mirror of
https://github.com/hierynomus/sshj.git
synced 2025-12-08 00:00:54 +03:00
Compare commits
20 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
a1f501a027 | ||
|
|
fef9cfaf79 | ||
|
|
c67ae242f2 | ||
|
|
823f1e5759 | ||
|
|
f046a41750 | ||
|
|
c161fe26f6 | ||
|
|
ec46a7a489 | ||
|
|
762d088388 | ||
|
|
99c85672b8 | ||
|
|
28d57840ab | ||
|
|
2984291d84 | ||
|
|
bdbd9d7eb5 | ||
|
|
9ac55de26c | ||
|
|
a9928c2882 | ||
|
|
c6c9a3f6a8 | ||
|
|
0918bc626f | ||
|
|
aa7748395d | ||
|
|
cf077e2a4f | ||
|
|
c58c7c7c60 | ||
|
|
0b548d9d13 |
1
.gitignore
vendored
1
.gitignore
vendored
@@ -10,6 +10,7 @@
|
||||
.settings/
|
||||
|
||||
# Output dirs
|
||||
out/
|
||||
target/
|
||||
classes/
|
||||
build/
|
||||
|
||||
10
.travis.yml
10
.travis.yml
@@ -1,5 +1,13 @@
|
||||
language: java
|
||||
before_cache:
|
||||
- rm -f $HOME/.gradle/caches/modules-2/modules-2.lock
|
||||
cache:
|
||||
directories:
|
||||
- $HOME/.gradle/caches/
|
||||
- $HOME/.gradle/wrapper/
|
||||
sudo: false
|
||||
dist: trusty
|
||||
jdk:
|
||||
- oraclejdk7
|
||||
- oraclejdk8
|
||||
- openjdk8
|
||||
- oraclejdk9
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
= sshj - SSHv2 library for Java
|
||||
Jeroen van Erp
|
||||
:sshj_groupid: com.hierynomus
|
||||
:sshj_version: 0.21.1
|
||||
:sshj_version: 0.23.0
|
||||
:source-highlighter: pygments
|
||||
|
||||
image:https://travis-ci.org/hierynomus/sshj.svg?branch=master[link="https://travis-ci.org/hierynomus/sshj"]
|
||||
@@ -104,6 +104,12 @@ Google Group: http://groups.google.com/group/sshj-users
|
||||
Fork away!
|
||||
|
||||
== Release history
|
||||
SSHJ 0.23.0 (2017-10-13)::
|
||||
* Merged https://github.com/hierynomus/sshj/pulls/372[#372]: Upgrade to 'net.i2p.crypto:eddsa:0.2.0'
|
||||
* Fixed https://github.com/hierynomus/sshj/issues/355[#355] and https://github.com/hierynomus/sshj/issues/354[#354]: Correctly decode signature bytes
|
||||
* Fixed https://github.com/hierynomus/sshj/issues/365[#365]: Added support for new-style OpenSSH fingerprints of server keys
|
||||
* Fixed https://github.com/hierynomus/sshj/issues/356[#356]: Fixed key type detection for ECDSA public keys
|
||||
* Made SSHJ Java9 compatible
|
||||
SSHJ 0.22.0 (2017-08-24)::
|
||||
* Fixed https://github.com/hierynomus/sshj/pulls/341[#341]: Fixed path walking during recursive copy
|
||||
* Merged https://github.com/hierynomus/sshj/pulls/338[#338]: Added ConsolePasswordFinder to read password from stdin
|
||||
|
||||
10
build.gradle
10
build.gradle
@@ -10,6 +10,7 @@ plugins {
|
||||
id "com.jfrog.bintray" version "1.7"
|
||||
id 'ru.vyarus.pom' version '1.0.3'
|
||||
id 'ru.vyarus.github-info' version '1.1.0'
|
||||
id 'ru.vyarus.animalsniffer' version '1.4.2'
|
||||
}
|
||||
|
||||
group = "com.hierynomus"
|
||||
@@ -17,6 +18,9 @@ defaultTasks "build"
|
||||
|
||||
repositories {
|
||||
mavenCentral()
|
||||
maven {
|
||||
url "https://dl.bintray.com/mockito/maven/"
|
||||
}
|
||||
}
|
||||
|
||||
sourceCompatibility = 1.6
|
||||
@@ -27,16 +31,18 @@ configurations.compile.transitive = false
|
||||
def bouncycastleVersion = "1.56"
|
||||
|
||||
dependencies {
|
||||
signature 'org.codehaus.mojo.signature:java16:1.1@signature'
|
||||
|
||||
compile "org.slf4j:slf4j-api:1.7.7"
|
||||
compile "org.bouncycastle:bcprov-jdk15on:$bouncycastleVersion"
|
||||
compile "org.bouncycastle:bcpkix-jdk15on:$bouncycastleVersion"
|
||||
compile "com.jcraft:jzlib:1.1.3"
|
||||
|
||||
compile "net.i2p.crypto:eddsa:0.1.0"
|
||||
compile "net.i2p.crypto:eddsa:0.2.0"
|
||||
|
||||
testCompile "junit:junit:4.11"
|
||||
testCompile 'org.spockframework:spock-core:1.0-groovy-2.4'
|
||||
testCompile "org.mockito:mockito-core:2.8.47"
|
||||
testCompile "org.mockito:mockito-core:2.9.2"
|
||||
testCompile "org.apache.sshd:sshd-core:1.2.0"
|
||||
testRuntime "ch.qos.logback:logback-classic:1.1.2"
|
||||
testCompile 'org.glassfish.grizzly:grizzly-http-server:2.3.17'
|
||||
|
||||
@@ -15,12 +15,12 @@
|
||||
*/
|
||||
package com.hierynomus.sshj.backport;
|
||||
|
||||
import net.schmizz.sshj.common.IOUtils;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.net.*;
|
||||
|
||||
import net.schmizz.sshj.common.IOUtils;
|
||||
|
||||
public class Jdk7HttpProxySocket extends Socket {
|
||||
|
||||
private Proxy httpProxy = null;
|
||||
|
||||
@@ -23,8 +23,6 @@ import net.schmizz.sshj.common.SSHRuntimeException;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
import static net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable.CURVE_ED25519_SHA512;
|
||||
|
||||
/**
|
||||
* Our own extension of the EdDSAPublicKey that comes from ECC-25519, as that class does not implement equality.
|
||||
* The code uses the equality of the keys as an indicator whether they're the same during host key verification.
|
||||
@@ -34,7 +32,7 @@ public class Ed25519PublicKey extends EdDSAPublicKey {
|
||||
public Ed25519PublicKey(EdDSAPublicKeySpec spec) {
|
||||
super(spec);
|
||||
|
||||
EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName(CURVE_ED25519_SHA512);
|
||||
EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("Ed25519");
|
||||
if (!spec.getParams().getCurve().equals(ed25519.getCurve())) {
|
||||
throw new SSHRuntimeException("Cannot create Ed25519 Public Key from wrong spec");
|
||||
}
|
||||
|
||||
@@ -16,14 +16,16 @@
|
||||
package com.hierynomus.sshj.signature;
|
||||
|
||||
import net.i2p.crypto.eddsa.EdDSAEngine;
|
||||
import net.schmizz.sshj.common.Buffer;
|
||||
import net.schmizz.sshj.common.KeyType;
|
||||
import net.schmizz.sshj.common.SSHRuntimeException;
|
||||
import net.schmizz.sshj.signature.AbstractSignature;
|
||||
import net.schmizz.sshj.signature.Signature;
|
||||
|
||||
import java.security.*;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.SignatureException;
|
||||
|
||||
public class SignatureEdDSA implements Signature {
|
||||
public class SignatureEdDSA extends AbstractSignature {
|
||||
public static class Factory implements net.schmizz.sshj.common.Factory.Named<Signature> {
|
||||
|
||||
@Override
|
||||
@@ -37,54 +39,18 @@ public class SignatureEdDSA implements Signature {
|
||||
}
|
||||
}
|
||||
|
||||
final EdDSAEngine engine;
|
||||
SignatureEdDSA() {
|
||||
super(getEngine());
|
||||
}
|
||||
|
||||
protected SignatureEdDSA() {
|
||||
private static EdDSAEngine getEngine() {
|
||||
try {
|
||||
engine = new EdDSAEngine(MessageDigest.getInstance("SHA-512"));
|
||||
return new EdDSAEngine(MessageDigest.getInstance("SHA-512"));
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
throw new SSHRuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void init(PublicKey pubkey, PrivateKey prvkey) {
|
||||
try {
|
||||
if (pubkey != null) {
|
||||
engine.initVerify(pubkey);
|
||||
}
|
||||
|
||||
if (prvkey != null) {
|
||||
engine.initSign(prvkey);
|
||||
}
|
||||
} catch (InvalidKeyException e) {
|
||||
throw new SSHRuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void update(byte[] H) {
|
||||
update(H, 0, H.length);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void update(byte[] H, int off, int len) {
|
||||
try {
|
||||
engine.update(H, off, len);
|
||||
} catch (SignatureException e) {
|
||||
throw new SSHRuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public byte[] sign() {
|
||||
try {
|
||||
return engine.sign();
|
||||
} catch (SignatureException e) {
|
||||
throw new SSHRuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public byte[] encode(byte[] signature) {
|
||||
return signature;
|
||||
@@ -93,17 +59,9 @@ public class SignatureEdDSA implements Signature {
|
||||
@Override
|
||||
public boolean verify(byte[] sig) {
|
||||
try {
|
||||
Buffer.PlainBuffer plainBuffer = new Buffer.PlainBuffer(sig);
|
||||
String algo = plainBuffer.readString();
|
||||
if (!"ssh-ed25519".equals(algo)) {
|
||||
throw new SSHRuntimeException("Expected 'ssh-ed25519' key algorithm, but was: " + algo);
|
||||
}
|
||||
byte[] bytes = plainBuffer.readBytes();
|
||||
return engine.verify(bytes);
|
||||
return signature.verify(extractSig(sig, "ssh-ed25519"));
|
||||
} catch (SignatureException e) {
|
||||
throw new SSHRuntimeException(e);
|
||||
} catch (Buffer.BufferException e) {
|
||||
throw new SSHRuntimeException(e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -19,14 +19,15 @@ import net.schmizz.sshj.transport.cipher.BlockCipher;
|
||||
import net.schmizz.sshj.transport.cipher.Cipher;
|
||||
|
||||
/**
|
||||
* All BlockCiphers supported by SSH according to the following RFCs
|
||||
* All BlockCiphers supported by SSH according to the following RFCs:
|
||||
*
|
||||
* - https://tools.ietf.org/html/rfc4344#section-3.1
|
||||
* - https://tools.ietf.org/html/rfc4253#section-6.3
|
||||
* <ul>
|
||||
* <li>https://tools.ietf.org/html/rfc4344#section-3.1</li>
|
||||
* <li>https://tools.ietf.org/html/rfc4253#section-6.3</li>
|
||||
* <li>TODO: https://tools.ietf.org/html/rfc5647</li>
|
||||
* </ul>
|
||||
*
|
||||
* TODO: https://tools.ietf.org/html/rfc5647
|
||||
*
|
||||
* Some of the Ciphers are still implemented in net.schmizz.sshj.transport.cipher.*. These are scheduled to be migrated to here.
|
||||
* Some of the Ciphers are still implemented in net.schmizz.sshj.transport.cipher.*. These are deprecated and scheduled to be removed.
