Mercurial > 510Connectbot
comparison src/ch/ethz/ssh2/KnownHosts.java @ 298:ab3a99f11a36 ganymed
add ecdsa key support everywhere
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Tue, 29 Jul 2014 18:01:08 -0700 |
| parents | db9b028016de |
| children | 4c3a4e88c027 |
comparison
equal
deleted
inserted
replaced
| 297:c1f929cb3dd0 | 298:ab3a99f11a36 |
|---|---|
| 112 | 112 |
| 113 synchronized(publicKeys) { | 113 synchronized(publicKeys) { |
| 114 publicKeys.add(new KnownHostsEntry(hostnames, dpk)); | 114 publicKeys.add(new KnownHostsEntry(hostnames, dpk)); |
| 115 } | 115 } |
| 116 } | 116 } |
| 117 else if (serverHostKeyAlgorithm.startsWith("ecdsa-")) { | |
| 118 ECPublicKey epk = ECDSASHA2Verify.decodeSSHECDSAPublicKey(serverHostKey); | |
| 119 | |
| 120 synchronized(publicKeys) { | |
| 121 publicKeys.add(new KnownHostsEntry(hostnames, epk)); | |
| 122 } | |
| 123 } | |
| 117 else { | 124 else { |
| 118 throw new IOException(String.format("Unknown host key type %s", serverHostKeyAlgorithm)); | 125 throw new IOException(String.format("Unknown host key type %s", serverHostKeyAlgorithm)); |
| 119 } | 126 } |
| 120 } | 127 } |
| 121 | 128 |
| 395 } | 402 } |
| 396 | 403 |
| 397 String[] arr = line.split(" "); | 404 String[] arr = line.split(" "); |
| 398 | 405 |
| 399 if(arr.length >= 3) { | 406 if(arr.length >= 3) { |
| 400 if((arr[1].compareTo("ssh-rsa") == 0) || (arr[1].compareTo("ssh-dss") == 0)) { | 407 if((arr[1].compareTo("ssh-rsa") == 0) || |
| 408 (arr[1].compareTo("ssh-dss") == 0) || | |
| 409 (arr[1].startsWith("ecdsa-sha2-") == 0)) { | |
| 401 String[] hostnames = arr[0].split(","); | 410 String[] hostnames = arr[0].split(","); |
| 402 | 411 |
| 403 byte[] msg = Base64.decode(arr[2].toCharArray()); | 412 byte[] msg = Base64.decode(arr[2].toCharArray()); |
| 404 | 413 |
| 405 try { | 414 try { |
| 503 if(key instanceof RSAPublicKey) { | 512 if(key instanceof RSAPublicKey) { |
| 504 thisAlgo = "ssh-rsa"; | 513 thisAlgo = "ssh-rsa"; |
| 505 } | 514 } |
| 506 else if(key instanceof DSAPublicKey) { | 515 else if(key instanceof DSAPublicKey) { |
| 507 thisAlgo = "ssh-dss"; | 516 thisAlgo = "ssh-dss"; |
| 517 } | |
| 518 else if (key instanceof ECPublicKey) { | |
| 519 ECPublicKey ecPub = (ECPublicKey) pk; | |
| 520 String keyType = ECDSASHA2Verify.getCurveName(ecPub.getParams().getCurve().getField().getFieldSize()); | |
| 521 thisAlgo = ECDSASHA2Verify.ECDSA_SHA2_PREFIX + keyType; | |
| 508 } | 522 } |
| 509 else { | 523 else { |
| 510 continue; | 524 continue; |
| 511 } | 525 } |
| 512 | 526 |
| 539 * the connection cannot be established and hence the user cannot decide | 553 * the connection cannot be established and hence the user cannot decide |
| 540 * if he/she wants to accept the new key. | 554 * if he/she wants to accept the new key. |
| 541 */ | 555 */ |
| 542 | 556 |
| 543 if(preferredAlgo.equals("ssh-rsa")) { | 557 if(preferredAlgo.equals("ssh-rsa")) { |
| 544 return new String[]{"ssh-rsa", "ssh-dss"}; | 558 return new String[]{"ssh-rsa", "ssh-dss", "ecdsa-sha2-nistp256"}; |
