aboutsummaryrefslogtreecommitdiffstats
path: root/lib/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'lib/src/main/java')
-rw-r--r--lib/src/main/java/com/trilead/ssh2/crypto/KeyMaterial.java9
-rw-r--r--lib/src/main/java/com/trilead/ssh2/crypto/dh/DhGroupExchange.java6
-rw-r--r--lib/src/main/java/com/trilead/ssh2/crypto/dh/GenericDhExchange.java9
-rw-r--r--lib/src/main/java/com/trilead/ssh2/crypto/digest/HashForSSH2Types.java11
-rw-r--r--lib/src/main/java/com/trilead/ssh2/transport/KexManager.java21
5 files changed, 20 insertions, 36 deletions
diff --git a/lib/src/main/java/com/trilead/ssh2/crypto/KeyMaterial.java b/lib/src/main/java/com/trilead/ssh2/crypto/KeyMaterial.java
index 499422f..1dbd6c7 100644
--- a/lib/src/main/java/com/trilead/ssh2/crypto/KeyMaterial.java
+++ b/lib/src/main/java/com/trilead/ssh2/crypto/KeyMaterial.java
@@ -3,8 +3,6 @@ package com.trilead.ssh2.crypto;
import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
import com.trilead.ssh2.crypto.digest.HashForSSH2Types;
@@ -74,12 +72,7 @@ public class KeyMaterial
{
KeyMaterial km = new KeyMaterial();
- HashForSSH2Types sh;
- try {
- sh = new HashForSSH2Types(MessageDigest.getInstance(hashAlgo));
- } catch (NoSuchAlgorithmException e) {
- throw new IllegalArgumentException(e);
- }
+ HashForSSH2Types sh = new HashForSSH2Types(hashAlgo);
km.initial_iv_client_to_server = calculateKey(sh, K, H, (byte) 'A', SessionID, blockSizeCS);
diff --git a/lib/src/main/java/com/trilead/ssh2/crypto/dh/DhGroupExchange.java b/lib/src/main/java/com/trilead/ssh2/crypto/dh/DhGroupExchange.java
index 2922284..a888950 100644
--- a/lib/src/main/java/com/trilead/ssh2/crypto/dh/DhGroupExchange.java
+++ b/lib/src/main/java/com/trilead/ssh2/crypto/dh/DhGroupExchange.java
@@ -87,10 +87,10 @@ public class DhGroupExchange
this.k = f.modPow(x, p);
}
- public byte[] calculateH(byte[] clientversion, byte[] serverversion, byte[] clientKexPayload,
- byte[] serverKexPayload, byte[] hostKey, DHGexParameters para)
+ public byte[] calculateH(String hashAlgo, byte[] clientversion, byte[] serverversion,
+ byte[] clientKexPayload, byte[] serverKexPayload, byte[] hostKey, DHGexParameters para)
{
- HashForSSH2Types hash = new HashForSSH2Types("SHA1");
+ HashForSSH2Types hash = new HashForSSH2Types(hashAlgo);
hash.updateByteString(clientversion);
hash.updateByteString(serverversion);
diff --git a/lib/src/main/java/com/trilead/ssh2/crypto/dh/GenericDhExchange.java b/lib/src/main/java/com/trilead/ssh2/crypto/dh/GenericDhExchange.java
index d65490a..039ff75 100644
--- a/lib/src/main/java/com/trilead/ssh2/crypto/dh/GenericDhExchange.java
+++ b/lib/src/main/java/com/trilead/ssh2/crypto/dh/GenericDhExchange.java
@@ -4,8 +4,6 @@ package com.trilead.ssh2.crypto.dh;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
import com.trilead.ssh2.crypto.digest.HashForSSH2Types;
import com.trilead.ssh2.log.Logger;
@@ -71,12 +69,7 @@ public abstract class GenericDhExchange
public byte[] calculateH(byte[] clientversion, byte[] serverversion, byte[] clientKexPayload,
byte[] serverKexPayload, byte[] hostKey) throws UnsupportedEncodingException
{
- HashForSSH2Types hash;
- try {
- hash = new HashForSSH2Types(MessageDigest.getInstance(getHashAlgo()));
- } catch (NoSuchAlgorithmException e) {
