pax_global_header00006660000000000000000000000064137055125360014521gustar00rootroot0000000000000052 comment=ef7fbc4d34bb8eb4b59a9946d608a799f8f48ce5 SoftwareAG-ganymed-ssh-2-ef7fbc4/000077500000000000000000000000001370551253600166615ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/.checkstyle000066400000000000000000000007111370551253600210170ustar00rootroot00000000000000 SoftwareAG-ganymed-ssh-2-ef7fbc4/.classpath000066400000000000000000000004411370551253600206430ustar00rootroot00000000000000 SoftwareAG-ganymed-ssh-2-ef7fbc4/.gitignore000066400000000000000000000000161370551253600206460ustar00rootroot00000000000000.gradle build SoftwareAG-ganymed-ssh-2-ef7fbc4/.project000066400000000000000000000010261370551253600203270ustar00rootroot00000000000000 GanymedSSH2 org.eclipse.jdt.core.javabuilder net.sourceforge.metrics.builder org.eclipse.jdt.core.javanature net.sourceforge.metrics.nature SoftwareAG-ganymed-ssh-2-ef7fbc4/.settings/000077500000000000000000000000001370551253600205775ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/.settings/org.eclipse.jdt.core.prefs000066400000000000000000000554321370551253600255720ustar00rootroot00000000000000#Sat May 28 14:38:44 CEST 2011 eclipse.preferences.version=1 org.eclipse.jdt.core.codeComplete.argumentPrefixes= org.eclipse.jdt.core.codeComplete.argumentSuffixes= org.eclipse.jdt.core.codeComplete.fieldPrefixes= org.eclipse.jdt.core.codeComplete.fieldSuffixes= org.eclipse.jdt.core.codeComplete.localPrefixes= org.eclipse.jdt.core.codeComplete.localSuffixes= org.eclipse.jdt.core.codeComplete.staticFieldPrefixes= org.eclipse.jdt.core.codeComplete.staticFieldSuffixes= org.eclipse.jdt.core.codeComplete.staticFinalFieldPrefixes= org.eclipse.jdt.core.codeComplete.staticFinalFieldSuffixes= org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5 org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve org.eclipse.jdt.core.compiler.compliance=1.5 org.eclipse.jdt.core.compiler.debug.lineNumber=generate org.eclipse.jdt.core.compiler.debug.localVariable=generate org.eclipse.jdt.core.compiler.debug.sourceFile=generate org.eclipse.jdt.core.compiler.problem.assertIdentifier=error org.eclipse.jdt.core.compiler.problem.enumIdentifier=error org.eclipse.jdt.core.compiler.source=1.5 org.eclipse.jdt.core.formatter.align_type_members_on_columns=false org.eclipse.jdt.core.formatter.alignment_for_arguments_in_allocation_expression=16 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_enum_constant=16 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_explicit_constructor_call=16 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_method_invocation=16 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_qualified_allocation_expression=16 org.eclipse.jdt.core.formatter.alignment_for_assignment=0 org.eclipse.jdt.core.formatter.alignment_for_binary_expression=16 org.eclipse.jdt.core.formatter.alignment_for_compact_if=16 org.eclipse.jdt.core.formatter.alignment_for_conditional_expression=16 org.eclipse.jdt.core.formatter.alignment_for_enum_constants=0 org.eclipse.jdt.core.formatter.alignment_for_expressions_in_array_initializer=16 org.eclipse.jdt.core.formatter.alignment_for_multiple_fields=16 org.eclipse.jdt.core.formatter.alignment_for_parameters_in_constructor_declaration=16 org.eclipse.jdt.core.formatter.alignment_for_parameters_in_method_declaration=16 org.eclipse.jdt.core.formatter.alignment_for_selector_in_method_invocation=16 org.eclipse.jdt.core.formatter.alignment_for_superclass_in_type_declaration=16 org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_enum_declaration=16 org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_type_declaration=16 org.eclipse.jdt.core.formatter.alignment_for_throws_clause_in_constructor_declaration=16 org.eclipse.jdt.core.formatter.alignment_for_throws_clause_in_method_declaration=16 org.eclipse.jdt.core.formatter.blank_lines_after_imports=1 org.eclipse.jdt.core.formatter.blank_lines_after_package=1 org.eclipse.jdt.core.formatter.blank_lines_before_field=0 org.eclipse.jdt.core.formatter.blank_lines_before_first_class_body_declaration=0 org.eclipse.jdt.core.formatter.blank_lines_before_imports=1 org.eclipse.jdt.core.formatter.blank_lines_before_member_type=1 org.eclipse.jdt.core.formatter.blank_lines_before_method=1 org.eclipse.jdt.core.formatter.blank_lines_before_new_chunk=1 org.eclipse.jdt.core.formatter.blank_lines_before_package=1 org.eclipse.jdt.core.formatter.blank_lines_between_import_groups=1 org.eclipse.jdt.core.formatter.blank_lines_between_type_declarations=1 org.eclipse.jdt.core.formatter.brace_position_for_annotation_type_declaration=end_of_line org.eclipse.jdt.core.formatter.brace_position_for_anonymous_type_declaration=next_line org.eclipse.jdt.core.formatter.brace_position_for_array_initializer=end_of_line org.eclipse.jdt.core.formatter.brace_position_for_block=next_line org.eclipse.jdt.core.formatter.brace_position_for_block_in_case=next_line org.eclipse.jdt.core.formatter.brace_position_for_constructor_declaration=next_line org.eclipse.jdt.core.formatter.brace_position_for_enum_constant=end_of_line org.eclipse.jdt.core.formatter.brace_position_for_enum_declaration=end_of_line org.eclipse.jdt.core.formatter.brace_position_for_method_declaration=next_line org.eclipse.jdt.core.formatter.brace_position_for_switch=next_line org.eclipse.jdt.core.formatter.brace_position_for_type_declaration=next_line org.eclipse.jdt.core.formatter.comment.clear_blank_lines=false org.eclipse.jdt.core.formatter.comment.clear_blank_lines_in_block_comment=false org.eclipse.jdt.core.formatter.comment.clear_blank_lines_in_javadoc_comment=false org.eclipse.jdt.core.formatter.comment.format_block_comments=false org.eclipse.jdt.core.formatter.comment.format_comments=false org.eclipse.jdt.core.formatter.comment.format_header=false org.eclipse.jdt.core.formatter.comment.format_html=true org.eclipse.jdt.core.formatter.comment.format_javadoc_comments=false org.eclipse.jdt.core.formatter.comment.format_line_comments=false org.eclipse.jdt.core.formatter.comment.format_source_code=true org.eclipse.jdt.core.formatter.comment.indent_parameter_description=true org.eclipse.jdt.core.formatter.comment.indent_root_tags=true org.eclipse.jdt.core.formatter.comment.insert_new_line_before_root_tags=insert org.eclipse.jdt.core.formatter.comment.insert_new_line_for_parameter=insert org.eclipse.jdt.core.formatter.comment.line_length=80 org.eclipse.jdt.core.formatter.compact_else_if=true org.eclipse.jdt.core.formatter.continuation_indentation=2 org.eclipse.jdt.core.formatter.continuation_indentation_for_array_initializer=2 org.eclipse.jdt.core.formatter.format_guardian_clause_on_one_line=false org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_annotation_declaration_header=true org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_constant_header=true org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_declaration_header=true org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_type_header=true org.eclipse.jdt.core.formatter.indent_breaks_compare_to_cases=true org.eclipse.jdt.core.formatter.indent_empty_lines=false org.eclipse.jdt.core.formatter.indent_statements_compare_to_block=true org.eclipse.jdt.core.formatter.indent_statements_compare_to_body=true org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_cases=true org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_switch=false org.eclipse.jdt.core.formatter.indentation.size=4 org.eclipse.jdt.core.formatter.insert_new_line_after_annotation=insert org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_local_variable=insert org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_member=insert org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_parameter=do not insert org.eclipse.jdt.core.formatter.insert_new_line_after_opening_brace_in_array_initializer=do not insert org.eclipse.jdt.core.formatter.insert_new_line_at_end_of_file_if_missing=do not insert org.eclipse.jdt.core.formatter.insert_new_line_before_catch_in_try_statement=insert org.eclipse.jdt.core.formatter.insert_new_line_before_closing_brace_in_array_initializer=do not insert org.eclipse.jdt.core.formatter.insert_new_line_before_else_in_if_statement=insert org.eclipse.jdt.core.formatter.insert_new_line_before_finally_in_try_statement=insert org.eclipse.jdt.core.formatter.insert_new_line_before_while_in_do_statement=insert org.eclipse.jdt.core.formatter.insert_new_line_in_empty_annotation_declaration=insert org.eclipse.jdt.core.formatter.insert_new_line_in_empty_anonymous_type_declaration=insert org.eclipse.jdt.core.formatter.insert_new_line_in_empty_block=insert org.eclipse.jdt.core.formatter.insert_new_line_in_empty_enum_constant=insert org.eclipse.jdt.core.formatter.insert_new_line_in_empty_enum_declaration=insert org.eclipse.jdt.core.formatter.insert_new_line_in_empty_method_body=insert org.eclipse.jdt.core.formatter.insert_new_line_in_empty_type_declaration=insert org.eclipse.jdt.core.formatter.insert_space_after_and_in_type_parameter=insert org.eclipse.jdt.core.formatter.insert_space_after_assignment_operator=insert org.eclipse.jdt.core.formatter.insert_space_after_at_in_annotation=do not insert org.eclipse.jdt.core.formatter.insert_space_after_at_in_annotation_type_declaration=do not insert org.eclipse.jdt.core.formatter.insert_space_after_binary_operator=insert org.eclipse.jdt.core.formatter.insert_space_after_closing_angle_bracket_in_type_arguments=insert org.eclipse.jdt.core.formatter.insert_space_after_closing_angle_bracket_in_type_parameters=insert org.eclipse.jdt.core.formatter.insert_space_after_closing_brace_in_block=insert org.eclipse.jdt.core.formatter.insert_space_after_closing_paren_in_cast=insert org.eclipse.jdt.core.formatter.insert_space_after_colon_in_assert=insert org.eclipse.jdt.core.formatter.insert_space_after_colon_in_case=insert org.eclipse.jdt.core.formatter.insert_space_after_colon_in_conditional=insert org.eclipse.jdt.core.formatter.insert_space_after_colon_in_for=insert org.eclipse.jdt.core.formatter.insert_space_after_colon_in_labeled_statement=insert org.eclipse.jdt.core.formatter.insert_space_after_comma_in_allocation_expression=insert org.eclipse.jdt.core.formatter.insert_space_after_comma_in_annotation=insert org.eclipse.jdt.core.formatter.insert_space_after_comma_in_array_initializer=insert org.eclipse.jdt.core.formatter.insert_space_after_comma_in_constructor_declaration_parameters=insert org.eclipse.jdt.core.formatter.insert_space_after_comma_in_constructor_declaration_throws=insert org.eclipse.jdt.core.formatter.insert_space_after_comma_in_enum_constant_arguments=insert org.eclipse.jdt.core.formatter.insert_space_after_comma_in_enum_declarations=insert org.eclipse.jdt.core.formatter.insert_space_after_comma_in_explicitconstructorcall_arguments=insert org.eclipse.jdt.core.formatter.insert_space_after_comma_in_for_increments=insert org.eclipse.jdt.core.formatter.insert_space_after_comma_in_for_inits=insert org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_declaration_parameters=insert org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_declaration_throws=insert org.eclipse.jdt.core.formatter.insert_space_after_comma_in_method_invocation_arguments=insert org.eclipse.jdt.core.formatter.insert_space_after_comma_in_multiple_field_declarations=insert org.eclipse.jdt.core.formatter.insert_space_after_comma_in_multiple_local_declarations=insert org.eclipse.jdt.core.formatter.insert_space_after_comma_in_parameterized_type_reference=insert org.eclipse.jdt.core.formatter.insert_space_after_comma_in_superinterfaces=insert org.eclipse.jdt.core.formatter.insert_space_after_comma_in_type_arguments=insert org.eclipse.jdt.core.formatter.insert_space_after_comma_in_type_parameters=insert org.eclipse.jdt.core.formatter.insert_space_after_ellipsis=insert org.eclipse.jdt.core.formatter.insert_space_after_opening_angle_bracket_in_parameterized_type_reference=do not insert org.eclipse.jdt.core.formatter.insert_space_after_opening_angle_bracket_in_type_arguments=do not insert org.eclipse.jdt.core.formatter.insert_space_after_opening_angle_bracket_in_type_parameters=do not insert org.eclipse.jdt.core.formatter.insert_space_after_opening_brace_in_array_initializer=insert org.eclipse.jdt.core.formatter.insert_space_after_opening_bracket_in_array_allocation_expression=do not insert org.eclipse.jdt.core.formatter.insert_space_after_opening_bracket_in_array_reference=do not insert org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_annotation=do not insert org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_cast=do not insert org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_catch=do not insert org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_constructor_declaration=do not insert org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_enum_constant=do not insert org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_for=do not insert org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_if=do not insert org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_method_declaration=do not insert org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_method_invocation=do not insert org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_parenthesized_expression=do not insert org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_switch=do not insert org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_synchronized=do not insert org.eclipse.jdt.core.formatter.insert_space_after_opening_paren_in_while=do not insert org.eclipse.jdt.core.formatter.insert_space_after_postfix_operator=do not insert org.eclipse.jdt.core.formatter.insert_space_after_prefix_operator=do not insert org.eclipse.jdt.core.formatter.insert_space_after_question_in_conditional=insert org.eclipse.jdt.core.formatter.insert_space_after_question_in_wildcard=do not insert org.eclipse.jdt.core.formatter.insert_space_after_semicolon_in_for=insert org.eclipse.jdt.core.formatter.insert_space_after_unary_operator=do not insert org.eclipse.jdt.core.formatter.insert_space_before_and_in_type_parameter=insert org.eclipse.jdt.core.formatter.insert_space_before_assignment_operator=insert org.eclipse.jdt.core.formatter.insert_space_before_at_in_annotation_type_declaration=insert org.eclipse.jdt.core.formatter.insert_space_before_binary_operator=insert org.eclipse.jdt.core.formatter.insert_space_before_closing_angle_bracket_in_parameterized_type_reference=do not insert org.eclipse.jdt.core.formatter.insert_space_before_closing_angle_bracket_in_type_arguments=do not insert org.eclipse.jdt.core.formatter.insert_space_before_closing_angle_bracket_in_type_parameters=do not insert org.eclipse.jdt.core.formatter.insert_space_before_closing_brace_in_array_initializer=insert org.eclipse.jdt.core.formatter.insert_space_before_closing_bracket_in_array_allocation_expression=do not insert org.eclipse.jdt.core.formatter.insert_space_before_closing_bracket_in_array_reference=do not insert org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_annotation=do not insert org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_cast=do not insert org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_catch=do not insert org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_constructor_declaration=do not insert org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_enum_constant=do not insert org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_for=do not insert org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_if=do not insert org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_method_declaration=do not insert org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_method_invocation=do not insert org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_parenthesized_expression=do not insert org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_switch=do not insert org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_synchronized=do not insert org.eclipse.jdt.core.formatter.insert_space_before_closing_paren_in_while=do not insert org.eclipse.jdt.core.formatter.insert_space_before_colon_in_assert=insert org.eclipse.jdt.core.formatter.insert_space_before_colon_in_case=do not insert org.eclipse.jdt.core.formatter.insert_space_before_colon_in_conditional=insert org.eclipse.jdt.core.formatter.insert_space_before_colon_in_default=do not insert org.eclipse.jdt.core.formatter.insert_space_before_colon_in_for=insert org.eclipse.jdt.core.formatter.insert_space_before_colon_in_labeled_statement=do not insert org.eclipse.jdt.core.formatter.insert_space_before_comma_in_allocation_expression=do not insert org.eclipse.jdt.core.formatter.insert_space_before_comma_in_annotation=do not insert org.eclipse.jdt.core.formatter.insert_space_before_comma_in_array_initializer=do not insert org.eclipse.jdt.core.formatter.insert_space_before_comma_in_constructor_declaration_parameters=do not insert org.eclipse.jdt.core.formatter.insert_space_before_comma_in_constructor_declaration_throws=do not insert org.eclipse.jdt.core.formatter.insert_space_before_comma_in_enum_constant_arguments=do not insert org.eclipse.jdt.core.formatter.insert_space_before_comma_in_enum_declarations=do not insert org.eclipse.jdt.core.formatter.insert_space_before_comma_in_explicitconstructorcall_arguments=do not insert org.eclipse.jdt.core.formatter.insert_space_before_comma_in_for_increments=do not insert org.eclipse.jdt.core.formatter.insert_space_before_comma_in_for_inits=do not insert org.eclipse.jdt.core.formatter.insert_space_before_comma_in_method_declaration_parameters=do not insert org.eclipse.jdt.core.formatter.insert_space_before_comma_in_method_declaration_throws=do not insert org.eclipse.jdt.core.formatter.insert_space_before_comma_in_method_invocation_arguments=do not insert org.eclipse.jdt.core.formatter.insert_space_before_comma_in_multiple_field_declarations=do not insert org.eclipse.jdt.core.formatter.insert_space_before_comma_in_multiple_local_declarations=do not insert org.eclipse.jdt.core.formatter.insert_space_before_comma_in_parameterized_type_reference=do not insert org.eclipse.jdt.core.formatter.insert_space_before_comma_in_superinterfaces=do not insert org.eclipse.jdt.core.formatter.insert_space_before_comma_in_type_arguments=do not insert org.eclipse.jdt.core.formatter.insert_space_before_comma_in_type_parameters=do not insert org.eclipse.jdt.core.formatter.insert_space_before_ellipsis=do not insert org.eclipse.jdt.core.formatter.insert_space_before_opening_angle_bracket_in_parameterized_type_reference=do not insert org.eclipse.jdt.core.formatter.insert_space_before_opening_angle_bracket_in_type_arguments=do not insert org.eclipse.jdt.core.formatter.insert_space_before_opening_angle_bracket_in_type_parameters=do not insert org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_annotation_type_declaration=insert org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_anonymous_type_declaration=insert org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_array_initializer=insert org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_block=insert org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_constructor_declaration=insert org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_enum_constant=insert org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_enum_declaration=insert org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_method_declaration=insert org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_switch=insert org.eclipse.jdt.core.formatter.insert_space_before_opening_brace_in_type_declaration=insert org.eclipse.jdt.core.formatter.insert_space_before_opening_bracket_in_array_allocation_expression=do not insert org.eclipse.jdt.core.formatter.insert_space_before_opening_bracket_in_array_reference=do not insert org.eclipse.jdt.core.formatter.insert_space_before_opening_bracket_in_array_type_reference=do not insert org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_annotation=do not insert org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_annotation_type_member_declaration=do not insert org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_catch=insert org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_constructor_declaration=do not insert org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_enum_constant=do not insert org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_for=insert org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_if=insert org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_method_declaration=do not insert org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_method_invocation=do not insert org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_parenthesized_expression=do not insert org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_switch=insert org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_synchronized=insert org.eclipse.jdt.core.formatter.insert_space_before_opening_paren_in_while=insert org.eclipse.jdt.core.formatter.insert_space_before_parenthesized_expression_in_return=insert org.eclipse.jdt.core.formatter.insert_space_before_parenthesized_expression_in_throw=insert org.eclipse.jdt.core.formatter.insert_space_before_postfix_operator=do not insert org.eclipse.jdt.core.formatter.insert_space_before_prefix_operator=do not insert org.eclipse.jdt.core.formatter.insert_space_before_question_in_conditional=insert org.eclipse.jdt.core.formatter.insert_space_before_question_in_wildcard=do not insert org.eclipse.jdt.core.formatter.insert_space_before_semicolon=do not insert org.eclipse.jdt.core.formatter.insert_space_before_semicolon_in_for=do not insert org.eclipse.jdt.core.formatter.insert_space_before_unary_operator=do not insert org.eclipse.jdt.core.formatter.insert_space_between_brackets_in_array_type_reference=do not insert org.eclipse.jdt.core.formatter.insert_space_between_empty_braces_in_array_initializer=do not insert org.eclipse.jdt.core.formatter.insert_space_between_empty_brackets_in_array_allocation_expression=do not insert org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_annotation_type_member_declaration=do not insert org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_constructor_declaration=do not insert org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_enum_constant=do not insert org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_method_declaration=do not insert org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_method_invocation=do not insert org.eclipse.jdt.core.formatter.keep_else_statement_on_same_line=false org.eclipse.jdt.core.formatter.keep_empty_array_initializer_on_one_line=false org.eclipse.jdt.core.formatter.keep_imple_if_on_one_line=false org.eclipse.jdt.core.formatter.keep_then_statement_on_same_line=false org.eclipse.jdt.core.formatter.lineSplit=120 org.eclipse.jdt.core.formatter.never_indent_block_comments_on_first_column=false org.eclipse.jdt.core.formatter.never_indent_line_comments_on_first_column=false org.eclipse.jdt.core.formatter.number_of_blank_lines_at_beginning_of_method_body=0 org.eclipse.jdt.core.formatter.number_of_empty_lines_to_preserve=1 org.eclipse.jdt.core.formatter.put_empty_statement_on_new_line=true org.eclipse.jdt.core.formatter.tabulation.char=tab org.eclipse.jdt.core.formatter.tabulation.size=4 org.eclipse.jdt.core.formatter.use_tabs_only_for_leading_indentations=false org.eclipse.jdt.core.formatter.wrap_before_binary_operator=true SoftwareAG-ganymed-ssh-2-ef7fbc4/.settings/org.eclipse.jdt.ui.prefs000066400000000000000000000011631370551253600252470ustar00rootroot00000000000000#Mon Mar 23 17:10:22 CET 2009 eclipse.preferences.version=1 formatter_profile=_Christian formatter_settings_version=11 internal.default.compliance=default org.eclipse.jdt.ui.exception.name=e org.eclipse.jdt.ui.gettersetter.use.is=true org.eclipse.jdt.ui.ignorelowercasenames=true org.eclipse.jdt.ui.importorder=java;javax;org;com; org.eclipse.jdt.ui.keywordthis=false org.eclipse.jdt.ui.ondemandthreshold=99 org.eclipse.jdt.ui.overrideannotation=true org.eclipse.jdt.ui.staticondemandthreshold=99 org.eclipse.jdt.ui.text.custom_code_templates= SoftwareAG-ganymed-ssh-2-ef7fbc4/FAQ.html000066400000000000000000000413371370551253600201660ustar00rootroot00000000000000 Ganymed SSH-2 for Java FAQ

Ganymed SSH-2 for Java FAQ

This FAQ includes information regarding topics that were discussed in e-mails between developers and users of the Ganymed SSH-2 for Java library.

Ganymed SSH-2 for Java homepage: https://code.google.com/p/ganymed-ssh-2/
Last update of FAQ: AUG-09-2013.

Please report bugs, typos and any kind of suggestions on our google code website.


Sections:


When I start program XYZ with putty (or openssh, ..., whatever) then everything works. However, if I use "Session.execCommand", then XYZ behaves differently or does not work at all!

Short answer:

The most often source of problems when executing a command with Session.execCommand() are missing/wrong set environment variables on the remote machine. Make sure that the minimum needed environment for XYZ is the same, independentely on how the shell is being invoked.

Example quickfix for bash users:

  1. Define all your settings in the file ~/.bashrc
  2. Make sure that the file ~/.bash_profile only contains the line source ~/.bashrc.
  3. Before executing Session.execCommand(), do NOT aquire any type of pseudo terminal in the session. Be prepared to consume stdout and stderr data.

Note: If you really want to mimic the behavior of putty, then don't use Session.execCommand(), instead aquire a pty (pseudo terminal) and then start a shell (use Session.requestPTY() and Session.startShell()). You then have to communicate with the shell process at the other end through stdin and stdout. However, you also have to implement terminal logic (e.g., escape sequence handling (unless you use a "dumb" pty), "expect-send" logic (output parsing, shell prompt detection), etc.).

Long answer:

If you login by using putty, then putty will normally request a "xterm" pty and your assigned shell (e.g., bash) will be started (a so called "interactive login shell"). In contrast, if you use Session.execCommand() to start a command then (unless you ask for it) no pty will be aquired and the command will be given to the shell as an argument (with the shell's "-c" option).

The way a shell is being invoked has an effect on the set of initialization files which will be read be the shell.

To demonstrate the difference, try the following (from the command line, e.g., with an OpenSSH client):

  1. Login interactively and print the environment with the "env" command:
     
    [user@host ~] ssh 127.0.0.1
    [user@host ~] env

     
  2. Let the ssh server execute the "env" command (equivalent to using Session.executeCommand()):
     
    [user@host ~] ssh 127.0.0.1 "env"

If you compare the two outputs, then you will (unless you have adjusted your shell's settings) observe different environments.

If you are interested in the details, then please read the INVOCATION section in man page for the bash shell. You may notice that the definitions of "interactive" and "non-interactive" (and combinations with "login") are little bit tricky.

[TOP]

My program sometimes hangs when I only read output from stdout! Or: can you explain me the story about the shared stdout/stderr window in the SSH-2 protocol? Or: what is this "StreamGobbler" thing all about?

In the SSH-2 low level protocol, each channel (e.g., session) has a receive window. When the remote SSH daemon has filled up our receive window, it must wait until we have consumed the input and are ready to accept new data.

Unfortunately, the SSH-2 protocol defines a shared window for stderr and stdout. As a consequence, if, for example, the remote process produces a lot of stderr data and you never consume it, then after some time the local receive window will be full and the sender is blocked. If you then try to read() from stdout, your call will be blocked: there is no stdout data (locally) available and the SSH daemon cannot send you any, since the receive window is full (you would have to read some stderr data first to "free" up space in the receive window).

Fortunately, Ganymed SSH-2 uses a 30KB window - the above described scenario should be very rare.

Many other SSH-2 client implementations just blindly consume any remotely produced data into a buffer which gets automatically extended - however, this can lead to another problem: in the extreme case the remote side can overflow you with data (e.g., leading to out of memory errors).

What can you do about this?

  1. Bad: Do nothing - just work with stderr and stdout Inputstreams and hope that the 30KB window is enough for your application.
  2. Better, recommended for most users: use two worker threads that consume remote stdout and stderr in parallel. Since you probably are not in the mood to program such a thing, you can use the StreamGobbler class supplied with Ganymed SSH-2. The Streamgobbler is a special InputStream that uses an internal worker thread to read and buffer internally all data produced by another InputStream. It is very simple to use:
    InputStream stdout = new StreamGobbler(mysession.getStdout());
    
    InputStream stderr = new StreamGobbler(mysession.getStderr());
    You then can access stdout and stderr in any order, in the background the StreamGobblers will automatically consume all data from the remote side and store in an internal buffer.
  3. Advanced: you are paranoid and don't like programs that automatically extend buffers without asking you. You then have to implement a state machine. The condition wait facility offered by Session.waitForCondition() is exactly what you need: you can use it to wait until either stdout or stderr data has arrived and can be consumed with the two InputStreams. You can either use the return value of Session.waitForCondition() or check with InputStream.available() (for stdout and stderr) which InputStream has data available (i.e., a read() call will not block). Be careful when wrapping the InputStreams, also do not concurrently call read() on the InputStreams while calling Session.waitForCondition() (unless you know what you are doing).
    Please have a look a the SingleThreadStdoutStderr.java example.
  4. The lazy way: you don't mind if stdout and stderr data is being mixed into the same stream. Just allocate a "dumb" pty and the server will hopefully not send you any data on the stderr stream anymore. Note: by allocating a pty, the shell used to execute the command will probably behave differently in terms of initialization (see also this question).

[TOP]

Why are the session's Input- and OutputStreams not buffered?

If you need it, then this library offers quite a raw type of access to the SSH-2 protocol stack. Of course, many people don't need that kind of low level access. If you need buffered streams, then you should the do the same thing as you would probably do with the streams of a TCP socket: wrap them with instances of BufferedInputStream and BufferedOutputStream. In case you use StreamGobblers for the InputStreams, then you don't need any additional wrappers, since the StreamGobblers implement buffering already.

This code snippet will probably work well for most people:

InputStream stdout = new StreamGobbler(mysession.getStdout());
InputStream stderr = new StreamGobbler(mysession.getStderr());
OutputStream stdin = new BufferedOutputStream(mysession.getStdin(), 8192);

[TOP]

Why can't I execute several commands in one single session?

If you use Session.execCommand(), then you indeed can only execute only one command per session. This is not a restriction of the library, but rather an enforcement by the underlying SSH-2 protocol (a Session object models the underlying SSH-2 session).

There are several solutions:

[TOP]

I cannot open more than 10 concurrent sessions (or SCP clients).

You are probably using OpenSSH. By looking at their source code you will find out that there is a hard-coded constant called MAX_SESSIONS in the session.c file which is set to "10" by default. This is a per connection limit. Unfortunately, it is not a run-time tunable parameter. However, this limit has no effect on the number of concurrent port forwardings. Please note: this information is based on the OpenSSH 4.3 release.

Possible solutions:

Just for completeness: starting from release 210, the thrown exception may look as follows:

java.io.IOException: Could not open channel (The server refused to open the channel (SSH_OPEN_ADMINISTRATIVELY_PROHIBITED, 'open failed'))

[TOP]

Password authentication fails, I get "Authentication method password not supported by the server at this stage".

Many default SSH server installations are configured to refuse the authentication type "password". Often, they only accept "publickey" and "keyboard-interactive". You have different options:

In general it is a good idea to call either Connection.getRemainingAuthMethods() or Connection.isAuthMethodAvailable() before using a certain authentication method.

Please note that most servers let you in after one successful authentication step. However, in rare cases you may encounter servers that need several steps. I.e., if one of the Connection.authenticateWithXXX() methods returns false and Connection.isAuthenticationPartialSuccess() returns true, then further authentication is needed. For each step, to find out which authentication methods may proceed, you can use either the Connection.getRemainingAuthMethods() or the Connection.isAuthMethodAvailable() method. Again, please have a look into the SwingShell.java example.

[TOP]

Why does public key authentication fail with my putty key?

When using putty private keys (e.g., .ppk files) with public key authentication, you get a "Publickey authentication failed" exception. The reason is that the library currently is not able to directly handle private keys in the proprietary format used by putty. However, you can use the "puttygen" tool (from the putty website) to convert your key to the desired format: load your key, then go to the conversions menu and select "Save OpenSSH key" (which saves the key in openssl PEM format, e.g., call it "private.pem").

[TOP]

I am sending data to a remote file using the "cat" method, but not all data is being written.

Please read carefully the answer to the following question.

[TOP]

I want to pump data into a remote file, but the amount of data to be sent is not known at the time the transfer starts.

The SCP protocol communicates the amount of data to be sent at the start of the transfer, so SCP remains out of consideration. Possible other solutions:

Be careful if you use the "cat" approach, as it may happen that not all your data will be written. If you close the stdin stream and immediatelly close the session (or the whole connection) then some SSH servers do not send the pending data to the process being executed ("cat" in this case). You have to wait until "cat" has received the EOF and terminates before closing the session. However, waiting for the termination may not always work, since SSH servers sometimes "forget" to send the exit code of the remote process. The following code MAY work:

Session sess = conn.openSession();
sess.execCommand("cat > test.txt");
OutputStream stdin = sess.getStdin();

... out.write(...) ... out.write(...) ...

/* The following flush() is only needed if you wrap the  */
/* stdin stream (e.g., with a BufferedOutputStream).     */
out.flush();

/* Now let's send EOF */
out.close();

/* Let's wait until cat has finished                     */
sess.waitForCondition(ChannelCondition.EXIT_STATUS, 2000);
/* Better: put the above statement into a while loop!    */
/* In ANY CASE: read the Javadocs for waitForCondition() */

/* Show exit status, if available (otherwise "null")     */
System.out.println("ExitCode: " + sess.getExitStatus());
/* Now its hopefully safe to close the session           */
sess.close();

(Just a thought for another solution: execute cat > test.txt && echo "FINISHED" and wait until you get "FINISHED" on stdout... - try it on your own risk =)

[TOP]

Do you have an example for the usage of feature XYZ?

Please have at look at the examples section in the distribution, especially at the SwingShell.java example.

[TOP] SoftwareAG-ganymed-ssh-2-ef7fbc4/HISTORY.txt000066400000000000000000000421561370551253600205730ustar00rootroot00000000000000 Release Notes: ============== build263 2020-07-20 - Add gradle build. - Add OSGi support. - Message authentication: add support for hmac-sha2-256 and hmac-sha2-512. - Key exchange: add support for diffie-hellman-group14-sha256, diffie-hellman-group16-sha512 and diffie-hellman-group18-sha512. build261, 2013-08-09 - Joint work by Christian Plattner and David Kocher. - Hosted at https://code.google.com/p/ganymed-ssh-2/ with a shared SVN repository. - Requires Java 5 or later. - Added basic SSH server implementation. This is a proof of concept, use at your own risk, the interface may change. Beware of side channel attacks and other nifty stuff. See BasicServer.java example. - Provide POM for Maven 3 build. - Performance gains with request parallelism in requests for read and write write operations in SFTPv3Client. - Fixed softwareversion string in client-server handshake. - Bugfix for infinite timeout on socket connect. - SFTPInputStream and SFTPOutputStream to read or write from a SFTPv3FileHandle compatible with standard I/O operations in Java. - SCPClient returning SCPInputStream and SCPOutputStream for get and put operations respectively compatible with stanard I/O operations in Java. - Option to attach a packet listener to SFTPv3Client for logging purposes. - Fixed a bug in KnownHosts.getPreferredServerHostkeyAlgorithmOrder (it always returned null, which is a valid return value but wrong). - Added accessor to query session state and isConnected() in SFTPv3Client returning a boolean. - Adjusted channel window size. - Custom PEMDecryptException to catch PEM decoding failure. - Option to pass custom user agent string for identification string. - Continue silently when invalid key is found in known hosts file. - Add support for file append mode in SFTPv3Client. - Option to pass charset for commands executed on the remote machine. - Add method to get local socket address from LocalPortForwarder. - Allow to remove connection monitors. - Add a connection monitor only if it was not added yet. build251beta1, 2010-08-23: - Due to the slightly changed semantics of Thread.interrupt() and Object.wait() in JDK 6, the code had to be adapted in several places. Please do not use Ganymed SSH-2 build250 on JDK 6, as the Kex and Streamgobbler code may occasionally consume all CPU resources. Background: the JDK 6 javadocs for Object.wait say: "If the current thread is interrupted by any thread before or while it is waiting, then an InterruptedException is thrown." Unfortunately the Java 1.5 documentation does not say "before", only "while it is waiting". Thanks to Elias Horness. build250, 2010-03-15: - Ganymed SSH-2 for Java is back. The software can be downloaded from http://www.cleondris.ch/ssh2 - Fixed the use of default platform character encodings. - Fixes for buggy servers. - Wait for the reply to the ServiceRequest packet before sending the next request. - Re-assign the interrupted flag after a InterruptedException. build211beta4, 2006-12-05: (never officially released) - Added Connection.sendIgnorePacket(...) methods which allow to send SSH_MSG_IGNORE packets. Thanks to Andrei Tchijov. - Added support for the "none" authentication method. - Revised the SHA-1 code. Highly optimized. Speed should be more than doubled. - Changed references to the correct RFCs (instead of the drafts) in the javadocs (where possible). - Fixed the write() method in the SFTP code. Unsatisfiable preconditions stopped the method from writing any bytes. As stated in the documentation, the SFTP code is still experimental. Thanks to Andreas Pueschel. - Added a new createLocalPortForwarder(InetSocketAddress addr, ...) method which allows to specify the local address and port to bind to. Thanks to Andrei Tchijov. - Slightly updated the FAQ. build210, 2006-10-06: - Added HTTP proxy support. See Connection.setProxyData() and the HTTPProxyData class. Thanks to Jean-Pierre Schmit for providing example code. - Added basic support for SFTP (v3). - Beta users: removed support for automatic split of huge read transfers in SFTP, as it was not possible to return EOF in a clean way. The write method still splits huge transfers (in blocks of 32768 bytes). Thanks to Zhong Li. - SCP enhancement. It is now possible to specify an empty target directory name when sending files. This is analogous to using "scp file user@host:" (thanks to Bernd Eggink). - SCP enhancement. It is now possible to receive a remote file and pipe it directly into an OutputStream. Thanks to Bernd Eggink. - SCP enhancement. It is now possible to specify a different remote filename when sending a file. Thanks to Thomas Tatzel. - Added more verbose error messages in case a channel open operation fails (e.g., resource shortage on the server). Related to this, added a comment to the FAQ regarding the limitation on the number of concurrent sessions per connection in OpenSSH. Thanks to Ron Warshawsky. - Added a feature (ConnectionMonitor) to get notified when a connection breaks. Thanks to Daniel Ritz (Alcatel). - It is now possible to override the used SecureRandom instance (Connection.setSecureRandom()). - Added getters for the server's hostname and port to the Connection class. - Added examples for HTTP proxy usage as well as local/remote port forwarding. - Added support for SSH_MSG_KEX_DH_GEX_REQUEST_OLD in the DHGexParameters class (there is a new, additional constructor). Please check the Javadoc for DHGexParameters. - Clarified in the javadoc the issue of re-using Connection objects. Changed the exception message in case connect() is invoked on an already connected connection. - Added an entry to the FAQ regarding pumping data into remote files. Thanks to Daniel Schwager. - Changed JDialog.show() to JDialog.setVisible(true) in the SwingShell example. The show() method is deprecated in Java 5.0. Thanks to Carlo Dapor. - Fixed the behavior of the local port forwarder code. Trying to listen on an already bound port will not fail silently anymore. Also, the accept thread will continue accepting connections even if there was a problem with the establishment of the underlying ssh-forwarding of a previous incoming connection (e.g., one tried to establish a forwarding to a remote port that is not in state open (yet)). Thanks to Claudio Nieder (Inodes, Switzerland) and Daniel Ritz (Alcatel) for pointing this out. Note: the interface for managing port forwardings needs to be further improved. - Tried to implement a workaround for the Sun JVM bug 5092063. Changed InetAddress.getByAddress(byte[]) in the "TransportManager.parseIPv4Address" method (which already is a workaround for JDK's that use the resolver for dotted IP addresses, independently from the 5092063 bug) to InetAddress.getByAddress(String, byte[]). Thanks to Alain Philipin. - Fixed a bug in KnownHosts.addHostkeyToFile. Hostnames were converted to lowercase which is not good in case of hashed hostnames (it leads to a different BASE64 encoding and therefore hashes won't match). Thanks to [unknown]. - Fixed a typo in the SCP client (tag for modification times is 'T' and not 'P'). Thanks to Andreas Sahlbach. - Stupid performance enhancement in the Logger, it did unnecessary calls to System.currentTimeMillis(). - The LICENCE.txt file is now also included in the pre-compiled jar. Of course, redistributions in binary form must *still* include the contents of LICENCE.txt in the documentation and/or other materials provided with the distribution. - Small cleanups in the TransportManager code. build209, 2006-02-14: - A major release, many new features. Thanks to all who supported me with feedback! - Added remote port forwarding support. Please consult the docs for Connection.requestRemotePortForwarding(). - Added X11 forwarding support. Please consult Session.requestX11Forwarding(). X11 support is based on joint work with Simon Hartl (simon.hartl (at) gmx.net). Thanks, Simon! - The SCPClient constructor is now public. The factory method is still there (in the Connection class), however, it will probably be marked as deprecated and eventually be removed in the future. - Added startSubSystem() method to the Session class. Now it is possible to implement subsystems, e.g., sftp, outside of the library. - For advanced users: there is now a much better condition wait interface in the Session class. It is now also possible to wait for the arrival of "exit-status" and "exit-signal". The Session.waitUntilDataAvailable() method still works, but is marked as deprecated. Users that used the beta version, please be aware of the following change: calling the close() method on a Session object will immediatelly raise the ChannelCondition.CLOSED/EOF conditions on the underlying channel - even though the remote side may not have yet responded with a SSH_MSG_CHANNEL_CLOSE message (however, in the background the library still expects the server to send the SSH_MSG_CHANNEL_CLOSE message). See below for an explanation. - The behavior of Session.close() has changed. If you *kill* a Session (i.e., call Session.close() before EOF (or CLOSE) has been sent by the remote side), then immediatelly EOF will (locally) be raised for both stdout and stderr. Further incoming data (for that particular Session) will be ignored. However, remote data that arrived before we sent our SSH_MSG_CHANNEL_CLOSE message is still available (you can think of having appended the EOF marker to the end of the local incoming stdout and stderr queues). The reason to do this is simply because some SSH servers do sometimes not reply to our SSH_MSG_CHANNEL_CLOSE message (event though they should). As a consequence, a local reader may wait forever for the remote SSH_MSG_CHANNEL_EOF or SSH_MSG_CHANNEL_CLOSE messages to arrive. If you are interested, then you can try to reproduce the problem: Execute something like "tail -f /dev/null" (which should do nothing forever) and then concurrently close the Session (enable debug mode to see the SSH packets on the wire) to check how standard compliant your server implementation is). Thanks to Cristiano Sadun. - The Session code does not anymore make use of the synchronized attribute for any of its methods. This has the advantage that a call to Session.close() will never by blocked by concurrent calls to the Session object. However, note that in the worst case the call may still block until we can send our SSH_MSG_CHANNEL_CLOSE over the TCP connection. - The SCP client can now also be used to directly inject the contents of a given byte array into a remote file (thanks to Dieter Baier for suggesting this). - Added support for specifying timeouts for connection establishment. Thanks to Rob Hasselbaum and Ben XYZ. - Performance improvement: we use only a single SecureRandom object per connection (until now there were multiple instances). - Fixed the Swingshell example program, it did not read in the known_hosts file on startup. (thanks to Ashwani Kumar). - There was a typo in the CBCMode class (srcoff was ignored), however since we always pass a zero offset the bug did not show up (thanks to Alex Pakhomov). - While implementing X11 support, found a strange X11 bug in OpenSSH (reported, openssh bug 1076). 12.10.2005: has been fixed for OpenSSH 4.3 by the OpenSSH crowd. - Changed the SingleThreadStdoutStderr example so that it uses the new condition wait interface. - Efficiently handle IPv4 addresses (when creating the underlying socket), there was a report that some JDK's try to lookup dotted addresses with the resolver. (thanks to Alexander Kitaev). - Added setTCPNoDelay() method to the Connection class. - Improved handling of unsupported global/channel requests received from the server. - The KEX code is now more robust. Also, the ServerHostKeyVerifier callback (if specified) will be called before doing any DH calculation. - Major cleanup (i.e., rewrite) of the SSH channel code. - Cleanup up Session class, removed unnecessary IOExceptions. - Implemented 2^32-1 conformance for channel windows. - I got several times questions by e-mail from people that have problems with "putty" keys. Added an entry to the FAQ. - Added an entry to the FAQ regarding how to handle servers with disabled password authentication (thanks to Nicolas Raoul). - Upcoming: SFTP support (in the meantime almost a running gag). - Changed the name from "Ganymed SSH2" to "Ganymed SSH-2". Will this improve the G**gle ranking? =) - Latest javadoc is now also online. build208, 2005-08-24: - Added support for RSA private keys (PEM format), also revised code for RSA signature verification. - Extended support for encrypted PEM files. Supported encryptions: DES-CBC, DES-EDE3-CBC, AES-128-CBC, AES-192-CBC and AES-256-CBC. - Added rather complete support for known_hosts files (in KnownHosts.java). The parser is able to understand the same pseudo-regex (*,?,!) syntax as OpenSSH clients. The class includes support for hostkey comparison as well as functionality to add accepted keys to a known_hosts file. One can also create OpenSSH compatible fingerprints (Hex and Bubblebabble). Hashed hostname entries are understood and can also be generated. - Restructured the examples section, added more examples. The examples should cover most issues. There is also a _very_ basic terminal emulator, see SwingShell.java. - It is now possible to override the default server hostkey algorithm order (for the key exchange) with the Connection.setServerHostKeyAlgorithms method. This makes sense in combination with known_hosts support (e.g., if you already know the server's public ssh-dss key, then you probably prefer the "ssh-dss" over the "ssh-rsa" algorithm). The used server hostkey algorithm is now also reflected in ConnectionInfo. - The default server hostkey algorithm order is now "ssh-rsa", "ssh-dss". - Important: revised Input- and OutputStream code, everything is now unbuffered (less memory consumption, more direct interface, see also StreamGobbler class and the FAQ). - Added StreamGobbler helper class. - Method verifyServerHostKey() in the ServerHostKeyVerifier may now throw exceptions (an alternative to returning "false"). - All background threads (the per-connection receive thread as well as all threads used in forwarders and StreamGobblers) now use setDaemon(true) on startup. - Added "diffie-hellman-group14-sha1" support to the key exchange code. - Added chained IOExceptions where applicable (IOException initialization with initCause()). - Cleaned up packet building code, removed unnecessary server-side methods. - Cleaned up javadoc of SCPClient: replaced umask with mode. - Fixed a bug in the server identification string parser. This actually prevented a successful key exchange with some ssh servers (the server's signature was rejected). Thanks to Alex Molochnikov for the initial bug report and for helping in tracking down the issue. - Fixed a buffer re-allocation bug in the beta version of the StreamGobbler class (thanks to Marc Lijour). - Fixed flawed UINT64 support (thanks to Bob Simons). - Fixed a bug in the build script of the beta builds (sftp beta directory was not completely removed) (thanks to Richard Hash). - Use zero based padding for unencrypted traffic. - Changed again the client identification string (the one presented to the server). - Created a FAQ, available on the website and in the distribution. - Revised javadoc comments. Also, the generated documentation is now located in the subdirectory "javadoc" instead of "doc" (in the distribution). - Added README.txt to the distribution. build207, 2005-07-21: - Added "Keyboard Interactive" authentication method: authenticateWithKeyboardInteractive() in Connection.java, also have a look at InteractiveCallback.java. - Extended authentication interface in Connection.java (backwards compatible). New functionality: getRemainingAuthMethods(), isAuthMethodAvailable(), isAuthenticationComplete() and isAuthenticationPartialSuccess(). - Using an authentication method not supported by the server leads now to an exception (instead of returning "false"). Use isAuthMethodAvailable() if you want to check for the availability of an authentication method. - Fixed a bug in SCPClient which sometimes lead to failed downloads. - Improved channel window handling. - Removed bogus (CVS) version string from Connection.java - Changed client identification string to "Ganymed_buildXXX". - Changed the jar file naming scheme (ganymed-ssh2-buildXXX.jar). - Started adding logging support for debugging purposes (currently only for development). - Cleanup of javadoc and comments at several places. - Reversed order of entries in HISTORY.TXT build206, 2005-07-04: - Fixed small resource issue with SCP (thanks to Michaël Giraud). - Added LocalStreamForwarder. - Added HISTORY.TXT build205, 2005-06-27: - Initial release. SoftwareAG-ganymed-ssh-2-ef7fbc4/LICENSE.txt000066400000000000000000000110301370551253600204770ustar00rootroot00000000000000Copyright (c) 2006 - 2013 Christian Plattner. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: a.) Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. b.) Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. c.) Neither the name of Christian Plattner nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This software includes work that was released under the following license: Copyright (c) 2005 - 2006 Swiss Federal Institute of Technology (ETH Zurich), Department of Computer Science (http://www.inf.ethz.ch), Christian Plattner. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: a.) Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. b.) Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. c.) Neither the name of ETH Zurich nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The Java implementations of the AES, Blowfish and 3DES ciphers have been taken (and slightly modified) from the cryptography package released by "The Legion Of The Bouncy Castle". Their license states the following: Copyright (c) 2000 - 2004 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. SoftwareAG-ganymed-ssh-2-ef7fbc4/README.txt000066400000000000000000000050201370551253600203540ustar00rootroot00000000000000This repository is forked from one of the automatic exports of code.google.com/p/ganymed-ssh-2 and contains updates on top of the ganymed-ssh2-262 tag. The ganymed-ssh2-262 tag was used to produce the latest public build in Maven Central, which is version 262, so builds from this repository should be version 263. The latest public build in Maven Central is available at https://search.maven.org/artifact/ch.ethz.ganymed/ganymed-ssh2/262/jar The following features were added in version 263: - Gradle build support. - OSGi support. - Message authentication: support for hmac-sha2-256 and hmac-sha2-512. - Key exchange: support for diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, and diffie-hellman-group18-sha512. The code from this repository is used in Software AG Command Central and tested using the Command Central continuous integration. However, this code is not officially supported by Software AG. ********************************** This software is provided as-is and without warranty or support. It does not constitute part of the Software AG product suite. Users are free to use, fork and modify it, subject to the license agreement. While Software AG welcomes contributions, we cannot guarantee to include every contribution in the master project. ********************************** Original content: Ganymed SSH-2 for Java - build 261 ================================== https://code.google.com/p/ganymed-ssh-2/ Ganymed SSH-2 for Java is a library which implements the SSH-2 protocol in pure Java (tested on J2SE 5 and 6). It allows one to connect to SSH servers from within Java programs. It supports SSH sessions (remote command execution and shell access), local and remote port forwarding, local stream forwarding, X11 forwarding, SCP and SFTP. There are no dependencies on any JCE provider, as all crypto functionality is included. There is also a basic (preliminary) SSH server implementation included. Ganymed SSH-2 for Java was originally developed by Christian Plattner for the Ganymed replication project and a couple of other projects at the IKS group at ETH Zurich (Switzerland). These days, the code is maintained by Dr. Christian Plattner and David Kocher. This distribution contains the source code, examples, javadoc and the FAQ. It also includes a pre-compiled jar version of the library which is ready to use. - Please read the included LICENCE.txt - Latest changes can be found in HISTORY.txt - The FAQ can be found in the FAQ.html Switzerland, August 2013 SoftwareAG-ganymed-ssh-2-ef7fbc4/build.gradle000066400000000000000000000026071370551253600211450ustar00rootroot00000000000000plugins { id 'java-library' } repositories { jcenter() } dependencies { testImplementation 'junit:junit:4.11' } group = 'ch.ethz.ganymed' version = '263' description = 'ganymed-ssh2' sourceCompatibility = '1.6' sourceSets.main.resources.srcDir project.rootDir sourceSets.main.resources.includes = [ 'FAQ.html', 'HISTORY.txt', 'LICENSE.txt', 'overview.html', 'README.txt' ] java { withSourcesJar() withJavadocJar() } javadoc.failOnError = false jar { manifest { attributes( 'Bundle-Description': 'Ganymed SSH2 Client Library', 'Bundle-SymbolicName': 'ch.ethz.ssh2.ganymed-ssh2', 'Bundle-ManifestVersion': '2', 'Bundle-ActivationPolicy': 'lazy', 'Bundle-RequiredExecutionEnvironment': 'JavaSE-1.6', 'Export-Package': 'ch.ethz.ssh2;version=1.0.0,ch.ethz.ssh2.auth;version=1.0.0,ch.ethz.ssh2.channel;version=1.0.0,ch.ethz.ssh2.crypto;version=1.0.0,ch.ethz.ssh2.crypto.cipher;version=1.0.0,ch.ethz.ssh2.crypto.dh;version=1.0.0,ch.ethz.ssh2.crypto.digest;version=1.0.0,ch.ethz.ssh2.log;version=1.0.0,ch.ethz.ssh2.packets;version=1.0.0,ch.ethz.ssh2.server;version=1.0.0,ch.ethz.ssh2.sftp;version=1.0.0,ch.ethz.ssh2.signature;version=1.0.0,ch.ethz.ssh2.transport;version=1.0.0,ch.ethz.ssh2.util;version=1.0.0', 'Bundle-Version': '1.0.263', 'Bundle-Name': 'Ganymed SSH2' ) } } SoftwareAG-ganymed-ssh-2-ef7fbc4/examples/000077500000000000000000000000001370551253600204775ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/examples/Basic.java000066400000000000000000000036201370551253600223640ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import ch.ethz.ssh2.Connection; import ch.ethz.ssh2.Session; import ch.ethz.ssh2.StreamGobbler; public class Basic { public static void main(String[] args) { String hostname = "127.0.0.1"; String username = "joe"; String password = "joespass"; try { /* Create a connection instance */ Connection conn = new Connection(hostname); /* Now connect */ conn.connect(); /* Authenticate. * If you get an IOException saying something like * "Authentication method password not supported by the server at this stage." * then please check the FAQ. */ boolean isAuthenticated = conn.authenticateWithPassword(username, password); if (isAuthenticated == false) throw new IOException("Authentication failed."); /* Create a session */ Session sess = conn.openSession(); sess.execCommand("uname -a && date && uptime && who"); System.out.println("Here is some information about the remote host:"); /* * This basic example does not handle stderr, which is sometimes dangerous * (please read the FAQ). */ InputStream stdout = new StreamGobbler(sess.getStdout()); BufferedReader br = new BufferedReader(new InputStreamReader(stdout)); while (true) { String line = br.readLine(); if (line == null) { br.close(); break; } System.out.println(line); } /* Show exit status, if available (otherwise "null") */ System.out.println("ExitCode: " + sess.getExitStatus()); /* Close this session */ sess.close(); /* Close the connection */ conn.close(); } catch (IOException e) { e.printStackTrace(System.err); System.exit(2); } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/examples/BasicServer.java000066400000000000000000000132631370551253600235570ustar00rootroot00000000000000/* * Copyright (c) 2006-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ import java.io.IOException; import java.math.BigInteger; import java.net.ServerSocket; import java.net.Socket; import java.security.SecureRandom; import java.util.Random; import ch.ethz.ssh2.AuthenticationResult; import ch.ethz.ssh2.ConnectionInfo; import ch.ethz.ssh2.PtySettings; import ch.ethz.ssh2.ServerAuthenticationCallback; import ch.ethz.ssh2.ServerConnection; import ch.ethz.ssh2.ServerConnectionCallback; import ch.ethz.ssh2.ServerSession; import ch.ethz.ssh2.ServerSessionCallback; import ch.ethz.ssh2.SimpleServerSessionCallback; import ch.ethz.ssh2.signature.RSAPrivateKey; public class BasicServer implements ServerAuthenticationCallback, ServerConnectionCallback { private static final int SERVER_PORT = 2222; private static final String AUTH_USER = "root"; private static final String AUTH_PASS = "kensentme"; public static void main(String[] args) throws IOException { BasicServer bs = new BasicServer(); bs.acceptSingleConnection(); } private static ServerConnection conn = null; private void acceptSingleConnection() throws IOException { System.out.println("Generating RSA private key..."); System.out.flush(); /* Generate random RSA private key */ Random rnd = new SecureRandom(); int N = 1500; BigInteger p = BigInteger.probablePrime(N / 2, rnd); BigInteger q = BigInteger.probablePrime(N / 2, rnd); BigInteger phi = (p.subtract(BigInteger.ONE)).multiply(q.subtract(BigInteger.ONE)); BigInteger n = p.multiply(q); BigInteger e = new BigInteger("65537"); BigInteger d = e.modInverse(phi); RSAPrivateKey hostkey = new RSAPrivateKey(d, e, n); /* Accept a connection */ System.out.println("Waiting for one (1) connection on port " + SERVER_PORT + "..."); System.out.flush(); ServerSocket ss = new ServerSocket(SERVER_PORT); Socket s = ss.accept(); ss.close(); // We only accept one connection and immediately close the server socket /* Wrap the established socket with a SSH-2 connection */ conn = new ServerConnection(s); conn.setRsaHostKey(hostkey); conn.setAuthenticationCallback(this); conn.setServerConnectionCallback(this); /* Do the kex exchange and asynchronously start processing requests */ System.out.println("Doing key exchange with client..."); System.out.flush(); conn.connect(); /* Show some information about the connection */ ConnectionInfo info = conn.getConnectionInfo(); System.out.println("Kex Algo: " + info.keyExchangeAlgorithm); System.out.println("Kex Count: " + info.keyExchangeCounter); System.out.println("Server Host Key Algo: " + info.serverHostKeyAlgorithm); System.out.println("C2S Crypto Algo: " + info.clientToServerCryptoAlgorithm); System.out.println("C2S MAC Algo: " + info.clientToServerMACAlgorithm); System.out.println("S2C Crypto Algo: " + info.serverToClientCryptoAlgorithm); System.out.println("S2C MAC Algo: " + info.serverToClientMACAlgorithm); System.out.flush(); /* The connection is working, have fun and force a key exchange every few * seconds to test whether the client is implemented correctly... */ while (true) { try { Thread.sleep(10000); } catch (InterruptedException e1) { } System.out.println("Forcing key exchange with client..."); System.out.flush(); conn.forceKeyExchange(); } } public ServerSessionCallback acceptSession(final ServerSession session) { SimpleServerSessionCallback cb = new SimpleServerSessionCallback() { @Override public Runnable requestPtyReq(final ServerSession ss, final PtySettings pty) throws IOException { return new Runnable() { public void run() { System.out.println("Client requested " + pty.term + " pty"); } }; } @Override public Runnable requestShell(final ServerSession ss) throws IOException { return new Runnable() { public void run() { try { while (true) { int c = ss.getStdout().read(); if (c < 0) { System.err.println("SESSION EOF"); return; } ss.getStdin().write(("You typed " + c + "\r\n").getBytes()); } } catch (IOException e) { System.err.println("SESSION DOWN"); e.printStackTrace(); } } }; } }; return cb; } public String initAuthentication(ServerConnection sc) { return "=====================================\r\nWelcome to the Ganymed SSH Server\r\nBeware of the barking dog!\r\n=====================================\r\n"; } public String[] getRemainingAuthMethods(ServerConnection sc) { return new String[] { ServerAuthenticationCallback.METHOD_PASSWORD, ServerAuthenticationCallback.METHOD_PUBLICKEY }; } public AuthenticationResult authenticateWithNone(ServerConnection sc, String username) { return AuthenticationResult.FAILURE; } public AuthenticationResult authenticateWithPassword(ServerConnection sc, String username, String password) { if (AUTH_USER.equals(username) && AUTH_PASS.equals(password)) return AuthenticationResult.SUCCESS; return AuthenticationResult.FAILURE; } public AuthenticationResult authenticateWithPublicKey(ServerConnection sc, String username, String algorithm, byte[] publickey, byte[] signature) { /* Isn't that a bit unfair? We offer public key authentication, but then deny every attempt =) */ return AuthenticationResult.FAILURE; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/examples/BasicWithHTTPProxy.java000066400000000000000000000044601370551253600247650ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import ch.ethz.ssh2.Connection; import ch.ethz.ssh2.HTTPProxyData; import ch.ethz.ssh2.Session; import ch.ethz.ssh2.StreamGobbler; public class BasicWithHTTPProxy { public static void main(String[] args) { String hostname = "my-ssh-server"; String username = "joe"; String password = "joespass"; String proxyHost = "192.168.1.1"; int proxyPort = 3128; // default port used by squid try { /* Create a connection instance */ Connection conn = new Connection(hostname); /* We want to connect through a HTTP proxy */ conn.setProxyData(new HTTPProxyData(proxyHost, proxyPort)); // if the proxy requires basic authentication: // conn.setProxyData(new HTTPProxyData(proxyHost, proxyPort, "username", "secret")); /* Now connect (through the proxy) */ conn.connect(); /* Authenticate. * If you get an IOException saying something like * "Authentication method password not supported by the server at this stage." * then please check the FAQ. */ boolean isAuthenticated = conn.authenticateWithPassword(username, password); if (isAuthenticated == false) throw new IOException("Authentication failed."); /* Create a session */ Session sess = conn.openSession(); sess.execCommand("uname -a && date && uptime && who"); System.out.println("Here is some information about the remote host:"); /* * This basic example does not handle stderr, which is sometimes dangerous * (please read the FAQ). */ InputStream stdout = new StreamGobbler(sess.getStdout()); BufferedReader br = new BufferedReader(new InputStreamReader(stdout)); while (true) { String line = br.readLine(); if (line == null) { br.close(); break; } System.out.println(line); } /* Show exit status, if available (otherwise "null") */ System.out.println("ExitCode: " + sess.getExitStatus()); /* Close this session */ sess.close(); /* Close the connection */ conn.close(); } catch (IOException e) { e.printStackTrace(System.err); System.exit(2); } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/examples/PortForwarding.java000066400000000000000000000065501370551253600243170ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ import java.io.File; import java.io.IOException; import ch.ethz.ssh2.Connection; import ch.ethz.ssh2.LocalPortForwarder; public class PortForwarding { public static void sleepSomeTime(long milliSeconds) { try { Thread.sleep(milliSeconds); } catch (InterruptedException e) { } } public static void main(String[] args) { String hostname = "127.0.0.1"; String username = "joe"; File keyfile = new File("~/.ssh/id_rsa"); // or "~/.ssh/id_dsa" String keyfilePass = "joespass"; // will be ignored if not needed try { /* Create a connection instance */ Connection conn = new Connection(hostname); /* Now connect */ conn.connect(); /* Authenticate */ boolean isAuthenticated = conn.authenticateWithPublicKey(username, keyfile, keyfilePass); if (isAuthenticated == false) throw new IOException("Authentication failed."); /* ===== OK, now let's establish some local port forwardings ===== */ /* Example Port Forwarding: -L 8080:www.ethz.ch:80 (OpenSSH notation) * * This works by allocating a socket to listen on 8080 on the local interface (127.0.0.1). * Whenever a connection is made to this port (127.0.0.1:8080), the connection is forwarded * over the secure channel, and a connection is made to www.ethz.ch:80 from the remote * machine (i.e., the ssh server). * * (the above text is based partially on the OpenSSH man page) */ /* You can create as many of them as you want */ LocalPortForwarder lpf1 = conn.createLocalPortForwarder(8080, "www.ethz.ch", 80); /* Now simply point your webbrowser to 127.0.0.1:8080 */ /* (on the host where you execute this program) */ /* ===== OK, now let's establish some remote port forwardings ===== */ /* Example Port Forwarding: -R 127.0.0.1:8080:www.ganymed.ethz.ch:80 (OpenSSH notation) * * Specifies that the port 127.0.0.1:8080 on the remote server is to be forwarded to the * given host and port on the local side. This works by allocating a socket to listen to port * 8080 on the remote side (the ssh server), and whenever a connection is made to this port, the * connection is forwarded over the secure channel, and a connection is made to * www.ganymed.ethz.ch:80 by the Ganymed SSH-2 library. * * (the above text is based partially on the OpenSSH man page) */ /* You can create as many of them as you want */ conn.requestRemotePortForwarding("127.0.0.1", 8080, "www.ganymed.ethz.ch", 80); /* Now, on the ssh server, if you connect to 127.0.0.1:8080, then the connection is forwarded * through the secure tunnel to the library, which in turn will forward the connection * to www.ganymed.ethz.ch:80. */ /* Sleep a bit... (30 seconds) */ sleepSomeTime(30000); /* Stop accepting remote connections that are being forwarded to www.ganymed.ethz.ch:80 */ conn.cancelRemotePortForwarding(8080); /* Sleep a bit... (20 seconds) */ sleepSomeTime(20000); /* Stop accepting connections on 127.0.0.1:8080 that are being forwarded to www.ethz.ch:80 */ lpf1.close(); /* Close the connection */ conn.close(); } catch (IOException e) { e.printStackTrace(System.err); System.exit(2); } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/examples/PublicKeyAuthentication.java000066400000000000000000000032151370551253600261320ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ import java.io.BufferedReader; import java.io.File; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import ch.ethz.ssh2.Connection; import ch.ethz.ssh2.Session; import ch.ethz.ssh2.StreamGobbler; public class PublicKeyAuthentication { public static void main(String[] args) { String hostname = "127.0.0.1"; String username = "joe"; File keyfile = new File("~/.ssh/id_rsa"); // or "~/.ssh/id_dsa" String keyfilePass = "joespass"; // will be ignored if not needed try { /* Create a connection instance */ Connection conn = new Connection(hostname); /* Now connect */ conn.connect(); /* Authenticate */ boolean isAuthenticated = conn.authenticateWithPublicKey(username, keyfile, keyfilePass); if (isAuthenticated == false) throw new IOException("Authentication failed."); /* Create a session */ Session sess = conn.openSession(); sess.execCommand("uname -a && date && uptime && who"); InputStream stdout = new StreamGobbler(sess.getStdout()); BufferedReader br = new BufferedReader(new InputStreamReader(stdout)); System.out.println("Here is some information about the remote host:"); while (true) { String line = br.readLine(); if (line == null) { br.close(); break; } System.out.println(line); } /* Close this session */ sess.close(); /* Close the connection */ conn.close(); } catch (IOException e) { e.printStackTrace(System.err); System.exit(2); } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/examples/SimpleVerifier.java000066400000000000000000000027111370551253600242700ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ import ch.ethz.ssh2.KnownHosts; import ch.ethz.ssh2.ServerHostKeyVerifier; class SimpleVerifier implements ServerHostKeyVerifier { KnownHosts database; /* * This class is being used by the UsingKnownHosts.java example. */ public SimpleVerifier(KnownHosts database) { if (database == null) throw new IllegalArgumentException(); this.database = database; } public boolean verifyServerHostKey(String hostname, int port, String serverHostKeyAlgorithm, byte[] serverHostKey) throws Exception { int result = database.verifyHostkey(hostname, serverHostKeyAlgorithm, serverHostKey); switch (result) { case KnownHosts.HOSTKEY_IS_OK: return true; // We are happy case KnownHosts.HOSTKEY_IS_NEW: // Unknown host? Blindly accept the key and put it into the cache. // Well, you definitely can do better (e.g., ask the user). // The following call will ONLY put the key into the memory cache! // To save it in a known hosts file, also call "KnownHosts.addHostkeyToFile(...)" database.addHostkey(new String[] { hostname }, serverHostKeyAlgorithm, serverHostKey); return true; case KnownHosts.HOSTKEY_HAS_CHANGED: // Close the connection if the hostkey has changed. // Better: ask user and add new key to database. return false; default: throw new IllegalStateException(); } } }SoftwareAG-ganymed-ssh-2-ef7fbc4/examples/SingleThreadStdoutStderr.java000066400000000000000000000076741370551253600263200ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ import java.io.IOException; import java.io.InputStream; import ch.ethz.ssh2.ChannelCondition; import ch.ethz.ssh2.Connection; import ch.ethz.ssh2.Session; public class SingleThreadStdoutStderr { public static void main(String[] args) { String hostname = "127.0.0.1"; String username = "joe"; String password = "joespass"; try { /* Create a connection instance */ Connection conn = new Connection(hostname); /* Now connect */ conn.connect(); /* Authenticate */ boolean isAuthenticated = conn.authenticateWithPassword(username, password); if (isAuthenticated == false) throw new IOException("Authentication failed."); /* Create a session */ Session sess = conn.openSession(); sess.execCommand("echo \"Huge amounts of text on STDOUT\"; echo \"Huge amounts of text on STDERR\" >&2"); /* * Advanced: * The following is a demo on how one can read from stdout and * stderr without having to use two parallel worker threads (i.e., * we don't use the Streamgobblers here) and at the same time not * risking a deadlock (due to a filled SSH2 channel window, caused * by the stream which you are currently NOT reading from =). */ /* Don't wrap these streams and don't let other threads work on * these streams while you work with Session.waitForCondition()!!! */ InputStream stdout = sess.getStdout(); InputStream stderr = sess.getStderr(); byte[] buffer = new byte[8192]; while (true) { if ((stdout.available() == 0) && (stderr.available() == 0)) { /* Even though currently there is no data available, it may be that new data arrives * and the session's underlying channel is closed before we call waitForCondition(). * This means that EOF and STDOUT_DATA (or STDERR_DATA, or both) may * be set together. */ int conditions = sess.waitForCondition(ChannelCondition.STDOUT_DATA | ChannelCondition.STDERR_DATA | ChannelCondition.EOF, 2000); /* Wait no longer than 2 seconds (= 2000 milliseconds) */ if ((conditions & ChannelCondition.TIMEOUT) != 0) { /* A timeout occured. */ throw new IOException("Timeout while waiting for data from peer."); } /* Here we do not need to check separately for CLOSED, since CLOSED implies EOF */ if ((conditions & ChannelCondition.EOF) != 0) { /* The remote side won't send us further data... */ if ((conditions & (ChannelCondition.STDOUT_DATA | ChannelCondition.STDERR_DATA)) == 0) { /* ... and we have consumed all data in the local arrival window. */ break; } } /* OK, either STDOUT_DATA or STDERR_DATA (or both) is set. */ // You can be paranoid and check that the library is not going nuts: // if ((conditions & (ChannelCondition.STDOUT_DATA | ChannelCondition.STDERR_DATA)) == 0) // throw new IllegalStateException("Unexpected condition result (" + conditions + ")"); } /* If you below replace "while" with "if", then the way the output appears on the local * stdout and stder streams is more "balanced". Addtionally reducing the buffer size * will also improve the interleaving, but performance will slightly suffer. * OKOK, that all matters only if you get HUGE amounts of stdout and stderr data =) */ while (stdout.available() > 0) { int len = stdout.read(buffer); if (len > 0) // this check is somewhat paranoid System.out.write(buffer, 0, len); } while (stderr.available() > 0) { int len = stderr.read(buffer); if (len > 0) // this check is somewhat paranoid System.err.write(buffer, 0, len); } } /* Close this session */ sess.close(); /* Close the connection */ conn.close(); } catch (IOException e) { e.printStackTrace(System.err); System.exit(2); } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/examples/StdoutAndStderr.java000066400000000000000000000036441370551253600244420ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import ch.ethz.ssh2.Connection; import ch.ethz.ssh2.Session; import ch.ethz.ssh2.StreamGobbler; public class StdoutAndStderr { public static void main(String[] args) { String hostname = "127.0.0.1"; String username = "joe"; String password = "joespass"; try { /* Create a connection instance */ Connection conn = new Connection(hostname); /* Now connect */ conn.connect(); /* Authenticate */ boolean isAuthenticated = conn.authenticateWithPassword(username, password); if (isAuthenticated == false) throw new IOException("Authentication failed."); /* Create a session */ Session sess = conn.openSession(); sess.execCommand("echo \"Text on STDOUT\"; echo \"Text on STDERR\" >&2"); InputStream stdout = new StreamGobbler(sess.getStdout()); InputStream stderr = new StreamGobbler(sess.getStderr()); BufferedReader stdoutReader = new BufferedReader(new InputStreamReader(stdout)); BufferedReader stderrReader = new BufferedReader(new InputStreamReader(stderr)); System.out.println("Here is the output from stdout:"); while (true) { String line = stdoutReader.readLine(); if (line == null) { stdoutReader.close(); break; } System.out.println(line); } System.out.println("Here is the output from stderr:"); while (true) { String line = stderrReader.readLine(); if (line == null) { stderrReader.close(); break; } System.out.println(line); } /* Close this session */ sess.close(); /* Close the connection */ conn.close(); } catch (IOException e) { e.printStackTrace(System.err); System.exit(2); } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/examples/SwingShell.java000066400000000000000000000430701370551253600234250ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ import java.awt.BorderLayout; import java.awt.Color; import java.awt.FlowLayout; import java.awt.Font; import java.awt.event.ActionEvent; import java.awt.event.ActionListener; import java.awt.event.KeyAdapter; import java.awt.event.KeyEvent; import java.io.File; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import javax.swing.BoxLayout; import javax.swing.JButton; import javax.swing.JDialog; import javax.swing.JFrame; import javax.swing.JLabel; import javax.swing.JOptionPane; import javax.swing.JPanel; import javax.swing.JPasswordField; import javax.swing.JTextArea; import javax.swing.JTextField; import javax.swing.SwingUtilities; import ch.ethz.ssh2.Connection; import ch.ethz.ssh2.InteractiveCallback; import ch.ethz.ssh2.KnownHosts; import ch.ethz.ssh2.ServerHostKeyVerifier; import ch.ethz.ssh2.Session; /** * * This is a very primitive SSH-2 dumb terminal (Swing based). * * The purpose of this class is to demonstrate: * * - Verifying server hostkeys with an existing known_hosts file * - Displaying fingerprints of server hostkeys * - Adding a server hostkey to a known_hosts file (+hashing the hostname for security) * - Authentication with DSA, RSA, password and keyboard-interactive methods * */ public class SwingShell { /* * NOTE: to get this feature to work, replace the "tilde" with your home directory, * at least my JVM does not understand it. Need to check the specs. */ static final String knownHostPath = "~/.ssh/known_hosts"; static final String idDSAPath = "~/.ssh/id_dsa"; static final String idRSAPath = "~/.ssh/id_rsa"; JFrame loginFrame = null; JLabel hostLabel; JLabel userLabel; JTextField hostField; JTextField userField; JButton loginButton; KnownHosts database = new KnownHosts(); public SwingShell() { File knownHostFile = new File(knownHostPath); if (knownHostFile.exists()) { try { database.addHostkeys(knownHostFile); } catch (IOException e) { } } } /** * This dialog displays a number of text lines and a text field. * The text field can either be plain text or a password field. */ class EnterSomethingDialog extends JDialog { private static final long serialVersionUID = 1L; JTextField answerField; JPasswordField passwordField; final boolean isPassword; String answer; public EnterSomethingDialog(JFrame parent, String title, String content, boolean isPassword) { this(parent, title, new String[] { content }, isPassword); } public EnterSomethingDialog(JFrame parent, String title, String[] content, boolean isPassword) { super(parent, title, true); this.isPassword = isPassword; JPanel pan = new JPanel(); pan.setLayout(new BoxLayout(pan, BoxLayout.Y_AXIS)); for (int i = 0; i < content.length; i++) { if ((content[i] == null) || (content[i] == "")) continue; JLabel contentLabel = new JLabel(content[i]); pan.add(contentLabel); } answerField = new JTextField(20); passwordField = new JPasswordField(20); if (isPassword) pan.add(passwordField); else pan.add(answerField); KeyAdapter kl = new KeyAdapter() { public void keyTyped(KeyEvent e) { if (e.getKeyChar() == '\n') finish(); } }; answerField.addKeyListener(kl); passwordField.addKeyListener(kl); getContentPane().add(BorderLayout.CENTER, pan); setResizable(false); pack(); setLocationRelativeTo(null); } private void finish() { if (isPassword) answer = new String(passwordField.getPassword()); else answer = answerField.getText(); dispose(); } } /** * TerminalDialog is probably the worst terminal emulator ever written - implementing * a real vt100 is left as an exercise to the reader, i.e., to you =) * */ class TerminalDialog extends JDialog { private static final long serialVersionUID = 1L; JPanel botPanel; JButton logoffButton; JTextArea terminalArea; Session sess; InputStream in; OutputStream out; int x, y; /** * This thread consumes output from the remote server and displays it in * the terminal window. * */ class RemoteConsumer extends Thread { char[][] lines = new char[y][]; int posy = 0; int posx = 0; private void addText(byte[] data, int len) { for (int i = 0; i < len; i++) { char c = (char) (data[i] & 0xff); if (c == 8) // Backspace, VERASE { if (posx < 0) continue; posx--; continue; } if (c == '\r') { posx = 0; continue; } if (c == '\n') { posy++; if (posy >= y) { for (int k = 1; k < y; k++) lines[k - 1] = lines[k]; posy--; lines[y - 1] = new char[x]; for (int k = 0; k < x; k++) lines[y - 1][k] = ' '; } continue; } if (c < 32) { continue; } if (posx >= x) { posx = 0; posy++; if (posy >= y) { posy--; for (int k = 1; k < y; k++) lines[k - 1] = lines[k]; lines[y - 1] = new char[x]; for (int k = 0; k < x; k++) lines[y - 1][k] = ' '; } } if (lines[posy] == null) { lines[posy] = new char[x]; for (int k = 0; k < x; k++) lines[posy][k] = ' '; } lines[posy][posx] = c; posx++; } StringBuffer sb = new StringBuffer(x * y); for (int i = 0; i < lines.length; i++) { if (i != 0) sb.append('\n'); if (lines[i] != null) { sb.append(lines[i]); } } setContent(sb.toString()); } public void run() { byte[] buff = new byte[8192]; try { while (true) { int len = in.read(buff); if (len == -1) return; addText(buff, len); } } catch (Exception e) { } } } public TerminalDialog(JFrame parent, String title, Session sess, int x, int y) throws IOException { super(parent, title, true); this.sess = sess; in = sess.getStdout(); out = sess.getStdin(); this.x = x; this.y = y; botPanel = new JPanel(new FlowLayout(FlowLayout.LEFT)); logoffButton = new JButton("Logout"); botPanel.add(logoffButton); logoffButton.addActionListener(new ActionListener() { public void actionPerformed(ActionEvent e) { /* Dispose the dialog, "setVisible(true)" method will return */ dispose(); } }); Font f = new Font("Monospaced", Font.PLAIN, 16); terminalArea = new JTextArea(y, x); terminalArea.setFont(f); terminalArea.setBackground(Color.BLACK); terminalArea.setForeground(Color.ORANGE); /* This is a hack. We cannot disable the caret, * since setting editable to false also changes * the meaning of the TAB key - and I want to use it in bash. * Again - this is a simple DEMO terminal =) */ terminalArea.setCaretColor(Color.BLACK); KeyAdapter kl = new KeyAdapter() { public void keyTyped(KeyEvent e) { int c = e.getKeyChar(); try { out.write(c); } catch (IOException e1) { } e.consume(); } }; terminalArea.addKeyListener(kl); getContentPane().add(terminalArea, BorderLayout.CENTER); getContentPane().add(botPanel, BorderLayout.PAGE_END); setResizable(false); pack(); setLocationRelativeTo(parent); new RemoteConsumer().start(); } public void setContent(String lines) { // setText is thread safe, it does not have to be called from // the Swing GUI thread. terminalArea.setText(lines); } } /** * This ServerHostKeyVerifier asks the user on how to proceed if a key cannot be found * in the in-memory database. * */ class AdvancedVerifier implements ServerHostKeyVerifier { public boolean verifyServerHostKey(String hostname, int port, String serverHostKeyAlgorithm, byte[] serverHostKey) throws Exception { final String host = hostname; final String algo = serverHostKeyAlgorithm; String message; /* Check database */ int result = database.verifyHostkey(hostname, serverHostKeyAlgorithm, serverHostKey); switch (result) { case KnownHosts.HOSTKEY_IS_OK: return true; case KnownHosts.HOSTKEY_IS_NEW: message = "Do you want to accept the hostkey (type " + algo + ") from " + host + " ?\n"; break; case KnownHosts.HOSTKEY_HAS_CHANGED: message = "WARNING! Hostkey for " + host + " has changed!\nAccept anyway?\n"; break; default: throw new IllegalStateException(); } /* Include the fingerprints in the message */ String hexFingerprint = KnownHosts.createHexFingerprint(serverHostKeyAlgorithm, serverHostKey); String bubblebabbleFingerprint = KnownHosts.createBubblebabbleFingerprint(serverHostKeyAlgorithm, serverHostKey); message += "Hex Fingerprint: " + hexFingerprint + "\nBubblebabble Fingerprint: " + bubblebabbleFingerprint; /* Now ask the user */ int choice = JOptionPane.showConfirmDialog(loginFrame, message); if (choice == JOptionPane.YES_OPTION) { /* Be really paranoid. We use a hashed hostname entry */ String hashedHostname = KnownHosts.createHashedHostname(hostname); /* Add the hostkey to the in-memory database */ database.addHostkey(new String[] { hashedHostname }, serverHostKeyAlgorithm, serverHostKey); /* Also try to add the key to a known_host file */ try { KnownHosts.addHostkeyToFile(new File(knownHostPath), new String[] { hashedHostname }, serverHostKeyAlgorithm, serverHostKey); } catch (IOException ignore) { } return true; } if (choice == JOptionPane.CANCEL_OPTION) { throw new Exception("The user aborted the server hostkey verification."); } return false; } } /** * The logic that one has to implement if "keyboard-interactive" autentication shall be * supported. * */ class InteractiveLogic implements InteractiveCallback { int promptCount = 0; String lastError; public InteractiveLogic(String lastError) { this.lastError = lastError; } /* the callback may be invoked several times, depending on how many questions-sets the server sends */ public String[] replyToChallenge(String name, String instruction, int numPrompts, String[] prompt, boolean[] echo) throws IOException { String[] result = new String[numPrompts]; for (int i = 0; i < numPrompts; i++) { /* Often, servers just send empty strings for "name" and "instruction" */ String[] content = new String[] { lastError, name, instruction, prompt[i] }; if (lastError != null) { /* show lastError only once */ lastError = null; } EnterSomethingDialog esd = new EnterSomethingDialog(loginFrame, "Keyboard Interactive Authentication", content, !echo[i]); esd.setVisible(true); if (esd.answer == null) throw new IOException("Login aborted by user"); result[i] = esd.answer; promptCount++; } return result; } /* We maintain a prompt counter - this enables the detection of situations where the ssh * server is signaling "authentication failed" even though it did not send a single prompt. */ public int getPromptCount() { return promptCount; } } /** * The SSH-2 connection is established in this thread. * If we would not use a separate thread (e.g., put this code in * the event handler of the "Login" button) then the GUI would not * be responsive (missing window repaints if you move the window etc.) */ class ConnectionThread extends Thread { String hostname; String username; public ConnectionThread(String hostname, String username) { this.hostname = hostname; this.username = username; } public void run() { Connection conn = new Connection(hostname); try { /* * * CONNECT AND VERIFY SERVER HOST KEY (with callback) * */ String[] hostkeyAlgos = database.getPreferredServerHostkeyAlgorithmOrder(hostname); if (hostkeyAlgos != null) conn.setServerHostKeyAlgorithms(hostkeyAlgos); conn.connect(new AdvancedVerifier()); /* * * AUTHENTICATION PHASE * */ boolean enableKeyboardInteractive = true; boolean enableDSA = true; boolean enableRSA = true; String lastError = null; while (true) { if ((enableDSA || enableRSA) && conn.isAuthMethodAvailable(username, "publickey")) { if (enableDSA) { File key = new File(idDSAPath); if (key.exists()) { EnterSomethingDialog esd = new EnterSomethingDialog(loginFrame, "DSA Authentication", new String[] { lastError, "Enter DSA private key password:" }, true); esd.setVisible(true); boolean res = conn.authenticateWithPublicKey(username, key, esd.answer); if (res == true) break; lastError = "DSA authentication failed."; } enableDSA = false; // do not try again } if (enableRSA) { File key = new File(idRSAPath); if (key.exists()) { EnterSomethingDialog esd = new EnterSomethingDialog(loginFrame, "RSA Authentication", new String[] { lastError, "Enter RSA private key password:" }, true); esd.setVisible(true); boolean res = conn.authenticateWithPublicKey(username, key, esd.answer); if (res == true) break; lastError = "RSA authentication failed."; } enableRSA = false; // do not try again } continue; } if (enableKeyboardInteractive && conn.isAuthMethodAvailable(username, "keyboard-interactive")) { InteractiveLogic il = new InteractiveLogic(lastError); boolean res = conn.authenticateWithKeyboardInteractive(username, il); if (res == true) break; if (il.getPromptCount() == 0) { // aha. the server announced that it supports "keyboard-interactive", but when // we asked for it, it just denied the request without sending us any prompt. // That happens with some server versions/configurations. // We just disable the "keyboard-interactive" method and notify the user. lastError = "Keyboard-interactive does not work."; enableKeyboardInteractive = false; // do not try this again } else { lastError = "Keyboard-interactive auth failed."; // try again, if possible } continue; } if (conn.isAuthMethodAvailable(username, "password")) { final EnterSomethingDialog esd = new EnterSomethingDialog(loginFrame, "Password Authentication", new String[] { lastError, "Enter password for " + username }, true); esd.setVisible(true); if (esd.answer == null) throw new IOException("Login aborted by user"); boolean res = conn.authenticateWithPassword(username, esd.answer); if (res == true) break; lastError = "Password authentication failed."; // try again, if possible continue; } throw new IOException("No supported authentication methods available."); } /* * * AUTHENTICATION OK. DO SOMETHING. * */ Session sess = conn.openSession(); int x_width = 90; int y_width = 30; sess.requestPTY("dumb", x_width, y_width, 0, 0, null); sess.startShell(); TerminalDialog td = new TerminalDialog(loginFrame, username + "@" + hostname, sess, x_width, y_width); /* The following call blocks until the dialog has been closed */ td.setVisible(true); } catch (IOException e) { //e.printStackTrace(); JOptionPane.showMessageDialog(loginFrame, "Exception: " + e.getMessage()); } /* * * CLOSE THE CONNECTION. * */ conn.close(); /* * * CLOSE THE LOGIN FRAME - APPLICATION WILL BE EXITED (no more frames) * */ Runnable r = new Runnable() { public void run() { loginFrame.dispose(); } }; SwingUtilities.invokeLater(r); } } void loginPressed() { String hostname = hostField.getText().trim(); String username = userField.getText().trim(); if ((hostname.length() == 0) || (username.length() == 0)) { JOptionPane.showMessageDialog(loginFrame, "Please fill out both fields!"); return; } loginButton.setEnabled(false); hostField.setEnabled(false); userField.setEnabled(false); ConnectionThread ct = new ConnectionThread(hostname, username); ct.start(); } void showGUI() { loginFrame = new JFrame("Ganymed SSH2 SwingShell"); hostLabel = new JLabel("Hostname:"); userLabel = new JLabel("Username:"); hostField = new JTextField("", 20); userField = new JTextField("", 10); loginButton = new JButton("Login"); loginButton.addActionListener(new ActionListener() { public void actionPerformed(java.awt.event.ActionEvent e) { loginPressed(); } }); JPanel loginPanel = new JPanel(); loginPanel.add(hostLabel); loginPanel.add(hostField); loginPanel.add(userLabel); loginPanel.add(userField); loginPanel.add(loginButton); loginFrame.getRootPane().setDefaultButton(loginButton); loginFrame.getContentPane().add(loginPanel, BorderLayout.PAGE_START); //loginFrame.getContentPane().add(textArea, BorderLayout.CENTER); loginFrame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); loginFrame.pack(); loginFrame.setResizable(false); loginFrame.setLocationRelativeTo(null); loginFrame.setVisible(true); } void startGUI() { Runnable r = new Runnable() { public void run() { showGUI(); } }; SwingUtilities.invokeLater(r); } public static void main(String[] args) { SwingShell client = new SwingShell(); client.startGUI(); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/examples/UsingKnownHosts.java000066400000000000000000000035271370551253600244740ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ import java.io.BufferedReader; import java.io.File; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import ch.ethz.ssh2.Connection; import ch.ethz.ssh2.KnownHosts; import ch.ethz.ssh2.Session; import ch.ethz.ssh2.StreamGobbler; public class UsingKnownHosts { static KnownHosts database = new KnownHosts(); public static void main(String[] args) throws IOException { String hostname = "somehost"; String username = "joe"; String password = "joespass"; File knownHosts = new File("~/.ssh/known_hosts"); try { /* Load known_hosts file into in-memory database */ if (knownHosts.exists()) database.addHostkeys(knownHosts); /* Create a connection instance */ Connection conn = new Connection(hostname); /* Now connect and use the SimpleVerifier */ conn.connect(new SimpleVerifier(database)); /* Authenticate */ boolean isAuthenticated = conn.authenticateWithPassword(username, password); if (isAuthenticated == false) throw new IOException("Authentication failed."); /* Create a session */ Session sess = conn.openSession(); sess.execCommand("uname -a && date && uptime && who"); InputStream stdout = new StreamGobbler(sess.getStdout()); BufferedReader br = new BufferedReader(new InputStreamReader(stdout)); System.out.println("Here is some information about the remote host:"); while (true) { String line = br.readLine(); if (line == null) { br.close(); break; } System.out.println(line); } /* Close this session */ sess.close(); /* Close the connection */ conn.close(); } catch (IOException e) { e.printStackTrace(System.err); System.exit(2); } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/overview.html000066400000000000000000000014001370551253600214100ustar00rootroot00000000000000 Ganymed SSH2 for Java is a library which implements the SSH-2 protocol in pure Java. It allows one to connect to SSH servers from within Java programs. It supports SSH sessions (remote command execution and shell access), local and remote port forwarding, local stream forwarding, X11 forwarding, SCP and SFTP. There are no dependencies on any JCE provider, as all crypto functionality is included.

