Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitdab8a11

Browse files
authored
Use BouncyCastle for Diffie-Hellman key exchange (#1654)
Removes another vestige of hand-rolled crypto, and makes the classes public +configurable for if/when we remove certain algorithms.
1 parentb7c5f1a commitdab8a11

File tree

25 files changed

+496
-1009
lines changed

25 files changed

+496
-1009
lines changed

‎src/Renci.SshNet/ConnectionInfo.cs‎

Lines changed: 9 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,8 @@
77

88
usingMicrosoft.Extensions.Logging;
99

10+
usingOrg.BouncyCastle.Crypto.Agreement;
11+
1012
usingRenci.SshNet.Common;
1113
usingRenci.SshNet.Compression;
1214
usingRenci.SshNet.Messages.Authentication;
@@ -357,12 +359,13 @@ public ConnectionInfo(string host, int port, string username, ProxyTypes proxyTy
357359
{"ecdh-sha2-nistp256",()=>newKeyExchangeECDH256()},
358360
{"ecdh-sha2-nistp384",()=>newKeyExchangeECDH384()},
359361
{"ecdh-sha2-nistp521",()=>newKeyExchangeECDH521()},
360-
{"diffie-hellman-group-exchange-sha256",()=>newKeyExchangeDiffieHellmanGroupExchangeSha256()},
361-
{"diffie-hellman-group-exchange-sha1",()=>newKeyExchangeDiffieHellmanGroupExchangeSha1()},
362-
{"diffie-hellman-group16-sha512",()=>newKeyExchangeDiffieHellmanGroup16Sha512()},
363-
{"diffie-hellman-group14-sha256",()=>newKeyExchangeDiffieHellmanGroup14Sha256()},
364-
{"diffie-hellman-group14-sha1",()=>newKeyExchangeDiffieHellmanGroup14Sha1()},
365-
{"diffie-hellman-group1-sha1",()=>newKeyExchangeDiffieHellmanGroup1Sha1()},
362+
{"diffie-hellman-group-exchange-sha256",()=>newKeyExchangeDiffieHellmanGroupExchange("diffie-hellman-group-exchange-sha256",HashAlgorithmName.SHA256)},
363+
{"diffie-hellman-group16-sha512",()=>newKeyExchangeDiffieHellman("diffie-hellman-group16-sha512",DHStandardGroups.rfc3526_4096,HashAlgorithmName.SHA512)},
364+
{"diffie-hellman-group18-sha512",()=>newKeyExchangeDiffieHellman("diffie-hellman-group18-sha512",DHStandardGroups.rfc3526_8192,HashAlgorithmName.SHA512)},
365+
{"diffie-hellman-group14-sha256",()=>newKeyExchangeDiffieHellman("diffie-hellman-group14-sha256",DHStandardGroups.rfc3526_2048,HashAlgorithmName.SHA256)},
366+
{"diffie-hellman-group-exchange-sha1",()=>newKeyExchangeDiffieHellmanGroupExchange("diffie-hellman-group-exchange-sha1",HashAlgorithmName.SHA1)},
367+
{"diffie-hellman-group14-sha1",()=>newKeyExchangeDiffieHellman("diffie-hellman-group14-sha1",DHStandardGroups.rfc3526_2048,HashAlgorithmName.SHA1)},
368+
{"diffie-hellman-group1-sha1",()=>newKeyExchangeDiffieHellman("diffie-hellman-group1-sha1",DHStandardGroups.rfc2409_1024,HashAlgorithmName.SHA1)},
366369
};
367370

368371
Encryptions=newOrderedDictionary<string,CipherInfo>

‎src/Renci.SshNet/Messages/Transport/KeyExchangeDhGroupExchangeGroup.cs‎

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,8 @@ namespace Renci.SshNet.Messages.Transport
99
/// </summary>
1010
publicclassKeyExchangeDhGroupExchangeGroup:Message
1111
{
12-
privatebyte[]_safePrime;
13-
privatebyte[]_subGroup;
12+
internalbyte[]SafePrimeBytes{get;privateset;}
13+
internalbyte[]SubGroupBytes{get;privateset;}
1414

1515
/// <inheritdoc />
1616
publicoverridestringMessageName
@@ -38,7 +38,7 @@ public override byte MessageNumber
3838
/// </value>
3939
publicBigIntegerSafePrime
4040
{
41-
get{return_safePrime.ToBigInteger();}
41+
get{returnSafePrimeBytes.ToBigInteger();}
4242
}
4343

