Пример #1
0
        /// <summary>
        /// Generate an SSH key fingerprint as defined in draft-ietf-secsh-fingerprint-00.txt.
        /// </summary>
        /// <param name="key"></param>
        /// <returns>the key fingerprint, for example "c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87"
        /// </returns>
        public static System.String GenerateFingerprint(SSHPublicKey key)
        {
            Hash md5 = new Hash(new MD5CryptoServiceProvider());

            byte[] encoded = key.GetEncoded();

            md5.WriteBytes(encoded);

            byte[] digest = md5.DoFinal();

            System.Text.StringBuilder buf = new System.Text.StringBuilder();
            int ch;

            for (int i = 0; i < digest.Length; i++)
            {
                ch = digest[i];
                if (i > 0)
                {
                    buf.Append(':');
                }
                buf.Append(HEX[(SupportClass.URShift(ch, 4)) & 0x0F]);
                buf.Append(HEX[ch & 0x0F]);
            }

            return(buf.ToString());
        }
Пример #2
0
        internal void PerformKeyExchange(SSHPacket packet)
        {
            lock (kexlock)
            {
                if (localkex == null)
                {
                    SendKeyExchangeInit();
                }

                SSH2Context context = (SSH2Context)client.Context;

                currentState = TransportProtocolState.PERFORMING_KEYEXCHANGE;

                remotekex = packet.Payload;

                // Ignore the cookie
                packet.Skip(16);

                String remoteKeyExchanges = packet.ReadString();
                String remotePublicKeys   = packet.ReadString();
                String remoteCiphersCS    = packet.ReadString();
                String remoteCiphersSC    = packet.ReadString();
                String remoteHMacCS       = packet.ReadString();
                String remoteHMacSC       = packet.ReadString();


                String cipherCS = SelectNegotiatedComponent(context.SupportedCiphers.List(
                                                                context.PreferredCipherCS), remoteCiphersCS);

                String cipherSC = SelectNegotiatedComponent(context.SupportedCiphers.List(
                                                                context.PreferredCipherSC), remoteCiphersSC);

                Cipher encryption = (Cipher)context.SupportedCiphers.GetInstance(cipherCS);

                Cipher decryption = (Cipher)context.SupportedCiphers.GetInstance(cipherSC);

                String macCS = SelectNegotiatedComponent(context.SupportedMACs.List(
                                                             context.PreferredMacCS), remoteHMacCS);

                String macSC = SelectNegotiatedComponent(context.SupportedMACs.List(
                                                             context.PreferredMacSC), remoteHMacSC);

                SSH2Hmac outgoingMac = (SSH2Hmac)context.SupportedMACs.GetInstance(macCS);

                SSH2Hmac incomingMac = (SSH2Hmac)context.SupportedMACs.GetInstance(macSC);

                // Ignore compression and languages as were not interested in that atm

                // Create a Key Exchange instance
                String kex = SelectNegotiatedComponent(context.SupportedKeyExchanges.List(
                                                           context.PreferredKeyExchange), remoteKeyExchanges);

                String publickey = SelectNegotiatedComponent(context.SupportedPublicKeys.List(
                                                                 context.PreferredPublicKey), remotePublicKeys);

#if DEBUG
                // Output the local settings
                System.Diagnostics.Trace.WriteLine("Local Key exchange settings follow:");
                System.Diagnostics.Trace.WriteLine("Key exchange: " + context.SupportedKeyExchanges.List(
                                                       context.PreferredKeyExchange));
                System.Diagnostics.Trace.WriteLine("Public keys : " + context.SupportedPublicKeys.List(
                                                       context.PreferredPublicKey));
                System.Diagnostics.Trace.WriteLine("Ciphers client->server: " + context.SupportedCiphers.List(
                                                       context.PreferredCipherCS));
                System.Diagnostics.Trace.WriteLine("Ciphers server->client: " + context.SupportedCiphers.List(
                                                       context.PreferredCipherSC));
                System.Diagnostics.Trace.WriteLine("HMAC client->server: " + context.SupportedMACs.List(
                                                       context.PreferredMacCS));
                System.Diagnostics.Trace.WriteLine("HMAC server->client: " + context.SupportedMACs.List(
                                                       context.PreferredMacSC));

                // Output the remote settings
                System.Diagnostics.Trace.WriteLine("Remote Key exchange settings follow:");
                System.Diagnostics.Trace.WriteLine("Key exchange: " + remoteKeyExchanges);
                System.Diagnostics.Trace.WriteLine("Public keys : " + remotePublicKeys);
                System.Diagnostics.Trace.WriteLine("Ciphers client->server: " + remoteCiphersCS);
                System.Diagnostics.Trace.WriteLine("Ciphers server->client: " + remoteCiphersSC);
                System.Diagnostics.Trace.WriteLine("HMAC client->server: " + remoteHMacCS);
                System.Diagnostics.Trace.WriteLine("HMAC server->client: " + remoteHMacSC);

