# HG changeset patch # User Carl Byington # Date 1405727143 25200 # Node ID d7e088fa21232988b27dc1b466d5108ef6d4d22f # Parent e0da430260463befe32efc41ee8f94e5cb4831c0 start conversion from trilead to ganymed diff -r e0da43026046 -r d7e088fa2123 src/ch/ethz/ssh2/KnownHosts.java --- a/src/ch/ethz/ssh2/KnownHosts.java Fri Jul 18 11:59:52 2014 -0700 +++ b/src/ch/ethz/ssh2/KnownHosts.java Fri Jul 18 16:45:43 2014 -0700 @@ -25,9 +25,9 @@ import ch.ethz.ssh2.crypto.digest.HMAC; import ch.ethz.ssh2.crypto.digest.MD5; import ch.ethz.ssh2.crypto.digest.SHA1; -import ch.ethz.ssh2.signature.DSAPublicKey; +import java.security.interfaces.DSAPublicKey; import ch.ethz.ssh2.signature.DSASHA1Verify; -import ch.ethz.ssh2.signature.RSAPublicKey; +import java.security.interfaces.RSAPublicKey; import ch.ethz.ssh2.signature.RSASHA1Verify; import ch.ethz.ssh2.util.StringEncoder; diff -r e0da43026046 -r d7e088fa2123 src/ch/ethz/ssh2/ServerConnection.java --- a/src/ch/ethz/ssh2/ServerConnection.java Fri Jul 18 11:59:52 2014 -0700 +++ b/src/ch/ethz/ssh2/ServerConnection.java Fri Jul 18 16:45:43 2014 -0700 @@ -15,7 +15,7 @@ import ch.ethz.ssh2.crypto.PEMDecoder; import ch.ethz.ssh2.server.ServerConnectionState; import ch.ethz.ssh2.signature.DSAPrivateKey; -import ch.ethz.ssh2.signature.RSAPrivateKey; +import java.security.interfaces.RSAPrivateKey; import ch.ethz.ssh2.transport.ServerTransportManager; /** diff -r e0da43026046 -r d7e088fa2123 src/ch/ethz/ssh2/auth/AuthenticationManager.java --- a/src/ch/ethz/ssh2/auth/AuthenticationManager.java Fri Jul 18 11:59:52 2014 -0700 +++ b/src/ch/ethz/ssh2/auth/AuthenticationManager.java Fri Jul 18 16:45:43 2014 -0700 @@ -30,7 +30,7 @@ import ch.ethz.ssh2.signature.DSAPrivateKey; import ch.ethz.ssh2.signature.DSASHA1Verify; import ch.ethz.ssh2.signature.DSASignature; -import ch.ethz.ssh2.signature.RSAPrivateKey; +import java.security.interfaces.RSAPrivateKey; import ch.ethz.ssh2.signature.RSASHA1Verify; import ch.ethz.ssh2.signature.RSASignature; import ch.ethz.ssh2.transport.ClientTransportManager; diff -r e0da43026046 -r d7e088fa2123 src/ch/ethz/ssh2/crypto/PEMStructure.java --- a/src/ch/ethz/ssh2/crypto/PEMStructure.java Fri Jul 18 11:59:52 2014 -0700 +++ b/src/ch/ethz/ssh2/crypto/PEMStructure.java Fri Jul 18 16:45:43 2014 -0700 @@ -6,14 +6,14 @@ /** * Parsed PEM structure. - * + * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PEMStructure { - int pemType; + public int pemType; String dekInfo[]; String procType[]; byte[] data; diff -r e0da43026046 -r d7e088fa2123 src/ch/ethz/ssh2/server/ServerConnectionState.java --- a/src/ch/ethz/ssh2/server/ServerConnectionState.java Fri Jul 18 11:59:52 2014 -0700 +++ b/src/ch/ethz/ssh2/server/ServerConnectionState.java Fri Jul 18 16:45:43 2014 -0700 @@ -14,7 +14,7 @@ import ch.ethz.ssh2.channel.ChannelManager; import ch.ethz.ssh2.crypto.CryptoWishList; import ch.ethz.ssh2.signature.DSAPrivateKey; -import ch.ethz.ssh2.signature.RSAPrivateKey; +import java.security.interfaces.RSAPrivateKey; import ch.ethz.ssh2.transport.ClientServerHello; import ch.ethz.ssh2.transport.ServerTransportManager; diff -r e0da43026046 -r d7e088fa2123 src/ch/ethz/ssh2/signature/DSAPrivateKey.java --- a/src/ch/ethz/ssh2/signature/DSAPrivateKey.java Fri Jul 18 11:59:52 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. - * Please refer to the LICENSE.txt for licensing details. - */ -package ch.ethz.ssh2.signature; - -import java.math.BigInteger; - -/** - * DSAPrivateKey. - * - * @author Christian Plattner - * @version 2.50, 03/15/10 - */ -public class DSAPrivateKey -{ - private BigInteger p; - private BigInteger q; - private BigInteger g; - private BigInteger x; - private BigInteger y; - - public DSAPrivateKey(BigInteger p, BigInteger q, BigInteger g, - BigInteger y, BigInteger x) - { - this.p = p; - this.q = q; - this.g = g; - this.y = y; - this.x = x; - } - - public BigInteger getP() - { - return p; - } - - public BigInteger getQ() - { - return q; - } - - public BigInteger getG() - { - return g; - } - - public BigInteger getY() - { - return y; - } - - public BigInteger getX() - { - return x; - } - - public DSAPublicKey getPublicKey() - { - return new DSAPublicKey(p, q, g, y); - } -} \ No newline at end of file diff -r e0da43026046 -r