view src/ch/ethz/ssh2/transport/ServerKexManager.java @ 304:abad243cb341
ganymed
add ecdsa key support everywhere
author |
Carl Byington <carl@five-ten-sg.com> |
date |
Tue, 29 Jul 2014 20:28:01 -0700 (2014-07-30) |
parents |
beaccc9df37b |
children |
d2b303406d63 |
line source
/*
* Copyright (c) 2006-2013 Christian Plattner. All rights reserved.
* Please refer to the LICENSE.txt for licensing details.
*/
package ch.ethz.ssh2.transport;
import java.io.IOException;
import java.security.DigestException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import ch.ethz.ssh2.ConnectionInfo;
import ch.ethz.ssh2.PacketTypeException;
import ch.ethz.ssh2.auth.ServerAuthenticationManager;
import ch.ethz.ssh2.crypto.cipher.BlockCipher;
import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory;
import ch.ethz.ssh2.crypto.dh.DhExchange;
import ch.ethz.ssh2.crypto.digest.MAC;
import ch.ethz.ssh2.packets.PacketKexDHInit;
import ch.ethz.ssh2.packets.PacketKexDHReply;
import ch.ethz.ssh2.packets.PacketKexInit;
import ch.ethz.ssh2.packets.Packets;
import ch.ethz.ssh2.server.ServerConnectionState;
import ch.ethz.ssh2.signature.DSASHA1Verify;
import ch.ethz.ssh2.signature.ECDSASHA2Verify;
import ch.ethz.ssh2.signature.RSASHA1Verify;
/**
* @version $Id: ServerKexManager.java 160 2014-05-01 14:30:26Z dkocher@sudo.ch $
*/
public class ServerKexManager extends KexManager {
private final ServerConnectionState state;
private boolean authenticationStarted = false;
public ServerKexManager(ServerConnectionState state) {
super(state.tm, state.csh, state.next_cryptoWishList, state.generator);
this.state = state;
}
@Override
public void handleFailure(final IOException failure) {
synchronized(accessLock) {
connectionClosed = true;
accessLock.notifyAll();
}
}
@Override
public void handleMessage(byte[] msg) throws IOException {
PacketKexInit kip;
if((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) {
throw new PacketTypeException(msg[0]);
}
if(ignore_next_kex_packet) {
ignore_next_kex_packet = false;
return;
}
if(msg[0] == Packets.SSH_MSG_KEXINIT) {
if((kxs != null) && (kxs.state != 0)) {
throw new PacketTypeException(msg[0]);
}
if(kxs == null) {
/*
* Ah, OK, peer wants to do KEX. Let's be nice and play
* together.
*/
kxs = new KexState();
kxs.local_dsa_key = nextKEXdsakey;
kxs.local_rsa_key = nextKEXrsakey;
kxs.local_ec_key = nextKEXeckey;
kxs.dhgexParameters = nextKEXdhgexParameters;
kip = new PacketKexInit(nextKEXcryptoWishList, rnd);
kxs.localKEX = kip;
tm.sendKexMessage(kip.getPayload());
}
kip = new PacketKexInit(msg);
kxs.remoteKEX = kip;
kxs.np = mergeKexParameters(kxs.remoteKEX.getKexParameters(), kxs.localKEX.getKexParameters());
if(kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) {
// Guess was wrong, we need to ignore the next kex packet.
