private byte[] DeriveKey(BigInteger key, byte[] hash, char ch, int length) {
byte[] result = new byte[length];
SSH2DataWriter wr = new SSH2DataWriter();
wr.WriteBigInteger(key);
wr.Write(hash);
wr.WriteByte((byte)ch);
wr.Write(_sessionID);
byte[] h1 = new SHA1CryptoServiceProvider().ComputeHash(wr.ToByteArray());
if (h1.Length >= length) {
Array.Copy(h1, 0, result, 0, length);
return result;
}
else {
wr = new SSH2DataWriter();
wr.WriteBigInteger(key);
wr.Write(_sessionID);
wr.Write(h1);
byte[] h2 = new SHA1CryptoServiceProvider().ComputeHash(wr.ToByteArray());
if (h1.Length + h2.Length >= length) {
Array.Copy(h1, 0, result, 0, h1.Length);
Array.Copy(h2, 0, result, h1.Length, length - h1.Length);
return result;
}
else
throw new SSHException("necessary key length is too big"); //long key is not supported
}
}
private DataFragment SendKEXDHINIT(Mode mode) {
//Round1 computes and sends [e]
byte[] sx = new byte[32];
RngManager.GetSecureRng().GetBytes(sx);
_x = new BigInteger(sx);
_e = new BigInteger(2).modPow(_x, GetDiffieHellmanPrime(_cInfo._kexAlgorithm));
SSH2DataWriter wr = new SSH2DataWriter();
wr.WritePacketType(PacketType.SSH_MSG_KEXDH_INIT);
wr.WriteBigInteger(_e);
_status = Status.WAIT_KEXDH_REPLY;
TraceTransmissionNegotiation(PacketType.SSH_MSG_KEXDH_INIT, "");
if (mode == Mode.Synchronized)
return SynchronizedTransmitRawPayload(wr.ToByteArray());
else {
TransmitRawPayload(wr.ToByteArray());
return null;
}
}
private bool ProcessKEXDHREPLY(DataFragment packet) {
//Round2 receives response
SSH2DataReader re = null;
PacketType h;
do {
re = new SSH2DataReader(packet);
h = re.ReadPacketType();
if (h == PacketType.SSH_MSG_KEXDH_REPLY)
break; //successfully exit
else if (h == PacketType.SSH_MSG_IGNORE || h == PacketType.SSH_MSG_DEBUG) { //continue
packet = _connection.ReceivePacket();
}
else
throw new SSHException(String.Format("KeyExchange response is not KEXDH_REPLY but {0}", h));
} while (true);
byte[] key_and_cert = re.ReadString();
BigInteger f = re.ReadMPInt();
byte[] signature = re.ReadString();
Debug.Assert(re.Rest == 0);
//Round3 calc hash H
SSH2DataWriter wr = new SSH2DataWriter();
_k = f.modPow(_x, GetDiffieHellmanPrime(_cInfo._kexAlgorithm));
wr = new SSH2DataWriter();
wr.WriteString(_cInfo._clientVersionString);
wr.WriteString(_cInfo._serverVersionString);
wr.WriteAsString(_clientKEXINITPayload);
wr.WriteAsString(_serverKEXINITPayload);
wr.WriteAsString(key_and_cert);
wr.WriteBigInteger(_e);
wr.WriteBigInteger(f);
wr.WriteBigInteger(_k);
_hash = new SHA1CryptoServiceProvider().ComputeHash(wr.ToByteArray());
_connection.TraceReceptionEvent(h, "verifying host key");
if (!VerifyHostKey(key_and_cert, signature, _hash))
return false;
//Debug.WriteLine("hash="+DebugUtil.DumpByteArray(hash));
if (_sessionID == null)
_sessionID = _hash;
return true;
}
private byte[] WriteToDataWriter() {
SSH2DataWriter wr = new SSH2DataWriter();
wr.WriteString(SSH2Util.PublicKeyAlgorithmName(_hostkey.Algorithm));
if (_hostkey.Algorithm == PublicKeyAlgorithm.RSA) {
RSAPublicKey rsa = (RSAPublicKey)_hostkey;
wr.WriteBigInteger(rsa.Exponent);
wr.WriteBigInteger(rsa.Modulus);
}
else if (_hostkey.Algorithm == PublicKeyAlgorithm.DSA) {
DSAPublicKey dsa = (DSAPublicKey)_hostkey;
wr.WriteBigInteger(dsa.P);
wr.WriteBigInteger(dsa.Q);
wr.WriteBigInteger(dsa.G);
wr.WriteBigInteger(dsa.Y);
}
else
throw new SSHException("Host key algorithm is unsupported");
return wr.ToByteArray();
}
