comparison src/ch/ethz/ssh2/transport/ClientKexManager.java @ 329:6896bfafa510 ganymed

add ecdsa key support everywhere
author Carl Byington <carl@five-ten-sg.com>
date Thu, 31 Jul 2014 12:51:42 -0700
parents d85bc45139f2
children 6740870cf268
comparison
equal deleted inserted replaced
328:459eb9b6b84e 329:6896bfafa510
123 tm.sendKexMessage(kip.getPayload()); 123 tm.sendKexMessage(kip.getPayload());
124 } 124 }
125 125
126 kip = new PacketKexInit(msg); 126 kip = new PacketKexInit(msg);
127 kxs.remoteKEX = kip; 127 kxs.remoteKEX = kip;
128
129 kxs.np = mergeKexParameters(kxs.localKEX.getKexParameters(), kxs.remoteKEX.getKexParameters()); 128 kxs.np = mergeKexParameters(kxs.localKEX.getKexParameters(), kxs.remoteKEX.getKexParameters());
129
130 if (kxs.np == null)
131 throw new IOException("Cannot negotiate, proposals do not match.");
130 132
131 if(kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { 133 if(kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) {
132 // Guess was wrong, we need to ignore the next kex packet. 134 // Guess was wrong, we need to ignore the next kex packet.
133 ignore_next_kex_packet = true; 135 ignore_next_kex_packet = true;
134 } 136 }
136 if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1") || 138 if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1") ||
137 kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) { 139 kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) {
138 if(kxs.dhgexParameters.getMin_group_len() == 0) { 140 if(kxs.dhgexParameters.getMin_group_len() == 0) {
139 PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters); 141 PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters);
140 tm.sendKexMessage(dhgexreq.getPayload()); 142 tm.sendKexMessage(dhgexreq.getPayload());
141
142 } 143 }
143 else { 144 else {
144 PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters); 145 PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters);
145 tm.sendKexMessage(dhgexreq.getPayload()); 146 tm.sendKexMessage(dhgexreq.getPayload());
146 } 147 }
159 kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || 160 kxs.np.kex_algo.equals("ecdh-sha2-nistp256") ||
160 kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || 161 kxs.np.kex_algo.equals("ecdh-sha2-nistp384") ||
161 kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { 162 kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) {
162 kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo); 163 kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo);
163 kxs.dhx.init(kxs.np.kex_algo); 164 kxs.dhx.init(kxs.np.kex_algo);
165 kxs.hashAlgo = kxs.dhx.getHashAlgo();
164 PacketKexDHInit kp = new PacketKexDHInit(kxs.dhx.getE()); 166 PacketKexDHInit kp = new PacketKexDHInit(kxs.dhx.getE());
165 tm.sendKexMessage(kp.getPayload()); 167 tm.sendKexMessage(kp.getPayload());
166 kxs.state = 1; 168 kxs.state = 1;
167 return; 169 return;
168 } 170 }
169 171
170 throw new IllegalStateException("Unkown KEX method!"); 172 throw new IllegalStateException("Unkown KEX method!");
171 } 173 }
172 174
173 if(msg[0] == Packets.SSH_MSG_NEWKEYS) { 175 if (msg[0] == Packets.SSH_MSG_NEWKEYS) {
174 if(km == null) { 176 if (km == null) {
175 throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!"); 177 throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!");
176 } 178 }
177 179
178 BlockCipher cbc; 180 BlockCipher cbc;
179 MAC mac; 181 MAC mac;
196 throw new IOException(e.getMessage()); 198 throw new IOException(e.getMessage());
197 } 199 }
198 200
199 tm.changeRecvCipher(cbc, mac); 201 tm.changeRecvCipher(cbc, mac);
200 tm.changeRecvCompression(comp); 202 tm.changeRecvCompression(comp);
201
202 ConnectionInfo sci = new ConnectionInfo(); 203 ConnectionInfo sci = new ConnectionInfo();
203
204 kexCount++; 204 kexCount++;
205
206 sci.keyExchangeAlgorithm = kxs.np.kex_algo; 205 sci.keyExchangeAlgorithm = kxs.np.kex_algo;
207 sci.keyExchangeCounter = kexCount; 206 sci.keyExchangeCounter = kexCount;
208 sci.clientToServerCryptoAlgorithm = kxs.np.enc_algo_client_to_server; 207 sci.clientToServerCryptoAlgorithm = kxs.np.enc_algo_client_to_server;
209 sci.serverToClientCryptoAlgorithm = kxs.np.enc_algo_server_to_client; 208 sci.serverToClientCryptoAlgorithm = kxs.np.enc_algo_server_to_client;
210 sci.clientToServerMACAlgorithm = kxs.np.mac_algo_client_to_server; 209 sci.clientToServerMACAlgorithm = kxs.np.mac_algo_client_to_server;