Add initial code for Diffie-Hellman key exchange.

2024-11-16 13:35:39 +01:00 · 2016-04-01 18:37:20 +03:00 · 2016-04-01 18:37:20 +03:00 · 5af8859d6b
commit 5af8859d6b
parent 926b78889e
1 changed files with 43 additions and 2 deletions
--- a/ssh-audit.py
+++ b/ssh-audit.py
@ -24,7 +24,7 @@
   THE SOFTWARE.
 """
 from __future__ import print_function
-import os, io, sys, socket, struct
+import os, io, sys, socket, struct, random

 SSH_BANNER = 'SSH-2.0-OpenSSH_7.2'

@ -226,7 +226,7 @@ class SSH(object):
 			if padding < 4:
 				padding += 8
 			plen = len(payload) + padding + 1
-			pad_bytes = '\x00' * padding
+			pad_bytes = b'\x00' * padding
 			data = struct.pack('>Ib', plen, padding) + payload + pad_bytes
 			self.send(data)
 		
@ -243,6 +243,47 @@ class SSH(object):
 			except:
 				pass

+class KexDH(object):
+	def __init__(self, alg, g, p):
+		self.__alg = alg
+		self.__g = g
+		self.__p = p
+		self.__q = (self.__p - 1) // 2
+		self.__x = None
+	
+	def send_init(self, s):
+		r = random.SystemRandom()
+		self.__x = r.randrange(2, self.__q)
+		self.__e = pow(self.__g, self.__x, self.__p)
+		s.write_byte(SSH.MSG_KEXDH_INIT)
+		s.write_mpint(self.__e)
+		s.send_packet()
+
+class KexGroup1(KexDH):
+	def __init__(self):
+		# rfc2409: second oakley group
+		p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67'
+		        'cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6d'
+		        'f25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff'
+		        '5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381'
+		        'ffffffffffffffff', 16)
+		super(KexGroup1, self).__init__('sha1', 2, p)
+
+class KexGroup14(KexDH):
+	def __init__(self):
+		# rfc3526: 2048-bit modp group
+		p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67'
+		        'cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6d'
+		        'f25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff'
+		        '5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3d'
+		        'c2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3'
+		        'ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08'
+		        'ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c5'
+		        '5df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa0510'
+		        '15728e5a8aacaa68ffffffffffffffff', 16)
+		super(KexGroup14, self).__init__('sha1', 2, p)
+
+
 def get_ssh_ver(versions):
 	tv = []
 	for v in versions.split(','):