162 lines
5.4 KiB
Diff
162 lines
5.4 KiB
Diff
|
From 933d197b30e797d4b82eeef1953fd82e617f4cf0 Mon Sep 17 00:00:00 2001
|
||
|
From: =?UTF-8?q?Fridrich=20=C5=A0trba?= <fridrich.strba@bluewin.ch>
|
||
|
Date: Wed, 13 Mar 2024 07:05:36 +0100
|
||
|
Subject: [PATCH] Remove the dependency on google tink
|
||
|
|
||
|
---
|
||
|
.../ssh2/crypto/dh/Curve25519Exchange.java | 85 -------------------
|
||
|
.../ssh2/crypto/dh/GenericDhExchange.java | 3 -
|
||
|
.../trilead/ssh2/transport/KexManager.java | 9 +-
|
||
|
3 files changed, 1 insertion(+), 96 deletions(-)
|
||
|
delete mode 100644 src/com/trilead/ssh2/crypto/dh/Curve25519Exchange.java
|
||
|
|
||
|
diff --git a/src/com/trilead/ssh2/crypto/dh/Curve25519Exchange.java b/src/com/trilead/ssh2/crypto/dh/Curve25519Exchange.java
|
||
|
deleted file mode 100644
|
||
|
index 01d4ab4..0000000
|
||
|
--- a/src/com/trilead/ssh2/crypto/dh/Curve25519Exchange.java
|
||
|
+++ /dev/null
|
||
|
@@ -1,85 +0,0 @@
|
||
|
-package com.trilead.ssh2.crypto.dh;
|
||
|
-
|
||
|
-import com.google.crypto.tink.subtle.X25519;
|
||
|
-
|
||
|
-import java.io.IOException;
|
||
|
-import java.math.BigInteger;
|
||
|
-import java.security.InvalidKeyException;
|
||
|
-
|
||
|
-/**
|
||
|
- * Created by Kenny Root on 1/23/16.
|
||
|
- */
|
||
|
-public class Curve25519Exchange extends GenericDhExchange {
|
||
|
- public static final String NAME = "curve25519-sha256";
|
||
|
- public static final String ALT_NAME = "curve25519-sha256@libssh.org";
|
||
|
- public static final int KEY_SIZE = 32;
|
||
|
-
|
||
|
- private byte[] clientPublic;
|
||
|
- private byte[] clientPrivate;
|
||
|
- private byte[] serverPublic;
|
||
|
-
|
||
|
- public Curve25519Exchange() {
|
||
|
- super();
|
||
|
- }
|
||
|
-
|
||
|
- /*
|
||
|
- * Used to test known vectors.
|
||
|
- */
|
||
|
- public Curve25519Exchange(byte[] secret) throws InvalidKeyException {
|
||
|
- if (secret.length != KEY_SIZE) {
|
||
|
- throw new AssertionError("secret must be key size");
|
||
|
- }
|
||
|
- clientPrivate = secret.clone();
|
||
|
- }
|
||
|
-
|
||
|
- @Override
|
||
|
- public void init(String name) throws IOException {
|
||
|
- if (!NAME.equals(name) && !ALT_NAME.equals(name)) {
|
||
|
- throw new IOException("Invalid name " + name);
|
||
|
- }
|
||
|
-
|
||
|
- clientPrivate = X25519.generatePrivateKey();
|
||
|
- try {
|
||
|
- clientPublic = X25519.publicFromPrivate(clientPrivate);
|
||
|
- } catch (InvalidKeyException e) {
|
||
|
- throw new IOException(e);
|
||
|
- }
|
||
|
- }
|
||
|
-
|
||
|
- @Override
|
||
|
- public byte[] getE() {
|
||
|
- return clientPublic.clone();
|
||
|
- }
|
||
|
-
|
||
|
- @Override
|
||
|
- protected byte[] getServerE() {
|
||
|
- return serverPublic.clone();
|
||
|
- }
|
||
|
-
|
||
|
- @Override
|
||
|
- public void setF(byte[] f) throws IOException {
|
||
|
- if (f.length != KEY_SIZE) {
|
||
|
- throw new IOException("Server sent invalid key length " + f.length + " (expected " +
|
||
|
- KEY_SIZE + ")");
|
||
|
- }
|
||
|
- serverPublic = f.clone();
|
||
|
- try {
|
||
|
- byte[] sharedSecretBytes = X25519.computeSharedSecret(clientPrivate, serverPublic);
|
||
|
- int allBytes = 0;
|
||
|
- for (int i = 0; i < sharedSecretBytes.length; i++) {
|
||
|
- allBytes |= sharedSecretBytes[i];
