changeset 285:486df527ddc5 ganymed

start conversion from trilead to ganymed
author Carl Byington <carl@five-ten-sg.com>
date Fri, 18 Jul 2014 18:33:40 -0700
parents 4ec87de11e71
children 4656869af8fe
files src/ch/ethz/ssh2/Connection.java src/ch/ethz/ssh2/KnownHosts.java src/ch/ethz/ssh2/signature/RSASHA1Verify.java src/ch/ethz/ssh2/transport/ClientKexManager.java src/ch/ethz/ssh2/transport/KexManager.java src/ch/ethz/ssh2/transport/ServerKexManager.java
diffstat 6 files changed, 65 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/src/ch/ethz/ssh2/Connection.java	Fri Jul 18 18:08:56 2014 -0700
+++ b/src/ch/ethz/ssh2/Connection.java	Fri Jul 18 18:33:40 2014 -0700
@@ -505,6 +505,58 @@
     }
 
     /**
+     * After a successful connect, one has to authenticate oneself. The
+     * authentication method "publickey" works by signing a challenge sent by
+     * the server. The signature is either DSA or RSA based - it just depends on
+     * the type of private key you specify, either a DSA or RSA private key in
+     * PEM format. And yes, this is may seem to be a little confusing, the
+     * method is called "publickey" in the SSH-2 protocol specification, however
+     * since we need to generate a signature, you actually have to supply a
+     * private key =).
+     * <p>
+     * If the authentication phase is complete, <code>true</code> will be
+     * returned. If the server does not accept the request (or if further
+     * authentication steps are needed), <code>false</code> is returned and
+     * one can retry either by using this or any other authentication method
+     * (use the <code>getRemainingAuthMethods</code> method to get a list of
+     * the remaining possible methods).
+     *
+     * @param user
+     *            A <code>String</code> holding the username.
+     * @param pair
+     *            A <code>RSAPrivateKey</code> or <code>DSAPrivateKey</code>
+     *            containing a DSA or RSA private key of
+     *            the user in Trilead object format.
+     *
+     * @return whether the connection is now authenticated.
+     * @throws IOException
+     */
+
+    public synchronized boolean authenticateWithPublicKey(String user, KeyPair pair)
+    throws IOException {
+        if (tm == null)
+            throw new IllegalStateException("Connection is not established!");
+
+        if (authenticated)
+            throw new IllegalStateException("Connection is already authenticated!");
+
+        if (am == null)
+            am = new AuthenticationManager(tm);
+
+        if (cm == null)
+            cm = new ChannelManager(tm);
+
+        if (user == null)
+            throw new IllegalArgumentException("user argument is null");
+
+        if (pair == null)
+            throw new IllegalArgumentException("Key pair argument is null");
+
+        authenticated = am.authenticatePublicKey(user, pair, getOrCreateSecureRND());
+        return authenticated;
+    }
+
+    /**
      * A convenience wrapper function which reads in a private key (PEM format, either DSA or RSA)
      * and then calls <code>authenticateWithPublicKey(String, char[], String)</code>.
      * <p/>
--- a/src/ch/ethz/ssh2/KnownHosts.java	Fri Jul 18 18:08:56 2014 -0700
+++ b/src/ch/ethz/ssh2/KnownHosts.java	Fri Jul 18 18:33:40 2014 -0700
@@ -25,9 +25,12 @@
 import ch.ethz.ssh2.crypto.digest.HMAC;
 import ch.ethz.ssh2.crypto.digest.MD5;
 import ch.ethz.ssh2.crypto.digest.SHA1;
+import java.security.PublicKey;
 import java.security.interfaces.DSAPublicKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
 import ch.ethz.ssh2.signature.DSASHA1Verify;
-import java.security.interfaces.RSAPublicKey;
+import ch.ethz.ssh2.signature.ECDSASHA2Verify;
 import ch.ethz.ssh2.signature.RSASHA1Verify;
 import ch.ethz.ssh2.util.StringEncoder;
 
