Merge branch 'arekinath/ssh/aes-ctr' into maint

* arekinath/ssh/aes-ctr: ssh: check if ssh client supports newer cipher- and MAC-algorithms SSH: only enable ciphers/MACs when they are available in crypto SSH: add ssh_to_openssh test for ciphers and macs SSH: documentation update for new algos SSH: add support for aes128-ctr and hmac-sha2-256
author: Marcus Arendt <[email protected]> 2014-09-03 10:14:56 +0200
committer: Marcus Arendt <[email protected]> 2014-09-03 10:14:56 +0200
commit: 8ad5bd0ef8143f5ac32bd2df11d59a20e7eb0527 (patch)
tree: d01f65439f9074afc57818f1c1aacfc323d91b04 /lib/ssh/src
parent: ab526c6500c61d03e632fefcac9f46c08c150556 (diff)
parent: e3a947d06915bde9d11e80b9d6f4e31460a3cf51 (diff)
download: otp-8ad5bd0ef8143f5ac32bd2df11d59a20e7eb0527.tar.gz
otp-8ad5bd0ef8143f5ac32bd2df11d59a20e7eb0527.tar.bz2
otp-8ad5bd0ef8143f5ac32bd2df11d59a20e7eb0527.zip
1 files changed, 67 insertions, 13 deletions
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 27723dc870..ea05c849b7 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -113,15 +113,28 @@ key_init(client, Ssh, Value) ->
 key_init(server, Ssh, Value) ->
     Ssh#ssh{s_keyinit = Value}.
 
+available_ssh_algos() ->
+    Supports = crypto:supports(),
+    CipherAlgos = [{aes_ctr, "aes128-ctr"}, {aes_cbc128, "aes128-cbc"}, {des3_cbc, "3des-cbc"}],
+    Ciphers = [SshAlgo ||
+	{CryptoAlgo, SshAlgo} <- CipherAlgos,
+	lists:member(CryptoAlgo, proplists:get_value(ciphers, Supports, []))],
+    HashAlgos = [{sha256, "hmac-sha2-256"}, {sha, "hmac-sha1"}],
+    Hashs = [SshAlgo ||
+	{CryptoAlgo, SshAlgo} <- HashAlgos,
+	lists:member(CryptoAlgo, proplists:get_value(hashs, Supports, []))],
+    {Ciphers, Hashs}.
+
 kexinit_messsage(client, Random, Compression, HostKeyAlgs) ->
+    {CipherAlgs, HashAlgs} = available_ssh_algos(),
     #ssh_msg_kexinit{ 
 		  cookie = Random,
 		  kex_algorithms = ["diffie-hellman-group1-sha1"],
 		  server_host_key_algorithms = HostKeyAlgs,
-		  encryption_algorithms_client_to_server = ["aes128-cbc","3des-cbc"],
-		  encryption_algorithms_server_to_client = ["aes128-cbc","3des-cbc"],
-		  mac_algorithms_client_to_server = ["hmac-sha1"],
-		  mac_algorithms_server_to_client = ["hmac-sha1"],
+		  encryption_algorithms_client_to_server = CipherAlgs,
+		  encryption_algorithms_server_to_client = CipherAlgs,
+		  mac_algorithms_client_to_server = HashAlgs,
+		  mac_algorithms_server_to_client = HashAlgs,
 		  compression_algorithms_client_to_server = Compression,
 		  compression_algorithms_server_to_client = Compression,
 		  languages_client_to_server = [],
@@ -129,14 +142,15 @@ kexinit_messsage(client, Random, Compression, HostKeyAlgs) ->
 		 };
 
 kexinit_messsage(server, Random, Compression, HostKeyAlgs) ->
+    {CipherAlgs, HashAlgs} = available_ssh_algos(),
     #ssh_msg_kexinit{
 		  cookie = Random,
 		  kex_algorithms = ["diffie-hellman-group1-sha1"],
 		  server_host_key_algorithms = HostKeyAlgs,
-		  encryption_algorithms_client_to_server = ["aes128-cbc","3des-cbc"],
-		  encryption_algorithms_server_to_client = ["aes128-cbc","3des-cbc"],
-		  mac_algorithms_client_to_server = ["hmac-sha1"],
-		  mac_algorithms_server_to_client = ["hmac-sha1"],
+		  encryption_algorithms_client_to_server = CipherAlgs,
+		  encryption_algorithms_server_to_client = CipherAlgs,
+		  mac_algorithms_client_to_server = HashAlgs,
+		  mac_algorithms_server_to_client = HashAlgs,
 		  compression_algorithms_client_to_server = Compression,
 		  compression_algorithms_server_to_client = Compression,
 		  languages_client_to_server = [],
@@ -636,7 +650,21 @@ encrypt_init(#ssh{encrypt = 'aes128-cbc', role = server} = Ssh) ->
     <<K:16/binary>> = hash(Ssh, "D", 128),
     {ok, Ssh#ssh{encrypt_keys = K,
 		 encrypt_block_size = 16,
-                 encrypt_ctx = IV}}.
+                 encrypt_ctx = IV}};
+encrypt_init(#ssh{encrypt = 'aes128-ctr', role = client} = Ssh) ->
+	IV = hash(Ssh, "A", 128),
+    <<K:16/binary>> = hash(Ssh, "C", 128),
+    State = crypto:stream_init(aes_ctr, K, IV),
+    {ok, Ssh#ssh{encrypt_keys = K,
+		 encrypt_block_size = 16,
+                 encrypt_ctx = State}};
+encrypt_init(#ssh{encrypt = 'aes128-ctr', role = server} = Ssh) ->
+	IV = hash(Ssh, "B", 128),
+    <<K:16/binary>> = hash(Ssh, "D", 128),
+    State = crypto:stream_init(aes_ctr, K, IV),
+    {ok, Ssh#ssh{encrypt_keys = K,
+		 encrypt_block_size = 16,
+                 encrypt_ctx = State}}.
 
