Created
April 5, 2017 21:02
-
-
Save mspaulding06/343fabbef52ce1fd927157a464add38b to your computer and use it in GitHub Desktop.
diffie-hellman-group-exchange-sha256 support for golang crypto
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/vendor/golang.org/x/crypto/ssh/common.go b/vendor/golang.org/x/crypto/ssh/common.go | |
index dc39e4d..700fc5c 100644 | |
--- a/vendor/golang.org/x/crypto/ssh/common.go | |
+++ b/vendor/golang.org/x/crypto/ssh/common.go | |
@@ -39,6 +39,7 @@ var supportedKexAlgos = []string{ | |
// reuse ephemeral keys, using them for ECDH should be OK. | |
kexAlgoECDH256, kexAlgoECDH384, kexAlgoECDH521, | |
kexAlgoDH14SHA1, kexAlgoDH1SHA1, | |
+ kexAlgoDHGexSHA1, kexAlgoDHGexSHA256, | |
} | |
// supportedHostKeyAlgos specifies the supported host-key algorithms (i.e. methods | |
diff --git a/vendor/golang.org/x/crypto/ssh/kex.go b/vendor/golang.org/x/crypto/ssh/kex.go | |
index c87fbeb..8d6d1c6 100644 | |
--- a/vendor/golang.org/x/crypto/ssh/kex.go | |
+++ b/vendor/golang.org/x/crypto/ssh/kex.go | |
@@ -11,6 +11,7 @@ import ( | |
"crypto/rand" | |
"crypto/subtle" | |
"errors" | |
+ "fmt" | |
"io" | |
"math/big" | |
@@ -20,12 +21,25 @@ import ( | |
const ( | |
kexAlgoDH1SHA1 = "diffie-hellman-group1-sha1" | |
kexAlgoDH14SHA1 = "diffie-hellman-group14-sha1" | |
+ kexAlgoDHGexSHA1 = "diffie-hellman-group-exchange-sha1" | |
+ kexAlgoDHGexSHA256 = "diffie-hellman-group-exchange-sha256" | |
kexAlgoECDH256 = "ecdh-sha2-nistp256" | |
kexAlgoECDH384 = "ecdh-sha2-nistp384" | |
kexAlgoECDH521 = "ecdh-sha2-nistp521" | |
kexAlgoCurve25519SHA256 = "curve25519-sha256@libssh.org" | |
) | |
+var kexAlgoMap = map[string]kexAlgorithm{ | |
+ kexAlgoDH1SHA1: &dhGroupKexAlgo{group: &dhGroup1, hash: crypto.SHA1}, | |
+ kexAlgoDH14SHA1: &dhGroupKexAlgo{group: &dhGroup14, hash: crypto.SHA1}, | |
+ kexAlgoDHGexSHA1: &dhGroupExchangeKexAlgo{hash: crypto.SHA1}, | |
+ kexAlgoDHGexSHA256: &dhGroupExchangeKexAlgo{hash: crypto.SHA256}, | |
+ kexAlgoECDH256: &ecdh{elliptic.P256()}, | |
+ kexAlgoECDH384: &ecdh{elliptic.P384()}, | |
+ kexAlgoECDH521: &ecdh{elliptic.P521()}, | |
+ kexAlgoCurve25519SHA256: &curve25519sha256{}, | |
+} | |
+ | |
// kexResult captures the outcome of a key exchange. | |
type kexResult struct { | |
// Session hash. See also RFC 4253, section 8. | |
@@ -77,31 +91,52 @@ type kexAlgorithm interface { | |
// dhGroup is a multiplicative group suitable for implementing Diffie-Hellman key agreement. | |
type dhGroup struct { | |
- g, p, pMinus1 *big.Int | |
+ g, p *big.Int | |
} | |
func (group *dhGroup) diffieHellman(theirPublic, myPrivate *big.Int) (*big.Int, error) { | |
- if theirPublic.Cmp(bigOne) <= 0 || theirPublic.Cmp(group.pMinus1) >= 0 { | |
+ if theirPublic.Cmp(bigOne) <= 0 || theirPublic.Cmp(group.p) >= 0 { | |
return nil, errors.New("ssh: DH parameter out of bounds") | |
} | |
return new(big.Int).Exp(theirPublic, myPrivate, group.p), nil | |
} | |
-func (group *dhGroup) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) { | |
- hashFunc := crypto.SHA1 | |
- | |
+// func (group *dhGroup) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) { | |
