Merge pull request #70 from norrisjeremy/20210907

Minor updates
mwiede · Sep 13, 2021 · 92ee1c9 · 92ee1c9
2 parents 2c392cb + f5f41bd
commit 92ee1c9
Show file tree

Hide file tree

Showing 10 changed files with 242 additions and 93 deletions.
diff --git a/.mvn/wrapper/maven-wrapper.jar b/.mvn/wrapper/maven-wrapper.jar
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -0,0 +1,70 @@
+* [0.1.67](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.67)
+  * Added support for the blowfish-ctr algorithm from [RFC 4344](https://datatracker.ietf.org/doc/html/rfc4344)
+  * Fix bug where ext-info-c was incorrectly advertised during rekeying
+    * According to [RFC 8308 section 2.1](https://datatracker.ietf.org/doc/html/rfc8308#section-2.1), ext-info-c should only advertised during the first key exchange
+  * Address [#77](https://github.com/mwiede/jsch/issues/77) by attempting to add compatibility with older [Bouncy Castle](https://www.bouncycastle.org/) releases
+* [0.1.66](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.66)
+  * Added support for [RFC 8308](https://datatracker.ietf.org/doc/html/rfc8308) extension negotiation and server-sig-algs extension
+    * This support is enabled by default, but can be controlled via the enable_server_sig_algs config option (or `jsch.enable_server_sig_algs` system property)
+    * When enabled and a server-sig-algs message is received from the server, the algorithms included by the server and also present in the PubkeyAcceptedKeyTypes config option will be attempted first when using publickey authentication
+    * Additionally if the server is detected as OpenSSH version 7.4, the rsa-sha2-256 & rsa-sha2-512 algorithms will be added to the received server-sig-algs as a workaround for [OpenSSH bug 2680](https://bugzilla.mindrot.org/show_bug.cgi?id=2680)
+  * Added support for various algorithms supported by Tectia (ssh.com):
+    * diffie-hellman-group14-sha224@<!-- -->ssh.com
+    * diffie-hellman-group14-sha256@<!-- -->ssh.com
+    * diffie-hellman-group15-sha256@<!-- -->ssh.com
+    * diffie-hellman-group15-sha384@<!-- -->ssh.com
+    * diffie-hellman-group16-sha384@<!-- -->ssh.com
+    * diffie-hellman-group16-sha512@<!-- -->ssh.com
+    * diffie-hellman-group18-sha512@<!-- -->ssh.com
+    * diffie-hellman-group-exchange-sha224@<!-- -->ssh.com
+    * diffie-hellman-group-exchange-sha384@<!-- -->ssh.com
+    * diffie-hellman-group-exchange-sha512@<!-- -->ssh.com
+    * hmac-sha224@<!-- -->ssh.com
+    * hmac-sha256@<!-- -->ssh.com
+    * hmac-sha256-2@<!-- -->ssh.com
+    * hmac-sha384@<!-- -->ssh.com
+    * hmac-sha512@<!-- -->ssh.com
+    * ssh-rsa-sha224@<!-- -->ssh.com
+    * ssh-rsa-sha256@<!-- -->ssh.com
+    * ssh-rsa-sha384@<!-- -->ssh.com
+    * ssh-rsa-sha512@<!-- -->ssh.com
+  * Added support for SHA224 to FingerprintHash
+  * Fixing [#52](https://github.com/mwiede/jsch/issues/52)
+  * Deprecate `void setFilenameEncoding(String encoding)` in favor of `void setFilenameEncoding(Charset encoding)` in `ChannelSftp`
+  * Added support for rsa-sha2-256 & rsa-rsa2-512 algorithms to `ChannelAgentForwarding`
+  * Address [#65](https://github.com/mwiede/jsch/issues/65) by adding ssh-agent support derived from [jsch-agent-proxy](https://github.com/ymnk/jsch-agent-proxy)
+    * See `examples/JSchWithAgentProxy.java` for simple example
+    * ssh-agent support requires either [Java 16's JEP 380](https://openjdk.java.net/jeps/380) or the addition of [junixsocket](https://github.com/kohlschutter/junixsocket) to classpath
+    * Pageant support is untested & requires the addition of [JNA](https://github.com/java-native-access/jna) to classpath
