# HG changeset patch # User Carl Byington # Date 1406857176 25200 # Node ID b40bc65fa09a4e0da31b2de796bbe53968915081 # Parent df13118e8e7949479a6b91f315d831cf39acb07a compensate for SecureRandom bug on older devices diff -r df13118e8e79 -r b40bc65fa09a src/ch/ethz/ssh2/Connection.java --- a/src/ch/ethz/ssh2/Connection.java Thu Jul 31 17:30:36 2014 -0700 +++ b/src/ch/ethz/ssh2/Connection.java Thu Jul 31 18:39:36 2014 -0700 @@ -13,7 +13,6 @@ import java.net.Socket; import java.net.SocketTimeoutException; import java.security.KeyPair; -import java.security.SecureRandom; import java.util.ArrayList; import java.util.List; import java.util.Set; @@ -23,14 +22,15 @@ import ch.ethz.ssh2.channel.ChannelManager; import ch.ethz.ssh2.compression.CompressionFactory; import ch.ethz.ssh2.crypto.CryptoWishList; +import ch.ethz.ssh2.crypto.SecureRandomFix; import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory; import ch.ethz.ssh2.crypto.digest.MAC; import ch.ethz.ssh2.packets.PacketIgnore; import ch.ethz.ssh2.transport.ClientTransportManager; import ch.ethz.ssh2.transport.HTTPProxyClientTransportManager; import ch.ethz.ssh2.transport.KexManager; +import ch.ethz.ssh2.util.TimeoutService.TimeoutToken; import ch.ethz.ssh2.util.TimeoutService; -import ch.ethz.ssh2.util.TimeoutService.TimeoutToken; /** * A Connection is used to establish an encrypted TCP/IP @@ -64,7 +64,7 @@ * Note: SecureRandom.nextBytes() is thread safe. */ - private SecureRandom generator; + private SecureRandomFix generator; /** * Unless you know what you are doing, you will never need this. @@ -1162,9 +1162,9 @@ return false; } - private SecureRandom getOrCreateSecureRND() { + private SecureRandomFix getOrCreateSecureRND() { if (generator == null) { - generator = new SecureRandom(); + generator = new SecureRandomFix(); } return generator; @@ -1194,7 +1194,7 @@ */ public synchronized void sendIgnorePacket() throws IOException { - SecureRandom rnd = getOrCreateSecureRND(); + SecureRandomFix rnd = getOrCreateSecureRND(); byte[] data = new byte[rnd.nextInt(16)]; rnd.nextBytes(data); sendIgnorePacket(data); @@ -1424,7 +1424,7 @@ * @param rnd a SecureRandom instance */ - public synchronized void setSecureRandom(SecureRandom rnd) { + public synchronized void setSecureRandom(SecureRandomFix rnd) { if (rnd == null) { throw new IllegalArgumentException(); } diff -r df13118e8e79 -r b40bc65fa09a src/ch/ethz/ssh2/KnownHosts.java --- a/src/ch/ethz/ssh2/KnownHosts.java Thu Jul 31 17:30:36 2014 -0700 +++ b/src/ch/ethz/ssh2/KnownHosts.java Thu Jul 31 18:39:36 2014 -0700 @@ -15,16 +15,17 @@ import java.net.InetAddress; import java.net.UnknownHostException; import java.security.DigestException; -import java.security.SecureRandom; import java.util.ArrayList; import java.util.LinkedList; import java.util.List; import ch.ethz.ssh2.crypto.Base64; +import ch.ethz.ssh2.crypto.SecureRandomFix; import ch.ethz.ssh2.crypto.digest.Digest; import ch.ethz.ssh2.crypto.digest.HMAC; import ch.ethz.ssh2.crypto.digest.MD5; import ch.ethz.ssh2.crypto.digest.SHA1; + import java.security.KeyPair; import java.security.PrivateKey; import java.security.PublicKey; @@ -156,7 +157,7 @@ public static String createHashedHostname(String hostname) throws IOException { SHA1 sha1 = new SHA1(); byte[] salt = new byte[sha1.getDigestLength()]; - new SecureRandom().nextBytes(salt); + new SecureRandomFix().nextBytes(salt); byte[] hash; try { diff -r df13118e8e79 -r b40bc65fa09a src/ch/ethz/ssh2/channel/AuthAgentForwardThread.java --- a/src/ch/ethz/ssh2/channel/AuthAgentForwardThread.java Thu Jul 31 17:30:36 2014 -0700 +++ b/src/ch/ethz/ssh2/channel/AuthAgentForwardThread.java Thu Jul 31 18:39:36 2014 -0700 @@ -26,7 +26,6 @@ import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; -import java.security.SecureRandom; import java.security.interfaces.DSAPrivateKey; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.RSAPrivateKey; @@ -44,6 +43,7 @@ import java.util.Map.Entry; import ch.ethz.ssh2.AuthAgentCallback; +import ch.ethz.ssh2.crypto.SecureRandomFix; import ch.ethz.ssh2.log.Logger; import ch.ethz.ssh2.packets.TypesReader; import ch.ethz.ssh2.packets.TypesWriter; @@ -459,7 +459,7 @@ } else if (privKey instanceof DSAPrivateKey) { byte[] signature = DSASHA1Verify.generateSignature(challenge, - (DSAPrivateKey) privKey, new SecureRandom()); + (DSAPrivateKey) privKey, new SecureRandomFix()); response = DSASHA1Verify.encodeSSHDSASignature(signature); } else if (privKey instanceof ECPrivateKey) { diff -r df13118e8e79 -r b40bc65fa09a src/ch/ethz/ssh2/server/ServerConnectionState.java --- a/src/ch/ethz/ssh2/server/ServerConnectionState.java Thu Jul 31 17:30:36 2014 -0700 +++ b/src/ch/ethz/ssh2/server/ServerConnectionState.java Thu Jul 31 18:39:36 2014 -0700 @@ -5,7 +5,6 @@ package ch.ethz.ssh2.server; import java.net.Socket; -import java.security.SecureRandom; import ch.ethz.ssh2.ServerAuthenticationCallback; import ch.ethz.ssh2.ServerConnection; @@ -13,6 +12,7 @@ import ch.ethz.ssh2.auth.ServerAuthenticationManager; import ch.ethz.ssh2.channel.ChannelManager; import ch.ethz.ssh2.crypto.CryptoWishList; +import ch.ethz.ssh2.crypto.SecureRandomFix; import java.security.KeyPair; import java.security.PrivateKey; import java.security.interfaces.DSAPrivateKey; @@ -24,7 +24,7 @@ public class ServerConnectionState { public ServerConnection conn; - public SecureRandom generator = new SecureRandom(); + public SecureRandomFix generator = new SecureRandomFix(); public String softwareversion; diff -r df13118e8e79 -r b40bc65fa09a src/com/five_ten_sg/connectbot/GeneratePubkeyActivity.java --- a/src/com/five_ten_sg/connectbot/GeneratePubkeyActivity.java Thu Jul 31 17:30:36 2014 -0700 +++ b/src/com/five_ten_sg/connectbot/GeneratePubkeyActivity.java Thu Jul 31 18:39:36 2014 -0700 @@ -21,7 +21,6 @@ import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; -import java.security.SecureRandom; import com.five_ten_sg.connectbot.bean.PubkeyBean; import com.five_ten_sg.connectbot.util.EntropyDialog; @@ -48,6 +47,7 @@ import android.widget.SeekBar; import android.widget.SeekBar.OnSeekBarChangeListener; +import ch.ethz.ssh2.crypto.SecureRandomFix; import ch.ethz.ssh2.signature.ECDSASHA2Verify; public class GeneratePubkeyActivity extends Activity implements OnEntropyGatheredListener { @@ -238,7 +238,7 @@ if (keyType == PubkeyDatabase.KEY_TYPE_DSA) tmpbits = DSA_BITS; - SecureRandom random = new SecureRandom(); + SecureRandomFix random = new SecureRandomFix(); // Work around JVM bug