-
Notifications
You must be signed in to change notification settings - Fork 532
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix DH kex on Windows 10 1903 #397
Conversation
Looks promising, working on my side. use: (Thats the microsoft suggested way of checking versions) |
@JanFellner see wez@3dcd743 and 7fe4a7a |
This build failed because it it can't find |
I'm not sure that that header is even used in the latest version of this PR; can you try taking it out and building that? I don't have the right machine handy right now; it's been months since I looked at this |
Since Windows 1903 the approach used to perform DH kex with the CNG API has been failing. This commit switches to using the `DH` algorithm provider to perform generation of the key pair and derivation of the shared secret. It uses a feature of CNG that is not yet documented. The sources of information that I've found on this are: * https://stackoverflow.com/a/56378698/149111 * https://github.com/wbenny/mini-tor/blob/5d39011e632be8e2b6b1819ee7295e8bd9b7a769/mini/crypto/cng/dh.inl#L355 With this change I am able to successfully connect from Windows 10 to my ubuntu system. Fixes: libssh2#388 Refs: alexcrichton/ssh2-rs#122
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR. Since I am the original author of the WinCNG backend, I have some questions.
This fixed the issue we were seeing in #456, but I had to add ntdll to CMakeLists to get it to build for me properly on Windows Server 2012 and Visual Studio 2017. I'm not familiar with cmake, but I just added: |
Is there anything else needed to have this PR put in? I can add those lines to the CMakeLists if needed. |
@mback2k are you OK to sign off on these changes? |
I haven't tested this myself yet. I am still uncertain about including an unpublished/undocumented API call in libssh2 before it is published/documented. I still don't understand why the existing approach fails with recent Windows versions. My plan is to come back to libssh2 development once my current work on curl is done, but if you need to go ahead with this now, I guess you are free to do so. One last thing though: is checking for Windows 10 sufficient here? I think the new approach is only needed on Windows 1903 or later? |
Thanks @jonathanturcotte , your diff saved me. Seems to me that it should be integrated in this PR. |
Is there any way this can go in soon? |
I will take a look into this the next 2 days. Sorry for the delay. Edit: still looking into this and a good solution to automatically try the new and fallback to the old if the new one is unavailable. Will continue working on this during the next days and hope to have something ready soon. |
Quick update: I have got a slightly modified version working in my test environment without the version check due to the manifest requirement. I plan to have this merge ready in the upcoming week. Thanks for your patience. |
Quick update: my reworked approach regarding automatic fallback from |
Since Windows 1903 the approach used to perform DH kex with the CNG API has been failing. This commit switches to using the `DH` algorithm provider to perform generation of the key pair and derivation of the shared secret. It uses a feature of CNG that is not yet documented. The sources of information that I've found on this are: * https://stackoverflow.com/a/56378698/149111 * https://github.com/wbenny/mini-tor/blob/5d39011e632be8e2b6b1819ee7295e8bd9b7a769/mini/crypto/cng/dh.inl#L355 With this change I am able to successfully connect from Windows 10 to my ubuntu system. Refs: alexcrichton/ssh2-rs#122 Fixes: libssh2#388 Closes: libssh2#397
Avoid the use of RtlGetVersion or similar Win32 functions, since these depend on version information from manifests. This commit makes the WinCNG backend first try to use the new DH algorithm API with the raw secret derivation feature. In case this feature is not available the WinCNG backend will fallback to the classic approach of using RSA-encrypt to perform the required modular exponentiation of BigNums. The feature availability test is done during the first handshake and the result is stored in the crypto backends global state. Follow up to libssh2#397 Closes libssh2#484
@wez @JanFellner @willco007 @jonathanturcotte @brandl-muc I am so sorry that it took me so long to look into this. But I now finally have integrated the work of @wez and adapted it to a feature-testing-based fallback-approach with PR #484 that does not rely on version checking (which still did not work for me with this original PR due to the requirement of manifests). Therefore I would like to ask you to take a look at the new PR, test it on as much Windows versions you have available and give me some quick Go or No-Go feedback. Thanks in advance! I hope that we can merge this very soon and also do a release shortly after. cc @bagder |
Awesome, things are a bit hectic right now, but I'll try and give this a try in the next little while if I can! |
Since Windows 1903 the approach used to perform DH kex with the CNG API has been failing. This commit switches to using the `DH` algorithm provider to perform generation of the key pair and derivation of the shared secret. It uses a feature of CNG that is not yet documented. The sources of information that I've found on this are: * https://stackoverflow.com/a/56378698/149111 * https://github.com/wbenny/mini-tor/blob/5d39011e632be8e2b6b1819ee7295e8bd9b7a769/mini/crypto/cng/dh.inl#L355 With this change I am able to successfully connect from Windows 10 to my ubuntu system. Refs: alexcrichton/ssh2-rs#122 Fixes: libssh2#388 Closes: libssh2#397
Avoid the use of RtlGetVersion or similar Win32 functions, since these depend on version information from manifests. This commit makes the WinCNG backend first try to use the new DH algorithm API with the raw secret derivation feature. In case this feature is not available the WinCNG backend will fallback to the classic approach of using RSA-encrypt to perform the required modular exponentiation of BigNums. The feature availability test is done during the first handshake and the result is stored in the crypto backends global state. Follow up to libssh2#397 Closes libssh2#484
Avoid the use of RtlGetVersion or similar Win32 functions, since these depend on version information from manifests. This commit makes the WinCNG backend first try to use the new DH algorithm API with the raw secret derivation feature. In case this feature is not available the WinCNG backend will fallback to the classic approach of using RSA-encrypt to perform the required modular exponentiation of BigNums. The feature availability test is done during the first handshake and the result is stored in the crypto backends global state. Follow up to #397 Closes #484
Sorry for the delay, I was quite busy the last week. I just merged this into master and plan to do some follow ups via separate PRs. @wez thanks a lot for the contribution! |
Since Windows 1903 the approach used to perform DH kex with the CNG API has been failing. This commit switches to using the `DH` algorithm provider to perform generation of the key pair and derivation of the shared secret. It uses a feature of CNG that is not yet documented. The sources of information that I've found on this are: * https://stackoverflow.com/a/56378698/149111 * https://github.com/wbenny/mini-tor/blob/5d39011e632be8e2b6b1819ee7295e8bd9b7a769/mini/crypto/cng/dh.inl#L355 With this change I am able to successfully connect from Windows 10 to my ubuntu system. Refs: alexcrichton/ssh2-rs#122 Fixes: libssh2#388 Closes: libssh2#397
Avoid the use of RtlGetVersion or similar Win32 functions, since these depend on version information from manifests. This commit makes the WinCNG backend first try to use the new DH algorithm API with the raw secret derivation feature. In case this feature is not available the WinCNG backend will fallback to the classic approach of using RSA-encrypt to perform the required modular exponentiation of BigNums. The feature availability test is done during the first handshake and the result is stored in the crypto backends global state. Follow up to libssh2#397 Closes libssh2#484
Since Windows 1903 the approach used to perform DH kex with the CNG
API has been failing.
This commit switches to using the
DH
algorithm provider to performgeneration of the key pair and derivation of the shared secret.
It uses a feature of CNG that is not yet documented. The sources of
information that I've found on this are:
With this change I am able to successfully connect from Windows 10 to my
ubuntu system.
Fixes: #388
Refs: alexcrichton/ssh2-rs#122