Mercurial > 510Connectbot
diff src/ch/ethz/ssh2/transport/ClientKexManager.java @ 307:071eccdff8ea ganymed
fix java formatting
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Wed, 30 Jul 2014 14:16:58 -0700 |
| parents | d2b303406d63 |
| children | 42b15aaa7ac7 |
line wrap: on
line diff
--- a/src/ch/ethz/ssh2/transport/ClientKexManager.java Wed Jul 30 12:09:51 2014 -0700 +++ b/src/ch/ethz/ssh2/transport/ClientKexManager.java Wed Jul 30 14:16:58 2014 -0700 @@ -65,18 +65,14 @@ if (kxs.np.server_host_key_algo.equals("ssh-rsa")) { byte[] rs = RSASHA1Verify.decodeSSHRSASignature(sig); RSAPublicKey rpk = RSASHA1Verify.decodeSSHRSAPublicKey(hostkey); - log.debug("Verifying ssh-rsa signature"); - return RSASHA1Verify.verifySignature(kxs.H, rs, rpk); } if (kxs.np.server_host_key_algo.equals("ssh-dss")) { byte[] ds = DSASHA1Verify.decodeSSHDSASignature(sig); DSAPublicKey dpk = DSASHA1Verify.decodeSSHDSAPublicKey(hostkey); - log.debug("Verifying ssh-dss signature"); - return DSASHA1Verify.verifySignature(kxs.H, ds, dpk); } @@ -84,7 +80,7 @@ } public void handleFailure(final IOException failure) { - synchronized(accessLock) { + synchronized (accessLock) { connectionClosed = true; accessLock.notifyAll(); } @@ -93,25 +89,25 @@ public synchronized void handleMessage(byte[] msg) throws IOException { PacketKexInit kip; - if((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) { + if ((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) { throw new PacketTypeException(msg[0]); } - if(ignore_next_kex_packet) { + if (ignore_next_kex_packet) { ignore_next_kex_packet = false; return; } - if(msg[0] == Packets.SSH_MSG_KEXINIT) { - if((kxs != null) && (kxs.state != 0)) { + if (msg[0] == Packets.SSH_MSG_KEXINIT) { + if ((kxs != null) && (kxs.state != 0)) { throw new PacketTypeException(msg[0]); } - if(kxs == null) { + if (kxs == null) { /* * Ah, OK, peer wants to do KEX. Let's be nice and play - * together. - */ + * together. + */ kxs = new KexState(); kxs.dhgexParameters = nextKEXdhgexParameters; kip = new PacketKexInit(nextKEXcryptoWishList, rnd); @@ -121,33 +117,32 @@ kip = new PacketKexInit(msg); kxs.remoteKEX = kip; - kxs.np = mergeKexParameters(kxs.localKEX.getKexParameters(), kxs.remoteKEX.getKexParameters()); - if(kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { + if (kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { // Guess was wrong, we need to ignore the next kex packet. ignore_next_kex_packet = true; } - if(kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")) { - if(kxs.dhgexParameters.getMin_group_len() == 0) { + if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")) { + if (kxs.dhgexParameters.getMin_group_len() == 0) { PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters); tm.sendKexMessage(dhgexreq.getPayload()); - } else { PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters); tm.sendKexMessage(dhgexreq.getPayload()); } + kxs.state = 1; return; } - if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") + if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) { kxs.dhx = new DhExchange(); - if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")) { + if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")) { kxs.dhx.clientInit(1, rnd); } else { @@ -163,8 +158,8 @@ throw new IllegalStateException("Unkown KEX method!"); } - if(msg[0] == Packets.SSH_MSG_NEWKEYS) { - if(km == null) { + if (msg[0] == Packets.SSH_MSG_NEWKEYS) { + if (km == null) { throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!"); } @@ -174,28 +169,25 @@ try { cbc = BlockCipherFactory.createCipher(kxs.np.enc_algo_server_to_client, false, - km.enc_key_server_to_client, km.initial_iv_server_to_client); + km.enc_key_server_to_client, km.initial_iv_server_to_client); try { mac = new MAC(kxs.np.mac_algo_server_to_client, km.integrity_key_server_to_client); } - catch(DigestException e) { + catch (DigestException e) { throw new IOException(e); } comp = CompressionFactory.createCompressor(kxs.np.comp_algo_server_to_client); } - catch(IllegalArgumentException