[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] diffie-hellman-group-exchange-sha256

Subject: Re: [PATCH] diffie-hellman-group-exchange-sha256
From: Jon Simons <jon@xxxxxxxxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Sun, 25 Jan 2015 17:12:32 -0800
To: libssh@xxxxxxxxxx

Hi Yanis,

On 1/23/15, 5:40 AM, Yanis Kurganov wrote:

It's a final version with modern SSH_MSG_KEY_DH_GEX_REQUEST.
Some clients (for example, Tera Term) use only this message.


In my local testing with this patch, it seems that this breaks the initial
key exchange for dropbear clients.

Steps to reproduce:

 1. build libssh WITH_SERVER and tests:

      cd build && cmake -DWITH_TESTING=ON -DWITH_SERVER=ON ..

 2. build a dropbear client with these options enabled in options.h, and
    ensure that the 'dbclient' binary is in your PATH:

      #define DROPBEAR_BLOWFISH

      #define DROPBEAR_SHA2_256_HMAC
      #define DROPBEAR_SHA2_512_HMAC

 3. now run the 'pkd_hello' test:

    cd build/tests/pkd

    # all combinations with 1 iteration:
    ./pkd_hello -i1

    # just one single verbose dropbear pass (exhibits the regression):
    ./pkd_hello -i1 -t torture_pkd_dropbear_rsa_default -v -v -v -v

Attached is a patch which adds passes for the new group exchange algorithms
to 'pkd', but the patch is not needed to demonstrate the dropbear interop bug.


-Jon

From 8a04934dd639a65fa1200efdecab2d7cad8504d0 Mon Sep 17 00:00:00 2001
From: Jon Simons <jon@xxxxxxxxxxxxx>
Date: Fri, 23 Jan 2015 17:41:35 -0800
Subject: [PATCH] pkd: add new diffie-hellman gex passes

Signed-off-by: Jon Simons <jon@xxxxxxxxxxxxx>
---
 tests/pkd/pkd_hello.c | 50 ++++++++++++++++++++++++++++++--------------------
 1 file changed, 30 insertions(+), 20 deletions(-)

diff --git a/tests/pkd/pkd_hello.c b/tests/pkd/pkd_hello.c
index 19d29a3..de927a7 100644
--- a/tests/pkd/pkd_hello.c
+++ b/tests/pkd/pkd_hello.c
@@ -167,26 +167,36 @@ static void torture_pkd_setup_ecdsa_521(void **state) {
 
