diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2016-05-02 10:26:04 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2016-05-02 20:39:32 +1000 |
| commit | 0e8eeec8e75f6d0eaf33317376f773160018a9c7 (patch) | |
| tree | 1fe3e4d977c9df10597c2a5dec1b6b0a8ab8afbe | |
| parent | 57464e3934ba53ad8590ee3ccd840f693407fc1e (diff) | |
upstream commit
add support for additional fixed DH groups from
draft-ietf-curdle-ssh-kex-sha2-03
diffie-hellman-group14-sha256 (2K group)
diffie-hellman-group16-sha512 (4K group)
diffie-hellman-group18-sha512 (8K group)
based on patch from Mark D. Baushke and Darren Tucker
ok markus@
Upstream-ID: ac00406ada4f0dfec41585ca0839f039545bc46f
| -rw-r--r-- | dh.c | 83 | ||||
| -rw-r--r-- | dh.h | 4 | ||||
| -rw-r--r-- | kex.c | 7 | ||||
| -rw-r--r-- | kex.h | 12 | ||||
| -rw-r--r-- | kexdh.c | 9 | ||||
| -rw-r--r-- | kexdhc.c | 10 | ||||
| -rw-r--r-- | kexdhs.c | 10 | ||||
| -rw-r--r-- | monitor.c | 5 | ||||
| -rw-r--r-- | myproposal.h | 15 | ||||
| -rw-r--r-- | ssh-keyscan.c | 5 | ||||
| -rw-r--r-- | ssh_api.c | 8 | ||||
| -rw-r--r-- | sshconnect2.c | 5 | ||||
| -rw-r--r-- | sshd.c | 5 |
13 files changed, 146 insertions, 32 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dh.c,v 1.59 2016/03/31 05:24:06 dtucker Exp $ */ | 1 | /* $OpenBSD: dh.c,v 1.60 2016/05/02 10:26:04 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
| 4 | * | 4 | * |
| @@ -314,6 +314,7 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus) | |||
| 314 | return (dh); | 314 | return (dh); |
| 315 | } | 315 | } |
| 316 | 316 | ||
| 317 | /* rfc2409 "Second Oakley Group" (1024 bits) */ | ||
| 317 | DH * | 318 | DH * |
| 318 | dh_new_group1(void) | 319 | dh_new_group1(void) |
| 319 | { | 320 | { |
| @@ -328,6 +329,7 @@ dh_new_group1(void) | |||
| 328 | return (dh_new_group_asc(gen, group1)); | 329 | return (dh_new_group_asc(gen, group1)); |
| 329 | } | 330 | } |
| 330 | 331 | ||
| 332 | /* rfc3526 group 14 "2048-bit MODP Group" */ | ||
| 331 | DH * | 333 | DH * |
| 332 | dh_new_group14(void) | 334 | dh_new_group14(void) |
| 333 | { | 335 | { |
| @@ -347,12 +349,9 @@ dh_new_group14(void) | |||
| 347 | return (dh_new_group_asc(gen, group14)); | 349 | return (dh_new_group_asc(gen, group14)); |
| 348 | } | 350 | } |
| 349 | 351 | ||
| 350 | /* | 352 | /* rfc3526 group 16 "4096-bit MODP Group" */ |
| 351 | * 4k bit fallback group used by DH-GEX if moduli file cannot be read. | ||
| 352 | * Source: MODP group 16 from RFC3526. | ||
| 353 | */ | ||
| 354 | DH * | 353 | DH * |
| 355 | dh_new_group_fallback(int max) | 354 | dh_new_group16(void) |
| 356 | { | 355 | { |
| 357 | static char *gen = "2", *group16 = | 356 | static char *gen = "2", *group16 = |
| 358 | "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" | 357 | "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" |
| @@ -378,12 +377,75 @@ dh_new_group_fallback(int max) | |||
| 378 | "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199" | 377 | "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34063199" |
| 379 | "FFFFFFFF" "FFFFFFFF"; | 378 | "FFFFFFFF" "FFFFFFFF"; |
| 380 | 379 | ||
| 381 | if (max < 4096) { | 380 | return (dh_new_group_asc(gen, group16)); |
| 382 | debug3("requested max size %d, using 2k bit group 14", max); | 381 | } |
| 382 | |||
| 383 | /* rfc3526 group 18 "8192-bit MODP Group" */ | ||
| 384 | DH * | ||
| 385 | dh_new_group18(void) | ||
| 386 | { | ||
| 387 | static char *gen = "2", *group16 = | ||
| 388 | "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1" | ||
| 389 | "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD" | ||
| 390 | "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245" | ||
| 391 | "E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" | ||
