Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proposal: x/crypto/ssh: make the number of rounds for Passphrase encrypted keys configurable #68700

Open
DarkPhily opened this issue Aug 1, 2024 · 2 comments
Open

proposal: x/crypto/ssh: make the number of rounds for Passphrase encrypted keys configurable #68700

DarkPhily opened this issue Aug 1, 2024 · 2 comments
Labels
Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Milestone
Proposal

Comments

@DarkPhily
Copy link

DarkPhily commented Aug 1, 2024
edited
Loading

Proposal Details

Hey,

Currently, someone can create a private ssh-key with ssh.MarshalPrivateKeyWithPassphrase(). This API doesn't expose the configured rounds.
The rounds are currently hard-coded in:

func passphraseProtectedOpenSSHMarshaler(passphrase []byte) openSSHEncryptFunc {
	return func(privKeyBlock []byte) ([]byte, string, string, string, error) {
		salt := make([]byte, 16)
		if _, err := rand.Read(salt); err != nil {
			return nil, "", "", "", err
		}

		opts := struct {
			Salt   []byte
			Rounds uint32
		}{salt, 16} 

		// Derive key to encrypt the private key block.
		k, err := bcrypt_pbkdf.Key(passphrase, salt, int(opts.Rounds), 32+aes.BlockSize)
		if err != nil {
			return nil, "", "", "", err
		}

		// Add padding matching the block size of AES.
		keyBlock := generateOpenSSHPadding(privKeyBlock, aes.BlockSize)

		// Encrypt the private key using the derived secret.

		dst := make([]byte, len(keyBlock))
		key, iv := k[:32], k[32:]
		block, err := aes.NewCipher(key)
		if err != nil {
			return nil, "", "", "", err
		}

		stream := cipher.NewCTR(block, iv)
		stream.XORKeyStream(dst, keyBlock)

		return dst, "aes256-ctr", "bcrypt", string(Marshal(opts)), nil
	}
}

It would be nice if this is configurable as it is in ssh-keygen -a
@gopherbot gopherbot added this to the Proposal milestone Aug 1, 2024
@ianlancetaylor ianlancetaylor added the Proposal-Crypto Proposal related to crypto packages or other security issues label Aug 1, 2024
@ianlancetaylor
Copy link
Contributor

CC @golang/security

@seankhliao seankhliao changed the title proposal: x/crypto: Make the number of rounds for Passphrase encrypted keys configurable proposal: x/crypto/ssh: make the number of rounds for Passphrase encrypted keys configurable Aug 1, 2024
drakkan added a commit to drakkan/proposal that referenced this issue Sep 15, 2024
@drakkan
design/68723-crypto-ssh-v2.md: PrivateKeySigner and MarshalPrivateKey…
98ee61e 
…Options

PrivateKeySigner is a Signer that can also return the associated
crypto.Signer.
This means ParseRawPrivateKey and ParseRawPrivateKeyWithPassphrase
can be private now.

MarshalPrivateKeyOptions defines the options to Marshal a private
key in OpenSSH format. We can pass the passphrase as option to
MarshalPrivateKey and so we don't need MarshalPrivateKeyWithPassphrase.
Additionally we can also configure the salt rounds that is currently
hard coded (see golang/go#68700) and easly add more options in the
future.
@drakkan drakkan mentioned this issue Sep 15, 2024
Closed
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/613036 mentions this issue: design/68723-crypto-ssh-v2.md: PrivateKeySigner and MarshalPrivateKey Options

gopherbot pushed a commit to golang/proposal that referenced this issue Sep 15, 2024
@drakkan @gopherbot
design/68723-crypto-ssh-v2.md: PrivateKeySigner and MarshalPrivateKey…
b0ae23a 
… Options

PrivateKeySigner is a Signer that can also return the associated
crypto.Signer.
This means ParseRawPrivateKey and ParseRawPrivateKeyWithPassphrase
can be private now.

MarshalPrivateKeyOptions defines the options to Marshal a private
key in OpenSSH format. We can pass the passphrase as option to
MarshalPrivateKey and so we don't need MarshalPrivateKeyWithPassphrase.
Additionally we can also configure the salt rounds that is currently
hard coded (see golang/go#68700) and easly add more options in the
future.

Change-Id: Id5c30f69fc600d19ef579aa2cf54dc8620677bb8
GitHub-Last-Rev: 98ee61e
GitHub-Pull-Request: #52
Reviewed-on: https://go-review.googlesource.com/c/proposal/+/613036
Commit-Queue: Nicola Murino <[email protected]>
Reviewed-by: Nicola Murino <[email protected]>
Auto-Submit: Nicola Murino <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Projects
Proposals
Status: Incoming
Milestone
Proposal
Development

No branches or pull requests
3 participants
@ianlancetaylor @gopherbot @DarkPhily