d7e088fa2123 src/ch/ethz/ssh2/signature/DSAPublicKey.java --- a/src/ch/ethz/ssh2/signature/DSAPublicKey.java Fri Jul 18 11:59:52 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,49 +0,0 @@ -/* - * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. - * Please refer to the LICENSE.txt for licensing details. - */ -package ch.ethz.ssh2.signature; - -import java.math.BigInteger; - -/** - * DSAPublicKey. - * - * @author Christian Plattner - * @version 2.50, 03/15/10 - */ -public class DSAPublicKey -{ - private BigInteger p; - private BigInteger q; - private BigInteger g; - private BigInteger y; - - public DSAPublicKey(BigInteger p, BigInteger q, BigInteger g, BigInteger y) - { - this.p = p; - this.q = q; - this.g = g; - this.y = y; - } - - public BigInteger getP() - { - return p; - } - - public BigInteger getQ() - { - return q; - } - - public BigInteger getG() - { - return g; - } - - public BigInteger getY() - { - return y; - } -} \ No newline at end of file diff -r e0da43026046 -r d7e088fa2123 src/ch/ethz/ssh2/signature/DSASHA1Verify.java --- a/src/ch/ethz/ssh2/signature/DSASHA1Verify.java Fri Jul 18 11:59:52 2014 -0700 +++ b/src/ch/ethz/ssh2/signature/DSASHA1Verify.java Fri Jul 18 16:45:43 2014 -0700 @@ -1,213 +1,230 @@ -/* - * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. - * Please refer to the LICENSE.txt for licensing details. - */ -package ch.ethz.ssh2.signature; + +package com.trilead.ssh2.signature; import java.io.IOException; import java.math.BigInteger; -import java.security.DigestException; +import java.security.InvalidKeyException; +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; +import java.security.Signature; +import java.security.SignatureException; +import java.security.interfaces.DSAParams; +import java.security.interfaces.DSAPrivateKey; +import java.security.interfaces.DSAPublicKey; +import java.security.spec.DSAPublicKeySpec; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; -import ch.ethz.ssh2.PacketFormatException; -import ch.ethz.ssh2.crypto.digest.SHA1; -import ch.ethz.ssh2.log.Logger; -import ch.ethz.ssh2.packets.TypesReader; -import ch.ethz.ssh2.packets.TypesWriter; +import com.trilead.ssh2.log.Logger; +import com.trilead.ssh2.packets.TypesReader; +import com.trilead.ssh2.packets.TypesWriter; + /** * DSASHA1Verify. * - * @author Christian Plattner - * @version $Id: DSASHA1Verify.java 154 2014-04-28 11:45:02Z dkocher@sudo.ch $ + * @author Christian Plattner, plattner@trilead.com + * @version $Id: DSASHA1Verify.java,v 1.2 2008/04/01 12:38:09 cplattne Exp $ */ public class DSASHA1Verify { private static final Logger log = Logger.getLogger(DSASHA1Verify.class); public static DSAPublicKey decodeSSHDSAPublicKey(byte[] key) throws IOException { TypesReader tr = new TypesReader(key); - String key_format = tr.readString(); - if(!key_format.equals("ssh-dss")) { - throw new IllegalArgumentException("Not a ssh-dss public key"); - } + if (key_format.equals("ssh-dss") == false) + throw new IllegalArgumentException("This is not a ssh-dss public key!"); BigInteger p = tr.readMPINT(); BigInteger q = tr.readMPINT(); BigInteger g = tr.readMPINT(); BigInteger y = tr.readMPINT(); - if(tr.remain() != 0) { - throw new PacketFormatException("Padding in DSA public key"); + if (tr.remain() != 0) + throw new IOException("Padding in DSA public key!"); + + try { + KeyFactory kf = KeyFactory.getInstance("DSA"); + KeySpec ks = new DSAPublicKeySpec(y, p, q, g); + return (DSAPublicKey) kf.generatePublic(ks); } - - return new DSAPublicKey(p, q, g, y); + catch (NoSuchAlgorithmException e) { + IOException ex = new IOException(); + ex.initCause(e); + throw ex; + } + catch (InvalidKeySpecException e) { + IOException ex = new IOException(); + ex.initCause(e); + throw ex; + } } public static byte[] encodeSSHDSAPublicKey(DSAPublicKey pk) throws IOException { TypesWriter tw = new TypesWriter(); - tw.writeString("ssh-dss"); - tw.writeMPInt(pk.getP()); - tw.writeMPInt(pk.getQ()); - tw.writeMPInt(pk.getG()); + DSAParams params = pk.getParams(); + tw.writeMPInt(params.getP()); + tw.writeMPInt(params.getQ()); + tw.writeMPInt(params.getG()); tw.writeMPInt(pk.getY()); - return tw.getBytes(); } - public static byte[] encodeSSHDSASignature(DSASignature ds) { + /** + * Convert from Java's signature ASN.1 encoding to the SSH spec. + *

+ * Java ASN.1 encoding: + * 