 #define PKDTESTS_KEX(f, client, kexcmd) \
     /* Kex algorithms. */ \
-    f(client, rsa_curve25519_sha256,                  kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_rsa,        teardown) \
-    f(client, rsa_ecdh_sha2_nistp256,                 kexcmd("ecdh-sha2-nistp256 "),           setup_rsa,        teardown) \
-    f(client, rsa_diffie_hellman_group14_sha1,        kexcmd("diffie-hellman-group14-sha1"),   setup_rsa,        teardown) \
-    f(client, rsa_diffie_hellman_group1_sha1,         kexcmd("diffie-hellman-group1-sha1"),    setup_rsa,        teardown) \
-    f(client, dsa_curve25519_sha256,                  kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_dsa,        teardown) \
-    f(client, dsa_ecdh_sha2_nistp256,                 kexcmd("ecdh-sha2-nistp256 "),           setup_dsa,        teardown) \
-    f(client, dsa_diffie_hellman_group14_sha1,        kexcmd("diffie-hellman-group14-sha1"),   setup_dsa,        teardown) \
-    f(client, dsa_diffie_hellman_group1_sha1,         kexcmd("diffie-hellman-group1-sha1"),    setup_dsa,        teardown) \
-    f(client, ecdsa_256_curve25519_sha256,            kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_ecdsa_256,  teardown) \
-    f(client, ecdsa_256_ecdh_sha2_nistp256,           kexcmd("ecdh-sha2-nistp256 "),           setup_ecdsa_256,  teardown) \
-    f(client, ecdsa_256_diffie_hellman_group14_sha1,  kexcmd("diffie-hellman-group14-sha1"),   setup_ecdsa_256,  teardown) \
-    f(client, ecdsa_256_diffie_hellman_group1_sha1,   kexcmd("diffie-hellman-group1-sha1"),    setup_ecdsa_256,  teardown) \
-    f(client, ecdsa_384_curve25519_sha256,            kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_ecdsa_384,  teardown) \
-    f(client, ecdsa_384_ecdh_sha2_nistp256,           kexcmd("ecdh-sha2-nistp256 "),           setup_ecdsa_384,  teardown) \
-    f(client, ecdsa_384_diffie_hellman_group14_sha1,  kexcmd("diffie-hellman-group14-sha1"),   setup_ecdsa_384,  teardown) \
-    f(client, ecdsa_384_diffie_hellman_group1_sha1,   kexcmd("diffie-hellman-group1-sha1"),    setup_ecdsa_384,  teardown) \
-    f(client, ecdsa_521_curve25519_sha256,            kexcmd("curve25519-sha256@xxxxxxxxxx"),  setup_ecdsa_521,  teardown) \
-    f(client, ecdsa_521_ecdh_sha2_nistp256,           kexcmd("ecdh-sha2-nistp256 "),           setup_ecdsa_521,  teardown) \
-    f(client, ecdsa_521_diffie_hellman_group14_sha1,  kexcmd("diffie-hellman-group14-sha1"),   setup_ecdsa_521,  teardown) \
-    f(client, ecdsa_521_diffie_hellman_group1_sha1,   kexcmd("diffie-hellman-group1-sha1"),    setup_ecdsa_521,  teardown)
+    f(client, rsa_curve25519_sha256,                  kexcmd("curve25519-sha256@xxxxxxxxxx"),           setup_rsa,        teardown) \
+    f(client, rsa_ecdh_sha2_nistp256,                 kexcmd("ecdh-sha2-nistp256 "),                    setup_rsa,        teardown) \
+    f(client, rsa_diffie_hellman_gex_sha1,            kexcmd("diffie-hellman-group-exchange-sha1"),     setup_rsa,        teardown) \
+    f(client, rsa_diffie_hellman_gex_sha256,          kexcmd("diffie-hellman-group-exchange-sha256"),   setup_rsa,        teardown) \
+    f(client, rsa_diffie_hellman_group14_sha1,        kexcmd("diffie-hellman-group14-sha1"),            setup_rsa,        teardown) \
+    f(client, rsa_diffie_hellman_group1_sha1,         kexcmd("diffie-hellman-group1-sha1"),             setup_rsa,        teardown) \
+    f(client, dsa_curve25519_sha256,                  kexcmd("curve25519-sha256@xxxxxxxxxx"),           setup_dsa,        teardown) \
+    f(client, dsa_ecdh_sha2_nistp256,                 kexcmd("ecdh-sha2-nistp256 "),                    setup_dsa,        teardown) \
+    f(client, dsa_diffie_hellman_gex_sha1,            kexcmd("diffie-hellman-group-exchange-sha1"),     setup_dsa,        teardown) \
+    f(client, dsa_diffie_hellman_gex_sha256,          kexcmd("diffie-hellman-group-exchange-sha256"),   setup_dsa,        teardown) \
+    f(client, dsa_diffie_hellman_group14_sha1,        kexcmd("diffie-hellman-group14-sha1"),            setup_dsa,        teardown) \
+    f(client, dsa_diffie_hellman_group1_sha1,         kexcmd("diffie-hellman-group1-sha1"),             setup_dsa,        teardown) \
+    f(client, ecdsa_256_curve25519_sha256,            kexcmd("curve25519-sha256@xxxxxxxxxx"),           setup_ecdsa_256,  teardown) \
+    f(client, ecdsa_256_ecdh_sha2_nistp256,           kexcmd("ecdh-sha2-nistp256 "),                    setup_ecdsa_256,  teardown) \
+    f(client, ecdsa_256_diffie_hellman_gex_sha1,      kexcmd("diffie-hellman-group-exchange-sha1"),     setup_ecdsa_256,  teardown) \
+    f(client, ecdsa_256_diffie_hellman_gex_sha256,    kexcmd("diffie-hellman-group-exchange-sha256"),   setup_ecdsa_256,  teardown) \
+    f(client, ecdsa_256_diffie_hellman_group14_sha1,  kexcmd("diffie-hellman-group14-sha1"),            setup_ecdsa_256,  teardown) \
+    f(client, ecdsa_256_diffie_hellman_group1_sha1,   kexcmd("diffie-hellman-group1-sha1"),             setup_ecdsa_256,  teardown) \
+    f(client, ecdsa_384_curve25519_sha256,            kexcmd("curve25519-sha256@xxxxxxxxxx"),           setup_ecdsa_384,  teardown) \
+    f(client, ecdsa_384_ecdh_sha2_nistp256,           kexcmd("ecdh-sha2-nistp256 "),                    setup_ecdsa_384,  teardown) \
+    f(client, ecdsa_384_diffie_hellman_gex_sha1,      kexcmd("diffie-hellman-group-exchange-sha1"),     setup_ecdsa_384,  teardown) \
+    f(client, ecdsa_384_diffie_hellman_gex_sha256,    kexcmd("diffie-hellman-group-exchange-sha256"),   setup_ecdsa_384,  teardown) \
+    f(client, ecdsa_384_diffie_hellman_group14_sha1,  kexcmd("diffie-hellman-group14-sha1"),            setup_ecdsa_384,  teardown) \
+    f(client, ecdsa_384_diffie_hellman_group1_sha1,   kexcmd("diffie-hellman-group1-sha1"),             setup_ecdsa_384,  teardown) \
+    f(client, ecdsa_521_curve25519_sha256,            kexcmd("curve25519-sha256@xxxxxxxxxx"),           setup_ecdsa_521,  teardown) \
+    f(client, ecdsa_521_ecdh_sha2_nistp256,           kexcmd("ecdh-sha2-nistp256 "),                    setup_ecdsa_521,  teardown) \
+    f(client, ecdsa_521_diffie_hellman_gex_sha1,      kexcmd("diffie-hellman-group-exchange-sha1"),     setup_ecdsa_521,  teardown) \
+    f(client, ecdsa_521_diffie_hellman_gex_sha256,    kexcmd("diffie-hellman-group-exchange-sha256"),   setup_ecdsa_521,  teardown) \
+    f(client, ecdsa_521_diffie_hellman_group14_sha1,  kexcmd("diffie-hellman-group14-sha1"),            setup_ecdsa_521,  teardown) \
+    f(client, ecdsa_521_diffie_hellman_group1_sha1,   kexcmd("diffie-hellman-group1-sha1"),             setup_ecdsa_521,  teardown)
 
