# HG changeset patch # User Carl Byington # Date 1406836748 25200 # Node ID 6740870cf2687feff0f764fc9b3138bb9b6ad9a0 # Parent 6896bfafa51071f668b33b346310f5694a693739 fix java formatting diff -r 6896bfafa510 -r 6740870cf268 src/ch/ethz/ssh2/crypto/dh/GenericDhExchange.java --- a/src/ch/ethz/ssh2/crypto/dh/GenericDhExchange.java Thu Jul 31 12:51:42 2014 -0700 +++ b/src/ch/ethz/ssh2/crypto/dh/GenericDhExchange.java Thu Jul 31 12:59:08 2014 -0700 @@ -77,10 +77,8 @@ public byte[] calculateH(byte[] clientversion, byte[] serverversion, byte[] clientKexPayload, byte[] serverKexPayload, byte[] hostKey) throws UnsupportedEncodingException, IOException { HashForSSH2Types hash = new HashForSSH2Types(getHashAlgo()); - log.debug("Client: '" + new String(clientversion, "ISO-8859-1") + "'"); log.debug("Server: '" + new String(serverversion, "ISO-8859-1") + "'"); - hash.updateByteString(clientversion); hash.updateByteString(serverversion); hash.updateByteString(clientKexPayload); diff -r 6896bfafa510 -r 6740870cf268 src/ch/ethz/ssh2/transport/ClientKexManager.java --- a/src/ch/ethz/ssh2/transport/ClientKexManager.java Thu Jul 31 12:51:42 2014 -0700 +++ b/src/ch/ethz/ssh2/transport/ClientKexManager.java Thu Jul 31 12:59:08 2014 -0700 @@ -80,7 +80,7 @@ } public void handleFailure(final IOException failure) { - synchronized(accessLock) { + synchronized (accessLock) { connectionClosed = true; accessLock.notifyAll(); } @@ -97,25 +97,25 @@ } } - if((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) { + if ((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) { throw new PacketTypeException(msg[0]); } - if(ignore_next_kex_packet) { + if (ignore_next_kex_packet) { ignore_next_kex_packet = false; return; } - if(msg[0] == Packets.SSH_MSG_KEXINIT) { - if((kxs != null) && (kxs.state != 0)) { + if (msg[0] == Packets.SSH_MSG_KEXINIT) { + if ((kxs != null) && (kxs.state != 0)) { throw new PacketTypeException(msg[0]); } - if(kxs == null) { + if (kxs == null) { /* * Ah, OK, peer wants to do KEX. Let's be nice and play - * together. - */ + * together. + */ kxs = new KexState(); kxs.dhgexParameters = nextKEXdhgexParameters; kip = new PacketKexInit(nextKEXcryptoWishList, rnd); @@ -130,14 +130,14 @@ if (kxs.np == null) throw new IOException("Cannot negotiate, proposals do not match."); - if(kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { + if (kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { // Guess was wrong, we need to ignore the next kex packet. ignore_next_kex_packet = true; } if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1") || - kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) { - if(kxs.dhgexParameters.getMin_group_len() == 0) { + kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) { + if (kxs.dhgexParameters.getMin_group_len() == 0) { PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters); tm.sendKexMessage(dhgexreq.getPayload()); } @@ -145,21 +145,23 @@ PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters); tm.sendKexMessage(dhgexreq.getPayload()); } + if (kxs.np.kex_algo.endsWith("sha1")) { kxs.hashAlgo = "SHA1"; } else { kxs.hashAlgo = "SHA-256"; } + kxs.state = 1; return; } if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || - kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || - kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || - kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || - kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { + kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo); kxs.dhx.init(kxs.np.kex_algo); kxs.hashAlgo = kxs.dhx.getHashAlgo(); @@ -183,18 +185,18 @@ try { cbc = BlockCipherFactory.createCipher(kxs.np.enc_algo_server_to_client, false, - km.enc_key_server_to_client, km.initial_iv_server_to_client); + km.enc_key_server_to_client, km.initial_iv_server_to_client); try { mac = new MAC(kxs.np.mac_algo_server_to_client, km.integrity_key_server_to_client); } - catch(DigestException e) { + catch (DigestException e) { throw new IOException(e); } comp = CompressionFactory.createCompressor(kxs.np.comp_algo_server_to_client); } - catch(IllegalArgumentException e) { + catch (IllegalArgumentException e) { throw new IOException(e.getMessage()); } @@ -211,7 +213,7 @@ sci.serverHostKeyAlgorithm = kxs.np.server_host_key_algo; sci.serverHostKey = kxs.remote_hostkey; - synchronized(accessLock) { + synchronized (accessLock) { lastConnInfo = sci; accessLock.notifyAll(); } @@ -220,13 +222,13 @@ return; } - if((kxs == null) || (kxs.state == 0)) { + if ((kxs == null) || (kxs.state == 0)) { throw new IOException("Unexpected Kex submessage!"); } if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1") || - kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) { - if(kxs.state == 1) { + kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) { + if (kxs.state == 1) { PacketKexDhGexGroup dhgexgrp = new PacketKexDhGexGroup(msg); kxs.dhgx = new DhGroupExchange(dhgexgrp.getP(), dhgexgrp.getG()); kxs.dhgx.init(rnd); @@ -236,20 +238,19 @@ return; } - if(kxs.state == 2) { + if (kxs.state == 2) { PacketKexDhGexReply dhgexrpl = new PacketKexDhGexReply(msg); - kxs.remote_hostkey = dhgexrpl.getHostKey(); - if(verifier != null) { + if (verifier != null) { try { - if(!verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.remote_hostkey)) { + if (!verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.remote_hostkey)) { throw new IOException("The server host key was not accepted by the verifier callback"); } } - catch(Exception e) { + catch (Exception e) { throw new IOException( - "The server host key was not accepted by the verifier callback.", e); + "The server host key was not accepted by the verifier callback.", e); } } @@ -257,15 +258,17 @@ try { kxs.H = kxs.dhgx.calculateH(kxs.hashAlgo, csh.getClientString(), csh.getServerString(), - kxs.localKEX.getPayload(), kxs.remoteKEX.getPayload(), dhgexrpl.getHostKey(), - kxs.dhgexParameters); + kxs.localKEX.getPayload(), kxs.remoteKEX.getPayload(), dhgexrpl.getHostKey(), + kxs.dhgexParameters); } - catch(IllegalArgumentException e) { + catch (IllegalArgumentException e) { throw new IOException("KEX error.", e); } - if(!verifySignature(dhgexrpl.getSignature(), kxs.remote_hostkey)) { + + if (!verifySignature(dhgexrpl.getSignature(), kxs.remote_hostkey)) { throw new IOException("Invalid remote host key signature"); } + kxs.K = kxs.dhgx.getK(); finishKex(true); kxs.state = -1; @@ -276,41 +279,46 @@ } if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || - kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || - kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || - kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || - kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { - if(kxs.state == 1) { + kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { + if (kxs.state == 1) { PacketKexDHReply dhr = new PacketKexDHReply(msg); kxs.remote_hostkey = dhr.getHostKey(); - if(verifier != null) { + if (verifier != null) { try { - if(!verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.remote_hostkey)) { + if (!verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.remote_hostkey)) { throw new IOException("The server host key was not accepted by the verifier callback"); } } - catch(Exception e) { + catch (Exception e) { throw new IOException("The server host key was not accepted by the verifier callback", e); } } + kxs.dhx.setF(dhr.getF().toByteArray()); + try { kxs.H = kxs.dhx.calculateH(csh.getClientString(), csh.getServerString(), kxs.localKEX.getPayload(), - kxs.remoteKEX.getPayload(), dhr.getHostKey()); + kxs.remoteKEX.getPayload(), dhr.getHostKey()); } - catch(IllegalArgumentException e) { + catch (IllegalArgumentException e) { throw new IOException("KEX error.", e); } - if(!verifySignature(dhr.getSignature(), kxs.remote_hostkey)) { + + if (!verifySignature(dhr.getSignature(), kxs.remote_hostkey)) { throw new IOException("Invalid remote host key signature"); } + kxs.K = kxs.dhx.getK(); finishKex(true); kxs.state = -1; return; } } + throw new IllegalStateException(String.format("Unknown KEX method %s", kxs.np.kex_algo)); } } diff -r 6896bfafa510 -r 6740870cf268 src/ch/ethz/ssh2/transport/ServerKexManager.java --- a/src/ch/ethz/ssh2/transport/ServerKexManager.java Thu Jul 31 12:51:42 2014 -0700 +++ b/src/ch/ethz/ssh2/transport/ServerKexManager.java Thu Jul 31 12:59:08 2014 -0700 @@ -45,7 +45,7 @@ } public void handleFailure(final IOException failure) { - synchronized(accessLock) { + synchronized (accessLock) { connectionClosed = true; accessLock.notifyAll(); } @@ -62,25 +62,25 @@ } } - if((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) { + if ((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) { throw new PacketTypeException(msg[0]); } - if(ignore_next_kex_packet) { + if (ignore_next_kex_packet) { ignore_next_kex_packet = false; return; } - if(msg[0] == Packets.SSH_MSG_KEXINIT) { - if((kxs != null) && (kxs.state != 0)) { + if (msg[0] == Packets.SSH_MSG_KEXINIT) { + if ((kxs != null) && (kxs.state != 0)) { throw new PacketTypeException(msg[0]); } - if(kxs == null) { + if (kxs == null) { /* * Ah, OK, peer wants to do KEX. Let's be nice and play - * together. - */ + * together. + */ kxs = new KexState(); kxs.local_dsa_key = nextKEXdsakey; kxs.local_rsa_key = nextKEXrsakey; @@ -93,19 +93,18 @@ kip = new PacketKexInit(msg); kxs.remoteKEX = kip; - kxs.np = mergeKexParameters(kxs.remoteKEX.getKexParameters(), kxs.localKEX.getKexParameters()); - if(kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { + if (kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { // Guess was wrong, we need to ignore the next kex packet. ignore_next_kex_packet = true; } if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || - kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || - kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || - kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || - kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { + kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo); kxs.dhx.init(kxs.np.kex_algo); kxs.state = 1; @@ -115,8 +114,8 @@ throw new IllegalStateException("Unkown KEX method!"); } - if(msg[0] == Packets.SSH_MSG_NEWKEYS) { - if(km == null) { + if (msg[0] == Packets.SSH_MSG_NEWKEYS) { + if (km == null) { throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!"); } @@ -125,26 +124,22 @@ try { cbc = BlockCipherFactory.createCipher(kxs.np.enc_algo_client_to_server, false, - km.enc_key_client_to_server, km.initial_iv_client_to_server); + km.enc_key_client_to_server, km.initial_iv_client_to_server); try { mac = new MAC(kxs.np.mac_algo_client_to_server, km.integrity_key_client_to_server); } - catch(DigestException e) { + catch (DigestException e) { throw new IOException(e); } - } - catch(IllegalArgumentException e) { + catch (IllegalArgumentException e) { throw new IOException(e); } tm.changeRecvCipher(cbc, mac); - ConnectionInfo sci = new ConnectionInfo(); - kexCount++; - sci.keyExchangeAlgorithm = kxs.np.kex_algo; sci.keyExchangeCounter = kexCount; sci.clientToServerCryptoAlgorithm = kxs.np.enc_algo_client_to_server; @@ -154,7 +149,7 @@ sci.serverHostKeyAlgorithm = kxs.np.server_host_key_algo; sci.serverHostKey = kxs.remote_hostkey; - synchronized(accessLock) { + synchronized (accessLock) { lastConnInfo = sci; accessLock.notifyAll(); } @@ -163,44 +158,41 @@ return; } - if((kxs == null) || (kxs.state == 0)) { + if ((kxs == null) || (kxs.state == 0)) { throw new IOException("Unexpected Kex submessage!"); } if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || - kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || - kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || - kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || - kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { - if(kxs.state == 1) { + kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { + if (kxs.state == 1) { PacketKexDHInit dhi = new PacketKexDHInit(msg); - kxs.dhx.setE(dhi.getE()); - byte[] hostKey = null; if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) { hostKey = ECDSASHA2Verify.encodeSSHECDSAPublicKey((ECPublicKey)kxs.local_ec_key.getPublic()); } - if(kxs.np.server_host_key_algo.equals("ssh-rsa")) { + if (kxs.np.server_host_key_algo.equals("ssh-rsa")) { hostKey = RSASHA1Verify.encodeSSHRSAPublicKey((RSAPublicKey)kxs.local_rsa_key.getPublic()); } - if(kxs.np.server_host_key_algo.equals("ssh-dss")) { + if (kxs.np.server_host_key_algo.equals("ssh-dss")) { hostKey = DSASHA1Verify.encodeSSHDSAPublicKey((DSAPublicKey)kxs.local_dsa_key.getPublic()); } try { kxs.H = kxs.dhx.calculateH(csh.getClientString(), csh.getServerString(), - kxs.remoteKEX.getPayload(), kxs.localKEX.getPayload(), hostKey); + kxs.remoteKEX.getPayload(), kxs.localKEX.getPayload(), hostKey); } - catch(IllegalArgumentException e) { + catch (IllegalArgumentException e) { throw new IOException("KEX error.", e); } kxs.K = kxs.dhx.getK(); - byte[] signature = null; if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) { @@ -221,11 +213,10 @@ PacketKexDHReply dhr = new PacketKexDHReply(hostKey, new BigInteger(kxs.dhx.getF()), signature); tm.sendKexMessage(dhr.getPayload()); - finishKex(false); kxs.state = -1; - if(authenticationStarted == false) { + if (authenticationStarted == false) { authenticationStarted = true; state.am = new ServerAuthenticationManager(state); } @@ -233,6 +224,7 @@ return; } } + throw new IllegalStateException(String.format("Unknown KEX method %s", kxs.np.kex_algo)); } } diff -r 6896bfafa510 -r 6740870cf268 src/ch/ethz/ssh2/transport/TransportManager.java --- a/src/ch/ethz/ssh2/transport/TransportManager.java Thu Jul 31 12:51:42 2014 -0700 +++ b/src/ch/ethz/ssh2/transport/TransportManager.java Thu Jul 31 12:59:08 2014 -0700 @@ -171,6 +171,7 @@ } catch (IOException ignore) { } + // OK, whoever tried to send data, should now agree that // there is no point in further waiting =) // It is safe now to acquire the semaphore. @@ -192,9 +193,11 @@ catch (IOException ignore) { } } + connectionClosed = true; reasonClosedCause = cause; } + connectionSemaphore.notifyAll(); }