changeset 278:d7e088fa2123 ganymed

start conversion from trilead to ganymed
author Carl Byington <carl@five-ten-sg.com>
date Fri, 18 Jul 2014 16:45:43 -0700
parents e0da43026046
children e1c445af8e46
files src/ch/ethz/ssh2/KnownHosts.java src/ch/ethz/ssh2/ServerConnection.java src/ch/ethz/ssh2/auth/AuthenticationManager.java src/ch/ethz/ssh2/crypto/PEMStructure.java src/ch/ethz/ssh2/server/ServerConnectionState.java src/ch/ethz/ssh2/signature/DSAPrivateKey.java src/ch/ethz/ssh2/signature/DSAPublicKey.java src/ch/ethz/ssh2/signature/DSASHA1Verify.java src/ch/ethz/ssh2/signature/DSASignature.java src/ch/ethz/ssh2/signature/ECDSASHA2Verify.java src/ch/ethz/ssh2/signature/RSAPrivateKey.java src/ch/ethz/ssh2/signature/RSAPublicKey.java src/ch/ethz/ssh2/signature/RSASHA1Verify.java src/ch/ethz/ssh2/signature/RSASignature.java src/ch/ethz/ssh2/transport/ClientKexManager.java src/ch/ethz/ssh2/transport/KexManager.java src/ch/ethz/ssh2/transport/KexState.java src/ch/ethz/ssh2/transport/TransportManager.java
diffstat 18 files changed, 279 insertions(+), 661 deletions(-) [+]
line wrap: on
line diff
--- a/src/ch/ethz/ssh2/KnownHosts.java	Fri Jul 18 11:59:52 2014 -0700
+++ b/src/ch/ethz/ssh2/KnownHosts.java	Fri Jul 18 16:45:43 2014 -0700
@@ -25,9 +25,9 @@
 import ch.ethz.ssh2.crypto.digest.HMAC;
 import ch.ethz.ssh2.crypto.digest.MD5;
 import ch.ethz.ssh2.crypto.digest.SHA1;
-import ch.ethz.ssh2.signature.DSAPublicKey;
+import java.security.interfaces.DSAPublicKey;
 import ch.ethz.ssh2.signature.DSASHA1Verify;
-import ch.ethz.ssh2.signature.RSAPublicKey;
+import java.security.interfaces.RSAPublicKey;
 import ch.ethz.ssh2.signature.RSASHA1Verify;
 import ch.ethz.ssh2.util.StringEncoder;
 
--- a/src/ch/ethz/ssh2/ServerConnection.java	Fri Jul 18 11:59:52 2014 -0700
+++ b/src/ch/ethz/ssh2/ServerConnection.java	Fri Jul 18 16:45:43 2014 -0700
@@ -15,7 +15,7 @@
 import ch.ethz.ssh2.crypto.PEMDecoder;
 import ch.ethz.ssh2.server.ServerConnectionState;
 import ch.ethz.ssh2.signature.DSAPrivateKey;
-import ch.ethz.ssh2.signature.RSAPrivateKey;
+import java.security.interfaces.RSAPrivateKey;
 import ch.ethz.ssh2.transport.ServerTransportManager;
 
 /**
--- a/src/ch/ethz/ssh2/auth/AuthenticationManager.java	Fri Jul 18 11:59:52 2014 -0700
+++ b/src/ch/ethz/ssh2/auth/AuthenticationManager.java	Fri Jul 18 16:45:43 2014 -0700
@@ -30,7 +30,7 @@
 import ch.ethz.ssh2.signature.DSAPrivateKey;
 import ch.ethz.ssh2.signature.DSASHA1Verify;
 import ch.ethz.ssh2.signature.DSASignature;
-import ch.ethz.ssh2.signature.RSAPrivateKey;
+import java.security.interfaces.RSAPrivateKey;
 import ch.ethz.ssh2.signature.RSASHA1Verify;
 import ch.ethz.ssh2.signature.RSASignature;
 import ch.ethz.ssh2.transport.ClientTransportManager;
--- a/src/ch/ethz/ssh2/crypto/PEMStructure.java	Fri Jul 18 11:59:52 2014 -0700
+++ b/src/ch/ethz/ssh2/crypto/PEMStructure.java	Fri Jul 18 16:45:43 2014 -0700
@@ -6,14 +6,14 @@
 
 /**
  * Parsed PEM structure.
- * 
+ *
  * @author Christian Plattner
  * @version 2.50, 03/15/10
  */
 
 public class PEMStructure
 {
-	int pemType;
+	public int pemType;
 	String dekInfo[];
 	String procType[];
 	byte[] data;
--- a/src/ch/ethz/ssh2/server/ServerConnectionState.java	Fri Jul 18 11:59:52 2014 -0700
+++ b/src/ch/ethz/ssh2/server/ServerConnectionState.java	Fri Jul 18 16:45:43 2014 -0700
@@ -14,7 +14,7 @@
 import ch.ethz.ssh2.channel.ChannelManager;
 import ch.ethz.ssh2.crypto.CryptoWishList;
 import ch.ethz.ssh2.signature.DSAPrivateKey;
-import ch.ethz.ssh2.signature.RSAPrivateKey;
+import java.security.interfaces.RSAPrivateKey;
 import ch.ethz.ssh2.transport.ClientServerHello;
 import ch.ethz.ssh2.transport.ServerTransportManager;
 
