273
|
1 /*
|
|
2 * Copyright (c) 2006-2013 Christian Plattner. All rights reserved.
|
|
3 * Please refer to the LICENSE.txt for licensing details.
|
|
4 */
|
|
5 package ch.ethz.ssh2.transport;
|
|
6
|
|
7 import java.io.IOException;
|
|
8 import java.security.DigestException;
|
287
|
9 import java.security.interfaces.DSAPrivateKey;
|
|
10 import java.security.interfaces.DSAPublicKey;
|
|
11 import java.security.interfaces.ECPrivateKey;
|
|
12 import java.security.interfaces.ECPublicKey;
|
|
13 import java.security.interfaces.RSAPrivateKey;
|
|
14 import java.security.interfaces.RSAPublicKey;
|
316
|
15 import java.math.BigInteger;
|
305
d2b303406d63
remove extra override annotations that generate eclipse compiler errors
Carl Byington <carl@five-ten-sg.com>
diff
changeset
|
16
|
273
|
17 import ch.ethz.ssh2.ConnectionInfo;
|
|
18 import ch.ethz.ssh2.PacketTypeException;
|
|
19 import ch.ethz.ssh2.auth.ServerAuthenticationManager;
|
|
20 import ch.ethz.ssh2.crypto.cipher.BlockCipher;
|
|
21 import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory;
|
311
|
22 import ch.ethz.ssh2.crypto.dh.GenericDhExchange;
|
273
|
23 import ch.ethz.ssh2.crypto.digest.MAC;
|
|
24 import ch.ethz.ssh2.packets.PacketKexDHInit;
|
|
25 import ch.ethz.ssh2.packets.PacketKexDHReply;
|
|
26 import ch.ethz.ssh2.packets.PacketKexInit;
|
|
27 import ch.ethz.ssh2.packets.Packets;
|
|
28 import ch.ethz.ssh2.server.ServerConnectionState;
|
|
29 import ch.ethz.ssh2.signature.DSASHA1Verify;
|
283
|
30 import ch.ethz.ssh2.signature.ECDSASHA2Verify;
|
273
|
31 import ch.ethz.ssh2.signature.RSASHA1Verify;
|
|
32
|
|
33 /**
|
|
34 * @version $Id: ServerKexManager.java 160 2014-05-01 14:30:26Z dkocher@sudo.ch $
|
|
35 */
|
|
36 public class ServerKexManager extends KexManager {
|
|
37
|
|
38 private final ServerConnectionState state;
|
|
39
|
|
40 private boolean authenticationStarted = false;
|
|
41
|
|
42 public ServerKexManager(ServerConnectionState state) {
|
|
43 super(state.tm, state.csh, state.next_cryptoWishList, state.generator);
|
|
44 this.state = state;
|
|
45 }
|
|
46
|
|
47 public void handleFailure(final IOException failure) {
|
330
|
48 synchronized (accessLock) {
|
273
|
49 connectionClosed = true;
|
|
50 accessLock.notifyAll();
|
|
51 }
|
|
52 }
|
|
53
|
|
54 public void handleMessage(byte[] msg) throws IOException {
|
|
55 PacketKexInit kip;
|
|
56
|
306
|
57 if (msg == null) {
|
|
58 synchronized (accessLock) {
|
|
59 connectionClosed = true;
|
|
60 accessLock.notifyAll();
|
|
61 return;
|
|
62 }
|
|
63 }
|
|
64
|
330
|
65 if ((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) {
|
273
|
66 throw new PacketTypeException(msg[0]);
|
|
67 }
|
|
68
|
330
|
69 if (ignore_next_kex_packet) {
|
273
|
70 ignore_next_kex_packet = false;
|
|
71 return;
|
|
72 }
|
|
73
|
330
|
74 if (msg[0] == Packets.SSH_MSG_KEXINIT) {
|
|
75 if ((kxs != null) && (kxs.state != 0)) {
|
273
|
76 throw new PacketTypeException(msg[0]);
|
|
77 }
|
|
78
|
330
|
79 if (kxs == null) {
|
273
|
80 /*
|
|
81 * Ah, OK, peer wants to do KEX. Let's be nice and play
|
330
|
82 * together.
