diff options
author | Ryosuke Yamazaki <ryosuke.yamazaki@mac.com> | 2011-12-16 17:22:24 +0900 |
---|---|---|
committer | Ryosuke Yamazaki <ryosuke.yamazaki@mac.com> | 2011-12-16 17:22:24 +0900 |
commit | a2bca07172b89ed704e8508e7cba2bc3adabb9e3 (patch) | |
tree | 71f7c7596aba09bd471a33fa41dec388e7c9076d | |
parent | 27a6556e404f1c80570fcbb53e7cb01a7ea9f615 (diff) | |
download | net-ssh-a2bca07172b89ed704e8508e7cba2bc3adabb9e3.tar.gz |
add diffie-hellman-group-exchange-sha256 support
-rw-r--r-- | Manifest | 3 | ||||
-rw-r--r-- | lib/net/ssh/transport/algorithms.rb | 3 | ||||
-rw-r--r-- | lib/net/ssh/transport/kex.rb | 8 | ||||
-rw-r--r-- | lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb | 15 | ||||
-rw-r--r-- | test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb | 33 | ||||
-rw-r--r-- | test/transport/test_algorithms.rb | 8 |
6 files changed, 63 insertions, 7 deletions
@@ -59,9 +59,11 @@ lib/net/ssh/transport/hmac/sha2_256_96.rb lib/net/ssh/transport/hmac/sha2_512.rb lib/net/ssh/transport/hmac/sha2_512_96.rb lib/net/ssh/transport/identity_cipher.rb +lib/net/ssh/transport/key_expander.rb lib/net/ssh/transport/kex.rb lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb lib/net/ssh/transport/openssl.rb lib/net/ssh/transport/packet_stream.rb lib/net/ssh/transport/server_version.rb @@ -104,6 +106,7 @@ test/transport/hmac/test_sha1.rb test/transport/hmac/test_sha1_96.rb test/transport/kex/test_diffie_hellman_group1_sha1.rb test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb +test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb test/transport/test_algorithms.rb test/transport/test_cipher_factory.rb test/transport/test_hmac.rb diff --git a/lib/net/ssh/transport/algorithms.rb b/lib/net/ssh/transport/algorithms.rb index 13af77c..1c0c8ce 100644 --- a/lib/net/ssh/transport/algorithms.rb +++ b/lib/net/ssh/transport/algorithms.rb @@ -24,7 +24,8 @@ module Net; module SSH; module Transport ALGORITHMS = { :host_key => %w(ssh-rsa ssh-dss), :kex => %w(diffie-hellman-group-exchange-sha1 - diffie-hellman-group1-sha1), + diffie-hellman-group1-sha1 + diffie-hellman-group-exchange-sha256), :encryption => %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se idea-cbc none arcfour128 arcfour256), diff --git a/lib/net/ssh/transport/kex.rb b/lib/net/ssh/transport/kex.rb index 29123c3..79a46a1 100644 --- a/lib/net/ssh/transport/kex.rb +++ b/lib/net/ssh/transport/kex.rb @@ -1,5 +1,6 @@ require 'net/ssh/transport/kex/diffie_hellman_group1_sha1' require 'net/ssh/transport/kex/diffie_hellman_group_exchange_sha1' +require 'net/ssh/transport/kex/diffie_hellman_group_exchange_sha256' module Net::SSH::Transport module Kex @@ -7,7 +8,10 @@ module Net::SSH::Transport # to their corresponding implementors. MAP = { 'diffie-hellman-group-exchange-sha1' => DiffieHellmanGroupExchangeSHA1, - 'diffie-hellman-group1-sha1' => DiffieHellmanGroup1SHA1 + 'diffie-hellman-group1-sha1' => DiffieHellmanGroup1SHA1, } + if defined?(DiffieHellmanGroupExchangeSHA256) + MAP['diffie-hellman-group-exchange-sha256'] = DiffieHellmanGroupExchangeSHA256 + end end -end
\ No newline at end of file +end diff --git a/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb b/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb new file mode 100644 index 0000000..656254c --- /dev/null +++ b/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb @@ -0,0 +1,15 @@ +require 'net/ssh/transport/kex/diffie_hellman_group_exchange_sha1' + +module Net::SSH::Transport::Kex + if defined?