No, nothing obvious. So the next step is surely to debug everything in
detail, printing out all the intermediate values.
Here's a PPK file I generated just now using "puttygen -t ecdsa -o
z.ppk", with passphrase "test":
PuTTY-User-Key-File-2: ecdsa-sha2-nistp384
Encryption: aes256-cbc
Comment: ecdsa-key-20210202
Public-Lines: 3
AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDqj3OwWLkl1
H5oMkLZyF8rqR23Hd3pcxFUy5klf4la7Qihh7x5h0idoAQ4mkkDDLo7jNfT76h+z
jtlETIf2gcN3DHPoQYA8Vr6UQ99pzOpvsZ7R0Ee9o3fkksZhd2BjiQ==
Private-Lines: 2
Jhjt0izpxomdH7WEf5h6a3qZiidBURir9X4gGLRwqqouCoOURyiMyUU4yKGH+qgv
v615YxyGlJZnpvzsjlg/zg==
Private-MAC: 11929e56c3dfa31faed5f12546581ba73585e8d8
Here is the precise binary data of the input to the hash function that
generates the MAC key:
70.75.74.74 79.2d.70.72 69.76.61.74 65.2d.6b.65 putty-private-ke
79.2d.66.69 6c.65.2d.6d 61.63.2d.6b 65.79.74.65 y-file-mac-keyte
73.74 st
The SHA-1 hash of that data is
50d1704c3bdc7447b29261e49041394c78c6f42b
Here is the precise binary data over which the MAC is computed using
that key:
00.00.00.13 65.63.64.73 61.2d.73.68 61.32.2d.6e ....ecdsa-sha2-n
69.73.74.70 33.38.34.00 00.00.0a.61 65.73.32.35 istp384....aes25
36.2d.63.62 63.00.00.00 12.65.63.64 73.61.2d.6b 6-cbc....ecdsa-k
65.79.2d.32 30.32.31.30 32.30.32.00 00.00.88.00 ey-20210202.....
00.00.13.65 63.64.73.61 2d.73.68.61 32.2d.6e.69 ...ecdsa-sha2-ni
73.74.70.33 38.34.00.00 00.08.6e.69 73.74.70.33 stp384....nistp3
38.34.00.00 00.61.04.3a a3.dc.ec.16 2e.49.75.1f 84...a.:.....Iu.
9a.0c.90.b6 72.17.ca.ea 47.6d.c7.77 7a.5c.c4.55 ....r...Gm.wz\.U
32.e6.49.5f e2.56.bb.42 28.61.ef.1e 61.d2.27.68 2.I_.V.B(a..a.'h
01.0e.26.92 40.c3.2e.8e e3.35.f4.fb ea.1f.b3.8e ..&.@....5......
d9.44.4c.87 f6.81.c3.77 0c.73.e8.41
80.3c.56.be .DL....w.s.A.<V.
94.43.df.69 cc.ea.6f.b1 9e.d1.d0.47 bd.a3.77.e4 .C.i..o....G..w.
92.c6.61.77 60.63.89.00 00.00.40.00 00.00.30.16 ..aw`c....@...0.
1b.e3.c0.b9 ee.d5.b2.62 84.2f.d8.aa ba.76.95.6a .......b./...v.j
64.60.a5.4a e1.8b.1a.e6
36.6c.6d.bd fe.12.c8.62 d`.J....6lm....b
d3.92.5f.c3 ad.b7.56.80 e6.88.db.2a 4d.89.c5.84 .._...V....*M...
d7.5c.aa.d5 a2.e7.a4.41 28.40.14 .\.....A(@.
And the HMAC-SHA-1 of that data, with the above key, is
11929e56c3dfa31faed5f12546581ba73585e8d8
If your implementation gives a different answer for this test file,
what part of that does it disagree with?