--- a/src/ch/ethz/ssh2/signature/DSAPrivateKey.java	Fri Jul 18 11:59:52 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
- * Please refer to the LICENSE.txt for licensing details.
- */
-package ch.ethz.ssh2.signature;
-
-import java.math.BigInteger;
-
-/**
- * DSAPrivateKey.
- * 
- * @author Christian Plattner
- * @version 2.50, 03/15/10
- */
-public class DSAPrivateKey
-{
-	private BigInteger p;
-	private BigInteger q;
-	private BigInteger g;
-	private BigInteger x;
-	private BigInteger y;
-
-	public DSAPrivateKey(BigInteger p, BigInteger q, BigInteger g,
-			BigInteger y, BigInteger x)
-	{
-		this.p = p;
-		this.q = q;
-		this.g = g;
-		this.y = y;
-		this.x = x;
-	}
-
-	public BigInteger getP()
-	{
-		return p;
-	}
-
-	public BigInteger getQ()
-	{
-		return q;
-	}
-	
-	public BigInteger getG()
-	{
-		return g;
-	}
-
-	public BigInteger getY()
-	{
-		return y;
-	}
-	
-	public BigInteger getX()
-	{
-		return x;
-	}
-	
-	public DSAPublicKey getPublicKey()
-	{
-		return new DSAPublicKey(p, q, g, y);
-	}
-}
\ No newline at end of file
--- a/src/ch/ethz/ssh2/signature/DSAPublicKey.java	Fri Jul 18 11:59:52 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
- * Please refer to the LICENSE.txt for licensing details.
- */
-package ch.ethz.ssh2.signature;
-
-import java.math.BigInteger;
-
-/**
- * DSAPublicKey.
- * 
- * @author Christian Plattner
- * @version 2.50, 03/15/10
- */
-public class DSAPublicKey
-{
-	private BigInteger p;
-	private BigInteger q;
-	private BigInteger g;
-	private BigInteger y;
-
-	public DSAPublicKey(BigInteger p, BigInteger q, BigInteger g, BigInteger y)
-	{
-		this.p = p;
-		this.q = q;
-		this.g = g;
-		this.y = y;
-	}
-
-	public BigInteger getP()
-	{
-		return p;
-	}
-
-	public BigInteger getQ()
-	{
-		return q;
-	}
-
-	public BigInteger getG()
-	{
-		return g;
-	}
-
-	public BigInteger getY()
-	{
-		return y;
-	}
-}
\ No newline at end of file
--- a/src/ch/ethz/ssh2/signature/DSASHA1Verify.java	Fri Jul 18 11:59:52 2014 -0700
+++ b/src/ch/ethz/ssh2/signature/DSASHA1Verify.java	Fri Jul 18 16:45:43 2014 -0700
@@ -1,213 +1,230 @@
-/*
- * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
- * Please refer to the LICENSE.txt for licensing details.
- */
-package ch.ethz.ssh2.signature;
+
+package com.trilead.ssh2.signature;
 
 import java.io.IOException;
 import java.math.BigInteger;
-import java.security.DigestException;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.interfaces.DSAParams;
+import java.security.interfaces.DSAPrivateKey;
+import java.security.interfaces.DSAPublicKey;
+import java.security.spec.DSAPublicKeySpec;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
 
-import ch.ethz.ssh2.PacketFormatException;
-import ch.ethz.ssh2.crypto.digest.SHA1;
-import ch.ethz.ssh2.log.Logger;
-import ch.ethz.ssh2.packets.TypesReader;
-import ch.ethz.ssh2.packets.TypesWriter;
+import com.trilead.ssh2.log.Logger;
+import com.trilead.ssh2.packets.TypesReader;
+import com.trilead.ssh2.packets.TypesWriter;
+
 
 /**
  * DSASHA1Verify.
  *
- * @author Christian Plattner
- * @version $Id: DSASHA1Verify.java 154 2014-04-28 11:45:02Z dkocher@sudo.ch $
+ * @author Christian Plattner, plattner@trilead.com
+ * @version $Id: DSASHA1Verify.java,v 1.2 2008/04/01 12:38:09 cplattne Exp $
  */
 public class DSASHA1Verify {
     private static final Logger log = Logger.getLogger(DSASHA1Verify.class);
 
     public static DSAPublicKey decodeSSHDSAPublicKey(byte[] key) throws IOException {
         TypesReader tr = new TypesReader(key);
-
         String key_format = tr.readString();
 
-        if(!key_format.equals("ssh-dss")) {
-            throw new IllegalArgumentException("Not a ssh-dss public key");
-        }
+        if (key_format.equals("ssh-dss") == false)
+            throw new IllegalArgumentException("This is not a ssh-dss public key!");
 
         BigInteger p = tr.readMPINT();
         BigInteger q = tr.readMPINT();
         BigInteger g = tr.readMPINT();
         BigInteger y = tr.readMPINT();
 
-        if(tr.remain() != 0) {
-            throw new PacketFormatException("Padding in DSA public key");
+        if (tr.remain() != 0)
+            throw new IOException("Padding in DSA public key!");
+
+        try {
+            KeyFactory kf = KeyFactory.getInstance("DSA");
+            KeySpec ks = new DSAPublicKeySpec(y, p, q, g);
+            return (DSAPublicKey) kf.generatePublic(ks);
         }
-
-        return new DSAPublicKey(p, q, g, y);
+        catch (NoSuchAlgorithmException e) {
+            IOException ex = new IOException();
+            ex.initCause(e);
+            throw ex;
+        }
+        catch (InvalidKeySpecException e) {
+            IOException ex = new IOException();
+            ex.initCause(e);
+            throw ex;
+        }
     }
 
     public static byte[] encodeSSHDSAPublicKey(DSAPublicKey pk) throws IOException {
         TypesWriter tw = new TypesWriter();
-
         tw.writeString("ssh-dss");
-        tw.writeMPInt(pk.getP());
-        tw.writeMPInt(pk.getQ());
-        tw.writeMPInt(pk.getG());
+        DSAParams params = pk.getParams();
+        tw.writeMPInt(params.getP());
+        tw.writeMPInt(params.getQ());
+        tw.writeMPInt(params.getG());
         tw.writeMPInt(pk.getY());
-
         return tw.getBytes();
     }
 
