Mercurial > 510Connectbot
diff src/ch/ethz/ssh2/transport/ClientKexManager.java @ 330:6740870cf268 ganymed
fix java formatting
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Thu, 31 Jul 2014 12:59:08 -0700 |
| parents | 6896bfafa510 |
| children | d835e842d158 |
line wrap: on
line diff
--- a/src/ch/ethz/ssh2/transport/ClientKexManager.java Thu Jul 31 12:51:42 2014 -0700 +++ b/src/ch/ethz/ssh2/transport/ClientKexManager.java Thu Jul 31 12:59:08 2014 -0700 @@ -80,7 +80,7 @@ } public void handleFailure(final IOException failure) { - synchronized(accessLock) { + synchronized (accessLock) { connectionClosed = true; accessLock.notifyAll(); } @@ -97,25 +97,25 @@ } } - if((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) { + if ((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) { throw new PacketTypeException(msg[0]); } - if(ignore_next_kex_packet) { + if (ignore_next_kex_packet) { ignore_next_kex_packet = false; return; } - if(msg[0] == Packets.SSH_MSG_KEXINIT) { - if((kxs != null) && (kxs.state != 0)) { + if (msg[0] == Packets.SSH_MSG_KEXINIT) { + if ((kxs != null) && (kxs.state != 0)) { throw new PacketTypeException(msg[0]); } - if(kxs == null) { + if (kxs == null) { /* * Ah, OK, peer wants to do KEX. Let's be nice and play - * together. - */ + * together. + */ kxs = new KexState(); kxs.dhgexParameters = nextKEXdhgexParameters; kip = new PacketKexInit(nextKEXcryptoWishList, rnd); @@ -130,14 +130,14 @@ if (kxs.np == null) throw new IOException("Cannot negotiate, proposals do not match."); - if(kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { + if (kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { // Guess was wrong, we need to ignore the next kex packet. ignore_next_kex_packet = true; } if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1") || - kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) { - if(kxs.dhgexParameters.getMin_group_len() == 0) { + kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) { + if (kxs.dhgexParameters.getMin_group_len() == 0) { PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters); tm.sendKexMessage(dhgexreq.getPayload()); } @@ -145,21 +145,23 @@ PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters); tm.sendKexMessage(dhgexreq.getPayload()); } + if (kxs.np.kex_algo.endsWith("sha1")) { kxs.hashAlgo = "SHA1"; } else { kxs.hashAlgo = "SHA-256"; } + kxs.state = 1; return; } if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || - kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || - kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || - kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || - kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { + kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { kxs.dhx = GenericDhExchange.getInstance(kxs.np.kex_algo); kxs.dhx.init(kxs.np.kex_algo); kxs.hashAlgo = kxs.dhx.getHashAlgo(); @@ -183,18 +185,18 @@ try { cbc = BlockCipherFactory.createCipher(kxs.np.enc_algo_server_to_client, false, - km.enc_key_server_to_client, km.initial_iv_server_to_client); + km.enc_key_server_to_client, km.initial_iv_server_to_client); try { mac = new MAC(kxs.np.mac_algo_server_to_client, km.integrity_key_server_to_client); } - catch(DigestException e) { + catch (DigestException e) { throw new IOException(e); } comp = CompressionFactory.createCompressor(kxs.np.comp_algo_server_to_client); } - catch(IllegalArgumentException e) { + catch (IllegalArgumentException e) { throw new IOException(e.getMessage()); } @@ -211,7 +213,7 @@ sci.serverHostKeyAlgorithm = kxs.np.server_host_key_algo; sci.serverHostKey = kxs.remote_hostkey; - synchronized(accessLock) { + synchronized (accessLock) { lastConnInfo = sci; accessLock.notifyAll(); } @@ -220,13 +222,13 @@ return; } - if((kxs == null) || (kxs.state == 0)) { + if ((kxs == null) || (kxs.state == 0)) { throw new IOException("Unexpected Kex submessage!"); } if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1") || - kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) { - if(kxs.state == 1) { + kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256")) { + if (kxs.state == 1) { PacketKexDhGexGroup dhgexgrp = new PacketKexDhGexGroup(msg); kxs.dhgx = new DhGroupExchange(dhgexgrp.getP(), dhgexgrp.getG()); kxs.dhgx.init(rnd); @@ -236,20 +238,19 @@ return; } - if(kxs.state == 2) { + if (kxs.state == 2) { PacketKexDhGexReply dhgexrpl = new PacketKexDhGexReply(msg); - kxs.remote_hostkey = dhgexrpl.getHostKey(); - if(verifier != null) { + if (verifier != null) { try { - if(!verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.remote_hostkey)) { + if (!verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.remote_hostkey)) { throw new IOException("The server host key was not accepted by the verifier callback"); } } - catch(Exception e) { + catch (Exception e) { throw new IOException( - "The server host key was not accepted by the verifier callback.", e); + "The server host key was not accepted by the verifier callback.", e); } } @@ -257,15 +258,17 @@ try { kxs.H = kxs.dhgx.calculateH(kxs.hashAlgo, csh.getClientString(), csh.getServerString(), - kxs.localKEX.getPayload(), kxs.remoteKEX.getPayload(), dhgexrpl.getHostKey(), - kxs.dhgexParameters); + kxs.localKEX.getPayload(), kxs.remoteKEX.getPayload(), dhgexrpl.getHostKey(), + kxs.dhgexParameters); } - catch(IllegalArgumentException e) { + catch (IllegalArgumentException e) { throw new IOException("KEX error.", e); } - if(!verifySignature(dhgexrpl.getSignature(), kxs.remote_hostkey)) { + + if (!verifySignature(dhgexrpl.getSignature(), kxs.remote_hostkey)) { throw new IOException("Invalid remote host key signature"); } + kxs.K = kxs.dhgx.getK(); finishKex(true); kxs.state = -1; @@ -276,41 +279,46 @@ } if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || - kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || - kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || - kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || - kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { - if(kxs.state == 1) { + kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp384") || + kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { + if (kxs.state == 1) { PacketKexDHReply dhr = new PacketKexDHReply(msg); kxs.remote_hostkey = dhr.getHostKey(); - if(verifier != null) { + if (verifier != null) { try { - if(!verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.remote_hostkey)) { + if (!verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.remote_hostkey)) { throw new IOException("The server host key was not accepted by the verifier callback"); } } - catch(Exception e) { + catch (Exception e) { throw new IOException("The server host key was not accepted by the verifier callback", e); } } + kxs.dhx.setF(dhr.getF().toByteArray()); + try { kxs.H = kxs.dhx.calculateH(csh.getClientString(), csh.getServerString(), kxs.localKEX.getPayload(), - kxs.remoteKEX.getPayload(), dhr.getHostKey()); + kxs.remoteKEX.getPayload(), dhr.getHostKey()); } - catch(IllegalArgumentException e) { + catch (IllegalArgumentException e) { throw new IOException("KEX error.", e); } - if(!verifySignature(dhr.getSignature(), kxs.remote_hostkey)) { + + if (!verifySignature(dhr.getSignature(), kxs.remote_hostkey)) { throw new IOException("Invalid remote host key signature"); } + kxs.K = kxs.dhx.getK(); finishKex(true); kxs.state = -1; return; } } + throw new IllegalStateException(String.format("Unknown KEX method %s", kxs.np.kex_algo)); } }