simon-git: putty (main): Simon Tatham
Commits to Tartarus hosted VCS
tartarus-commits at lists.tartarus.org
Sat Feb 20 17:00:46 GMT 2021
TL;DR:
29b8e26f Fix duplicated exit code in ppk_load_s.
09fa3f0e testcrypt: ability to handle more function parameters.
609502b0 Add utility function 'memxor'.
c61158aa Add an IV argument to aes_{en,de}crypt_pubkey.
6f025c0b Refactoring to prepare for changes in the PPK format.
5c8f3bf9 Add an implementation of BLAKE2b.
0faeb82c Add implementation of the Argon2 password hash.
08d17140 Introduce PPK file format version 3.
Repository: https://git.tartarus.org/simon/putty.git
On the web: https://git.tartarus.org/?p=simon/putty.git
Branch updated: main
Committer: Simon Tatham <anakin at pobox.com>
Date: 2021-02-20 17:00:46
commit 29b8e26f7da86b08ab41e160f846bdf0438f9db7
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=29b8e26f7da86b08ab41e160f846bdf0438f9db7;hp=ce60ca727c1e51ba54b0b2ecfabd7c2a0eca3a29
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Feb 20 16:39:12 2021 +0000
Fix duplicated exit code in ppk_load_s.
There's no need to have one bunch of free operations before returning
success and another version before returning error. Easier to just set
up the state in the former case so that we can fall through to the
latter.
sshpubk.c | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
commit 09fa3f0e806f43b397296087db028190dd77c35e
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=09fa3f0e806f43b397296087db028190dd77c35e;hp=29b8e26f7da86b08ab41e160f846bdf0438f9db7
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Feb 20 16:47:37 2021 +0000
testcrypt: ability to handle more function parameters.
I'm about to add a function of particularly large arity.
testcrypt.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 76 insertions(+), 6 deletions(-)
commit 609502b04bc7c21269ebe5340016775827fc3981
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=609502b04bc7c21269ebe5340016775827fc3981;hp=09fa3f0e806f43b397296087db028190dd77c35e
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Feb 20 16:47:52 2021 +0000
Add utility function 'memxor'.
misc.h | 9 +++++++++
utils.c | 26 ++++++++++++++++++++++++++
2 files changed, 35 insertions(+)
commit c61158aa34fa9e2e48c8de2ed496360c702962cb
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=c61158aa34fa9e2e48c8de2ed496360c702962cb;hp=609502b04bc7c21269ebe5340016775827fc3981
Author: Simon Tatham <anakin at pobox.com>
Date: Thu Feb 18 17:48:06 2021 +0000
Add an IV argument to aes_{en,de}crypt_pubkey.
No functional change: currently, the IV passed in is always zero
(except in the test suite). But this prepares to change that in a
future revision of the key file format.
ssh.h | 6 ++++--
sshauxcrypt.c | 12 +++++-------
sshpubk.c | 8 ++++++--
test/cryptsuite.py | 13 +++++++++++--
testcrypt.c | 12 ++++++++----
testcrypt.h | 4 ++--
6 files changed, 36 insertions(+), 19 deletions(-)
commit 6f025c0b84f06a484fcf39bb9cfa3e77ff75dcd7
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=6f025c0b84f06a484fcf39bb9cfa3e77ff75dcd7;hp=c61158aa34fa9e2e48c8de2ed496360c702962cb
Author: Simon Tatham <anakin at pobox.com>
Date: Thu Feb 18 20:26:10 2021 +0000
Refactoring to prepare for changes in the PPK format.
'bool old_fmt' in ppk_load_s has now given way to a numeric version
field, which will allow it to be set to 3 in future, instead of just 1
or 2. The ad-hoc integer variable 'cipher' is replaced with a pointer
to a small struct that mentions individual details like key lengths,
to aid parametrisation.
The old ssh2_ppk_derivekey is now a larger function that derives all
three of the key components used in the private-blob protection: not
just the cipher key, but the cipher IV and the MAC key as well. The
main part of it is a switch on the file-format version, which
currently has only one case (PPK v1 and v2 don't differ in the key
derivation), but gives me a handy place to drop in a new case in a
future commit, changing the derivation of all those things.
