Added all RFC Ciphers and some extended ones

2025-12-08 16:18:05 +03:00 · 2015-11-11 22:10:16 +01:00
parent 51e1ff24e4
commit 2b6fedc939
16 changed files with 327 additions and 13 deletions
--- a/src/main/java/net/schmizz/sshj/DefaultConfig.java
+++ b/src/main/java/net/schmizz/sshj/DefaultConfig.java
@@ -15,6 +15,8 @@
 */
 package net.schmizz.sshj;

+import com.hierynomus.sshj.transport.cipher.BlockCiphers;
+import com.hierynomus.sshj.transport.cipher.StreamCiphers;
 import net.schmizz.keepalive.KeepAliveProvider;
 import net.schmizz.sshj.common.Factory;
 import net.schmizz.sshj.common.SecurityUtils;
@@ -48,6 +50,7 @@ import net.schmizz.sshj.userauth.keyprovider.PuTTYKeyFile;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

+import java.awt.image.ByteLookupTable;
 import java.util.Arrays;
 import java.util.Iterator;
 import java.util.LinkedList;
@@ -130,7 +133,29 @@ public class DefaultConfig
                new AES192CBC.Factory(),
                new AES256CBC.Factory(),
                new TripleDESCBC.Factory(),
-                new BlowfishCBC.Factory()));
+                new BlowfishCBC.Factory(),
+                BlockCiphers.BlowfishCTR(),
+                BlockCiphers.Cast128CBC(),
+                BlockCiphers.Cast128CTR(),
+                BlockCiphers.IDEACBC(),
+                BlockCiphers.IDEACTR(),
+                BlockCiphers.Serpent128CBC(),
+                BlockCiphers.Serpent128CTR(),
+                BlockCiphers.Serpent192CBC(),
+                BlockCiphers.Serpent192CTR(),
+                BlockCiphers.Serpent256CBC(),
+                BlockCiphers.Serpent256CTR(),
+                BlockCiphers.TripleDESCTR(),
+                BlockCiphers.Twofish128CBC(),
+                BlockCiphers.Twofish128CTR(),
+                BlockCiphers.Twofish192CBC(),
+                BlockCiphers.Twofish192CTR(),
+                BlockCiphers.Twofish256CBC(),
+                BlockCiphers.Twofish256CTR(),
+                BlockCiphers.TwofishCBC(),
+                StreamCiphers.Arcfour(),
+                StreamCiphers.Arcfour128(),
+                StreamCiphers.Arcfour256()));

        boolean warn = false;
        // Ref. https://issues.apache.org/jira/browse/SSHD-24
@@ -144,6 +169,7 @@ public class DefaultConfig
                c.init(Cipher.Mode.Encrypt, key, iv);
            } catch (Exception e) {
                warn = true;
+                log.warn(e.getCause().getMessage());
                i.remove();
            }
        }
@@ -151,6 +177,7 @@ public class DefaultConfig
            log.warn("Disabling high-strength ciphers: cipher strengths apparently limited by JCE policy");

        setCipherFactories(avail);
+        log.debug("Available cipher factories: {}", avail);
    }

    protected void initSignatureFactories() {
--- a/src/main/java/net/schmizz/sshj/transport/cipher/AES128CBC.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/AES128CBC.java
@@ -17,7 +17,7 @@ package net.schmizz.sshj.transport.cipher;

 /** {@code aes128-cbc} cipher */
 public class AES128CBC
-        extends BaseCipher {
+        extends BlockCipher {

    /** Named factory for AES128CBC Cipher */
    public static class Factory
--- a/src/main/java/net/schmizz/sshj/transport/cipher/AES128CTR.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/AES128CTR.java
@@ -17,7 +17,7 @@ package net.schmizz.sshj.transport.cipher;

 /** {@code aes128-ctr} cipher */
 public class AES128CTR
-        extends BaseCipher {
+        extends BlockCipher {

    /** Named factory for AES128CBC Cipher */
    public static class Factory
--- a/src/main/java/net/schmizz/sshj/transport/cipher/AES192CBC.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/AES192CBC.java
@@ -17,7 +17,7 @@ package net.schmizz.sshj.transport.cipher;

 /** {@code aes192-cbc} cipher */
 public class AES192CBC
-        extends BaseCipher {
+        extends BlockCipher {

    /** Named factory for AES192CBC Cipher */
    public static class Factory
--- a/src/main/java/net/schmizz/sshj/transport/cipher/AES192CTR.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/AES192CTR.java
@@ -17,7 +17,7 @@ package net.schmizz.sshj.transport.cipher;