(OpenSSL::Digest::SHA256) + # A key-exchange service implementing the + # "diffie-hellman-group-exchange-sha256" key-exchange algorithm. + class DiffieHellmanGroupExchangeSHA256 < DiffieHellmanGroupExchangeSHA1 + def initialize(*args) + super(*args) + + @digester = OpenSSL::Digest::SHA256 + end + end + end +end diff --git a/test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb b/test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb new file mode 100644 index 0000000..8c182c1 --- /dev/null +++ b/test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb @@ -0,0 +1,33 @@ +require 'common' +require 'net/ssh/transport/kex/diffie_hellman_group_exchange_sha1' + +module Transport; module Kex + + class TestDiffieHellmanGroupExchangeSHA256 < TestDiffieHellmanGroupExchangeSHA1 + private + + def subject + Net::SSH::Transport::Kex::DiffieHellmanGroupExchangeSHA256 + end + + def session_id + @session_id ||= begin + buffer = Net::SSH::Buffer.from(:string, packet_data[:client_version_string], + :string, packet_data[:server_version_string], + :string, packet_data[:client_algorithm_packet], + :string, packet_data[:server_algorithm_packet], + :string, Net::SSH::Buffer.from(:key, server_key), + :long, 1024, + :long, 1024, + :long, 8192, + :bignum, dh.dh.p, + :bignum, dh.dh.g, + :bignum, dh.dh.pub_key, + :bignum, server_dh_pubkey, + :bignum, shared_secret) + OpenSSL::Digest::SHA256.digest(buffer.to_s) + end + end + end + +end; end diff --git a/test/transport/test_algorithms.rb b/test/transport/test_algorithms.rb index 68a0035..97c0364 100644 --- a/test/transport/test_algorithms.rb +++ b/test/transport/test_algorithms.rb @@ -18,7 +18,7 @@ module Transport def test_constructor_should_build_default_list_of_preferred_algorithms assert_equal %w(ssh-rsa ssh-dss), algorithms[:host_key] - assert_equal %w(diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1), algorithms[:kex] + assert_equal %w(diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha256), algorithms[:kex] assert_equal %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se idea-cbc none arcfour128 arcfour256), algorithms[:encryption] if defined?(OpenSSL::Digest::SHA256) assert_equal %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96 hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none), algorithms[:hmac] @@ -50,7 +50,7 @@ module Transport end def test_constructor_with_preferred_kex_should_put_preferred_kex_first - assert_equal %w(diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha1), algorithms(:kex => "diffie-hellman-group1-sha1")[:kex] + assert_equal %w(diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256), algorithms(:kex => "diffie-hellman-group1-sha1")[:kex] end def test_constructor_with_unrecognized_kex_should_raise_exception @@ -256,7 +256,7 @@ module Transport def kexinit(options={}) @kexinit ||= P(:byte, KEXINIT, :long, rand(0xFFFFFFFF), :long, rand(0xFFFFFFFF), :long, rand(0xFFFFFFFF), :long, rand(0xFFFFFFFF), - :string, options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1", + :string, options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256", :string, options[:host_key] || "ssh-rsa,ssh-dss", :string, options[:encryption_client] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc", :string, options[:encryption_server] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc", @@ -272,7 +272,7 @@ module Transport def assert_kexinit(buffer, options={}) assert_equal KEXINIT, buffer.type assert_equal 16, buffer.read(16).length - assert_equal options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1", buffer.read_string + assert_equal options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256", buffer.read_string assert_equal options[:host_key] || "ssh-rsa,ssh-dss", buffer.read_string assert_equal options[:encryption_client] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc,none,arcfour128,arcfour256", buffer.read_string assert_equal options[:encryption_server] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc,none,arcfour128,arcfour256", buffer.read_string |