/// <exception cref="System.Exception"></exception>
public override void Init(Session session, byte[] V_S, byte[] V_C, byte[] I_S, byte
[] I_C)
{
throw new NotSupportedException (); // The crypto for this method is unusably slow
this.session = session;
this.V_S = V_S;
this.V_C = V_C;
this.I_S = I_S;
this.I_C = I_C;
try
{
Type c = Sharpen.Runtime.GetType(session.GetConfig("sha-1"));
sha = (HASH)(System.Activator.CreateInstance(c));
sha.Init();
}
catch (Exception ex)
{
System.Console.Error.WriteLine(e);
}
buf = new Buffer();
packet = new Packet(buf);
try
{
Type c = Sharpen.Runtime.GetType(session.GetConfig("dh"));
dh = (NSch.DH)(System.Activator.CreateInstance(c));
dh.Init();
}
catch (Exception ex)
{
//System.err.println(e);
throw;
}
dh.SetP(p);
dh.SetG(g);
// The client responds with:
// byte SSH_MSG_KEXDH_INIT(30)
// mpint e <- g^x mod p
// x is a random number (1 < x < (p-1)/2)
e = dh.GetE();
packet.Reset();
buf.PutByte(unchecked((byte)SSH_MSG_KEXDH_INIT));
buf.PutMPInt(e);
if (V_S == null)
{
// This is a really ugly hack for Session.checkKexes ;-(
return;
}
session.Write(packet);
if (JSch.GetLogger().IsEnabled(Logger.INFO))
{
JSch.GetLogger().Log(Logger.INFO, "SSH_MSG_KEXDH_INIT sent");
JSch.GetLogger().Log(Logger.INFO, "expecting SSH_MSG_KEXDH_REPLY");
}
state = SSH_MSG_KEXDH_REPLY;
}
/// <exception cref="System.Exception"></exception>
public override bool Next(Buffer _buf)
{
int i;
int j;
switch (state)
{
case SSH_MSG_KEX_DH_GEX_GROUP:
{
// byte SSH_MSG_KEX_DH_GEX_GROUP(31)
// mpint p, safe prime
// mpint g, generator for subgroup in GF (p)
_buf.GetInt();
_buf.GetByte();
j = _buf.GetByte();
if (j != SSH_MSG_KEX_DH_GEX_GROUP)
{
System.Console.Error.WriteLine("type: must be SSH_MSG_KEX_DH_GEX_GROUP " + j);
return(false);
}
p = _buf.GetMPInt();
g = _buf.GetMPInt();
dh.SetP(p);
dh.SetG(g);
// The client responds with:
// byte SSH_MSG_KEX_DH_GEX_INIT(32)
// mpint e <- g^x mod p
// x is a random number (1 < x < (p-1)/2)
e = dh.GetE();
packet.Reset();
buf.PutByte(unchecked ((byte)SSH_MSG_KEX_DH_GEX_INIT));
buf.PutMPInt(e);
session.Write(packet);
if (JSch.GetLogger().IsEnabled(Logger.INFO))
{
JSch.GetLogger().Log(Logger.INFO, "SSH_MSG_KEX_DH_GEX_INIT sent");
JSch.GetLogger().Log(Logger.INFO, "expecting SSH_MSG_KEX_DH_GEX_REPLY");
}
state = SSH_MSG_KEX_DH_GEX_REPLY;
return(true);
}
case SSH_MSG_KEX_DH_GEX_REPLY:
{
//break;
// The server responds with:
// byte SSH_MSG_KEX_DH_GEX_REPLY(33)
// string server public host key and certificates (K_S)
// mpint f
// string signature of H
j = _buf.GetInt();
j = _buf.GetByte();
j = _buf.GetByte();
if (j != SSH_MSG_KEX_DH_GEX_REPLY)
{
System.Console.Error.WriteLine("type: must be SSH_MSG_KEX_DH_GEX_REPLY " + j);
return(false);
}
K_S = _buf.GetString();
// K_S is server_key_blob, which includes ....
// string ssh-dss
// impint p of dsa
// impint q of dsa
// impint g of dsa
// impint pub_key of dsa
//System.err.print("K_S: "); dump(K_S, 0, K_S.length);
byte[] f = _buf.GetMPInt();
byte[] sig_of_H = _buf.GetString();
dh.SetF(f);
K = dh.GetK();
//The hash H is computed as the HASH hash of the concatenation of the
//following:
// string V_C, the client's version string (CR and NL excluded)
// string V_S, the server's version string (CR and NL excluded)
// string I_C, the payload of the client's SSH_MSG_KEXINIT
// string I_S, the payload of the server's SSH_MSG_KEXINIT
// string K_S, the host key
// uint32 min, minimal size in bits of an acceptable group
// uint32 n, preferred size in bits of the group the server should send
// uint32 max, maximal size in bits of an acceptable group
// mpint p, safe prime
// mpint g, generator for subgroup
// mpint e, exchange value sent by the client
// mpint f, exchange value sent by the server
// mpint K, the shared secret
// This value is called the exchange hash, and it is used to authenti-
// cate the key exchange.
