Mercurial > 510Connectbot

comparison app/src/main/java/ch/ethz/ssh2/transport/ServerKexManager.java @ 438:d29cce60f393

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
migrate from Eclipse to Android Studio
author Carl Byington <carl@five-ten-sg.com>
date Thu, 03 Dec 2015 11:23:55 -0800
parents src/ch/ethz/ssh2/transport/ServerKexManager.java@6740870cf268
children
comparison
equal deleted inserted replaced
437:208b31032318 438:d29cce60f393
1 /*
2 * Copyright (c) 2006-2013 Christian Plattner. All rights reserved.
3 * Please refer to the LICENSE.txt for licensing details.
4 */
5 package ch.ethz.ssh2.transport;
6
7 import java.io.IOException;
8 import java.security.DigestException;
9 import java.security.interfaces.DSAPrivateKey;
10 import java.security.interfaces.DSAPublicKey;
11 import java.security.interfaces.ECPrivateKey;
12 import java.security.interfaces.ECPublicKey;
13 import java.security.interfaces.RSAPrivateKey;
14 import java.security.interfaces.RSAPublicKey;
15 import java.math.BigInteger;
16
17 import ch.ethz.ssh2.ConnectionInfo;
18 import ch.ethz.ssh2.PacketTypeException;
19 import ch.ethz.ssh2.auth.ServerAuthenticationManager;
20 import ch.ethz.ssh2.crypto.cipher.BlockCipher;
21 import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory;
22 import ch.ethz.ssh2.crypto.dh.GenericDhExchange;
23 import ch.ethz.ssh2.crypto.digest.MAC;
24 import ch.ethz.ssh2.packets.PacketKexDHInit;
25 import ch.ethz.ssh2.packets.PacketKexDHReply;
26 import ch.ethz.ssh2.packets.PacketKexInit;
27 import ch.ethz.ssh2.packets.Packets;
28 import ch.ethz.ssh2.server.ServerConnectionState;
29 import ch.ethz.ssh2.signature.DSASHA1Verify;
30 import ch.ethz.ssh2.signature.ECDSASHA2Verify;
31 import ch.ethz.ssh2.signature.RSASHA1Verify;
32
33 /**
34 * @version $Id: ServerKexManager.java 160 2014-05-01 14:30:26Z dkocher@sudo.ch $
35 */
36 public class ServerKexManager extends KexManager {
37
38 private final ServerConnectionState state;
39
40 private boolean authenticationStarted = false;
41
42 public ServerKexManager(ServerConnectionState state) {
43 super(state.tm, state.csh, state.next_cryptoWishList, state.generator);
44 this.state = state;
45 }
46
47 public void handleFailure(final IOException failure) {
48 synchronized (accessLock) {
49 connectionClosed = true;
50 accessLock.notifyAll();
51 }
52 }
53
54 public void handleMessage(byte[] msg) throws IOException {
55 PacketKexInit kip;
56
57 if (msg == null) {
58 synchronized (accessLock) {
59 connectionClosed = true;
60 accessLock.notifyAll();
61 return;
62 }
63 }
64
65 if ((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) {
66 throw new PacketTypeException(msg[0]);
67 }
68
69 if (ignore_next_kex_packet) {
70 ignore_next_kex_packet = false;
71 return;
72 }
73
74 if (msg[0] == Packets.SSH_MSG_KEXINIT) {
75 if ((kxs != null) && (kxs.state != 0)) {
76 throw new PacketTypeException(msg[0]);
77 }
78
79 if (kxs == null) {
80 /*
81 * Ah, OK, peer wants to do KEX. Let's be nice and play
82 * together.
83 */
84 kxs = new KexState();
85 kxs.local_dsa_key = nextKEXdsakey;
86 kxs.local_rsa_key = nextKEXrsakey;
87 kxs.local_ec_key = nextKEXeckey;
88 kxs.dhgexParameters = nextKEXdhgexParameters;
89 kip = new PacketKexInit(nextKEXcryptoWishList, rnd);
90 kxs.localKEX = kip;
91 tm.sendKexMessage(kip.getPayload());
92 }
93
94 kip = new PacketKexInit(msg);
95 kxs.remoteKEX = kip;
96 kxs.np = mergeKexParameters(kxs.remoteKEX.getKexParameters(), kxs.localKEX.getKexParameters());
97
98 if (kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) {
99 // Guess was wrong, we need to ignore the next kex packet.
