aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnderson Toshiyuki Sasaki <ansasaki@redhat.com>2020-04-03 12:49:19 +0200
committerAndreas Schneider <asn@cryptomilk.org>2020-04-06 11:36:35 +0200
commite510de0315a9b00832193266efbf0c5add1b71d8 (patch)
treea370584f4b04d60214c225ea9807a5c1d48c1109
parent34c596182dfcb7daa3a6659f1a61aab7f74f3a59 (diff)
downloadlibssh-e510de0315a9b00832193266efbf0c5add1b71d8.tar.gz
libssh-e510de0315a9b00832193266efbf0c5add1b71d8.tar.xz
libssh-e510de0315a9b00832193266efbf0c5add1b71d8.zip
kex: Add support for diffie-hellman-group14-sha256
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 9eb1ce88ae9222d092fa834b5594bdb9796e3f95)
-rw-r--r--include/libssh/crypto.h2
-rw-r--r--src/client.c1
-rw-r--r--src/dh.c1
-rw-r--r--src/dh_crypto.c1
-rw-r--r--src/dh_key.c1
-rw-r--r--src/kex.c6
-rw-r--r--src/session.c2
-rw-r--r--src/wrapper.c1
-rw-r--r--tests/client/torture_algorithms.c13
-rw-r--r--tests/pkd/pkd_hello.c8
-rw-r--r--tests/unittests/torture_options.c10
11 files changed, 44 insertions, 2 deletions
diff --git a/include/libssh/crypto.h b/include/libssh/crypto.h
index 8b0ae0ca..ede71661 100644
--- a/include/libssh/crypto.h
+++ b/include/libssh/crypto.h
@@ -80,6 +80,8 @@ enum ssh_key_exchange_e {
SSH_KEX_DH_GROUP16_SHA512,
/* diffie-hellman-group18-sha512 */
SSH_KEX_DH_GROUP18_SHA512,
+ /* diffie-hellman-group14-sha256 */
+ SSH_KEX_DH_GROUP14_SHA256,
};
enum ssh_cipher_e {
diff --git a/src/client.c b/src/client.c
index a1b587f7..ae170b93 100644
--- a/src/client.c
+++ b/src/client.c
@@ -252,6 +252,7 @@ static int dh_handshake(ssh_session session) {
switch(session->next_crypto->kex_type){
case SSH_KEX_DH_GROUP1_SHA1:
case SSH_KEX_DH_GROUP14_SHA1:
+ case SSH_KEX_DH_GROUP14_SHA256:
case SSH_KEX_DH_GROUP16_SHA512:
case SSH_KEX_DH_GROUP18_SHA512:
rc = ssh_client_dh_init(session);
diff --git a/src/dh.c b/src/dh.c
index 13b8e03d..05903daf 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -482,6 +482,7 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet)
switch (crypto->kex_type){
case SSH_KEX_DH_GROUP1_SHA1:
case SSH_KEX_DH_GROUP14_SHA1:
+ case SSH_KEX_DH_GROUP14_SHA256:
case SSH_KEX_DH_GROUP16_SHA512:
case SSH_KEX_DH_GROUP18_SHA512:
packet_type = SSH2_MSG_KEXDH_REPLY;
diff --git a/src/dh_crypto.c b/src/dh_crypto.c
index d72e757a..3b3495c1 100644
--- a/src/dh_crypto.c
+++ b/src/dh_crypto.c
@@ -179,6 +179,7 @@ int ssh_dh_init_common(struct ssh_crypto_struct *crypto)
rc = ssh_dh_set_parameters(ctx, ssh_dh_group1, ssh_dh_generator);
break;
case SSH_KEX_DH_GROUP14_SHA1:
+ case SSH_KEX_DH_GROUP14_SHA256:
rc = ssh_dh_set_parameters(ctx, ssh_dh_group14, ssh_dh_generator);
break;
case SSH_KEX_DH_GROUP16_SHA512:
diff --git a/src/dh_key.c b/src/dh_key.c
index 58161c14..bda54b17 100644
--- a/src/dh_key.c
+++ b/src/dh_key.c
@@ -247,6 +247,7 @@ int ssh_dh_init_common(struct ssh_crypto_struct *crypto)
rc = ssh_dh_set_parameters(ctx, ssh_dh_group1, ssh_dh_generator);
break;
case SSH_KEX_DH_GROUP14_SHA1:
+ case SSH_KEX_DH_GROUP14_SHA256:
rc = ssh_dh_set_parameters(ctx, ssh_dh_group14, ssh_dh_generator);
break;
case SSH_KEX_DH_GROUP16_SHA512:
diff --git a/src/kex.c b/src/kex.c
index 056096cb..80b6e8ad 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -154,6 +154,7 @@
ECDH \
"diffie-hellman-group18-sha512,diffie-hellman-group16-sha512," \
GEX_SHA256 \
+ "diffie-hellman-group14-sha256," \
"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1"
#define KEY_EXCHANGE_SUPPORTED \
GEX_SHA1 \
@@ -183,6 +184,7 @@
"ecdh-sha2-nistp384,"\
"ecdh-sha2-nistp521,"\
"diffie-hellman-group-exchange-sha256,"\
+ "diffie-hellman-group14-sha256,"\
"diffie-hellman-group16-sha512,"\
"diffie-hellman-group18-sha512"