| 392 | "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE45B3D" | ||
| 393 | "C2007CB8" "A163BF05" "98DA4836" "1C55D39A" "69163FA8" "FD24CF5F" | ||
| 394 | "83655D23" "DCA3AD96" "1C62F356" "208552BB" "9ED52907" "7096966D" | ||
| 395 | "670C354E" "4ABC9804" "F1746C08" "CA18217C" "32905E46" "2E36CE3B" | ||
| 396 | "E39E772C" "180E8603" "9B2783A2" "EC07A28F" "B5C55DF0" "6F4C52C9" | ||
| 397 | "DE2BCBF6" "95581718" "3995497C" "EA956AE5" "15D22618" "98FA0510" | ||
| 398 | "15728E5A" "8AAAC42D" "AD33170D" "04507A33" "A85521AB" "DF1CBA64" | ||
| 399 | "ECFB8504" "58DBEF0A" "8AEA7157" "5D060C7D" "B3970F85" "A6E1E4C7" | ||
| 400 | "ABF5AE8C" "DB0933D7" "1E8C94E0" "4A25619D" "CEE3D226" "1AD2EE6B" | ||
| 401 | "F12FFA06" "D98A0864" "D8760273" "3EC86A64" "521F2B18" "177B200C" | ||
| 402 | "BBE11757" "7A615D6C" "770988C0" "BAD946E2" "08E24FA0" "74E5AB31" | ||
| 403 | "43DB5BFC" "E0FD108E" "4B82D120" "A9210801" "1A723C12" "A787E6D7" | ||
| 404 | "88719A10" "BDBA5B26" "99C32718" "6AF4E23C" "1A946834" "B6150BDA" | ||
| 405 | "2583E9CA" "2AD44CE8" "DBBBC2DB" "04DE8EF9" "2E8EFC14" "1FBECAA6" | ||
| 406 | "287C5947" "4E6BC05D" "99B2964F" "A090C3A2" "233BA186" "515BE7ED" | ||
| 407 | "1F612970" "CEE2D7AF" "B81BDD76" "2170481C" "D0069127" "D5B05AA9" | ||
| 408 | "93B4EA98" "8D8FDDC1" "86FFB7DC" "90A6C08F" "4DF435C9" "34028492" | ||
| 409 | "36C3FAB4" "D27C7026" "C1D4DCB2" "602646DE" "C9751E76" "3DBA37BD" | ||
| 410 | "F8FF9406" "AD9E530E" "E5DB382F" "413001AE" "B06A53ED" "9027D831" | ||
| 411 | "179727B0" "865A8918" "DA3EDBEB" "CF9B14ED" "44CE6CBA" "CED4BB1B" | ||
| 412 | "DB7F1447" "E6CC254B" "33205151" "2BD7AF42" "6FB8F401" "378CD2BF" | ||
| 413 | "5983CA01" "C64B92EC" "F032EA15" "D1721D03" "F482D7CE" "6E74FEF6" | ||
| 414 | "D55E702F" "46980C82" "B5A84031" "900B1C9E" "59E7C97F" "BEC7E8F3" | ||
| 415 | "23A97A7E" "36CC88BE" "0F1D45B7" "FF585AC5" "4BD407B2" "2B4154AA" | ||
| 416 | "CC8F6D7E" "BF48E1D8" "14CC5ED2" "0F8037E0" "A79715EE" "F29BE328" | ||
| 417 | "06A1D58B" "B7C5DA76" "F550AA3D" "8A1FBFF0" "EB19CCB1" "A313D55C" | ||
| 418 | "DA56C9EC" "2EF29632" "387FE8D7" "6E3C0468" "043E8F66" "3F4860EE" | ||
| 419 | "12BF2D5B" "0B7474D6" "E694F91E" "6DBE1159" "74A3926F" "12FEE5E4" | ||
| 420 | "38777CB6" "A932DF8C" "D8BEC4D0" "73B931BA" "3BC832B6" "8D9DD300" | ||
| 421 | "741FA7BF" "8AFC47ED" "2576F693" "6BA42466" "3AAB639C" "5AE4F568" | ||
| 422 | "3423B474" "2BF1C978" "238F16CB" "E39D652D" "E3FDB8BE" "FC848AD9" | ||
| 423 | "22222E04" "A4037C07" "13EB57A8" "1A23F0C7" "3473FC64" "6CEA306B" | ||
| 424 | "4BCBC886" "2F8385DD" "FA9D4B7F" "A2C087E8" "79683303" "ED5BDD3A" | ||
| 425 | "062B3CF5" "B3A278A6" "6D2A13F8" "3F44F82D" "DF310EE0" "74AB6A36" | ||
| 426 | "4597E899" "A0255DC1" "64F31CC5" "0846851D" "F9AB4819" "5DED7EA1" | ||
| 427 | "B1D510BD" "7EE74D73" "FAF36BC3" "1ECFA268" "359046F4" "EB879F92" | ||
| 428 | "4009438B" "481C6CD7" "889A002E" "D5EE382B" "C9190DA6" "FC026E47" | ||
| 429 | "9558E447" "5677E9AA" "9E3050E2" "765694DF" "C81F56E8" "80B96E71" | ||
| 430 | "60C980DD" "98EDD3DF" "FFFFFFFF" "FFFFFFFF"; | ||
| 431 | |||
| 432 | return (dh_new_group_asc(gen, group16)); | ||
| 433 | } | ||
| 434 | |||
| 435 | /* Select fallback group used by DH-GEX if moduli file cannot be read. */ | ||
| 436 | DH * | ||
| 437 | dh_new_group_fallback(int max) | ||
| 438 | { | ||
| 439 | debug3("%s: requested max size %d", __func__, max); | ||
| 440 | if (max < 3072) { | ||
| 441 | debug3("using 2k bit group 14"); | ||
| 383 | return dh_new_group14(); | 442 | return dh_new_group14(); |
| 443 | } else if (max < 6144) { | ||
| 444 | debug3("using 4k bit group 16"); | ||
| 445 | return dh_new_group16(); | ||
| 384 | } | 446 | } |
