* [9front] ssh: use RSA/SHA-256 instead of RSA/SHA-1 as the public key algorithm
@ 2021-09-01 0:22 kemal
2021-09-02 13:33 ` [9front] " kemal
0 siblings, 1 reply; 3+ messages in thread
From: kemal @ 2021-09-01 0:22 UTC (permalink / raw)
To: 9front
[-- Attachment #1: Type: text/plain, Size: 380 bytes --]
openssh now disables RSA/SHA-1 by default, so using RSA/SHA-1 will
eventually cause us problems:
https://undeadly.org/cgi?action=article;sid=20210830113413
this patch modifies ssh.c to use RSA/SHA-256 (aka rsa-sha2-256)
instead of RSA/SHA-1 (aka ssh-rsa) as the public key algorithm.
NOTE: public rsa keys and thumbprints are ***NOT AFFECTED***
by this patch.
patch attached.
[-- Attachment #2: patch.txt --]
[-- Type: text/plain, Size: 2924 bytes --]
From: kemal <kemalinanc8@gmail.com>
Date: Wed, 01 Sep 2021 00:13:21 +0000
Subject: [PATCH] ssh: use RSA/SHA-256 instead of RSA/SHA-1 as the public key algorithm
openssh now disables RSA/SHA-1 by default, so using RSA/SHA-1 will
eventually cause us problems:
https://undeadly.org/cgi?action=article;sid=20210830113413
this patch modifies ssh.c to use RSA/SHA-256 (aka rsa-sha2-256)
instead of RSA/SHA-1 (aka ssh-rsa) as the public key algorithm.
NOTE: public rsa keys and thumbprints are ***NOT AFFECTED***
by this patch.
---
diff 6c9462710539bd35ae5c51de27e7894522683bd7 44b3808acb09cbc39f4fdac2f285f7efa62cd0d0
--- a/sys/src/cmd/ssh.c Tue Aug 31 18:53:37 2021
+++ b/sys/src/cmd/ssh.c Wed Sep 1 03:13:21 2021
@@ -373,6 +373,7 @@
}
static char sshrsa[] = "ssh-rsa";
+static char rsasha2_256[] = "rsa-sha2-256";
int
rsapub2ssh(RSApub *rsa, uchar *data, int len)
@@ -402,10 +403,10 @@
rsasig2ssh(RSApub *pub, mpint *S, uchar *data, int len)
{
int l = (mpsignif(pub->n)+7)/8;
- if(4+7+4+l > len)
+ if(4+12+4+l > len)
return -1;
- mptober(S, data+4+7+4, l);
- return pack(data, len, "ss", sshrsa, sizeof(sshrsa)-1, data+4+7+4, l);
+ mptober(S, data+4+12+4, l);
+ return pack(data, len, "ss", rsasha2_256, sizeof(rsasha2_256)-1, data+4+12+4, l);
}
mpint*
@@ -417,7 +418,7 @@
m = mpnew(0);
if(unpack(data, len, "sm", &s, &n, m) < 0
- || n != sizeof(sshrsa)-1 || memcmp(s, sshrsa, n) != 0){
+ || n != sizeof(rsasha2_256)-1 || memcmp(s, rsasha2_256, n) != 0){
mpfree(m);
return nil;
}
@@ -427,10 +428,10 @@
mpint*
pkcs1digest(uchar *data, int len, RSApub *pub)
{
- uchar digest[SHA1dlen], buf[256];
+ uchar digest[SHA2_256dlen], buf[256];
- sha1(data, len, digest, nil);
- return pkcs1padbuf(buf, asn1encodedigest(sha1, digest, buf, sizeof(buf)), pub->n, 1);
+ sha2_256(data, len, digest, nil);
