diff options
author | Miklós Fazekas <mfazekas@szemafor.com> | 2016-05-09 15:00:45 +0200 |
---|---|---|
committer | Miklós Fazekas <mfazekas@szemafor.com> | 2016-05-09 15:00:45 +0200 |
commit | 74d7da59546748882641975933b7367e82890792 (patch) | |
tree | 76e9c8bc1ca94180973db0c478072889613d6ce8 | |
parent | 6909849f6ff0ea9e4bcc57d9c7f1373c0bb71906 (diff) | |
parent | 61415d02fc9b15e5647d677541e3255a72d8b5b1 (diff) | |
download | net-ssh-74d7da59546748882641975933b7367e82890792.tar.gz |
Merge pull request #367 from eligible/minimum_dh_bits
Adds minimum_dh_bits option.
-rw-r--r-- | lib/net/ssh.rb | 3 | ||||
-rw-r--r-- | lib/net/ssh/transport/algorithms.rb | 1 | ||||
-rw-r--r-- | lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb | 8 | ||||
-rw-r--r-- | test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb | 15 | ||||
-rw-r--r-- | test/transport/test_algorithms.rb | 1 |
5 files changed, 22 insertions, 6 deletions
diff --git a/lib/net/ssh.rb b/lib/net/ssh.rb index d98f43a..0775fab 100644 --- a/lib/net/ssh.rb +++ b/lib/net/ssh.rb @@ -71,7 +71,8 @@ module Net :known_hosts, :global_known_hosts_file, :user_known_hosts_file, :host_key_alias, :host_name, :user, :properties, :passphrase, :keys_only, :max_pkt_size, :max_win_size, :send_env, :use_agent, :number_of_password_prompts, - :append_supported_algorithms, :non_interactive, :password_prompt, :agent_socket_factory + :append_supported_algorithms, :non_interactive, :password_prompt, :agent_socket_factory, + :minimum_dh_bits ] # The standard means of starting a new SSH connection. When used with a diff --git a/lib/net/ssh/transport/algorithms.rb b/lib/net/ssh/transport/algorithms.rb index 861b193..5443c0d 100644 --- a/lib/net/ssh/transport/algorithms.rb +++ b/lib/net/ssh/transport/algorithms.rb @@ -357,6 +357,7 @@ module Net; module SSH; module Transport :server_algorithm_packet => @server_packet, :client_algorithm_packet => @client_packet, :need_bytes => kex_byte_requirement, + :minimum_dh_bits => options[:minimum_dh_bits], :logger => logger) result = algorithm.exchange_keys diff --git a/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb b/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb index 8fb69e8..8f9613e 100644 --- a/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +++ b/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb @@ -23,8 +23,10 @@ module Net::SSH::Transport::Kex # for Compatibility: OpenSSH requires (need_bits * 2 + 1) length of parameter need_bits = data[:need_bytes] * 8 * 2 + 1 - if need_bits < MINIMUM_BITS - need_bits = MINIMUM_BITS + data[:minimum_dh_bits] ||= MINIMUM_BITS + + if need_bits < data[:minimum_dh_bits] + need_bits = data[:minimum_dh_bits] elsif need_bits > MAXIMUM_BITS need_bits = MAXIMUM_BITS end @@ -38,7 +40,7 @@ module Net::SSH::Transport::Kex compute_need_bits # request the DH key parameters for the given number of bits. - buffer = Net::SSH::Buffer.from(:byte, KEXDH_GEX_REQUEST, :long, MINIMUM_BITS, + buffer = Net::SSH::Buffer.from(:byte, KEXDH_GEX_REQUEST, :long, data[:minimum_dh_bits], :long, data[:need_bits], :long, MAXIMUM_BITS) connection.send_message(buffer) diff --git a/test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb b/test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb index f17a6d0..6ee04e7 100644 --- a/test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb +++ b/test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb @@ -16,6 +16,12 @@ module Transport; module Kex assert_nothing_raised { exchange! } end + def test_exchange_with_optional_minimum_bits_declared + dh_options :minimum_dh_bits => 4096 + assert_equal 4096, need_bits + assert_nothing_raised { exchange! } + end + def test_exchange_with_fewer_than_maximum_bits_uses_need_bits dh_options :need_bytes => 500 need_bits(8001) @@ -37,7 +43,12 @@ module Transport; module Kex private def need_bits(bits=1024) - @need_bits ||= bits + @need_bits ||= need_minimum(bits) + end + + def need_minimum(bits=1024) + return @dh_options[:minimum_dh_bits] if @dh_options && @dh_options[:minimum_dh_bits] + bits end def default_p @@ -47,7 +58,7 @@ module Transport; module Kex def exchange!(options={}) connection.expect do |t, buffer| assert_equal KEXDH_GEX_REQUEST, buffer.type - assert_equal 1024, buffer.read_long + assert_equal need_minimum, buffer.read_long assert_equal need_bits, buffer.read_long assert_equal 8192, buffer.read_long t.return(KEXDH_GEX_GROUP, :bignum, bn(options[:p] || default_p), :bignum, bn(options[:g] || 2)) diff --git a/test/transport/test_algorithms.rb b/test/transport/test_algorithms.rb index a0ddd7e..5a81edf 100644 --- a/test/transport/test_algorithms.rb +++ b/test/transport/test_algorithms.rb @@ -235,6 +235,7 @@ module Transport :server_algorithm_packet => kexinit.to_s, :client_algorithm_packet => buffer.to_s, :need_bytes => 20, + :minimum_dh_bits => nil, :logger => nil). returns(stub("kex", :exchange_keys => { :shared_secret => shared_secret, :session_id => session_id, :hashing_algorithm => hashing_algorithm })) end |