-    public static byte[] encodeSSHDSASignature(DSASignature ds) {
+    /**
+     * Convert from Java's signature ASN.1 encoding to the SSH spec.
+     * <p>
+     * Java ASN.1 encoding:
+     * <pre>
+     * SEQUENCE ::= {
+     *    r INTEGER,
+     *    s INTEGER
+     * }
+     * </pre>
+     */
+    public static byte[] encodeSSHDSASignature(byte[] ds) {
         TypesWriter tw = new TypesWriter();
-
         tw.writeString("ssh-dss");
-
-        byte[] r = ds.getR().toByteArray();
-        byte[] s = ds.getS().toByteArray();
-
+        int len, index;
+        index = 3;
+        len = ds[index++] & 0xff;
+        byte[] r = new byte[len];
+        System.arraycopy(ds, index, r, 0, r.length);
+        index = index + len + 1;
+        len = ds[index++] & 0xff;
+        byte[] s = new byte[len];
+        System.arraycopy(ds, index, s, 0, s.length);
         byte[] a40 = new byte[40];
-
-		/* Patch (unsigned) r and s into the target array. */
-
+        /* Patch (unsigned) r and s into the target array. */
         int r_copylen = (r.length < 20) ? r.length : 20;
         int s_copylen = (s.length < 20) ? s.length : 20;
-
         System.arraycopy(r, r.length - r_copylen, a40, 20 - r_copylen, r_copylen);
         System.arraycopy(s, s.length - s_copylen, a40, 40 - s_copylen, s_copylen);
-
         tw.writeString(a40, 0, 40);
-
         return tw.getBytes();
     }
 
-    public static DSASignature decodeSSHDSASignature(byte[] sig) throws IOException {
-        byte[] rsArray;
+    public static byte[] decodeSSHDSASignature(byte[] sig) throws IOException {
+        byte[] rsArray = null;
 
-        if(sig.length == 40) {
+        if (sig.length == 40) {
+            /* OK, another broken SSH server. */
             rsArray = sig;
         }
         else {
+            /* Hopefully a server obeying the standard... */
             TypesReader tr = new TypesReader(sig);
-
             String sig_format = tr.readString();
 
-            if(sig_format.equals("ssh-dss") == false) {
-                throw new PacketFormatException("Peer sent wrong signature format");
-            }
+            if (sig_format.equals("ssh-dss") == false)
+                throw new IOException("Peer sent wrong signature format");
 
             rsArray = tr.readByteString();
 
-            if(rsArray.length != 40) {
-                throw new PacketFormatException("Peer sent corrupt signature");
-            }
+            if (rsArray.length != 40)
+                throw new IOException("Peer sent corrupt signature");
 
-            if(tr.remain() != 0) {
-                throw new PacketFormatException("Padding in DSA signature!");
-            }
+            if (tr.remain() != 0)
+                throw new IOException("Padding in DSA signature!");
         }
 
-		/* Remember, s and r are unsigned ints. */
-
-        byte[] tmp = new byte[20];
-
-        System.arraycopy(rsArray, 0, tmp, 0, 20);
-        BigInteger r = new BigInteger(1, tmp);
-
-        System.arraycopy(rsArray, 20, tmp, 0, 20);
-        BigInteger s = new BigInteger(1, tmp);
-
-        if(log.isDebugEnabled()) {
-            log.debug("decoded ssh-dss signature: first bytes r(" + ((rsArray[0]) & 0xff) + "), s("
-                    + ((rsArray[20]) & 0xff) + ")");
-        }
+        int i = 0;
+        int j = 0;
+        byte[] tmp;
 
-        return new DSASignature(r, s);
-    }
-
-    public static boolean verifySignature(byte[] message, DSASignature ds, DSAPublicKey dpk) throws IOException {
-        /* Inspired by Bouncycastle's DSASigner class */
-
-        SHA1 md = new SHA1();
-        md.update(message);
-        byte[] sha_message = new byte[md.getDigestLength()];
-        try {
-            md.digest(sha_message);
-        }
-        catch(DigestException e) {
-            throw new IOException(e);
+        if (rsArray[0] == 0 && rsArray[1] == 0 && rsArray[2] == 0) {
+            j = ((rsArray[i++] << 24) & 0xff000000) | ((rsArray[i++] << 16) & 0x00ff0000)
+                | ((rsArray[i++] << 8) & 0x0000ff00) | ((rsArray[i++]) & 0x000000ff);
+            i += j;
+            j = ((rsArray[i++] << 24) & 0xff000000) | ((rsArray[i++] << 16) & 0x00ff0000)
+                | ((rsArray[i++] << 8) & 0x0000ff00) | ((rsArray[i++]) & 0x000000ff);
+            tmp = new byte[j];
+            System.arraycopy(rsArray, i, tmp, 0, j);
+            rsArray = tmp;
         }
 