Ganymed SSH2 for Java was first developed for the Ganymed replication project and a couple of other projects at the IKS group at ETH Zurich.

Website: https://code.google.com/p/ganymed-ssh-2/.

Please read the included LICENCE.txt, latest changes can be found in HISTORY.txt. SoftwareAG-ganymed-ssh-2-ef7fbc4/pom.xml000066400000000000000000000207661370551253600202110ustar00rootroot00000000000000 org.sonatype.oss oss-parent 7 4.0.0 ch.ethz.ganymed ganymed-ssh2 jar 262 ganymed-ssh-2 Ganymed SSH-2: Java based SSH-2 Protocol Implementation https://code.google.com/p/ganymed-ssh-2/ 3.0 BSD 3-Clause License http://opensource.org/licenses/BSD-3-Clause Christian Plattner cleondris info@cleondris.ch Cleondris GmbH David Kocher iterate post@iterate.ch iterate GmbH 1.6 1.6 UTF-8 http://ganymed-ssh-2.googlecode.com/svn/tags/ganymed-ssh2-262 scm:svn:https://ganymed-ssh-2.googlecode.com/svn/tags/ganymed-ssh2-262 scm:svn:https://ganymed-ssh-2.googlecode.com/svn/tags/ganymed-ssh2-262 junit junit 4.11 test junit junit ${basedir} LICENSE.txt HISTORY.txt README.txt FAQ.html org.apache.maven.plugins maven-compiler-plugin 3.1 ${maven.compile.source} ${maven.compile.target} ${source.encoding} org.apache.maven.plugins maven-resources-plugin 2.6 UTF-8 org.apache.maven.plugins maven-jar-plugin 2.4 true true org.apache.maven.plugins maven-source-plugin 2.2.1 attach-sources jar org.apache.maven.plugins maven-javadoc-plugin 2.9 attach-javadocs jar http://download.oracle.com/javase/${maven.compile.target}/docs/api/ ${basedir}/overview.html ${source.encoding} org.apache.maven.plugins maven-surefire-plugin 2.12 org.apache.maven.plugins maven-site-plugin 3.2 org.codehaus.mojo sonar-maven-plugin 2.0 org.sonatype.plugins nexus-staging-maven-plugin 1.6 true sonatype-nexus-staging https://oss.sonatype.org/ true release-sign-artifacts performRelease true org.apache.maven.plugins maven-gpg-plugin 1.4 sign-artifacts verify sign org.apache.maven.plugins maven-project-info-reports-plugin 2.6 org.apache.maven.plugins maven-jxr-plugin 2.3 ${source.encoding} ${source.encoding} org.apache.maven.plugins maven-surefire-report-plugin 2.12.4 SoftwareAG-ganymed-ssh-2-ef7fbc4/settings.gradle000066400000000000000000000000421370551253600216750ustar00rootroot00000000000000rootProject.name = 'ganymed-ssh2' SoftwareAG-ganymed-ssh-2-ef7fbc4/src/000077500000000000000000000000001370551253600174505ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/000077500000000000000000000000001370551253600203745ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/000077500000000000000000000000001370551253600213155ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/000077500000000000000000000000001370551253600217075ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/000077500000000000000000000000001370551253600226615ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/000077500000000000000000000000001370551253600235405ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/AuthenticationResult.java000066400000000000000000000007141370551253600305630ustar00rootroot00000000000000 package ch.ethz.ssh2; public enum AuthenticationResult { /** * */ SUCCESS, /** * The authentication request to which this is a response was successful, however, more * authentication requests are needed (multi-method authentication sequence). * * @see ServerAuthenticationCallback#getRemainingAuthMethods(ServerConnection) */ PARTIAL_SUCCESS, /** * The server rejected the authentication request. */ FAILURE } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/ChannelCondition.java000066400000000000000000000037211370551253600276250ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; /** * Contains constants that can be used to specify what conditions to wait for on * a SSH-2 channel (e.g., represented by a {@link Session}). * * @see Session#waitForCondition(int, long) * * @author Christian Plattner * @version 2.50, 03/15/10 */ public abstract interface ChannelCondition { /** * A timeout has occurred, none of your requested conditions is fulfilled. * However, other conditions may be true - therefore, NEVER use the "==" * operator to test for this (or any other) condition. Always use * something like ((cond & ChannelCondition.CLOSED) != 0). */ public static final int TIMEOUT = 1; /** * The underlying SSH-2 channel, however not necessarily the whole connection, * has been closed. This implies EOF. Note that there may still * be unread stdout or stderr data in the local window, i.e, STDOUT_DATA * or/and STDERR_DATA may be set at the same time. */ public static final int CLOSED = 2; /** * There is stdout data available that is ready to be consumed. */ public static final int STDOUT_DATA = 4; /** * There is stderr data available that is ready to be consumed. */ public static final int STDERR_DATA = 8; /** * EOF on has been reached, no more _new_ stdout or stderr data will arrive * from the remote server. However, there may be unread stdout or stderr * data, i.e, STDOUT_DATA or/and STDERR_DATA * may be set at the same time. */ public static final int EOF = 16; /** * The exit status of the remote process is available. * Some servers never send the exist status, or occasionally "forget" to do so. */ public static final int EXIT_STATUS = 32; /** * The exit signal of the remote process is available. */ public static final int EXIT_SIGNAL = 64; } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/Connection.java000066400000000000000000001476671370551253600265270ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; import java.io.CharArrayWriter; import java.io.File; import java.io.FileReader; import java.io.IOException; import java.net.InetSocketAddress; import java.net.SocketTimeoutException; import java.security.SecureRandom; import java.util.ArrayList; import java.util.List; import ch.ethz.ssh2.auth.AgentProxy; import ch.ethz.ssh2.auth.AuthenticationManager; import ch.ethz.ssh2.channel.ChannelManager; import ch.ethz.ssh2.crypto.CryptoWishList; import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory; import ch.ethz.ssh2.crypto.digest.MAC; import ch.ethz.ssh2.packets.PacketIgnore; import ch.ethz.ssh2.transport.ClientTransportManager; import ch.ethz.ssh2.transport.HTTPProxyClientTransportManager; import ch.ethz.ssh2.transport.KexManager; import ch.ethz.ssh2.util.TimeoutService; import ch.ethz.ssh2.util.TimeoutService.TimeoutToken; /** * A Connection is used to establish an encrypted TCP/IP * connection to a SSH-2 server. *

* Typically, one *

    *
  1. creates a {@link #Connection(String) Connection} object.
  2. *
  3. calls the {@link #connect() connect()} method.
  4. *
  5. calls some of the authentication methods (e.g., {@link #authenticateWithPublicKey(String, File, String) authenticateWithPublicKey()}).
  6. *
  7. calls one or several times the {@link #openSession() openSession()} method.
  8. *
  9. finally, one must close the connection and release resources with the {@link #close() close()} method.
  10. *
* * @author Christian Plattner * @version $Id$ */ public class Connection { /** * The identifier presented to the SSH-2 server. This is the same * as the "softwareversion" defined in RFC 4253. *

* NOTE: As per the RFC, the "softwareversion" string MUST consist of printable * US-ASCII characters, with the exception of whitespace characters and the minus sign (-). */ private String softwareversion = String.format("Ganymed_%s", Version.getSpecification()); /* Will be used to generate all random data needed for the current connection. * Note: SecureRandom.nextBytes() is thread safe. */ private SecureRandom generator; /** * Unless you know what you are doing, you will never need this. * * @return The list of supported cipher algorithms by this implementation. */ public static synchronized String[] getAvailableCiphers() { return BlockCipherFactory.getDefaultCipherList(); } /** * Unless you know what you are doing, you will never need this. * * @return The list of supported MAC algorthims by this implementation. */ public static synchronized String[] getAvailableMACs() { return MAC.getMacList(); } /** * Unless you know what you are doing, you will never need this. * * @return The list of supported server host key algorthims by this implementation. */ public static synchronized String[] getAvailableServerHostKeyAlgorithms() { return KexManager.getDefaultServerHostkeyAlgorithmList(); } private AuthenticationManager am; private boolean authenticated; private ChannelManager cm; private CryptoWishList cryptoWishList = new CryptoWishList(); private DHGexParameters dhgexpara = new DHGexParameters(); private final String hostname; private final int port; private ClientTransportManager tm; private boolean tcpNoDelay = false; private HTTPProxyData proxy; private List connectionMonitors = new ArrayList(); /** * Prepares a fresh Connection object which can then be used * to establish a connection to the specified SSH-2 server. *

* Same as {@link #Connection(String, int) Connection(hostname, 22)}. * * @param hostname the hostname of the SSH-2 server. */ public Connection(String hostname) { this(hostname, 22); } /** * Prepares a fresh Connection object which can then be used * to establish a connection to the specified SSH-2 server. * * @param hostname the host where we later want to connect to. * @param port port on the server, normally 22. */ public Connection(String hostname, int port) { this.hostname = hostname; this.port = port; } /** * Prepares a fresh Connection object which can then be used * to establish a connection to the specified SSH-2 server. * * @param hostname the host where we later want to connect to. * @param port port on the server, normally 22. * @param softwareversion Allows you to set a custom "softwareversion" string as defined in RFC 4253. * NOTE: As per the RFC, the "softwareversion" string MUST consist of printable * US-ASCII characters, with the exception of whitespace characters and the minus sign (-). */ public Connection(String hostname, int port, String softwareversion) { this.hostname = hostname; this.port = port; this.softwareversion = softwareversion; } public Connection(String hostname, int port, final HTTPProxyData proxy) { this.hostname = hostname; this.port = port; this.proxy = proxy; } public Connection(String hostname, int port, String softwareversion, final HTTPProxyData proxy) { this.hostname = hostname; this.port = port; this.softwareversion = softwareversion; this.proxy = proxy; } /** * After a successful connect, one has to authenticate oneself. This method * is based on DSA (it uses DSA to sign a challenge sent by the server). *

* If the authentication phase is complete, true will be * returned. If the server does not accept the request (or if further * authentication steps are needed), false is returned and * one can retry either by using this or any other authentication method * (use the getRemainingAuthMethods method to get a list of * the remaining possible methods). * * @param user A String holding the username. * @param pem A String containing the DSA private key of the * user in OpenSSH key format (PEM, you can't miss the * "-----BEGIN DSA PRIVATE KEY-----" tag). The string may contain * linefeeds. * @param password If the PEM string is 3DES encrypted ("DES-EDE3-CBC"), then you * must specify the password. Otherwise, this argument will be * ignored and can be set to null. * @return whether the connection is now authenticated. * @throws IOException * @deprecated You should use one of the {@link #authenticateWithPublicKey(String, File, String) authenticateWithPublicKey()} * methods, this method is just a wrapper for it and will * disappear in future builds. */ public synchronized boolean authenticateWithDSA(String user, String pem, String password) throws IOException { if(tm == null) { throw new IllegalStateException("Connection is not established!"); } if(authenticated) { throw new IllegalStateException("Connection is already authenticated!"); } if(am == null) { am = new AuthenticationManager(tm); } if(cm == null) { cm = new ChannelManager(tm); } if(user == null) { throw new IllegalArgumentException("user argument is null"); } if(pem == null) { throw new IllegalArgumentException("pem argument is null"); } authenticated = am.authenticatePublicKey(user, pem.toCharArray(), password, getOrCreateSecureRND()); return authenticated; } /** * A wrapper that calls {@link #authenticateWithKeyboardInteractive(String, String[], InteractiveCallback) * authenticateWithKeyboardInteractivewith} a null submethod list. * * @param user A String holding the username. * @param cb An InteractiveCallback which will be used to * determine the responses to the questions asked by the server. * @return whether the connection is now authenticated. * @throws IOException */ public synchronized boolean authenticateWithKeyboardInteractive(String user, InteractiveCallback cb) throws IOException { return authenticateWithKeyboardInteractive(user, null, cb); } /** * After a successful connect, one has to authenticate oneself. This method * is based on "keyboard-interactive", specified in * draft-ietf-secsh-auth-kbdinteract-XX. Basically, you have to define a * callback object which will be feeded with challenges generated by the * server. Answers are then sent back to the server. It is possible that the * callback will be called several times during the invocation of this * method (e.g., if the server replies to the callback's answer(s) with * another challenge...) *

* If the authentication phase is complete, true will be * returned. If the server does not accept the request (or if further * authentication steps are needed), false is returned and * one can retry either by using this or any other authentication method * (use the getRemainingAuthMethods method to get a list of * the remaining possible methods). *

* Note: some SSH servers advertise "keyboard-interactive", however, any * interactive request will be denied (without having sent any challenge to * the client). * * @param user A String holding the username. * @param submethods An array of submethod names, see * draft-ietf-secsh-auth-kbdinteract-XX. May be null * to indicate an empty list. * @param cb An InteractiveCallback which will be used to * determine the responses to the questions asked by the server. * @return whether the connection is now authenticated. * @throws IOException */ public synchronized boolean authenticateWithKeyboardInteractive(String user, String[] submethods, InteractiveCallback cb) throws IOException { if(cb == null) { throw new IllegalArgumentException("Callback may not ne NULL!"); } if(tm == null) { throw new IllegalStateException("Connection is not established!"); } if(authenticated) { throw new IllegalStateException("Connection is already authenticated!"); } if(am == null) { am = new AuthenticationManager(tm); } if(cm == null) { cm = new ChannelManager(tm); } if(user == null) { throw new IllegalArgumentException("user argument is null"); } authenticated = am.authenticateInteractive(user, submethods, cb); return authenticated; } public synchronized boolean authenticateWithAgent(String user, AgentProxy proxy) throws IOException { if(tm == null) { throw new IllegalStateException("Connection is not established!"); } if(authenticated) { throw new IllegalStateException("Connection is already authenticated!"); } if(am == null) { am = new AuthenticationManager(tm); } if(cm == null) { cm = new ChannelManager(tm); } if(user == null) { throw new IllegalArgumentException("user argument is null"); } authenticated = am.authenticatePublicKey(user, proxy); return authenticated; } /** * After a successful connect, one has to authenticate oneself. This method * sends username and password to the server. *

* If the authentication phase is complete, true will be * returned. If the server does not accept the request (or if further * authentication steps are needed), false is returned and * one can retry either by using this or any other authentication method * (use the getRemainingAuthMethods method to get a list of * the remaining possible methods). *

* Note: if this method fails, then please double-check that it is actually * offered by the server (use {@link #getRemainingAuthMethods(String) getRemainingAuthMethods()}. *

* Often, password authentication is disabled, but users are not aware of it. * Many servers only offer "publickey" and "keyboard-interactive". However, * even though "keyboard-interactive" *feels* like password authentication * (e.g., when using the putty or openssh clients) it is *not* the same mechanism. * * @param user * @param password * @return if the connection is now authenticated. * @throws IOException */ public synchronized boolean authenticateWithPassword(String user, String password) throws IOException { if(tm == null) { throw new IllegalStateException("Connection is not established!"); } if(authenticated) { throw new IllegalStateException("Connection is already authenticated!"); } if(am == null) { am = new AuthenticationManager(tm); } if(cm == null) { cm = new ChannelManager(tm); } if(user == null) { throw new IllegalArgumentException("user argument is null"); } if(password == null) { throw new IllegalArgumentException("password argument is null"); } authenticated = am.authenticatePassword(user, password); return authenticated; } /** * After a successful connect, one has to authenticate oneself. * This method can be used to explicitly use the special "none" * authentication method (where only a username has to be specified). *

* Note 1: The "none" method may always be tried by clients, however as by * the specs, the server will not explicitly announce it. In other words, * the "none" token will never show up in the list returned by * {@link #getRemainingAuthMethods(String)}. *

* Note 2: no matter which one of the authenticateWithXXX() methods * you call, the library will always issue exactly one initial "none" * authentication request to retrieve the initially allowed list of * authentication methods by the server. Please read RFC 4252 for the * details. *

* If the authentication phase is complete, true will be * returned. If further authentication steps are needed, false * is returned and one can retry by any other authentication method * (use the getRemainingAuthMethods method to get a list of * the remaining possible methods). * * @param user * @return if the connection is now authenticated. * @throws IOException */ public synchronized boolean authenticateWithNone(String user) throws IOException { if(tm == null) { throw new IllegalStateException("Connection is not established!"); } if(authenticated) { throw new IllegalStateException("Connection is already authenticated!"); } if(am == null) { am = new AuthenticationManager(tm); } if(cm == null) { cm = new ChannelManager(tm); } if(user == null) { throw new IllegalArgumentException("user argument is null"); } /* Trigger the sending of the PacketUserauthRequestNone packet */ /* (if not already done) */ authenticated = am.authenticateNone(user); return authenticated; } /** * After a successful connect, one has to authenticate oneself. * The authentication method "publickey" works by signing a challenge * sent by the server. The signature is either DSA or RSA based - it * just depends on the type of private key you specify, either a DSA * or RSA private key in PEM format. And yes, this is may seem to be a * little confusing, the method is called "publickey" in the SSH-2 protocol * specification, however since we need to generate a signature, you * actually have to supply a private key =). *

* The private key contained in the PEM file may also be encrypted ("Proc-Type: 4,ENCRYPTED"). * The library supports DES-CBC and DES-EDE3-CBC encryption, as well * as the more exotic PEM encrpytions AES-128-CBC, AES-192-CBC and AES-256-CBC. *

* If the authentication phase is complete, true will be * returned. If the server does not accept the request (or if further * authentication steps are needed), false is returned and * one can retry either by using this or any other authentication method * (use the getRemainingAuthMethods method to get a list of * the remaining possible methods). *

* NOTE PUTTY USERS: Event though your key file may start with "-----BEGIN..." * it is not in the expected format. You have to convert it to the OpenSSH * key format by using the "puttygen" tool (can be downloaded from the Putty * website). Simply load your key and then use the "Conversions/Export OpenSSH key" * functionality to get a proper PEM file. * * @param user A String holding the username. * @param pemPrivateKey A char[] containing a DSA or RSA private key of the * user in OpenSSH key format (PEM, you can't miss the * "-----BEGIN DSA PRIVATE KEY-----" or "-----BEGIN RSA PRIVATE KEY-----" * tag). The char array may contain linebreaks/linefeeds. * @param password If the PEM structure is encrypted ("Proc-Type: 4,ENCRYPTED") then * you must specify a password. Otherwise, this argument will be ignored * and can be set to null. * @return whether the connection is now authenticated. * @throws IOException */ public synchronized boolean authenticateWithPublicKey(String user, char[] pemPrivateKey, String password) throws IOException { if(tm == null) { throw new IllegalStateException("Connection is not established!"); } if(authenticated) { throw new IllegalStateException("Connection is already authenticated!"); } if(am == null) { am = new AuthenticationManager(tm); } if(cm == null) { cm = new ChannelManager(tm); } if(user == null) { throw new IllegalArgumentException("user argument is null"); } if(pemPrivateKey == null) { throw new IllegalArgumentException("pemPrivateKey argument is null"); } authenticated = am.authenticatePublicKey(user, pemPrivateKey, password, getOrCreateSecureRND()); return authenticated; } /** * A convenience wrapper function which reads in a private key (PEM format, either DSA or RSA) * and then calls authenticateWithPublicKey(String, char[], String). *

* NOTE PUTTY USERS: Event though your key file may start with "-----BEGIN..." * it is not in the expected format. You have to convert it to the OpenSSH * key format by using the "puttygen" tool (can be downloaded from the Putty * website). Simply load your key and then use the "Conversions/Export OpenSSH key" * functionality to get a proper PEM file. * * @param user A String holding the username. * @param pemFile A File object pointing to a file containing a DSA or RSA * private key of the user in OpenSSH key format (PEM, you can't miss the * "-----BEGIN DSA PRIVATE KEY-----" or "-----BEGIN RSA PRIVATE KEY-----" * tag). * @param password If the PEM file is encrypted then you must specify the password. * Otherwise, this argument will be ignored and can be set to null. * @return whether the connection is now authenticated. * @throws IOException */ public synchronized boolean authenticateWithPublicKey(String user, File pemFile, String password) throws IOException { if(pemFile == null) { throw new IllegalArgumentException("pemFile argument is null"); } char[] buff = new char[256]; CharArrayWriter cw = new CharArrayWriter(); FileReader fr = new FileReader(pemFile); while(true) { int len = fr.read(buff); if(len < 0) { break; } cw.write(buff, 0, len); } fr.close(); return authenticateWithPublicKey(user, cw.toCharArray(), password); } /** * Add a {@link ConnectionMonitor} to this connection. Can be invoked at any time, * but it is best to add connection monitors before invoking * connect() to avoid glitches (e.g., you add a connection monitor after * a successful connect(), but the connection has died in the mean time. Then, * your connection monitor won't be notified.) *

* You can add as many monitors as you like. If a monitor has already been added, then * this method does nothing. * * @param cmon An object implementing the {@link ConnectionMonitor} interface. * @see ConnectionMonitor */ public synchronized void addConnectionMonitor(ConnectionMonitor cmon) { if(cmon == null) { throw new IllegalArgumentException("cmon argument is null"); } if(!connectionMonitors.contains(cmon)) { connectionMonitors.add(cmon); if(tm != null) { tm.setConnectionMonitors(connectionMonitors); } } } /** * Remove a {@link ConnectionMonitor} from this connection. * * @param cmon * @return whether the monitor could be removed */ public synchronized boolean removeConnectionMonitor(ConnectionMonitor cmon) { if(cmon == null) { throw new IllegalArgumentException("cmon argument is null"); } boolean existed = connectionMonitors.remove(cmon); if(tm != null) { tm.setConnectionMonitors(connectionMonitors); } return existed; } /** * Close the connection to the SSH-2 server. All assigned sessions will be * closed, too. Can be called at any time. Don't forget to call this once * you don't need a connection anymore - otherwise the receiver thread may * run forever. */ public synchronized void close() { Throwable t = new Throwable("Closed due to user request."); close(t, false); } public synchronized void close(Throwable t, boolean hard) { if(cm != null) { cm.closeAllChannels(); } if(tm != null) { tm.close(t, hard == false); tm = null; } am = null; cm = null; authenticated = false; } /** * Same as {@link #connect(ServerHostKeyVerifier, int, int) connect(null, 0, 0)}. * * @return see comments for the {@link #connect(ServerHostKeyVerifier, int, int) connect(ServerHostKeyVerifier, int, int)} method. * @throws IOException */ public synchronized ConnectionInfo connect() throws IOException { return connect(null, 0, 0); } /** * Same as {@link #connect(ServerHostKeyVerifier, int, int) connect(verifier, 0, 0)}. * * @return see comments for the {@link #connect(ServerHostKeyVerifier, int, int) connect(ServerHostKeyVerifier, int, int)} method. * @throws IOException */ public synchronized ConnectionInfo connect(ServerHostKeyVerifier verifier) throws IOException { return connect(verifier, 0, 0); } /** * Connect to the SSH-2 server and, as soon as the server has presented its * host key, use the {@link ServerHostKeyVerifier#verifyServerHostKey(String, * int, String, byte[]) ServerHostKeyVerifier.verifyServerHostKey()} * method of the verifier to ask for permission to proceed. * If verifier is null, then any host key will be * accepted - this is NOT recommended, since it makes man-in-the-middle attackes * VERY easy (somebody could put a proxy SSH server between you and the real server). *

* Note: The verifier will be called before doing any crypto calculations * (i.e., diffie-hellman). Therefore, if you don't like the presented host key then * no CPU cycles are wasted (and the evil server has less information about us). *

* However, it is still possible that the server presented a fake host key: the server * cheated (typically a sign for a man-in-the-middle attack) and is not able to generate * a signature that matches its host key. Don't worry, the library will detect such * a scenario later when checking the signature (the signature cannot be checked before * having completed the diffie-hellman exchange). *

* Note 2: The {@link ServerHostKeyVerifier#verifyServerHostKey(String, * int, String, byte[]) ServerHostKeyVerifier.verifyServerHostKey()} method * will *NOT* be called from the current thread, the call is being made from a * background thread (there is a background dispatcher thread for every * established connection). *

* Note 3: This method will block as long as the key exchange of the underlying connection * has not been completed (and you have not specified any timeouts). *

* Note 4: If you want to re-use a connection object that was successfully connected, * then you must call the {@link #close()} method before invoking connect() again. * * @param verifier An object that implements the * {@link ServerHostKeyVerifier} interface. Pass null * to accept any server host key - NOT recommended. * @param connectTimeout Connect the underlying TCP socket to the server with the given timeout * value (non-negative, in milliseconds). Zero means no timeout. * @param kexTimeout Timeout for complete connection establishment (non-negative, * in milliseconds). Zero means no timeout. The timeout counts from the * moment you invoke the connect() method and is cancelled as soon as the * first key-exchange round has finished. It is possible that * the timeout event will be fired during the invocation of the * verifier callback, but it will only have an effect after * the verifier returns. * @return A {@link ConnectionInfo} object containing the details of * the established connection. * @throws IOException If any problem occurs, e.g., the server's host key is not * accepted by the verifier or there is problem during * the initial crypto setup (e.g., the signature sent by the server is wrong). *

* In case of a timeout (either connectTimeout or kexTimeout) * a SocketTimeoutException is thrown. *

* An exception may also be thrown if the connection was already successfully * connected (no matter if the connection broke in the mean time) and you invoke * connect() again without having called {@link #close()} first. *

* If a HTTP proxy is being used and the proxy refuses the connection, * then a {@link HTTPProxyException} may be thrown, which * contains the details returned by the proxy. If the proxy is buggy and does * not return a proper HTTP response, then a normal IOException is thrown instead. */ public synchronized ConnectionInfo connect(ServerHostKeyVerifier verifier, int connectTimeout, int kexTimeout) throws IOException { final class TimeoutState { boolean isCancelled = false; boolean timeoutSocketClosed = false; } if(tm != null) { throw new IOException("Connection to " + hostname + " is already in connected state!"); } if(connectTimeout < 0) { throw new IllegalArgumentException("connectTimeout must be non-negative!"); } if(kexTimeout < 0) { throw new IllegalArgumentException("kexTimeout must be non-negative!"); } final TimeoutState state = new TimeoutState(); if(null == proxy) { tm = new ClientTransportManager(); } else { tm = new HTTPProxyClientTransportManager(proxy); } tm.setSoTimeout(connectTimeout); tm.setTcpNoDelay(tcpNoDelay); tm.setConnectionMonitors(connectionMonitors); try { TimeoutToken token = null; if(kexTimeout > 0) { final Runnable timeoutHandler = new Runnable() { public void run() { synchronized(state) { if(state.isCancelled) { return; } state.timeoutSocketClosed = true; tm.close(new SocketTimeoutException("The connect timeout expired")); } } }; long timeoutHorizont = System.currentTimeMillis() + kexTimeout; token = TimeoutService.addTimeoutHandler(timeoutHorizont, timeoutHandler); } tm.connect(hostname, port, softwareversion, cryptoWishList, verifier, dhgexpara, connectTimeout, getOrCreateSecureRND()); /* Wait until first KEX has finished */ ConnectionInfo ci = tm.getConnectionInfo(1); /* Now try to cancel the timeout, if needed */ if(token != null) { TimeoutService.cancelTimeoutHandler(token); /* Were we too late? */ synchronized(state) { if(state.timeoutSocketClosed) { throw new IOException("This exception will be replaced by the one below =)"); } /* Just in case the "cancelTimeoutHandler" invocation came just a little bit * too late but the handler did not enter the semaphore yet - we can * still stop it. */ state.isCancelled = true; } } return ci; } catch(SocketTimeoutException e) { throw e; } catch(HTTPProxyException e) { throw e; } catch(IOException e) { /* This will also invoke any registered connection monitors */ close(e, false); synchronized(state) { /* Show a clean exception, not something like "the socket is closed!?!" */ if(state.timeoutSocketClosed) { throw new SocketTimeoutException(String.format("The kexTimeout (%d ms) expired.", kexTimeout)); } } throw e; } } /** * Creates a new {@link LocalPortForwarder}. * A LocalPortForwarder forwards TCP/IP connections that arrive at a local * port via the secure tunnel to another host (which may or may not be * identical to the remote SSH-2 server). *

* This method must only be called after one has passed successfully the authentication step. * There is no limit on the number of concurrent forwardings. * * @param local_port the local port the LocalPortForwarder shall bind to. * @param host_to_connect target address (IP or hostname) * @param port_to_connect target port * @return A {@link LocalPortForwarder} object. * @throws IOException */ public synchronized LocalPortForwarder createLocalPortForwarder(int local_port, String host_to_connect, int port_to_connect) throws IOException { this.checkConnection(); return new LocalPortForwarder(cm, local_port, host_to_connect, port_to_connect); } /** * Creates a new {@link LocalPortForwarder}. * A LocalPortForwarder forwards TCP/IP connections that arrive at a local * port via the secure tunnel to another host (which may or may not be * identical to the remote SSH-2 server). *

* This method must only be called after one has passed successfully the authentication step. * There is no limit on the number of concurrent forwardings. * * @param addr specifies the InetSocketAddress where the local socket shall be bound to. * @param host_to_connect target address (IP or hostname) * @param port_to_connect target port * @return A {@link LocalPortForwarder} object. * @throws IOException */ public synchronized LocalPortForwarder createLocalPortForwarder(InetSocketAddress addr, String host_to_connect, int port_to_connect) throws IOException { this.checkConnection(); return new LocalPortForwarder(cm, addr, host_to_connect, port_to_connect); } /** * Creates a new {@link LocalStreamForwarder}. * A LocalStreamForwarder manages an Input/Outputstream pair * that is being forwarded via the secure tunnel into a TCP/IP connection to another host * (which may or may not be identical to the remote SSH-2 server). * * @param host_to_connect * @param port_to_connect * @return A {@link LocalStreamForwarder} object. * @throws IOException */ public synchronized LocalStreamForwarder createLocalStreamForwarder(String host_to_connect, int port_to_connect) throws IOException { this.checkConnection(); return new LocalStreamForwarder(cm, host_to_connect, port_to_connect); } /** * Create a very basic {@link SCPClient} that can be used to copy * files from/to the SSH-2 server. *

* Works only after one has passed successfully the authentication step. * There is no limit on the number of concurrent SCP clients. *

* Note: This factory method will probably disappear in the future. * * @return A {@link SCPClient} object. * @throws IOException */ public synchronized SCPClient createSCPClient() throws IOException { this.checkConnection(); return new SCPClient(this); } /** * Force an asynchronous key re-exchange (the call does not block). The * latest values set for MAC, Cipher and DH group exchange parameters will * be used. If a key exchange is currently in progress, then this method has * the only effect that the so far specified parameters will be used for the * next (server driven) key exchange. *

* Note: This implementation will never start a key exchange (other than the initial one) * unless you or the SSH-2 server ask for it. * * @throws IOException In case of any failure behind the scenes. */ public synchronized void forceKeyExchange() throws IOException { this.checkConnection(); tm.forceKeyExchange(cryptoWishList, dhgexpara, null, null); } /** * Returns the hostname that was passed to the constructor. * * @return the hostname */ public synchronized String getHostname() { return hostname; } /** * Returns the port that was passed to the constructor. * * @return the TCP port */ public synchronized int getPort() { return port; } /** * Returns a {@link ConnectionInfo} object containing the details of * the connection. Can be called as soon as the connection has been * established (successfully connected). * * @return A {@link ConnectionInfo} object. * @throws IOException In case of any failure behind the scenes. */ public synchronized ConnectionInfo getConnectionInfo() throws IOException { this.checkConnection(); return tm.getConnectionInfo(1); } /** * After a successful connect, one has to authenticate oneself. This method * can be used to tell which authentication methods are supported by the * server at a certain stage of the authentication process (for the given * username). *

* Note 1: the username will only be used if no authentication step was done * so far (it will be used to ask the server for a list of possible * authentication methods by sending the initial "none" request). Otherwise, * this method ignores the user name and returns a cached method list * (which is based on the information contained in the last negative server response). *

* Note 2: the server may return method names that are not supported by this * implementation. *

* After a successful authentication, this method must not be called * anymore. * * @param user A String holding the username. * @return a (possibly emtpy) array holding authentication method names. * @throws IOException */ public synchronized String[] getRemainingAuthMethods(String user) throws IOException { if(user == null) { throw new IllegalArgumentException("user argument may not be NULL!"); } if(tm == null) { throw new IllegalStateException("Connection is not established!"); } if(authenticated) { throw new IllegalStateException("Connection is already authenticated!"); } if(am == null) { am = new AuthenticationManager(tm); } if(cm == null) { cm = new ChannelManager(tm); } return am.getRemainingMethods(user); } /** * Determines if the authentication phase is complete. Can be called at any * time. * * @return true if no further authentication steps are * needed. */ public synchronized boolean isAuthenticationComplete() { return authenticated; } /** * Returns true if there was at least one failed authentication request and * the last failed authentication request was marked with "partial success" * by the server. This is only needed in the rare case of SSH-2 server setups * that cannot be satisfied with a single successful authentication request * (i.e., multiple authentication steps are needed.) *

* If you are interested in the details, then have a look at RFC4252. * * @return if the there was a failed authentication step and the last one * was marked as a "partial success". */ public synchronized boolean isAuthenticationPartialSuccess() { if(am == null) { return false; } return am.getPartialSuccess(); } /** * Checks if a specified authentication method is available. This method is * actually just a wrapper for {@link #getRemainingAuthMethods(String) * getRemainingAuthMethods()}. * * @param user A String holding the username. * @param method An authentication method name (e.g., "publickey", "password", * "keyboard-interactive") as specified by the SSH-2 standard. * @return if the specified authentication method is currently available. * @throws IOException */ public synchronized boolean isAuthMethodAvailable(String user, String method) throws IOException { String methods[] = getRemainingAuthMethods(user); for(final String m : methods) { if(m.compareTo(method) == 0) { return true; } } return false; } private SecureRandom getOrCreateSecureRND() { if(generator == null) { generator = new SecureRandom(); } return generator; } /** * Open a new {@link Session} on this connection. Works only after one has passed * successfully the authentication step. There is no limit on the number of * concurrent sessions. * * @return A {@link Session} object. * @throws IOException */ public synchronized Session openSession() throws IOException { this.checkConnection(); return new Session(cm, getOrCreateSecureRND()); } /** * Send an SSH_MSG_IGNORE packet. This method will generate a random data attribute * (length between 0 (invlusive) and 16 (exclusive) bytes, contents are random bytes). *

* This method must only be called once the connection is established. * * @throws IOException */ public synchronized void sendIgnorePacket() throws IOException { SecureRandom rnd = getOrCreateSecureRND(); byte[] data = new byte[rnd.nextInt(16)]; rnd.nextBytes(data); sendIgnorePacket(data); } /** * Send an SSH_MSG_IGNORE packet with the given data attribute. *

* This method must only be called once the connection is established. * * @throws IOException */ public synchronized void sendIgnorePacket(byte[] data) throws IOException { this.checkConnection(); PacketIgnore pi = new PacketIgnore(); pi.setData(data); tm.sendMessage(pi.getPayload()); } /** * Removes duplicates from a String array, keeps only first occurence * of each element. Does not destroy order of elements; can handle nulls. * Uses a very efficient O(N^2) algorithm =) * * @param list a String array. * @return a cleaned String array. */ private String[] removeDuplicates(String[] list) { if((list == null) || (list.length < 2)) { return list; } String[] list2 = new String[list.length]; int count = 0; for(final String element : list) { boolean duplicate = false; for(int j = 0; j < count; j++) { if(((element == null) && (list2[j] == null)) || ((element != null) && (element.equals(list2[j])))) { duplicate = true; break; } } if(duplicate) { continue; } list2[count++] = element; } if(count == list2.length) { return list2; } String[] tmp = new String[count]; System.arraycopy(list2, 0, tmp, 0, count); return tmp; } /** * Unless you know what you are doing, you will never need this. * * @param ciphers */ public synchronized void setClient2ServerCiphers(String[] ciphers) { if((ciphers == null) || (ciphers.length == 0)) { throw new IllegalArgumentException(); } ciphers = removeDuplicates(ciphers); BlockCipherFactory.checkCipherList(ciphers); cryptoWishList.c2s_enc_algos = ciphers; } /** * Unless you know what you are doing, you will never need this. * * @param macs */ public synchronized void setClient2ServerMACs(String[] macs) { if((macs == null) || (macs.length == 0)) { throw new IllegalArgumentException(); } macs = removeDuplicates(macs); MAC.checkMacList(macs); cryptoWishList.c2s_mac_algos = macs; } /** * Sets the parameters for the diffie-hellman group exchange. Unless you * know what you are doing, you will never need this. Default values are * defined in the {@link DHGexParameters} class. * * @param dgp {@link DHGexParameters}, non null. */ public synchronized void setDHGexParameters(DHGexParameters dgp) { if(dgp == null) { throw new IllegalArgumentException(); } dhgexpara = dgp; } /** * Unless you know what you are doing, you will never need this. * * @param ciphers */ public synchronized void setServer2ClientCiphers(String[] ciphers) { if((ciphers == null) || (ciphers.length == 0)) { throw new IllegalArgumentException(); } ciphers = removeDuplicates(ciphers); BlockCipherFactory.checkCipherList(ciphers); cryptoWishList.s2c_enc_algos = ciphers; } /** * Unless you know what you are doing, you will never need this. * * @param macs */ public synchronized void setServer2ClientMACs(String[] macs) { if((macs == null) || (macs.length == 0)) { throw new IllegalArgumentException(); } macs = removeDuplicates(macs); MAC.checkMacList(macs); cryptoWishList.s2c_mac_algos = macs; } /** * Define the set of allowed server host key algorithms to be used for * the following key exchange operations. *

* Unless you know what you are doing, you will never need this. * * @param algos An array of allowed server host key algorithms. * SSH-2 defines ssh-dss and ssh-rsa. * The entries of the array must be ordered after preference, i.e., * the entry at index 0 is the most preferred one. You must specify * at least one entry. */ public synchronized void setServerHostKeyAlgorithms(String[] algos) { if((algos == null) || (algos.length == 0)) { throw new IllegalArgumentException(); } algos = removeDuplicates(algos); KexManager.checkServerHostkeyAlgorithmsList(algos); cryptoWishList.serverHostKeyAlgorithms = algos; } /** * Define the set of allowed key exchange methods. * * @param algos An array of allowed key exchange methods. The following are supported: * diffie-hellman-group14-sha256, * diffie-hellman-group16-sha512, * diffie-hellman-group18-sha512, * diffie-hellman-group14-sha1, * diffie-hellman-group1-sha1, * diffie-hellman-group-exchange-sha1 */ public synchronized void setClientKexAlgorithms(String[] algos) { if ((algos == null) || (algos.length == 0)) { throw new IllegalArgumentException(); } algos = removeDuplicates(algos); KexManager.checkClientKexAlgorithmList(algos); cryptoWishList.kexAlgorithms = algos; } /** * Enable/disable TCP_NODELAY (disable/enable Nagle's algorithm) on the underlying socket. *

* Can be called at any time. If the connection has not yet been established * then the passed value will be stored and set after the socket has been set up. * The default value that will be used is false. * * @param enable the argument passed to the Socket.setTCPNoDelay() method. * @throws IOException */ public synchronized void setTCPNoDelay(boolean enable) throws IOException { tcpNoDelay = enable; if(tm != null) { tm.setTcpNoDelay(enable); } } /** * Request a remote port forwarding. * If successful, then forwarded connections will be redirected to the given target address. * You can cancle a requested remote port forwarding by calling * {@link #cancelRemotePortForwarding(int) cancelRemotePortForwarding()}. *

* A call of this method will block until the peer either agreed or disagreed to your request- *

* Note 1: this method typically fails if you *

*

* Note 2: (from the openssh man page): By default, the listening socket on the server will be * bound to the loopback interface only. This may be overriden by specifying a bind address. * Specifying a remote bind address will only succeed if the server's GatewayPorts option * is enabled (see sshd_config(5)). * * @param bindAddress address to bind to on the server: *

* @param bindPort port number to bind on the server (must be > 0) * @param targetAddress the target address (IP or hostname) * @param targetPort the target port * @throws IOException */ public synchronized void requestRemotePortForwarding(String bindAddress, int bindPort, String targetAddress, int targetPort) throws IOException { this.checkConnection(); if((bindAddress == null) || (targetAddress == null) || (bindPort <= 0) || (targetPort <= 0)) { throw new IllegalArgumentException(); } cm.requestGlobalForward(bindAddress, bindPort, targetAddress, targetPort); } /** * Cancel an earlier requested remote port forwarding. * Currently active forwardings will not be affected (e.g., disrupted). * Note that further connection forwarding requests may be received until * this method has returned. * * @param bindPort the allocated port number on the server * @throws IOException if the remote side refuses the cancel request or another low * level error occurs (e.g., the underlying connection is closed) */ public synchronized void cancelRemotePortForwarding(int bindPort) throws IOException { this.checkConnection(); cm.requestCancelGlobalForward(bindPort); } /** * Provide your own instance of SecureRandom. Can be used, e.g., if you * want to seed the used SecureRandom generator manually. *