|
||||
*/
|
||||
@SuppressWarnings("PMD.MethodNamingConventions")
|
||||
public class BlockCiphers {
|
||||
@@ -34,9 +35,30 @@ public class BlockCiphers {
|
||||
public static final String COUNTER_MODE = "CTR";
|
||||
public static final String CIPHER_BLOCK_CHAINING_MODE = "CBC";
|
||||
|
||||
public static Factory AES128CTR() {
|
||||
return new Factory(16, 128, "aes128-ctr", "AES", COUNTER_MODE);
|
||||
}
|
||||
public static Factory AES192CTR() {
|
||||
return new Factory(16, 192, "aes192-ctr", "AES", COUNTER_MODE);
|
||||
}
|
||||
public static Factory AES256CTR() {
|
||||
return new Factory(16, 256, "aes256-ctr", "AES", COUNTER_MODE);
|
||||
}
|
||||
public static Factory AES128CBC() {
|
||||
return new Factory(16, 128, "aes128-cbc", "AES", CIPHER_BLOCK_CHAINING_MODE);
|
||||
}
|
||||
public static Factory AES192CBC() {
|
||||
return new Factory(16, 192, "aes192-cbc", "AES", CIPHER_BLOCK_CHAINING_MODE);
|
||||
}
|
||||
public static Factory AES256CBC() {
|
||||
return new Factory(16, 256, "aes256-cbc", "AES", CIPHER_BLOCK_CHAINING_MODE);
|
||||
}
|
||||
public static Factory BlowfishCTR() {
|
||||
return new Factory(8, 256, "blowfish-ctr", "Blowfish", COUNTER_MODE);
|
||||
}
|
||||
public static Factory BlowfishCBC() {
|
||||
return new Factory(8, 128, "blowfish-cbc", "Blowfish", CIPHER_BLOCK_CHAINING_MODE);
|
||||
}
|
||||
public static Factory Twofish128CTR() {
|
||||
return new Factory(16, 128, "twofish128-ctr", "Twofish", COUNTER_MODE);
|
||||
}
|
||||
@@ -91,6 +113,9 @@ public class BlockCiphers {
|
||||
public static Factory TripleDESCTR() {
|
||||
return new Factory(8, 192, "3des-ctr", "DESede", COUNTER_MODE);
|
||||
}
|
||||
public static Factory TripleDESCBC() {
|
||||
return new Factory(8, 192, "3des-cbc", "DESede", CIPHER_BLOCK_CHAINING_MODE);
|
||||
}
|
||||
|
||||
/** Named factory for BlockCipher */
|
||||
public static class Factory
|
||||
|
||||
@@ -15,14 +15,15 @@
|
||||
*/
|
||||
package com.hierynomus.sshj.transport.kex;
|
||||
|
||||
import net.schmizz.sshj.transport.digest.*;
|
||||
import net.schmizz.sshj.transport.digest.Digest;
|
||||
import net.schmizz.sshj.transport.digest.SHA1;
|
||||
import net.schmizz.sshj.transport.digest.SHA256;
|
||||
import net.schmizz.sshj.transport.digest.SHA512;
|
||||
import net.schmizz.sshj.transport.kex.KeyExchange;
|
||||
|
||||
import java.math.BigInteger;
|
||||
|
||||
import static net.schmizz.sshj.transport.kex.DHGroupData.*;
|
||||
import static net.schmizz.sshj.transport.kex.DHGroupData.P16;
|
||||
import static net.schmizz.sshj.transport.kex.DHGroupData.P18;
|
||||
|
||||
/**
|
||||
* Factory methods for Diffie Hellmann KEX algorithms based on MODP groups / Oakley Groups
|
||||
|
||||
@@ -15,14 +15,6 @@
|
||||
*/
|
||||
package com.hierynomus.sshj.userauth.keyprovider;
|
||||
|
||||
import java.io.BufferedReader;
|
||||
import java.io.IOException;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.KeyPair;
|
||||
import java.security.PublicKey;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import net.i2p.crypto.eddsa.EdDSAPrivateKey;
|
||||
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
|
||||
import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
|
||||
@@ -31,8 +23,14 @@ import net.schmizz.sshj.common.Buffer.PlainBuffer;
|
||||
import net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider;
|
||||
import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider;
|
||||
import net.schmizz.sshj.userauth.keyprovider.KeyFormat;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import static net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable.CURVE_ED25519_SHA512;
|
||||
import java.io.BufferedReader;
|
||||
import java.io.IOException;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.KeyPair;
|
||||
import java.security.PublicKey;
|
||||
|
||||
/**
|
||||
* Reads a key file in the new OpenSSH format.
|
||||
@@ -155,6 +153,6 @@ public class OpenSSHKeyV1KeyFile extends BaseFileKeyProvider {
|
||||
throw new IOException("Padding of key format contained wrong byte at position: " + i);
|
||||
}
|
||||
}
|
||||
return new KeyPair(publicKey, new EdDSAPrivateKey(new EdDSAPrivateKeySpec(privKey, EdDSANamedCurveTable.getByName(CURVE_ED25519_SHA512))));
|
||||
return new KeyPair(publicKey, new EdDSAPrivateKey(new EdDSAPrivateKeySpec(privKey, EdDSANamedCurveTable.getByName("Ed25519"))));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,11 +15,11 @@
|
||||
*/
|
||||
package net.schmizz.concurrent;
|
||||
|
||||
import net.schmizz.sshj.common.LoggerFactory;
|
||||
|
||||
import java.util.concurrent.TimeUnit;
|
||||
import java.util.concurrent.locks.ReentrantLock;
|
||||
|
||||
import net.schmizz.sshj.common.LoggerFactory;
|
||||
|
||||
/**
|
||||
* An event can be set, cleared, or awaited, similar to Python's {@code threading.event}. The key difference is that a
|
||||
* waiter may be delivered an exception of parameterized type {@code T}.
|
||||
|
||||
@@ -15,6 +15,7 @@
|
||||
*/
|
||||
package net.schmizz.concurrent;
|
||||
|
||||
import net.schmizz.sshj.common.LoggerFactory;
|
||||
import org.slf4j.Logger;
|
||||
|
||||
import java.util.concurrent.TimeUnit;
|
||||
@@ -22,8 +23,6 @@ import java.util.concurrent.TimeoutException;
|
||||
import java.util.concurrent.locks.Condition;
|
||||
import java.util.concurrent.locks.ReentrantLock;
|
||||
|
||||
import net.schmizz.sshj.common.LoggerFactory;
|
||||
|
||||
/**
|
||||
* Represents promised data of the parameterized type {@code V} and allows waiting on it. An exception may also be
|
||||
* delivered to a waiter, and will be of the parameterized type {@code T}.
|
||||
|
||||
@@ -16,8 +16,8 @@
|
||||
package net.schmizz.sshj;
|
||||
|
||||
import net.schmizz.keepalive.KeepAliveProvider;
|
||||
import net.schmizz.sshj.common.LoggerFactory;
|
||||
import net.schmizz.sshj.common.Factory;
|
||||
import net.schmizz.sshj.common.LoggerFactory;
|
||||
import net.schmizz.sshj.signature.Signature;
|
||||
import net.schmizz.sshj.transport.cipher.Cipher;
|
||||
import net.schmizz.sshj.transport.compression.Compression;
|
||||
|
||||
@@ -15,22 +15,12 @@
|
||||
*/
|
||||
package net.schmizz.sshj;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
import java.util.Iterator;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Properties;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
|
||||
import com.hierynomus.sshj.signature.SignatureEdDSA;
|
||||
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
|
||||
import com.hierynomus.sshj.transport.cipher.StreamCiphers;
|
||||
import com.hierynomus.sshj.transport.kex.DHGroups;
|
||||
import com.hierynomus.sshj.transport.kex.ExtendedDHGroups;
|
||||
import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
|
||||
|
||||
import net.schmizz.keepalive.KeepAliveProvider;
|
||||
import net.schmizz.sshj.common.Factory;
|
||||
import net.schmizz.sshj.common.LoggerFactory;
|
||||
@@ -38,26 +28,13 @@ import net.schmizz.sshj.common.SecurityUtils;
|
||||
import net.schmizz.sshj.signature.SignatureDSA;
|
||||
import net.schmizz.sshj.signature.SignatureECDSA;
|
||||
import net.schmizz.sshj.signature.SignatureRSA;
|
||||
import net.schmizz.sshj.transport.cipher.AES128CBC;
|
||||
import net.schmizz.sshj.transport.cipher.AES128CTR;
|
||||
import net.schmizz.sshj.transport.cipher.AES192CBC;
|
||||
import net.schmizz.sshj.transport.cipher.AES192CTR;
|
||||
import net.schmizz.sshj.transport.cipher.AES256CBC;
|
||||
import net.schmizz.sshj.transport.cipher.AES256CTR;
|
||||
import net.schmizz.sshj.transport.cipher.BlowfishCBC;
|
||||
import net.schmizz.sshj.transport.cipher.Cipher;
|
||||
import net.schmizz.sshj.transport.cipher.TripleDESCBC;
|
||||
import net.schmizz.sshj.transport.cipher.*;
|
||||
import net.schmizz.sshj.transport.compression.NoneCompression;
|
||||
import net.schmizz.sshj.transport.kex.Curve25519SHA256;
|
||||
import net.schmizz.sshj.transport.kex.DHGexSHA1;
|
||||
import net.schmizz.sshj.transport.kex.DHGexSHA256;
|
||||
import net.schmizz.sshj.transport.kex.ECDHNistP;
|
||||
import net.schmizz.sshj.transport.mac.HMACMD5;
|
||||
import net.schmizz.sshj.transport.mac.HMACMD596;
|
||||
import net.schmizz.sshj.transport.mac.HMACSHA1;
|
||||
import net.schmizz.sshj.transport.mac.HMACSHA196;
|
||||
import net.schmizz.sshj.transport.mac.HMACSHA2256;
|
||||
import net.schmizz.sshj.transport.mac.HMACSHA2512;
|
||||
import net.schmizz.sshj.transport.mac.*;
|
||||
import net.schmizz.sshj.transport.random.BouncyCastleRandom;
|
||||
import net.schmizz.sshj.transport.random.JCERandom;
|
||||
import net.schmizz.sshj.transport.random.SingletonRandomFactory;
|
||||
@@ -65,6 +42,10 @@ import net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile;
|
||||
import net.schmizz.sshj.userauth.keyprovider.PKCS5KeyFile;
|
||||
import net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile;
|
||||
import net.schmizz.sshj.userauth.keyprovider.PuTTYKeyFile;
|
||||
import org.slf4j.Logger;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.*;
|
||||
|
||||
/**
|
||||
* A {@link net.schmizz.sshj.Config} that is initialized as follows. Items marked with an asterisk are added to the config only if
|
||||
@@ -72,9 +53,7 @@ import net.schmizz.sshj.userauth.keyprovider.PuTTYKeyFile;
|
||||
* <p/>
|
||||
* <ul>
|
||||
* <li>{@link net.schmizz.sshj.ConfigImpl#setKeyExchangeFactories Key exchange}: {@link net.schmizz.sshj.transport.kex.DHG14}*, {@link net.schmizz.sshj.transport.kex.DHG1}</li>
|
||||
* <li>{@link net.schmizz.sshj.ConfigImpl#setCipherFactories Ciphers} [1]: {@link net.schmizz.sshj.transport.cipher.AES128CTR}, {@link net.schmizz.sshj.transport.cipher.AES192CTR}, {@link net.schmizz.sshj.transport.cipher.AES256CTR},
|
||||
* {@link
|
||||
* net.schmizz.sshj.transport.cipher.AES128CBC}, {@link net.schmizz.sshj.transport.cipher.AES192CBC}, {@link net.schmizz.sshj.transport.cipher.AES256CBC}, {@link net.schmizz.sshj.transport.cipher.AES192CBC}, {@link net.schmizz.sshj.transport.cipher.TripleDESCBC}, {@link net.schmizz.sshj.transport.cipher.BlowfishCBC}</li>
|
||||
* <li>{@link net.schmizz.sshj.ConfigImpl#setCipherFactories Ciphers}: {@link BlockCiphers}, {@link StreamCiphers} [1]</li>
|
||||
* <li>{@link net.schmizz.sshj.ConfigImpl#setMACFactories MAC}: {@link net.schmizz.sshj.transport.mac.HMACSHA1}, {@link net.schmizz.sshj.transport.mac.HMACSHA196}, {@link net.schmizz.sshj.transport.mac.HMACMD5}, {@link
|
||||
* net.schmizz.sshj.transport.mac.HMACMD596}</li>
|
||||
* <li>{@link net.schmizz.sshj.ConfigImpl#setCompressionFactories Compression}: {@link net.schmizz.sshj.transport.compression.NoneCompression}</li>
|
||||
@@ -172,14 +151,13 @@ public class DefaultConfig
|
||||
|
||||
protected void initCipherFactories() {
|
||||
List<Factory.Named<Cipher>> avail = new LinkedList<Factory.Named<Cipher>>(Arrays.<Factory.Named<Cipher>>asList(
|
||||
new AES128CTR.Factory(),
|
||||
new AES192CTR.Factory(),
|
||||
new AES256CTR.Factory(),
|
||||
new AES128CBC.Factory(),
|
||||
new AES192CBC.Factory(),
|
||||
new AES256CBC.Factory(),
|
||||
new TripleDESCBC.Factory(),
|
||||
new BlowfishCBC.Factory(),
|
||||
BlockCiphers.AES128CBC(),
|
||||
BlockCiphers.AES128CTR(),
|
||||
BlockCiphers.AES192CBC(),
|
||||
BlockCiphers.AES192CTR(),
|
||||
BlockCiphers.AES256CBC(),
|
||||
BlockCiphers.AES256CTR(),
|
||||
BlockCiphers.BlowfishCBC(),
|
||||
BlockCiphers.BlowfishCTR(),
|
||||
BlockCiphers.Cast128CBC(),
|
||||
BlockCiphers.Cast128CTR(),
|
||||
@@ -191,6 +169,7 @@ public class DefaultConfig
|
||||
BlockCiphers.Serpent192CTR(),
|
||||
BlockCiphers.Serpent256CBC(),
|
||||
BlockCiphers.Serpent256CTR(),
|
||||
BlockCiphers.TripleDESCBC(),
|
||||
BlockCiphers.TripleDESCTR(),
|
||||
BlockCiphers.Twofish128CBC(),
|
||||
BlockCiphers.Twofish128CTR(),
|
||||
|
||||
@@ -15,11 +15,7 @@
|
||||
*/
|
||||
package net.schmizz.sshj;
|
||||
|
||||
import net.schmizz.sshj.common.Factory;
|
||||
import net.schmizz.sshj.common.IOUtils;
|
||||
import net.schmizz.sshj.common.LoggerFactory;
|
||||
import net.schmizz.sshj.common.SSHException;
|
||||
import net.schmizz.sshj.common.SecurityUtils;
|
||||
import net.schmizz.sshj.common.*;
|
||||
import net.schmizz.sshj.connection.Connection;
|
||||
import net.schmizz.sshj.connection.ConnectionException;
|
||||
import net.schmizz.sshj.connection.ConnectionImpl;
|
||||
@@ -42,6 +38,7 @@ import net.schmizz.sshj.transport.compression.DelayedZlibCompression;
|
||||
import net.schmizz.sshj.transport.compression.NoneCompression;
|
||||
import net.schmizz.sshj.transport.compression.ZlibCompression;
|
||||
import net.schmizz.sshj.transport.verification.AlgorithmsVerifier;
|
||||
import net.schmizz.sshj.transport.verification.FingerprintVerifier;
|
||||
import net.schmizz.sshj.transport.verification.HostKeyVerifier;
|
||||
import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts;
|
||||
import net.schmizz.sshj.userauth.UserAuth;
|
||||
@@ -173,19 +170,23 @@ public class SSHClient
|
||||
|
||||
/**
|
||||
* Add a {@link HostKeyVerifier} that will verify any host that's able to claim a host key with the given {@code
|
||||
* fingerprint}, e.g. {@code "4b:69:6c:72:6f:79:20:77:61:73:20:68:65:72:65:21"}
|
||||
* fingerprint}.