--- a/src/ch/ethz/ssh2/signature/RSASHA1Verify.java	Fri Jul 18 18:08:56 2014 -0700
+++ b/src/ch/ethz/ssh2/signature/RSASHA1Verify.java	Fri Jul 18 18:33:40 2014 -0700
@@ -84,7 +84,7 @@
             throw new IOException("Error in RSA signature, S is empty.");
 
         if (log.isEnabled()) {
-            log.log(80, "Decoding ssh-rsa signature string (length: " + s.length + ")");
+            log.info(80, "Decoding ssh-rsa signature string (length: " + s.length + ")");
         }
 
         if (tr.remain() != 0)
--- a/src/ch/ethz/ssh2/transport/ClientKexManager.java	Fri Jul 18 18:08:56 2014 -0700
+++ b/src/ch/ethz/ssh2/transport/ClientKexManager.java	Fri Jul 18 18:33:40 2014 -0700
@@ -58,7 +58,7 @@
         if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) {
             byte[] rs = ECDSASHA2Verify.decodeSSHECDSASignature(sig);
             ECPublicKey epk = ECDSASHA2Verify.decodeSSHECDSAPublicKey(hostkey);
-            log.log(50, "Verifying ecdsa signature");
+            log.debug(50, "Verifying ecdsa signature");
             return ECDSASHA2Verify.verifySignature(kxs.H, rs, epk);
         }
         if (kxs.np.server_host_key_algo.equals("ssh-rsa")) {
--- a/src/ch/ethz/ssh2/transport/KexManager.java	Fri Jul 18 18:08:56 2014 -0700
+++ b/src/ch/ethz/ssh2/transport/KexManager.java	Fri Jul 18 18:33:40 2014 -0700
@@ -54,8 +54,8 @@
 
     CryptoWishList nextKEXcryptoWishList;
     DHGexParameters nextKEXdhgexParameters;
-    DSAPrivateKey nextKEXdsakey;
-    RSAPrivateKey nextKEXrsakey;
+    KeyPair nextKEXdsakey;
+    KeyPair nextKEXrsakey;
 
     final SecureRandom rnd;
 
@@ -182,7 +182,7 @@
         return np;
     }
 
-    public synchronized void initiateKEX(CryptoWishList cwl, DHGexParameters dhgex, DSAPrivateKey dsa, RSAPrivateKey rsa)
+    public synchronized void initiateKEX(CryptoWishList cwl, DHGexParameters dhgex, KeyPair dsa, KeyPair rsa)
             throws IOException {
         nextKEXcryptoWishList = cwl;
         nextKEXdhgexParameters = dhgex;
--- a/src/ch/ethz/ssh2/transport/ServerKexManager.java	Fri Jul 18 18:08:56 2014 -0700
+++ b/src/ch/ethz/ssh2/transport/ServerKexManager.java	Fri Jul 18 18:33:40 2014 -0700
@@ -167,11 +167,11 @@
                 byte[] hostKey = null;
 
                 if(kxs.np.server_host_key_algo.equals("ssh-rsa")) {
-                    hostKey = RSASHA1Verify.encodeSSHRSAPublicKey(kxs.local_rsa_key.getPublic());
+                    hostKey = RSASHA1Verify.encodeSSHRSAPublicKey((RSAPublicKey)kxs.local_rsa_key.getPublic());
                 }
 
                 if(kxs.np.server_host_key_algo.equals("ssh-dss")) {
-                    hostKey = DSASHA1Verify.encodeSSHDSAPublicKey(kxs.local_dsa_key.getPublic());
+                    hostKey = DSASHA1Verify.encodeSSHDSAPublicKey((DSAPublicKey)kxs.local_dsa_key.getPublic());
                 }
 
                 try {
@@ -187,12 +187,12 @@
                 byte[] signature = null;
 
                 if(kxs.np.server_host_key_algo.equals("ssh-rsa")) {
-                    byte[] rs = RSASHA1Verify.generateSignature(kxs.H, kxs.local_rsa_key);
+                    byte[] rs = RSASHA1Verify.generateSignature(kxs.H, (RSAPrivateKey)kxs.local_rsa_key.getPrivate());
                     signature = RSASHA1Verify.encodeSSHRSASignature(rs);
                 }
 
                 if(kxs.np.server_host_key_algo.equals("ssh-dss")) {
-                    byte[] ds = DSASHA1Verify.generateSignature(kxs.H, kxs.local_dsa_key, rnd);
+                    byte[] ds = DSASHA1Verify.generateSignature(kxs.H, (DSAPrivateKey)kxs.local_dsa_key.getPrivate(), rnd);
                     signature = DSASHA1Verify.encodeSSHDSASignature(ds);
                 }