+     * SEQUENCE ::= {
+     *    r INTEGER,
+     *    s INTEGER
+     * }
+     *
+ */ + public static byte[] encodeSSHDSASignature(byte[] ds) { TypesWriter tw = new TypesWriter(); - tw.writeString("ssh-dss"); - - byte[] r = ds.getR().toByteArray(); - byte[] s = ds.getS().toByteArray(); - + int len, index; + index = 3; + len = ds[index++] & 0xff; + byte[] r = new byte[len]; + System.arraycopy(ds, index, r, 0, r.length); + index = index + len + 1; + len = ds[index++] & 0xff; + byte[] s = new byte[len]; + System.arraycopy(ds, index, s, 0, s.length); byte[] a40 = new byte[40]; - - /* Patch (unsigned) r and s into the target array. */ - + /* Patch (unsigned) r and s into the target array. */ int r_copylen = (r.length < 20) ? r.length : 20; int s_copylen = (s.length < 20) ? s.length : 20; - System.arraycopy(r, r.length - r_copylen, a40, 20 - r_copylen, r_copylen); System.arraycopy(s, s.length - s_copylen, a40, 40 - s_copylen, s_copylen); - tw.writeString(a40, 0, 40); - return tw.getBytes(); } - public static DSASignature decodeSSHDSASignature(byte[] sig) throws IOException { - byte[] rsArray; + public static byte[] decodeSSHDSASignature(byte[] sig) throws IOException { + byte[] rsArray = null; - if(sig.length == 40) { + if (sig.length == 40) { + /* OK, another broken SSH server. */ rsArray = sig; } else { + /* Hopefully a server obeying the standard... */ TypesReader tr = new TypesReader(sig); - String sig_format = tr.readString(); - if(sig_format.equals("ssh-dss") == false) { - throw new PacketFormatException("Peer sent wrong signature format"); - } + if (sig_format.equals("ssh-dss") == false) + throw new IOException("Peer sent wrong signature format"); rsArray = tr.readByteString(); - if(rsArray.length != 40) { - throw new PacketFormatException("Peer sent corrupt signature"); - } + if (rsArray.length != 40) + throw new IOException("Peer sent corrupt signature"); - if(tr.remain() != 0) { - throw new PacketFormatException("Padding in DSA signature!"); - } + if (tr.remain() != 0) + throw new IOException("Padding in DSA signature!"); } - /* Remember, s and r are unsigned ints. */ - - byte[] tmp = new byte[20]; - - System.arraycopy(rsArray, 0, tmp, 0, 20); - BigInteger r = new BigInteger(1, tmp); - - System.arraycopy(rsArray, 20, tmp, 0, 20); - BigInteger s = new BigInteger(1, tmp); - - if(log.isDebugEnabled()) { - log.debug("decoded ssh-dss signature: first bytes r(" + ((rsArray[0]) & 0xff) + "), s(" - + ((rsArray[20]) & 0xff) + ")"); - } + int i = 0; + int j = 0; + byte[] tmp; - return new DSASignature(r, s); - } - - public static boolean verifySignature(byte[] message, DSASignature ds, DSAPublicKey dpk) throws IOException { - /* Inspired by Bouncycastle's DSASigner class */ - - SHA1 md = new SHA1(); - md.update(message); - byte[] sha_message = new byte[md.getDigestLength()]; - try { - md.digest(sha_message); - } - catch(DigestException e) { - throw new IOException(e); + if (rsArray[0] == 0 && rsArray[1] == 0 && rsArray[2] == 0) { + j = ((rsArray[i++] << 24) & 0xff000000) | ((rsArray[i++] << 16) & 0x00ff0000) + | ((rsArray[i++] << 8) & 0x0000ff00) | ((rsArray[i++]) & 0x000000ff); + i += j; + j = ((rsArray[i++] << 24) & 0xff000000) | ((rsArray[i++] << 16) & 0x00ff0000) + | ((rsArray[i++] << 8) & 0x0000ff00) | ((rsArray[i++]) & 0x000000ff); + tmp = new byte[j]; + System.arraycopy(rsArray, i, tmp, 0, j); + rsArray = tmp; } - BigInteger m = new BigInteger(1, sha_message); - - BigInteger r = ds.getR(); - BigInteger s = ds.getS(); - - BigInteger g = dpk.getG(); - BigInteger p = dpk.getP(); - BigInteger q = dpk.getQ(); - BigInteger y = dpk.getY(); + /* ASN.1 */ + int frst = ((rsArray[0] & 0x80) != 0 ? 1 : 0); + int scnd = ((rsArray[20] & 0x80) != 0 ? 