Skip to content

Commit

Permalink
Revert "Revert "Revert "Prioritizing of encryption algorithms (might …
Browse files Browse the repository at this point in the history 
…be SECURITY HOLE)"""

This reverts commit 46ce8a7.
  • Loading branch information
smazov committed Jul 25, 2019
1 parent 358ae9f commit c649034
Show file tree
Hide file tree
Showing 10 changed files with 60 additions and 179 deletions.
8 changes: 1 addition & 7 deletions src/Renci.SshNet.NET35/Renci.SshNet.NET35.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -569,9 +569,6 @@
<Compile Include="..\Renci.SshNet\PasswordConnectionInfo.cs">
<Link>PasswordConnectionInfo.cs</Link>
</Compile>
<Compile Include="..\Renci.SshNet\PriorityString.cs">
<Link>PriorityString.cs</Link>
</Compile>
<Compile Include="..\Renci.SshNet\PrivateKeyAuthenticationMethod.cs">
<Link>PrivateKeyAuthenticationMethod.cs</Link>
</Compile>
Expand Down Expand Up @@ -608,9 +605,6 @@
<Compile Include="..\Renci.SshNet\Security\CertificateHostAlgorithm.cs">
<Link>Security\CertificateHostAlgorithm.cs</Link>
</Compile>
<Compile Include="..\Renci.SshNet\Security\CertificateKeyHostAlgorithm.cs">
<Link>Security\CertificateKeyHostAlgorithm.cs</Link>
</Compile>
<Compile Include="..\Renci.SshNet\Security\Cryptography\AsymmetricCipher.cs">
<Link>Security\Cryptography\AsymmetricCipher.cs</Link>
</Compile>
Expand Down Expand Up @@ -980,7 +974,7 @@
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<ProjectExtensions>
<VisualStudio>
<UserProperties ProjectLinkerExcludeFilter="\\?desktop(\\.*)?$;\\?silverlight(\\.*)?$;\.desktop;\.silverlight;\.xaml;^service references(\\.*)?$;\.clientconfig;^web references(\\.*)?$" ProjectLinkReference="2f5f8c90-0bd1-424f-997c-7bc6280919d1" />
<UserProperties ProjectLinkReference="2f5f8c90-0bd1-424f-997c-7bc6280919d1" ProjectLinkerExcludeFilter="\\?desktop(\\.*)?$;\\?silverlight(\\.*)?$;\.desktop;\.silverlight;\.xaml;^service references(\\.*)?$;\.clientconfig;^web references(\\.*)?$" />
</VisualStudio>
</ProjectExtensions>
<!-- To modify your build process, add your task inside one of the targets below and uncomment it.
Expand Down
5 changes: 1 addition & 4 deletions src/Renci.SshNet.Tests/Classes/SessionTest_ConnectedBase.cs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
using System;
using System.Collections.Generic;
using System.Globalization;
using System.Linq;
using System.Net;
using System.Net.Sockets;
using System.Security.Cryptography;
Expand Down Expand Up @@ -153,9 +152,7 @@ private void SetupMocks()
{
_serviceFactoryMock.Setup(
p =>
p.CreateKeyExchange(ConnectionInfo.KeyExchangeAlgorithms
.ToDictionary(x => x.Key.Value, x => x.Value),
new[] { _keyExchangeAlgorithm })).Returns(_keyExchangeMock.Object);
p.CreateKeyExchange(ConnectionInfo.KeyExchangeAlgorithms, new[] { _keyExchangeAlgorithm })).Returns(_keyExchangeMock.Object);
_keyExchangeMock.Setup(p => p.Name).Returns(_keyExchangeAlgorithm);
_keyExchangeMock.Setup(p => p.Start(Session, It.IsAny<KeyExchangeInitMessage>()));
_keyExchangeMock.Setup(p => p.ExchangeHash).Returns(SessionId);
Expand Down
4 changes: 1 addition & 3 deletions src/Renci.SshNet.Tests/Classes/SessionTest_Connected_ServerAndClientDisconnectRace.cs
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
using System;
using System.Collections.Generic;
using System.Globalization;
using System.Linq;
using System.Net;
using System.Net.Sockets;
using System.Security.Cryptography;
Expand Down Expand Up @@ -137,8 +136,7 @@ private void SetupMocks()
{
_serviceFactoryMock.Setup(
p =>
p.CreateKeyExchange(ConnectionInfo.KeyExchangeAlgorithms.ToDictionary(x => x.Key.Value, x => x.Value),
new[] { _keyExchangeAlgorithm })).Returns(_keyExchangeMock.Object);
p.CreateKeyExchange(ConnectionInfo.KeyExchangeAlgorithms, new[] { _keyExchangeAlgorithm })).Returns(_keyExchangeMock.Object);
_keyExchangeMock.Setup(p => p.Name).Returns(_keyExchangeAlgorithm);
_keyExchangeMock.Setup(p => p.Start(Session, It.IsAny<KeyExchangeInitMessage>()));
_keyExchangeMock.Setup(p => p.ExchangeHash).Returns(SessionId);
Expand Down
82 changes: 41 additions & 41 deletions src/Renci.SshNet/ConnectionInfo.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,22 +43,22 @@ public class ConnectionInfo : IConnectionInfoInternal
/// <summary>
/// Gets supported key exchange algorithms for this connection.
/// </summary>
public IDictionary<PriorityString, Type> KeyExchangeAlgorithms { get; private set; }
public IDictionary<string, Type> KeyExchangeAlgorithms { get; private set; }

/// <summary>
/// Gets supported encryptions for this connection.
/// </summary>
public IDictionary<PriorityString, CipherInfo> Encryptions { get; private set; }
public IDictionary<string, CipherInfo> Encryptions { get; private set; }

/// <summary>
/// Gets supported hash algorithms for this connection.
/// </summary>
public IDictionary<PriorityString, HashInfo> HmacAlgorithms { get; private set; }
public IDictionary<string, HashInfo> HmacAlgorithms { get; private set; }

/// <summary>
/// Gets supported host key algorithms for this connection.
/// </summary>
public IDictionary<PriorityString, Func<byte[], KeyHostAlgorithm>> HostKeyAlgorithms { get; private set; }
public IDictionary<string, Func<byte[], KeyHostAlgorithm>> HostKeyAlgorithms { get; private set; }

/// <summary>
/// Gets supported authentication methods for this connection.
Expand Down Expand Up @@ -321,12 +321,12 @@ public ConnectionInfo(string host, int port, string username, ProxyTypes proxyTy
MaxSessions = 10;
Encoding = Encoding.UTF8;

KeyExchangeAlgorithms = new Dictionary<PriorityString, Type>
KeyExchangeAlgorithms = new Dictionary<string, Type>
{
{new PriorityString("diffie-hellman-group-exchange-sha256", 10), typeof (KeyExchangeDiffieHellmanGroupExchangeSha256)},
{new PriorityString("diffie-hellman-group-exchange-sha1", 5), typeof (KeyExchangeDiffieHellmanGroupExchangeSha1)},
{new PriorityString("diffie-hellman-group14-sha1", 1), typeof (KeyExchangeDiffieHellmanGroup14Sha1)},
{new PriorityString("diffie-hellman-group1-sha1", 1), typeof (KeyExchangeDiffieHellmanGroup1Sha1)},
{"diffie-hellman-group-exchange-sha256", typeof (KeyExchangeDiffieHellmanGroupExchangeSha256)},
{"diffie-hellman-group-exchange-sha1", typeof (KeyExchangeDiffieHellmanGroupExchangeSha1)},
{"diffie-hellman-group14-sha1", typeof (KeyExchangeDiffieHellmanGroup14Sha1)},
{"diffie-hellman-group1-sha1", typeof (KeyExchangeDiffieHellmanGroup1Sha1)},
//{"ecdh-sha2-nistp256", typeof(KeyExchangeEllipticCurveDiffieHellman)},
//{"ecdh-sha2-nistp256", typeof(...)},
//{"ecdh-sha2-nistp384", typeof(...)},
Expand All @@ -335,52 +335,52 @@ public ConnectionInfo(string host, int port, string username, ProxyTypes proxyTy
//"gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==" - WinSSHD
};

Encryptions = new Dictionary<PriorityString, CipherInfo>
Encryptions = new Dictionary<string, CipherInfo>
{
{new PriorityString("aes256-ctr", 100), new CipherInfo(256, (key, iv) => new AesCipher(key, new CtrCipherMode(iv), null))},
{new PriorityString("3des-cbc", 10), new CipherInfo(192, (key, iv) => new TripleDesCipher(key, new CbcCipherMode(iv), null))},
{new PriorityString("aes128-cbc", 90), new CipherInfo(128, (key, iv) => new AesCipher(key, new CbcCipherMode(iv), null))},
{new PriorityString("aes192-cbc", 91), new CipherInfo(192, (key, iv) => new AesCipher(key, new CbcCipherMode(iv), null))},
{new PriorityString("aes256-cbc", 92), new CipherInfo(256, (key, iv) => new AesCipher(key, new CbcCipherMode(iv), null))},
{new PriorityString("blowfish-cbc", 80), new CipherInfo(128, (key, iv) => new BlowfishCipher(key, new CbcCipherMode(iv), null))},
{new PriorityString("twofish-cbc", 70), new CipherInfo(256, (key, iv) => new TwofishCipher(key, new CbcCipherMode(iv), null))},
{new PriorityString("twofish192-cbc", 71), new CipherInfo(192, (key, iv) => new TwofishCipher(key, new CbcCipherMode(iv), null))},
{new PriorityString("twofish128-cbc", 72), new CipherInfo(128, (key, iv) => new TwofishCipher(key, new CbcCipherMode(iv), null))},
{new PriorityString("twofish256-cbc", 73), new CipherInfo(256, (key, iv) => new TwofishCipher(key, new CbcCipherMode(iv), null))},
{"aes256-ctr", new CipherInfo(256, (key, iv) => new AesCipher(key, new CtrCipherMode(iv), null))},
{"3des-cbc", new CipherInfo(192, (key, iv) => new TripleDesCipher(key, new CbcCipherMode(iv), null))},
{"aes128-cbc", new CipherInfo(128, (key, iv) => new AesCipher(key, new CbcCipherMode(iv), null))},
{"aes192-cbc", new CipherInfo(192, (key, iv) => new AesCipher(key, new CbcCipherMode(iv), null))},
{"aes256-cbc", new CipherInfo(256, (key, iv) => new AesCipher(key, new CbcCipherMode(iv), null))},
{"blowfish-cbc", new CipherInfo(128, (key, iv) => new BlowfishCipher(key, new CbcCipherMode(iv), null))},
{"twofish-cbc", new CipherInfo(256, (key, iv) => new TwofishCipher(key, new CbcCipherMode(iv), null))},
{"twofish192-cbc", new CipherInfo(192, (key, iv) => new TwofishCipher(key, new CbcCipherMode(iv), null))},
{"twofish128-cbc", new CipherInfo(128, (key, iv) => new TwofishCipher(key, new CbcCipherMode(iv), null))},
{"twofish256-cbc", new CipherInfo(256, (key, iv) => new TwofishCipher(key, new CbcCipherMode(iv), null))},
////{"serpent256-cbc", typeof(CipherSerpent256CBC)},
////{"serpent192-cbc", typeof(...)},
////{"serpent128-cbc", typeof(...)},
{new PriorityString("arcfour", 50), new CipherInfo(128, (key, iv) => new Arc4Cipher(key, false))},
{new PriorityString("arcfour128", 51), new CipherInfo(128, (key, iv) => new Arc4Cipher(key, true))},
{new PriorityString("arcfour256", 52), new CipherInfo(256, (key, iv) => new Arc4Cipher(key, true))},
{"arcfour", new CipherInfo(128, (key, iv) => new Arc4Cipher(key, false))},
{"arcfour128", new CipherInfo(128, (key, iv) => new Arc4Cipher(key, true))},
{"arcfour256", new CipherInfo(256, (key, iv) => new Arc4Cipher(key, true))},
////{"idea-cbc", typeof(...)},
{new PriorityString("cast128-cbc", 40), new CipherInfo(128, (key, iv) => new CastCipher(key, new CbcCipherMode(iv), null))},
{"cast128-cbc", new CipherInfo(128, (key, iv) => new CastCipher(key, new CbcCipherMode(iv), null))},
////{"rijndael-cbc@lysator.liu.se", typeof(...)},
{new PriorityString("aes128-ctr", 98), new CipherInfo(128, (key, iv) => new AesCipher(key, new CtrCipherMode(iv), null))},
{new PriorityString("aes192-ctr", 99), new CipherInfo(192, (key, iv) => new AesCipher(key, new CtrCipherMode(iv), null))},
{"aes128-ctr", new CipherInfo(128, (key, iv) => new AesCipher(key, new CtrCipherMode(iv), null))},
{"aes192-ctr", new CipherInfo(192, (key, iv) => new AesCipher(key, new CtrCipherMode(iv), null))},
};

HmacAlgorithms = new Dictionary<PriorityString, HashInfo>
HmacAlgorithms = new Dictionary<string, HashInfo>
{
{new PriorityString("hmac-md5", 1), new HashInfo(16*8, CryptoAbstraction.CreateHMACMD5)},
{new PriorityString("hmac-md5-96", 0), new HashInfo(16*8, key => CryptoAbstraction.CreateHMACMD5(key, 96))},
{new PriorityString("hmac-sha1", 50), new HashInfo(20*8, CryptoAbstraction.CreateHMACSHA1)},
{new PriorityString("hmac-sha1-96", 49), new HashInfo(20*8, key => CryptoAbstraction.CreateHMACSHA1(key, 96))},
{new PriorityString("hmac-sha2-256", 100), new HashInfo(32*8, CryptoAbstraction.CreateHMACSHA256)},
{new PriorityString("hmac-sha2-256-96", 99), new HashInfo(32*8, key => CryptoAbstraction.CreateHMACSHA256(key, 96))},
{new PriorityString("hmac-sha2-512", 100), new HashInfo(64 * 8, CryptoAbstraction.CreateHMACSHA512)},
{new PriorityString("hmac-sha2-512-96", 99), new HashInfo(64 * 8, key => CryptoAbstraction.CreateHMACSHA512(key, 96))},
{"hmac-md5", new HashInfo(16*8, CryptoAbstraction.CreateHMACMD5)},
{"hmac-md5-96", new HashInfo(16*8, key => CryptoAbstraction.CreateHMACMD5(key, 96))},
{"hmac-sha1", new HashInfo(20*8, CryptoAbstraction.CreateHMACSHA1)},
{"hmac-sha1-96", new HashInfo(20*8, key => CryptoAbstraction.CreateHMACSHA1(key, 96))},
{"hmac-sha2-256", new HashInfo(32*8, CryptoAbstraction.CreateHMACSHA256)},
{"hmac-sha2-256-96", new HashInfo(32*8, key => CryptoAbstraction.CreateHMACSHA256(key, 96))},
{"hmac-sha2-512", new HashInfo(64 * 8, CryptoAbstraction.CreateHMACSHA512)},
{"hmac-sha2-512-96", new HashInfo(64 * 8, key => CryptoAbstraction.CreateHMACSHA512(key, 96))},
//{"umac-64@openssh.com", typeof(HMacSha1)},
{new PriorityString("hmac-ripemd160", 40), new HashInfo(160, CryptoAbstraction.CreateHMACRIPEMD160)},
{new PriorityString("hmac-ripemd160@openssh.com", 40), new HashInfo(160, CryptoAbstraction.CreateHMACRIPEMD160)},
{"hmac-ripemd160", new HashInfo(160, CryptoAbstraction.CreateHMACRIPEMD160)},
{"hmac-ripemd160@openssh.com", new HashInfo(160, CryptoAbstraction.CreateHMACRIPEMD160)},
//{"none", typeof(...)},
};

HostKeyAlgorithms = new Dictionary<PriorityString, Func<byte[], KeyHostAlgorithm>>
HostKeyAlgorithms = new Dictionary<string, Func<byte[], KeyHostAlgorithm>>
{
{new PriorityString("ssh-rsa", 50), data => new KeyHostAlgorithm("ssh-rsa", new RsaKey(), data, 2)},
{new PriorityString("ssh-dss", 49), data => new KeyHostAlgorithm("ssh-dss", new DsaKey(), data, int.MaxValue)},
{new PriorityString("ssh-rsa-cert-v01@openssh.com", 100), data => new CertificateKeyHostAlgorithm("ssh-rsa-cert-v01@openssh.com", new RsaCertV01Key(), data, 3)}
{"ssh-rsa", data => new KeyHostAlgorithm("ssh-rsa", new RsaKey(), data, 2)},
{"ssh-dss", data => new KeyHostAlgorithm("ssh-dss", new DsaKey(), data, int.MaxValue)},
{"ssh-rsa-cert-v01@openssh.com", data => new KeyHostAlgorithm("ssh-rsa-cert-v01@openssh.com", new RsaCertV01Key(), data, 3)}
//{"ecdsa-sha2-nistp256 "}
//{"x509v3-sign-rsa", () => { ... },
//{"x509v3-sign-dss", () => { ... },
Expand Down
77 changes: 0 additions & 77 deletions src/Renci.SshNet/PriorityString.cs
View file

This file was deleted.

2 changes: 0 additions & 2 deletions src/Renci.SshNet/Renci.SshNet.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,12 +164,10 @@
<Compile Include="Messages\Transport\KeyExchangeEcdhInitMessage.cs" />
<Compile Include="Messages\Transport\KeyExchangeEcdhReplyMessage.cs" />
<Compile Include="Netconf\INetConfSession.cs" />
<Compile Include="PriorityString.cs" />
<Compile Include="RemotePathDoubleQuoteTransformation.cs" />
<Compile Include="RemotePathNoneTransformation.cs" />
<Compile Include="RemotePathShellQuoteTransformation.cs" />
<Compile Include="RemotePathTransformation.cs" />
<Compile Include="Security\CertificateKeyHostAlgorithm.cs" />
<Compile Include="Security\Cryptography\HMACMD5.cs" />
<Compile Include="Security\Cryptography\HMACSHA1.cs" />
<Compile Include="Security\Cryptography\HMACSHA256.cs" />
Expand Down
27 changes: 0 additions & 27 deletions src/Renci.SshNet/Security/CertificateKeyHostAlgorithm.cs
View file

This file was deleted.

Loading

0 comments on commit c649034

Please sign in to comment.