| 385 | debug3("using 4k bit group 16"); | 447 | debug3("using 8k bit group 18"); |
| 386 | return (dh_new_group_asc(gen, group16)); | 448 | return dh_new_group18(); |
| 387 | } | 449 | } |
| 388 | 450 | ||
| 389 | /* | 451 | /* |
| @@ -393,7 +455,6 @@ dh_new_group_fallback(int max) | |||
| 393 | * Management Part 1 (rev 3) limited by the recommended maximum value | 455 | * Management Part 1 (rev 3) limited by the recommended maximum value |
| 394 | * from RFC4419 section 3. | 456 | * from RFC4419 section 3. |
| 395 | */ | 457 | */ |
| 396 | |||
| 397 | u_int | 458 | u_int |
| 398 | dh_estimate(int bits) | 459 | dh_estimate(int bits) |
| 399 | { | 460 | { |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dh.h,v 1.14 2015/10/16 22:32:22 djm Exp $ */ | 1 | /* $OpenBSD: dh.h,v 1.15 2016/05/02 10:26:04 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 4 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
| @@ -37,6 +37,8 @@ DH *dh_new_group_asc(const char *, const char *); | |||
| 37 | DH *dh_new_group(BIGNUM *, BIGNUM *); | 37 | DH *dh_new_group(BIGNUM *, BIGNUM *); |
| 38 | DH *dh_new_group1(void); | 38 | DH *dh_new_group1(void); |
| 39 | DH *dh_new_group14(void); | 39 | DH *dh_new_group14(void); |
| 40 | DH *dh_new_group16(void); | ||
| 41 | DH *dh_new_group18(void); | ||
| 40 | DH *dh_new_group_fallback(int); | 42 | DH *dh_new_group_fallback(int); |
| 41 | 43 | ||
| 42 | int dh_gen_key(DH *, int); | 44 | int dh_gen_key(DH *, int); |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kex.c,v 1.117 2016/02/08 10:57:07 djm Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.118 2016/05/02 10:26:04 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -88,7 +88,10 @@ struct kexalg { | |||
| 88 | static const struct kexalg kexalgs[] = { | 88 | static const struct kexalg kexalgs[] = { |
| 89 | #ifdef WITH_OPENSSL | 89 | #ifdef WITH_OPENSSL |
| 90 | { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, | 90 | { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, |
| 91 | { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, | 91 | { KEX_DH14_SHA1, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 }, |
| 92 | { KEX_DH14_SHA256, KEX_DH_GRP14_SHA256, 0, SSH_DIGEST_SHA256 }, | ||
| 93 | { KEX_DH16_SHA512, KEX_DH_GRP16_SHA512, 0, SSH_DIGEST_SHA512 }, | ||
| 94 | { KEX_DH18_SHA512, KEX_DH_GRP18_SHA512, 0, SSH_DIGEST_SHA512 }, | ||
| 92 | { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, | 95 | { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 }, |
| 93 | #ifdef HAVE_EVP_SHA256 | 96 | #ifdef HAVE_EVP_SHA256 |
| 94 | { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, | 97 | { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 }, |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kex.h,v 1.77 2016/05/02 08:49:03 djm Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.78 2016/05/02 10:26:04 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
| @@ -51,7 +51,10 @@ | |||
| 51 | #define KEX_COOKIE_LEN 16 | 51 | #define KEX_COOKIE_LEN 16 |
| 52 | 52 | ||
| 53 | #define KEX_DH1 "diffie-hellman-group1-sha1" | 53 | #define KEX_DH1 "diffie-hellman-group1-sha1" |
| 54 | #define KEX_DH14 "diffie-hellman-group14-sha1" | 54 | #define KEX_DH14_SHA1 "diffie-hellman-group14-sha1" |
| 55 | #define KEX_DH14_SHA256 "diffie-hellman-group14-sha256" | ||
| 56 | #define KEX_DH16_SHA512 "diffie-hellman-group16-sha512" | ||
| 57 | #define KEX_DH18_SHA512 "diffie-hellman-group18-sha512" | ||
| 55 | #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" | 58 | #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" |
| 56 | #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" | 59 | #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" |