+func (group *dhGroup) keyPair(randSource io.Reader) (public, private *big.Int, err error) { | |
var x *big.Int | |
for { | |
var err error | |
- if x, err = rand.Int(randSource, group.pMinus1); err != nil { | |
- return nil, err | |
+ if x, err = rand.Int(randSource, group.p); err != nil { | |
+ return nil, nil, err | |
} | |
if x.Sign() > 0 { | |
break | |
} | |
} | |
+ if err != nil { | |
+ return nil, nil, err | |
+ } | |
X := new(big.Int).Exp(group.g, x, group.p) | |
+ return X, x, nil | |
+} | |
+ | |
+func (group *dhGroup) bits() int { | |
+ return group.p.BitLen() | |
+} | |
+ | |
+// dhGroupKexAlgo is a key exchange algorithm using a particular MODP group and hash | |
+type dhGroupKexAlgo struct { | |
+ group *dhGroup | |
+ hash crypto.Hash | |
+} | |
+ | |
+func (algo *dhGroupKexAlgo) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) { | |
+ X, x, err := algo.group.keyPair(randSource) | |
+ if err != nil { | |
+ return nil, err | |
+ } | |
+ | |
kexDHInit := kexDHInitMsg{ | |
X: X, | |
} | |
@@ -119,12 +154,12 @@ func (group *dhGroup) Client(c packetConn, randSource io.Reader, magics *handsha | |
return nil, err | |
} | |
- kInt, err := group.diffieHellman(kexDHReply.Y, x) | |
+ kInt, err := algo.group.diffieHellman(kexDHReply.Y, x) | |
if err != nil { | |
return nil, err | |
} | |
- h := hashFunc.New() | |
+ h := algo.hash.New() | |
magics.write(h) | |
writeString(h, kexDHReply.HostKey) | |
writeInt(h, X) | |
@@ -138,12 +173,11 @@ func (group *dhGroup) Client(c packetConn, randSource io.Reader, magics *handsha | |
K: K, | |
HostKey: kexDHReply.HostKey, | |
Signature: kexDHReply.Signature, | |
- Hash: crypto.SHA1, | |
+ Hash: algo.hash, | |
}, nil | |
} | |
-func (group *dhGroup) Server(c packetConn, randSource io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) { | |
- hashFunc := crypto.SHA1 | |
+func (algo *dhGroupKexAlgo) Server(c packetConn, randSource io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) { | |
packet, err := c.readPacket() | |
if err != nil { | |
return | |
@@ -153,25 +187,19 @@ func (group *dhGroup) Server(c packetConn, randSource io.Reader, magics *handsha | |
return | |
} | |
- var y *big.Int | |
- for { | |
- if y, err = rand.Int(randSource, group.pMinus1); err != nil { | |
- return | |
- } | |
- if y.Sign() > 0 { | |
- break | |
- } | |
+ Y, y, err := algo.group.keyPair(randSource) | |
+ if err != nil { | |
+ return nil, err | |
} | |
- Y := new(big.Int).Exp(group.g, y, group.p) | |
- kInt, err := group.diffieHellman(kexDHInit.X, y) | |
+ kInt, err := algo.group.diffieHellman(kexDHInit.X, y) | |
if err != nil { | |
return nil, err | |
} | |
hostKeyBytes := priv.PublicKey().Marshal() | |
- h := hashFunc.New() | |
+ h := algo.hash.New() | |
magics.write(h) | |
writeString(h, hostKeyBytes) | |
writeInt(h, kexDHInit.X) | |
@@ -203,7 +231,7 @@ func (group *dhGroup) Server(c packetConn, randSource io.Reader, magics *handsha | |
K: K, | |
HostKey: hostKeyBytes, | |
Signature: sig, | |
- Hash: crypto.SHA1, | |
+ Hash: algo.hash, | |
}, nil | |
} | |
@@ -264,6 +292,253 @@ func (kex *ecdh) Client(c packetConn, rand io.Reader, magics *handshakeMagics) ( | |