-        BigInteger m = new BigInteger(1, sha_message);
-
-        BigInteger r = ds.getR();
-        BigInteger s = ds.getS();
-
-        BigInteger g = dpk.getG();
-        BigInteger p = dpk.getP();
-        BigInteger q = dpk.getQ();
-        BigInteger y = dpk.getY();
+        /* ASN.1 */
+        int frst = ((rsArray[0] & 0x80) != 0 ? 1 : 0);
+        int scnd = ((rsArray[20] & 0x80) != 0 ? 1 : 0);
+        /* Calculate output length */
+        int length = rsArray.length + 6 + frst + scnd;
+        tmp = new byte[length];
+        /* DER-encoding to match Java */
+        tmp[0] = (byte) 0x30;
 
-        BigInteger zero = BigInteger.ZERO;
-
-        if(log.isDebugEnabled()) {
-            log.debug("ssh-dss signature: m: " + m.toString(16));
-            log.debug("ssh-dss signature: r: " + r.toString(16));
-            log.debug("ssh-dss signature: s: " + s.toString(16));
-            log.debug("ssh-dss signature: g: " + g.toString(16));
-            log.debug("ssh-dss signature: p: " + p.toString(16));
-            log.debug("ssh-dss signature: q: " + q.toString(16));
-            log.debug("ssh-dss signature: y: " + y.toString(16));
-        }
+        if (rsArray.length != 40)
+            throw new IOException("Peer sent corrupt signature");
 
-        if(zero.compareTo(r) >= 0 || q.compareTo(r) <= 0) {
-            log.warning("ssh-dss signature: zero.compareTo(r) >= 0 || q.compareTo(r) <= 0");
-            return false;
-        }
-
-        if(zero.compareTo(s) >= 0 || q.compareTo(s) <= 0) {
-            log.warning("ssh-dss signature: zero.compareTo(s) >= 0 || q.compareTo(s) <= 0");
-            return false;
-        }
-
-        BigInteger w = s.modInverse(q);
-
-        BigInteger u1 = m.multiply(w).mod(q);
-        BigInteger u2 = r.multiply(w).mod(q);
-
-        u1 = g.modPow(u1, p);
-        u2 = y.modPow(u2, p);
-
-        BigInteger v = u1.multiply(u2).mod(p).mod(q);
-
-        return v.equals(r);
+        /* Calculate length */
+        tmp[1] = (byte) 0x2c;
+        tmp[1] += frst;
+        tmp[1] += scnd;
+        /* First item */
+        tmp[2] = (byte) 0x02;
+        /* First item length */
+        tmp[3] = (byte) 0x14;
+        tmp[3] += frst;
+        /* Copy in the data for first item */
+        System.arraycopy(rsArray, 0, tmp, 4 + frst, 20);
+        /* Second item */
+        tmp[4 + tmp[3]] = (byte) 0x02;
+        /* Second item length */
+        tmp[5 + tmp[3]] = (byte) 0x14;
+        tmp[5 + tmp[3]] += scnd;
+        /* Copy in the data for the second item */
+        System.arraycopy(rsArray, 20, tmp, 6 + tmp[3] + scnd, 20);
+        /* Swap buffers */
+        rsArray = tmp;
+        return rsArray;
     }
 
-    public static DSASignature generateSignature(byte[] message, DSAPrivateKey pk, SecureRandom rnd) throws IOException {
-        SHA1 md = new SHA1();
-        md.update(message);
-        byte[] sha_message = new byte[md.getDigestLength()];
+    public static boolean verifySignature(byte[] message, byte[] ds, DSAPublicKey dpk) throws IOException {
         try {
-            md.digest(sha_message);
+            Signature s = Signature.getInstance("SHA1withDSA");
+            s.initVerify(dpk);
+            s.update(message);
+            return s.verify(ds);
+        }
+        catch (NoSuchAlgorithmException e) {
+            IOException ex = new IOException("No such algorithm");
+            ex.initCause(e);
+            throw ex;
         }
-        catch(DigestException e) {
-            throw new IOException(e);
+        catch (InvalidKeyException e) {
+            IOException ex = new IOException("No such algorithm");
+            ex.initCause(e);
+            throw ex;
         }
+        catch (SignatureException e) {
+            IOException ex = new IOException();
+            ex.initCause(e);
+            throw ex;
+        }
+    }
 
