Mercurial > 510Connectbot
diff src/ch/ethz/ssh2/transport/KexManager.java @ 300:349847b2e318 ganymed
add ecdsa key support everywhere
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Tue, 29 Jul 2014 18:36:57 -0700 |
| parents | 486df527ddc5 |
| children | ca5dd224a87b |
line wrap: on
line diff
--- a/src/ch/ethz/ssh2/transport/KexManager.java Tue Jul 29 18:08:09 2014 -0700 +++ b/src/ch/ethz/ssh2/transport/KexManager.java Tue Jul 29 18:36:57 2014 -0700 @@ -37,6 +37,26 @@ public abstract class KexManager implements MessageHandler { protected static final Logger log = Logger.getLogger(KexManager.class); + private static final Set<String> HOSTKEY_ALGS = new TreeSet<String>(); + static { + HOSTKEY_ALGS.add("ecdsa-sha2-nistp256"); + HOSTKEY_ALGS.add("ecdsa-sha2-nistp384"); + HOSTKEY_ALGS.add("ecdsa-sha2-nistp521"); + HOSTKEY_ALGS.add("ssh-rsa"); + HOSTKEY_ALGS.add("ssh-dss"); + } + + private static final Set<String> KEX_ALGS = new TreeSet<String>(); + static { + KEX_ALGS.add("ecdh-sha2-nistp256"); + KEX_ALGS.add("ecdh-sha2-nistp384"); + KEX_ALGS.add("ecdh-sha2-nistp521"); + KEX_ALGS.add("diffie-hellman-group-exchange-sha256"); + KEX_ALGS.add("diffie-hellman-group-exchange-sha1"); + KEX_ALGS.add("diffie-hellman-group14-sha1"); + KEX_ALGS.add("diffie-hellman-group1-sha1"); + } + KexState kxs; int kexCount = 0; KeyMaterial km; @@ -56,6 +76,7 @@ DHGexParameters nextKEXdhgexParameters; KeyPair nextKEXdsakey; KeyPair nextKEXrsakey; + KeyPair nextKEXeckey; final SecureRandom rnd; @@ -182,17 +203,19 @@ return np; } - public synchronized void initiateKEX(CryptoWishList cwl, DHGexParameters dhgex, KeyPair dsa, KeyPair rsa) + public synchronized void initiateKEX(CryptoWishList cwl, DHGexParameters dhgex, KeyPair dsa, KeyPair rsa, KeyPair ec) throws IOException { nextKEXcryptoWishList = cwl; nextKEXdhgexParameters = dhgex; nextKEXdsakey = dsa; nextKEXrsakey = rsa; + nextKEXeckey = ec; if(kxs == null) { kxs = new KexState(); kxs.local_dsa_key = dsa; kxs.local_rsa_key = rsa; + kxs.local_ec_key = ec; kxs.dhgexParameters = nextKEXdhgexParameters; kxs.localKEX = new PacketKexInit(nextKEXcryptoWishList, rnd); tm.sendKexMessage(kxs.localKEX.getPayload()); @@ -260,42 +283,28 @@ } public static String[] getDefaultServerHostkeyAlgorithmList() { - return new String[]{"ssh-rsa", "ssh-dss"}; + return HOSTKEY_ALGS.toArray(new String[HOSTKEY_ALGS.size()]); } public static void checkServerHostkeyAlgorithmsList(String[] algos) { - for(final String algo : algos) { - if("ssh-rsa".equals(algo)) { - continue; - } - if("ssh-dss".equals(algo)) { - continue; - } - throw new IllegalArgumentException(String.format("Unknown server host key algorithm %s", algo)); + for (final String algo : algos) { + if (!HOSTKEY_ALGS.contains(algo)) + throw new IllegalArgumentException("Unknown server host key algorithm '" + algo + "'"); } } public static String[] getDefaultClientKexAlgorithmList() { - return new String[]{"diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", - "diffie-hellman-group1-sha1"}; + return KEX_ALGS.toArray(new String[KEX_ALGS.size()]); } public static String[] getDefaultServerKexAlgorithmList() { - return new String[]{"diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"}; + return KEX_ALGS.toArray(new String[KEX_ALGS.size()]); } public static void checkKexAlgorithmList(String[] algos) { - for(final String algo : algos) { - if("diffie-hellman-group-exchange-sha1".equals(algo)) { - continue; - } - if("diffie-hellman-group14-sha1".equals(algo)) { - continue; - } - if("diffie-hellman-group1-sha1".equals(algo)) { - continue; - } - throw new IllegalArgumentException(String.format("Unknown kex algorithm %s", algo)); + for (final String algo : algos) { + if (!KEX_ALGS.contains(algo)) + throw new IllegalArgumentException("Unknown kex algorithm '" + algo + "'"); } } }