[crypto] add diffie-hellman-group14-sha256 KEX algorithm
319 views
Skip to first unread message
Gerrit Bot (Gerrit)
Feb 25, 2022, 7:40:56 AM2/25/22
to goph...@pubsubhelper.golang.org, Nicola Murino, golang-co...@googlegroups.com
Gerrit Bot has uploaded this change for review.
add diffie-hellman-group14-sha256 KEX algorithm
based on RFC 8268
> The method of key exchange used for the name "diffie-hellman-
group14-sha256" is the same as that for "diffie-hellman-group14-sha1"
except that the SHA256 hash algorithm is used. It is recommended
that "diffie-hellman-group14-sha256" SHOULD be supported to smooth
the transition to newer group sizes.
Change-Id: If7ca43fc2ed504542c9b61e3d0eb87d89578bbd9
GitHub-Last-Rev: d9a05c273f8db3da99c867f6c173fe3ad24fdc80
GitHub-Pull-Request: golang/crypto#206
---
M ssh/common.go
M ssh/kex.go
2 files changed, 46 insertions(+), 15 deletions(-)
diff --git a/ssh/common.go b/ssh/common.go
index 5ae2275..8f75769 100644
--- a/ssh/common.go
+++ b/ssh/common.go
@@ -48,7 +48,7 @@
// P384 and P521 are not constant-time yet, but since we don't
// reuse ephemeral keys, using them for ECDH should be OK.
kexAlgoECDH256, kexAlgoECDH384, kexAlgoECDH521,
- kexAlgoDH14SHA1, kexAlgoDH1SHA1,
+ kexAlgoDH14SHA256, kexAlgoDH14SHA1, kexAlgoDH1SHA1,
}
// serverForbiddenKexAlgos contains key exchange algorithms, that are forbidden
@@ -63,7 +63,7 @@
var preferredKexAlgos = []string{
kexAlgoCurve25519SHA256,
kexAlgoECDH256, kexAlgoECDH384, kexAlgoECDH521,
- kexAlgoDH14SHA1,
+ kexAlgoDH14SHA256, kexAlgoDH14SHA1,
}
// supportedHostKeyAlgos specifies the supported host-key algorithms (i.e. methods
diff --git a/ssh/kex.go b/ssh/kex.go
index 766e929..7cbc60d 100644
--- a/ssh/kex.go
+++ b/ssh/kex.go
@@ -22,6 +22,7 @@
const (
kexAlgoDH1SHA1 = "diffie-hellman-group1-sha1"
kexAlgoDH14SHA1 = "diffie-hellman-group14-sha1"
+ kexAlgoDH14SHA256 = "diffie-hellman-group14-sha256"
kexAlgoECDH256 = "ecdh-sha2-nistp256"
kexAlgoECDH384 = "ecdh-sha2-nistp384"
kexAlgoECDH521 = "ecdh-sha2-nistp521"
@@ -86,6 +87,7 @@
// dhGroup is a multiplicative group suitable for implementing Diffie-Hellman key agreement.
type dhGroup struct {
g, p, pMinus1 *big.Int
+ hashFunc crypto.Hash
}
func (group *dhGroup) diffieHellman(theirPublic, myPrivate *big.Int) (*big.Int, error) {
@@ -96,8 +98,6 @@
}
func (group *dhGroup) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) {
- hashFunc := crypto.SHA1
-
var x *big.Int
for {
var err error
@@ -132,7 +132,7 @@
return nil, err
}
- h := hashFunc.New()
+ h := group.hashFunc.New()
magics.write(h)
writeString(h, kexDHReply.HostKey)
writeInt(h, X)
@@ -146,12 +146,11 @@
K: K,
HostKey: kexDHReply.HostKey,
Signature: kexDHReply.Signature,
- Hash: crypto.SHA1,
+ Hash: group.hashFunc,
}, nil
}
func (group *dhGroup) Server(c packetConn, randSource io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) {
- hashFunc := crypto.SHA1
packet, err := c.readPacket()
if err != nil {
return
@@ -179,7 +178,7 @@
hostKeyBytes := priv.PublicKey().Marshal()
- h := hashFunc.New()
+ h := group.hashFunc.New()
magics.write(h)
writeString(h, hostKeyBytes)
writeInt(h, kexDHInit.X)
@@ -211,7 +210,7 @@
K: K,
HostKey: hostKeyBytes,
Signature: sig,
- Hash: crypto.SHA1,
+ Hash: group.hashFunc,
}, err
}
@@ -391,9 +390,10 @@
// 4253 and Oakley Group 2 in RFC 2409.
