KEX with Elliptic Curves ecdh-sha2-nistp{256,384,521}

Add Kex Algos ecdh-sha2-nistp{256,384,521}

We have to use a minimalistic BouncyCastle Import for ECDH, since Microsoft's
System.Security.Cryptography is not usable in this case.

ECDiffieHellmanCng.DeriveKeyMaterial() already does the hashing and it's not
possible to get the unhased key material for further processing.

https://blogs.msdn.microsoft.com/shawnfa/2007/01/22/elliptic-curve-diffie-hellman/

Author: darinkes

src/Renci.SshNet.Tests.NET35/Renci.SshNet.Tests.NET35.csproj

@@ -351,6 +351,9 @@
     <Compile Include="..\Renci.SshNet.Tests\Classes\Common\ExtensionsTest_Take_OffsetAndCount.cs">
       <Link>Classes\Common\ExtensionsTest_Take_OffsetAndCount.cs</Link>
     </Compile>
+    <Compile Include="..\Renci.SshNet.Tests\Classes\Common\ExtensionsTest_ToBigInteger2.cs">
+      <Link>Classes\Common\ExtensionsTest_ToBigInteger2.cs</Link>
+    </Compile>
     <Compile Include="..\Renci.SshNet.Tests\Classes\Common\ExtensionsTest_TrimLeadingZeros.cs">
       <Link>Classes\Common\ExtensionsTest_TrimLeadingZeros.cs</Link>
     </Compile>
@@ -1750,4 +1753,4 @@
   <Target Name="AfterBuild">
   </Target>
   -->
-</Project>
+</Project>

src/Renci.SshNet.Tests/Classes/Common/ExtensionsTest_ToBigInteger2.cs

@@ -0,0 +1,40 @@
+using System;
+using System.Diagnostics.CodeAnalysis;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+using Renci.SshNet.Common;
+
+namespace Renci.SshNet.Tests.Classes.Common
+{
+    [TestClass]
+    [SuppressMessage("ReSharper", "InvokeAsExtensionMethod")]
+    public class ExtensionsTest_ToBigInteger2
+    {
+        [TestMethod]
+        public void ShouldNotAppendZero()
+        {
+            byte[] value = { 0x0a, 0x0d };
+
+            var actual = value.ToBigInteger2().ToByteArray().Reverse();
+
+            Assert.IsNotNull(actual);
+            Assert.AreEqual(2, actual.Length);
+            Assert.AreEqual(0x0a, actual[0]);
+            Assert.AreEqual(0x0d, actual[1]);
+        }
+
+        [TestMethod]
+        public void ShouldAppendZero()
+        {
+            byte[] value = { 0xff, 0x0a, 0x0d };
+
+            var actual = value.ToBigInteger2().ToByteArray().Reverse();
+
+            Assert.IsNotNull(actual);
+            Assert.AreEqual(4, actual.Length);
+            Assert.AreEqual(0x00, actual[0]);
+            Assert.AreEqual(0xff, actual[1]);
+            Assert.AreEqual(0x0a, actual[2]);
+            Assert.AreEqual(0x0d, actual[3]);
+        }
+    }
+}

src/Renci.SshNet.Tests/Renci.SshNet.Tests.csproj

@@ -169,6 +169,7 @@
     <Compile Include="Classes\Common\ExtensionsTest_Reverse.cs" />
     <Compile Include="Classes\Common\ExtensionsTest_Take_Count.cs" />
     <Compile Include="Classes\Common\ExtensionsTest_Take_OffsetAndCount.cs" />
+    <Compile Include="Classes\Common\ExtensionsTest_ToBigInteger2.cs" />
     <Compile Include="Classes\Common\ExtensionsTest_TrimLeadingZeros.cs" />
     <Compile Include="Classes\Common\PackTest.cs" />
     <Compile Include="Classes\Common\PosixPathTest_GetFileName.cs" />
@@ -717,4 +718,4 @@
   <Target Name="AfterBuild">
   </Target>
   -->
-</Project>
+</Project>

src/Renci.SshNet/Common/Extensions.cs

@@ -72,6 +72,20 @@ internal static BigInteger ToBigInteger(this byte[] data)
             return new BigInteger(reversed.Reverse());
         }
 
+        /// <summary>
+        /// Initializes a new instance of the <see cref="BigInteger"/> structure using the SSH BigNum2 Format
+        /// </summary>
+        public static BigInteger ToBigInteger2(this byte[] data)
+        {
+            if ((data[0] & (1 << 7)) != 0)
+            {
+                var buf = new byte[data.Length + 1];
+                Buffer.BlockCopy(data, 0, buf, 1, data.Length);
+                data = buf;
+            }
+            return data.ToBigInteger();
+        }
+
         /// <summary>
         /// Reverses the sequence of the elements in the entire one-dimensional <see cref="Array"/>.
         /// </summary>

src/Renci.SshNet/ConnectionInfo.cs

@@ -322,14 +322,13 @@ public ConnectionInfo(string host, int port, string username, ProxyTypes proxyTy
 