|
||||
*
|
||||
* The fingerprint can be specified in either an MD5 colon-delimited format (16 hexadecimal octets, delimited by a colon),
|
||||
* or in a Base64 encoded format for SHA-1 or SHA-256 fingerprints.
|
||||
* Valid examples are:
|
||||
*
|
||||
* <ul><li>"SHA1:2Fo8c/96zv32xc8GZWbOGYOlRak="</li>
|
||||
* <li>"SHA256:oQGbQTujGeNIgh0ONthcEpA/BHxtt3rcYY+NxXTxQjs="</li>
|
||||
* <li>"MD5:d3:5e:40:72:db:08:f1:6d:0c:d7:6d:35:0d:ba:7c:32"</li>
|
||||
* <li>"d3:5e:40:72:db:08:f1:6d:0c:d7:6d:35:0d:ba:7c:32"</li></ul>
|
||||
*
|
||||
* @param fingerprint expected fingerprint in colon-delimited format (16 octets in hex delimited by a colon)
|
||||
*
|
||||
* @see SecurityUtils#getFingerprint
|
||||
*/
|
||||
public void addHostKeyVerifier(final String fingerprint) {
|
||||
addHostKeyVerifier(new HostKeyVerifier() {
|
||||
@Override
|
||||
public boolean verify(String h, int p, PublicKey k) {
|
||||
return SecurityUtils.getFingerprint(k).equals(fingerprint);
|
||||
}
|
||||
});
|
||||
addHostKeyVerifier(FingerprintVerifier.getInstance(fingerprint));
|
||||
}
|
||||
|
||||
// FIXME: there are way too many auth... overrides. Better API needed.
|
||||
|
||||
@@ -94,4 +94,34 @@ public class ByteArrayUtils {
|
||||
return sb.toString();
|
||||
}
|
||||
|
||||
|
||||
public static byte[] parseHex(String hex) {
|
||||
if (hex == null) {
|
||||
throw new IllegalArgumentException("Hex string is null");
|
||||
}
|
||||
if (hex.length() % 2 != 0) {
|
||||
throw new IllegalArgumentException("Hex string '" + hex + "' should have even length.");
|
||||
}
|
||||
|
||||
byte[] result = new byte[hex.length() / 2];
|
||||
for (int i = 0; i < result.length; i++) {
|
||||
int hi = parseHexDigit(hex.charAt(i * 2)) << 4;
|
||||
int lo = parseHexDigit(hex.charAt(i * 2 + 1));
|
||||
result[i] = (byte) (hi + lo);
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
private static int parseHexDigit(char c) {
|
||||
if (c >= '0' && c <= '9') {
|
||||
return c - '0';
|
||||
}
|
||||
if (c >= 'a' && c <= 'f') {
|
||||
return c - 'a' + 10;
|
||||
}
|
||||
if (c >= 'A' && c <= 'F') {
|
||||
return c - 'A' + 10;
|
||||
}
|
||||
throw new IllegalArgumentException("Digit '" + c + "' out of bounds [0-9a-fA-F]");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,15 +15,7 @@
|
||||
*/
|
||||
package net.schmizz.sshj.common;
|
||||
|
||||
import java.math.BigInteger;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.KeyFactory;
|
||||
import java.security.PublicKey;
|
||||
import java.security.interfaces.ECPublicKey;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import com.hierynomus.sshj.secg.SecgUtils;
|
||||
import org.bouncycastle.asn1.nist.NISTNamedCurves;
|
||||
import org.bouncycastle.asn1.x9.X9ECParameters;
|
||||
import org.bouncycastle.jce.spec.ECParameterSpec;
|
||||
@@ -32,9 +24,18 @@ import org.bouncycastle.math.ec.ECPoint;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import com.hierynomus.sshj.secg.SecgUtils;
|
||||
import java.math.BigInteger;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.Key;
|
||||
import java.security.KeyFactory;
|
||||
import java.security.PublicKey;
|
||||
import java.security.interfaces.ECKey;
|
||||
import java.security.interfaces.ECPublicKey;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
public class ECDSAVariationsAdapter {
|
||||
class ECDSAVariationsAdapter {
|
||||
|
||||
private final static String BASE_ALGORITHM_NAME = "ecdsa-sha2-nistp";
|
||||
|
||||
@@ -53,7 +54,7 @@ public class ECDSAVariationsAdapter {
|
||||
SUPPORTED_CURVES.put("521", "nistp521");
|
||||
}
|
||||
|
||||
public static PublicKey readPubKeyFromBuffer(Buffer<?> buf, String variation) throws GeneralSecurityException {
|
||||
static PublicKey readPubKeyFromBuffer(Buffer<?> buf, String variation) throws GeneralSecurityException {
|
||||
String algorithm = BASE_ALGORITHM_NAME + variation;
|
||||
if (!SecurityUtils.isBouncyCastleRegistered()) {
|
||||
throw new GeneralSecurityException("BouncyCastle is required to read a key of type " + algorithm);
|
||||
@@ -92,7 +93,7 @@ public class ECDSAVariationsAdapter {
|
||||
}
|
||||
}
|
||||
|
||||
public static void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
|
||||
static void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
|
||||
final ECPublicKey ecdsa = (ECPublicKey) pk;
|
||||
byte[] encoded = SecgUtils.getEncoded(ecdsa.getW(), ecdsa.getParams().getCurve());
|
||||
|
||||
@@ -100,8 +101,12 @@ public class ECDSAVariationsAdapter {
|
||||
.putBytes(encoded);
|
||||
}
|
||||
|
||||
public static int fieldSizeFromKey(ECPublicKey ecPublicKey) {
|
||||
return ecPublicKey.getParams().getCurve().getField().getFieldSize();
|
||||
static boolean isECKeyWithFieldSize(Key key, int fieldSize) {
|
||||
return "ECDSA".equals(key.getAlgorithm())
|
||||
&& fieldSizeFromKey((ECKey) key) == fieldSize;
|
||||
}
|
||||
|
||||
private static int fieldSizeFromKey(ECKey ecPublicKey) {
|
||||
return ecPublicKey.getParams().getCurve().getField().getFieldSize();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,6 +15,16 @@
|
||||
*/
|
||||
package net.schmizz.sshj.common;
|
||||
|
||||
import com.hierynomus.sshj.signature.Ed25519PublicKey;
|
||||
import com.hierynomus.sshj.userauth.certificate.Certificate;
|
||||
import net.i2p.crypto.eddsa.EdDSAPublicKey;
|
||||
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
|
||||
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
|
||||
import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
|
||||
import net.schmizz.sshj.common.Buffer.BufferException;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import java.math.BigInteger;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.Key;
|
||||
@@ -22,30 +32,11 @@ import java.security.KeyFactory;
|
||||
import java.security.PublicKey;
|
||||
import java.security.interfaces.DSAPrivateKey;
|
||||
import java.security.interfaces.DSAPublicKey;
|
||||
import java.security.interfaces.ECPublicKey;
|
||||
import java.security.interfaces.RSAPrivateKey;
|
||||
import java.security.interfaces.RSAPublicKey;
|
||||
import java.security.spec.DSAPublicKeySpec;
|
||||
import java.security.spec.RSAPublicKeySpec;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.Date;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import com.hierynomus.sshj.signature.Ed25519PublicKey;
|
||||
import com.hierynomus.sshj.userauth.certificate.Certificate;
|
||||
|
||||
import net.i2p.crypto.eddsa.EdDSAPublicKey;
|
||||
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
|
||||
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
|
||||
import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
|
||||
import net.schmizz.sshj.common.Buffer.BufferException;
|
||||
import java.util.*;
|
||||
|
||||
/** Type of key e.g. rsa, dsa */
|
||||
public enum KeyType {
|
||||
@@ -130,7 +121,7 @@ public enum KeyType {
|
||||
|
||||
@Override
|
||||
protected boolean isMyType(Key key) {
|
||||
return ("ECDSA".equals(key.getAlgorithm()) && ECDSAVariationsAdapter.fieldSizeFromKey((ECPublicKey) key) == 256);
|
||||
return ECDSAVariationsAdapter.isECKeyWithFieldSize(key, 256);
|
||||
}
|
||||
},
|
||||
|
||||
@@ -151,7 +142,7 @@ public enum KeyType {
|
||||
|
||||
@Override
|
||||
protected boolean isMyType(Key key) {
|
||||
return ("ECDSA".equals(key.getAlgorithm()) && ECDSAVariationsAdapter.fieldSizeFromKey((ECPublicKey) key) == 384);
|
||||
return ECDSAVariationsAdapter.isECKeyWithFieldSize(key, 384);
|
||||
}
|
||||
},
|
||||
|
||||
@@ -172,7 +163,7 @@ public enum KeyType {
|
||||
|
||||
@Override
|
||||
protected boolean isMyType(Key key) {
|
||||
return ("ECDSA".equals(key.getAlgorithm()) && ECDSAVariationsAdapter.fieldSizeFromKey((ECPublicKey) key) == 521);
|
||||
return ECDSAVariationsAdapter.isECKeyWithFieldSize(key, 521);
|
||||
}
|
||||
},
|
||||
|
||||
@@ -192,7 +183,7 @@ public enum KeyType {
|
||||
);
|
||||
}
|
||||
|
||||
EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.CURVE_ED25519_SHA512);
|
||||
EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("Ed25519");
|
||||
EdDSAPublicKeySpec publicSpec = new EdDSAPublicKeySpec(p, ed25519);
|
||||
return new Ed25519PublicKey(publicSpec);
|
||||
|
||||
|
||||
@@ -15,13 +15,14 @@
|
||||
*/
|
||||
package net.schmizz.sshj.common;
|
||||
|
||||
import java.security.*;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.KeyAgreement;
|
||||
import javax.crypto.Mac;
|
||||
import javax.crypto.NoSuchPaddingException;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import java.security.*;
|
||||
|
||||
import static java.lang.String.format;
|
||||
|
||||
@@ -68,15 +69,15 @@ public class SecurityUtils {
|
||||
}
|
||||
|
||||
if (securityProvider == null) {
|
||||
MessageDigest.getInstance("MD5", provider.getName());
|
||||
KeyAgreement.getInstance("DH", provider.getName());
|
||||
MessageDigest.getInstance("MD5", provider);
|
||||
KeyAgreement.getInstance("DH", provider);
|
||||
setSecurityProvider(provider.getName());
|
||||
return true;
|
||||
}
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
LOG.info(format("Security Provider '%s' does not support necessary algorithm", providerClassName), e);
|
||||
} catch (NoSuchProviderException e) {
|
||||
LOG.info("Registration of Security Provider '{}' unexpectedly failed", providerClassName);
|
||||
} catch (Exception e) {
|
||||
LOG.info(format("Registration of Security Provider '%s' unexpectedly failed", providerClassName), e);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -137,6 +137,15 @@ public class LocalPortForwarder {
|
||||
listen(Thread.currentThread());
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns whether this listener is running (ie. whether a thread is attached to it).