+ return pkcs1padbuf(buf, asn1encodedigest(sha2_256, digest, buf, sizeof(buf)), pub->n, 1);
}
int
@@ -506,7 +507,7 @@
sendpkt("b[ssssssssssbu", MSG_KEXINIT,
cookie, sizeof(cookie),
kexalgs, sizeof(kexalgs)-1,
- sshrsa, sizeof(sshrsa)-1,
+ rsasha2_256, sizeof(rsasha2_256)-1,
cipheralgs, sizeof(cipheralgs)-1,
cipheralgs, sizeof(cipheralgs)-1,
macalgs, sizeof(macalgs)-1,
@@ -744,7 +745,7 @@
service, strlen(service),
authmeth, sizeof(authmeth)-1,
0,
- sshrsa, sizeof(sshrsa)-1,
+ rsasha2_256, sizeof(rsasha2_256)-1,
pk, npk);
Next1: switch(recvpkt()){
default:
@@ -767,7 +768,7 @@
service, strlen(service),
authmeth, sizeof(authmeth)-1,
1,
- sshrsa, sizeof(sshrsa)-1,
+ rsasha2_256, sizeof(rsasha2_256)-1,
pk, npk);
S = pkcs1digest(send.b, n, pub);
n = snprint((char*)send.b, sizeof(send.b), "%B", S);
@@ -788,7 +789,7 @@
service, strlen(service),
authmeth, sizeof(authmeth)-1,
1,
- sshrsa, sizeof(sshrsa)-1,
+ rsasha2_256, sizeof(rsasha2_256)-1,
pk, npk,
sig, nsig);
Next2: switch(recvpkt()){
^ permalink raw reply [flat|nested] 3+ messages in thread
* [9front] Re: ssh: use RSA/SHA-256 instead of RSA/SHA-1 as the public key algorithm
2021-09-01 0:22 [9front] ssh: use RSA/SHA-256 instead of RSA/SHA-1 as the public key algorithm kemal
@ 2021-09-02 13:33 ` kemal
2021-09-02 15:49 ` cinap_lenrek
0 siblings, 1 reply; 3+ messages in thread
From: kemal @ 2021-09-02 13:33 UTC (permalink / raw)
To: 9front
[-- Attachment #1: Type: text/plain, Size: 169 bytes --]
> patch attached.
i have seen that github does not require the "hmac-sha1" workaround
any more. i removed it. and i cleaned up the patch a bit.
new patch is attached.
[-- Attachment #2: patch.txt --]
[-- Type: text/plain, Size: 3537 bytes --]
From: kemal <kemalinanc8@gmail.com>
Date: Thu, 02 Sep 2021 13:28:48 +0000
Subject: [PATCH] ssh: use RSA/SHA-256 instead of RSA/SHA-1 as the public key algorithm
openssh now disables RSA/SHA-1 by default, so using RSA/SHA-1 will
eventually cause us problems:
https://undeadly.org/cgi?action=article;sid=20210830113413
in addition, github will disable RSA/SHA-1 for recently added RSA keys:
https://github.blog/2021-09-01-improving-git-protocol-security-github/
this patch modifies ssh.c to use RSA/SHA-256 (aka rsa-sha2-256)
instead of RSA/SHA-1 (aka ssh-rsa) as the public key algorithm.
NOTE: public rsa keys and thumbprints are ***NOT AFFECTED***
by this patch.
while we're here, remove the workaround for github.com. it seems
that github has fixed their implementation, and does not look into
macalgs when we're using an aead cipher.