p, _ := new(big.Int).SetString("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF", 16)
kexAlgoMap[kexAlgoDH1SHA1] = &dhGroup{
- g: new(big.Int).SetInt64(2),
- p: p,
- pMinus1: new(big.Int).Sub(p, bigOne),
+ g: new(big.Int).SetInt64(2),
+ p: p,
+ pMinus1: new(big.Int).Sub(p, bigOne),
+ hashFunc: crypto.SHA1,
}
// This is the group called diffie-hellman-group14-sha1 in RFC
@@ -401,9 +401,21 @@
p, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF", 16)
kexAlgoMap[kexAlgoDH14SHA1] = &dhGroup{
- g: new(big.Int).SetInt64(2),
- p: p,
- pMinus1: new(big.Int).Sub(p, bigOne),
+ g: new(big.Int).SetInt64(2),
+ p: p,
+ pMinus1: new(big.Int).Sub(p, bigOne),
+ hashFunc: crypto.SHA1,
+ }
+
+ // This is the group called diffie-hellman-group14-sha256 in RFC
+ // 8268 (that updates RFC 4253) and Oakley Group 14 in RFC 3526.
+ p, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF", 16)
+
+ kexAlgoMap[kexAlgoDH14SHA256] = &dhGroup{
+ g: new(big.Int).SetInt64(2),
+ p: p,
+ pMinus1: new(big.Int).Sub(p, bigOne),
+ hashFunc: crypto.SHA256,
}
kexAlgoMap[kexAlgoECDH521] = &ecdh{elliptic.P521()}
To view, visit change 387994. To unsubscribe, or for help writing mail filters, visit settings.
Gerrit Bot (Gerrit)
Feb 26, 2022, 8:08:10 AM2/26/22
to Nicola Murino, goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com
Attention is currently required from: Filippo Valsorda.
Gerrit Bot uploaded patch set #2 to this change.
add diffie-hellman-group14-sha256 KEX algorithm
based on RFC 8268
> The method of key exchange used for the name "diffie-hellman-
group14-sha256" is the same as that for "diffie-hellman-group14-sha1"
except that the SHA256 hash algorithm is used. It is recommended
that "diffie-hellman-group14-sha256" SHOULD be supported to smooth
the transition to newer group sizes.
Change-Id: If7ca43fc2ed504542c9b61e3d0eb87d89578bbd9
GitHub-Last-Rev: 2cfadf693e729b1bbb492e1ab92eb0f725f587d8
GitHub-Pull-Request: golang/crypto#206
---
M ssh/common.go
M ssh/kex.go
2 files changed, 70 insertions(+), 13 deletions(-)
To view, visit change 387994. To unsubscribe, or for help writing mail filters, visit settings.
Filippo Valsorda (Gerrit)
Mar 14, 2022, 6:27:07 PM3/14/22
to Gerrit Bot, Nicola Murino, goph...@pubsubhelper.golang.org, Filippo Valsorda, Adam Langley, Katie Hockman, Roland Shoemaker, Gopher Robot, golang-co...@googlegroups.com
Filippo Valsorda abandoned this change.
Abandoned
Superseded by CL 392014
To view, visit change 387994. To unsubscribe, or for help writing mail filters, visit settings.
Reply all
Reply to author
Forward
0 new messages