 #define PKDTESTS_CIPHER(f, client, ciphercmd) \
     /* Ciphers. */ \
-- 
1.9.1

Follow-Ups:
Re: [PATCH] diffie-hellman-group-exchange-sha256	Yanis Kurganov <yanis.kurganov@xxxxxxxxx>

References:
Re: [PATCH] diffie-hellman-group-exchange-sha256	Andreas Schneider <asn@xxxxxxxxxxxxxx>
Re: [PATCH] diffie-hellman-group-exchange-sha256	Yanis Kurganov <yanis.kurganov@xxxxxxxxx>
Re: [PATCH] diffie-hellman-group-exchange-sha256	Andreas Schneider <asn@xxxxxxxxxxxxxx>
Re: [PATCH] diffie-hellman-group-exchange-sha256	Yanis Kurganov <yanis.kurganov@xxxxxxxxx>
Re: [PATCH] diffie-hellman-group-exchange-sha256	Yanis Kurganov <yanis.kurganov@xxxxxxxxx>
Re: [PATCH] diffie-hellman-group-exchange-sha256	Yanis Kurganov <yanis.kurganov@xxxxxxxxx>
Re: [PATCH] diffie-hellman-group-exchange-sha256	Yanis Kurganov <yanis.kurganov@xxxxxxxxx>
Re: [PATCH] diffie-hellman-group-exchange-sha256	Yanis Kurganov <yanis.kurganov@xxxxxxxxx>
Re: [PATCH] diffie-hellman-group-exchange-sha256	Yanis Kurganov <yanis.kurganov@xxxxxxxxx>

Archive administrator: postmaster@lists.cynapses.org