| 57 | #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" | 60 | #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" |
| @@ -88,6 +91,9 @@ enum kex_modes { | |||
| 88 | enum kex_exchange { | 91 | enum kex_exchange { |
| 89 | KEX_DH_GRP1_SHA1, | 92 | KEX_DH_GRP1_SHA1, |
| 90 | KEX_DH_GRP14_SHA1, | 93 | KEX_DH_GRP14_SHA1, |
| 94 | KEX_DH_GRP14_SHA256, | ||
| 95 | KEX_DH_GRP16_SHA512, | ||
| 96 | KEX_DH_GRP18_SHA512, | ||
| 91 | KEX_DH_GEX_SHA1, | 97 | KEX_DH_GEX_SHA1, |
| 92 | KEX_DH_GEX_SHA256, | 98 | KEX_DH_GEX_SHA256, |
| 93 | KEX_ECDH_SHA2, | 99 | KEX_ECDH_SHA2, |
| @@ -190,7 +196,7 @@ int kexecdh_server(struct ssh *); | |||
| 190 | int kexc25519_client(struct ssh *); | 196 | int kexc25519_client(struct ssh *); |
| 191 | int kexc25519_server(struct ssh *); | 197 | int kexc25519_server(struct ssh *); |
| 192 | 198 | ||
| 193 | int kex_dh_hash(const char *, const char *, | 199 | int kex_dh_hash(int, const char *, const char *, |
| 194 | const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, | 200 | const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, |
| 195 | const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); | 201 | const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); |
| 196 | 202 | ||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexdh.c,v 1.25 2015/01/19 20:16:15 markus Exp $ */ | 1 | /* $OpenBSD: kexdh.c,v 1.26 2016/05/02 10:26:04 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -43,6 +43,7 @@ | |||
| 43 | 43 | ||
| 44 | int | 44 | int |
| 45 | kex_dh_hash( | 45 | kex_dh_hash( |
| 46 | int hash_alg, | ||
| 46 | const char *client_version_string, | 47 | const char *client_version_string, |
| 47 | const char *server_version_string, | 48 | const char *server_version_string, |
| 48 | const u_char *ckexinit, size_t ckexinitlen, | 49 | const u_char *ckexinit, size_t ckexinitlen, |
| @@ -56,7 +57,7 @@ kex_dh_hash( | |||
| 56 | struct sshbuf *b; | 57 | struct sshbuf *b; |
| 57 | int r; | 58 | int r; |
| 58 | 59 | ||
| 59 | if (*hashlen < ssh_digest_bytes(SSH_DIGEST_SHA1)) | 60 | if (*hashlen < ssh_digest_bytes(hash_alg)) |
| 60 | return SSH_ERR_INVALID_ARGUMENT; | 61 | return SSH_ERR_INVALID_ARGUMENT; |
| 61 | if ((b = sshbuf_new()) == NULL) | 62 | if ((b = sshbuf_new()) == NULL) |
| 62 | return SSH_ERR_ALLOC_FAIL; | 63 | return SSH_ERR_ALLOC_FAIL; |
| @@ -79,12 +80,12 @@ kex_dh_hash( | |||
| 79 | #ifdef DEBUG_KEX | 80 | #ifdef DEBUG_KEX |
| 80 | sshbuf_dump(b, stderr); | 81 | sshbuf_dump(b, stderr); |
| 81 | #endif | 82 | #endif |
| 82 | if (ssh_digest_buffer(SSH_DIGEST_SHA1, b, hash, *hashlen) != 0) { | 83 | if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) { |
| 83 | sshbuf_free(b); | 84 | sshbuf_free(b); |
| 84 | return SSH_ERR_LIBCRYPTO_ERROR; | 85 | return SSH_ERR_LIBCRYPTO_ERROR; |
| 85 | } | 86 | } |
| 86 | sshbuf_free(b); | 87 | sshbuf_free(b); |
| 87 | *hashlen = ssh_digest_bytes(SSH_DIGEST_SHA1); | 88 | *hashlen = ssh_digest_bytes(hash_alg); |
| 88 | #ifdef DEBUG_KEX | 89 | #ifdef DEBUG_KEX |
| 89 | dump_digest("hash", hash, *hashlen); | 90 | dump_digest("hash", hash, *hashlen); |
| 90 | #endif | 91 | #endif |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexdhc.c,v 1.18 2015/01/26 06:10:03 djm Exp $ */ | 1 | /* $OpenBSD: kexdhc.c,v 1.19 2016/05/02 10:26:04 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -63,8 +63,15 @@ kexdh_client(struct ssh *ssh) | |||
| 63 | kex->dh = dh_new_group1(); | 63 | kex->dh = dh_new_group1(); |
| 64 | break; | 64 | break; |
| 65 | case KEX_DH_GRP14_SHA1: | 65 | case KEX_DH_GRP14_SHA1: |
| 66 | case KEX_DH_GRP14_SHA256: | ||
| 66 | kex->dh = dh_new_group14(); | 67 | kex->dh = dh_new_group14(); |
| 67 | break; | 68 | break; |