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public boolean isRunning() {
|
||||
return this.runningThread != null && !serverSocket.isClosed();
|
||||
}
|
||||
|
||||
/**
|
||||
* Start listening for incoming connections and forward to remote host as a channel and ensure that the thread is registered.
|
||||
* This is useful if for instance {@link #close() is called from another thread}
|
||||
|
||||
@@ -15,34 +15,48 @@
|
||||
*/
|
||||
package net.schmizz.sshj.signature;
|
||||
|
||||
import net.schmizz.sshj.common.Buffer;
|
||||
import net.schmizz.sshj.common.SSHRuntimeException;
|
||||
import net.schmizz.sshj.common.SecurityUtils;
|
||||
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.PublicKey;
|
||||
import java.security.SignatureException;
|
||||
import java.security.*;
|
||||
|
||||
/** An abstract class for {@link Signature} that implements common functionality. */
|
||||
/**
|
||||
* An abstract class for {@link Signature} that implements common functionality.
|
||||
*/
|
||||
public abstract class AbstractSignature
|
||||
implements Signature {
|
||||
|
||||
protected final String algorithm;
|
||||
protected java.security.Signature signature;
|
||||
@SuppressWarnings("PMD.UnnecessaryFullyQualifiedName")
|
||||
protected final java.security.Signature signature;
|
||||
|
||||
protected AbstractSignature(String algorithm) {
|
||||
this.algorithm = algorithm;
|
||||
try {
|
||||
this.signature = SecurityUtils.getSignature(algorithm);
|
||||
} catch (GeneralSecurityException e) {
|
||||
throw new SSHRuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
protected AbstractSignature(@SuppressWarnings("PMD.UnnecessaryFullyQualifiedName")
|
||||
java.security.Signature signatureEngine) {
|
||||
this.signature = signatureEngine;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void init(PublicKey publicKey, PrivateKey privateKey) {
|
||||
public void initVerify(PublicKey publicKey) {
|
||||
try {
|
||||
signature = SecurityUtils.getSignature(algorithm);
|
||||
if (publicKey != null)
|
||||
signature.initVerify(publicKey);
|
||||
if (privateKey != null)
|
||||
signature.initSign(privateKey);
|
||||
} catch (GeneralSecurityException e) {
|
||||
signature.initVerify(publicKey);
|
||||
} catch (InvalidKeyException e) {
|
||||
throw new SSHRuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void initSign(PrivateKey privateKey) {
|
||||
try {
|
||||
signature.initSign(privateKey);
|
||||
} catch (InvalidKeyException e) {
|
||||
throw new SSHRuntimeException(e);
|
||||
}
|
||||
}
|
||||
@@ -70,23 +84,24 @@ public abstract class AbstractSignature
|
||||
}
|
||||
}
|
||||
|
||||
protected byte[] extractSig(byte[] sig) {
|
||||
if (sig[0] == 0 && sig[1] == 0 && sig[2] == 0) {
|
||||
int i = 0;
|
||||
int j = sig[i++] << 24 & 0xff000000
|
||||
| sig[i++] << 16 & 0x00ff0000
|
||||
| sig[i++] << 8 & 0x0000ff00
|
||||
| sig[i++] & 0x000000ff;
|
||||
i += j;
|
||||
j = sig[i++] << 24 & 0xff000000
|
||||
| sig[i++] << 16 & 0x00ff0000
|
||||
| sig[i++] << 8 & 0x0000ff00
|
||||
| sig[i++] & 0x000000ff;
|
||||
byte[] newSig = new byte[j];
|
||||
System.arraycopy(sig, i, newSig, 0, j);
|
||||
return newSig;
|
||||
/**
|
||||
* Check whether the signature is generated using the expected algorithm, and if so, return the signature blob
|
||||
*
|
||||
* @param sig The full signature
|
||||
* @param expectedKeyAlgorithm The expected key algorithm
|
||||
* @return The blob part of the signature
|
||||
*/
|
||||
protected byte[] extractSig(byte[] sig, String expectedKeyAlgorithm) {
|
||||
Buffer.PlainBuffer buffer = new Buffer.PlainBuffer(sig);
|
||||
try {
|
||||
String algo = buffer.readString();
|
||||
if (!expectedKeyAlgorithm.equals(algo)) {
|
||||
throw new SSHRuntimeException("Expected '" + expectedKeyAlgorithm + "' key algorithm, but got: " + algo);
|
||||
}
|
||||
return buffer.readBytes();
|
||||
} catch (Buffer.BufferException e) {
|
||||
throw new SSHRuntimeException(e);
|
||||
}
|
||||
return sig;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -22,13 +22,24 @@ import java.security.PublicKey;
|
||||
public interface Signature {
|
||||
|
||||
/**
|
||||
* Initialize this signature with the given public key and private key. If the private key is null, only signature
|
||||
* verification can be performed.
|
||||
* Initialize this signature with the given public key for signature verification.
|
||||
*
|
||||
* @param pubkey (null-ok) specify in case verification is needed
|
||||
* @param prvkey (null-ok) specify in case signing is needed
|
||||
* Note that subsequent calls to either {@link #initVerify(PublicKey)} or {@link #initSign(PrivateKey)} will
|
||||
* overwrite prior initialization.
|
||||
*
|
||||
* @param pubkey the public key to use for signature verification
|
||||
*/
|
||||
void init(PublicKey pubkey, PrivateKey prvkey);
|
||||
void initVerify(PublicKey pubkey);
|
||||
|
||||
/**
|
||||
* Initialize this signature with the given private key for signing.
|
||||
*
|
||||
* Note that subsequent calls to either {@link #initVerify(PublicKey)} or {@link #initSign(PrivateKey)} will
|
||||
* overwrite prior initialization.
|
||||
*
|
||||
* @param prvkey the private key to use for signing
|
||||
*/
|
||||
void initSign(PrivateKey prvkey);
|
||||
|
||||
/**
|
||||
* Convenience method, same as calling {@link #update(byte[], int, int)} with offset as {@code 0} and {@code
|
||||
|
||||
@@ -17,14 +17,23 @@ package net.schmizz.sshj.signature;
|
||||
|
||||
import net.schmizz.sshj.common.KeyType;
|
||||
import net.schmizz.sshj.common.SSHRuntimeException;
|
||||
import org.bouncycastle.asn1.*;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.math.BigInteger;
|
||||
import java.security.SignatureException;
|
||||
import java.util.Arrays;
|
||||
|
||||
/** DSA {@link Signature} */
|
||||
/**
|
||||
* DSA {@link Signature}
|
||||
*/
|
||||
public class SignatureDSA
|
||||
extends AbstractSignature {
|
||||
|
||||
/** A named factory for DSA signature */
|
||||
/**
|
||||
* A named factory for DSA signature
|
||||
*/
|
||||
public static class Factory
|
||||
implements net.schmizz.sshj.common.Factory.Named<Signature> {
|
||||
|
||||
@@ -74,33 +83,33 @@ public class SignatureDSA
|
||||
|
||||
@Override
|
||||
public boolean verify(byte[] sig) {
|
||||
sig = extractSig(sig);
|
||||
|
||||
// ASN.1
|
||||
int frst = (sig[0] & 0x80) != 0 ? 1 : 0;
|
||||
int scnd = (sig[20] & 0x80) != 0 ? 1 : 0;
|
||||
|
||||
int length = sig.length + 6 + frst + scnd;
|
||||
byte[] tmp = new byte[length];
|
||||
tmp[0] = (byte) 0x30;
|
||||
tmp[1] = (byte) 0x2c;
|
||||
tmp[1] += frst;
|
||||
tmp[1] += scnd;
|
||||
tmp[2] = (byte) 0x02;
|
||||
tmp[3] = (byte) 0x14;
|
||||
tmp[3] += frst;
|
||||
System.arraycopy(sig, 0, tmp, 4 + frst, 20);
|
||||
tmp[4 + tmp[3]] = (byte) 0x02;
|
||||
tmp[5 + tmp[3]] = (byte) 0x14;
|
||||
tmp[5 + tmp[3]] += scnd;
|
||||
System.arraycopy(sig, 20, tmp, 6 + tmp[3] + scnd, 20);
|
||||
sig = tmp;
|
||||
|
||||
try {
|
||||
return signature.verify(sig);
|
||||
byte[] sigBlob = extractSig(sig, "ssh-dss");
|
||||
return signature.verify(asnEncode(sigBlob));
|
||||
} catch (SignatureException e) {
|
||||
throw new SSHRuntimeException(e);
|
||||
} catch (IOException e) {
|
||||
throw new SSHRuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Encodes the signature as a DER sequence (ASN.1 format).
|
||||
*/
|
||||
private byte[] asnEncode(byte[] sigBlob) throws IOException {
|
||||
byte[] r = new BigInteger(1, Arrays.copyOfRange(sigBlob, 0, 20)).toByteArray();
|
||||
byte[] s = new BigInteger(1, Arrays.copyOfRange(sigBlob, 20, 40)).toByteArray();
|
||||
|
||||
ASN1EncodableVector vector = new ASN1EncodableVector();
|
||||
vector.add(new ASN1Integer(r));
|
||||
vector.add(new ASN1Integer(s));
|
||||
|
||||
ByteArrayOutputStream baos = new ByteArrayOutputStream();
|
||||
ASN1OutputStream asnOS = new ASN1OutputStream(baos);
|
||||
|
||||
asnOS.writeObject(new DERSequence(vector));
|
||||
asnOS.flush();
|
||||
|
||||
return baos.toByteArray();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,19 +15,18 @@
|
||||
*/
|
||||
package net.schmizz.sshj.signature;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.math.BigInteger;
|
||||
import java.security.SignatureException;
|
||||
|
||||
import net.schmizz.sshj.common.Buffer;
|
||||
import net.schmizz.sshj.common.KeyType;
|
||||
import net.schmizz.sshj.common.SSHRuntimeException;
|
||||
import org.bouncycastle.asn1.ASN1EncodableVector;
|
||||
import org.bouncycastle.asn1.ASN1Integer;
|
||||
import org.bouncycastle.asn1.ASN1OutputStream;
|
||||
import org.bouncycastle.asn1.DERSequence;
|
||||
|
||||
import net.schmizz.sshj.common.Buffer;
|
||||
import net.schmizz.sshj.common.KeyType;
|
||||
import net.schmizz.sshj.common.SSHRuntimeException;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.math.BigInteger;
|
||||
import java.security.SignatureException;
|
||||
|
||||
/** ECDSA {@link Signature} */
|
||||
public class SignatureECDSA extends AbstractSignature {
|
||||
@@ -99,7 +98,7 @@ public class SignatureECDSA extends AbstractSignature {
|
||||
System.arraycopy(sig, 4, r, 0, rLen);
|
||||
System.arraycopy(sig, 6 + rLen, s, 0, sLen);
|
||||
|
||||
Buffer buf = new Buffer.PlainBuffer();
|
||||
Buffer.PlainBuffer buf = new Buffer.PlainBuffer();
|
||||
buf.putMPInt(new BigInteger(r));
|
||||
buf.putMPInt(new BigInteger(s));
|
||||
|
||||
@@ -108,26 +107,9 @@ public class SignatureECDSA extends AbstractSignature {
|
||||
|
||||
@Override
|
||||
public boolean verify(byte[] sig) {
|
||||
byte[] r;
|
||||
byte[] s;
|
||||
try {
|
||||
Buffer sigbuf = new Buffer.PlainBuffer(sig);
|
||||
final String algo = new String(sigbuf.readBytes());
|
||||
if (!keyTypeName.equals(algo)) {
|
||||
throw new SSHRuntimeException(String.format("Signature :: " + keyTypeName + " expected, got %s", algo));
|
||||
}
|
||||
final int rsLen = sigbuf.readUInt32AsInt();
|
||||
if (sigbuf.available() != rsLen) {
|
||||
throw new SSHRuntimeException("Invalid key length");
|
||||
}
|
||||
r = sigbuf.readBytes();
|
||||
s = sigbuf.readBytes();
|
||||
} catch (Exception e) {
|
||||
throw new SSHRuntimeException(e);
|
||||
}
|
||||
|
||||
try {
|
||||
return signature.verify(asnEncode(r, s));
|
||||
byte[] sigBlob = extractSig(sig, keyTypeName);
|
||||
return signature.verify(asnEncode(sigBlob));
|
||||
} catch (SignatureException e) {
|
||||
throw new SSHRuntimeException(e);
|
||||
} catch (IOException e) {
|
||||
@@ -135,29 +117,19 @@ public class SignatureECDSA extends AbstractSignature {
|
||||
}
|
||||
}
|
||||
|
||||
private byte[] asnEncode(byte[] r, byte[] s) throws IOException {
|
||||
int rLen = r.length;
|
||||
int sLen = s.length;
|
||||
|
||||
/*
|
||||
* We can't have the high bit set, so add an extra zero at the beginning
|
||||
* if so.
