Add stronger algorithms for message authentication and key exchange.

mario-pavlov · mario-pavlov · commit ef7fbc4d34bb · 2020-07-21T10:12:30.000+03:00
SHA-2 from JCE was used to add support for - message authentication - hmac-sha2-256 - hmac-sha2-512 - key exchange as described in https://tools.ietf.org/html/rfc3526 - diffie-hellman-group14-sha256 - diffie-hellman-group16-sha512 - diffie-hellman-group18-sha512
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+.gradle
+build
diff --git a/HISTORY.txt b/HISTORY.txt
@@ -2,6 +2,16 @@
 Release Notes:
 ==============
 
+build263 2020-07-20
+
+- Add gradle build.
+
+- Add OSGi support.
+
+- Message authentication: add support for hmac-sha2-256 and hmac-sha2-512.
+
+- Key exchange: add support for diffie-hellman-group14-sha256, diffie-hellman-group16-sha512 and diffie-hellman-group18-sha512.
+
 build261, 2013-08-09
 
 - Joint work by Christian Plattner and David Kocher.
diff --git a/README.txt b/README.txt
@@ -1,3 +1,26 @@
+This repository is forked from one of the automatic exports of code.google.com/p/ganymed-ssh-2 and contains updates on top of the ganymed-ssh2-262 tag. The ganymed-ssh2-262 tag was used to produce the latest public build in Maven Central, which is version 262, so builds from this repository should be version 263. The latest public build in Maven Central is available at https://search.maven.org/artifact/ch.ethz.ganymed/ganymed-ssh2/262/jar
+The following features were added in version 263:
+- Gradle build support.
+- OSGi support.
+- Message authentication: support for hmac-sha2-256 and hmac-sha2-512.
+- Key exchange: support for diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, and diffie-hellman-group18-sha512.
+
+The code from this repository is used in Software AG Command Central and tested using the Command Central continuous integration. However, this code is not officially supported by Software AG. 
+
+
+**********************************
+
+This software is provided as-is and without warranty or support. It does not constitute part of the Software AG product suite. Users are free to use, fork and modify it, subject to the license agreement. While Software AG welcomes contributions, we cannot guarantee to include every contribution in the master project.
+
+**********************************
+
+
+
+
+Original content:
+
+
+
 
 Ganymed SSH-2 for Java - build 261
 ==================================
diff --git a/build.gradle b/build.gradle
@@ -0,0 +1,41 @@
+plugins {
+    id 'java-library'
+}
+
+repositories {
+    jcenter()
+}
+
+dependencies {
+    testImplementation 'junit:junit:4.11'
+}
+
+group = 'ch.ethz.ganymed'
+version = '263'
+description = 'ganymed-ssh2'
+sourceCompatibility = '1.6'
+
+sourceSets.main.resources.srcDir project.rootDir
+sourceSets.main.resources.includes = [ 'FAQ.html', 'HISTORY.txt', 'LICENSE.txt', 'overview.html', 'README.txt' ]
+
+java {
+    withSourcesJar()
+    withJavadocJar()
+}
+
+javadoc.failOnError = false
+
+jar {
+    manifest {
+        attributes(
+            'Bundle-Description': 'Ganymed SSH2 Client Library',
+            'Bundle-SymbolicName': 'ch.ethz.ssh2.ganymed-ssh2',
+            'Bundle-ManifestVersion': '2',
+            'Bundle-ActivationPolicy': 'lazy',
+            'Bundle-RequiredExecutionEnvironment': 'JavaSE-1.6',
+            'Export-Package': 'ch.ethz.ssh2;version=1.0.0,ch.ethz.ssh2.auth;version=1.0.0,ch.ethz.ssh2.channel;version=1.0.0,ch.ethz.ssh2.crypto;version=1.0.0,ch.ethz.ssh2.crypto.cipher;version=1.0.0,ch.ethz.ssh2.crypto.dh;version=1.0.0,ch.ethz.ssh2.crypto.digest;version=1.0.0,ch.ethz.ssh2.log;version=1.0.0,ch.ethz.ssh2.packets;version=1.0.0,ch.ethz.ssh2.server;version=1.0.0,ch.ethz.ssh2.sftp;version=1.0.0,ch.ethz.ssh2.signature;version=1.0.0,ch.ethz.ssh2.transport;version=1.0.0,ch.ethz.ssh2.util;version=1.0.0',
+            'Bundle-Version': '1.0.263',
+            'Bundle-Name': 'Ganymed SSH2'
+        )
+    }
+}
diff --git a/settings.gradle b/settings.gradle
@@ -0,0 +1 @@
+rootProject.name = 'ganymed-ssh2'
diff --git a/src/main/java/ch/ethz/ssh2/Connection.java b/src/main/java/ch/ethz/ssh2/Connection.java
@@ -1215,6 +1215,26 @@ public synchronized void setServerHostKeyAlgorithms(String[] algos) {
         cryptoWishList.serverHostKeyAlgorithms = algos;
     }
 
