changeset 302:beaccc9df37b ganymed

add ecdsa key support everywhere
author Carl Byington <carl@five-ten-sg.com>
date Tue, 29 Jul 2014 20:23:00 -0700
parents ca5dd224a87b
children a218d9cd725b
files src/ch/ethz/ssh2/Connection.java src/ch/ethz/ssh2/KnownHosts.java src/ch/ethz/ssh2/ServerConnection.java src/ch/ethz/ssh2/channel/AuthAgentForwardThread.java src/ch/ethz/ssh2/transport/ServerKexManager.java src/ch/ethz/ssh2/transport/ServerTransportManager.java
diffstat 6 files changed, 12 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/src/ch/ethz/ssh2/Connection.java	Tue Jul 29 18:50:35 2014 -0700
+++ b/src/ch/ethz/ssh2/Connection.java	Tue Jul 29 20:23:00 2014 -0700
@@ -1016,7 +1016,7 @@
     public synchronized void forceKeyExchange() throws IOException {
         this.checkConnection();
 
-        tm.forceKeyExchange(cryptoWishList, dhgexpara, null, null);
+        tm.forceKeyExchange(cryptoWishList, dhgexpara, null, null, null);
     }
 
     /**
--- a/src/ch/ethz/ssh2/KnownHosts.java	Tue Jul 29 18:50:35 2014 -0700
+++ b/src/ch/ethz/ssh2/KnownHosts.java	Tue Jul 29 20:23:00 2014 -0700
@@ -516,7 +516,7 @@
                 thisAlgo = "ssh-dss";
             }
             else if (key instanceof ECPublicKey) {
-                ECPublicKey ecPub = (ECPublicKey) pk;
+                ECPublicKey ecPub = (ECPublicKey) key;
                 String keyType = ECDSASHA2Verify.getCurveName(ecPub.getParams().getCurve().getField().getFieldSize());
                 thisAlgo = ECDSASHA2Verify.ECDSA_SHA2_PREFIX + keyType;
             }
--- a/src/ch/ethz/ssh2/ServerConnection.java	Tue Jul 29 18:50:35 2014 -0700
+++ b/src/ch/ethz/ssh2/ServerConnection.java	Tue Jul 29 20:23:00 2014 -0700
@@ -322,7 +322,7 @@
 
 	private void fixCryptoWishList(CryptoWishList next_cryptoWishList, KeyPair next_dsa_key, KeyPair next_rsa_key, KeyPair next_ec_key)
 	{
-        List<String> algos = new ArrayList<string>();
+        List<String> algos = new ArrayList<String>();
 		if (next_ec_key != null)  algos.add("ecdsa-sha2-nistp521");
 		if (next_ec_key != null)  algos.add("ecdsa-sha2-nistp384");
 		if (next_ec_key != null)  algos.add("ecdsa-sha2-nistp256");
--- a/src/ch/ethz/ssh2/channel/AuthAgentForwardThread.java	Tue Jul 29 18:50:35 2014 -0700
+++ b/src/ch/ethz/ssh2/channel/AuthAgentForwardThread.java	Tue Jul 29 20:23:00 2014 -0700
@@ -28,6 +28,7 @@
 import java.security.PublicKey;
 import java.security.SecureRandom;
 import java.security.interfaces.DSAPrivateKey;
+import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.RSAPrivateKey;
 import java.security.spec.DSAPrivateKeySpec;
 import java.security.spec.DSAPublicKeySpec;
@@ -460,11 +461,12 @@
             else if (privKey instanceof DSAPrivateKey) {
                 byte[] signature = DSASHA1Verify.generateSignature(challenge,
                                    (DSAPrivateKey) privKey, new SecureRandom());
-                response = DSASHA1Verify.encodeSSHDSASignature(signature);
+                response = DSASHA1Verify.encodeSSHDSASignature(signature, );
             }
             else if (privKey instanceof ECPrivateKey) {
+                ECPrivateKey pk = (ECPrivateKey) privKey;
                 byte[] signature = ECDSASHA2Verify.generateSignature(challenge,
-                                   (ECPrivateKey) privKey);
+                                   (ECPrivateKey) privKey, pk.getParams());
                 response = ECDSASHA2Verify.encodeSSHECDSASignature(signature);
             }
             else {
--- a/src/ch/ethz/ssh2/transport/ServerKexManager.java	Tue Jul 29 18:50:35 2014 -0700
+++ b/src/ch/ethz/ssh2/transport/ServerKexManager.java	Tue Jul 29 20:23:00 2014 -0700
@@ -176,7 +176,7 @@
                 byte[] hostKey = null;
 
                 if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) {
-                    hostKey = ECDSASHA2Verify.encodeSSHECDSAPublicKey((ECDSAPublicKey)kxs.local_ec_key.getPublic());
+                    hostKey = ECDSASHA2Verify.encodeSSHECDSAPublicKey((ECPublicKey)kxs.local_ec_key.getPublic());
                 }
 
                 if(kxs.np.server_host_key_algo.equals("ssh-rsa")) {
@@ -200,8 +200,9 @@
                 byte[] signature = null;
 
                 if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) {
-                    byte[] es = ECDSASHA2Verify.generateSignature(kxs.H, (ECDSAPrivateKey)kxs.local_ec_key.getPrivate());
-                    signature = ECDSASHA2Verify.encodeSSHECDSASignature(es);
+                    ECPrivateKey pk = (ECPrivateKey)kxs.local_ec_key.getPrivate();
+                    byte[] es = ECDSASHA2Verify.generateSignature(kxs.H, pk);
+                    signature = ECDSASHA2Verify.encodeSSHECDSASignature(es, pk.getParams());
                 }
 
                 if (kxs.np.server_host_key_algo.equals("ssh-rsa")) {
--- a/src/ch/ethz/ssh2/transport/ServerTransportManager.java	Tue Jul 29 18:50:35 2014 -0700
+++ b/src/ch/ethz/ssh2/transport/ServerTransportManager.java	Tue Jul 29 20:23:00 2014 -0700
@@ -35,7 +35,7 @@
 
 		super.init(tc, km);
 
-		km.initiateKEX(state.next_cryptoWishList, null, state.next_dsa_key, state.next_rsa_key);
+		km.initiateKEX(state.next_cryptoWishList, null, state.next_dsa_key, state.next_rsa_key, state.next_ec_key);
 
 		this.startReceiver();
 	}