add diffie-hellman-group-exchange-sha256 support

6 files changed, 63 insertions, 7 deletions

diff --git a/Manifest b/Manifest
index 650befe..1e7606d 100644
--- a/Manifest
+++ b/Manifest
@@ -59,9 +59,11 @@ lib/net/ssh/transport/hmac/sha2_256_96.rb
 lib/net/ssh/transport/hmac/sha2_512.rb
 lib/net/ssh/transport/hmac/sha2_512_96.rb
 lib/net/ssh/transport/identity_cipher.rb
+lib/net/ssh/transport/key_expander.rb
 lib/net/ssh/transport/kex.rb
 lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb
 lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb
+lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb
 lib/net/ssh/transport/openssl.rb
 lib/net/ssh/transport/packet_stream.rb
 lib/net/ssh/transport/server_version.rb
@@ -104,6 +106,7 @@ test/transport/hmac/test_sha1.rb
 test/transport/hmac/test_sha1_96.rb
 test/transport/kex/test_diffie_hellman_group1_sha1.rb
 test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb
+test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb
 test/transport/test_algorithms.rb
 test/transport/test_cipher_factory.rb
 test/transport/test_hmac.rb
diff --git a/lib/net/ssh/transport/algorithms.rb b/lib/net/ssh/transport/algorithms.rb
index 13af77c..1c0c8ce 100644
--- a/lib/net/ssh/transport/algorithms.rb
+++ b/lib/net/ssh/transport/algorithms.rb
@@ -24,7 +24,8 @@ module Net; module SSH; module Transport
     ALGORITHMS = {
       :host_key    => %w(ssh-rsa ssh-dss),
       :kex         => %w(diffie-hellman-group-exchange-sha1
-                         diffie-hellman-group1-sha1),
+                         diffie-hellman-group1-sha1
+                         diffie-hellman-group-exchange-sha256),
       :encryption  => %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
                          aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
                          idea-cbc none arcfour128 arcfour256),
diff --git a/lib/net/ssh/transport/kex.rb b/lib/net/ssh/transport/kex.rb
index 29123c3..79a46a1 100644
--- a/lib/net/ssh/transport/kex.rb
+++ b/lib/net/ssh/transport/kex.rb
@@ -1,5 +1,6 @@
 require 'net/ssh/transport/kex/diffie_hellman_group1_sha1'
 require 'net/ssh/transport/kex/diffie_hellman_group_exchange_sha1'
+require 'net/ssh/transport/kex/diffie_hellman_group_exchange_sha256'
 
 module Net::SSH::Transport
   module Kex
@@ -7,7 +8,10 @@ module Net::SSH::Transport
     # to their corresponding implementors.
     MAP = {
       'diffie-hellman-group-exchange-sha1' => DiffieHellmanGroupExchangeSHA1,
-      'diffie-hellman-group1-sha1'         => DiffieHellmanGroup1SHA1
+      'diffie-hellman-group1-sha1'         => DiffieHellmanGroup1SHA1,
     }
+    if defined?(DiffieHellmanGroupExchangeSHA256)
+      MAP['diffie-hellman-group-exchange-sha256'] = DiffieHellmanGroupExchangeSHA256
+    end
   end
-end
\ No newline at end of file
+end
diff --git a/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb b/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb
new file mode 100644
index 0000000..656254c
--- /dev/null
+++ b/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb
@@ -0,0 +1,15 @@
+require 'net/ssh/transport/kex/diffie_hellman_group_exchange_sha1'
+
+module Net::SSH::Transport::Kex
+  if defined?(OpenSSL::Digest::SHA256)
+    # A key-exchange service implementing the
+    # "diffie-hellman-group-exchange-sha256" key-exchange algorithm.
+    class DiffieHellmanGroupExchangeSHA256 < DiffieHellmanGroupExchangeSHA1
+      def initialize(*args)
+        super(*args)
+
+        @digester = OpenSSL::Digest::SHA256
+      end
+    end
+  end
+end
diff --git a/test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb b/test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb
new file mode 100644
index 0000000..8c182c1
--- /dev/null
+++ b/test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb
@@ -0,0 +1,33 @@
+require 'common'
+require 'net/ssh/transport/kex/diffie_hellman_group_exchange_sha1'
+
+module Transport; module Kex
+
+  class TestDiffieHellmanGroupExchangeSHA256 < TestDiffieHellmanGroupExchangeSHA1
+    private
+
+      def subject
+        Net::SSH::Transport::Kex::DiffieHellmanGroupExchangeSHA256
+      end
+
+      def session_id
+        @session_id ||= begin
+          buffer = Net::SSH::Buffer.from(:string, packet_data[:client_version_string],
+            :string, packet_data[:server_version_string],
+            :string, packet_data[:client_algorithm_packet],
+            :string, packet_data[:server_algorithm_packet],
+            :string, Net::SSH::Buffer.from(:key, server_key),
+            :long,   1024,
+            :long,   1024,
+            :long,   8192,
+            :bignum, dh.dh.p,
+            :bignum, dh.dh.g,
+            :bignum, dh.dh.pub_key,
+            :bignum, server_dh_pubkey,
+            :bignum, shared_secret)
+          OpenSSL::Digest::SHA256.digest(buffer.to_s)
+        end
+      end
+  end
+
+end; end
diff --git a/test/transport/test_algorithms.rb b/test/transport/test_algorithms.rb
index 68a0035..97c0364 100644
--- a/test/transport/test_algorithms.rb
+++ b/test/transport/test_algorithms.rb
@@ -18,7 +18,7 @@ module Transport
 
     def test_constructor_should_build_default_list_of_preferred_algorithms
       assert_equal %w(ssh-rsa ssh-dss), algorithms[:host_key]
-      assert_equal %w(diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1), algorithms[:kex]
+      assert_equal %w(diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha256), algorithms[:kex]
       assert_equal %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se idea-cbc none arcfour128 arcfour256), algorithms[:encryption]
       if defined?(OpenSSL::Digest::SHA256)
         assert_equal %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96 hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none), algorithms[:hmac]
@@ -50,7 +50,7 @@ module Transport
     end
 
     def test_constructor_with_preferred_kex_should_put_preferred_kex_first
-      assert_equal %w(diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha1), algorithms(:kex => "diffie-hellman-group1-sha1")[:kex]
+      assert_equal %w(diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256), algorithms(:kex => "diffie-hellman-group1-sha1")[:kex]
     end
 
     def test_constructor_with_unrecognized_kex_should_raise_exception
@@ -256,7 +256,7 @@ module Transport
       def kexinit(options={})
         @kexinit ||= P(:byte, KEXINIT,
           :long, rand(0xFFFFFFFF), :long, rand(0xFFFFFFFF), :long, rand(0xFFFFFFFF), :long, rand(0xFFFFFFFF),
-          :string, options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1",
+          :string, options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256",
           :string, options[:host_key] || "ssh-rsa,ssh-dss",
           :string, options[:encryption_client] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc",
           :string, options[:encryption_server] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc",
@@ -272,7 +272,7 @@ module Transport
       def assert_kexinit(buffer, options={})
         assert_equal KEXINIT, buffer.type
         assert_equal 16, buffer.read(16).length
-        assert_equal options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1", buffer.read_string
+        assert_equal options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256", buffer.read_string
         assert_equal options[:host_key] || "ssh-rsa,ssh-dss", buffer.read_string
         assert_equal options[:encryption_client] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc,none,arcfour128,arcfour256", buffer.read_string
         assert_equal options[:encryption_server] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc,none,arcfour128,arcfour256", buffer.read_string