Use BouncyCastle for Diffie-Hellman key exchange (#1654)

Removes another vestige of hand-rolled crypto, and makes the classes public +
configurable for if/when we remove certain algorithms.

Author: Rob-Hague

src/Renci.SshNet/ConnectionInfo.cs

@@ -7,6 +7,8 @@
 
 using Microsoft.Extensions.Logging;
 
+using Org.BouncyCastle.Crypto.Agreement;
+
 using Renci.SshNet.Common;
 using Renci.SshNet.Compression;
 using Renci.SshNet.Messages.Authentication;
@@ -357,12 +359,13 @@ public ConnectionInfo(string host, int port, string username, ProxyTypes proxyTy
                     { "ecdh-sha2-nistp256", () => new KeyExchangeECDH256() },
                     { "ecdh-sha2-nistp384", () => new KeyExchangeECDH384() },
                     { "ecdh-sha2-nistp521", () => new KeyExchangeECDH521() },
-                    { "diffie-hellman-group-exchange-sha256", () => new KeyExchangeDiffieHellmanGroupExchangeSha256() },
-                    { "diffie-hellman-group-exchange-sha1", () => new KeyExchangeDiffieHellmanGroupExchangeSha1() },
-                    { "diffie-hellman-group16-sha512", () => new KeyExchangeDiffieHellmanGroup16Sha512() },
-                    { "diffie-hellman-group14-sha256", () => new KeyExchangeDiffieHellmanGroup14Sha256() },
-                    { "diffie-hellman-group14-sha1", () => new KeyExchangeDiffieHellmanGroup14Sha1() },
-                    { "diffie-hellman-group1-sha1", () => new KeyExchangeDiffieHellmanGroup1Sha1() },
+                    { "diffie-hellman-group-exchange-sha256", () => new KeyExchangeDiffieHellmanGroupExchange("diffie-hellman-group-exchange-sha256", HashAlgorithmName.SHA256) },
+                    { "diffie-hellman-group16-sha512", () => new KeyExchangeDiffieHellman("diffie-hellman-group16-sha512", DHStandardGroups.rfc3526_4096, HashAlgorithmName.SHA512) },
+                    { "diffie-hellman-group18-sha512", () => new KeyExchangeDiffieHellman("diffie-hellman-group18-sha512", DHStandardGroups.rfc3526_8192, HashAlgorithmName.SHA512) },
+                    { "diffie-hellman-group14-sha256", () => new KeyExchangeDiffieHellman("diffie-hellman-group14-sha256", DHStandardGroups.rfc3526_2048, HashAlgorithmName.SHA256) },
+                    { "diffie-hellman-group-exchange-sha1", () => new KeyExchangeDiffieHellmanGroupExchange("diffie-hellman-group-exchange-sha1", HashAlgorithmName.SHA1) },
+                    { "diffie-hellman-group14-sha1", () => new KeyExchangeDiffieHellman("diffie-hellman-group14-sha1", DHStandardGroups.rfc3526_2048, HashAlgorithmName.SHA1) },
+                    { "diffie-hellman-group1-sha1", () => new KeyExchangeDiffieHellman("diffie-hellman-group1-sha1", DHStandardGroups.rfc2409_1024, HashAlgorithmName.SHA1) },
                 };
 
             Encryptions = new OrderedDictionary<string, CipherInfo>

src/Renci.SshNet/Messages/Transport/KeyExchangeDhGroupExchangeGroup.cs

@@ -9,8 +9,8 @@ namespace Renci.SshNet.Messages.Transport
     /// </summary>
     public class KeyExchangeDhGroupExchangeGroup : Message
     {
-        private byte[] _safePrime;
-        private byte[] _subGroup;
+        internal byte[] SafePrimeBytes { get; private set; }
+        internal byte[] SubGroupBytes { get; private set; }
 
         /// <inheritdoc />
         public override string MessageName
@@ -38,7 +38,7 @@ public override byte MessageNumber
         /// </value>
         public BigInteger SafePrime
         {
-            get { return _safePrime.ToBigInteger(); }
+            get { return SafePrimeBytes.ToBigInteger(); }
         }
 