1 : 0); + /* Calculate output length */ + int length = rsArray.length + 6 + frst + scnd; + tmp = new byte[length]; + /* DER-encoding to match Java */ + tmp[0] = (byte) 0x30; - BigInteger zero = BigInteger.ZERO; - - if(log.isDebugEnabled()) { - log.debug("ssh-dss signature: m: " + m.toString(16)); - log.debug("ssh-dss signature: r: " + r.toString(16)); - log.debug("ssh-dss signature: s: " + s.toString(16)); - log.debug("ssh-dss signature: g: " + g.toString(16)); - log.debug("ssh-dss signature: p: " + p.toString(16)); - log.debug("ssh-dss signature: q: " + q.toString(16)); - log.debug("ssh-dss signature: y: " + y.toString(16)); - } + if (rsArray.length != 40) + throw new IOException("Peer sent corrupt signature"); - if(zero.compareTo(r) >= 0 || q.compareTo(r) <= 0) { - log.warning("ssh-dss signature: zero.compareTo(r) >= 0 || q.compareTo(r) <= 0"); - return false; - } - - if(zero.compareTo(s) >= 0 || q.compareTo(s) <= 0) { - log.warning("ssh-dss signature: zero.compareTo(s) >= 0 || q.compareTo(s) <= 0"); - return false; - } - - BigInteger w = s.modInverse(q); - - BigInteger u1 = m.multiply(w).mod(q); - BigInteger u2 = r.multiply(w).mod(q); - - u1 = g.modPow(u1, p); - u2 = y.modPow(u2, p); - - BigInteger v = u1.multiply(u2).mod(p).mod(q); - - return v.equals(r); + /* Calculate length */ + tmp[1] = (byte) 0x2c; + tmp[1] += frst; + tmp[1] += scnd; + /* First item */ + tmp[2] = (byte) 0x02; + /* First item length */ + tmp[3] = (byte) 0x14; + tmp[3] += frst; + /* Copy in the data for first item */ + System.arraycopy(rsArray, 0, tmp, 4 + frst, 20); + /* Second item */ + tmp[4 + tmp[3]] = (byte) 0x02; + /* Second item length */ + tmp[5 + tmp[3]] = (byte) 0x14; + tmp[5 + tmp[3]] += scnd; + /* Copy in the data for the second item */ + System.arraycopy(rsArray, 20, tmp, 6 + tmp[3] + scnd, 20); + /* Swap buffers */ + rsArray = tmp; + return rsArray; } - public static DSASignature generateSignature(byte[] message, DSAPrivateKey pk, SecureRandom rnd) throws IOException { - SHA1 md = new SHA1(); - md.update(message); - byte[] sha_message = new byte[md.getDigestLength()]; + public static boolean verifySignature(byte[] message, byte[] ds, DSAPublicKey dpk) throws IOException { try { - md.digest(sha_message); + Signature s = Signature.getInstance("SHA1withDSA"); + s.initVerify(dpk); + s.update(message); + return s.verify(ds); + } + catch (NoSuchAlgorithmException e) { + IOException ex = new IOException("No such algorithm"); + ex.initCause(e); + throw ex; } - catch(DigestException e) { - throw new IOException(e); + catch (InvalidKeyException e) { + IOException ex = new IOException("No such algorithm"); + ex.initCause(e); + throw ex; } + catch (SignatureException e) { + IOException ex = new IOException(); + ex.initCause(e); + throw ex; + } + } - BigInteger m = new BigInteger(1, sha_message); - BigInteger k; - int qBitLength = pk.getQ().bitLength(); - - do { - k = new BigInteger(qBitLength, rnd); + public static byte[] generateSignature(byte[] message, DSAPrivateKey pk, SecureRandom rnd) throws IOException { + try { + Signature s = Signature.getInstance("SHA1withDSA"); + s.initSign(pk); + s.update(message); + return s.sign(); } - while(k.compareTo(pk.getQ()) >= 0); - - BigInteger r = pk.getG().modPow(k, pk.getP()).mod(pk.getQ()); - - k = k.modInverse(pk.getQ()).multiply(m.add((pk).getX().multiply(r))); - - BigInteger s = k.mod(pk.getQ()); - - return new DSASignature(r, s); + catch (NoSuchAlgorithmException e) { + IOException ex = new IOException(); + ex.initCause(e); + throw ex; + } + catch (InvalidKeyException e) { + IOException ex = new IOException(); + ex.initCause(e); + throw ex; + } + catch (SignatureException e) { + IOException ex = new IOException(); + ex.initCause(e); + throw ex; + } } } diff -r e0da43026046 -r d7e088fa2123 src/ch/ethz/ssh2/signature/DSASignature.java --- a/src/ch/ethz/ssh2/signature/DSASignature.java Fri Jul 18 11:59:52 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,35 +0,0 @@ -/* - * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. - * Please refer to the LICENSE.txt for licensing details. - */ -package ch.ethz.ssh2.signature; - -import java.math.BigInteger; - -/** - * DSASignature. - * - * @author Christian Plattner - * @version 2.50, 03/15/10 - */ -public class DSASignature -{ - private BigInteger r; - private BigInteger s; - - public DSASignature(BigInteger r, BigInteger s) - { - this.r = r; - this.s = s; - } - - public BigInteger getR() - { - return r; - } - - public BigInteger getS() - { - return s; - } -} diff -r e0da43026046 -r d7e088fa2123 src/ch/ethz/ssh2/signature/ECDSASHA2Verify.java --- a/src/ch/ethz/ssh2/signature/ECDSASHA2Verify.java Fri Jul 18 11:59:52 2014 -0700 +++ b/src/ch/ethz/ssh2/signature/ECDSASHA2Verify.java