|
||||
*/
|
||||
if ((r[0] & 0x80) != 0) {
|
||||
rLen++;
|
||||
}
|
||||
if ((s[0] & 0x80) != 0) {
|
||||
sLen++;
|
||||
}
|
||||
|
||||
/* Calculate total output length */
|
||||
int length = 6 + rLen + sLen;
|
||||
/**
|
||||
* Encodes the signature as a DER sequence (ASN.1 format).
|
||||
*/
|
||||
private byte[] asnEncode(byte[] sigBlob) throws IOException {
|
||||
Buffer.PlainBuffer sigbuf = new Buffer.PlainBuffer(sigBlob);
|
||||
byte[] r = sigbuf.readBytes();
|
||||
byte[] s = sigbuf.readBytes();
|
||||
|
||||
ASN1EncodableVector vector = new ASN1EncodableVector();
|
||||
vector.add(new ASN1Integer(r));
|
||||
vector.add(new ASN1Integer(s));
|
||||
|
||||
ByteArrayOutputStream baos = new ByteArrayOutputStream(length);
|
||||
ByteArrayOutputStream baos = new ByteArrayOutputStream();
|
||||
ASN1OutputStream asnOS = new ASN1OutputStream(baos);
|
||||
|
||||
asnOS.writeObject(new DERSequence(vector));
|
||||
|
||||
@@ -51,7 +51,7 @@ public class SignatureRSA
|
||||
|
||||
@Override
|
||||
public boolean verify(byte[] sig) {
|
||||
sig = extractSig(sig);
|
||||
sig = extractSig(sig, "ssh-rsa");
|
||||
try {
|
||||
return signature.verify(sig);
|
||||
} catch (SignatureException e) {
|
||||
|
||||
@@ -15,7 +15,14 @@
|
||||
*/
|
||||
package net.schmizz.sshj.transport.cipher;
|
||||
|
||||
/** {@code aes128-cbc} cipher */
|
||||
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
|
||||
|
||||
/**
|
||||
* {@code aes128-cbc} cipher
|
||||
*
|
||||
* @deprecated Use {@link BlockCiphers#AES128CBC()}
|
||||
*/
|
||||
@Deprecated
|
||||
public class AES128CBC
|
||||
extends BlockCipher {
|
||||
|
||||
@@ -32,6 +39,11 @@ public class AES128CBC
|
||||
public String getName() {
|
||||
return "aes128-cbc";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return getName();
|
||||
}
|
||||
}
|
||||
|
||||
public AES128CBC() {
|
||||
|
||||
@@ -15,11 +15,18 @@
|
||||
*/
|
||||
package net.schmizz.sshj.transport.cipher;
|
||||
|
||||
/** {@code aes128-ctr} cipher */
|
||||
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
|
||||
|
||||
/**
|
||||
* {@code aes128-ctr} cipher
|
||||
*
|
||||
* @deprecated Use {@link BlockCiphers#AES128CTR()}
|
||||
*/
|
||||
@Deprecated
|
||||
public class AES128CTR
|
||||
extends BlockCipher {
|
||||
|
||||
/** Named factory for AES128CBC Cipher */
|
||||
/** Named factory for AES128CTR Cipher */
|
||||
public static class Factory
|
||||
implements net.schmizz.sshj.common.Factory.Named<Cipher> {
|
||||
|
||||
@@ -32,6 +39,11 @@ public class AES128CTR
|
||||
public String getName() {
|
||||
return "aes128-ctr";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return getName();
|
||||
}
|
||||
}
|
||||
|
||||
public AES128CTR() {
|
||||
|
||||
@@ -15,7 +15,14 @@
|
||||
*/
|
||||
package net.schmizz.sshj.transport.cipher;
|
||||
|
||||
/** {@code aes192-cbc} cipher */
|
||||
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
|
||||
|
||||
/**
|
||||
* {@code aes192-cbc} cipher
|
||||
*
|
||||
* @deprecated Use {@link BlockCiphers#AES192CBC()}
|
||||
*/
|
||||
@Deprecated
|
||||
public class AES192CBC
|
||||
extends BlockCipher {
|
||||
|
||||
@@ -32,6 +39,11 @@ public class AES192CBC
|
||||
public String getName() {
|
||||
return "aes192-cbc";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return getName();
|
||||
}
|
||||
}
|
||||
|
||||
public AES192CBC() {
|
||||
|
||||
@@ -15,7 +15,14 @@
|
||||
*/
|
||||
package net.schmizz.sshj.transport.cipher;
|
||||
|
||||
/** {@code aes192-ctr} cipher */
|
||||
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
|
||||
|
||||
/**
|
||||
* {@code aes192-ctr} cipher
|
||||
*
|
||||
* @deprecated Use {@link BlockCiphers#AES192CTR()}
|
||||
*/
|
||||
@Deprecated
|
||||
public class AES192CTR
|
||||
extends BlockCipher {
|
||||
|
||||
@@ -32,6 +39,11 @@ public class AES192CTR
|
||||
public String getName() {
|
||||
return "aes192-ctr";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return getName();
|
||||
}
|
||||
}
|
||||
|
||||
public AES192CTR() {
|
||||
|
||||
@@ -15,7 +15,14 @@
|
||||
*/
|
||||
package net.schmizz.sshj.transport.cipher;
|
||||
|
||||
/** {@code aes256-ctr} cipher */
|
||||
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
|
||||
|
||||
/**
|
||||
* {@code aes256-cbc} cipher
|
||||
*
|
||||
* @deprecated Use {@link BlockCiphers#AES256CBC()}
|
||||
*/
|
||||
@Deprecated
|
||||
public class AES256CBC
|
||||
extends BlockCipher {
|
||||
|
||||
@@ -32,6 +39,11 @@ public class AES256CBC
|
||||
public String getName() {
|
||||
return "aes256-cbc";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return getName();
|
||||
}
|
||||
}
|
||||
|
||||
public AES256CBC() {
|
||||
|
||||
@@ -15,11 +15,18 @@
|
||||
*/
|
||||
package net.schmizz.sshj.transport.cipher;
|
||||
|
||||
/** {@code aes256-ctr} cipher */
|
||||
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
|
||||
|
||||
/**
|
||||
* {@code aes256-ctr} cipher
|
||||
*
|
||||
* @deprecated Use {@link BlockCiphers#AES256CTR()}
|
||||
*/
|
||||
@Deprecated
|
||||
public class AES256CTR
|
||||
extends BlockCipher {
|
||||
|
||||
/** Named factory for AES256CBC Cipher */
|
||||
/** Named factory for AES256CTR Cipher */
|
||||
public static class Factory
|
||||
implements net.schmizz.sshj.common.Factory.Named<Cipher> {
|
||||
|
||||
@@ -32,6 +39,11 @@ public class AES256CTR
|
||||
public String getName() {
|
||||
return "aes256-ctr";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return getName();
|
||||
}
|
||||
}
|
||||
|
||||
public AES256CTR() {
|
||||
|
||||
@@ -15,7 +15,14 @@
|
||||
*/
|
||||
package net.schmizz.sshj.transport.cipher;
|
||||
|
||||
/** {@code blowfish-ctr} cipher */
|
||||
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
|
||||
|
||||
/**
|
||||
* {@code blowfish-bcb} cipher
|
||||
*
|
||||
* @deprecated Use {@link BlockCiphers#BlowfishCBC()}
|
||||
*/
|
||||
@Deprecated
|
||||
public class BlowfishCBC
|
||||
extends BlockCipher {
|
||||
|
||||
@@ -32,6 +39,11 @@ public class BlowfishCBC
|
||||
public String getName() {
|
||||
return "blowfish-cbc";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return getName();
|
||||
}
|
||||
}
|
||||
|
||||
public BlowfishCBC() {
|
||||
|
||||
@@ -15,7 +15,14 @@
|
||||
*/
|
||||
package net.schmizz.sshj.transport.cipher;
|
||||
|
||||
/** {@code 3des-cbc} cipher */
|
||||
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
|
||||
|
||||
/**
|
||||
* {@code 3des-cbc} cipher
|
||||
*
|
||||
* @deprecated Use {@link BlockCiphers#TripleDESCBC()}
|
||||
*/
|
||||
@Deprecated
|
||||
public class TripleDESCBC
|
||||
extends BlockCipher {
|
||||
|
||||
@@ -32,6 +39,11 @@ public class TripleDESCBC
|
||||
public String getName() {
|
||||
return "3des-cbc";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return getName();
|
||||
}
|
||||
}
|
||||
|
||||
public TripleDESCBC() {
|
||||
|
||||
@@ -80,7 +80,7 @@ public abstract class AbstractDHG extends AbstractDH
|
||||
|
||||
Signature signature = Factory.Named.Util.create(trans.getConfig().getSignatureFactories(),
|
||||
KeyType.fromKey(hostKey).toString());
|
||||
signature.init(hostKey, null);
|
||||
signature.initVerify(hostKey);
|
||||
signature.update(H, 0, H.length);
|
||||
if (!signature.verify(sig))
|
||||
throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED,
|
||||
|
||||
@@ -86,7 +86,7 @@ public abstract class AbstractDHGex extends AbstractDH {
|
||||
H = digest.digest();
|
||||
Signature signature = Factory.Named.Util.create(trans.getConfig().getSignatureFactories(),
|
||||
KeyType.fromKey(hostKey).toString());
|
||||
signature.init(hostKey, null);
|
||||
signature.initVerify(hostKey);
|
||||
signature.update(H, 0, H.length);
|
||||
if (!signature.verify(sig))
|
||||
throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED,
|
||||
|
||||
@@ -15,16 +15,16 @@
|
||||
*/
|
||||
package net.schmizz.sshj.transport.kex;
|
||||
|
||||
import java.math.BigInteger;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.spec.AlgorithmParameterSpec;
|
||||
import java.util.Arrays;
|
||||
import net.schmizz.sshj.common.Factory;
|
||||
import net.schmizz.sshj.transport.random.Random;
|
||||
import org.bouncycastle.asn1.x9.X9ECParameters;
|
||||
import org.bouncycastle.crypto.ec.CustomNamedCurves;
|
||||
import org.bouncycastle.jce.spec.ECParameterSpec;
|
||||
|
||||
import net.schmizz.sshj.common.Factory;
|
||||
import net.schmizz.sshj.transport.random.Random;
|
||||
import java.math.BigInteger;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.spec.AlgorithmParameterSpec;
|
||||
import java.util.Arrays;
|
||||
|
||||
public class Curve25519DH extends DHBase {
|
||||
|
||||
|
||||
@@ -15,10 +15,11 @@
|
||||
*/
|
||||
package net.schmizz.sshj.transport.random;
|
||||
|
||||
import java.security.SecureRandom;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import java.security.SecureRandom;
|
||||
|
||||
/** A {@link Random} implementation using the built-in {@link SecureRandom} PRNG. */
|
||||
public class JCERandom
|
||||
implements Random {
|
||||
|
||||
@@ -0,0 +1,124 @@
|
||||
/*
|
||||
* Copyright (C)2009 - SSHJ Contributors
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package net.schmizz.sshj.transport.verification;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.PublicKey;
|
||||
import java.util.Arrays;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
import net.schmizz.sshj.common.Base64;
|
||||
import net.schmizz.sshj.common.Buffer;
|
||||
import net.schmizz.sshj.common.SSHRuntimeException;
|
||||
import net.schmizz.sshj.common.SecurityUtils;
|
||||
import net.schmizz.sshj.transport.verification.HostKeyVerifier;
|
||||
|
||||
public class FingerprintVerifier implements HostKeyVerifier {
|
||||
private static final Pattern MD5_FINGERPRINT_PATTERN = Pattern.compile("[0-9a-f]{2}+(:[0-9a-f]{2}+){15}+");
|
||||
/**
|
||||
* Valid examples:
|
||||
*
|
||||
* <ul>
|
||||
* <li><code>4b:69:6c:72:6f:79:20:77:61:73:20:68:65:72:65:21</code></li>
|
||||
* <li><code>MD5:4b:69:6c:72:6f:79:20:77:61:73:20:68:65:72:65:21</code></li>
|
||||
* <li><code>SHA1:FghNYu1l/HyE/qWbdQ2mkxrd0rU</code></li>
|
