kex.c: group16-sha512 and group18-sha512 support #457 (#468)

Files: kex.c Notes: Added key exchange group16-sha512 and group18-sha512. As a result did the following: Abstracted diffie_hellman_sha256() to diffie_hellman_sha_algo() which is now algorithm agnostic and takes the algorithm as a parameter since we needed sha512 support. Unfortunately it required some helper functions but they are simple. Deleted diffie_hellman_sha1() Deleted diffie_hellman_sha1 specific macro Cleaned up some formatting Defined sha384 in os400 and wincng backends Defined LIBSSH2_DH_MAX_MODULUS_BITS to abort the connection if we receive too large of p from the server doing sha1 key exchange. Reorder the default key exchange list to match OpenSSH and improve security Credit: Will Cosgrove
2025-08-08 19:02:07 +03:00 · 2020-09-23 13:20:00 -07:00
parent 9ae9ff30cb
commit f553dcc95d
5 changed files with 575 additions and 862 deletions
--- a/include/libssh2.h
+++ b/include/libssh2.h
@@ -239,6 +239,8 @@ typedef off_t libssh2_struct_stat_size;
 #define LIBSSH2_DH_GEX_OPTGROUP     4096
 #define LIBSSH2_DH_GEX_MAXGROUP     8192

+#define LIBSSH2_DH_MAX_MODULUS_BITS 16384
+
 /* Defaults for pty requests */
 #define LIBSSH2_TERM_WIDTH      80
 #define LIBSSH2_TERM_HEIGHT     24
--- a/src/kex.c
+++ b/src/kex.c
--- a/src/os400qc3.h
+++ b/src/os400qc3.h
@@ -182,6 +182,7 @@
 #define MD5_DIGEST_LENGTH       16
 #define SHA_DIGEST_LENGTH       20
 #define SHA256_DIGEST_LENGTH    32
+#define SHA384_DIGEST_LENGTH    48
 #define SHA512_DIGEST_LENGTH    64

 #define EC_MAX_POINT_LEN ((528 * 2 / 8) + 1)
@@ -233,6 +234,7 @@ typedef struct {        /* Diffie-Hellman context. */

 #define libssh2_sha1_ctx        Qc3_Format_ALGD0100_T
 #define libssh2_sha256_ctx      Qc3_Format_ALGD0100_T
+#define libssh2_sha384_ctx      Qc3_Format_ALGD0100_T
 #define libssh2_sha512_ctx      Qc3_Format_ALGD0100_T
 #define libssh2_md5_ctx         Qc3_Format_ALGD0100_T
 #define libssh2_hmac_ctx        _libssh2_os400qc3_crypto_ctx
@@ -251,6 +253,14 @@ typedef struct {        /* Diffie-Hellman context. */
 #define libssh2_sha256(message, len, out)                                   \
                                libssh2_os400qc3_hash(message, len, out,    \
                                                      Qc3_SHA256)
+#define libssh2_sha384_init(x)  libssh2_os400qc3_hash_init(x, Qc3_SHA384)
+#define libssh2_sha384_update(ctx, data, len)                               \
+                              libssh2_os400qc3_hash_update(&(ctx), data, len)
+#define libssh2_sha384_final(ctx, out)                                      \
+                                libssh2_os400qc3_hash_final(&(ctx), out)
+#define libssh2_sha384(message, len, out)                                   \
+                                libssh2_os400qc3_hash(message, len, out,    \
+                                                      Qc3_SHA384)
 #define libssh2_sha512_init(x)  libssh2_os400qc3_hash_init(x, Qc3_SHA512)
 #define libssh2_sha512_update(ctx, data, len)                               \
                                libssh2_os400qc3_hash_update(&(ctx), data, len)
--- a/src/wincng.c
+++ b/src/wincng.c
@@ -99,6 +99,10 @@
 #define BCRYPT_SHA256_ALGORITHM L"SHA256"
 #endif

