Mercurial > 510Connectbot

comparison app/src/main/java/ch/ethz/ssh2/transport/ClientKexManager.java @ 438:d29cce60f393

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
migrate from Eclipse to Android Studio
author Carl Byington <carl@five-ten-sg.com>
date Thu, 03 Dec 2015 11:23:55 -0800
parents src/ch/ethz/ssh2/transport/ClientKexManager.java@2768eb029d73
children 7953570e5210
comparison
equal deleted inserted replaced
437:208b31032318 438:d29cce60f393
1 /*
2 * Copyright (c) 2006-2013 Christian Plattner. All rights reserved.
3 * Please refer to the LICENSE.txt for licensing details.
4 */
5 package ch.ethz.ssh2.transport;
6
7 import java.io.IOException;
8 import java.security.DigestException;
9 import java.security.SecureRandom;
10 import java.security.interfaces.DSAPublicKey;
11 import java.security.interfaces.ECPublicKey;
12 import java.security.interfaces.RSAPublicKey;
13
14 import ch.ethz.ssh2.ConnectionInfo;
15 import ch.ethz.ssh2.PacketTypeException;
16 import ch.ethz.ssh2.ServerHostKeyVerifier;
17 import ch.ethz.ssh2.compression.CompressionFactory;
18 import ch.ethz.ssh2.compression.Compressor;
19 import ch.ethz.ssh2.crypto.CryptoWishList;
20 import ch.ethz.ssh2.crypto.cipher.BlockCipher;
21 import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory;
22 import ch.ethz.ssh2.crypto.dh.GenericDhExchange;
23 import ch.ethz.ssh2.crypto.dh.DhGroupExchange;
24 import ch.ethz.ssh2.crypto.digest.MAC;
25 import ch.ethz.ssh2.packets.PacketKexDHInit;
26 import ch.ethz.ssh2.packets.PacketKexDHReply;
27 import ch.ethz.ssh2.packets.PacketKexDhGexGroup;
28 import ch.ethz.ssh2.packets.PacketKexDhGexInit;
29 import ch.ethz.ssh2.packets.PacketKexDhGexReply;
30 import ch.ethz.ssh2.packets.PacketKexDhGexRequest;
31 import ch.ethz.ssh2.packets.PacketKexDhGexRequestOld;
32 import ch.ethz.ssh2.packets.PacketKexInit;
33 import ch.ethz.ssh2.packets.Packets;
34 import ch.ethz.ssh2.signature.DSASHA1Verify;
35 import ch.ethz.ssh2.signature.ECDSASHA2Verify;
36 import ch.ethz.ssh2.signature.RSASHA1Verify;
37
38 /**
39 * @version $Id: ClientKexManager.java 160 2014-05-01 14:30:26Z dkocher@sudo.ch $
40 */
41 public class ClientKexManager extends KexManager {
42
43 private final ServerHostKeyVerifier verifier;
44
45 private final String hostname;
46
47 private final int port;
48
49 public ClientKexManager(TransportManager tm, ClientServerHello csh, CryptoWishList initialCwl, String hostname, int port,
50 ServerHostKeyVerifier keyVerifier, SecureRandom rnd) {
51 super(tm, csh, initialCwl, rnd);
52 this.hostname = hostname;
53 this.port = port;
54 this.verifier = keyVerifier;
55 }
56
57 protected boolean verifySignature(byte[] sig, byte[] hostkey) throws IOException {
58 if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) {
59 byte[] rs = ECDSASHA2Verify.decodeSSHECDSASignature(sig);
60 ECPublicKey epk = ECDSASHA2Verify.decodeSSHECDSAPublicKey(hostkey);
61 log.debug("Verifying ecdsa signature");
62 return ECDSASHA2Verify.verifySignature(kxs.H, rs, epk);
63 }
64
65 if (kxs.np.server_host_key_algo.equals("ssh-rsa")) {
66 byte[] rs = RSASHA1Verify.decodeSSHRSASignature(sig);
67 RSAPublicKey rpk = RSASHA1Verify.decodeSSHRSAPublicKey(hostkey);
68 log.debug("Verifying ssh-rsa signature");
69 return RSASHA1Verify.verifySignature(kxs.H, rs, rpk);
70 }
71
72 if (kxs.np.server_host_key_algo.equals("ssh-dss")) {
73 byte[] ds = DSASHA1Verify.decodeSSHDSASignature(sig);
74 DSAPublicKey dpk = DSASHA1Verify.decodeSSHDSAPublicKey(hostkey);
75 log.debug("Verifying ssh-dss signature");
76 return DSASHA1Verify.verifySignature(kxs.H, ds, dpk);
77 }
78
79 throw new IOException("Unknown server host key algorithm '" + kxs.np.server_host_key_algo + "'");
80 }
81
82 public void handleFailure(final IOException failure) {
