diff src/ch/ethz/ssh2/transport/ServerKexManager.java @ 298:ab3a99f11a36 ganymed

add ecdsa key support everywhere
author Carl Byington <carl@five-ten-sg.com>
date Tue, 29 Jul 2014 18:01:08 -0700
parents db9b028016de
children beaccc9df37b
line wrap: on
line diff
--- a/src/ch/ethz/ssh2/transport/ServerKexManager.java	Tue Jul 29 16:43:12 2014 -0700
+++ b/src/ch/ethz/ssh2/transport/ServerKexManager.java	Tue Jul 29 18:01:08 2014 -0700
@@ -79,6 +79,7 @@
                 kxs = new KexState();
                 kxs.local_dsa_key = nextKEXdsakey;
                 kxs.local_rsa_key = nextKEXrsakey;
+                kxs.local_ec_key  = nextKEXeckey;
                 kxs.dhgexParameters = nextKEXdhgexParameters;
                 kip = new PacketKexInit(nextKEXcryptoWishList, rnd);
                 kxs.localKEX = kip;
@@ -174,6 +175,10 @@
 
                 byte[] hostKey = null;
 
+                if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) {
+                    hostKey = ECDSASHA2Verify.encodeSSHECDSAPublicKey((ECDSAPublicKey)kxs.local_ec_key.getPublic());
+                }
+
                 if(kxs.np.server_host_key_algo.equals("ssh-rsa")) {
                     hostKey = RSASHA1Verify.encodeSSHRSAPublicKey((RSAPublicKey)kxs.local_rsa_key.getPublic());
                 }
@@ -194,12 +199,17 @@
 
                 byte[] signature = null;
 
-                if(kxs.np.server_host_key_algo.equals("ssh-rsa")) {
+                if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) {
+                    byte[] es = ECDSASHA2Verify.generateSignature(kxs.H, (ECDSAPrivateKey)kxs.local_ec_key.getPrivate());
+                    signature = ECDSASHA2Verify.encodeSSHECDSASignature(es);
+                }
+
+                if (kxs.np.server_host_key_algo.equals("ssh-rsa")) {
                     byte[] rs = RSASHA1Verify.generateSignature(kxs.H, (RSAPrivateKey)kxs.local_rsa_key.getPrivate());
                     signature = RSASHA1Verify.encodeSSHRSASignature(rs);
                 }
 
-                if(kxs.np.server_host_key_algo.equals("ssh-dss")) {
+                if (kxs.np.server_host_key_algo.equals("ssh-dss")) {
                     byte[] ds = DSASHA1Verify.generateSignature(kxs.H, (DSAPrivateKey)kxs.local_dsa_key.getPrivate(), rnd);
                     signature = DSASHA1Verify.encodeSSHDSASignature(ds);
                 }