 encrypt_final(Ssh) ->
     {ok, Ssh#ssh{encrypt = none, 
@@ -658,7 +686,11 @@ encrypt(#ssh{encrypt = 'aes128-cbc',
             encrypt_ctx = IV0} = Ssh, Data) ->
     Enc = crypto:block_encrypt(aes_cbc128, K,IV0,Data),
     IV = crypto:next_iv(aes_cbc, Enc),
-    {Ssh#ssh{encrypt_ctx = IV}, Enc}.
+    {Ssh#ssh{encrypt_ctx = IV}, Enc};
+encrypt(#ssh{encrypt = 'aes128-ctr',
+            encrypt_ctx = State0} = Ssh, Data) ->
+    {State, Enc} = crypto:stream_encrypt(State0,Data),
+    {Ssh#ssh{encrypt_ctx = State}, Enc}.
   
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -690,7 +722,21 @@ decrypt_init(#ssh{decrypt = 'aes128-cbc', role = server} = Ssh) ->
 		hash(Ssh, "C", 128)},
     <<K:16/binary>> = KD,
     {ok, Ssh#ssh{decrypt_keys = K, decrypt_ctx = IV,
-		 decrypt_block_size = 16}}.
+		 decrypt_block_size = 16}};
+decrypt_init(#ssh{decrypt = 'aes128-ctr', role = client} = Ssh) ->
+	IV = hash(Ssh, "B", 128),
+    <<K:16/binary>> = hash(Ssh, "D", 128),
+    State = crypto:stream_init(aes_ctr, K, IV),
+    {ok, Ssh#ssh{decrypt_keys = K,
+		 decrypt_block_size = 16,
+                 decrypt_ctx = State}};
+decrypt_init(#ssh{decrypt = 'aes128-ctr', role = server} = Ssh) ->
+	IV = hash(Ssh, "A", 128),
+    <<K:16/binary>> = hash(Ssh, "C", 128),
+    State = crypto:stream_init(aes_ctr, K, IV),
+    {ok, Ssh#ssh{decrypt_keys = K,
+		 decrypt_block_size = 16,
+                 decrypt_ctx = State}}.
 
   
 decrypt_final(Ssh) ->
@@ -711,7 +757,11 @@ decrypt(#ssh{decrypt = 'aes128-cbc', decrypt_keys = Key,
 	     decrypt_ctx = IV0} = Ssh, Data) ->
     Dec = crypto:block_decrypt(aes_cbc128, Key,IV0,Data),
     IV = crypto:next_iv(aes_cbc, Data),
-    {Ssh#ssh{decrypt_ctx = IV}, Dec}.
+    {Ssh#ssh{decrypt_ctx = IV}, Dec};
+decrypt(#ssh{decrypt = 'aes128-ctr',
+            decrypt_ctx = State0} = Ssh, Data) ->
+    {State, Enc} = crypto:stream_decrypt(State0,Data),
+    {Ssh#ssh{decrypt_ctx = State}, Enc}.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %% Compression
@@ -846,7 +896,9 @@ mac('hmac-sha1-96', Key, SeqNum, Data) ->
 mac('hmac-md5', Key, SeqNum, Data) ->
     crypto:hmac(md5, Key, [<<?UINT32(SeqNum)>>, Data]);
 mac('hmac-md5-96', Key, SeqNum, Data) ->
-    crypto:hmac(md5, Key, [<<?UINT32(SeqNum)>>, Data], mac_digest_size('hmac-md5-96')).
+    crypto:hmac(md5, Key, [<<?UINT32(SeqNum)>>, Data], mac_digest_size('hmac-md5-96'));
+mac('hmac-sha2-256', Key, SeqNum, Data) ->
+	crypto:hmac(sha256, Key, [<<?UINT32(SeqNum)>>, Data]).
 
 %% return N hash bytes (HASH)
 hash(SSH, Char, Bits) ->
@@ -911,12 +963,14 @@ mac_key_size('hmac-sha1')    -> 20*8;
 mac_key_size('hmac-sha1-96') -> 20*8;
 mac_key_size('hmac-md5')     -> 16*8;
 mac_key_size('hmac-md5-96')  -> 16*8;
+mac_key_size('hmac-sha2-256')-> 32*8;
 mac_key_size(none) -> 0.
 
 mac_digest_size('hmac-sha1')    -> 20;
 mac_digest_size('hmac-sha1-96') -> 12;
 mac_digest_size('hmac-md5')    -> 20;
 mac_digest_size('hmac-md5-96') -> 12;
+mac_digest_size('hmac-sha2-256') -> 32;
 mac_digest_size(none) -> 0.
 
 peer_name({Host, _}) ->
author	Marcus Arendt <[email protected]>	2014-09-03 10:14:56 +0200
committer	Marcus Arendt <[email protected]>	2014-09-03 10:14:56 +0200
commit	8ad5bd0ef8143f5ac32bd2df11d59a20e7eb0527 (patch)
tree	d01f65439f9074afc57818f1c1aacfc323d91b04 /lib/ssh/src
parent	ab526c6500c61d03e632fefcac9f46c08c150556 (diff)
parent	e3a947d06915bde9d11e80b9d6f4e31460a3cf51 (diff)
download	otp-8ad5bd0ef8143f5ac32bd2df11d59a20e7eb0527.tar.gz otp-8ad5bd0ef8143f5ac32bd2df11d59a20e7eb0527.tar.bz2 otp-8ad5bd0ef8143f5ac32bd2df11d59a20e7eb0527.zip