Patches to support sha256 based hmac and kexgex

paramiko/kex_gex.py

@@ -23,7 +23,7 @@
 """
 
 import os
-from hashlib import sha1
+from hashlib import sha1, sha256
 
 from paramiko import util
 from paramiko.common import DEBUG
@@ -44,6 +44,7 @@ class KexGex (object):
     min_bits = 1024
     max_bits = 8192
     preferred_bits = 2048
+    hash_algo = sha1
 
     def __init__(self, transport):
         self.transport = transport
@@ -87,7 +88,7 @@ def parse_next(self, ptype, m):
             return self._parse_kexdh_gex_reply(m)
         elif ptype == _MSG_KEXDH_GEX_REQUEST_OLD:
             return self._parse_kexdh_gex_request_old(m)
-        raise SSHException('KexGex asked to handle packet type %d' % ptype)
+        raise SSHException('KexGex %s asked to handle packet type %d' % (self.name, ptype))
 
     ###  internals...
 
@@ -204,7 +205,7 @@ def _parse_kexdh_gex_init(self, m):
         hm.add_mpint(self.e)
         hm.add_mpint(self.f)
         hm.add_mpint(K)
-        H = sha1(hm.asbytes()).digest()
+        H = self.hash_algo(hm.asbytes()).digest()
         self.transport._set_K_H(K, H)
         # sign it
         sig = self.transport.get_server_key().sign_ssh_data(H)
@@ -239,6 +240,10 @@ def _parse_kexdh_gex_reply(self, m):
         hm.add_mpint(self.e)
         hm.add_mpint(self.f)
         hm.add_mpint(K)
-        self.transport._set_K_H(K, sha1(hm.asbytes()).digest())
+        self.transport._set_K_H(K, self.hash_algo(hm.asbytes()).digest())
         self.transport._verify_key(host_key, sig)
         self.transport._activate_outbound()
+
+class KexGexSHA256(KexGex):
+    name = 'diffie-hellman-group-exchange-sha256'
+    hash_algo = sha256

paramiko/transport.py

@@ -26,7 +26,7 @@
 import threading
 import time
 import weakref
-from hashlib import md5, sha1
+from hashlib import md5, sha1, sha256
 
 import paramiko
 from paramiko import util
@@ -47,7 +47,7 @@
     DEFAULT_WINDOW_SIZE, DEFAULT_MAX_PACKET_SIZE
 from paramiko.compress import ZlibCompressor, ZlibDecompressor
 from paramiko.dsskey import DSSKey
-from paramiko.kex_gex import KexGex
+from paramiko.kex_gex import KexGex, KexGexSHA256
 from paramiko.kex_group1 import KexGroup1
 from paramiko.kex_group14 import KexGroup14
 from paramiko.kex_gss import KexGSSGex, KexGSSGroup1, KexGSSGroup14, NullHostKey
@@ -96,9 +96,13 @@ class Transport (threading.Thread, ClosingContextManager):
 
     _preferred_ciphers = ('aes128-ctr', 'aes256-ctr', 'aes128-cbc', 'blowfish-cbc',
                           'aes256-cbc', '3des-cbc', 'arcfour128', 'arcfour256')
-    _preferred_macs = ('hmac-sha1', 'hmac-md5', 'hmac-sha1-96', 'hmac-md5-96')
+    _preferred_macs = ('hmac-sha1', 'hmac-md5', 'hmac-sha1-96', 'hmac-md5-96',
+                       'hmac-sha2-256')
     _preferred_keys = ('ssh-rsa', 'ssh-dss', 'ecdsa-sha2-nistp256')
-    _preferred_kex =  ( 'diffie-hellman-group14-sha1', 'diffie-hellman-group-exchange-sha1' , 'diffie-hellman-group1-sha1')
+    _preferred_kex =  ('diffie-hellman-group-exchange-sha256',
+                       'diffie-hellman-group14-sha1', 
+                       'diffie-hellman-group-exchange-sha1' , 
+                       'diffie-hellman-group1-sha1')
     _preferred_compression = ('none',)
 