+  * Added support for the following algorithms with older Java releases by using [Bouncy Castle](https://www.bouncycastle.org/):
+    * ssh-ed25519
+    * ssh-ed448
+    * curve25519-sha256
+    * curve25519-sha256@<!-- -->libssh.org
+    * curve448-sha512
+    * chacha20-poly1305@<!-- -->openssh.com
+* [0.1.65](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.65)
+  * Added system properties to allow manipulation of various crypto algorithms used by default
+  * Integrated JZlib, allowing use of zlib@<!-- -->openssh.com & zlib compressions without the need to provide the JZlib jar-file
+  * Modularized the jar-file for use with Java 9 or newer
+  * Added runtime controls for the min/max/preferred sizes used for diffie-hellman-group-exchange-sha256 & diffie-hellman-group-exchange-sha1
+  * Renamed PubkeyAcceptedKeyTypes config to PubkeyAcceptedAlgorithms to match recent changes in OpenSSH (PubkeyAcceptedKeyTypes is still accepted for backward compatibility)
+  * Reduced number of algorithms that are runtime checked by default via CheckCiphers, CheckMacs, CheckKexes & CheckSignatures to improve runtime performance
+  * Added config options dhgex_min, dhgex_max & dhgex_preferred to allow runtime manipulation of key size negotiation in diffie-hellman-group-exchange type Kex algorithms
+    * Default values are:
+    * dhgex_min = 2048
+    * dhgex_max = 8192
+    * dhgex_preferred = 3072
+* [0.1.64](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.64) Fixing [#55](https://github.com/mwiede/jsch/pull/55)
+* [0.1.63](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.63) Fixing [#42](https://github.com/mwiede/jsch/issues/42)
+* [0.1.62](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.62) bugfixes and code cleanup
+* [0.1.61](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.61)
+  * Add support for chacha20-poly1305@<!-- -->openssh.com, ssh-ed25519, ssh-ed448, curve448-sha512, diffie-hellman-group15-sha512 & diffie-hellman-group17-sha512. This makes use of the new EdDSA feature added in [Java 15's JEP 339](https://openjdk.java.net/jeps/339). [#17](https://github.com/mwiede/jsch/pull/17)
+  * added integration test for public key authentication [#19](https://github.com/mwiede/jsch/pull/19)
+* [0.1.60](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.60)
+  * support for openssh-v1-private-key format [opensshFormat.md](opensshFormat.md).
+  * Fix bug with AEAD ciphers when compression is used. [#15](https://github.com/mwiede/jsch/pull/15)
+* [0.1.59](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.59) fixing issue from https://sourceforge.net/p/jsch/mailman/message/36872566/
+* [0.1.58](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.58) support for more algorithms contributed by [@norrisjeremy](https://github.com/norrisjeremy) see [#4](https://github.com/mwiede/jsch/pull/4)
+* [0.1.57](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.57) support for rsa-sha2-256 and rsa-sha2-512. [#1](https://github.com/mwiede/jsch/pull/1)
+* [0.1.56](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.56) support for direct-streamlocal@<!-- -->openssh.com (see [SocketForwardingL.java](examples/SocketForwardingL.java))
diff --git a/Readme.md b/Readme.md
@@ -67,68 +67,4 @@ As I explained in a [blog post](http://www.matez.de/index.php/2020/06/22/the-fut
   * As of the [0.1.66](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.66) release, these algorithms can now be used with older Java releases if [Bouncy Castle](https://www.bouncycastle.org/) (bcprov-jdk15on) is added to the classpath.
 
