Topic "ECDSA - i can help with code"

Author Message
Ivan83
[View user's profile]

Joined: 2013-11-27
Posts: 5
Location: Russia, Moscow
Hi!

I wrote the code to work with ECDSA.
BSD License.
ECDSA can help with your project.
Advertisements
Ivan83
[View user's profile]

Joined: 2013-11-27
Posts: 5
Location: Russia, Moscow
[url]<invalid hyperlink removed by admin>[/url]
[url]<invalid hyperlink removed by admin>[/url]


Code:
#include "ec.h"

...

size_t rsize;
uint8_t rnd[70], priv_key[70], pub_key_x[70], pub_key_y[70], sign_r[70], sign_s[70];
ec_curve_t curve;
/*  SHA-1("abc") = "a9993e364706816aba3e25717850c26c9cd0d89d" */ uint8_t hash_abc[20] = {0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, 0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, 0x9c, 0xd0, 0xd8, 0x9d};

/* Get curve params by name. */
if (0 != ec_curve_from_str(ec_curve_str_get_by_name((uint8_t*)"secp192r1", 9), &curve))
   return (-1);

/* Generating keys. */
memset(rnd, 173, sizeof(rnd));/* XXX rand!!! */
if (0 != ec_key_gen(rnd, sizeof(rnd), &curve, priv_key, pub_key_x, pub_key_y, &rsize))
   return (-1); /* Error! */

/* Sign */
memset(rnd, 73, sizeof(rnd));/* XXX rand!!! */
if (0 != ec_sign((uint8_t*)hash_abc, 20, priv_key, rsize, rnd, sizeof(rnd), &curve, sign_r, sign_s, &rsize))
   return (-1); /* Error! */

/* Verify */
if (0 != ec_verify(&curve, pub_key_x, pub_key_y, rsize, (uint8_t*)hash_abc, 20, sign_r, sign_s, rsize))
   return (-1); /* Error! */
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Thanks for sharing your code. Could you contact PuTTY team and offer them help integrating this to PuTTY codebase?
http://www.chiark.greenend.org.uk/~sgtatham/putty/feedback.html

We will takeover the implementation then. Thanks.
_________________
Martin Prikryl
Ivan83
[View user's profile]

Joined: 2013-11-27
Posts: 5
Location: Russia, Moscow
Already written them: putty@projects.tartarus.org
They expect to see a patch for the putty, but I do not want to learn ssh protocol.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Ivan83 wrote:
Already written them: putty@projects.tartarus.org
They expect to see a patch for the putty, but I do not want to learn ssh protocol.

Ok, I see. Thanks for trying.
_________________
Martin Prikryl
Gatak

Guest


I read there is a growing concern about elliptic-curve cryptography and that the curves in the current standards have been "influenced" by NSA - to what end we can only guess.

Unless you are thinking of Curve25519, it may be wise to be conservative and stick to RSA with high bit encryption. ref: https://git.libssh.org/projects/libssh.git/tree/doc/curve25519-sha256@libssh.org.txt
Ivan83
[View user's profile]

Joined: 2013-11-27
Posts: 5
Location: Russia, Moscow
There are many different parameters of elliptic curves.
Some appeared in the work in 1998.
There are parameters of elliptic curves generated not in the United States .
There are Russian version where in the formulas are slightly different coefficients and parameters of their curves.
All formulas and algorithms have long existed and analyzing it is described how to generate the most options for elliptic curves .
However, 25519 appeared not long ago, the formula calculations there several others, and I have not seen this work on cryptanalysis " works of art" . And almost all implementations in assembler.
So if anyone does not believe it is 25519 . This is my personal opinion.
Guest




Sure, but are these (Russian and other) alternatives available in OpenSSH, OpenSSL or GnuTLS?
Ivan83
[View user's profile]

Joined: 2013-11-27
Posts: 5
Location: Russia, Moscow
Brainpool, GOST in OpenSSL.
Baebeca

Guest


prikryl wrote:
Thanks for sharing your code. Could you contact PuTTY team and offer them help integrating this to PuTTY codebase?
http://www.chiark.greenend.org.uk/~sgtatham/putty/feedback.html

We will takeover the implementation then. Thanks.


@prikryl
Putty has released full SSH2-ECDSA support in there current nightly snapshot. (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html)

I can't find SSH2-ECDSA support in your current version or in your project roadmap.
Is there any Status to SSH2-ECDSA support?

thanks so far!
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Baebeca wrote:
I can't find SSH2-ECDSA support in your current version or in your project roadmap.
Is there any Status to SSH2-ECDSA support?

I'll look into it.
But note they deliberately did not include ECDSA into recent PuTTY 0.64 release. I'm sure there's a reason for that.
_________________
Martin Prikryl
Baebeca
[View user's profile]

Joined: 2015-03-16
Posts: 4
Location: Germany
prikryl wrote:
I'll look into it.

Thanks!

prikryl wrote:
not include ECDSA into recent PuTTY 0.64 release. I'm sure there's a reason for that.

Yes, 0.65 are still in Test - ECDSA will be included in the next release
synapt

Guest


With PuTTY having this in snapshots quite a few months now and puttygen even having a .ppk export option in what I assume they figure would be the proper import model for an ECDSA key, is there any chance of this actually being implemented soon in WinSCP or is there still a wait for it to come out in a 'Stable' PuTTY release?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Will check it. But in general I prefer waiting for a stable release.
synapt

Guest


prikryl wrote:
Will check it. But in general I prefer waiting for a stable release.


I don't blame you, but PuTTY is pretty slow for new releases (0.64 came two years after 0.63, and that one two years after 0.62, possible 0.65 might be soon-ish with the ECDSA though I guess), though worth noting by all intents even 0.64 despite being the latest "stable" release is still technically a beta Razz

But yeah it'd be cool to see some support for it if possible, so far I've had no issues with them in PuTTY alone across multiple distros so at the very least puttygen is creating the general details properly, I'd assume getting the .ppk it generates working in WinSCP wouldn't be too horrible?
Baebeca
[View user's profile]

Joined: 2015-03-16
Posts: 4
Location: Germany
I aggree - the Putty BETAs are a Long time stable versions Wink

I have no Problems with the current putty beta version
Synapt

Guest


Any update on this? A fast glance at recent releases doesn't show anything.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Synapt wrote:
Any update on this? A fast glance at recent releases doesn't show anything.

There's still no PuTTY release with ECDSA support.
dqdt
[View user's profile]

Joined: 2016-01-06
Posts: 2
prikryl wrote:
Synapt wrote:
Any update on this? A fast glance at recent releases doesn't show anything.

There's still no PuTTY release with ECDSA support.


That's really a pity. Fortunately FileZilla is supporting ECDSA so I had to switch to it. It is really a shame that several SSH/SFTP-app-providers wait that long implementing that badly needed (for instance for embedded devices) ECDSA support.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
This request has been added to the tracker:
https://winscp.net/tracker/show_bug.cgi?id=1390

I'm sending you an email with a development version of WinSCP to the address you have used to register on this forum.
Baebeca
[View user's profile]

Joined: 2015-03-16
Posts: 4
Location: Germany
prikryl wrote:
I'm sending you an email with a development version of WinSCP to the address you have used to register on this forum.


@prikryl
thanks so far!
Baebeca
[View user's profile]

Joined: 2015-03-16
Posts: 4
Location: Germany
@prikryl

I've tested multiple Logins with a ECDSA-Key
All Logins works fine

thanks for Integration the new algo!
dqdt
[View user's profile]

Joined: 2016-01-06
Posts: 2
Thanks for the pre-release version. Works like a charm.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Thanks for your feedbacks!
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License