+    /**
+     * Define the set of allowed key exchange methods.
+     * 
+     * @param algos An array of allowed key exchange methods. The following are supported: 
+     *              diffie-hellman-group14-sha256, 
+     *              diffie-hellman-group16-sha512, 
+     *              diffie-hellman-group18-sha512, 
+     *              diffie-hellman-group14-sha1, 
+     *              diffie-hellman-group1-sha1, 
+     *              diffie-hellman-group-exchange-sha1
+     */
+    public synchronized void setClientKexAlgorithms(String[] algos) {
+        if ((algos == null) || (algos.length == 0)) {
+            throw new IllegalArgumentException();
+        }
+        algos = removeDuplicates(algos);
+        KexManager.checkClientKexAlgorithmList(algos);
+        cryptoWishList.kexAlgorithms = algos;
+    }
+
     /**
      * Enable/disable TCP_NODELAY (disable/enable Nagle's algorithm) on the underlying socket.
      * <p/>
diff --git a/src/main/java/ch/ethz/ssh2/crypto/dh/DhExchange.java b/src/main/java/ch/ethz/ssh2/crypto/dh/DhExchange.java
@@ -21,7 +21,7 @@ public class DhExchange
 
 	/* Given by the standard */
 
-	static final BigInteger p1, p14;
+	static final BigInteger p1, p14, p16, p18;
 	static final BigInteger g;
 
 	BigInteger p;
@@ -40,6 +40,8 @@ public class DhExchange
 
 	BigInteger k;
 
+	private String hashFunction = "SHA1";
+
 	static
 	{
 		final String p1_string = "17976931348623159077083915679378745319786029604875"
@@ -57,13 +59,62 @@ public class DhExchange
 				+ "E3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF69558171"
 				+ "83995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF";
 
+		final String p16_string = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD12902"
+			+ "4E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1"
+			+ "4374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386B"
+			+ "FB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39"
+			+ "A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E"
+			+ "4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB"
+			+ "5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8A"
+			+ "AAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB39"
+			+ "70F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A"
+			+ "0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24"
+			+ "FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B"
+			+ "2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC1"
+			+ "41FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AF"
+			+ "B81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93"
+			+ "4063199FFFFFFFFFFFFFFFF";
+
+		final String p18_string = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024"
+			+ "E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14"
+			+ "374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BF"
+			+ "B5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A"
+			+ "69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4"
+			+ "ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5"
+			+ "C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AA"
+			+ "AC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB397"
+			+ "0F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0"
+			+ "864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24F"
+			+ "A074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2"
+			+ "699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC14"
+			+ "1FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB"
+			+ "81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934"
+			+ "02849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5D"
+			+ "B382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4"
+			+ "BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032E"
+			+ "A15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8"
+			+ "F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED"
+			+ "20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
+			+ "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6"
+			+ "DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD30074"
+			+ "1FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39"
+			+ "D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCB"
+			+ "C8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F"
+			+ "82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510"
+			+ "BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382"
+			+ "BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD"
+			+ "98EDD3DFFFFFFFFFFFFFFFFF";
+
 		p1 = new BigInteger(p1_string);
 		p14 = new BigInteger(p14_string, 16);
+		p16 = new BigInteger(p16_string, 16);
+		p18 = new BigInteger(p18_string, 16);
 		g = new BigInteger("2");
 	}
 