| 69 | case KEX_DH_GRP16_SHA512: | ||
| 70 | kex->dh = dh_new_group16(); | ||
| 71 | break; | ||
| 72 | case KEX_DH_GRP18_SHA512: | ||
| 73 | kex->dh = dh_new_group18(); | ||
| 74 | break; | ||
| 68 | default: | 75 | default: |
| 69 | r = SSH_ERR_INVALID_ARGUMENT; | 76 | r = SSH_ERR_INVALID_ARGUMENT; |
| 70 | goto out; | 77 | goto out; |
| @@ -164,6 +171,7 @@ input_kex_dh(int type, u_int32_t seq, void *ctxt) | |||
| 164 | /* calc and verify H */ | 171 | /* calc and verify H */ |
| 165 | hashlen = sizeof(hash); | 172 | hashlen = sizeof(hash); |
| 166 | if ((r = kex_dh_hash( | 173 | if ((r = kex_dh_hash( |
| 174 | kex->hash_alg, | ||
| 167 | kex->client_version_string, | 175 | kex->client_version_string, |
| 168 | kex->server_version_string, | 176 | kex->server_version_string, |
| 169 | sshbuf_ptr(kex->my), sshbuf_len(kex->my), | 177 | sshbuf_ptr(kex->my), sshbuf_len(kex->my), |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexdhs.c,v 1.23 2015/12/04 16:41:28 markus Exp $ */ | 1 | /* $OpenBSD: kexdhs.c,v 1.24 2016/05/02 10:26:04 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -63,8 +63,15 @@ kexdh_server(struct ssh *ssh) | |||
| 63 | kex->dh = dh_new_group1(); | 63 | kex->dh = dh_new_group1(); |
| 64 | break; | 64 | break; |
| 65 | case KEX_DH_GRP14_SHA1: | 65 | case KEX_DH_GRP14_SHA1: |
| 66 | case KEX_DH_GRP14_SHA256: | ||
| 66 | kex->dh = dh_new_group14(); | 67 | kex->dh = dh_new_group14(); |
| 67 | break; | 68 | break; |
| 69 | case KEX_DH_GRP16_SHA512: | ||
| 70 | kex->dh = dh_new_group16(); | ||
| 71 | break; | ||
| 72 | case KEX_DH_GRP18_SHA512: | ||
| 73 | kex->dh = dh_new_group18(); | ||
| 74 | break; | ||
| 68 | default: | 75 | default: |
| 69 | r = SSH_ERR_INVALID_ARGUMENT; | 76 | r = SSH_ERR_INVALID_ARGUMENT; |
| 70 | goto out; | 77 | goto out; |
| @@ -158,6 +165,7 @@ input_kex_dh_init(int type, u_int32_t seq, void *ctxt) | |||
| 158 | /* calc H */ | 165 | /* calc H */ |
| 159 | hashlen = sizeof(hash); | 166 | hashlen = sizeof(hash); |
| 160 | if ((r = kex_dh_hash( | 167 | if ((r = kex_dh_hash( |
| 168 | kex->hash_alg, | ||
| 161 | kex->client_version_string, | 169 | kex->client_version_string, |
| 162 | kex->server_version_string, | 170 | kex->server_version_string, |
| 163 | sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), | 171 | sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: monitor.c,v 1.159 2016/05/02 08:49:03 djm Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.160 2016/05/02 10:26:04 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
| 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
| @@ -1860,6 +1860,9 @@ monitor_apply_keystate(struct monitor *pmonitor) | |||
| 1860 | #ifdef WITH_OPENSSL | 1860 | #ifdef WITH_OPENSSL |
| 1861 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 1861 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |
| 1862 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; | 1862 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; |
| 1863 | kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; | ||
| 1864 | kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; | ||
| 1865 | kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; | ||
| 1863 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 1866 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
| 1864 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 1867 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
| 1865 | # ifdef OPENSSL_HAS_ECC | 1868 | # ifdef OPENSSL_HAS_ECC |
diff --git a/myproposal.h b/myproposal.h index bdd05966f..597090164 100644 --- a/myproposal.h +++ b/myproposal.h | |||
| @@ -67,13 +67,18 @@ | |||
| 67 | #endif | 67 | #endif |
| 68 | 68 | ||
