Mercurial > 510Connectbot
comparison src/ch/ethz/ssh2/transport/ClientKexManager.java @ 306:90e47d99ea54 ganymed
add ecdsa key support everywhere
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Wed, 30 Jul 2014 13:38:04 -0700 |
| parents | d2b303406d63 |
| children | 42b15aaa7ac7 |
comparison
equal
deleted
inserted
replaced
| 305:d2b303406d63 | 306:90e47d99ea54 |
|---|---|
| 63 } | 63 } |
| 64 | 64 |
| 65 if (kxs.np.server_host_key_algo.equals("ssh-rsa")) { | 65 if (kxs.np.server_host_key_algo.equals("ssh-rsa")) { |
| 66 byte[] rs = RSASHA1Verify.decodeSSHRSASignature(sig); | 66 byte[] rs = RSASHA1Verify.decodeSSHRSASignature(sig); |
| 67 RSAPublicKey rpk = RSASHA1Verify.decodeSSHRSAPublicKey(hostkey); | 67 RSAPublicKey rpk = RSASHA1Verify.decodeSSHRSAPublicKey(hostkey); |
| 68 | |
| 69 log.debug("Verifying ssh-rsa signature"); | 68 log.debug("Verifying ssh-rsa signature"); |
| 70 | |
| 71 return RSASHA1Verify.verifySignature(kxs.H, rs, rpk); | 69 return RSASHA1Verify.verifySignature(kxs.H, rs, rpk); |
| 72 } | 70 } |
| 73 | 71 |
| 74 if (kxs.np.server_host_key_algo.equals("ssh-dss")) { | 72 if (kxs.np.server_host_key_algo.equals("ssh-dss")) { |
| 75 byte[] ds = DSASHA1Verify.decodeSSHDSASignature(sig); | 73 byte[] ds = DSASHA1Verify.decodeSSHDSASignature(sig); |
| 76 DSAPublicKey dpk = DSASHA1Verify.decodeSSHDSAPublicKey(hostkey); | 74 DSAPublicKey dpk = DSASHA1Verify.decodeSSHDSAPublicKey(hostkey); |
| 77 | |
| 78 log.debug("Verifying ssh-dss signature"); | 75 log.debug("Verifying ssh-dss signature"); |
| 79 | |
| 80 return DSASHA1Verify.verifySignature(kxs.H, ds, dpk); | 76 return DSASHA1Verify.verifySignature(kxs.H, ds, dpk); |
| 81 } | 77 } |
| 82 | 78 |
| 83 throw new IOException("Unknown server host key algorithm '" + kxs.np.server_host_key_algo + "'"); | 79 throw new IOException("Unknown server host key algorithm '" + kxs.np.server_host_key_algo + "'"); |
| 84 } | 80 } |
| 90 } | 86 } |
| 91 } | 87 } |
| 92 | 88 |
| 93 public synchronized void handleMessage(byte[] msg) throws IOException { | 89 public synchronized void handleMessage(byte[] msg) throws IOException { |
| 94 PacketKexInit kip; | 90 PacketKexInit kip; |
| 91 | |
| 92 if (msg == null) { | |
| 93 synchronized (accessLock) { | |
| 94 connectionClosed = true; | |
| 95 accessLock.notifyAll(); | |
| 96 return; | |
| 97 } | |
| 98 } | |
| 95 | 99 |
| 96 if((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) { | 100 if((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) { |
| 97 throw new PacketTypeException(msg[0]); | 101 throw new PacketTypeException(msg[0]); |
| 98 } | 102 } |
| 99 | 103 |
| 127 if(kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { | 131 if(kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { |
| 128 // Guess was wrong, we need to ignore the next kex packet. | 132 // Guess was wrong, we need to ignore the next kex packet. |
| 129 ignore_next_kex_packet = true; | 133 ignore_next_kex_packet = true; |
| 130 } | 134 } |
| 131 | 135 |
| 132 if(kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")) { | 136 if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1") || |
| 137 kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) { | |
| 133 if(kxs.dhgexParameters.getMin_group_len() == 0) { | 138 if(kxs.dhgexParameters.getMin_group_len() == 0) { |
| 134 PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters); | 139 PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters); |
| 135 tm.sendKexMessage(dhgexreq.getPayload()); | 140 tm.sendKexMessage(dhgexreq.getPayload()); |
| 136 | 141 |
| 137 } | 142 } |
| 138 else { | 143 else { |
| 139 PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters); | 144 PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters); |
