changeset 300:349847b2e318 ganymed

add ecdsa key support everywhere
author Carl Byington <carl@five-ten-sg.com>
date Tue, 29 Jul 2014 18:36:57 -0700
parents 4c3a4e88c027
children ca5dd224a87b
files src/ch/ethz/ssh2/ServerConnection.java src/ch/ethz/ssh2/channel/AuthAgentForwardThread.java src/ch/ethz/ssh2/transport/KexManager.java src/com/five_ten_sg/connectbot/PubkeyListActivity.java
diffstat 4 files changed, 38 insertions(+), 27 deletions(-) [+]
line wrap: on
line diff
--- a/src/ch/ethz/ssh2/ServerConnection.java	Tue Jul 29 18:08:09 2014 -0700
+++ b/src/ch/ethz/ssh2/ServerConnection.java	Tue Jul 29 18:36:57 2014 -0700
@@ -321,9 +321,11 @@
 	private void fixCryptoWishList(CryptoWishList next_cryptoWishList, KeyPair next_dsa_key, KeyPair next_rsa_key, KeyPair next_ec_key)
 	{
         List<String> algos = new ArrayList<string>();
+		if (next_ec_key != null)  algos.add("ecdsa-sha2-nistp521");
+		if (next_ec_key != null)  algos.add("ecdsa-sha2-nistp384");
+		if (next_ec_key != null)  algos.add("ecdsa-sha2-nistp256");
 		if (next_dsa_key != null) algos.add("ssh-dss");
 		if (next_rsa_key != null) algos.add("ssh-rsa");
-		if (next_ec_key != null)  algos.add("ssh-ec");
  	    next_cryptoWishList.serverHostKeyAlgorithms = new String[algos.size()];
         algos.toArray(next_cryptoWishList.serverHostKeyAlgorithms);
 	}
--- a/src/ch/ethz/ssh2/channel/AuthAgentForwardThread.java	Tue Jul 29 18:08:09 2014 -0700
+++ b/src/ch/ethz/ssh2/channel/AuthAgentForwardThread.java	Tue Jul 29 18:36:57 2014 -0700
@@ -314,7 +314,7 @@
                 ECPoint group = ECDSASHA2Verify.decodeECPoint(groupBytes, nistp256.getCurve());
 
                 if (group == null) {
-                    // TODO log error
+                    log.debug("No groupfor ecdsa-sha2-nistp256: ");
                     os.write(SSH_AGENT_FAILURE);
                     return;
                 }
--- a/src/ch/ethz/ssh2/transport/KexManager.java	Tue Jul 29 18:08:09 2014 -0700
+++ b/src/ch/ethz/ssh2/transport/KexManager.java	Tue Jul 29 18:36:57 2014 -0700
@@ -37,6 +37,26 @@
 public abstract class KexManager implements MessageHandler {
     protected static final Logger log = Logger.getLogger(KexManager.class);
 
+    private static final Set<String> HOSTKEY_ALGS = new TreeSet<String>();
+    static {
+        HOSTKEY_ALGS.add("ecdsa-sha2-nistp256");
+        HOSTKEY_ALGS.add("ecdsa-sha2-nistp384");
+        HOSTKEY_ALGS.add("ecdsa-sha2-nistp521");
+        HOSTKEY_ALGS.add("ssh-rsa");
+        HOSTKEY_ALGS.add("ssh-dss");
+    }
+
+    private static final Set<String> KEX_ALGS = new TreeSet<String>();
+    static {
+        KEX_ALGS.add("ecdh-sha2-nistp256");
+        KEX_ALGS.add("ecdh-sha2-nistp384");
+        KEX_ALGS.add("ecdh-sha2-nistp521");
+        KEX_ALGS.add("diffie-hellman-group-exchange-sha256");
+        KEX_ALGS.add("diffie-hellman-group-exchange-sha1");
+        KEX_ALGS.add("diffie-hellman-group14-sha1");
+        KEX_ALGS.add("diffie-hellman-group1-sha1");
+    }
+
     KexState kxs;
     int kexCount = 0;
     KeyMaterial km;
@@ -56,6 +76,7 @@
     DHGexParameters nextKEXdhgexParameters;
     KeyPair nextKEXdsakey;
     KeyPair nextKEXrsakey;
+    KeyPair nextKEXeckey;
 
     final SecureRandom rnd;
 