| 69 | #ifdef HAVE_EVP_SHA256 | 69 | #ifdef HAVE_EVP_SHA256 |
| 70 | # define KEX_SHA256_METHODS \ | 70 | # define KEX_SHA2_METHODS \ |
| 71 | "diffie-hellman-group-exchange-sha256," | 71 | "diffie-hellman-group-exchange-sha256," \ |
| 72 | "diffie-hellman-group16-sha512," \ | ||
| 73 | "diffie-hellman-group18-sha512," | ||
| 74 | # define KEX_SHA2_GROUP14 \ | ||
| 75 | "diffie-hellman-group14-sha256," | ||
| 72 | #define SHA2_HMAC_MODES \ | 76 | #define SHA2_HMAC_MODES \ |
| 73 | "hmac-sha2-256," \ | 77 | "hmac-sha2-256," \ |
| 74 | "hmac-sha2-512," | 78 | "hmac-sha2-512," |
| 75 | #else | 79 | #else |
| 76 | # define KEX_SHA256_METHODS | 80 | # define KEX_SHA2_METHODS |
| 81 | # define KEX_SHA2_GROUP14 | ||
| 77 | # define SHA2_HMAC_MODES | 82 | # define SHA2_HMAC_MODES |
| 78 | #endif | 83 | #endif |
| 79 | 84 | ||
| @@ -86,13 +91,15 @@ | |||
| 86 | #define KEX_COMMON_KEX \ | 91 | #define KEX_COMMON_KEX \ |
| 87 | KEX_CURVE25519_METHODS \ | 92 | KEX_CURVE25519_METHODS \ |
| 88 | KEX_ECDH_METHODS \ | 93 | KEX_ECDH_METHODS \ |
| 89 | KEX_SHA256_METHODS | 94 | KEX_SHA2_METHODS |
| 90 | 95 | ||
| 91 | #define KEX_SERVER_KEX KEX_COMMON_KEX \ | 96 | #define KEX_SERVER_KEX KEX_COMMON_KEX \ |
| 97 | KEX_SHA2_GROUP14 \ | ||
| 92 | "diffie-hellman-group14-sha1" \ | 98 | "diffie-hellman-group14-sha1" \ |
| 93 | 99 | ||
| 94 | #define KEX_CLIENT_KEX KEX_COMMON_KEX \ | 100 | #define KEX_CLIENT_KEX KEX_COMMON_KEX \ |
| 95 | "diffie-hellman-group-exchange-sha1," \ | 101 | "diffie-hellman-group-exchange-sha1," \ |
| 102 | KEX_SHA2_GROUP14 \ | ||
| 96 | "diffie-hellman-group14-sha1" | 103 | "diffie-hellman-group14-sha1" |
| 97 | 104 | ||
| 98 | #define KEX_DEFAULT_PK_ALG \ | 105 | #define KEX_DEFAULT_PK_ALG \ |
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 7fe61e4e1..c30d54e62 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keyscan.c,v 1.105 2016/02/15 09:47:49 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh-keyscan.c,v 1.106 2016/05/02 10:26:04 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
| 4 | * | 4 | * |
| @@ -302,6 +302,9 @@ keygrab_ssh2(con *c) | |||
| 302 | #ifdef WITH_OPENSSL | 302 | #ifdef WITH_OPENSSL |
| 303 | c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; | 303 | c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; |
| 304 | c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; | 304 | c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; |
| 305 | c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; | ||
| 306 | c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; | ||
| 307 | c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; | ||
| 305 | c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; | 308 | c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; |
| 306 | c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; | 309 | c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; |
| 307 | # ifdef OPENSSL_HAS_ECC | 310 | # ifdef OPENSSL_HAS_ECC |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh_api.c,v 1.5 2015/12/04 16:41:28 markus Exp $ */ | 1 | /* $OpenBSD: ssh_api.c,v 1.6 2016/05/02 10:26:04 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2012 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2012 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -103,6 +103,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) | |||
| 103 | #ifdef WITH_OPENSSL | 103 | #ifdef WITH_OPENSSL |
| 104 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 104 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |
| 105 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; | 105 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; |
| 106 | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; | ||
