Mercurial > 510Connectbot
diff src/ch/ethz/ssh2/transport/ClientKexManager.java @ 329:6896bfafa510 ganymed
add ecdsa key support everywhere
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Thu, 31 Jul 2014 12:51:42 -0700 |
parents | d85bc45139f2 |
children | 6740870cf268 |
line wrap: on
line diff
--- a/src/ch/ethz/ssh2/transport/ClientKexManager.java Thu Jul 31 11:27:40 2014 -0700 +++ b/src/ch/ethz/ssh2/transport/ClientKexManager.java Thu Jul 31 12:51:42 2014 -0700 @@ -125,8 +125,10 @@ kip = new PacketKexInit(msg); kxs.remoteKEX = kip; + kxs.np = mergeKexParameters(kxs.localKEX.getKexParameters(), kxs.remoteKEX.getKexParameters()); - kxs.np = mergeKexParameters(kxs.localKEX.getKexParameters(), kxs.remoteKEX.getKexParameters()); + if (kxs.np == null) + throw new IOException("Cannot negotiate, proposals do not match."); if(kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { // Guess was wrong, we need to ignore the next kex packet. @@ -138,7 +140,6 @@ if(kxs.dhgexParameters.getMin_group_len() == 0) { PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters); tm.sendKexMessage(dhgexreq.getPayload()); - } else { PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters); @@ -161,6 +162,7 @@ kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo); kxs.dhx.init(kxs.np.kex_algo); + kxs.hashAlgo = kxs.dhx.getHashAlgo(); PacketKexDHInit kp = new PacketKexDHInit(kxs.dhx.getE()); tm.sendKexMessage(kp.getPayload()); kxs.state = 1; @@ -170,8 +172,8 @@ throw new IllegalStateException("Unkown KEX method!"); } - if(msg[0] == Packets.SSH_MSG_NEWKEYS) { - if(km == null) { + if (msg[0] == Packets.SSH_MSG_NEWKEYS) { + if (km == null) { throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!"); } @@ -198,11 +200,8 @@ tm.changeRecvCipher(cbc, mac); tm.changeRecvCompression(comp); - ConnectionInfo sci = new ConnectionInfo(); - kexCount++; - sci.keyExchangeAlgorithm = kxs.np.kex_algo; sci.keyExchangeCounter = kexCount; sci.clientToServerCryptoAlgorithm = kxs.np.enc_algo_client_to_server;