 /** {@code aes192-ctr} cipher */
 public class AES192CTR
-        extends BaseCipher {
+        extends BlockCipher {

    /** Named factory for AES192CTR Cipher */
    public static class Factory
--- a/src/main/java/net/schmizz/sshj/transport/cipher/AES256CBC.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/AES256CBC.java
@@ -17,7 +17,7 @@ package net.schmizz.sshj.transport.cipher;

 /** {@code aes256-ctr} cipher */
 public class AES256CBC
-        extends BaseCipher {
+        extends BlockCipher {

    /** Named factory for AES256CBC Cipher */
    public static class Factory
--- a/src/main/java/net/schmizz/sshj/transport/cipher/AES256CTR.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/AES256CTR.java
@@ -17,7 +17,7 @@ package net.schmizz.sshj.transport.cipher;

 /** {@code aes256-ctr} cipher */
 public class AES256CTR
-        extends BaseCipher {
+        extends BlockCipher {

    /** Named factory for AES256CBC Cipher */
    public static class Factory
--- a/src/main/java/net/schmizz/sshj/transport/cipher/BaseCipher.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/BaseCipher.java
@@ -22,9 +22,11 @@ import javax.crypto.ShortBufferException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 import java.security.GeneralSecurityException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;

 /** Base class for all Cipher implementations delegating to the JCE provider. */
-public class BaseCipher
+public abstract class BaseCipher
        implements Cipher {

    private static byte[] resize(byte[] data, int size) {
@@ -66,14 +68,22 @@ public class BaseCipher
        iv = BaseCipher.resize(iv, ivsize);
        try {
            cipher = SecurityUtils.getCipher(transformation);
-            cipher.init((mode == Mode.Encrypt ? javax.crypto.Cipher.ENCRYPT_MODE : javax.crypto.Cipher.DECRYPT_MODE),
-                        new SecretKeySpec(key, algorithm), new IvParameterSpec(iv));
+            initCipher(cipher, mode, key, iv);
        } catch (GeneralSecurityException e) {
            cipher = null;
            throw new SSHRuntimeException(e);
        }
    }

+    protected abstract void initCipher(javax.crypto.Cipher cipher, Mode mode, byte[] key, byte[] iv) throws InvalidKeyException, InvalidAlgorithmParameterException;
+    protected SecretKeySpec getKeySpec(byte[] key) {
+        return new SecretKeySpec(key, algorithm);
+    }
+
+    protected int getMode(Mode mode) {
+        return mode == Mode.Encrypt ? javax.crypto.Cipher.ENCRYPT_MODE : javax.crypto.Cipher.DECRYPT_MODE;
+    }
+
    @Override
    public void update(byte[] input, int inputOffset, int inputLen) {
        try {
--- a/src/main/java/net/schmizz/sshj/transport/cipher/BlockCipher.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/BlockCipher.java
@@ -0,0 +1,17 @@
+package net.schmizz.sshj.transport.cipher;
+
+import javax.crypto.spec.IvParameterSpec;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+
+public class BlockCipher extends BaseCipher {
+    public BlockCipher(int ivsize, int bsize, String algorithm, String transformation) {
+        super(ivsize, bsize, algorithm, transformation);
+    }
+
+    protected void initCipher(javax.crypto.Cipher cipher, Mode mode, byte[] key, byte[] iv) throws InvalidKeyException, InvalidAlgorithmParameterException {
+        cipher.init(getMode(mode),
+                getKeySpec(key), new IvParameterSpec(iv));
+    }
+
+}
--- a/src/main/java/net/schmizz/sshj/transport/cipher/BlowfishCBC.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/BlowfishCBC.java
@@ -17,7 +17,7 @@ package net.schmizz.sshj.transport.cipher;

 /** {@code blowfish-ctr} cipher */
 public class BlowfishCBC
-        extends BaseCipher {
+        extends BlockCipher {

    /** Named factory for BlowfishCBC Cipher */
    public static class Factory
--- a/src/main/java/net/schmizz/sshj/transport/cipher/TripleDESCBC.java
+++ b/src/main/java/net/schmizz/sshj/transport/cipher/TripleDESCBC.java
@@ -17,7 +17,7 @@ package net.schmizz.sshj.transport.cipher;

 /** {@code 3des-cbc} cipher */
 public class TripleDESCBC
-        extends BaseCipher {
+        extends BlockCipher {

    /** Named factory for TripleDESCBC Cipher */
    public static class Factory