From 2f4da82b29f41a2fbc9669ff4852a8160bb7a6a7 Mon Sep 17 00:00:00 2001
From: Kenny Root <kenny@the-b.org>
Date: Sat, 5 Oct 2013 22:28:37 -0700
Subject: Add diffie-hellman-group-exchange-sha256 support

Support exchanging groups using SHA-256 as specified in RFC 4419

For more information, see https://tools.ietf.org/html/rfc4419

Change-Id: Iee5d29e7113a05cad4714a61321bf86b016624b8
---
 src/com/trilead/ssh2/crypto/KeyMaterial.java        |  9 +--------
 src/com/trilead/ssh2/crypto/dh/DhGroupExchange.java |  6 +++---
 .../trilead/ssh2/crypto/dh/GenericDhExchange.java   |  9 +--------
 .../ssh2/crypto/digest/HashForSSH2Types.java        | 11 +----------
 src/com/trilead/ssh2/transport/KexManager.java      | 21 ++++++++++++++-------
 5 files changed, 20 insertions(+), 36 deletions(-)

(limited to 'src/com/trilead')

diff --git a/src/com/trilead/ssh2/crypto/KeyMaterial.java b/src/com/trilead/ssh2/crypto/KeyMaterial.java
index 499422f..1dbd6c7 100644
--- a/src/com/trilead/ssh2/crypto/KeyMaterial.java
+++ b/src/com/trilead/ssh2/crypto/KeyMaterial.java
@@ -3,8 +3,6 @@ package com.trilead.ssh2.crypto;
 
 
 import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
 
 import com.trilead.ssh2.crypto.digest.HashForSSH2Types;
 
@@ -74,12 +72,7 @@ public class KeyMaterial
 	{
 		KeyMaterial km = new KeyMaterial();
 
-		HashForSSH2Types sh;
-		try {
-			sh = new HashForSSH2Types(MessageDigest.getInstance(hashAlgo));
-		} catch (NoSuchAlgorithmException e) {
-			throw new IllegalArgumentException(e);
-		}
+		HashForSSH2Types sh = new HashForSSH2Types(hashAlgo);
 
 		km.initial_iv_client_to_server = calculateKey(sh, K, H, (byte) 'A', SessionID, blockSizeCS);
 
diff --git a/src/com/trilead/ssh2/crypto/dh/DhGroupExchange.java b/src/com/trilead/ssh2/crypto/dh/DhGroupExchange.java
index 2922284..a888950 100644
--- a/src/com/trilead/ssh2/crypto/dh/DhGroupExchange.java
+++ b/src/com/trilead/ssh2/crypto/dh/DhGroupExchange.java
@@ -87,10 +87,10 @@ public class DhGroupExchange
 		this.k = f.modPow(x, p);
 	}
 
-	public byte[] calculateH(byte[] clientversion, byte[] serverversion, byte[] clientKexPayload,
-			byte[] serverKexPayload, byte[] hostKey, DHGexParameters para)
+	public byte[] calculateH(String hashAlgo, byte[] clientversion, byte[] serverversion,
+			byte[] clientKexPayload, byte[] serverKexPayload, byte[] hostKey, DHGexParameters para)
 	{
-		HashForSSH2Types hash = new HashForSSH2Types("SHA1");
+		HashForSSH2Types hash = new HashForSSH2Types(hashAlgo);
 
 		hash.updateByteString(clientversion);
 		hash.updateByteString(serverversion);
diff --git a/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java b/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java
index d65490a..039ff75 100644
--- a/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java
+++ b/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java
@@ -4,8 +4,6 @@ package com.trilead.ssh2.crypto.dh;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
 
 import com.trilead.ssh2.crypto.digest.HashForSSH2Types;
 import com.trilead.ssh2.log.Logger;
@@ -71,12 +69,7 @@ public abstract class GenericDhExchange
 	public byte[] calculateH(byte[] clientversion, byte[] serverversion, byte[] clientKexPayload,
 			byte[] serverKexPayload, byte[] hostKey) throws UnsupportedEncodingException
 	{
-		HashForSSH2Types hash;
-		try {
-			hash = new HashForSSH2Types(MessageDigest.getInstance(getHashAlgo()));
-		} catch (NoSuchAlgorithmException e) {
-			throw new UnsupportedOperationException(e);
-		}
+		HashForSSH2Types hash = new HashForSSH2Types(getHashAlgo());
 