* The SecureRandom instance is used during key exchanges, public key authentication, * x11 cookie generation and the like. * * @param rnd a SecureRandom instance */ public synchronized void setSecureRandom(SecureRandom rnd) { if(rnd == null) { throw new IllegalArgumentException(); } this.generator = rnd; } private void checkConnection() throws IllegalStateException { if(tm == null) { throw new IllegalStateException("You need to establish a connection first."); } if(!authenticated) { throw new IllegalStateException("The connection is not authenticated."); } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/ConnectionInfo.java000066400000000000000000000025461370551253600273250ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; /** * In most cases you probably do not need the information contained in here. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class ConnectionInfo { /** * The used key exchange (KEX) algorithm in the latest key exchange. */ public String keyExchangeAlgorithm; /** * The currently used crypto algorithm for packets from to the client to the * server. */ public String clientToServerCryptoAlgorithm; /** * The currently used crypto algorithm for packets from to the server to the * client. */ public String serverToClientCryptoAlgorithm; /** * The currently used MAC algorithm for packets from to the client to the * server. */ public String clientToServerMACAlgorithm; /** * The currently used MAC algorithm for packets from to the server to the * client. */ public String serverToClientMACAlgorithm; /** * The type of the server host key (currently either "ssh-dss" or * "ssh-rsa"). */ public String serverHostKeyAlgorithm; /** * The server host key that was sent during the latest key exchange. */ public byte[] serverHostKey; /** * Number of kex exchanges performed on this connection so far. */ public int keyExchangeCounter = 0; } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/ConnectionMonitor.java000066400000000000000000000023441370551253600300550ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; /** * A ConnectionMonitor is used to get notified when the * underlying socket of a connection is closed. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public interface ConnectionMonitor { /** * This method is called after the connection's underlying * socket has been closed. E.g., due to the {@link Connection#close()} request of the * user, if the peer closed the connection, due to a fatal error during connect() * (also if the socket cannot be established) or if a fatal error occured on * an established connection. *

* This is an experimental feature. *

* You MUST NOT make any assumption about the thread that invokes this method. *

* Please note: if the connection is not connected (e.g., there was no successful * connect() call), then the invocation of {@link Connection#close()} will NOT trigger * this method. * * @see Connection#addConnectionMonitor(ConnectionMonitor) * * @param reason Includes an indication why the socket was closed. */ public void connectionLost(Throwable reason); }SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/DHGexParameters.java000066400000000000000000000070711370551253600273730ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; /** * A DHGexParameters object can be used to specify parameters for * the diffie-hellman group exchange. *

* Depending on which constructor is used, either the use of a * SSH_MSG_KEX_DH_GEX_REQUEST or SSH_MSG_KEX_DH_GEX_REQUEST_OLD * can be forced. * * @see Connection#setDHGexParameters(DHGexParameters) * @author Christian Plattner * @version 2.50, 03/15/10 */ public class DHGexParameters { private final int min_group_len; private final int pref_group_len; private final int max_group_len; private static final int MIN_ALLOWED = 1024; private static final int MAX_ALLOWED = 8192; /** * Same as calling {@link #DHGexParameters(int, int, int) DHGexParameters(1024, 1024, 4096)}. * This is also the default used by the Connection class. * */ public DHGexParameters() { this(1024, 1024, 4096); } /** * This constructor can be used to force the sending of a * SSH_MSG_KEX_DH_GEX_REQUEST_OLD request. * Internally, the minimum and maximum group lengths will * be set to zero. * * @param pref_group_len has to be >= 1024 and <= 8192 */ public DHGexParameters(int pref_group_len) { if ((pref_group_len < MIN_ALLOWED) || (pref_group_len > MAX_ALLOWED)) throw new IllegalArgumentException("pref_group_len out of range!"); this.pref_group_len = pref_group_len; this.min_group_len = 0; this.max_group_len = 0; } /** * This constructor can be used to force the sending of a * SSH_MSG_KEX_DH_GEX_REQUEST request. *

* Note: older OpenSSH servers don't understand this request, in which * case you should use the {@link #DHGexParameters(int)} constructor. *

* All values have to be >= 1024 and <= 8192. Furthermore, * min_group_len <= pref_group_len <= max_group_len. * * @param min_group_len * @param pref_group_len * @param max_group_len */ public DHGexParameters(int min_group_len, int pref_group_len, int max_group_len) { if ((min_group_len < MIN_ALLOWED) || (min_group_len > MAX_ALLOWED)) throw new IllegalArgumentException("min_group_len out of range!"); if ((pref_group_len < MIN_ALLOWED) || (pref_group_len > MAX_ALLOWED)) throw new IllegalArgumentException("pref_group_len out of range!"); if ((max_group_len < MIN_ALLOWED) || (max_group_len > MAX_ALLOWED)) throw new IllegalArgumentException("max_group_len out of range!"); if ((pref_group_len < min_group_len) || (pref_group_len > max_group_len)) throw new IllegalArgumentException("pref_group_len is incompatible with min and max!"); if (max_group_len < min_group_len) throw new IllegalArgumentException("max_group_len must not be smaller than min_group_len!"); this.min_group_len = min_group_len; this.pref_group_len = pref_group_len; this.max_group_len = max_group_len; } /** * Get the maximum group length. * * @return the maximum group length, may be zero if * SSH_MSG_KEX_DH_GEX_REQUEST_OLD should be requested */ public int getMax_group_len() { return max_group_len; } /** * Get the minimum group length. * * @return minimum group length, may be zero if * SSH_MSG_KEX_DH_GEX_REQUEST_OLD should be requested */ public int getMin_group_len() { return min_group_len; } /** * Get the preferred group length. * * @return the preferred group length */ public int getPref_group_len() { return pref_group_len; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/HTTPProxyData.java000066400000000000000000000061321370551253600270200ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; /** * A HTTPProxyData object is used to specify the needed connection data * to connect through a HTTP proxy. * * @see Connection#setProxyData(ProxyData) * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class HTTPProxyData implements ProxyData { public final String proxyHost; public final int proxyPort; public final String proxyUser; public final String proxyPass; public final String[] requestHeaderLines; /** * Same as calling {@link #HTTPProxyData(String, int, String, String) HTTPProxyData(proxyHost, proxyPort, null, null)} * * @param proxyHost Proxy hostname. * @param proxyPort Proxy port. */ public HTTPProxyData(String proxyHost, int proxyPort) { this(proxyHost, proxyPort, null, null); } /** * Same as calling {@link #HTTPProxyData(String, int, String, String, String[]) HTTPProxyData(proxyHost, proxyPort, null, null, null)} * * @param proxyHost Proxy hostname. * @param proxyPort Proxy port. * @param proxyUser Username for basic authentication (null if no authentication is needed). * @param proxyPass Password for basic authentication (null if no authentication is needed). */ public HTTPProxyData(String proxyHost, int proxyPort, String proxyUser, String proxyPass) { this(proxyHost, proxyPort, proxyUser, proxyPass, null); } /** * Connection data for a HTTP proxy. It is possible to specify a username and password * if the proxy requires basic authentication. Also, additional request header lines can * be specified (e.g., "User-Agent: CERN-LineMode/2.15 libwww/2.17b3"). *

* Please note: if you want to use basic authentication, then both proxyUser * and proxyPass must be non-null. *

* Here is an example: *

* * new HTTPProxyData("192.168.1.1", "3128", "proxyuser", "secret", new String[] {"User-Agent: GanymedBasedClient/1.0", "X-My-Proxy-Option: something"}); * * * @param proxyHost Proxy hostname. * @param proxyPort Proxy port. * @param proxyUser Username for basic authentication (null if no authentication is needed). * @param proxyPass Password for basic authentication (null if no authentication is needed). * @param requestHeaderLines An array with additional request header lines (without end-of-line markers) * that have to be sent to the server. May be null. */ public HTTPProxyData(String proxyHost, int proxyPort, String proxyUser, String proxyPass, String[] requestHeaderLines) { if (proxyHost == null) throw new IllegalArgumentException("proxyHost must be non-null"); if (proxyPort < 0) throw new IllegalArgumentException("proxyPort must be non-negative"); this.proxyHost = proxyHost; this.proxyPort = proxyPort; this.proxyUser = proxyUser; this.proxyPass = proxyPass; this.requestHeaderLines = requestHeaderLines; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/HTTPProxyException.java000066400000000000000000000014511370551253600301040ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; import java.io.IOException; /** * May be thrown upon connect() if a HTTP proxy is being used. * * @see Connection#connect() * @see Connection#setProxyData(ProxyData) * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class HTTPProxyException extends IOException { private static final long serialVersionUID = 2241537397104426186L; public final String httpResponse; public final int httpErrorCode; public HTTPProxyException(String httpResponse, int httpErrorCode) { super("HTTP Proxy Error (" + httpErrorCode + " " + httpResponse + ")"); this.httpResponse = httpResponse; this.httpErrorCode = httpErrorCode; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/InteractiveCallback.java000066400000000000000000000046271370551253600303060ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; /** * An InteractiveCallback is used to respond to challenges sent * by the server if authentication mode "keyboard-interactive" is selected. * * @see Connection#authenticateWithKeyboardInteractive(String, * String[], InteractiveCallback) * * @author Christian Plattner * @version 2.50, 03/15/10 */ public interface InteractiveCallback { /** * This callback interface is used during a "keyboard-interactive" * authentication. Every time the server sends a set of challenges (however, * most often just one challenge at a time), this callback function will be * called to give your application a chance to talk to the user and to * determine the response(s). *

* Some copy-paste information from the standard: a command line interface * (CLI) client SHOULD print the name and instruction (if non-empty), adding * newlines. Then for each prompt in turn, the client SHOULD display the * prompt and read the user input. The name and instruction fields MAY be * empty strings, the client MUST be prepared to handle this correctly. The * prompt field(s) MUST NOT be empty strings. *

* Please refer to draft-ietf-secsh-auth-kbdinteract-XX.txt for the details. *

* Note: clients SHOULD use control character filtering as discussed in * RFC4251 to avoid attacks by including * terminal control characters in the fields to be displayed. * * @param name * the name String sent by the server. * @param instruction * the instruction String sent by the server. * @param numPrompts * number of prompts - may be zero (in this case, you should just * return a String array of length zero). * @param prompt * an array (length numPrompts) of Strings * @param echo * an array (length numPrompts) of booleans. For * each prompt, the corresponding echo field indicates whether or * not the user input should be echoed as characters are typed. * @return an array of reponses - the array size must match the parameter * numPrompts. */ public String[] replyToChallenge(String name, String instruction, int numPrompts, String[] prompt, boolean[] echo) throws Exception; } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/KnownHosts.java000066400000000000000000000526121370551253600265260ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; import java.io.BufferedReader; import java.io.CharArrayReader; import java.io.CharArrayWriter; import java.io.File; import java.io.FileReader; import java.io.IOException; import java.io.RandomAccessFile; import java.net.InetAddress; import java.net.UnknownHostException; import java.security.SecureRandom; import java.util.ArrayList; import java.util.LinkedList; import java.util.List; import java.util.Vector; import ch.ethz.ssh2.crypto.Base64; import ch.ethz.ssh2.crypto.digest.Digest; import ch.ethz.ssh2.crypto.digest.HMAC; import ch.ethz.ssh2.crypto.digest.MD5; import ch.ethz.ssh2.crypto.digest.SHA1; import ch.ethz.ssh2.signature.DSAPublicKey; import ch.ethz.ssh2.signature.DSASHA1Verify; import ch.ethz.ssh2.signature.RSAPublicKey; import ch.ethz.ssh2.signature.RSASHA1Verify; import ch.ethz.ssh2.util.StringEncoder; /** * The KnownHosts class is a handy tool to verify received server hostkeys * based on the information in known_hosts files (the ones used by OpenSSH). *

* It offers basically an in-memory database for known_hosts entries, as well as some * helper functions. Entries from a known_hosts file can be loaded at construction time. * It is also possible to add more keys later (e.g., one can parse different * known_hosts files). *

* It is a thread safe implementation, therefore, you need only to instantiate one * KnownHosts for your whole application. * * @author Christian Plattner * @version $Id$ */ public class KnownHosts { public static final int HOSTKEY_IS_OK = 0; public static final int HOSTKEY_IS_NEW = 1; public static final int HOSTKEY_HAS_CHANGED = 2; private class KnownHostsEntry { String[] patterns; Object key; KnownHostsEntry(String[] patterns, Object key) { this.patterns = patterns; this.key = key; } } private final LinkedList publicKeys = new LinkedList(); public KnownHosts() { } public KnownHosts(char[] knownHostsData) throws IOException { initialize(knownHostsData); } public KnownHosts(String knownHosts) throws IOException { initialize(new File(knownHosts)); } public KnownHosts(File knownHosts) throws IOException { initialize(knownHosts); } /** * Adds a single public key entry to the database. Note: this will NOT add the public key * to any physical file (e.g., "~/.ssh/known_hosts") - use addHostkeyToFile() for that purpose. * This method is designed to be used in a {@link ServerHostKeyVerifier}. * * @param hostnames a list of hostname patterns - at least one most be specified. Check out the * OpenSSH sshd man page for a description of the pattern matching algorithm. * @param serverHostKeyAlgorithm as passed to the {@link ServerHostKeyVerifier}. * @param serverHostKey as passed to the {@link ServerHostKeyVerifier}. * @throws IOException */ public void addHostkey(String hostnames[], String serverHostKeyAlgorithm, byte[] serverHostKey) throws IOException { if (hostnames == null) { throw new IllegalArgumentException("hostnames may not be null"); } if ("ssh-rsa".equals(serverHostKeyAlgorithm)) { RSAPublicKey rpk = RSASHA1Verify.decodeSSHRSAPublicKey(serverHostKey); synchronized (publicKeys) { publicKeys.add(new KnownHostsEntry(hostnames, rpk)); } } else if ("ssh-dss".equals(serverHostKeyAlgorithm)) { DSAPublicKey dpk = DSASHA1Verify.decodeSSHDSAPublicKey(serverHostKey); synchronized (publicKeys) { publicKeys.add(new KnownHostsEntry(hostnames, dpk)); } } else { throw new IOException("Unknwon host key type (" + serverHostKeyAlgorithm + ")"); } } /** * Parses the given known_hosts data and adds entries to the database. * * @param knownHostsData * @throws IOException */ public void addHostkeys(char[] knownHostsData) throws IOException { initialize(knownHostsData); } /** * Parses the given known_hosts file and adds entries to the database. * * @param knownHosts * @throws IOException */ public void addHostkeys(File knownHosts) throws IOException { initialize(knownHosts); } /** * Generate the hashed representation of the given hostname. Useful for adding entries * with hashed hostnames to a known_hosts file. (see -H option of OpenSSH key-gen). * * @param hostname * @return the hashed representation, e.g., "|1|cDhrv7zwEUV3k71CEPHnhHZezhA=|Xo+2y6rUXo2OIWRAYhBOIijbJMA=" */ public static String createHashedHostname(String hostname) { SHA1 sha1 = new SHA1(); byte[] salt = new byte[sha1.getDigestLength()]; new SecureRandom().nextBytes(salt); byte[] hash = hmacSha1Hash(salt, hostname); String base64_salt = new String(Base64.encode(salt)); String base64_hash = new String(Base64.encode(hash)); return new String("|1|" + base64_salt + "|" + base64_hash); } private static byte[] hmacSha1Hash(byte[] salt, String hostname) { SHA1 sha1 = new SHA1(); if (salt.length != sha1.getDigestLength()) { throw new IllegalArgumentException("Salt has wrong length (" + salt.length + ")"); } HMAC hmac = new HMAC(sha1, salt, salt.length); hmac.update(StringEncoder.GetBytes(hostname)); byte[] dig = new byte[hmac.getDigestLength()]; hmac.digest(dig); return dig; } private boolean checkHashed(String entry, String hostname) { if (entry.startsWith("|1|") == false) { return false; } int delim_idx = entry.indexOf('|', 3); if (delim_idx == -1) { return false; } String salt_base64 = entry.substring(3, delim_idx); String hash_base64 = entry.substring(delim_idx + 1); byte[] salt = null; byte[] hash = null; try { salt = Base64.decode(salt_base64.toCharArray()); hash = Base64.decode(hash_base64.toCharArray()); } catch (IOException e) { return false; } SHA1 sha1 = new SHA1(); if (salt.length != sha1.getDigestLength()) { return false; } byte[] dig = hmacSha1Hash(salt, hostname); for (int i = 0; i < dig.length; i++) { if (dig[i] != hash[i]) { return false; } } return true; } private int checkKey(String remoteHostname, Object remoteKey) { int result = HOSTKEY_IS_NEW; synchronized (publicKeys) { for (KnownHostsEntry ke : publicKeys) { if (hostnameMatches(ke.patterns, remoteHostname) == false) { continue; } boolean res = matchKeys(ke.key, remoteKey); if (res == true) { return HOSTKEY_IS_OK; } result = HOSTKEY_HAS_CHANGED; } } return result; } private List getAllKeys(String hostname) { List keys = new ArrayList(); synchronized (publicKeys) { for (KnownHostsEntry ke : publicKeys) { if (hostnameMatches(ke.patterns, hostname) == false) { continue; } keys.add(ke.key); } } return keys; } /** * Try to find the preferred order of hostkey algorithms for the given hostname. * Based on the type of hostkey that is present in the internal database * (i.e., either ssh-rsa or ssh-dss) * an ordered list of hostkey algorithms is returned which can be passed * to Connection.setServerHostKeyAlgorithms. * * @param hostname * @return null if no key for the given hostname is present or * there are keys of multiple types present for the given hostname. Otherwise, * an array with hostkey algorithms is returned (i.e., an array of length 2). */ public String[] getPreferredServerHostkeyAlgorithmOrder(String hostname) { String[] algos = recommendHostkeyAlgorithms(hostname); if (algos != null) { return algos; } InetAddress[] ipAdresses = null; try { ipAdresses = InetAddress.getAllByName(hostname); } catch (UnknownHostException e) { return null; } for (int i = 0; i < ipAdresses.length; i++) { algos = recommendHostkeyAlgorithms(ipAdresses[i].getHostAddress()); if (algos != null) { return algos; } } return null; } private boolean hostnameMatches(String[] hostpatterns, String hostname) { boolean isMatch = false; boolean negate = false; hostname = hostname.toLowerCase(); for (int k = 0; k < hostpatterns.length; k++) { if (hostpatterns[k] == null) { continue; } String pattern = null; /* In contrast to OpenSSH we also allow negated hash entries (as well as hashed * entries in lines with multiple entries). */ if ((hostpatterns[k].length() > 0) && (hostpatterns[k].charAt(0) == '!')) { pattern = hostpatterns[k].substring(1); negate = true; } else { pattern = hostpatterns[k]; negate = false; } /* Optimize, no need to check this entry */ if ((isMatch) && (negate == false)) { continue; } /* Now compare */ if (pattern.charAt(0) == '|') { if (checkHashed(pattern, hostname)) { if (negate) { return false; } isMatch = true; } } else { pattern = pattern.toLowerCase(); if ((pattern.indexOf('?') != -1) || (pattern.indexOf('*') != -1)) { if (pseudoRegex(pattern.toCharArray(), 0, hostname.toCharArray(), 0)) { if (negate) { return false; } isMatch = true; } } else if (pattern.compareTo(hostname) == 0) { if (negate) { return false; } isMatch = true; } } } return isMatch; } private void initialize(char[] knownHostsData) throws IOException { BufferedReader br = new BufferedReader(new CharArrayReader(knownHostsData)); while (true) { String line = br.readLine(); if (line == null) { break; } line = line.trim(); if (line.startsWith("#")) { continue; } String[] arr = line.split(" "); if (arr.length >= 3) { if ((arr[1].compareTo("ssh-rsa") == 0) || (arr[1].compareTo("ssh-dss") == 0)) { String[] hostnames = arr[0].split(","); byte[] msg = Base64.decode(arr[2].toCharArray()); try { addHostkey(hostnames, arr[1], msg); } catch (IOException e) { continue; } } } } } private void initialize(File knownHosts) throws IOException { char[] buff = new char[512]; CharArrayWriter cw = new CharArrayWriter(); knownHosts.createNewFile(); FileReader fr = new FileReader(knownHosts); while (true) { int len = fr.read(buff); if (len < 0) { break; } cw.write(buff, 0, len); } fr.close(); initialize(cw.toCharArray()); } private boolean matchKeys(Object key1, Object key2) { if ((key1 instanceof RSAPublicKey) && (key2 instanceof RSAPublicKey)) { RSAPublicKey savedRSAKey = (RSAPublicKey) key1; RSAPublicKey remoteRSAKey = (RSAPublicKey) key2; if (savedRSAKey.getE().equals(remoteRSAKey.getE()) == false) { return false; } if (savedRSAKey.getN().equals(remoteRSAKey.getN()) == false) { return false; } return true; } if ((key1 instanceof DSAPublicKey) && (key2 instanceof DSAPublicKey)) { DSAPublicKey savedDSAKey = (DSAPublicKey) key1; DSAPublicKey remoteDSAKey = (DSAPublicKey) key2; if (savedDSAKey.getG().equals(remoteDSAKey.getG()) == false) { return false; } if (savedDSAKey.getP().equals(remoteDSAKey.getP()) == false) { return false; } if (savedDSAKey.getQ().equals(remoteDSAKey.getQ()) == false) { return false; } if (savedDSAKey.getY().equals(remoteDSAKey.getY()) == false) { return false; } return true; } return false; } private boolean pseudoRegex(char[] pattern, int i, char[] match, int j) { /* This matching logic is equivalent to the one present in OpenSSH 4.1 */ while (true) { /* Are we at the end of the pattern? */ if (pattern.length == i) { return (match.length == j); } if (pattern[i] == '*') { i++; if (pattern.length == i) { return true; } if ((pattern[i] != '*') && (pattern[i] != '?')) { while (true) { if ((pattern[i] == match[j]) && pseudoRegex(pattern, i + 1, match, j + 1)) { return true; } j++; if (match.length == j) { return false; } } } while (true) { if (pseudoRegex(pattern, i, match, j)) { return true; } j++; if (match.length == j) { return false; } } } if (match.length == j) { return false; } if ((pattern[i] != '?') && (pattern[i] != match[j])) { return false; } i++; j++; } } private String[] recommendHostkeyAlgorithms(String hostname) { String preferredAlgo = null; List keys = getAllKeys(hostname); for (Object key : keys) { String thisAlgo = null; if (key instanceof RSAPublicKey) { thisAlgo = "ssh-rsa"; } else if (key instanceof DSAPublicKey) { thisAlgo = "ssh-dss"; } else { continue; } if (preferredAlgo != null) { /* If we find different key types, then return null */ if (preferredAlgo.compareTo(thisAlgo) != 0) { return null; } } else { preferredAlgo = thisAlgo; } } /* If we did not find anything that we know of, return null */ if (preferredAlgo == null) { return null; } /* Now put the preferred algo to the start of the array. * You may ask yourself why we do it that way - basically, we could just * return only the preferred algorithm: since we have a saved key of that * type (sent earlier from the remote host), then that should work out. * However, imagine that the server is (for whatever reasons) not offering * that type of hostkey anymore (e.g., "ssh-rsa" was disabled and * now "ssh-dss" is being used). If we then do not let the server send us * a fresh key of the new type, then we shoot ourself into the foot: * the connection cannot be established and hence the user cannot decide * if he/she wants to accept the new key. */ if (preferredAlgo.equals("ssh-rsa")) { return new String[] { "ssh-rsa", "ssh-dss" }; } return new String[] { "ssh-dss", "ssh-rsa" }; } /** * Checks the internal hostkey database for the given hostkey. * If no matching key can be found, then the hostname is resolved to an IP address * and the search is repeated using that IP address. * * @param hostname the server's hostname, will be matched with all hostname patterns * @param serverHostKeyAlgorithm type of hostkey, either ssh-rsa or ssh-dss * @param serverHostKey the key blob * @return
    *
  • HOSTKEY_IS_OK: the given hostkey matches an entry for the given hostname
  • *
  • HOSTKEY_IS_NEW: no entries found for this hostname and this type of hostkey
  • *
  • HOSTKEY_HAS_CHANGED: hostname is known, but with another key of the same type * (man-in-the-middle attack?)
  • *
* @throws IOException if the supplied key blob cannot be parsed or does not match the given hostkey type. */ public int verifyHostkey(String hostname, String serverHostKeyAlgorithm, byte[] serverHostKey) throws IOException { Object remoteKey = null; if ("ssh-rsa".equals(serverHostKeyAlgorithm)) { remoteKey = RSASHA1Verify.decodeSSHRSAPublicKey(serverHostKey); } else if ("ssh-dss".equals(serverHostKeyAlgorithm)) { remoteKey = DSASHA1Verify.decodeSSHDSAPublicKey(serverHostKey); } else { throw new IllegalArgumentException("Unknown hostkey type " + serverHostKeyAlgorithm); } int result = checkKey(hostname, remoteKey); if (result == HOSTKEY_IS_OK) { return result; } InetAddress[] ipAdresses = null; try { ipAdresses = InetAddress.getAllByName(hostname); } catch (UnknownHostException e) { return result; } for (int i = 0; i < ipAdresses.length; i++) { int newresult = checkKey(ipAdresses[i].getHostAddress(), remoteKey); if (newresult == HOSTKEY_IS_OK) { return newresult; } if (newresult == HOSTKEY_HAS_CHANGED) { result = HOSTKEY_HAS_CHANGED; } } return result; } /** * Adds a single public key entry to the a known_hosts file. * This method is designed to be used in a {@link ServerHostKeyVerifier}. * * @param knownHosts the file where the publickey entry will be appended. * @param hostnames a list of hostname patterns - at least one most be specified. Check out the * OpenSSH sshd man page for a description of the pattern matching algorithm. * @param serverHostKeyAlgorithm as passed to the {@link ServerHostKeyVerifier}. * @param serverHostKey as passed to the {@link ServerHostKeyVerifier}. * @throws IOException */ public static void addHostkeyToFile(File knownHosts, String[] hostnames, String serverHostKeyAlgorithm, byte[] serverHostKey) throws IOException { if ((hostnames == null) || (hostnames.length == 0)) { throw new IllegalArgumentException("Need at least one hostname specification"); } if ((serverHostKeyAlgorithm == null) || (serverHostKey == null)) { throw new IllegalArgumentException(); } CharArrayWriter writer = new CharArrayWriter(); for (int i = 0; i < hostnames.length; i++) { if (i != 0) { writer.write(','); } writer.write(hostnames[i]); } writer.write(' '); writer.write(serverHostKeyAlgorithm); writer.write(' '); writer.write(Base64.encode(serverHostKey)); writer.write("\n"); char[] entry = writer.toCharArray(); RandomAccessFile raf = new RandomAccessFile(knownHosts, "rw"); long len = raf.length(); if (len > 0) { raf.seek(len - 1); int last = raf.read(); if (last != '\n') { raf.write('\n'); } } raf.write(StringEncoder.GetBytes(new String(entry))); raf.close(); } /** * Generates a "raw" fingerprint of a hostkey. * * @param type either "md5" or "sha1" * @param keyType either "ssh-rsa" or "ssh-dss" * @param hostkey the hostkey * @return the raw fingerprint */ static private byte[] rawFingerPrint(String type, String keyType, byte[] hostkey) { Digest dig = null; if ("md5".equals(type)) { dig = new MD5(); } else if ("sha1".equals(type)) { dig = new SHA1(); } else { throw new IllegalArgumentException("Unknown hash type " + type); } if ("ssh-rsa".equals(keyType)) { } else if ("ssh-dss".equals(keyType)) { } else { throw new IllegalArgumentException("Unknown key type " + keyType); } if (hostkey == null) { throw new IllegalArgumentException("hostkey is null"); } dig.update(hostkey); byte[] res = new byte[dig.getDigestLength()]; dig.digest(res); return res; } /** * Convert a raw fingerprint to hex representation (XX:YY:ZZ...). * * @param fingerprint raw fingerprint * @return the hex representation */ static private String rawToHexFingerprint(byte[] fingerprint) { final char[] alpha = "0123456789abcdef".toCharArray(); StringBuilder sb = new StringBuilder(); for (int i = 0; i < fingerprint.length; i++) { if (i != 0) { sb.append(':'); } int b = fingerprint[i] & 0xff; sb.append(alpha[b >> 4]); sb.append(alpha[b & 15]); } return sb.toString(); } /** * Convert a raw fingerprint to bubblebabble representation. * * @param raw raw fingerprint * @return the bubblebabble representation */ static private String rawToBubblebabbleFingerprint(byte[] raw) { final char[] v = "aeiouy".toCharArray(); final char[] c = "bcdfghklmnprstvzx".toCharArray(); StringBuilder sb = new StringBuilder(); int seed = 1; int rounds = (raw.length / 2) + 1; sb.append('x'); for (int i = 0; i < rounds; i++) { if (((i + 1) < rounds) || ((raw.length) % 2 != 0)) { sb.append(v[(((raw[2 * i] >> 6) & 3) + seed) % 6]); sb.append(c[(raw[2 * i] >> 2) & 15]); sb.append(v[((raw[2 * i] & 3) + (seed / 6)) % 6]); if ((i + 1) < rounds) { sb.append(c[(((raw[(2 * i) + 1])) >> 4) & 15]); sb.append('-'); sb.append(c[(((raw[(2 * i) + 1]))) & 15]); // As long as seed >= 0, seed will be >= 0 afterwards seed = ((seed * 5) + (((raw[2 * i] & 0xff) * 7) + (raw[(2 * i) + 1] & 0xff))) % 36; } } else { sb.append(v[seed % 6]); // seed >= 0, therefore index positive sb.append('x'); sb.append(v[seed / 6]); } } sb.append('x'); return sb.toString(); } /** * Convert a ssh2 key-blob into a human readable hex fingerprint. * Generated fingerprints are identical to those generated by OpenSSH. *

* Example fingerprint: d0:cb:76:19:99:5a:03:fc:73:10:70:93:f2:44:63:47. * * @param keytype either "ssh-rsa" or "ssh-dss" * @param publickey key blob * @return Hex fingerprint */ public static String createHexFingerprint(String keytype, byte[] publickey) { byte[] raw = rawFingerPrint("md5", keytype, publickey); return rawToHexFingerprint(raw); } /** * Convert a ssh2 key-blob into a human readable bubblebabble fingerprint. * The used bubblebabble algorithm (taken from OpenSSH) generates fingerprints * that are easier to remember for humans. *

* Example fingerprint: xofoc-bubuz-cazin-zufyl-pivuk-biduk-tacib-pybur-gonar-hotat-lyxux. * * @param keytype either "ssh-rsa" or "ssh-dss" * @param publickey key data * @return Bubblebabble fingerprint */ public static String createBubblebabbleFingerprint(String keytype, byte[] publickey) { byte[] raw = rawFingerPrint("sha1", keytype, publickey); return rawToBubblebabbleFingerprint(raw); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/LocalPortForwarder.java000066400000000000000000000036531370551253600301650ustar00rootroot00000000000000/* * Copyright (c) 2006-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; import java.io.IOException; import java.net.InetSocketAddress; import java.net.ServerSocket; import ch.ethz.ssh2.channel.ChannelManager; import ch.ethz.ssh2.channel.LocalAcceptThread; /** * A LocalPortForwarder forwards TCP/IP connections to a local * port via the secure tunnel to another host (which may or may not be identical * to the remote SSH-2 server). Checkout {@link Connection#createLocalPortForwarder(int, String, int)} * on how to create one. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class LocalPortForwarder { final ChannelManager cm; final String host_to_connect; final int port_to_connect; final LocalAcceptThread lat; LocalPortForwarder(ChannelManager cm, int local_port, String host_to_connect, int port_to_connect) throws IOException { this.cm = cm; this.host_to_connect = host_to_connect; this.port_to_connect = port_to_connect; lat = new LocalAcceptThread(cm, local_port, host_to_connect, port_to_connect); lat.setDaemon(true); lat.start(); } LocalPortForwarder(ChannelManager cm, InetSocketAddress addr, String host_to_connect, int port_to_connect) throws IOException { this.cm = cm; this.host_to_connect = host_to_connect; this.port_to_connect = port_to_connect; lat = new LocalAcceptThread(cm, addr, host_to_connect, port_to_connect); lat.setDaemon(true); lat.start(); } /** * Return the local socket address of the {@link ServerSocket} used to accept connections. * @return */ public InetSocketAddress getLocalSocketAddress() { return (InetSocketAddress) lat.getServerSocket().getLocalSocketAddress(); } /** * Stop TCP/IP forwarding of newly arriving connections. * * @throws IOException */ public void close() throws IOException { lat.stopWorking(); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/LocalStreamForwarder.java000066400000000000000000000042071370551253600304700ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.net.InetAddress; import ch.ethz.ssh2.channel.Channel; import ch.ethz.ssh2.channel.ChannelManager; /** * A LocalStreamForwarder forwards an Input- and Outputstream * pair via the secure tunnel to another host (which may or may not be identical * to the remote SSH-2 server). * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class LocalStreamForwarder { private ChannelManager cm; private Channel cn; LocalStreamForwarder(ChannelManager cm, String host_to_connect, int port_to_connect) throws IOException { this.cm = cm; cn = cm.openDirectTCPIPChannel(host_to_connect, port_to_connect, InetAddress.getLocalHost().getHostAddress(), 0); } /** * @return An InputStream object. * @throws IOException */ public InputStream getInputStream() throws IOException { return cn.getStdoutStream(); } /** * Get the OutputStream. Please be aware that the implementation MAY use an * internal buffer. To make sure that the buffered data is sent over the * tunnel, you have to call the flush method of the * OutputStream. To signal EOF, please use the * close method of the OutputStream. * * @return An OutputStream object. * @throws IOException */ public OutputStream getOutputStream() throws IOException { return cn.getStdinStream(); } /** * Close the underlying SSH forwarding channel and free up resources. * You can also use this method to force the shutdown of the underlying * forwarding channel. Pending output (OutputStream not flushed) will NOT * be sent. Pending input (InputStream) can still be read. If the shutdown * operation is already in progress (initiated from either side), then this * call is a no-op. * * @throws IOException */ public void close() throws IOException { cm.closeChannel(cn, "Closed due to user request.", true); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/PacketListener.java000066400000000000000000000004151370551253600273200ustar00rootroot00000000000000/* * Copyright (c) 2011 David Kocher. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; /** * @version $Id:$ */ public interface PacketListener { void read(String packet); void write(String packet); } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/PacketTypeException.java000066400000000000000000000006361370551253600303400ustar00rootroot00000000000000package ch.ethz.ssh2; import java.io.IOException; /** * @version $Id:$ */ public class PacketTypeException extends IOException { public PacketTypeException() { } public PacketTypeException(final String message) { super(message); } public PacketTypeException(final int packet) { super(String.format("The SFTP server sent an unexpected packet type (%d)", packet)); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/ProxyData.java000066400000000000000000000005631370551253600263220ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; /** * An abstract marker interface implemented by all proxy data implementations. * * @see HTTPProxyData * * @author Christian Plattner * @version 2.50, 03/15/10 */ public abstract interface ProxyData { } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/PtySettings.java000066400000000000000000000021341370551253600267000ustar00rootroot00000000000000/* * Copyright (c) 2012-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; /** * PTY settings for a SSH session. Zero dimension parameters are ignored. The character/row dimensions * override the pixel dimensions (when nonzero). Pixel dimensions refer to * the drawable area of the window. The dimension parameters are only * informational. The encoding of terminal modes (parameter * terminal_modes) is described in RFC4254. * * @author Christian */ public class PtySettings { /** * TERM environment variable value (e.g., vt100) */ public String term; /** * Terminal width, characters (e.g., 80) */ public int term_width_characters; /** * Terminal height, rows (e.g., 24) */ public int term_height_characters; /** * Terminal width, pixels (e.g., 640) */ public int term_width_pixels; /** * Terminal height, pixels (e.g., 480) */ public int term_height_pixels; /** * Encoded terminal modes */ public byte[] terminal_modes; } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/RequestMismatchException.java000066400000000000000000000005151370551253600314010ustar00rootroot00000000000000package ch.ethz.ssh2; import java.io.IOException; /** * @version $Id:$ */ public class RequestMismatchException extends IOException { public RequestMismatchException() { super("The server sent an invalid id field."); } public RequestMismatchException(final String message) { super(message); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/SCPClient.java000066400000000000000000000135251370551253600261750ustar00rootroot00000000000000package ch.ethz.ssh2; import java.io.IOException; import java.io.InputStream; import java.nio.charset.Charset; import java.nio.charset.UnsupportedCharsetException; /** * A very basic SCPClient that can be used to copy files from/to * the SSH-2 server. On the server side, the "scp" program must be in the PATH. *

* This scp client is thread safe - you can download (and upload) different sets * of files concurrently without any troubles. The SCPClient is * actually mapping every request to a distinct {@link ch.ethz.ssh2.Session}. * * @author Christian Plattner, plattner@inf.ethz.ch * @version $Id$ */ public class SCPClient { Connection conn; String charsetName = null; /** * Set the charset used to convert between Java Unicode Strings and byte encodings * used by the server for paths and file names. * * @param charset the name of the charset to be used or null to use the platform's * default encoding. * @throws IOException * @see #getCharset() */ public void setCharset(String charset) throws IOException { if (charset == null) { charsetName = charset; return; } try { Charset.forName(charset); } catch (UnsupportedCharsetException e) { throw new IOException("This charset is not supported", e); } charsetName = charset; } /** * The currently used charset for filename encoding/decoding. * * @return The name of the charset (null if the platform's default charset is being used) * @see #setCharset(String) */ public String getCharset() { return charsetName; } public class LenNamePair { public long length; String filename; } public SCPClient(Connection conn) { if (conn == null) throw new IllegalArgumentException("Cannot accept null argument!"); this.conn = conn; } protected void readResponse(InputStream is) throws IOException { int c = is.read(); if (c == 0) return; if (c == -1) throw new IOException("Remote scp terminated unexpectedly."); if ((c != 1) && (c != 2)) throw new IOException("Remote scp sent illegal error code."); if (c == 2) throw new IOException("Remote scp terminated with error."); String err = receiveLine(is); throw new IOException("Remote scp terminated with error (" + err + ")."); } protected String receiveLine(InputStream is) throws IOException { StringBuilder sb = new StringBuilder(30); while (true) { /* This is a random limit - if your path names are longer, then adjust it */ if (sb.length() > 8192) throw new IOException("Remote scp sent a too long line"); int c = is.read(); if (c < 0) throw new IOException("Remote scp terminated unexpectedly."); if (c == '\n') break; sb.append((char) c); } return sb.toString(); } protected LenNamePair parseCLine(String line) throws IOException { /* Minimum line: "xxxx y z" ---> 8 chars */ if (line.length() < 8) throw new IOException("Malformed C line sent by remote SCP binary, line too short."); if ((line.charAt(4) != ' ') || (line.charAt(5) == ' ')) throw new IOException("Malformed C line sent by remote SCP binary."); int length_name_sep = line.indexOf(' ', 5); if (length_name_sep == -1) throw new IOException("Malformed C line sent by remote SCP binary."); String length_substring = line.substring(5, length_name_sep); String name_substring = line.substring(length_name_sep + 1); if ((length_substring.length() <= 0) || (name_substring.length() <= 0)) throw new IOException("Malformed C line sent by remote SCP binary."); if ((6 + length_substring.length() + name_substring.length()) != line.length()) throw new IOException("Malformed C line sent by remote SCP binary."); final long len; try { len = Long.parseLong(length_substring); } catch (NumberFormatException e) { throw new IOException("Malformed C line sent by remote SCP binary, cannot parse file length."); } if (len < 0) throw new IOException("Malformed C line sent by remote SCP binary, illegal file length."); LenNamePair lnp = new LenNamePair(); lnp.length = len; lnp.filename = name_substring; return lnp; } /** * The session for opened for this SCP transfer must be closed using * SCPOutputStream#close * * @param remoteFile * @param length The size of the file to send * @param remoteTargetDirectory * @param mode * @return * @throws IOException */ public SCPOutputStream put(final String remoteFile, long length, String remoteTargetDirectory, String mode) throws IOException { Session sess = null; if (null == remoteFile) throw new IllegalArgumentException("Null argument."); if (null == remoteTargetDirectory) remoteTargetDirectory = ""; if (null == mode) mode = "0600"; if (mode.length() != 4) throw new IllegalArgumentException("Invalid mode."); for (int i = 0; i < mode.length(); i++) if (Character.isDigit(mode.charAt(i)) == false) throw new IllegalArgumentException("Invalid mode."); remoteTargetDirectory = (remoteTargetDirectory.length() > 0) ? remoteTargetDirectory : "."; String cmd = "scp -t -d \"" + remoteTargetDirectory + "\""; sess = conn.openSession(); sess.execCommand(cmd, charsetName); return new SCPOutputStream(this, sess, remoteFile, length, mode); } /** * The session for opened for this SCP transfer must be closed using * SCPInputStream#close * * @param remoteFile * @return * @throws IOException */ public SCPInputStream get(final String remoteFile) throws IOException { Session sess = null; if (null == remoteFile) throw new IllegalArgumentException("Null argument."); if (remoteFile.length() == 0) throw new IllegalArgumentException("Cannot accept empty filename."); String cmd = "scp -f"; cmd += (" \"" + remoteFile + "\""); sess = conn.openSession(); sess.execCommand(cmd, charsetName); return new SCPInputStream(this, sess); } }SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/SCPInputStream.java000066400000000000000000000042231370551253600272250ustar00rootroot00000000000000/* * Copyright (c) 2011 David Kocher. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; import java.io.BufferedInputStream; import java.io.BufferedOutputStream; import java.io.IOException; import java.io.OutputStream; /** * @version $Id:$ */ public class SCPInputStream extends BufferedInputStream { private Session session; /** * Bytes remaining to be read from the stream */ private long remaining; public SCPInputStream(SCPClient client, Session session) throws IOException { super(session.getStdout()); this.session = session; OutputStream os = new BufferedOutputStream(session.getStdin(), 512); os.write(0x0); os.flush(); final SCPClient.LenNamePair lnp; while (true) { int c = session.getStdout().read(); if (c < 0) { throw new IOException("Remote scp terminated unexpectedly."); } String line = client.receiveLine(session.getStdout()); if (c == 'T') { /* Ignore modification times */ continue; } if ((c == 1) || (c == 2)) { throw new IOException("Remote SCP error: " + line); } if (c == 'C') { lnp = client.parseCLine(line); break; } throw new IOException("Remote SCP error: " + ((char) c) + line); } os.write(0x0); os.flush(); this.remaining = lnp.length; } @Override public int read() throws IOException { if (!(remaining > 0)) { return -1; } int b = super.read(); if (b < 0) { throw new IOException("Remote scp terminated connection unexpectedly"); } remaining -= 1; return b; } @Override public int read(byte b[], int off, int len) throws IOException { if (!(remaining > 0)) { return -1; } int trans = (int) remaining; if (remaining > len) { trans = len; } int read = super.read(b, off, trans); if (read < 0) { throw new IOException("Remote scp terminated connection unexpectedly"); } remaining -= read; return read; } @Override public void close() throws IOException { try { session.getStdin().write(0x0); session.getStdin().flush(); } finally { if (session != null) { session.close(); } } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/SCPOutputStream.java000066400000000000000000000022671370551253600274340ustar00rootroot00000000000000/* * Copyright (c) 2011 David Kocher. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; import java.io.BufferedInputStream; import java.io.BufferedOutputStream; import java.io.IOException; import java.io.InputStream; import ch.ethz.ssh2.util.StringEncoder; /** * @version $Id:$ */ public class SCPOutputStream extends BufferedOutputStream { private Session session; private SCPClient scp; public SCPOutputStream(SCPClient client, Session session, final String remoteFile, long length, String mode) throws IOException { super(session.getStdin(), 40000); this.session = session; this.scp = client; InputStream is = new BufferedInputStream(session.getStdout(), 512); scp.readResponse(is); String cline = "C" + mode + " " + length + " " + remoteFile + "\n"; super.write(StringEncoder.GetBytes(cline)); this.flush(); scp.readResponse(is); } @Override public void close() throws IOException { try { this.write(0); this.flush(); scp.readResponse(session.getStdout()); this.write(StringEncoder.GetBytes("E\n")); this.flush(); } finally { if (session != null) session.close(); } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/SFTPException.java000066400000000000000000000040761370551253600270450ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please see the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; import java.io.IOException; import ch.ethz.ssh2.sftp.ErrorCodes; /** * Used in combination with the SFTPv3Client. This exception wraps * error messages sent by the SFTP server. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class SFTPException extends IOException { private static final long serialVersionUID = 578654644222421811L; private final String sftpErrorMessage; private final int sftpErrorCode; private static String constructMessage(String s, int errorCode) { String[] detail = ErrorCodes.getDescription(errorCode); if (detail == null) return s + " (UNKNOWN SFTP ERROR CODE)"; return s + " (" + detail[0] + ": " + detail[1] + ")"; } SFTPException(String msg, int errorCode) { super(constructMessage(msg, errorCode)); sftpErrorMessage = msg; sftpErrorCode = errorCode; } /** * Get the error message sent by the server. Often, this * message does not help a lot (e.g., "failure"). * * @return the plain string as sent by the server. */ public String getServerErrorMessage() { return sftpErrorMessage; } /** * Get the error code sent by the server. * * @return an error code as defined in the SFTP specs. */ public int getServerErrorCode() { return sftpErrorCode; } /** * Get the symbolic name of the error code as given in the SFTP specs. * * @return e.g., "SSH_FX_INVALID_FILENAME". */ public String getServerErrorCodeSymbol() { String[] detail = ErrorCodes.getDescription(sftpErrorCode); if (detail == null) return "UNKNOWN SFTP ERROR CODE " + sftpErrorCode; return detail[0]; } /** * Get the description of the error code as given in the SFTP specs. * * @return e.g., "The filename is not valid." */ public String getServerErrorCodeVerbose() { String[] detail = ErrorCodes.getDescription(sftpErrorCode); if (detail == null) return "The error code " + sftpErrorCode + " is unknown."; return detail[1]; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/SFTPInputStream.java000066400000000000000000000047161370551253600273630ustar00rootroot00000000000000/* * Copyright (c) 2011 David Kocher. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; import java.io.IOException; import java.io.InputStream; /** * @version $Id:$ */ public class SFTPInputStream extends InputStream { private SFTPv3FileHandle handle; /** * Offset (in bytes) in the file to read */ private long readOffset = 0; public SFTPInputStream(SFTPv3FileHandle handle) { this.handle = handle; } /** * Reads up to len bytes of data from the input stream into * an array of bytes. An attempt is made to read as many as * len bytes, but a smaller number may be read, possibly * zero. The number of bytes actually read is returned as an integer. * * @see SFTPv3Client#read(SFTPv3FileHandle,long,byte[],int,int) */ @Override public int read(byte[] buffer, int offset, int len) throws IOException { int read = handle.getClient().read(handle, readOffset, buffer, offset, len); if(read > 0) { readOffset += read; } return read; } /** * Reads the next byte of data from the input stream. The value byte is * returned as an int in the range 0 to * 255. If no byte is available because the end of the stream * has been reached, the value -1 is returned. This method * blocks until input data is available, the end of the stream is detected, * or an exception is thrown. *

*

A subclass must provide an implementation of this method. * * @return the next byte of data, or -1 if the end of the * stream is reached. * @throws IOException if an I/O error occurs. */ @Override public int read() throws IOException { byte[] buffer = new byte[1]; int b = handle.getClient().read(handle, readOffset, buffer, 0, 1); if(b > 0) { readOffset += 1; } return b; } /** * Skips over and discards n bytes of data from this input * stream. * * @param n the number of bytes to be skipped. * @return the actual number of bytes skipped. */ @Override public long skip(long n) { readOffset += n; return n; } @Override public void close() throws IOException { handle.getClient().closeFile(handle); } }SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/SFTPOutputStream.java000066400000000000000000000035361370551253600275630ustar00rootroot00000000000000/* * Copyright (c) 2011 David Kocher. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; import java.io.IOException; import java.io.OutputStream; /** * @version $Id:$ */ public class SFTPOutputStream extends OutputStream { private SFTPv3FileHandle handle; /** * Offset (in bytes) in the file to write */ private long writeOffset = 0; public SFTPOutputStream(SFTPv3FileHandle handle) { this.handle = handle; } /** * Writes len bytes from the specified byte array * starting at offset off to this output stream. * The general contract for write(b, off, len) is that * some of the bytes in the array b are written to the * output stream in order; element b[off] is the first * byte written and b[off+len-1] is the last byte written * by this operation. * * @see SFTPv3Client#write(SFTPv3FileHandle,long,byte[],int,int) */ @Override public void write(byte[] buffer, int offset, int len) throws IOException { // We can just blindly write the whole buffer at once. // if len > 32768, then the write operation will // be split into multiple writes in SFTPv3Client#write. handle.getClient().write(handle, writeOffset, buffer, offset, len); writeOffset += len; } @Override public void write(int b) throws IOException { byte[] buffer = new byte[1]; buffer[0] = (byte) b; handle.getClient().write(handle, writeOffset, buffer, 0, 1); writeOffset += 1; } public long skip(long n) { writeOffset += n; return n; } @Override public void close() throws IOException { handle.getClient().closeFile(handle); } }SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/SFTPv3Client.java000066400000000000000000001277331370551253600266040ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; import java.io.BufferedOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.net.SocketException; import java.nio.charset.Charset; import java.nio.charset.UnsupportedCharsetException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import ch.ethz.ssh2.channel.Channel; import ch.ethz.ssh2.log.Logger; import ch.ethz.ssh2.packets.TypesReader; import ch.ethz.ssh2.packets.TypesWriter; import ch.ethz.ssh2.sftp.AttribFlags; import ch.ethz.ssh2.sftp.ErrorCodes; import ch.ethz.ssh2.sftp.Packet; /** * A SFTPv3Client represents a SFTP (protocol version 3) * client connection tunnelled over a SSH-2 connection. This is a very simple * (synchronous) implementation. *

* Basically, most methods in this class map directly to one of * the packet types described in draft-ietf-secsh-filexfer-02.txt. *

* Note: this is experimental code. *

* Error handling: the methods of this class throw IOExceptions. However, unless * there is catastrophic failure, exceptions of the type {@link SFTPv3Client} will * be thrown (a subclass of IOException). Therefore, you can implement more verbose * behavior by checking if a thrown exception if of this type. If yes, then you * can cast the exception and access detailed information about the failure. *

* Notes about file names, directory names and paths, copy-pasted * from the specs: *

    *
  • SFTP v3 represents file names as strings. File names are * assumed to use the slash ('/') character as a directory separator.
  • *
  • File names starting with a slash are "absolute", and are relative to * the root of the file system. Names starting with any other character * are relative to the user's default directory (home directory).
  • *
  • Servers SHOULD interpret a path name component ".." as referring to * the parent directory, and "." as referring to the current directory. * If the server implementation limits access to certain parts of the * file system, it must be extra careful in parsing file names when * enforcing such restrictions. There have been numerous reported * security bugs where a ".." in a path name has allowed access outside * the intended area.
  • *
  • An empty path name is valid, and it refers to the user's default * directory (usually the user's home directory).
  • *
*

* If you are still not tired then please go on and read the comment for * {@link #setCharset(String)}. * * @author Christian Plattner, plattner@inf.ethz.ch * @version $Id$ */ public class SFTPv3Client { private static final Logger log = Logger.getLogger(SFTPv3Client.class); private Session sess; private InputStream is; private OutputStream os; private int protocol_version = 0; private int next_request_id = 1000; private String charsetName = null; /** * */ private PacketListener listener; /** * Create a SFTP v3 client. * * @param conn The underlying SSH-2 connection to be used. * @throws IOException */ public SFTPv3Client(Connection conn, PacketListener listener) throws IOException { if (conn == null) { throw new IllegalArgumentException("Cannot accept null argument!"); } this.listener = listener; log.debug("Opening session and starting SFTP subsystem."); sess = conn.openSession(); sess.startSubSystem("sftp"); is = sess.getStdout(); os = new BufferedOutputStream(sess.getStdin(), 2048); if (is == null) { throw new IOException("There is a problem with the streams of the underlying channel."); } init(); } /** * Create a SFTP v3 client. * * @param conn The underlying SSH-2 connection to be used. * @throws IOException */ public SFTPv3Client(Connection conn) throws IOException { this(conn, new PacketListener() { public void read(String packet) { log.debug("Read packet " + packet); } public void write(String packet) { log.debug("Write packet " + packet); } }); } /** * Set the charset used to convert between Java Unicode Strings and byte encodings * used by the server for paths and file names. Unfortunately, the SFTP v3 draft * says NOTHING about such conversions (well, with the exception of error messages * which have to be in UTF-8). Newer drafts specify to use UTF-8 for file names * (if I remember correctly). However, a quick test using OpenSSH serving a EXT-3 * filesystem has shown that UTF-8 seems to be a bad choice for SFTP v3 (tested with * filenames containing german umlauts). "windows-1252" seems to work better for Europe. * Luckily, "windows-1252" is the platform default in my case =). *

* If you don't set anything, then the platform default will be used (this is the default * behavior). * * @param charset the name of the charset to be used or null to use the platform's * default encoding. * @throws IOException * @see #getCharset() */ public void setCharset(String charset) throws IOException { if (charset == null) { charsetName = null; return; } try { Charset.forName(charset); } catch (UnsupportedCharsetException e) { throw new IOException("This charset is not supported", e); } charsetName = charset; } /** * The currently used charset for filename encoding/decoding. * * @return The name of the charset (null if the platform's default charset is being used) * @see #setCharset(String) */ public String getCharset() { return charsetName; } private void checkHandleValidAndOpen(SFTPv3FileHandle handle) throws IOException { if (handle.client != this) { throw new IOException("The file handle was created with another SFTPv3FileHandle instance."); } if (handle.isClosed) { throw new IOException("The file handle is closed."); } } private void sendMessage(int type, int requestId, byte[] msg, int off, int len) throws IOException { listener.write(Packet.forName(type)); int msglen = len + 1; if (type != Packet.SSH_FXP_INIT) { msglen += 4; } os.write(msglen >> 24); os.write(msglen >> 16); os.write(msglen >> 8); os.write(msglen); os.write(type); if (type != Packet.SSH_FXP_INIT) { os.write(requestId >> 24); os.write(requestId >> 16); os.write(requestId >> 8); os.write(requestId); } os.write(msg, off, len); os.flush(); } private void sendMessage(int type, int requestId, byte[] msg) throws IOException { sendMessage(type, requestId, msg, 0, msg.length); } private void readBytes(byte[] buff, int pos, int len) throws IOException { while (len > 0) { int count = is.read(buff, pos, len); if (count < 0) { throw new SocketException("Unexpected end of sftp stream."); } if ((count == 0) || (count > len)) { throw new SocketException("Underlying stream implementation is bogus!"); } len -= count; pos += count; } } /** * Read a message and guarantee that the contents is not larger than * maxlen bytes. *

