diff options
author | Hans Nilsson <[email protected]> | 2015-07-02 12:49:17 +0200 |
---|---|---|
committer | Hans Nilsson <[email protected]> | 2015-08-03 13:40:23 +0200 |
commit | 2a9f5054f89ca02c1a35dcb96c3ad747663afd51 (patch) | |
tree | 696d93fc92b79e0c8ea34ad84479a2a791591083 | |
parent | 67e156b0472b06a04fd5b1b8ab830efc22e4466d (diff) | |
download | otp-2a9f5054f89ca02c1a35dcb96c3ad747663afd51.tar.gz otp-2a9f5054f89ca02c1a35dcb96c3ad747663afd51.tar.bz2 otp-2a9f5054f89ca02c1a35dcb96c3ad747663afd51.zip |
ssh: Add experimental 'diffie-hellman-group-exchange-sha256 support
DO NOT USE IN PRODUCTION!!!
It is not enabled by default, but may be enabled with the option
{preferred_algorithms, [{kex, ['diffie-hellman-group-exchange-sha256']}]}
-rw-r--r-- | lib/ssh/src/ssh_transport.erl | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index ce0762bf96..a0714ac97c 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -67,7 +67,10 @@ default_algorithms(compression) -> %% Do not announce '[email protected]' because there seem to be problems supported_algorithms(compression, same(['[email protected]'])); default_algorithms(kex) -> - supported_algorithms(kex, ['diffie-hellman-group-exchange-sha1']); + %% Do not announce the experimental 'diffie-hellman-group-exchange-sha*' yet + supported_algorithms(kex, ['diffie-hellman-group-exchange-sha1', + 'diffie-hellman-group-exchange-sha256' + ]); default_algorithms(Alg) -> supported_algorithms(Alg). @@ -76,7 +79,9 @@ supported_algorithms() -> [{K,supported_algorithms(K)} || K <- algo_classes()]. supported_algorithms(kex) -> ['diffie-hellman-group1-sha1', - 'diffie-hellman-group-exchange-sha1']; + 'diffie-hellman-group-exchange-sha1', + 'diffie-hellman-group-exchange-sha256' + ]; supported_algorithms(public_key) -> ssh_auth:default_public_key_algorithms(); supported_algorithms(cipher) -> @@ -283,6 +288,7 @@ verify_algorithm(#alg{decompress = undefined}) -> false; verify_algorithm(#alg{kex = 'diffie-hellman-group1-sha1'}) -> true; verify_algorithm(#alg{kex = 'diffie-hellman-group-exchange-sha1'}) -> true; +verify_algorithm(#alg{kex = 'diffie-hellman-group-exchange-sha256'}) -> true; verify_algorithm(_) -> false. %%%---------------------------------------------------------------- @@ -297,7 +303,8 @@ key_exchange_first_msg('diffie-hellman-group1-sha1', Ssh0) -> {ok, SshPacket, Ssh1#ssh{keyex_key = {{Private, Public}, {G, P}}}}; -key_exchange_first_msg('diffie-hellman-group-exchange-sha1', Ssh0) -> +key_exchange_first_msg(Kex, Ssh0) when Kex == 'diffie-hellman-group-exchange-sha1' ; + Kex == 'diffie-hellman-group-exchange-sha256' -> Min = ?DEFAULT_DH_GROUP_MIN, NBits = ?DEFAULT_DH_GROUP_NBITS, Max = ?DEFAULT_DH_GROUP_MAX, @@ -1109,6 +1116,8 @@ hash(SSH, Char, Bits) -> fun(Data) -> crypto:hash(sha, Data) end; 'diffie-hellman-group-exchange-sha1' -> fun(Data) -> crypto:hash(sha, Data) end; + 'diffie-hellman-group-exchange-sha256' -> + fun(Data) -> crypto:hash(sha256, Data) end; _ -> exit({bad_algorithm,SSH#ssh.kex}) end, @@ -1158,8 +1167,11 @@ kex_h(SSH, Key, Min, NBits, Max, Prime, Gen, E, F, K) -> ssh_message:encode_host_key(Key), Min, NBits, Max, Prime, Gen, E,F,K], Ts) end, - crypto:hash(sha,L). + crypto:hash(sha((SSH#ssh.algorithms)#alg.kex), L). +sha('diffie-hellman-group-exchange-sha1') -> sha; +sha('diffie-hellman-group-exchange-sha256') -> sha256. + mac_key_size('hmac-sha1') -> 20*8; mac_key_size('hmac-sha1-96') -> 20*8; mac_key_size('hmac-md5') -> 16*8; |