             KeyExchangeAlgorithms = new Dictionary<string, Type>
                 {
+                    {"ecdh-sha2-nistp256", typeof(KeyExchangeECDH256)},
+                    {"ecdh-sha2-nistp384", typeof(KeyExchangeECDH384)},
+                    {"ecdh-sha2-nistp521", typeof(KeyExchangeECDH521)},
                     {"diffie-hellman-group-exchange-sha256", typeof (KeyExchangeDiffieHellmanGroupExchangeSha256)},
                     {"diffie-hellman-group-exchange-sha1", typeof (KeyExchangeDiffieHellmanGroupExchangeSha1)},
                     {"diffie-hellman-group14-sha1", typeof (KeyExchangeDiffieHellmanGroup14Sha1)},
                     {"diffie-hellman-group1-sha1", typeof (KeyExchangeDiffieHellmanGroup1Sha1)},
-                    //{"ecdh-sha2-nistp256", typeof(KeyExchangeEllipticCurveDiffieHellman)},
-                    //{"ecdh-sha2-nistp256", typeof(...)},
-                    //{"ecdh-sha2-nistp384", typeof(...)},
-                    //{"ecdh-sha2-nistp521", typeof(...)},
                     //"gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==" - WinSSHD
                     //"gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==" - WinSSHD
                 };

src/Renci.SshNet/Messages/Transport/KeyExchangeEcdhInitMessage.cs

@@ -1,14 +1,12 @@
-#if false
-
-using System;
+using System;
 using Renci.SshNet.Common;
 
 namespace Renci.SshNet.Messages.Transport
 {
     /// <summary>
     /// Represents SSH_MSG_KEXECDH_INIT message.
     /// </summary>
-    [Message("SSH_MSG_KEXECDH_INIT", 30)]
+    [Message("SSH_MSG_KEX_ECDH_INIT", 30)]
     internal class KeyExchangeEcdhInitMessage : Message, IKeyExchangedAllowed
     {
         /// <summary>
@@ -33,6 +31,14 @@ protected override int BufferCapacity
             }
         }
 
+        /// <summary>
+        /// Initializes a new instance of the <see cref="KeyExchangeEcdhInitMessage"/> class.
+        /// </summary>
+        public KeyExchangeEcdhInitMessage(byte[] q)
+        {
+            QC = q;
+        }
+
         /// <summary>
         /// Initializes a new instance of the <see cref="KeyExchangeEcdhInitMessage"/> class.
         /// </summary>
@@ -63,7 +69,10 @@ protected override void SaveData()
         {
             WriteBinaryString(QC);
         }
-    }
-}
 
-#endif // false
+        internal override void Process(Session session)
+        {
+            throw new NotImplementedException();
+        }
+    }
+}

src/Renci.SshNet/Messages/Transport/KeyExchangeEcdhReplyMessage.cs

@@ -1,11 +1,9 @@
-#if false
-
-namespace Renci.SshNet.Messages.Transport
+namespace Renci.SshNet.Messages.Transport
 {
     /// <summary>
     /// Represents SSH_MSG_KEXECDH_REPLY message.
     /// </summary>
-    [Message("SSH_MSG_KEXECDH_REPLY", 31)]
+    [Message("SSH_MSG_KEX_ECDH_REPLY", 31)]
     public class KeyExchangeEcdhReplyMessage : Message
     {
         /// <summary>
@@ -65,7 +63,10 @@ protected override void SaveData()
             WriteBinaryString(QS);
             WriteBinaryString(Signature);
         }
-    }
-}
 
-#endif // false
+        internal override void Process(Session session)
+        {
+            session.OnKeyExchangeEcdhReplyMessageReceived(this);
+        }
+    }
+}

src/Renci.SshNet/Renci.SshNet.csproj

@@ -309,6 +309,11 @@
     <Compile Include="Security\GroupExchangeHashData.cs" />
     <Compile Include="Security\IKeyExchange.cs" />
     <Compile Include="Security\KeyExchangeDiffieHellmanGroupExchangeShaBase.cs" />
+    <Compile Include="Security\KeyExchangeEC.cs" />
+    <Compile Include="Security\KeyExchangeECDH.cs" />
+    <Compile Include="Security\KeyExchangeECDH521.cs" />
+    <Compile Include="Security\KeyExchangeECDH384.cs" />
+    <Compile Include="Security\KeyExchangeECDH256.cs" />
     <Compile Include="ServiceFactory.cs" />
     <Compile Include="ServiceFactory.NET.cs" />
     <Compile Include="Sftp\ISftpFileReader.cs" />