Fri Jul 18 16:45:43 2014 -0700 @@ -1,7 +1,7 @@ /** * */ -package ch.ethz.ssh2.signature; +package com.trilead.ssh2.signature; import java.io.ByteArrayOutputStream; import java.io.IOException; diff -r e0da43026046 -r d7e088fa2123 src/ch/ethz/ssh2/signature/RSAPrivateKey.java --- a/src/ch/ethz/ssh2/signature/RSAPrivateKey.java Fri Jul 18 11:59:52 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,79 +0,0 @@ -/* - * Copyright (c) 2006-2013 Christian Plattner. All rights reserved. - * Please refer to the LICENSE.txt for licensing details. - */ -package ch.ethz.ssh2.signature; - -import java.math.BigInteger; -import java.security.SecureRandom; - -/** - * RSAPrivateKey. - * - * @author Christian Plattner - * @version 2.50, 03/15/10 - */ -public class RSAPrivateKey -{ - private BigInteger d; - private BigInteger e; - private BigInteger n; - - public RSAPrivateKey(BigInteger d, BigInteger e, BigInteger n) - { - this.d = d; - this.e = e; - this.n = n; - } - - public BigInteger getD() - { - return d; - } - - public BigInteger getE() - { - return e; - } - - public BigInteger getN() - { - return n; - } - - public RSAPublicKey getPublicKey() - { - return new RSAPublicKey(e, n); - } - - /** - * Generate an RSA hostkey for testing purposes only. - * - * @param numbits Key length in bits - * @return - */ - public static RSAPrivateKey generateKey(int numbits) - { - return generateKey(new SecureRandom(), numbits); - } - - /** - * Generate an RSA hostkey for testing purposes only. - * - * @param rnd Source for random bits - * @param numbits Key length in bits - * @return - */ - public static RSAPrivateKey generateKey(SecureRandom rnd, int numbits) - { - BigInteger p = BigInteger.probablePrime(numbits / 2, rnd); - BigInteger q = BigInteger.probablePrime(numbits / 2, rnd); - BigInteger phi = (p.subtract(BigInteger.ONE)).multiply(q.subtract(BigInteger.ONE)); - - BigInteger n = p.multiply(q); - BigInteger e = new BigInteger("65537"); - BigInteger d = e.modInverse(phi); - - return new RSAPrivateKey(d, e, n); - } -} \ No newline at end of file diff -r e0da43026046 -r d7e088fa2123 src/ch/ethz/ssh2/signature/RSAPublicKey.java --- a/src/ch/ethz/ssh2/signature/RSAPublicKey.java Fri Jul 18 11:59:52 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,35 +0,0 @@ -/* - * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. - * Please refer to the LICENSE.txt for licensing details. - */ -package ch.ethz.ssh2.signature; - -import java.math.BigInteger; - -/** - * RSAPublicKey. - * - * @author Christian Plattner - * @version 2.50, 03/15/10 - */ -public class RSAPublicKey -{ - BigInteger e; - BigInteger n; - - public RSAPublicKey(BigInteger e, BigInteger n) - { - this.e = e; - this.n = n; - } - - public BigInteger getE() - { - return e; - } - - public BigInteger getN() - { - return n; - } -} \ No newline at end of file diff -r e0da43026046 -r d7e088fa2123 src/ch/ethz/ssh2/signature/RSASHA1Verify.java --- a/src/ch/ethz/ssh2/signature/RSASHA1Verify.java Fri Jul 18 11:59:52 2014 -0700 +++ b/src/ch/ethz/ssh2/signature/RSASHA1Verify.java Fri Jul 18 16:45:43 2014 -0700 @@ -1,283 +1,174 @@ -/* - * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. - * Please refer to the LICENSE.txt for licensing details. - */ -package ch.ethz.ssh2.signature; + +package com.trilead.ssh2.signature; import java.io.IOException; import java.math.BigInteger; -import java.security.DigestException; +import java.security.InvalidKeyException; +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.Signature; +import java.security.SignatureException; +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; +import java.security.spec.RSAPublicKeySpec; -import ch.ethz.ssh2.PacketFormatException; -import ch.ethz.ssh2.crypto.SimpleDERReader; -import ch.ethz.ssh2.crypto.digest.SHA1; -import ch.ethz.ssh2.log.Logger; -import ch.ethz.ssh2.packets.TypesReader; -import ch.ethz.ssh2.packets.TypesWriter; +import com.trilead.ssh2.log.Logger; +import com.trilead.ssh2.packets.TypesReader; +import com.trilead.ssh2.packets.TypesWriter; + /** * RSASHA1Verify. * - * @author Christian Plattner - * @version $Id: RSASHA1Verify.java 154 2014-04-28 11:45:02Z dkocher@sudo.ch $ + * @author Christian Plattner, plattner@trilead.com + * @version $Id: RSASHA1Verify.java,v 1.1 2007/10/15 12:49:57 cplattne Exp $ */ public class RSASHA1Verify { private static final Logger log = Logger.getLogger(RSASHA1Verify.class); public static RSAPublicKey decodeSSHRSAPublicKey(byte[] key) throws IOException { TypesReader tr = new TypesReader(key); - String key_format = tr.readString(); - if(!key_format.equals("ssh-rsa")) { - throw new IllegalArgumentException("Not a ssh-rsa public key"); - } + if (key_format.equals("ssh-rsa") == false) + throw new IllegalArgumentException("This is not a ssh-rsa public key"); BigInteger e = tr.readMPINT(); BigInteger n = tr.readMPINT(); - if(tr.remain() != 0) { - throw new PacketFormatException("Padding in RSA public key"); + if (tr.remain() != 0) + throw new IOException("Padding in RSA public key!"); + + KeySpec keySpec = new RSAPublicKeySpec(n, e); + + try { + KeyFactory kf = KeyFactory.getInstance("RSA"); + return (RSAPublicKey) kf.generatePublic(keySpec); } - - return new RSAPublicKey(e, n); + catch (NoSuchAlgorithmException nsae) { + IOException ioe = new IOException("No RSA KeyFactory available"); + ioe.initCause(nsae); + throw ioe; + } + catch (InvalidKeySpecException ikse) { + IOException ioe = new IOException("No RSA KeyFactory available"); + ioe.initCause(ikse); + throw ioe; + } } public static byte[] encodeSSHRSAPublicKey(RSAPublicKey pk) throws IOException { TypesWriter tw = new TypesWriter(); - tw.writeString("ssh-rsa"); - tw.writeMPInt(pk.getE()); - tw.writeMPInt(pk.getN()); - + tw.writeMPInt(pk.getPublicExponent()); + tw.writeMPInt(pk.getModulus()); return tw.getBytes(); } - public static RSASignature decodeSSHRSASignature(byte[] sig) throws IOException { + public static byte[] decodeSSHRSASignature(byte[] sig) throws IOException { TypesReader tr = new TypesReader(sig); - String sig_format = tr.readString(); - if(!sig_format.equals("ssh-rsa")) { - throw new PacketFormatException("Peer sent wrong signature format"); - } + if (sig_format.equals("ssh-rsa") == false) + throw new IOException("Peer sent wrong signature format"); - /* S is NOT an MPINT. "The value for 'rsa_signature_blob' is encoded as a string + /* S is NOT an MPINT. "The value for 'rsa_signature_blob' is encoded as a string * containing s (which is an integer, without lengths or padding, unsigned and in - * network byte order)." See also below. - */ - + * network byte order)." See also below. + */ byte[] s = tr.readByteString(); - if(s.length == 0) { - throw new PacketFormatException("Error in RSA signature, S is empty."); - } + if (s.length == 0) + throw new IOException("Error in RSA signature, S is empty."); - if(log.isDebugEnabled()) { - log.debug("Decoding ssh-rsa signature string (length: " + s.length + ")"); + if (log.isEnabled()) { + log.log(80, "Decoding ssh-rsa signature string (length: " + s.length + ")"); } - if(tr.remain() != 0) { - throw new PacketFormatException("Padding in RSA signature!"); + if (tr.remain() != 0) + throw new IOException("Padding in RSA signature!"); + + if (s[0] == 0 && s[1] == 0 && s[2] == 0) { + int i = 0; + int j = ((s[i++] << 24) & 0xff000000) | ((s[i++] << 16) & 0x00ff0000) + | ((s[i++] << 8) & 0x0000ff00) | ((s[i++]) & 0x000000ff); + i += j; + j = ((s[i++] << 24) & 0xff000000) | ((s[i++] << 16) & 0x00ff0000) + | ((s[i++] << 8) & 0x0000ff00) | ((s[i++]) & 0x000000ff); + byte[] tmp = new byte[j]; + System.arraycopy(s, i, tmp, 0, j); + sig = tmp; } - return new RSASignature(new BigInteger(1, s)); + return s; } - public static byte[] encodeSSHRSASignature(RSASignature sig) throws IOException { + public static byte[] encodeSSHRSASignature(byte[] s) throws IOException { TypesWriter tw = new TypesWriter(); - tw.writeString("ssh-rsa"); - /* S is NOT an MPINT. "The value for 'rsa_signature_blob' is encoded as a string - * containing s (which is an integer, without lengths or padding, unsigned and in - * network byte order)." - */ - - byte[] s = sig.getS().toByteArray(); + /* S is NOT an MPINT. "The value for 'rsa_signature_blob' is encoded as a string + * containing s (which is an integer, without lengths or padding, unsigned and in + * network byte order)." + */ - /* Remove first zero sign byte, if present */ + /* Remove first zero sign byte, if present */ - if((s.length > 1) && (s[0] == 