| 140 tm.sendKexMessage(dhgexreq.getPayload()); | 145 tm.sendKexMessage(dhgexreq.getPayload()); |
| 141 } | 146 } |
| 147 if (kxs.np.kex_algo.endsWith("sha1")) { | |
| 148 kxs.hashAlgo = "SHA1"; | |
| 149 } | |
| 150 else { | |
| 151 kxs.hashAlgo = "SHA-256"; | |
| 152 } | |
| 142 kxs.state = 1; | 153 kxs.state = 1; |
| 143 return; | 154 return; |
| 144 } | 155 } |
| 145 | 156 |
| 146 if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") | 157 if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || |
| 147 || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) { | 158 kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || |
| 148 kxs.dhx = new DhExchange(); | 159 kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || |
| 149 | 160 kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || |
| 150 if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")) { | 161 kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { |
| 151 kxs.dhx.clientInit(1, rnd); | 162 kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo); |
| 152 } | 163 kxs.dhx.init(kxs.np.kex_algo); |
| 153 else { | |
| 154 kxs.dhx.clientInit(14, rnd); | |
| 155 } | |
| 156 | |
| 157 PacketKexDHInit kp = new PacketKexDHInit(kxs.dhx.getE()); | 164 PacketKexDHInit kp = new PacketKexDHInit(kxs.dhx.getE()); |
| 158 tm.sendKexMessage(kp.getPayload()); | 165 tm.sendKexMessage(kp.getPayload()); |
| 159 kxs.state = 1; | 166 kxs.state = 1; |
| 160 return; | 167 return; |
| 161 } | 168 } |
| 216 | 223 |
| 217 if((kxs == null) || (kxs.state == 0)) { | 224 if((kxs == null) || (kxs.state == 0)) { |
| 218 throw new IOException("Unexpected Kex submessage!"); | 225 throw new IOException("Unexpected Kex submessage!"); |
| 219 } | 226 } |
| 220 | 227 |
| 221 if(kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")) { | 228 if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1") || |
| 229 kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) { | |
| 222 if(kxs.state == 1) { | 230 if(kxs.state == 1) { |
| 223 PacketKexDhGexGroup dhgexgrp = new PacketKexDhGexGroup(msg); | 231 PacketKexDhGexGroup dhgexgrp = new PacketKexDhGexGroup(msg); |
| 224 kxs.dhgx = new DhGroupExchange(dhgexgrp.getP(), dhgexgrp.getG()); | 232 kxs.dhgx = new DhGroupExchange(dhgexgrp.getP(), dhgexgrp.getG()); |
| 225 kxs.dhgx.init(rnd); | 233 kxs.dhgx.init(rnd); |
| 226 PacketKexDhGexInit dhgexinit = new PacketKexDhGexInit(kxs.dhgx.getE()); | 234 PacketKexDhGexInit dhgexinit = new PacketKexDhGexInit(kxs.dhgx.getE()); |
| 266 } | 274 } |
| 267 | 275 |
| 268 throw new IllegalStateException("Illegal State in KEX Exchange!"); | 276 throw new IllegalStateException("Illegal State in KEX Exchange!"); |
| 269 } | 277 } |
| 270 | 278 |
| 271 if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") | 279 if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || |
| 272 || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) { | 280 kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || |
| 281 kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || | |
| 282 kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || | |
| 283 kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { | |
| 273 if(kxs.state == 1) { | 284 if(kxs.state == 1) { |
| 274 | |
| 275 PacketKexDHReply dhr = new PacketKexDHReply(msg); | 285 PacketKexDHReply dhr = new PacketKexDHReply(msg); |
| 276 | |
| 277 kxs.remote_hostkey = dhr.getHostKey(); | 286 kxs.remote_hostkey = dhr.getHostKey(); |
| 278 | 287 |
| 279 if(verifier != null) { | 288 if(verifier != null) { |
| 280 try { | 289 try { |
| 281 if(!verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.remote_hostkey)) { | 290 if(!verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.remote_hostkey)) { |