Mercurial > 510Connectbot

comparison src/ch/ethz/ssh2/transport/KexManager.java @ 300:349847b2e318 ganymed

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add ecdsa key support everywhere
author Carl Byington <carl@five-ten-sg.com>
date Tue, 29 Jul 2014 18:36:57 -0700
parents 486df527ddc5
children ca5dd224a87b
comparison
equal deleted inserted replaced
299:4c3a4e88c027 300:349847b2e318
35 * @version $Id: KexManager.java 152 2014-04-28 11:02:23Z dkocher@sudo.ch $ 35 * @version $Id: KexManager.java 152 2014-04-28 11:02:23Z dkocher@sudo.ch $
36 */ 36 */
37 public abstract class KexManager implements MessageHandler { 37 public abstract class KexManager implements MessageHandler {
38 protected static final Logger log = Logger.getLogger(KexManager.class); 38 protected static final Logger log = Logger.getLogger(KexManager.class);
39 39
40 private static final Set<String> HOSTKEY_ALGS = new TreeSet<String>();
41 static {
42 HOSTKEY_ALGS.add("ecdsa-sha2-nistp256");
43 HOSTKEY_ALGS.add("ecdsa-sha2-nistp384");
44 HOSTKEY_ALGS.add("ecdsa-sha2-nistp521");
45 HOSTKEY_ALGS.add("ssh-rsa");
46 HOSTKEY_ALGS.add("ssh-dss");
47 }
48
49 private static final Set<String> KEX_ALGS = new TreeSet<String>();
50 static {
51 KEX_ALGS.add("ecdh-sha2-nistp256");
52 KEX_ALGS.add("ecdh-sha2-nistp384");
53 KEX_ALGS.add("ecdh-sha2-nistp521");
54 KEX_ALGS.add("diffie-hellman-group-exchange-sha256");
55 KEX_ALGS.add("diffie-hellman-group-exchange-sha1");
56 KEX_ALGS.add("diffie-hellman-group14-sha1");
57 KEX_ALGS.add("diffie-hellman-group1-sha1");
58 }
59
40 KexState kxs; 60 KexState kxs;
41 int kexCount = 0; 61 int kexCount = 0;
42 KeyMaterial km; 62 KeyMaterial km;
43 byte[] sessionId; 63 byte[] sessionId;
44 ClientServerHello csh; 64 ClientServerHello csh;
54 74
55 CryptoWishList nextKEXcryptoWishList; 75 CryptoWishList nextKEXcryptoWishList;
56 DHGexParameters nextKEXdhgexParameters; 76 DHGexParameters nextKEXdhgexParameters;
57 KeyPair nextKEXdsakey; 77 KeyPair nextKEXdsakey;
58 KeyPair nextKEXrsakey; 78 KeyPair nextKEXrsakey;
79 KeyPair nextKEXeckey;
59 80
60 final SecureRandom rnd; 81 final SecureRandom rnd;
61 82
62 public KexManager(TransportManager tm, ClientServerHello csh, CryptoWishList initialCwl, SecureRandom rnd) { 83 public KexManager(TransportManager tm, ClientServerHello csh, CryptoWishList initialCwl, SecureRandom rnd) {
63 this.tm = tm; 84 this.tm = tm;
180 np.guessOK = true; 201 np.guessOK = true;
181 } 202 }
182 return np; 203 return np;
183 } 204 }
184 205
185 public synchronized void initiateKEX(CryptoWishList cwl, DHGexParameters dhgex, KeyPair dsa, KeyPair rsa) 206 public synchronized void initiateKEX(CryptoWishList cwl, DHGexParameters dhgex, KeyPair dsa, KeyPair rsa, KeyPair ec)
186 throws IOException { 207 throws IOException {
187 nextKEXcryptoWishList = cwl; 208 nextKEXcryptoWishList = cwl;
188 nextKEXdhgexParameters = dhgex; 209 nextKEXdhgexParameters = dhgex;
189 nextKEXdsakey = dsa; 210 nextKEXdsakey = dsa;
190 nextKEXrsakey = rsa; 211 nextKEXrsakey = rsa;
212 nextKEXeckey = ec;
191 213
192 if(kxs == null) { 214 if(kxs == null) {
193 kxs = new KexState(); 215 kxs = new KexState();
194 kxs.local_dsa_key = dsa; 216 kxs.local_dsa_key = dsa;
195 kxs.local_rsa_key = rsa; 217 kxs.local_rsa_key = rsa;
218 kxs.local_ec_key = ec;
196 kxs.dhgexParameters = nextKEXdhgexParameters; 219 kxs.dhgexParameters = nextKEXdhgexParameters;
197 kxs.localKEX = new PacketKexInit(nextKEXcryptoWishList, rnd); 220 kxs.localKEX = new PacketKexInit(nextKEXcryptoWishList, rnd);
198 tm.sendKexMessage(kxs.localKEX.getPayload()); 221 tm.sendKexMessage(kxs.localKEX.getPayload());
199 } 222 }
200 } 223 }
258 tm.changeSendCompression(comp); 281 tm.changeSendCompression(comp);
259 tm.kexFinished(); 282 tm.kexFinished();
260 } 283 }
261 284
262 public static String[] getDefaultServerHostkeyAlgorithmList() { 285 public static String[] getDefaultServerHostkeyAlgorithmList() {
263 return new String[]{"ssh-rsa", "ssh-dss"}; 286 return HOSTKEY_ALGS.toArray(new String[HOSTKEY_ALGS.size()]);
264 } 287 }
265 288
266 public static void checkServerHostkeyAlgorithmsList(String[] algos) { 289 public static void checkServerHostkeyAlgorithmsList(String[] algos) {
267 for(final String algo : algos) { 290 for (final String algo : algos) {
268 if("ssh-rsa".equals(algo)) { 291 if (!HOSTKEY_ALGS.contains(algo))
269 continue; 292 throw new IllegalArgumentException("Unknown server host key algorithm '" + algo + "'");
270 }
271 if("ssh-dss".equals(algo)) {
272 continue;
273 }
274 throw new IllegalArgumentException(String.format("Unknown server host key algorithm %s", algo));
275 } 293 }
276 } 294 }
277 295
278 public static String[] getDefaultClientKexAlgorithmList() { 296 public static String[] getDefaultClientKexAlgorithmList() {
279 return new String[]{"diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", 297 return KEX_ALGS.toArray(new String[KEX_ALGS.size()]);
280 "diffie-hellman-group1-sha1"};
281 } 298 }
282 299
283 public static String[] getDefaultServerKexAlgorithmList() { 300 public static String[] getDefaultServerKexAlgorithmList() {
284 return new String[]{"diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"}; 301 return KEX_ALGS.toArray(new String[KEX_ALGS.size()]);
285 } 302 }
286 303
287 public static void checkKexAlgorithmList(String[] algos) { 304 public static void checkKexAlgorithmList(String[] algos) {
288 for(final String algo : algos) { 305 for (final String algo : algos) {
289 if("diffie-hellman-group-exchange-sha1".equals(algo)) { 306 if (!KEX_ALGS.contains(algo))
290 continue; 307 throw new IllegalArgumentException("Unknown kex algorithm '" + algo + "'");
291 }
292 if("diffie-hellman-group14-sha1".equals(algo)) {
293 continue;
294 }
295 if("diffie-hellman-group1-sha1".equals(algo)) {
296 continue;
297 }
298 throw new IllegalArgumentException(String.format("Unknown kex algorithm %s", algo));
299 } 308 }
300 } 309 }
301 } 310 }