}, nil | |
} | |
+func mustParseBigIntHex(h string) *big.Int { | |
+ p, ok := new(big.Int).SetString(h, 16) | |
+ if !ok { | |
+ panic(fmt.Errorf("not a hex string: %q", h)) | |
+ } | |
+ return p | |
+} | |
+ | |
+var ( | |
+ two = new(big.Int).SetInt64(2) | |
+ | |
+ // 1024-bit MODP group - Oakley Group 2 in RFC 2409. | |
+ // It's used in diffie-hellman-group1-sha1 in RFC 4253. | |
+ dhGroup1 = dhGroup{ | |
+ g: two, | |
+ p: mustParseBigIntHex("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF"), | |
+ } | |
+ | |
+ // 2048-bit MODP group - Group 14 in RFC 3526. | |
+ // It's used in diffie-hellman-group14-sha1 in RFC 4253. | |
+ dhGroup14 = dhGroup{ | |
+ g: two, | |
+ p: mustParseBigIntHex("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF"), | |
+ } | |
+ | |
+ // 4096-bit MODP group - Group 16 in RFC 3526. | |
+ dhGroup16 = dhGroup{ | |
+ g: two, | |
+ p: mustParseBigIntHex("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF"), | |
+ } | |
+ | |
+ // 8192-bit MODP group - Group 18 in RFC 3526. | |
+ dhGroup18 = dhGroup{ | |
+ g: two, | |
+ p: mustParseBigIntHex("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF"), | |
+ } | |
+) | |
+ | |
+type dhGroupExchangeKexAlgo struct { | |
+ hash crypto.Hash | |
+} | |
+ | |
+const ( | |
+ dhGroupMinimumBits = 2048 | |
+ dhGroupPreferredBits = 2048 | |
+ dhGroupMaximumBits = 8192 | |
+) | |
+ | |
+func (algo *dhGroupExchangeKexAlgo) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) { | |
+ request := kexDHGexRequestMsg{ | |
+ Min: dhGroupMinimumBits, | |
+ N: dhGroupPreferredBits, | |
+ Max: dhGroupMaximumBits, | |
+ } | |
+ serialized := Marshal(&request) | |
+ if err := c.writePacket(serialized); err != nil { | |
+ return nil, err | |
+ } | |
+ | |
+ packet, err := c.readPacket() | |
+ if err != nil { | |
+ return nil, err | |
+ } | |
+ | |
+ var groupMsg kexDHGexGroupMsg | |
+ if err = Unmarshal(packet, &groupMsg); err != nil { | |
+ return nil, err | |
+ } | |
+ | |
+ group := &dhGroup{ | |
+ p: groupMsg.P, | |
+ g: groupMsg.G, | |
+ } | |
+ | |
+ bits := uint32(group.bits()) | |
+ if bits < request.Min || bits > request.Max { | |
+ return nil, errors.New("ssh: DH group out of range") | |
+ } | |
+ X, x, err := group.keyPair(randSource) | |
+ if err != nil { | |
+ return nil, err | |
+ } | |
+ init := kexDHGexInitMsg{ | |
+ X: X, | |
+ } | |
+ if err := c.writePacket(Marshal(&init)); err != nil { | |
+ return nil, err | |
+ } | |
+ | |
+ packet, err = c.readPacket() | |
+ if err != nil { | |
+ return nil, err | |
+ } | |
+ | |
+ var reply kexDHGexReplyMsg | |
+ if err = Unmarshal(packet, &reply); err != nil { | |
+ return nil, err | |
+ } | |
+ | |
+ kInt, err := group.diffieHellman(reply.Y, x) | |
+ if err != nil { | |
+ return nil, err | |
+ } | |
+ | |
+ h := algo.hash.New() | |
+ magics.write(h) | |
+ writeString(h, reply.HostKey) | |
+ var int32Buf = make([]byte, 4) | |
+ marshalUint32(int32Buf, request.Min) | |
+ h.Write(int32Buf) | |
+ marshalUint32(int32Buf, request.N) | |
+ h.Write(int32Buf) | |
+ marshalUint32(int32Buf, request.Max) | |
+ h.Write(int32Buf) | |
