using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Agreement; using Org.BouncyCastle.Crypto.Generators; using Org.BouncyCastle.Crypto.Parameters; using Renci.SshNet.Abstractions; using Renci.SshNet.Common; using Renci.SshNet.Messages.Transport; namespace Renci.SshNet.Security { internal class KeyExchangeECCurve25519 : KeyExchangeEC { protected sealed class BouncyCastleImpl : Impl { private X25519Agreement _keyAgreement; public override byte[] GenerateClientPublicKey() { X25519KeyPairGenerator val = new X25519KeyPairGenerator(); val.Init(new X25519KeyGenerationParameters(CryptoAbstraction.SecureRandom)); AsymmetricCipherKeyPair val2 = val.GenerateKeyPair(); _keyAgreement = new X25519Agreement(); _keyAgreement.Init(val2.get_Private()); return val2.get_Public().GetEncoded(); } public override byte[] CalculateAgreement(byte[] serverPublicKey) { X25519PublicKeyParameters val = new X25519PublicKeyParameters(serverPublicKey); byte[] array = new byte[_keyAgreement.get_AgreementSize()]; _keyAgreement.CalculateAgreement(val, array, 0); return array; } } protected BouncyCastleImpl _impl; public override string Name => "curve25519-sha256"; protected override int HashSize => 256; public override void Start(Session session, KeyExchangeInitMessage message, bool sendClientInitMessage) { base.Start(session, message, sendClientInitMessage); _impl = new BouncyCastleImpl(); StartImpl(); } protected virtual void StartImpl() { base.Session.RegisterMessage("SSH_MSG_KEX_ECDH_REPLY"); base.Session.KeyExchangeEcdhReplyMessageReceived += Session_KeyExchangeEcdhReplyMessageReceived; _clientExchangeValue = _impl.GenerateClientPublicKey(); SendMessage(new KeyExchangeEcdhInitMessage(_clientExchangeValue)); } public override void Finish() { base.Finish(); FinishImpl(); } protected virtual void FinishImpl() { base.Session.KeyExchangeEcdhReplyMessageReceived -= Session_KeyExchangeEcdhReplyMessageReceived; } protected override byte[] Hash(byte[] hashData) { return CryptoAbstraction.HashSHA256(hashData); } private void Session_KeyExchangeEcdhReplyMessageReceived(object sender, MessageEventArgs<KeyExchangeEcdhReplyMessage> e) { KeyExchangeEcdhReplyMessage message = e.Message; base.Session.UnRegisterMessage("SSH_MSG_KEX_ECDH_REPLY"); HandleServerEcdhReply(message.KS, message.QS, message.Signature); Finish(); } private void HandleServerEcdhReply(byte[] hostKey, byte[] serverExchangeValue, byte[] signature) { _serverExchangeValue = serverExchangeValue; _hostKey = hostKey; _signature = signature; byte[] data = _impl.CalculateAgreement(serverExchangeValue); base.SharedKey = Extensions.ToByteArray(data.ToBigInteger2(), false, true); } protected override void Dispose(bool disposing) { base.Dispose(disposing); if (disposing) _impl?.Dispose(); } } }