diff --git a/lib/src/ssh_key_pair.dart b/lib/src/ssh_key_pair.dart index a09e540..2cca08a 100644 --- a/lib/src/ssh_key_pair.dart +++ b/lib/src/ssh_key_pair.dart @@ -239,8 +239,20 @@ class OpenSSHKeyPairs { final key = Uint8List.view(kdfHash.buffer, 0, cipher.keySize); final iv = Uint8List.view(kdfHash.buffer, cipher.keySize, cipher.ivSize); - final decryptCipher = cipher.createCipher(key, iv, forEncryption: false); - return decryptCipher.processAll(blob); + + try { + if (cipher.isAead) { + final decryptCipher = cipher.createAEADCipher(key, iv, + forEncryption: false) as AEADCipher; + return decryptCipher.processAll(blob); + } else { + final decryptCipher = + cipher.createCipher(key, iv, forEncryption: false); + return decryptCipher.processAll(blob); + } + } catch (e) { + throw SSHKeyDecryptError('Failed to decrypt private key', e); + } } @override diff --git a/lib/src/ssh_transport.dart b/lib/src/ssh_transport.dart index 517f6a4..04f0443 100644 --- a/lib/src/ssh_transport.dart +++ b/lib/src/ssh_transport.dart @@ -1699,7 +1699,8 @@ class SSHTransport { /// initialized in both directions. bool get hasIntegrityProtection { final usingAeadLocal = _localAeadKey != null || _localChaChaEncKey != null; - final usingAeadRemote = _remoteAeadKey != null || _remoteChaChaEncKey != null; + final usingAeadRemote = + _remoteAeadKey != null || _remoteChaChaEncKey != null; if (usingAeadLocal && usingAeadRemote) return true; return _localMac != null && _remoteMac != null; } diff --git a/lib/src/utils/cipher_ext.dart b/lib/src/utils/cipher_ext.dart index 2a3fb30..f5c8cd9 100644 --- a/lib/src/utils/cipher_ext.dart +++ b/lib/src/utils/cipher_ext.dart @@ -18,6 +18,13 @@ extension BlockCipherX on BlockCipher { } } +extension AEADCipherX on AEADCipher { + Uint8List processAll(Uint8List data) { + final cipher = this as dynamic; + return cipher.process(data) as Uint8List; + } +} + extension MacX on Mac { void updateAll(Uint8List data) { update(data, 0, data.length);