83 synchronized (accessLock) {
84 connectionClosed = true;
85 accessLock.notifyAll();
86 }
87 }
88
89 public synchronized void handleMessage(byte[] msg) throws IOException {
90 PacketKexInit kip;
91
92 if (msg == null) {
93 synchronized (accessLock) {
94 connectionClosed = true;
95 accessLock.notifyAll();
96 return;
97 }
98 }
99
100 log.debug(String.format("client kex manager, packet type %d", msg[0]));
101
102 if ((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) {
103 throw new PacketTypeException(msg[0]);
104 }
105
106 if (ignore_next_kex_packet) {
107 ignore_next_kex_packet = false;
108 return;
109 }
110
111 if (msg[0] == Packets.SSH_MSG_KEXINIT) {
112 if ((kxs != null) && (kxs.state != 0)) {
113 throw new PacketTypeException(msg[0]);
114 }
115
116 if (kxs == null) {
117 /*
118 * Ah, OK, peer wants to do KEX. Let's be nice and play
119 * together.
120 */
121 kxs = new KexState();
122 kxs.dhgexParameters = nextKEXdhgexParameters;
123 kip = new PacketKexInit(nextKEXcryptoWishList, rnd);
124 kxs.localKEX = kip;
125 tm.sendKexMessage(kip.getPayload());
126 }
127
128 kip = new PacketKexInit(msg);
129 kxs.remoteKEX = kip;
130 kxs.np = mergeKexParameters(kxs.localKEX.getKexParameters(), kxs.remoteKEX.getKexParameters());
131
132 if (kxs.np == null)
133 throw new IOException("Cannot negotiate, proposals do not match.");
134
135 if (kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) {
136 // Guess was wrong, we need to ignore the next kex packet.
137 ignore_next_kex_packet = true;
138 }
139
140 if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1") ||
141 kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) {
142 if (kxs.dhgexParameters.getMin_group_len() == 0) {
143 PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters);
144 tm.sendKexMessage(dhgexreq.getPayload());
145 }
146 else {
147 PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters);
148 tm.sendKexMessage(dhgexreq.getPayload());
149 }
150
151 if (kxs.np.kex_algo.endsWith("sha1")) {
152 kxs.hashAlgo = "SHA1";
153 }
154 else {
155 kxs.hashAlgo = "SHA2";
156 }
157
158 kxs.state = 1;
159 return;
160 }
161
162 if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") ||
163 kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") ||
164 kxs.np.kex_algo.equals("ecdh-sha2-nistp256") ||
165 kxs.np.kex_algo.equals("ecdh-sha2-nistp384") ||
166 kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) {
167 kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo);
168 kxs.dhx.init(kxs.np.kex_algo);
169 kxs.hashAlgo = kxs.dhx.getHashAlgo();
170 PacketKexDHInit kp = new PacketKexDHInit(kxs.dhx.getE());
171 tm.sendKexMessage(kp.getPayload());
172 kxs.state = 1;
173 return;
174 }
175
176 throw new IllegalStateException("Unkown KEX method!");
177 }
178
179 if (msg[0] == Packets.SSH_MSG_NEWKEYS) {
180 if (km == null) {
181 throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!");
182 }
183
184 BlockCipher cbc;
185 MAC mac;
186 Compressor comp;
187
188 try {
189 cbc = BlockCipherFactory.createCipher(kxs.np.enc_algo_server_to_client, false,
190 km.enc_key_server_to_client, km.initial_iv_server_to_client);
191
192 try {
193 mac = new MAC(kxs.np.mac_algo_server_to_client, km.integrity_key_server_to_client);
194 }
195 catch (DigestException e) {
196 throw new IOException(e);
197 }
198
199 comp = CompressionFactory.createCompressor(kxs.np.comp_algo_server_to_client);
200 }
201 catch (IllegalArgumentException e) {
202 throw new IOException(e.getMessage());
203 }
204
205 tm.changeRecvCipher(cbc, mac);
206 tm.changeRecvCompression(comp);
207 ConnectionInfo sci = new ConnectionInfo();
208 kexCount++;
209 sci.keyExchangeAlgorithm = kxs.np.kex_algo;
210 sci.keyExchangeCounter = kexCount;