||||
* <li><code>SHA1:FghNYu1l/HyE/qWbdQ2mkxrd0rU=</code></li>
|
||||
* <li><code>SHA256:l/SjyCoKP8jAx3d8k8MWH+UZG0gcuIR7TQRE/A3faQo</code></li>
|
||||
* <li><code>SHA256:l/SjyCoKP8jAx3d8k8MWH+UZG0gcuIR7TQRE/A3faQo=</code></li>
|
||||
* </ul>
|
||||
*
|
||||
*
|
||||
* @param fingerprint of an SSH fingerprint in MD5 (hex), SHA-1 (base64) or SHA-256(base64) format
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public static HostKeyVerifier getInstance(String fingerprint) {
|
||||
|
||||
try {
|
||||
if (fingerprint.startsWith("SHA1:")) {
|
||||
return new FingerprintVerifier("SHA-1", fingerprint.substring(5));
|
||||
}
|
||||
|
||||
if (fingerprint.startsWith("SHA256:")) {
|
||||
return new FingerprintVerifier("SHA-256", fingerprint.substring(7));
|
||||
}
|
||||
|
||||
final String md5;
|
||||
if (fingerprint.startsWith("MD5:")) {
|
||||
md5 = fingerprint.substring(4); // remove the MD5: prefix
|
||||
} else {
|
||||
md5 = fingerprint;
|
||||
}
|
||||
|
||||
if (!MD5_FINGERPRINT_PATTERN.matcher(md5).matches()) {
|
||||
throw new SSHRuntimeException("Invalid MD5 fingerprint: " + fingerprint);
|
||||
}
|
||||
|
||||
// Use the old default fingerprint verifier for md5 fingerprints
|
||||
return (new HostKeyVerifier() {
|
||||
@Override
|
||||
public boolean verify(String h, int p, PublicKey k) {
|
||||
return SecurityUtils.getFingerprint(k).equals(md5);
|
||||
}
|
||||
});
|
||||
} catch (SSHRuntimeException e) {
|
||||
throw e;
|
||||
} catch (IOException e) {
|
||||
throw new SSHRuntimeException(e);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
private final String digestAlgorithm;
|
||||
private final byte[] fingerprintData;
|
||||
|
||||
/**
|
||||
*
|
||||
* @param digestAlgorithm
|
||||
* the used digest algorithm
|
||||
* @param base64Fingerprint
|
||||
* base64 encoded fingerprint data
|
||||
*
|
||||
* @throws IOException
|
||||
*/
|
||||
private FingerprintVerifier(String digestAlgorithm, String base64Fingerprint) throws IOException {
|
||||
this.digestAlgorithm = digestAlgorithm;
|
||||
|
||||
// if the length is not padded with "=" chars at the end so that it is divisible by 4 the SSHJ Base64 implementation does not work correctly
|
||||
StringBuilder base64FingerprintBuilder = new StringBuilder(base64Fingerprint);
|
||||
while (base64FingerprintBuilder.length() % 4 != 0) {
|
||||
base64FingerprintBuilder.append("=");
|
||||
}
|
||||
fingerprintData = Base64.decode(base64FingerprintBuilder.toString());
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean verify(String hostname, int port, PublicKey key) {
|
||||
MessageDigest digest;
|
||||
try {
|
||||
digest = SecurityUtils.getMessageDigest(digestAlgorithm);
|
||||
} catch (GeneralSecurityException e) {
|
||||
throw new SSHRuntimeException(e);
|
||||
}
|
||||
digest.update(new Buffer.PlainBuffer().putPublicKey(key).getCompactData());
|
||||
|
||||
byte[] digestData = digest.digest();
|
||||
return Arrays.equals(fingerprintData, digestData);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -15,6 +15,9 @@
|
||||
*/
|
||||
package net.schmizz.sshj.userauth.keyprovider;
|
||||
|
||||
import net.schmizz.sshj.common.KeyType;
|
||||
import net.schmizz.sshj.userauth.password.*;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.io.Reader;
|
||||
@@ -22,9 +25,6 @@ import java.security.KeyPair;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.PublicKey;
|
||||
|
||||
import net.schmizz.sshj.common.KeyType;
|
||||
import net.schmizz.sshj.userauth.password.*;
|
||||
|
||||
public abstract class BaseFileKeyProvider implements FileKeyProvider {
|
||||
protected Resource<?> resource;
|
||||
protected PasswordFinder pwdf;
|
||||
|
||||
@@ -15,10 +15,10 @@
|
||||
*/
|
||||
package net.schmizz.sshj.userauth.keyprovider;
|
||||
|
||||
import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
|
||||
import net.schmizz.sshj.common.IOUtils;
|
||||
|
||||
import java.io.*;
|
||||
import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
|
||||
|
||||
public class KeyProviderUtil {
|
||||
|
||||
|
||||
@@ -15,6 +15,15 @@
|
||||
*/
|
||||
package net.schmizz.sshj.userauth.keyprovider;
|
||||
|
||||
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
|
||||
import net.schmizz.sshj.common.Base64;
|
||||
import net.schmizz.sshj.common.ByteArrayUtils;
|
||||
import net.schmizz.sshj.common.IOUtils;
|
||||
import net.schmizz.sshj.common.KeyType;
|
||||
import net.schmizz.sshj.transport.cipher.*;
|
||||
import net.schmizz.sshj.transport.digest.Digest;
|
||||
import net.schmizz.sshj.transport.digest.MD5;
|
||||
|
||||
import java.io.BufferedReader;
|
||||
import java.io.EOFException;
|
||||
import java.io.IOException;
|
||||
@@ -24,14 +33,6 @@ import java.nio.CharBuffer;
|
||||
import java.security.*;
|
||||
import java.security.spec.*;
|
||||
import java.util.Arrays;
|
||||
import javax.xml.bind.DatatypeConverter;
|
||||
|
||||
import net.schmizz.sshj.common.Base64;
|
||||
import net.schmizz.sshj.common.IOUtils;
|
||||
import net.schmizz.sshj.common.KeyType;
|
||||
import net.schmizz.sshj.transport.cipher.*;
|
||||
import net.schmizz.sshj.transport.digest.Digest;
|
||||
import net.schmizz.sshj.transport.digest.MD5;
|
||||
|
||||
/**
|
||||
* Represents a PKCS5-encoded key file. This is the format typically used by OpenSSH, OpenSSL, Amazon, etc.
|
||||
@@ -116,17 +117,17 @@ public class PKCS5KeyFile extends BaseFileKeyProvider {
|
||||
} else {
|
||||
String algorithm = line.substring(10, ptr);
|
||||
if ("DES-EDE3-CBC".equals(algorithm)) {
|
||||
cipher = new TripleDESCBC();
|
||||
cipher = BlockCiphers.TripleDESCBC().create();
|
||||
} else if ("AES-128-CBC".equals(algorithm)) {
|
||||
cipher = new AES128CBC();
|
||||
cipher = BlockCiphers.AES128CBC().create();
|
||||
} else if ("AES-192-CBC".equals(algorithm)) {
|
||||
cipher = new AES192CBC();
|
||||
cipher = BlockCiphers.AES192CBC().create();
|
||||
} else if ("AES-256-CBC".equals(algorithm)) {
|
||||
cipher = new AES256CBC();
|
||||
cipher = BlockCiphers.AES256CBC().create();
|
||||
} else {
|
||||
throw new FormatException("Not a supported algorithm: " + algorithm);
|
||||
}
|
||||
iv = Arrays.copyOfRange(DatatypeConverter.parseHexBinary(line.substring(ptr + 1)), 0, cipher.getIVSize());
|
||||
iv = Arrays.copyOfRange(ByteArrayUtils.parseHex(line.substring(ptr + 1)), 0, cipher.getIVSize());
|
||||
}
|
||||
} else if (line.length() > 0) {
|
||||
sb.append(line);
|
||||
|
||||
@@ -15,8 +15,8 @@
|
||||
*/
|
||||
package net.schmizz.sshj.userauth.keyprovider;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.KeyPair;
|
||||
import net.schmizz.sshj.common.IOUtils;
|
||||
import net.schmizz.sshj.userauth.password.PasswordUtils;
|
||||
import org.bouncycastle.openssl.EncryptionException;
|
||||
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
|
||||
import org.bouncycastle.openssl.PEMKeyPair;
|
||||
@@ -26,8 +26,8 @@ import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import net.schmizz.sshj.common.IOUtils;
|
||||
import net.schmizz.sshj.userauth.password.PasswordUtils;
|
||||
import java.io.IOException;
|
||||
import java.security.KeyPair;
|
||||
|
||||
/** Represents a PKCS8-encoded key file. This is the format used by (old-style) OpenSSH and OpenSSL. */
|
||||
public class PKCS8KeyFile extends BaseFileKeyProvider {
|
||||
|
||||
@@ -15,21 +15,21 @@
|
||||
*/
|
||||
package net.schmizz.sshj.userauth.keyprovider;
|
||||
|
||||
import net.schmizz.sshj.common.Base64;
|
||||
import net.schmizz.sshj.common.KeyType;
|
||||
import net.schmizz.sshj.userauth.password.PasswordUtils;
|
||||
import org.bouncycastle.util.encoders.Hex;
|
||||
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.Mac;
|
||||
import javax.crypto.spec.IvParameterSpec;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
import java.io.*;
|
||||
import java.math.BigInteger;
|
||||
import java.security.*;
|
||||
import java.security.spec.*;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.Mac;
|
||||
import javax.crypto.spec.IvParameterSpec;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
import org.bouncycastle.util.encoders.Hex;
|
||||
|
||||
import net.schmizz.sshj.common.Base64;
|
||||
import net.schmizz.sshj.common.KeyType;
|
||||
import net.schmizz.sshj.userauth.password.PasswordUtils;
|
||||
|
||||
/**
|
||||
* <h2>Sample PuTTY file format</h2>
|
||||
|
||||
@@ -66,7 +66,7 @@ public abstract class KeyedAuthMethod
|
||||
if (signature == null)
|
||||
throw new UserAuthException("Could not create signature instance for " + kt + " key");
|
||||
|
||||
signature.init(null, key);
|
||||
signature.initSign(key);
|
||||
signature.update(new Buffer.PlainBuffer()
|
||||
.putString(params.getTransport().getSessionID())
|
||||
.putBuffer(reqBuf) // & rest of the data for sig
|
||||
|
||||
@@ -16,7 +16,6 @@
|
||||
package net.schmizz.sshj.xfer;
|
||||
|
||||
import net.schmizz.sshj.common.LoggerFactory;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
|
||||
public abstract class AbstractFileTransfer {
|
||||
|
||||
@@ -0,0 +1,45 @@
|
||||
/*
|
||||
* Copyright (C)2009 - SSHJ Contributors
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package com.hierynomus.sshj.common
|
||||
|
||||
import net.schmizz.sshj.common.KeyType
|
||||
import net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile
|
||||
import spock.lang.Specification
|
||||
import spock.lang.Unroll
|
||||
|
||||
class KeyTypeSpec extends Specification {
|
||||
|
||||
@Unroll
|
||||
def "should determine correct keytype for #type key"() {
|
||||
given:
|
||||
OpenSSHKeyFile kf = new OpenSSHKeyFile()
|
||||
kf.init(privKey, pubKey)
|
||||
|
||||
expect:
|
||||
KeyType.fromKey(kf.getPublic()) == type
|
||||
KeyType.fromKey(kf.getPrivate()) == type
|
||||
|
||||
where:
|
||||
privKey << ["""-----BEGIN EC PRIVATE KEY-----
|
||||
MHcCAQEEIGhcvG8anyHew/xZJfozh5XIc1kmZZs6o2f0l3KFs4jgoAoGCCqGSM49
|
||||
AwEHoUQDQgAEDUA1JYVD7URSoOGdwPxjea+ETD6IABMD9CWfk3NVTNkdu/Ksn7uX
|
||||
cLTQhx4N16z1IgW2bRbSbsmM++UKXmeWyg==
|
||||
-----END EC PRIVATE KEY-----"""]
|
||||
