Skip to content

Commit

Permalink
Merge ryban:8258-ryban-hmac-sha2-512-fix: Fix SSH not generating corr…
Browse files Browse the repository at this point in the history 
…ect keys when using hmac-sha2-512 with SHA1 based KEX algorithms

Author: ryban, jamohamm
Reviewer: hawkowl
Fixes: ticket:8258
  • Loading branch information
@ryban @hawkowl
ryban authored and hawkowl committed Jul 20, 2019
1 parent 4cade8b commit 5b203b2
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 2 deletions.
4 changes: 3 additions & 1 deletion src/twisted/conch/ssh/transport.py
View file
Expand Up @@ -1063,7 +1063,9 @@ def _getKey(self, c, sharedSecret, exchangeHash):
k1 = hashProcessor(sharedSecret + exchangeHash + c + self.sessionID)
k1 = k1.digest()
k2 = hashProcessor(sharedSecret + exchangeHash + k1).digest()
return k1 + k2
k3 = hashProcessor(sharedSecret + exchangeHash + k1 + k2).digest()
k4 = hashProcessor(sharedSecret + exchangeHash + k1 + k2 + k3).digest()
return k1 + k2 + k3 + k4


def _keySetup(self, sharedSecret, exchangeHash):
Expand Down
5 changes: 4 additions & 1 deletion src/twisted/conch/test/test_transport.py
View file
Expand Up @@ -1238,7 +1238,10 @@ def test_getKey(self):
k1 = self.hashProcessor(
b'AB' + b'CD' + b'K' + self.proto.sessionID).digest()
k2 = self.hashProcessor(b'ABCD' + k1).digest()
self.assertEqual(self.proto._getKey(b'K', b'AB', b'CD'), k1 + k2)
k3 = self.hashProcessor(b'ABCD' + k1 + k2).digest()
k4 = self.hashProcessor(b'ABCD' + k1 + k2 + k3).digest()
self.assertEqual(
self.proto._getKey(b'K', b'AB', b'CD'), k1 + k2 + k3 + k4)



Expand Down
1 change: 1 addition & 0 deletions src/twisted/newsfragments/8258.bugfix
View file
@@ -0,0 +1 @@
twisted.conch.ssh now generates correct keys when using hmac-sha2-512 with SHA1 based KEX algorithms.

0 comments on commit 5b203b2

Please sign in to comment.