e) { + catch (IllegalArgumentException e) { throw new IOException(e.getMessage()); } tm.changeRecvCipher(cbc, mac); tm.changeRecvCompression(comp); - ConnectionInfo sci = new ConnectionInfo(); - kexCount++; - sci.keyExchangeAlgorithm = kxs.np.kex_algo; sci.keyExchangeCounter = kexCount; sci.clientToServerCryptoAlgorithm = kxs.np.enc_algo_client_to_server; @@ -205,7 +197,7 @@ sci.serverHostKeyAlgorithm = kxs.np.server_host_key_algo; sci.serverHostKey = kxs.remote_hostkey; - synchronized(accessLock) { + synchronized (accessLock) { lastConnInfo = sci; accessLock.notifyAll(); } @@ -214,12 +206,12 @@ return; } - if((kxs == null) || (kxs.state == 0)) { + if ((kxs == null) || (kxs.state == 0)) { throw new IOException("Unexpected Kex submessage!"); } - if(kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")) { - if(kxs.state == 1) { + if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")) { + if (kxs.state == 1) { PacketKexDhGexGroup dhgexgrp = new PacketKexDhGexGroup(msg); kxs.dhgx = new DhGroupExchange(dhgexgrp.getP(), dhgexgrp.getG()); kxs.dhgx.init(rnd); @@ -229,20 +221,19 @@ return; } - if(kxs.state == 2) { + if (kxs.state == 2) { PacketKexDhGexReply dhgexrpl = new PacketKexDhGexReply(msg); - kxs.remote_hostkey = dhgexrpl.getHostKey(); - if(verifier != null) { + if (verifier != null) { try { - if(!verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.remote_hostkey)) { + if (!verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.remote_hostkey)) { throw new IOException("The server host key was not accepted by the verifier callback"); } } - catch(Exception e) { + catch (Exception e) { throw new IOException( - "The server host key was not accepted by the verifier callback.", e); + "The server host key was not accepted by the verifier callback.", e); } } @@ -250,15 +241,17 @@ try { kxs.H = kxs.dhgx.calculateH(csh.getClientString(), csh.getServerString(), - kxs.localKEX.getPayload(), kxs.remoteKEX.getPayload(), dhgexrpl.getHostKey(), - kxs.dhgexParameters); + kxs.localKEX.getPayload(), kxs.remoteKEX.getPayload(), dhgexrpl.getHostKey(), + kxs.dhgexParameters); } - catch(IllegalArgumentException e) { + catch (IllegalArgumentException e) { throw new IOException("KEX error.", e); } - if(!verifySignature(dhgexrpl.getSignature(), kxs.remote_hostkey)) { + + if (!verifySignature(dhgexrpl.getSignature(), kxs.remote_hostkey)) { throw new IOException("Invalid remote host key signature"); } + kxs.K = kxs.dhgx.getK(); finishKex(true); kxs.state = -1; @@ -268,41 +261,44 @@ throw new IllegalStateException("Illegal State in KEX Exchange!"); } - if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") + if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) { - if(kxs.state == 1) { - + if (kxs.state == 1) { PacketKexDHReply dhr = new PacketKexDHReply(msg); - kxs.remote_hostkey = dhr.getHostKey(); - if(verifier != null) { + if (verifier != null) { try { - if(!verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.remote_hostkey)) { + if (!verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.remote_hostkey)) { throw new IOException("The server host key was not accepted by the verifier callback"); } } - catch(Exception e) { + catch (Exception e) { throw new IOException("The server host key was not accepted by the verifier callback", e); } } + kxs.dhx.setF(dhr.getF()); + try { kxs.H = kxs.dhx.calculateH(csh.getClientString(), csh.getServerString(), kxs.localKEX.getPayload(), - kxs.remoteKEX.getPayload(), dhr.getHostKey()); + kxs.remoteKEX.getPayload(), dhr.getHostKey()); } - catch(IllegalArgumentException e) { + catch (IllegalArgumentException e) { throw new IOException("KEX error.", e); } - if(!verifySignature(dhr.getSignature(), kxs.remote_hostkey)) { + + if (!verifySignature(dhr.getSignature(), kxs.remote_hostkey)) { throw new IOException("Invalid remote host key signature"); } + kxs.K = kxs.dhx.getK(); finishKex(true); kxs.state = -1; return; } } + throw new IllegalStateException(String.format("Unknown KEX method %s", kxs.np.kex_algo)); } }