Mercurial > 510Connectbot
comparison src/ch/ethz/ssh2/transport/ClientKexManager.java @ 329:6896bfafa510 ganymed
add ecdsa key support everywhere
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Thu, 31 Jul 2014 12:51:42 -0700 |
| parents | d85bc45139f2 |
| children | 6740870cf268 |
comparison
equal
deleted
inserted
replaced
| 328:459eb9b6b84e | 329:6896bfafa510 |
|---|---|
| 123 tm.sendKexMessage(kip.getPayload()); | 123 tm.sendKexMessage(kip.getPayload()); |
| 124 } | 124 } |
| 125 | 125 |
| 126 kip = new PacketKexInit(msg); | 126 kip = new PacketKexInit(msg); |
| 127 kxs.remoteKEX = kip; | 127 kxs.remoteKEX = kip; |
| 128 | |
| 129 kxs.np = mergeKexParameters(kxs.localKEX.getKexParameters(), kxs.remoteKEX.getKexParameters()); | 128 kxs.np = mergeKexParameters(kxs.localKEX.getKexParameters(), kxs.remoteKEX.getKexParameters()); |
| 129 | |
| 130 if (kxs.np == null) | |
| 131 throw new IOException("Cannot negotiate, proposals do not match."); | |
| 130 | 132 |
| 131 if(kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { | 133 if(kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { |
| 132 // Guess was wrong, we need to ignore the next kex packet. | 134 // Guess was wrong, we need to ignore the next kex packet. |
| 133 ignore_next_kex_packet = true; | 135 ignore_next_kex_packet = true; |
| 134 } | 136 } |
| 136 if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1") || | 138 if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1") || |
| 137 kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) { | 139 kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) { |
| 138 if(kxs.dhgexParameters.getMin_group_len() == 0) { | 140 if(kxs.dhgexParameters.getMin_group_len() == 0) { |
| 139 PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters); | 141 PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters); |
| 140 tm.sendKexMessage(dhgexreq.getPayload()); | 142 tm.sendKexMessage(dhgexreq.getPayload()); |
| 141 | |
| 142 } | 143 } |
| 143 else { | 144 else { |
| 144 PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters); | 145 PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters); |
| 145 tm.sendKexMessage(dhgexreq.getPayload()); | 146 tm.sendKexMessage(dhgexreq.getPayload()); |
| 146 } | 147 } |
| 159 kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || | 160 kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || |
| 160 kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || | 161 kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || |
| 161 kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { | 162 kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { |
| 162 kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo); | 163 kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo); |
| 163 kxs.dhx.init(kxs.np.kex_algo); | 164 kxs.dhx.init(kxs.np.kex_algo); |
| 165 kxs.hashAlgo = kxs.dhx.getHashAlgo(); | |
| 164 PacketKexDHInit kp = new PacketKexDHInit(kxs.dhx.getE()); | 166 PacketKexDHInit kp = new PacketKexDHInit(kxs.dhx.getE()); |
| 165 tm.sendKexMessage(kp.getPayload()); | 167 tm.sendKexMessage(kp.getPayload()); |
| 166 kxs.state = 1; | 168 kxs.state = 1; |
| 167 return; | 169 return; |
| 168 } | 170 } |
| 169 | 171 |
| 170 throw new IllegalStateException("Unkown KEX method!"); | 172 throw new IllegalStateException("Unkown KEX method!"); |
| 171 } | 173 } |
| 172 | 174 |
| 173 if(msg[0] == Packets.SSH_MSG_NEWKEYS) { | 175 if (msg[0] == Packets.SSH_MSG_NEWKEYS) { |
| 174 if(km == null) { | 176 if (km == null) { |
| 175 throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!"); | 177 throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!"); |
| 176 } | 178 } |
| 177 | 179 |
| 178 BlockCipher cbc; | 180 BlockCipher cbc; |
| 179 MAC mac; | 181 MAC mac; |
| 196 throw new IOException(e.getMessage()); | 198 throw new IOException(e.getMessage()); |
| 197 } | 199 } |
| 198 | 200 |
| 199 tm.changeRecvCipher(cbc, mac); | 201 tm.changeRecvCipher(cbc, mac); |
| 200 tm.changeRecvCompression(comp); | 202 tm.changeRecvCompression(comp); |
| 201 | |
| 202 ConnectionInfo sci = new ConnectionInfo(); | 203 ConnectionInfo sci = new ConnectionInfo(); |
| 203 | |
| 204 kexCount++; | 204 kexCount++; |
| 205 | |
| 206 sci.keyExchangeAlgorithm = kxs.np.kex_algo; | 205 sci.keyExchangeAlgorithm = kxs.np.kex_algo; |
| 207 sci.keyExchangeCounter = kexCount; | 206 sci.keyExchangeCounter = kexCount; |
| 208 sci.clientToServerCryptoAlgorithm = kxs.np.enc_algo_client_to_server; | 207 sci.clientToServerCryptoAlgorithm = kxs.np.enc_algo_client_to_server; |
| 209 sci.serverToClientCryptoAlgorithm = kxs.np.enc_algo_server_to_client; | 208 sci.serverToClientCryptoAlgorithm = kxs.np.enc_algo_server_to_client; |
| 210 sci.clientToServerMACAlgorithm = kxs.np.mac_algo_client_to_server; | 209 sci.clientToServerMACAlgorithm = kxs.np.mac_algo_client_to_server; |