                // Output the selected settigns
                System.Diagnostics.Trace.WriteLine("Selected kex exchange: " + kex);
                System.Diagnostics.Trace.WriteLine("Selected public key: " + publickey);
                System.Diagnostics.Trace.WriteLine("Selected cipher client->server: " + cipherCS);
                System.Diagnostics.Trace.WriteLine("Selected cipher server->client: " + cipherSC);
                System.Diagnostics.Trace.WriteLine("Selected HMAC client->server: " + macCS);
                System.Diagnostics.Trace.WriteLine("Selected HMAC server->client: " + macSC);
#endif
                keyexchange = (SSH2KeyExchange)context.SupportedKeyExchanges.GetInstance(kex);

                keyexchange.Init(this);

                // Perform the key exchange
                keyexchange.PerformClientExchange(client.LocalIdentification,
                                                  client.RemoteIdentification,
                                                  localkex,
                                                  remotekex);

                SSHPublicKey hostkey = (SSHPublicKey)context.SupportedPublicKeys.GetInstance(publickey);

                hostkey.Init(keyexchange.HostKey, 0, keyexchange.HostKey.Length);

                if (context.KnownHosts != null)
                {
                    if (!context.KnownHosts.VerifyHost(transport.Hostname, hostkey))
                    {
                        Disconnect("Host key not accepted", DisconnectionReason.HOST_KEY_NOT_VERIFIABLE);
                        throw new SSHException("The host key was not accepted",
                                               SSHException.CANCELLED_CONNECTION);
                    }
                }

                if (!hostkey.VerifySignature(keyexchange.Signature,
                                             keyexchange.ExchangeHash))
                {
                    Disconnect("The host key signature is invalid",
                               DisconnectionReason.HOST_KEY_NOT_VERIFIABLE);
                    throw new SSHException("The host key signature is invalid",
                                           SSHException.PROTOCOL_VIOLATION);
                }

                if (sessionIdentifier == null)
                {
                    sessionIdentifier = keyexchange.ExchangeHash;
                }

                packet = GetSSHPacket(true);
                packet.WriteByte(SSH_MSG_NEWKEYS);
#if DEBUG
                System.Diagnostics.Trace.WriteLine("Sending SSH_MSG_NEWKEYS");
#endif
                SendMessage(packet);


                encryption.Init(Cipher.ENCRYPT_MODE,
                                MakeSSHKey('A'),
                                MakeSSHKey('C'));

                outgoingCipherLength = encryption.BlockSize;

                outgoingMac.Init(MakeSSHKey('E'));
                outgoingMacLength = outgoingMac.MacLength;

                this.encryption  = encryption;
                this.outgoingMac = outgoingMac;

                do
                {
                    packet = ReadMessage();

                    // Process the transport protocol message, must only be
                    // SSH_MSH_INGORE, SSH_MSG_DEBUG, SSH_MSG_DISCONNECT or SSH_MSG_NEWKEYS
                    if (!ProcessMessage(packet))
                    {
                        Disconnect("Invalid message received during key exchange",
                                   DisconnectionReason.PROTOCOL_ERROR);
                        throw new SSHException(
                                  "Invalid message received during key exchange",
                                  SSHException.PROTOCOL_VIOLATION);
                    }
                }while(packet.MessageID != SSH_MSG_NEWKEYS);

                // Put the incoming components into use
                decryption.Init(Cipher.DECRYPT_MODE,
                                MakeSSHKey('B'),
                                MakeSSHKey('D'));
                incomingCipherLength = decryption.BlockSize;

                incomingMac.Init(MakeSSHKey('F'));
                incomingMacLength = incomingMac.MacLength;

                this.decryption  = decryption;
                this.incomingMac = incomingMac;
                //this.incomingCompression = incomingCompression;

                currentState = TransportProtocolState.CONNECTED;

                FireStateChange(TransportProtocolState.CONNECTED);

                lock (kexqueue)
                {
#if DEBUG
                    System.Diagnostics.Trace.WriteLine("Sending queued messages");
#endif
                    for (System.Collections.IEnumerator e = kexqueue.GetEnumerator(); e.MoveNext();)
                    {
                        SendMessage((SSHPacket)e.Current);
                    }

                    kexqueue.Clear();
                }

                // Clean up and reset any parameters
                localkex  = null;
                remotekex = null;
            }
        }
Пример #3
0
 internal SSHKeyPair(SSHPublicKey publickey, SSHPrivateKey privatekey)
 {
     this.publickey  = publickey;
     this.privatekey = privatekey;
 }