diff options
| author | Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | 2020-04-03 12:49:19 +0200 |
|---|---|---|
| committer | Andreas Schneider <asn@cryptomilk.org> | 2020-04-06 09:27:26 +0200 |
| commit | 9eb1ce88ae9222d092fa834b5594bdb9796e3f95 (patch) | |
| tree | a40faf7fda27592099fcc5e242a413d9b4cb33dc /src | |
| parent | d2f0d3270a8733e3e8ad3788e8a315c533c765f9 (diff) | |
| download | libssh-9eb1ce88ae9222d092fa834b5594bdb9796e3f95.tar.gz libssh-9eb1ce88ae9222d092fa834b5594bdb9796e3f95.tar.xz libssh-9eb1ce88ae9222d092fa834b5594bdb9796e3f95.zip | |
kex: Add support for diffie-hellman-group14-sha256
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/client.c | 1 | ||||
| -rw-r--r-- | src/dh.c | 1 | ||||
| -rw-r--r-- | src/dh_crypto.c | 1 | ||||
| -rw-r--r-- | src/dh_key.c | 1 | ||||
| -rw-r--r-- | src/kex.c | 6 | ||||
| -rw-r--r-- | src/session.c | 2 | ||||
| -rw-r--r-- | src/wrapper.c | 1 |
7 files changed, 13 insertions, 0 deletions
diff --git a/src/client.c b/src/client.c index a1b587f7..ae170b93 100644 --- a/src/client.c +++ b/src/client.c @@ -252,6 +252,7 @@ static int dh_handshake(ssh_session session) { switch(session->next_crypto->kex_type){ case SSH_KEX_DH_GROUP1_SHA1: case SSH_KEX_DH_GROUP14_SHA1: + case SSH_KEX_DH_GROUP14_SHA256: case SSH_KEX_DH_GROUP16_SHA512: case SSH_KEX_DH_GROUP18_SHA512: rc = ssh_client_dh_init(session); @@ -482,6 +482,7 @@ int ssh_server_dh_process_init(ssh_session session, ssh_buffer packet) switch (crypto->kex_type){ case SSH_KEX_DH_GROUP1_SHA1: case SSH_KEX_DH_GROUP14_SHA1: + case SSH_KEX_DH_GROUP14_SHA256: case SSH_KEX_DH_GROUP16_SHA512: case SSH_KEX_DH_GROUP18_SHA512: packet_type = SSH2_MSG_KEXDH_REPLY; diff --git a/src/dh_crypto.c b/src/dh_crypto.c index d72e757a..3b3495c1 100644 --- a/src/dh_crypto.c +++ b/src/dh_crypto.c @@ -179,6 +179,7 @@ int ssh_dh_init_common(struct ssh_crypto_struct *crypto) rc = ssh_dh_set_parameters(ctx, ssh_dh_group1, ssh_dh_generator); break; case SSH_KEX_DH_GROUP14_SHA1: + case SSH_KEX_DH_GROUP14_SHA256: rc = ssh_dh_set_parameters(ctx, ssh_dh_group14, ssh_dh_generator); break; case SSH_KEX_DH_GROUP16_SHA512: diff --git a/src/dh_key.c b/src/dh_key.c index 58161c14..bda54b17 100644 --- a/src/dh_key.c +++ b/src/dh_key.c @@ -247,6 +247,7 @@ int ssh_dh_init_common(struct ssh_crypto_struct *crypto) rc = ssh_dh_set_parameters(ctx, ssh_dh_group1, ssh_dh_generator); break; case SSH_KEX_DH_GROUP14_SHA1: + case SSH_KEX_DH_GROUP14_SHA256: rc = ssh_dh_set_parameters(ctx, ssh_dh_group14, ssh_dh_generator); break; case SSH_KEX_DH_GROUP16_SHA512: @@ -154,6 +154,7 @@ ECDH \ "diffie-hellman-group18-sha512,diffie-hellman-group16-sha512," \ GEX_SHA256 \ + "diffie-hellman-group14-sha256," \ "diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" #define KEY_EXCHANGE_SUPPORTED \ GEX_SHA1 \ @@ -183,6 +184,7 @@ "ecdh-sha2-nistp384,"\ "ecdh-sha2-nistp521,"\ "diffie-hellman-group-exchange-sha256,"\ + "diffie-hellman-group14-sha256,"\ "diffie-hellman-group16-sha512,"\ "diffie-hellman-group18-sha512" @@ -764,6 +766,8 @@ int ssh_kex_select_methods (ssh_session session){ session->next_crypto->kex_type=SSH_KEX_DH_GROUP1_SHA1; } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group14-sha1") == 0){ session->next_crypto->kex_type=SSH_KEX_DH_GROUP14_SHA1; + } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group14-sha256") == 0){ + session->next_crypto->kex_type=SSH_KEX_DH_GROUP14_SHA256; } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group16-sha512") == 0){ session->next_crypto->kex_type=SSH_KEX_DH_GROUP16_SHA512; } else if(strcmp(session->next_crypto->kex_methods[SSH_KEX], "diffie-hellman-group18-sha512") == 0){ @@ -1026,6 +1030,7 @@ int ssh_make_sessionid(ssh_session session) switch(session->next_crypto->kex_type) { case SSH_KEX_DH_GROUP1_SHA1: case SSH_KEX_DH_GROUP14_SHA1: + case SSH_KEX_DH_GROUP14_SHA256: case SSH_KEX_DH_GROUP16_SHA512: case SSH_KEX_DH_GROUP18_SHA512: rc = ssh_dh_keypair_get_keys(session->next_crypto->dh_ctx, @@ -1137,6 +1142,7 @@ int ssh_make_sessionid(ssh_session session) sha1(ssh_buffer_get(buf), ssh_buffer_get_len(buf), session->next_crypto->secret_hash); break; + case SSH_KEX_DH_GROUP14_SHA256: case SSH_KEX_ECDH_SHA2_NISTP256: case SSH_KEX_CURVE25519_SHA256: case SSH_KEX_CURVE25519_SHA256_LIBSSH_ORG: diff --git a/src/session.c b/src/session.c index fd99c5b1..3b3830f7 100644 --- a/src/session.c +++ b/src/session.c @@ -372,6 +372,8 @@ const char* ssh_get_kex_algo(ssh_session session) { return "diffie-hellman-group1-sha1"; case SSH_KEX_DH_GROUP14_SHA1: return "diffie-hellman-group14-sha1"; + case SSH_KEX_DH_GROUP14_SHA256: + return "diffie-hellman-group14-sha256"; case SSH_KEX_DH_GROUP16_SHA512: return "diffie-hellman-group16-sha512"; case SSH_KEX_DH_GROUP18_SHA512: diff --git a/src/wrapper.c b/src/wrapper.c index fd3417f3..7e57ab5d 100644 --- a/src/wrapper.c +++ b/src/wrapper.c @@ -545,6 +545,7 @@ int crypt_set_algorithms_server(ssh_session session){ switch (session->next_crypto->kex_type) { case SSH_KEX_DH_GROUP1_SHA1: case SSH_KEX_DH_GROUP14_SHA1: + case SSH_KEX_DH_GROUP14_SHA256: case SSH_KEX_DH_GROUP16_SHA512: case SSH_KEX_DH_GROUP18_SHA512: ssh_server_dh_init(session); |