|
||
|
- }
|
||
|
- if (allBytes == 0) {
|
||
|
- throw new IOException("Invalid key computed; all zeroes");
|
||
|
- }
|
||
|
- sharedSecret = new BigInteger(1, sharedSecretBytes);
|
||
|
- } catch (InvalidKeyException e) {
|
||
|
- throw new IOException(e);
|
||
|
- }
|
||
|
- }
|
||
|
-
|
||
|
- @Override
|
||
|
- public String getHashAlgo() {
|
||
|
- return "SHA-256";
|
||
|
- }
|
||
|
-}
|
||
|
diff --git a/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java b/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java
|
||
|
index c2436e3..a63b9fd 100644
|
||
|
--- a/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java
|
||
|
+++ b/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java
|
||
|
@@ -29,9 +29,6 @@ public abstract class GenericDhExchange
|
||
|
}
|
||
|
|
||
|
public static GenericDhExchange getInstance(String algo) {
|
||
|
- if (Curve25519Exchange.NAME.equals(algo) || Curve25519Exchange.ALT_NAME.equals(algo)) {
|
||
|
- return new Curve25519Exchange();
|
||
|
- }
|
||
|
if (algo.startsWith("ecdh-sha2-")) {
|
||
|
return new EcDhExchange();
|
||
|
} else {
|
||
|
diff --git a/src/com/trilead/ssh2/transport/KexManager.java b/src/com/trilead/ssh2/transport/KexManager.java
|
||
|
index c2ec2b0..2c8056a 100644
|
||
|
--- a/src/com/trilead/ssh2/transport/KexManager.java
|
||
|
+++ b/src/com/trilead/ssh2/transport/KexManager.java
|
||
|
@@ -17,7 +17,6 @@ import com.trilead.ssh2.crypto.CryptoWishList;
|
||
|
import com.trilead.ssh2.crypto.KeyMaterial;
|
||
|
import com.trilead.ssh2.crypto.cipher.BlockCipher;
|
||
|
import com.trilead.ssh2.crypto.cipher.BlockCipherFactory;
|
||
|
-import com.trilead.ssh2.crypto.dh.Curve25519Exchange;
|
||
|
import com.trilead.ssh2.crypto.dh.DhGroupExchange;
|
||
|
import com.trilead.ssh2.crypto.dh.GenericDhExchange;
|
||
|
import com.trilead.ssh2.crypto.digest.MessageMac;
|
||
|
@@ -397,8 +396,6 @@ public class KexManager implements MessageHandler
|
||
|
|
||
|
if ("ecdh-sha2-nistp521".equals(algo))
|
||
|
continue;
|
||
|
- if (Curve25519Exchange.NAME.equals(algo)||Curve25519Exchange.ALT_NAME.equals(algo))
|
||
|
- continue;
|
||
|
throw new IllegalArgumentException("Unknown kex algorithm '" + algo + "'");
|
||
|
}
|
||
|
}
|
||
|
@@ -489,8 +486,6 @@ public class KexManager implements MessageHandler
|
||
|
}
|
||
|
|
||
|
if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")
|
||
|
- || kxs.np.kex_algo.equals(Curve25519Exchange.NAME)
|
||
|
- || kxs.np.kex_algo.equals(Curve25519Exchange.ALT_NAME)
|
||
|
|| kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")
|
||
|
|| kxs.np.kex_algo.equals("ecdh-sha2-nistp521")
|
||
|
|| kxs.np.kex_algo.equals("ecdh-sha2-nistp384")
|
||
|
@@ -630,9 +625,7 @@ public class KexManager implements MessageHandler
|
||
|
|| kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")
|
||
|
|| kxs.np.kex_algo.equals("ecdh-sha2-nistp256")
|
||
|
|| kxs.np.kex_algo.equals("ecdh-sha2-nistp384")
|
||
|
- || kxs.np.kex_algo.equals("ecdh-sha2-nistp521")
|
||
|
- || kxs.np.kex_algo.equals(Curve25519Exchange.NAME)
|
||
|
- || kxs.np.kex_algo.equals(Curve25519Exchange.ALT_NAME))
|
||
|
+ || kxs.np.kex_algo.equals("ecdh-sha2-nistp521"))
|
||
|
{
|
||
|
if (kxs.state == 1)
|
||
|
{
|
||
|
--
|
||
|
2.44.0
|
||
|
|