-        BigInteger m = new BigInteger(1, sha_message);
-        BigInteger k;
-        int qBitLength = pk.getQ().bitLength();
-
-        do {
-            k = new BigInteger(qBitLength, rnd);
+    public static byte[] generateSignature(byte[] message, DSAPrivateKey pk, SecureRandom rnd) throws IOException {
+        try {
+            Signature s = Signature.getInstance("SHA1withDSA");
+            s.initSign(pk);
+            s.update(message);
+            return s.sign();
         }
-        while(k.compareTo(pk.getQ()) >= 0);
-
-        BigInteger r = pk.getG().modPow(k, pk.getP()).mod(pk.getQ());
-
-        k = k.modInverse(pk.getQ()).multiply(m.add((pk).getX().multiply(r)));
-
-        BigInteger s = k.mod(pk.getQ());
-
-        return new DSASignature(r, s);
+        catch (NoSuchAlgorithmException e) {
+            IOException ex = new IOException();
+            ex.initCause(e);
+            throw ex;
+        }
+        catch (InvalidKeyException e) {
+            IOException ex = new IOException();
+            ex.initCause(e);
+            throw ex;
+        }
+        catch (SignatureException e) {
+            IOException ex = new IOException();
+            ex.initCause(e);
+            throw ex;
+        }
     }
 }
--- a/src/ch/ethz/ssh2/signature/DSASignature.java	Fri Jul 18 11:59:52 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-/*
- * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
- * Please refer to the LICENSE.txt for licensing details.
- */
-package ch.ethz.ssh2.signature;
-
-import java.math.BigInteger;
-
-/**
- * DSASignature.
- * 
- * @author Christian Plattner
- * @version 2.50, 03/15/10
- */
-public class DSASignature
-{
-	private BigInteger r;
-	private BigInteger s;
-
-	public DSASignature(BigInteger r, BigInteger s)
-	{
-		this.r = r;
-		this.s = s;
-	}
-
-	public BigInteger getR()
-	{
-		return r;
-	}
-
-	public BigInteger getS()
-	{
-		return s;
-	}
-}
--- a/src/ch/ethz/ssh2/signature/ECDSASHA2Verify.java	Fri Jul 18 11:59:52 2014 -0700
+++ b/src/ch/ethz/ssh2/signature/ECDSASHA2Verify.java	Fri Jul 18 16:45:43 2014 -0700
@@ -1,7 +1,7 @@
 /**
  *
  */
-package ch.ethz.ssh2.signature;
+package com.trilead.ssh2.signature;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
--- a/src/ch/ethz/ssh2/signature/RSAPrivateKey.java	Fri Jul 18 11:59:52 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,79 +0,0 @@
-/*
- * Copyright (c) 2006-2013 Christian Plattner. All rights reserved.
- * Please refer to the LICENSE.txt for licensing details.
- */
-package ch.ethz.ssh2.signature;
-
-import java.math.BigInteger;
-import java.security.SecureRandom;
-
-/**
- * RSAPrivateKey.
- * 
- * @author Christian Plattner
- * @version 2.50, 03/15/10
- */
-public class RSAPrivateKey
-{
-	private BigInteger d;
-	private BigInteger e;
-	private BigInteger n;
-
-	public RSAPrivateKey(BigInteger d, BigInteger e, BigInteger n)
-	{
-		this.d = d;
-		this.e = e;
-		this.n = n;
-	}
-
-	public BigInteger getD()
-	{
-		return d;
-	}
-
-	public BigInteger getE()
-	{
-		return e;
-	}
-
-	public BigInteger getN()
-	{
-		return n;
-	}
-
-	public RSAPublicKey getPublicKey()
-	{
-		return new RSAPublicKey(e, n);
-	}
-
-	/**
-	 * Generate an RSA hostkey for testing purposes only.
-	 * 
-	 * @param numbits Key length in bits
-	 * @return
-	 */
-	public static RSAPrivateKey generateKey(int numbits)
-	{
-		return generateKey(new SecureRandom(), numbits);
-	}
-
-	/**
-	 *  Generate an RSA hostkey for testing purposes only.
-	 *  
-	 * @param rnd Source for random bits
-	 * @param numbits Key length in bits
-	 * @return
-	 */
-	public static RSAPrivateKey generateKey(SecureRandom rnd, int numbits)
-	{
-		BigInteger p = BigInteger.probablePrime(numbits / 2, rnd);
-		BigInteger q = BigInteger.probablePrime(numbits / 2, rnd);
-		BigInteger phi = (p.subtract(BigInteger.ONE)).multiply(q.subtract(BigInteger.ONE));
-
-		BigInteger n = p.multiply(q);
-		BigInteger e = new BigInteger("65537");
-		BigInteger d = e.modInverse(phi);
-
-		return new RSAPrivateKey(d, e, n);
-	}
-}
\ No newline at end of file
--- a/src/ch/ethz/ssh2/signature/RSAPublicKey.java	Fri Jul 18 11:59:52 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-/*
- * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
- * Please refer to the LICENSE.txt for licensing details.
- */
-package ch.ethz.ssh2.signature;
-
-import java.math.BigInteger;
-
-/**
- * RSAPublicKey.
- * 
- * @author Christian Plattner
- * @version 2.50, 03/15/10
- */
-public class RSAPublicKey
-{
-	BigInteger e;
-	BigInteger n;
-
-	public RSAPublicKey(BigInteger e, BigInteger n)
-	{
-		this.e = e;
-		this.n = n;
-	}
-
-	public BigInteger getE()
-	{
-		return e;
-	}
-
-	public BigInteger getN()
-	{
-		return n;
-	}
-}
\ No newline at end of file
--- a/src/ch/ethz/ssh2/signature/RSASHA1Verify.java	Fri Jul 18 11:59:52 2014 -0700
+++ b/src/ch/ethz/ssh2/signature/RSASHA1Verify.java	Fri Jul 18 16:45:43 2014 -0700
@@ -1,283 +1,174 @@
-/*
- * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
- * Please refer to the LICENSE.txt for licensing details.
- */
-package ch.ethz.ssh2.signature;
+
+package com.trilead.ssh2.signature;
 
 import java.io.IOException;
 import java.math.BigInteger;
-import java.security.DigestException;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.security.spec.RSAPublicKeySpec;
 
-import ch.ethz.ssh2.PacketFormatException;
-import ch.ethz.ssh2.crypto.SimpleDERReader;
-import ch.ethz.ssh2.crypto.digest.SHA1;
-import ch.ethz.ssh2.log.Logger;
-import ch.ethz.ssh2.packets.TypesReader;
-import ch.ethz.ssh2.packets.TypesWriter;
+import com.trilead.ssh2.log.Logger;
+import com.trilead.ssh2.packets.TypesReader;
+import com.trilead.ssh2.packets.TypesWriter;
+
 
