public static KexInitData createInstance() {
// @todo - we can support the full range of allowed hashes
// now that we've switched over to BB crypto.
// Note that in all cases,we must list our preferred choice *first*
KexInitData out = new KexInitData();
out.cookie = RandomSource.getBytes(16);
out.kexAlgorithms = SUPPORTED_KEX_ALGORITHMS;
out.serverHostKeyAlgorithms = SUPPORTED_HOST_KEY_ALGORITHMS;
out.clientToServerCryptoAlgorithms = CipherManager.getInstance().getSupportedCiphers();
out.serverToClientCryptoAlgorithms = out.clientToServerCryptoAlgorithms;
out.MACClientToServer = SUPPORTED_HMAC_ALGORITHMS;
out.MACServerToClient = SUPPORTED_HMAC_ALGORITHMS;
out.compressionClientToServer = SUPPORTED_COMPRESSION;
out.compressionServerToClient = SUPPORTED_COMPRESSION;
out.languagesClientToServer = new String[] {};
out.languagesServerToClient = new String[] {};
// @todo - we must support server sending 'first KEX' TRUE, AND guessing correctly!
out.firstKEXPacketFollowing = false;
out.reserved = 0;
return out;
}
public static KexInitData createInstanceFromPacket(SshPacket2 packet) {
KexInitData out = new KexInitData();
out.cookie = packet.getBytes(16);
out.kexAlgorithms = packet.getStringList();
out.serverHostKeyAlgorithms = packet.getStringList();
out.clientToServerCryptoAlgorithms = packet.getStringList();
out.serverToClientCryptoAlgorithms = packet.getStringList();
out.MACClientToServer = packet.getStringList();
out.MACServerToClient = packet.getStringList();
out.compressionClientToServer = packet.getStringList();
out.compressionServerToClient = packet.getStringList();
out.languagesClientToServer = packet.getStringList();
out.languagesServerToClient = packet.getStringList();
out.firstKEXPacketFollowing = packet.getByte() == 1;
out.reserved = packet.getInt32();
return out;
}
public static KexAgreement findAgreement(KexInitData s, KexInitData c) throws IOException {
KexAgreement a = new KexAgreement();
a.kexAlgorithm = Tools.findFirstMatchingElement(c.getKexAlgorithms(), s.getKexAlgorithms());
a.serverHostKeyAlgorithm =
Tools.findFirstMatchingElement(
c.getServerHostKeyAlgorithms(), s.getServerHostKeyAlgorithms());
a.clientToServerCryptoAlgorithm =
Tools.findFirstMatchingElement(
c.getClientToServerCryptoAlgorithms(), s.getClientToServerCryptoAlgorithms());
a.serverToClientCryptoAlgorithm =
Tools.findFirstMatchingElement(
c.getServerToClientCryptoAlgorithms(), s.getServerToClientCryptoAlgorithms());
a.MACClientToServer =
Tools.findFirstMatchingElement(c.getMACClientToServer(), s.getMACClientToServer());
a.MACServerToClient =
Tools.findFirstMatchingElement(c.getMACServerToClient(), s.getMACServerToClient());
a.languageClientToServer =
Tools.findFirstMatchingElement(
c.getLanguagesClientToServer(), s.getLanguagesClientToServer());
a.languageServerToClient =
Tools.findFirstMatchingElement(
c.getLanguagesServerToClient(), s.getLanguagesServerToClient());
a.compressionClientToServer =
Tools.findFirstMatchingElement(
c.getCompressionClientToServer(), s.getCompressionClientToServer());
a.compressionServerToClient =
Tools.findFirstMatchingElement(
c.getCompressionServerToClient(), s.getCompressionServerToClient());
// @todo better handling of errors an exception - perhaps even throw exception
// in comparator itself? Not an IO exception, but AgreementFailedException...
if (a.kexAlgorithm == null) {
throw new IOException("Could not agree upon KEX algorithm");
}
if (a.serverHostKeyAlgorithm == null) {
throw new IOException("Could not agree upon Server Host Key algorithm");
}
if (a.clientToServerCryptoAlgorithm == null) {
throw new IOException("Could not agree upon C->S Crypto algorithm");
}
if (a.serverToClientCryptoAlgorithm == null) {
throw new IOException("Could not agree upon S->C Crypto algorithm");
}
if (a.MACClientToServer == null) {
throw new IOException("Could not agree upon C->S MAC algorithm");
}
if (a.MACServerToClient == null) {
throw new IOException("Could not agree upon S->C MAC algorithm");
}
// Note that we may have an empty string, but should NEVER have null for these
// last two items.
if (a.compressionClientToServer == null) {
throw new IOException("Could not agree upon C->S Compression algorithm");
}
if (a.compressionServerToClient == null) {
throw new IOException("Could not agree upon S->C Compression algorithm");
}
// Language is entirely optional, so null is valid.
/**
* if (a.languageClientToServer == null) { throw new IOException("Could not agree upon C->S
* language"); } if (a.languageServerToClient == null) { throw new IOException("Could not agree
* upon S->C language"); }
*/
return a;
}