Merge pull request #68 from norrisjeremy/20210906

Allow ssh-agent keys that are unsupported
mwiede · Sep 7, 2021 · 9f40b30 · 9f40b30
2 parents 2eacaa9 + a249d10
commit 9f40b30
Show file tree

Hide file tree

Showing 25 changed files with 1,209 additions and 118 deletions.
diff --git a/Readme.md b/Readme.md
@@ -64,6 +64,7 @@ As I explained in a [blog post](http://www.matez.de/index.php/2020/06/22/the-fut
   * This library is a Multi-Release-jar, which means that you can only use certain features when a more recent Java version is used.
     * In order to use ssh-ed25519 & ssh-ed448, you must use at least Java 15.
     * In order to use curve25519-sha256, curve448-sha512 & chacha20-poly1305@<!-- -->openssh.com, you must use at least Java 11.
+  * As of the [0.1.66](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.66) release, these algorithms can now be used with older Java releases if [Bouncy Castle](https://www.bouncycastle.org/) (bcprov-jdk15on) is added to the classpath.
 
 ## Changes since fork:
 * [0.1.66](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.66)
@@ -99,6 +100,13 @@ As I explained in a [blog post](http://www.matez.de/index.php/2020/06/22/the-fut
     * See `examples/JSchWithAgentProxy.java` for simple example
     * ssh-agent support requires either [Java 16's JEP 380](https://openjdk.java.net/jeps/380) or the addition of [junixsocket](https://github.com/kohlschutter/junixsocket) to classpath
     * Pageant support is untested & requires the addition of [JNA](https://github.com/java-native-access/jna) to classpath
+  * Added support for the following algorithms with older Java releases by using [Bouncy Castle](https://www.bouncycastle.org/):
+    * ssh-ed25519
+    * ssh-ed448
+    * curve25519-sha256
+    * curve25519-sha256@<!-- -->libssh.org
+    * curve448-sha512
+    * chacha20-poly1305@<!-- -->openssh.com
 * [0.1.65](https://github.com/mwiede/jsch/releases/tag/jsch-0.1.65)
   * Added system properties to allow manipulation of various crypto algorithms used by default
   * Integrated JZlib, allowing use of zlib@<!-- -->openssh.com & zlib compressions without the need to provide the JZlib jar-file

diff --git a/pom.xml b/pom.xml
@@ -50,6 +50,12 @@
         <jna.version>5.9.0</jna.version>
     </properties>
     <dependencies>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+            <version>1.69</version>
+            <optional>true</optional>
+        </dependency>
         <dependency>
             <groupId>com.kohlschutter.junixsocket</groupId>
             <artifactId>junixsocket-common</artifactId>
@@ -335,6 +341,7 @@
                         <version>0.8.7</version>
                         <configuration>
                             <excludes>
+                                <exclude>com/jcraft/jsch/JavaVersion.class</exclude>
                                 <exclude>com/jcraft/jsch/UnixDomainSocketFactory.class</exclude>
                             </excludes>
                         </configuration>

diff --git a/src/main/java/com/jcraft/jsch/DHXEC.java b/src/main/java/com/jcraft/jsch/DHXEC.java
@@ -89,7 +89,7 @@ public void init(Session session,
       Q_C = xdh.getQ();
       buf.putString(Q_C);
     }
-    catch(Exception e){
+    catch(Exception | NoClassDefFoundError e){
       throw new JSchException(e.toString(), e);
     }
 

diff --git a/src/main/java/com/jcraft/jsch/JSch.java b/src/main/java/com/jcraft/jsch/JSch.java
@@ -106,13 +106,9 @@ public class JSch{
 
     config.put("ecdh-sha2-nistp", "com.jcraft.jsch.jce.ECDHN");
 
-    config.put("ssh-ed25519", "com.jcraft.jsch.jce.SignatureEd25519");
-    config.put("ssh-ed448",   "com.jcraft.jsch.jce.SignatureEd448");
-
     config.put("curve25519-sha256",            "com.jcraft.jsch.DH25519");
     config.put("[email protected]", "com.jcraft.jsch.DH25519");
     config.put("curve448-sha512",              "com.jcraft.jsch.DH448");
-    config.put("xdh", "com.jcraft.jsch.jce.XDH");
 
     config.put("dh",            "com.jcraft.jsch.jce.DH");
     config.put("3des-cbc",      "com.jcraft.jsch.jce.TripleDESCBC");
@@ -156,12 +152,10 @@ public class JSch{
     config.put("keypairgen.dsa",   "com.jcraft.jsch.jce.KeyPairGenDSA");
     config.put("keypairgen.rsa",   "com.jcraft.jsch.jce.KeyPairGenRSA");
     config.put("keypairgen.ecdsa", "com.jcraft.jsch.jce.KeyPairGenECDSA");
-    config.put("keypairgen.eddsa", "com.jcraft.jsch.jce.KeyPairGenEdDSA");
     config.put("random",        "com.jcraft.jsch.jce.Random");
 
     config.put("none",           "com.jcraft.jsch.CipherNone");
 
