Mercurial > 510Connectbot
comparison src/ch/ethz/ssh2/transport/ServerKexManager.java @ 298:ab3a99f11a36 ganymed
add ecdsa key support everywhere
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Tue, 29 Jul 2014 18:01:08 -0700 |
| parents | db9b028016de |
| children | beaccc9df37b |
comparison
equal
deleted
inserted
replaced
| 297:c1f929cb3dd0 | 298:ab3a99f11a36 |
|---|---|
| 77 * together. | 77 * together. |
| 78 */ | 78 */ |
| 79 kxs = new KexState(); | 79 kxs = new KexState(); |
| 80 kxs.local_dsa_key = nextKEXdsakey; | 80 kxs.local_dsa_key = nextKEXdsakey; |
| 81 kxs.local_rsa_key = nextKEXrsakey; | 81 kxs.local_rsa_key = nextKEXrsakey; |
| 82 kxs.local_ec_key = nextKEXeckey; | |
| 82 kxs.dhgexParameters = nextKEXdhgexParameters; | 83 kxs.dhgexParameters = nextKEXdhgexParameters; |
| 83 kip = new PacketKexInit(nextKEXcryptoWishList, rnd); | 84 kip = new PacketKexInit(nextKEXcryptoWishList, rnd); |
| 84 kxs.localKEX = kip; | 85 kxs.localKEX = kip; |
| 85 tm.sendKexMessage(kip.getPayload()); | 86 tm.sendKexMessage(kip.getPayload()); |
| 86 } | 87 } |
| 172 | 173 |
| 173 kxs.dhx.setE(dhi.getE()); | 174 kxs.dhx.setE(dhi.getE()); |
| 174 | 175 |
| 175 byte[] hostKey = null; | 176 byte[] hostKey = null; |
| 176 | 177 |
| 178 if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) { | |
| 179 hostKey = ECDSASHA2Verify.encodeSSHECDSAPublicKey((ECDSAPublicKey)kxs.local_ec_key.getPublic()); | |
| 180 } | |
| 181 | |
| 177 if(kxs.np.server_host_key_algo.equals("ssh-rsa")) { | 182 if(kxs.np.server_host_key_algo.equals("ssh-rsa")) { |
| 178 hostKey = RSASHA1Verify.encodeSSHRSAPublicKey((RSAPublicKey)kxs.local_rsa_key.getPublic()); | 183 hostKey = RSASHA1Verify.encodeSSHRSAPublicKey((RSAPublicKey)kxs.local_rsa_key.getPublic()); |
| 179 } | 184 } |
| 180 | 185 |
| 181 if(kxs.np.server_host_key_algo.equals("ssh-dss")) { | 186 if(kxs.np.server_host_key_algo.equals("ssh-dss")) { |
| 192 | 197 |
| 193 kxs.K = kxs.dhx.getK(); | 198 kxs.K = kxs.dhx.getK(); |
| 194 | 199 |
| 195 byte[] signature = null; | 200 byte[] signature = null; |
| 196 | 201 |
| 197 if(kxs.np.server_host_key_algo.equals("ssh-rsa")) { | 202 if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) { |
| 203 byte[] es = ECDSASHA2Verify.generateSignature(kxs.H, (ECDSAPrivateKey)kxs.local_ec_key.getPrivate()); | |
| 204 signature = ECDSASHA2Verify.encodeSSHECDSASignature(es); | |
| 205 } | |
| 206 | |
| 207 if (kxs.np.server_host_key_algo.equals("ssh-rsa")) { | |
| 198 byte[] rs = RSASHA1Verify.generateSignature(kxs.H, (RSAPrivateKey)kxs.local_rsa_key.getPrivate()); | 208 byte[] rs = RSASHA1Verify.generateSignature(kxs.H, (RSAPrivateKey)kxs.local_rsa_key.getPrivate()); |
| 199 signature = RSASHA1Verify.encodeSSHRSASignature(rs); | 209 signature = RSASHA1Verify.encodeSSHRSASignature(rs); |
| 200 } | 210 } |
| 201 | 211 |
| 202 if(kxs.np.server_host_key_algo.equals("ssh-dss")) { | 212 if (kxs.np.server_host_key_algo.equals("ssh-dss")) { |
| 203 byte[] ds = DSASHA1Verify.generateSignature(kxs.H, (DSAPrivateKey)kxs.local_dsa_key.getPrivate(), rnd); | 213 byte[] ds = DSASHA1Verify.generateSignature(kxs.H, (DSAPrivateKey)kxs.local_dsa_key.getPrivate(), rnd); |
| 204 signature = DSASHA1Verify.encodeSSHDSASignature(ds); | 214 signature = DSASHA1Verify.encodeSSHDSASignature(ds); |
| 205 } | 215 } |
| 206 | 216 |
| 207 PacketKexDHReply dhr = new PacketKexDHReply(hostKey, kxs.dhx.getF(), signature); | 217 PacketKexDHReply dhr = new PacketKexDHReply(hostKey, kxs.dhx.getF(), signature); |