This change exports the Argon2 variant Argon2id and improves documenation.
The following parameter recommendations are added:
- Argon2i:
time=3 and max. memory for non-interactive scenarios as recommended by the
RFC draft https://tools.ietf.org/html/draft-irtf-cfrg-argon2-03#section-9.3
- Argon2id:
time=2 and memory=64MB for interactive scenarios as used by libsodium >= 1.0.9
https://download.libsodium.org/doc/password_hashing/the_argon2i_function.html
time=1 and max. memory for non-interactive scenarios as recommended by the
RFC draft linked above.
Fixesgolang/go#23602
Change-Id: Ia4d537e6126e5aff1243f2b5579df6bc8edb851a
Reviewed-on: https://go-review.googlesource.com/91935
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
os.NewFile assigns finalizer to close file handle
passed into ReadPassword. But that is not expected.
Make a duplicate of original file handle, and pass
copy handle into ReadPassword instead.
Fixesgolang/go#23525
Change-Id: I4d6725e9a1cc20defd1b58afc383e35a7f9ee4e9
Reviewed-on: https://go-review.googlesource.com/89395
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
Run-TryBot: Alex Brainman <alex.brainman@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Incomplete reads leave (part of) the verification tag zeroed, leading
to a failing MAC, and this is more likely to happen with larger
packets. The test added in the previous commit should stop this from
regressing.
Reinstate chacha20-poly1305 as a default cipher and prefer it over AES
CTR flavors.
Fixesgolang/go#23510
Change-Id: I7599897e59448edb7b814eebcc8226ea15b365d6
Reviewed-on: https://go-review.googlesource.com/89075
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
This effectively disables the cipher.
Add a test against OpenSSH which sends larger packets through the
tested ciphers. This reproduces the problem reported in golang/go#23510
Change-Id: I4b124c690c409c6a0af2621e58a964ff55815f57
Reviewed-on: https://go-review.googlesource.com/88995
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
The change fixes argon2_test build failure which currently
reads as follows when built with gccgo:
./argon2/blamka_ref.go:9:1: error: redefinition of 'processBlock'
func processBlock(out, in1, in2 *block) {
^
./argon2/blamka_amd64.go:53:1: note: previous definition of 'processBlock' was here
func processBlock(out, in1, in2 *block) {
^
./argon2/blamka_ref.go:13:1: error: redefinition of 'processBlockXOR'
func processBlockXOR(out, in1, in2 *block) {
^
./argon2/blamka_amd64.go:57:1: note: previous definition of 'processBlockXOR' was here
func processBlockXOR(out, in1, in2 *block) {
^
Change-Id: I5c1d7360a2a91a2ac27273a5c1da2a139b1537a7
Reviewed-on: https://go-review.googlesource.com/88455
Run-TryBot: Alex Vaghin <ddos@google.com>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
chacha20-poly1305 is an AEAD which performs well without hardware
support. It is recommended as a replacement for the aging arcfour128
and arcfour256 ciphers.
Fixesgolang/go#9489
Change-Id: I5d5a4620a435e65997f0ba7e683a34c29d9a396b
Reviewed-on: https://go-review.googlesource.com/87077
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
The Manager now loops through known challenge types,
trying to fulfill one at a time until it succeeds or runs out
of supported challenges.
The provisioning of "http-01" challenges can be done
using the new Manager.HTTPHandler method.
It requires listening on unencrypted port 80.
Fixesgolang/go#21890
Change-Id: I55de9501f0069a9f460fedd8b5b0a09b94f9ef05
Reviewed-on: https://go-review.googlesource.com/87201
Run-TryBot: Alex Vaghin <ddos@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Fixesgolang/go#23194
During SSH Protocol Version Exchange, a client may send metadata lines
prior to sending the SSH version string. To conform to the RFC, all SSH
implementations must support this (minimally, clients can ignore the
metadata lines).
For example, this is valid:
some-metadata
SSH-2.0-OpenSSH
The current Go implementation takes the first line it sees as
the version string (in this case, some-metadata). Then, it uses
the next line (SSH-2.0-OpenSSH) as part of key exchange, which
is guaranteed to fail.
Unfortunately, this SSH feature is used by some vendors and is part
of the official RFC: https://tools.ietf.org/html/rfc4253#section-4.2
Change-Id: I7be61700a07756353875bf43aad09a580ba533ff
Reviewed-on: https://go-review.googlesource.com/86675
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
This exposes the chacha20 stream cipher to the entire x/crypto
package, and in particular to the SSH package, which uses separate,
unauthenticated chacha20 encryption for packet lengths.