@@ -764,6 +766,8 @@ int ssh_kex_select_methods (ssh_session session){
session->next_crypto->kex_type=SSH_KEX_DH_GROUP1_SHA1;
} else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group14-sha1") == 0){
session->next_crypto->kex_type=SSH_KEX_DH_GROUP14_SHA1;
+ } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group14-sha256") == 0){
+ session->next_crypto->kex_type=SSH_KEX_DH_GROUP14_SHA256;
} else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group16-sha512") == 0){
session->next_crypto->kex_type=SSH_KEX_DH_GROUP16_SHA512;
} else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group18-sha512") == 0){
@@ -1026,6 +1030,7 @@ int ssh_make_sessionid(ssh_session session)
switch(session->next_crypto->kex_type) {
case SSH_KEX_DH_GROUP1_SHA1:
case SSH_KEX_DH_GROUP14_SHA1:
+ case SSH_KEX_DH_GROUP14_SHA256:
case SSH_KEX_DH_GROUP16_SHA512:
case SSH_KEX_DH_GROUP18_SHA512:
rc = ssh_dh_keypair_get_keys(session->next_crypto->dh_ctx,
@@ -1137,6 +1142,7 @@ int ssh_make_sessionid(ssh_session session)
sha1(ssh_buffer_get(buf), ssh_buffer_get_len(buf),
session->next_crypto->secret_hash);
break;
+ case SSH_KEX_DH_GROUP14_SHA256:
case SSH_KEX_ECDH_SHA2_NISTP256:
case SSH_KEX_CURVE25519_SHA256:
case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG:
diff --git a/src/session.c b/src/session.c
index fd99c5b1..3b3830f7 100644
--- a/src/session.c
+++ b/src/session.c
@@ -372,6 +372,8 @@ const char* ssh_get_kex_algo(ssh_session session) {
return "diffie-hellman-group1-sha1";
case SSH_KEX_DH_GROUP14_SHA1:
return "diffie-hellman-group14-sha1";
+ case SSH_KEX_DH_GROUP14_SHA256:
+ return "diffie-hellman-group14-sha256";
case SSH_KEX_DH_GROUP16_SHA512:
return "diffie-hellman-group16-sha512";
case SSH_KEX_DH_GROUP18_SHA512:
diff --git a/src/wrapper.c b/src/wrapper.c
index fd3417f3..7e57ab5d 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -545,6 +545,7 @@ int crypt_set_algorithms_server(ssh_session session){
switch (session->next_crypto->kex_type) {
case SSH_KEX_DH_GROUP1_SHA1:
case SSH_KEX_DH_GROUP14_SHA1:
+ case SSH_KEX_DH_GROUP14_SHA256:
case SSH_KEX_DH_GROUP16_SHA512:
case SSH_KEX_DH_GROUP18_SHA512:
ssh_server_dh_init(session);
diff --git a/tests/client/torture_algorithms.c b/tests/client/torture_algorithms.c
index 247ed29d..19f25dbb 100644
--- a/tests/client/torture_algorithms.c
+++ b/tests/client/torture_algorithms.c
@@ -691,6 +691,16 @@ static void torture_algorithms_dh_group14(void **state) {
test_algorithm(s->ssh.session, "diffie-hellman-group14-sha1", NULL/*cipher*/, NULL/*hmac*/);
}
+static void torture_algorithms_dh_group14_sha256(void **state) {
+ struct torture_state *s = *state;
+
+ if (ssh_fips_mode()) {
+ skip();
+ }
+
+ test_algorithm(s->ssh.session, "diffie-hellman-group14-sha256", NULL/*cipher*/, NULL/*hmac*/);
+}
+
static void torture_algorithms_dh_group16(void **state) {
struct torture_state *s = *state;
@@ -901,6 +911,9 @@ int torture_run_tests(void) {
cmocka_unit_test_setup_teardown(torture_algorithms_dh_group14,
session_setup,
session_teardown),
+ cmocka_unit_test_setup_teardown(torture_algorithms_dh_group14_sha256,
+ session_setup,
+ session_teardown),
cmocka_unit_test_setup_teardown(torture_algorithms_dh_group16,
session_setup,
session_teardown),
diff --git a/tests/pkd/pkd_hello.c b/tests/pkd/pkd_hello.c
index b9b4475c..9ba45873 100644
--- a/tests/pkd/pkd_hello.c
+++ b/tests/pkd/pkd_hello.c
@@ -266,21 +266,25 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
f(client, rsa_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256"), setup_rsa, teardown) \
f(client, rsa_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384"), setup_rsa, teardown) \
f(client, rsa_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521"), setup_rsa, teardown) \
