Reported from https://github.com/TeamAmaze/AmazeFileManager/issues/2976, it was found the key uses aes-128-cbc which is currently not supported by sshj. This change adds support for it.
To enable support for this, also eliminated hardcoding byte array size for key and IV, as a result of BCrypt.pbkdf().
* Fix: if the client knows CA key, it should send host key algo proposal for certificates
* Run specific SSH server in KeyWithCertificateSpec
Required to verify the case with wrong host key algorithm proposals. See #733
* Split KeyWithCertificateSpec into HostKeyWithCertificateSpec and PublicKeyAuthWithCertificateSpec
Prevents from starting unnecessary SSHD containers, making the tests run a bit faster when they are launched separately.
* Replace abstract class IntegrationBaseSpec with composition through IntegrationTestUtil
* Switch to testcontainers in integration tests
It allows running different SSH servers with different configurations in tests, giving ability to cover more bugs, like mentioned in #733.
* Handle @cert-authority in known_hosts.
* Fix ClassCastException when receiving an ECDSA-CERT host key.
* Mention what exactly is not negotiated.
* Verify host key certificates during key exchange.
* Unit and integration tests for host key verification.
* Show sshd logs when integration test finishes.
* Review fixes: extract to private method, change strings.
* Add key types for ECDSA and ED25519 with certificates to implement publickey auth with that keys.
* Read public key certificates in OpenSSHKeyV1KeyFile.
* Fix ClassCastException in ECDSAVariationsAdapter.isECKeyWithFieldSize.
* Introduce an integration test for publickey auth with certificates.
* Refactor: merge copy-paste from OpenSshKey*File.java into an util class.
* Add the license to KeyWithCertificateSpec.groovy
* Add the license to OpenSSHKeyFileUtil.java
* Implement AES-GCM cipher support
Fixes#217.
A port of AES-GCM cipher support from Apache MINA-SSHD, based on https://github.com/apache/mina-sshd/pull/132.
Included tests for decoding SSH packets sent from Apache MINA-SSHD and OpenSSH (Version 7.9p1 as used by Debian 10).
Manual tests also done on OpenSSH server 7.9p1 running Debian 10 with its available ciphers, including 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com and aes256-gcm@openssh.com.
* Changes per PR feedback
- Fixed variable/statement whitespaces and add back missing braces per coding standard requirement
- Moved Buffer.putLong() and Buffer.getLong() into GcmCipher.CounterGCMParameterSpec since it's the only user
- Moved BaseCipher.authSize into GcmCipher since it is the only cipher that would return a non-zero. BaseCipher will keep return 0 instead
- Made BaseCipher.cipher protected instead of making it publicly accessible
- Combined the three decoding modes in Decoder.decode() into one single method, to reduce code duplication
- Added integration test for the ciphers, along with the newly implemented AES-GCM ciphers
* Fix RSA certificate key determination.
Fixes#599.
* Correct serialization of RSA certificates with unlimited dates.
* The test for connecting with RSA certificate.
* Remove redundant change in TransportImpl.java
* Add forgotten test keys.
* Make net.schmizz.sshj.common.KeyType.CertUtils.epochFromDate readable.
Co-authored-by: Vladimir Lagunov <vladimir.lagunov@jetbrains.com>
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Fix matching of pubkeys to key algorithms
Allow all configured key algorithms for pubkey authentication, even if
these algorithms are not supported as host key algorithms by the
server.
Preference is given to the modern rsa-sha2-* signature algorithms if
the server indicates support for them as host keys signature
algorithms.
* Replace Boolean with primitive boolean
* Add integration tests for ecdsa-sha2-nistp384/521
* Remove redundant import
* Clean up Transport interface
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Added support for RSA to openssh-key-v1 keyfile
* Fixed exception
* Added ECDSA support to openssh-key-v1
* Added integration tests for different keytypes