         /// <summary>
@@ -49,7 +49,7 @@ public BigInteger SafePrime
         /// </value>
         public BigInteger SubGroup
         {
-            get { return _subGroup.ToBigInteger(); }
+            get { return SubGroupBytes.ToBigInteger(); }
         }
 
         /// <summary>
@@ -64,9 +64,9 @@ protected override int BufferCapacity
             {
                 var capacity = base.BufferCapacity;
                 capacity += 4; // SafePrime length
-                capacity += _safePrime.Length; // SafePrime
+                capacity += SafePrimeBytes.Length; // SafePrime
                 capacity += 4; // SubGroup length
-                capacity += _subGroup.Length; // SubGroup
+                capacity += SubGroupBytes.Length; // SubGroup
 
                 return capacity;
             }
@@ -77,17 +77,17 @@ protected override int BufferCapacity
         /// </summary>
         protected override void LoadData()
         {
-            _safePrime = ReadBinary();
-            _subGroup = ReadBinary();
+            SafePrimeBytes = ReadBinary();
+            SubGroupBytes = ReadBinary();
         }
 
         /// <summary>
         /// Called when type specific data need to be saved.
         /// </summary>
         protected override void SaveData()
         {
-            WriteBinaryString(_safePrime);
-            WriteBinaryString(_subGroup);
+            WriteBinaryString(SafePrimeBytes);
+            WriteBinaryString(SubGroupBytes);
         }
 
         internal override void Process(Session session)

src/Renci.SshNet/Security/GroupExchangeHashData.cs

@@ -1,5 +1,4 @@
 using System;
-using System.Numerics;
 
 using Renci.SshNet.Common;
 
@@ -9,8 +8,6 @@ internal sealed class GroupExchangeHashData : SshData
     {
         private byte[] _serverVersion;
         private byte[] _clientVersion;
-        private byte[] _prime;
-        private byte[] _subGroup;
 
         public string ServerVersion
         {
@@ -36,17 +33,9 @@ public string ClientVersion
 
         public uint MaximumGroupSize { get; set; }
 
-        public BigInteger Prime
-        {
-            private get { return _prime.ToBigInteger(); }
-            set { _prime = value.ToByteArray(isBigEndian: true); }
-        }
+        public byte[] Prime { get; set; }
 
-        public BigInteger SubGroup
-        {
-            private get { return _subGroup.ToBigInteger(); }
-            set { _subGroup = value.ToByteArray(isBigEndian: true); }
-        }
+        public byte[] SubGroup { get; set; }
 
         public byte[] ClientExchangeValue { get; set; }
 
@@ -79,9 +68,9 @@ protected override int BufferCapacity
                 capacity += 4; // PreferredGroupSize
                 capacity += 4; // MaximumGroupSize
                 capacity += 4; // Prime length
-                capacity += _prime.Length; // Prime
+                capacity += Prime.Length; // Prime
                 capacity += 4; // SubGroup length
-                capacity += _subGroup.Length; // SubGroup
+                capacity += SubGroup.Length; // SubGroup
                 capacity += 4; // ClientExchangeValue length
                 capacity += ClientExchangeValue.Length; // ClientExchangeValue
                 capacity += 4; // ServerExchangeValue length
@@ -107,8 +96,8 @@ protected override void SaveData()
             Write(MinimumGroupSize);
             Write(PreferredGroupSize);
             Write(MaximumGroupSize);
-            WriteBinaryString(_prime);
-            WriteBinaryString(_subGroup);
+            WriteBinaryString(Prime);
+            WriteBinaryString(SubGroup);
             WriteBinaryString(ClientExchangeValue);
             WriteBinaryString(ServerExchangeValue);
             WriteBinaryString(SharedKey);

src/Renci.SshNet/Security/KeyExchange.cs

@@ -482,7 +482,7 @@ protected bool CanTrustHostKey(KeyHostAlgorithm host)
         /// <summary>
         /// Validates the exchange hash.
         /// </summary>
-        /// <returns>true if exchange hash is valid; otherwise false.</returns>
+        /// <returns><see langword="true"/> if exchange hash is valid; otherwise <see langword="false"/>.</returns>
         protected abstract bool ValidateExchangeHash();
 
         private protected bool ValidateExchangeHash(byte[] encodedKey, byte[] encodedSignature)