diff options
author | Kenny Root <kenny@the-b.org> | 2013-02-04 23:38:07 -0800 |
---|---|---|
committer | Kenny Root <kenny@the-b.org> | 2013-02-04 23:43:45 -0800 |
commit | adabbacc18acd44182702d74aa7a4eac338fc43d (patch) | |
tree | 2e9d0acd72df141e27e79c384ff8ce1f4a66de8b /lib/src/main/java/com/trilead/ssh2/channel | |
parent | 4271e2ed172a016e9455f0e43b628a744907ce63 (diff) | |
download | sshlib-adabbacc18acd44182702d74aa7a4eac338fc43d.tar.gz sshlib-adabbacc18acd44182702d74aa7a4eac338fc43d.tar.bz2 sshlib-adabbacc18acd44182702d74aa7a4eac338fc43d.zip |
Add ECDSA support
Diffstat (limited to 'lib/src/main/java/com/trilead/ssh2/channel')
-rw-r--r-- | lib/src/main/java/com/trilead/ssh2/channel/AuthAgentForwardThread.java | 88 |
1 files changed, 55 insertions, 33 deletions
diff --git a/lib/src/main/java/com/trilead/ssh2/channel/AuthAgentForwardThread.java b/lib/src/main/java/com/trilead/ssh2/channel/AuthAgentForwardThread.java index d3f10a3..f04c412 100644 --- a/lib/src/main/java/com/trilead/ssh2/channel/AuthAgentForwardThread.java +++ b/lib/src/main/java/com/trilead/ssh2/channel/AuthAgentForwardThread.java @@ -31,6 +31,10 @@ import java.security.interfaces.DSAPrivateKey; import java.security.interfaces.RSAPrivateKey; import java.security.spec.DSAPrivateKeySpec; import java.security.spec.DSAPublicKeySpec; +import java.security.spec.ECParameterSpec; +import java.security.spec.ECPoint; +import java.security.spec.ECPrivateKeySpec; +import java.security.spec.ECPublicKeySpec; import java.security.spec.InvalidKeySpecException; import java.security.spec.KeySpec; import java.security.spec.RSAPrivateKeySpec; @@ -43,6 +47,7 @@ import com.trilead.ssh2.log.Logger; import com.trilead.ssh2.packets.TypesReader; import com.trilead.ssh2.packets.TypesWriter; import com.trilead.ssh2.signature.DSASHA1Verify; +import com.trilead.ssh2.signature.ECDSASHA2Verify; import com.trilead.ssh2.signature.RSASHA1Verify; /** @@ -277,10 +282,14 @@ public class AuthAgentForwardThread extends Thread implements IChannelWorkerThre String type = tr.readString(); - KeyPair pair; String comment; + String keyType; + KeySpec pubSpec; + KeySpec privSpec; if (type.equals("ssh-rsa")) { + keyType = "RSA"; + BigInteger n = tr.readMPINT(); BigInteger e = tr.readMPINT(); BigInteger d = tr.readMPINT(); @@ -289,25 +298,11 @@ public class AuthAgentForwardThread extends Thread implements IChannelWorkerThre tr.readMPINT(); // q comment = tr.readString(); - KeySpec pubSpec = new RSAPublicKeySpec(n, e); - KeySpec privSpec = new RSAPrivateKeySpec(n, d); - - PublicKey pubKey; - PrivateKey privKey; - try { - KeyFactory kf = KeyFactory.getInstance("RSA"); - pubKey = kf.generatePublic(pubSpec); - privKey = kf.generatePrivate(privSpec); - } catch (NoSuchAlgorithmException ex) { - // TODO: log error - return; - } catch (InvalidKeySpecException ex) { - // TODO: log error - return; - } - - pair = new KeyPair(pubKey, privKey); + pubSpec = new RSAPublicKeySpec(n, e); + privSpec = new RSAPrivateKeySpec(n, d); } else if (type.equals("ssh-dss")) { + keyType = "DSA"; + BigInteger p = tr.readMPINT(); BigInteger q = tr.readMPINT(); BigInteger g = tr.readMPINT(); @@ -315,29 +310,56 @@ public class AuthAgentForwardThread extends Thread implements IChannelWorkerThre BigInteger x = tr.readMPINT(); comment = tr.readString(); - KeySpec pubSpec = new DSAPublicKeySpec(y, p, q, g); - KeySpec privSpec = new DSAPrivateKeySpec(x, p, q, g); - - PublicKey pubKey; - PrivateKey privKey; - try { - KeyFactory kf = KeyFactory.getInstance("DSA"); - pubKey = kf.generatePublic(pubSpec); - privKey = kf.generatePrivate(privSpec); - } catch (NoSuchAlgorithmException ex) { - // TODO: log error + pubSpec = new DSAPublicKeySpec(y, p, q, g); + privSpec = new DSAPrivateKeySpec(x, p, q, g); + } else if (type.equals("ecdsa-sha2-nistp256")) { + keyType = "EC"; + + String curveName = tr.readString(); + byte[] groupBytes = tr.readByteString(); + BigInteger exponent = tr.readMPINT(); + comment = tr.readString(); + + if (!"nistp256".equals(curveName)) { + log.log(2, "Invalid curve name for ecdsa-sha2-nistp256: " + curveName); + os.write(SSH_AGENT_FAILURE); return; - } catch (InvalidKeySpecException ex) { - // TODO: log error + } + + ECParameterSpec nistp256 = ECDSASHA2Verify.EllipticCurves.nistp256; + ECPoint group = ECDSASHA2Verify.decodeECPoint(groupBytes, nistp256.getCurve()); + if (group == null) { + // TODO log error + os.write(SSH_AGENT_FAILURE); return; } - pair = new KeyPair(pubKey, privKey); + pubSpec = new ECPublicKeySpec(group, nistp256); + privSpec = new ECPrivateKeySpec(exponent, nistp256); } else { + log.log(2, "Unknown key type: " + type); os.write(SSH_AGENT_FAILURE); return; } + PublicKey pubKey; + PrivateKey privKey; + try { + KeyFactory kf = KeyFactory.getInstance(keyType); + pubKey = kf.generatePublic(pubSpec); + privKey = kf.generatePrivate(privSpec); + } catch (NoSuchAlgorithmException ex) { + // TODO: log error + os.write(SSH_AGENT_FAILURE); + return; + } catch (InvalidKeySpecException ex) { + // TODO: log error + os.write(SSH_AGENT_FAILURE); + return; + } + + KeyPair pair = new KeyPair(pubKey, privKey); + boolean confirmUse = false; int lifetime = 0; |