buf.Reset();
buf.PutString(V_C);
buf.PutString(V_S);
buf.PutString(I_C);
buf.PutString(I_S);
buf.PutString(K_S);
buf.PutInt(min);
buf.PutInt(preferred);
buf.PutInt(max);
buf.PutMPInt(p);
buf.PutMPInt(g);
buf.PutMPInt(e);
buf.PutMPInt(f);
buf.PutMPInt(K);
byte[] foo = new byte[buf.GetLength()];
buf.GetByte(foo);
sha.Update(foo, 0, foo.Length);
H = sha.Digest();
// System.err.print("H -> "); dump(H, 0, H.length);
i = 0;
j = 0;
j = ((K_S[i++] << 24) & unchecked ((int)(0xff000000))) | ((K_S[i++] << 16) & unchecked (
(int)(0x00ff0000))) | ((K_S[i++] << 8) & unchecked ((int)(0x0000ff00))) | ((K_S[i
++]) & unchecked ((int)(0x000000ff)));
string alg = Util.Byte2str(K_S, i, j);
i += j;
bool result = false;
if (alg.Equals("ssh-rsa"))
{
byte[] tmp;
byte[] ee;
byte[] n;
type = RSA;
j = ((K_S[i++] << 24) & unchecked ((int)(0xff000000))) | ((K_S[i++] << 16) & unchecked (
(int)(0x00ff0000))) | ((K_S[i++] << 8) & unchecked ((int)(0x0000ff00))) | ((K_S[i
++]) & unchecked ((int)(0x000000ff)));
tmp = new byte[j];
System.Array.Copy(K_S, i, tmp, 0, j);
i += j;
ee = tmp;
j = ((K_S[i++] << 24) & unchecked ((int)(0xff000000))) | ((K_S[i++] << 16) & unchecked (
(int)(0x00ff0000))) | ((K_S[i++] << 8) & unchecked ((int)(0x0000ff00))) | ((K_S[i
++]) & unchecked ((int)(0x000000ff)));
tmp = new byte[j];
System.Array.Copy(K_S, i, tmp, 0, j);
i += j;
n = tmp;
// SignatureRSA sig=new SignatureRSA();
// sig.init();
NSch.SignatureRSA sig = null;
try
{
Type c = Sharpen.Runtime.GetType(session.GetConfig("signature.rsa"));
sig = (NSch.SignatureRSA)(System.Activator.CreateInstance(c));
sig.Init();
}
catch (Exception ex)
{
System.Console.Error.WriteLine(ex);
}
sig.SetPubKey(ee, n);
sig.Update(H);
result = sig.Verify(sig_of_H);
if (JSch.GetLogger().IsEnabled(Logger.INFO))
{
JSch.GetLogger().Log(Logger.INFO, "ssh_rsa_verify: signature " + result);
}
}
else
{
if (alg.Equals("ssh-dss"))
{
byte[] q = null;
byte[] tmp;
type = DSS;
j = ((K_S[i++] << 24) & unchecked ((int)(0xff000000))) | ((K_S[i++] << 16) & unchecked (
(int)(0x00ff0000))) | ((K_S[i++] << 8) & unchecked ((int)(0x0000ff00))) | ((K_S[i
++]) & unchecked ((int)(0x000000ff)));
tmp = new byte[j];
System.Array.Copy(K_S, i, tmp, 0, j);
i += j;
p = tmp;
j = ((K_S[i++] << 24) & unchecked ((int)(0xff000000))) | ((K_S[i++] << 16) & unchecked (
(int)(0x00ff0000))) | ((K_S[i++] << 8) & unchecked ((int)(0x0000ff00))) | ((K_S[i
++]) & unchecked ((int)(0x000000ff)));
tmp = new byte[j];
System.Array.Copy(K_S, i, tmp, 0, j);
i += j;
q = tmp;
j = ((K_S[i++] << 24) & unchecked ((int)(0xff000000))) | ((K_S[i++] << 16) & unchecked (
(int)(0x00ff0000))) | ((K_S[i++] << 8) & unchecked ((int)(0x0000ff00))) | ((K_S[i
++]) & unchecked ((int)(0x000000ff)));
tmp = new byte[j];
System.Array.Copy(K_S, i, tmp, 0, j);
i += j;
g = tmp;
j = ((K_S[i++] << 24) & unchecked ((int)(0xff000000))) | ((K_S[i++] << 16) & unchecked (
(int)(0x00ff0000))) | ((K_S[i++] << 8) & unchecked ((int)(0x0000ff00))) | ((K_S[i
++]) & unchecked ((int)(0x000000ff)));
tmp = new byte[j];
System.Array.Copy(K_S, i, tmp, 0, j);
i += j;
f = tmp;
// SignatureDSA sig=new SignatureDSA();
// sig.init();
NSch.SignatureDSA sig = null;
try
{
Type c = Sharpen.Runtime.GetType(session.GetConfig("signature.dss"));
sig = (NSch.SignatureDSA)(System.Activator.CreateInstance(c));
sig.Init();
}
catch (Exception ex)
{
System.Console.Error.WriteLine(ex);
}
sig.SetPubKey(f, p, q, g);
sig.Update(H);
result = sig.Verify(sig_of_H);
if (JSch.GetLogger().IsEnabled(Logger.INFO))
{
JSch.GetLogger().Log(Logger.INFO, "ssh_dss_verify: signature " + result);
}
}
else
{
System.Console.Error.WriteLine("unknown alg");
}
}
state = STATE_END;
return(result);
}
}
return(false);
}