Drop DSA (#1558)

DSA is removed at compile time from OpenSSH 9.8 and higher. That means we can no longer test it in our integration tests. It seems like a good time to remove it. From the OpenSSH release notes: DSA, as specified in the SSHv2 protocol, is inherently weak - being limited to a 160 bit private key and use of the SHA1 digest. Its estimated security level is only 80 bits symmetric equivalent. OpenSSH has disabled DSA keys by default since 2015 but has retained run-time optional support for them. DSA was the only mandatory-to- implement algorithm in the SSHv2 RFCs, mostly because alternative algorithms were encumbered by patents when the SSHv2 protocol was specified. This has not been the case for decades at this point and better algorithms are well supported by all actively-maintained SSH implementations. We do not consider the costs of maintaining DSA in OpenSSH to be justified and hope that removing it from OpenSSH can accelerate its wider deprecation in supporting cryptography libraries.
sshnet · Jan 3, 2025 · 60f3cd8 · 60f3cd8
1 parent 2e68828
commit 60f3cd8
Show file tree

Hide file tree

Showing 25 changed files with 6 additions and 749 deletions.
diff --git a/src/Renci.SshNet/ConnectionInfo.cs b/src/Renci.SshNet/ConnectionInfo.cs
@@ -407,7 +407,6 @@ public ConnectionInfo(string host, int port, string username, ProxyTypes proxyTy
             hostAlgs.Add("rsa-sha2-512", data => { var key = new RsaKey(new SshKeyData(data)); return new KeyHostAlgorithm("rsa-sha2-512", key, new RsaDigitalSignature(key, HashAlgorithmName.SHA512)); });
             hostAlgs.Add("rsa-sha2-256", data => { var key = new RsaKey(new SshKeyData(data)); return new KeyHostAlgorithm("rsa-sha2-256", key, new RsaDigitalSignature(key, HashAlgorithmName.SHA256)); });
             hostAlgs.Add("ssh-rsa", data => new KeyHostAlgorithm("ssh-rsa", new RsaKey(new SshKeyData(data))));
-            hostAlgs.Add("ssh-dss", data => new KeyHostAlgorithm("ssh-dss", new DsaKey(new SshKeyData(data))));
 #pragma warning restore SA1107 // Code should not contain multiple statements on one line
             HostKeyAlgorithms = hostAlgs;
 

diff --git a/src/Renci.SshNet/PrivateKeyFile.PKCS1.cs b/src/Renci.SshNet/PrivateKeyFile.PKCS1.cs
@@ -80,8 +80,6 @@ public Key Parse()
                 {
                     case "RSA PRIVATE KEY":
                         return new RsaKey(decryptedData);
-                    case "DSA PRIVATE KEY":
-                        return new DsaKey(decryptedData);
                     case "EC PRIVATE KEY":
                         return new EcdsaKey(decryptedData);
                     default:

diff --git a/src/Renci.SshNet/PrivateKeyFile.PKCS8.cs b/src/Renci.SshNet/PrivateKeyFile.PKCS8.cs
@@ -54,27 +54,6 @@ public Key Parse()
                     return new RsaKey(key);
                 }
 
-                if (algorithmOid.Equals(X9ObjectIdentifiers.IdDsa))
-                {
-                    var parameters = privateKeyInfo.PrivateKeyAlgorithm.Parameters.GetDerEncoded();
-                    var parametersReader = new AsnReader(parameters, AsnEncodingRules.BER);
-                    var sequenceReader = parametersReader.ReadSequence();
-                    parametersReader.ThrowIfNotEmpty();
-
-                    var p = sequenceReader.ReadInteger();
-                    var q = sequenceReader.ReadInteger();
-                    var g = sequenceReader.ReadInteger();
-                    sequenceReader.ThrowIfNotEmpty();
-
-                    var keyReader = new AsnReader(key, AsnEncodingRules.BER);
-                    var x = keyReader.ReadInteger();
-                    keyReader.ThrowIfNotEmpty();
-
-                    var y = BigInteger.ModPow(g, x, p);
-
-                    return new DsaKey(p, q, g, y, x);
-                }
-
                 if (algorithmOid.Equals(X9ObjectIdentifiers.IdECPublicKey))
                 {
                     var parameters = privateKeyInfo.PrivateKeyAlgorithm.Parameters.GetDerEncoded();