 ## Changes since fork:
-* [0.1.66](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.66)
-  * Added support for [RFC 8308](https://datatracker.ietf.org/doc/html/rfc8308) extension negotiation and server-sig-algs extension
-    * This support is enabled by default, but can be controlled via the enable_server_sig_algs config option (or `jsch.enable_server_sig_algs` system property)
-    * When enabled and a server-sig-algs message is received from the server, the algorithms included by the server and also present in the PubkeyAcceptedKeyTypes config option will be attempted first when using publickey authentication
-    * Additionally if the server is detected as OpenSSH version 7.4, the rsa-sha2-256 & rsa-sha2-512 algorithms will be added to the received server-sig-algs as a workaround for [OpenSSH bug 2680](https://bugzilla.mindrot.org/show_bug.cgi?id=2680)
-  * Added support for various algorithms supported by Tectia (ssh.com):
-    * diffie-hellman-group14-sha224@<!-- -->ssh.com
-    * diffie-hellman-group14-sha256@<!-- -->ssh.com
-    * diffie-hellman-group15-sha256@<!-- -->ssh.com
-    * diffie-hellman-group15-sha384@<!-- -->ssh.com
-    * diffie-hellman-group16-sha384@<!-- -->ssh.com
-    * diffie-hellman-group16-sha512@<!-- -->ssh.com
-    * diffie-hellman-group18-sha512@<!-- -->ssh.com
-    * diffie-hellman-group-exchange-sha224@<!-- -->ssh.com
-    * diffie-hellman-group-exchange-sha384@<!-- -->ssh.com
-    * diffie-hellman-group-exchange-sha512@<!-- -->ssh.com
-    * hmac-sha224@<!-- -->ssh.com
-    * hmac-sha256@<!-- -->ssh.com
-    * hmac-sha256-2@<!-- -->ssh.com
-    * hmac-sha384@<!-- -->ssh.com
-    * hmac-sha512@<!-- -->ssh.com
-    * ssh-rsa-sha224@<!-- -->ssh.com
-    * ssh-rsa-sha256@<!-- -->ssh.com
-    * ssh-rsa-sha384@<!-- -->ssh.com
-    * ssh-rsa-sha512@<!-- -->ssh.com
-  * Added support for SHA224 to FingerprintHash
-  * Fixing [#52](https://github.com/mwiede/jsch/issues/52)
-  * Deprecate `void setFilenameEncoding(String encoding)` in favor of `void setFilenameEncoding(Charset encoding)` in `ChannelSftp`
-  * Added support for rsa-sha2-256 & rsa-rsa2-512 algorithms to `ChannelAgentForwarding`
-  * Address [#65](https://github.com/mwiede/jsch/issues/65) by adding ssh-agent support derived from [jsch-agent-proxy](https://github.com/ymnk/jsch-agent-proxy)
-    * See `examples/JSchWithAgentProxy.java` for simple example
-    * ssh-agent support requires either [Java 16's JEP 380](https://openjdk.java.net/jeps/380) or the addition of [junixsocket](https://github.com/kohlschutter/junixsocket) to classpath
-    * Pageant support is untested & requires the addition of [JNA](https://github.com/java-native-access/jna) to classpath
-  * Added support for the following algorithms with older Java releases by using [Bouncy Castle](https://www.bouncycastle.org/):
-    * ssh-ed25519
-    * ssh-ed448
-    * curve25519-sha256
-    * curve25519-sha256@<!-- -->libssh.org
-    * curve448-sha512
-    * chacha20-poly1305@<!-- -->openssh.com
-* [0.1.65](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.65)
-  * Added system properties to allow manipulation of various crypto algorithms used by default
-  * Integrated JZlib, allowing use of zlib@<!-- -->openssh.com & zlib compressions without the need to provide the JZlib jar-file
-  * Modularized the jar-file for use with Java 9 or newer
-  * Added runtime controls for the min/max/preferred sizes used for diffie-hellman-group-exchange-sha256 & diffie-hellman-group-exchange-sha1
-  * Renamed PubkeyAcceptedKeyTypes config to PubkeyAcceptedAlgorithms to match recent changes in OpenSSH (PubkeyAcceptedKeyTypes is still accepted for backward compatibility)
-  * Reduced number of algorithms that are runtime checked by default via CheckCiphers, CheckMacs, CheckKexes & CheckSignatures to improve runtime performance
-  * Added config options dhgex_min, dhgex_max & dhgex_preferred to allow runtime manipulation of key size negotiation in diffie-hellman-group-exchange type Kex algorithms
-    * Default values are:
-    * dhgex_min = 2048
-    * dhgex_max = 8192
-    * dhgex_preferred = 3072
-* [0.1.64](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.64) Fixing [#55](https://github.com/mwiede/jsch/pull/55)
-* [0.1.63](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.63) Fixing [#42](https://github.com/mwiede/jsch/issues/42)
-* [0.1.62](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.62) bugfixes and code cleanup
-* [0.1.61](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.61)
-  * Add support for chacha20-poly1305@<!-- -->openssh.com, ssh-ed25519, ssh-ed448, curve448-sha512, diffie-hellman-group15-sha512 & diffie-hellman-group17-sha512. This makes use of the new EdDSA feature added in [Java 15's JEP 339](https://openjdk.java.net/jeps/339). [#17](https://github.com/mwiede/jsch/pull/17)
-  * added integration test for public key authentication [#19](https://github.com/mwiede/jsch/pull/19)
-* [0.1.60](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.60)
-  * support for openssh-v1-private-key format [opensshFormat.md](opensshFormat.md).
-  * Fix bug with AEAD ciphers when compression is used. [#15](https://github.com/mwiede/jsch/pull/15)
-* [0.1.59](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.59) fixing issue from https://sourceforge.net/p/jsch/mailman/message/36872566/
-* [0.1.58](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.58) support for more algorithms contributed by [@norrisjeremy](https://github.com/norrisjeremy) see [#4](https://github.com/mwiede/jsch/pull/4)
-* [0.1.57](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.57) support for rsa-sha2-256 and rsa-sha2-512. [#1](https://github.com/mwiede/jsch/pull/1)
-* [0.1.56](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.56) support for direct-streamlocal@<!-- -->openssh.com (see [SocketForwardingL.java](examples/SocketForwardingL.java))
+See [ChangeLog.md](ChangeLog.md)
diff --git a/src/main/java/com/jcraft/jsch/JSch.java b/src/main/java/com/jcraft/jsch/JSch.java
@@ -167,6 +167,7 @@ public class JSch{
     config.put("aes192-ctr",    "com.jcraft.jsch.jce.AES192CTR");
     config.put("aes256-ctr",    "com.jcraft.jsch.jce.AES256CTR");
     config.put("3des-ctr",      "com.jcraft.jsch.jce.TripleDESCTR");
+    config.put("blowfish-ctr",  "com.jcraft.jsch.jce.BlowfishCTR");
     config.put("arcfour",      "com.jcraft.jsch.jce.ARCFOUR");
     config.put("arcfour128",      "com.jcraft.jsch.jce.ARCFOUR128");
     config.put("arcfour256",      "com.jcraft.jsch.jce.ARCFOUR256");