| 545 } | 559 } |
| 546 | 560 |
| 547 return new String[]{"ssh-dss", "ssh-rsa"}; | 561 return new String[]{"ssh-dss", "ssh-rsa", "ecdsa-sha2-nistp256"}; |
| 548 } | 562 } |
| 549 | 563 |
| 550 /** | 564 /** |
| 551 * Checks the internal hostkey database for the given hostkey. | 565 * Checks the internal hostkey database for the given hostkey. |
| 552 * If no matching key can be found, then the hostname is resolved to an IP address | 566 * If no matching key can be found, then the hostname is resolved to an IP address |
| 665 | 679 |
| 666 /** | 680 /** |
| 667 * Generates a "raw" fingerprint of a hostkey. | 681 * Generates a "raw" fingerprint of a hostkey. |
| 668 * | 682 * |
| 669 * @param type either "md5" or "sha1" | 683 * @param type either "md5" or "sha1" |
| 670 * @param keyType either "ssh-rsa" or "ssh-dss" | 684 * @param keyType either "ssh-rsa" or "ssh-dss" or "ecdsa-sha2..." |
| 671 * @param hostkey the hostkey | 685 * @param hostkey the hostkey |
| 672 * @return the raw fingerprint | 686 * @return the raw fingerprint |
| 673 */ | 687 */ |
| 674 static private byte[] rawFingerPrint(String type, String keyType, byte[] hostkey) throws IOException { | 688 static private byte[] rawFingerPrint(String type, String keyType, byte[] hostkey) throws IOException { |
| 675 Digest dig; | 689 Digest dig; |
| 685 } | 699 } |
| 686 | 700 |
| 687 if("ssh-rsa".equals(keyType)) { | 701 if("ssh-rsa".equals(keyType)) { |
| 688 } | 702 } |
| 689 else if("ssh-dss".equals(keyType)) { | 703 else if("ssh-dss".equals(keyType)) { |
| 704 } | |
| 705 else if (keyType.startsWith("ecdsa-sha2-") { | |
| 690 } | 706 } |
| 691 else { | 707 else { |
| 692 throw new IllegalArgumentException("Unknown key type " + keyType); | 708 throw new IllegalArgumentException("Unknown key type " + keyType); |
| 693 } | 709 } |
| 694 | 710 |
| 778 * Convert a ssh2 key-blob into a human readable hex fingerprint. | 794 * Convert a ssh2 key-blob into a human readable hex fingerprint. |
| 779 * Generated fingerprints are identical to those generated by OpenSSH. | 795 * Generated fingerprints are identical to those generated by OpenSSH. |
| 780 * <p/> | 796 * <p/> |
| 781 * Example fingerprint: d0:cb:76:19:99:5a:03:fc:73:10:70:93:f2:44:63:47. | 797 * Example fingerprint: d0:cb:76:19:99:5a:03:fc:73:10:70:93:f2:44:63:47. |
| 782 * | 798 * |
| 783 * @param keytype either "ssh-rsa" or "ssh-dss" | 799 * @param keytype either "ssh-rsa" or "ssh-dss" or "ecdsa-sha2..." |
| 784 * @param publickey key blob | 800 * @param publickey key blob |
| 785 * @return Hex fingerprint | 801 * @return Hex fingerprint |
| 786 */ | 802 */ |
| 787 public static String createHexFingerprint(String keytype, byte[] publickey) throws IOException { | 803 public static String createHexFingerprint(String keytype, byte[] publickey) throws IOException { |
| 788 byte[] raw = rawFingerPrint("md5", keytype, publickey); | 804 byte[] raw = rawFingerPrint("md5", keytype, publickey); |