|
|
83 */
|
273
|
84 kxs = new KexState();
|
|
85 kxs.local_dsa_key = nextKEXdsakey;
|
|
86 kxs.local_rsa_key = nextKEXrsakey;
|
298
|
87 kxs.local_ec_key = nextKEXeckey;
|
273
|
88 kxs.dhgexParameters = nextKEXdhgexParameters;
|
|
89 kip = new PacketKexInit(nextKEXcryptoWishList, rnd);
|
|
90 kxs.localKEX = kip;
|
|
91 tm.sendKexMessage(kip.getPayload());
|
|
92 }
|
|
93
|
|
94 kip = new PacketKexInit(msg);
|
|
95 kxs.remoteKEX = kip;
|
|
96 kxs.np = mergeKexParameters(kxs.remoteKEX.getKexParameters(), kxs.localKEX.getKexParameters());
|
|
97
|
330
|
98 if (kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) {
|
273
|
99 // Guess was wrong, we need to ignore the next kex packet.
|
|
100 ignore_next_kex_packet = true;
|
|
101 }
|
|
102
|
306
|
103 if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") ||
|
330
|
104 kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") ||
|
|
105 kxs.np.kex_algo.equals("ecdh-sha2-nistp256") ||
|
|
106 kxs.np.kex_algo.equals("ecdh-sha2-nistp384") ||
|
|
107 kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) {
|
306
|
108 kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo);
|
|
109 kxs.dhx.init(kxs.np.kex_algo);
|
273
|
110 kxs.state = 1;
|
|
111 return;
|
|
112 }
|
|
113
|
|
114 throw new IllegalStateException("Unkown KEX method!");
|
|
115 }
|
|
116
|
330
|
117 if (msg[0] == Packets.SSH_MSG_NEWKEYS) {
|
|
118 if (km == null) {
|
273
|
119 throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!");
|
|
120 }
|
|
121
|
|
122 BlockCipher cbc;
|
|
123 MAC mac;
|
|
124
|
|
125 try {
|
|
126 cbc = BlockCipherFactory.createCipher(kxs.np.enc_algo_client_to_server, false,
|
330
|
127 km.enc_key_client_to_server, km.initial_iv_client_to_server);
|
273
|
128
|
|
129 try {
|
|
130 mac = new MAC(kxs.np.mac_algo_client_to_server, km.integrity_key_client_to_server);
|
|
131 }
|
330
|
132 catch (DigestException e) {
|
273
|
133 throw new IOException(e);
|
|
134 }
|
|
135 }
|
330
|
136 catch (IllegalArgumentException e) {
|
273
|
137 throw new IOException(e);
|
|
138 }
|
|
139
|
|
140 tm.changeRecvCipher(cbc, mac);
|
|
141 ConnectionInfo sci = new ConnectionInfo();
|
|
142 kexCount++;
|
|
143 sci.keyExchangeAlgorithm = kxs.np.kex_algo;
|
|
144 sci.keyExchangeCounter = kexCount;
|
|
145 sci.clientToServerCryptoAlgorithm = kxs.np.enc_algo_client_to_server;
|
|
146 sci.serverToClientCryptoAlgorithm = kxs.np.enc_algo_server_to_client;
|
|
147 sci.clientToServerMACAlgorithm = kxs.np.mac_algo_client_to_server;
|
|
148 sci.serverToClientMACAlgorithm = kxs.np.mac_algo_server_to_client;
|
|
149 sci.serverHostKeyAlgorithm = kxs.np.server_host_key_algo;
|
|
150 sci.serverHostKey = kxs.remote_hostkey;
|
|
151
|
330
|
152 synchronized (accessLock) {
|
273
|
153 lastConnInfo = sci;
|
|
154 accessLock.notifyAll();
|
|
155 }
|
|
156
|
|
157 kxs = null;
|
|
158 return;
|
|
159 }
|
|
160
|
330
|
161 if ((kxs == null) || (kxs.state == 0)) {
|