0x00)) { + if ((s.length > 1) && (s[0] == 0x00)) tw.writeString(s, 1, s.length - 1); - } - else { + else tw.writeString(s, 0, s.length); - } return tw.getBytes(); } - public static RSASignature generateSignature(byte[] message, RSAPrivateKey pk) throws IOException { - SHA1 md = new SHA1(); - md.update(message); - byte[] sha_message = new byte[md.getDigestLength()]; + public static byte[] generateSignature(byte[] message, RSAPrivateKey pk) throws IOException { try { - md.digest(sha_message); - } - catch(DigestException e) { - throw new IOException(e); + Signature s = Signature.getInstance("SHA1withRSA"); + s.initSign(pk); + s.update(message); + return s.sign(); } - - byte[] der_header = new byte[]{0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, - 0x04, 0x14}; - - int rsa_block_len = (pk.getN().bitLength() + 7) / 8; - - int num_pad = rsa_block_len - (2 + der_header.length + sha_message.length) - 1; - - if(num_pad < 8) { - throw new PacketFormatException("Cannot sign with RSA, message too long"); + catch (NoSuchAlgorithmException e) { + IOException ex = new IOException(); + ex.initCause(e); + throw ex; } - - byte[] sig = new byte[der_header.length + sha_message.length + 2 + num_pad]; - - sig[0] = 0x01; - - for(int i = 0; i < num_pad; i++) { - sig[i + 1] = (byte) 0xff; + catch (InvalidKeyException e) { + IOException ex = new IOException(); + ex.initCause(e); + throw ex; } - - sig[num_pad + 1] = 0x00; - - System.arraycopy(der_header, 0, sig, 2 + num_pad, der_header.length); - System.arraycopy(sha_message, 0, sig, 2 + num_pad + der_header.length, sha_message.length); - - BigInteger m = new BigInteger(1, sig); - - BigInteger s = m.modPow(pk.getD(), pk.getN()); - - return new RSASignature(s); + catch (SignatureException e) { + IOException ex = new IOException(); + ex.initCause(e); + throw ex; + } } - public static boolean verifySignature(byte[] message, RSASignature ds, RSAPublicKey dpk) throws IOException { - SHA1 md = new SHA1(); - md.update(message); - byte[] sha_message = new byte[md.getDigestLength()]; + public static boolean verifySignature(byte[] message, byte[] ds, RSAPublicKey dpk) throws IOException { try { - md.digest(sha_message); - } - catch(DigestException e) { - throw new IOException(e); - } - - BigInteger n = dpk.getN(); - BigInteger e = dpk.getE(); - BigInteger s = ds.getS(); - - if(n.compareTo(s) <= 0) { - log.warning("ssh-rsa signature: n.compareTo(s) <= 0"); - return false; - } - - int rsa_block_len = (n.bitLength() + 7) / 8; - - /* And now the show begins */ - - if(rsa_block_len < 1) { - log.warning("ssh-rsa signature: rsa_block_len < 1"); - return false; - } - - byte[] v = s.modPow(e, n).toByteArray(); - - int startpos = 0; - - if((v.length > 0) && (v[0] == 0x00)) { - startpos++; - } - - if((v.length - startpos) != (rsa_block_len - 1)) { - log.warning("ssh-rsa signature: (v.length - startpos) != (rsa_block_len - 1)"); - return false; - } - - if(v[startpos] != 0x01) { - log.warning("ssh-rsa signature: v[startpos] != 0x01"); - return false; - } - - int pos = startpos + 1; - - while(true) { - if(pos >= v.length) { - log.warning("ssh-rsa signature: pos >= v.length"); - return false; - } - if(v[pos] == 0x00) { - break; - } - if(v[pos] != (byte) 0xff) { - log.warning("ssh-rsa signature: v[pos] != (byte) 0xff"); - return false; - } - pos++; + Signature s = Signature.getInstance("SHA1withRSA"); + s.initVerify(dpk); + s.update(message); + return s.verify(ds); } - - int num_pad = pos - (startpos + 1); - - if(num_pad < 8) { - log.warning("ssh-rsa signature: num_pad < 8"); - return false; - } - - pos++; - - if(pos >= v.length) { - log.warning("ssh-rsa signature: pos >= v.length"); - return false; - } - - SimpleDERReader dr = new SimpleDERReader(v, pos, v.length - pos); - - byte[] seq = dr.readSequenceAsByteArray(); - - if(dr.available() != 0) { - log.warning("ssh-rsa signature: dr.available() != 0"); - return false; + catch (NoSuchAlgorithmException e) { + IOException ex = new IOException(); + ex.initCause(e); + throw ex; } - - dr.resetInput(seq); - - /* Read digestAlgorithm */ - - byte digestAlgorithm[] = dr.readSequenceAsByteArray(); - - /* Inspired by RFC 3347, however, ignoring the comment regarding old BER based implementations */ - - if((digestAlgorithm.length < 