diff --git a/src/main/java/com/jcraft/jsch/Session.java b/src/main/java/com/jcraft/jsch/Session.java
@@ -701,7 +701,7 @@ private void send_kexinit() throws Exception {
     }
 
     String enable_server_sig_algs=getConfig("enable_server_sig_algs");
-    if(enable_server_sig_algs.equals("yes")){
+    if(enable_server_sig_algs.equals("yes") && !isAuthed){
       kex+=",ext-info-c";
     }
 

diff --git a/src/main/java/com/jcraft/jsch/bc/ChaCha20Poly1305.java b/src/main/java/com/jcraft/jsch/bc/ChaCha20Poly1305.java
@@ -68,8 +68,8 @@ public void init(int mode, byte[] key, byte[] iv) throws Exception{
     System.arraycopy(key, 0, K_2, 0, bsize/2);
     this.mode=mode;
     try{
-      K_1_spec=new KeyParameter(K_1);
-      K_2_spec=new KeyParameter(K_2);
+      K_1_spec=new KeyParameter(K_1, 0, K_1.length);
+      K_2_spec=new KeyParameter(K_2, 0, K_2.length);
       header_cipher=new ChaChaEngine();
       main_cipher=new ChaChaEngine();
     }
@@ -85,8 +85,8 @@ public void init(int mode, byte[] key, byte[] iv) throws Exception{
   public void update(int foo) throws Exception{
     ByteBuffer nonce=ByteBuffer.allocate(8);
     nonce.putLong(0, foo);
-    header_cipher.init(this.mode==ENCRYPT_MODE, new ParametersWithIV(K_1_spec, nonce.array()));
-    main_cipher.init(this.mode==ENCRYPT_MODE, new ParametersWithIV(K_2_spec, nonce.array()));
+    header_cipher.init(this.mode==ENCRYPT_MODE, new ParametersWithIV(K_1_spec, nonce.array(), 0, nonce.array().length));
+    main_cipher.init(this.mode==ENCRYPT_MODE, new ParametersWithIV(K_2_spec, nonce.array(), 0, nonce.array().length));
     // Trying to reinit the cipher again with same nonce results in InvalidKeyException
     // So just read entire first 64-byte block, which should increment global counter from 0->1
     byte[] poly_key = new byte[32];

diff --git a/src/main/java/com/jcraft/jsch/bc/KeyPairGenEdDSA.java b/src/main/java/com/jcraft/jsch/bc/KeyPairGenEdDSA.java
@@ -29,7 +29,7 @@ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 
 package com.jcraft.jsch.bc;
 