-	public DhExchange()
+	public DhExchange(String hashFunction)
 	{
+		this.hashFunction = hashFunction;
 	}
 
 	public void clientInit(int group, SecureRandom rnd)
@@ -74,6 +125,10 @@ public void clientInit(int group, SecureRandom rnd)
 			p = p1;
 		else if (group == 14)
 			p = p14;
+		else if (group == 16)
+			p = p16;
+		else if (group == 18)
+			p = p18;
 		else
 			throw new IllegalArgumentException("Unknown DH group " + group);
 
@@ -172,7 +227,7 @@ public void setE(BigInteger e)
 	public byte[] calculateH(byte[] clientversion, byte[] serverversion, byte[] clientKexPayload,
 			byte[] serverKexPayload, byte[] hostKey)
 	{
-		HashForSSH2Types hash = new HashForSSH2Types("SHA1");
+		HashForSSH2Types hash = new HashForSSH2Types(hashFunction);
 
 		if (log.isInfoEnabled())
 		{
@@ -191,4 +246,9 @@ public byte[] calculateH(byte[] clientversion, byte[] serverversion, byte[] clie
 
 		return hash.getDigest();
 	}
+
+	public String getHashFunction()
+	{
+		return hashFunction;
+	}
 }
diff --git a/src/main/java/ch/ethz/ssh2/crypto/digest/HMAC.java b/src/main/java/ch/ethz/ssh2/crypto/digest/HMAC.java
@@ -21,13 +21,18 @@ public final class HMAC implements Digest
 	int size;
 
 	public HMAC(Digest md, byte[] key, int size)
+	{
+	    this(md, key, size, 64);
+	}
+
+	public HMAC(Digest md, byte[] key, int size, int blocksize)
 	{
 		this.md = md;
 		this.size = size;
 
 		tmp = new byte[md.getDigestLength()];
 
-		final int BLOCKSIZE = 64;
+		final int BLOCKSIZE = blocksize;
 
 		k_xor_ipad = new byte[BLOCKSIZE];
 		k_xor_opad = new byte[BLOCKSIZE];
diff --git a/src/main/java/ch/ethz/ssh2/crypto/digest/HashForSSH2Types.java b/src/main/java/ch/ethz/ssh2/crypto/digest/HashForSSH2Types.java
@@ -23,7 +23,15 @@ public HashForSSH2Types(Digest md)
 
 	public HashForSSH2Types(String type)
 	{
-		if (type.equals("SHA1"))
+		if (type.equals("SHA2-512"))
+		{
+			md = new SHA2(512);
+		}
+		else if (type.equals("SHA2-256"))
+		{
+			md = new SHA2(256);
+		}
+		else if (type.equals("SHA1"))
 		{
 			md = new SHA1();
 		}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/digest/MAC.java b/src/main/java/ch/ethz/ssh2/crypto/digest/MAC.java
@@ -19,7 +19,7 @@ public final static String[] getMacList()
 	{
 		/* Higher Priority First */
 
-		return new String[] { "hmac-sha1-96", "hmac-sha1", "hmac-md5-96", "hmac-md5" };
+		return new String[] { "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1-96", "hmac-sha1", "hmac-md5-96", "hmac-md5" };
 	}
 
 	public final static void checkMacList(String[] macs)
@@ -30,6 +30,10 @@ public final static void checkMacList(String[] macs)
 
 	public final static int getKeyLen(String type)
 	{
+	    if (type.equals("hmac-sha2-256"))
+	        return 32;
+	    if (type.equals("hmac-sha2-512"))
+            return 64;
 		if (type.equals("hmac-sha1"))
 			return 20;
 		if (type.equals("hmac-sha1-96"))
@@ -43,7 +47,15 @@ public final static int getKeyLen(String type)
 
