Mercurial > 510Connectbot
diff src/ch/ethz/ssh2/transport/ServerKexManager.java @ 273:91a31873c42a ganymed
start conversion from trilead to ganymed
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Fri, 18 Jul 2014 11:21:46 -0700 |
parents | |
children | b4ca341c318d |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/ch/ethz/ssh2/transport/ServerKexManager.java Fri Jul 18 11:21:46 2014 -0700 @@ -0,0 +1,216 @@ +/* + * Copyright (c) 2006-2013 Christian Plattner. All rights reserved. + * Please refer to the LICENSE.txt for licensing details. + */ +package ch.ethz.ssh2.transport; + +import java.io.IOException; +import java.security.DigestException; + +import ch.ethz.ssh2.ConnectionInfo; +import ch.ethz.ssh2.PacketTypeException; +import ch.ethz.ssh2.auth.ServerAuthenticationManager; +import ch.ethz.ssh2.crypto.cipher.BlockCipher; +import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory; +import ch.ethz.ssh2.crypto.dh.DhExchange; +import ch.ethz.ssh2.crypto.digest.MAC; +import ch.ethz.ssh2.packets.PacketKexDHInit; +import ch.ethz.ssh2.packets.PacketKexDHReply; +import ch.ethz.ssh2.packets.PacketKexInit; +import ch.ethz.ssh2.packets.Packets; +import ch.ethz.ssh2.server.ServerConnectionState; +import ch.ethz.ssh2.signature.DSASHA1Verify; +import ch.ethz.ssh2.signature.DSASignature; +import ch.ethz.ssh2.signature.RSASHA1Verify; +import ch.ethz.ssh2.signature.RSASignature; + +/** + * @version $Id: ServerKexManager.java 160 2014-05-01 14:30:26Z dkocher@sudo.ch $ + */ +public class ServerKexManager extends KexManager { + + private final ServerConnectionState state; + + private boolean authenticationStarted = false; + + public ServerKexManager(ServerConnectionState state) { + super(state.tm, state.csh, state.next_cryptoWishList, state.generator); + this.state = state; + } + + @Override + public void handleFailure(final IOException failure) { + synchronized(accessLock) { + connectionClosed = true; + accessLock.notifyAll(); + } + } + + @Override + public void handleMessage(byte[] msg) throws IOException { + PacketKexInit kip; + + if((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) { + throw new PacketTypeException(msg[0]); + } + + if(ignore_next_kex_packet) { + ignore_next_kex_packet = false; + return; + } + + if(msg[0] == Packets.SSH_MSG_KEXINIT) { + if((kxs != null) && (kxs.state != 0)) { + throw new PacketTypeException(msg[0]); + } + + if(kxs == null) { + /* + * Ah, OK, peer wants to do KEX. Let's be nice and play + * together. + */ + kxs = new KexState(); + kxs.local_dsa_key = nextKEXdsakey; + kxs.local_rsa_key = nextKEXrsakey; + kxs.dhgexParameters = nextKEXdhgexParameters; + kip = new PacketKexInit(nextKEXcryptoWishList, rnd); + kxs.localKEX = kip; + tm.sendKexMessage(kip.getPayload()); + } + + kip = new PacketKexInit(msg); + kxs.remoteKEX = kip; + + kxs.np = mergeKexParameters(kxs.remoteKEX.getKexParameters(), kxs.localKEX.getKexParameters()); + + if(kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { + // Guess was wrong, we need to ignore the next kex packet. + ignore_next_kex_packet = true; + } + + if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") + || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) { + kxs.dhx = new DhExchange(); + + if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")) { + kxs.dhx.serverInit(1, rnd); + } + else { + kxs.dhx.serverInit(14, rnd); + } + + kxs.state = 1; + return; + } + + throw new IllegalStateException("Unkown KEX method!"); + } + + if(msg[0] == Packets.SSH_MSG_NEWKEYS) { + if(km == null) { + throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!"); + } + + BlockCipher cbc; + MAC mac; + + try { + cbc = BlockCipherFactory.createCipher(kxs.np.enc_algo_client_to_server, false, + km.enc_key_client_to_server, km.initial_iv_client_to_server); + + try { + mac = new MAC(kxs.np.mac_algo_client_to_server, km.integrity_key_client_to_server); + } + catch(DigestException e) { + throw new IOException(e); + } + + } + catch(IllegalArgumentException e) { + throw new IOException(e); + } + + tm.changeRecvCipher(cbc, mac); + + ConnectionInfo sci = new ConnectionInfo(); + + kexCount++; + + sci.keyExchangeAlgorithm = kxs.np.kex_algo; + sci.keyExchangeCounter = kexCount; + sci.clientToServerCryptoAlgorithm = kxs.np.enc_algo_client_to_server; + sci.serverToClientCryptoAlgorithm = kxs.np.enc_algo_server_to_client; + sci.clientToServerMACAlgorithm = kxs.np.mac_algo_client_to_server; + sci.serverToClientMACAlgorithm = kxs.np.mac_algo_server_to_client; + sci.serverHostKeyAlgorithm = kxs.np.server_host_key_algo; + sci.serverHostKey = kxs.remote_hostkey; + + synchronized(accessLock) { + lastConnInfo = sci; + accessLock.notifyAll(); + } + + kxs = null; + return; + } + + if((kxs == null) || (kxs.state == 0)) { + throw new IOException("Unexpected Kex submessage!"); + } + + if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") + || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) { + if(kxs.state == 1) { + PacketKexDHInit dhi = new PacketKexDHInit(msg); + + kxs.dhx.setE(dhi.getE()); + + byte[] hostKey = null; + + if(kxs.np.server_host_key_algo.equals("ssh-rsa")) { + hostKey = RSASHA1Verify.encodeSSHRSAPublicKey(kxs.local_rsa_key.getPublicKey()); + } + + if(kxs.np.server_host_key_algo.equals("ssh-dss")) { + hostKey = DSASHA1Verify.encodeSSHDSAPublicKey(kxs.local_dsa_key.getPublicKey()); + } + + try { + kxs.H = kxs.dhx.calculateH(csh.getClientString(), csh.getServerString(), + kxs.remoteKEX.getPayload(), kxs.localKEX.getPayload(), hostKey); + } + catch(IllegalArgumentException e) { + throw new IOException("KEX error.", e); + } + + kxs.K = kxs.dhx.getK(); + + byte[] signature = null; + + if(kxs.np.server_host_key_algo.equals("ssh-rsa")) { + RSASignature rs = RSASHA1Verify.generateSignature(kxs.H, kxs.local_rsa_key); + signature = RSASHA1Verify.encodeSSHRSASignature(rs); + } + + if(kxs.np.server_host_key_algo.equals("ssh-dss")) { + DSASignature ds = DSASHA1Verify.generateSignature(kxs.H, kxs.local_dsa_key, rnd); + signature = DSASHA1Verify.encodeSSHDSASignature(ds); + } + + PacketKexDHReply dhr = new PacketKexDHReply(hostKey, kxs.dhx.getF(), signature); + tm.sendKexMessage(dhr.getPayload()); + + finishKex(false); + kxs.state = -1; + + if(authenticationStarted == false) { + authenticationStarted = true; + state.am = new ServerAuthenticationManager(state); + } + + return; + } + } + throw new IllegalStateException(String.format("Unknown KEX method %s", kxs.np.kex_algo)); + } +}