273
|
162 throw new IOException("Unexpected Kex submessage!");
|
|
163 }
|
|
164
|
306
|
165 if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") ||
|
330
|
166 kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") ||
|
|
167 kxs.np.kex_algo.equals("ecdh-sha2-nistp256") ||
|
|
168 kxs.np.kex_algo.equals("ecdh-sha2-nistp384") ||
|
|
169 kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) {
|
|
170 if (kxs.state == 1) {
|
273
|
171 PacketKexDHInit dhi = new PacketKexDHInit(msg);
|
|
172 kxs.dhx.setE(dhi.getE());
|
|
173 byte[] hostKey = null;
|
|
174
|
298
|
175 if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) {
|
302
|
176 hostKey = ECDSASHA2Verify.encodeSSHECDSAPublicKey((ECPublicKey)kxs.local_ec_key.getPublic());
|
298
|
177 }
|
|
178
|
330
|
179 if (kxs.np.server_host_key_algo.equals("ssh-rsa")) {
|
285
|
180 hostKey = RSASHA1Verify.encodeSSHRSAPublicKey((RSAPublicKey)kxs.local_rsa_key.getPublic());
|
273
|
181 }
|
|
182
|
330
|
183 if (kxs.np.server_host_key_algo.equals("ssh-dss")) {
|
285
|
184 hostKey = DSASHA1Verify.encodeSSHDSAPublicKey((DSAPublicKey)kxs.local_dsa_key.getPublic());
|
273
|
185 }
|
|
186
|
|
187 try {
|
|
188 kxs.H = kxs.dhx.calculateH(csh.getClientString(), csh.getServerString(),
|
330
|
189 kxs.remoteKEX.getPayload(), kxs.localKEX.getPayload(), hostKey);
|
273
|
190 }
|
330
|
191 catch (IllegalArgumentException e) {
|
273
|
192 throw new IOException("KEX error.", e);
|
|
193 }
|
|
194
|
|
195 kxs.K = kxs.dhx.getK();
|
|
196 byte[] signature = null;
|
|
197
|
298
|
198 if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) {
|
302
|
199 ECPrivateKey pk = (ECPrivateKey)kxs.local_ec_key.getPrivate();
|
|
200 byte[] es = ECDSASHA2Verify.generateSignature(kxs.H, pk);
|
|
201 signature = ECDSASHA2Verify.encodeSSHECDSASignature(es, pk.getParams());
|
298
|
202 }
|
|
203
|
|
204 if (kxs.np.server_host_key_algo.equals("ssh-rsa")) {
|
285
|
205 byte[] rs = RSASHA1Verify.generateSignature(kxs.H, (RSAPrivateKey)kxs.local_rsa_key.getPrivate());
|
273
|
206 signature = RSASHA1Verify.encodeSSHRSASignature(rs);
|
|
207 }
|
|
208
|
298
|
209 if (kxs.np.server_host_key_algo.equals("ssh-dss")) {
|
285
|
210 byte[] ds = DSASHA1Verify.generateSignature(kxs.H, (DSAPrivateKey)kxs.local_dsa_key.getPrivate(), rnd);
|
273
|
211 signature = DSASHA1Verify.encodeSSHDSASignature(ds);
|
|
212 }
|
|
213
|
314
|
214 PacketKexDHReply dhr = new PacketKexDHReply(hostKey, new BigInteger(kxs.dhx.getF()), signature);
|
273
|
215 tm.sendKexMessage(dhr.getPayload());
|
|
216 finishKex(false);
|
|
217 kxs.state = -1;
|
|
218
|
330
|
219 if (authenticationStarted == false) {
|
273
|
220 authenticationStarted = true;
|
|
221 state.am = new ServerAuthenticationManager(state);
|
|
222 }
|
|
223
|
|
224 return;
|
|
225 }
|
|
226 }
|
330
|
227
|
273
|
228 throw new IllegalStateException(String.format("Unknown KEX method %s", kxs.np.kex_algo));
|
|
229 }
|
|
230 }
|