diff --git a/src/Renci.SshNet/PrivateKeyFile.PuTTY.cs b/src/Renci.SshNet/PrivateKeyFile.PuTTY.cs
@@ -184,20 +184,12 @@ public Key Parse()
                         var prv = privateKeyReader.ReadBignum2();
                         parsedKey = new EcdsaKey(curve, pub, prv);
                         break;
-                    case "ssh-dss":
-                        var p = publicKeyReader.ReadBignum();
-                        var q = publicKeyReader.ReadBignum();
-                        var g = publicKeyReader.ReadBignum();
-                        var y = publicKeyReader.ReadBignum();
-                        var x = privateKeyReader.ReadBignum();
-                        parsedKey = new DsaKey(p, q, g, y, x);
-                        break;
                     case "ssh-rsa":
                         var exponent = publicKeyReader.ReadBignum(); // e
                         var modulus = publicKeyReader.ReadBignum(); // n
                         var d = privateKeyReader.ReadBignum(); // d
-                        p = privateKeyReader.ReadBignum(); // p
-                        q = privateKeyReader.ReadBignum(); // q
+                        var p = privateKeyReader.ReadBignum(); // p
+                        var q = privateKeyReader.ReadBignum(); // q
                         var inverseQ = privateKeyReader.ReadBignum(); // iqmp
                         parsedKey = new RsaKey(modulus, exponent, d, p, q, inverseQ);
                         break;

diff --git a/src/Renci.SshNet/PrivateKeyFile.SSHCOM.cs b/src/Renci.SshNet/PrivateKeyFile.SSHCOM.cs
@@ -83,21 +83,6 @@ public Key Parse()
                     var p = reader.ReadBigIntWithBits(); // q
                     return new RsaKey(modulus, exponent, d, p, q, inverseQ);
                 }
-                else if (keyType.Contains("dsa"))
-                {
-                    var zero = reader.ReadUInt32();
-                    if (zero != 0)
-                    {
-                        throw new SshException("Invalid private key");
-                    }
-
-                    var p = reader.ReadBigIntWithBits();
-                    var g = reader.ReadBigIntWithBits();
-                    var q = reader.ReadBigIntWithBits();
-                    var y = reader.ReadBigIntWithBits();
-                    var x = reader.ReadBigIntWithBits();
-                    return new DsaKey(p, q, g, y, x);
-                }
 
                 throw new NotSupportedException(string.Format("Key type '{0}' is not supported.", keyType));
             }

diff --git a/src/Renci.SshNet/PrivateKeyFile.cs b/src/Renci.SshNet/PrivateKeyFile.cs
@@ -381,10 +381,6 @@ private void Open(Stream privateKey, string? passPhrase)
                 _hostAlgorithms.Add(new KeyHostAlgorithm("rsa-sha2-256", _key, new RsaDigitalSignature(rsaKey, HashAlgorithmName.SHA256)));
 #pragma warning restore CA2000 // Dispose objects before losing scope
             }
-            else if (_key is DsaKey)
-            {
-                _hostAlgorithms.Add(new KeyHostAlgorithm("ssh-dss", _key));
-            }
             else
             {
                 _hostAlgorithms.Add(new KeyHostAlgorithm(_key.ToString(), _key));

diff --git a/src/Renci.SshNet/Security/Certificate.cs b/src/Renci.SshNet/Security/Certificate.cs
@@ -348,9 +348,6 @@ private Key ReadPublicKey(out SshKeyData keyData)
                     case "[email protected]":
                         keyData = new SshKeyData("ssh-rsa", LoadPublicKeys(2));
                         return new RsaKey(keyData);
-                    case "[email protected]":
-                        keyData = new SshKeyData("ssh-dss", LoadPublicKeys(4));
-                        return new DsaKey(keyData);
                     case "[email protected]":
                     case "[email protected]":
                     case "[email protected]":

diff --git a/src/Renci.SshNet/Security/Cryptography/DsaDigitalSignature.cs b/src/Renci.SshNet/Security/Cryptography/DsaDigitalSignature.cs