Change how clientExchangeValue is calculated (#130)

src/Renci.SshNet.Tests/Classes/Common/BigIntegerTest.cs

@@ -16,6 +16,7 @@
 using System.Threading;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 using Renci.SshNet.Common;
+using System.Text.RegularExpressions;
 #if FEATURE_NUMERICS_BIGINTEGER
 using BigInteger = System.Numerics.BigInteger;
 #else
@@ -1650,6 +1651,66 @@ public void Zero()
             Assert.AreEqual(0, zero.Sign);
         }
 
+        [TestMethod]
+        public void TestClientExhcangeGenerationItem130()
+        {
+            var test = "1090748135619415929450294929359784500348155124953172211774101106966150168922785639028532473848836817769712164169076432969224698752674677662739994265785437233596157045970922338040698100507861033047312331823982435279475700199860971612732540528796554502867919746776983759391475987142521315878719577519148811830879919426939958487087540965716419167467499326156226529675209172277001377591248147563782880558861083327174154014975134893125116015776318890295960698011614157721282527539468816519319333337503114777192360412281721018955834377615480468479252748867320362385355596601795122806756217713579819870634321561907813255153703950795271232652404894983869492174481652303803498881366210508647263668376514131031102336837488999775744046733651827239395353540348414872854639719294694323450186884189822544540647226987292160693184734654941906936646576130260972193280317171696418971553954161446191759093719524951116705577362073481319296041201283516154269044389257727700289684119460283480452306204130024913879981135908026983868205969318167819680850998649694416907952712904962404937775789698917207356355227455066183815847669135530549755439819480321732925869069136146085326382334628745456398071603058051634209386708703306545903199608523824513729625136659128221100967735450519952404248198262813831097374261650380017277916975324134846574681307337017380830353680623216336949471306191686438249305686413380231046096450953594089375540285037292470929395114028305547452584962074309438151825437902976012891749355198678420603722034900311364893046495761404333938686140037848030916292543273684533640032637639100774502371542479302473698388692892420946478947733800387782741417786484770190108867879778991633218628640533982619322466154883011452291890252336487236086654396093853898628805813177559162076363154436494477507871294119841637867701722166609831201845484078070518041336869808398454625586921201308185638888082699408686536045192649569198110353659943111802300636106509865023943661829436426563007917282050894429388841748885398290707743052973605359277515749619730823773215894755121761467887865327707115573804264519206349215850195195364813387526811742474131549802130246506341207020335797706780705406945275438806265978516209706795702579244075380490231741030862614968783306207869687868108423639971983209077624758080499988275591392787267627182442892809646874228263172435642368588260139161962836121481966092745325488641054238839295138992979335446110090325230955276870524611359124918392740353154294858383359";
+            BigInteger prime;
+            BigInteger.TryParse(test, NumberStyles.Number, NumberFormatInfo.CurrentInfo, out prime);
+
+            BigInteger group = 2;
+            var bitLength = prime.BitLength;
+
+            BigInteger clientExchangeValue;
+            do
+            {
+                var randomValue = BigInteger.Random(bitLength);
+
+                //clientExchangeValue = BigInteger.ModPow(group, randomValue, prime);
+                clientExchangeValue = (group ^ randomValue) % prime;
+            } while (clientExchangeValue < 1 || clientExchangeValue > (prime - 1));
+        }
+
+        [TestMethod]
+        public void TestClientExhcangeGenerationGroup1()
+        {
+            var test = "00FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF";
+            BigInteger prime;
+            BigInteger.TryParse(test, NumberStyles.AllowHexSpecifier, NumberFormatInfo.CurrentInfo, out prime);
+
+            BigInteger group = 2;
+            var bitLength = prime.BitLength;
+
+            BigInteger clientExchangeValue;
+            do
+            {
+                var randomValue = BigInteger.Random(bitLength);
+
+                //clientExchangeValue = BigInteger.ModPow(group, randomValue, prime);
+                clientExchangeValue = (group ^ randomValue) % prime;
+            } while (clientExchangeValue < 1 || clientExchangeValue > (prime - 1));
+        }
+
+        [TestMethod]
+        public void TestClientExhcangeGenerationGroup14()
+        {
+            var test = "00FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF";
+            BigInteger prime;
+            BigInteger.TryParse(test, NumberStyles.AllowHexSpecifier, NumberFormatInfo.CurrentInfo, out prime);
+
+            BigInteger group = 2;
+            var bitLength = prime.BitLength;
+
+            BigInteger clientExchangeValue;
+            do
+            {
+                var randomValue = BigInteger.Random(bitLength);
+
+                //clientExchangeValue = BigInteger.ModPow(group, randomValue, prime);
+                clientExchangeValue = (group ^ randomValue) % prime;
+            } while (clientExchangeValue < 1 || clientExchangeValue > (prime - 1));
+        }
+
         private static void AssertEqual(byte[] a, byte[] b)
         {
             Assert.IsTrue(a.IsEqualTo(b));

src/Renci.SshNet/Common/BigInteger.cs

@@ -165,18 +165,36 @@ public static BigInteger PositiveMod(BigInteger dividend, BigInteger divisor)
         }
 
         /// <summary>
-        /// Generates random <see cref="BigInteger"/> number.
+        /// Generates a new, random <see cref="BigInteger"/> of the specified length.
         /// </summary>
-        /// <param name="bitLength">Length of random number in bits.</param>
-        /// <returns>
-        /// A random number.
-        /// </returns>
+        /// <param name="bitLength">The number of bits for the new number.</param>
+        /// <returns>A random number of the specified length.</returns>
         public static BigInteger Random(int bitLength)
         {
-            var bytesArray = new byte[bitLength / 8 + (((bitLength % 8) > 0) ? 1 : 0)];
-            CryptoAbstraction.GenerateRandom(bytesArray);
-            bytesArray[bytesArray.Length - 1] = (byte)(bytesArray[bytesArray.Length - 1] & 0x7F);   //  Ensure not a negative value
-            return new BigInteger(bytesArray);
+            int dwords = bitLength >> 5;
+            int remBits = bitLength & 0x1F;
+
+            if (remBits != 0)
+                dwords++;
+
+            BigInteger ret = new BigInteger(1, new uint[(uint)dwords + 1]);
+            byte[] random = new byte[dwords << 2];
+
+            CryptoAbstraction.GenerateRandom(random);
+            Buffer.BlockCopy(random, 0, ret._data, 0, (int)dwords << 2);
+
+            if (remBits != 0)
+            {
+                uint mask = (uint)(0x01 << (remBits - 1));
+                ret._data[dwords - 1] |= mask;
+
+                mask = (uint)(0xFFFFFFFF >> (32 - remBits));
+                ret._data[dwords - 1] &= mask;
+            }
+            else
+                ret._data[dwords - 1] |= 0x80000000;
+
+            return ret;
         }
 
         #endregion SSH.NET additions