Mercurial > 510Connectbot
comparison src/ch/ethz/ssh2/transport/ServerKexManager.java @ 330:6740870cf268 ganymed
fix java formatting
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Thu, 31 Jul 2014 12:59:08 -0700 |
parents | 6b424bb783a2 |
children |
comparison
equal
deleted
inserted
replaced
329:6896bfafa510 | 330:6740870cf268 |
---|---|
43 super(state.tm, state.csh, state.next_cryptoWishList, state.generator); | 43 super(state.tm, state.csh, state.next_cryptoWishList, state.generator); |
44 this.state = state; | 44 this.state = state; |
45 } | 45 } |
46 | 46 |
47 public void handleFailure(final IOException failure) { | 47 public void handleFailure(final IOException failure) { |
48 synchronized(accessLock) { | 48 synchronized (accessLock) { |
49 connectionClosed = true; | 49 connectionClosed = true; |
50 accessLock.notifyAll(); | 50 accessLock.notifyAll(); |
51 } | 51 } |
52 } | 52 } |
53 | 53 |
60 accessLock.notifyAll(); | 60 accessLock.notifyAll(); |
61 return; | 61 return; |
62 } | 62 } |
63 } | 63 } |
64 | 64 |
65 if((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) { | 65 if ((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) { |
66 throw new PacketTypeException(msg[0]); | 66 throw new PacketTypeException(msg[0]); |
67 } | 67 } |
68 | 68 |
69 if(ignore_next_kex_packet) { | 69 if (ignore_next_kex_packet) { |
70 ignore_next_kex_packet = false; | 70 ignore_next_kex_packet = false; |
71 return; | 71 return; |
72 } | 72 } |
73 | 73 |
74 if(msg[0] == Packets.SSH_MSG_KEXINIT) { | 74 if (msg[0] == Packets.SSH_MSG_KEXINIT) { |
75 if((kxs != null) && (kxs.state != 0)) { | 75 if ((kxs != null) && (kxs.state != 0)) { |
76 throw new PacketTypeException(msg[0]); | 76 throw new PacketTypeException(msg[0]); |
77 } | 77 } |
78 | 78 |
79 if(kxs == null) { | 79 if (kxs == null) { |
80 /* | 80 /* |
81 * Ah, OK, peer wants to do KEX. Let's be nice and play | 81 * Ah, OK, peer wants to do KEX. Let's be nice and play |
82 * together. | 82 * together. |
83 */ | 83 */ |
84 kxs = new KexState(); | 84 kxs = new KexState(); |
85 kxs.local_dsa_key = nextKEXdsakey; | 85 kxs.local_dsa_key = nextKEXdsakey; |
86 kxs.local_rsa_key = nextKEXrsakey; | 86 kxs.local_rsa_key = nextKEXrsakey; |
87 kxs.local_ec_key = nextKEXeckey; | 87 kxs.local_ec_key = nextKEXeckey; |
88 kxs.dhgexParameters = nextKEXdhgexParameters; | 88 kxs.dhgexParameters = nextKEXdhgexParameters; |
91 tm.sendKexMessage(kip.getPayload()); | 91 tm.sendKexMessage(kip.getPayload()); |
92 } | 92 } |
93 | 93 |
94 kip = new PacketKexInit(msg); | 94 kip = new PacketKexInit(msg); |
95 kxs.remoteKEX = kip; | 95 kxs.remoteKEX = kip; |
96 | |
97 kxs.np = mergeKexParameters(kxs.remoteKEX.getKexParameters(), kxs.localKEX.getKexParameters()); | 96 kxs.np = mergeKexParameters(kxs.remoteKEX.getKexParameters(), kxs.localKEX.getKexParameters()); |
98 | 97 |
99 if(kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { | 98 if (kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { |
100 // Guess was wrong, we need to ignore the next kex packet. | 99 // Guess was wrong, we need to ignore the next kex packet. |
101 ignore_next_kex_packet = true; | 100 ignore_next_kex_packet = true; |
102 } | 101 } |
103 | 102 |
104 if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || | 103 if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || |
105 kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || | 104 kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || |
106 kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || | 105 kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || |
107 kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || | 106 kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || |
108 kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { | 107 kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { |
