• R/O
  • SSH
  • HTTPS

ttssh2: Commit


Commit MetaInfo

Revision6263 (tree)
Time2016-01-18 18:24:32
Authordoda

Log Message

diffie-hellman-group{14,15,16}-sha256 鍵交換方式に対応
https://osdn.jp/ticket/browse.php?group_id=1412&tid=35921

Change Summary

Incremental Difference

--- trunk/ttssh2/ttxssh/ssh.c (revision 6262)
+++ trunk/ttssh2/ttxssh/ssh.c (revision 6263)
@@ -5125,6 +5125,9 @@
51255125 switch (pvar->kex_type) {
51265126 case KEX_DH_GRP1_SHA1:
51275127 case KEX_DH_GRP14_SHA1:
5128+ case KEX_DH_GRP14_SHA256:
5129+ case KEX_DH_GRP15_SHA256:
5130+ case KEX_DH_GRP16_SHA256:
51285131 SSH2_dh_kex_init(pvar);
51295132 break;
51305133 case KEX_DH_GEX_SHA1:
@@ -5164,11 +5167,21 @@
51645167 int len;
51655168
51665169 // Diffie-Hellman key agreement
5167- if (pvar->kex_type == KEX_DH_GRP1_SHA1) {
5170+ switch (pvar->kex_type) {
5171+ case KEX_DH_GRP1_SHA1:
51685172 dh = dh_new_group1();
5169- } else if (pvar->kex_type == KEX_DH_GRP14_SHA1) {
5173+ break;
5174+ case KEX_DH_GRP14_SHA1:
5175+ case KEX_DH_GRP14_SHA256:
51705176 dh = dh_new_group14();
5171- } else {
5177+ break;
5178+ case KEX_DH_GRP15_SHA256:
5179+ dh = dh_new_group15();
5180+ break;
5181+ case KEX_DH_GRP16_SHA256:
5182+ dh = dh_new_group16();
5183+ break;
5184+ default:
51725185 goto error;
51735186 }
51745187
@@ -5625,7 +5638,8 @@
56255638
56265639 // ハッシュの計算
56275640 /* calc and verify H */
5628- hash = kex_dh_hash(pvar->client_version_string,
5641+ hash = kex_dh_hash(get_kex_algorithm_EVP_MD(pvar->kex_type),
5642+ pvar->client_version_string,
56295643 pvar->server_version_string,
56305644 buffer_ptr(pvar->my_kex), buffer_len(pvar->my_kex),
56315645 buffer_ptr(pvar->peer_kex), buffer_len(pvar->peer_kex),
@@ -6237,6 +6251,9 @@
62376251 switch (pvar->kex_type) {
62386252 case KEX_DH_GRP1_SHA1:
62396253 case KEX_DH_GRP14_SHA1:
6254+ case KEX_DH_GRP14_SHA256:
6255+ case KEX_DH_GRP15_SHA256:
6256+ case KEX_DH_GRP16_SHA256:
62406257 handle_SSH2_dh_kex_reply(pvar);
62416258 break;
62426259 case KEX_DH_GEX_SHA1:
--- trunk/ttssh2/ttxssh/ssh.h (revision 6262)
+++ trunk/ttssh2/ttxssh/ssh.h (revision 6263)
@@ -390,6 +390,9 @@
390390 KEX_ECDH_SHA2_256,
391391 KEX_ECDH_SHA2_384,
392392 KEX_ECDH_SHA2_521,
393+ KEX_DH_GRP14_SHA256,
394+ KEX_DH_GRP15_SHA256,
395+ KEX_DH_GRP16_SHA256,
393396 KEX_DH_UNKNOWN,
394397 KEX_DH_MAX = KEX_DH_UNKNOWN,
395398 } kex_algorithm;
@@ -408,6 +411,9 @@
408411 {KEX_ECDH_SHA2_256, "ecdh-sha2-nistp256", EVP_sha256}, // RFC5656
409412 {KEX_ECDH_SHA2_384, "ecdh-sha2-nistp384", EVP_sha384}, // RFC5656
410413 {KEX_ECDH_SHA2_521, "ecdh-sha2-nistp521", EVP_sha512}, // RFC5656
414+ {KEX_DH_GRP14_SHA256, "diffie-hellman-group14-sha256", EVP_sha256}, // draft-baushke-ssh-dh-group-sha2-01
415+ {KEX_DH_GRP15_SHA256, "diffie-hellman-group15-sha256", EVP_sha256}, // draft-baushke-ssh-dh-group-sha2-01
416+ {KEX_DH_GRP16_SHA256, "diffie-hellman-group16-sha256", EVP_sha256}, // draft-baushke-ssh-dh-group-sha2-01
411417 {KEX_DH_NONE , NULL, NULL},
412418 };
413419
--- trunk/ttssh2/ttxssh/kex.c (revision 6262)
+++ trunk/ttssh2/ttxssh/kex.c (revision 6263)
@@ -91,7 +91,57 @@
9191 return (dh_new_group_asc(gen, group14));
9292 }
9393
94+DH *dh_new_group15(void)
95+{
96+ static char *gen = "2", *group15 =
97+ "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
98+ "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
99+ "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
100+ "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
101+ "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
102+ "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
103+ "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
104+ "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
105+ "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
106+ "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
107+ "15728E5A" "8AAAC42D" "AD33170D" "04507A33" "A85521AB" "DF1CBA64"