-import java.security.SecureRandom;
+import java.security.*;
 import org.bouncycastle.crypto.params.*;
 
 public class KeyPairGenEdDSA implements com.jcraft.jsch.KeyPairGenEdDSA{
@@ -41,7 +41,7 @@ public class KeyPairGenEdDSA implements com.jcraft.jsch.KeyPairGenEdDSA{
   @Override
   public void init(String name, int keylen) throws Exception{
     if(!name.equals("Ed25519") && !name.equals("Ed448")){
-      throw new IllegalArgumentException("invalid curve");
+      throw new NoSuchAlgorithmException("invalid curve " + name);
     }
     this.keylen = keylen;
     this.name = name;

diff --git a/src/main/java/com/jcraft/jsch/bc/SignatureEdDSA.java b/src/main/java/com/jcraft/jsch/bc/SignatureEdDSA.java
@@ -30,6 +30,7 @@ LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 package com.jcraft.jsch.bc;
 
 import java.nio.charset.StandardCharsets;
+import java.security.*;
 import java.util.Arrays;
 import org.bouncycastle.crypto.Signer;
 import org.bouncycastle.crypto.params.*;
@@ -47,7 +48,7 @@ public abstract class SignatureEdDSA implements com.jcraft.jsch.SignatureEdDSA {
   @Override
   public void init() throws Exception{
     if(!getAlgo().equals("Ed25519") && !getAlgo().equals("Ed448")){
-      throw new IllegalArgumentException("invalid curve");
+      throw new NoSuchAlgorithmException("invalid curve " + getAlgo());
     }
 
     if(getAlgo().equals("Ed25519")){
@@ -60,37 +61,56 @@ public void init() throws Exception{
 
   @Override
   public void setPubKey(byte[] y_arr) throws Exception{
-    if(getAlgo().equals("Ed25519")){
-      Ed25519PublicKeyParameters pubKey = new Ed25519PublicKeyParameters(y_arr);
-      signature.init(false, pubKey);
+    try {
+      if(getAlgo().equals("Ed25519")){
+        Ed25519PublicKeyParameters pubKey = new Ed25519PublicKeyParameters(y_arr, 0);
+        signature.init(false, pubKey);
+      }
+      else{
+        Ed448PublicKeyParameters pubKey = new Ed448PublicKeyParameters(y_arr, 0);
+        signature.init(false, pubKey);
+      }
     }
-    else{
-      Ed448PublicKeyParameters pubKey = new Ed448PublicKeyParameters(y_arr);
-      signature.init(false, pubKey);
+    catch(Exception e){
+      throw new InvalidKeyException(e);
     }
   }
 
   @Override
   public void setPrvKey(byte[] bytes) throws Exception{
-    if(getAlgo().equals("Ed25519")){
-      Ed25519PrivateKeyParameters prvKey = new Ed25519PrivateKeyParameters(bytes);
-      signature.init(true, prvKey);
+    try {
+      if(getAlgo().equals("Ed25519")){
+        Ed25519PrivateKeyParameters prvKey = new Ed25519PrivateKeyParameters(bytes, 0);
+        signature.init(true, prvKey);
+      }
+      else{
+        Ed448PrivateKeyParameters prvKey = new Ed448PrivateKeyParameters(bytes, 0);
+        signature.init(true, prvKey);
+      }
     }
-    else{
-      Ed448PrivateKeyParameters prvKey = new Ed448PrivateKeyParameters(bytes);
-      signature.init(true, prvKey);
+    catch(Exception e){
+      throw new InvalidKeyException(e);
     }
   }
 
   @Override
   public byte[] sign() throws Exception{
-    byte[] sig = signature.generateSignature();
-    return sig;
+    try {
+      return signature.generateSignature();
+    }
+    catch(Exception e){
+      throw new SignatureException(e);
+    }
   }
 
   @Override
   public void update(byte[] foo) throws Exception{
-    signature.update(foo, 0, foo.length);
+    try {
+      signature.update(foo, 0, foo.length);
+    }
+    catch(Exception e){
+      throw new SignatureException(e);
+    }
   }
 
   @Override
@@ -109,6 +129,11 @@ public boolean verify(byte[] sig) throws Exception{
       sig = tmp;
     }
 
-    return signature.verifySignature(sig);
+    try {
+      return signature.verifySignature(sig);
+    }
+    catch(Exception e){
+      throw new SignatureException(e);
+    }
   }
 }