private byte[] DeriveKey(BigInteger key, byte[] hash, char ch, int length) { byte[] result = new byte[length]; SSH2DataWriter wr = new SSH2DataWriter(); wr.WriteBigInteger(key); wr.Write(hash); wr.WriteByte((byte)ch); wr.Write(_sessionID); byte[] h1 = new SHA1CryptoServiceProvider().ComputeHash(wr.ToByteArray()); if (h1.Length >= length) { Array.Copy(h1, 0, result, 0, length); return result; } else { wr = new SSH2DataWriter(); wr.WriteBigInteger(key); wr.Write(_sessionID); wr.Write(h1); byte[] h2 = new SHA1CryptoServiceProvider().ComputeHash(wr.ToByteArray()); if (h1.Length + h2.Length >= length) { Array.Copy(h1, 0, result, 0, h1.Length); Array.Copy(h2, 0, result, h1.Length, length - h1.Length); return result; } else throw new SSHException("necessary key length is too big"); //long key is not supported } }
private DataFragment SendKEXDHINIT(Mode mode) { //Round1 computes and sends [e] byte[] sx = new byte[32]; RngManager.GetSecureRng().GetBytes(sx); _x = new BigInteger(sx); _e = new BigInteger(2).modPow(_x, GetDiffieHellmanPrime(_cInfo._kexAlgorithm)); SSH2DataWriter wr = new SSH2DataWriter(); wr.WritePacketType(PacketType.SSH_MSG_KEXDH_INIT); wr.WriteBigInteger(_e); _status = Status.WAIT_KEXDH_REPLY; TraceTransmissionNegotiation(PacketType.SSH_MSG_KEXDH_INIT, ""); if (mode == Mode.Synchronized) return SynchronizedTransmitRawPayload(wr.ToByteArray()); else { TransmitRawPayload(wr.ToByteArray()); return null; } }
private bool ProcessKEXDHREPLY(DataFragment packet) { //Round2 receives response SSH2DataReader re = null; PacketType h; do { re = new SSH2DataReader(packet); h = re.ReadPacketType(); if (h == PacketType.SSH_MSG_KEXDH_REPLY) break; //successfully exit else if (h == PacketType.SSH_MSG_IGNORE || h == PacketType.SSH_MSG_DEBUG) { //continue packet = _connection.ReceivePacket(); } else throw new SSHException(String.Format("KeyExchange response is not KEXDH_REPLY but {0}", h)); } while (true); byte[] key_and_cert = re.ReadString(); BigInteger f = re.ReadMPInt(); byte[] signature = re.ReadString(); Debug.Assert(re.Rest == 0); //Round3 calc hash H SSH2DataWriter wr = new SSH2DataWriter(); _k = f.modPow(_x, GetDiffieHellmanPrime(_cInfo._kexAlgorithm)); wr = new SSH2DataWriter(); wr.WriteString(_cInfo._clientVersionString); wr.WriteString(_cInfo._serverVersionString); wr.WriteAsString(_clientKEXINITPayload); wr.WriteAsString(_serverKEXINITPayload); wr.WriteAsString(key_and_cert); wr.WriteBigInteger(_e); wr.WriteBigInteger(f); wr.WriteBigInteger(_k); _hash = new SHA1CryptoServiceProvider().ComputeHash(wr.ToByteArray()); _connection.TraceReceptionEvent(h, "verifying host key"); if (!VerifyHostKey(key_and_cert, signature, _hash)) return false; //Debug.WriteLine("hash="+DebugUtil.DumpByteArray(hash)); if (_sessionID == null) _sessionID = _hash; return true; }
private byte[] WriteToDataWriter() { SSH2DataWriter wr = new SSH2DataWriter(); wr.WriteString(SSH2Util.PublicKeyAlgorithmName(_hostkey.Algorithm)); if (_hostkey.Algorithm == PublicKeyAlgorithm.RSA) { RSAPublicKey rsa = (RSAPublicKey)_hostkey; wr.WriteBigInteger(rsa.Exponent); wr.WriteBigInteger(rsa.Modulus); } else if (_hostkey.Algorithm == PublicKeyAlgorithm.DSA) { DSAPublicKey dsa = (DSAPublicKey)_hostkey; wr.WriteBigInteger(dsa.P); wr.WriteBigInteger(dsa.Q); wr.WriteBigInteger(dsa.G); wr.WriteBigInteger(dsa.Y); } else throw new SSHException("Host key algorithm is unsupported"); return wr.ToByteArray(); }