| 107 | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; | ||
| 108 | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; | ||
| 106 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 109 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
| 107 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 110 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
| 108 | # ifdef OPENSSL_HAS_ECC | 111 | # ifdef OPENSSL_HAS_ECC |
| @@ -117,6 +120,9 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) | |||
| 117 | #ifdef WITH_OPENSSL | 120 | #ifdef WITH_OPENSSL |
| 118 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; | 121 | ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; |
| 119 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; | 122 | ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; |
| 123 | ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; | ||
| 124 | ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; | ||
| 125 | ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; | ||
| 120 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; | 126 | ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; |
| 121 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; | 127 | ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; |
| 122 | # ifdef OPENSSL_HAS_ECC | 128 | # ifdef OPENSSL_HAS_ECC |
diff --git a/sshconnect2.c b/sshconnect2.c index 1dddf75aa..945471f15 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshconnect2.c,v 1.242 2016/05/02 08:49:03 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.243 2016/05/02 10:26:04 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
| @@ -206,6 +206,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
| 206 | #ifdef WITH_OPENSSL | 206 | #ifdef WITH_OPENSSL |
| 207 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; | 207 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; |
| 208 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; | 208 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client; |
| 209 | kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client; | ||
| 210 | kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client; | ||
| 211 | kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client; | ||
| 209 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; | 212 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; |
| 210 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; | 213 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; |
| 211 | # ifdef OPENSSL_HAS_ECC | 214 | # ifdef OPENSSL_HAS_ECC |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshd.c,v 1.467 2016/05/02 08:49:03 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.468 2016/05/02 10:26:04 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -2637,6 +2637,9 @@ do_ssh2_kex(void) | |||
| 2637 | #ifdef WITH_OPENSSL | 2637 | #ifdef WITH_OPENSSL |
| 2638 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 2638 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |
| 2639 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; | 2639 | kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server; |
| 2640 | kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server; | ||
| 2641 | kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server; | ||
| 2642 | kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server; | ||
| 2640 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 2643 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
| 2641 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 2644 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
| 2642 | # ifdef OPENSSL_HAS_ECC | 2645 | # ifdef OPENSSL_HAS_ECC |