# HG changeset patch # User Carl Byington # Date 1406752684 25200 # Node ID 90e47d99ea54ec4bc74e88dfa490d8f28c464fb3 # Parent d2b303406d63aec07a72a15d2444e1a2d7febd61 add ecdsa key support everywhere diff -r d2b303406d63 -r 90e47d99ea54 src/ch/ethz/ssh2/transport/ClientKexManager.java --- a/src/ch/ethz/ssh2/transport/ClientKexManager.java Wed Jul 30 12:09:51 2014 -0700 +++ b/src/ch/ethz/ssh2/transport/ClientKexManager.java Wed Jul 30 13:38:04 2014 -0700 @@ -65,18 +65,14 @@ if (kxs.np.server_host_key_algo.equals("ssh-rsa")) { byte[] rs = RSASHA1Verify.decodeSSHRSASignature(sig); RSAPublicKey rpk = RSASHA1Verify.decodeSSHRSAPublicKey(hostkey); - log.debug("Verifying ssh-rsa signature"); - return RSASHA1Verify.verifySignature(kxs.H, rs, rpk); } if (kxs.np.server_host_key_algo.equals("ssh-dss")) { byte[] ds = DSASHA1Verify.decodeSSHDSASignature(sig); DSAPublicKey dpk = DSASHA1Verify.decodeSSHDSAPublicKey(hostkey); - log.debug("Verifying ssh-dss signature"); - return DSASHA1Verify.verifySignature(kxs.H, ds, dpk); } @@ -93,6 +89,14 @@ public synchronized void handleMessage(byte[] msg) throws IOException { PacketKexInit kip; + if (msg == null) { + synchronized (accessLock) { + connectionClosed = true; + accessLock.notifyAll(); + return; + } + } + if((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) { throw new PacketTypeException(msg[0]); } @@ -129,7 +133,8 @@ ignore_next_kex_packet = true; } - if(kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")) { + if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1") || + kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) { if(kxs.dhgexParameters.getMin_group_len() == 0) { PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters); tm.sendKexMessage(dhgexreq.getPayload()); @@ -139,21 +144,23 @@ PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters); tm.sendKexMessage(dhgexreq.getPayload()); } + if (kxs.np.kex_algo.endsWith("sha1")) { + kxs.hashAlgo = "SHA1"; + } + else { + kxs.hashAlgo = "SHA-256"; + } kxs.state = 1; return; } - if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") - || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) { - kxs.dhx = new DhExchange(); - - if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")) { - kxs.dhx.clientInit(1, rnd); - } - else { - kxs.dhx.clientInit(14, rnd); - } - + if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || + kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { + kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo); + kxs.dhx.init(kxs.np.kex_algo); PacketKexDHInit kp = new PacketKexDHInit(kxs.dhx.getE()); tm.sendKexMessage(kp.getPayload()); kxs.state = 1; @@ -218,7 +225,8 @@ throw new IOException("Unexpected Kex submessage!"); } - if(kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")) { + if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1") || + kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) { if(kxs.state == 1) { PacketKexDhGexGroup dhgexgrp = new PacketKexDhGexGroup(msg); kxs.dhgx = new DhGroupExchange(dhgexgrp.getP(), dhgexgrp.getG()); @@ -268,12 +276,13 @@ throw new IllegalStateException("Illegal State in KEX Exchange!"); } - if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") - || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) { + if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || + kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { if(kxs.state == 1) { - PacketKexDHReply dhr = new PacketKexDHReply(msg); - kxs.remote_hostkey = dhr.getHostKey(); if(verifier != null) { diff -r d2b303406d63 -r 90e47d99ea54 src/ch/ethz/ssh2/transport/ServerKexManager.java --- a/src/ch/ethz/ssh2/transport/ServerKexManager.java Wed Jul 30 12:09:51 2014 -0700 +++ b/src/ch/ethz/ssh2/transport/ServerKexManager.java Wed Jul 30 13:38:04 2014 -0700 @@ -53,6 +53,14 @@ public void handleMessage(byte[] msg) throws IOException { PacketKexInit kip; + if (msg == null) { + synchronized (accessLock) { + connectionClosed = true; + accessLock.notifyAll(); + return; + } + } + if((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) { throw new PacketTypeException(msg[0]); } @@ -92,17 +100,13 @@ ignore_next_kex_packet = true; } - if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") - || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) { - kxs.dhx = new DhExchange(); - - if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")) { - kxs.dhx.serverInit(1, rnd); - } - else { - kxs.dhx.serverInit(14, rnd); - } - + if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || + kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { + kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo); + kxs.dhx.init(kxs.np.kex_algo); kxs.state = 1; return; } @@ -162,8 +166,11 @@ throw new IOException("Unexpected Kex submessage!"); } - if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") - || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) { + if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || + kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { if(kxs.state == 1) { PacketKexDHInit dhi = new PacketKexDHInit(msg);