+ writeInt(h, group.p) | |
+ writeInt(h, group.g) | |
+ writeInt(h, X) | |
+ writeInt(h, reply.Y) | |
+ | |
+ K := make([]byte, intLength(kInt)) | |
+ marshalInt(K, kInt) | |
+ h.Write(K) | |
+ | |
+ return &kexResult{ | |
+ H: h.Sum(nil), | |
+ K: K, | |
+ HostKey: reply.HostKey, | |
+ Signature: reply.Signature, | |
+ Hash: algo.hash, | |
+ }, nil | |
+} | |
+ | |
+func chooseDHGroup(min, n, max uint32) (*dhGroup, error) { | |
+ if n < dhGroupMinimumBits { | |
+ n = dhGroupMinimumBits | |
+ } else if n > dhGroupMaximumBits { | |
+ n = dhGroupMaximumBits | |
+ } | |
+ if n < min || n > max { | |
+ return nil, errors.New("ssh: DH group out of range") | |
+ } | |
+ // For now we only use the constant groups from the RFCs | |
+ // TODO: Use the moduli file /etc/ssh/moduli if it exists. | |
+ for _, group := range []*dhGroup{&dhGroup14, &dhGroup16, &dhGroup18} { | |
+ if n <= uint32(group.bits()) { | |
+ return group, nil | |
+ } | |
+ } | |
+ // We should never get here as long as dhGroupMaximumBits <= dhGroup18.bits(), which it is. | |
+ panic("NOTREACHED") | |
+} | |
+ | |
+func (algo *dhGroupExchangeKexAlgo) Server(c packetConn, randSource io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) { | |
+ packet, err := c.readPacket() | |
+ if err != nil { | |
+ return nil, err | |
+ } | |
+ | |
+ var request kexDHGexRequestMsg | |
+ if err = Unmarshal(packet, &request); err != nil { | |
+ return nil, err | |
+ } | |
+ | |
+ group, err := chooseDHGroup(request.Min, request.N, request.Max) | |
+ if err != nil { | |
+ return nil, err | |
+ } | |
+ | |
+ groupMsg := kexDHGexGroupMsg{ | |
+ P: group.p, | |
+ G: group.g, | |
+ } | |
+ | |
+ serialized := Marshal(&groupMsg) | |
+ if err := c.writePacket(serialized); err != nil { | |
+ return nil, err | |
+ } | |
+ | |
+ packet, err = c.readPacket() | |
+ if err != nil { | |
+ return | |
+ } | |
+ var init kexDHGexInitMsg | |
+ if err = Unmarshal(packet, &init); err != nil { | |
+ return | |
+ } | |
+ | |
+ Y, y, err := group.keyPair(randSource) | |
+ if err != nil { | |
+ return nil, err | |
+ } | |
+ kInt, err := group.diffieHellman(init.X, y) | |
+ if err != nil { | |
+ return nil, err | |
+ } | |
+ | |
+ hostKeyBytes := priv.PublicKey().Marshal() | |
+ | |
+ h := algo.hash.New() | |
+ magics.write(h) | |
+ writeString(h, hostKeyBytes) | |
+ var int32Buf = make([]byte, 4) | |
+ marshalUint32(int32Buf, request.Min) | |
+ h.Write(int32Buf) | |
+ marshalUint32(int32Buf, request.N) | |
+ h.Write(int32Buf) | |
+ marshalUint32(int32Buf, request.Max) | |
+ h.Write(int32Buf) | |
+ writeInt(h, group.p) | |
+ writeInt(h, group.g) | |
+ writeInt(h, init.X) | |
+ writeInt(h, Y) | |
+ | |
+ K := make([]byte, intLength(kInt)) | |
+ marshalInt(K, kInt) | |
+ h.Write(K) | |
+ | |
+ H := h.Sum(nil) | |
+ | |
+ // H is already a hash, but the hostkey signing will apply its | |
+ // own key-specific hash algorithm. | |
+ sig, err := signAndMarshal(priv, randSource, H) | |
+ if err != nil { | |
+ return nil, err | |
+ } | |
+ | |
+ reply := kexDHGexReplyMsg{ | |
+ HostKey: hostKeyBytes, | |
+ Y: Y, | |
+ Signature: sig, | |
+ } | |
+ packet = Marshal(&reply) | |