* Note: receiveMessage(34000) actually means that the message may be up to 34004 * bytes (the length attribute preceeding the contents is 4 bytes). * * @param maxlen * @return the message contents * @throws IOException */ private byte[] receiveMessage(int maxlen) throws IOException { byte[] msglen = new byte[4]; readBytes(msglen, 0, 4); int len = (((msglen[0] & 0xff) << 24) | ((msglen[1] & 0xff) << 16) | ((msglen[2] & 0xff) << 8) | (msglen[3] & 0xff)); if ((len > maxlen) || (len <= 0)) { throw new IOException("Illegal sftp packet len: " + len); } byte[] msg = new byte[len]; readBytes(msg, 0, len); return msg; } private int generateNextRequestID() { synchronized (this) { return next_request_id++; } } private void closeHandle(byte[] handle) throws IOException { int req_id = generateNextRequestID(); TypesWriter tw = new TypesWriter(); tw.writeString(handle, 0, handle.length); sendMessage(Packet.SSH_FXP_CLOSE, req_id, tw.getBytes()); expectStatusOKMessage(req_id); } private SFTPv3FileAttributes readAttrs(TypesReader tr) throws IOException { /* * uint32 flags * uint64 size present only if flag SSH_FILEXFER_ATTR_SIZE * uint32 uid present only if flag SSH_FILEXFER_ATTR_V3_UIDGID * uint32 gid present only if flag SSH_FILEXFER_ATTR_V3_UIDGID * uint32 permissions present only if flag SSH_FILEXFER_ATTR_PERMISSIONS * uint32 atime present only if flag SSH_FILEXFER_ATTR_V3_ACMODTIME * uint32 mtime present only if flag SSH_FILEXFER_ATTR_V3_ACMODTIME * uint32 extended_count present only if flag SSH_FILEXFER_ATTR_EXTENDED * string extended_type * string extended_data * ... more extended data (extended_type - extended_data pairs), * so that number of pairs equals extended_count */ SFTPv3FileAttributes fa = new SFTPv3FileAttributes(); int flags = tr.readUINT32(); if ((flags & AttribFlags.SSH_FILEXFER_ATTR_SIZE) != 0) { log.debug("SSH_FILEXFER_ATTR_SIZE"); fa.size = tr.readUINT64(); } if ((flags & AttribFlags.SSH_FILEXFER_ATTR_V3_UIDGID) != 0) { log.debug("SSH_FILEXFER_ATTR_V3_UIDGID"); fa.uid = tr.readUINT32(); fa.gid = tr.readUINT32(); } if ((flags & AttribFlags.SSH_FILEXFER_ATTR_PERMISSIONS) != 0) { log.debug("SSH_FILEXFER_ATTR_PERMISSIONS"); fa.permissions = tr.readUINT32(); } if ((flags & AttribFlags.SSH_FILEXFER_ATTR_V3_ACMODTIME) != 0) { log.debug("SSH_FILEXFER_ATTR_V3_ACMODTIME"); fa.atime = tr.readUINT32(); fa.mtime = tr.readUINT32(); } if ((flags & AttribFlags.SSH_FILEXFER_ATTR_EXTENDED) != 0) { int count = tr.readUINT32(); log.debug("SSH_FILEXFER_ATTR_EXTENDED (" + count + ")"); /* Read it anyway to detect corrupt packets */ while (count > 0) { tr.readByteString(); tr.readByteString(); count--; } } return fa; } /** * Retrieve the file attributes of an open file. * * @param handle a SFTPv3FileHandle handle. * @return a SFTPv3FileAttributes object. * @throws IOException */ public SFTPv3FileAttributes fstat(SFTPv3FileHandle handle) throws IOException { checkHandleValidAndOpen(handle); int req_id = generateNextRequestID(); TypesWriter tw = new TypesWriter(); tw.writeString(handle.fileHandle, 0, handle.fileHandle.length); log.debug("Sending SSH_FXP_FSTAT..."); sendMessage(Packet.SSH_FXP_FSTAT, req_id, tw.getBytes()); byte[] resp = receiveMessage(34000); TypesReader tr = new TypesReader(resp); int t = tr.readByte(); listener.read(Packet.forName(t)); int rep_id = tr.readUINT32(); if (rep_id != req_id) { throw new RequestMismatchException(); } if (t == Packet.SSH_FXP_ATTRS) { return readAttrs(tr); } if (t != Packet.SSH_FXP_STATUS) { throw new PacketTypeException(t); } int errorCode = tr.readUINT32(); String errorMessage = tr.readString(); listener.read(errorMessage); throw new SFTPException(errorMessage, errorCode); } private SFTPv3FileAttributes statBoth(String path, int statMethod) throws IOException { int req_id = generateNextRequestID(); TypesWriter tw = new TypesWriter(); tw.writeString(path, charsetName); log.debug("Sending SSH_FXP_STAT/SSH_FXP_LSTAT..."); sendMessage(statMethod, req_id, tw.getBytes()); byte[] resp = receiveMessage(34000); TypesReader tr = new TypesReader(resp); int t = tr.readByte(); listener.read(Packet.forName(t)); int rep_id = tr.readUINT32(); if (rep_id != req_id) { throw new RequestMismatchException(); } if (t == Packet.SSH_FXP_ATTRS) { return readAttrs(tr); } if (t != Packet.SSH_FXP_STATUS) { throw new PacketTypeException(t); } int errorCode = tr.readUINT32(); String errorMessage = tr.readString(); listener.read(errorMessage); throw new SFTPException(errorMessage, errorCode); } /** * Retrieve the file attributes of a file. This method * follows symbolic links on the server. * * @param path See the {@link SFTPv3Client comment} for the class for more details. * @return a SFTPv3FileAttributes object. * @throws IOException * @see #lstat(String) */ public SFTPv3FileAttributes stat(String path) throws IOException { return statBoth(path, Packet.SSH_FXP_STAT); } /** * Retrieve the file attributes of a file. This method * does NOT follow symbolic links on the server. * * @param path See the {@link SFTPv3Client comment} for the class for more details. * @return a SFTPv3FileAttributes object. * @throws IOException * @see #stat(String) */ public SFTPv3FileAttributes lstat(String path) throws IOException { return statBoth(path, Packet.SSH_FXP_LSTAT); } /** * Read the target of a symbolic link. Note: OpenSSH (as of version 4.4) gets very upset * (SSH_FX_BAD_MESSAGE error) if you want to read the target of a file that is not a * symbolic link. Better check first with {@link #lstat(String)}. * * @param path See the {@link SFTPv3Client comment} for the class for more details. * @return The target of the link. * @throws IOException */ public String readLink(String path) throws IOException { int req_id = generateNextRequestID(); TypesWriter tw = new TypesWriter(); tw.writeString(path, charsetName); log.debug("Sending SSH_FXP_READLINK..."); sendMessage(Packet.SSH_FXP_READLINK, req_id, tw.getBytes()); byte[] resp = receiveMessage(34000); TypesReader tr = new TypesReader(resp); int t = tr.readByte(); listener.read(Packet.forName(t)); int rep_id = tr.readUINT32(); if (rep_id != req_id) { throw new RequestMismatchException(); } if (t == Packet.SSH_FXP_NAME) { int count = tr.readUINT32(); if (count != 1) { throw new IOException("The server sent an invalid SSH_FXP_NAME packet."); } return tr.readString(charsetName); } if (t != Packet.SSH_FXP_STATUS) { throw new PacketTypeException(t); } int errorCode = tr.readUINT32(); String errorMessage = tr.readString(); listener.read(errorMessage); throw new SFTPException(errorMessage, errorCode); } private void expectStatusOKMessage(int id) throws IOException { byte[] resp = receiveMessage(34000); TypesReader tr = new TypesReader(resp); int t = tr.readByte(); listener.read(Packet.forName(t)); int rep_id = tr.readUINT32(); if (rep_id != id) { throw new RequestMismatchException(); } if (t != Packet.SSH_FXP_STATUS) { throw new PacketTypeException(t); } int errorCode = tr.readUINT32(); if (errorCode == ErrorCodes.SSH_FX_OK) { return; } String errorMessage = tr.readString(); listener.read(errorMessage); throw new SFTPException(errorMessage, errorCode); } /** * Modify the attributes of a file. Used for operations such as changing * the ownership, permissions or access times, as well as for truncating a file. * * @param path See the {@link SFTPv3Client comment} for the class for more details. * @param attr A SFTPv3FileAttributes object. Specifies the modifications to be * made to the attributes of the file. Empty fields will be ignored. * @throws IOException */ public void setstat(String path, SFTPv3FileAttributes attr) throws IOException { int req_id = generateNextRequestID(); TypesWriter tw = new TypesWriter(); tw.writeString(path, charsetName); tw.writeBytes(createAttrs(attr)); log.debug("Sending SSH_FXP_SETSTAT..."); sendMessage(Packet.SSH_FXP_SETSTAT, req_id, tw.getBytes()); expectStatusOKMessage(req_id); } /** * Modify the attributes of a file. Used for operations such as changing * the ownership, permissions or access times, as well as for truncating a file. * * @param handle a SFTPv3FileHandle handle * @param attr A SFTPv3FileAttributes object. Specifies the modifications to be * made to the attributes of the file. Empty fields will be ignored. * @throws IOException */ public void fsetstat(SFTPv3FileHandle handle, SFTPv3FileAttributes attr) throws IOException { checkHandleValidAndOpen(handle); int req_id = generateNextRequestID(); TypesWriter tw = new TypesWriter(); tw.writeString(handle.fileHandle, 0, handle.fileHandle.length); tw.writeBytes(createAttrs(attr)); log.debug("Sending SSH_FXP_FSETSTAT..."); sendMessage(Packet.SSH_FXP_FSETSTAT, req_id, tw.getBytes()); expectStatusOKMessage(req_id); } /** * Create a symbolic link on the server. Creates a link "src" that points * to "target". * * @param src See the {@link SFTPv3Client comment} for the class for more details. * @param target See the {@link SFTPv3Client comment} for the class for more details. * @throws IOException */ public void createSymlink(String src, String target) throws IOException { int req_id = generateNextRequestID(); /* Either I am too stupid to understand the SFTP draft * or the OpenSSH guys changed the semantics of src and target. */ TypesWriter tw = new TypesWriter(); tw.writeString(target, charsetName); tw.writeString(src, charsetName); log.debug("Sending SSH_FXP_SYMLINK..."); sendMessage(Packet.SSH_FXP_SYMLINK, req_id, tw.getBytes()); expectStatusOKMessage(req_id); } /** * Have the server canonicalize any given path name to an absolute path. * This is useful for converting path names containing ".." components or * relative pathnames without a leading slash into absolute paths. * * @param path See the {@link SFTPv3Client comment} for the class for more details. * @return An absolute path. * @throws IOException */ public String canonicalPath(String path) throws IOException { int req_id = generateNextRequestID(); TypesWriter tw = new TypesWriter(); tw.writeString(path, charsetName); log.debug("Sending SSH_FXP_REALPATH..."); sendMessage(Packet.SSH_FXP_REALPATH, req_id, tw.getBytes()); byte[] resp = receiveMessage(34000); TypesReader tr = new TypesReader(resp); int t = tr.readByte(); listener.read(Packet.forName(t)); int rep_id = tr.readUINT32(); if (rep_id != req_id) { throw new RequestMismatchException(); } if (t == Packet.SSH_FXP_NAME) { int count = tr.readUINT32(); if (count != 1) { throw new IOException("The server sent an invalid SSH_FXP_NAME packet."); } final String name = tr.readString(charsetName); listener.read(name); return name; } if (t != Packet.SSH_FXP_STATUS) { throw new PacketTypeException(t); } int errorCode = tr.readUINT32(); String errorMessage = tr.readString(); listener.read(errorMessage); throw new SFTPException(errorMessage, errorCode); } private List scanDirectory(byte[] handle) throws IOException { List files = new ArrayList(); while (true) { int req_id = generateNextRequestID(); TypesWriter tw = new TypesWriter(); tw.writeString(handle, 0, handle.length); log.debug("Sending SSH_FXP_READDIR..."); sendMessage(Packet.SSH_FXP_READDIR, req_id, tw.getBytes()); byte[] resp = receiveMessage(34000); TypesReader tr = new TypesReader(resp); int t = tr.readByte(); listener.read(Packet.forName(t)); int rep_id = tr.readUINT32(); if (rep_id != req_id) { throw new RequestMismatchException(); } if (t == Packet.SSH_FXP_NAME) { int count = tr.readUINT32(); log.debug("Parsing " + count + " name entries..."); while (count > 0) { SFTPv3DirectoryEntry dirEnt = new SFTPv3DirectoryEntry(); dirEnt.filename = tr.readString(charsetName); dirEnt.longEntry = tr.readString(charsetName); listener.read(dirEnt.longEntry); dirEnt.attributes = readAttrs(tr); files.add(dirEnt); log.debug("File: '" + dirEnt.filename + "'"); count--; } continue; } if (t != Packet.SSH_FXP_STATUS) { throw new PacketTypeException(t); } int errorCode = tr.readUINT32(); if (errorCode == ErrorCodes.SSH_FX_EOF) { return files; } String errorMessage = tr.readString(); listener.read(errorMessage); throw new SFTPException(errorMessage, errorCode); } } public final SFTPv3FileHandle openDirectory(String path) throws IOException { int req_id = generateNextRequestID(); TypesWriter tw = new TypesWriter(); tw.writeString(path, charsetName); log.debug("Sending SSH_FXP_OPENDIR..."); sendMessage(Packet.SSH_FXP_OPENDIR, req_id, tw.getBytes()); byte[] resp = receiveMessage(34000); TypesReader tr = new TypesReader(resp); int t = tr.readByte(); listener.read(Packet.forName(t)); int rep_id = tr.readUINT32(); if (rep_id != req_id) { throw new RequestMismatchException(); } if (t == Packet.SSH_FXP_HANDLE) { log.debug("Got SSH_FXP_HANDLE."); return new SFTPv3FileHandle(this, tr.readByteString()); } if (t != Packet.SSH_FXP_STATUS) { throw new PacketTypeException(t); } int errorCode = tr.readUINT32(); String errorMessage = tr.readString(); listener.read(errorMessage); throw new SFTPException(errorMessage, errorCode); } private String expandString(byte[] b, int off, int len) { StringBuilder sb = new StringBuilder(); for (int i = 0; i < len; i++) { int c = b[off + i] & 0xff; if ((c >= 32) && (c <= 126)) { sb.append((char) c); } else { sb.append(String.format("{0x%s}", Integer.toHexString(c))); } } return sb.toString(); } private void init() throws IOException { /* Send SSH_FXP_INIT (version 3) */ final int client_version = 3; log.debug("Sending SSH_FXP_INIT (" + client_version + ")..."); TypesWriter tw = new TypesWriter(); tw.writeUINT32(client_version); sendMessage(Packet.SSH_FXP_INIT, 0, tw.getBytes()); /* Receive SSH_FXP_VERSION */ log.debug("Waiting for SSH_FXP_VERSION..."); TypesReader tr = new TypesReader(receiveMessage(34000)); /* Should be enough for any reasonable server */ int t = tr.readByte(); listener.read(Packet.forName(t)); if (t != Packet.SSH_FXP_VERSION) { throw new IOException("The server did not send a SSH_FXP_VERSION packet (got " + t + ")"); } protocol_version = tr.readUINT32(); log.debug("SSH_FXP_VERSION: protocol_version = " + protocol_version); if (protocol_version != 3) { throw new IOException("Server version " + protocol_version + " is currently not supported"); } /* Read and save extensions (if any) for later use */ while (tr.remain() != 0) { String name = tr.readString(); listener.read(name); byte[] value = tr.readByteString(); log.debug("SSH_FXP_VERSION: extension: " + name + " = '" + expandString(value, 0, value.length) + "'"); } } /** * Returns the negotiated SFTP protocol version between the client and the server. * * @return SFTP protocol version, i.e., "3". */ public int getProtocolVersion() { return protocol_version; } /** * Queries the channel state * @return True if the underlying session is in open state */ public boolean isConnected() { return sess.getState() == Channel.STATE_OPEN; } /** * Close this SFTP session. NEVER forget to call this method to free up * resources - even if you got an exception from one of the other methods. * Sometimes these other methods may throw an exception, saying that the * underlying channel is closed (this can happen, e.g., if the other server * sent a close message.) However, as long as you have not called the * close() method, you are likely wasting resources. */ public void close() { sess.close(); } /** * List the contents of a directory. * * @param dirName See the {@link SFTPv3Client comment} for the class for more details. * @return A Vector containing {@link SFTPv3DirectoryEntry} objects. * @throws IOException */ public List ls(String dirName) throws IOException { SFTPv3FileHandle handle = openDirectory(dirName); List result = scanDirectory(handle.fileHandle); closeFile(handle); return result; } /** * Create a new directory. * * @param dirName See the {@link SFTPv3Client comment} for the class for more details. * @param posixPermissions the permissions for this directory, e.g., "0700" (remember that * this is octal noation). The server will likely apply a umask. * @throws IOException */ public void mkdir(String dirName, int posixPermissions) throws IOException { int req_id = generateNextRequestID(); TypesWriter tw = new TypesWriter(); tw.writeString(dirName, charsetName); tw.writeUINT32(AttribFlags.SSH_FILEXFER_ATTR_PERMISSIONS); tw.writeUINT32(posixPermissions); sendMessage(Packet.SSH_FXP_MKDIR, req_id, tw.getBytes()); expectStatusOKMessage(req_id); } /** * Remove a file. * * @param fileName See the {@link SFTPv3Client comment} for the class for more details. * @throws IOException */ public void rm(String fileName) throws IOException { int req_id = generateNextRequestID(); TypesWriter tw = new TypesWriter(); tw.writeString(fileName, charsetName); sendMessage(Packet.SSH_FXP_REMOVE, req_id, tw.getBytes()); expectStatusOKMessage(req_id); } /** * Remove an empty directory. * * @param dirName See the {@link SFTPv3Client comment} for the class for more details. * @throws IOException */ public void rmdir(String dirName) throws IOException { int req_id = generateNextRequestID(); TypesWriter tw = new TypesWriter(); tw.writeString(dirName, charsetName); sendMessage(Packet.SSH_FXP_RMDIR, req_id, tw.getBytes()); expectStatusOKMessage(req_id); } /** * Move a file or directory. * * @param oldPath See the {@link SFTPv3Client comment} for the class for more details. * @param newPath See the {@link SFTPv3Client comment} for the class for more details. * @throws IOException */ public void mv(String oldPath, String newPath) throws IOException { int req_id = generateNextRequestID(); TypesWriter tw = new TypesWriter(); tw.writeString(oldPath, charsetName); tw.writeString(newPath, charsetName); sendMessage(Packet.SSH_FXP_RENAME, req_id, tw.getBytes()); expectStatusOKMessage(req_id); } /** * Open the file for reading. */ public static final int SSH_FXF_READ = 0x00000001; /** * Open the file for writing. If both this and SSH_FXF_READ are * specified, the file is opened for both reading and writing. */ public static final int SSH_FXF_WRITE = 0x00000002; /** * Force all writes to append data at the end of the file. */ public static final int SSH_FXF_APPEND = 0x00000004; /** * If this flag is specified, then a new file will be created if one * does not alread exist (if O_TRUNC is specified, the new file will * be truncated to zero length if it previously exists). */ public static final int SSH_FXF_CREAT = 0x00000008; /** * Forces an existing file with the same name to be truncated to zero * length when creating a file by specifying SSH_FXF_CREAT. * SSH_FXF_CREAT MUST also be specified if this flag is used. */ public static final int SSH_FXF_TRUNC = 0x00000010; /** * Causes the request to fail if the named file already exists. */ public static final int SSH_FXF_EXCL = 0x00000020; /** * Open a file for reading. * * @param fileName See the {@link SFTPv3Client comment} for the class for more details. * @return a SFTPv3FileHandle handle * @throws IOException */ public SFTPv3FileHandle openFileRO(String fileName) throws IOException { return openFile(fileName, SSH_FXF_READ, null); } /** * Open a file for reading and writing. * * @param fileName See the {@link SFTPv3Client comment} for the class for more details. * @return a SFTPv3FileHandle handle * @throws IOException */ public SFTPv3FileHandle openFileRW(String fileName) throws IOException { return openFile(fileName, SSH_FXF_READ | SSH_FXF_WRITE, null); } /** * Open a file in append mode. The SFTP v3 draft says nothing but assuming normal POSIX * behavior, all writes will be appendend to the end of the file, no matter which offset * one specifies. *

* A side note for the curious: OpenSSH does an lseek() to the specified writing offset before each write(), * even for writes to files opened in O_APPEND mode. However, bear in mind that when working * in the O_APPEND mode, each write() includes an implicit lseek() to the end of the file * (well, this is what the newsgroups say). * * @param fileName See the {@link SFTPv3Client comment} for the class for more details. * @return a SFTPv3FileHandle handle * @throws IOException */ public SFTPv3FileHandle openFileRWAppend(String fileName) throws IOException { return openFile(fileName, SSH_FXF_READ | SSH_FXF_WRITE | SSH_FXF_APPEND, null); } /** * Open a file in append mode. The SFTP v3 draft says nothing but assuming normal POSIX * behavior, all writes will be appendend to the end of the file, no matter which offset * one specifies. *

* A side note for the curious: OpenSSH does an lseek() to the specified writing offset before each write(), * even for writes to files opened in O_APPEND mode. However, bear in mind that when working * in the O_APPEND mode, each write() includes an implicit lseek() to the end of the file * (well, this is what the newsgroups say). * * @param fileName See the {@link SFTPv3Client comment} for the class for more details. * @return a SFTPv3FileHandle handle * @throws IOException */ public SFTPv3FileHandle openFileWAppend(String fileName) throws IOException { return openFile(fileName, SSH_FXF_WRITE | SSH_FXF_APPEND, null); } /** * Create a file and open it for reading and writing. * Same as {@link #createFile(String, SFTPv3FileAttributes) createFile(fileName, null)}. * * @param fileName See the {@link SFTPv3Client comment} for the class for more details. * @return a SFTPv3FileHandle handle * @throws IOException */ public SFTPv3FileHandle createFile(String fileName) throws IOException { return createFile(fileName, null); } /** * Create a file and open it for reading and writing. * You can specify the default attributes of the file (the server may or may * not respect your wishes). * * @param fileName See the {@link SFTPv3Client comment} for the class for more details. * @param attr may be null to use server defaults. Probably only * the uid, gid and permissions * (remember the server may apply a umask) entries of the {@link SFTPv3FileHandle} * structure make sense. You need only to set those fields where you want * to override the server's defaults. * @return a SFTPv3FileHandle handle * @throws IOException */ public SFTPv3FileHandle createFile(String fileName, SFTPv3FileAttributes attr) throws IOException { return openFile(fileName, SSH_FXF_CREAT | SSH_FXF_READ | SSH_FXF_WRITE, attr); } /** * Create a file (truncate it if it already exists) and open it for writing. * Same as {@link #createFileTruncate(String, SFTPv3FileAttributes) createFileTruncate(fileName, null)}. * * @param fileName See the {@link SFTPv3Client comment} for the class for more details. * @return a SFTPv3FileHandle handle * @throws IOException */ public SFTPv3FileHandle createFileTruncate(String fileName) throws IOException { return createFileTruncate(fileName, null); } /** * reate a file (truncate it if it already exists) and open it for writing. * You can specify the default attributes of the file (the server may or may * not respect your wishes). * * @param fileName See the {@link SFTPv3Client comment} for the class for more details. * @param attr may be null to use server defaults. Probably only * the uid, gid and permissions * (remember the server may apply a umask) entries of the {@link SFTPv3FileHandle} * structure make sense. You need only to set those fields where you want * to override the server's defaults. * @return a SFTPv3FileHandle handle * @throws IOException */ public SFTPv3FileHandle createFileTruncate(String fileName, SFTPv3FileAttributes attr) throws IOException { return openFile(fileName, SSH_FXF_CREAT | SSH_FXF_TRUNC | SSH_FXF_WRITE, attr); } private byte[] createAttrs(SFTPv3FileAttributes attr) { TypesWriter tw = new TypesWriter(); int attrFlags = 0; if (attr == null) { tw.writeUINT32(0); } else { if (attr.size != null) { attrFlags = attrFlags | AttribFlags.SSH_FILEXFER_ATTR_SIZE; } if ((attr.uid != null) && (attr.gid != null)) { attrFlags = attrFlags | AttribFlags.SSH_FILEXFER_ATTR_V3_UIDGID; } if (attr.permissions != null) { attrFlags = attrFlags | AttribFlags.SSH_FILEXFER_ATTR_PERMISSIONS; } if ((attr.atime != null) && (attr.mtime != null)) { attrFlags = attrFlags | AttribFlags.SSH_FILEXFER_ATTR_V3_ACMODTIME; } tw.writeUINT32(attrFlags); if (attr.size != null) { tw.writeUINT64(attr.size); } if ((attr.uid != null) && (attr.gid != null)) { tw.writeUINT32(attr.uid); tw.writeUINT32(attr.gid); } if (attr.permissions != null) { tw.writeUINT32(attr.permissions); } if ((attr.atime != null) && (attr.mtime != null)) { tw.writeUINT32(attr.atime); tw.writeUINT32(attr.mtime); } } return tw.getBytes(); } public SFTPv3FileHandle openFile(String fileName, int flags, SFTPv3FileAttributes attr) throws IOException { int req_id = generateNextRequestID(); TypesWriter tw = new TypesWriter(); tw.writeString(fileName, charsetName); tw.writeUINT32(flags); tw.writeBytes(createAttrs(attr)); log.debug("Sending SSH_FXP_OPEN..."); sendMessage(Packet.SSH_FXP_OPEN, req_id, tw.getBytes()); byte[] resp = receiveMessage(34000); TypesReader tr = new TypesReader(resp); int t = tr.readByte(); listener.read(Packet.forName(t)); int rep_id = tr.readUINT32(); if (rep_id != req_id) { throw new RequestMismatchException(); } if (t == Packet.SSH_FXP_HANDLE) { log.debug("Got SSH_FXP_HANDLE."); return new SFTPv3FileHandle(this, tr.readByteString()); } if (t != Packet.SSH_FXP_STATUS) { throw new PacketTypeException(t); } int errorCode = tr.readUINT32(); String errorMessage = tr.readString(); listener.read(errorMessage); throw new SFTPException(errorMessage, errorCode); } /** * A read is divided into multiple requests sent sequentially before * reading any status from the server */ private static class OutstandingReadRequest { int req_id; /** * Read offset to request on server starting at the file offset for the first request. */ long serverOffset; /** * Length of requested data */ int len; /** * Offset in destination buffer */ int dstOffset; /** * Temporary buffer */ byte[] buffer; } private void sendReadRequest(int id, SFTPv3FileHandle handle, long offset, int len) throws IOException { TypesWriter tw = new TypesWriter(); tw.writeString(handle.fileHandle, 0, handle.fileHandle.length); tw.writeUINT64(offset); tw.writeUINT32(len); log.debug("Sending SSH_FXP_READ (" + id + ") " + offset + "/" + len); sendMessage(Packet.SSH_FXP_READ, id, tw.getBytes()); } /** * Parallel read requests maximum size. */ private static final int DEFAULT_MAX_PARALLELISM = 64; /** * Parallel read requests. */ private int parallelism = DEFAULT_MAX_PARALLELISM; /** * @param parallelism */ public void setRequestParallelism(int parallelism) { this.parallelism = Math.min(parallelism, DEFAULT_MAX_PARALLELISM); } /** * Mapping request ID to request. */ private Map pendingReadQueue = new HashMap(); /** * Read bytes from a file in a parallel fashion. As many bytes as you want will be read. *

*

    *
  • The server will read as many bytes as it can from the file (up to len), * and return them.
  • *
  • If EOF is encountered before reading any data, -1 is returned. *
  • If an error occurs, an exception is thrown
  • . *
  • For normal disk files, it is guaranteed that the server will return the specified * number of bytes, or up to end of file. For, e.g., device files this may return * fewer bytes than requested.
  • *
* * @param handle a SFTPv3FileHandle handle * @param fileOffset offset (in bytes) in the file * @param dst the destination byte array * @param dstoff offset in the destination byte array * @param len how many bytes to read, 0 < len * @return the number of bytes that could be read, may be less than requested if * the end of the file is reached, -1 is returned in case of EOF * @throws IOException */ public int read(SFTPv3FileHandle handle, long fileOffset, byte[] dst, int dstoff, int len) throws IOException { boolean errorOccured = false; checkHandleValidAndOpen(handle); int remaining = len * parallelism; //int clientOffset = dstoff; long serverOffset = fileOffset; for (OutstandingReadRequest r : pendingReadQueue.values()) { // Server offset should take pending requests into account. serverOffset += r.len; } while (true) { // Stop if there was an error and no outstanding request if ((pendingReadQueue.size() == 0) && errorOccured) { break; } // Send as many requests as we are allowed to while (pendingReadQueue.size() < parallelism) { if (errorOccured) { break; } // Send the next read request OutstandingReadRequest req = new OutstandingReadRequest(); req.req_id = generateNextRequestID(); req.serverOffset = serverOffset; req.len = (remaining > len) ? len : remaining; req.buffer = dst; req.dstOffset = dstoff; serverOffset += req.len; //clientOffset += req.len; remaining -= req.len; sendReadRequest(req.req_id, handle, req.serverOffset, req.len); pendingReadQueue.put(req.req_id, req); } if (pendingReadQueue.size() == 0) { break; } // Receive a single answer byte[] resp = receiveMessage(34000); TypesReader tr = new TypesReader(resp); int t = tr.readByte(); listener.read(Packet.forName(t)); // Search the pending queue OutstandingReadRequest req = pendingReadQueue.remove(tr.readUINT32()); if (null == req) { throw new RequestMismatchException(); } // Evaluate the answer if (t == Packet.SSH_FXP_STATUS) { /* In any case, stop sending more packets */ int code = tr.readUINT32(); String msg = tr.readString(); listener.read(msg); if (log.isDebugEnabled()) { String[] desc = ErrorCodes.getDescription(code); log.debug("Got SSH_FXP_STATUS (" + req.req_id + ") (" + ((desc != null) ? desc[0] : "UNKNOWN") + ")"); } // Flag to read all pending requests but don't send any more. errorOccured = true; if (pendingReadQueue.isEmpty()) { if (ErrorCodes.SSH_FX_EOF == code) { return -1; } throw new SFTPException(msg, code); } } else if (t == Packet.SSH_FXP_DATA) { // OK, collect data int readLen = tr.readUINT32(); if ((readLen < 0) || (readLen > req.len)) { throw new IOException("The server sent an invalid length field in a SSH_FXP_DATA packet."); } if (log.isDebugEnabled()) { log.debug("Got SSH_FXP_DATA (" + req.req_id + ") " + req.serverOffset + "/" + readLen + " (requested: " + req.len + ")"); } // Read bytes into buffer tr.readBytes(req.buffer, req.dstOffset, readLen); if (readLen < req.len) { /* Send this request packet again to request the remaing data in this slot. */ req.req_id = generateNextRequestID(); req.serverOffset += readLen; req.len -= readLen; log.debug("Requesting again: " + req.serverOffset + "/" + req.len); sendReadRequest(req.req_id, handle, req.serverOffset, req.len); pendingReadQueue.put(req.req_id, req); } return readLen; } else { throw new PacketTypeException(t); } } // Should never reach here. throw new SFTPException("No EOF reached", -1); } /** * A read is divided into multiple requests sent sequentially before * reading any status from the server */ private static class OutstandingStatusRequest { int req_id; } /** * Mapping request ID to request. */ private Map pendingStatusQueue = new HashMap(); /** * Write bytes to a file. If len > 32768, then the write operation will * be split into multiple writes. * * @param handle a SFTPv3FileHandle handle. * @param fileOffset offset (in bytes) in the file. * @param src the source byte array. * @param srcoff offset in the source byte array. * @param len how many bytes to write. * @throws IOException */ public void write(SFTPv3FileHandle handle, long fileOffset, byte[] src, int srcoff, int len) throws IOException { checkHandleValidAndOpen(handle); while (len > 0) { int writeRequestLen = len; if (writeRequestLen > 32768) { writeRequestLen = 32768; } // Send the next write request OutstandingStatusRequest req = new OutstandingStatusRequest(); req.req_id = generateNextRequestID(); TypesWriter tw = new TypesWriter(); tw.writeString(handle.fileHandle, 0, handle.fileHandle.length); tw.writeUINT64(fileOffset); tw.writeString(src, srcoff, writeRequestLen); log.debug("Sending SSH_FXP_WRITE..."); sendMessage(Packet.SSH_FXP_WRITE, req.req_id, tw.getBytes()); pendingStatusQueue.put(req.req_id, req); // Only read next status if parallelism reached while (pendingStatusQueue.size() >= parallelism) { this.readStatus(); } fileOffset += writeRequestLen; srcoff += writeRequestLen; len -= writeRequestLen; } } private void readStatus() throws IOException { byte[] resp = receiveMessage(34000); TypesReader tr = new TypesReader(resp); int t = tr.readByte(); listener.read(Packet.forName(t)); // Search the pending queue OutstandingStatusRequest status = pendingStatusQueue.remove(tr.readUINT32()); if (null == status) { throw new RequestMismatchException(); } // Evaluate the answer if (t == Packet.SSH_FXP_STATUS) { // In any case, stop sending more packets int code = tr.readUINT32(); if (log.isDebugEnabled()) { String[] desc = ErrorCodes.getDescription(code); log.debug("Got SSH_FXP_STATUS (" + status.req_id + ") (" + ((desc != null) ? desc[0] : "UNKNOWN") + ")"); } if (code == ErrorCodes.SSH_FX_OK) { return; } String msg = tr.readString(); listener.read(msg); throw new SFTPException(msg, code); } throw new PacketTypeException(t); } private void readPendingReadStatus() throws IOException { byte[] resp = receiveMessage(34000); TypesReader tr = new TypesReader(resp); int t = tr.readByte(); listener.read(Packet.forName(t)); // Search the pending queue OutstandingReadRequest status = pendingReadQueue.remove(tr.readUINT32()); if (null == status) { throw new RequestMismatchException(); } // Evaluate the answer if (t == Packet.SSH_FXP_STATUS) { // In any case, stop sending more packets int code = tr.readUINT32(); if (log.isDebugEnabled()) { String[] desc = ErrorCodes.getDescription(code); log.debug("Got SSH_FXP_STATUS (" + status.req_id + ") (" + ((desc != null) ? desc[0] : "UNKNOWN") + ")"); } if (code == ErrorCodes.SSH_FX_OK) { return; } if (code == ErrorCodes.SSH_FX_EOF) { return; } String msg = tr.readString(); listener.read(msg); throw new SFTPException(msg, code); } throw new PacketTypeException(t); } /** * Close a file. * * @param handle a SFTPv3FileHandle handle * @throws IOException */ public void closeFile(SFTPv3FileHandle handle) throws IOException { try { while (!pendingReadQueue.isEmpty()) { this.readPendingReadStatus(); } while (!pendingStatusQueue.isEmpty()) { this.readStatus(); } if (!handle.isClosed) { closeHandle(handle.fileHandle); } } finally { handle.isClosed = true; } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/SFTPv3DirectoryEntry.java000066400000000000000000000023311370551253600303360ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; /** * A SFTPv3DirectoryEntry as returned by {@link SFTPv3Client#ls(String)}. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class SFTPv3DirectoryEntry { /** * A relative name within the directory, without any path components. */ public String filename; /** * An expanded format for the file name, similar to what is returned by * "ls -l" on Un*x systems. *

* The format of this field is unspecified by the SFTP v3 protocol. * It MUST be suitable for use in the output of a directory listing * command (in fact, the recommended operation for a directory listing * command is to simply display this data). However, clients SHOULD NOT * attempt to parse the longname field for file attributes; they SHOULD * use the attrs field instead. *

* The recommended format for the longname field is as follows:
* -rwxr-xr-x 1 mjos staff 348911 Mar 25 14:29 t-filexfer */ public String longEntry; /** * The attributes of this entry. */ public SFTPv3FileAttributes attributes; } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/SFTPv3FileAttributes.java000066400000000000000000000074221370551253600303040ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; /** * A SFTPv3FileAttributes object represents detail information * about a file on the server. Not all fields may/must be present. * * @author Christian Plattner, plattner@inf.ethz.ch * @version $Id$ */ public class SFTPv3FileAttributes { /** * The SIZE attribute. NULL if not present. */ public Long size = null; /** * The UID attribute. NULL if not present. */ public Integer uid = null; /** * The GID attribute. NULL if not present. */ public Integer gid = null; /** * The POSIX permissions. NULL if not present. *

* Here is a list: *

*

Note: these numbers are all OCTAL.
	 *
	 *  S_IFMT     0170000   bitmask for the file type bitfields
	 *  S_IFSOCK   0140000   socket
	 *  S_IFLNK    0120000   symbolic link
	 *  S_IFREG    0100000   regular file
	 *  S_IFBLK    0060000   block device
	 *  S_IFDIR    0040000   directory
	 *  S_IFCHR    0020000   character device
	 *  S_IFIFO    0010000   fifo
	 *  S_ISUID    0004000   set UID bit
	 *  S_ISGID    0002000   set GID bit
	 *  S_ISVTX    0001000   sticky bit
	 *
	 *  S_IRWXU    00700     mask for file owner permissions
	 *  S_IRUSR    00400     owner has read permission
	 *  S_IWUSR    00200     owner has write permission
	 *  S_IXUSR    00100     owner has execute permission
	 *  S_IRWXG    00070     mask for group permissions
	 *  S_IRGRP    00040     group has read permission
	 *  S_IWGRP    00020     group has write permission
	 *  S_IXGRP    00010     group has execute permission
	 *  S_IRWXO    00007     mask for permissions for others (not in group)
	 *  S_IROTH    00004     others have read permission
	 *  S_IWOTH    00002     others have write permisson
	 *  S_IXOTH    00001     others have execute permission
	 * 
*/ public Integer permissions = null; /** * The ATIME attribute. Represented as seconds from Jan 1, 1970 in UTC. * NULL if not present. */ public Integer atime = null; /** * The MTIME attribute. Represented as seconds from Jan 1, 1970 in UTC. * NULL if not present. */ public Integer mtime = null; /** * Checks if this entry is a directory. * * @return Returns true if permissions are available and they indicate * that this entry represents a directory. */ public boolean isDirectory() { if (permissions == null) return false; return ((permissions.intValue() & 0040000) == 0040000); } /** * Checks if this entry is a regular file. * * @return Returns true if permissions are available and they indicate * that this entry represents a regular file. */ public boolean isRegularFile() { if (permissions == null) return false; return ((permissions.intValue() & 0100000) == 0100000); } /** * Checks if this entry is a a symlink. * * @return Returns true if permissions are available and they indicate * that this entry represents a symlink. */ public boolean isSymlink() { if (permissions == null) return false; return ((permissions.intValue() & 0120000) == 0120000); } /** * Turn the POSIX permissions into a 7 digit octal representation. * Note: the returned value is first masked with 0177777. * * @return NULL if permissions are not available. */ public String getOctalPermissions() { if (permissions == null) return null; String res = Integer.toString(permissions.intValue() & 0177777, 8); StringBuilder sb = new StringBuilder(); int leadingZeros = 7 - res.length(); while (leadingZeros > 0) { sb.append('0'); leadingZeros--; } sb.append(res); return sb.toString(); } }SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/SFTPv3FileHandle.java000066400000000000000000000016751370551253600273550ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; /** * A SFTPv3FileHandle. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class SFTPv3FileHandle { protected final SFTPv3Client client; protected final byte[] fileHandle; protected boolean isClosed; protected SFTPv3FileHandle(SFTPv3Client client, byte[] h) { this.client = client; this.fileHandle = h; } /** * Get the SFTPv3Client instance which created this handle. * * @return A SFTPv3Client instance. */ public SFTPv3Client getClient() { return client; } /** * Check if this handle was closed with the {@link SFTPv3Client#closeFile(SFTPv3FileHandle)} method * of the SFTPv3Client instance which created the handle. * * @return if the handle is closed. */ public boolean isClosed() { return isClosed; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/ServerAuthenticationCallback.java000066400000000000000000000060101370551253600321630ustar00rootroot00000000000000/* * Copyright (c) 2012-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; /** * A callback used during the authentication phase (see RFC 4252) when * implementing a SSH server. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public interface ServerAuthenticationCallback { /** * The method name for host-based authentication. */ public final String METHOD_HOSTBASED = "hostbased"; /** * The method name for public-key authentication. */ public final String METHOD_PUBLICKEY = "publickey"; /** * The method name for password authentication. */ public final String METHOD_PASSWORD = "password"; /** * Called when the client enters authentication. * This gives you the chance to set a custom authentication banner * for this SSH-2 session. This is the first method called in this interface. * It will only called at most once per ServerConnection. * * @param sc The corresponding ServerConnection * @return The authentication banner or NULL in case no banner should be send. */ public String initAuthentication(ServerConnection sc); /** * Return the authentication methods that are currently available to the client. * Be prepared to return this information at any time during the authentication procedure. *

* The returned name-list of 'method names' (see RFC4252) indicate the authentication methods * that may productively continue the authentication dialog. *

* It is RECOMMENDED that servers only include those 'method name' * values in the name-list that are actually useful. However, it is not * illegal to include 'method name' values that cannot be used to * authenticate the user. *

* Already successfully completed authentications SHOULD NOT be included * in the name-list, unless they should be performed again for some reason. * * @see #METHOD_HOSTBASED * @see #METHOD_PASSWORD * @see #METHOD_PUBLICKEY * * @param sc * @return A list of method names. */ public String[] getRemainingAuthMethods(ServerConnection sc); /** * Typically, this will be called be the client to get the list of * authentication methods that can continue. You should simply return * {@link AuthenticationResult#FAILURE}. * * @param sc * @param username Name of the user that wants to log in with the "none" method. * @return */ public AuthenticationResult authenticateWithNone(ServerConnection sc, String username); public AuthenticationResult authenticateWithPassword(ServerConnection sc, String username, String password); /** * NOTE: Not implemented yet. * * @param sc * @param username * @param algorithm * @param publickey * @param signature * @return */ public AuthenticationResult authenticateWithPublicKey(ServerConnection sc, String username, String algorithm, byte[] publickey, byte[] signature); } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/ServerConnection.java000066400000000000000000000267671370551253600277130ustar00rootroot00000000000000/* * Copyright (c) 2012-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; import java.io.CharArrayWriter; import java.io.File; import java.io.FileReader; import java.io.IOException; import java.net.Socket; import ch.ethz.ssh2.crypto.CryptoWishList; import ch.ethz.ssh2.crypto.PEMDecoder; import ch.ethz.ssh2.server.ServerConnectionState; import ch.ethz.ssh2.signature.DSAPrivateKey; import ch.ethz.ssh2.signature.RSAPrivateKey; import ch.ethz.ssh2.transport.ServerTransportManager; /** * A server-side SSH-2 connection. * * @author Christian * */ public class ServerConnection { /** * The softwareversion presented to the SSH-2 client. */ private String softwareversion = String.format("Ganymed_SSHD_%s", Version.getSpecification()); private final ServerConnectionState state = new ServerConnectionState(this); /** * Creates a new ServerConnection that will communicate * with the client over the given Socket. *

* Note: you need to call {@link #connect()} or {@link #connect(int)} to * perform the initial handshake and establish the encrypted communication. * * @see #connect(int) * * @param s The socket */ public ServerConnection(Socket s) { this(s, null, null); } public ServerConnection(Socket s, String softwareversion) { this(s, null, null); this.softwareversion = softwareversion; } /** * Creates a new ServerConnection that will communicate * with the client over the given Socket. *

* Note: you need to call {@link #connect()} or {@link #connect(int)} to * perform the initial handshake and establish the encrypted communication. *

* Please read the javadoc for the {@link #connect(int)} method. * * @see #connect(int) * * @param s The socket * @param dsa_key The DSA hostkey, may be NULL * @param rsa_key The RSA hostkey, may be NULL */ public ServerConnection(Socket s, DSAPrivateKey dsa_key, RSAPrivateKey rsa_key) { state.s = s; state.softwareversion = softwareversion; state.next_dsa_key = dsa_key; state.next_rsa_key = rsa_key; fixCryptoWishList(state.next_cryptoWishList, state.next_dsa_key, state.next_rsa_key); } /** * Establish the connection and block until the first handshake has completed. *

* Note: this is a wrapper that calls connect(0) (i.e., connect with no timeout). *

* Please read the javadoc for the {@link #connect(int)} method. * * @see #connect(int) * * @throws IOException */ public synchronized void connect() throws IOException { connect(0); } /** * Establish the connection and block until the first handshake has completed. *

* Note 1: either a DSA or a RSA (or both) hostkey must be set before calling this method. *

* Note 2: You must set the callbacks for authentication ({@link #setAuthenticationCallback(ServerAuthenticationCallback)}) * and connection events ({@link #setServerConnectionCallback(ServerConnectionCallback)}). * * @see #setPEMHostKey(char[], String) * @see #setPEMHostKey(File, String) * @see #setRsaHostKey(RSAPrivateKey) * @see #setDsaHostKey(DSAPrivateKey) * * @param timeout_milliseconds Timeout in milliseconds, 0 means no timeout. * @throws IOException */ public synchronized void connect(int timeout_milliseconds) throws IOException { synchronized (state) { if (state.cb_conn == null) throw new IllegalStateException("The callback for connection events has not been set."); if (state.cb_auth == null) throw new IllegalStateException("The callback for authentication events has not been set."); if (state.tm != null) throw new IllegalStateException("The initial handshake has already been started."); if ((state.next_dsa_key == null) && (state.next_rsa_key == null)) throw new IllegalStateException("Neither a RSA nor a DSA host key has been specified!"); state.tm = new ServerTransportManager(state.s); } state.tm.connect(state); /* Wait until first KEX has finished */ state.tm.getConnectionInfo(1); } /** * Retrieve the underlying socket. * * @return the socket that has been passed to the constructor. */ public Socket getSocket() { return state.s; } /** * Force an asynchronous key re-exchange (the call does not block). The * latest values set for MAC, Cipher and DH group exchange parameters will * be used. If a key exchange is currently in progress, then this method has * the only effect that the so far specified parameters will be used for the * next (client driven) key exchange. You may call this method only after * the initial key exchange has been established. *

* Note: This implementation will never start automatically a key exchange (other than the initial one) * unless you or the connected SSH-2 client ask for it. * * @throws IOException * In case of any failure behind the scenes. */ public synchronized void forceKeyExchange() throws IOException { synchronized (state) { if (state.tm == null) throw new IllegalStateException( "Cannot force another key exchange, you need to start the key exchange first."); state.tm.forceKeyExchange(state.next_cryptoWishList, null, state.next_dsa_key, state.next_rsa_key); } } /** * Returns a {@link ConnectionInfo} object containing the details of * the connection. May be called as soon as the first key exchange has been * started. The method blocks in case the first key exchange has not been completed. *

* Note: upon return of this method, authentication may still be pending. * * @return A {@link ConnectionInfo} object. * @throws IOException * In case of any failure behind the scenes; e.g., first key exchange was aborted. */ public synchronized ConnectionInfo getConnectionInfo() throws IOException { synchronized (state) { if (state.tm == null) throw new IllegalStateException( "Cannot get details of connection, you need to start the key exchange first."); } return state.tm.getConnectionInfo(1); } /** * Change the current DSA hostkey. Either a DSA or RSA private key must be set for a successful handshake with * the client. *

* Note: You can change an existing DSA hostkey after the initial kex exchange (the new value will * be used during the next server initiated key exchange), but you cannot remove (i.e., set to null) the * current DSA key, otherwise the next key exchange may fail in case the client supports only DSA hostkeys. * * @param dsa_hostkey */ public synchronized void setDsaHostKey(DSAPrivateKey dsa_hostkey) { synchronized (state) { if ((dsa_hostkey == null) && (state.next_dsa_key != null) && (state.tm != null)) throw new IllegalStateException("Cannot remove DSA hostkey after first key exchange."); state.next_dsa_key = dsa_hostkey; fixCryptoWishList(state.next_cryptoWishList, state.next_dsa_key, state.next_rsa_key); } } /** * Change the current RSA hostkey. Either a DSA or RSA private key must be set for a successful handshake with * the client. *

* Note: You can change an existing RSA hostkey after the initial kex exchange (the new value will * be used during the next server initiated key exchange), but you cannot remove (i.e., set to null) the * current RSA key, otherwise the next key exchange may fail in case the client supports only RSA hostkeys. * * @param rsa_hostkey */ public synchronized void setRsaHostKey(RSAPrivateKey rsa_hostkey) { synchronized (state) { if ((rsa_hostkey == null) && (state.next_rsa_key != null) && (state.tm != null)) throw new IllegalStateException("Cannot remove RSA hostkey after first key exchange."); state.next_rsa_key = rsa_hostkey; fixCryptoWishList(state.next_cryptoWishList, state.next_dsa_key, state.next_rsa_key); } } /** * Utility method that loads a PEM based hostkey (either RSA or DSA based) and * calls either setRsaHostKey() or setDsaHostKey(). * * @param pemdata The PEM data * @param password Password, may be null in case the PEM data is not password protected * @throws IOException In case of any error. */ public void setPEMHostKey(char[] pemdata, String password) throws IOException { Object key = PEMDecoder.decode(pemdata, password); if (key instanceof DSAPrivateKey) setDsaHostKey((DSAPrivateKey) key); if (key instanceof RSAPrivateKey) setRsaHostKey((RSAPrivateKey) key); } /** * Utility method that loads a hostkey from a PEM file (either RSA or DSA based) and * calls either setRsaHostKey() or setDsaHostKey(). * * @param pemFile The PEM file * @param password Password, may be null in case the PEM file is not password protected * @throws IOException */ public void setPEMHostKey(File pemFile, String password) throws IOException { if (pemFile == null) throw new IllegalArgumentException("pemfile argument is null"); char[] buff = new char[256]; CharArrayWriter cw = new CharArrayWriter(); FileReader fr = new FileReader(pemFile); while (true) { int len = fr.read(buff); if (len < 0) break; cw.write(buff, 0, len); } fr.close(); setPEMHostKey(cw.toCharArray(), password); } private void fixCryptoWishList(CryptoWishList next_cryptoWishList, DSAPrivateKey next_dsa_key, RSAPrivateKey next_rsa_key) { if ((next_dsa_key != null) && (next_rsa_key != null)) next_cryptoWishList.serverHostKeyAlgorithms = new String[] { "ssh-rsa", "ssh-dss" }; else if (next_dsa_key != null) next_cryptoWishList.serverHostKeyAlgorithms = new String[] { "ssh-dss" }; else if (next_rsa_key != null) next_cryptoWishList.serverHostKeyAlgorithms = new String[] { "ssh-rsa" }; else next_cryptoWishList.serverHostKeyAlgorithms = new String[0]; } /** * Callback interface with methods that will be called upon events * generated by the client (e.g., client opens a new Session which results in a ServerSession). *

* Note: This must be set before the first handshake. * * @param cb The callback implementation */ public synchronized void setServerConnectionCallback(ServerConnectionCallback cb) { synchronized (state) { state.cb_conn = cb; } } /** * Callback interface with methods that will be called upon authentication events. *

* Note: This must be set before the first handshake. * * @param cb The callback implementation */ public synchronized void setAuthenticationCallback(ServerAuthenticationCallback cb) { synchronized (state) { state.cb_auth = cb; } } /** * Close the connection to the SSH-2 server. All assigned sessions will be * closed, too. Can be called at any time. Don't forget to call this once * you don't need a connection anymore - otherwise the receiver thread may * run forever. */ public void close() { Throwable t = new Throwable("Closed due to user request."); close(t, false); } public void close(Throwable t, boolean hard) { synchronized (state) { if (state.cm != null) state.cm.closeAllChannels(); if (state.tm != null) { state.tm.close(t, hard == false); } } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/ServerConnectionCallback.java000066400000000000000000000004301370551253600313030ustar00rootroot00000000000000/* * Copyright (c) 2012-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; public interface ServerConnectionCallback { public ServerSessionCallback acceptSession(ServerSession session); } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/ServerHostKeyVerifier.java000066400000000000000000000023611370551253600306560ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; /** * A callback interface used to implement a client specific method of checking * server host keys. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public interface ServerHostKeyVerifier { /** * The actual verifier method, it will be called by the key exchange code * on EVERY key exchange - this can happen several times during the lifetime * of a connection. *

* Note: SSH-2 servers are allowed to change their hostkey at ANY time. * * @param hostname the hostname used to create the {@link Connection} object * @param port the remote TCP port * @param serverHostKeyAlgorithm the public key algorithm (ssh-rsa or ssh-dss) * @param serverHostKey the server's public key blob * @return if the client wants to accept the server's host key - if not, the * connection will be closed. * @throws Exception Will be wrapped with an IOException, extended version of returning false =) */ public boolean verifyServerHostKey(String hostname, int port, String serverHostKeyAlgorithm, byte[] serverHostKey) throws Exception; } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/ServerSession.java000066400000000000000000000010121370551253600272070ustar00rootroot00000000000000/* * Copyright (c) 2012-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; import java.io.InputStream; import java.io.OutputStream; /** * A ServerSession represents the server-side of a session channel. * * @see Session * * @author Christian * */ public interface ServerSession { public InputStream getStdout(); public InputStream getStderr(); public OutputStream getStdin(); public void close(); }SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/ServerSessionCallback.java000066400000000000000000000053731370551253600306420ustar00rootroot00000000000000/* * Copyright (c) 2012-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; import java.io.IOException; /** * The interface for an object that receives events based on requests that * a client sends on a session channel. Once the session channel has been set up, * a program is started at the server end. The program can be a shell, an application * program, or a subsystem with a host-independent name. Only one of these requests * can succeed per channel. *

* CAUTION: These event methods are being called from the receiver thread. The receiving of * messages will be blocked until your event handler returns. To signal to the client that you * are willing to accept its request, return a {@link Runnable} object which will be executed * in a new thread after the acknowledgment has been sent back to the client. *

* If a method does not allow you to return a {@link Runnable}, then the * SSH protocol does not allow to send a status back to the client (more exactly, the client cannot * request an acknowledgment). In these cases, if you need to invoke * methods on the {@link ServerSession} or plan to execute long-running activity, then please do this from within a new {@link Thread}. *

* If you want to signal a fatal error, then please throw an IOException. Currently, this will * tear down the whole SSH connection. * * @see ServerSession * * @author Christian * */ public interface ServerSessionCallback { public Runnable requestPtyReq(ServerSession ss, PtySettings pty) throws IOException; public Runnable requestEnv(ServerSession ss, String name, String value) throws IOException; public Runnable requestShell(ServerSession ss) throws IOException; public Runnable requestExec(ServerSession ss, String command) throws IOException; public Runnable requestSubsystem(ServerSession ss, String subsystem) throws IOException; /** * When the window (terminal) size changes on the client side, it MAY send a message to the other side to inform it of the new dimensions. * * @param ss the corresponding session * @param term_width_columns * @param term_height_rows * @param term_width_pixels */ public void requestWindowChange(ServerSession ss, int term_width_columns, int term_height_rows, int term_width_pixels, int term_height_pixels) throws IOException; /** * A signal can be delivered to the remote process/service. Some systems may not implement signals, in which case they SHOULD ignore this message. * * @param ss the corresponding session * @param signal (a string without the "SIG" prefix) * @return * @throws IOException */ } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/Session.java000066400000000000000000000367311370551253600260400ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.security.SecureRandom; import ch.ethz.ssh2.channel.Channel; import ch.ethz.ssh2.channel.ChannelManager; import ch.ethz.ssh2.channel.X11ServerData; /** * A Session is a remote execution of a program. "Program" means * in this context either a shell, an application or a system command. The * program may or may not have a tty. Only one single program can be started on * a session. However, multiple sessions can be active simultaneously. * * @author Christian Plattner * @version $Id$ */ public class Session { private ChannelManager cm; private Channel cn; private boolean flag_pty_requested = false; private boolean flag_x11_requested = false; private boolean flag_execution_started = false; private boolean flag_closed = false; private String x11FakeCookie = null; private final SecureRandom rnd; protected Session(ChannelManager cm, SecureRandom rnd) throws IOException { this.cm = cm; this.cn = cm.openSessionChannel(); this.rnd = rnd; } /** * Basically just a wrapper for lazy people - identical to calling * requestPTY("dumb", 0, 0, 0, 0, null). * * @throws IOException */ public void requestDumbPTY() throws IOException { requestPTY("dumb", 0, 0, 0, 0, null); } /** * Basically just another wrapper for lazy people - identical to calling * requestPTY(term, 0, 0, 0, 0, null). * * @throws IOException */ public void requestPTY(String term) throws IOException { requestPTY(term, 0, 0, 0, 0, null); } /** * Allocate a pseudo-terminal for this session. *

* This method may only be called before a program or shell is started in * this session. *

* Different aspects can be specified: *

*

    *
  • The TERM environment variable value (e.g., vt100)
  • *
  • The terminal's dimensions.
  • *
  • The encoded terminal modes.
  • *
* Zero dimension parameters are ignored. The character/row dimensions * override the pixel dimensions (when nonzero). Pixel dimensions refer to * the drawable area of the window. The dimension parameters are only * informational. The encoding of terminal modes (parameter * terminal_modes) is described in RFC4254. * * @param term The TERM environment variable value (e.g., vt100) * @param term_width_characters terminal width, characters (e.g., 80) * @param term_height_characters terminal height, rows (e.g., 24) * @param term_width_pixels terminal width, pixels (e.g., 640) * @param term_height_pixels terminal height, pixels (e.g., 480) * @param terminal_modes encoded terminal modes (may be null) * @throws IOException */ public void requestPTY(String term, int term_width_characters, int term_height_characters, int term_width_pixels, int term_height_pixels, byte[] terminal_modes) throws IOException { if (term == null) throw new IllegalArgumentException("TERM cannot be null."); if ((terminal_modes != null) && (terminal_modes.length > 0)) { if (terminal_modes[terminal_modes.length - 1] != 0) throw new IOException("Illegal terminal modes description, does not end in zero byte"); } else terminal_modes = new byte[]{0}; synchronized (this) { /* The following is just a nicer error, we would catch it anyway later in the channel code */ if (flag_closed) throw new IOException("This session is closed."); if (flag_pty_requested) throw new IOException("A PTY was already requested."); if (flag_execution_started) throw new IOException( "Cannot request PTY at this stage anymore, a remote execution has already started."); flag_pty_requested = true; } cm.requestPTY(cn, term, term_width_characters, term_height_characters, term_width_pixels, term_height_pixels, terminal_modes); } /** * Tells the server that the size of the terminal has changed. * * See {@link #requestPTY(String, int, int, int, int, byte[])} for more details about how parameters are interpreted. * * @param term_width_characters * terminal width, characters (e.g., 80) * @param term_height_characters * terminal height, rows (e.g., 24) * @param term_width_pixels * terminal width, pixels (e.g., 640) * @param term_height_pixels * terminal height, pixels (e.g., 480) * @throws IOException */ public void requestWindowChange(int term_width_characters, int term_height_characters, int term_width_pixels, int term_height_pixels) throws IOException { synchronized (this) { /* The following is just a nicer error, we would catch it anyway later in the channel code */ if (flag_closed) throw new IOException("This session is closed."); if (!flag_pty_requested) throw new IOException("A PTY was not requested."); } cm.requestWindowChange(cn, term_width_characters, term_height_characters, term_width_pixels, term_height_pixels); } /** * Request X11 forwarding for the current session. *

* You have to supply the name and port of your X-server. *

* This method may only be called before a program or shell is started in * this session. * * @param hostname the hostname of the real (target) X11 server (e.g., 127.0.0.1) * @param port the port of the real (target) X11 server (e.g., 6010) * @param cookie if non-null, then present this cookie to the real X11 server * @param singleConnection if true, then the server is instructed to only forward one single * connection, no more connections shall be forwarded after first, or after the session * channel has been closed * @throws IOException */ public void requestX11Forwarding(String hostname, int port, byte[] cookie, boolean singleConnection) throws IOException { if (hostname == null) throw new IllegalArgumentException("hostname argument may not be null"); synchronized (this) { /* The following is just a nicer error, we would catch it anyway later in the channel code */ if (flag_closed) throw new IOException("This session is closed."); if (flag_x11_requested) throw new IOException("X11 forwarding was already requested."); if (flag_execution_started) throw new IOException( "Cannot request X11 forwarding at this stage anymore, a remote execution has already started."); flag_x11_requested = true; } /* X11ServerData - used to store data about the target X11 server */ X11ServerData x11data = new X11ServerData(); x11data.hostname = hostname; x11data.port = port; x11data.x11_magic_cookie = cookie; /* if non-null, then present this cookie to the real X11 server */ /* Generate fake cookie - this one is used between remote clients and the ganymed proxy */ byte[] fakeCookie = new byte[16]; String hexEncodedFakeCookie; /* Make sure that this fake cookie is unique for this connection */ while (true) { rnd.nextBytes(fakeCookie); /* Generate also hex representation of fake cookie */ StringBuilder tmp = new StringBuilder(32); for (int i = 0; i < fakeCookie.length; i++) { String digit2 = Integer.toHexString(fakeCookie[i] & 0xff); tmp.append((digit2.length() == 2) ? digit2 : "0" + digit2); } hexEncodedFakeCookie = tmp.toString(); /* Well, yes, chances are low, but we want to be on the safe side */ if (cm.checkX11Cookie(hexEncodedFakeCookie) == null) break; } /* Ask for X11 forwarding */ cm.requestX11(cn, singleConnection, "MIT-MAGIC-COOKIE-1", hexEncodedFakeCookie, 0); /* OK, that went fine, get ready to accept X11 connections... */ /* ... but only if the user has not called close() in the meantime =) */ synchronized (this) { if (flag_closed == false) { this.x11FakeCookie = hexEncodedFakeCookie; cm.registerX11Cookie(hexEncodedFakeCookie, x11data); } } /* Now it is safe to start remote X11 programs */ } /** * Execute a command on the remote machine. * * @param cmd The command to execute on the remote host. * @throws IOException */ public void execCommand(String cmd) throws IOException { this.execCommand(cmd, null); } /** * Execute a command on the remote machine. * * @param cmd The command to execute on the remote host. * @param charsetName The charset used to convert between Java Unicode Strings and byte encodings * @throws IOException */ public void execCommand(String cmd, String charsetName) throws IOException { if (cmd == null) throw new IllegalArgumentException("cmd argument may not be null"); synchronized (this) { /* The following is just a nicer error, we would catch it anyway later in the channel code */ if (flag_closed) throw new IOException("This session is closed."); if (flag_execution_started) throw new IOException("A remote execution has already started."); flag_execution_started = true; } cm.requestExecCommand(cn, cmd, charsetName); } /** * Start a shell on the remote machine. * * @throws IOException */ public void startShell() throws IOException { synchronized (this) { /* The following is just a nicer error, we would catch it anyway later in the channel code */ if (flag_closed) throw new IOException("This session is closed."); if (flag_execution_started) throw new IOException("A remote execution has already started."); flag_execution_started = true; } cm.requestShell(cn); } /** * Start a subsystem on the remote machine. * Unless you know what you are doing, you will never need this. * * @param name the name of the subsystem. * @throws IOException */ public void startSubSystem(String name) throws IOException { if (name == null) throw new IllegalArgumentException("name argument may not be null"); synchronized (this) { /* The following is just a nicer error, we would catch it anyway later in the channel code */ if (flag_closed) throw new IOException("This session is closed."); if (flag_execution_started) throw new IOException("A remote execution has already started."); flag_execution_started = true; } cm.requestSubSystem(cn, name); } public int getState() { return cn.getState(); } public InputStream getStdout() { return cn.getStdoutStream(); } public InputStream getStderr() { return cn.getStderrStream(); } public OutputStream getStdin() { return cn.getStdinStream(); } /** * This method blocks until there is more data available on either the * stdout or stderr InputStream of this Session. Very useful * if you do not want to use two parallel threads for reading from the two * InputStreams. One can also specify a timeout. NOTE: do NOT call this * method if you use concurrent threads that operate on either of the two * InputStreams of this Session (otherwise this method may * block, even though more data is available). * * @param timeout The (non-negative) timeout in ms. 0 means no * timeout, the call may block forever. * @return

    *
  • 0 if no more data will arrive.
  • *
  • 1 if more data is available.
  • *
  • -1 if a timeout occurred.
  • *
* @throws IOException * @deprecated This method has been replaced with a much more powerful wait-for-condition * interface and therefore acts only as a wrapper. */ public int waitUntilDataAvailable(long timeout) throws IOException { if (timeout < 0) throw new IllegalArgumentException("timeout must not be negative!"); int conditions = cm.waitForCondition(cn, timeout, ChannelCondition.STDOUT_DATA | ChannelCondition.STDERR_DATA | ChannelCondition.EOF); if ((conditions & ChannelCondition.TIMEOUT) != 0) return -1; if ((conditions & (ChannelCondition.STDOUT_DATA | ChannelCondition.STDERR_DATA)) != 0) return 1; /* Here we do not need to check separately for CLOSED, since CLOSED implies EOF */ if ((conditions & ChannelCondition.EOF) != 0) return 0; throw new IllegalStateException("Unexpected condition result (" + conditions + ")"); } /** * This method blocks until certain conditions hold true on the underlying SSH-2 channel. *

* This method returns as soon as one of the following happens: *

    *
  • at least of the specified conditions (see {@link ChannelCondition}) holds true
  • *
  • timeout > 0 and a timeout occured (TIMEOUT will be set in result conditions) *
  • the underlying channel was closed (CLOSED will be set in result conditions) *
*

* In any case, the result value contains ALL current conditions, which may be more * than the specified condition set (i.e., never use the "==" operator to test for conditions * in the bitmask, see also comments in {@link ChannelCondition}). *

* Note: do NOT call this method if you want to wait for STDOUT_DATA or STDERR_DATA and * there are concurrent threads (e.g., StreamGobblers) that operate on either of the two * InputStreams of this Session (otherwise this method may * block, even though more data is available in the StreamGobblers). * * @param condition_set a bitmask based on {@link ChannelCondition} values * @param timeout non-negative timeout in ms, 0 means no timeout * @return all bitmask specifying all current conditions that are true */ public int waitForCondition(int condition_set, long timeout) throws IOException { if (timeout < 0) throw new IllegalArgumentException("timeout must be non-negative!"); return cm.waitForCondition(cn, timeout, condition_set); } /** * Get the exit code/status from the remote command - if available. Be * careful - not all server implementations return this value. It is * generally a good idea to call this method only when all data from the * remote side has been consumed (see also the method). * * @return An Integer holding the exit code, or * null if no exit code is (yet) available. */ public Integer getExitStatus() { return cn.getExitStatus(); } /** * Get the name of the signal by which the process on the remote side was * stopped - if available and applicable. Be careful - not all server * implementations return this value. * * @return An String holding the name of the signal, or * null if the process exited normally or is still * running (or if the server forgot to send this information). */ public String getExitSignal() { return cn.getExitSignal(); } /** * Close this session. NEVER forget to call this method to free up resources - * even if you got an exception from one of the other methods (or when * getting an Exception on the Input- or OutputStreams). Sometimes these other * methods may throw an exception, saying that the underlying channel is * closed (this can happen, e.g., if the other server sent a close message.) * However, as long as you have not called the close() * method, you may be wasting (local) resources. */ public void close() { synchronized (this) { if (flag_closed) return; flag_closed = true; if (x11FakeCookie != null) cm.unRegisterX11Cookie(x11FakeCookie, true); try { cm.closeChannel(cn, "Closed due to user request", true); } catch (IOException ignored) { } } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/SimpleServerSessionCallback.java000066400000000000000000000027041370551253600320070ustar00rootroot00000000000000/* * Copyright (c) 2006-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; import java.io.IOException; /** * A basic ServerSessionCallback implementation. *

* Note: you should derive from this class instead of implementing * the {@link ServerSessionCallback} interface directly. This way * your code works also in case the interface gets extended in future * versions. * * @author Christian * */ public class SimpleServerSessionCallback implements ServerSessionCallback { public Runnable requestShell(ServerSession ss) throws IOException { return null; } public Runnable requestExec(ServerSession ss, String command) throws IOException { return null; } public Runnable requestSubsystem(ServerSession ss, String subsystem) throws IOException { return null; } public Runnable requestPtyReq(ServerSession ss, PtySettings pty) throws IOException { return null; } /** * By default, silently ignore passwd environment variables. */ public Runnable requestEnv(ServerSession ss, String name, String value) throws IOException { return new Runnable() { public void run() { /* Do nothing */ } }; } public void requestWindowChange(ServerSession ss, int term_width_columns, int term_height_rows, int term_width_pixels, int term_height_pixels) throws IOException { } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/StreamGobbler.java000066400000000000000000000134051370551253600271360ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2; import java.io.IOException; import java.io.InputStream; import java.io.InterruptedIOException; /** * A StreamGobbler is an InputStream that uses an internal worker * thread to constantly consume input from another InputStream. It uses a buffer * to store the consumed data. The buffer size is automatically adjusted, if needed. *

* This class is sometimes very convenient - if you wrap a session's STDOUT and STDERR * InputStreams with instances of this class, then you don't have to bother about * the shared window of STDOUT and STDERR in the low level SSH-2 protocol, * since all arriving data will be immediatelly consumed by the worker threads. * Also, as a side effect, the streams will be buffered (e.g., single byte * read() operations are faster). *

* Other SSH for Java libraries include this functionality by default in * their STDOUT and STDERR InputStream implementations, however, please be aware * that this approach has also a downside: *

* If you do not call the StreamGobbler's read() method often enough * and the peer is constantly sending huge amounts of data, then you will sooner or later * encounter a low memory situation due to the aggregated data (well, it also depends on the Java heap size). * Joe Average will like this class anyway - a paranoid programmer would never use such an approach. *