+ f(client, rsa_diffie_hellman_group14_sha256, kexcmd("diffie-hellman-group14-sha256"), setup_rsa, teardown) \
f(client, rsa_diffie_hellman_group16_sha512, kexcmd("diffie-hellman-group16-sha512"), setup_rsa, teardown) \
f(client, rsa_diffie_hellman_group18_sha512, kexcmd("diffie-hellman-group18-sha512"), setup_rsa, teardown) \
f(client, ecdsa_256_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256"), setup_ecdsa_256, teardown) \
f(client, ecdsa_256_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384"), setup_ecdsa_256, teardown) \
f(client, ecdsa_256_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521"), setup_ecdsa_256, teardown) \
+ f(client, ecdsa_256_diffie_hellman_group14_sha256,kexcmd("diffie-hellman-group14-sha256"), setup_ecdsa_256, teardown) \
f(client, ecdsa_256_diffie_hellman_group16_sha512,kexcmd("diffie-hellman-group16-sha512"), setup_ecdsa_256, teardown) \
f(client, ecdsa_256_diffie_hellman_group18_sha512,kexcmd("diffie-hellman-group18-sha512"), setup_ecdsa_256, teardown) \
f(client, ecdsa_384_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256"), setup_ecdsa_384, teardown) \
f(client, ecdsa_384_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384"), setup_ecdsa_384, teardown) \
f(client, ecdsa_384_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521"), setup_ecdsa_384, teardown) \
+ f(client, ecdsa_384_diffie_hellman_group14_sha256,kexcmd("diffie-hellman-group14-sha256"), setup_ecdsa_384, teardown) \
f(client, ecdsa_384_diffie_hellman_group16_sha512,kexcmd("diffie-hellman-group16-sha512"), setup_ecdsa_384, teardown) \
f(client, ecdsa_384_diffie_hellman_group18_sha512,kexcmd("diffie-hellman-group18-sha512"), setup_ecdsa_384, teardown) \
f(client, ecdsa_521_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256"), setup_ecdsa_521, teardown) \
f(client, ecdsa_521_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384"), setup_ecdsa_521, teardown) \
f(client, ecdsa_521_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521"), setup_ecdsa_521, teardown) \
+ f(client, ecdsa_521_diffie_hellman_group14_sha256,kexcmd("diffie-hellman-group14-sha256"), setup_ecdsa_521, teardown) \
f(client, ecdsa_521_diffie_hellman_group16_sha512,kexcmd("diffie-hellman-group16-sha512"), setup_ecdsa_521, teardown) \
f(client, ecdsa_521_diffie_hellman_group18_sha512,kexcmd("diffie-hellman-group18-sha512"), setup_ecdsa_521, teardown)
#endif
@@ -318,6 +322,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
f(client, dsa_diffie_hellman_group16_sha512, kexcmd("diffie-hellman-group16-sha512"), setup_dsa, teardown) \
f(client, dsa_diffie_hellman_group18_sha512, kexcmd("diffie-hellman-group18-sha512"), setup_dsa, teardown) \
f(client, dsa_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_dsa, teardown) \
+ f(client, dsa_diffie_hellman_group14_sha256, kexcmd("diffie-hellman-group14-sha256"), setup_dsa, teardown) \
f(client, dsa_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_dsa, teardown) \
f(client, dsa_diffie_hellman_group_exchange_sha256, kexcmd(GEX_SHA256), setup_dsa, teardown) \
f(client, dsa_diffie_hellman_group_exchange_sha1, kexcmd(GEX_SHA1), setup_dsa, teardown) \
@@ -337,6 +342,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
f(client, dsa_diffie_hellman_group16_sha512, kexcmd("diffie-hellman-group16-sha512"), setup_dsa, teardown) \
f(client, dsa_diffie_hellman_group18_sha512, kexcmd("diffie-hellman-group18-sha512"), setup_dsa, teardown) \
f(client, dsa_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_dsa, teardown) \
+ f(client, dsa_diffie_hellman_group14_sha256, kexcmd("diffie-hellman-group14-sha256"), setup_dsa, teardown) \