211 sci.clientToServerCryptoAlgorithm = kxs.np.enc_algo_client_to_server;
212 sci.serverToClientCryptoAlgorithm = kxs.np.enc_algo_server_to_client;
213 sci.clientToServerMACAlgorithm = kxs.np.mac_algo_client_to_server;
214 sci.serverToClientMACAlgorithm = kxs.np.mac_algo_server_to_client;
215 sci.serverHostKeyAlgorithm = kxs.np.server_host_key_algo;
216 sci.serverHostKey = kxs.remote_hostkey;
217
218 synchronized (accessLock) {
219 lastConnInfo = sci;
220 accessLock.notifyAll();
221 }
222
223 kxs = null;
224 return;
225 }
226
227 if ((kxs == null) || (kxs.state == 0)) {
228 throw new IOException("Unexpected Kex submessage!");
229 }
230
231 if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1") ||
232 kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) {
233 if (kxs.state == 1) {
234 PacketKexDhGexGroup dhgexgrp = new PacketKexDhGexGroup(msg);
235 kxs.dhgx = new DhGroupExchange(dhgexgrp.getP(), dhgexgrp.getG());
236 kxs.dhgx.init(rnd);
237 PacketKexDhGexInit dhgexinit = new PacketKexDhGexInit(kxs.dhgx.getE());
238 tm.sendKexMessage(dhgexinit.getPayload());
239 kxs.state = 2;
240 return;
241 }
242
243 if (kxs.state == 2) {
244 PacketKexDhGexReply dhgexrpl = new PacketKexDhGexReply(msg);
245 kxs.remote_hostkey = dhgexrpl.getHostKey();
246
247 if (verifier != null) {
248 try {
249 if (!verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.remote_hostkey)) {
250 throw new IOException("The server host key was not accepted by the verifier callback");
251 }
252 }
253 catch (Exception e) {
254 throw new IOException(
255 "The server host key was not accepted by the verifier callback.", e);
256 }
257 }
258
259 kxs.dhgx.setF(dhgexrpl.getF());
260
261 try {
262 kxs.H = kxs.dhgx.calculateH(kxs.hashAlgo, csh.getClientString(), csh.getServerString(),
263 kxs.localKEX.getPayload(), kxs.remoteKEX.getPayload(), dhgexrpl.getHostKey(),
264 kxs.dhgexParameters);
265 }
266 catch (IllegalArgumentException e) {
267 throw new IOException("KEX error.", e);
268 }
269
270 if (!verifySignature(dhgexrpl.getSignature(), kxs.remote_hostkey)) {
271 throw new IOException("Invalid remote host key signature");
272 }
273
274 kxs.K = kxs.dhgx.getK();
275 finishKex(true);
276 kxs.state = -1;
277 return;
278 }
279
280 throw new IllegalStateException("Illegal State in KEX Exchange!");
281 }
282
283 if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") ||
284 kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") ||
285 kxs.np.kex_algo.equals("ecdh-sha2-nistp256") ||
286 kxs.np.kex_algo.equals("ecdh-sha2-nistp384") ||
287 kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) {
288 if (kxs.state == 1) {
289 PacketKexDHReply dhr = new PacketKexDHReply(msg);
290 kxs.remote_hostkey = dhr.getHostKey();
291
292 if (verifier != null) {
293 try {
294 if (!verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.remote_hostkey)) {
295 throw new IOException("The server host key was not accepted by the verifier callback");
296 }
297 }
298 catch (Exception e) {
299 throw new IOException("The server host key was not accepted by the verifier callback", e);
300 }
301 }
302
303 kxs.dhx.setF(dhr.getF().toByteArray());
304
305 try {
306 kxs.H = kxs.dhx.calculateH(csh.getClientString(), csh.getServerString(), kxs.localKEX.getPayload(),
307 kxs.remoteKEX.getPayload(), dhr.getHostKey());
308 }
309 catch (IllegalArgumentException e) {
310 throw new IOException("KEX error.", e);
311 }
312
313 if (!verifySignature(dhr.getSignature(), kxs.remote_hostkey)) {
314 throw new IOException("Invalid remote host key signature");
315 }
316
317 kxs.K = kxs.dhx.getK();
318 finishKex(true);
319 kxs.state = -1;
320 return;
321 }
322 }
323
324 throw new IllegalStateException(String.format("Unknown KEX method %s", kxs.np.kex_algo));
325 }
326 }