# HG changeset patch # User Carl Byington # Date 1406684217 25200 # Node ID 349847b2e3181f056dbda6451ccd27b9beb9be70 # Parent 4c3a4e88c027068e5cfebb80fa37e6be7108c67d add ecdsa key support everywhere diff -r 4c3a4e88c027 -r 349847b2e318 src/ch/ethz/ssh2/ServerConnection.java --- a/src/ch/ethz/ssh2/ServerConnection.java Tue Jul 29 18:08:09 2014 -0700 +++ b/src/ch/ethz/ssh2/ServerConnection.java Tue Jul 29 18:36:57 2014 -0700 @@ -321,9 +321,11 @@ private void fixCryptoWishList(CryptoWishList next_cryptoWishList, KeyPair next_dsa_key, KeyPair next_rsa_key, KeyPair next_ec_key) { List algos = new ArrayList(); + if (next_ec_key != null) algos.add("ecdsa-sha2-nistp521"); + if (next_ec_key != null) algos.add("ecdsa-sha2-nistp384"); + if (next_ec_key != null) algos.add("ecdsa-sha2-nistp256"); if (next_dsa_key != null) algos.add("ssh-dss"); if (next_rsa_key != null) algos.add("ssh-rsa"); - if (next_ec_key != null) algos.add("ssh-ec"); next_cryptoWishList.serverHostKeyAlgorithms = new String[algos.size()]; algos.toArray(next_cryptoWishList.serverHostKeyAlgorithms); } diff -r 4c3a4e88c027 -r 349847b2e318 src/ch/ethz/ssh2/channel/AuthAgentForwardThread.java --- a/src/ch/ethz/ssh2/channel/AuthAgentForwardThread.java Tue Jul 29 18:08:09 2014 -0700 +++ b/src/ch/ethz/ssh2/channel/AuthAgentForwardThread.java Tue Jul 29 18:36:57 2014 -0700 @@ -314,7 +314,7 @@ ECPoint group = ECDSASHA2Verify.decodeECPoint(groupBytes, nistp256.getCurve()); if (group == null) { - // TODO log error + log.debug("No groupfor ecdsa-sha2-nistp256: "); os.write(SSH_AGENT_FAILURE); return; } diff -r 4c3a4e88c027 -r 349847b2e318 src/ch/ethz/ssh2/transport/KexManager.java --- a/src/ch/ethz/ssh2/transport/KexManager.java Tue Jul 29 18:08:09 2014 -0700 +++ b/src/ch/ethz/ssh2/transport/KexManager.java Tue Jul 29 18:36:57 2014 -0700 @@ -37,6 +37,26 @@ public abstract class KexManager implements MessageHandler { protected static final Logger log = Logger.getLogger(KexManager.class); + private static final Set HOSTKEY_ALGS = new TreeSet(); + static { + HOSTKEY_ALGS.add("ecdsa-sha2-nistp256"); + HOSTKEY_ALGS.add("ecdsa-sha2-nistp384"); + HOSTKEY_ALGS.add("ecdsa-sha2-nistp521"); + HOSTKEY_ALGS.add("ssh-rsa"); + HOSTKEY_ALGS.add("ssh-dss"); + } + + private static final Set KEX_ALGS = new TreeSet(); + static { + KEX_ALGS.add("ecdh-sha2-nistp256"); + KEX_ALGS.add("ecdh-sha2-nistp384"); + KEX_ALGS.add("ecdh-sha2-nistp521"); + KEX_ALGS.add("diffie-hellman-group-exchange-sha256"); + KEX_ALGS.add("diffie-hellman-group-exchange-sha1"); + KEX_ALGS.add("diffie-hellman-group14-sha1"); + KEX_ALGS.add("diffie-hellman-group1-sha1"); + } + KexState kxs; int kexCount = 0; KeyMaterial km; @@ -56,6 +76,7 @@ DHGexParameters nextKEXdhgexParameters; KeyPair nextKEXdsakey; KeyPair nextKEXrsakey; + KeyPair nextKEXeckey; final SecureRandom rnd; @@ -182,17 +203,19 @@ return np; } - public synchronized void initiateKEX(CryptoWishList