random.nextInt(); random.setSeed(entropy); diff -r df13118e8e79 -r b40bc65fa09a src/com/five_ten_sg/connectbot/service/AuthAgentService.java --- a/src/com/five_ten_sg/connectbot/service/AuthAgentService.java Thu Jul 31 17:30:36 2014 -0700 +++ b/src/com/five_ten_sg/connectbot/service/AuthAgentService.java Thu Jul 31 18:39:36 2014 -0700 @@ -1,7 +1,6 @@ package com.five_ten_sg.connectbot.service; import java.io.IOException; -import java.security.SecureRandom; import java.security.KeyPair; import java.security.PrivateKey; import java.security.PublicKey; @@ -29,10 +28,12 @@ import android.util.Log; import com.madgag.ssh.android.authagent.AndroidAuthAgent; +import ch.ethz.ssh2.crypto.SecureRandomFix; import ch.ethz.ssh2.signature.DSASHA1Verify; import ch.ethz.ssh2.signature.ECDSASHA2Verify; import ch.ethz.ssh2.signature.RSASHA1Verify; + public class AuthAgentService extends Service { private static final String TAG = "ConnectBot.AuthAgentService"; protected TerminalManager manager; @@ -161,7 +162,7 @@ } private byte[] sshEncodedSignatureFor(byte[] data, DSAPrivateKey privKey) { try { - byte[] signature = DSASHA1Verify.generateSignature(data, privKey, new SecureRandom()); + byte[] signature = DSASHA1Verify.generateSignature(data, privKey, new SecureRandomFix()); return DSASHA1Verify.encodeSSHDSASignature(signature); } catch (IOException e) { diff -r df13118e8e79 -r b40bc65fa09a src/com/five_ten_sg/connectbot/util/PubkeyUtils.java --- a/src/com/five_ten_sg/connectbot/util/PubkeyUtils.java Thu Jul 31 17:30:36 2014 -0700 +++ b/src/com/five_ten_sg/connectbot/util/PubkeyUtils.java Thu Jul 31 18:39:36 2014 -0700 @@ -29,7 +29,6 @@ import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; -import java.security.SecureRandom; import java.security.interfaces.DSAParams; import java.security.interfaces.DSAPrivateKey; import java.security.interfaces.DSAPublicKey; @@ -65,6 +64,7 @@ import android.util.Log; import ch.ethz.ssh2.crypto.Base64; +import ch.ethz.ssh2.crypto.SecureRandomFix; import ch.ethz.ssh2.crypto.SimpleDERReader; import ch.ethz.ssh2.signature.DSASHA1Verify; import ch.ethz.ssh2.signature.ECDSASHA2Verify; @@ -302,7 +302,7 @@ if (secret != null) { byte[] salt = new byte[8]; - SecureRandom random = new SecureRandom(); + SecureRandomFix random = new SecureRandomFix(); random.nextBytes(salt); PBEParameterSpec defParams = new PBEParameterSpec(salt, 1); AlgorithmParameters params = AlgorithmParameters.getInstance(key.getAlgorithm()); diff -r df13118e8e79 -r b40bc65fa09a xml/510connectbot.in --- a/xml/510connectbot.in Thu Jul 31 17:30:36 2014 -0700 +++ b/xml/510connectbot.in Thu Jul 31 18:39:36 2014 -0700 @@ -72,6 +72,19 @@ Changes from previous Connectbots + The Android SecureRandom bug has been fixed in newer versions + of Android, but this code now compensates for that bug in + older versions. If you have keys generated by on older Android + devices, those keys should be discarded, and you should generate + new keys. + + + + The underlying ssh code has been updated from trilead to + ganymed. Elliptic curve crypto is now supported. + + + The soft function keypad now has better labels, and can generate all 24 function keys for 5250 emulation. A hardware button can be configured to display that function keypad.