 	public MAC(String type, byte[] key)
 	{
-		if (type.equals("hmac-sha1"))
+	    if (type.equals("hmac-sha2-256"))
+	    {
+	        mac = new HMAC(new SHA2(256), key, 32);
+	    }
+	    else if (type.equals("hmac-sha2-512"))
+	    {
+	        mac = new HMAC(new SHA2(512), key, 64, 128);
+	    }
+	    else if (type.equals("hmac-sha1"))
 		{
 			mac = new HMAC(new SHA1(), key, 20);
 		}
diff --git a/src/main/java/ch/ethz/ssh2/crypto/digest/SHA2.java b/src/main/java/ch/ethz/ssh2/crypto/digest/SHA2.java
@@ -0,0 +1,61 @@
+package ch.ethz.ssh2.crypto.digest;
+
+import java.security.DigestException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+public class SHA2 implements Digest {
+
+    private MessageDigest md = null;
+
+    public SHA2(int keyLen) {
+        try {
+            md = MessageDigest.getInstance("SHA-" + keyLen);
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    @Override
+    public int getDigestLength() {
+        return md.getDigestLength();
+    }
+
+    @Override
+    public void update(byte b) {
+        md.update(b);
+    }
+
+    @Override
+    public void update(byte[] b) {
+        md.update(b);
+    }
+
+    @Override
+    public void update(byte[] b, int off, int len) {
+        md.update(b, off, len);
+    }
+
+    @Override
+    public void reset() {
+        md.reset();
+    }
+
+    @Override
+    public void digest(byte[] out) {
+        try {
+            md.digest(out, 0, out.length);
+        } catch (DigestException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    @Override
+    public void digest(byte[] out, int off) {
+        try {
+            md.digest(out, off, out.length - off);
+        } catch (DigestException e) {
+            throw new RuntimeException(e);
+        }
+    }
+}
diff --git a/src/main/java/ch/ethz/ssh2/transport/ClientKexManager.java b/src/main/java/ch/ethz/ssh2/transport/ClientKexManager.java
diff --git a/src/main/java/ch/ethz/ssh2/transport/KexManager.java b/src/main/java/ch/ethz/ssh2/transport/KexManager.java
diff --git a/src/main/java/ch/ethz/ssh2/transport/ServerKexManager.java b/src/main/java/ch/ethz/ssh2/transport/ServerKexManager.java

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,15 @@ public HashForSSH2Types(Digest md)`
`23`	`23`
`24`	`24`	`public HashForSSH2Types(String type)`
`25`	`25`	`{`
`26`		`- if (type.equals("SHA1"))`
	`26`	`+ if (type.equals("SHA2-512"))`
	`27`	`+ {`
	`28`	`+ md = new SHA2(512);`
	`29`	`+ }`
	`30`	`+ else if (type.equals("SHA2-256"))`
	`31`	`+ {`
	`32`	`+ md = new SHA2(256);`
	`33`	`+ }`
	`34`	`+ else if (type.equals("SHA1"))`
`27`	`35`	`{`
`28`	`36`	`md = new SHA1();`
`29`	`37`	`}`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ public final static String[] getMacList()`
`19`	`19`	`{`
`20`	`20`	`/* Higher Priority First */`
`21`	`21`
`22`		`- return new String[] { "hmac-sha1-96", "hmac-sha1", "hmac-md5-96", "hmac-md5" };`
	`22`	`+ return new String[] { "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1-96", "hmac-sha1", "hmac-md5-96", "hmac-md5" };`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`public final static void checkMacList(String[] macs)`
`@@ -30,6 +30,10 @@ public final static void checkMacList(String[] macs)`
`30`	`30`
`31`	`31`	`public final static int getKeyLen(String type)`
`32`	`32`	`{`
	`33`	`+ if (type.equals("hmac-sha2-256"))`
	`34`	`+ return 32;`
	`35`	`+ if (type.equals("hmac-sha2-512"))`
	`36`	`+ return 64;`
`33`	`37`	`if (type.equals("hmac-sha1"))`
`34`	`38`	`return 20;`
`35`	`39`	`if (type.equals("hmac-sha1-96"))`
`@@ -43,7 +47,15 @@ public final static int getKeyLen(String type)`
`43`	`47`
`44`	`48`	`public MAC(String type, byte[] key)`
`45`	`49`	`{`
`46`		`- if (type.equals("hmac-sha1"))`
	`50`	`+ if (type.equals("hmac-sha2-256"))`
	`51`	`+ {`
	`52`	`+ mac = new HMAC(new SHA2(256), key, 32);`
	`53`	`+ }`
	`54`	`+ else if (type.equals("hmac-sha2-512"))`
	`55`	`+ {`
	`56`	`+ mac = new HMAC(new SHA2(512), key, 64, 128);`
	`57`	`+ }`
	`58`	`+ else if (type.equals("hmac-sha1"))`
`47`	`59`	`{`
`48`	`60`	`mac = new HMAC(new SHA1(), key, 20);`
`49`	`61`	`}`