0 votes
by (520 points)
edited

Hello,

I'm communicating with an old Nortel 5530 (5530_511017.img) device. Its reporting the wrong key size. As near as I can tell, the issue originates on line 256 of Rebex.Net.SshDiffieHellmanOakleyNegotiation:

byte[] buffer = session.ReceivePacket(SshLayer.Transport);
            TransportKexDhReply serverKex = new     
TransportKexDhReply(buffer, 0, buffer.Length, EncodingTools.ASCII);

When serverKex.GetKey() is called two lines later, it returns a byte[] with a length of 291 (8 bits to long), leading the library to throw an error in the DSAManaged class when it does the length check and discovers that its 648 instead of 640.

I can ssh into the device using putty or securecrt, so the ssh server is working (though perhaps not as intended).

Any ideas?

See the log file below:

2014-05-13 18:47:58.304 Opening log file.
2014-05-13 18:47:58.304 Using FileLogWriter version 2.0.5171.0.
2014-05-13 18:47:58.332 INFO Ssh(1)[10] Info: Connecting to 10.110.0.180:22 using Ssh 1.0.5171.0.
2014-05-13 18:47:58.533 VERBOSE Ssh(1)[10] SSH: Sending data:
 0000 |53-53-48-2D-32-2E-30-2D 52-65-62-65-78-53-53-48| SSH-2.0-RebexSSH
 0010 |5F-31-2E-30-2E-35-31-37 31-2E-30-0D-0A         | _1.0.5171.0..
2014-05-13 18:47:58.537 VERBOSE Ssh(1)[10] SSH: Received data:
 0000 |53-53-48-2D-32-2E-30-2D 4D-6F-63-61-6E-61-20-53| SSH-2.0-Mocana S
 0010 |53-48-20-0D-0A                                 | SH ..
2014-05-13 18:47:58.537 DEBUG Ssh(1)[10] SSH: Server is 'SSH-2.0-Mocana SSH '.
2014-05-13 18:47:58.540 INFO Ssh(1)[10] SSH: Negotiation started.
2014-05-13 18:47:58.567 VERBOSE Ssh(1)[10] SSH: Sending packet SSH_MSG_KEXINIT (879 bytes).
 0000 |14-83-33-5E-BF-27-53-76 EE-9A-D0-47-B7-2A-A0-0B| ..3^.'Sv...G.*..
 0010 |ED-00-00-00-7E-64-69-66 66-69-65-2D-68-65-6C-6C| ....~diffie-hell
 0020 |6D-61-6E-2D-67-72-6F-75 70-2D-65-78-63-68-61-6E| man-group-exchan
 0030 |67-65-2D-73-68-61-32-35 36-2C-64-69-66-66-69-65| ge-sha256,diffie
 0040 |2D-68-65-6C-6C-6D-61-6E 2D-67-72-6F-75-70-2D-65| -hellman-group-e
 0050 |78-63-68-61-6E-67-65-2D 73-68-61-31-2C-64-69-66| xchange-sha1,dif
 0060 |66-69-65-2D-68-65-6C-6C 6D-61-6E-2D-67-72-6F-75| fie-hellman-grou
 0070 |70-31-34-2D-73-68-61-31 2C-64-69-66-66-69-65-2D| p14-sha1,diffie-
 0080 |68-65-6C-6C-6D-61-6E-2D 67-72-6F-75-70-31-2D-73| hellman-group1-s
 0090 |68-61-31-00-00-00-0F-73 73-68-2D-64-73-73-2C-73| ha1....ssh-dss,s
 00A0 |73-68-2D-72-73-61-00-00 00-F1-61-65-73-32-35-36| sh-rsa....aes256
 00B0 |2D-63-74-72-2C-61-65-73 31-39-32-2D-63-74-72-2C| -ctr,aes192-ctr,
 00C0 |61-65-73-31-32-38-2D-63 74-72-2C-61-65-73-32-35| aes128-ctr,aes25
 00D0 |36-2D-63-62-63-2C-61-65 73-31-39-32-2D-63-62-63| 6-cbc,aes192-cbc
 00E0 |2C-61-65-73-31-32-38-2D 63-62-63-2C-33-64-65-73| ,aes128-cbc,3des
 00F0 |2D-63-74-72-2C-33-64-65 73-2D-63-62-63-2C-74-77| -ctr,3des-cbc,tw
 0100 |6F-66-69-73-68-32-35-36 2D-63-74-72-2C-74-77-6F| ofish256-ctr,two
 0110 |66-69-73-68-31-39-32-2D 63-74-72-2C-74-77-6F-66| fish192-ctr,twof
 0120 |69-73-68-31-32-38-2D-63 74-72-2C-74-77-6F-66-69| ish128-ctr,twofi
