Add configuration of key exchange algorithms for sshd

Add new config key "sshd.kex". The default and supported values are:

  1. ecdh-sha2-nistp521
  2. ecdh-sha2-nistp384
  3. ecdh-sha2-nistp256
  4. diffie-hellman-group-exchange-sha256
  5. diffie-hellman-group-exchange-sha1,
  6. diffie-hellman-group14-sha1
  7. diffie-hellman-group1-sha1

With Bouncy Castle installed, all of the above are supported (previously
only 6 and 7). With JCE, only 7 is available.

Bug: Issue 3517
Change-Id: I6b44e88dc4a0ff8f693f21510aba30546bf4cd99
(cherry picked from commit b4a04fa1c5)

Documentation/config-gerrit.txt

@@ -3654,6 +3654,40 @@ Supported MACs: `hmac-md5`, `hmac-md5-96`, `hmac-sha1`, `hmac-sha1-96`,
 +
 By default, all supported MACs are available.
 
+[[sshd.kex]]sshd.kex::
++
+--
+Available key exchange algorithms. To permit multiple algorithms,
+specify multiple `sshd.kex` keys in the configuration file, one key
+exchange algorithm per key.  Key exchange algorithm names starting
+with `+` are enabled in addition to the default key exchange
+algorithms, key exchange algorithm names starting with `-` are
+removed from the default key exchange algorithms.
+
+In the following example configuration, support for the 1024-bit
+`diffie-hellman-group1-sha1` key exchange is disabled while leaving
+all of the other default algorithms enabled:
+
+----
+[sshd]
+  kex = -diffie-hellman-group1-sha1
+----
+
+Supported key exchange algorithms:
+
+* `ecdh-sha2-nistp521`
+* `ecdh-sha2-nistp384`
+* `ecdh-sha2-nistp256`
+* `diffie-hellman-group-exchange-sha256`
+* `diffie-hellman-group-exchange-sha1`
+* `diffie-hellman-group14-sha1`
+* `diffie-hellman-group1-sha1`
+
+By default, all supported key exchange algorithms are available.
+Without Bouncy Castle, `diffie-hellman-group1-sha1` is the only
+available algorithm.
+--
+
 [[sshd.kerberosKeytab]]sshd.kerberosKeytab::
 +
 Enable kerberos authentication for SSH connections.  To permit

gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java

@@ -56,7 +56,7 @@ import org.apache.sshd.common.io.IoSession;
 import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
 import org.apache.sshd.common.io.mina.MinaSession;
 import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
-import org.apache.sshd.common.kex.BuiltinDHFactories;
+import org.apache.sshd.common.kex.KeyExchange;
 import org.apache.sshd.common.keyprovider.KeyPairProvider;
 import org.apache.sshd.common.mac.Mac;
 import org.apache.sshd.common.random.JceRandomFactory;
@@ -223,6 +223,7 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
       initProviderJce();
     }
     initCiphers(cfg);
+    initKeyExchanges(cfg);
     initMacs(cfg);
     initSignatures();
     initChannels();
@@ -426,14 +427,15 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
     return r.toString();
   }
 
+  @SuppressWarnings("unchecked")
+  private void initKeyExchanges(Config cfg) {
+    List<NamedFactory<KeyExchange>> a =
+        ServerBuilder.setUpDefaultKeyExchanges(true);
+    setKeyExchangeFactories(filter(cfg, "kex",
+        (NamedFactory<KeyExchange>[])a.toArray(new NamedFactory[a.size()])));
+  }
+
   private void initProviderBouncyCastle(Config cfg) {
-    setKeyExchangeFactories(
-        NamedFactory.Utils.setUpTransformedFactories(true,
-            Collections.unmodifiableList(Arrays.asList(
-                BuiltinDHFactories.dhg14,
-                BuiltinDHFactories.dhg1
-            )),
-        ServerBuilder.DH2KEX));
     NamedFactory<Random> factory;
     if (cfg.getBoolean("sshd", null, "testUseInsecureRandom", false)) {
       factory = new InsecureBouncyCastleRandom.Factory();
@@ -508,13 +510,6 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener {
   }
 
   private void initProviderJce() {
-    setKeyExchangeFactories(
-        NamedFactory.Utils.setUpTransformedFactories(true,
-            Collections.unmodifiableList(Arrays.asList(
-                BuiltinDHFactories.dhg1
-            )),
-        ServerBuilder.DH2KEX));
-    setKeyExchangeFactories(ServerBuilder.setUpDefaultKeyExchanges(true));
     setRandomFactory(new SingletonRandomFactory(JceRandomFactory.INSTANCE));
   }