Mercurial > 510Connectbot
diff src/ch/ethz/ssh2/transport/ClientKexManager.java @ 306:90e47d99ea54 ganymed
add ecdsa key support everywhere
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Wed, 30 Jul 2014 13:38:04 -0700 |
parents | d2b303406d63 |
children | 42b15aaa7ac7 |
line wrap: on
line diff
--- a/src/ch/ethz/ssh2/transport/ClientKexManager.java Wed Jul 30 12:09:51 2014 -0700 +++ b/src/ch/ethz/ssh2/transport/ClientKexManager.java Wed Jul 30 13:38:04 2014 -0700 @@ -65,18 +65,14 @@ if (kxs.np.server_host_key_algo.equals("ssh-rsa")) { byte[] rs = RSASHA1Verify.decodeSSHRSASignature(sig); RSAPublicKey rpk = RSASHA1Verify.decodeSSHRSAPublicKey(hostkey); - log.debug("Verifying ssh-rsa signature"); - return RSASHA1Verify.verifySignature(kxs.H, rs, rpk); } if (kxs.np.server_host_key_algo.equals("ssh-dss")) { byte[] ds = DSASHA1Verify.decodeSSHDSASignature(sig); DSAPublicKey dpk = DSASHA1Verify.decodeSSHDSAPublicKey(hostkey); - log.debug("Verifying ssh-dss signature"); - return DSASHA1Verify.verifySignature(kxs.H, ds, dpk); } @@ -93,6 +89,14 @@ public synchronized void handleMessage(byte[] msg) throws IOException { PacketKexInit kip; + if (msg == null) { + synchronized (accessLock) { + connectionClosed = true; + accessLock.notifyAll(); + return; + } + } + if((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) { throw new PacketTypeException(msg[0]); } @@ -129,7 +133,8 @@ ignore_next_kex_packet = true; } - if(kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")) { + if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1") || + kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) { if(kxs.dhgexParameters.getMin_group_len() == 0) { PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters); tm.sendKexMessage(dhgexreq.getPayload()); @@ -139,21 +144,23 @@ PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters); tm.sendKexMessage(dhgexreq.getPayload()); } + if (kxs.np.kex_algo.endsWith("sha1")) { + kxs.hashAlgo = "SHA1"; + } + else { + kxs.hashAlgo = "SHA-256"; + } kxs.state = 1; return; } - if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") - || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) { - kxs.dhx = new DhExchange(); - - if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")) { - kxs.dhx.clientInit(1, rnd); - } - else { - kxs.dhx.clientInit(14, rnd); - } - + if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || + kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { + kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo); + kxs.dhx.init(kxs.np.kex_algo); PacketKexDHInit kp = new PacketKexDHInit(kxs.dhx.getE()); tm.sendKexMessage(kp.getPayload()); kxs.state = 1; @@ -218,7 +225,8 @@ throw new IOException("Unexpected Kex submessage!"); } - if(kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")) { + if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1") || + kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) { if(kxs.state == 1) { PacketKexDhGexGroup dhgexgrp = new PacketKexDhGexGroup(msg); kxs.dhgx = new DhGroupExchange(dhgexgrp.getP(), dhgexgrp.getG()); @@ -268,12 +276,13 @@ throw new IllegalStateException("Illegal State in KEX Exchange!"); } - if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") - || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) { + if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || + kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { if(kxs.state == 1) { - PacketKexDHReply dhr = new PacketKexDHReply(msg); - kxs.remote_hostkey = dhr.getHostKey(); if(verifier != null) {