 0130 |73-68-32-35-36-2D-63-62 63-2C-74-77-6F-66-69-73| sh256-cbc,twofis
 0140 |68-31-39-32-2D-63-62-63 2C-74-77-6F-66-69-73-68| h192-cbc,twofish
 0150 |31-32-38-2D-63-62-63-2C 74-77-6F-66-69-73-68-2D| 128-cbc,twofish-
 0160 |63-62-63-2C-62-6C-6F-77 66-69-73-68-2D-63-74-72| cbc,blowfish-ctr
 0170 |2C-62-6C-6F-77-66-69-73 68-2D-63-62-63-2C-61-72| ,blowfish-cbc,ar
 0180 |63-66-6F-75-72-32-35-36 2C-61-72-63-66-6F-75-72| cfour256,arcfour
 0190 |31-32-38-2C-61-72-63-66 6F-75-72-00-00-00-F1-61| 128,arcfour....a
 01A0 |65-73-32-35-36-2D-63-74 72-2C-61-65-73-31-39-32| es256-ctr,aes192
 01B0 |2D-63-74-72-2C-61-65-73 31-32-38-2D-63-74-72-2C| -ctr,aes128-ctr,
 01C0 |61-65-73-32-35-36-2D-63 62-63-2C-61-65-73-31-39| aes256-cbc,aes19
 01D0 |32-2D-63-62-63-2C-61-65 73-31-32-38-2D-63-62-63| 2-cbc,aes128-cbc
 01E0 |2C-33-64-65-73-2D-63-74 72-2C-33-64-65-73-2D-63| ,3des-ctr,3des-c
 01F0 |62-63-2C-74-77-6F-66-69 73-68-32-35-36-2D-63-74| bc,twofish256-ct
 0200 |72-2C-74-77-6F-66-69-73 68-31-39-32-2D-63-74-72| r,twofish192-ctr
 0210 |2C-74-77-6F-66-69-73-68 31-32-38-2D-63-74-72-2C| ,twofish128-ctr,
 0220 |74-77-6F-66-69-73-68-32 35-36-2D-63-62-63-2C-74| twofish256-cbc,t
 0230 |77-6F-66-69-73-68-31-39 32-2D-63-62-63-2C-74-77| wofish192-cbc,tw
 0240 |6F-66-69-73-68-31-32-38 2D-63-62-63-2C-74-77-6F| ofish128-cbc,two
 0250 |66-69-73-68-2D-63-62-63 2C-62-6C-6F-77-66-69-73| fish-cbc,blowfis
 0260 |68-2D-63-74-72-2C-62-6C 6F-77-66-69-73-68-2D-63| h-ctr,blowfish-c
 0270 |62-63-2C-61-72-63-66-6F 75-72-32-35-36-2C-61-72| bc,arcfour256,ar
 0280 |63-66-6F-75-72-31-32-38 2C-61-72-63-66-6F-75-72| cfour128,arcfour
 0290 |00-00-00-47-68-6D-61-63 2D-73-68-61-31-2C-68-6D| ...Ghmac-sha1,hm
 02A0 |61-63-2D-6D-64-35-2C-68 6D-61-63-2D-73-68-61-32| ac-md5,hmac-sha2
 02B0 |2D-32-35-36-2C-68-6D-61 63-2D-73-68-61-32-2D-35| -256,hmac-sha2-5
 02C0 |31-32-2C-68-6D-61-63-2D 73-68-61-31-2D-39-36-2C| 12,hmac-sha1-96,
 02D0 |68-6D-61-63-2D-6D-64-35 2D-39-36-00-00-00-47-68| hmac-md5-96...Gh
 02E0 |6D-61-63-2D-73-68-61-31 2C-68-6D-61-63-2D-6D-64| mac-sha1,hmac-md
 02F0 |35-2C-68-6D-61-63-2D-73 68-61-32-2D-32-35-36-2C| 5,hmac-sha2-256,
 0300 |68-6D-61-63-2D-73-68-61 32-2D-35-31-32-2C-68-6D| hmac-sha2-512,hm
 0310 |61-63-2D-73-68-61-31-2D 39-36-2C-68-6D-61-63-2D| ac-sha1-96,hmac-
 0320 |6D-64-35-2D-39-36-00-00 00-1A-6E-6F-6E-65-2C-7A| md5-96....none,z
 0330 |6C-69-62-2C-7A-6C-69-62 40-6F-70-65-6E-73-73-68| lib,zlib@openssh
 0340 |2E-63-6F-6D-00-00-00-1A 6E-6F-6E-65-2C-7A-6C-69| .com....none,zli
 0350 |62-2C-7A-6C-69-62-40-6F 70-65-6E-73-73-68-2E-63| b,zlib@openssh.c
 0360 |6F-6D-00-00-00-00-00-00 00-00-00-00-00-00-00   | om.............
2014-05-13 18:47:58.571 VERBOSE Ssh(1)[10] SSH: Received packet SSH_MSG_KEXINIT (383 bytes).
 0000 |14-86-2B-AD-FB-C1-AE-6E EE-D4-58-5B-73-3B-B3-21| ..+....n..X[s;.!
 0010 |A8-00-00-00-1A-64-69-66 66-69-65-2D-68-65-6C-6C| .....diffie-hell
 0020 |6D-61-6E-2D-67-72-6F-75 70-31-2D-73-68-61-31-00| man-group1-sha1.
 0030 |00-00-07-73-73-68-2D-64 73-73-00-00-00-61-61-65| ...ssh-dss...aae
 0040 |73-32-35-36-2D-63-62-63 2C-72-69-6A-6E-64-61-65| s256-cbc,rijndae