     _cipher_info = {
@@ -115,6 +119,7 @@ class Transport (threading.Thread, ClosingContextManager):
     _mac_info = {
         'hmac-sha1': {'class': sha1, 'size': 20},
         'hmac-sha1-96': {'class': sha1, 'size': 12},
+        'hmac-sha2-256': {'class': sha256, 'size': 32},
         'hmac-md5': {'class': md5, 'size': 16},
         'hmac-md5-96': {'class': md5, 'size': 12},
     }
@@ -129,6 +134,7 @@ class Transport (threading.Thread, ClosingContextManager):
         'diffie-hellman-group1-sha1': KexGroup1,
         'diffie-hellman-group14-sha1': KexGroup14,
         'diffie-hellman-group-exchange-sha1': KexGex,
+        'diffie-hellman-group-exchange-sha256': KexGexSHA256,
         'gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==': KexGSSGroup1,
         'gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==': KexGSSGroup14,
         'gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==': KexGSSGex
@@ -1495,13 +1501,14 @@ def _compute_key(self, id, nbytes):
         m.add_bytes(self.H)
         m.add_byte(b(id))
         m.add_bytes(self.session_id)
-        out = sofar = sha1(m.asbytes()).digest()
+        hash_algo = self._mac_info[self.local_mac]['class'] if self.local_mac else sha1
+        out = sofar = hash_algo(m.asbytes()).digest()
         while len(out) < nbytes:
             m = Message()
             m.add_mpint(self.K)
             m.add_bytes(self.H)
             m.add_bytes(sofar)
-            digest = sha1(m.asbytes()).digest()
+            digest = hash_algo(m.asbytes()).digest()
             out += digest
             sofar += digest
         return out[:nbytes]
@@ -1742,10 +1749,12 @@ def _send_kex_init(self):
             self.clear_to_send_lock.release()
         self.in_kex = True
         if self.server_mode:
-            if (self._modulus_pack is None) and ('diffie-hellman-group-exchange-sha1' in self._preferred_kex):
+            mp_required_prefix = 'diffie-hellman-group-exchange-sha'
+            kex_mp = [k for k in self._preferred_kex if k.startswith(mp_required_prefix)]
+            if (self._modulus_pack is None) and (len(kex_mp) > 0):
                 # can't do group-exchange if we don't have a pack of potential primes
-                pkex = list(self.get_security_options().kex)
-                pkex.remove('diffie-hellman-group-exchange-sha1')
+                pkex = [k for k in self.get_security_options().kex 
+                                if not k.startswith(mp_required_prefix)]
                 self.get_security_options().kex = pkex
             available_server_keys = list(filter(list(self.server_key_dict.keys()).__contains__,
                                                 self._preferred_keys))

tests/test_kex.py

@@ -26,7 +26,7 @@
 
 import paramiko.util
 from paramiko.kex_group1 import KexGroup1
-from paramiko.kex_gex import KexGex
+from paramiko.kex_gex import KexGex, KexGexSHA256
 from paramiko import Message
 from paramiko.common import byte_chr
 
