Elliptic Curves #496
Elliptic Curves #496
Conversation
darinkes
force-pushed
the
elliptic
branch
2 times, most recently
from
95662d7
to
91ccbbb
Compare
|
@darinkes Is this the minimal set of sources we need to "import"? |
|
It is all in the src/Renci.SshNet/Security/BouncyCastle folder. See: If this is the approach taken, please change the namespace to avoid collisions with the BouncyCastle assemblies or make it all internal - provided that is possible. |
|
@drieseng Edit: |
Okay, was wrong here twice :)
Done! All now in an internal namespace, nothing gets exposed. Whats the best/easiest way to enable the Build for all the other projects? |
darinkes
force-pushed
the
elliptic
branch
6 times, most recently
from
fcd5540
to
9b76b84
Compare
|
Ok, the last Build Fails are not my fault :) This Test seems to flipper: |
darinkes
force-pushed
the
elliptic
branch
4 times, most recently
from
cb2a922
to
6fecae9
Compare
|
Spend some time on cleaning up all the commits and (hopefully) split them in reasonable/reviewable parts. |
darinkes
force-pushed
the
elliptic
branch
2 times, most recently
from
3d969da
to
7a13b54
Compare
Got rid most of the stuff in the asn.1 folder with some minor adjustments in the sources. Over 10k Lines less than before. |
|
Please also add a THIRD-PARTY-NOTICES.TXT to the repo, and include the BouncyCastle and Chaos.NaCl licenses. You can find inspiration here. |
src/Renci.SshNet/Security/BouncyCastle/src/asn1/sec/SECNamedCurves.cs
Outdated
Show resolved
Hide resolved
| @@ -92,7 +92,7 @@ public BigInteger[] Keys | |||
| for (var i = 0; i < _keys.Count; i++) | |||
| { | |||
| var key = _keys[i]; | |||
| keys[i] = key.ToBigInteger(); | |||
| keys[i] = BigInteger.SshFormatBignum2(key); | |||
There was a problem hiding this comment.
Care to explain why this is necessary? Would this break other algorithms?
There was a problem hiding this comment.
If a Key comes with a leading "FF", the current ToBigInteger() would drop this "FF" and we have invalid data. That gets prevented by appending an "00" before the "FF".
Made a lot of testruns with DSA and RSA and had no Problems.
There was a problem hiding this comment.
Can you add a test that covers this?
Haven't had time to check if this is trivial.
There was a problem hiding this comment.
Basically it's this: https://github.com/openssh/openssh-portable/blob/master/sshbuf-getput-crypto.c#L147
For what its worth, the BCrypt that I added came from here: https://bitbucket.org/vadim/bcrypt.net/src/9016bf211b5bc7406e01f2f99fe5b868b1e35238/BCrypt.Net/BCrypt.cs?at=default&fileviewer=file-view-default, with a few additions for the kdf stuff. Not sure if that needs to go in the 3rd party file mentioned, but wanted to point it out |
darinkes
force-pushed
the
elliptic
branch
2 times, most recently
from
9d07604
to
b367b1b
Compare
|
Merged the Linux Support to "Add Support for ECDSA Host- and Private-Keys", since this makes automatic real life testing much much easier. |
|
Hi Guys, |
|
@drieseng How can we get this out the door? Any help needed with the review? Seems there is a need for this by a few people. I know 30k line diff is a little overwhelming. 🤔 |
|
@MikeBairdRocks tests and comments are always welcome and I'm sure they help to get this in. |
|
Is there any way I could get a version of SSH.NET with KEX ecdh-sha2-nistp256 from this PR, enabled? I would be more than happy to test, comment, what-have-you. Just point me in the correct direction. |
|
Another month further, any more feedback on the planning to release this feature @drieseng and what is required for this? |
|
Is there any update on this PR? |
|
🎉🎁🎂 |
|
I have been working through the code to update crypto to be FIPS compliant. I added diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, and diffie-hellman-group18-sha512. I wrote ecdh-sha2-nistp256 as research for my grad crypto class, so I implemented it without using any Microsoft or 3rd party libraries. I chose that option because using .NET crypto required adding too much overly complicated code for it to be usable for public and shared key creation, as well as generating signatures for kex. 3rd party libraries have so much overhead that I would rather implement my own functionality. I am also removing antiquated code to stay up with RFC standards (i.e. anything from SSHv1) |
|
Beginning to think if someone in the community with Crypto knowledge would fork it. It has been way to long without an update.
… On Jan 10, 2020, at 7:46 PM, lifeincha0s ***@***.***> wrote:
I have been working through the code to update crypto to be FIPS compliant. I added diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, and diffie-hellman-group18-sha512. I wrote ecdh-sha2-nistp256 as research for my grad crypto class, so I implemented it without using any Microsoft or 3rd party libraries. I chose that option because using .NET crypto required quite a bit of overly complicated code for it to be usable for key generation, shared key creation
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub <#496?email_source=notifications&email_token=AAD7IHVFZUATYNNSKBQALS3Q5ECGNA5CNFSM4GHWHX32YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIVRMLA#issuecomment-573249068>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAD7IHT2PSUKPHIGER3ZM7DQ5ECGNANCNFSM4GHWHX3Q>.
|
|
I'm reviewing this PR right now. |
|
@darinkes Can you, for all of the third party sources you added, indicate where you obtained the sources from (source distribution, git(hub), ...), and what exact version of these sources? Thanks for this great contribution! |
…nd private key formats.
|
when will the new version be available for upgrade on NugetPackage manager? |
|
I've lost my VMs for building SSH.NET on all supported target frameworks. |
|
Thank you! |
|
Latest approach to implement Elliptic Curves Support in SSH.NET.
Performance-Comparison Key-Exchange:
Time taken: 2365,9079msTime taken: 1169,3554msTime taken: 1053,3225ms