Attachment 3336 Details for Bug 3082 – Improved and updated patch for deterministic keys

[patch] Improved and updated patch for deterministic keys

add-derived-keys.patch (text/plain), 5.26 KB, created by Nils Rennebarth on 2019-10-14 20:51:33 AEDT

(hide)

Description:

Filename:

MIME Type:

Creator: Nils Rennebarth

Created: 2019-10-14 20:51:33 AEDT

Size: 5.26 KB

patch

obsolete

>Index: openssh-8.1p1/openbsd-compat/arc4random.c
>===================================================================
>--- openssh-8.1p1.orig/openbsd-compat/arc4random.c
>+++ openssh-8.1p1/openbsd-compat/arc4random.c
>@@ -175,12 +175,12 @@ _rs_rekey(u_char *dat, size_t datlen)
> }
> 
> static inline void
>-_rs_random_buf(void *_buf, size_t n)
>+_rs_random_buf(void *_buf, size_t n, int restir)
> {
> 	u_char *buf = (u_char *)_buf;
> 	size_t m;
> 
>-	_rs_stir_if_needed(n);
>+	if (restir) _rs_stir_if_needed(n);
> 	while (n > 0) {
> 		if (rs_have > 0) {
> 			m = MIN(n, rs_have);
>@@ -232,6 +232,22 @@ arc4random_addrandom(u_char *dat, int da
> 	_ARC4_UNLOCK();
> }
> 
>+void
>+arc4random_set(void *buf, size_t n)
>+{
>+	_rs_init(buf, n);
>+	rs_have = 0;
>+	memset(rs_buf, 0, RSBUFSZ);
>+	rs_count = 1600000;
>+}
>+
>+int
>+arc4random_buf_det(const void *buf, int n)
>+{
>+	_rs_random_buf((void *)buf, n, FALSE);
>+	return 1;
>+}
>+
> u_int32_t
> arc4random(void)
> {
>@@ -252,7 +268,7 @@ void
> arc4random_buf(void *buf, size_t n)
> {
> 	_ARC4_LOCK();
>-	_rs_random_buf(buf, n);
>+	_rs_random_buf(buf, n, TRUE);
> 	_ARC4_UNLOCK();
> }
> # endif /* !HAVE_ARC4RANDOM_BUF */
>Index: openssh-8.1p1/openbsd-compat/openbsd-compat.h
>===================================================================
>--- openssh-8.1p1.orig/openbsd-compat/openbsd-compat.h
>+++ openssh-8.1p1/openbsd-compat/openbsd-compat.h
>@@ -218,6 +218,11 @@ void arc4random_buf(void *, size_t);
> u_int32_t arc4random_uniform(u_int32_t);
> #endif
> 
>+#ifndef HAVE_ARC4RANDOM_SET
>+void arc4random_set(void *buf, size_t n);
>+#endif
>+int arc4random_buf_det(const void *buf, int n);
>+
> #ifndef HAVE_ASPRINTF
> int asprintf(char **, const char *, ...);
> #endif
>Index: openssh-8.1p1/ssh-keygen.1
>===================================================================
>--- openssh-8.1p1.orig/ssh-keygen.1
>+++ openssh-8.1p1/ssh-keygen.1
>@@ -49,6 +49,7 @@
> .Op Fl f Ar output_keyfile
> .Op Fl m Ar format
> .Op Fl N Ar new_passphrase
>+.Op Fl d Ar data
> .Op Fl t Cm dsa | ecdsa | ed25519 | rsa
> .Nm ssh-keygen
> .Fl p
>@@ -291,6 +292,8 @@ Provides a new comment.
> Requests changing the comment in the private and public key files.
> The program will prompt for the file containing the private keys, for
> the passphrase if the key has one, and for the new comment.
>+.It Fl d Ar data
>+Derive the generated key from the given data deterministically.
> .It Fl D Ar pkcs11
> Download the public keys provided by the PKCS#11 shared library
> .Ar pkcs11 .
>Index: openssh-8.1p1/ssh-keygen.c
>===================================================================