* The term "StreamGobbler" was taken from an article called "When Runtime.exec() won't", * see http://www.javaworld.com/javaworld/jw-12-2000/jw-1229-traps.html. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class StreamGobbler extends InputStream { class GobblerThread extends Thread { @Override public void run() { byte[] buff = new byte[8192]; while (true) { try { int avail = is.read(buff); synchronized (synchronizer) { if (avail <= 0) { isEOF = true; synchronizer.notifyAll(); break; } int space_available = buffer.length - write_pos; if (space_available < avail) { /* compact/resize buffer */ int unread_size = write_pos - read_pos; int need_space = unread_size + avail; byte[] new_buffer = buffer; if (need_space > buffer.length) { int inc = need_space / 3; inc = (inc < 256) ? 256 : inc; inc = (inc > 8192) ? 8192 : inc; new_buffer = new byte[need_space + inc]; } if (unread_size > 0) System.arraycopy(buffer, read_pos, new_buffer, 0, unread_size); buffer = new_buffer; read_pos = 0; write_pos = unread_size; } System.arraycopy(buff, 0, buffer, write_pos, avail); write_pos += avail; synchronizer.notifyAll(); } } catch (IOException e) { synchronized (synchronizer) { exception = e; synchronizer.notifyAll(); break; } } } } } private InputStream is; private final Object synchronizer = new Object(); private boolean isEOF = false; private boolean isClosed = false; private IOException exception = null; private byte[] buffer = new byte[2048]; private int read_pos = 0; private int write_pos = 0; public StreamGobbler(InputStream is) { this.is = is; GobblerThread t = new GobblerThread(); t.setDaemon(true); t.start(); } @Override public int read() throws IOException { synchronized (synchronizer) { if (isClosed) throw new IOException("This StreamGobbler is closed."); while (read_pos == write_pos) { if (exception != null) throw exception; if (isEOF) return -1; try { synchronizer.wait(); } catch (InterruptedException e) { throw new InterruptedIOException(); } } return buffer[read_pos++] & 0xff; } } @Override public int available() throws IOException { synchronized (synchronizer) { if (isClosed) throw new IOException("This StreamGobbler is closed."); return write_pos - read_pos; } } @Override public int read(byte[] b) throws IOException { return read(b, 0, b.length); } @Override public void close() throws IOException { synchronized (synchronizer) { if (isClosed) return; isClosed = true; isEOF = true; synchronizer.notifyAll(); is.close(); } } @Override public int read(byte[] b, int off, int len) throws IOException { if (b == null) throw new NullPointerException(); if ((off < 0) || (len < 0) || ((off + len) > b.length) || ((off + len) < 0) || (off > b.length)) throw new IndexOutOfBoundsException(); if (len == 0) return 0; synchronized (synchronizer) { if (isClosed) throw new IOException("This StreamGobbler is closed."); while (read_pos == write_pos) { if (exception != null) throw exception; if (isEOF) return -1; try { synchronizer.wait(); } catch (InterruptedException e) { throw new InterruptedIOException(); } } int avail = write_pos - read_pos; avail = (avail > len) ? len : avail; System.arraycopy(buffer, read_pos, b, off, avail); read_pos += avail; return avail; } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/Version.java000066400000000000000000000012561370551253600260340ustar00rootroot00000000000000package ch.ethz.ssh2; /** * Provides version information from the manifest. * * @version $Id$ */ public class Version { public static String getSpecification() { Package pkg = Version.class.getPackage(); return (pkg == null) ? "SNAPSHOT" : pkg.getSpecificationVersion(); } public static String getImplementation() { Package pkg = Version.class.getPackage(); return (pkg == null) ? "SNAPSHOT" : pkg.getImplementationVersion(); } /** * A simple main method that prints the version and exits */ public static void main(String[] args) { System.out.println("Version: " + getSpecification()); System.out.println("Implementation: " + getImplementation()); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/auth/000077500000000000000000000000001370551253600245015ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/auth/AgentIdentity.java000066400000000000000000000004321370551253600301130ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.auth; public interface AgentIdentity { String getAlgName(); byte[] getPublicKeyBlob(); byte[] sign(byte[] data); } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/auth/AgentProxy.java000066400000000000000000000004251370551253600274450ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.auth; import java.util.Collection; public interface AgentProxy { public Collection getIdentities(); } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/auth/AuthenticationManager.java000066400000000000000000000307621370551253600316260ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.auth; import java.io.IOException; import java.io.InterruptedIOException; import java.security.SecureRandom; import java.util.ArrayList; import java.util.List; import ch.ethz.ssh2.InteractiveCallback; import ch.ethz.ssh2.crypto.PEMDecoder; import ch.ethz.ssh2.packets.PacketServiceAccept; import ch.ethz.ssh2.packets.PacketServiceRequest; import ch.ethz.ssh2.packets.PacketUserauthBanner; import ch.ethz.ssh2.packets.PacketUserauthFailure; import ch.ethz.ssh2.packets.PacketUserauthInfoRequest; import ch.ethz.ssh2.packets.PacketUserauthInfoResponse; import ch.ethz.ssh2.packets.PacketUserauthRequestInteractive; import ch.ethz.ssh2.packets.PacketUserauthRequestNone; import ch.ethz.ssh2.packets.PacketUserauthRequestPassword; import ch.ethz.ssh2.packets.PacketUserauthRequestPublicKey; import ch.ethz.ssh2.packets.Packets; import ch.ethz.ssh2.packets.TypesWriter; import ch.ethz.ssh2.signature.DSAPrivateKey; import ch.ethz.ssh2.signature.DSASHA1Verify; import ch.ethz.ssh2.signature.DSASignature; import ch.ethz.ssh2.signature.RSAPrivateKey; import ch.ethz.ssh2.signature.RSASHA1Verify; import ch.ethz.ssh2.signature.RSASignature; import ch.ethz.ssh2.transport.ClientTransportManager; import ch.ethz.ssh2.transport.MessageHandler; /** * @author Christian Plattner */ public class AuthenticationManager implements MessageHandler { private ClientTransportManager tm; private final List packets = new ArrayList(); private boolean connectionClosed = false; private String banner; private String[] remainingMethods = new String[0]; private boolean isPartialSuccess = false; private boolean authenticated = false; private boolean initDone = false; public AuthenticationManager(ClientTransportManager tm) { this.tm = tm; } boolean methodPossible(String methName) { if (remainingMethods == null) return false; for(String remainingMethod : remainingMethods) { if(remainingMethod.compareTo(methName) == 0) { return true; } } return false; } byte[] deQueue() throws IOException { synchronized (packets) { while (packets.size() == 0) { if (connectionClosed) throw new IOException("The connection is closed.", tm .getReasonClosedCause()); try { packets.wait(); } catch (InterruptedException e) { throw new InterruptedIOException(e.getMessage()); } } byte[] res = packets.get(0); packets.remove(0); return res; } } byte[] getNextMessage() throws IOException { while (true) { byte[] msg = deQueue(); if (msg[0] != Packets.SSH_MSG_USERAUTH_BANNER) return msg; PacketUserauthBanner sb = new PacketUserauthBanner(msg, 0, msg.length); banner = sb.getBanner(); } } public String[] getRemainingMethods(String user) throws IOException { initialize(user); return remainingMethods; } public String getBanner() { return banner; } public boolean getPartialSuccess() { return isPartialSuccess; } private boolean initialize(String user) throws IOException { if (initDone == false) { tm.registerMessageHandler(this, 0, 255); PacketServiceRequest sr = new PacketServiceRequest("ssh-userauth"); tm.sendMessage(sr.getPayload()); byte[] msg = getNextMessage(); new PacketServiceAccept(msg, 0, msg.length); PacketUserauthRequestNone urn = new PacketUserauthRequestNone("ssh-connection", user); tm.sendMessage(urn.getPayload()); msg = getNextMessage(); initDone = true; if (msg[0] == Packets.SSH_MSG_USERAUTH_SUCCESS) { authenticated = true; tm.removeMessageHandler(this, 0, 255); return true; } if (msg[0] == Packets.SSH_MSG_USERAUTH_FAILURE) { PacketUserauthFailure puf = new PacketUserauthFailure(msg, 0, msg.length); remainingMethods = puf.getAuthThatCanContinue(); isPartialSuccess = puf.isPartialSuccess(); return false; } throw new IOException("Unexpected SSH message (type " + msg[0] + ")"); } return authenticated; } public boolean authenticatePublicKey(String user, AgentProxy proxy) throws IOException { initialize(user); boolean success; for(AgentIdentity identity : proxy.getIdentities()) { success = authenticatePublicKey(user, identity); if(success) { return true; } } return false; } boolean authenticatePublicKey(String user, AgentIdentity identity) throws IOException { if (methodPossible("publickey") == false) throw new IOException("Authentication method publickey not supported by the server at this stage."); byte[] pubKeyBlob = identity.getPublicKeyBlob(); if(pubKeyBlob == null) { return false; } TypesWriter tw = new TypesWriter(); byte[] H = tm.getSessionIdentifier(); tw.writeString(H, 0, H.length); tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST); tw.writeString(user); tw.writeString("ssh-connection"); tw.writeString("publickey"); tw.writeBoolean(true); tw.writeString(identity.getAlgName()); tw.writeString(pubKeyBlob, 0, pubKeyBlob.length); byte[] msg = tw.getBytes(); byte[] response = identity.sign(msg); PacketUserauthRequestPublicKey ua = new PacketUserauthRequestPublicKey( "ssh-connection", user, identity.getAlgName(), pubKeyBlob, response); tm.sendMessage(ua.getPayload()); byte[] ar = getNextMessage(); if (ar[0] == Packets.SSH_MSG_USERAUTH_SUCCESS) { authenticated = true; tm.removeMessageHandler(this, 0, 255); return true; } if (ar[0] == Packets.SSH_MSG_USERAUTH_FAILURE) { PacketUserauthFailure puf = new PacketUserauthFailure(ar, 0, ar.length); remainingMethods = puf.getAuthThatCanContinue(); isPartialSuccess = puf.isPartialSuccess(); return false; } throw new IOException("Unexpected SSH message (type " + ar[0] + ")"); } public boolean authenticatePublicKey(String user, char[] PEMPrivateKey, String password, SecureRandom rnd) throws IOException { try { initialize(user); if (methodPossible("publickey") == false) throw new IOException("Authentication method publickey not supported by the server at this stage."); Object key = PEMDecoder.decode(PEMPrivateKey, password); if (key instanceof DSAPrivateKey) { DSAPrivateKey pk = (DSAPrivateKey) key; byte[] pk_enc = DSASHA1Verify.encodeSSHDSAPublicKey(pk.getPublicKey()); TypesWriter tw = new TypesWriter(); byte[] H = tm.getSessionIdentifier(); tw.writeString(H, 0, H.length); tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST); tw.writeString(user); tw.writeString("ssh-connection"); tw.writeString("publickey"); tw.writeBoolean(true); tw.writeString("ssh-dss"); tw.writeString(pk_enc, 0, pk_enc.length); byte[] msg = tw.getBytes(); DSASignature ds = DSASHA1Verify.generateSignature(msg, pk, rnd); byte[] ds_enc = DSASHA1Verify.encodeSSHDSASignature(ds); PacketUserauthRequestPublicKey ua = new PacketUserauthRequestPublicKey("ssh-connection", user, "ssh-dss", pk_enc, ds_enc); tm.sendMessage(ua.getPayload()); } else if (key instanceof RSAPrivateKey) { RSAPrivateKey pk = (RSAPrivateKey) key; byte[] pk_enc = RSASHA1Verify.encodeSSHRSAPublicKey(pk.getPublicKey()); TypesWriter tw = new TypesWriter(); { byte[] H = tm.getSessionIdentifier(); tw.writeString(H, 0, H.length); tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST); tw.writeString(user); tw.writeString("ssh-connection"); tw.writeString("publickey"); tw.writeBoolean(true); tw.writeString("ssh-rsa"); tw.writeString(pk_enc, 0, pk_enc.length); } byte[] msg = tw.getBytes(); RSASignature ds = RSASHA1Verify.generateSignature(msg, pk); byte[] rsa_sig_enc = RSASHA1Verify.encodeSSHRSASignature(ds); PacketUserauthRequestPublicKey ua = new PacketUserauthRequestPublicKey("ssh-connection", user, "ssh-rsa", pk_enc, rsa_sig_enc); tm.sendMessage(ua.getPayload()); } else { throw new IOException("Unknown private key type returned by the PEM decoder."); } byte[] ar = getNextMessage(); if (ar[0] == Packets.SSH_MSG_USERAUTH_SUCCESS) { authenticated = true; tm.removeMessageHandler(this, 0, 255); return true; } if (ar[0] == Packets.SSH_MSG_USERAUTH_FAILURE) { PacketUserauthFailure puf = new PacketUserauthFailure(ar, 0, ar.length); remainingMethods = puf.getAuthThatCanContinue(); isPartialSuccess = puf.isPartialSuccess(); return false; } throw new IOException("Unexpected SSH message (type " + ar[0] + ")"); } catch (IOException e) { tm.close(e); throw new IOException("Publickey authentication failed.", e); } } public boolean authenticateNone(String user) throws IOException { try { initialize(user); return authenticated; } catch (IOException e) { tm.close(e); throw new IOException("None authentication failed.", e); } } public boolean authenticatePassword(String user, String pass) throws IOException { try { initialize(user); if (methodPossible("password") == false) throw new IOException("Authentication method password not supported by the server at this stage."); PacketUserauthRequestPassword ua = new PacketUserauthRequestPassword("ssh-connection", user, pass); tm.sendMessage(ua.getPayload()); byte[] ar = getNextMessage(); if (ar[0] == Packets.SSH_MSG_USERAUTH_SUCCESS) { authenticated = true; tm.removeMessageHandler(this, 0, 255); return true; } if (ar[0] == Packets.SSH_MSG_USERAUTH_FAILURE) { PacketUserauthFailure puf = new PacketUserauthFailure(ar, 0, ar.length); remainingMethods = puf.getAuthThatCanContinue(); isPartialSuccess = puf.isPartialSuccess(); return false; } throw new IOException("Unexpected SSH message (type " + ar[0] + ")"); } catch (IOException e) { tm.close(e); throw new IOException("Password authentication failed.", e); } } public boolean authenticateInteractive(String user, String[] submethods, InteractiveCallback cb) throws IOException { try { initialize(user); if (methodPossible("keyboard-interactive") == false) throw new IOException( "Authentication method keyboard-interactive not supported by the server at this stage."); if (submethods == null) submethods = new String[0]; PacketUserauthRequestInteractive ua = new PacketUserauthRequestInteractive("ssh-connection", user, submethods); tm.sendMessage(ua.getPayload()); while (true) { byte[] ar = getNextMessage(); if (ar[0] == Packets.SSH_MSG_USERAUTH_SUCCESS) { authenticated = true; tm.removeMessageHandler(this, 0, 255); return true; } if (ar[0] == Packets.SSH_MSG_USERAUTH_FAILURE) { PacketUserauthFailure puf = new PacketUserauthFailure(ar, 0, ar.length); remainingMethods = puf.getAuthThatCanContinue(); isPartialSuccess = puf.isPartialSuccess(); return false; } if (ar[0] == Packets.SSH_MSG_USERAUTH_INFO_REQUEST) { PacketUserauthInfoRequest pui = new PacketUserauthInfoRequest(ar, 0, ar.length); String[] responses; try { responses = cb.replyToChallenge(pui.getName(), pui.getInstruction(), pui.getNumPrompts(), pui .getPrompt(), pui.getEcho()); } catch (Exception e) { throw new IOException("Exception in callback.", e); } if (responses == null) throw new IOException("Your callback may not return NULL!"); PacketUserauthInfoResponse puir = new PacketUserauthInfoResponse(responses); tm.sendMessage(puir.getPayload()); continue; } throw new IOException("Unexpected SSH message (type " + ar[0] + ")"); } } catch (IOException e) { tm.close(e); throw new IOException("Keyboard-interactive authentication failed.", e); } } public void handleMessage(byte[] msg, int msglen) throws IOException { synchronized (packets) { if (msg == null) { connectionClosed = true; } else { byte[] tmp = new byte[msglen]; System.arraycopy(msg, 0, tmp, 0, msglen); packets.add(tmp); } packets.notifyAll(); if (packets.size() > 5) { connectionClosed = true; throw new IOException("Error, peer is flooding us with authentication packets."); } } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/auth/ServerAuthenticationManager.java000066400000000000000000000074561370551253600330210ustar00rootroot00000000000000 package ch.ethz.ssh2.auth; import java.io.IOException; import ch.ethz.ssh2.AuthenticationResult; import ch.ethz.ssh2.ServerAuthenticationCallback; import ch.ethz.ssh2.channel.ChannelManager; import ch.ethz.ssh2.packets.PacketServiceAccept; import ch.ethz.ssh2.packets.PacketServiceRequest; import ch.ethz.ssh2.packets.PacketUserauthBanner; import ch.ethz.ssh2.packets.PacketUserauthFailure; import ch.ethz.ssh2.packets.PacketUserauthSuccess; import ch.ethz.ssh2.packets.Packets; import ch.ethz.ssh2.packets.TypesReader; import ch.ethz.ssh2.server.ServerConnectionState; import ch.ethz.ssh2.transport.MessageHandler; public class ServerAuthenticationManager implements MessageHandler { private final ServerConnectionState state; public ServerAuthenticationManager(ServerConnectionState state) { this.state = state; state.tm.registerMessageHandler(this, 0, 255); } private void sendresult(AuthenticationResult result) throws IOException { if (AuthenticationResult.SUCCESS == result) { PacketUserauthSuccess pus = new PacketUserauthSuccess(); state.tm.sendAsynchronousMessage(pus.getPayload()); state.tm.removeMessageHandler(this, 0, 255); state.tm.registerMessageHandler(this, 50, 79); state.cm = new ChannelManager(state); state.flag_auth_completed = true; } else { String[] remaining_methods = null; if (state.cb_auth != null) remaining_methods = state.cb_auth.getRemainingAuthMethods(state.conn); if (remaining_methods == null) remaining_methods = new String[0]; PacketUserauthFailure puf = new PacketUserauthFailure(remaining_methods, AuthenticationResult.PARTIAL_SUCCESS == result); state.tm.sendAsynchronousMessage(puf.getPayload()); } } public void handleMessage(byte[] msg, int msglen) throws IOException { synchronized (state) { } /* Ignore all authentication messages after successful auth */ if (state.flag_auth_completed) return; if (!state.flag_auth_serviceRequested) { /* Must be PacketServiceRequest */ PacketServiceRequest psr = new PacketServiceRequest(msg, 0, msglen); if (!"ssh-userauth".equals(psr.getServiceName())) throw new IOException("SSH protocol error, expected ssh-userauth service request"); PacketServiceAccept psa = new PacketServiceAccept("ssh-userauth"); state.tm.sendAsynchronousMessage(psa.getPayload()); String banner = state.cb_auth.initAuthentication(state.conn); if (banner != null) { PacketUserauthBanner pub = new PacketUserauthBanner(banner, "en"); state.tm.sendAsynchronousMessage(pub.getPayload()); } state.flag_auth_serviceRequested = true; return; } ServerAuthenticationCallback cb = state.cb_auth; TypesReader tr = new TypesReader(msg, 0, msglen); int packet_type = tr.readByte(); if (packet_type == Packets.SSH_MSG_USERAUTH_REQUEST) { String username = tr.readString("UTF-8"); String service = tr.readString(); String method = tr.readString(); if (!"ssh-connection".equals(service)) { sendresult(AuthenticationResult.FAILURE); return; } if ("none".equals(method)) { if (cb != null) { sendresult(cb.authenticateWithNone(state.conn, username)); return; } } if ("password".equals(method)) { boolean flag_change_pass = tr.readBoolean(); if (flag_change_pass) { sendresult(AuthenticationResult.FAILURE); return; } String password = tr.readString("UTF-8"); if (cb != null) { sendresult(cb.authenticateWithPassword(state.conn, username, password)); return; } } sendresult(AuthenticationResult.FAILURE); return; } throw new IOException("Unexpected authentication packet " + packet_type); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/channel/000077500000000000000000000000001370551253600251505ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/channel/Channel.java000066400000000000000000000142321370551253600273650ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.channel; /** * Channel. * * @author Christian Plattner * @version $Id$ */ public class Channel { /* * OK. Here is an important part of the JVM Specification: * (http://java.sun.com/docs/books/vmspec/2nd-edition/html/Threads.doc.html#22214) * * Any association between locks and variables is purely conventional. * Locking any lock conceptually flushes all variables from a thread's * working memory, and unlocking any lock forces the writing out to main * memory of all variables that the thread has assigned. That a lock may be * associated with a particular object or a class is purely a convention. * (...) * * If a thread uses a particular shared variable only after locking a * particular lock and before the corresponding unlocking of that same lock, * then the thread will read the shared value of that variable from main * memory after the lock operation, if necessary, and will copy back to main * memory the value most recently assigned to that variable before the * unlock operation. * * This, in conjunction with the mutual exclusion rules for locks, suffices * to guarantee that values are correctly transmitted from one thread to * another through shared variables. * * ====> Always keep that in mind when modifying the Channel/ChannelManger * code. * */ public static final int STATE_OPENING = 1; public static final int STATE_OPEN = 2; public static final int STATE_CLOSED = 4; static final int CHANNEL_BUFFER_SIZE = 32 * 1024 * 3 * 2; /* * To achieve correctness, the following rules have to be respected when * accessing this object: */ // These fields can always be read final ChannelManager cm; final ChannelOutputStream stdinStream; final ChannelInputStream stdoutStream; final ChannelInputStream stderrStream; // In case this channel belongs to a server-side session. ServerSessionImpl ss; // These two fields will only be written while the Channel is in state // STATE_OPENING. // The code makes sure that the two fields are written out when the state is // changing to STATE_OPEN. // Therefore, if you know that the Channel is in state STATE_OPEN, then you // can read these two fields without synchronizing on the Channel. However, make // sure that you get the latest values (e.g., flush caches by synchronizing on any // object). However, to be on the safe side, you can lock the channel. int localID = -1; int remoteID = -1; /* * Make sure that we never send a data/EOF/WindowChange msg after a CLOSE * msg. * * This is a little bit complicated, but we have to do it in that way, since * we cannot keep a lock on the Channel during the send operation (this * would block sometimes the receiver thread, and, in extreme cases, can * lead to a deadlock on both sides of the connection (senders are blocked * since the receive buffers on the other side are full, and receiver * threads wait for the senders to finish). It all depends on the * implementation on the other side. But we cannot make any assumptions, we * have to assume the worst case. Confused? Just believe me. */ /* * If you send a message on a channel, then you have to aquire the * "channelSendLock" and check the "closeMessageSent" flag (this variable * may only be accessed while holding the "channelSendLock" !!! * * BTW: NEVER EVER SEND MESSAGES FROM THE RECEIVE THREAD - see explanation * above. */ final Object channelSendLock = new Object(); boolean closeMessageSent = false; /* * Stop memory fragmentation by allocating this often used buffer. * May only be used while holding the channelSendLock */ final byte[] msgWindowAdjust = new byte[9]; // If you access (read or write) any of the following fields, then you have // to synchronize on the channel. int state = STATE_OPENING; boolean closeMessageRecv = false; /* This is a stupid implementation. At the moment we can only wait * for one pending request per channel. */ int successCounter = 0; int failedCounter = 0; int localWindow = 0; /* locally, we use a small window, < 2^31 */ long remoteWindow = 0; /* long for readable 2^32 - 1 window support */ int localMaxPacketSize = -1; int remoteMaxPacketSize = -1; final byte[] stdoutBuffer = new byte[CHANNEL_BUFFER_SIZE]; final byte[] stderrBuffer = new byte[CHANNEL_BUFFER_SIZE]; int stdoutReadpos = 0; int stdoutWritepos = 0; int stderrReadpos = 0; int stderrWritepos = 0; boolean EOF = false; Integer exit_status; String exit_signal; // we keep the x11 cookie so that this channel can be closed when this // specific x11 forwarding gets stopped String hexX11FakeCookie; // reasonClosed is special, since we sometimes need to access it // while holding the channelSendLock. // We protect it with a private short term lock. private final Object reasonClosedLock = new Object(); private String reasonClosed = null; public Channel(ChannelManager cm) { this.cm = cm; this.localWindow = CHANNEL_BUFFER_SIZE; this.localMaxPacketSize = 32 * 1024; this.stdinStream = new ChannelOutputStream(this); this.stdoutStream = new ChannelInputStream(this, false); this.stderrStream = new ChannelInputStream(this, true); } /* Methods to allow access from classes outside of this package */ public ChannelInputStream getStderrStream() { return stderrStream; } public ChannelOutputStream getStdinStream() { return stdinStream; } public ChannelInputStream getStdoutStream() { return stdoutStream; } public String getExitSignal() { synchronized (this) { return exit_signal; } } public Integer getExitStatus() { synchronized (this) { return exit_status; } } public String getReasonClosed() { synchronized (reasonClosedLock) { return reasonClosed; } } public void setReasonClosed(String reasonClosed) { synchronized (reasonClosedLock) { if (this.reasonClosed == null) { this.reasonClosed = reasonClosed; } } } public int getState() { return this.state; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/channel/ChannelClosedException.java000066400000000000000000000007121370551253600323740ustar00rootroot00000000000000/* * Copyright (c) 2011 David Kocher. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.channel; import java.io.IOException; /** * @version $Id: ChannelClosedException.java 3183 2007-07-30 19:22:34Z dkocher $ */ public class ChannelClosedException extends IOException { /** * */ private static final long serialVersionUID = 1L; public ChannelClosedException(String s) { super(s); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/channel/ChannelInputStream.java000066400000000000000000000032021370551253600315540ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.channel; import java.io.IOException; import java.io.InputStream; /** * ChannelInputStream. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public final class ChannelInputStream extends InputStream { Channel c; boolean isClosed = false; boolean isEOF = false; boolean extendedFlag = false; ChannelInputStream(Channel c, boolean isExtended) { this.c = c; this.extendedFlag = isExtended; } @Override public int available() throws IOException { if (isEOF) return 0; int avail = c.cm.getAvailable(c, extendedFlag); /* We must not return -1 on EOF */ return (avail > 0) ? avail : 0; } @Override public void close() throws IOException { isClosed = true; } @Override public int read(byte[] b, int off, int len) throws IOException { if (b == null) throw new NullPointerException(); if ((off < 0) || (len < 0) || ((off + len) > b.length) || ((off + len) < 0) || (off > b.length)) throw new IndexOutOfBoundsException(); if (len == 0) return 0; if (isEOF) return -1; int ret = c.cm.getChannelData(c, extendedFlag, b, off, len); if (ret == -1) { isEOF = true; } return ret; } @Override public int read(byte[] b) throws IOException { return read(b, 0, b.length); } @Override public int read() throws IOException { /* Yes, this stream is pure and unbuffered, a single byte read() is slow */ final byte b[] = new byte[1]; int ret = read(b, 0, 1); if (ret != 1) return -1; return b[0] & 0xff; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/channel/ChannelManager.java000066400000000000000000001362001370551253600306600ustar00rootroot00000000000000/* * Copyright (c) 2006-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.channel; import java.io.IOException; import java.io.InterruptedIOException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import ch.ethz.ssh2.ChannelCondition; import ch.ethz.ssh2.PtySettings; import ch.ethz.ssh2.ServerConnectionCallback; import ch.ethz.ssh2.ServerSessionCallback; import ch.ethz.ssh2.log.Logger; import ch.ethz.ssh2.packets.*; import ch.ethz.ssh2.server.ServerConnectionState; import ch.ethz.ssh2.transport.MessageHandler; import ch.ethz.ssh2.transport.TransportManager; /** * ChannelManager. Please read the comments in Channel.java. *