100 ignore_next_kex_packet = true;
101 }
102
103 if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") ||
104 kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") ||
105 kxs.np.kex_algo.equals("ecdh-sha2-nistp256") ||
106 kxs.np.kex_algo.equals("ecdh-sha2-nistp384") ||
107 kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) {
108 kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo);
109 kxs.dhx.init(kxs.np.kex_algo);
110 kxs.state = 1;
111 return;
112 }
113
114 throw new IllegalStateException("Unkown KEX method!");
115 }
116
117 if (msg[0] == Packets.SSH_MSG_NEWKEYS) {
118 if (km == null) {
119 throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!");
120 }
121
122 BlockCipher cbc;
123 MAC mac;
124
125 try {
126 cbc = BlockCipherFactory.createCipher(kxs.np.enc_algo_client_to_server, false,
127 km.enc_key_client_to_server, km.initial_iv_client_to_server);
128
129 try {
130 mac = new MAC(kxs.np.mac_algo_client_to_server, km.integrity_key_client_to_server);
131 }
132 catch (DigestException e) {
133 throw new IOException(e);
134 }
135 }
136 catch (IllegalArgumentException e) {
137 throw new IOException(e);
138 }
139
140 tm.changeRecvCipher(cbc, mac);
141 ConnectionInfo sci = new ConnectionInfo();
142 kexCount++;
143 sci.keyExchangeAlgorithm = kxs.np.kex_algo;
144 sci.keyExchangeCounter = kexCount;
145 sci.clientToServerCryptoAlgorithm = kxs.np.enc_algo_client_to_server;
146 sci.serverToClientCryptoAlgorithm = kxs.np.enc_algo_server_to_client;
147 sci.clientToServerMACAlgorithm = kxs.np.mac_algo_client_to_server;
148 sci.serverToClientMACAlgorithm = kxs.np.mac_algo_server_to_client;
149 sci.serverHostKeyAlgorithm = kxs.np.server_host_key_algo;
150 sci.serverHostKey = kxs.remote_hostkey;
151
152 synchronized (accessLock) {
153 lastConnInfo = sci;
154 accessLock.notifyAll();
155 }
156
157 kxs = null;
158 return;
159 }
160
161 if ((kxs == null) || (kxs.state == 0)) {
162 throw new IOException("Unexpected Kex submessage!");
163 }
164
165 if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") ||
166 kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") ||
167 kxs.np.kex_algo.equals("ecdh-sha2-nistp256") ||
168 kxs.np.kex_algo.equals("ecdh-sha2-nistp384") ||
169 kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) {
170 if (kxs.state == 1) {
171 PacketKexDHInit dhi = new PacketKexDHInit(msg);
172 kxs.dhx.setE(dhi.getE());
173 byte[] hostKey = null;
174
175 if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) {
176 hostKey = ECDSASHA2Verify.encodeSSHECDSAPublicKey((ECPublicKey)kxs.local_ec_key.getPublic());
177 }
178
179 if (kxs.np.server_host_key_algo.equals("ssh-rsa")) {
180 hostKey = RSASHA1Verify.encodeSSHRSAPublicKey((RSAPublicKey)kxs.local_rsa_key.getPublic());
181 }
182
183 if (kxs.np.server_host_key_algo.equals("ssh-dss")) {
184 hostKey = DSASHA1Verify.encodeSSHDSAPublicKey((DSAPublicKey)kxs.local_dsa_key.getPublic());
185 }
186
187 try {
188 kxs.H = kxs.dhx.calculateH(csh.getClientString(), csh.getServerString(),
189 kxs.remoteKEX.getPayload(), kxs.localKEX.getPayload(), hostKey);
190 }
191 catch (IllegalArgumentException e) {
192 throw new IOException("KEX error.", e);
193 }
194
195 kxs.K = kxs.dhx.getK();
196 byte[] signature = null;
197
198 if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) {
199 ECPrivateKey pk = (ECPrivateKey)kxs.local_ec_key.getPrivate();
200 byte[] es = ECDSASHA2Verify.generateSignature(kxs.H, pk);
201 signature = ECDSASHA2Verify.encodeSSHECDSASignature(es, pk.getParams());
202 }
203
204 if (kxs.np.server_host_key_algo.equals("ssh-rsa")) {
205 byte[] rs = RSASHA1Verify.generateSignature(kxs.H, (RSAPrivateKey)kxs.local_rsa_key.getPrivate());
206 signature = RSASHA1Verify.encodeSSHRSASignature(rs);
207 }
208
209 if (kxs.np.server_host_key_algo.equals("ssh-dss")) {
210 byte[] ds = DSASHA1Verify.generateSignature(kxs.H, (DSAPrivateKey)kxs.local_dsa_key.getPrivate(), rnd);
211 signature = DSASHA1Verify.encodeSSHDSASignature(ds);
212 }
213
214 PacketKexDHReply dhr = new PacketKexDHReply(hostKey, new BigInteger(kxs.dhx.getF()), signature);
215 tm.sendKexMessage(dhr.getPayload());
216 finishKex(false);
217 kxs.state = -1;
218
219 if (authenticationStarted == false) {
220 authenticationStarted = true;
221 state.am = new ServerAuthenticationManager(state);
222 }
223
224 return;
225 }
226 }
227
228 throw new IllegalStateException(String.format("Unknown KEX method %s", kxs.np.kex_algo));
229 }
230 }