109 kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo); | 108 kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo); |
110 kxs.dhx.init(kxs.np.kex_algo); | 109 kxs.dhx.init(kxs.np.kex_algo); |
111 kxs.state = 1; | 110 kxs.state = 1; |
112 return; | 111 return; |
113 } | 112 } |
114 | 113 |
115 throw new IllegalStateException("Unkown KEX method!"); | 114 throw new IllegalStateException("Unkown KEX method!"); |
116 } | 115 } |
117 | 116 |
118 if(msg[0] == Packets.SSH_MSG_NEWKEYS) { | 117 if (msg[0] == Packets.SSH_MSG_NEWKEYS) { |
119 if(km == null) { | 118 if (km == null) { |
120 throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!"); | 119 throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!"); |
121 } | 120 } |
122 | 121 |
123 BlockCipher cbc; | 122 BlockCipher cbc; |
124 MAC mac; | 123 MAC mac; |
125 | 124 |
126 try { | 125 try { |
127 cbc = BlockCipherFactory.createCipher(kxs.np.enc_algo_client_to_server, false, | 126 cbc = BlockCipherFactory.createCipher(kxs.np.enc_algo_client_to_server, false, |
128 km.enc_key_client_to_server, km.initial_iv_client_to_server); | 127 km.enc_key_client_to_server, km.initial_iv_client_to_server); |
129 | 128 |
130 try { | 129 try { |
131 mac = new MAC(kxs.np.mac_algo_client_to_server, km.integrity_key_client_to_server); | 130 mac = new MAC(kxs.np.mac_algo_client_to_server, km.integrity_key_client_to_server); |
132 } | 131 } |
133 catch(DigestException e) { | 132 catch (DigestException e) { |
134 throw new IOException(e); | 133 throw new IOException(e); |
135 } | 134 } |
136 | 135 } |
137 } | 136 catch (IllegalArgumentException e) { |
138 catch(IllegalArgumentException e) { | |
139 throw new IOException(e); | 137 throw new IOException(e); |
140 } | 138 } |
141 | 139 |
142 tm.changeRecvCipher(cbc, mac); | 140 tm.changeRecvCipher(cbc, mac); |
143 | |
144 ConnectionInfo sci = new ConnectionInfo(); | 141 ConnectionInfo sci = new ConnectionInfo(); |
145 | |
146 kexCount++; | 142 kexCount++; |
147 | |
148 sci.keyExchangeAlgorithm = kxs.np.kex_algo; | 143 sci.keyExchangeAlgorithm = kxs.np.kex_algo; |
149 sci.keyExchangeCounter = kexCount; | 144 sci.keyExchangeCounter = kexCount; |
150 sci.clientToServerCryptoAlgorithm = kxs.np.enc_algo_client_to_server; | 145 sci.clientToServerCryptoAlgorithm = kxs.np.enc_algo_client_to_server; |
151 sci.serverToClientCryptoAlgorithm = kxs.np.enc_algo_server_to_client; | 146 sci.serverToClientCryptoAlgorithm = kxs.np.enc_algo_server_to_client; |
152 sci.clientToServerMACAlgorithm = kxs.np.mac_algo_client_to_server; | 147 sci.clientToServerMACAlgorithm = kxs.np.mac_algo_client_to_server; |
153 sci.serverToClientMACAlgorithm = kxs.np.mac_algo_server_to_client; | 148 sci.serverToClientMACAlgorithm = kxs.np.mac_algo_server_to_client; |
154 sci.serverHostKeyAlgorithm = kxs.np.server_host_key_algo; | 149 sci.serverHostKeyAlgorithm = kxs.np.server_host_key_algo; |
155 sci.serverHostKey = kxs.remote_hostkey; | 150 sci.serverHostKey = kxs.remote_hostkey; |
156 | 151 |
157 synchronized(accessLock) { | 152 synchronized (accessLock) { |
158 lastConnInfo = sci; | 153 lastConnInfo = sci; |
159 accessLock.notifyAll(); | 154 accessLock.notifyAll(); |
160 } | 155 } |
161 | 156 |
162 kxs = null; | 157 kxs = null; |
163 return; | 158 return; |
164 } | 159 } |
165 | 160 |
166 if((kxs == null) || (kxs.state == 0)) { | 161 if ((kxs == null) || (kxs.state == 0)) { |
167 throw new IOException("Unexpected Kex submessage!"); | 162 throw new IOException("Unexpected Kex submessage!"); |
168 } | 163 } |
169 | 164 |
170 if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || | 165 if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || |
171 kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || | 166 kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || |
172 kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || | 167 kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || |
173 kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || | 168 kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || |
174 kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { | 169 kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { |
175 if(kxs.state == 1) { | 170 if (kxs.state == 1) { |
176 PacketKexDHInit dhi = new PacketKexDHInit(msg); | 171 PacketKexDHInit dhi = new PacketKexDHInit(msg); |
177 | |
178 kxs.dhx.setE(dhi.getE()); | 172 kxs.dhx.setE(dhi.getE()); |
179 | |
180 byte[] hostKey = null; | 173 byte[] hostKey = null; |
181 | 174 |
182 if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) { | 175 if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) { |
183 hostKey = ECDSASHA2Verify.encodeSSHECDSAPublicKey((ECPublicKey)kxs.local_ec_key.getPublic()); | 176 hostKey = ECDSASHA2Verify.encodeSSHECDSAPublicKey((ECPublicKey)kxs.local_ec_key.getPublic()); |
184 } | 177 } |
185 | 178 |
186 if(kxs.np.server_host_key_algo.equals("ssh-rsa")) { | 179 if (kxs.np.server_host_key_algo.equals("ssh-rsa")) { |
187 hostKey = RSASHA1Verify.encodeSSHRSAPublicKey((RSAPublicKey)kxs.local_rsa_key.getPublic()); | 180 hostKey = RSASHA1Verify.encodeSSHRSAPublicKey((RSAPublicKey)kxs.local_rsa_key.getPublic()); |
188 } | 181 } |
189 | 182 |
190 if(kxs.np.server_host_key_algo.equals("ssh-dss")) { | 183 if (kxs.np.server_host_key_algo.equals("ssh-dss")) { |
191 hostKey = DSASHA1Verify.encodeSSHDSAPublicKey((DSAPublicKey)kxs.local_dsa_key.getPublic()); | 184 hostKey = DSASHA1Verify.encodeSSHDSAPublicKey((DSAPublicKey)kxs.local_dsa_key.getPublic()); |
192 } | 185 } |
193 | 186 |
194 try { | 187 try { |
195 kxs.H = kxs.dhx.calculateH(csh.getClientString(), csh.getServerString(), | 188 kxs.H = kxs.dhx.calculateH(csh.getClientString(), csh.getServerString(), |
196 kxs.remoteKEX.getPayload(), kxs.localKEX.getPayload(), hostKey); | 189 kxs.remoteKEX.getPayload(), kxs.localKEX.getPayload(), hostKey); |
197 } | 190 } |
198 catch(IllegalArgumentException e) { | 191 catch (IllegalArgumentException e) { |
199 throw new IOException("KEX error.", e); | 192 throw new IOException("KEX error.", e); |
200 } | 193 } |
201 | 194 |
202 kxs.K = kxs.dhx.getK(); | 195 kxs.K = kxs.dhx.getK(); |
203 | |
204 byte[] signature = null; | 196 byte[] signature = null; |
205 | 197 |
206 if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) { | 198 if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) { |
207 ECPrivateKey pk = (ECPrivateKey)kxs.local_ec_key.getPrivate(); | 199 ECPrivateKey pk = (ECPrivateKey)kxs.local_ec_key.getPrivate(); |
208 byte[] es = ECDSASHA2Verify.generateSignature(kxs.H, pk); | 200 byte[] es = ECDSASHA2Verify.generateSignature(kxs.H, pk); |
219 signature = DSASHA1Verify.encodeSSHDSASignature(ds); | 211 signature = DSASHA1Verify.encodeSSHDSASignature(ds); |
220 } | 212 } |
221 | 213 |
222 PacketKexDHReply dhr = new PacketKexDHReply(hostKey, new BigInteger(kxs.dhx.getF()), signature); | 214 PacketKexDHReply dhr = new PacketKexDHReply(hostKey, new BigInteger(kxs.dhx.getF()), signature); |
223 tm.sendKexMessage(dhr.getPayload()); | 215 tm.sendKexMessage(dhr.getPayload()); |
224 | |
225 finishKex(false); | 216 finishKex(false); |
226 kxs.state = -1; | 217 kxs.state = -1; |
227 | 218 |
228 if(authenticationStarted == false) { | 219 if (authenticationStarted == false) { |
229 authenticationStarted = true; | 220 authenticationStarted = true; |
230 state.am = new ServerAuthenticationManager(state); | 221 state.am = new ServerAuthenticationManager(state); |
231 } | 222 } |
232 | 223 |
233 return; | 224 return; |
234 } | 225 } |
235 } | 226 } |
227 | |
236 throw new IllegalStateException(String.format("Unknown KEX method %s", kxs.np.kex_algo)); | 228 throw new IllegalStateException(String.format("Unknown KEX method %s", kxs.np.kex_algo)); |
237 } | 229 } |
238 } | 230 } |