diff src/ch/ethz/ssh2/transport/ClientKexManager.java @ 329:6896bfafa510 ganymed

add ecdsa key support everywhere
author Carl Byington <carl@five-ten-sg.com>
date Thu, 31 Jul 2014 12:51:42 -0700
parents d85bc45139f2
children 6740870cf268
line wrap: on
line diff
--- a/src/ch/ethz/ssh2/transport/ClientKexManager.java	Thu Jul 31 11:27:40 2014 -0700
+++ b/src/ch/ethz/ssh2/transport/ClientKexManager.java	Thu Jul 31 12:51:42 2014 -0700
@@ -125,8 +125,10 @@
 
             kip = new PacketKexInit(msg);
             kxs.remoteKEX = kip;
+            kxs.np = mergeKexParameters(kxs.localKEX.getKexParameters(), kxs.remoteKEX.getKexParameters());
 
-            kxs.np = mergeKexParameters(kxs.localKEX.getKexParameters(), kxs.remoteKEX.getKexParameters());
+            if (kxs.np == null)
+                throw new IOException("Cannot negotiate, proposals do not match.");
 
             if(kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) {
                 // Guess was wrong, we need to ignore the next kex packet.
@@ -138,7 +140,6 @@
                 if(kxs.dhgexParameters.getMin_group_len() == 0) {
                     PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters);
                     tm.sendKexMessage(dhgexreq.getPayload());
-
                 }
                 else {
                     PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters);
@@ -161,6 +162,7 @@
                 kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) {
                 kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo);
                 kxs.dhx.init(kxs.np.kex_algo);
+                kxs.hashAlgo = kxs.dhx.getHashAlgo();
                 PacketKexDHInit kp = new PacketKexDHInit(kxs.dhx.getE());
                 tm.sendKexMessage(kp.getPayload());
                 kxs.state = 1;
@@ -170,8 +172,8 @@
             throw new IllegalStateException("Unkown KEX method!");
         }
 
-        if(msg[0] == Packets.SSH_MSG_NEWKEYS) {
-            if(km == null) {
+        if (msg[0] == Packets.SSH_MSG_NEWKEYS) {
+            if (km == null) {
                 throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!");
             }
 
@@ -198,11 +200,8 @@
 
             tm.changeRecvCipher(cbc, mac);
             tm.changeRecvCompression(comp);
-
             ConnectionInfo sci = new ConnectionInfo();
-
             kexCount++;
-
             sci.keyExchangeAlgorithm = kxs.np.kex_algo;
             sci.keyExchangeCounter = kexCount;
             sci.clientToServerCryptoAlgorithm = kxs.np.enc_algo_client_to_server;