AES-256/GCM fixes #8968
Merged
AES-256/GCM fixes #8968
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When you generate a ssh key using the aes-256/gcm cipher, the cipher name in the keyfile includes an @openssh.com at the end. Switch to checking if the cipher starts with aes256-gcm instead of checking for an exact match to account for this.
The iv length is different from the block size for GCM
Currently, the granularity for the botan gcm implementation is too large. To fix a problem with another algorithm in the library, they are multiplying the blocksize, so by default the granularity is 64. This causes issues since the encrypted data in the key is only guaranteed to have a length that is a multiple of the block size (16).
Codecov ReportBase: 64.41% // Head: 64.41% // Decreases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## develop #8968 +/- ##
===========================================
- Coverage 64.41% 64.41% -0.00%
===========================================
Files 341 341
Lines 44257 44278 +21
===========================================
+ Hits 28505 28518 +13
- Misses 15752 15760 +8
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
|
Oooh good catch and fix! |
droidmonkey
requested changes
Jan 19, 2023
droidmonkey
requested changes
Jan 19, 2023
droidmonkey
approved these changes
Jan 29, 2023
dmaslenko
pushed a commit
to dmaslenko/keepassxc
that referenced
this pull request
Jan 30, 2023
* Fix detecting AES-256/GCM cipher, fixes keepassxreboot#8964 When you generate a ssh key using the aes-256/gcm cipher, the cipher name in the keyfile includes an @openssh.com at the end. * Use separate iv length for getting iv data, the assumption that the block size and iv size are equal does not hold for every cipher mode (e.g., GCM) * Disable AES-256/GCM for now in ssh keys Currently, the granularity for the botan gcm implementation is too large. To fix a problem with another algorithm in the library, they are multiplying the blocksize, so by default the granularity is 64. This causes issues since the encrypted data in the key is only guaranteed to have a length that is a multiple of the block size (16).
pull bot
pushed a commit
to tigerwill90/keepassxc
that referenced
this pull request
Jan 30, 2023
* Fix detecting AES-256/GCM cipher, fixes keepassxreboot#8964 When you generate a ssh key using the aes-256/gcm cipher, the cipher name in the keyfile includes an @openssh.com at the end. * Use separate iv length for getting iv data, the assumption that the block size and iv size are equal does not hold for every cipher mode (e.g., GCM) * Disable AES-256/GCM for now in ssh keys Currently, the granularity for the botan gcm implementation is too large. To fix a problem with another algorithm in the library, they are multiplying the blocksize, so by default the granularity is 64. This causes issues since the encrypted data in the key is only guaranteed to have a length that is a multiple of the block size (16).
pull bot
pushed a commit
to contropist/keepassxc
that referenced
this pull request
Jan 30, 2023
* Fix detecting AES-256/GCM cipher, fixes keepassxreboot#8964 When you generate a ssh key using the aes-256/gcm cipher, the cipher name in the keyfile includes an @openssh.com at the end. * Use separate iv length for getting iv data, the assumption that the block size and iv size are equal does not hold for every cipher mode (e.g., GCM) * Disable AES-256/GCM for now in ssh keys Currently, the granularity for the botan gcm implementation is too large. To fix a problem with another algorithm in the library, they are multiplying the blocksize, so by default the granularity is 64. This causes issues since the encrypted data in the key is only guaranteed to have a length that is a multiple of the block size (16).
droidmonkey
pushed a commit
that referenced
this pull request
Feb 18, 2023
* Fix detecting AES-256/GCM cipher, fixes #8964 When you generate a ssh key using the aes-256/gcm cipher, the cipher name in the keyfile includes an @openssh.com at the end. * Use separate iv length for getting iv data, the assumption that the block size and iv size are equal does not hold for every cipher mode (e.g., GCM) * Disable AES-256/GCM for now in ssh keys Currently, the granularity for the botan gcm implementation is too large. To fix a problem with another algorithm in the library, they are multiplying the blocksize, so by default the granularity is 64. This causes issues since the encrypted data in the key is only guaranteed to have a length that is a multiple of the block size (16).
Perlover
added a commit
to Perlover/keepassxc
that referenced
this pull request
May 18, 2023
Release 2.7.5 - Add menu option to allow screenshots [keepassxreboot#8841] - Add support for Botan 3 [keepassxreboot#9388] - Increase max TOTP step to 24 hours [keepassxreboot#9149] - Improve HTML export layout [keepassxreboot#8987] - Turn search reset off by default [keepassxreboot#9153] - Use QClipboard::clear() instead of setting blank text [keepassxreboot#9148] - Hide group column header choice when not in search [keepassxreboot#9171] - Improve look of KeePassXC logo and icons [keepassxreboot#9355] - Add keyboard shortcuts for app and database settings [keepassxreboot#9007] - Hide rename button from attachments preview panel [keepassxreboot#8842] - Linux: Set SingleMainWindow in .desktop file [keepassxreboot#7430] - Fix crash when search clears while creating new entry [keepassxreboot#9230] - Fix crash when using Windows Hello in a Remote Desktop session [keepassxreboot#9006] - Fix crash in Group Edit after enabling Browser Integration [keepassxreboot#8778] - Fix canceling quick unlock when it is unavailable [keepassxreboot#9034] - Set password input field font correctly [keepassxreboot#8732] - Greatly improve performance when rendering entry view [keepassxreboot#9398] - Fix various accessibility issues [keepassxreboot#9138] - Fix arrows size when expand/collapse a group [keepassxreboot#9096] - Select the clone instead of the original after cloning an entry [keepassxreboot#9070] - Fix bugs with preview widget [keepassxreboot#9170] - Fix status bar update when switching to other DB [keepassxreboot#9073] - Fix database settings spin box bug [keepassxreboot#9101] - Fix Ctrl+Tab shortcut to cycle databases in unlock dialog [keepassxreboot#8839] - Fix TOTP QR code maintaining square ratio [keepassxreboot#9027] - Fix Auto-Type configuration page on custom sequence selection [keepassxreboot#8752] - Fix unexpected behavior of `--lock` when KeePassXC is not running [keepassxreboot#8889] - Make open folder icon exempt from "Apply group icon to entry" [keepassxreboot#9205] - Allow setting default file open directory with env var [keepassxreboot#9192] - SSH Agent: Fix support for AES-256/GCM openssh keys [keepassxreboot#8968] - Browser: Fix Native Messaging script path with BSD OS's [keepassxreboot#8835] - MacOS: Fix text selection for Auto-Type clear field [keepassxreboot#9066] - MacOS: Don't rely on AppleInterfaceStyle for theme switching [keepassxreboot#8615] - Windows: Remove registry detection of desktop shortcut [keepassxreboot#9380]
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Correct detection of aes256-gcm cipher. OpenSSH includes an
@openssh.comat the end of the cipher name, similar to ChaCha20.Use IV Size when deriving the encryption key instead of Block Size. While this is is the same value for the other AES modes, it is different for AES-256/GCM and for ChaCha20.
Disable aes256-gcm algorithm with an explicit message. Decryption is currently broken pending changes to the botan library.
See #8964
Testing strategy
Ran
to validate that there were no regressions.
Manually tested changes with test password database + ssh key.
Type of change