f(client, dsa_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_dsa, teardown)
#elif defined(WITH_GEX) /* && !defined(HAVE_DSA) */
@@ -362,6 +368,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
f(client, ed25519_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256"), setup_ed25519, teardown) \
f(client, ed25519_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384"), setup_ed25519, teardown) \
f(client, ed25519_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521"), setup_ed25519, teardown) \
+ f(client, ed25519_diffie_hellman_group14_sha256, kexcmd("diffie-hellman-group14-sha256"), setup_ed25519, teardown) \
f(client, ed25519_diffie_hellman_group16_sha512, kexcmd("diffie-hellman-group16-sha512"), setup_ed25519, teardown) \
f(client, ed25519_diffie_hellman_group18_sha512, kexcmd("diffie-hellman-group18-sha512"), setup_ed25519, teardown) \
f(client, ed25519_diffie_hellman_group14_sha1, kexcmd("diffie-hellman-group14-sha1"), setup_ed25519, teardown) \
@@ -376,6 +383,7 @@ static int torture_pkd_setup_ecdsa_521(void **state) {
f(client, ed25519_ecdh_sha2_nistp256, kexcmd("ecdh-sha2-nistp256"), setup_ed25519, teardown) \
f(client, ed25519_ecdh_sha2_nistp384, kexcmd("ecdh-sha2-nistp384"), setup_ed25519, teardown) \
f(client, ed25519_ecdh_sha2_nistp521, kexcmd("ecdh-sha2-nistp521"), setup_ed25519, teardown) \
+ f(client, ed25519_diffie_hellman_group14_sha256, kexcmd("diffie-hellman-group14-sha256"), setup_ed25519, teardown) \
f(client, ed25519_diffie_hellman_group16_sha512, kexcmd("diffie-hellman-group16-sha512"), setup_ed25519, teardown) \
f(client, ed25519_diffie_hellman_group18_sha512, kexcmd("diffie-hellman-group18-sha512"), setup_ed25519, teardown) \
f(client, ed25519_diffie_hellman_group1_sha1, kexcmd("diffie-hellman-group1-sha1"), setup_ed25519, teardown) \
diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c
index 0d74913e..d0fdaed1 100644
--- a/tests/unittests/torture_options.c
+++ b/tests/unittests/torture_options.c
@@ -109,18 +109,21 @@ static void torture_options_set_key_exchange(void **state)
"curve25519-sha256,curve25519-sha256@libssh.org,"
"ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
"diffie-hellman-group18-sha512,"
+ "diffie-hellman-group14-sha256,"
"diffie-hellman-group14-sha1");
assert_true(rc == 0);
assert_non_null(session->opts.wanted_methods[SSH_KEX]);
if (ssh_fips_mode()) {
assert_string_equal(session->opts.wanted_methods[SSH_KEX],
"ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
- "diffie-hellman-group18-sha512");
+ "diffie-hellman-group18-sha512,"
+ "diffie-hellman-group14-sha256");
} else {
assert_string_equal(session->opts.wanted_methods[SSH_KEX],
"curve25519-sha256,curve25519-sha256@libssh.org,"
"ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
"diffie-hellman-group18-sha512,"
+ "diffie-hellman-group14-sha256,"
"diffie-hellman-group14-sha1");
}
@@ -1327,18 +1330,21 @@ static void torture_bind_options_set_key_exchange(void **state)
"curve25519-sha256,curve25519-sha256@libssh.org,"
"ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
"diffie-hellman-group18-sha512,"
+ "diffie-hellman-group14-sha256,"
"diffie-hellman-group14-sha1");
assert_int_equal(rc, 0);
assert_non_null(bind->wanted_methods[SSH_KEX]);
if (ssh_fips_mode()) {
assert_string_equal(bind->wanted_methods[SSH_KEX],
"ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
- "diffie-hellman-group18-sha512");
+ "diffie-hellman-group18-sha512,"
+ "diffie-hellman-group14-sha256");
} else {
assert_string_equal(bind->wanted_methods[SSH_KEX],
"curve25519-sha256,curve25519-sha256@libssh.org,"
"ecdh-sha2-nistp256,diffie-hellman-group16-sha512,"
"diffie-hellman-group18-sha512,"
+ "diffie-hellman-group14-sha256,"
"diffie-hellman-group14-sha1");
}