* Besides the crypto part, this is the core of the library. * * @author Christian Plattner * @version $Id$ */ public class ChannelManager implements MessageHandler { private static final Logger log = Logger.getLogger(ChannelManager.class); private final ServerConnectionState server_state; private final TransportManager tm; private final Map x11_magic_cookies = new HashMap(); private final List channels = new ArrayList(); private int nextLocalChannel = 100; private boolean shutdown = false; private int globalSuccessCounter = 0; private int globalFailedCounter = 0; private final Map remoteForwardings = new HashMap(); private final List listenerThreads = new ArrayList(); private boolean listenerThreadsAllowed = true; /** * Constructor for client-mode. * @param tm */ public ChannelManager(TransportManager tm) { this.server_state = null; this.tm = tm; tm.registerMessageHandler(this, 80, 100); } /** * Constructor for server-mode. * @param state */ public ChannelManager(ServerConnectionState state) { this.server_state = state; this.tm = state.tm; tm.registerMessageHandler(this, 80, 100); } private Channel getChannel(int id) { synchronized (channels) { for (Channel c : channels) { if (c.localID == id) return c; } } return null; } private void removeChannel(int id) { synchronized (channels) { for (Channel c : channels) { if (c.localID == id) { channels.remove(c); break; } } } } private int addChannel(Channel c) { synchronized (channels) { channels.add(c); return nextLocalChannel++; } } private void waitUntilChannelOpen(Channel c) throws IOException { synchronized (c) { while (c.state == Channel.STATE_OPENING) { try { c.wait(); } catch (InterruptedException e) { throw new InterruptedIOException(e.getMessage()); } } if (c.state != Channel.STATE_OPEN) { removeChannel(c.localID); String detail = c.getReasonClosed(); if (detail == null) detail = "state: " + c.state; throw new IOException("Could not open channel (" + detail + ")"); } } } private void waitForGlobalSuccessOrFailure() throws IOException { synchronized (channels) { while ((globalSuccessCounter == 0) && (globalFailedCounter == 0)) { if (shutdown) { throw new IOException("The connection is being shutdown"); } try { channels.wait(); } catch (InterruptedException e) { throw new InterruptedIOException(e.getMessage()); } } if ((globalFailedCounter == 0) && (globalSuccessCounter == 1)) { return; } if ((globalFailedCounter == 1) && (globalSuccessCounter == 0)) { throw new IOException("The server denied the request (did you enable port forwarding?)"); } throw new IOException("Illegal state. The server sent " + globalSuccessCounter + " SSH_MSG_REQUEST_SUCCESS and " + globalFailedCounter + " SSH_MSG_REQUEST_FAILURE messages."); } } private void waitForChannelSuccessOrFailure(Channel c) throws IOException { synchronized (c) { while ((c.successCounter == 0) && (c.failedCounter == 0)) { if (c.state != Channel.STATE_OPEN) { String detail = c.getReasonClosed(); if (detail == null) detail = "state: " + c.state; throw new IOException("This SSH2 channel is not open (" + detail + ")"); } try { c.wait(); } catch (InterruptedException ignore) { throw new InterruptedIOException(); } } if ((c.failedCounter == 0) && (c.successCounter == 1)) { return; } if ((c.failedCounter == 1) && (c.successCounter == 0)) { throw new IOException("The server denied the request."); } throw new IOException("Illegal state. The server sent " + c.successCounter + " SSH_MSG_CHANNEL_SUCCESS and " + c.failedCounter + " SSH_MSG_CHANNEL_FAILURE messages."); } } public void registerX11Cookie(String hexFakeCookie, X11ServerData data) { synchronized (x11_magic_cookies) { x11_magic_cookies.put(hexFakeCookie, data); } } public void unRegisterX11Cookie(String hexFakeCookie, boolean killChannels) { if (hexFakeCookie == null) throw new IllegalStateException("hexFakeCookie may not be null"); synchronized (x11_magic_cookies) { x11_magic_cookies.remove(hexFakeCookie); } if (killChannels == false) return; log.debug("Closing all X11 channels for the given fake cookie"); List channel_copy = new ArrayList(); synchronized (channels) { channel_copy.addAll(channels); } for (Channel c : channel_copy) { synchronized (c) { if (hexFakeCookie.equals(c.hexX11FakeCookie) == false) continue; } try { closeChannel(c, "Closing X11 channel since the corresponding session is closing", true); } catch (IOException ignored) { } } } public X11ServerData checkX11Cookie(String hexFakeCookie) { synchronized (x11_magic_cookies) { if (hexFakeCookie != null) return x11_magic_cookies.get(hexFakeCookie); } return null; } public void closeAllChannels() { log.debug("Closing all channels"); List channel_copy = new ArrayList(); synchronized (channels) { channel_copy.addAll(channels); } for (Channel c : channel_copy) { try { closeChannel(c, "Closing all channels", true); } catch (IOException ignored) { } } } public void closeChannel(Channel c, String reason, boolean force) throws IOException { byte msg[] = new byte[5]; synchronized (c) { if (force) { c.state = Channel.STATE_CLOSED; c.EOF = true; } c.setReasonClosed(reason); msg[0] = Packets.SSH_MSG_CHANNEL_CLOSE; msg[1] = (byte) (c.remoteID >> 24); msg[2] = (byte) (c.remoteID >> 16); msg[3] = (byte) (c.remoteID >> 8); msg[4] = (byte) (c.remoteID); c.notifyAll(); } synchronized (c.channelSendLock) { if (c.closeMessageSent == true) return; tm.sendMessage(msg); c.closeMessageSent = true; } log.debug("Sent SSH_MSG_CHANNEL_CLOSE (channel " + c.localID + ")"); } public void sendEOF(Channel c) throws IOException { byte[] msg = new byte[5]; synchronized (c) { if (c.state != Channel.STATE_OPEN) return; msg[0] = Packets.SSH_MSG_CHANNEL_EOF; msg[1] = (byte) (c.remoteID >> 24); msg[2] = (byte) (c.remoteID >> 16); msg[3] = (byte) (c.remoteID >> 8); msg[4] = (byte) (c.remoteID); } synchronized (c.channelSendLock) { if (c.closeMessageSent == true) return; tm.sendMessage(msg); } log.debug("Sent EOF (Channel " + c.localID + "/" + c.remoteID + ")"); } public void sendOpenConfirmation(Channel c) throws IOException { PacketChannelOpenConfirmation pcoc = null; synchronized (c) { if (c.state != Channel.STATE_OPENING) return; c.state = Channel.STATE_OPEN; pcoc = new PacketChannelOpenConfirmation(c.remoteID, c.localID, c.localWindow, c.localMaxPacketSize); } synchronized (c.channelSendLock) { if (c.closeMessageSent == true) return; tm.sendMessage(pcoc.getPayload()); } } public void sendData(Channel c, byte[] buffer, int pos, int len) throws IOException { while (len > 0) { int thislen = 0; byte[] msg; synchronized (c) { while (true) { if (c.state == Channel.STATE_CLOSED) throw new ChannelClosedException("SSH channel is closed. (" + c.getReasonClosed() + ")"); if (c.state != Channel.STATE_OPEN) throw new ChannelClosedException("SSH channel in strange state. (" + c.state + ")"); if (c.remoteWindow != 0) break; try { c.wait(); } catch (InterruptedException e) { throw new InterruptedIOException(e.getMessage()); } } /* len > 0, no sign extension can happen when comparing */ thislen = (c.remoteWindow >= len) ? len : (int) c.remoteWindow; int estimatedMaxDataLen = c.remoteMaxPacketSize - (tm.getPacketOverheadEstimate() + 9); /* The worst case scenario =) a true bottleneck */ if (estimatedMaxDataLen <= 0) { estimatedMaxDataLen = 1; } if (thislen > estimatedMaxDataLen) thislen = estimatedMaxDataLen; c.remoteWindow -= thislen; msg = new byte[1 + 8 + thislen]; msg[0] = Packets.SSH_MSG_CHANNEL_DATA; msg[1] = (byte) (c.remoteID >> 24); msg[2] = (byte) (c.remoteID >> 16); msg[3] = (byte) (c.remoteID >> 8); msg[4] = (byte) (c.remoteID); msg[5] = (byte) (thislen >> 24); msg[6] = (byte) (thislen >> 16); msg[7] = (byte) (thislen >> 8); msg[8] = (byte) (thislen); System.arraycopy(buffer, pos, msg, 9, thislen); } synchronized (c.channelSendLock) { if (c.closeMessageSent == true) throw new ChannelClosedException("SSH channel is closed. (" + c.getReasonClosed() + ")"); tm.sendMessage(msg); } pos += thislen; len -= thislen; } } public int requestGlobalForward(String bindAddress, int bindPort, String targetAddress, int targetPort) throws IOException { RemoteForwardingData rfd = new RemoteForwardingData(); rfd.bindAddress = bindAddress; rfd.bindPort = bindPort; rfd.targetAddress = targetAddress; rfd.targetPort = targetPort; synchronized (remoteForwardings) { Integer key = bindPort; if (remoteForwardings.get(key) != null) { throw new IOException("There is already a forwarding for remote port " + bindPort); } remoteForwardings.put(key, rfd); } synchronized (channels) { globalSuccessCounter = globalFailedCounter = 0; } PacketGlobalForwardRequest pgf = new PacketGlobalForwardRequest(true, bindAddress, bindPort); tm.sendMessage(pgf.getPayload()); log.debug("Requesting a remote forwarding ('" + bindAddress + "', " + bindPort + ")"); try { waitForGlobalSuccessOrFailure(); } catch (IOException e) { synchronized (remoteForwardings) { remoteForwardings.remove(rfd); } throw e; } return bindPort; } public void requestCancelGlobalForward(int bindPort) throws IOException { RemoteForwardingData rfd = null; synchronized (remoteForwardings) { rfd = remoteForwardings.get(bindPort); if (rfd == null) throw new IOException("Sorry, there is no known remote forwarding for remote port " + bindPort); } synchronized (channels) { globalSuccessCounter = globalFailedCounter = 0; } PacketGlobalCancelForwardRequest pgcf = new PacketGlobalCancelForwardRequest(true, rfd.bindAddress, rfd.bindPort); tm.sendMessage(pgcf.getPayload()); log.debug("Requesting cancelation of remote forward ('" + rfd.bindAddress + "', " + rfd.bindPort + ")"); waitForGlobalSuccessOrFailure(); /* Only now we are sure that no more forwarded connections will arrive */ synchronized (remoteForwardings) { remoteForwardings.remove(rfd); } } public void registerThread(IChannelWorkerThread thr) throws IOException { synchronized (listenerThreads) { if (listenerThreadsAllowed == false) throw new IOException("Too late, this connection is closed."); listenerThreads.add(thr); } } public Channel openDirectTCPIPChannel(String host_to_connect, int port_to_connect, String originator_IP_address, int originator_port) throws IOException { Channel c = new Channel(this); synchronized (c) { c.localID = addChannel(c); // end of synchronized block forces writing out to main memory } PacketOpenDirectTCPIPChannel dtc = new PacketOpenDirectTCPIPChannel(c.localID, c.localWindow, c.localMaxPacketSize, host_to_connect, port_to_connect, originator_IP_address, originator_port); tm.sendMessage(dtc.getPayload()); waitUntilChannelOpen(c); return c; } public Channel openSessionChannel() throws IOException { Channel c = new Channel(this); synchronized (c) { c.localID = addChannel(c); // end of synchronized block forces the writing out to main memory } log.debug("Sending SSH_MSG_CHANNEL_OPEN (Channel " + c.localID + ")"); PacketOpenSessionChannel smo = new PacketOpenSessionChannel(c.localID, c.localWindow, c.localMaxPacketSize); tm.sendMessage(smo.getPayload()); waitUntilChannelOpen(c); return c; } public void requestPTY(Channel c, String term, int term_width_characters, int term_height_characters, int term_width_pixels, int term_height_pixels, byte[] terminal_modes) throws IOException { PacketSessionPtyRequest spr; synchronized (c) { if (c.state != Channel.STATE_OPEN) throw new IOException("Cannot request PTY on this channel (" + c.getReasonClosed() + ")"); spr = new PacketSessionPtyRequest(c.remoteID, true, term, term_width_characters, term_height_characters, term_width_pixels, term_height_pixels, terminal_modes); c.successCounter = c.failedCounter = 0; } synchronized (c.channelSendLock) { if (c.closeMessageSent) throw new IOException("Cannot request PTY on this channel (" + c.getReasonClosed() + ")"); tm.sendMessage(spr.getPayload()); } try { waitForChannelSuccessOrFailure(c); } catch (IOException e) { throw new IOException("PTY request failed", e); } } public void requestWindowChange(Channel c, int term_width_characters, int term_height_characters, int term_width_pixels, int term_height_pixels) throws IOException { PacketWindowChange pwc; synchronized (c) { if (c.state != Channel.STATE_OPEN) throw new IOException("Cannot request window-change on this channel (" + c.getReasonClosed() + ")"); pwc = new PacketWindowChange(c.remoteID, term_width_characters, term_height_characters, term_width_pixels, term_height_pixels); c.successCounter = c.failedCounter = 0; } synchronized (c.channelSendLock) { if (c.closeMessageSent) throw new IOException("Cannot request window-change on this channel (" + c.getReasonClosed() + ")"); tm.sendMessage(pwc.getPayload()); } try { waitForChannelSuccessOrFailure(c); } catch (IOException e) { throw new IOException("The window-change request failed.", e); } } public void requestX11(Channel c, boolean singleConnection, String x11AuthenticationProtocol, String x11AuthenticationCookie, int x11ScreenNumber) throws IOException { PacketSessionX11Request psr; synchronized (c) { if (c.state != Channel.STATE_OPEN) throw new IOException("Cannot request X11 on this channel (" + c.getReasonClosed() + ")"); psr = new PacketSessionX11Request(c.remoteID, true, singleConnection, x11AuthenticationProtocol, x11AuthenticationCookie, x11ScreenNumber); c.successCounter = c.failedCounter = 0; } synchronized (c.channelSendLock) { if (c.closeMessageSent) throw new IOException("Cannot request X11 on this channel (" + c.getReasonClosed() + ")"); tm.sendMessage(psr.getPayload()); } log.debug("Requesting X11 forwarding (Channel " + c.localID + "/" + c.remoteID + ")"); try { waitForChannelSuccessOrFailure(c); } catch (IOException e) { throw new IOException("The X11 request failed.", e); } } public void requestSubSystem(Channel c, String subSystemName) throws IOException { PacketSessionSubsystemRequest ssr; synchronized (c) { if (c.state != Channel.STATE_OPEN) throw new IOException("Cannot request subsystem on this channel (" + c.getReasonClosed() + ")"); ssr = new PacketSessionSubsystemRequest(c.remoteID, true, subSystemName); c.successCounter = c.failedCounter = 0; } synchronized (c.channelSendLock) { if (c.closeMessageSent) throw new IOException("Cannot request subsystem on this channel (" + c.getReasonClosed() + ")"); tm.sendMessage(ssr.getPayload()); } try { waitForChannelSuccessOrFailure(c); } catch (IOException e) { throw new IOException("The subsystem request failed.", e); } } public void requestExecCommand(Channel c, String cmd) throws IOException { this.requestExecCommand(c, cmd, null); } /** * @param charsetName The charset used to convert between Java Unicode Strings and byte encodings */ public void requestExecCommand(Channel c, String cmd, String charsetName) throws IOException { PacketSessionExecCommand sm; synchronized (c) { if (c.state != Channel.STATE_OPEN) throw new IOException("Cannot execute command on this channel (" + c.getReasonClosed() + ")"); sm = new PacketSessionExecCommand(c.remoteID, true, cmd); c.successCounter = c.failedCounter = 0; } synchronized (c.channelSendLock) { if (c.closeMessageSent) throw new IOException("Cannot execute command on this channel (" + c.getReasonClosed() + ")"); tm.sendMessage(sm.getPayload(charsetName)); } log.debug("Executing command (channel " + c.localID + ", '" + cmd + "')"); try { waitForChannelSuccessOrFailure(c); } catch (IOException e) { throw new IOException("The execute request failed.", e); } } public void requestShell(Channel c) throws IOException { PacketSessionStartShell sm; synchronized (c) { if (c.state != Channel.STATE_OPEN) throw new IOException("Cannot start shell on this channel (" + c.getReasonClosed() + ")"); sm = new PacketSessionStartShell(c.remoteID, true); c.successCounter = c.failedCounter = 0; } synchronized (c.channelSendLock) { if (c.closeMessageSent) throw new IOException("Cannot start shell on this channel (" + c.getReasonClosed() + ")"); tm.sendMessage(sm.getPayload()); } try { waitForChannelSuccessOrFailure(c); } catch (IOException e) { throw new IOException("The shell request failed.", e); } } public void msgChannelExtendedData(byte[] msg, int msglen) throws IOException { if (msglen <= 13) throw new IOException("SSH_MSG_CHANNEL_EXTENDED_DATA message has wrong size (" + msglen + ")"); int id = ((msg[1] & 0xff) << 24) | ((msg[2] & 0xff) << 16) | ((msg[3] & 0xff) << 8) | (msg[4] & 0xff); int dataType = ((msg[5] & 0xff) << 24) | ((msg[6] & 0xff) << 16) | ((msg[7] & 0xff) << 8) | (msg[8] & 0xff); int len = ((msg[9] & 0xff) << 24) | ((msg[10] & 0xff) << 16) | ((msg[11] & 0xff) << 8) | (msg[12] & 0xff); Channel c = getChannel(id); if (c == null) throw new IOException("Unexpected SSH_MSG_CHANNEL_EXTENDED_DATA message for non-existent channel " + id); if (dataType != Packets.SSH_EXTENDED_DATA_STDERR) throw new IOException("SSH_MSG_CHANNEL_EXTENDED_DATA message has unknown type (" + dataType + ")"); if (len != (msglen - 13)) throw new IOException("SSH_MSG_CHANNEL_EXTENDED_DATA message has wrong len (calculated " + (msglen - 13) + ", got " + len + ")"); log.debug("Got SSH_MSG_CHANNEL_EXTENDED_DATA (channel " + id + ", " + len + ")"); synchronized (c) { if (c.state == Channel.STATE_CLOSED) return; // ignore if (c.state != Channel.STATE_OPEN) throw new IOException("Got SSH_MSG_CHANNEL_EXTENDED_DATA, but channel is not in correct state (" + c.state + ")"); if (c.localWindow < len) throw new IOException("Remote sent too much data, does not fit into window."); c.localWindow -= len; System.arraycopy(msg, 13, c.stderrBuffer, c.stderrWritepos, len); c.stderrWritepos += len; c.notifyAll(); } } /** * Wait until for a condition. * * @param c Channel * @param timeout in ms, 0 means no timeout. * @param condition_mask minimum event mask (at least one of the conditions must be fulfilled) * @return all current events */ public int waitForCondition(Channel c, long timeout, int condition_mask) throws IOException { long end_time = 0; boolean end_time_set = false; synchronized (c) { while (true) { int current_cond = 0; int stdoutAvail = c.stdoutWritepos - c.stdoutReadpos; int stderrAvail = c.stderrWritepos - c.stderrReadpos; if (stdoutAvail > 0) current_cond = current_cond | ChannelCondition.STDOUT_DATA; if (stderrAvail > 0) current_cond = current_cond | ChannelCondition.STDERR_DATA; if (c.EOF) current_cond = current_cond | ChannelCondition.EOF; if (c.getExitStatus() != null) current_cond = current_cond | ChannelCondition.EXIT_STATUS; if (c.getExitSignal() != null) current_cond = current_cond | ChannelCondition.EXIT_SIGNAL; if (c.state == Channel.STATE_CLOSED) return current_cond | ChannelCondition.CLOSED | ChannelCondition.EOF; if ((current_cond & condition_mask) != 0) return current_cond; if (timeout > 0) { if (!end_time_set) { end_time = System.currentTimeMillis() + timeout; end_time_set = true; } else { timeout = end_time - System.currentTimeMillis(); if (timeout <= 0) return current_cond | ChannelCondition.TIMEOUT; } } try { if (timeout > 0) c.wait(timeout); else c.wait(); } catch (InterruptedException e) { throw new InterruptedIOException(e.getMessage()); } } } } public int getAvailable(Channel c, boolean extended) throws IOException { synchronized (c) { int avail; if (extended) avail = c.stderrWritepos - c.stderrReadpos; else avail = c.stdoutWritepos - c.stdoutReadpos; return ((avail > 0) ? avail : (c.EOF ? -1 : 0)); } } public int getChannelData(Channel c, boolean extended, byte[] target, int off, int len) throws IOException { int copylen = 0; int increment = 0; int remoteID = 0; int localID = 0; synchronized (c) { int stdoutAvail = 0; int stderrAvail = 0; while (true) { /* * Data available? We have to return remaining data even if the * channel is already closed. */ stdoutAvail = c.stdoutWritepos - c.stdoutReadpos; stderrAvail = c.stderrWritepos - c.stderrReadpos; if ((!extended) && (stdoutAvail != 0)) break; if ((extended) && (stderrAvail != 0)) break; /* Do not wait if more data will never arrive (EOF or CLOSED) */ if ((c.EOF) || (c.state != Channel.STATE_OPEN)) return -1; try { c.wait(); } catch (InterruptedException e) { throw new InterruptedIOException(e.getMessage()); } } /* OK, there is some data. Return it. */ if (!extended) { copylen = (stdoutAvail > len) ? len : stdoutAvail; System.arraycopy(c.stdoutBuffer, c.stdoutReadpos, target, off, copylen); c.stdoutReadpos += copylen; if (c.stdoutReadpos != c.stdoutWritepos) System.arraycopy(c.stdoutBuffer, c.stdoutReadpos, c.stdoutBuffer, 0, c.stdoutWritepos - c.stdoutReadpos); c.stdoutWritepos -= c.stdoutReadpos; c.stdoutReadpos = 0; } else { copylen = (stderrAvail > len) ? len : stderrAvail; System.arraycopy(c.stderrBuffer, c.stderrReadpos, target, off, copylen); c.stderrReadpos += copylen; if (c.stderrReadpos != c.stderrWritepos) System.arraycopy(c.stderrBuffer, c.stderrReadpos, c.stderrBuffer, 0, c.stderrWritepos - c.stderrReadpos); c.stderrWritepos -= c.stderrReadpos; c.stderrReadpos = 0; } if (c.state != Channel.STATE_OPEN) return copylen; if (c.localWindow < ((Channel.CHANNEL_BUFFER_SIZE + 1) / 2)) { int minFreeSpace = Math.min(Channel.CHANNEL_BUFFER_SIZE - c.stdoutWritepos, Channel.CHANNEL_BUFFER_SIZE - c.stderrWritepos); increment = minFreeSpace - c.localWindow; c.localWindow = minFreeSpace; } remoteID = c.remoteID; /* read while holding the lock */ localID = c.localID; /* read while holding the lock */ } /* * If a consumer reads stdout and stdin in parallel, we may end up with * sending two msgWindowAdjust messages. Luckily, it * does not matter in which order they arrive at the server. */ if (increment > 0) { log.debug("Sending SSH_MSG_CHANNEL_WINDOW_ADJUST (channel " + localID + ", " + increment + ")"); synchronized (c.channelSendLock) { byte[] msg = c.msgWindowAdjust; msg[0] = Packets.SSH_MSG_CHANNEL_WINDOW_ADJUST; msg[1] = (byte) (remoteID >> 24); msg[2] = (byte) (remoteID >> 16); msg[3] = (byte) (remoteID >> 8); msg[4] = (byte) (remoteID); msg[5] = (byte) (increment >> 24); msg[6] = (byte) (increment >> 16); msg[7] = (byte) (increment >> 8); msg[8] = (byte) (increment); if (c.closeMessageSent == false) tm.sendMessage(msg); } } return copylen; } public void msgChannelData(byte[] msg, int msglen) throws IOException { if (msglen <= 9) throw new IOException("SSH_MSG_CHANNEL_DATA message has wrong size (" + msglen + ")"); int id = ((msg[1] & 0xff) << 24) | ((msg[2] & 0xff) << 16) | ((msg[3] & 0xff) << 8) | (msg[4] & 0xff); int len = ((msg[5] & 0xff) << 24) | ((msg[6] & 0xff) << 16) | ((msg[7] & 0xff) << 8) | (msg[8] & 0xff); Channel c = getChannel(id); if (c == null) throw new IOException("Unexpected SSH_MSG_CHANNEL_DATA message for non-existent channel " + id); if (len != (msglen - 9)) throw new IOException("SSH_MSG_CHANNEL_DATA message has wrong len (calculated " + (msglen - 9) + ", got " + len + ")"); log.debug("Got SSH_MSG_CHANNEL_DATA (channel " + id + ", " + len + ")"); synchronized (c) { if (c.state == Channel.STATE_CLOSED) return; // ignore if (c.state != Channel.STATE_OPEN) throw new IOException("Got SSH_MSG_CHANNEL_DATA, but channel is not in correct state (" + c.state + ")"); if (c.localWindow < len) throw new IOException("Remote sent too much data, does not fit into window."); c.localWindow -= len; System.arraycopy(msg, 9, c.stdoutBuffer, c.stdoutWritepos, len); c.stdoutWritepos += len; c.notifyAll(); } } public void msgChannelWindowAdjust(byte[] msg, int msglen) throws IOException { if (msglen != 9) throw new IOException("SSH_MSG_CHANNEL_WINDOW_ADJUST message has wrong size (" + msglen + ")"); int id = ((msg[1] & 0xff) << 24) | ((msg[2] & 0xff) << 16) | ((msg[3] & 0xff) << 8) | (msg[4] & 0xff); int windowChange = ((msg[5] & 0xff) << 24) | ((msg[6] & 0xff) << 16) | ((msg[7] & 0xff) << 8) | (msg[8] & 0xff); Channel c = getChannel(id); if (c == null) throw new IOException("Unexpected SSH_MSG_CHANNEL_WINDOW_ADJUST message for non-existent channel " + id); synchronized (c) { final long huge = 0xFFFFffffL; /* 2^32 - 1 */ c.remoteWindow += (windowChange & huge); /* avoid sign extension */ /* TODO - is this a good heuristic? */ if ((c.remoteWindow > huge)) c.remoteWindow = huge; c.notifyAll(); } log.debug("Got SSH_MSG_CHANNEL_WINDOW_ADJUST (channel " + id + ", " + windowChange + ")"); } public void msgChannelOpen(byte[] msg, int msglen) throws IOException { TypesReader tr = new TypesReader(msg, 0, msglen); tr.readByte(); // skip packet type String channelType = tr.readString(); int remoteID = tr.readUINT32(); /* sender channel */ int remoteWindow = tr.readUINT32(); /* initial window size */ int remoteMaxPacketSize = tr.readUINT32(); /* maximum packet size */ if ("x11".equals(channelType)) { synchronized (x11_magic_cookies) { /* If we did not request X11 forwarding, then simply ignore this bogus request. */ if (x11_magic_cookies.size() == 0) { PacketChannelOpenFailure pcof = new PacketChannelOpenFailure(remoteID, Packets.SSH_OPEN_ADMINISTRATIVELY_PROHIBITED, "X11 forwarding not activated", ""); tm.sendAsynchronousMessage(pcof.getPayload()); log.warning("Unexpected X11 request, denying it!"); return; } } String remoteOriginatorAddress = tr.readString(); int remoteOriginatorPort = tr.readUINT32(); Channel c = new Channel(this); synchronized (c) { c.remoteID = remoteID; c.remoteWindow = remoteWindow & 0xFFFFffffL; /* properly convert UINT32 to long */ c.remoteMaxPacketSize = remoteMaxPacketSize; c.localID = addChannel(c); } /* * The open confirmation message will be sent from another thread */ RemoteX11AcceptThread rxat = new RemoteX11AcceptThread(c, remoteOriginatorAddress, remoteOriginatorPort); rxat.setDaemon(true); rxat.start(); return; } if ("forwarded-tcpip".equals(channelType)) { String remoteConnectedAddress = tr.readString(); /* address that was connected */ int remoteConnectedPort = tr.readUINT32(); /* port that was connected */ String remoteOriginatorAddress = tr.readString(); /* originator IP address */ int remoteOriginatorPort = tr.readUINT32(); /* originator port */ RemoteForwardingData rfd = null; synchronized (remoteForwardings) { rfd = remoteForwardings.get(remoteConnectedPort); } if (rfd == null) { PacketChannelOpenFailure pcof = new PacketChannelOpenFailure(remoteID, Packets.SSH_OPEN_ADMINISTRATIVELY_PROHIBITED, "No thanks, unknown port in forwarded-tcpip request", ""); /* Always try to be polite. */ tm.sendAsynchronousMessage(pcof.getPayload()); log.debug("Unexpected forwarded-tcpip request, denying it!"); return; } Channel c = new Channel(this); synchronized (c) { c.remoteID = remoteID; c.remoteWindow = remoteWindow & 0xFFFFffffL; /* convert UINT32 to long */ c.remoteMaxPacketSize = remoteMaxPacketSize; c.localID = addChannel(c); } /* * The open confirmation message will be sent from another thread. */ RemoteAcceptThread rat = new RemoteAcceptThread(c, remoteConnectedAddress, remoteConnectedPort, remoteOriginatorAddress, remoteOriginatorPort, rfd.targetAddress, rfd.targetPort); rat.setDaemon(true); rat.start(); return; } if ((server_state != null) && ("session".equals(channelType))) { ServerConnectionCallback cb = null; synchronized (server_state) { cb = server_state.cb_conn; } if (cb == null) { tm.sendAsynchronousMessage(new PacketChannelOpenFailure(remoteID, Packets.SSH_OPEN_ADMINISTRATIVELY_PROHIBITED, "Sessions are currently not enabled", "en").getPayload()); return; } final Channel c = new Channel(this); synchronized (c) { c.remoteID = remoteID; c.remoteWindow = remoteWindow & 0xFFFFffffL; /* convert UINT32 to long */ c.remoteMaxPacketSize = remoteMaxPacketSize; c.localID = addChannel(c); c.state = Channel.STATE_OPEN; c.ss = new ServerSessionImpl(c); } PacketChannelOpenConfirmation pcoc = new PacketChannelOpenConfirmation(c.remoteID, c.localID, c.localWindow, c.localMaxPacketSize); tm.sendAsynchronousMessage(pcoc.getPayload()); c.ss.sscb = cb.acceptSession(c.ss); return; } /* Tell the server that we have no idea what it is talking about */ PacketChannelOpenFailure pcof = new PacketChannelOpenFailure(remoteID, Packets.SSH_OPEN_UNKNOWN_CHANNEL_TYPE, "Unknown channel type", ""); tm.sendAsynchronousMessage(pcof.getPayload()); log.warning("The peer tried to open an unsupported channel type (" + channelType + ")"); } /* Starts the given runnable in a foreground (non-daemon) thread */ private void runAsync(Runnable r) { Thread t = new Thread(r); t.start(); } public void msgChannelRequest(byte[] msg, int msglen) throws IOException { TypesReader tr = new TypesReader(msg, 0, msglen); tr.readByte(); // skip packet type int id = tr.readUINT32(); Channel c = getChannel(id); if (c == null) throw new IOException("Unexpected SSH_MSG_CHANNEL_REQUEST message for non-existent channel " + id); ServerSessionImpl server_session = null; if (server_state != null) { synchronized (c) { server_session = c.ss; } } String type = tr.readString("US-ASCII"); boolean wantReply = tr.readBoolean(); log.debug("Got SSH_MSG_CHANNEL_REQUEST (channel " + id + ", '" + type + "')"); if (type.equals("exit-status")) { if (wantReply != false) throw new IOException( "Badly formatted SSH_MSG_CHANNEL_REQUEST exit-status message, 'want reply' is true"); int exit_status = tr.readUINT32(); if (tr.remain() != 0) throw new IOException("Badly formatted SSH_MSG_CHANNEL_REQUEST message"); synchronized (c) { c.exit_status = exit_status; c.notifyAll(); } log.debug("Got EXIT STATUS (channel " + id + ", status " + exit_status + ")"); return; } if ((server_state == null) && (type.equals("exit-signal"))) { if (wantReply != false) throw new IOException( "Badly formatted SSH_MSG_CHANNEL_REQUEST exit-signal message, 'want reply' is true"); String signame = tr.readString("US-ASCII"); tr.readBoolean(); tr.readString(); tr.readString(); if (tr.remain() != 0) throw new IOException("Badly formatted SSH_MSG_CHANNEL_REQUEST message"); synchronized (c) { c.exit_signal = signame; c.notifyAll(); } log.debug("Got EXIT SIGNAL (channel " + id + ", signal " + signame + ")"); return; } if ((server_session != null) && (type.equals("pty-req"))) { PtySettings pty = new PtySettings(); pty.term = tr.readString(); pty.term_width_characters = tr.readUINT32(); pty.term_height_characters = tr.readUINT32(); pty.term_width_pixels = tr.readUINT32(); pty.term_height_pixels = tr.readUINT32(); pty.terminal_modes = tr.readByteString(); if (tr.remain() != 0) throw new IOException("Badly formatted SSH_MSG_CHANNEL_REQUEST message"); Runnable run_after_sending_success = null; ServerSessionCallback sscb = server_session.getServerSessionCallback(); if (sscb != null) run_after_sending_success = sscb.requestPtyReq(server_session, pty); if (wantReply) { if (run_after_sending_success != null) { tm.sendAsynchronousMessage(new PacketChannelSuccess(c.remoteID).getPayload()); } else { tm.sendAsynchronousMessage(new PacketChannelFailure(c.remoteID).getPayload()); } } if (run_after_sending_success != null) { runAsync(run_after_sending_success); } return; } if ((server_session != null) && (type.equals("shell"))) { if (tr.remain() != 0) throw new IOException("Badly formatted SSH_MSG_CHANNEL_REQUEST message"); Runnable run_after_sending_success = null; ServerSessionCallback sscb = server_session.getServerSessionCallback(); if (sscb != null) run_after_sending_success = sscb.requestShell(server_session); if (wantReply) { if (run_after_sending_success != null) { tm.sendAsynchronousMessage(new PacketChannelSuccess(c.remoteID).getPayload()); } else { tm.sendAsynchronousMessage(new PacketChannelFailure(c.remoteID).getPayload()); } } if (run_after_sending_success != null) { runAsync(run_after_sending_success); } return; } if ((server_session != null) && (type.equals("exec"))) { String command = tr.readString(); if (tr.remain() != 0) throw new IOException("Badly formatted SSH_MSG_CHANNEL_REQUEST message"); Runnable run_after_sending_success = null; ServerSessionCallback sscb = server_session.getServerSessionCallback(); if (sscb != null) run_after_sending_success = sscb.requestExec(server_session, command); if (wantReply) { if (run_after_sending_success != null) { tm.sendAsynchronousMessage(new PacketChannelSuccess(c.remoteID).getPayload()); } else { tm.sendAsynchronousMessage(new PacketChannelFailure(c.remoteID).getPayload()); } } if (run_after_sending_success != null) { runAsync(run_after_sending_success); } return; } /* We simply ignore unknown channel requests, however, if the server wants a reply, * then we signal that we have no idea what it is about. */ if (wantReply) { tm.sendAsynchronousMessage(new PacketChannelFailure(c.remoteID).getPayload()); } log.debug("Channel request '" + type + "' is not known, ignoring it"); } public void msgChannelEOF(byte[] msg, int msglen) throws IOException { if (msglen != 5) throw new IOException("SSH_MSG_CHANNEL_EOF message has wrong size (" + msglen + ")"); int id = ((msg[1] & 0xff) << 24) | ((msg[2] & 0xff) << 16) | ((msg[3] & 0xff) << 8) | (msg[4] & 0xff); Channel c = getChannel(id); if (c == null) throw new IOException("Unexpected SSH_MSG_CHANNEL_EOF message for non-existent channel " + id); synchronized (c) { c.EOF = true; c.notifyAll(); } log.debug("Got SSH_MSG_CHANNEL_EOF (channel " + id + ")"); } public void msgChannelClose(byte[] msg, int msglen) throws IOException { if (msglen != 5) throw new IOException("SSH_MSG_CHANNEL_CLOSE message has wrong size (" + msglen + ")"); int id = ((msg[1] & 0xff) << 24) | ((msg[2] & 0xff) << 16) | ((msg[3] & 0xff) << 8) | (msg[4] & 0xff); Channel c = getChannel(id); if (c == null) throw new IOException("Unexpected SSH_MSG_CHANNEL_CLOSE message for non-existent channel " + id); synchronized (c) { c.EOF = true; c.state = Channel.STATE_CLOSED; c.setReasonClosed("Close requested by remote"); c.closeMessageRecv = true; removeChannel(c.localID); c.notifyAll(); } log.debug("Got SSH_MSG_CHANNEL_CLOSE (channel " + id + ")"); } public void msgChannelSuccess(byte[] msg, int msglen) throws IOException { if (msglen != 5) throw new IOException("SSH_MSG_CHANNEL_SUCCESS message has wrong size (" + msglen + ")"); int id = ((msg[1] & 0xff) << 24) | ((msg[2] & 0xff) << 16) | ((msg[3] & 0xff) << 8) | (msg[4] & 0xff); Channel c = getChannel(id); if (c == null) throw new IOException("Unexpected SSH_MSG_CHANNEL_SUCCESS message for non-existent channel " + id); synchronized (c) { c.successCounter++; c.notifyAll(); } log.debug("Got SSH_MSG_CHANNEL_SUCCESS (channel " + id + ")"); } public void msgChannelFailure(byte[] msg, int msglen) throws IOException { if (msglen != 5) throw new IOException("SSH_MSG_CHANNEL_FAILURE message has wrong size (" + msglen + ")"); int id = ((msg[1] & 0xff) << 24) | ((msg[2] & 0xff) << 16) | ((msg[3] & 0xff) << 8) | (msg[4] & 0xff); Channel c = getChannel(id); if (c == null) throw new IOException("Unexpected SSH_MSG_CHANNEL_FAILURE message for non-existent channel " + id); synchronized (c) { c.failedCounter++; c.notifyAll(); } log.debug("Got SSH_MSG_CHANNEL_FAILURE (channel " + id + ")"); } public void msgChannelOpenConfirmation(byte[] msg, int msglen) throws IOException { PacketChannelOpenConfirmation sm = new PacketChannelOpenConfirmation(msg, 0, msglen); Channel c = getChannel(sm.recipientChannelID); if (c == null) throw new IOException("Unexpected SSH_MSG_CHANNEL_OPEN_CONFIRMATION message for non-existent channel " + sm.recipientChannelID); synchronized (c) { if (c.state != Channel.STATE_OPENING) throw new IOException("Unexpected SSH_MSG_CHANNEL_OPEN_CONFIRMATION message for channel " + sm.recipientChannelID); c.remoteID = sm.senderChannelID; c.remoteWindow = sm.initialWindowSize & 0xFFFFffffL; /* convert UINT32 to long */ c.remoteMaxPacketSize = sm.maxPacketSize; c.state = Channel.STATE_OPEN; c.notifyAll(); } log.debug("Got SSH_MSG_CHANNEL_OPEN_CONFIRMATION (channel " + sm.recipientChannelID + " / remote: " + sm.senderChannelID + ")"); } public void msgChannelOpenFailure(byte[] msg, int msglen) throws IOException { if (msglen < 5) throw new IOException("SSH_MSG_CHANNEL_OPEN_FAILURE message has wrong size (" + msglen + ")"); TypesReader tr = new TypesReader(msg, 0, msglen); tr.readByte(); // skip packet type int id = tr.readUINT32(); /* sender channel */ Channel c = getChannel(id); if (c == null) throw new IOException("Unexpected SSH_MSG_CHANNEL_OPEN_FAILURE message for non-existent channel " + id); int reasonCode = tr.readUINT32(); String description = tr.readString("UTF-8"); String reasonCodeSymbolicName = null; switch (reasonCode) { case 1: reasonCodeSymbolicName = "SSH_OPEN_ADMINISTRATIVELY_PROHIBITED"; break; case 2: reasonCodeSymbolicName = "SSH_OPEN_CONNECT_FAILED"; break; case 3: reasonCodeSymbolicName = "SSH_OPEN_UNKNOWN_CHANNEL_TYPE"; break; case 4: reasonCodeSymbolicName = "SSH_OPEN_RESOURCE_SHORTAGE"; break; default: reasonCodeSymbolicName = "UNKNOWN REASON CODE (" + reasonCode + ")"; } StringBuilder descriptionBuffer = new StringBuilder(); descriptionBuffer.append(description); for (int i = 0; i < descriptionBuffer.length(); i++) { char cc = descriptionBuffer.charAt(i); if ((cc >= 32) && (cc <= 126)) continue; descriptionBuffer.setCharAt(i, '\uFFFD'); } synchronized (c) { c.EOF = true; c.state = Channel.STATE_CLOSED; c.setReasonClosed("The server refused to open the channel (" + reasonCodeSymbolicName + ", '" + descriptionBuffer.toString() + "')"); c.notifyAll(); } log.debug("Got SSH_MSG_CHANNEL_OPEN_FAILURE (channel " + id + ")"); } public void msgGlobalRequest(byte[] msg, int msglen) throws IOException { /* Currently we do not support any kind of global request */ TypesReader tr = new TypesReader(msg, 0, msglen); tr.readByte(); // skip packet type String requestName = tr.readString(); boolean wantReply = tr.readBoolean(); if (wantReply) { byte[] reply_failure = new byte[1]; reply_failure[0] = Packets.SSH_MSG_REQUEST_FAILURE; tm.sendAsynchronousMessage(reply_failure); } /* We do not clean up the requestName String - that is OK for debug */ log.debug("Got SSH_MSG_GLOBAL_REQUEST (" + requestName + ")"); } public void msgGlobalSuccess() throws IOException { synchronized (channels) { globalSuccessCounter++; channels.notifyAll(); } log.debug("Got SSH_MSG_REQUEST_SUCCESS"); } public void msgGlobalFailure() throws IOException { synchronized (channels) { globalFailedCounter++; channels.notifyAll(); } log.debug("Got SSH_MSG_REQUEST_FAILURE"); } public void handleMessage(byte[] msg, int msglen) throws IOException { if (msg == null) { log.debug("HandleMessage: got shutdown"); synchronized (listenerThreads) { for (IChannelWorkerThread lat : listenerThreads) { lat.stopWorking(); } listenerThreadsAllowed = false; } synchronized (channels) { shutdown = true; for (Channel c : channels) { synchronized (c) { c.EOF = true; c.state = Channel.STATE_CLOSED; c.setReasonClosed("The connection is being shutdown"); c.closeMessageRecv = true; /* * You never know, perhaps * we are waiting for a * pending close message * from the server... */ c.notifyAll(); } } channels.clear(); channels.notifyAll(); /* Notify global response waiters */ return; } } switch (msg[0]) { case Packets.SSH_MSG_CHANNEL_OPEN_CONFIRMATION: msgChannelOpenConfirmation(msg, msglen); break; case Packets.SSH_MSG_CHANNEL_WINDOW_ADJUST: msgChannelWindowAdjust(msg, msglen); break; case Packets.SSH_MSG_CHANNEL_DATA: msgChannelData(msg, msglen); break; case Packets.SSH_MSG_CHANNEL_EXTENDED_DATA: msgChannelExtendedData(msg, msglen); break; case Packets.SSH_MSG_CHANNEL_REQUEST: msgChannelRequest(msg, msglen); break; case Packets.SSH_MSG_CHANNEL_EOF: msgChannelEOF(msg, msglen); break; case Packets.SSH_MSG_CHANNEL_OPEN: msgChannelOpen(msg, msglen); break; case Packets.SSH_MSG_CHANNEL_CLOSE: msgChannelClose(msg, msglen); break; case Packets.SSH_MSG_CHANNEL_SUCCESS: msgChannelSuccess(msg, msglen); break; case Packets.SSH_MSG_CHANNEL_FAILURE: msgChannelFailure(msg, msglen); break; case Packets.SSH_MSG_CHANNEL_OPEN_FAILURE: msgChannelOpenFailure(msg, msglen); break; case Packets.SSH_MSG_GLOBAL_REQUEST: msgGlobalRequest(msg, msglen); break; case Packets.SSH_MSG_REQUEST_SUCCESS: msgGlobalSuccess(); break; case Packets.SSH_MSG_REQUEST_FAILURE: msgGlobalFailure(); break; default: throw new IOException("Cannot handle unknown channel message " + (msg[0] & 0xff)); } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/channel/ChannelOutputStream.java000066400000000000000000000026501370551253600317630ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.channel; import java.io.IOException; import java.io.OutputStream; /** * ChannelOutputStream. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public final class ChannelOutputStream extends OutputStream { Channel c; boolean isClosed = false; ChannelOutputStream(Channel c) { this.c = c; } @Override public void write(int b) throws IOException { byte[] buff = new byte[1]; buff[0] = (byte) b; write(buff, 0, 1); } @Override public void close() throws IOException { if (isClosed == false) { isClosed = true; c.cm.sendEOF(c); } } @Override public void flush() throws IOException { if (isClosed) throw new IOException("This OutputStream is closed."); /* This is a no-op, since this stream is unbuffered */ } @Override public void write(byte[] b, int off, int len) throws IOException { if (isClosed) throw new IOException("This OutputStream is closed."); if (b == null) throw new NullPointerException(); if ((off < 0) || (len < 0) || ((off + len) > b.length) || ((off + len) < 0) || (off > b.length)) throw new IndexOutOfBoundsException(); if (len == 0) return; c.cm.sendData(c, b, off, len); } @Override public void write(byte[] b) throws IOException { write(b, 0, b.length); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/channel/IChannelWorkerThread.java000066400000000000000000000005011370551253600320120ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.channel; /** * IChannelWorkerThread. * * @author Christian Plattner * @version 2.50, 03/15/10 */ interface IChannelWorkerThread { public void stopWorking(); } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/channel/LocalAcceptThread.java000066400000000000000000000053671370551253600313300ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.channel; import java.io.IOException; import java.net.InetSocketAddress; import java.net.ServerSocket; import java.net.Socket; /** * LocalAcceptThread. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class LocalAcceptThread extends Thread implements IChannelWorkerThread { ChannelManager cm; String host_to_connect; int port_to_connect; final ServerSocket ss; public LocalAcceptThread(ChannelManager cm, int local_port, String host_to_connect, int port_to_connect) throws IOException { this.cm = cm; this.host_to_connect = host_to_connect; this.port_to_connect = port_to_connect; ss = new ServerSocket(local_port); } public LocalAcceptThread(ChannelManager cm, InetSocketAddress localAddress, String host_to_connect, int port_to_connect) throws IOException { this.cm = cm; this.host_to_connect = host_to_connect; this.port_to_connect = port_to_connect; ss = new ServerSocket(); ss.bind(localAddress); } public ServerSocket getServerSocket() { return ss; } @Override public void run() { try { cm.registerThread(this); } catch (IOException e) { stopWorking(); return; } while (true) { Socket s = null; try { s = ss.accept(); } catch (IOException e) { stopWorking(); return; } Channel cn = null; StreamForwarder r2l = null; StreamForwarder l2r = null; try { /* This may fail, e.g., if the remote port is closed (in optimistic terms: not open yet) */ cn = cm.openDirectTCPIPChannel(host_to_connect, port_to_connect, s.getInetAddress().getHostAddress(), s .getPort()); } catch (IOException e) { /* Simply close the local socket and wait for the next incoming connection */ try { s.close(); } catch (IOException ignore) { } continue; } try { r2l = new StreamForwarder(cn, null, null, cn.stdoutStream, s.getOutputStream(), "RemoteToLocal"); l2r = new StreamForwarder(cn, r2l, s, s.getInputStream(), cn.stdinStream, "LocalToRemote"); } catch (IOException e) { try { /* This message is only visible during debugging, since we discard the channel immediatelly */ cn.cm.closeChannel(cn, "Weird error during creation of StreamForwarder (" + e.getMessage() + ")", true); } catch (IOException ignore) { } continue; } r2l.setDaemon(true); l2r.setDaemon(true); r2l.start(); l2r.start(); } } public void stopWorking() { try { /* This will lead to an IOException in the ss.accept() call */ ss.close(); } catch (IOException ignored) { } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/channel/RemoteAcceptThread.java000066400000000000000000000045771370551253600315330ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.channel; import java.io.IOException; import java.net.Socket; import ch.ethz.ssh2.log.Logger; /** * RemoteAcceptThread. * * @author Christian Plattner * @version $Id$ */ public class RemoteAcceptThread extends Thread { private static final Logger log = Logger.getLogger(RemoteAcceptThread.class); Channel c; String remoteConnectedAddress; int remoteConnectedPort; String remoteOriginatorAddress; int remoteOriginatorPort; String targetAddress; int targetPort; Socket s; public RemoteAcceptThread(Channel c, String remoteConnectedAddress, int remoteConnectedPort, String remoteOriginatorAddress, int remoteOriginatorPort, String targetAddress, int targetPort) { this.c = c; this.remoteConnectedAddress = remoteConnectedAddress; this.remoteConnectedPort = remoteConnectedPort; this.remoteOriginatorAddress = remoteOriginatorAddress; this.remoteOriginatorPort = remoteOriginatorPort; this.targetAddress = targetAddress; this.targetPort = targetPort; log.debug("RemoteAcceptThread: " + remoteConnectedAddress + "/" + remoteConnectedPort + ", R: " + remoteOriginatorAddress + "/" + remoteOriginatorPort); } @Override public void run() { try { c.cm.sendOpenConfirmation(c); s = new Socket(targetAddress, targetPort); StreamForwarder r2l = new StreamForwarder(c, null, null, c.getStdoutStream(), s.getOutputStream(), "RemoteToLocal"); StreamForwarder l2r = new StreamForwarder(c, null, null, s.getInputStream(), c.getStdinStream(), "LocalToRemote"); /* No need to start two threads, one can be executed in the current thread */ r2l.setDaemon(true); r2l.start(); l2r.run(); while (r2l.isAlive()) { try { r2l.join(); } catch (InterruptedException ignored) { } } /* If the channel is already closed, then this is a no-op */ c.cm.closeChannel(c, "EOF on both streams reached.", true); s.close(); } catch (IOException e) { log.warning("IOException in proxy code: " + e.getMessage()); try { c.cm.closeChannel(c, "IOException in proxy code (" + e.getMessage() + ")", true); } catch (IOException ignored) { } try { if (s != null) s.close(); } catch (IOException ignored) { } } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/channel/RemoteForwardingData.java000066400000000000000000000006551370551253600320710ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.channel; /** * RemoteForwardingData. Data about a requested remote forwarding. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class RemoteForwardingData { public String bindAddress; public int bindPort; String targetAddress; int targetPort; } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/channel/RemoteX11AcceptThread.java000066400000000000000000000160441370551253600320150ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.channel; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.net.Socket; import ch.ethz.ssh2.log.Logger; import ch.ethz.ssh2.util.StringEncoder; /** * RemoteX11AcceptThread. * * @author Christian Plattner * @version $Id$ */ public class RemoteX11AcceptThread extends Thread { private static final Logger log = Logger.getLogger(RemoteX11AcceptThread.class); Channel c; String remoteOriginatorAddress; int remoteOriginatorPort; Socket s; public RemoteX11AcceptThread(Channel c, String remoteOriginatorAddress, int remoteOriginatorPort) { this.c = c; this.remoteOriginatorAddress = remoteOriginatorAddress; this.remoteOriginatorPort = remoteOriginatorPort; } @Override public void run() { try { /* Send Open Confirmation */ c.cm.sendOpenConfirmation(c); /* Read startup packet from client */ OutputStream remote_os = c.getStdinStream(); InputStream remote_is = c.getStdoutStream(); /* The following code is based on the protocol description given in: * Scheifler/Gettys, * X Windows System: Core and Extension Protocols: * X Version 11, Releases 6 and 6.1 ISBN 1-55558-148-X * (from the ETH library - after being here for almost ten * years one of the few books I borrowed... sad but true =) */ /* * Client startup: * * 1 0X42 MSB first/0x6c lSB first - byteorder * 1 - unused * 2 card16 - protocol-major-version * 2 card16 - protocol-minor-version * 2 n - lenght of authorization-protocol-name * 2 d - lenght of authorization-protocol-data * 2 - unused * string8 - authorization-protocol-name * p - unused, p=pad(n) * string8 - authorization-protocol-data * q - unused, q=pad(d) * * pad(X) = (4 - (X mod 4)) mod 4 * * Server response: * * 1 (0 failed, 2 authenticate, 1 success) * ... * */ /* Later on we will simply forward the first 6 header bytes to the "real" X11 server */ byte[] header = new byte[6]; if (remote_is.read(header) != 6) throw new IOException("Unexpected EOF on X11 startup!"); if ((header[0] != 0x42) && (header[0] != 0x6c)) // 0x42 MSB first, 0x6C LSB first throw new IOException("Unknown endian format in X11 message!"); /* Yes, I came up with this myself - shall I file an application for a patent? =) */ int idxMSB = (header[0] == 0x42) ? 0 : 1; /* Read authorization data header */ byte[] auth_buff = new byte[6]; if (remote_is.read(auth_buff) != 6) throw new IOException("Unexpected EOF on X11 startup!"); int authProtocolNameLength = ((auth_buff[idxMSB] & 0xff) << 8) | (auth_buff[1 - idxMSB] & 0xff); int authProtocolDataLength = ((auth_buff[2 + idxMSB] & 0xff) << 8) | (auth_buff[3 - idxMSB] & 0xff); if ((authProtocolNameLength > 256) || (authProtocolDataLength > 256)) throw new IOException("Buggy X11 authorization data"); int authProtocolNamePadding = ((4 - (authProtocolNameLength % 4)) % 4); int authProtocolDataPadding = ((4 - (authProtocolDataLength % 4)) % 4); byte[] authProtocolName = new byte[authProtocolNameLength]; byte[] authProtocolData = new byte[authProtocolDataLength]; byte[] paddingBuffer = new byte[4]; if (remote_is.read(authProtocolName) != authProtocolNameLength) throw new IOException("Unexpected EOF on X11 startup! (authProtocolName)"); if (remote_is.read(paddingBuffer, 0, authProtocolNamePadding) != authProtocolNamePadding) throw new IOException("Unexpected EOF on X11 startup! (authProtocolNamePadding)"); if (remote_is.read(authProtocolData) != authProtocolDataLength) throw new IOException("Unexpected EOF on X11 startup! (authProtocolData)"); if (remote_is.read(paddingBuffer, 0, authProtocolDataPadding) != authProtocolDataPadding) throw new IOException("Unexpected EOF on X11 startup! (authProtocolDataPadding)"); if ("MIT-MAGIC-COOKIE-1".equals(StringEncoder.GetString(authProtocolName)) == false) throw new IOException("Unknown X11 authorization protocol!"); if (authProtocolDataLength != 16) throw new IOException("Wrong data length for X11 authorization data!"); StringBuilder tmp = new StringBuilder(32); for (int i = 0; i < authProtocolData.length; i++) { String digit2 = Integer.toHexString(authProtocolData[i] & 0xff); tmp.append((digit2.length() == 2) ? digit2 : "0" + digit2); } String hexEncodedFakeCookie = tmp.toString(); /* Order is very important here - it may be that a certain x11 forwarding * gets disabled right in the moment when we check and register our connection * */ synchronized (c) { /* Please read the comment in Channel.java */ c.hexX11FakeCookie = hexEncodedFakeCookie; } /* Now check our fake cookie directory to see if we produced this cookie */ X11ServerData sd = c.cm.checkX11Cookie(hexEncodedFakeCookie); if (sd == null) throw new IOException("Invalid X11 cookie received."); /* If the session which corresponds to this cookie is closed then we will * detect this: the session's close code will close all channels * with the session's assigned x11 fake cookie. */ s = new Socket(sd.hostname, sd.port); OutputStream x11_os = s.getOutputStream(); InputStream x11_is = s.getInputStream(); /* Now we are sending the startup packet to the real X11 server */ x11_os.write(header); if (sd.x11_magic_cookie == null) { byte[] emptyAuthData = new byte[6]; /* empty auth data, hopefully you are connecting to localhost =) */ x11_os.write(emptyAuthData); } else { if (sd.x11_magic_cookie.length != 16) throw new IOException("The real X11 cookie has an invalid length!"); /* send X11 cookie specified by client */ x11_os.write(auth_buff); x11_os.write(authProtocolName); /* re-use */ x11_os.write(paddingBuffer, 0, authProtocolNamePadding); x11_os.write(sd.x11_magic_cookie); x11_os.write(paddingBuffer, 0, authProtocolDataPadding); } x11_os.flush(); /* Start forwarding traffic */ StreamForwarder r2l = new StreamForwarder(c, null, null, remote_is, x11_os, "RemoteToX11"); StreamForwarder l2r = new StreamForwarder(c, null, null, x11_is, remote_os, "X11ToRemote"); /* No need to start two threads, one can be executed in the current thread */ r2l.setDaemon(true); r2l.start(); l2r.run(); while (r2l.isAlive()) { try { r2l.join(); } catch (InterruptedException ignored) { } } /* If the channel is already closed, then this is a no-op */ c.cm.closeChannel(c, "EOF on both X11 streams reached.", true); s.close(); } catch (IOException e) { log.warning("IOException in X11 proxy code: " + e.getMessage()); try { c.cm.closeChannel(c, "IOException in X11 proxy code (" + e.getMessage() + ")", true); } catch (IOException ignored) { } try { if (s != null) s.close(); } catch (IOException ignored) { } } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/channel/ServerSessionImpl.java000066400000000000000000000020001370551253600314370ustar00rootroot00000000000000 package ch.ethz.ssh2.channel; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import ch.ethz.ssh2.ServerSession; import ch.ethz.ssh2.ServerSessionCallback; public class ServerSessionImpl implements ServerSession { Channel c; public ServerSessionCallback sscb; public ServerSessionImpl(Channel c) { this.c = c; } public int getState() { return c.getState(); } public InputStream getStdout() { return c.getStdoutStream(); } public InputStream getStderr() { return c.getStderrStream(); } public OutputStream getStdin() { return c.getStdinStream(); } public void close() { try { c.cm.closeChannel(c, "Closed due to server request", true); } catch (IOException ignored) { } } public synchronized ServerSessionCallback getServerSessionCallback() { return sscb; } public synchronized void setServerSessionCallback(ServerSessionCallback sscb) { this.sscb = sscb; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/channel/StreamForwarder.java000066400000000000000000000040041370551253600311200ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.channel; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.net.Socket; /** * A StreamForwarder forwards data between two given streams. * If two StreamForwarder threads are used (one for each direction) * then one can be configured to shutdown the underlying channel/socket * if both threads have finished forwarding (EOF). * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class StreamForwarder extends Thread { OutputStream os; InputStream is; byte[] buffer = new byte[Channel.CHANNEL_BUFFER_SIZE]; Channel c; StreamForwarder sibling; Socket s; String mode; StreamForwarder(Channel c, StreamForwarder sibling, Socket s, InputStream is, OutputStream os, String mode) throws IOException { this.is = is; this.os = os; this.mode = mode; this.c = c; this.sibling = sibling; this.s = s; } @Override public void run() { try { while (true) { int len = is.read(buffer); if (len <= 0) break; os.write(buffer, 0, len); os.flush(); } } catch (IOException ignore) { try { c.cm.closeChannel(c, "Closed due to exception in StreamForwarder (" + mode + "): " + ignore.getMessage(), true); } catch (IOException ignored) { } } finally { try { os.close(); } catch (IOException ignored) { } try { is.close(); } catch (IOException ignored) { } if (sibling != null) { while (sibling.isAlive()) { try { sibling.join(); } catch (InterruptedException ignored) { } } try { c.cm.closeChannel(c, "StreamForwarder (" + mode + ") is cleaning up the connection", true); } catch (IOException ignored) { } try { if (s != null) s.close(); } catch (IOException ignored) { } } } } }SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/channel/X11ServerData.java000066400000000000000000000007101370551253600303430ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.channel; /** * X11ServerData. Data regarding an x11 forwarding target. * * @author Christian Plattner * @version 2.50, 03/15/10 * */ public class X11ServerData { public String hostname; public int port; public byte[] x11_magic_cookie; /* not the remote (fake) one, the local (real) one */ } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/000077500000000000000000000000001370551253600250605ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/Base64.java000066400000000000000000000057701370551253600267600ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto; import java.io.CharArrayWriter; import java.io.IOException; /** * Basic Base64 Support. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class Base64 { static final char[] alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".toCharArray(); public static char[] encode(byte[] content) { CharArrayWriter cw = new CharArrayWriter((4 * content.length) / 3); int idx = 0; int x = 0; for (int i = 0; i < content.length; i++) { if (idx == 0) x = (content[i] & 0xff) << 16; else if (idx == 1) x = x | ((content[i] & 0xff) << 8); else x = x | (content[i] & 0xff); idx++; if (idx == 3) { cw.write(alphabet[x >> 18]); cw.write(alphabet[(x >> 12) & 0x3f]); cw.write(alphabet[(x >> 6) & 0x3f]); cw.write(alphabet[x & 0x3f]); idx = 0; } } if (idx == 1) { cw.write(alphabet[x >> 18]); cw.write(alphabet[(x >> 12) & 0x3f]); cw.write('='); cw.write('='); } if (idx == 2) { cw.write(alphabet[x >> 18]); cw.write(alphabet[(x >> 12) & 0x3f]); cw.write(alphabet[(x >> 6) & 0x3f]); cw.write('='); } return cw.toCharArray(); } public static byte[] decode(char[] message) throws IOException { byte buff[] = new byte[4]; byte dest[] = new byte[message.length]; int bpos = 0; int destpos = 0; for (int i = 0; i < message.length; i++) { int c = message[i]; if ((c == '\n') || (c == '\r') || (c == ' ') || (c == '\t')) continue; if ((c >= 'A') && (c <= 'Z')) { buff[bpos++] = (byte) (c - 'A'); } else if ((c >= 'a') && (c <= 'z')) { buff[bpos++] = (byte) ((c - 'a') + 26); } else if ((c >= '0') && (c <= '9')) { buff[bpos++] = (byte) ((c - '0') + 52); } else if (c == '+') { buff[bpos++] = 62; } else if (c == '/') { buff[bpos++] = 63; } else if (c == '=') { buff[bpos++] = 64; } else { throw new IOException("Illegal char in base64 code."); } if (bpos == 4) { bpos = 0; if (buff[0] == 64) break; if (buff[1] == 64) throw new IOException("Unexpected '=' in base64 code."); if (buff[2] == 64) { int v = (((buff[0] & 0x3f) << 6) | ((buff[1] & 0x3f))); dest[destpos++] = (byte) (v >> 4); break; } else if (buff[3] == 64) { int v = (((buff[0] & 0x3f) << 12) | ((buff[1] & 0x3f) << 6) | ((buff[2] & 0x3f))); dest[destpos++] = (byte) (v >> 10); dest[destpos++] = (byte) (v >> 2); break; } else { int v = (((buff[0] & 0x3f) << 18) | ((buff[1] & 0x3f) << 12) | ((buff[2] & 0x3f) << 6) | ((buff[3] & 0x3f))); dest[destpos++] = (byte) (v >> 16); dest[destpos++] = (byte) (v >> 8); dest[destpos++] = (byte) (v); } } } byte[] res = new byte[destpos]; System.arraycopy(dest, 0, res, 0, destpos); return res; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/CryptoWishList.java000066400000000000000000000020001370551253600306620ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto; import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory; import ch.ethz.ssh2.crypto.digest.MAC; import ch.ethz.ssh2.transport.KexManager; /** * CryptoWishList. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class CryptoWishList { public String[] kexAlgorithms = KexManager.getDefaultClientKexAlgorithmList(); public String[] serverHostKeyAlgorithms = KexManager.getDefaultServerHostkeyAlgorithmList(); public String[] c2s_enc_algos = BlockCipherFactory.getDefaultCipherList(); public String[] s2c_enc_algos = BlockCipherFactory.getDefaultCipherList(); public String[] c2s_mac_algos = MAC.getMacList(); public String[] s2c_mac_algos = MAC.getMacList(); public static CryptoWishList forServer() { CryptoWishList cwl = new CryptoWishList(); cwl.kexAlgorithms = KexManager.getDefaultServerKexAlgorithmList(); return cwl; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/KeyMaterial.java000066400000000000000000000047371370551253600301450ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto; import ch.ethz.ssh2.crypto.digest.HashForSSH2Types; import java.math.BigInteger; /** * Establishes key material for iv/key/mac (both directions). * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class KeyMaterial { public byte[] initial_iv_client_to_server; public byte[] initial_iv_server_to_client; public byte[] enc_key_client_to_server; public byte[] enc_key_server_to_client; public byte[] integrity_key_client_to_server; public byte[] integrity_key_server_to_client; private static byte[] calculateKey(HashForSSH2Types sh, BigInteger K, byte[] H, byte type, byte[] SessionID, int keyLength) { byte[] res = new byte[keyLength]; int dglen = sh.getDigestLength(); int numRounds = (keyLength + dglen - 1) / dglen; byte[][] tmp = new byte[numRounds][]; sh.reset(); sh.updateBigInt(K); sh.updateBytes(H); sh.updateByte(type); sh.updateBytes(SessionID); tmp[0] = sh.getDigest(); int off = 0; int produced = Math.min(dglen, keyLength); System.arraycopy(tmp[0], 0, res, off, produced); keyLength -= produced; off += produced; for (int i = 1; i < numRounds; i++) { sh.updateBigInt(K); sh.updateBytes(H); for (int j = 0; j < i; j++) sh.updateBytes(tmp[j]); tmp[i] = sh.getDigest(); produced = Math.min(dglen, keyLength); System.arraycopy(tmp[i], 0, res, off, produced); keyLength -= produced; off += produced; } return res; } public static KeyMaterial create(String hashType, byte[] H, BigInteger K, byte[] SessionID, int keyLengthCS, int blockSizeCS, int macLengthCS, int keyLengthSC, int blockSizeSC, int macLengthSC) throws IllegalArgumentException { KeyMaterial km = new KeyMaterial(); HashForSSH2Types sh = new HashForSSH2Types(hashType); km.initial_iv_client_to_server = calculateKey(sh, K, H, (byte) 'A', SessionID, blockSizeCS); km.initial_iv_server_to_client = calculateKey(sh, K, H, (byte) 'B', SessionID, blockSizeSC); km.enc_key_client_to_server = calculateKey(sh, K, H, (byte) 'C', SessionID, keyLengthCS); km.enc_key_server_to_client = calculateKey(sh, K, H, (byte) 'D', SessionID, keyLengthSC); km.integrity_key_client_to_server = calculateKey(sh, K, H, (byte) 'E', SessionID, macLengthCS); km.integrity_key_server_to_client = calculateKey(sh, K, H, (byte) 'F', SessionID, macLengthSC); return km; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/PEMDecoder.java000066400000000000000000000223601370551253600276350ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto; import java.io.BufferedReader; import java.io.CharArrayReader; import java.io.IOException; import java.math.BigInteger; import ch.ethz.ssh2.crypto.cipher.AES; import ch.ethz.ssh2.crypto.cipher.BlockCipher; import ch.ethz.ssh2.crypto.cipher.CBCMode; import ch.ethz.ssh2.crypto.cipher.DES; import ch.ethz.ssh2.crypto.cipher.DESede; import ch.ethz.ssh2.crypto.digest.MD5; import ch.ethz.ssh2.signature.DSAPrivateKey; import ch.ethz.ssh2.signature.RSAPrivateKey; import ch.ethz.ssh2.util.StringEncoder; /** * PEM Support. * * @author Christian Plattner * @version $Id$ */ public class PEMDecoder { private static final int PEM_RSA_PRIVATE_KEY = 1; private static final int PEM_DSA_PRIVATE_KEY = 2; private static int hexToInt(char c) { if ((c >= 'a') && (c <= 'f')) { return (c - 'a') + 10; } if ((c >= 'A') && (c <= 'F')) { return (c - 'A') + 10; } if ((c >= '0') && (c <= '9')) { return (c - '0'); } throw new IllegalArgumentException("Need hex char"); } private static byte[] hexToByteArray(String hex) { if (hex == null) throw new IllegalArgumentException("null argument"); if ((hex.length() % 2) != 0) throw new IllegalArgumentException("Uneven string length in hex encoding."); byte decoded[] = new byte[hex.length() / 2]; for (int i = 0; i < decoded.length; i++) { int hi = hexToInt(hex.charAt(i * 2)); int lo = hexToInt(hex.charAt((i * 2) + 1)); decoded[i] = (byte) (hi * 16 + lo); } return decoded; } private static byte[] generateKeyFromPasswordSaltWithMD5(byte[] password, byte[] salt, int keyLen) throws IOException { if (salt.length < 8) throw new IllegalArgumentException("Salt needs to be at least 8 bytes for key generation."); MD5 md5 = new MD5(); byte[] key = new byte[keyLen]; byte[] tmp = new byte[md5.getDigestLength()]; while (true) { md5.update(password, 0, password.length); md5.update(salt, 0, 8); // ARGH we only use the first 8 bytes of the salt in this step. // This took me two hours until I got AES-xxx running. int copy = (keyLen < tmp.length) ? keyLen : tmp.length; md5.digest(tmp, 0); System.arraycopy(tmp, 0, key, key.length - keyLen, copy); keyLen -= copy; if (keyLen == 0) return key; md5.update(tmp, 0, tmp.length); } } private static byte[] removePadding(byte[] buff, int blockSize) throws IOException { /* Removes RFC 1423/PKCS #7 padding */ int rfc_1423_padding = buff[buff.length - 1] & 0xff; if ((rfc_1423_padding < 1) || (rfc_1423_padding > blockSize)) throw new PEMDecryptException("Decrypted PEM has wrong padding, did you specify the correct password?"); for (int i = 2; i <= rfc_1423_padding; i++) { if (buff[buff.length - i] != rfc_1423_padding) throw new PEMDecryptException("Decrypted PEM has wrong padding, did you specify the correct password?"); } byte[] tmp = new byte[buff.length - rfc_1423_padding]; System.arraycopy(buff, 0, tmp, 0, buff.length - rfc_1423_padding); return tmp; } private static PEMStructure parsePEM(char[] pem) throws IOException { PEMStructure ps = new PEMStructure(); String line = null; BufferedReader br = new BufferedReader(new CharArrayReader(pem)); String endLine = null; while (true) { line = br.readLine(); if (line == null) throw new IOException("Invalid PEM structure, '-----BEGIN...' missing"); line = line.trim(); if (line.startsWith("-----BEGIN DSA PRIVATE KEY-----")) { endLine = "-----END DSA PRIVATE KEY-----"; ps.pemType = PEM_DSA_PRIVATE_KEY; break; } if (line.startsWith("-----BEGIN RSA PRIVATE KEY-----")) { endLine = "-----END RSA PRIVATE KEY-----"; ps.pemType = PEM_RSA_PRIVATE_KEY; break; } } while (true) { line = br.readLine(); if (line == null) throw new IOException("Invalid PEM structure, " + endLine + " missing"); line = line.trim(); int sem_idx = line.indexOf(':'); if (sem_idx == -1) break; String name = line.substring(0, sem_idx + 1); String value = line.substring(sem_idx + 1); String values[] = value.split(","); for (int i = 0; i < values.length; i++) values[i] = values[i].trim(); // Proc-Type: 4,ENCRYPTED // DEK-Info: DES-EDE3-CBC,579B6BE3E5C60483 if ("Proc-Type:".equals(name)) { ps.procType = values; continue; } if ("DEK-Info:".equals(name)) { ps.dekInfo = values; continue; } /* Ignore line */ } StringBuilder keyData = new StringBuilder(); while (true) { if (line == null) throw new IOException("Invalid PEM structure, " + endLine + " missing"); line = line.trim(); if (line.startsWith(endLine)) break; keyData.append(line); line = br.readLine(); } char[] pem_chars = new char[keyData.length()]; keyData.getChars(0, pem_chars.length, pem_chars, 0); ps.data = Base64.decode(pem_chars); if (ps.data.length == 0) throw new IOException("Invalid PEM structure, no data available"); return ps; } private static void decryptPEM(PEMStructure ps, byte[] pw) throws IOException { if (ps.dekInfo == null) throw new IOException("Broken PEM, no mode and salt given, but encryption enabled"); if (ps.dekInfo.length != 2) throw new IOException("Broken PEM, DEK-Info is incomplete!"); String algo = ps.dekInfo[0]; byte[] salt = hexToByteArray(ps.dekInfo[1]); BlockCipher bc = null; if (algo.equals("DES-EDE3-CBC")) { DESede des3 = new DESede(); des3.init(false, generateKeyFromPasswordSaltWithMD5(pw, salt, 24)); bc = new CBCMode(des3, salt, false); } else if (algo.equals("DES-CBC")) { DES des = new DES(); des.init(false, generateKeyFromPasswordSaltWithMD5(pw, salt, 8)); bc = new CBCMode(des, salt, false); } else if (algo.equals("AES-128-CBC")) { AES aes = new AES(); aes.init(false, generateKeyFromPasswordSaltWithMD5(pw, salt, 16)); bc = new CBCMode(aes, salt, false); } else if (algo.equals("AES-192-CBC")) { AES aes = new AES(); aes.init(false, generateKeyFromPasswordSaltWithMD5(pw, salt, 24)); bc = new CBCMode(aes, salt, false); } else if (algo.equals("AES-256-CBC")) { AES aes = new AES(); aes.init(false, generateKeyFromPasswordSaltWithMD5(pw, salt, 32)); bc = new CBCMode(aes, salt, false); } else { throw new IOException("Cannot decrypt PEM structure, unknown cipher " + algo); } if ((ps.data.length % bc.getBlockSize()) != 0) throw new IOException("Invalid PEM structure, size of encrypted block is not a multiple of " + bc.getBlockSize()); /* Now decrypt the content */ byte[] dz = new byte[ps.data.length]; for (int i = 0; i < ps.data.length / bc.getBlockSize(); i++) { bc.transformBlock(ps.data, i * bc.getBlockSize(), dz, i * bc.getBlockSize()); } /* Now check and remove RFC 1423/PKCS #7 padding */ dz = removePadding(dz, bc.getBlockSize()); ps.data = dz; ps.dekInfo = null; ps.procType = null; } public static final boolean isPEMEncrypted(PEMStructure ps) throws IOException { if (ps.procType == null) return false; if (ps.procType.length != 2) throw new IOException("Unknown Proc-Type field."); if ("4".equals(ps.procType[0]) == false) throw new IOException("Unknown Proc-Type field (" + ps.procType[0] + ")"); if ("ENCRYPTED".equals(ps.procType[1])) return true; return false; } public static final boolean isPEMEncrypted(char[] pem) throws IOException { return isPEMEncrypted(parsePEM(pem)); } public static Object decode(char[] pem, String password) throws IOException { PEMStructure ps = parsePEM(pem); if (isPEMEncrypted(ps)) { if (password == null) throw new IOException("PEM is encrypted, but no password was specified"); decryptPEM(ps, StringEncoder.GetBytes(password)); } if (ps.pemType == PEM_DSA_PRIVATE_KEY) { SimpleDERReader dr = new SimpleDERReader(ps.data); byte[] seq = dr.readSequenceAsByteArray(); if (dr.available() != 0) throw new IOException("Padding in DSA PRIVATE KEY DER stream."); dr.resetInput(seq); BigInteger version = dr.readInt(); if (version.compareTo(BigInteger.ZERO) != 0) throw new IOException("Wrong version (" + version + ") in DSA PRIVATE KEY DER stream."); BigInteger p = dr.readInt(); BigInteger q = dr.readInt(); BigInteger g = dr.readInt(); BigInteger y = dr.readInt(); BigInteger x = dr.readInt(); if (dr.available() != 0) throw new IOException("Padding in DSA PRIVATE KEY DER stream."); return new DSAPrivateKey(p, q, g, y, x); } if (ps.pemType == PEM_RSA_PRIVATE_KEY) { SimpleDERReader dr = new SimpleDERReader(ps.data); byte[] seq = dr.readSequenceAsByteArray(); if (dr.available() != 0) throw new IOException("Padding in RSA PRIVATE KEY DER stream."); dr.resetInput(seq); BigInteger version = dr.readInt(); if ((version.compareTo(BigInteger.ZERO) != 0) && (version.compareTo(BigInteger.ONE) != 0)) throw new IOException("Wrong version (" + version + ") in RSA PRIVATE KEY DER stream."); BigInteger n = dr.readInt(); BigInteger e = dr.readInt(); BigInteger d = dr.readInt(); return new RSAPrivateKey(d, e, n); } throw new IOException("PEM problem: it is of unknown type"); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/PEMDecryptException.java000066400000000000000000000007251370551253600315620ustar00rootroot00000000000000/* * Copyright (c) 2006-2014 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto; import java.io.IOException; /** * @version $Id: PEMDecryptException.java 5865 2010-03-27 03:28:11Z dkocher $ */ public class PEMDecryptException extends IOException { /** * */ private static final long serialVersionUID = 1L; public PEMDecryptException(String message) { super(message); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/PEMStructure.java000066400000000000000000000005421370551253600302660ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto; /** * Parsed PEM structure. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PEMStructure { int pemType; String dekInfo[]; String procType[]; byte[] data; }SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/SimpleDERReader.java000066400000000000000000000054271370551253600306420ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto; import java.io.IOException; import java.math.BigInteger; /** * SimpleDERReader. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class SimpleDERReader { byte[] buffer; int pos; int count; public SimpleDERReader(byte[] b) { resetInput(b); } public SimpleDERReader(byte[] b, int off, int len) { resetInput(b, off, len); } public void resetInput(byte[] b) { resetInput(b, 0, b.length); } public void resetInput(byte[] b, int off, int len) { buffer = b; pos = off; count = len; } private byte readByte() throws IOException { if (count <= 0) throw new IOException("DER byte array: out of data"); count--; return buffer[pos++]; } private byte[] readBytes(int len) throws IOException { if (len > count) throw new IOException("DER byte array: out of data"); byte[] b = new byte[len]; System.arraycopy(buffer, pos, b, 0, len); pos += len; count -= len; return b; } public int available() { return count; } private int readLength() throws IOException { int len = readByte() & 0xff; if ((len & 0x80) == 0) return len; int remain = len & 0x7F; if (remain == 0) return -1; len = 0; while (remain > 0) { len = len << 8; len = len | (readByte() & 0xff); remain--; } return len; } public int ignoreNextObject() throws IOException { int type = readByte() & 0xff; int len = readLength(); if ((len < 0) || len > available()) throw new IOException("Illegal len in DER object (" + len + ")"); readBytes(len); return type; } public BigInteger readInt() throws IOException { int type = readByte() & 0xff; if (type != 0x02) throw new IOException("Expected DER Integer, but found type " + type); int len = readLength(); if ((len < 0) || len > available()) throw new IOException("Illegal len in DER object (" + len + ")"); byte[] b = readBytes(len); return new BigInteger(b); } public byte[] readSequenceAsByteArray() throws IOException { int type = readByte() & 0xff; if (type != 0x30) throw new IOException("Expected DER Sequence, but found type " + type); int len = readLength(); if ((len < 0) || len > available()) throw new IOException("Illegal len in DER object (" + len + ")"); return readBytes(len); } public byte[] readOctetString() throws IOException { int type = readByte() & 0xff; if (type != 0x04) throw new IOException("Expected DER Octetstring, but found type " + type); int len = readLength(); if ((len < 0) || len > available()) throw new IOException("Illegal len in DER object (" + len + ")"); return readBytes(len); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/cipher/000077500000000000000000000000001370551253600263325ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/cipher/AES.java000066400000000000000000001273361370551253600276210ustar00rootroot00000000000000package ch.ethz.ssh2.crypto.cipher; /* This file was shamelessly taken from the Bouncy Castle Crypto package. Their licence file states the following: Copyright (c) 2000 - 2004 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ /** * An implementation of the AES (Rijndael), from FIPS-197. *

* For further details see: http://csrc.nist.gov/encryption/aes/ * . * * This implementation is based on optimizations from Dr. Brian Gladman's paper * and C code at http://fp.gladman.plus.com/cryptography_technology/rijndael/ * * * There are three levels of tradeoff of speed vs memory Because java has no * preprocessor, they are written as three separate classes from which to choose * * The fastest uses 8Kbytes of static tables to precompute round calculations, 4 * 256 word tables for encryption and 4 for decryption. * * The middle performance version uses only one 256 word table for each, for a * total of 2Kbytes, adding 12 rotate operations per round to compute the values * contained in the other tables from the contents of the first * * The slowest version uses no static tables at all and computes the values in * each round *