cwl, DHGexParameters dhgex, KeyPair dsa, KeyPair rsa) + public synchronized void initiateKEX(CryptoWishList cwl, DHGexParameters dhgex, KeyPair dsa, KeyPair rsa, KeyPair ec) throws IOException { nextKEXcryptoWishList = cwl; nextKEXdhgexParameters = dhgex; nextKEXdsakey = dsa; nextKEXrsakey = rsa; + nextKEXeckey = ec; if(kxs == null) { kxs = new KexState(); kxs.local_dsa_key = dsa; kxs.local_rsa_key = rsa; + kxs.local_ec_key = ec; kxs.dhgexParameters = nextKEXdhgexParameters; kxs.localKEX = new PacketKexInit(nextKEXcryptoWishList, rnd); tm.sendKexMessage(kxs.localKEX.getPayload()); @@ -260,42 +283,28 @@ } public static String[] getDefaultServerHostkeyAlgorithmList() { - return new String[]{"ssh-rsa", "ssh-dss"}; + return HOSTKEY_ALGS.toArray(new String[HOSTKEY_ALGS.size()]); } public static void checkServerHostkeyAlgorithmsList(String[] algos) { - for(final String algo : algos) { - if("ssh-rsa".equals(algo)) { - continue; - } - if("ssh-dss".equals(algo)) { - continue; - } - throw new IllegalArgumentException(String.format("Unknown server host key algorithm %s", algo)); + for (final String algo : algos) { + if (!HOSTKEY_ALGS.contains(algo)) + throw new IllegalArgumentException("Unknown server host key algorithm '" + algo + "'"); } } public static String[] getDefaultClientKexAlgorithmList() { - return new String[]{"diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", - "diffie-hellman-group1-sha1"}; + return KEX_ALGS.toArray(new String[KEX_ALGS.size()]); } public static String[] getDefaultServerKexAlgorithmList() { - return new String[]{"diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"}; + return KEX_ALGS.toArray(new String[KEX_ALGS.size()]); } public static void checkKexAlgorithmList(String[] algos) { - for(final String algo : algos) { - if("diffie-hellman-group-exchange-sha1".equals(algo)) { - continue; - } - if("diffie-hellman-group14-sha1".equals(algo)) { - continue; - } - if("diffie-hellman-group1-sha1".equals(algo)) { - continue; - } - throw new IllegalArgumentException(String.format("Unknown kex algorithm %s", algo)); + for (final String algo : algos) { + if (!KEX_ALGS.contains(algo)) + throw new IllegalArgumentException("Unknown kex algorithm '" + algo + "'"); } } } diff -r 4c3a4e88c027 -r 349847b2e318 src/com/five_ten_sg/connectbot/PubkeyListActivity.java --- a/src/com/five_ten_sg/connectbot/PubkeyListActivity.java Tue Jul 29 18:08:09 2014 -0700 +++ b/src/com/five_ten_sg/connectbot/PubkeyListActivity.java Tue Jul 29 18:36:57 2014 -0700 @@ -639,7 +639,7 @@ try { PEMStructure struct = PEMDecoder.parsePEM(new String(pubkey.getPrivateKey()).toCharArray()); String type = (struct.pemType == PEMDecoder.PEM_RSA_PRIVATE_KEY) ? "RSA" : - (struct.pemType == PEMDecoder.PEM_DSA_PRIVATE_KEY) ? "DSA" : "EC" + (struct.pemType == PEMDecoder.PEM_DSA_PRIVATE_KEY) ? "DSA" : "EC"; holder.caption.setText(String.format("%s unknown-bit", type)); } catch (IOException e) {