ignore_next_kex_packet = true;
}
if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")
|| kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) {
kxs.dhx = new DhExchange();
if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")) {
kxs.dhx.serverInit(1, rnd);
}
else {
kxs.dhx.serverInit(14, rnd);
}
kxs.state = 1;
return;
}
throw new IllegalStateException("Unkown KEX method!");
}
if(msg[0] == Packets.SSH_MSG_NEWKEYS) {
if(km == null) {
throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!");
}
BlockCipher cbc;
MAC mac;
try {
cbc = BlockCipherFactory.createCipher(kxs.np.enc_algo_client_to_server, false,
km.enc_key_client_to_server, km.initial_iv_client_to_server);
try {
mac = new MAC(kxs.np.mac_algo_client_to_server, km.integrity_key_client_to_server);
}
catch(DigestException e) {
throw new IOException(e);
}
}
catch(IllegalArgumentException e) {
throw new IOException(e);
}
tm.changeRecvCipher(cbc, mac);
ConnectionInfo sci = new ConnectionInfo();
kexCount++;
sci.keyExchangeAlgorithm = kxs.np.kex_algo;
sci.keyExchangeCounter = kexCount;
sci.clientToServerCryptoAlgorithm = kxs.np.enc_algo_client_to_server;
sci.serverToClientCryptoAlgorithm = kxs.np.enc_algo_server_to_client;
sci.clientToServerMACAlgorithm = kxs.np.mac_algo_client_to_server;
sci.serverToClientMACAlgorithm = kxs.np.mac_algo_server_to_client;
sci.serverHostKeyAlgorithm = kxs.np.server_host_key_algo;
sci.serverHostKey = kxs.remote_hostkey;
synchronized(accessLock) {
lastConnInfo = sci;
accessLock.notifyAll();
}
kxs = null;
return;
}
if((kxs == null) || (kxs.state == 0)) {
throw new IOException("Unexpected Kex submessage!");
}
if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")
|| kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) {
if(kxs.state == 1) {
PacketKexDHInit dhi = new PacketKexDHInit(msg);
kxs.dhx.setE(dhi.getE());
byte[] hostKey = null;
if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) {
hostKey = ECDSASHA2Verify.encodeSSHECDSAPublicKey((ECPublicKey)kxs.local_ec_key.getPublic());
}
if(kxs.np.server_host_key_algo.equals("ssh-rsa")) {
hostKey = RSASHA1Verify.encodeSSHRSAPublicKey((RSAPublicKey)kxs.local_rsa_key.getPublic());
}
if(kxs.np.server_host_key_algo.equals("ssh-dss")) {
hostKey = DSASHA1Verify.encodeSSHDSAPublicKey((DSAPublicKey)kxs.local_dsa_key.getPublic());
}
try {
kxs.H = kxs.dhx.calculateH(csh.getClientString(), csh.getServerString(),
kxs.remoteKEX.getPayload(), kxs.localKEX.getPayload(), hostKey);
}
catch(IllegalArgumentException e) {
throw new IOException("KEX error.", e);
}
kxs.K = kxs.dhx.getK();
byte[] signature = null;
if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) {
ECPrivateKey pk = (ECPrivateKey)kxs.local_ec_key.getPrivate();
byte[] es = ECDSASHA2Verify.generateSignature(kxs.H, pk);
signature = ECDSASHA2Verify.encodeSSHECDSASignature(es, pk.getParams());
}
if (kxs.np.server_host_key_algo.equals("ssh-rsa")) {
byte[] rs = RSASHA1Verify.generateSignature(kxs.H, (RSAPrivateKey)kxs.local_rsa_key.getPrivate());
signature = RSASHA1Verify.encodeSSHRSASignature(rs);
}
if (kxs.np.server_host_key_algo.equals("ssh-dss")) {
byte[] ds = DSASHA1Verify.generateSignature(kxs.H, (DSAPrivateKey)kxs.local_dsa_key.getPrivate(), rnd);
signature = DSASHA1Verify.encodeSSHDSASignature(ds);
}
PacketKexDHReply dhr = new PacketKexDHReply(hostKey, kxs.dhx.getF(), signature);
tm.sendKexMessage(dhr.getPayload());
finishKex(false);
kxs.state = -1;
if(authenticationStarted == false) {
authenticationStarted = true;
state.am = new ServerAuthenticationManager(state);
}
return;
}
}
throw new IllegalStateException(String.format("Unknown KEX method %s", kxs.np.kex_algo));
}
}