+#ifndef BCRYPT_SHA384_ALGORITHM
+#define BCRYPT_SHA384_ALGORITHM L"SHA384"
+#endif
+
 #ifndef BCRYPT_SHA512_ALGORITHM
 #define BCRYPT_SHA512_ALGORITHM L"SHA512"
 #endif
@@ -248,6 +252,11 @@ _libssh2_wincng_init(void)
    if(!BCRYPT_SUCCESS(ret)) {
        _libssh2_wincng.hAlgHashSHA256 = NULL;
    }
+    ret = BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHashSHA384,
+                                      BCRYPT_SHA384_ALGORITHM, NULL, 0);
+    if(!BCRYPT_SUCCESS(ret)) {
+        _libssh2_wincng.hAlgHashSHA384 = NULL;
+    }
    ret = BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHashSHA512,
                                      BCRYPT_SHA512_ALGORITHM, NULL, 0);
    if(!BCRYPT_SUCCESS(ret)) {
@@ -272,6 +281,12 @@ _libssh2_wincng_init(void)
    if(!BCRYPT_SUCCESS(ret)) {
        _libssh2_wincng.hAlgHmacSHA256 = NULL;
    }
+    ret = BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHmacSHA384,
+                                      BCRYPT_SHA384_ALGORITHM, NULL,
+                                      BCRYPT_ALG_HANDLE_HMAC_FLAG);
+    if(!BCRYPT_SUCCESS(ret)) {
+        _libssh2_wincng.hAlgHmacSHA384 = NULL;
+    }
    ret = BCryptOpenAlgorithmProvider(&_libssh2_wincng.hAlgHmacSHA512,
                                      BCRYPT_SHA512_ALGORITHM, NULL,
                                      BCRYPT_ALG_HANDLE_HMAC_FLAG);
@@ -369,6 +384,8 @@ _libssh2_wincng_free(void)
        (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHashSHA1, 0);
    if(_libssh2_wincng.hAlgHashSHA256)
        (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHashSHA256, 0);
+    if(_libssh2_wincng.hAlgHashSHA384)
+        (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHashSHA384, 0);
    if(_libssh2_wincng.hAlgHashSHA512)
        (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHashSHA512, 0);
    if(_libssh2_wincng.hAlgHmacMD5)
@@ -377,6 +394,8 @@ _libssh2_wincng_free(void)
        (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHmacSHA1, 0);
    if(_libssh2_wincng.hAlgHmacSHA256)
        (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHmacSHA256, 0);
+    if(_libssh2_wincng.hAlgHmacSHA384)
+        (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHmacSHA384, 0);
    if(_libssh2_wincng.hAlgHmacSHA512)
        (void)BCryptCloseAlgorithmProvider(_libssh2_wincng.hAlgHmacSHA512, 0);
    if(_libssh2_wincng.hAlgRSA)
--- a/src/wincng.h
+++ b/src/wincng.h
@@ -70,6 +70,7 @@
 #define MD5_DIGEST_LENGTH 16
 #define SHA_DIGEST_LENGTH 20
 #define SHA256_DIGEST_LENGTH 32
+#define SHA384_DIGEST_LENGTH 48
 #define SHA512_DIGEST_LENGTH 64

 #define EC_MAX_POINT_LEN ((528 * 2 / 8) + 1)
@@ -89,10 +90,12 @@ struct _libssh2_wincng_ctx {
    BCRYPT_ALG_HANDLE hAlgHashMD5;
    BCRYPT_ALG_HANDLE hAlgHashSHA1;
    BCRYPT_ALG_HANDLE hAlgHashSHA256;
+    BCRYPT_ALG_HANDLE hAlgHashSHA384;
    BCRYPT_ALG_HANDLE hAlgHashSHA512;
    BCRYPT_ALG_HANDLE hAlgHmacMD5;
    BCRYPT_ALG_HANDLE hAlgHmacSHA1;
    BCRYPT_ALG_HANDLE hAlgHmacSHA256;
+    BCRYPT_ALG_HANDLE hAlgHmacSHA384;
    BCRYPT_ALG_HANDLE hAlgHmacSHA512;
    BCRYPT_ALG_HANDLE hAlgRSA;
    BCRYPT_ALG_HANDLE hAlgDSA;
@@ -165,7 +168,17 @@ typedef struct __libssh2_wincng_hash_ctx {
 #define libssh2_sha256(data, datalen, hash) \
  _libssh2_wincng_hash(data, datalen, _libssh2_wincng.hAlgHashSHA256, \
                       hash, SHA256_DIGEST_LENGTH)
-
+#define libssh2_sha384_ctx _libssh2_wincng_hash_ctx
+#define libssh2_sha384_init(ctx) \
+ (_libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHashSHA384, \
+                           SHA384_DIGEST_LENGTH, NULL, 0) == 0)
+#define libssh2_sha384_update(ctx, data, datalen) \
+ _libssh2_wincng_hash_update(&ctx, (unsigned char *) data, datalen)
+#define libssh2_sha384_final(ctx, hash) \
+ _libssh2_wincng_hash_final(&ctx, hash)
+#define libssh2_sha384(data, datalen, hash) \
+_libssh2_wincng_hash(data, datalen, _libssh2_wincng.hAlgHashSHA384, \
+                     hash, SHA384_DIGEST_LENGTH)
 #define libssh2_sha512_ctx _libssh2_wincng_hash_ctx
 #define libssh2_sha512_init(ctx) \
  (_libssh2_wincng_hash_init(ctx, _libssh2_wincng.hAlgHashSHA512, \