@@ -252,3 +252,120 @@ def test_6_gex_server_with_old_client(self):
         self.assertEqual(H, hexlify(transport._H).upper())
         self.assertEqual(x, hexlify(transport._message.asbytes()).upper())
         self.assertTrue(transport._activated)
+
+    def test_7_gex_sha256_client(self):
+        transport = FakeTransport()
+        transport.server_mode = False
+        kex = KexGexSHA256(transport)
+        kex.start_kex()
+        x = b'22000004000000080000002000'
+        self.assertEqual(x, hexlify(transport._message.asbytes()).upper())
+        self.assertEqual((paramiko.kex_gex._MSG_KEXDH_GEX_GROUP,), transport._expect)
+
+        msg = Message()
+        msg.add_mpint(FakeModulusPack.P)
+        msg.add_mpint(FakeModulusPack.G)
+        msg.rewind()
+        kex.parse_next(paramiko.kex_gex._MSG_KEXDH_GEX_GROUP, msg)
+        x = b'20000000807E2DDB1743F3487D6545F04F1C8476092FB912B013626AB5BCEB764257D88BBA64243B9F348DF7B41B8C814A995E00299913503456983FFB9178D3CD79EB6D55522418A8ABF65375872E55938AB99A84A0B5FC8A1ECC66A7C3766E7E0F80B7CE2C9225FC2DD683F4764244B72963BBB383F529DCF0C5D17740B8A2ADBE9208D4'
+        self.assertEqual(x, hexlify(transport._message.asbytes()).upper())
+        self.assertEqual((paramiko.kex_gex._MSG_KEXDH_GEX_REPLY,), transport._expect)
+
+        msg = Message()
+        msg.add_string('fake-host-key')
+        msg.add_mpint(69)
+        msg.add_string('fake-sig')
+        msg.rewind()
+        kex.parse_next(paramiko.kex_gex._MSG_KEXDH_GEX_REPLY, msg)
+        H = b'AD1A9365A67B4496F05594AD1BF656E3CDA0851289A4C1AFF549FEAE50896DF4'
+        self.assertEqual(self.K, transport._K)
+        self.assertEqual(H, hexlify(transport._H).upper())
+        self.assertEqual((b'fake-host-key', b'fake-sig'), transport._verify)
+        self.assertTrue(transport._activated)
+
+    def test_8_gex_sha256_old_client(self):
+        transport = FakeTransport()
+        transport.server_mode = False
+        kex = KexGexSHA256(transport)
+        kex.start_kex(_test_old_style=True)
+        x = b'1E00000800'
+        self.assertEqual(x, hexlify(transport._message.asbytes()).upper())
+        self.assertEqual((paramiko.kex_gex._MSG_KEXDH_GEX_GROUP,), transport._expect)
+
+        msg = Message()
+        msg.add_mpint(FakeModulusPack.P)
+        msg.add_mpint(FakeModulusPack.G)
+        msg.rewind()
+        kex.parse_next(paramiko.kex_gex._MSG_KEXDH_GEX_GROUP, msg)
+        x = b'20000000807E2DDB1743F3487D6545F04F1C8476092FB912B013626AB5BCEB764257D88BBA64243B9F348DF7B41B8C814A995E00299913503456983FFB9178D3CD79EB6D55522418A8ABF65375872E55938AB99A84A0B5FC8A1ECC66A7C3766E7E0F80B7CE2C9225FC2DD683F4764244B72963BBB383F529DCF0C5D17740B8A2ADBE9208D4'
+        self.assertEqual(x, hexlify(transport._message.asbytes()).upper())
+        self.assertEqual((paramiko.kex_gex._MSG_KEXDH_GEX_REPLY,), transport._expect)
+
+        msg = Message()
+        msg.add_string('fake-host-key')
+        msg.add_mpint(69)
+        msg.add_string('fake-sig')
+        msg.rewind()
+        kex.parse_next(paramiko.kex_gex._MSG_KEXDH_GEX_REPLY, msg)
+        H = b'518386608B15891AE5237DEE08DCADDE76A0BCEFCE7F6DB3AD66BC41D256DFE5'
+        self.assertEqual(self.K, transport._K)
+        self.assertEqual(H, hexlify(transport._H).upper())
+        self.assertEqual((b'fake-host-key', b'fake-sig'), transport._verify)
+        self.assertTrue(transport._activated)
+
+    def test_9_gex_sha256_server(self):
+        transport = FakeTransport()
+        transport.server_mode = True
+        kex = KexGexSHA256(transport)
+        kex.start_kex()
+        self.assertEqual((paramiko.kex_gex._MSG_KEXDH_GEX_REQUEST, paramiko.kex_gex._MSG_KEXDH_GEX_REQUEST_OLD), transport._expect)
+
+        msg = Message()
+        msg.add_int(1024)
+        msg.add_int(2048)
+        msg.add_int(4096)
+        msg.rewind()
+        kex.parse_next(paramiko.kex_gex._MSG_KEXDH_GEX_REQUEST, msg)
+        x = b'1F0000008100FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF0000000102'
