diff options
Diffstat (limited to 'src/com/trilead/ssh2/crypto')
5 files changed, 54 insertions, 38 deletions
diff --git a/src/com/trilead/ssh2/crypto/KeyMaterial.java b/src/com/trilead/ssh2/crypto/KeyMaterial.java index 499422f..1dbd6c7 100644 --- a/src/com/trilead/ssh2/crypto/KeyMaterial.java +++ b/src/com/trilead/ssh2/crypto/KeyMaterial.java @@ -3,8 +3,6 @@ package com.trilead.ssh2.crypto; import java.math.BigInteger; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; import com.trilead.ssh2.crypto.digest.HashForSSH2Types; @@ -74,12 +72,7 @@ public class KeyMaterial { KeyMaterial km = new KeyMaterial(); - HashForSSH2Types sh; - try { - sh = new HashForSSH2Types(MessageDigest.getInstance(hashAlgo)); - } catch (NoSuchAlgorithmException e) { - throw new IllegalArgumentException(e); - } + HashForSSH2Types sh = new HashForSSH2Types(hashAlgo); km.initial_iv_client_to_server = calculateKey(sh, K, H, (byte) 'A', SessionID, blockSizeCS); diff --git a/src/com/trilead/ssh2/crypto/dh/DhGroupExchange.java b/src/com/trilead/ssh2/crypto/dh/DhGroupExchange.java index 2922284..a888950 100644 --- a/src/com/trilead/ssh2/crypto/dh/DhGroupExchange.java +++ b/src/com/trilead/ssh2/crypto/dh/DhGroupExchange.java @@ -87,10 +87,10 @@ public class DhGroupExchange this.k = f.modPow(x, p); } - public byte[] calculateH(byte[] clientversion, byte[] serverversion, byte[] clientKexPayload, - byte[] serverKexPayload, byte[] hostKey, DHGexParameters para) + public byte[] calculateH(String hashAlgo, byte[] clientversion, byte[] serverversion, + byte[] clientKexPayload, byte[] serverKexPayload, byte[] hostKey, DHGexParameters para) { - HashForSSH2Types hash = new HashForSSH2Types("SHA1"); + HashForSSH2Types hash = new HashForSSH2Types(hashAlgo); hash.updateByteString(clientversion); hash.updateByteString(serverversion); diff --git a/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java b/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java index d65490a..039ff75 100644 --- a/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java +++ b/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java @@ -4,8 +4,6 @@ package com.trilead.ssh2.crypto.dh; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.math.BigInteger; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; import com.trilead.ssh2.crypto.digest.HashForSSH2Types; import com.trilead.ssh2.log.Logger; @@ -71,12 +69,7 @@ public abstract class GenericDhExchange public byte[] calculateH(byte[] clientversion, byte[] serverversion, byte[] clientKexPayload, byte[] serverKexPayload, byte[] hostKey) throws UnsupportedEncodingException { - HashForSSH2Types hash; - try { - hash = new HashForSSH2Types(MessageDigest.getInstance(getHashAlgo())); - } catch (NoSuchAlgorithmException e) { - throw new UnsupportedOperationException(e); - } + HashForSSH2Types hash = new HashForSSH2Types(getHashAlgo()); if (log.isEnabled()) { diff --git a/src/com/trilead/ssh2/crypto/digest/HashForSSH2Types.java b/src/com/trilead/ssh2/crypto/digest/HashForSSH2Types.java index 9127d4e..6b0d6e3 100644 --- a/src/com/trilead/ssh2/crypto/digest/HashForSSH2Types.java +++ b/src/com/trilead/ssh2/crypto/digest/HashForSSH2Types.java @@ -16,19 +16,10 @@ public class HashForSSH2Types { MessageDigest md; - public HashForSSH2Types(MessageDigest md) - { - this.md = md; - } - public HashForSSH2Types(String type) { try { - if ("SHA1".equals(type) || "MD5".equals(type)) { - md = MessageDigest.getInstance(type); - } else { - throw new IllegalArgumentException("Unknown algorithm " + type); - } + md = MessageDigest.getInstance(type); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("Unsupported algorithm " + type); } diff --git a/src/com/trilead/ssh2/crypto/digest/MAC.java b/src/com/trilead/ssh2/crypto/digest/MAC.java index 20c52fa..561599c 100644 --- a/src/com/trilead/ssh2/crypto/digest/MAC.java +++ b/src/com/trilead/ssh2/crypto/digest/MAC.java @@ -16,6 +16,36 @@ import javax.crypto.spec.SecretKeySpec; */ public final class MAC { + /** + * From http://tools.ietf.org/html/rfc4253 + */ + private static final String HMAC_MD5 = "hmac-md5"; + + /** + * From http://tools.ietf.org/html/rfc4253 + */ + private static final String HMAC_MD5_96 = "hmac-md5-96"; + + /** + * From http://tools.ietf.org/html/rfc4253 + */ + private static final String HMAC_SHA1 = "hmac-sha1"; + + /** + * From http://tools.ietf.org/html/rfc4253 + */ + private static final String HMAC_SHA1_96 = "hmac-sha1-96"; + + /** + * From http://tools.ietf.org/html/rfc6668 + */ + private static final String HMAC_SHA2_256 = "hmac-sha2-256"; + + /** + * From http://tools.ietf.org/html/rfc6668 + */ + private static final String HMAC_SHA2_512 = "hmac-sha2-512"; + Mac mac; int outSize; int macSize; @@ -23,7 +53,8 @@ public final class MAC /* Higher Priority First */ private static final String[] MAC_LIST = { - "hmac-sha1-96", "hmac-sha1", "hmac-md5-96", "hmac-md5" + HMAC_SHA2_256, HMAC_SHA2_512, + HMAC_SHA1_96, HMAC_SHA1, HMAC_MD5_96, HMAC_MD5 }; public final static String[] getMacList() @@ -39,28 +70,36 @@ public final class MAC public final static int getKeyLen(String type) { - if (type.equals("hmac-sha1")) + if (HMAC_SHA1.equals(type) || HMAC_SHA1_96.equals(type)) return 20; - if (type.equals("hmac-sha1-96")) - return 20; - if (type.equals("hmac-md5")) - return 16; - if (type.equals("hmac-md5-96")) + if (HMAC_MD5.equals(type) || HMAC_MD5_96.equals(type)) return 16; + if (HMAC_SHA2_256.equals(type)) + return 32; + if (HMAC_SHA2_512.equals(type)) + return 64; throw new IllegalArgumentException("Unkown algorithm " + type); } public MAC(String type, byte[] key) { try { - if ("hmac-sha1".equals(type) || "hmac-sha1-96".equals(type)) + if (HMAC_SHA1.equals(type) || HMAC_SHA1_96.equals(type)) { mac = Mac.getInstance("HmacSHA1"); } - else if ("hmac-md5".equals(type) || "hmac-md5-96".equals(type)) + else if (HMAC_MD5.equals(type) || HMAC_MD5_96.equals(type)) { mac = Mac.getInstance("HmacMD5"); } + else if (HMAC_SHA2_256.equals(type)) + { + mac = Mac.getInstance("HmacSHA256"); + } + else if (HMAC_SHA2_512.equals(type)) + { + mac = Mac.getInstance("HmacSHA512"); + } else throw new IllegalArgumentException("Unkown algorithm " + type); } catch (NoSuchAlgorithmException e) { |