-    config.put("[email protected]",    "com.jcraft.jsch.jce.ChaCha20Poly1305");
     config.put("[email protected]",    "com.jcraft.jsch.jce.AES128GCM");
     config.put("[email protected]",    "com.jcraft.jsch.jce.AES256GCM");
 
@@ -189,6 +183,26 @@ public class JSch{
 
     config.put("pbkdf", "com.jcraft.jsch.jce.PBKDF");
 
+    if(JavaVersion.getVersion()>=11){
+      config.put("[email protected]", "com.jcraft.jsch.jce.ChaCha20Poly1305");
+      config.put("xdh", "com.jcraft.jsch.jce.XDH");
+    }
+    else{
+      config.put("[email protected]", "com.jcraft.jsch.bc.ChaCha20Poly1305");
+      config.put("xdh", "com.jcraft.jsch.bc.XDH");
+    }
+
+    if(JavaVersion.getVersion()>=15){
+      config.put("keypairgen.eddsa", "com.jcraft.jsch.jce.KeyPairGenEdDSA");
+      config.put("ssh-ed25519", "com.jcraft.jsch.jce.SignatureEd25519");
+      config.put("ssh-ed448", "com.jcraft.jsch.jce.SignatureEd448");
+    }
+    else{
+      config.put("keypairgen.eddsa", "com.jcraft.jsch.bc.KeyPairGenEdDSA");
+      config.put("ssh-ed25519", "com.jcraft.jsch.bc.SignatureEd25519");
+      config.put("ssh-ed448", "com.jcraft.jsch.bc.SignatureEd448");
+    }
+
     config.put("StrictHostKeyChecking",  "ask");
     config.put("HashKnownHosts",  "no");
 

diff --git a/src/main/java/com/jcraft/jsch/JavaVersion.java b/src/main/java/com/jcraft/jsch/JavaVersion.java
@@ -0,0 +1,8 @@
+package com.jcraft.jsch;
+
+final class JavaVersion {
+
+  static int getVersion() {
+    return 8;
+  }
+}
diff --git a/src/main/java/com/jcraft/jsch/KeyExchange.java b/src/main/java/com/jcraft/jsch/KeyExchange.java
@@ -143,18 +143,25 @@ else if(guess[i]==null){
       }
     }
 
-    Class<?> _s2cclazz=Class.forName(session.getConfig(guess[PROPOSAL_ENC_ALGS_STOC]));
-    Cipher _s2ccipher=(Cipher)(_s2cclazz.getDeclaredConstructor().newInstance());
-    boolean _s2cAEAD=_s2ccipher.isAEAD();
-    if(_s2cAEAD){
-      guess[PROPOSAL_MAC_ALGS_STOC]=null;
-    }
+    boolean _s2cAEAD=false;
+    boolean _c2sAEAD=false;
+    try{
+      Class<?> _s2cclazz=Class.forName(session.getConfig(guess[PROPOSAL_ENC_ALGS_STOC]));
+      Cipher _s2ccipher=(Cipher)(_s2cclazz.getDeclaredConstructor().newInstance());
+      _s2cAEAD=_s2ccipher.isAEAD();
+      if(_s2cAEAD){
+        guess[PROPOSAL_MAC_ALGS_STOC]=null;
+      }
 
