- /* Now create the _real_ private hash. */
- SHA_Simple(priv_blob_encrypted, priv_encrypted_len, priv_hash);
+ /* Now create the private MAC. */
+ if (passphrase) {
+ SHA_State s;
+ unsigned char mackey[20];
+ char header[] = "putty-private-key-file-mac-key";
+
+ passlen = strlen(passphrase);
+
+ SHA_Init(&s);
+ SHA_Bytes(&s, header, sizeof(header)-1);
+ SHA_Bytes(&s, passphrase, passlen);
+ SHA_Final(&s, mackey);
+
+ hmac_sha1_simple(mackey, 20,
+ priv_blob_encrypted, priv_encrypted_len,
+ priv_mac);
+ is_mac = 1;
+
+ memset(mackey, 0, sizeof(mackey));
+ memset(&s, 0, sizeof(s));
+ } else {
+ SHA_Simple(priv_blob_encrypted, priv_encrypted_len, priv_mac);
+ is_mac = 0;
+ }