/// <exception cref="System.Exception"></exception> private void UpdateKeys(KeyExchange kex) { byte[] K = kex.GetK(); byte[] H = kex.GetH(); HASH hash = kex.GetHash(); // String[] guess=kex.guess; if (session_id == null) { session_id = new byte[H.Length]; System.Array.Copy(H, 0, session_id, 0, H.Length); } buf.Reset(); buf.PutMPInt(K); buf.PutByte(H); buf.PutByte(unchecked((byte)unchecked((int)(0x41)))); buf.PutByte(session_id); hash.Update(buf.buffer, 0, buf.index); IVc2s = hash.Digest(); int j = buf.index - session_id.Length - 1; buf.buffer[j]++; hash.Update(buf.buffer, 0, buf.index); IVs2c = hash.Digest(); buf.buffer[j]++; hash.Update(buf.buffer, 0, buf.index); Ec2s = hash.Digest(); buf.buffer[j]++; hash.Update(buf.buffer, 0, buf.index); Es2c = hash.Digest(); buf.buffer[j]++; hash.Update(buf.buffer, 0, buf.index); MACc2s = hash.Digest(); buf.buffer[j]++; hash.Update(buf.buffer, 0, buf.index); MACs2c = hash.Digest(); try { Type c; string method; method = guess[KeyExchange.PROPOSAL_ENC_ALGS_STOC]; c = Sharpen.Runtime.GetType(GetConfig(method)); s2ccipher = (NSch.Cipher)(System.Activator.CreateInstance(c)); while (s2ccipher.GetBlockSize() > Es2c.Length) { buf.Reset(); buf.PutMPInt(K); buf.PutByte(H); buf.PutByte(Es2c); hash.Update(buf.buffer, 0, buf.index); byte[] foo = hash.Digest(); byte[] bar = new byte[Es2c.Length + foo.Length]; System.Array.Copy(Es2c, 0, bar, 0, Es2c.Length); System.Array.Copy(foo, 0, bar, Es2c.Length, foo.Length); Es2c = bar; } s2ccipher.Init(NSch.Cipher.DECRYPT_MODE, Es2c, IVs2c); s2ccipher_size = s2ccipher.GetIVSize(); method = guess[KeyExchange.PROPOSAL_MAC_ALGS_STOC]; c = Sharpen.Runtime.GetType(GetConfig(method)); s2cmac = (MAC)(System.Activator.CreateInstance(c)); s2cmac.Init(MACs2c); //mac_buf=new byte[s2cmac.getBlockSize()]; s2cmac_result1 = new byte[s2cmac.GetBlockSize()]; s2cmac_result2 = new byte[s2cmac.GetBlockSize()]; method = guess[KeyExchange.PROPOSAL_ENC_ALGS_CTOS]; c = Sharpen.Runtime.GetType(GetConfig(method)); c2scipher = (NSch.Cipher)(System.Activator.CreateInstance(c)); while (c2scipher.GetBlockSize() > Ec2s.Length) { buf.Reset(); buf.PutMPInt(K); buf.PutByte(H); buf.PutByte(Ec2s); hash.Update(buf.buffer, 0, buf.index); byte[] foo = hash.Digest(); byte[] bar = new byte[Ec2s.Length + foo.Length]; System.Array.Copy(Ec2s, 0, bar, 0, Ec2s.Length); System.Array.Copy(foo, 0, bar, Ec2s.Length, foo.Length); Ec2s = bar; } c2scipher.Init(NSch.Cipher.ENCRYPT_MODE, Ec2s, IVc2s); c2scipher_size = c2scipher.GetIVSize(); method = guess[KeyExchange.PROPOSAL_MAC_ALGS_CTOS]; c = Sharpen.Runtime.GetType(GetConfig(method)); c2smac = (MAC)(System.Activator.CreateInstance(c)); c2smac.Init(MACc2s); method = guess[KeyExchange.PROPOSAL_COMP_ALGS_CTOS]; InitDeflater(method); method = guess[KeyExchange.PROPOSAL_COMP_ALGS_STOC]; InitInflater(method); } catch (Exception e) { if (e is JSchException) { throw; } throw new JSchException(e.ToString(), e); } }
