Mercurial > 510Connectbot

--- a/src/ch/ethz/ssh2/transport/ClientKexManager.java	Wed Jul 30 12:09:51 2014 -0700
+++ b/src/ch/ethz/ssh2/transport/ClientKexManager.java	Wed Jul 30 13:38:04 2014 -0700
@@ -65,18 +65,14 @@
         if (kxs.np.server_host_key_algo.equals("ssh-rsa")) {
             byte[] rs = RSASHA1Verify.decodeSSHRSASignature(sig);
             RSAPublicKey rpk = RSASHA1Verify.decodeSSHRSAPublicKey(hostkey);
-
             log.debug("Verifying ssh-rsa signature");
-
             return RSASHA1Verify.verifySignature(kxs.H, rs, rpk);
         }

         if (kxs.np.server_host_key_algo.equals("ssh-dss")) {
             byte[] ds = DSASHA1Verify.decodeSSHDSASignature(sig);
             DSAPublicKey dpk = DSASHA1Verify.decodeSSHDSAPublicKey(hostkey);
-
             log.debug("Verifying ssh-dss signature");
-
             return DSASHA1Verify.verifySignature(kxs.H, ds, dpk);
         }

@@ -93,6 +89,14 @@
     public synchronized void handleMessage(byte[] msg) throws IOException {
         PacketKexInit kip;

+        if (msg == null) {
+            synchronized (accessLock) {
+                connectionClosed = true;
+                accessLock.notifyAll();
+                return;
+            }
+        }
+
         if((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) {
             throw new PacketTypeException(msg[0]);
         }
@@ -129,7 +133,8 @@
                 ignore_next_kex_packet = true;
             }

-            if(kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")) {
+            if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1") ||
+                kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) {
                 if(kxs.dhgexParameters.getMin_group_len() == 0) {
                     PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters);
                     tm.sendKexMessage(dhgexreq.getPayload());
@@ -139,21 +144,23 @@
                     PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters);
                     tm.sendKexMessage(dhgexreq.getPayload());
                 }
+                if (kxs.np.kex_algo.endsWith("sha1")) {
+                    kxs.hashAlgo = "SHA1";
+                }
+                else {
+                    kxs.hashAlgo = "SHA-256";
+                }
                 kxs.state = 1;
                 return;
             }

-            if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")
-                    || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) {
-                kxs.dhx = new DhExchange();
-
-                if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")) {
-                    kxs.dhx.clientInit(1, rnd);
-                }
-                else {
-                    kxs.dhx.clientInit(14, rnd);
-                }
-
+            if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")  ||
+                kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") ||
+                kxs.np.kex_algo.equals("ecdh-sha2-nistp256")          ||
+                kxs.np.kex_algo.equals("ecdh-sha2-nistp384")          ||
+                kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) {
+                kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo);
+                kxs.dhx.init(kxs.np.kex_algo);
                 PacketKexDHInit kp = new PacketKexDHInit(kxs.dhx.getE());
                 tm.sendKexMessage(kp.getPayload());
                 kxs.state = 1;
@@ -218,7 +225,8 @@
             throw new IOException("Unexpected Kex submessage!");
         }

-        if(kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")) {
+        if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1") ||
+            kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) {
             if(kxs.state == 1) {
                 PacketKexDhGexGroup dhgexgrp = new PacketKexDhGexGroup(msg);
                 kxs.dhgx = new DhGroupExchange(dhgexgrp.getP(), dhgexgrp.getG());
@@ -268,12 +276,13 @@
             throw new IllegalStateException("Illegal State in KEX Exchange!");
         }

-        if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")
-                || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) {
+        if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")  ||
+            kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") ||
+            kxs.np.kex_algo.equals("ecdh-sha2-nistp256")          ||
+            kxs.np.kex_algo.equals("ecdh-sha2-nistp384")          ||
+            kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) {
             if(kxs.state == 1) {
-
                 PacketKexDHReply dhr = new PacketKexDHReply(msg);
-
                 kxs.remote_hostkey = dhr.getHostKey();

                 if(verifier != null) {
--- a/src/ch/ethz/ssh2/transport/ServerKexManager.java	Wed Jul 30 12:09:51 2014 -0700
+++ b/src/ch/ethz/ssh2/transport/ServerKexManager.java	Wed Jul 30 13:38:04 2014 -0700
@@ -53,6 +53,14 @@
     public void handleMessage(byte[] msg) throws IOException {
         PacketKexInit kip;

+        if (msg == null) {
+            synchronized (accessLock) {
+                connectionClosed = true;
+                accessLock.notifyAll();
+                return;
+            }
+        }
+
         if((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) {
             throw new PacketTypeException(msg[0]);
         }
@@ -92,17 +100,13 @@
                 ignore_next_kex_packet = true;
             }

-            if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")
-                    || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) {
-                kxs.dhx = new DhExchange();
-
-                if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")) {
-                    kxs.dhx.serverInit(1, rnd);
-                }
-                else {
-                    kxs.dhx.serverInit(14, rnd);
-                }
-
+            if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")  ||
+                kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") ||
+                kxs.np.kex_algo.equals("ecdh-sha2-nistp256")          ||
+                kxs.np.kex_algo.equals("ecdh-sha2-nistp384")          ||
+                kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) {
+                kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo);
+                kxs.dhx.init(kxs.np.kex_algo);
                 kxs.state = 1;
                 return;
             }
@@ -162,8 +166,11 @@
             throw new IOException("Unexpected Kex submessage!");
         }

-        if(kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")
-                || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) {
+        if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")  ||
+            kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") ||
+            kxs.np.kex_algo.equals("ecdh-sha2-nistp256")          ||
+            kxs.np.kex_algo.equals("ecdh-sha2-nistp384")          ||
+            kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) {
             if(kxs.state == 1) {
                 PacketKexDHInit dhi = new PacketKexDHInit(msg);