Change-Id: I0b705482128f0657c09292370f03d08b588f7fec
Reviewed-on: https://go-review.googlesource.com/87075
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This change fixes an incorrect key derivation if the
degree of parallelism is greater than 1.
This change adds additional test vectors generated by the
https://github.com/P-H-C/phc-winner-argon2 CLI.
Fixesgolang/go#23200
Change-Id: I8add8382b9e9ebbf9a70493050867c9af4ed6aa7
Reviewed-on: https://go-review.googlesource.com/85055
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Add benchmarks for PBKDF2-HMAC-SHA1 and PBKDF2-HMAC-SHA256.
This is to help measure the crypto/hmac changes in CL 27458.
Change-Id: I17ef12f3a4641ba44f7bb917a9d87a3ed7c97c67
Reviewed-on: https://go-review.googlesource.com/84380
Reviewed-by: Filippo Valsorda <hi@filippo.io>
This CL adds the package argon2. The argon2 package implements
the Argon2 PBKDF family (Argon2i, Argon2d, Argon2id).
Argon2 is memory-hard key derivation function and is specified
at https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf
It can be used to derive cryptographic keys with high entropy from low
entropy passwords.
Fixesgolang/go#19896
Change-Id: I5b099682a8e3d7569ad18400cebddefc99a7e22f
Reviewed-on: https://go-review.googlesource.com/82575
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
Per the description, the "-s" file issues slight simplifications to
the source code.
Change-Id: I77395d763f5eafb48653902dcedfa56b150b2d67
Reviewed-on: https://go-review.googlesource.com/80138
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
None are "wrong" per se, but there are a lot of good suggestions and
in one case a docstring that was not present in godoc due to the
presence of an extra newline.
Changed "Id" in struct properties to "ID" in some non-exported
structs. Removed a trailing period from some error messages; I believe
the exact contents of error strings are not covered by the Go
compatibility promise.
Change-Id: I7c620582dc247396f72c52d38c909ccc0ec87b83
Reviewed-on: https://go-review.googlesource.com/80145
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Only show the SSH banner once, even if the client attempts
authentication with the "none" type and resets the authentication
attempts.
Change-Id: I1a7aacb50abf00233ed4d06c60808aaf51a9d7be
Reviewed-on: https://go-review.googlesource.com/78544
Run-TryBot: Sam Whited <sam@samwhited.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
ReadPassword uses Windows ReadFile to read from console handle.
But ReadFile does not split input into UTF-8 characters, so ReadFile
only works when input is ASCII. Use os.File instead of Windows
ReadFile, because os.File reads console and parses it into UTF-8.
Fixesgolang/go#22828
Change-Id: Ifeed3e8048b51f46706c28d4154a3e4b10111a3e
Reviewed-on: https://go-review.googlesource.com/79335
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
Run-TryBot: Alex Brainman <alex.brainman@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
According to RFC 4252 section 5.4, the banner is sent between the
ssh-connection request and responding to user authentication.
Original support for server sending banner by joshua stein <jcs@jcs.org>
Fixesgolang/go#19567
Change-Id: I729b3c8e5fd2c0068609d1590b61e92f40d87ea4
Reviewed-on: https://go-review.googlesource.com/71790
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
The macKey parameter of newGCMCipher is not used inside the function.
Remove it and adjust the only caller accordingly.
Change-Id: Ieb9c70d7f51825d734fdeedbc8962f0178fc0131
Reviewed-on: https://go-review.googlesource.com/65890
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Fix the following format string issues reported by go vet:
ocsp_test.go:46: Errorf format %d has arg resp.ThisUpdate of wrong type time.Time
ocsp_test.go:50: Errorf format %d has arg resp.NextUpdate of wrong type time.Time
ocsp_test.go:271: Errorf format %d has arg resp.ThisUpdate of wrong type time.Time
ocsp_test.go:275: Errorf format %d has arg resp.NextUpdate of wrong type time.Time
ocsp_test.go:279: Errorf format %d has arg resp.RevokedAt of wrong type time.Time
Change-Id: I3b516bb216424ad1777acfc27b11dc1b2d78836a
Reviewed-on: https://go-review.googlesource.com/76130
Reviewed-by: Filippo Valsorda <hi@filippo.io>
Fix the following format string issue reported by go vet:
blake2s_test.go:188: Fatalf format %v reads arg #3, but call has only 2 args
Change-Id: I689eadb7d7310ae93acd8a8419755f2724ff41dd
Reviewed-on: https://go-review.googlesource.com/75978
Reviewed-by: Filippo Valsorda <hi@filippo.io>
The EdDSA draft has been approved as RFC 8032.