>--- openssh-8.1p1.orig/ssh-keygen.c
>+++ openssh-8.1p1/ssh-keygen.c
>@@ -21,6 +21,7 @@
> #ifdef WITH_OPENSSL
> #include <openssl/evp.h>
> #include <openssl/pem.h>
>+#include <openssl/rand.h>
> #include "openbsd-compat/openssl-compat.h"
> #endif
> 
>@@ -63,6 +64,7 @@
> #include "utf8.h"
> #include "authfd.h"
> #include "sshsig.h"
>+#include "crypto_api.h"
> 
> #ifdef WITH_OPENSSL
> # define DEFAULT_KEY_TYPE_NAME "rsa"
>@@ -172,6 +174,24 @@ static char hostname[NI_MAXHOST];
> int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
> int prime_test(FILE *, FILE *, u_int32_t, u_int32_t, char *, unsigned long,
>     unsigned long);
>+
>+static int ssl_arc4_seed(const void *buf, int n)
>+{
>+	arc4random_set((void *)buf, n);
>+	return 1;
>+}
>+static void ssl_arc4_cleanup(void) {}
>+static int  ssl_arc4_add(const void *buf, int n, double randomness) { return 1; }
>+static int  ssl_arc4_status(void) { return 1; }
>+RAND_METHOD ssl_arc4_meth = {
>+	.seed = ssl_arc4_seed,
>+	.bytes = arc4random_buf_det,
>+	.cleanup = ssl_arc4_cleanup,
>+	.add = ssl_arc4_add,
>+	.pseudorand = arc4random_buf_det,
>+	.status = ssl_arc4_status
>+};
>+RAND_METHOD *RAND_arc4() { return &ssl_arc4_meth; }
> #endif
> 
> static void
>@@ -2757,6 +2777,7 @@ main(int argc, char **argv)
> {
> 	char dotsshdir[PATH_MAX], comment[1024], *passphrase1, *passphrase2;
> 	char *rr_hostname = NULL, *ep, *fp, *ra;
>+	char *derive_from = NULL;
> 	struct sshkey *private, *public;
> 	struct passwd *pw;
> 	struct stat st;
>@@ -2790,8 +2811,6 @@ main(int argc, char **argv)
> 
> 	__progname = ssh_get_progname(argv[0]);
> 
>-	seed_rng();
>-
> 	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
> 
> 	msetlocale();
>@@ -2803,10 +2822,10 @@ main(int argc, char **argv)
> 	if (gethostname(hostname, sizeof(hostname)) == -1)
> 		fatal("gethostname: %s", strerror(errno));
> 
>-	/* Remaining characters: dw */
>+	/* Remaining characters: w */
> 	while ((opt = getopt(argc, argv, "ABHLQUXceghiklopquvxy"
> 	    "C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Y:Z:"
>-	    "a:b:f:g:j:m:n:r:s:t:z:")) != -1) {
>+	    "a:b:d:f:g:j:m:n:r:s:t:z:")) != -1) {
> 		switch (opt) {
> 		case 'A':
> 			gen_all_hostkeys = 1;
>@@ -2818,6 +2837,9 @@ main(int argc, char **argv)
> 				fatal("Bits has bad value %s (%s)",
> 					optarg, errstr);
> 			break;
>+		case 'd':
>+			derive_from = optarg;
>+			break;
> 		case 'E':
> 			fingerprint_hash = ssh_digest_alg_by_name(optarg);
> 			if (fingerprint_hash == -1)
>@@ -3075,6 +3097,19 @@ main(int argc, char **argv)
> 		/* NOTREACHED */
> 	}
> 
>+	if (derive_from) {
>+		unsigned char hbuf[64];
>+		crypto_hash_sha512(hbuf, derive_from, strlen(derive_from));
>+#ifdef WITH_OPENSSL
>+		RAND_set_rand_method(RAND_arc4());
>+		RAND_seed(hbuf, sizeof(hbuf));
>+#else
>+		arc4random_set(hbuf, sizeof(hbuf));
>+#endif
>+	} else {
>+		seed_rng();
>+	}
>+
> 	if (ca_key_path != NULL) {
> 		if (argc < 1 && !gen_krl) {
> 			error("Too few arguments.");

Actions: View | Diff

Attachments on bug 3082: 3335 | 3336 | 3393