1023 – Add support for dhgex-sha256

Bug 1023 - Add support for dhgex-sha256

Summary: Add support for dhgex-sha256

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	-current
Hardware:	All OpenBSD

Importance:	P2 enhancement
Assignee:	Damien Miller

URL:
Keywords:

Depends on:
Blocks:	V_4_4
	Show dependency tree / graph

Reported:	2005-04-21 11:22 AEST by Damien Miller
Modified:	2006-09-28 19:25 AEST (History)
CC List:	0 users

See Also:

Attachments
Patch to -current 20050421 (21.74 KB, patch) 2005-04-21 11:23 AEST, Damien Miller	no flags	Details \| Diff
Revised diff (21.65 KB, patch) 2005-05-11 13:32 AEST, Damien Miller	no flags	Details \| Diff
Patch to add dhgex-sha512 to PuTTY (14.14 KB, patch) 2005-05-11 13:33 AEST, Damien Miller	no flags	Details \| Diff
New diffie-hellman-group-exchange-sha256 exchange (19.34 KB, patch) 2005-07-17 18:33 AEST, Damien Miller	no flags	Details \| Diff
Again, with md-sha256.c (21.98 KB, patch) 2005-07-17 18:47 AEST, Damien Miller	no flags	Details \| Diff
Revised diff (21.76 KB, patch) 2005-07-23 12:33 AEST, Damien Miller	no flags	Details \| Diff
Patch against CVS 20051105 (7.85 KB, patch) 2005-11-05 14:42 AEDT, Damien Miller	no flags	Details \| Diff
Show Obsolete (6) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Damien Miller 2005-04-21 11:22:02 AEST

This is a patch to add support for diffie-hellman-group-exchange-sha512, a
variant of diffie-hellman-group-exchange-sha1 that computes the exchange hash
and the key derivation PRF with SHA512 instead of SHA1.

This removes the (largely acedemic) 160-bit bottleneck that prevented ciphers
with longer keys from being fully utilised.

Note that this patch requires a modified OpenSSL to build (set evp.h's
EVP_MAX_MD_SIZE to 64 and rebuild - NB this breaks bincompat). It could be
cajoled into working with OpenSSL CVS HEAD with some minor changes.

Comment 1 Damien Miller 2005-04-21 11:23:03 AEST

Created attachment 886 [details]
Patch to -current 20050421

Comment 2 Damien Miller 2005-05-11 13:32:25 AEST

Created attachment 906 [details]
Revised diff

Fix bad kex method name in proposal. Interop tested against patched putty.

Comment 3 Damien Miller 2005-05-11 13:33:35 AEST

Created attachment 907 [details]
Patch to add dhgex-sha512 to PuTTY

This is the patch for PuTTY that I wrote for testing.

Comment 4 Damien Miller 2005-07-17 18:31:46 AEST

Change of plan: do SHA256 instead of SHA512. Our longest-keyed cipher is 256
bits long and it not likely to get any bigger. Also, SHA512 requires 64-bit math
- this doesn't affect us, but others do care. 

Best of all, SHA256 will fit into all OpenSSL versions' EVP_MAX_MD_SIZE without
modification.

Comment 5 Damien Miller 2005-07-17 18:33:05 AEST

Created attachment 939 [details]
New diffie-hellman-group-exchange-sha256 exchange

Update to -current, go from SHA512 to SHA256

Comment 6 Damien Miller 2005-07-17 18:47:46 AEST

Created attachment 940 [details]
Again, with md-sha256.c

Doh! that was missing a critical file. Respin.

Comment 7 Damien Miller 2005-07-23 12:33:15 AEST

Created attachment 942 [details]
Revised diff

Shrink the diff a little by remembering the EVP_MD for the KEX

Comment 8 Damien Miller 2005-11-05 14:42:40 AEDT

Created attachment 1019 [details]
Patch against CVS 20051105

This patch applied against -current CVS as of 20051105. It is a fair bit small as the parts removing the hardcoded assumptions that the hash will always be SHA1 have been committed already.

This will therefore not apply against 4.2 or earlier releases.

Comment 9 Damien Miller 2006-03-12 16:01:05 AEDT

This has been committed and will be in OpenSSH 4.4

Comment 10 Darren Tucker 2006-09-28 19:25:33 AEST

With the release of 4.4, we believe that this bug is now closed.  For information about the release please see http://www.openssh.com/txt/release-4.4 .