 /**
  * RSASHA1Verify.
  *
- * @author Christian Plattner
- * @version $Id: RSASHA1Verify.java 154 2014-04-28 11:45:02Z dkocher@sudo.ch $
+ * @author Christian Plattner, plattner@trilead.com
+ * @version $Id: RSASHA1Verify.java,v 1.1 2007/10/15 12:49:57 cplattne Exp $
  */
 public class RSASHA1Verify {
     private static final Logger log = Logger.getLogger(RSASHA1Verify.class);
 
     public static RSAPublicKey decodeSSHRSAPublicKey(byte[] key) throws IOException {
         TypesReader tr = new TypesReader(key);
-
         String key_format = tr.readString();
 
-        if(!key_format.equals("ssh-rsa")) {
-            throw new IllegalArgumentException("Not a ssh-rsa public key");
-        }
+        if (key_format.equals("ssh-rsa") == false)
+            throw new IllegalArgumentException("This is not a ssh-rsa public key");
 
         BigInteger e = tr.readMPINT();
         BigInteger n = tr.readMPINT();
 
-        if(tr.remain() != 0) {
-            throw new PacketFormatException("Padding in RSA public key");
+        if (tr.remain() != 0)
+            throw new IOException("Padding in RSA public key!");
+
+        KeySpec keySpec = new RSAPublicKeySpec(n, e);
+
+        try {
+            KeyFactory kf = KeyFactory.getInstance("RSA");
+            return (RSAPublicKey) kf.generatePublic(keySpec);
         }
-
-        return new RSAPublicKey(e, n);
+        catch (NoSuchAlgorithmException nsae) {
+            IOException ioe = new IOException("No RSA KeyFactory available");
+            ioe.initCause(nsae);
+            throw ioe;
+        }
+        catch (InvalidKeySpecException ikse) {
+            IOException ioe = new IOException("No RSA KeyFactory available");
+            ioe.initCause(ikse);
+            throw ioe;
+        }
     }
 
     public static byte[] encodeSSHRSAPublicKey(RSAPublicKey pk) throws IOException {
         TypesWriter tw = new TypesWriter();
-
         tw.writeString("ssh-rsa");
-        tw.writeMPInt(pk.getE());
-        tw.writeMPInt(pk.getN());
-
+        tw.writeMPInt(pk.getPublicExponent());
+        tw.writeMPInt(pk.getModulus());
         return tw.getBytes();
     }
 
-    public static RSASignature decodeSSHRSASignature(byte[] sig) throws IOException {
+    public static byte[] decodeSSHRSASignature(byte[] sig) throws IOException {
         TypesReader tr = new TypesReader(sig);
-
         String sig_format = tr.readString();
 
-        if(!sig_format.equals("ssh-rsa")) {
-            throw new PacketFormatException("Peer sent wrong signature format");
-        }
+        if (sig_format.equals("ssh-rsa") == false)
+            throw new IOException("Peer sent wrong signature format");
 
-		/* S is NOT an MPINT. "The value for 'rsa_signature_blob' is encoded as a string
+        /* S is NOT an MPINT. "The value for 'rsa_signature_blob' is encoded as a string
          * containing s (which is an integer, without lengths or padding, unsigned and in
-		 * network byte order)." See also below.
-		 */
-
+         * network byte order)." See also below.
+         */
         byte[] s = tr.readByteString();
 
-        if(s.length == 0) {
-            throw new PacketFormatException("Error in RSA signature, S is empty.");
-        }
+        if (s.length == 0)
+            throw new IOException("Error in RSA signature, S is empty.");
 
-        if(log.isDebugEnabled()) {
-            log.debug("Decoding ssh-rsa signature string (length: " + s.length + ")");
+        if (log.isEnabled()) {
+            log.log(80, "Decoding ssh-rsa signature string (length: " + s.length + ")");
         }
 
-        if(tr.remain() != 0) {
-            throw new PacketFormatException("Padding in RSA signature!");
+        if (tr.remain() != 0)
+            throw new IOException("Padding in RSA signature!");
+
+        if (s[0] == 0 && s[1] == 0 && s[2] == 0) {
+            int i = 0;
+            int j = ((s[i++] << 24) & 0xff000000) | ((s[i++] << 16) & 0x00ff0000)
+                    | ((s[i++] << 8) & 0x0000ff00) | ((s[i++]) & 0x000000ff);
+            i += j;
+            j = ((s[i++] << 24) & 0xff000000) | ((s[i++] << 16) & 0x00ff0000)
+                | ((s[i++] << 8) & 0x0000ff00) | ((s[i++]) & 0x000000ff);
+            byte[] tmp = new byte[j];
+            System.arraycopy(s, i, tmp, 0, j);
+            sig = tmp;
         }
 
-        return new RSASignature(new BigInteger(1, s));
+        return s;
     }
 
-    public static byte[] encodeSSHRSASignature(RSASignature sig) throws IOException {
+    public static byte[] encodeSSHRSASignature(byte[] s) throws IOException {
         TypesWriter tw = new TypesWriter();
-
         tw.writeString("ssh-rsa");
 
-		/* S is NOT an MPINT. "The value for 'rsa_signature_blob' is encoded as a string
-		 * containing s (which is an integer, without lengths or padding, unsigned and in
-		 * network byte order)."
-		 */
-
-        byte[] s = sig.getS().toByteArray();
+        /* S is NOT an MPINT. "The value for 'rsa_signature_blob' is encoded as a string
+         * containing s (which is an integer, without lengths or padding, unsigned and in
+         * network byte order)."
+         */
 
