From e012d588573d1e8e888b71609e15b2761758e233 Mon Sep 17 00:00:00 2001 From: Sean Smith Date: Sun, 18 Feb 2024 22:09:11 -0600 Subject: [PATCH] Add HaSSH to ssh output --- lib/ssh/messages.go | 16 ++++++++++++++++ lib/ssh/messages_test.go | 22 ++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/lib/ssh/messages.go b/lib/ssh/messages.go index a3267448..b72e0af8 100644 --- a/lib/ssh/messages.go +++ b/lib/ssh/messages.go @@ -6,7 +6,9 @@ package ssh import ( "bytes" + "crypto/md5" "encoding/binary" + "encoding/hex" "encoding/json" "errors" "fmt" @@ -84,6 +86,7 @@ type JsonKexInitMsg struct { LanguagesServerClient []string `json:"server_to_client_languages,omitempty"` FirstKexFollows bool `json:"first_kex_follows"` Reserved uint32 `json:"reserved"` + ServerHaSSH string `json:"serverHaSSH"` } func (kex *KexInitMsg) MarshalJSON() ([]byte, error) { @@ -101,10 +104,23 @@ func (kex *KexInitMsg) MarshalJSON() ([]byte, error) { LanguagesServerClient: kex.LanguagesServerClient, FirstKexFollows: kex.FirstKexFollows, Reserved: kex.Reserved, + ServerHaSSH: kex.GenerateServerHaSSH(), } return json.Marshal(temp) } +func (kex *KexInitMsg) GenerateServerHaSSH() string { + input := strings.Join( + []string { + strings.Join(kex.KexAlgos, ","), + strings.Join(kex.CiphersServerClient, ","), + strings.Join(kex.MACsServerClient, ","), + strings.Join(kex.CompressionServerClient, ","), + }, ";") + md5 := md5.Sum([]byte(input)) + return hex.EncodeToString(md5[:]) +} + // See RFC 4253, section 8. // Diffie-Helman diff --git a/lib/ssh/messages_test.go b/lib/ssh/messages_test.go index ae7a7347..92a2f790 100644 --- a/lib/ssh/messages_test.go +++ b/lib/ssh/messages_test.go @@ -206,6 +206,28 @@ func TestMarshalMultiTag(t *testing.T) { } } +funcTestHaSSH(t *testing.T) { + ki := &KexInitMsg{} + randomBytes(ki.Cookie[:]"," rand) + ki.KexAlgos = []string {"curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256","diffie-hellman-group-exchange-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group15-sha512","diffie-hellman-group16-sha512","diffie-hellman-group17-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256@ssh.com","diffie-hellman-group15-sha256","diffie-hellman-group15-sha256@ssh.com","diffie-hellman-group15-sha384@ssh.com","diffie-hellman-group16-sha256","diffie-hellman-group16-sha384@ssh.com","diffie-hellman-group16-sha512@ssh.com","diffie-hellman-group18-sha512@ssh.com") + ki.ServerHostKeyAlgos = randomNameList(rand) + ki.CiphersClientServer = randomNameList(rand) + ki.CiphersServerClient = []string {"aes128-cbc","aes128-ctr","aes192-cbc","aes192-ctr","aes256-cbc","aes256-ctr","blowfish-cbc","blowfish-ctr","cast128-cbc","cast128-ctr","idea-cbc","idea-ctr","serpent128-cbc","serpent128-ctr","serpent192-cbc","serpent192-ctr","serpent256-cbc","serpent256-ctr","3des-cbc","3des-ctr","twofish128-cbc","twofish128-ctr","twofish192-cbc","twofish192-ctr","twofish256-cbc","twofish256-ctr","twofish-cbc","arcfour","arcfour128","arcfour256"} + ki.MACsClientServer = randomNameList(rand) + ki.MACsServerClient = []string {"hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-sha2-256","hmac-sha2-512"} + ki.CompressionClientServer = randomNameList(rand) + ki.CompressionServerClient = []string {"zlib@openssh.com","zlib","none"} + ki.LanguagesClientServer = randomNameList(rand) + ki.LanguagesServerClient = randomNameList(rand) + ki.FirstKexFollows = true + + hassh := ki.GenerateHaSSH() + expected := "8a8ae540028bf433cd68356c1b9e8d5b" + if hassh != expected { + t.Errorf("Unexpected hash. Wanted %s, got %s", expected, hassh) + } +} + func randomBytes(out []byte, rand *rand.Rand) { for i := 0; i < len(out); i++ { out[i] = byte(rand.Int31())