108+ "ECFB8504" "58DBEF0A" "8AEA7157" "5D060C7D" "B3970F85" "A6E1E4C7"
109+ "ABF5AE8C" "DB0933D7" "1E8C94E0" "4A25619D" "CEE3D226" "1AD2EE6B"
110+ "F12FFA06" "D98A0864" "D8760273" "3EC86A64" "521F2B18" "177B200C"
111+ "BBE11757" "7A615D6C" "770988C0" "BAD946E2" "08E24FA0" "74E5AB31"
112+ "43DB5BFC" "E0FD108E" "4B82D120" "A93AD2CA" "FFFFFFFF" "FFFFFFFF";
113+ return (dh_new_group_asc(gen, group15));
114+}
94115
116+DH *dh_new_group16(void)
117+{
118+ static char *gen = "2", *group16 =
119+ "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
120+ "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
121+ "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
122+ "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
123+ "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D"
124+ "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F"
125+ "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D"
126+ "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B"
127+ "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9"
128+ "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510"
129+ "15728E5A" "8AAAC42D" "AD33170D" "04507A33" "A85521AB" "DF1CBA64"
130+ "ECFB8504" "58DBEF0A" "8AEA7157" "5D060C7D" "B3970F85" "A6E1E4C7"
131+ "ABF5AE8C" "DB0933D7" "1E8C94E0" "4A25619D" "CEE3D226" "1AD2EE6B"
132+ "F12FFA06" "D98A0864" "D8760273" "3EC86A64" "521F2B18" "177B200C"
133+ "BBE11757" "7A615D6C" "770988C0" "BAD946E2" "08E24FA0" "74E5AB31"
134+ "43DB5BFC" "E0FD108E" "4B82D120" "A9210801" "1A723C12" "A787E6D7"
135+ "88719A10" "BDBA5B26" "99C32718" "6AF4E23C" "1A946834" "B6150BDA"
136+ "2583E9CA" "2AD44CE8" "DBBBC2DB" "04DE8EF9" "2E8EFC14" "1FBECAA6"
137+ "287C5947" "4E6BC05D" "99B2964F" "A090C3A2" "233BA186" "515BE7ED"
138+ "1F612970" "CEE2D7AF" "B81BDD76" "2170481C" "D0069127" "D5B05AA9"
139+ "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199"
140+ "FFFFFFFF" "FFFFFFFF";
141+ return (dh_new_group_asc(gen, group16));
142+}
143+
144+
95145 // DH鍵を生成する
96146 void dh_gen_key(PTInstVar pvar, DH *dh, int we_need /* bytes */ )
97147 {
@@ -137,8 +187,9 @@
137187 }
138188
139189
140-// SHA-1(160bit)を求める
141-unsigned char *kex_dh_hash(char *client_version_string,
190+// shared secret を計算する (DH 固定グループ用)
191+unsigned char *kex_dh_hash(const EVP_MD *evp_md,
192+ char *client_version_string,
142193 char *server_version_string,
143194 char *ckexinit, int ckexinitlen,
144195 char *skexinit, int skexinitlen,
@@ -150,7 +201,6 @@
150201 {
151202 buffer_t *b;
152203 static unsigned char digest[EVP_MAX_MD_SIZE];
153- const EVP_MD *evp_md = EVP_sha1();
154204 EVP_MD_CTX md;
155205
156206 b = buffer_init();
@@ -187,7 +237,7 @@
187237 }
188238
189239
190-// SHA-1(160bit)/SHA-256(256bit)を求める
240+// shared secret を計算する (DH GEX用)
191241 unsigned char *kex_dh_gex_hash(const EVP_MD *evp_md,
192242 char *client_version_string,
193243 char *server_version_string,
--- trunk/ttssh2/ttxssh/kex.h (revision 6262)
+++ trunk/ttssh2/ttxssh/kex.h (revision 6263)
@@ -33,10 +33,13 @@
3333
3434 DH *dh_new_group1(void);
3535 DH *dh_new_group14(void);
36+DH *dh_new_group15(void);
37+DH *dh_new_group16(void);
3638 void dh_gen_key(PTInstVar pvar, DH *dh, int we_need /* bytes */ );
3739 int dh_estimate(int bits);
3840
39-unsigned char *kex_dh_hash(char *client_version_string,
41+unsigned char *kex_dh_hash(const EVP_MD *evp_md,
42+ char *client_version_string,
4043 char *server_version_string,
4144 char *ckexinit, int ckexinitlen,
4245 char *skexinit, int skexinitlen,
--- trunk/ttssh2/ttxssh/ttxssh.c (revision 6262)
+++ trunk/ttssh2/ttxssh/ttxssh.c (revision 6263)
@@ -305,6 +305,9 @@
305305 KEX_ECDH_SHA2_256,
306306 KEX_ECDH_SHA2_384,
307307 KEX_ECDH_SHA2_521,
308+ KEX_DH_GRP16_SHA256,
309+ KEX_DH_GRP15_SHA256,
310+ KEX_DH_GRP14_SHA256,
308311 KEX_DH_GEX_SHA256,
309312 KEX_DH_GEX_SHA1,
310313 KEX_DH_GRP14_SHA1,
Show on old repository browser