-		/* Remove first zero sign byte, if present */
+        /* Remove first zero sign byte, if present */
 
-        if((s.length > 1) && (s[0] == 0x00)) {
+        if ((s.length > 1) && (s[0] == 0x00))
             tw.writeString(s, 1, s.length - 1);
-        }
-        else {
+        else
             tw.writeString(s, 0, s.length);
-        }
 
         return tw.getBytes();
     }
 
-    public static RSASignature generateSignature(byte[] message, RSAPrivateKey pk) throws IOException {
-        SHA1 md = new SHA1();
-        md.update(message);
-        byte[] sha_message = new byte[md.getDigestLength()];
+    public static byte[] generateSignature(byte[] message, RSAPrivateKey pk) throws IOException {
         try {
-            md.digest(sha_message);
-        }
-        catch(DigestException e) {
-            throw new IOException(e);
+            Signature s = Signature.getInstance("SHA1withRSA");
+            s.initSign(pk);
+            s.update(message);
+            return s.sign();
         }
-
-        byte[] der_header = new byte[]{0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00,
-                0x04, 0x14};
-
-        int rsa_block_len = (pk.getN().bitLength() + 7) / 8;
-
-        int num_pad = rsa_block_len - (2 + der_header.length + sha_message.length) - 1;
-
-        if(num_pad < 8) {
-            throw new PacketFormatException("Cannot sign with RSA, message too long");
+        catch (NoSuchAlgorithmException e) {
+            IOException ex = new IOException();
+            ex.initCause(e);
+            throw ex;
         }
-
-        byte[] sig = new byte[der_header.length + sha_message.length + 2 + num_pad];
-
-        sig[0] = 0x01;
-
-        for(int i = 0; i < num_pad; i++) {
-            sig[i + 1] = (byte) 0xff;
+        catch (InvalidKeyException e) {
+            IOException ex =  new IOException();
+            ex.initCause(e);
+            throw ex;
         }
-
-        sig[num_pad + 1] = 0x00;
-
-        System.arraycopy(der_header, 0, sig, 2 + num_pad, der_header.length);
-        System.arraycopy(sha_message, 0, sig, 2 + num_pad + der_header.length, sha_message.length);
-
-        BigInteger m = new BigInteger(1, sig);
-
-        BigInteger s = m.modPow(pk.getD(), pk.getN());
-
-        return new RSASignature(s);
+        catch (SignatureException e) {
+            IOException ex =  new IOException();
+            ex.initCause(e);
+            throw ex;
+        }
     }
 