-    Class<?> _c2sclazz=Class.forName(session.getConfig(guess[PROPOSAL_ENC_ALGS_CTOS]));
-    Cipher _c2scipher=(Cipher)(_c2sclazz.getDeclaredConstructor().newInstance());
-    boolean _c2sAEAD=_c2scipher.isAEAD();
-    if(_c2sAEAD){
-      guess[PROPOSAL_MAC_ALGS_CTOS]=null;
+      Class<?> _c2sclazz=Class.forName(session.getConfig(guess[PROPOSAL_ENC_ALGS_CTOS]));
+      Cipher _c2scipher=(Cipher)(_c2sclazz.getDeclaredConstructor().newInstance());
+      _c2sAEAD=_c2scipher.isAEAD();
+      if(_c2sAEAD){
+        guess[PROPOSAL_MAC_ALGS_CTOS]=null;
+      }
+    }
+    catch(Exception | NoClassDefFoundError e){
+      throw new JSchException(e.toString(), e);
     }
 
     if(JSch.getLogger().isEnabled(Logger.INFO)){
@@ -361,7 +368,7 @@ else if(alg.equals("ssh-ed25519") ||
         sig=(SignatureEdDSA)(c.getDeclaredConstructor().newInstance());
         sig.init();
       }
-      catch(Exception e){
+      catch(Exception | NoClassDefFoundError e){
         System.err.println(e);
       }
 

diff --git a/src/main/java/com/jcraft/jsch/KeyPairEdDSA.java b/src/main/java/com/jcraft/jsch/KeyPairEdDSA.java
@@ -57,7 +57,7 @@ void generate(int key_size) throws JSchException{
 
       keypairgen=null;
     }
-    catch(Exception e){
+    catch(Exception | NoClassDefFoundError e){
       //System.err.println("KeyPairEdDSA: "+e);
       throw new JSchException(e.toString(), e);
     }
@@ -134,7 +134,7 @@ public byte[] getSignature(byte[] data, String alg){
       tmp[1] = sig;
       return Buffer.fromBytes(tmp).buffer;
     }
-    catch(Exception e){
+    catch(Exception | NoClassDefFoundError e){
     }
     return null;
   }
@@ -160,7 +160,7 @@ public Signature getVerifier(String alg){
       eddsa.setPubKey(pub_array);
       return eddsa;
     }
-    catch(Exception e){
+    catch(Exception | NoClassDefFoundError e){
     }
     return null;
   }

diff --git a/src/main/java/com/jcraft/jsch/Session.java b/src/main/java/com/jcraft/jsch/Session.java
@@ -610,7 +610,7 @@ private KeyExchange receive_kexinit(Buffer buf) throws Exception {
       Class<?> c=Class.forName(getConfig(guess[KeyExchange.PROPOSAL_KEX_ALGS]));
       kex=(KeyExchange)(c.getDeclaredConstructor().newInstance());
     }
-    catch(Exception e){
+    catch(Exception | NoClassDefFoundError e){
       throw new JSchException(e.toString(), e);
     }
 
@@ -1528,7 +1528,7 @@ private void updateKeys(KeyExchange kex) throws Exception{
       method=guess[KeyExchange.PROPOSAL_COMP_ALGS_STOC];
       initInflater(method);
     }
-    catch(Exception e){
+    catch(Exception | NoClassDefFoundError e){
       if(e instanceof JSchException)
         throw e;
       throw new JSchException(e.toString(), e);
@@ -2574,9 +2574,6 @@ private void initDeflater(String method) throws JSchException{
           catch(Exception ee){ }
           deflater.init(Compression.DEFLATER, level);
         }
-        catch(NoClassDefFoundError ee){
-          throw new JSchException(ee.toString(), ee);
-        }
         catch(Exception ee){
           throw new JSchException(ee.toString(), ee);
           //System.err.println(foo+" isn't accessible.");
@@ -2855,7 +2852,7 @@ static boolean checkCipher(String cipher){
               new byte[_c.getIVSize()]);
       return true;
     }
-    catch(Exception e){
+    catch(Exception | NoClassDefFoundError e){
       return false;
     }
   }
@@ -2904,7 +2901,7 @@ static boolean checkMac(String mac){
       _c.init(new byte[_c.getBlockSize()]);
       return true;
     }
-    catch(Exception e){
+    catch(Exception | NoClassDefFoundError e){
       return false;
     }
   }
@@ -2947,7 +2944,7 @@ static boolean checkKex(Session s, String kex){
       _c.init(s ,null, null, null, null);
       return true;
     }
-    catch(Exception e){ return false; }
+    catch(Exception | NoClassDefFoundError e){ return false; }
   }
 
   private String[] checkSignatures(String sigs){
@@ -2967,7 +2964,7 @@ private String[] checkSignatures(String sigs){
         final Signature sig=(Signature)(c.getDeclaredConstructor().newInstance());
         sig.init();
       }
-      catch(Exception e){
+      catch(Exception | NoClassDefFoundError e){
         result.addElement(_sigs[i]);
       }
    }