4444
/// <summary>
@@ -49,7 +49,7 @@ public BigInteger SafePrime
4949
/// </value>
5050
publicBigIntegerSubGroup
5151
{
52-
get{return_subGroup.ToBigInteger();}
52+
get{returnSubGroupBytes.ToBigInteger();}
5353
}
5454

5555
/// <summary>
@@ -64,9 +64,9 @@ protected override int BufferCapacity
6464
{
6565
varcapacity=base.BufferCapacity;
6666
capacity+=4;// SafePrime length
67-
capacity+=_safePrime.Length;// SafePrime
67+
capacity+=SafePrimeBytes.Length;// SafePrime
6868
capacity+=4;// SubGroup length
69-
capacity+=_subGroup.Length;// SubGroup
69+
capacity+=SubGroupBytes.Length;// SubGroup
7070

7171
returncapacity;
7272
}
@@ -77,17 +77,17 @@ protected override int BufferCapacity
7777
/// </summary>
7878
protectedoverridevoidLoadData()
7979
{
80-
_safePrime=ReadBinary();
81-
_subGroup=ReadBinary();
80+
SafePrimeBytes=ReadBinary();
81+
SubGroupBytes=ReadBinary();
8282
}
8383

8484
/// <summary>
8585
/// Called when type specific data need to be saved.
8686
/// </summary>
8787
protectedoverridevoidSaveData()
8888
{
89-
WriteBinaryString(_safePrime);
90-
WriteBinaryString(_subGroup);
89+
WriteBinaryString(SafePrimeBytes);
90+
WriteBinaryString(SubGroupBytes);
9191
}
9292

9393
internaloverridevoidProcess(Sessionsession)

‎src/Renci.SshNet/Security/GroupExchangeHashData.cs‎

Lines changed: 6 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
usingSystem;
2-
usingSystem.Numerics;
32

43
usingRenci.SshNet.Common;
54

@@ -9,8 +8,6 @@ internal sealed class GroupExchangeHashData : SshData
98
{
109
privatebyte[]_serverVersion;
1110
privatebyte[]_clientVersion;
12-
privatebyte[]_prime;
13-
privatebyte[]_subGroup;
1411

1512
publicstringServerVersion
1613
{
@@ -36,17 +33,9 @@ public string ClientVersion
3633

3734
publicuintMaximumGroupSize{get;set;}
3835

39-
publicBigIntegerPrime
40-
{
41-
privateget{return_prime.ToBigInteger();}
42-
set{_prime=value.ToByteArray(isBigEndian:true);}
43-
}
36+
publicbyte[]Prime{get;set;}
4437

45-
publicBigIntegerSubGroup
46-
{
47-
privateget{return_subGroup.ToBigInteger();}
48-
set{_subGroup=value.ToByteArray(isBigEndian:true);}
49-
}
38+
publicbyte[]SubGroup{get;set;}
5039

5140
publicbyte[]ClientExchangeValue{get;set;}
5241

@@ -79,9 +68,9 @@ protected override int BufferCapacity
7968
capacity+=4;// PreferredGroupSize
8069
capacity+=4;// MaximumGroupSize
8170
capacity+=4;// Prime length
82-
capacity+=_prime.Length;// Prime
71+
capacity+=Prime.Length;// Prime
8372
capacity+=4;// SubGroup length
84-
capacity+=_subGroup.Length;// SubGroup
73+
capacity+=SubGroup.Length;// SubGroup
8574
capacity+=4;// ClientExchangeValue length
8675
capacity+=ClientExchangeValue.Length;// ClientExchangeValue
8776
capacity+=4;// ServerExchangeValue length
@@ -107,8 +96,8 @@ protected override void SaveData()
10796
Write(MinimumGroupSize);
10897
Write(PreferredGroupSize);
10998
Write(MaximumGroupSize);
110-
WriteBinaryString(_prime);
111-
WriteBinaryString(_subGroup);
99+
WriteBinaryString(Prime);
100+
WriteBinaryString(SubGroup);
112101
WriteBinaryString(ClientExchangeValue);
113102
WriteBinaryString(ServerExchangeValue);
114103
WriteBinaryString(SharedKey);

‎src/Renci.SshNet/Security/KeyExchange.cs‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -482,7 +482,7 @@ protected bool CanTrustHostKey(KeyHostAlgorithm host)
482482
/// <summary>
483483
/// Validates the exchange hash.
484484
/// </summary>
485-
/// <returns>true if exchange hash is valid; otherwise false.</returns>
485+
/// <returns><see langword="true"/> if exchange hash is valid; otherwise<see langword="false"/>.</returns>
486486
protectedabstractboolValidateExchangeHash();
487487

488488
privateprotectedboolValidateExchangeHash(byte[]encodedKey,byte[]encodedSignature)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp