KEX with Elliptic Curves

Add Kex Algos ecdh-sha2-nistp{256,384,521} and curve25519-sha256(@libssh.org)

We have to use a minimalistic BouncyCastle Import for ECDH, since Microsoft's
System.Security.Cryptography is not usable in this case.

ECDiffieHellmanCng.DeriveKeyMaterial() already does the hashing and it's not
possible to get the unhased key material for further processing.

https://blogs.msdn.microsoft.com/shawnfa/2007/01/22/elliptic-curve-diffie-hellman/

Author: darinkes

src/Renci.SshNet/Abstractions/DiagnosticAbstraction.cs

@@ -1,4 +1,6 @@
-using System.Diagnostics;
+using System;
+
+using System.Diagnostics;
 #if FEATURE_DIAGNOSTICS_TRACESOURCE
 using System.Threading;
 #endif // FEATURE_DIAGNOSTICS_TRACESOURCE
@@ -27,6 +29,7 @@ public static bool IsEnabled(TraceEventType traceEventType)
         [Conditional("DEBUG")]
         public static void Log(string text)
         {
+            Console.WriteLine(text);
 #if FEATURE_DIAGNOSTICS_TRACESOURCE
             Loggging.TraceEvent(TraceEventType.Verbose, Thread.CurrentThread.ManagedThreadId, text);
 #endif // FEATURE_DIAGNOSTICS_TRACESOURCE

src/Renci.SshNet/Common/BigInteger.cs

@@ -177,6 +177,20 @@ public static BigInteger Random(int bitLength)
             return new BigInteger(bytesArray);
         }
 
+        /// <summary>
+        /// Initializes a new instance of the <see cref="BigInteger"/> structure using the SSH BigNum2 Format
+        /// </summary>
+        public static BigInteger SshFormatBignum2(byte[] data)
+        {
+            if ((data[0] & (1 << 7)) != 0)
+            {
+                var buf = new byte[data.Length + 1];
+                Buffer.BlockCopy(data, 0, buf, 1, data.Length);
+                data = buf;
+            }
+            return new BigInteger(data.Reverse());
+        }
+
         #endregion SSH.NET additions
 
         private BigInteger(short sign, uint[] data)

src/Renci.SshNet/ConnectionInfo.cs

@@ -322,14 +322,15 @@ public ConnectionInfo(string host, int port, string username, ProxyTypes proxyTy
 
             KeyExchangeAlgorithms = new Dictionary<string, Type>
                 {
+                    {"curve25519-sha256", typeof(KeyExchangeECCurve25519)},
+                    {"curve25519-sha256@libssh.org", typeof(KeyExchangeECCurve25519)},
+                    {"ecdh-sha2-nistp256", typeof(KeyExchangeECDH256)},
+                    {"ecdh-sha2-nistp384", typeof(KeyExchangeECDH384)},
+                    {"ecdh-sha2-nistp521", typeof(KeyExchangeECDH521)},
                     {"diffie-hellman-group-exchange-sha256", typeof (KeyExchangeDiffieHellmanGroupExchangeSha256)},
                     {"diffie-hellman-group-exchange-sha1", typeof (KeyExchangeDiffieHellmanGroupExchangeSha1)},
                     {"diffie-hellman-group14-sha1", typeof (KeyExchangeDiffieHellmanGroup14Sha1)},
                     {"diffie-hellman-group1-sha1", typeof (KeyExchangeDiffieHellmanGroup1Sha1)},
-                    //{"ecdh-sha2-nistp256", typeof(KeyExchangeEllipticCurveDiffieHellman)},
-                    //{"ecdh-sha2-nistp256", typeof(...)},
-                    //{"ecdh-sha2-nistp384", typeof(...)},
-                    //{"ecdh-sha2-nistp521", typeof(...)},
                     //"gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==" - WinSSHD
                     //"gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==" - WinSSHD
                 };

src/Renci.SshNet/Messages/Transport/KeyExchangeEcdhInitMessage.cs

@@ -1,14 +1,12 @@
-#if false
-
-using System;
+using System;
 using Renci.SshNet.Common;
 
 namespace Renci.SshNet.Messages.Transport
 {
     /// <summary>
     /// Represents SSH_MSG_KEXECDH_INIT message.
     /// </summary>
-    [Message("SSH_MSG_KEXECDH_INIT", 30)]
+    [Message("SSH_MSG_KEX_ECDH_INIT", 30)]
     internal class KeyExchangeEcdhInitMessage : Message, IKeyExchangedAllowed
     {
         /// <summary>
@@ -33,6 +31,14 @@ protected override int BufferCapacity
             }
         }
 
+        /// <summary>
+        /// Initializes a new instance of the <see cref="KeyExchangeEcdhInitMessage"/> class.
+        /// </summary>
+        public KeyExchangeEcdhInitMessage(byte[] q)
+        {
+            QC = q;
+        }
+
         /// <summary>
         /// Initializes a new instance of the <see cref="KeyExchangeEcdhInitMessage"/> class.
         /// </summary>
@@ -63,7 +69,10 @@ protected override void SaveData()
         {
             WriteBinaryString(QC);
         }
-    }
-}
 
-#endif // false
+        internal override void Process(Session session)
+        {
+            throw new NotImplementedException();
+        }
+    }
+}

src/Renci.SshNet/Messages/Transport/KeyExchangeEcdhReplyMessage.cs

@@ -1,11 +1,9 @@
-#if false
-
-namespace Renci.SshNet.Messages.Transport
+namespace Renci.SshNet.Messages.Transport
 {
     /// <summary>
     /// Represents SSH_MSG_KEXECDH_REPLY message.
     /// </summary>
-    [Message("SSH_MSG_KEXECDH_REPLY", 31)]
+    [Message("SSH_MSG_KEX_ECDH_REPLY", 31)]
     public class KeyExchangeEcdhReplyMessage : Message
     {
         /// <summary>
@@ -65,7 +63,10 @@ protected override void SaveData()
             WriteBinaryString(QS);
             WriteBinaryString(Signature);
         }
-    }
-}
 
-#endif // false
+        internal override void Process(Session session)
+        {
+            session.OnKeyExchangeEcdhReplyMessageReceived(this);
+        }
+    }
+}