All the key material is stored end-to-end in a single strbuf, with
ptrlens pointing into it. That makes it easy to free all in one go
later.
sshpubk.c | 158 ++++++++++++++++++++++++++++++++++++--------------------------
1 file changed, 91 insertions(+), 67 deletions(-)
commit 5c8f3bf924e60815a98d18d989492f045406d004
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=5c8f3bf924e60815a98d18d989492f045406d004;hp=6f025c0b84f06a484fcf39bb9cfa3e77ff75dcd7
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Feb 13 14:47:26 2021 +0000
Add an implementation of BLAKE2b.
I have no plans to use this directly, but it's a component of Argon2,
which I'm about to add in the next commit.
Recipe | 2 +-
ssh.h | 5 ++
sshblake2.c | 223 +++++++++++++++++++++++++++++++++++++++++++++++++++++
test/cryptsuite.py | 67 ++++++++++++++++
testcrypt.c | 1 +
testcrypt.h | 2 +
testsc.c | 1 +
7 files changed, 300 insertions(+), 1 deletion(-)
commit 0faeb82ccd87db7792d0c183b8a15a1e3f0ada84
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=0faeb82ccd87db7792d0c183b8a15a1e3f0ada84;hp=5c8f3bf924e60815a98d18d989492f045406d004
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Feb 13 17:30:12 2021 +0000
Add implementation of the Argon2 password hash.
This is going to be used in the new version of the PPK file format. It
was the winner of the Password Hashing Context, which I think makes it
a reasonable choice.
Argon2 comes in three flavours: one with no data dependency in its
memory addressing, one with _deliberate_ data dependency (intended to
serialise computation, to hinder parallel brute-forcing), and a hybrid
form that starts off data-independent and then switches over to the
dependent version once the sensitive input data has been adequately
mixed around. I test all three in the test suite; the side-channel
tester can only expect Argon2i to pass; and, following the spec's
recommendation, I'll be using Argon2id for the actual key file
encryption.
Recipe | 2 +-
ssh.h | 12 ++
sshargon2.c | 582 +++++++++++++++++++++++++++++++++++++++++++++++++++++
test/cryptsuite.py | 211 +++++++++++++++++++
test/testcrypt.py | 3 +-
testcrypt.c | 37 ++++
testcrypt.h | 6 +
testsc.c | 31 +++
8 files changed, 882 insertions(+), 2 deletions(-)
commit 08d17140a00481603f9692cc2989dba2d103a1ad
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=08d17140a00481603f9692cc2989dba2d103a1ad;hp=0faeb82ccd87db7792d0c183b8a15a1e3f0ada84
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Feb 20 10:17:45 2021 +0000
Introduce PPK file format version 3.
This removes both uses of SHA-1 in the file format: it was used as the
MAC protecting the key file against tamperproofing, and also used in
the key derivation step that converted the user's passphrase to cipher
and MAC keys.
The MAC is simply upgraded from HMAC-SHA-1 to HMAC-SHA-256; it is
otherwise unchanged in how it's applied (in particular, to what data).
The key derivation is totally reworked, to be based on Argon2, which
I've just added to the code base. This should make stolen encrypted
key files more resistant to brute-force attack.
Argon2 has assorted configurable parameters for memory and CPU usage;
the new key format includes all those parameters. So there's no reason
we can't have them under user control, if a user wants to be
particularly vigorous or particularly lightweight with their own key
files. They could even switch to one of the other flavours of Argon2,
if they thought side channels were an especially large or small risk
in their particular environment. In this commit I haven't added any UI
for controlling that kind of thing, but the PPK loading function is
all set up to cope, so that can all be added in a future commit
without having to change the file format.
While I'm at it, I've also switched the CBC encryption to using a
random IV (or rather, one derived from the passphrase along with the
cipher and MAC keys). That's more like normal SSH-2 practice.
Recipe | 10 ++-
cmdgen.c | 3 +-
doc/pubkeyfmt.but | 140 ++++++++++++++++++++++++++------
ssh.h | 17 +++-
sshpubk.c | 229 +++++++++++++++++++++++++++++++++++++++++++++++++----
test/cryptsuite.py | 77 +++++++++++++++---
testcrypt.c | 20 ++++-
testcrypt.h | 2 +-
testsc.c | 3 +
windows/winpgen.c | 3 +-
10 files changed, 444 insertions(+), 60 deletions(-)
More information about the tartarus-commits
mailing list