+ | |
+ err = c.writePacket(packet) | |
+ if err != nil { | |
+ return nil, err | |
+ } | |
+ | |
+ return &kexResult{ | |
+ H: H, | |
+ K: K, | |
+ HostKey: hostKeyBytes, | |
+ Signature: sig, | |
+ Hash: algo.hash, | |
+ }, nil | |
+} | |
+ | |
// unmarshalECKey parses and checks an EC key. | |
func unmarshalECKey(curve elliptic.Curve, pubkey []byte) (x, y *big.Int, err error) { | |
x, y = elliptic.Unmarshal(curve, pubkey) | |
@@ -376,34 +651,6 @@ func (kex *ecdh) Server(c packetConn, rand io.Reader, magics *handshakeMagics, p | |
}, nil | |
} | |
-var kexAlgoMap = map[string]kexAlgorithm{} | |
- | |
-func init() { | |
- // This is the group called diffie-hellman-group1-sha1 in RFC | |
- // 4253 and Oakley Group 2 in RFC 2409. | |
- p, _ := new(big.Int).SetString("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF", 16) | |
- kexAlgoMap[kexAlgoDH1SHA1] = &dhGroup{ | |
- g: new(big.Int).SetInt64(2), | |
- p: p, | |
- pMinus1: new(big.Int).Sub(p, bigOne), | |
- } | |
- | |
- // This is the group called diffie-hellman-group14-sha1 in RFC | |
- // 4253 and Oakley Group 14 in RFC 3526. | |
- p, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF", 16) | |
- | |
- kexAlgoMap[kexAlgoDH14SHA1] = &dhGroup{ | |
- g: new(big.Int).SetInt64(2), | |
- p: p, | |
- pMinus1: new(big.Int).Sub(p, bigOne), | |
- } | |
- | |
- kexAlgoMap[kexAlgoECDH521] = &ecdh{elliptic.P521()} | |
- kexAlgoMap[kexAlgoECDH384] = &ecdh{elliptic.P384()} | |
- kexAlgoMap[kexAlgoECDH256] = &ecdh{elliptic.P256()} | |
- kexAlgoMap[kexAlgoCurve25519SHA256] = &curve25519sha256{} | |
-} | |
- | |
// curve25519sha256 implements the curve25519-sha256@libssh.org key | |
// agreement protocol, as described in | |
// https://git.libssh.org/projects/libssh.git/tree/doc/curve25519-sha256@libssh.org.txt | |
diff --git a/vendor/golang.org/x/crypto/ssh/messages.go b/vendor/golang.org/x/crypto/ssh/messages.go | |
index e6ecd3a..26b5496 100644 | |
--- a/vendor/golang.org/x/crypto/ssh/messages.go | |
+++ b/vendor/golang.org/x/crypto/ssh/messages.go | |
@@ -73,12 +73,33 @@ type kexInitMsg struct { | |
// See RFC 4253, section 8. | |
// Diffie-Helman | |
+const msgKexDHGexRequest = 34 | |
+ | |
+type kexDHGexRequestMsg struct { | |
+ Min uint32 `sshtype:"34"` | |
+ N uint32 | |
+ Max uint32 | |
+} | |
+ | |
+const msgKexDHGexGroup = 31 | |
+ | |
+type kexDHGexGroupMsg struct { | |
+ P *big.Int `sshtype:"31"` | |
+ G *big.Int | |
+} | |
+ | |
const msgKexDHInit = 30 | |
type kexDHInitMsg struct { | |
X *big.Int `sshtype:"30"` | |
} | |
+const msgKexDHGexInit = 32 | |
+ | |
+type kexDHGexInitMsg struct { | |
+ X *big.Int `sshtype:"32"` | |
+} | |
+ | |
const msgKexECDHInit = 30 | |
type kexECDHInitMsg struct { | |
@@ -101,6 +122,14 @@ type kexDHReplyMsg struct { | |
Signature []byte | |
} | |
+const msgKexDHGexReply = 33 | |
+ | |
+type kexDHGexReplyMsg struct { | |
+ HostKey []byte `sshtype:"33"` | |
+ Y *big.Int | |
+ Signature []byte | |
+} | |
+ | |
// See RFC 4253, section 10. | |
const msgServiceRequest = 5 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Ported from here: https://go-review.googlesource.com/c/29758