pubKey << ["""ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA1ANSWFQ+1EUqDhncD8Y3mvhEw+iAATA/Qln5NzVUzZHbvyrJ+7l3C00IceDdes9SIFtm0W0m7JjPvlCl5nlso= SSH Key"""]
|
||||
type << [KeyType.ECDSA256]
|
||||
|
||||
}
|
||||
}
|
||||
@@ -19,6 +19,7 @@ import com.hierynomus.sshj.test.SshFixture
|
||||
import net.schmizz.sshj.connection.channel.direct.LocalPortForwarder
|
||||
import org.junit.Rule
|
||||
import spock.lang.Specification
|
||||
import spock.util.concurrent.PollingConditions
|
||||
|
||||
class LocalPortForwarderSpec extends Specification {
|
||||
@Rule
|
||||
@@ -44,6 +45,9 @@ class LocalPortForwarderSpec extends Specification {
|
||||
thread.start()
|
||||
|
||||
then:
|
||||
new PollingConditions().eventually {
|
||||
lpf.isRunning()
|
||||
}
|
||||
thread.isAlive()
|
||||
|
||||
when:
|
||||
|
||||
@@ -15,7 +15,6 @@
|
||||
*/
|
||||
package com.hierynomus.sshj.transport.verification
|
||||
|
||||
import com.hierynomus.sshj.transport.verification.KnownHostMatchers
|
||||
import spock.lang.Specification
|
||||
import spock.lang.Unroll
|
||||
|
||||
|
||||
@@ -0,0 +1,116 @@
|
||||
/*
|
||||
* Copyright (C)2009 - SSHJ Contributors
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
/*
|
||||
* Copyright (C)2009 - SSHJ Contributors
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package net.schmizz.sshj.signature
|
||||
|
||||
import spock.lang.Unroll;
|
||||
|
||||
import java.math.BigInteger;
|
||||
import java.security.KeyFactory;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.PublicKey;
|
||||
import java.security.spec.DSAPublicKeySpec;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import spock.lang.Specification
|
||||
|
||||
class SignatureDSASpec extends Specification {
|
||||
|
||||
def keyFactory = KeyFactory.getInstance("DSA")
|
||||
|
||||
private PublicKey createPublicKey(final byte[] y, final byte[] p, final byte[] q, final byte[] g) throws Exception {
|
||||
final BigInteger publicKey = new BigInteger(y);
|
||||
final BigInteger prime = new BigInteger(p);
|
||||
final BigInteger subPrime = new BigInteger(q);
|
||||
final BigInteger base = new BigInteger(g);
|
||||
final DSAPublicKeySpec dsaPubKeySpec = new DSAPublicKeySpec(publicKey, prime, subPrime, base);
|
||||
return keyFactory.generatePublic(dsaPubKeySpec);
|
||||
}
|
||||
|
||||
|
||||
@Unroll
|
||||
def "should verify signature"() {
|
||||
given:
|
||||
def signatureDSA = new SignatureDSA()
|
||||
def publicKey = createPublicKey(y, p, q, g)
|
||||
signatureDSA.initVerify(publicKey)
|
||||
|
||||
when:
|
||||
signatureDSA.update(H)
|
||||
|
||||
then:
|
||||
signatureDSA.verify(H_sig)
|
||||
|
||||
where:
|
||||
y << [[103, 23, -102, -4, -110, -90, 66, -52, -14, 125, -16, -76, -110, 33, -111, -113, -46, 27, -118, -73, 0, -19, -48, 43, -102, 56, -49, -84, 118, -10, 76, 84, -5, 84, 55, 72, -115, -34, 95, 80, 32, -120, 57, 101, -64, 111, -37, -26, 96, 55, -98, -24, -99, -81, 60, 22, 5, -55, 119, -95, -28, 114, -40, 13, 97, 65, 22, 33, 117, -59, 22, 81, -56, 98, -112, 103, -62, 90, -12, 81, 61, -67, 104, -24, 67, -18, -60, 78, -127, 44, 13, 11, -117, -118, -69, 89, -25, 26, 103, 72, -83, 114, -40, -124, -10, -31, -34, -49, -54, -15, 92, 79, -40, 14, -12, 58, -112, -30, 11, 48, 26, 121, 105, -68, 92, -93, 99, -78] as byte[],
|
||||
[0, -92, 59, 5, 72, 124, 101, 124, -18, 114, 7, 100, 98, -61, 73, -104, 120, -98, 54, 118, 17, -62, 91, -110, 29, 98, 50, -101, -41, 99, -116, 101, 107, -123, 124, -97, 62, 119, 88, -109, -110, -1, 109, 119, -51, 69, -98, -105, 2, -69, -121, -82, -118, 23, -6, 96, -61, -65, 102, -58, -74, 32, -104, 116, -6, -35, -83, -10, -88, -68, 106, -112, 72, -2, 35, 38, 15, -11, -22, 30, -114, -46, -47, -18, -17, -71, 24, -25, 28, 13, 29, -40, 101, 18, 81, 45, -120, -67, -53, -41, 11, 50, -89, -33, 50, 54, -14, -91, -35, 12, -42, 13, -84, -19, 100, -3, -85, -18, 74, 99, -49, 64, -49, 51, -83, -82, -127, 116, 64] as byte[]]
|
||||
p << [[0, -3, 127, 83, -127, 29, 117, 18, 41, 82, -33, 74, -100, 46, -20, -28, -25, -10, 17, -73, 82, 60, -17, 68,
|
||||
0, -61, 30, 63, -128, -74, 81, 38, 105, 69, 93, 64, 34, 81, -5, 89, 61, -115, 88, -6, -65, -59, -11, -70,
|
||||
48, -10, -53, -101, 85, 108, -41, -127, 59, -128, 29, 52, 111, -14, 102, 96, -73, 107, -103, 80, -91, -92,
|
||||
-97, -97, -24, 4, 123, 16, 34, -62, 79, -69, -87, -41, -2, -73, -58, 27, -8, 59, 87, -25, -58, -88, -90, 21,
|
||||
15, 4, -5, -125, -10, -45, -59, 30, -61, 2, 53, 84, 19, 90, 22, -111, 50, -10, 117, -13, -82, 43, 97, -41,
|
||||
42, -17, -14, 34, 3, 25, -99, -47, 72, 1, -57] as byte[],
|
||||
[0, -3, 127, 83, -127, 29, 117, 18, 41, 82, -33, 74, -100, 46, -20, -28, -25, -10, 17, -73, 82, 60, -17, 68,
|
||||
0, -61, 30, 63, -128, -74, 81, 38, 105, 69, 93, 64, 34, 81, -5, 89, 61, -115, 88, -6, -65, -59, -11, -70,
|
||||
48, -10, -53, -101, 85, 108, -41, -127, 59, -128, 29, 52, 111, -14, 102, 96, -73, 107, -103, 80, -91, -92,
|
||||
-97, -97, -24, 4, 123, 16, 34, -62, 79, -69, -87, -41, -2, -73, -58, 27, -8, 59, 87, -25, -58, -88, -90, 21,
|
||||
15, 4, -5, -125, -10, -45, -59, 30, -61, 2, 53, 84, 19, 90, 22, -111, 50, -10, 117, -13, -82, 43, 97, -41,
|
||||
42, -17, -14, 34, 3, 25, -99, -47, 72, 1, -57] as byte[]]
|
||||
q << [[0, -105, 96, 80, -113, 21, 35, 11, -52, -78, -110, -71, -126, -94, -21, -124, 11, -16, 88, 28, -11] as byte[],
|
||||
[0, -105, 96, 80, -113, 21, 35, 11, -52, -78, -110, -71, -126, -94, -21, -124, 11, -16, 88, 28, -11] as byte[]]
|
||||
g << [[0, -9, -31, -96, -123, -42, -101, 61, -34, -53, -68, -85, 92, 54, -72, 87, -71, 121, -108, -81, -69, -6, 58,
|
||||
-22, -126, -7, 87, 76, 11, 61, 7, -126, 103, 81, 89, 87, -114, -70, -44, 89, 79, -26, 113, 7, 16, -127,
|
||||
-128, -76, 73, 22, 113, 35, -24, 76, 40, 22, 19, -73, -49, 9, 50, -116, -56, -90, -31, 60, 22, 122, -117,
|
||||
84, 124, -115, 40, -32, -93, -82, 30, 43, -77, -90, 117, -111, 110, -93, 127, 11, -6, 33, 53, 98, -15, -5,
|
||||
98, 122, 1, 36, 59, -52, -92, -15, -66, -88, 81, -112, -119, -88, -125, -33, -31, 90, -27, -97, 6, -110,
|
||||
-117, 102, 94, -128, 123, 85, 37, 100, 1, 76, 59, -2, -49, 73, 42] as byte[],
|
||||
[0, -9, -31, -96, -123, -42, -101, 61, -34, -53, -68, -85, 92, 54, -72, 87, -71, 121, -108, -81, -69, -6, 58,
|
||||
-22, -126, -7, 87, 76, 11, 61, 7, -126, 103, 81, 89, 87, -114, -70, -44, 89, 79, -26, 113, 7, 16, -127,
|
||||
-128, -76, 73, 22, 113, 35, -24, 76, 40, 22, 19, -73, -49, 9, 50, -116, -56, -90, -31, 60, 22, 122, -117,
|
||||
84, 124, -115, 40, -32, -93, -82, 30, 43, -77, -90, 117, -111, 110, -93, 127, 11, -6, 33, 53, 98, -15, -5,
|
||||
98, 122, 1, 36, 59, -52, -92, -15, -66, -88, 81, -112, -119, -88, -125, -33, -31, 90, -27, -97, 6, -110,
|
||||
-117, 102, 94, -128, 123, 85, 37, 100, 1, 76, 59, -2, -49, 73, 42] as byte[]]
|
||||
H << [[-13, 20, 103, 73, 115, -68, 113, 74, -25, 12, -90, 19, 56, 73, -7, -49, -118, 107, -69, -39, -6, 82, -123,
|
||||
54, -10, -43, 16, -117, -59, 36, -49, 27] as byte[],
|
||||
[-4, 111, -103, 111, 72, -106, 105, -19, 81, -123, 84, -13, -40, -53, -3, -97, -8, 43, -22, -2, -23, -15, 28,
|
||||
116, -63, 96, -79, -127, -84, 63, -6, -94] as byte[]]
|
||||
H_sig << [[0, 0, 0, 7, 115, 115, 104, 45, 100, 115, 115, 0, 0, 0, 40, -113, -52, 88, -117, 80, -105, -92, -124, -49,
|
||||
56, -35, 90, -9, -128, 31, -33, -18, 13, -5, 7, 108, -2, 92, 108, 85, 58, 39, 99, 122, -118, 125, -121, 21,
|
||||
-37, 2, 55, 109, -23, -125, 4] as byte[],
|
||||
[0, 0, 0, 7, 115, 115, 104, 45, 100, 115, 115, 0, 0, 0, 40, 0, 79, 84, 118, -50, 11, -117, -112, 52, -25,
|
||||
-78, -50, -20, 6, -69, -26, 7, 90, -34, -124, 80, 76, -32, -23, -8, 43, 38, -48, -89, -17, -60, -1, -78,
|
||||
112, -88, 14, -39, -78, -98, -80] as byte[]]
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,58 @@
|
||||
/*
|
||||
* Copyright (C)2009 - SSHJ Contributors
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package net.schmizz.sshj.transport.verification
|
||||
|
||||
import net.schmizz.sshj.common.Base64
|
||||
import net.schmizz.sshj.common.Buffer
|
||||
import spock.lang.Specification
|
||||
import spock.lang.Unroll
|
||||
|
||||
class FingerprintVerifierSpec extends Specification {
|
||||
|
||||
@Unroll
|
||||
def "should accept #digest fingerprints"() {
|
||||
given:
|
||||
def verifier = FingerprintVerifier.getInstance(fingerprint)
|
||||
expect:
|
||||
verifier.verify("", 0, getPublicKey())
|
||||
where:
|
||||
digest << ["SHA-1", "SHA-256", "MD5", "old style"]
|
||||
fingerprint << ["SHA1:2Fo8c/96zv32xc8GZWbOGYOlRak=",
|
||||
"SHA256:oQGbQTujGeNIgh0ONthcEpA/BHxtt3rcYY+NxXTxQjs=",
|
||||
"MD5:d3:5e:40:72:db:08:f1:6d:0c:d7:6d:35:0d:ba:7c:32",
|
||||
"d3:5e:40:72:db:08:f1:6d:0c:d7:6d:35:0d:ba:7c:32"]
|
||||
}
|
||||
|
||||
@Unroll
|
||||
def "should accept too short #digest fingerprints"() {
|
||||
given:
|
||||
def verifier = FingerprintVerifier.getInstance(fingerprint)
|
||||
expect:
|
||||
verifier.verify("", 0, getPublicKey())
|
||||
where:
|
||||
digest << ["SHA-1", "SHA-256"]
|
||||
fingerprint << ["SHA1:2Fo8c/96zv32xc8GZWbOGYOlRak",
|
||||
"SHA256:oQGbQTujGeNIgh0ONthcEpA/BHxtt3rcYY+NxXTxQjs"]
|
||||
|
||||
}
|
||||
|
||||
|
||||
def getPublicKey() {
|
||||
def lines = new File("src/test/resources/keytypes/test_ed25519.pub").readLines()
|
||||
def keystring = lines[0].split(" ")[1]
|
||||
return new Buffer.PlainBuffer(Base64.decode(keystring)).readPublicKey()
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,37 @@
|
||||
/*
|
||||
* Copyright (C)2009 - SSHJ Contributors
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package net.schmizz.sshj.userauth.password
|
||||
|
||||
import spock.lang.Specification
|
||||
|
||||
class ConsolePasswordFinderSpec extends Specification {
|
||||
|
||||
// def "should read password from console"() {
|
||||
// given:
|
||||
// def console = Mock(Console) {
|
||||
// readPassword(*_) >> "password".toCharArray()
|
||||
// }
|
||||
// def cpf = new ConsolePasswordFinder(console)
|
||||
// def resource = new AccountResource("test", "localhost")
|
||||
//
|
||||
// when:
|
||||
// def password = cpf.reqPassword(resource)
|
||||
//
|
||||
// then:
|
||||
// password == "password".toCharArray()
|
||||
//
|
||||
// }
|
||||
}
|
||||
@@ -15,14 +15,14 @@