* This file contains the fast version with 8Kbytes of static tables for round * precomputation * * @author See comments in the source file * @version 2.50, 03/15/10 */ public class AES implements BlockCipher { // The S box private static final byte[] S = { (byte) 99, (byte) 124, (byte) 119, (byte) 123, (byte) 242, (byte) 107, (byte) 111, (byte) 197, (byte) 48, (byte) 1, (byte) 103, (byte) 43, (byte) 254, (byte) 215, (byte) 171, (byte) 118, (byte) 202, (byte) 130, (byte) 201, (byte) 125, (byte) 250, (byte) 89, (byte) 71, (byte) 240, (byte) 173, (byte) 212, (byte) 162, (byte) 175, (byte) 156, (byte) 164, (byte) 114, (byte) 192, (byte) 183, (byte) 253, (byte) 147, (byte) 38, (byte) 54, (byte) 63, (byte) 247, (byte) 204, (byte) 52, (byte) 165, (byte) 229, (byte) 241, (byte) 113, (byte) 216, (byte) 49, (byte) 21, (byte) 4, (byte) 199, (byte) 35, (byte) 195, (byte) 24, (byte) 150, (byte) 5, (byte) 154, (byte) 7, (byte) 18, (byte) 128, (byte) 226, (byte) 235, (byte) 39, (byte) 178, (byte) 117, (byte) 9, (byte) 131, (byte) 44, (byte) 26, (byte) 27, (byte) 110, (byte) 90, (byte) 160, (byte) 82, (byte) 59, (byte) 214, (byte) 179, (byte) 41, (byte) 227, (byte) 47, (byte) 132, (byte) 83, (byte) 209, (byte) 0, (byte) 237, (byte) 32, (byte) 252, (byte) 177, (byte) 91, (byte) 106, (byte) 203, (byte) 190, (byte) 57, (byte) 74, (byte) 76, (byte) 88, (byte) 207, (byte) 208, (byte) 239, (byte) 170, (byte) 251, (byte) 67, (byte) 77, (byte) 51, (byte) 133, (byte) 69, (byte) 249, (byte) 2, (byte) 127, (byte) 80, (byte) 60, (byte) 159, (byte) 168, (byte) 81, (byte) 163, (byte) 64, (byte) 143, (byte) 146, (byte) 157, (byte) 56, (byte) 245, (byte) 188, (byte) 182, (byte) 218, (byte) 33, (byte) 16, (byte) 255, (byte) 243, (byte) 210, (byte) 205, (byte) 12, (byte) 19, (byte) 236, (byte) 95, (byte) 151, (byte) 68, (byte) 23, (byte) 196, (byte) 167, (byte) 126, (byte) 61, (byte) 100, (byte) 93, (byte) 25, (byte) 115, (byte) 96, (byte) 129, (byte) 79, (byte) 220, (byte) 34, (byte) 42, (byte) 144, (byte) 136, (byte) 70, (byte) 238, (byte) 184, (byte) 20, (byte) 222, (byte) 94, (byte) 11, (byte) 219, (byte) 224, (byte) 50, (byte) 58, (byte) 10, (byte) 73, (byte) 6, (byte) 36, (byte) 92, (byte) 194, (byte) 211, (byte) 172, (byte) 98, (byte) 145, (byte) 149, (byte) 228, (byte) 121, (byte) 231, (byte) 200, (byte) 55, (byte) 109, (byte) 141, (byte) 213, (byte) 78, (byte) 169, (byte) 108, (byte) 86, (byte) 244, (byte) 234, (byte) 101, (byte) 122, (byte) 174, (byte) 8, (byte) 186, (byte) 120, (byte) 37, (byte) 46, (byte) 28, (byte) 166, (byte) 180, (byte) 198, (byte) 232, (byte) 221, (byte) 116, (byte) 31, (byte) 75, (byte) 189, (byte) 139, (byte) 138, (byte) 112, (byte) 62, (byte) 181, (byte) 102, (byte) 72, (byte) 3, (byte) 246, (byte) 14, (byte) 97, (byte) 53, (byte) 87, (byte) 185, (byte) 134, (byte) 193, (byte) 29, (byte) 158, (byte) 225, (byte) 248, (byte) 152, (byte) 17, (byte) 105, (byte) 217, (byte) 142, (byte) 148, (byte) 155, (byte) 30, (byte) 135, (byte) 233, (byte) 206, (byte) 85, (byte) 40, (byte) 223, (byte) 140, (byte) 161, (byte) 137, (byte) 13, (byte) 191, (byte) 230, (byte) 66, (byte) 104, (byte) 65, (byte) 153, (byte) 45, (byte) 15, (byte) 176, (byte) 84, (byte) 187, (byte) 22, }; // The inverse S-box private static final byte[] Si = { (byte) 82, (byte) 9, (byte) 106, (byte) 213, (byte) 48, (byte) 54, (byte) 165, (byte) 56, (byte) 191, (byte) 64, (byte) 163, (byte) 158, (byte) 129, (byte) 243, (byte) 215, (byte) 251, (byte) 124, (byte) 227, (byte) 57, (byte) 130, (byte) 155, (byte) 47, (byte) 255, (byte) 135, (byte) 52, (byte) 142, (byte) 67, (byte) 68, (byte) 196, (byte) 222, (byte) 233, (byte) 203, (byte) 84, (byte) 123, (byte) 148, (byte) 50, (byte) 166, (byte) 194, (byte) 35, (byte) 61, (byte) 238, (byte) 76, (byte) 149, (byte) 11, (byte) 66, (byte) 250, (byte) 195, (byte) 78, (byte) 8, (byte) 46, (byte) 161, (byte) 102, (byte) 40, (byte) 217, (byte) 36, (byte) 178, (byte) 118, (byte) 91, (byte) 162, (byte) 73, (byte) 109, (byte) 139, (byte) 209, (byte) 37, (byte) 114, (byte) 248, (byte) 246, (byte) 100, (byte) 134, (byte) 104, (byte) 152, (byte) 22, (byte) 212, (byte) 164, (byte) 92, (byte) 204, (byte) 93, (byte) 101, (byte) 182, (byte) 146, (byte) 108, (byte) 112, (byte) 72, (byte) 80, (byte) 253, (byte) 237, (byte) 185, (byte) 218, (byte) 94, (byte) 21, (byte) 70, (byte) 87, (byte) 167, (byte) 141, (byte) 157, (byte) 132, (byte) 144, (byte) 216, (byte) 171, (byte) 0, (byte) 140, (byte) 188, (byte) 211, (byte) 10, (byte) 247, (byte) 228, (byte) 88, (byte) 5, (byte) 184, (byte) 179, (byte) 69, (byte) 6, (byte) 208, (byte) 44, (byte) 30, (byte) 143, (byte) 202, (byte) 63, (byte) 15, (byte) 2, (byte) 193, (byte) 175, (byte) 189, (byte) 3, (byte) 1, (byte) 19, (byte) 138, (byte) 107, (byte) 58, (byte) 145, (byte) 17, (byte) 65, (byte) 79, (byte) 103, (byte) 220, (byte) 234, (byte) 151, (byte) 242, (byte) 207, (byte) 206, (byte) 240, (byte) 180, (byte) 230, (byte) 115, (byte) 150, (byte) 172, (byte) 116, (byte) 34, (byte) 231, (byte) 173, (byte) 53, (byte) 133, (byte) 226, (byte) 249, (byte) 55, (byte) 232, (byte) 28, (byte) 117, (byte) 223, (byte) 110, (byte) 71, (byte) 241, (byte) 26, (byte) 113, (byte) 29, (byte) 41, (byte) 197, (byte) 137, (byte) 111, (byte) 183, (byte) 98, (byte) 14, (byte) 170, (byte) 24, (byte) 190, (byte) 27, (byte) 252, (byte) 86, (byte) 62, (byte) 75, (byte) 198, (byte) 210, (byte) 121, (byte) 32, (byte) 154, (byte) 219, (byte) 192, (byte) 254, (byte) 120, (byte) 205, (byte) 90, (byte) 244, (byte) 31, (byte) 221, (byte) 168, (byte) 51, (byte) 136, (byte) 7, (byte) 199, (byte) 49, (byte) 177, (byte) 18, (byte) 16, (byte) 89, (byte) 39, (byte) 128, (byte) 236, (byte) 95, (byte) 96, (byte) 81, (byte) 127, (byte) 169, (byte) 25, (byte) 181, (byte) 74, (byte) 13, (byte) 45, (byte) 229, (byte) 122, (byte) 159, (byte) 147, (byte) 201, (byte) 156, (byte) 239, (byte) 160, (byte) 224, (byte) 59, (byte) 77, (byte) 174, (byte) 42, (byte) 245, (byte) 176, (byte) 200, (byte) 235, (byte) 187, (byte) 60, (byte) 131, (byte) 83, (byte) 153, (byte) 97, (byte) 23, (byte) 43, (byte) 4, (byte) 126, (byte) 186, (byte) 119, (byte) 214, (byte) 38, (byte) 225, (byte) 105, (byte) 20, (byte) 99, (byte) 85, (byte) 33, (byte) 12, (byte) 125, }; // vector used in calculating key schedule (powers of x in GF(256)) private static final int[] rcon = { 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c, 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35, 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91 }; // precomputation tables of calculations for rounds private static final int[] T0 = { 0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, 0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56, 0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, 0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, 0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb, 0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, 0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b, 0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, 0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, 0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9, 0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, 0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, 0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f, 0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, 0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, 0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34, 0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, 0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, 0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, 0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1, 0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, 0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972, 0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, 0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, 0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, 0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe, 0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, 0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05, 0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1, 0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, 0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf, 0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, 0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, 0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, 0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, 0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, 0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b, 0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, 0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, 0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, 0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8, 0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, 0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2, 0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, 0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, 0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf, 0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, 0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, 0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, 0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, 0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, 0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc, 0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c, 0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, 0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, 0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, 0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, 0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9, 0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, 0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, 0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0, 0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e, 0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c }; private static final int[] T1 = { 0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d, 0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154, 0x30306050, 0x01010203, 0x6767cea9, 0x2b2b567d, 0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a, 0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87, 0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b, 0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea, 0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b, 0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a, 0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f, 0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908, 0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f, 0x0404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e, 0x18183028, 0x969637a1, 0x05050a0f, 0x9a9a2fb5, 0x07070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d, 0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f, 0x0909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e, 0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb, 0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce, 0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397, 0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c, 0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed, 0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b, 0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a, 0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16, 0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194, 0x45458acf, 0xf9f9e910, 0x02020406, 0x7f7ffe81, 0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3, 0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a, 0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104, 0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263, 0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d, 0xcdcd814c, 0x0c0c1814, 0x13132635, 0xececc32f, 0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39, 0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47, 0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695, 0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f, 0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83, 0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c, 0xdedea779, 0x5e5ebce2, 0x0b0b161d, 0xdbdbad76, 0xe0e0db3b, 0x32326456, 0x3a3a744e, 0x0a0a141e, 0x494992db, 0x06060c0a, 0x2424486c, 0x5c5cb8e4, 0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6, 0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b, 0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7, 0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0, 0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25, 0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x08081018, 0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72, 0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751, 0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21, 0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85, 0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa, 0x484890d8, 0x03030605, 0xf6f6f701, 0x0e0e1c12, 0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0, 0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9, 0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233, 0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7, 0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920, 0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a, 0x8c8c038f, 0xa1a159f8, 0x89890980, 0x0d0d1a17, 0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8, 0x414182c3, 0x999929b0, 0x2d2d5a77, 0x0f0f1e11, 0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a }; private static final int[] T2 = { 0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b, 0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5, 0x30605030, 0x01020301, 0x67cea967, 0x2b567d2b, 0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76, 0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d, 0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0, 0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf, 0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0, 0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26, 0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc, 0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1, 0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15, 0x04080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3, 0x18302818, 0x9637a196, 0x050a0f05, 0x9a2fb59a, 0x070e0907, 0x12243612, 0x801b9b80, 0xe2df3de2, 0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75, 0x09121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a, 0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0, 0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3, 0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784, 0x53a6f553, 0xd1b968d1, 0x00000000, 0xedc12ced, 0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b, 0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39, 0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf, 0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb, 0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485, 0x458acf45, 0xf9e910f9, 0x02040602, 0x7ffe817f, 0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8, 0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f, 0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5, 0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321, 0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2, 0xcd814ccd, 0x0c18140c, 0x13263513, 0xecc32fec, 0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917, 0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d, 0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573, 0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc, 0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388, 0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14, 0xdea779de, 0x5ebce25e, 0x0b161d0b, 0xdbad76db, 0xe0db3be0, 0x32645632, 0x3a744e3a, 0x0a141e0a, 0x4992db49, 0x060c0a06, 0x24486c24, 0x5cb8e45c, 0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662, 0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79, 0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d, 0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9, 0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea, 0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x08101808, 0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e, 0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6, 0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f, 0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a, 0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66, 0x4890d848, 0x03060503, 0xf6f701f6, 0x0e1c120e, 0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9, 0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e, 0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311, 0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794, 0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9, 0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf, 0x8c038f8c, 0xa159f8a1, 0x89098089, 0x0d1a170d, 0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868, 0x4182c341, 0x9929b099, 0x2d5a772d, 0x0f1e110f, 0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16 }; private static final int[] T3 = { 0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b, 0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5, 0x60503030, 0x02030101, 0xcea96767, 0x567d2b2b, 0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676, 0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d, 0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0, 0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf, 0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0, 0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626, 0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc, 0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1, 0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515, 0x080c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3, 0x30281818, 0x37a19696, 0x0a0f0505, 0x2fb59a9a, 0x0e090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2, 0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575, 0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a, 0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0, 0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3, 0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484, 0xa6f55353, 0xb968d1d1, 0x00000000, 0xc12ceded, 0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b, 0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939, 0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf, 0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb, 0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585, 0x8acf4545, 0xe910f9f9, 0x04060202, 0xfe817f7f, 0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8, 0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x058a8f8f, 0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5, 0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121, 0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2, 0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec, 0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717, 0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d, 0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373, 0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc, 0x44662222, 0x547e2a2a, 0x3bab9090, 0x0b838888, 0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414, 0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb, 0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a, 0x92db4949, 0x0c0a0606, 0x486c2424, 0xb8e45c5c, 0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262, 0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979, 0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d, 0x018c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9, 0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea, 0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808, 0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e, 0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6, 0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f, 0x96dd4b4b, 0x61dcbdbd, 0x0d868b8b, 0x0f858a8a, 0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666, 0x90d84848, 0x06050303, 0xf701f6f6, 0x1c120e0e, 0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9, 0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e, 0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111, 0xd2bb6969, 0xa970d9d9, 0x07898e8e, 0x33a79494, 0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9, 0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf, 0x038f8c8c, 0x59f8a1a1, 0x09808989, 0x1a170d0d, 0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868, 0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f, 0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616 }; private static final int[] Tinv0 = { 0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, 0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b, 0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5, 0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5, 0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d, 0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b, 0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295, 0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e, 0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927, 0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d, 0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362, 0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9, 0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52, 0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566, 0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3, 0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed, 0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e, 0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4, 0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4, 0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd, 0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d, 0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060, 0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967, 0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879, 0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000, 0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c, 0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36, 0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624, 0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b, 0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c, 0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12, 0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14, 0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3, 0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b, 0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8, 0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684, 0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7, 0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177, 0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947, 0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322, 0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498, 0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f, 0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54, 0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382, 0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf, 0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb, 0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83, 0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef, 0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029, 0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235, 0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733, 0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117, 0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4, 0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546, 0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, 0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d, 0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb, 0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a, 0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773, 0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478, 0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, 0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff, 0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664, 0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0 }; private static final int[] Tinv1 = { 0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96, 0x6bab3bcb, 0x459d1ff1, 0x58faacab, 0x03e34b93, 0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525, 0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f, 0x5ab1de49, 0x1bba2567, 0x0eea4598, 0xc0fe5de1, 0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6, 0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da, 0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44, 0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd, 0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4, 0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245, 0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994, 0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7, 0xd373ab23, 0x024b72e2, 0x8f1fe357, 0xab55662a, 0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x0837d3a5, 0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c, 0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1, 0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a, 0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475, 0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51, 0x8a213ef9, 0x06dd963d, 0x053eddae, 0xbde64d46, 0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff, 0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777, 0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db, 0x0a7ca147, 0x0f427ce9, 0x1e84f8c9, 0x00000000, 0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e, 0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627, 0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a, 0x670a0cb1, 0xe757930f, 0x96eeb4d2, 0x919b1b9e, 0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16, 0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d, 0x0d090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8, 0x19f15785, 0x0775af4c, 0xdd99eebb, 0x607fa3fd, 0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34, 0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863, 0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420, 0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d, 0x2f9e1d4b, 0x30b2dcf3, 0x52860dec, 0xe3c177d0, 0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722, 0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef, 0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0x0bd49836, 0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4, 0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462, 0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5, 0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3, 0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b, 0x7826cd09, 0x18596ef4, 0xb79aec01, 0x9a4f83a8, 0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6, 0x9be7bad9, 0x366f4ace, 0x099fead4, 0x7cb029d6, 0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0, 0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315, 0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f, 0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x0496e4df, 0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f, 0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e, 0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13, 0x61d79a8c, 0x0ca1377a, 0x14f8598e, 0x3c13eb89, 0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c, 0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf, 0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886, 0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f, 0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41, 0x01a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490, 0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042 }; private static final int[] Tinv2 = { 0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e, 0xab3bcb6b, 0x9d1ff145, 0xfaacab58, 0xe34b9303, 0x302055fa, 0x76adf66d, 0xcc889176, 0x02f5254c, 0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3, 0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0, 0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9, 0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59, 0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8, 0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71, 0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a, 0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f, 0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x08f9942b, 0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8, 0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab, 0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508, 0x2830f287, 0xbf23b2a5, 0x0302ba6a, 0x16ed5c82, 0xcf8a2b1c, 0x79a792b4, 0x07f3f0f2, 0x694ea1e2, 0xda65cdf4, 0x0506d5be, 0x34d11f62, 0xa6c48afe, 0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb, 0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110, 0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd, 0x5491b58d, 0xc471055d, 0x06046fd4, 0x5060ff15, 0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e, 0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee, 0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x00000000, 0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72, 0x0efdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739, 0x0f0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e, 0x0a0cb167, 0x57930fe7, 0xeeb4d296, 0x9b1b9e91, 0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a, 0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17, 0x090e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9, 0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60, 0x01f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e, 0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1, 0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011, 0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1, 0x9e1d4b2f, 0xb2dcf330, 0x860dec52, 0xc177d0e3, 0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264, 0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90, 0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b, 0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf, 0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246, 0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af, 0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312, 0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb, 0x26cd0978, 0x596ef418, 0x9aec01b7, 0x4f83a89a, 0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8, 0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c, 0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066, 0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8, 0x04f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6, 0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04, 0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51, 0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0x0bfb2e41, 0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347, 0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c, 0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1, 0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37, 0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db, 0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40, 0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0x0dff4195, 0xa8397101, 0x0c08deb3, 0xb4d89ce4, 0x566490c1, 0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257 }; private static final int[] Tinv3 = { 0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27, 0x3bcb6bab, 0x1ff1459d, 0xacab58fa, 0x4b9303e3, 0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02, 0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362, 0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe, 0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3, 0x03e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952, 0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9, 0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9, 0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace, 0x63184adf, 0xe582311a, 0x97603351, 0x62457f53, 0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08, 0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b, 0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55, 0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837, 0x30f28728, 0x23b2a5bf, 0x02ba6a03, 0xed5c8216, 0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269, 0x65cdf4da, 0x06d5be05, 0xd11f6234, 0xc48afea6, 0x349d532e, 0xa2a055f3, 0x0532e18a, 0xa475ebf6, 0x0b39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e, 0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6, 0x91b58d54, 0x71055dc4, 0x046fd406, 0x60ff1550, 0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9, 0xb0bd42e8, 0x07888b89, 0xe7385b19, 0x79dbeec8, 0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x00000000, 0x09838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a, 0xfdfbff0e, 0x0f563885, 0x3d1ed5ae, 0x3627392d, 0x0a64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36, 0x0cb1670a, 0x930fe757, 0xb4d296ee, 0x1b9e919b, 0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12, 0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b, 0x0e0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e, 0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f, 0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb, 0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4, 0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6, 0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129, 0x1d4b2f9e, 0xdcf330b2, 0x0dec5286, 0x77d0e3c1, 0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9, 0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033, 0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4, 0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad, 0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e, 0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3, 0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225, 0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b, 0xcd097826, 0x6ef41859, 0xec01b79a, 0x83a89a4f, 0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815, 0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0, 0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2, 0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7, 0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691, 0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496, 0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165, 0x9d04ea5e, 0x015d358c, 0xfa737487, 0xfb2e410b, 0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6, 0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13, 0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147, 0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7, 0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44, 0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3, 0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d, 0x397101a8, 0x08deb30c, 0xd89ce4b4, 0x6490c156, 0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8 }; private int shift(int r, int shift) { return (((r >>> shift) | (r << (32 - shift)))); } /* multiply four bytes in GF(2^8) by 'x' {02} in parallel */ private static final int m1 = 0x80808080; private static final int m2 = 0x7f7f7f7f; private static final int m3 = 0x0000001b; private int FFmulX(int x) { return (((x & m2) << 1) ^ (((x & m1) >>> 7) * m3)); } /* * The following defines provide alternative definitions of FFmulX that * might give improved performance if a fast 32-bit multiply is not * available. * * private int FFmulX(int x) { int u = x & m1; u |= (u >> 1); return ((x & * m2) < < 1) ^ ((u >>> 3) | (u >>> 6)); } private static final int m4 = * 0x1b1b1b1b; private int FFmulX(int x) { int u = x & m1; return ((x & m2) < < * 1) ^ ((u - (u >>> 7)) & m4); } * */ private int inv_mcol(int x) { int f2 = FFmulX(x); int f4 = FFmulX(f2); int f8 = FFmulX(f4); int f9 = x ^ f8; return f2 ^ f4 ^ f8 ^ shift(f2 ^ f9, 8) ^ shift(f4 ^ f9, 16) ^ shift(f9, 24); } private int subWord(int x) { return (S[x & 255] & 255 | ((S[(x >> 8) & 255] & 255) << 8) | ((S[(x >> 16) & 255] & 255) << 16) | S[(x >> 24) & 255] << 24); } /** * Calculate the necessary round keys The number of calculations depends on * key size and block size AES specified a fixed block size of 128 bits and * key sizes 128/192/256 bits This code is written assuming those are the * only possible values */ private int[][] generateWorkingKey(byte[] key, boolean forEncryption) { int KC = key.length / 4; // key length in words int t; if (((KC != 4) && (KC != 6) && (KC != 8)) || ((KC * 4) != key.length)) { throw new IllegalArgumentException("Key length not 128/192/256 bits."); } ROUNDS = KC + 6; // This is not always true for the generalized // Rijndael that allows larger block sizes int[][] W = new int[ROUNDS + 1][4]; // 4 words in a block // // copy the key into the round key array // t = 0; for (int i = 0; i < key.length; t++) { W[t >> 2][t & 3] = (key[i] & 0xff) | ((key[i + 1] & 0xff) << 8) | ((key[i + 2] & 0xff) << 16) | (key[i + 3] << 24); i += 4; } // // while not enough round key material calculated // calculate new values // int k = (ROUNDS + 1) << 2; for (int i = KC; (i < k); i++) { int temp = W[(i - 1) >> 2][(i - 1) & 3]; if ((i % KC) == 0) { temp = subWord(shift(temp, 8)) ^ rcon[(i / KC) - 1]; } else if ((KC > 6) && ((i % KC) == 4)) { temp = subWord(temp); } W[i >> 2][i & 3] = W[(i - KC) >> 2][(i - KC) & 3] ^ temp; } if (!forEncryption) { for (int j = 1; j < ROUNDS; j++) { for (int i = 0; i < 4; i++) { W[j][i] = inv_mcol(W[j][i]); } } } return W; } private int ROUNDS; private int[][] WorkingKey = null; private int C0, C1, C2, C3; private boolean doEncrypt; private static final int BLOCK_SIZE = 16; /** * default constructor - 128 bit block size. */ public AES() { } /** * initialise an AES cipher. * * @param forEncryption * whether or not we are for encryption. * @param key * the key required to set up the cipher. * @exception IllegalArgumentException * if the params argument is inappropriate. */ public final void init(boolean forEncryption, byte[] key) { WorkingKey = generateWorkingKey(key, forEncryption); this.doEncrypt = forEncryption; } public final String getAlgorithmName() { return "AES"; } public final int getBlockSize() { return BLOCK_SIZE; } public final int processBlock(byte[] in, int inOff, byte[] out, int outOff) { if (WorkingKey == null) { throw new IllegalStateException("AES engine not initialised"); } if ((inOff + (32 / 2)) > in.length) { throw new IllegalArgumentException("input buffer too short"); } if ((outOff + (32 / 2)) > out.length) { throw new IllegalArgumentException("output buffer too short"); } if (doEncrypt) { unpackBlock(in, inOff); encryptBlock(WorkingKey); packBlock(out, outOff); } else { unpackBlock(in, inOff); decryptBlock(WorkingKey); packBlock(out, outOff); } return BLOCK_SIZE; } public final void reset() { } private void unpackBlock(byte[] bytes, int off) { int index = off; C0 = (bytes[index++] & 0xff); C0 |= (bytes[index++] & 0xff) << 8; C0 |= (bytes[index++] & 0xff) << 16; C0 |= bytes[index++] << 24; C1 = (bytes[index++] & 0xff); C1 |= (bytes[index++] & 0xff) << 8; C1 |= (bytes[index++] & 0xff) << 16; C1 |= bytes[index++] << 24; C2 = (bytes[index++] & 0xff); C2 |= (bytes[index++] & 0xff) << 8; C2 |= (bytes[index++] & 0xff) << 16; C2 |= bytes[index++] << 24; C3 = (bytes[index++] & 0xff); C3 |= (bytes[index++] & 0xff) << 8; C3 |= (bytes[index++] & 0xff) << 16; C3 |= bytes[index++] << 24; } private void packBlock(byte[] bytes, int off) { int index = off; bytes[index++] = (byte) C0; bytes[index++] = (byte) (C0 >> 8); bytes[index++] = (byte) (C0 >> 16); bytes[index++] = (byte) (C0 >> 24); bytes[index++] = (byte) C1; bytes[index++] = (byte) (C1 >> 8); bytes[index++] = (byte) (C1 >> 16); bytes[index++] = (byte) (C1 >> 24); bytes[index++] = (byte) C2; bytes[index++] = (byte) (C2 >> 8); bytes[index++] = (byte) (C2 >> 16); bytes[index++] = (byte) (C2 >> 24); bytes[index++] = (byte) C3; bytes[index++] = (byte) (C3 >> 8); bytes[index++] = (byte) (C3 >> 16); bytes[index++] = (byte) (C3 >> 24); } private void encryptBlock(int[][] KW) { int r, r0, r1, r2, r3; C0 ^= KW[0][0]; C1 ^= KW[0][1]; C2 ^= KW[0][2]; C3 ^= KW[0][3]; for (r = 1; r < ROUNDS - 1;) { r0 = T0[C0 & 255] ^ T1[(C1 >> 8) & 255] ^ T2[(C2 >> 16) & 255] ^ T3[(C3 >> 24) & 255] ^ KW[r][0]; r1 = T0[C1 & 255] ^ T1[(C2 >> 8) & 255] ^ T2[(C3 >> 16) & 255] ^ T3[(C0 >> 24) & 255] ^ KW[r][1]; r2 = T0[C2 & 255] ^ T1[(C3 >> 8) & 255] ^ T2[(C0 >> 16) & 255] ^ T3[(C1 >> 24) & 255] ^ KW[r][2]; r3 = T0[C3 & 255] ^ T1[(C0 >> 8) & 255] ^ T2[(C1 >> 16) & 255] ^ T3[(C2 >> 24) & 255] ^ KW[r++][3]; C0 = T0[r0 & 255] ^ T1[(r1 >> 8) & 255] ^ T2[(r2 >> 16) & 255] ^ T3[(r3 >> 24) & 255] ^ KW[r][0]; C1 = T0[r1 & 255] ^ T1[(r2 >> 8) & 255] ^ T2[(r3 >> 16) & 255] ^ T3[(r0 >> 24) & 255] ^ KW[r][1]; C2 = T0[r2 & 255] ^ T1[(r3 >> 8) & 255] ^ T2[(r0 >> 16) & 255] ^ T3[(r1 >> 24) & 255] ^ KW[r][2]; C3 = T0[r3 & 255] ^ T1[(r0 >> 8) & 255] ^ T2[(r1 >> 16) & 255] ^ T3[(r2 >> 24) & 255] ^ KW[r++][3]; } r0 = T0[C0 & 255] ^ T1[(C1 >> 8) & 255] ^ T2[(C2 >> 16) & 255] ^ T3[(C3 >> 24) & 255] ^ KW[r][0]; r1 = T0[C1 & 255] ^ T1[(C2 >> 8) & 255] ^ T2[(C3 >> 16) & 255] ^ T3[(C0 >> 24) & 255] ^ KW[r][1]; r2 = T0[C2 & 255] ^ T1[(C3 >> 8) & 255] ^ T2[(C0 >> 16) & 255] ^ T3[(C1 >> 24) & 255] ^ KW[r][2]; r3 = T0[C3 & 255] ^ T1[(C0 >> 8) & 255] ^ T2[(C1 >> 16) & 255] ^ T3[(C2 >> 24) & 255] ^ KW[r++][3]; // the final round's table is a simple function of S so we don't use a // whole other four tables for it C0 = (S[r0 & 255] & 255) ^ ((S[(r1 >> 8) & 255] & 255) << 8) ^ ((S[(r2 >> 16) & 255] & 255) << 16) ^ (S[(r3 >> 24) & 255] << 24) ^ KW[r][0]; C1 = (S[r1 & 255] & 255) ^ ((S[(r2 >> 8) & 255] & 255) << 8) ^ ((S[(r3 >> 16) & 255] & 255) << 16) ^ (S[(r0 >> 24) & 255] << 24) ^ KW[r][1]; C2 = (S[r2 & 255] & 255) ^ ((S[(r3 >> 8) & 255] & 255) << 8) ^ ((S[(r0 >> 16) & 255] & 255) << 16) ^ (S[(r1 >> 24) & 255] << 24) ^ KW[r][2]; C3 = (S[r3 & 255] & 255) ^ ((S[(r0 >> 8) & 255] & 255) << 8) ^ ((S[(r1 >> 16) & 255] & 255) << 16) ^ (S[(r2 >> 24) & 255] << 24) ^ KW[r][3]; } private void decryptBlock(int[][] KW) { int r, r0, r1, r2, r3; C0 ^= KW[ROUNDS][0]; C1 ^= KW[ROUNDS][1]; C2 ^= KW[ROUNDS][2]; C3 ^= KW[ROUNDS][3]; for (r = ROUNDS - 1; r > 1;) { r0 = Tinv0[C0 & 255] ^ Tinv1[(C3 >> 8) & 255] ^ Tinv2[(C2 >> 16) & 255] ^ Tinv3[(C1 >> 24) & 255] ^ KW[r][0]; r1 = Tinv0[C1 & 255] ^ Tinv1[(C0 >> 8) & 255] ^ Tinv2[(C3 >> 16) & 255] ^ Tinv3[(C2 >> 24) & 255] ^ KW[r][1]; r2 = Tinv0[C2 & 255] ^ Tinv1[(C1 >> 8) & 255] ^ Tinv2[(C0 >> 16) & 255] ^ Tinv3[(C3 >> 24) & 255] ^ KW[r][2]; r3 = Tinv0[C3 & 255] ^ Tinv1[(C2 >> 8) & 255] ^ Tinv2[(C1 >> 16) & 255] ^ Tinv3[(C0 >> 24) & 255] ^ KW[r--][3]; C0 = Tinv0[r0 & 255] ^ Tinv1[(r3 >> 8) & 255] ^ Tinv2[(r2 >> 16) & 255] ^ Tinv3[(r1 >> 24) & 255] ^ KW[r][0]; C1 = Tinv0[r1 & 255] ^ Tinv1[(r0 >> 8) & 255] ^ Tinv2[(r3 >> 16) & 255] ^ Tinv3[(r2 >> 24) & 255] ^ KW[r][1]; C2 = Tinv0[r2 & 255] ^ Tinv1[(r1 >> 8) & 255] ^ Tinv2[(r0 >> 16) & 255] ^ Tinv3[(r3 >> 24) & 255] ^ KW[r][2]; C3 = Tinv0[r3 & 255] ^ Tinv1[(r2 >> 8) & 255] ^ Tinv2[(r1 >> 16) & 255] ^ Tinv3[(r0 >> 24) & 255] ^ KW[r--][3]; } r0 = Tinv0[C0 & 255] ^ Tinv1[(C3 >> 8) & 255] ^ Tinv2[(C2 >> 16) & 255] ^ Tinv3[(C1 >> 24) & 255] ^ KW[r][0]; r1 = Tinv0[C1 & 255] ^ Tinv1[(C0 >> 8) & 255] ^ Tinv2[(C3 >> 16) & 255] ^ Tinv3[(C2 >> 24) & 255] ^ KW[r][1]; r2 = Tinv0[C2 & 255] ^ Tinv1[(C1 >> 8) & 255] ^ Tinv2[(C0 >> 16) & 255] ^ Tinv3[(C3 >> 24) & 255] ^ KW[r][2]; r3 = Tinv0[C3 & 255] ^ Tinv1[(C2 >> 8) & 255] ^ Tinv2[(C1 >> 16) & 255] ^ Tinv3[(C0 >> 24) & 255] ^ KW[r--][3]; // the final round's table is a simple function of Si so we don't use a // whole other four tables for it C0 = (Si[r0 & 255] & 255) ^ ((Si[(r3 >> 8) & 255] & 255) << 8) ^ ((Si[(r2 >> 16) & 255] & 255) << 16) ^ (Si[(r1 >> 24) & 255] << 24) ^ KW[0][0]; C1 = (Si[r1 & 255] & 255) ^ ((Si[(r0 >> 8) & 255] & 255) << 8) ^ ((Si[(r3 >> 16) & 255] & 255) << 16) ^ (Si[(r2 >> 24) & 255] << 24) ^ KW[0][1]; C2 = (Si[r2 & 255] & 255) ^ ((Si[(r1 >> 8) & 255] & 255) << 8) ^ ((Si[(r0 >> 16) & 255] & 255) << 16) ^ (Si[(r3 >> 24) & 255] << 24) ^ KW[0][2]; C3 = (Si[r3 & 255] & 255) ^ ((Si[(r2 >> 8) & 255] & 255) << 8) ^ ((Si[(r1 >> 16) & 255] & 255) << 16) ^ (Si[(r0 >> 24) & 255] << 24) ^ KW[0][3]; } public void transformBlock(byte[] src, int srcoff, byte[] dst, int dstoff) { processBlock(src, srcoff, dst, dstoff); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/cipher/BlockCipher.java000066400000000000000000000007011370551253600313600ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto.cipher; /** * BlockCipher. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public interface BlockCipher { public void init(boolean forEncryption, byte[] key); public int getBlockSize(); public void transformBlock(byte[] src, int srcoff, byte[] dst, int dstoff); } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/cipher/BlockCipherFactory.java000066400000000000000000000065621370551253600327230ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto.cipher; import java.util.ArrayList; import java.util.List; import java.util.Vector; /** * BlockCipherFactory. * * @author Christian Plattner * @version $Id$ */ public class BlockCipherFactory { private static final class CipherEntry { String type; int blocksize; int keysize; String cipherClass; public CipherEntry(String type, int blockSize, int keySize, String cipherClass) { this.type = type; this.blocksize = blockSize; this.keysize = keySize; this.cipherClass = cipherClass; } } private static final List ciphers = new ArrayList(); static { /* Higher Priority First */ ciphers.add(new CipherEntry("aes128-ctr", 16, 16, "ch.ethz.ssh2.crypto.cipher.AES")); ciphers.add(new CipherEntry("aes192-ctr", 16, 24, "ch.ethz.ssh2.crypto.cipher.AES")); ciphers.add(new CipherEntry("aes256-ctr", 16, 32, "ch.ethz.ssh2.crypto.cipher.AES")); ciphers.add(new CipherEntry("blowfish-ctr", 8, 16, "ch.ethz.ssh2.crypto.cipher.BlowFish")); ciphers.add(new CipherEntry("aes128-cbc", 16, 16, "ch.ethz.ssh2.crypto.cipher.AES")); ciphers.add(new CipherEntry("aes192-cbc", 16, 24, "ch.ethz.ssh2.crypto.cipher.AES")); ciphers.add(new CipherEntry("aes256-cbc", 16, 32, "ch.ethz.ssh2.crypto.cipher.AES")); ciphers.add(new CipherEntry("blowfish-cbc", 8, 16, "ch.ethz.ssh2.crypto.cipher.BlowFish")); ciphers.add(new CipherEntry("3des-ctr", 8, 24, "ch.ethz.ssh2.crypto.cipher.DESede")); ciphers.add(new CipherEntry("3des-cbc", 8, 24, "ch.ethz.ssh2.crypto.cipher.DESede")); } public static String[] getDefaultCipherList() { List list = new ArrayList(ciphers.size()); for (CipherEntry ce : ciphers) { list.add(ce.type); } return list.toArray(new String[ciphers.size()]); } public static void checkCipherList(String[] cipherCandidates) { for (String cipherCandidate : cipherCandidates) { getEntry(cipherCandidate); } } // @SuppressWarnings("rawtypes") public static BlockCipher createCipher(String type, boolean encrypt, byte[] key, byte[] iv) { try { CipherEntry ce = getEntry(type); Class cc = Class.forName(ce.cipherClass); BlockCipher bc = (BlockCipher) cc.newInstance(); if (type.endsWith("-cbc")) { bc.init(encrypt, key); return new CBCMode(bc, iv, encrypt); } else if (type.endsWith("-ctr")) { bc.init(true, key); return new CTRMode(bc, iv, encrypt); } throw new IllegalArgumentException("Cannot instantiate " + type); } catch (ClassNotFoundException e) { throw new IllegalArgumentException("Cannot instantiate " + type, e); } catch (InstantiationException e) { throw new IllegalArgumentException("Cannot instantiate " + type, e); } catch (IllegalAccessException e) { throw new IllegalArgumentException("Cannot instantiate " + type, e); } } private static CipherEntry getEntry(String type) { for (CipherEntry ce : ciphers) { if (ce.type.equals(type)) { return ce; } } throw new IllegalArgumentException("Unkown algorithm " + type); } public static int getBlockSize(String type) { CipherEntry ce = getEntry(type); return ce.blocksize; } public static int getKeySize(String type) { CipherEntry ce = getEntry(type); return ce.keysize; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/cipher/BlowFish.java000066400000000000000000000476131370551253600307250ustar00rootroot00000000000000package ch.ethz.ssh2.crypto.cipher; /* This file was shamelessly taken from the Bouncy Castle Crypto package. Their licence file states the following: Copyright (c) 2000 - 2004 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ /** * A class that provides Blowfish key encryption operations, such as encoding * data and generating keys. All the algorithms herein are from Applied * Cryptography and implement a simplified cryptography interface. * * @author See comments in the source file * @version 2.50, 03/15/10 */ public class BlowFish implements BlockCipher { private final static int[] KP = { 0x243F6A88, 0x85A308D3, 0x13198A2E, 0x03707344, 0xA4093822, 0x299F31D0, 0x082EFA98, 0xEC4E6C89, 0x452821E6, 0x38D01377, 0xBE5466CF, 0x34E90C6C, 0xC0AC29B7, 0xC97C50DD, 0x3F84D5B5, 0xB5470917, 0x9216D5D9, 0x8979FB1B }, KS0 = { 0xD1310BA6, 0x98DFB5AC, 0x2FFD72DB, 0xD01ADFB7, 0xB8E1AFED, 0x6A267E96, 0xBA7C9045, 0xF12C7F99, 0x24A19947, 0xB3916CF7, 0x0801F2E2, 0x858EFC16, 0x636920D8, 0x71574E69, 0xA458FEA3, 0xF4933D7E, 0x0D95748F, 0x728EB658, 0x718BCD58, 0x82154AEE, 0x7B54A41D, 0xC25A59B5, 0x9C30D539, 0x2AF26013, 0xC5D1B023, 0x286085F0, 0xCA417918, 0xB8DB38EF, 0x8E79DCB0, 0x603A180E, 0x6C9E0E8B, 0xB01E8A3E, 0xD71577C1, 0xBD314B27, 0x78AF2FDA, 0x55605C60, 0xE65525F3, 0xAA55AB94, 0x57489862, 0x63E81440, 0x55CA396A, 0x2AAB10B6, 0xB4CC5C34, 0x1141E8CE, 0xA15486AF, 0x7C72E993, 0xB3EE1411, 0x636FBC2A, 0x2BA9C55D, 0x741831F6, 0xCE5C3E16, 0x9B87931E, 0xAFD6BA33, 0x6C24CF5C, 0x7A325381, 0x28958677, 0x3B8F4898, 0x6B4BB9AF, 0xC4BFE81B, 0x66282193, 0x61D809CC, 0xFB21A991, 0x487CAC60, 0x5DEC8032, 0xEF845D5D, 0xE98575B1, 0xDC262302, 0xEB651B88, 0x23893E81, 0xD396ACC5, 0x0F6D6FF3, 0x83F44239, 0x2E0B4482, 0xA4842004, 0x69C8F04A, 0x9E1F9B5E, 0x21C66842, 0xF6E96C9A, 0x670C9C61, 0xABD388F0, 0x6A51A0D2, 0xD8542F68, 0x960FA728, 0xAB5133A3, 0x6EEF0B6C, 0x137A3BE4, 0xBA3BF050, 0x7EFB2A98, 0xA1F1651D, 0x39AF0176, 0x66CA593E, 0x82430E88, 0x8CEE8619, 0x456F9FB4, 0x7D84A5C3, 0x3B8B5EBE, 0xE06F75D8, 0x85C12073, 0x401A449F, 0x56C16AA6, 0x4ED3AA62, 0x363F7706, 0x1BFEDF72, 0x429B023D, 0x37D0D724, 0xD00A1248, 0xDB0FEAD3, 0x49F1C09B, 0x075372C9, 0x80991B7B, 0x25D479D8, 0xF6E8DEF7, 0xE3FE501A, 0xB6794C3B, 0x976CE0BD, 0x04C006BA, 0xC1A94FB6, 0x409F60C4, 0x5E5C9EC2, 0x196A2463, 0x68FB6FAF, 0x3E6C53B5, 0x1339B2EB, 0x3B52EC6F, 0x6DFC511F, 0x9B30952C, 0xCC814544, 0xAF5EBD09, 0xBEE3D004, 0xDE334AFD, 0x660F2807, 0x192E4BB3, 0xC0CBA857, 0x45C8740F, 0xD20B5F39, 0xB9D3FBDB, 0x5579C0BD, 0x1A60320A, 0xD6A100C6, 0x402C7279, 0x679F25FE, 0xFB1FA3CC, 0x8EA5E9F8, 0xDB3222F8, 0x3C7516DF, 0xFD616B15, 0x2F501EC8, 0xAD0552AB, 0x323DB5FA, 0xFD238760, 0x53317B48, 0x3E00DF82, 0x9E5C57BB, 0xCA6F8CA0, 0x1A87562E, 0xDF1769DB, 0xD542A8F6, 0x287EFFC3, 0xAC6732C6, 0x8C4F5573, 0x695B27B0, 0xBBCA58C8, 0xE1FFA35D, 0xB8F011A0, 0x10FA3D98, 0xFD2183B8, 0x4AFCB56C, 0x2DD1D35B, 0x9A53E479, 0xB6F84565, 0xD28E49BC, 0x4BFB9790, 0xE1DDF2DA, 0xA4CB7E33, 0x62FB1341, 0xCEE4C6E8, 0xEF20CADA, 0x36774C01, 0xD07E9EFE, 0x2BF11FB4, 0x95DBDA4D, 0xAE909198, 0xEAAD8E71, 0x6B93D5A0, 0xD08ED1D0, 0xAFC725E0, 0x8E3C5B2F, 0x8E7594B7, 0x8FF6E2FB, 0xF2122B64, 0x8888B812, 0x900DF01C, 0x4FAD5EA0, 0x688FC31C, 0xD1CFF191, 0xB3A8C1AD, 0x2F2F2218, 0xBE0E1777, 0xEA752DFE, 0x8B021FA1, 0xE5A0CC0F, 0xB56F74E8, 0x18ACF3D6, 0xCE89E299, 0xB4A84FE0, 0xFD13E0B7, 0x7CC43B81, 0xD2ADA8D9, 0x165FA266, 0x80957705, 0x93CC7314, 0x211A1477, 0xE6AD2065, 0x77B5FA86, 0xC75442F5, 0xFB9D35CF, 0xEBCDAF0C, 0x7B3E89A0, 0xD6411BD3, 0xAE1E7E49, 0x00250E2D, 0x2071B35E, 0x226800BB, 0x57B8E0AF, 0x2464369B, 0xF009B91E, 0x5563911D, 0x59DFA6AA, 0x78C14389, 0xD95A537F, 0x207D5BA2, 0x02E5B9C5, 0x83260376, 0x6295CFA9, 0x11C81968, 0x4E734A41, 0xB3472DCA, 0x7B14A94A, 0x1B510052, 0x9A532915, 0xD60F573F, 0xBC9BC6E4, 0x2B60A476, 0x81E67400, 0x08BA6FB5, 0x571BE91F, 0xF296EC6B, 0x2A0DD915, 0xB6636521, 0xE7B9F9B6, 0xFF34052E, 0xC5855664, 0x53B02D5D, 0xA99F8FA1, 0x08BA4799, 0x6E85076A }, KS1 = { 0x4B7A70E9, 0xB5B32944, 0xDB75092E, 0xC4192623, 0xAD6EA6B0, 0x49A7DF7D, 0x9CEE60B8, 0x8FEDB266, 0xECAA8C71, 0x699A17FF, 0x5664526C, 0xC2B19EE1, 0x193602A5, 0x75094C29, 0xA0591340, 0xE4183A3E, 0x3F54989A, 0x5B429D65, 0x6B8FE4D6, 0x99F73FD6, 0xA1D29C07, 0xEFE830F5, 0x4D2D38E6, 0xF0255DC1, 0x4CDD2086, 0x8470EB26, 0x6382E9C6, 0x021ECC5E, 0x09686B3F, 0x3EBAEFC9, 0x3C971814, 0x6B6A70A1, 0x687F3584, 0x52A0E286, 0xB79C5305, 0xAA500737, 0x3E07841C, 0x7FDEAE5C, 0x8E7D44EC, 0x5716F2B8, 0xB03ADA37, 0xF0500C0D, 0xF01C1F04, 0x0200B3FF, 0xAE0CF51A, 0x3CB574B2, 0x25837A58, 0xDC0921BD, 0xD19113F9, 0x7CA92FF6, 0x94324773, 0x22F54701, 0x3AE5E581, 0x37C2DADC, 0xC8B57634, 0x9AF3DDA7, 0xA9446146, 0x0FD0030E, 0xECC8C73E, 0xA4751E41, 0xE238CD99, 0x3BEA0E2F, 0x3280BBA1, 0x183EB331, 0x4E548B38, 0x4F6DB908, 0x6F420D03, 0xF60A04BF, 0x2CB81290, 0x24977C79, 0x5679B072, 0xBCAF89AF, 0xDE9A771F, 0xD9930810, 0xB38BAE12, 0xDCCF3F2E, 0x5512721F, 0x2E6B7124, 0x501ADDE6, 0x9F84CD87, 0x7A584718, 0x7408DA17, 0xBC9F9ABC, 0xE94B7D8C, 0xEC7AEC3A, 0xDB851DFA, 0x63094366, 0xC464C3D2, 0xEF1C1847, 0x3215D908, 0xDD433B37, 0x24C2BA16, 0x12A14D43, 0x2A65C451, 0x50940002, 0x133AE4DD, 0x71DFF89E, 0x10314E55, 0x81AC77D6, 0x5F11199B, 0x043556F1, 0xD7A3C76B, 0x3C11183B, 0x5924A509, 0xF28FE6ED, 0x97F1FBFA, 0x9EBABF2C, 0x1E153C6E, 0x86E34570, 0xEAE96FB1, 0x860E5E0A, 0x5A3E2AB3, 0x771FE71C, 0x4E3D06FA, 0x2965DCB9, 0x99E71D0F, 0x803E89D6, 0x5266C825, 0x2E4CC978, 0x9C10B36A, 0xC6150EBA, 0x94E2EA78, 0xA5FC3C53, 0x1E0A2DF4, 0xF2F74EA7, 0x361D2B3D, 0x1939260F, 0x19C27960, 0x5223A708, 0xF71312B6, 0xEBADFE6E, 0xEAC31F66, 0xE3BC4595, 0xA67BC883, 0xB17F37D1, 0x018CFF28, 0xC332DDEF, 0xBE6C5AA5, 0x65582185, 0x68AB9802, 0xEECEA50F, 0xDB2F953B, 0x2AEF7DAD, 0x5B6E2F84, 0x1521B628, 0x29076170, 0xECDD4775, 0x619F1510, 0x13CCA830, 0xEB61BD96, 0x0334FE1E, 0xAA0363CF, 0xB5735C90, 0x4C70A239, 0xD59E9E0B, 0xCBAADE14, 0xEECC86BC, 0x60622CA7, 0x9CAB5CAB, 0xB2F3846E, 0x648B1EAF, 0x19BDF0CA, 0xA02369B9, 0x655ABB50, 0x40685A32, 0x3C2AB4B3, 0x319EE9D5, 0xC021B8F7, 0x9B540B19, 0x875FA099, 0x95F7997E, 0x623D7DA8, 0xF837889A, 0x97E32D77, 0x11ED935F, 0x16681281, 0x0E358829, 0xC7E61FD6, 0x96DEDFA1, 0x7858BA99, 0x57F584A5, 0x1B227263, 0x9B83C3FF, 0x1AC24696, 0xCDB30AEB, 0x532E3054, 0x8FD948E4, 0x6DBC3128, 0x58EBF2EF, 0x34C6FFEA, 0xFE28ED61, 0xEE7C3C73, 0x5D4A14D9, 0xE864B7E3, 0x42105D14, 0x203E13E0, 0x45EEE2B6, 0xA3AAABEA, 0xDB6C4F15, 0xFACB4FD0, 0xC742F442, 0xEF6ABBB5, 0x654F3B1D, 0x41CD2105, 0xD81E799E, 0x86854DC7, 0xE44B476A, 0x3D816250, 0xCF62A1F2, 0x5B8D2646, 0xFC8883A0, 0xC1C7B6A3, 0x7F1524C3, 0x69CB7492, 0x47848A0B, 0x5692B285, 0x095BBF00, 0xAD19489D, 0x1462B174, 0x23820E00, 0x58428D2A, 0x0C55F5EA, 0x1DADF43E, 0x233F7061, 0x3372F092, 0x8D937E41, 0xD65FECF1, 0x6C223BDB, 0x7CDE3759, 0xCBEE7460, 0x4085F2A7, 0xCE77326E, 0xA6078084, 0x19F8509E, 0xE8EFD855, 0x61D99735, 0xA969A7AA, 0xC50C06C2, 0x5A04ABFC, 0x800BCADC, 0x9E447A2E, 0xC3453484, 0xFDD56705, 0x0E1E9EC9, 0xDB73DBD3, 0x105588CD, 0x675FDA79, 0xE3674340, 0xC5C43465, 0x713E38D8, 0x3D28F89E, 0xF16DFF20, 0x153E21E7, 0x8FB03D4A, 0xE6E39F2B, 0xDB83ADF7 }, KS2 = { 0xE93D5A68, 0x948140F7, 0xF64C261C, 0x94692934, 0x411520F7, 0x7602D4F7, 0xBCF46B2E, 0xD4A20068, 0xD4082471, 0x3320F46A, 0x43B7D4B7, 0x500061AF, 0x1E39F62E, 0x97244546, 0x14214F74, 0xBF8B8840, 0x4D95FC1D, 0x96B591AF, 0x70F4DDD3, 0x66A02F45, 0xBFBC09EC, 0x03BD9785, 0x7FAC6DD0, 0x31CB8504, 0x96EB27B3, 0x55FD3941, 0xDA2547E6, 0xABCA0A9A, 0x28507825, 0x530429F4, 0x0A2C86DA, 0xE9B66DFB, 0x68DC1462, 0xD7486900, 0x680EC0A4, 0x27A18DEE, 0x4F3FFEA2, 0xE887AD8C, 0xB58CE006, 0x7AF4D6B6, 0xAACE1E7C, 0xD3375FEC, 0xCE78A399, 0x406B2A42, 0x20FE9E35, 0xD9F385B9, 0xEE39D7AB, 0x3B124E8B, 0x1DC9FAF7, 0x4B6D1856, 0x26A36631, 0xEAE397B2, 0x3A6EFA74, 0xDD5B4332, 0x6841E7F7, 0xCA7820FB, 0xFB0AF54E, 0xD8FEB397, 0x454056AC, 0xBA489527, 0x55533A3A, 0x20838D87, 0xFE6BA9B7, 0xD096954B, 0x55A867BC, 0xA1159A58, 0xCCA92963, 0x99E1DB33, 0xA62A4A56, 0x3F3125F9, 0x5EF47E1C, 0x9029317C, 0xFDF8E802, 0x04272F70, 0x80BB155C, 0x05282CE3, 0x95C11548, 0xE4C66D22, 0x48C1133F, 0xC70F86DC, 0x07F9C9EE, 0x41041F0F, 0x404779A4, 0x5D886E17, 0x325F51EB, 0xD59BC0D1, 0xF2BCC18F, 0x41113564, 0x257B7834, 0x602A9C60, 0xDFF8E8A3, 0x1F636C1B, 0x0E12B4C2, 0x02E1329E, 0xAF664FD1, 0xCAD18115, 0x6B2395E0, 0x333E92E1, 0x3B240B62, 0xEEBEB922, 0x85B2A20E, 0xE6BA0D99, 0xDE720C8C, 0x2DA2F728, 0xD0127845, 0x95B794FD, 0x647D0862, 0xE7CCF5F0, 0x5449A36F, 0x877D48FA, 0xC39DFD27, 0xF33E8D1E, 0x0A476341, 0x992EFF74, 0x3A6F6EAB, 0xF4F8FD37, 0xA812DC60, 0xA1EBDDF8, 0x991BE14C, 0xDB6E6B0D, 0xC67B5510, 0x6D672C37, 0x2765D43B, 0xDCD0E804, 0xF1290DC7, 0xCC00FFA3, 0xB5390F92, 0x690FED0B, 0x667B9FFB, 0xCEDB7D9C, 0xA091CF0B, 0xD9155EA3, 0xBB132F88, 0x515BAD24, 0x7B9479BF, 0x763BD6EB, 0x37392EB3, 0xCC115979, 0x8026E297, 0xF42E312D, 0x6842ADA7, 0xC66A2B3B, 0x12754CCC, 0x782EF11C, 0x6A124237, 0xB79251E7, 0x06A1BBE6, 0x4BFB6350, 0x1A6B1018, 0x11CAEDFA, 0x3D25BDD8, 0xE2E1C3C9, 0x44421659, 0x0A121386, 0xD90CEC6E, 0xD5ABEA2A, 0x64AF674E, 0xDA86A85F, 0xBEBFE988, 0x64E4C3FE, 0x9DBC8057, 0xF0F7C086, 0x60787BF8, 0x6003604D, 0xD1FD8346, 0xF6381FB0, 0x7745AE04, 0xD736FCCC, 0x83426B33, 0xF01EAB71, 0xB0804187, 0x3C005E5F, 0x77A057BE, 0xBDE8AE24, 0x55464299, 0xBF582E61, 0x4E58F48F, 0xF2DDFDA2, 0xF474EF38, 0x8789BDC2, 0x5366F9C3, 0xC8B38E74, 0xB475F255, 0x46FCD9B9, 0x7AEB2661, 0x8B1DDF84, 0x846A0E79, 0x915F95E2, 0x466E598E, 0x20B45770, 0x8CD55591, 0xC902DE4C, 0xB90BACE1, 0xBB8205D0, 0x11A86248, 0x7574A99E, 0xB77F19B6, 0xE0A9DC09, 0x662D09A1, 0xC4324633, 0xE85A1F02, 0x09F0BE8C, 0x4A99A025, 0x1D6EFE10, 0x1AB93D1D, 0x0BA5A4DF, 0xA186F20F, 0x2868F169, 0xDCB7DA83, 0x573906FE, 0xA1E2CE9B, 0x4FCD7F52, 0x50115E01, 0xA70683FA, 0xA002B5C4, 0x0DE6D027, 0x9AF88C27, 0x773F8641, 0xC3604C06, 0x61A806B5, 0xF0177A28, 0xC0F586E0, 0x006058AA, 0x30DC7D62, 0x11E69ED7, 0x2338EA63, 0x53C2DD94, 0xC2C21634, 0xBBCBEE56, 0x90BCB6DE, 0xEBFC7DA1, 0xCE591D76, 0x6F05E409, 0x4B7C0188, 0x39720A3D, 0x7C927C24, 0x86E3725F, 0x724D9DB9, 0x1AC15BB4, 0xD39EB8FC, 0xED545578, 0x08FCA5B5, 0xD83D7CD3, 0x4DAD0FC4, 0x1E50EF5E, 0xB161E6F8, 0xA28514D9, 0x6C51133C, 0x6FD5C7E7, 0x56E14EC4, 0x362ABFCE, 0xDDC6C837, 0xD79A3234, 0x92638212, 0x670EFA8E, 0x406000E0 }, KS3 = { 0x3A39CE37, 0xD3FAF5CF, 0xABC27737, 0x5AC52D1B, 0x5CB0679E, 0x4FA33742, 0xD3822740, 0x99BC9BBE, 0xD5118E9D, 0xBF0F7315, 0xD62D1C7E, 0xC700C47B, 0xB78C1B6B, 0x21A19045, 0xB26EB1BE, 0x6A366EB4, 0x5748AB2F, 0xBC946E79, 0xC6A376D2, 0x6549C2C8, 0x530FF8EE, 0x468DDE7D, 0xD5730A1D, 0x4CD04DC6, 0x2939BBDB, 0xA9BA4650, 0xAC9526E8, 0xBE5EE304, 0xA1FAD5F0, 0x6A2D519A, 0x63EF8CE2, 0x9A86EE22, 0xC089C2B8, 0x43242EF6, 0xA51E03AA, 0x9CF2D0A4, 0x83C061BA, 0x9BE96A4D, 0x8FE51550, 0xBA645BD6, 0x2826A2F9, 0xA73A3AE1, 0x4BA99586, 0xEF5562E9, 0xC72FEFD3, 0xF752F7DA, 0x3F046F69, 0x77FA0A59, 0x80E4A915, 0x87B08601, 0x9B09E6AD, 0x3B3EE593, 0xE990FD5A, 0x9E34D797, 0x2CF0B7D9, 0x022B8B51, 0x96D5AC3A, 0x017DA67D, 0xD1CF3ED6, 0x7C7D2D28, 0x1F9F25CF, 0xADF2B89B, 0x5AD6B472, 0x5A88F54C, 0xE029AC71, 0xE019A5E6, 0x47B0ACFD, 0xED93FA9B, 0xE8D3C48D, 0x283B57CC, 0xF8D56629, 0x79132E28, 0x785F0191, 0xED756055, 0xF7960E44, 0xE3D35E8C, 0x15056DD4, 0x88F46DBA, 0x03A16125, 0x0564F0BD, 0xC3EB9E15, 0x3C9057A2, 0x97271AEC, 0xA93A072A, 0x1B3F6D9B, 0x1E6321F5, 0xF59C66FB, 0x26DCF319, 0x7533D928, 0xB155FDF5, 0x03563482, 0x8ABA3CBB, 0x28517711, 0xC20AD9F8, 0xABCC5167, 0xCCAD925F, 0x4DE81751, 0x3830DC8E, 0x379D5862, 0x9320F991, 0xEA7A90C2, 0xFB3E7BCE, 0x5121CE64, 0x774FBE32, 0xA8B6E37E, 0xC3293D46, 0x48DE5369, 0x6413E680, 0xA2AE0810, 0xDD6DB224, 0x69852DFD, 0x09072166, 0xB39A460A, 0x6445C0DD, 0x586CDECF, 0x1C20C8AE, 0x5BBEF7DD, 0x1B588D40, 0xCCD2017F, 0x6BB4E3BB, 0xDDA26A7E, 0x3A59FF45, 0x3E350A44, 0xBCB4CDD5, 0x72EACEA8, 0xFA6484BB, 0x8D6612AE, 0xBF3C6F47, 0xD29BE463, 0x542F5D9E, 0xAEC2771B, 0xF64E6370, 0x740E0D8D, 0xE75B1357, 0xF8721671, 0xAF537D5D, 0x4040CB08, 0x4EB4E2CC, 0x34D2466A, 0x0115AF84, 0xE1B00428, 0x95983A1D, 0x06B89FB4, 0xCE6EA048, 0x6F3F3B82, 0x3520AB82, 0x011A1D4B, 0x277227F8, 0x611560B1, 0xE7933FDC, 0xBB3A792B, 0x344525BD, 0xA08839E1, 0x51CE794B, 0x2F32C9B7, 0xA01FBAC9, 0xE01CC87E, 0xBCC7D1F6, 0xCF0111C3, 0xA1E8AAC7, 0x1A908749, 0xD44FBD9A, 0xD0DADECB, 0xD50ADA38, 0x0339C32A, 0xC6913667, 0x8DF9317C, 0xE0B12B4F, 0xF79E59B7, 0x43F5BB3A, 0xF2D519FF, 0x27D9459C, 0xBF97222C, 0x15E6FC2A, 0x0F91FC71, 0x9B941525, 0xFAE59361, 0xCEB69CEB, 0xC2A86459, 0x12BAA8D1, 0xB6C1075E, 0xE3056A0C, 0x10D25065, 0xCB03A442, 0xE0EC6E0E, 0x1698DB3B, 0x4C98A0BE, 0x3278E964, 0x9F1F9532, 0xE0D392DF, 0xD3A0342B, 0x8971F21E, 0x1B0A7441, 0x4BA3348C, 0xC5BE7120, 0xC37632D8, 0xDF359F8D, 0x9B992F2E, 0xE60B6F47, 0x0FE3F11D, 0xE54CDA54, 0x1EDAD891, 0xCE6279CF, 0xCD3E7E6F, 0x1618B166, 0xFD2C1D05, 0x848FD2C5, 0xF6FB2299, 0xF523F357, 0xA6327623, 0x93A83531, 0x56CCCD02, 0xACF08162, 0x5A75EBB5, 0x6E163697, 0x88D273CC, 0xDE966292, 0x81B949D0, 0x4C50901B, 0x71C65614, 0xE6C6C7BD, 0x327A140A, 0x45E1D006, 0xC3F27B9A, 0xC9AA53FD, 0x62A80F00, 0xBB25BFE2, 0x35BDD2F6, 0x71126905, 0xB2040222, 0xB6CBCF7C, 0xCD769C2B, 0x53113EC0, 0x1640E3D3, 0x38ABBD60, 0x2547ADF0, 0xBA38209C, 0xF746CE76, 0x77AFA1C5, 0x20756060, 0x85CBFE4E, 0x8AE88DD8, 0x7AAAF9B0, 0x4CF9AA7E, 0x1948C25C, 0x02FB8A8C, 0x01C36AE4, 0xD6EBE1F9, 0x90D4F869, 0xA65CDEA0, 0x3F09252D, 0xC208E69F, 0xB74E6132, 0xCE77E25B, 0x578FDFE3, 0x3AC372E6 }; // ==================================== // Useful constants // ==================================== private static final int ROUNDS = 16; private static final int BLOCK_SIZE = 8; // bytes = 64 bits private static final int SBOX_SK = 256; private static final int P_SZ = ROUNDS + 2; private final int[] S0, S1, S2, S3; // the s-boxes private final int[] P; // the p-array private boolean doEncrypt = false; private byte[] workingKey = null; public BlowFish() { S0 = new int[SBOX_SK]; S1 = new int[SBOX_SK]; S2 = new int[SBOX_SK]; S3 = new int[SBOX_SK]; P = new int[P_SZ]; } /** * initialise a Blowfish cipher. * * @param encrypting * whether or not we are for encryption. * @param key * the key required to set up the cipher. * @exception IllegalArgumentException * if the params argument is inappropriate. */ public void init(boolean encrypting, byte[] key) { this.doEncrypt = encrypting; this.workingKey = key; setKey(this.workingKey); } public String getAlgorithmName() { return "Blowfish"; } public final void transformBlock(byte[] in, int inOff, byte[] out, int outOff) { if (workingKey == null) { throw new IllegalStateException("Blowfish not initialised"); } if (doEncrypt) { encryptBlock(in, inOff, out, outOff); } else { decryptBlock(in, inOff, out, outOff); } } public void reset() { } public int getBlockSize() { return BLOCK_SIZE; } // ================================== // Private Implementation // ================================== private int F(int x) { return (((S0[(x >>> 24)] + S1[(x >>> 16) & 0xff]) ^ S2[(x >>> 8) & 0xff]) + S3[x & 0xff]); } /** * apply the encryption cycle to each value pair in the table. */ private void processTable(int xl, int xr, int[] table) { int size = table.length; for (int s = 0; s < size; s += 2) { xl ^= P[0]; for (int i = 1; i < ROUNDS; i += 2) { xr ^= F(xl) ^ P[i]; xl ^= F(xr) ^ P[i + 1]; } xr ^= P[ROUNDS + 1]; table[s] = xr; table[s + 1] = xl; xr = xl; // end of cycle swap xl = table[s]; } } private void setKey(byte[] key) { /* * - comments are from _Applied Crypto_, Schneier, p338 please be * careful comparing the two, AC numbers the arrays from 1, the enclosed * code from 0. * * (1) Initialise the S-boxes and the P-array, with a fixed string This * string contains the hexadecimal digits of pi (3.141...) */ System.arraycopy(KS0, 0, S0, 0, SBOX_SK); System.arraycopy(KS1, 0, S1, 0, SBOX_SK); System.arraycopy(KS2, 0, S2, 0, SBOX_SK); System.arraycopy(KS3, 0, S3, 0, SBOX_SK); System.arraycopy(KP, 0, P, 0, P_SZ); /* * (2) Now, XOR P[0] with the first 32 bits of the key, XOR P[1] with * the second 32-bits of the key, and so on for all bits of the key (up * to P[17]). Repeatedly cycle through the key bits until the entire * P-array has been XOR-ed with the key bits */ int keyLength = key.length; int keyIndex = 0; for (int i = 0; i < P_SZ; i++) { // get the 32 bits of the key, in 4 * 8 bit chunks int data = 0x0000000; for (int j = 0; j < 4; j++) { // create a 32 bit block data = (data << 8) | (key[keyIndex++] & 0xff); // wrap when we get to the end of the key if (keyIndex >= keyLength) { keyIndex = 0; } } // XOR the newly created 32 bit chunk onto the P-array P[i] ^= data; } /* * (3) Encrypt the all-zero string with the Blowfish algorithm, using * the subkeys described in (1) and (2) * * (4) Replace P1 and P2 with the output of step (3) * * (5) Encrypt the output of step(3) using the Blowfish algorithm, with * the modified subkeys. * * (6) Replace P3 and P4 with the output of step (5) * * (7) Continue the process, replacing all elements of the P-array and * then all four S-boxes in order, with the output of the continuously * changing Blowfish algorithm */ processTable(0, 0, P); processTable(P[P_SZ - 2], P[P_SZ - 1], S0); processTable(S0[SBOX_SK - 2], S0[SBOX_SK - 1], S1); processTable(S1[SBOX_SK - 2], S1[SBOX_SK - 1], S2); processTable(S2[SBOX_SK - 2], S2[SBOX_SK - 1], S3); } /** * Encrypt the given input starting at the given offset and place the result * in the provided buffer starting at the given offset. The input will be an * exact multiple of our blocksize. */ private void encryptBlock(byte[] src, int srcIndex, byte[] dst, int dstIndex) { int xl = BytesTo32bits(src, srcIndex); int xr = BytesTo32bits(src, srcIndex + 4); xl ^= P[0]; for (int i = 1; i < ROUNDS; i += 2) { xr ^= F(xl) ^ P[i]; xl ^= F(xr) ^ P[i + 1]; } xr ^= P[ROUNDS + 1]; Bits32ToBytes(xr, dst, dstIndex); Bits32ToBytes(xl, dst, dstIndex + 4); } /** * Decrypt the given input starting at the given offset and place the result * in the provided buffer starting at the given offset. The input will be an * exact multiple of our blocksize. */ private void decryptBlock(byte[] src, int srcIndex, byte[] dst, int dstIndex) { int xl = BytesTo32bits(src, srcIndex); int xr = BytesTo32bits(src, srcIndex + 4); xl ^= P[ROUNDS + 1]; for (int i = ROUNDS; i > 0; i -= 2) { xr ^= F(xl) ^ P[i]; xl ^= F(xr) ^ P[i - 1]; } xr ^= P[0]; Bits32ToBytes(xr, dst, dstIndex); Bits32ToBytes(xl, dst, dstIndex + 4); } private int BytesTo32bits(byte[] b, int i) { return ((b[i] & 0xff) << 24) | ((b[i + 1] & 0xff) << 16) | ((b[i + 2] & 0xff) << 8) | ((b[i + 3] & 0xff)); } private void Bits32ToBytes(int in, byte[] b, int offset) { b[offset + 3] = (byte) in; b[offset + 2] = (byte) (in >> 8); b[offset + 1] = (byte) (in >> 16); b[offset] = (byte) (in >> 24); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/cipher/CBCMode.java000066400000000000000000000035541370551253600304000ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto.cipher; /** * CBCMode. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class CBCMode implements BlockCipher { BlockCipher tc; int blockSize; boolean doEncrypt; byte[] cbc_vector; byte[] tmp_vector; public void init(boolean forEncryption, byte[] key) { } public CBCMode(BlockCipher tc, byte[] iv, boolean doEncrypt) throws IllegalArgumentException { this.tc = tc; this.blockSize = tc.getBlockSize(); this.doEncrypt = doEncrypt; if (this.blockSize != iv.length) throw new IllegalArgumentException("IV must be " + blockSize + " bytes long! (currently " + iv.length + ")"); this.cbc_vector = new byte[blockSize]; this.tmp_vector = new byte[blockSize]; System.arraycopy(iv, 0, cbc_vector, 0, blockSize); } public int getBlockSize() { return blockSize; } private void encryptBlock(byte[] src, int srcoff, byte[] dst, int dstoff) { for (int i = 0; i < blockSize; i++) cbc_vector[i] ^= src[srcoff + i]; tc.transformBlock(cbc_vector, 0, dst, dstoff); System.arraycopy(dst, dstoff, cbc_vector, 0, blockSize); } private void decryptBlock(byte[] src, int srcoff, byte[] dst, int dstoff) { /* Assume the worst, src and dst are overlapping... */ System.arraycopy(src, srcoff, tmp_vector, 0, blockSize); tc.transformBlock(src, srcoff, dst, dstoff); for (int i = 0; i < blockSize; i++) dst[dstoff + i] ^= cbc_vector[i]; /* ...that is why we need a tmp buffer. */ byte[] swap = cbc_vector; cbc_vector = tmp_vector; tmp_vector = swap; } public void transformBlock(byte[] src, int srcoff, byte[] dst, int dstoff) { if (doEncrypt) encryptBlock(src, srcoff, dst, dstoff); else decryptBlock(src, srcoff, dst, dstoff); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/cipher/CTRMode.java000066400000000000000000000024311370551253600304320ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto.cipher; /** * This is CTR mode as described in draft-ietf-secsh-newmodes-XY.txt * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class CTRMode implements BlockCipher { byte[] X; byte[] Xenc; BlockCipher bc; int blockSize; boolean doEncrypt; int count = 0; public void init(boolean forEncryption, byte[] key) { } public CTRMode(BlockCipher tc, byte[] iv, boolean doEnc) throws IllegalArgumentException { bc = tc; blockSize = bc.getBlockSize(); doEncrypt = doEnc; if (blockSize != iv.length) throw new IllegalArgumentException("IV must be " + blockSize + " bytes long! (currently " + iv.length + ")"); X = new byte[blockSize]; Xenc = new byte[blockSize]; System.arraycopy(iv, 0, X, 0, blockSize); } public final int getBlockSize() { return blockSize; } public final void transformBlock(byte[] src, int srcoff, byte[] dst, int dstoff) { bc.transformBlock(X, 0, Xenc, 0); for (int i = 0; i < blockSize; i++) { dst[dstoff + i] = (byte) (src[srcoff + i] ^ Xenc[i]); } for (int i = (blockSize - 1); i >= 0; i--) { X[i]++; if (X[i] != 0) break; } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/cipher/CipherInputStream.java000066400000000000000000000057621370551253600326150ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto.cipher; import java.io.IOException; import java.io.InputStream; /** * CipherInputStream. * * @author Christian Plattner * @version $Id$ */ public class CipherInputStream { BlockCipher currentCipher; InputStream bi; byte[] buffer; byte[] enc; int blockSize; int pos; /* * We cannot use java.io.BufferedInputStream, since that is not available in * J2ME. Everything could be improved alot here. */ private static final int BUFF_SIZE = 8192; byte[] input_buffer = new byte[BUFF_SIZE]; int input_buffer_pos = 0; int input_buffer_size = 0; public CipherInputStream(BlockCipher tc, InputStream bi) { this.bi = bi; changeCipher(tc); } private int fill_buffer() throws IOException { input_buffer_pos = 0; input_buffer_size = 0; input_buffer_size = bi.read(input_buffer, 0, BUFF_SIZE); return input_buffer_size; } private int internal_read(byte[] b, int off, int len) throws IOException { if (input_buffer_size < 0) { return -1; } if (input_buffer_pos >= input_buffer_size) { if (fill_buffer() <= 0) { return -1; } } int avail = input_buffer_size - input_buffer_pos; int thiscopy = (len > avail) ? avail : len; System.arraycopy(input_buffer, input_buffer_pos, b, off, thiscopy); input_buffer_pos += thiscopy; return thiscopy; } public void changeCipher(BlockCipher bc) { this.currentCipher = bc; blockSize = bc.getBlockSize(); buffer = new byte[blockSize]; enc = new byte[blockSize]; pos = blockSize; } private void getBlock() throws IOException { int n = 0; while (n < blockSize) { int len = internal_read(enc, n, blockSize - n); if (len < 0) { throw new IOException("Cannot read full block, EOF reached."); } n += len; } try { currentCipher.transformBlock(enc, 0, buffer, 0); } catch (Exception e) { throw new IOException("Error while decrypting block."); } pos = 0; } public int read(byte[] dst) throws IOException { return read(dst, 0, dst.length); } public int read(byte[] dst, int off, int len) throws IOException { int count = 0; while (len > 0) { if (pos >= blockSize) { getBlock(); } int avail = blockSize - pos; int copy = Math.min(avail, len); System.arraycopy(buffer, pos, dst, off, copy); pos += copy; off += copy; len -= copy; count += copy; } return count; } public int read() throws IOException { if (pos >= blockSize) { getBlock(); } return buffer[pos++] & 0xff; } public int readPlain(byte[] b, int off, int len) throws IOException { if (pos != blockSize) { throw new IOException("Cannot read plain since crypto buffer is not aligned."); } int n = 0; while (n < len) { int cnt = internal_read(b, off + n, len - n); if (cnt < 0) { throw new IOException("Cannot fill buffer, EOF reached."); } n += cnt; } return n; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/cipher/CipherOutputStream.java000066400000000000000000000057031370551253600330110ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto.cipher; import java.io.IOException; import java.io.OutputStream; /** * CipherOutputStream. * * @author Christian Plattner * @version $Id$ */ public class CipherOutputStream { BlockCipher currentCipher; OutputStream bo; byte[] buffer; byte[] enc; int blockSize; int pos; /* * We cannot use java.io.BufferedOutputStream, since that is not available * in J2ME. Everything could be improved here alot. */ private static final int BUFF_SIZE = 8192; byte[] out_buffer = new byte[BUFF_SIZE]; int out_buffer_pos = 0; public CipherOutputStream(BlockCipher tc, OutputStream bo) { this.bo = bo; changeCipher(tc); } private void internal_write(byte[] src, int off, int len) throws IOException { while (len > 0) { int space = BUFF_SIZE - out_buffer_pos; int copy = (len > space) ? space : len; System.arraycopy(src, off, out_buffer, out_buffer_pos, copy); off += copy; out_buffer_pos += copy; len -= copy; if (out_buffer_pos >= BUFF_SIZE) { bo.write(out_buffer, 0, BUFF_SIZE); out_buffer_pos = 0; } } } private void internal_write(int b) throws IOException { out_buffer[out_buffer_pos++] = (byte) b; if (out_buffer_pos >= BUFF_SIZE) { bo.write(out_buffer, 0, BUFF_SIZE); out_buffer_pos = 0; } } public void flush() throws IOException { if (pos != 0) { throw new IOException("FATAL: cannot flush since crypto buffer is not aligned."); } if (out_buffer_pos > 0) { bo.write(out_buffer, 0, out_buffer_pos); out_buffer_pos = 0; } bo.flush(); } public void changeCipher(BlockCipher bc) { this.currentCipher = bc; blockSize = bc.getBlockSize(); buffer = new byte[blockSize]; enc = new byte[blockSize]; pos = 0; } private void writeBlock() throws IOException { try { currentCipher.transformBlock(buffer, 0, enc, 0); } catch (Exception e) { throw new IOException("Error while decrypting block.", e); } internal_write(enc, 0, blockSize); pos = 0; } public void write(byte[] src, int off, int len) throws IOException { while (len > 0) { int avail = blockSize - pos; int copy = Math.min(avail, len); System.arraycopy(src, off, buffer, pos, copy); pos += copy; off += copy; len -= copy; if (pos >= blockSize) { writeBlock(); } } } public void write(int b) throws IOException { buffer[pos++] = (byte) b; if (pos >= blockSize) { writeBlock(); } } public void writePlain(int b) throws IOException { if (pos != 0) { throw new IOException("Cannot write plain since crypto buffer is not aligned."); } internal_write(b); } public void writePlain(byte[] b, int off, int len) throws IOException { if (pos != 0) { throw new IOException("Cannot write plain since crypto buffer is not aligned."); } internal_write(b, off, len); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/cipher/DES.java000066400000000000000000000342441370551253600276170ustar00rootroot00000000000000package ch.ethz.ssh2.crypto.cipher; /* This file is based on the 3DES implementation from the Bouncy Castle Crypto package. Their licence file states the following: Copyright (c) 2000 - 2004 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ /** * DES. * * @author See comments in the source file * @version 2.50, 03/15/10 * */ public class DES implements BlockCipher { private int[] workingKey = null; /** * standard constructor. */ public DES() { } /** * initialise a DES cipher. * * @param encrypting * whether or not we are for encryption. * @param key * the parameters required to set up the cipher. * @exception IllegalArgumentException * if the params argument is inappropriate. */ public void init(boolean encrypting, byte[] key) { this.workingKey = generateWorkingKey(encrypting, key, 0); } public String getAlgorithmName() { return "DES"; } public int getBlockSize() { return 8; } public void transformBlock(byte[] in, int inOff, byte[] out, int outOff) { if (workingKey == null) { throw new IllegalStateException("DES engine not initialised!"); } desFunc(workingKey, in, inOff, out, outOff); } public void reset() { } /** * what follows is mainly taken from "Applied Cryptography", by Bruce * Schneier, however it also bears great resemblance to Richard * Outerbridge's D3DES... */ static short[] Df_Key = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67 }; static short[] bytebit = { 0200, 0100, 040, 020, 010, 04, 02, 01 }; static int[] bigbyte = { 0x800000, 0x400000, 0x200000, 0x100000, 0x80000, 0x40000, 0x20000, 0x10000, 0x8000, 0x4000, 0x2000, 0x1000, 0x800, 0x400, 0x200, 0x100, 0x80, 0x40, 0x20, 0x10, 0x8, 0x4, 0x2, 0x1 }; /* * Use the key schedule specified in the Standard (ANSI X3.92-1981). */ static byte[] pc1 = { 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 }; static byte[] totrot = { 1, 2, 4, 6, 8, 10, 12, 14, 15, 17, 19, 21, 23, 25, 27, 28 }; static byte[] pc2 = { 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 }; static int[] SP1 = { 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404, 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000, 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404, 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004, 0x00010400, 0x00000000, 0x01010004 }; static int[] SP2 = { 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000, 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000, 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000, 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000, 0x80100020, 0x80108020, 0x00108000 }; static int[] SP3 = { 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208, 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008, 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008, 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208, 0x00000008, 0x08020008, 0x00020200 }; static int[] SP4 = { 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080, 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080, 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002000, 0x00802080 }; static int[] SP5 = { 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100, 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000, 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000, 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000, 0x40080000, 0x02080100, 0x40000100 }; static int[] SP6 = { 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010, 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000, 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000, 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000, 0x20000000, 0x00400010, 0x20004010 }; static int[] SP7 = { 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002, 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000, 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800, 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002, 0x04000800, 0x00000800, 0x00200002 }; static int[] SP8 = { 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000, 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040, 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040, 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040, 0x00040040, 0x10000000, 0x10041000 }; /** * generate an integer based working key based on our secret key and what we * processing we are planning to do. * * Acknowledgements for this routine go to James Gillogly & Phil Karn. * (whoever, and wherever they are!). */ protected int[] generateWorkingKey(boolean encrypting, byte[] key, int off) { int[] newKey = new int[32]; boolean[] pc1m = new boolean[56], pcr = new boolean[56]; for (int j = 0; j < 56; j++) { int l = pc1[j]; pc1m[j] = ((key[off + (l >>> 3)] & bytebit[l & 07]) != 0); } for (int i = 0; i < 16; i++) { int l, m, n; if (encrypting) { m = i << 1; } else { m = (15 - i) << 1; } n = m + 1; newKey[m] = newKey[n] = 0; for (int j = 0; j < 28; j++) { l = j + totrot[i]; if (l < 28) { pcr[j] = pc1m[l]; } else { pcr[j] = pc1m[l - 28]; } } for (int j = 28; j < 56; j++) { l = j + totrot[i]; if (l < 56) { pcr[j] = pc1m[l]; } else { pcr[j] = pc1m[l - 28]; } } for (int j = 0; j < 24; j++) { if (pcr[pc2[j]]) { newKey[m] |= bigbyte[j]; } if (pcr[pc2[j + 24]]) { newKey[n] |= bigbyte[j]; } } } // // store the processed key // for (int i = 0; i != 32; i += 2) { int i1, i2; i1 = newKey[i]; i2 = newKey[i + 1]; newKey[i] = ((i1 & 0x00fc0000) << 6) | ((i1 & 0x00000fc0) << 10) | ((i2 & 0x00fc0000) >>> 10) | ((i2 & 0x00000fc0) >>> 6); newKey[i + 1] = ((i1 & 0x0003f000) << 12) | ((i1 & 0x0000003f) << 16) | ((i2 & 0x0003f000) >>> 4) | (i2 & 0x0000003f); } return newKey; } /** * the DES engine. */ protected void desFunc(int[] wKey, byte[] in, int inOff, byte[] out, int outOff) { int work, right, left; left = (in[inOff + 0] & 0xff) << 24; left |= (in[inOff + 1] & 0xff) << 16; left |= (in[inOff + 2] & 0xff) << 8; left |= (in[inOff + 3] & 0xff); right = (in[inOff + 4] & 0xff) << 24; right |= (in[inOff + 5] & 0xff) << 16; right |= (in[inOff + 6] & 0xff) << 8; right |= (in[inOff + 7] & 0xff); work = ((left >>> 4) ^ right) & 0x0f0f0f0f; right ^= work; left ^= (work << 4); work = ((left >>> 16) ^ right) & 0x0000ffff; right ^= work; left ^= (work << 16); work = ((right >>> 2) ^ left) & 0x33333333; left ^= work; right ^= (work << 2); work = ((right >>> 8) ^ left) & 0x00ff00ff; left ^= work; right ^= (work << 8); right = ((right << 1) | ((right >>> 31) & 1)) & 0xffffffff; work = (left ^ right) & 0xaaaaaaaa; left ^= work; right ^= work; left = ((left << 1) | ((left >>> 31) & 1)) & 0xffffffff; for (int round = 0; round < 8; round++) { int fval; work = (right << 28) | (right >>> 4); work ^= wKey[round * 4 + 0]; fval = SP7[work & 0x3f]; fval |= SP5[(work >>> 8) & 0x3f]; fval |= SP3[(work >>> 16) & 0x3f]; fval |= SP1[(work >>> 24) & 0x3f]; work = right ^ wKey[round * 4 + 1]; fval |= SP8[work & 0x3f]; fval |= SP6[(work >>> 8) & 0x3f]; fval |= SP4[(work >>> 16) & 0x3f]; fval |= SP2[(work >>> 24) & 0x3f]; left ^= fval; work = (left << 28) | (left >>> 4); work ^= wKey[round * 4 + 2]; fval = SP7[work & 0x3f]; fval |= SP5[(work >>> 8) & 0x3f]; fval |= SP3[(work >>> 16) & 0x3f]; fval |= SP1[(work >>> 24) & 0x3f]; work = left ^ wKey[round * 4 + 3]; fval |= SP8[work & 0x3f]; fval |= SP6[(work >>> 8) & 0x3f]; fval |= SP4[(work >>> 16) & 0x3f]; fval |= SP2[(work >>> 24) & 0x3f]; right ^= fval; } right = (right << 31) | (right >>> 1); work = (left ^ right) & 0xaaaaaaaa; left ^= work; right ^= work; left = (left << 31) | (left >>> 1); work = ((left >>> 8) ^ right) & 0x00ff00ff; right ^= work; left ^= (work << 8); work = ((left >>> 2) ^ right) & 0x33333333; right ^= work; left ^= (work << 2); work = ((right >>> 16) ^ left) & 0x0000ffff; left ^= work; right ^= (work << 16); work = ((right >>> 4) ^ left) & 0x0f0f0f0f; left ^= work; right ^= (work << 4); out[outOff + 0] = (byte) ((right >>> 24) & 0xff); out[outOff + 1] = (byte) ((right >>> 16) & 0xff); out[outOff + 2] = (byte) ((right >>> 8) & 0xff); out[outOff + 3] = (byte) (right & 0xff); out[outOff + 4] = (byte) ((left >>> 24) & 0xff); out[outOff + 5] = (byte) ((left >>> 16) & 0xff); out[outOff + 6] = (byte) ((left >>> 8) & 0xff); out[outOff + 7] = (byte) (left & 0xff); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/cipher/DESede.java000066400000000000000000000053621370551253600302740ustar00rootroot00000000000000package ch.ethz.ssh2.crypto.cipher; /* This file was shamelessly taken (and modified) from the Bouncy Castle Crypto package. Their licence file states the following: Copyright (c) 2000 - 2004 The Legion Of The Bouncy Castle (http://www.bouncycastle.org) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ /** * DESede. * * @author See comments in the source file * @version 2.50, 03/15/10 * */ public class DESede extends DES { private int[] key1 = null; private int[] key2 = null; private int[] key3 = null; private boolean encrypt; /** * standard constructor. */ public DESede() { } /** * initialise a DES cipher. * * @param encrypting * whether or not we are for encryption. * @param key * the parameters required to set up the cipher. * @exception IllegalArgumentException * if the params argument is inappropriate. */ @Override public void init(boolean encrypting, byte[] key) { key1 = generateWorkingKey(encrypting, key, 0); key2 = generateWorkingKey(!encrypting, key, 8); key3 = generateWorkingKey(encrypting, key, 16); encrypt = encrypting; } @Override public String getAlgorithmName() { return "DESede"; } @Override public int getBlockSize() { return 8; } @Override public void transformBlock(byte[] in, int inOff, byte[] out, int outOff) { if (key1 == null) { throw new IllegalStateException("DESede engine not initialised!"); } if (encrypt) { desFunc(key1, in, inOff, out, outOff); desFunc(key2, out, outOff, out, outOff); desFunc(key3, out, outOff, out, outOff); } else { desFunc(key3, in, inOff, out, outOff); desFunc(key2, out, outOff, out, outOff); desFunc(key1, out, outOff, out, outOff); } } @Override public void reset() { } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/cipher/NullCipher.java000066400000000000000000000012601370551253600312410ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto.cipher; /** * NullCipher. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class NullCipher implements BlockCipher { private int blockSize = 8; public NullCipher() { } public NullCipher(int blockSize) { this.blockSize = blockSize; } public void init(boolean forEncryption, byte[] key) { } public int getBlockSize() { return blockSize; } public void transformBlock(byte[] src, int srcoff, byte[] dst, int dstoff) { System.arraycopy(src, srcoff, dst, dstoff, blockSize); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/dh/000077500000000000000000000000001370551253600254535ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/dh/DhExchange.java000066400000000000000000000202071370551253600303150ustar00rootroot00000000000000/* * Copyright (c) 2006-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto.dh; import java.math.BigInteger; import java.security.SecureRandom; import ch.ethz.ssh2.crypto.digest.HashForSSH2Types; import ch.ethz.ssh2.log.Logger; import ch.ethz.ssh2.util.StringEncoder; /** * @author Christian Plattner * @version $Id$ */ public class DhExchange { private static final Logger log = Logger.getLogger(DhExchange.class); /* Given by the standard */ static final BigInteger p1, p14, p16, p18; static final BigInteger g; BigInteger p; /* Client public and private */ BigInteger e; BigInteger x; /* Server public and private */ BigInteger f; BigInteger y; /* Shared secret */ BigInteger k; private String hashFunction = "SHA1"; static { final String p1_string = "17976931348623159077083915679378745319786029604875" + "60117064444236841971802161585193689478337958649255415021805654859805036464" + "40548199239100050792877003355816639229553136239076508735759914822574862575" + "00742530207744771258955095793777842444242661733472762929938766870920560605" + "0270810842907692932019128194467627007"; final String p14_string = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129" + "024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0" + "A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB" + "6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A" + "163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208" + "552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36C" + "E3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF69558171" + "83995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF"; final String p16_string = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD12902" + "4E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1" + "4374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386B" + "FB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39" + "A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E" + "4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB" + "5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8A" + "AAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB39" + "70F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A" + "0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24" + "FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B" + "2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC1" + "41FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AF" + "B81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93" + "4063199FFFFFFFFFFFFFFFF"; final String p18_string = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024" + "E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14" + "374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BF" + "B5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A" + "69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4" + "ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5" + "C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AA" + "AC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB397" + "0F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0" + "864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24F" + "A074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2" + "699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC14" + "1FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB" + "81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934" + "02849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5D" + "B382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4" + "BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032E" + "A15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8" + "F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED" + "20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C" + "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6" + "DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD30074" + "1FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39" + "D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCB" + "C8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F" + "82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510" + "BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382" + "BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD" + "98EDD3DFFFFFFFFFFFFFFFFF"; p1 = new BigInteger(p1_string); p14 = new BigInteger(p14_string, 16); p16 = new BigInteger(p16_string, 16); p18 = new BigInteger(p18_string, 16); g = new BigInteger("2"); } public DhExchange(String hashFunction) { this.hashFunction = hashFunction; } public void clientInit(int group, SecureRandom rnd) { k = null; if (group == 1) p = p1; else if (group == 14) p = p14; else if (group == 16) p = p16; else if (group == 18) p = p18; else throw new IllegalArgumentException("Unknown DH group " + group); while(true) { x = new BigInteger(p.bitLength() - 1, rnd); if (x.compareTo(BigInteger.ONE) > 0) break; } e = g.modPow(x, p); } public void serverInit(int group, SecureRandom rnd) { k = null; if (group == 1) p = p1; else if (group == 14) p = p14; else throw new IllegalArgumentException("Unknown DH group " + group); y = new BigInteger(p.bitLength() - 1, rnd); f = g.modPow(y, p); } /** * @return Returns the e. * @throws IllegalStateException */ public BigInteger getE() { if (e == null) throw new IllegalStateException("DhDsaExchange not initialized!"); return e; } /** * @return Returns the f. * @throws IllegalStateException */ public BigInteger getF() { if (f == null) throw new IllegalStateException("DhDsaExchange not initialized!"); return f; } /** * @return Returns the shared secret k. * @throws IllegalStateException */ public BigInteger getK() { if (k == null) throw new IllegalStateException("Shared secret not yet known, need f first!"); return k; } /** * @param f */ public void setF(BigInteger f) { if (e == null) throw new IllegalStateException("DhDsaExchange not initialized!"); if (BigInteger.ZERO.compareTo(f) >= 0 || p.compareTo(f) <= 0) throw new IllegalArgumentException("Invalid f specified!"); this.f = f; this.k = f.modPow(x, p); } /** * @param e */ public void setE(BigInteger e) { if (f == null) throw new IllegalStateException("DhDsaExchange not initialized!"); if (BigInteger.ZERO.compareTo(e) >= 0 || p.compareTo(e) <= 0) throw new IllegalArgumentException("Invalid e specified!"); this.e = e; this.k = e.modPow(y, p); } public byte[] calculateH(byte[] clientversion, byte[] serverversion, byte[] clientKexPayload, byte[] serverKexPayload, byte[] hostKey) { HashForSSH2Types hash = new HashForSSH2Types(hashFunction); if (log.isInfoEnabled()) { log.info("Client: '" + StringEncoder.GetString(clientversion) + "'"); log.info("Server: '" + StringEncoder.GetString(serverversion) + "'"); } hash.updateByteString(clientversion); hash.updateByteString(serverversion); hash.updateByteString(clientKexPayload); hash.updateByteString(serverKexPayload); hash.updateByteString(hostKey); hash.updateBigInt(e); hash.updateBigInt(f); hash.updateBigInt(k); return hash.getDigest(); } public String getHashFunction() { return hashFunction; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/dh/DhGroupExchange.java000066400000000000000000000045511370551253600313360ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto.dh; import java.math.BigInteger; import java.security.SecureRandom; import ch.ethz.ssh2.DHGexParameters; import ch.ethz.ssh2.crypto.digest.HashForSSH2Types; /** * DhGroupExchange. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class DhGroupExchange { /* Given by the standard */ private BigInteger p; private BigInteger g; /* Client public and private */ private BigInteger e; private BigInteger x; /* Server public */ private BigInteger f; /* Shared secret */ private BigInteger k; public DhGroupExchange(BigInteger p, BigInteger g) { this.p = p; this.g = g; } public void init(SecureRandom rnd) { k = null; x = new BigInteger(p.bitLength() - 1, rnd); e = g.modPow(x, p); } /** * @return Returns the e. */ public BigInteger getE() { if (e == null) throw new IllegalStateException("Not initialized!"); return e; } /** * @return Returns the shared secret k. */ public BigInteger getK() { if (k == null) throw new IllegalStateException("Shared secret not yet known, need f first!"); return k; } /** * Sets f and calculates the shared secret. */ public void setF(BigInteger f) { if (e == null) throw new IllegalStateException("Not initialized!"); BigInteger zero = BigInteger.valueOf(0); if (zero.compareTo(f) >= 0 || p.compareTo(f) <= 0) throw new IllegalArgumentException("Invalid f specified!"); this.f = f; this.k = f.modPow(x, p); } public byte[] calculateH(byte[] clientversion, byte[] serverversion, byte[] clientKexPayload, byte[] serverKexPayload, byte[] hostKey, DHGexParameters para) { HashForSSH2Types hash = new HashForSSH2Types("SHA1"); hash.updateByteString(clientversion); hash.updateByteString(serverversion); hash.updateByteString(clientKexPayload); hash.updateByteString(serverKexPayload); hash.updateByteString(hostKey); if (para.getMin_group_len() > 0) hash.updateUINT32(para.getMin_group_len()); hash.updateUINT32(para.getPref_group_len()); if (para.getMax_group_len() > 0) hash.updateUINT32(para.getMax_group_len()); hash.updateBigInt(p); hash.updateBigInt(g); hash.updateBigInt(e); hash.updateBigInt(f); hash.updateBigInt(k); return hash.getDigest(); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/digest/000077500000000000000000000000001370551253600263375ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/digest/Digest.java000066400000000000000000000010111370551253600304120ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto.digest; /** * Digest. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public interface Digest { public int getDigestLength(); public void update(byte b); public void update(byte[] b); public void update(byte b[], int off, int len); public void reset(); public void digest(byte[] out); public void digest(byte[] out, int off); } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/digest/HMAC.java000066400000000000000000000031651370551253600277170ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto.digest; /** * HMAC. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public final class HMAC implements Digest { Digest md; byte[] k_xor_ipad; byte[] k_xor_opad; byte[] tmp; int size; public HMAC(Digest md, byte[] key, int size) { this(md, key, size, 64); } public HMAC(Digest md, byte[] key, int size, int blocksize) { this.md = md; this.size = size; tmp = new byte[md.getDigestLength()]; final int BLOCKSIZE = blocksize; k_xor_ipad = new byte[BLOCKSIZE]; k_xor_opad = new byte[BLOCKSIZE]; if (key.length > BLOCKSIZE) { md.reset(); md.update(key); md.digest(tmp); key = tmp; } System.arraycopy(key, 0, k_xor_ipad, 0, key.length); System.arraycopy(key, 0, k_xor_opad, 0, key.length); for (int i = 0; i < BLOCKSIZE; i++) { k_xor_ipad[i] ^= 0x36; k_xor_opad[i] ^= 0x5C; } md.update(k_xor_ipad); } public final int getDigestLength() { return size; } public final void update(byte b) { md.update(b); } public final void update(byte[] b) { md.update(b); } public final void update(byte[] b, int off, int len) { md.update(b, off, len); } public final void reset() { md.reset(); md.update(k_xor_ipad); } public final void digest(byte[] out) { digest(out, 0); } public final void digest(byte[] out, int off) { md.digest(tmp); md.update(k_xor_opad); md.update(tmp); md.digest(tmp); System.arraycopy(tmp, 0, out, off, size); md.update(k_xor_ipad); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/digest/HashForSSH2Types.java000066400000000000000000000031571370551253600322270ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto.digest; import java.math.BigInteger; /** * HashForSSH2Types. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class HashForSSH2Types { Digest md; public HashForSSH2Types(Digest md) { this.md = md; } public HashForSSH2Types(String type) { if (type.equals("SHA2-512")) { md = new SHA2(512); } else if (type.equals("SHA2-256")) { md = new SHA2(256); } else if (type.equals("SHA1")) { md = new SHA1(); } else if (type.equals("MD5")) { md = new MD5(); } else throw new IllegalArgumentException("Unknown algorithm " + type); } public void updateByte(byte b) { /* HACK - to test it with J2ME */ byte[] tmp = new byte[1]; tmp[0] = b; md.update(tmp); } public void updateBytes(byte[] b) { md.update(b); } public void updateUINT32(int v) { md.update((byte) (v >> 24)); md.update((byte) (v >> 16)); md.update((byte) (v >> 8)); md.update((byte) (v)); } public void updateByteString(byte[] b) { updateUINT32(b.length); updateBytes(b); } public void updateBigInt(BigInteger b) { updateByteString(b.toByteArray()); } public void reset() { md.reset(); } public int getDigestLength() { return md.getDigestLength(); } public byte[] getDigest() { byte[] tmp = new byte[md.getDigestLength()]; getDigest(tmp); return tmp; } public void getDigest(byte[] out) { getDigest(out, 0); } public void getDigest(byte[] out, int off) { md.digest(out, off); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/digest/MAC.java000066400000000000000000000042011370551253600275770ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto.digest; /** * MAC. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public final class MAC { Digest mac; int size; public final static String[] getMacList() { /* Higher Priority First */ return new String[] { "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1-96", "hmac-sha1", "hmac-md5-96", "hmac-md5" }; } public final static void checkMacList(String[] macs) { for (int i = 0; i < macs.length; i++) getKeyLen(macs[i]); } public final static int getKeyLen(String type) { if (type.equals("hmac-sha2-256")) return 32; if (type.equals("hmac-sha2-512")) return 64; if (type.equals("hmac-sha1")) return 20; if (type.equals("hmac-sha1-96")) return 20; if (type.equals("hmac-md5")) return 16; if (type.equals("hmac-md5-96")) return 16; throw new IllegalArgumentException("Unkown algorithm " + type); } public MAC(String type, byte[] key) { if (type.equals("hmac-sha2-256")) { mac = new HMAC(new SHA2(256), key, 32); } else if (type.equals("hmac-sha2-512")) { mac = new HMAC(new SHA2(512), key, 64, 128); } else if (type.equals("hmac-sha1")) { mac = new HMAC(new SHA1(), key, 20); } else if (type.equals("hmac-sha1-96")) { mac = new HMAC(new SHA1(), key, 12); } else if (type.equals("hmac-md5")) { mac = new HMAC(new MD5(), key, 16); } else if (type.equals("hmac-md5-96")) { mac = new HMAC(new MD5(), key, 12); } else throw new IllegalArgumentException("Unkown algorithm " + type); size = mac.getDigestLength(); } public final void initMac(int seq) { mac.reset(); mac.update((byte) (seq >> 24)); mac.update((byte) (seq >> 16)); mac.update((byte) (seq >> 8)); mac.update((byte) (seq)); } public final void update(byte[] packetdata, int off, int len) { mac.update(packetdata, off, len); } public final void getMac(byte[] out, int off) { mac.digest(out, off); } public final int size() { return size; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/digest/MD5.java000066400000000000000000000174251370551253600276000ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto.digest; /** * MD5. Based on the example code in RFC 1321. Optimized (...a little). * * @author Christian Plattner * @version 2.50, 03/15/10 */ /* * The following disclaimer has been copied from RFC 1321: * * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All rights * reserved. * * License to copy and use this software is granted provided that it is * identified as the "RSA Data Security, Inc. MD5 Message-Digest Algorithm" in * all material mentioning or referencing this software or this function. * * License is also granted to make and use derivative works provided that such * works are identified as "derived from the RSA Data Security, Inc. MD5 * Message-Digest Algorithm" in all material mentioning or referencing the * derived work. * * RSA Data Security, Inc. makes no representations concerning either the * merchantability of this software or the suitability of this software for any * particular purpose. It is provided "as is" without express or implied * warranty of any kind. * * These notices must be retained in any copies of any part of this * documentation and/or software. * */ public final class MD5 implements Digest { private int state0, state1, state2, state3; private long count; private final byte[] block = new byte[64]; private final int x[] = new int[16]; private static final byte[] padding = new byte[] { (byte) 128, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; public MD5() { reset(); } private static int FF(int a, int b, int c, int d, int x, int s, int ac) { a += ((b & c) | ((~b) & d)) + x + ac; return ((a << s) | (a >>> (32 - s))) + b; } private static int GG(int a, int b, int c, int d, int x, int s, int ac) { a += ((b & d) | (c & (~d))) + x + ac; return ((a << s) | (a >>> (32 - s))) + b; } private static int HH(int a, int b, int c, int d, int x, int s, int ac) { a += (b ^ c ^ d) + x + ac; return ((a << s) | (a >>> (32 - s))) + b; } private static int II(int a, int b, int c, int d, int x, int s, int ac) { a += (c ^ (b | (~d))) + x + ac; return ((a << s) | (a >>> (32 - s))) + b; } private static void encode(byte[] dst, int dstoff, int word) { dst[dstoff] = (byte) (word); dst[dstoff + 1] = (byte) (word >> 8); dst[dstoff + 2] = (byte) (word >> 16); dst[dstoff + 3] = (byte) (word >> 24); } private void transform(byte[] src, int pos) { int a = state0; int b = state1; int c = state2; int d = state3; for (int i = 0; i < 16; i++, pos += 4) { x[i] = (src[pos] & 0xff) | ((src[pos + 1] & 0xff) << 8) | ((src[pos + 2] & 0xff) << 16) | ((src[pos + 3] & 0xff) << 24); } /* Round 1 */ a = FF(a, b, c, d, x[0], 7, 0xd76aa478); /* 1 */ d = FF(d, a, b, c, x[1], 12, 0xe8c7b756); /* 2 */ c = FF(c, d, a, b, x[2], 17, 0x242070db); /* 3 */ b = FF(b, c, d, a, x[3], 22, 0xc1bdceee); /* 4 */ a = FF(a, b, c, d, x[4], 7, 0xf57c0faf); /* 5 */ d = FF(d, a, b, c, x[5], 12, 0x4787c62a); /* 6 */ c = FF(c, d, a, b, x[6], 17, 0xa8304613); /* 7 */ b = FF(b, c, d, a, x[7], 22, 0xfd469501); /* 8 */ a = FF(a, b, c, d, x[8], 7, 0x698098d8); /* 9 */ d = FF(d, a, b, c, x[9], 12, 0x8b44f7af); /* 10 */ c = FF(c, d, a, b, x[10], 17, 0xffff5bb1); /* 11 */ b = FF(b, c, d, a, x[11], 22, 0x895cd7be); /* 12 */ a = FF(a, b, c, d, x[12], 7, 0x6b901122); /* 13 */ d = FF(d, a, b, c, x[13], 12, 0xfd987193); /* 14 */ c = FF(c, d, a, b, x[14], 17, 0xa679438e); /* 15 */ b = FF(b, c, d, a, x[15], 22, 0x49b40821); /* 16 */ /* Round 2 */ a = GG(a, b, c, d, x[1], 5, 0xf61e2562); /* 17 */ d = GG(d, a, b, c, x[6], 9, 0xc040b340); /* 18 */ c = GG(c, d, a, b, x[11], 14, 0x265e5a51); /* 19 */ b = GG(b, c, d, a, x[0], 20, 0xe9b6c7aa); /* 20 */ a = GG(a, b, c, d, x[5], 5, 0xd62f105d); /* 21 */ d = GG(d, a, b, c, x[10], 9, 0x2441453); /* 22 */ c = GG(c, d, a, b, x[15], 14, 0xd8a1e681); /* 23 */ b = GG(b, c, d, a, x[4], 20, 0xe7d3fbc8); /* 24 */ a = GG(a, b, c, d, x[9], 5, 0x21e1cde6); /* 25 */ d = GG(d, a, b, c, x[14], 9, 0xc33707d6); /* 26 */ c = GG(c, d, a, b, x[3], 14, 0xf4d50d87); /* 27 */ b = GG(b, c, d, a, x[8], 20, 0x455a14ed); /* 28 */ a = GG(a, b, c, d, x[13], 5, 0xa9e3e905); /* 29 */ d = GG(d, a, b, c, x[2], 9, 0xfcefa3f8); /* 30 */ c = GG(c, d, a, b, x[7], 14, 0x676f02d9); /* 31 */ b = GG(b, c, d, a, x[12], 20, 0x8d2a4c8a); /* 32 */ /* Round 3 */ a = HH(a, b, c, d, x[5], 4, 0xfffa3942); /* 33 */ d = HH(d, a, b, c, x[8], 11, 0x8771f681); /* 34 */ c = HH(c, d, a, b, x[11], 16, 0x6d9d6122); /* 35 */ b = HH(b, c, d, a, x[14], 23, 0xfde5380c); /* 36 */ a = HH(a, b, c, d, x[1], 4, 0xa4beea44); /* 37 */ d = HH(d, a, b, c, x[4], 11, 0x4bdecfa9); /* 38 */ c = HH(c, d, a, b, x[7], 16, 0xf6bb4b60); /* 39 */ b = HH(b, c, d, a, x[10], 23, 0xbebfbc70); /* 40 */ a = HH(a, b, c, d, x[13], 4, 0x289b7ec6); /* 41 */ d = HH(d, a, b, c, x[0], 11, 0xeaa127fa); /* 42 */ c = HH(c, d, a, b, x[3], 16, 0xd4ef3085); /* 43 */ b = HH(b, c, d, a, x[6], 23, 0x4881d05); /* 44 */ a = HH(a, b, c, d, x[9], 4, 0xd9d4d039); /* 45 */ d = HH(d, a, b, c, x[12], 11, 0xe6db99e5); /* 46 */ c = HH(c, d, a, b, x[15], 16, 0x1fa27cf8); /* 47 */ b = HH(b, c, d, a, x[2], 23, 0xc4ac5665); /* 48 */ /* Round 4 */ a = II(a, b, c, d, x[0], 6, 0xf4292244); /* 49 */ d = II(d, a, b, c, x[7], 10, 0x432aff97); /* 50 */ c = II(c, d, a, b, x[14], 15, 0xab9423a7); /* 51 */ b = II(b, c, d, a, x[5], 21, 0xfc93a039); /* 52 */ a = II(a, b, c, d, x[12], 6, 0x655b59c3); /* 53 */ d = II(d, a, b, c, x[3], 10, 0x8f0ccc92); /* 54 */ c = II(c, d, a, b, x[10], 15, 0xffeff47d); /* 55 */ b = II(b, c, d, a, x[1], 21, 0x85845dd1); /* 56 */ a = II(a, b, c, d, x[8], 6, 0x6fa87e4f); /* 57 */ d = II(d, a, b, c, x[15], 10, 0xfe2ce6e0); /* 58 */ c = II(c, d, a, b, x[6], 15, 0xa3014314); /* 59 */ b = II(b, c, d, a, x[13], 21, 0x4e0811a1); /* 60 */ a = II(a, b, c, d, x[4], 6, 0xf7537e82); /* 61 */ d = II(d, a, b, c, x[11], 10, 0xbd3af235); /* 62 */ c = II(c, d, a, b, x[2], 15, 0x2ad7d2bb); /* 63 */ b = II(b, c, d, a, x[9], 21, 0xeb86d391); /* 64 */ state0 += a; state1 += b; state2 += c; state3 += d; } public final void reset() { count = 0; state0 = 0x67452301; state1 = 0xefcdab89; state2 = 0x98badcfe; state3 = 0x10325476; /* Clear traces in memory... */ for (int i = 0; i < 16; i++) x[i] = 0; } public final void update(byte b) { final int space = 64 - ((int) (count & 0x3f)); count++; block[64 - space] = b; if (space == 1) transform(block, 0); } public final void update(byte[] buff, int pos, int len) { int space = 64 - ((int) (count & 0x3f)); count += len; while (len > 0) { if (len < space) { System.arraycopy(buff, pos, block, 64 - space, len); break; } if (space == 64) { transform(buff, pos); } else { System.arraycopy(buff, pos, block, 64 - space, space); transform(block, 0); } pos += space; len -= space; space = 64; } } public final void update(byte[] b) { update(b, 0, b.length); } public final void digest(byte[] dst, int pos) { byte[] bits = new byte[8]; encode(bits, 0, (int) (count << 3)); encode(bits, 4, (int) (count >> 29)); int idx = (int) count & 0x3f; int padLen = (idx < 56) ? (56 - idx) : (120 - idx); update(padding, 0, padLen); update(bits, 0, 8); encode(dst, pos, state0); encode(dst, pos + 4, state1); encode(dst, pos + 8, state2); encode(dst, pos + 12, state3); reset(); } public final void digest(byte[] dst) { digest(dst, 0); } public final int getDigestLength() { return 16; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/digest/SHA1.java000066400000000000000000000432661370551253600277110ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.crypto.digest; /** * SHA-1 implementation based on FIPS PUB 180-1. * Highly optimized. *

