Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add key exchange algorithm [email protected] #171

Closed
dkocher opened this issue Jan 27, 2015 · 11 comments
Closed

Add key exchange algorithm [email protected] #171

dkocher opened this issue Jan 27, 2015 · 11 comments

Comments

@dkocher
Copy link
Contributor

dkocher commented Jan 27, 2015

Currently only diffie-hellman-group14-sha1 and diffie-hellman-group1-sha1 is implemented.
@hierynomus
Copy link
Owner

Hi David,

Could you link the RFC for the protocol? In both this one and #167? Thx!

@dkocher
Copy link
Contributor Author

dkocher commented Jan 27, 2015

[email protected] key exchange method

@dkocher
Copy link
Contributor Author

dkocher commented Jan 27, 2015

Refer also to Specifications implemented by OpenSSH.

@grkvlt
Copy link

grkvlt commented May 8, 2015

@hierynomus @dkocher same point as #167 basically, has there been any progress on this? I looked at the code, but I'm not sure where to start on implementing a new key exchange algorithm myself.

@hierynomus
Copy link
Owner

Started work on this on the ed25519 branch

@hierynomus
Copy link
Owner

@dkocher I'm not seeming to get it to work yet. Maybe you can have a look at the branch also. Probably missing something very stupid here during the signature verification :(.

Current status is:

net.schmizz.sshj.transport.TransportException: KeyExchange signature verification failed
    at net.schmizz.sshj.transport.kex.Curve25519.next(Curve25519.java:126) ~[main/:na]
    at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:367) ~[main/:na]
    at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:493) ~[main/:na]

SSHD configuration on linux box used:

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256

@dkocher
Copy link
Contributor Author

dkocher commented Jul 31, 2015

I can reproduce the signature verification failure. Note that when I leave the other HostKey settings uncommented, there is an issue with selecting the correct host key type and a resulting exception

java.lang.ClassCastException: org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey cannot be cast to net.i2p.crypto.eddsa.EdDSAPublicKey
    at net.schmizz.sshj.transport.kex.Curve25519.next(Curve25519.java:108)
    at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:367)
    at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:493)
    at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:107)
    at net.schmizz.sshj.transport.Decoder.received(Decoder.java:175)
    at net.schmizz.sshj.transport.Reader.run(Reader.java:60)

@hierynomus
Copy link
Owner

Some additional implementation info...

Nice scheme: https://blog.mozilla.org/warner/2011/11/29/ed25519-keys/
Page on ed25519: http://ed25519.cr.yp.to/software.html
Original ed25519 paper: http://ed25519.cr.yp.to/ed25519-20110926.pdf
Original curve25519 paper: http://cr.yp.to/ecdh/curve25519-20060209.pdf
Sodium: https://labs.opendns.com/2013/03/06/announcing-sodium-a-new-cryptographic-library

@hierynomus
Copy link
Owner

@dkocher Can you try it out and see whether it indeed works, verified it locally against a VM, but would be good to have a backup check before releasing into the wild 😄

@dkocher
Copy link
Contributor Author

dkocher commented Nov 4, 2015

Tested against SSH-2.0-OpenSSH_6.6.1.

@hierynomus
Copy link
Owner

In that case I'm going to release! Stay tuned for 0.14.0

@sblond sblond mentioned this issue Feb 10, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dkocher @hierynomus @grkvlt