1
0
mirror of https://github.com/danog/tgseclib.git synced 2024-11-30 04:39:02 +01:00

SSH2: fix E_NOTICE for diffie-hellman key exchange

This commit is contained in:
terrafrost 2019-10-09 23:59:32 -05:00
parent 7cbeb7df48
commit f36b4686c9

View File

@ -1485,7 +1485,30 @@ class SSH2
throw new NoSupportedAlgorithmsException('No compatible key exchange algorithms found'); throw new NoSupportedAlgorithmsException('No compatible key exchange algorithms found');
} }
switch ($this->kex_algorithm) {
case 'diffie-hellman-group15-sha512':
case 'diffie-hellman-group16-sha512':
case 'diffie-hellman-group17-sha512':
case 'diffie-hellman-group18-sha512':
case 'ecdh-sha2-nistp521':
$kexHash = new Hash('sha512');
break;
case 'ecdh-sha2-nistp384':
$kexHash = new Hash('sha384');
break;
case 'diffie-hellman-group-exchange-sha256':
case 'diffie-hellman-group14-sha256':
case 'ecdh-sha2-nistp256':
case 'curve25519-sha256@libssh.org':
case 'curve25519-sha256':
$kexHash = new Hash('sha256');
break;
default:
$kexHash = new Hash('sha1');
}
// Only relevant in diffie-hellman-group-exchange-sha{1,256}, otherwise empty. // Only relevant in diffie-hellman-group-exchange-sha{1,256}, otherwise empty.
$exchange_hash_rfc4419 = ''; $exchange_hash_rfc4419 = '';
if (strpos($this->kex_algorithm, 'curve25519-sha256') === 0 || strpos($this->kex_algorithm, 'ecdh-sha2-nistp') === 0) { if (strpos($this->kex_algorithm, 'curve25519-sha256') === 0 || strpos($this->kex_algorithm, 'ecdh-sha2-nistp') === 0) {
@ -1539,33 +1562,13 @@ class SSH2
$serverKexReplyMessage = NET_SSH2_MSG_KEXDH_REPLY; $serverKexReplyMessage = NET_SSH2_MSG_KEXDH_REPLY;
} }
$keyLength = min($kexHash->getLengthInBytes(), max($encryptKeyLength, $decryptKeyLength));
$ourPrivate = DH::createKey($params, 16 * $keyLength); // 2 * 8 * $keyLength $ourPrivate = DH::createKey($params, 16 * $keyLength); // 2 * 8 * $keyLength
$ourPublic = $ourPrivate->getPublicKey()->toBigInteger(); $ourPublic = $ourPrivate->getPublicKey()->toBigInteger();
$ourPublicBytes = $ourPublic->toBytes(true); $ourPublicBytes = $ourPublic->toBytes(true);
} }
switch ($this->kex_algorithm) {
case 'diffie-hellman-group15-sha512':
case 'diffie-hellman-group16-sha512':
case 'diffie-hellman-group17-sha512':
case 'diffie-hellman-group18-sha512':
case 'ecdh-sha2-nistp521':
$kexHash = new Hash('sha512');
break;
case 'ecdh-sha2-nistp384':
$kexHash = new Hash('sha384');
break;
case 'diffie-hellman-group-exchange-sha256':
case 'diffie-hellman-group14-sha256':
case 'ecdh-sha2-nistp256':
case 'curve25519-sha256@libssh.org':
case 'curve25519-sha256':
$kexHash = new Hash('sha256');
break;
default:
$kexHash = new Hash('sha1');
}
$data = pack('CNa*', $clientKexInitMessage, strlen($ourPublicBytes), $ourPublicBytes); $data = pack('CNa*', $clientKexInitMessage, strlen($ourPublicBytes), $ourPublicBytes);
$this->send_binary_packet($data); $this->send_binary_packet($data);