-    public static boolean verifySignature(byte[] message, RSASignature ds, RSAPublicKey dpk) throws IOException {
-        SHA1 md = new SHA1();
-        md.update(message);
-        byte[] sha_message = new byte[md.getDigestLength()];
+    public static boolean verifySignature(byte[] message, byte[] ds, RSAPublicKey dpk) throws IOException {
         try {
-            md.digest(sha_message);
-        }
-        catch(DigestException e) {
-            throw new IOException(e);
-        }
-
-        BigInteger n = dpk.getN();
-        BigInteger e = dpk.getE();
-        BigInteger s = ds.getS();
-
-        if(n.compareTo(s) <= 0) {
-            log.warning("ssh-rsa signature: n.compareTo(s) <= 0");
-            return false;
-        }
-
-        int rsa_block_len = (n.bitLength() + 7) / 8;
-
-		/* And now the show begins */
-
-        if(rsa_block_len < 1) {
-            log.warning("ssh-rsa signature: rsa_block_len < 1");
-            return false;
-        }
-
-        byte[] v = s.modPow(e, n).toByteArray();
-
-        int startpos = 0;
-
-        if((v.length > 0) && (v[0] == 0x00)) {
-            startpos++;
-        }
-
-        if((v.length - startpos) != (rsa_block_len - 1)) {
-            log.warning("ssh-rsa signature: (v.length - startpos) != (rsa_block_len - 1)");
-            return false;
-        }
-
-        if(v[startpos] != 0x01) {
-            log.warning("ssh-rsa signature: v[startpos] != 0x01");
-            return false;
-        }
-
-        int pos = startpos + 1;
-
-        while(true) {
-            if(pos >= v.length) {
-                log.warning("ssh-rsa signature: pos >= v.length");
-                return false;
-            }
-            if(v[pos] == 0x00) {
-                break;
-            }
-            if(v[pos] != (byte) 0xff) {
-                log.warning("ssh-rsa signature: v[pos] != (byte) 0xff");
-                return false;
-            }
-            pos++;
+            Signature s = Signature.getInstance("SHA1withRSA");
+            s.initVerify(dpk);
+            s.update(message);
+            return s.verify(ds);
         }
-
-        int num_pad = pos - (startpos + 1);
-
-        if(num_pad < 8) {
-            log.warning("ssh-rsa signature: num_pad < 8");
-            return false;
-        }
-
-        pos++;
-
-        if(pos >= v.length) {
-            log.warning("ssh-rsa signature: pos >= v.length");
-            return false;
-        }
-
-        SimpleDERReader dr = new SimpleDERReader(v, pos, v.length - pos);
-
-        byte[] seq = dr.readSequenceAsByteArray();
-
-        if(dr.available() != 0) {
-            log.warning("ssh-rsa signature: dr.available() != 0");
-            return false;
+        catch (NoSuchAlgorithmException e) {
+            IOException ex = new IOException();
+            ex.initCause(e);
+            throw ex;
         }
-
-        dr.resetInput(seq);
-
-		/* Read digestAlgorithm */
-
-        byte digestAlgorithm[] = dr.readSequenceAsByteArray();
-
-		/* Inspired by RFC 3347, however, ignoring the comment regarding old BER based implementations */
-
-        if((digestAlgorithm.length < 8) || (digestAlgorithm.length > 9)) {
-            log.warning("ssh-rsa signature: (digestAlgorithm.length < 8) || (digestAlgorithm.length > 9)");
-            return false;
-        }
-
-        byte[] digestAlgorithm_sha1 = new byte[]{0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00};
-
-        for(int i = 0; i < digestAlgorithm.length; i++) {
-            if(digestAlgorithm[i] != digestAlgorithm_sha1[i]) {
-                log.warning("ssh-rsa signature: digestAlgorithm[i] != digestAlgorithm_sha1[i]");
-                return false;
-            }
+        catch (InvalidKeyException e) {
+            IOException ex = new IOException();
+            ex.initCause(e);
+            throw ex;
         }
-
-        byte[] digest = dr.readOctetString();
-
-        if(dr.available() != 0) {
-            log.warning("ssh-rsa signature: dr.available() != 0 (II)");
-            return false;
+        catch (SignatureException e) {
+            IOException ex = new IOException();
+            ex.initCause(e);
+            throw ex;
         }
-
-        if(digest.length != sha_message.length) {
-            log.warning("ssh-rsa signature: digest.length != sha_message.length");
-            return false;
-        }
-
-        for(int i = 0; i < sha_message.length; i++) {
-            if(sha_message[i] != digest[i]) {
-                log.warning("ssh-rsa signature: sha_message[i] != digest[i]");
-                return false;
-            }
-        }
-
-        return true;
     }
 }
--- a/src/ch/ethz/ssh2/signature/RSASignature.java	Fri Jul 18 11:59:52 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,30 +0,0 @@
-/*
- * Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
- * Please refer to the LICENSE.txt for licensing details.
- */
-package ch.ethz.ssh2.signature;
-
-import java.math.BigInteger;
-
-
-/**
- * RSASignature.
- * 
- * @author Christian Plattner
- * @version 2.50, 03/15/10
- */
-
-public class RSASignature
-{
-	BigInteger s;
-
-	public BigInteger getS()
-	{
-		return s;
-	}
-
-	public RSASignature(BigInteger s)
-	{
-		this.s = s;
-	}
-}
\ No newline at end of file
--- a/src/ch/ethz/ssh2/transport/ClientKexManager.java	Fri Jul 18 11:59:52 2014 -0700
+++ b/src/ch/ethz/ssh2/transport/ClientKexManager.java	Fri Jul 18 16:45:43 2014 -0700
@@ -28,10 +28,10 @@
 import ch.ethz.ssh2.packets.PacketKexDhGexRequestOld;
 import ch.ethz.ssh2.packets.PacketKexInit;
 import ch.ethz.ssh2.packets.Packets;
-import ch.ethz.ssh2.signature.DSAPublicKey;
+import java.security.interfaces.DSAPublicKey;
 import ch.ethz.ssh2.signature.DSASHA1Verify;
 import ch.ethz.ssh2.signature.DSASignature;
-import ch.ethz.ssh2.signature.RSAPublicKey;
+import java.security.interfaces.RSAPublicKey;
 import ch.ethz.ssh2.signature.RSASHA1Verify;
 import ch.ethz.ssh2.signature.RSASignature;
 
--- a/src/ch/ethz/ssh2/transport/KexManager.java	Fri Jul 18 11:59:52 2014 -0700
+++ b/src/ch/ethz/ssh2/transport/KexManager.java	Fri Jul 18 16:45:43 2014 -0700
@@ -23,7 +23,7 @@
 import ch.ethz.ssh2.packets.PacketKexInit;
 import ch.ethz.ssh2.packets.PacketNewKeys;
 import ch.ethz.ssh2.signature.DSAPrivateKey;
-import ch.ethz.ssh2.signature.RSAPrivateKey;
+import java.security.interfaces.RSAPrivateKey;
 
 /**
  * @version $Id: KexManager.java 152 2014-04-28 11:02:23Z dkocher@sudo.ch $
--- a/src/ch/ethz/ssh2/transport/KexState.java	Fri Jul 18 11:59:52 2014 -0700
+++ b/src/ch/ethz/ssh2/transport/KexState.java	Fri Jul 18 16:45:43 2014 -0700
@@ -10,7 +10,7 @@
 import java.math.BigInteger;
 import ch.ethz.ssh2.packets.PacketKexInit;
 import ch.ethz.ssh2.signature.DSAPrivateKey;
-import ch.ethz.ssh2.signature.RSAPrivateKey;
+import java.security.interfaces.RSAPrivateKey;
 
 /**
  * KexState.
--- a/src/ch/ethz/ssh2/transport/TransportManager.java	Fri Jul 18 11:59:52 2014 -0700
+++ b/src/ch/ethz/ssh2/transport/TransportManager.java	Fri Jul 18 16:45:43 2014 -0700
@@ -24,7 +24,7 @@
 import ch.ethz.ssh2.packets.Packets;
 import ch.ethz.ssh2.packets.TypesReader;
 import ch.ethz.ssh2.signature.DSAPrivateKey;
-import ch.ethz.ssh2.signature.RSAPrivateKey;
+import java.security.interfaces.RSAPrivateKey;
 
 /**
  * Yes, the "standard" is a big mess. On one side, the say that arbitrary channel