|
||||
*/
|
||||
package com.hierynomus.sshj;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import org.junit.Ignore;
|
||||
import org.junit.Test;
|
||||
|
||||
import net.schmizz.sshj.DefaultConfig;
|
||||
import net.schmizz.sshj.SSHClient;
|
||||
import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts;
|
||||
import org.junit.Ignore;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
|
||||
|
||||
@@ -17,12 +17,11 @@ package net.schmizz.sshj.common;
|
||||
|
||||
import net.schmizz.sshj.common.Buffer.BufferException;
|
||||
import net.schmizz.sshj.common.Buffer.PlainBuffer;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.math.BigInteger;
|
||||
|
||||
import org.junit.Test;
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
public class BufferTest {
|
||||
|
||||
|
||||
@@ -15,13 +15,18 @@
|
||||
*/
|
||||
package net.schmizz.sshj.keyprovider;
|
||||
|
||||
import static org.hamcrest.CoreMatchers.containsString;
|
||||
import static org.hamcrest.CoreMatchers.equalTo;
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.junit.Assert.assertArrayEquals;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import com.hierynomus.sshj.userauth.certificate.Certificate;
|
||||
import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
|
||||
import net.schmizz.sshj.common.KeyType;
|
||||
import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider;
|
||||
import net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile;
|
||||
import net.schmizz.sshj.userauth.password.PasswordFinder;
|
||||
import net.schmizz.sshj.userauth.password.PasswordUtils;
|
||||
import net.schmizz.sshj.userauth.password.Resource;
|
||||
import net.schmizz.sshj.util.KeyUtil;
|
||||
import org.apache.sshd.common.util.SecurityUtils;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
@@ -39,20 +44,10 @@ import java.util.Date;
|
||||
import java.util.Map;
|
||||
import java.util.Scanner;
|
||||
|
||||
import org.apache.sshd.common.util.SecurityUtils;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
import com.hierynomus.sshj.userauth.certificate.Certificate;
|
||||
import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
|
||||
|
||||
import net.schmizz.sshj.common.KeyType;
|
||||
import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider;
|
||||
import net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile;
|
||||
import net.schmizz.sshj.userauth.password.PasswordFinder;
|
||||
import net.schmizz.sshj.userauth.password.PasswordUtils;
|
||||
import net.schmizz.sshj.userauth.password.Resource;
|
||||
import net.schmizz.sshj.util.KeyUtil;
|
||||
import static org.hamcrest.CoreMatchers.containsString;
|
||||
import static org.hamcrest.CoreMatchers.equalTo;
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
public class OpenSSHKeyFileTest {
|
||||
|
||||
|
||||
@@ -15,13 +15,12 @@
|
||||
*/
|
||||
package net.schmizz.sshj.sftp;
|
||||
|
||||
import net.schmizz.sshj.common.LoggerFactory;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import net.schmizz.sshj.common.LoggerFactory;
|
||||
|
||||
import static net.schmizz.sshj.sftp.PathHelper.DEFAULT_PATH_SEPARATOR;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
|
||||
@@ -0,0 +1,68 @@
|
||||
/*
|
||||
* Copyright (C)2009 - SSHJ Contributors
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package net.schmizz.sshj.signature;
|
||||
|
||||
import java.math.BigInteger;
|
||||
import java.security.KeyFactory;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.spec.DSAPrivateKeySpec;
|
||||
import java.security.spec.DSAPublicKeySpec;
|
||||
import java.util.Arrays;
|
||||
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
import net.schmizz.sshj.common.Buffer;
|
||||
import net.schmizz.sshj.common.IOUtils;
|
||||
|
||||
public class SignatureDSATest {
|
||||
|
||||
private KeyFactory keyFactory;
|
||||
|
||||
@Before
|
||||
public void setUp() throws NoSuchAlgorithmException {
|
||||
keyFactory = KeyFactory.getInstance("DSA");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSignAndVerify() throws Exception {
|
||||
BigInteger x = new BigInteger(new byte[] { 58, 19, -71, -30, 89, -111, 75, 98, 110, 38, -56, -23, 68, 74, -40, 17, -30, 37, 50, 35 });
|
||||
BigInteger y = new BigInteger(new byte[] { 32, -91, -39, 54, 19, 14, 26, 113, -109, -92, -45, 83, -86, 23, -103, 108, 102, 86, 110, 78, -45, -41, -37, 38, -94, -92, -124, -36, -93, 92, 127, 113, 97, -119, -10, -73, -41, -45, 98, -104, -54, -9, -92, 66, 15, 31, 68, -32, 32, -121, -51, 68, 29, 100, 59, 60, 109, 111, -81, 80, 7, 127, 116, -107, 88, -114, -114, -69, 41, -15, 59, 81, 70, 9, -113, 36, 119, 28, 16, -127, -65, 32, -19, 109, -27, 24, -48, -80, 84, 47, 119, 25, 57, -118, -66, -22, -105, -11, 112, 16, -91, -127, 62, 23, 89, -17, -43, -105, -4, -43, 60, 42, -81, -95, -27, -8, 98, -37, 120, 80, -76, 93, -24, -104, -117, 38, -56, -68 });
|
||||
BigInteger p = new BigInteger(new byte[] { 0, -3, 127, 83, -127, 29, 117, 18, 41, 82, -33, 74, -100, 46, -20, -28, -25, -10, 17, -73, 82, 60, -17, 68, 0, -61, 30, 63, -128, -74, 81, 38, 105, 69, 93, 64, 34, 81, -5, 89, 61, -115, 88, -6, -65, -59, -11, -70, 48, -10, -53, -101, 85, 108, -41, -127, 59, -128, 29, 52, 111, -14, 102, 96, -73, 107, -103, 80, -91, -92, -97, -97, -24, 4, 123, 16, 34, -62, 79, -69, -87, -41, -2, -73, -58, 27, -8, 59, 87, -25, -58, -88, -90, 21, 15, 4, -5, -125, -10, -45, -59, 30, -61, 2, 53, 84, 19, 90, 22, -111, 50, -10, 117, -13, -82, 43, 97, -41, 42, -17, -14, 34, 3, 25, -99, -47, 72, 1, -57 });
|
||||
BigInteger q = new BigInteger(new byte[] { 0, -105, 96, 80, -113, 21, 35, 11, -52, -78, -110, -71, -126, -94, -21, -124, 11, -16, 88, 28, -11 });
|
||||
BigInteger g = new BigInteger(new byte[] { 0, -9, -31, -96, -123, -42, -101, 61, -34, -53, -68, -85, 92, 54, -72, 87, -71, 121, -108, -81, -69, -6, 58, -22, -126, -7, 87, 76, 11, 61, 7, -126, 103, 81, 89, 87, -114, -70, -44, 89, 79, -26, 113, 7, 16, -127, -128, -76, 73, 22, 113, 35, -24, 76, 40, 22, 19, -73, -49, 9, 50, -116, -56, -90, -31, 60, 22, 122, -117, 84, 124, -115, 40, -32, -93, -82, 30, 43, -77, -90, 117, -111, 110, -93, 127, 11, -6, 33, 53, 98, -15, -5, 98, 122, 1, 36, 59, -52, -92, -15, -66, -88, 81, -112, -119, -88, -125, -33, -31, 90, -27, -97, 6, -110, -117, 102, 94, -128, 123, 85, 37, 100, 1, 76, 59, -2, -49, 73, 42 });
|
||||
|
||||
byte[] data = "The Magic Words are Squeamish Ossifrage".getBytes(IOUtils.UTF8);
|
||||
|
||||
// A previously signed and verified signature using the data and DSA key parameters above.
|
||||
byte[] dataSig = new byte[] { 0, 0, 0, 7, 115, 115, 104, 45, 100, 115, 115, 0, 0, 0, 40, 40, -71, 33, 105, -89, -107, 8, 26, -13, -90, 73, -103, 105, 112, 7, -59, -66, 46, 85, -27, 20, 82, 22, -113, -75, -86, -121, -42, -73, 78, 66, 93, -34, 39, -50, -93, 27, -5, 37, -92 };
|
||||
|
||||
SignatureDSA signatureForSigning = new SignatureDSA();
|
||||
signatureForSigning.initSign(keyFactory.generatePrivate(new DSAPrivateKeySpec(x, p, q, g)));
|
||||
signatureForSigning.update(data);
|
||||
byte[] sigBlob = signatureForSigning.encode(signatureForSigning.sign());
|
||||
byte[] sigFull = new Buffer.PlainBuffer().putString("ssh-dss").putBytes(sigBlob).getCompactData();
|
||||
|
||||
SignatureDSA signatureForVerifying = new SignatureDSA();
|
||||
signatureForVerifying.initVerify(keyFactory.generatePublic(new DSAPublicKeySpec(y, p, q, g)));
|
||||
signatureForVerifying.update(data);
|
||||
Assert.assertTrue("Failed to verify signature: " + Arrays.toString(sigFull), signatureForVerifying.verify(sigFull));
|
||||
signatureForVerifying.update(data);
|
||||
Assert.assertTrue("Failed to verify signature: " + Arrays.toString(dataSig), signatureForVerifying.verify(dataSig));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -15,15 +15,14 @@
|
||||
*/
|
||||
package net.schmizz.sshj.signature;
|
||||
|
||||
import java.security.PublicKey;
|
||||
|
||||
import net.schmizz.sshj.common.Buffer;
|
||||
import net.schmizz.sshj.common.Buffer.BufferException;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
|
||||
import net.schmizz.sshj.common.Buffer;
|
||||
import net.schmizz.sshj.common.Buffer.BufferException;
|
||||
import java.security.PublicKey;
|
||||
|
||||
public class VerificationTest {
|
||||
public class SignatureECDSATest {
|
||||
|
||||
@Test
|
||||
public void testECDSA256Verifies() throws BufferException {
|
||||
@@ -34,7 +33,7 @@ public class VerificationTest {
|
||||
PublicKey hostKey = new Buffer.PlainBuffer(K_S).readPublicKey();
|
||||
|
||||
Signature signature = new SignatureECDSA.Factory256().create();
|
||||
signature.init(hostKey, null);
|
||||
signature.initVerify(hostKey);
|
||||
signature.update(H, 0, H.length);
|
||||
|
||||
Assert.assertTrue("ECDSA256 signature verifies", signature.verify(sig));
|
||||
@@ -49,7 +48,7 @@ public class VerificationTest {
|
||||
PublicKey hostKey = new Buffer.PlainBuffer(K_S).readPublicKey();
|
||||
|
||||
Signature signature = new SignatureECDSA.Factory384().create();
|
||||
signature.init(hostKey, null);
|
||||
signature.initVerify(hostKey);
|
||||
signature.update(H, 0, H.length);
|
||||
|
||||
Assert.assertTrue("ECDSA384 signature verifies", signature.verify(sig));
|
||||
@@ -64,7 +63,7 @@ public class VerificationTest {
|
||||
PublicKey hostKey = new Buffer.PlainBuffer(K_S).readPublicKey();
|
||||
|
||||
Signature signature = new SignatureECDSA.Factory521().create();
|
||||
signature.init(hostKey, null);
|
||||
signature.initVerify(hostKey);
|
||||
signature.update(H, 0, H.length);
|
||||
|
||||
Assert.assertTrue("ECDSA521 signature verifies", signature.verify(sig));
|
||||
@@ -32,7 +32,6 @@ package net.schmizz.sshj.util;
|
||||
|
||||
import net.schmizz.sshj.common.Buffer;
|
||||
import net.schmizz.sshj.common.IOUtils;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
|
||||
@@ -15,9 +15,8 @@
|
||||
*/
|
||||
package net.schmizz.sshj.util.gss;
|
||||
|
||||
import org.ietf.jgss.*;
|
||||
|
||||
import net.schmizz.sshj.common.IOUtils;
|
||||
import org.ietf.jgss.*;
|
||||
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
|
||||
Reference in New Issue
Block a user