# HG changeset patch # User Carl Byington # Date 1406836302 25200 # Node ID 6896bfafa51071f668b33b346310f5694a693739 # Parent 459eb9b6b84ebf7262b7fcf2c4adf07c3fdebf81 add ecdsa key support everywhere diff -r 459eb9b6b84e -r 6896bfafa510 src/ch/ethz/ssh2/transport/ClientKexManager.java --- a/src/ch/ethz/ssh2/transport/ClientKexManager.java Thu Jul 31 11:27:40 2014 -0700 +++ b/src/ch/ethz/ssh2/transport/ClientKexManager.java Thu Jul 31 12:51:42 2014 -0700 @@ -125,8 +125,10 @@ kip = new PacketKexInit(msg); kxs.remoteKEX = kip; + kxs.np = mergeKexParameters(kxs.localKEX.getKexParameters(), kxs.remoteKEX.getKexParameters()); - kxs.np = mergeKexParameters(kxs.localKEX.getKexParameters(), kxs.remoteKEX.getKexParameters()); + if (kxs.np == null) + throw new IOException("Cannot negotiate, proposals do not match."); if(kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { // Guess was wrong, we need to ignore the next kex packet. @@ -138,7 +140,6 @@ if(kxs.dhgexParameters.getMin_group_len() == 0) { PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters); tm.sendKexMessage(dhgexreq.getPayload()); - } else { PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters); @@ -161,6 +162,7 @@ kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo); kxs.dhx.init(kxs.np.kex_algo); + kxs.hashAlgo = kxs.dhx.getHashAlgo(); PacketKexDHInit kp = new PacketKexDHInit(kxs.dhx.getE()); tm.sendKexMessage(kp.getPayload()); kxs.state = 1; @@ -170,8 +172,8 @@ throw new IllegalStateException("Unkown KEX method!"); } - if(msg[0] == Packets.SSH_MSG_NEWKEYS) { - if(km == null) { + if (msg[0] == Packets.SSH_MSG_NEWKEYS) { + if (km == null) { throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!"); } @@ -198,11 +200,8 @@ tm.changeRecvCipher(cbc, mac); tm.changeRecvCompression(comp); - ConnectionInfo sci = new ConnectionInfo(); - kexCount++; - sci.keyExchangeAlgorithm = kxs.np.kex_algo; sci.keyExchangeCounter = kexCount; sci.clientToServerCryptoAlgorithm = kxs.np.enc_algo_client_to_server;