Search code examples
chashshaopensshnetbsd

netbsd version of openssh has support for "diffie-hellman-group-exchange-sha256" but not for SHA256 for macs


I have an old version of netbsd which I am using. I wanted to configure the openssh to use strong ciphers and macs, but when saw the available macs it did not have support for SHA256 and higher. macs supported are

macs[] = {
    { "hmac-sha1",          SSH_EVP, EVP_sha1, 0, -1, -1 },
    { "hmac-sha1-96",       SSH_EVP, EVP_sha1, 96, -1, -1 },
    { "hmac-md5",           SSH_EVP, EVP_md5, 0, -1, -1 },
    { "hmac-md5-96",        SSH_EVP, EVP_md5, 96, -1, -1 },
    { "hmac-ripemd160",     SSH_EVP, EVP_ripemd160, 0, -1, -1 },
    { "[email protected]", SSH_EVP, EVP_ripemd160, 0, -1, -1 },
#ifdef UMAC_HAS_BEEN_UNBROKEN
    { "[email protected]",    SSH_UMAC, NULL, 0, 128, 64 },
#endif
    { NULL,             0, NULL, 0, -1, -1 }
};

But when I check for supported ciphers for key exchange, I find that SHA256 can be used

#define KEX_DH1         "diffie-hellman-group1-sha1"
#define KEX_DH14        "diffie-hellman-group14-sha1"
#define KEX_DHGEX_SHA1      "diffie-hellman-group-exchange-sha1"
#define KEX_DHGEX_SHA256    "diffie-hellman-group-exchange-sha256"

How is that. If there is an implementation of SHA256 in my netbsd openssh, why isn't it available as a mac cipher?


Solution

  • OpenSSH 5.0 had support for SHA-256 key exchange algorithm, but not for MACs with SHA-256 hashes. For the reference, there is a source code:

    https://github.com/openssh/openssh-portable/blob/V_5_0_P1/myproposal.h

    The SHA256 usage in MAC and in Key exchange is totally distinct and one does not affect the other. If SHA256 is used in either of them depends on the availability of this hash in underlying OpenSSL, but also if the OpenSSH implemented such algorithm. 10 years ago (2007), it was implemented only as a key exchange algorithm (the MAC were standardized later).

    The original RFC4253 does not list any SHA256 algorithms. The DH key exchange method was standardized in RFC4419 (2006), but the HMACS using SHA2 were standardized as late as in 2012 in RFC6668.

    Your version is between them, where there was no standard for this so it was not implemented.