+        self.assertEqual(x, hexlify(transport._message.asbytes()).upper())
+        self.assertEqual((paramiko.kex_gex._MSG_KEXDH_GEX_INIT,), transport._expect)
+
+        msg = Message()
+        msg.add_mpint(12345)
+        msg.rewind()
+        kex.parse_next(paramiko.kex_gex._MSG_KEXDH_GEX_INIT, msg)
+        K = 67592995013596137876033460028393339951879041140378510871612128162185209509220726296697886624612526735888348020498716482757677848959420073720160491114319163078862905400020959196386947926388406687288901564192071077389283980347784184487280885335302632305026248574716290537036069329724382811853044654824945750581
+        H = b'CCAC0497CF0ABA1DBF55E1A3995D17F4CC31824B0E8D95CDF8A06F169D050D80'
+        x = b'210000000866616B652D6B6579000000807E2DDB1743F3487D6545F04F1C8476092FB912B013626AB5BCEB764257D88BBA64243B9F348DF7B41B8C814A995E00299913503456983FFB9178D3CD79EB6D55522418A8ABF65375872E55938AB99A84A0B5FC8A1ECC66A7C3766E7E0F80B7CE2C9225FC2DD683F4764244B72963BBB383F529DCF0C5D17740B8A2ADBE9208D40000000866616B652D736967'
+        self.assertEqual(K, transport._K)
+        self.assertEqual(H, hexlify(transport._H).upper())
+        self.assertEqual(x, hexlify(transport._message.asbytes()).upper())
+        self.assertTrue(transport._activated)
+
+    def test_10_gex_sha256_server_with_old_client(self):
+        transport = FakeTransport()
+        transport.server_mode = True
+        kex = KexGexSHA256(transport)
+        kex.start_kex()
+        self.assertEqual((paramiko.kex_gex._MSG_KEXDH_GEX_REQUEST, paramiko.kex_gex._MSG_KEXDH_GEX_REQUEST_OLD), transport._expect)
+
+        msg = Message()
+        msg.add_int(2048)
+        msg.rewind()
+        kex.parse_next(paramiko.kex_gex._MSG_KEXDH_GEX_REQUEST_OLD, msg)
+        x = b'1F0000008100FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF0000000102'
+        self.assertEqual(x, hexlify(transport._message.asbytes()).upper())
+        self.assertEqual((paramiko.kex_gex._MSG_KEXDH_GEX_INIT,), transport._expect)
+
+        msg = Message()
+        msg.add_mpint(12345)
+        msg.rewind()
+        kex.parse_next(paramiko.kex_gex._MSG_KEXDH_GEX_INIT, msg)
+        K = 67592995013596137876033460028393339951879041140378510871612128162185209509220726296697886624612526735888348020498716482757677848959420073720160491114319163078862905400020959196386947926388406687288901564192071077389283980347784184487280885335302632305026248574716290537036069329724382811853044654824945750581
+        H = b'3DDD2AD840AD095E397BA4D0573972DC60F6461FD38A187CACA6615A5BC8ADBB'
+        x = b'210000000866616B652D6B6579000000807E2DDB1743F3487D6545F04F1C8476092FB912B013626AB5BCEB764257D88BBA64243B9F348DF7B41B8C814A995E00299913503456983FFB9178D3CD79EB6D55522418A8ABF65375872E55938AB99A84A0B5FC8A1ECC66A7C3766E7E0F80B7CE2C9225FC2DD683F4764244B72963BBB383F529DCF0C5D17740B8A2ADBE9208D40000000866616B652D736967'
+        self.assertEqual(K, transport._K)
+        self.assertEqual(H, hexlify(transport._H).upper())
+        self.assertEqual(x, hexlify(transport._message.asbytes()).upper())
+        self.assertTrue(transport._activated)
+

tests/test_transport.py

@@ -28,6 +28,7 @@
 import time
 import threading
 import random
+from hashlib import sha1
 import unittest
 
 from paramiko import Transport, SecurityOptions, ServerInterface, RSAKey, DSSKey, \
@@ -447,9 +448,11 @@ def force_compression(o):
         bytes = self.tc.packetizer._Packetizer__sent_bytes
         chan.send('x' * 1024)
         bytes2 = self.tc.packetizer._Packetizer__sent_bytes
+        block_size = self.tc._cipher_info[self.tc.local_cipher]['block-size']
+        mac_size = self.tc._mac_info[self.tc.local_mac]['size']
         # tests show this is actually compressed to *52 bytes*!  including packet overhead!  nice!! :)
         self.assertTrue(bytes2 - bytes < 1024)
-        self.assertEqual(52, bytes2 - bytes)
+        self.assertEqual(16 + block_size + mac_size, bytes2 - bytes)
 
         chan.close()
         schan.close()