 0050 |6C-32-35-36-2D-63-62-63 2C-61-65-73-31-39-32-2D| l256-cbc,aes192-
 0060 |63-62-63-2C-72-69-6A-6E 64-61-65-6C-31-39-32-2D| cbc,rijndael192-
 0070 |63-62-63-2C-61-65-73-31 32-38-2D-63-62-63-2C-72| cbc,aes128-cbc,r
 0080 |69-6A-6E-64-61-65-6C-31 32-38-2D-63-62-63-2C-33| ijndael128-cbc,3
 0090 |64-65-73-2D-63-62-63-2C 61-72-63-66-6F-75-72-00| des-cbc,arcfour.
 00A0 |00-00-61-61-65-73-32-35 36-2D-63-62-63-2C-72-69| ..aaes256-cbc,ri
 00B0 |6A-6E-64-61-65-6C-32-35 36-2D-63-62-63-2C-61-65| jndael256-cbc,ae
 00C0 |73-31-39-32-2D-63-62-63 2C-72-69-6A-6E-64-61-65| s192-cbc,rijndae
 00D0 |6C-31-39-32-2D-63-62-63 2C-61-65-73-31-32-38-2D| l192-cbc,aes128-
 00E0 |63-62-63-2C-72-69-6A-6E 64-61-65-6C-31-32-38-2D| cbc,rijndael128-
 00F0 |63-62-63-2C-33-64-65-73 2D-63-62-63-2C-61-72-63| cbc,3des-cbc,arc
 0100 |66-6F-75-72-00-00-00-2B 68-6D-61-63-2D-73-68-61| four...+hmac-sha
 0110 |31-2C-68-6D-61-63-2D-73 68-61-31-2D-39-36-2C-68| 1,hmac-sha1-96,h
 0120 |6D-61-63-2D-6D-64-35-2C 68-6D-61-63-2D-6D-64-35| mac-md5,hmac-md5
 0130 |2D-39-36-00-00-00-2B-68 6D-61-63-2D-73-68-61-31| -96...+hmac-sha1
 0140 |2C-68-6D-61-63-2D-73-68 61-31-2D-39-36-2C-68-6D| ,hmac-sha1-96,hm
 0150 |61-63-2D-6D-64-35-2C-68 6D-61-63-2D-6D-64-35-2D| ac-md5,hmac-md5-
 0160 |39-36-00-00-00-04-6E-6F 6E-65-00-00-00-04-6E-6F| 96....none....no
 0170 |6E-65-00-00-00-00-00-00 00-00-00-00-00-00-00   | ne.............
2014-05-13 18:47:58.588 DEBUG Ssh(1)[10] SSH: Negotiating key.
2014-05-13 18:47:58.621 VERBOSE Ssh(1)[10] SSH: Sending packet SSH_MSG_KEX_30 (134 bytes).
 0000 |1E-00-00-00-81-00-DA-AF C8-9F-36-75-E4-2C-8D-17| ..........6u.,..
 0010 |D9-AA-C4-C5-24-EA-54-84 B1-50-62-C0-3F-34-02-27| ....$.T..Pb.?4.'
 0020 |40-10-A7-68-2C-71-0B-57 E1-7F-40-A6-4A-CD-54-4A| @..h,q.W..@.J.TJ
 0030 |D5-65-95-D1-2D-90-B9-62 CD-E7-E3-DB-CB-BF-98-08|

1 Answer

+1 vote
by (147k points)
edited
 
Best answer

Actually, serverKex.GetKey() works correctly - the server's key length is in fact 291 bytes, which is caused by the fact that its P parameter is 648 bits long instead of 640 bits long (in fact, its 641 bits long, but its transmitted as a byte array, which makes it 648).

However, DSAManaged class (which is used instead of .NET's DSACryptoServiceProvider class for uncommon key lengths - but not this uncommon) should actually be able to handle this if the key size check is relaxed - please locate DSAManaged.ImportParameters method and change the key size checking code:

        if ((KeySizeValue & 0x3F) != 0 || KeySizeValue < 512 || KeySizeValue > 4096)

To this:

        if (KeySizeValue < 512 || KeySizeValue > 4096)

Give it a try and let me know whether it helps!

by (520 points)
edited

Hey Lucas,

That was the first thing I tried. But I was in debug mode, and paused on that point to manually move passed it and it messed with the exchange and something timed out and it didn't work, and I mistakenly assumed it wasn't me. face palm

That did indeed do the trick. Thanks!

by (147k points)
edited

Thanks for bringing this to our attention! We will relax this check for the next release as well.

...