- throw new UnsupportedOperationException(e);
- }
+ HashForSSH2Types hash = new HashForSSH2Types(getHashAlgo());
if (log.isEnabled())
{
diff --git a/lib/src/main/java/com/trilead/ssh2/crypto/digest/HashForSSH2Types.java b/lib/src/main/java/com/trilead/ssh2/crypto/digest/HashForSSH2Types.java
index 9127d4e..6b0d6e3 100644
--- a/lib/src/main/java/com/trilead/ssh2/crypto/digest/HashForSSH2Types.java
+++ b/lib/src/main/java/com/trilead/ssh2/crypto/digest/HashForSSH2Types.java
@@ -16,19 +16,10 @@ public class HashForSSH2Types
{
MessageDigest md;
- public HashForSSH2Types(MessageDigest md)
- {
- this.md = md;
- }
-
public HashForSSH2Types(String type)
{
try {
- if ("SHA1".equals(type) || "MD5".equals(type)) {
- md = MessageDigest.getInstance(type);
- } else {
- throw new IllegalArgumentException("Unknown algorithm " + type);
- }
+ md = MessageDigest.getInstance(type);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("Unsupported algorithm " + type);
}
diff --git a/lib/src/main/java/com/trilead/ssh2/transport/KexManager.java b/lib/src/main/java/com/trilead/ssh2/transport/KexManager.java
index 230047e..cd26530 100644
--- a/lib/src/main/java/com/trilead/ssh2/transport/KexManager.java
+++ b/lib/src/main/java/com/trilead/ssh2/transport/KexManager.java
@@ -61,6 +61,7 @@ public class KexManager
KEX_ALGS.add("ecdh-sha2-nistp256");
KEX_ALGS.add("ecdh-sha2-nistp384");
KEX_ALGS.add("ecdh-sha2-nistp521");
+ KEX_ALGS.add("diffie-hellman-group-exchange-sha256");
KEX_ALGS.add("diffie-hellman-group-exchange-sha1");
KEX_ALGS.add("diffie-hellman-group14-sha1");
KEX_ALGS.add("diffie-hellman-group1-sha1");
@@ -449,20 +450,24 @@ public class KexManager
ignore_next_kex_packet = true;
}
- if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1"))
+ if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")
+ || kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256"))
{
if (kxs.dhgexParameters.getMin_group_len() == 0 || csh.server_versioncomment.matches("OpenSSH_2\\.([0-4]\\.|5\\.[0-2]).*"))
{
PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters);
tm.sendKexMessage(dhgexreq.getPayload());
-
}
else
{
PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters);
tm.sendKexMessage(dhgexreq.getPayload());
}
- kxs.hashAlgo = "SHA1";
+ if (kxs.np.kex_algo.endsWith("sha1")) {
+ kxs.hashAlgo = "SHA1";
+ } else {
+ kxs.hashAlgo = "SHA-256";
+ }
kxs.state = 1;
return;
}
@@ -538,7 +543,8 @@ public class KexManager
if ((kxs == null) || (kxs.state == 0))
throw new IOException("Unexpected Kex submessage!");
- if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1"))
+ if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")
+ || kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha256"))
{
if (kxs.state == 1)
{
@@ -579,9 +585,10 @@ public class KexManager
try
{
- kxs.H = kxs.dhgx.calculateH(csh.getClientString(), csh.getServerString(),
- kxs.localKEX.getPayload(), kxs.remoteKEX.getPayload(), dhgexrpl.getHostKey(),
- kxs.dhgexParameters);
+ kxs.H = kxs.dhgx.calculateH(kxs.hashAlgo,
+ csh.getClientString(), csh.getServerString(),
+ kxs.localKEX.getPayload(), kxs.remoteKEX.getPayload(),
+ dhgexrpl.getHostKey(), kxs.dhgexParameters);
}
catch (IllegalArgumentException e)
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 03:12:51 +0000