 		if (log.isEnabled())
 		{
diff --git a/src/com/trilead/ssh2/crypto/digest/HashForSSH2Types.java b/src/com/trilead/ssh2/crypto/digest/HashForSSH2Types.java
index 9127d4e..6b0d6e3 100644
--- a/src/com/trilead/ssh2/crypto/digest/HashForSSH2Types.java
+++ b/src/com/trilead/ssh2/crypto/digest/HashForSSH2Types.java
@@ -16,19 +16,10 @@ public class HashForSSH2Types
 {
 	MessageDigest md;
 
-	public HashForSSH2Types(MessageDigest md)
-	{
-		this.md = md;
-	}
-
 	public HashForSSH2Types(String type)
 	{
 		try {
-			if ("SHA1".equals(type) || "MD5".equals(type)) {
-				md = MessageDigest.getInstance(type);
-			} else {
-				throw new IllegalArgumentException("Unknown algorithm " + type);
-			}
+			md = MessageDigest.getInstance(type);
 		} catch (NoSuchAlgorithmException e) {
 			throw new RuntimeException("Unsupported algorithm " + type);
 		}
diff --git a/src/com/trilead/ssh2/transport/KexManager.java b/src/com/trilead/ssh2/transport/KexManager.java
index 230047e..cd26530 100644
--- a/src/com/trilead/ssh2/transport/KexManager.java
+++ b/src/com/trilead/ssh2/transport/KexManager.java
@@ -61,6 +61,7 @@ public class KexManager
 		KEX_ALGS.add("ecdh-sha2-nistp256");
 		KEX_ALGS.add("ecdh-sha2-nistp384");
 		KEX_ALGS.add("ecdh-sha2-nistp521");
+		KEX_ALGS.add("diffie-hellman-group-exchange-sha256");
 		KEX_ALGS.add("diffie-hellman-group-exchange-sha1");
 		KEX_ALGS.add("diffie-hellman-group14-sha1");
 		KEX_ALGS.add("diffie-hellman-group1-sha1");
@@ -449,20 +450,24 @@ public class KexManager
 				ignore_next_kex_packet = true;
 			}
 
-			if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1"))
+			if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")
+					|| kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256"))
 			{
 				if (kxs.dhgexParameters.getMin_group_len() == 0 || csh.server_versioncomment.matches("OpenSSH_2\\.([0-4]\\.|5\\.[0-2]).*"))
 				{
 					PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters);
 					tm.sendKexMessage(dhgexreq.getPayload());
-
 				}
 				else
 				{
 					PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters);
 					tm.sendKexMessage(dhgexreq.getPayload());
 				}
-				kxs.hashAlgo = "SHA1";
+				if (kxs.np.kex_algo.endsWith("sha1")) {
+					kxs.hashAlgo = "SHA1";
+				} else {
+					kxs.hashAlgo = "SHA-256";
+				}
 				kxs.state = 1;
 				return;
 			}
@@ -538,7 +543,8 @@ public class KexManager
 		if ((kxs == null) || (kxs.state == 0))
 			throw new IOException("Unexpected Kex submessage!");
 
-		if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1"))
+		if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")
+				|| kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256"))
 		{
 			if (kxs.state == 1)
 			{
@@ -579,9 +585,10 @@ public class KexManager
 
 				try
 				{
-					kxs.H = kxs.dhgx.calculateH(csh.getClientString(), csh.getServerString(),
-							kxs.localKEX.getPayload(), kxs.remoteKEX.getPayload(), dhgexrpl.getHostKey(),
-							kxs.dhgexParameters);
+					kxs.H = kxs.dhgx.calculateH(kxs.hashAlgo,
+							csh.getClientString(), csh.getServerString(),
+							kxs.localKEX.getPayload(), kxs.remoteKEX.getPayload(),
+							dhgexrpl.getHostKey(), kxs.dhgexParameters);
 				}
 				catch (IllegalArgumentException e)
 				{
-- 
cgit v1.2.3