8) || (digestAlgorithm.length > 9)) { - log.warning("ssh-rsa signature: (digestAlgorithm.length < 8) || (digestAlgorithm.length > 9)"); - return false; - } - - byte[] digestAlgorithm_sha1 = new byte[]{0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00}; - - for(int i = 0; i < digestAlgorithm.length; i++) { - if(digestAlgorithm[i] != digestAlgorithm_sha1[i]) { - log.warning("ssh-rsa signature: digestAlgorithm[i] != digestAlgorithm_sha1[i]"); - return false; - } + catch (InvalidKeyException e) { + IOException ex = new IOException(); + ex.initCause(e); + throw ex; } - - byte[] digest = dr.readOctetString(); - - if(dr.available() != 0) { - log.warning("ssh-rsa signature: dr.available() != 0 (II)"); - return false; + catch (SignatureException e) { + IOException ex = new IOException(); + ex.initCause(e); + throw ex; } - - if(digest.length != sha_message.length) { - log.warning("ssh-rsa signature: digest.length != sha_message.length"); - return false; - } - - for(int i = 0; i < sha_message.length; i++) { - if(sha_message[i] != digest[i]) { - log.warning("ssh-rsa signature: sha_message[i] != digest[i]"); - return false; - } - } - - return true; } } diff -r e0da43026046 -r d7e088fa2123 src/ch/ethz/ssh2/signature/RSASignature.java --- a/src/ch/ethz/ssh2/signature/RSASignature.java Fri Jul 18 11:59:52 2014 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,30 +0,0 @@ -/* - * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. - * Please refer to the LICENSE.txt for licensing details. - */ -package ch.ethz.ssh2.signature; - -import java.math.BigInteger; - - -/** - * RSASignature. - * - * @author Christian Plattner - * @version 2.50, 03/15/10 - */ - -public class RSASignature -{ - BigInteger s; - - public BigInteger getS() - { - return s; - } - - public RSASignature(BigInteger s) - { - this.s = s; - } -} \ No newline at end of file diff -r e0da43026046 -r d7e088fa2123 src/ch/ethz/ssh2/transport/ClientKexManager.java --- a/src/ch/ethz/ssh2/transport/ClientKexManager.java Fri Jul 18 11:59:52 2014 -0700 +++ b/src/ch/ethz/ssh2/transport/ClientKexManager.java Fri Jul 18 16:45:43 2014 -0700 @@ -28,10 +28,10 @@ import ch.ethz.ssh2.packets.PacketKexDhGexRequestOld; import ch.ethz.ssh2.packets.PacketKexInit; import ch.ethz.ssh2.packets.Packets; -import ch.ethz.ssh2.signature.DSAPublicKey; +import java.security.interfaces.DSAPublicKey; import ch.ethz.ssh2.signature.DSASHA1Verify; import ch.ethz.ssh2.signature.DSASignature; -import ch.ethz.ssh2.signature.RSAPublicKey; +import java.security.interfaces.RSAPublicKey; import ch.ethz.ssh2.signature.RSASHA1Verify; import ch.ethz.ssh2.signature.RSASignature; diff -r e0da43026046 -r d7e088fa2123 src/ch/ethz/ssh2/transport/KexManager.java --- a/src/ch/ethz/ssh2/transport/KexManager.java Fri Jul 18 11:59:52 2014 -0700 +++ b/src/ch/ethz/ssh2/transport/KexManager.java Fri Jul 18 16:45:43 2014 -0700 @@ -23,7 +23,7 @@ import ch.ethz.ssh2.packets.PacketKexInit; import ch.ethz.ssh2.packets.PacketNewKeys; import ch.ethz.ssh2.signature.DSAPrivateKey; -import ch.ethz.ssh2.signature.RSAPrivateKey; +import java.security.interfaces.RSAPrivateKey; /** * @version $Id: KexManager.java 152 2014-04-28 11:02:23Z dkocher@sudo.ch $ diff -r e0da43026046 -r d7e088fa2123 src/ch/ethz/ssh2/transport/KexState.java --- a/src/ch/ethz/ssh2/transport/KexState.java Fri Jul 18 11:59:52 2014 -0700 +++ b/src/ch/ethz/ssh2/transport/KexState.java Fri Jul 18 16:45:43 2014 -0700 @@ -10,7 +10,7 @@ import java.math.BigInteger; import ch.ethz.ssh2.packets.PacketKexInit; import ch.ethz.ssh2.signature.DSAPrivateKey; -import ch.ethz.ssh2.signature.RSAPrivateKey; +import java.security.interfaces.RSAPrivateKey; /** * KexState. diff -r e0da43026046 -r d7e088fa2123 src/ch/ethz/ssh2/transport/TransportManager.java --- a/src/ch/ethz/ssh2/transport/TransportManager.java Fri Jul 18 11:59:52 2014 -0700 +++ b/src/ch/ethz/ssh2/transport/TransportManager.java Fri Jul 18 16:45:43 2014 -0700 @@ -24,7 +24,7 @@ import ch.ethz.ssh2.packets.Packets; import ch.ethz.ssh2.packets.TypesReader; import ch.ethz.ssh2.signature.DSAPrivateKey; -import ch.ethz.ssh2.signature.RSAPrivateKey; +import java.security.interfaces.RSAPrivateKey; /** * Yes, the "standard" is a big mess. On one side, the say that arbitrary channel