---
diff 6c9462710539bd35ae5c51de27e7894522683bd7 696ce28faddb131842825b0bedb8caa6d1a9ec62
--- a/sys/src/cmd/ssh.c Tue Aug 31 18:53:37 2021
+++ b/sys/src/cmd/ssh.c Thu Sep 2 16:28:48 2021
@@ -398,14 +398,16 @@
return pub;
}
+static char rsasha256[] = "rsa-sha2-256";
+
int
rsasig2ssh(RSApub *pub, mpint *S, uchar *data, int len)
{
int l = (mpsignif(pub->n)+7)/8;
- if(4+7+4+l > len)
+ if(4+12+4+l > len)
return -1;
- mptober(S, data+4+7+4, l);
- return pack(data, len, "ss", sshrsa, sizeof(sshrsa)-1, data+4+7+4, l);
+ mptober(S, data+4+12+4, l);
+ return pack(data, len, "ss", rsasha256, sizeof(rsasha256)-1, data+4+12+4, l);
}
mpint*
@@ -417,7 +419,7 @@
m = mpnew(0);
if(unpack(data, len, "sm", &s, &n, m) < 0
- || n != sizeof(sshrsa)-1 || memcmp(s, sshrsa, n) != 0){
+ || n != sizeof(rsasha256)-1 || memcmp(s, rsasha256, n) != 0){
mpfree(m);
return nil;
}
@@ -427,10 +429,10 @@
mpint*
pkcs1digest(uchar *data, int len, RSApub *pub)
{
- uchar digest[SHA1dlen], buf[256];
+ uchar digest[SHA2_256dlen], buf[256];
- sha1(data, len, digest, nil);
- return pkcs1padbuf(buf, asn1encodedigest(sha1, digest, buf, sizeof(buf)), pub->n, 1);
+ sha2_256(data, len, digest, nil);
+ return pkcs1padbuf(buf, asn1encodedigest(sha2_256, digest, buf, sizeof(buf)), pub->n, 1);
}
int
@@ -489,7 +491,7 @@
static char kexalgs[] = "curve25519-sha256,curve25519-sha256@libssh.org";
static char cipheralgs[] = "chacha20-poly1305@openssh.com";
static char zipalgs[] = "none";
- static char macalgs[] = "hmac-sha1"; /* work around for github.com */
+ static char macalgs[] = "";
static char langs[] = "";
uchar cookie[16], x[32], yc[32], z[32], k[32+1], h[SHA2_256dlen], *ys, *ks, *sig;
@@ -506,7 +508,7 @@
sendpkt("b[ssssssssssbu", MSG_KEXINIT,
cookie, sizeof(cookie),
kexalgs, sizeof(kexalgs)-1,
- sshrsa, sizeof(sshrsa)-1,
+ rsasha256, sizeof(rsasha256)-1,
cipheralgs, sizeof(cipheralgs)-1,
cipheralgs, sizeof(cipheralgs)-1,
macalgs, sizeof(macalgs)-1,
@@ -744,7 +746,7 @@
service, strlen(service),
authmeth, sizeof(authmeth)-1,
0,
- sshrsa, sizeof(sshrsa)-1,
+ rsasha256, sizeof(rsasha256)-1,
pk, npk);
Next1: switch(recvpkt()){
default:
@@ -767,7 +769,7 @@
service, strlen(service),
authmeth, sizeof(authmeth)-1,
1,
- sshrsa, sizeof(sshrsa)-1,
+ rsasha256, sizeof(rsasha256)-1,
pk, npk);
S = pkcs1digest(send.b, n, pub);
n = snprint((char*)send.b, sizeof(send.b), "%B", S);
@@ -788,7 +790,7 @@
service, strlen(service),
authmeth, sizeof(authmeth)-1,
1,
- sshrsa, sizeof(sshrsa)-1,
+ rsasha256, sizeof(rsasha256)-1,
pk, npk,
sig, nsig);
Next2: switch(recvpkt()){
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [9front] Re: ssh: use RSA/SHA-256 instead of RSA/SHA-1 as the public key algorithm
2021-09-02 13:33 ` [9front] " kemal
@ 2021-09-02 15:49 ` cinap_lenrek
0 siblings, 0 replies; 3+ messages in thread
From: cinap_lenrek @ 2021-09-02 15:49 UTC (permalink / raw)
To: 9front
applied, thanks!
--
cinap
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-09-02 15:57 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-01 0:22 [9front] ssh: use RSA/SHA-256 instead of RSA/SHA-1 as the public key algorithm kemal
2021-09-02 13:33 ` [9front] " kemal
2021-09-02 15:49 ` cinap_lenrek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).