet.languages.csharp)
Re: Problem with va_ macros and arrays of arrays
... > the arrays passed to a ... > specific char, somewhat similar to what the standard function ... that with an array of struct, or possibly a pointer to a dynamic array ... > As I'm still a beginner in C without a copy of the standard I ...
(comp.lang.c)