@@ -182,17 +203,19 @@
         return np;
     }
 
-    public synchronized void initiateKEX(CryptoWishList cwl, DHGexParameters dhgex, KeyPair dsa, KeyPair rsa)
+    public synchronized void initiateKEX(CryptoWishList cwl, DHGexParameters dhgex, KeyPair dsa, KeyPair rsa, KeyPair ec)
             throws IOException {
         nextKEXcryptoWishList = cwl;
         nextKEXdhgexParameters = dhgex;
         nextKEXdsakey = dsa;
         nextKEXrsakey = rsa;
+        nextKEXeckey  = ec;
 
         if(kxs == null) {
             kxs = new KexState();
             kxs.local_dsa_key = dsa;
             kxs.local_rsa_key = rsa;
+            kxs.local_ec_key  = ec;
             kxs.dhgexParameters = nextKEXdhgexParameters;
             kxs.localKEX = new PacketKexInit(nextKEXcryptoWishList, rnd);
             tm.sendKexMessage(kxs.localKEX.getPayload());
@@ -260,42 +283,28 @@
     }
 
     public static String[] getDefaultServerHostkeyAlgorithmList() {
-        return new String[]{"ssh-rsa", "ssh-dss"};
+        return HOSTKEY_ALGS.toArray(new String[HOSTKEY_ALGS.size()]);
     }
 
     public static void checkServerHostkeyAlgorithmsList(String[] algos) {
-        for(final String algo : algos) {
-            if("ssh-rsa".equals(algo)) {
-                continue;
-            }
-            if("ssh-dss".equals(algo)) {
-                continue;
-            }
-            throw new IllegalArgumentException(String.format("Unknown server host key algorithm %s", algo));
+        for (final String algo : algos) {
+            if (!HOSTKEY_ALGS.contains(algo))
+                throw new IllegalArgumentException("Unknown server host key algorithm '" + algo + "'");
         }
     }
 
     public static String[] getDefaultClientKexAlgorithmList() {
-        return new String[]{"diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1",
-                "diffie-hellman-group1-sha1"};
+        return KEX_ALGS.toArray(new String[KEX_ALGS.size()]);
     }
 
     public static String[] getDefaultServerKexAlgorithmList() {
-        return new String[]{"diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"};
+        return KEX_ALGS.toArray(new String[KEX_ALGS.size()]);
     }
 
     public static void checkKexAlgorithmList(String[] algos) {
-        for(final String algo : algos) {
-            if("diffie-hellman-group-exchange-sha1".equals(algo)) {
-                continue;
-            }
-            if("diffie-hellman-group14-sha1".equals(algo)) {
-                continue;
-            }
-            if("diffie-hellman-group1-sha1".equals(algo)) {
-                continue;
-            }
-            throw new IllegalArgumentException(String.format("Unknown kex algorithm %s", algo));
+        for (final String algo : algos) {
+            if (!KEX_ALGS.contains(algo))
+                throw new IllegalArgumentException("Unknown kex algorithm '" + algo + "'");
         }
     }
 }
--- a/src/com/five_ten_sg/connectbot/PubkeyListActivity.java	Tue Jul 29 18:08:09 2014 -0700
+++ b/src/com/five_ten_sg/connectbot/PubkeyListActivity.java	Tue Jul 29 18:36:57 2014 -0700
@@ -639,7 +639,7 @@
                 try {
                     PEMStructure struct = PEMDecoder.parsePEM(new String(pubkey.getPrivateKey()).toCharArray());
                     String type = (struct.pemType == PEMDecoder.PEM_RSA_PRIVATE_KEY) ? "RSA" :
-                                  (struct.pemType == PEMDecoder.PEM_DSA_PRIVATE_KEY) ? "DSA" : "EC"
+                                  (struct.pemType == PEMDecoder.PEM_DSA_PRIVATE_KEY) ? "DSA" : "EC";
                     holder.caption.setText(String.format("%s unknown-bit", type));
                 }
                 catch (IOException e) {