/// <exception cref="NSch.JSchException"></exception> private void CheckHost(string chost, int port, KeyExchange kex) { string shkc = GetConfig("StrictHostKeyChecking"); if (hostKeyAlias != null) { chost = hostKeyAlias; } //System.err.println("shkc: "+shkc); byte[] K_S = kex.GetHostKey(); string key_type = kex.GetKeyType(); string key_fprint = kex.GetFingerPrint(); if (hostKeyAlias == null && port != 22) { chost = ("[" + chost + "]:" + port); } // hostkey=new HostKey(chost, K_S); HostKeyRepository hkr = jsch.GetHostKeyRepository(); int i = 0; lock (hkr) { i = hkr.Check(chost, K_S); } bool insert = false; if ((shkc.Equals("ask") || shkc.Equals("yes")) && i == HostKeyRepository.CHANGED) { string file = null; lock (hkr) { file = hkr.GetKnownHostsRepositoryID(); } if (file == null) { file = "known_hosts"; } bool b = false; if (userinfo != null) { string message = "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!\n" + "IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\n" + "Someone could be eavesdropping on you right now (man-in-the-middle attack)!\n" + "It is also possible that the " + key_type + " host key has just been changed.\n" + "The fingerprint for the " + key_type + " key sent by the remote host is\n" + key_fprint + ".\n" + "Please contact your system administrator.\n" + "Add correct host key in " + file + " to get rid of this message."; if (shkc.Equals("ask")) { b = userinfo.PromptYesNo(message + "\nDo you want to delete the old key and insert the new key?" ); } else { // shkc.equals("yes") userinfo.ShowMessage(message); } } if (!b) { throw new JSchException("HostKey has been changed: " + chost); } lock (hkr) { hkr.Remove(chost, (key_type.Equals("DSA") ? "ssh-dss" : "ssh-rsa"), null); insert = true; } } if ((shkc.Equals("ask") || shkc.Equals("yes")) && (i != HostKeyRepository.OK) && !insert) { if (shkc.Equals("yes")) { throw new JSchException("reject HostKey: " + host); } //System.err.println("finger-print: "+key_fprint); if (userinfo != null) { bool foo = userinfo.PromptYesNo("The authenticity of host '" + host + "' can't be established.\n" + key_type + " key fingerprint is " + key_fprint + ".\n" + "Are you sure you want to continue connecting?" ); if (!foo) { throw new JSchException("reject HostKey: " + host); } insert = true; } else { if (i == HostKeyRepository.NOT_INCLUDED) { throw new JSchException("UnknownHostKey: " + host + ". " + key_type + " key fingerprint is " + key_fprint); } else { throw new JSchException("HostKey has been changed: " + host); } } } if (shkc.Equals("no") && HostKeyRepository.NOT_INCLUDED == i) { insert = true; } if (i == HostKeyRepository.OK && JSch.GetLogger().IsEnabled(Logger.INFO)) { JSch.GetLogger().Log(Logger.INFO, "Host '" + host + "' is known and mathces the " + key_type + " host key"); } if (insert && JSch.GetLogger().IsEnabled(Logger.WARN)) { JSch.GetLogger().Log(Logger.WARN, "Permanently added '" + host + "' (" + key_type + ") to the list of known hosts."); } string hkh = GetConfig("HashKnownHosts"); if (hkh.Equals("yes") && (hkr is KnownHosts)) { hostkey = ((KnownHosts)hkr).CreateHashedHostKey(chost, K_S); } else { hostkey = new HostKey(chost, K_S); } if (insert) { lock (hkr) { hkr.Add(hostkey, userinfo); } } }
/// <exception cref="System.Exception"></exception> private void Receive_newkeys(Buffer buf, KeyExchange kex) { UpdateKeys(kex); in_kex = false; }