Change-Id: I2c0fba98d63ea51a7bb79acef55b9847cd0fa727
Reviewed-on: https://go-review.googlesource.com/74670
Reviewed-by: Adam Langley <agl@golang.org>
This reverts commit ed5229da99.
Reason for revert: missing language tag in banner message breaks auth against other implementations.
Change-Id: I18ac5b3fe3b4693688b82ff4b0db02dab739c45b
Reviewed-on: https://go-review.googlesource.com/72381
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Some sentences are missing the word "the" and others have it too
often.
Change-Id: I01a631e8f2655dea4433a73e75cbc94e0c8959c2
Reviewed-on: https://go-review.googlesource.com/71870
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This is purely for debugging purposes, where an external system
may have a lookup mechanism based on Common Name.
Change-Id: I50b64ccf82e67fe8a0074a6f9b57e8cf102f1bb3
Reviewed-on: https://go-review.googlesource.com/71130
Run-TryBot: Alex Vaghin <ddos@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
According to RFC 4252 section 5.4, the banner is sent between the
ssh-connection request and responding to user authentication.
Original support for server sending banner by joshua stein <jcs@jcs.org>
Fixesgolang/go#19567
Change-Id: I68944a7f4711c0623759f6a59023e8e45a8781aa
Reviewed-on: https://go-review.googlesource.com/65271
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
Previously we documented recommended parameters for scrypt from 2009,
which was eight years ago. Update those parameters and also provide
some guidance to users for configuring those settings in 2017. On my
late 2015 Macbook Pro, the scrypt benchmark with N=1<<15, r=8, p=1
completes in 91 milliseconds.
Add an Example with a salt.
Fixesgolang/go#22082.
Change-Id: I23e3920db67583c9fce093768a32e67ab9c979f5
Reviewed-on: https://go-review.googlesource.com/67070
Reviewed-by: Adam Langley <agl@golang.org>
If you don't use a cache you're just begging for Let's Encrypt
to ban you for a week due to duplicate certificate requests.
Don't encourage users to get banned.
Change-Id: Icf999c7f28817990bb45931d30692d4040c0ed71
Reviewed-on: https://go-review.googlesource.com/66550
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Vaghin <ddos@google.com>
io.EOF is expected by the test, but the error message mentions os.EOF.
Adjust it to io.EOF.
Change-Id: I1a42da8d72f96f8757319183a6bb3281a64b3a40
Reviewed-on: https://go-review.googlesource.com/65870
Reviewed-by: Matt Layher <mdlayher@gmail.com>
Run-TryBot: Matt Layher <mdlayher@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
a -> an
Change-Id: I95a940df64cb825887b75a80eadc822095b49781
Reviewed-on: https://go-review.googlesource.com/63991
Run-TryBot: Alex Vaghin <ddos@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Vaghin <ddos@google.com>
I forgot to upload the final set of changes before submitting.
Change-Id: I3e60c6e2aad25af7f5007fc5ffbf8a1a1e1a91f3
Reviewed-on: https://go-review.googlesource.com/63331
Reviewed-by: Adam Langley <agl@golang.org>
While package comments shouldn't be novels, this throwaway word was not
sufficient (and wasn't mirrored in the `box` package).
This change attempts to include more reasoning without using too many
words.
Fixes golang/go#17673,golang/go#21139
Change-Id: I7fa11e2cd5b8e2010420cc14d784f9b0c65db6d2
Reviewed-on: https://go-review.googlesource.com/35910
Reviewed-by: Russ Cox <rsc@golang.org>
Andreas Auernhammer
Sergey Lukjanov
Yasuhiro Matsumoto
Han-Wen Nienhuys
Alex Vaghin
Justin Gracenin
Adam Langley
Mansour Rahimi
Andrew Ekstedt
Peter Moody
Kevin Burke
Sam Whited
Tugdual Saunier
Tobias Klauser
Joe Kyo
Anmol Sethi
Russ Cox
namusyaka
Filippo Valsorda