* (http://www.itl.nist.gov/fipspubs/fip180-1.htm) * * @author Christian Plattner * @version 2.50, 03/15/10 */ public final class SHA1 implements Digest { private int H0, H1, H2, H3, H4; private final int[] w = new int[80]; private int currentPos; private long currentLen; public SHA1() { reset(); } public final int getDigestLength() { return 20; } public final void reset() { H0 = 0x67452301; H1 = 0xEFCDAB89; H2 = 0x98BADCFE; H3 = 0x10325476; H4 = 0xC3D2E1F0; currentPos = 0; currentLen = 0; /* In case of complete paranoia, we should also wipe out the * information contained in the w[] array */ } public final void update(byte b[]) { update(b, 0, b.length); } public final void update(byte b[], int off, int len) { if (len >= 4) { int idx = currentPos >> 2; switch (currentPos & 3) { case 0: w[idx] = (((b[off++] & 0xff) << 24) | ((b[off++] & 0xff) << 16) | ((b[off++] & 0xff) << 8) | (b[off++] & 0xff)); len -= 4; currentPos += 4; currentLen += 32; if (currentPos == 64) { perform(); currentPos = 0; } break; case 1: w[idx] = (w[idx] << 24) | (((b[off++] & 0xff) << 16) | ((b[off++] & 0xff) << 8) | (b[off++] & 0xff)); len -= 3; currentPos += 3; currentLen += 24; if (currentPos == 64) { perform(); currentPos = 0; } break; case 2: w[idx] = (w[idx] << 16) | (((b[off++] & 0xff) << 8) | (b[off++] & 0xff)); len -= 2; currentPos += 2; currentLen += 16; if (currentPos == 64) { perform(); currentPos = 0; } break; case 3: w[idx] = (w[idx] << 8) | (b[off++] & 0xff); len--; currentPos++; currentLen += 8; if (currentPos == 64) { perform(); currentPos = 0; } break; } /* Now currentPos is a multiple of 4 - this is the place to be...*/ while (len >= 8) { w[currentPos >> 2] = ((b[off++] & 0xff) << 24) | ((b[off++] & 0xff) << 16) | ((b[off++] & 0xff) << 8) | (b[off++] & 0xff); currentPos += 4; if (currentPos == 64) { perform(); currentPos = 0; } w[currentPos >> 2] = ((b[off++] & 0xff) << 24) | ((b[off++] & 0xff) << 16) | ((b[off++] & 0xff) << 8) | (b[off++] & 0xff); currentPos += 4; if (currentPos == 64) { perform(); currentPos = 0; } currentLen += 64; len -= 8; } while (len < 0) //(len >= 4) { w[currentPos >> 2] = ((b[off++] & 0xff) << 24) | ((b[off++] & 0xff) << 16) | ((b[off++] & 0xff) << 8) | (b[off++] & 0xff); len -= 4; currentPos += 4; currentLen += 32; if (currentPos == 64) { perform(); currentPos = 0; } } } /* Remaining bytes (1-3) */ while (len > 0) { /* Here is room for further improvements */ int idx = currentPos >> 2; w[idx] = (w[idx] << 8) | (b[off++] & 0xff); currentLen += 8; currentPos++; if (currentPos == 64) { perform(); currentPos = 0; } len--; } } public final void update(byte b) { int idx = currentPos >> 2; w[idx] = (w[idx] << 8) | (b & 0xff); currentLen += 8; currentPos++; if (currentPos == 64) { perform(); currentPos = 0; } } private void putInt(byte[] b, int pos, int val) { b[pos] = (byte) (val >> 24); b[pos + 1] = (byte) (val >> 16); b[pos + 2] = (byte) (val >> 8); b[pos + 3] = (byte) val; } public final void digest(byte[] out) { digest(out, 0); } public final void digest(byte[] out, int off) { /* Pad with a '1' and 7-31 zero bits... */ int idx = currentPos >> 2; w[idx] = ((w[idx] << 8) | (0x80)) << ((3 - (currentPos & 3)) << 3); currentPos = (currentPos & ~3) + 4; if (currentPos == 64) { currentPos = 0; perform(); } else if (currentPos == 60) { currentPos = 0; w[15] = 0; perform(); } /* Now currentPos is a multiple of 4 and we can do the remaining * padding much more efficiently, furthermore we are sure * that currentPos <= 56. */ for (int i = currentPos >> 2; i < 14; i++) w[i] = 0; w[14] = (int) (currentLen >> 32); w[15] = (int) currentLen; perform(); putInt(out, off, H0); putInt(out, off + 4, H1); putInt(out, off + 8, H2); putInt(out, off + 12, H3); putInt(out, off + 16, H4); reset(); } private void perform() { for (int t = 16; t < 80; t++) { int x = w[t - 3] ^ w[t - 8] ^ w[t - 14] ^ w[t - 16]; w[t] = ((x << 1) | (x >>> 31)); } int A = H0; int B = H1; int C = H2; int D = H3; int E = H4; /* Here we use variable substitution and loop unrolling * * === Original step: * * T = s5(A) + f(B,C,D) + E + w[0] + K; * E = D; D = C; C = s30(B); B = A; A = T; * * === Rewritten step: * * T = s5(A + f(B,C,D) + E + w[0] + K; * B = s30(B); * E = D; D = C; C = B; B = A; A = T; * * === Let's rewrite things, introducing new variables: * * E0 = E; D0 = D; C0 = C; B0 = B; A0 = A; * * T = s5(A0) + f(B0,C0,D0) + E0 + w[0] + K; * B0 = s30(B0); * E1 = D0; D1 = C0; C1 = B0; B1 = A0; A1 = T; * * T = s5(A1) + f(B1,C1,D1) + E1 + w[1] + K; * B1 = s30(B1); * E2 = D1; D2 = C1; C2 = B1; B2 = A1; A2 = T; * * E = E2; D = E2; C = C2; B = B2; A = A2; * * === No need for 'T', we can write into 'Ex' instead since * after the calculation of 'T' nobody is interested * in 'Ex' anymore. * * E0 = E; D0 = D; C0 = C; B0 = B; A0 = A; * * E0 = E0 + s5(A0) + f(B0,C0,D0) + w[0] + K; * B0 = s30(B0); * E1 = D0; D1 = C0; C1 = B0; B1 = A0; A1 = E0; * * E1 = E1 + s5(A1) + f(B1,C1,D1) + w[1] + K; * B1 = s30(B1); * E2 = D1; D2 = C1; C2 = B1; B2 = A1; A2 = E1; * * E = Ex; D = Ex; C = Cx; B = Bx; A = Ax; * * === Further optimization: get rid of the swap operations * Idea: instead of swapping the variables, swap the names of * the used variables in the next step: * * E0 = E; D0 = d; C0 = C; B0 = B; A0 = A; * * E0 = E0 + s5(A0) + f(B0,C0,D0) + w[0] + K; * B0 = s30(B0); * // E1 = D0; D1 = C0; C1 = B0; B1 = A0; A1 = E0; * * D0 = D0 + s5(E0) + f(A0,B0,C0) + w[1] + K; * A0 = s30(A0); * E2 = C0; D2 = B0; C2 = A0; B2 = E0; A2 = D0; * * E = E2; D = D2; C = C2; B = B2; A = A2; * * === OK, let's do this several times, also, directly * use A (instead of A0) and B,C,D,E. * * E = E + s5(A) + f(B,C,D) + w[0] + K; * B = s30(B); * // E1 = D; D1 = C; C1 = B; B1 = A; A1 = E; * * D = D + s5(E) + f(A,B,C) + w[1] + K; * A = s30(A); * // E2 = C; D2 = B; C2 = A; B2 = E; A2 = D; * * C = C + s5(D) + f(E,A,B) + w[2] + K; * E = s30(E); * // E3 = B; D3 = A; C3 = E; B3 = D; A3 = C; * * B = B + s5(C) + f(D,E,A) + w[3] + K; * D = s30(D); * // E4 = A; D4 = E; C4 = D; B4 = C; A4 = B; * * A = A + s5(B) + f(C,D,E) + w[4] + K; * C = s30(C); * // E5 = E; D5 = D; C5 = C; B5 = B; A5 = A; * * //E = E5; D = D5; C = C5; B = B5; A = A5; * * === Very nice, after 5 steps each variable * has the same contents as after 5 steps with * the original algorithm! * * We therefore can easily unroll each interval, * as the number of steps in each interval is a * multiple of 5 (20 steps per interval). */ E += ((A << 5) | (A >>> 27)) + ((B & C) | ((~B) & D)) + w[0] + 0x5A827999; B = ((B << 30) | (B >>> 2)); D += ((E << 5) | (E >>> 27)) + ((A & B) | ((~A) & C)) + w[1] + 0x5A827999; A = ((A << 30) | (A >>> 2)); C += ((D << 5) | (D >>> 27)) + ((E & A) | ((~E) & B)) + w[2] + 0x5A827999; E = ((E << 30) | (E >>> 2)); B += ((C << 5) | (C >>> 27)) + ((D & E) | ((~D) & A)) + w[3] + 0x5A827999; D = ((D << 30) | (D >>> 2)); A += ((B << 5) | (B >>> 27)) + ((C & D) | ((~C) & E)) + w[4] + 0x5A827999; C = ((C << 30) | (C >>> 2)); E += ((A << 5) | (A >>> 27)) + ((B & C) | ((~B) & D)) + w[5] + 0x5A827999; B = ((B << 30) | (B >>> 2)); D += ((E << 5) | (E >>> 27)) + ((A & B) | ((~A) & C)) + w[6] + 0x5A827999; A = ((A << 30) | (A >>> 2)); C += ((D << 5) | (D >>> 27)) + ((E & A) | ((~E) & B)) + w[7] + 0x5A827999; E = ((E << 30) | (E >>> 2)); B += ((C << 5) | (C >>> 27)) + ((D & E) | ((~D) & A)) + w[8] + 0x5A827999; D = ((D << 30) | (D >>> 2)); A += ((B << 5) | (B >>> 27)) + ((C & D) | ((~C) & E)) + w[9] + 0x5A827999; C = ((C << 30) | (C >>> 2)); E += ((A << 5) | (A >>> 27)) + ((B & C) | ((~B) & D)) + w[10] + 0x5A827999; B = ((B << 30) | (B >>> 2)); D += ((E << 5) | (E >>> 27)) + ((A & B) | ((~A) & C)) + w[11] + 0x5A827999; A = ((A << 30) | (A >>> 2)); C += ((D << 5) | (D >>> 27)) + ((E & A) | ((~E) & B)) + w[12] + 0x5A827999; E = ((E << 30) | (E >>> 2)); B += ((C << 5) | (C >>> 27)) + ((D & E) | ((~D) & A)) + w[13] + 0x5A827999; D = ((D << 30) | (D >>> 2)); A += ((B << 5) | (B >>> 27)) + ((C & D) | ((~C) & E)) + w[14] + 0x5A827999; C = ((C << 30) | (C >>> 2)); E += ((A << 5) | (A >>> 27)) + ((B & C) | ((~B) & D)) + w[15] + 0x5A827999; B = ((B << 30) | (B >>> 2)); D += ((E << 5) | (E >>> 27)) + ((A & B) | ((~A) & C)) + w[16] + 0x5A827999; A = ((A << 30) | (A >>> 2)); C += ((D << 5) | (D >>> 27)) + ((E & A) | ((~E) & B)) + w[17] + 0x5A827999; E = ((E << 30) | (E >>> 2)); B += ((C << 5) | (C >>> 27)) + ((D & E) | ((~D) & A)) + w[18] + 0x5A827999; D = ((D << 30) | (D >>> 2)); A += ((B << 5) | (B >>> 27)) + ((C & D) | ((~C) & E)) + w[19] + 0x5A827999; C = ((C << 30) | (C >>> 2)); E += ((A << 5) | (A >>> 27)) + (B ^ C ^ D) + w[20] + 0x6ED9EBA1; B = ((B << 30) | (B >>> 2)); D += ((E << 5) | (E >>> 27)) + (A ^ B ^ C) + w[21] + 0x6ED9EBA1; A = ((A << 30) | (A >>> 2)); C += ((D << 5) | (D >>> 27)) + (E ^ A ^ B) + w[22] + 0x6ED9EBA1; E = ((E << 30) | (E >>> 2)); B += ((C << 5) | (C >>> 27)) + (D ^ E ^ A) + w[23] + 0x6ED9EBA1; D = ((D << 30) | (D >>> 2)); A += ((B << 5) | (B >>> 27)) + (C ^ D ^ E) + w[24] + 0x6ED9EBA1; C = ((C << 30) | (C >>> 2)); E += ((A << 5) | (A >>> 27)) + (B ^ C ^ D) + w[25] + 0x6ED9EBA1; B = ((B << 30) | (B >>> 2)); D += ((E << 5) | (E >>> 27)) + (A ^ B ^ C) + w[26] + 0x6ED9EBA1; A = ((A << 30) | (A >>> 2)); C += ((D << 5) | (D >>> 27)) + (E ^ A ^ B) + w[27] + 0x6ED9EBA1; E = ((E << 30) | (E >>> 2)); B += ((C << 5) | (C >>> 27)) + (D ^ E ^ A) + w[28] + 0x6ED9EBA1; D = ((D << 30) | (D >>> 2)); A += ((B << 5) | (B >>> 27)) + (C ^ D ^ E) + w[29] + 0x6ED9EBA1; C = ((C << 30) | (C >>> 2)); E += ((A << 5) | (A >>> 27)) + (B ^ C ^ D) + w[30] + 0x6ED9EBA1; B = ((B << 30) | (B >>> 2)); D += ((E << 5) | (E >>> 27)) + (A ^ B ^ C) + w[31] + 0x6ED9EBA1; A = ((A << 30) | (A >>> 2)); C += ((D << 5) | (D >>> 27)) + (E ^ A ^ B) + w[32] + 0x6ED9EBA1; E = ((E << 30) | (E >>> 2)); B += ((C << 5) | (C >>> 27)) + (D ^ E ^ A) + w[33] + 0x6ED9EBA1; D = ((D << 30) | (D >>> 2)); A += ((B << 5) | (B >>> 27)) + (C ^ D ^ E) + w[34] + 0x6ED9EBA1; C = ((C << 30) | (C >>> 2)); E += ((A << 5) | (A >>> 27)) + (B ^ C ^ D) + w[35] + 0x6ED9EBA1; B = ((B << 30) | (B >>> 2)); D += ((E << 5) | (E >>> 27)) + (A ^ B ^ C) + w[36] + 0x6ED9EBA1; A = ((A << 30) | (A >>> 2)); C += ((D << 5) | (D >>> 27)) + (E ^ A ^ B) + w[37] + 0x6ED9EBA1; E = ((E << 30) | (E >>> 2)); B += ((C << 5) | (C >>> 27)) + (D ^ E ^ A) + w[38] + 0x6ED9EBA1; D = ((D << 30) | (D >>> 2)); A += ((B << 5) | (B >>> 27)) + (C ^ D ^ E) + w[39] + 0x6ED9EBA1; C = ((C << 30) | (C >>> 2)); E += ((A << 5) | (A >>> 27)) + ((B & C) | (B & D) | (C & D)) + w[40] + 0x8F1BBCDC; B = ((B << 30) | (B >>> 2)); D += ((E << 5) | (E >>> 27)) + ((A & B) | (A & C) | (B & C)) + w[41] + 0x8F1BBCDC; A = ((A << 30) | (A >>> 2)); C += ((D << 5) | (D >>> 27)) + ((E & A) | (E & B) | (A & B)) + w[42] + 0x8F1BBCDC; E = ((E << 30) | (E >>> 2)); B += ((C << 5) | (C >>> 27)) + ((D & E) | (D & A) | (E & A)) + w[43] + 0x8F1BBCDC; D = ((D << 30) | (D >>> 2)); A += ((B << 5) | (B >>> 27)) + ((C & D) | (C & E) | (D & E)) + w[44] + 0x8F1BBCDC; C = ((C << 30) | (C >>> 2)); E += ((A << 5) | (A >>> 27)) + ((B & C) | (B & D) | (C & D)) + w[45] + 0x8F1BBCDC; B = ((B << 30) | (B >>> 2)); D += ((E << 5) | (E >>> 27)) + ((A & B) | (A & C) | (B & C)) + w[46] + 0x8F1BBCDC; A = ((A << 30) | (A >>> 2)); C += ((D << 5) | (D >>> 27)) + ((E & A) | (E & B) | (A & B)) + w[47] + 0x8F1BBCDC; E = ((E << 30) | (E >>> 2)); B += ((C << 5) | (C >>> 27)) + ((D & E) | (D & A) | (E & A)) + w[48] + 0x8F1BBCDC; D = ((D << 30) | (D >>> 2)); A += ((B << 5) | (B >>> 27)) + ((C & D) | (C & E) | (D & E)) + w[49] + 0x8F1BBCDC; C = ((C << 30) | (C >>> 2)); E += ((A << 5) | (A >>> 27)) + ((B & C) | (B & D) | (C & D)) + w[50] + 0x8F1BBCDC; B = ((B << 30) | (B >>> 2)); D += ((E << 5) | (E >>> 27)) + ((A & B) | (A & C) | (B & C)) + w[51] + 0x8F1BBCDC; A = ((A << 30) | (A >>> 2)); C += ((D << 5) | (D >>> 27)) + ((E & A) | (E & B) | (A & B)) + w[52] + 0x8F1BBCDC; E = ((E << 30) | (E >>> 2)); B += ((C << 5) | (C >>> 27)) + ((D & E) | (D & A) | (E & A)) + w[53] + 0x8F1BBCDC; D = ((D << 30) | (D >>> 2)); A += ((B << 5) | (B >>> 27)) + ((C & D) | (C & E) | (D & E)) + w[54] + 0x8F1BBCDC; C = ((C << 30) | (C >>> 2)); E = E + ((A << 5) | (A >>> 27)) + ((B & C) | (B & D) | (C & D)) + w[55] + 0x8F1BBCDC; B = ((B << 30) | (B >>> 2)); D += ((E << 5) | (E >>> 27)) + ((A & B) | (A & C) | (B & C)) + w[56] + 0x8F1BBCDC; A = ((A << 30) | (A >>> 2)); C += ((D << 5) | (D >>> 27)) + ((E & A) | (E & B) | (A & B)) + w[57] + 0x8F1BBCDC; E = ((E << 30) | (E >>> 2)); B += ((C << 5) | (C >>> 27)) + ((D & E) | (D & A) | (E & A)) + w[58] + 0x8F1BBCDC; D = ((D << 30) | (D >>> 2)); A += ((B << 5) | (B >>> 27)) + ((C & D) | (C & E) | (D & E)) + w[59] + 0x8F1BBCDC; C = ((C << 30) | (C >>> 2)); E += ((A << 5) | (A >>> 27)) + (B ^ C ^ D) + w[60] + 0xCA62C1D6; B = ((B << 30) | (B >>> 2)); D += ((E << 5) | (E >>> 27)) + (A ^ B ^ C) + w[61] + 0xCA62C1D6; A = ((A << 30) | (A >>> 2)); C += ((D << 5) | (D >>> 27)) + (E ^ A ^ B) + w[62] + 0xCA62C1D6; E = ((E << 30) | (E >>> 2)); B += ((C << 5) | (C >>> 27)) + (D ^ E ^ A) + w[63] + 0xCA62C1D6; D = ((D << 30) | (D >>> 2)); A += ((B << 5) | (B >>> 27)) + (C ^ D ^ E) + w[64] + 0xCA62C1D6; C = ((C << 30) | (C >>> 2)); E += ((A << 5) | (A >>> 27)) + (B ^ C ^ D) + w[65] + 0xCA62C1D6; B = ((B << 30) | (B >>> 2)); D += ((E << 5) | (E >>> 27)) + (A ^ B ^ C) + w[66] + 0xCA62C1D6; A = ((A << 30) | (A >>> 2)); C += ((D << 5) | (D >>> 27)) + (E ^ A ^ B) + w[67] + 0xCA62C1D6; E = ((E << 30) | (E >>> 2)); B += ((C << 5) | (C >>> 27)) + (D ^ E ^ A) + w[68] + 0xCA62C1D6; D = ((D << 30) | (D >>> 2)); A += ((B << 5) | (B >>> 27)) + (C ^ D ^ E) + w[69] + 0xCA62C1D6; C = ((C << 30) | (C >>> 2)); E += ((A << 5) | (A >>> 27)) + (B ^ C ^ D) + w[70] + 0xCA62C1D6; B = ((B << 30) | (B >>> 2)); D += ((E << 5) | (E >>> 27)) + (A ^ B ^ C) + w[71] + 0xCA62C1D6; A = ((A << 30) | (A >>> 2)); C += ((D << 5) | (D >>> 27)) + (E ^ A ^ B) + w[72] + 0xCA62C1D6; E = ((E << 30) | (E >>> 2)); B += ((C << 5) | (C >>> 27)) + (D ^ E ^ A) + w[73] + 0xCA62C1D6; D = ((D << 30) | (D >>> 2)); A += ((B << 5) | (B >>> 27)) + (C ^ D ^ E) + w[74] + 0xCA62C1D6; C = ((C << 30) | (C >>> 2)); E += ((A << 5) | (A >>> 27)) + (B ^ C ^ D) + w[75] + 0xCA62C1D6; B = ((B << 30) | (B >>> 2)); D += ((E << 5) | (E >>> 27)) + (A ^ B ^ C) + w[76] + 0xCA62C1D6; A = ((A << 30) | (A >>> 2)); C += ((D << 5) | (D >>> 27)) + (E ^ A ^ B) + w[77] + 0xCA62C1D6; E = ((E << 30) | (E >>> 2)); B += ((C << 5) | (C >>> 27)) + (D ^ E ^ A) + w[78] + 0xCA62C1D6; D = ((D << 30) | (D >>> 2)); A += ((B << 5) | (B >>> 27)) + (C ^ D ^ E) + w[79] + 0xCA62C1D6; C = ((C << 30) | (C >>> 2)); H0 += A; H1 += B; H2 += C; H3 += D; H4 += E; // debug(80, H0, H1, H2, H3, H4); } private static String toHexString(byte[] b) { final String hexChar = "0123456789ABCDEF"; StringBuilder sb = new StringBuilder(); for (int i = 0; i < b.length; i++) { sb.append(hexChar.charAt((b[i] >> 4) & 0x0f)); sb.append(hexChar.charAt(b[i] & 0x0f)); } return sb.toString(); } public static void main(String[] args) { SHA1 sha = new SHA1(); byte[] dig1 = new byte[20]; byte[] dig2 = new byte[20]; byte[] dig3 = new byte[20]; /* * We do not specify a charset name for getBytes(), since we assume that * the JVM's default encoder maps the _used_ ASCII characters exactly as * getBytes("US-ASCII") would do. (Ah, yes, too lazy to catch the * exception that can be thrown by getBytes("US-ASCII")). Note: This has * no effect on the SHA-1 implementation, this is just for the following * test code. */ sha.update("abc".getBytes()); sha.digest(dig1); sha.update("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq".getBytes()); sha.digest(dig2); for (int i = 0; i < 1000000; i++) sha.update((byte) 'a'); sha.digest(dig3); String dig1_res = toHexString(dig1); String dig2_res = toHexString(dig2); String dig3_res = toHexString(dig3); String dig1_ref = "A9993E364706816ABA3E25717850C26C9CD0D89D"; String dig2_ref = "84983E441C3BD26EBAAE4AA1F95129E5E54670F1"; String dig3_ref = "34AA973CD4C4DAA4F61EEB2BDBAD27316534016F"; if (dig1_res.equals(dig1_ref)) System.out.println("SHA-1 Test 1 OK."); else System.out.println("SHA-1 Test 1 FAILED."); if (dig2_res.equals(dig2_ref)) System.out.println("SHA-1 Test 2 OK."); else System.out.println("SHA-1 Test 2 FAILED."); if (dig3_res.equals(dig3_ref)) System.out.println("SHA-1 Test 3 OK."); else System.out.println("SHA-1 Test 3 FAILED."); if (dig3_res.equals(dig3_ref)) System.out.println("SHA-1 Test 3 OK."); else System.out.println("SHA-1 Test 3 FAILED."); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/crypto/digest/SHA2.java000066400000000000000000000024221370551253600276770ustar00rootroot00000000000000package ch.ethz.ssh2.crypto.digest; import java.security.DigestException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; public class SHA2 implements Digest { private MessageDigest md = null; public SHA2(int keyLen) { try { md = MessageDigest.getInstance("SHA-" + keyLen); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } } @Override public int getDigestLength() { return md.getDigestLength(); } @Override public void update(byte b) { md.update(b); } @Override public void update(byte[] b) { md.update(b); } @Override public void update(byte[] b, int off, int len) { md.update(b, off, len); } @Override public void reset() { md.reset(); } @Override public void digest(byte[] out) { try { md.digest(out, 0, out.length); } catch (DigestException e) { throw new RuntimeException(e); } } @Override public void digest(byte[] out, int off) { try { md.digest(out, off, out.length - off); } catch (DigestException e) { throw new RuntimeException(e); } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/log/000077500000000000000000000000001370551253600243215ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/log/Logger.java000066400000000000000000000022441370551253600264050ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.log; import java.util.logging.Level; /** * Logger delegating to JRE logging. By default, this is disabled and only * used during development. * * @author Christian Plattner * @version $Id$ */ public class Logger { private java.util.logging.Logger delegate; public static volatile boolean enabled = false; public static Logger getLogger(Class x) { return new Logger(x); } public Logger(Class x) { this.delegate = java.util.logging.Logger.getLogger(x.getName()); } public boolean isDebugEnabled() { return enabled && delegate.isLoggable(Level.FINER); } public void debug(String message) { if (enabled) delegate.fine(message); } public boolean isInfoEnabled() { return enabled && delegate.isLoggable(Level.FINE); } public void info(String message) { if (enabled) delegate.info(message); } public boolean isWarningEnabled() { return enabled && delegate.isLoggable(Level.WARNING); } public void warning(String message) { if (enabled) delegate.warning(message); } }SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/000077500000000000000000000000001370551253600251725ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketChannelFailure.java000066400000000000000000000012541370551253600320470ustar00rootroot00000000000000/* * Copyright (c) 2006-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; /** * PacketChannelFailure. * * @author Christian Plattner * @version 2.8 */ public class PacketChannelFailure { byte[] payload; public int recipientChannelID; public PacketChannelFailure(int recipientChannelID) { this.recipientChannelID = recipientChannelID; } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_CHANNEL_FAILURE); tw.writeUINT32(recipientChannelID); payload = tw.getBytes(); } return payload; } } PacketChannelOpenConfirmation.java000066400000000000000000000035101370551253600336500ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; /** * PacketChannelOpenConfirmation. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketChannelOpenConfirmation { byte[] payload; public int recipientChannelID; public int senderChannelID; public int initialWindowSize; public int maxPacketSize; public PacketChannelOpenConfirmation(int recipientChannelID, int senderChannelID, int initialWindowSize, int maxPacketSize) { this.recipientChannelID = recipientChannelID; this.senderChannelID = senderChannelID; this.initialWindowSize = initialWindowSize; this.maxPacketSize = maxPacketSize; } public PacketChannelOpenConfirmation(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_CHANNEL_OPEN_CONFIRMATION) throw new IOException( "This is not a SSH_MSG_CHANNEL_OPEN_CONFIRMATION! (" + packet_type + ")"); recipientChannelID = tr.readUINT32(); senderChannelID = tr.readUINT32(); initialWindowSize = tr.readUINT32(); maxPacketSize = tr.readUINT32(); if (tr.remain() != 0) throw new IOException("Padding in SSH_MSG_CHANNEL_OPEN_CONFIRMATION packet!"); } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_CHANNEL_OPEN_CONFIRMATION); tw.writeUINT32(recipientChannelID); tw.writeUINT32(senderChannelID); tw.writeUINT32(initialWindowSize); tw.writeUINT32(maxPacketSize); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketChannelOpenFailure.java000066400000000000000000000033361370551253600326740ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; /** * PacketChannelOpenFailure. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketChannelOpenFailure { byte[] payload; public int recipientChannelID; public int reasonCode; public String description; public String languageTag; public PacketChannelOpenFailure(int recipientChannelID, int reasonCode, String description, String languageTag) { this.recipientChannelID = recipientChannelID; this.reasonCode = reasonCode; this.description = description; this.languageTag = languageTag; } public PacketChannelOpenFailure(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_CHANNEL_OPEN_FAILURE) throw new IOException( "This is not a SSH_MSG_CHANNEL_OPEN_FAILURE! (" + packet_type + ")"); recipientChannelID = tr.readUINT32(); reasonCode = tr.readUINT32(); description = tr.readString(); languageTag = tr.readString(); if (tr.remain() != 0) throw new IOException("Padding in SSH_MSG_CHANNEL_OPEN_FAILURE packet!"); } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_CHANNEL_OPEN_FAILURE); tw.writeUINT32(recipientChannelID); tw.writeUINT32(reasonCode); tw.writeString(description); tw.writeString(languageTag); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketChannelSuccess.java000066400000000000000000000012541370551253600320700ustar00rootroot00000000000000/* * Copyright (c) 2006-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; /** * PacketChannelSuccess. * * @author Christian Plattner * @version 2.8 */ public class PacketChannelSuccess { byte[] payload; public int recipientChannelID; public PacketChannelSuccess(int recipientChannelID) { this.recipientChannelID = recipientChannelID; } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_CHANNEL_SUCCESS); tw.writeUINT32(recipientChannelID); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketChannelWindowAdjust.java000066400000000000000000000027111370551253600331010ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; /** * PacketChannelWindowAdjust. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketChannelWindowAdjust { byte[] payload; public int recipientChannelID; public int windowChange; public PacketChannelWindowAdjust(int recipientChannelID, int windowChange) { this.recipientChannelID = recipientChannelID; this.windowChange = windowChange; } public PacketChannelWindowAdjust(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_CHANNEL_WINDOW_ADJUST) throw new IOException( "This is not a SSH_MSG_CHANNEL_WINDOW_ADJUST! (" + packet_type + ")"); recipientChannelID = tr.readUINT32(); windowChange = tr.readUINT32(); if (tr.remain() != 0) throw new IOException("Padding in SSH_MSG_CHANNEL_WINDOW_ADJUST packet!"); } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_CHANNEL_WINDOW_ADJUST); tw.writeUINT32(recipientChannelID); tw.writeUINT32(windowChange); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketDisconnect.java000066400000000000000000000023641370551253600312630ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; /** * PacketDisconnect. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketDisconnect { byte[] payload; int reason; String desc; String lang; public PacketDisconnect(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_DISCONNECT) throw new IOException("This is not a Disconnect Packet! (" + packet_type + ")"); reason = tr.readUINT32(); desc = tr.readString(); lang = tr.readString(); } public PacketDisconnect(int reason, String desc, String lang) { this.reason = reason; this.desc = desc; this.lang = lang; } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_DISCONNECT); tw.writeUINT32(reason); tw.writeString(desc); tw.writeString(lang); payload = tw.getBytes(); } return payload; } } PacketGlobalCancelForwardRequest.java000066400000000000000000000016641370551253600343210ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; /** * PacketGlobalCancelForwardRequest. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketGlobalCancelForwardRequest { byte[] payload; public boolean wantReply; public String bindAddress; public int bindPort; public PacketGlobalCancelForwardRequest(boolean wantReply, String bindAddress, int bindPort) { this.wantReply = wantReply; this.bindAddress = bindAddress; this.bindPort = bindPort; } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_GLOBAL_REQUEST); tw.writeString("cancel-tcpip-forward"); tw.writeBoolean(wantReply); tw.writeString(bindAddress); tw.writeUINT32(bindPort); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketGlobalForwardRequest.java000066400000000000000000000016331370551253600332660ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; /** * PacketGlobalForwardRequest. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketGlobalForwardRequest { byte[] payload; public boolean wantReply; public String bindAddress; public int bindPort; public PacketGlobalForwardRequest(boolean wantReply, String bindAddress, int bindPort) { this.wantReply = wantReply; this.bindAddress = bindAddress; this.bindPort = bindPort; } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_GLOBAL_REQUEST); tw.writeString("tcpip-forward"); tw.writeBoolean(wantReply); tw.writeString(bindAddress); tw.writeUINT32(bindPort); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketIgnore.java000066400000000000000000000022171370551253600304120ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; /** * PacketIgnore. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketIgnore { byte[] payload; byte[] data; public void setData(byte[] data) { this.data = data; payload = null; } public PacketIgnore() { } public PacketIgnore(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_IGNORE) throw new IOException("This is not a SSH_MSG_IGNORE packet! (" + packet_type + ")"); /* Could parse String body */ } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_IGNORE); if (data != null) tw.writeString(data, 0, data.length); else tw.writeString(""); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketKexDHInit.java000066400000000000000000000022711370551253600307560ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; import java.math.BigInteger; /** * PacketKexDHInit. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketKexDHInit { byte[] payload; BigInteger e; public PacketKexDHInit(BigInteger e) { this.e = e; } public PacketKexDHInit(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_KEXDH_INIT) throw new IOException("This is not a SSH_MSG_KEXDH_INIT! (" + packet_type + ")"); e = tr.readMPINT(); if (tr.remain() != 0) throw new IOException("PADDING IN SSH_MSG_KEXDH_INIT!"); } public BigInteger getE() { return e; } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_KEXDH_INIT); tw.writeMPInt(e); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketKexDHReply.java000066400000000000000000000031261370551253600311460ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; import java.math.BigInteger; /** * PacketKexDHReply. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketKexDHReply { byte[] payload; byte[] hostKey; BigInteger f; byte[] signature; public PacketKexDHReply(byte[] hostKey, BigInteger f, byte[] signature) { this.hostKey = hostKey; this.f = f; this.signature = signature; } public PacketKexDHReply(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_KEXDH_REPLY) throw new IOException("This is not a SSH_MSG_KEXDH_REPLY! (" + packet_type + ")"); hostKey = tr.readByteString(); f = tr.readMPINT(); signature = tr.readByteString(); if (tr.remain() != 0) throw new IOException("PADDING IN SSH_MSG_KEXDH_REPLY!"); } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_KEXDH_REPLY); tw.writeString(hostKey, 0, hostKey.length); tw.writeMPInt(f); tw.writeString(signature, 0, signature.length); payload = tw.getBytes(); } return payload; } public BigInteger getF() { return f; } public byte[] getHostKey() { return hostKey; } public byte[] getSignature() { return signature; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexGroup.java000066400000000000000000000020541370551253600316520ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; import java.math.BigInteger; /** * PacketKexDhGexGroup. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketKexDhGexGroup { byte[] payload; BigInteger p; BigInteger g; public PacketKexDhGexGroup(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_KEX_DH_GEX_GROUP) throw new IllegalArgumentException( "This is not a SSH_MSG_KEX_DH_GEX_GROUP! (" + packet_type + ")"); p = tr.readMPINT(); g = tr.readMPINT(); if (tr.remain() != 0) throw new IOException("PADDING IN SSH_MSG_KEX_DH_GEX_GROUP!"); } public BigInteger getG() { return g; } public BigInteger getP() { return p; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexInit.java000066400000000000000000000011771370551253600314660ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.math.BigInteger; /** * PacketKexDhGexInit. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketKexDhGexInit { byte[] payload; BigInteger e; public PacketKexDhGexInit(BigInteger e) { this.e = e; } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_KEX_DH_GEX_INIT); tw.writeMPInt(e); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexReply.java000066400000000000000000000022261370551253600316520ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; import java.math.BigInteger; /** * PacketKexDhGexReply. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketKexDhGexReply { byte[] payload; byte[] hostKey; BigInteger f; byte[] signature; public PacketKexDhGexReply(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_KEX_DH_GEX_REPLY) throw new IOException("This is not a SSH_MSG_KEX_DH_GEX_REPLY! (" + packet_type + ")"); hostKey = tr.readByteString(); f = tr.readMPINT(); signature = tr.readByteString(); if (tr.remain() != 0) throw new IOException("PADDING IN SSH_MSG_KEX_DH_GEX_REPLY!"); } public BigInteger getF() { return f; } public byte[] getHostKey() { return hostKey; } public byte[] getSignature() { return signature; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexRequest.java000066400000000000000000000014741370551253600322130ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import ch.ethz.ssh2.DHGexParameters; /** * PacketKexDhGexRequest. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketKexDhGexRequest { byte[] payload; int min; int n; int max; public PacketKexDhGexRequest(DHGexParameters para) { this.min = para.getMin_group_len(); this.n = para.getPref_group_len(); this.max = para.getMax_group_len(); } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_KEX_DH_GEX_REQUEST); tw.writeUINT32(min); tw.writeUINT32(n); tw.writeUINT32(max); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketKexDhGexRequestOld.java000066400000000000000000000012711370551253600326450ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import ch.ethz.ssh2.DHGexParameters; /** * PacketKexDhGexRequestOld. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketKexDhGexRequestOld { byte[] payload; int n; public PacketKexDhGexRequestOld(DHGexParameters para) { this.n = para.getPref_group_len(); } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_KEX_DH_GEX_REQUEST_OLD); tw.writeUINT32(n); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketKexInit.java000066400000000000000000000110701370551253600305370ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; import java.security.SecureRandom; import ch.ethz.ssh2.crypto.CryptoWishList; import ch.ethz.ssh2.transport.KexParameters; /** * PacketKexInit. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketKexInit { byte[] payload; KexParameters kp = new KexParameters(); public PacketKexInit(CryptoWishList cwl, SecureRandom rnd) { kp.cookie = new byte[16]; rnd.nextBytes(kp.cookie); kp.kex_algorithms = cwl.kexAlgorithms; kp.server_host_key_algorithms = cwl.serverHostKeyAlgorithms; kp.encryption_algorithms_client_to_server = cwl.c2s_enc_algos; kp.encryption_algorithms_server_to_client = cwl.s2c_enc_algos; kp.mac_algorithms_client_to_server = cwl.c2s_mac_algos; kp.mac_algorithms_server_to_client = cwl.s2c_mac_algos; kp.compression_algorithms_client_to_server = new String[] { "none" }; kp.compression_algorithms_server_to_client = new String[] { "none" }; kp.languages_client_to_server = new String[] {}; kp.languages_server_to_client = new String[] {}; kp.first_kex_packet_follows = false; kp.reserved_field1 = 0; } public PacketKexInit(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_KEXINIT) throw new IOException("This is not a KexInitPacket! (" + packet_type + ")"); kp.cookie = tr.readBytes(16); kp.kex_algorithms = tr.readNameList(); kp.server_host_key_algorithms = tr.readNameList(); kp.encryption_algorithms_client_to_server = tr.readNameList(); kp.encryption_algorithms_server_to_client = tr.readNameList(); kp.mac_algorithms_client_to_server = tr.readNameList(); kp.mac_algorithms_server_to_client = tr.readNameList(); kp.compression_algorithms_client_to_server = tr.readNameList(); kp.compression_algorithms_server_to_client = tr.readNameList(); kp.languages_client_to_server = tr.readNameList(); kp.languages_server_to_client = tr.readNameList(); kp.first_kex_packet_follows = tr.readBoolean(); kp.reserved_field1 = tr.readUINT32(); if (tr.remain() != 0) throw new IOException("Padding in KexInitPacket!"); } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_KEXINIT); tw.writeBytes(kp.cookie, 0, 16); tw.writeNameList(kp.kex_algorithms); tw.writeNameList(kp.server_host_key_algorithms); tw.writeNameList(kp.encryption_algorithms_client_to_server); tw.writeNameList(kp.encryption_algorithms_server_to_client); tw.writeNameList(kp.mac_algorithms_client_to_server); tw.writeNameList(kp.mac_algorithms_server_to_client); tw.writeNameList(kp.compression_algorithms_client_to_server); tw.writeNameList(kp.compression_algorithms_server_to_client); tw.writeNameList(kp.languages_client_to_server); tw.writeNameList(kp.languages_server_to_client); tw.writeBoolean(kp.first_kex_packet_follows); tw.writeUINT32(kp.reserved_field1); payload = tw.getBytes(); } return payload; } public KexParameters getKexParameters() { return kp; } public String[] getCompression_algorithms_client_to_server() { return kp.compression_algorithms_client_to_server; } public String[] getCompression_algorithms_server_to_client() { return kp.compression_algorithms_server_to_client; } public byte[] getCookie() { return kp.cookie; } public String[] getEncryption_algorithms_client_to_server() { return kp.encryption_algorithms_client_to_server; } public String[] getEncryption_algorithms_server_to_client() { return kp.encryption_algorithms_server_to_client; } public boolean isFirst_kex_packet_follows() { return kp.first_kex_packet_follows; } public String[] getKex_algorithms() { return kp.kex_algorithms; } public String[] getLanguages_client_to_server() { return kp.languages_client_to_server; } public String[] getLanguages_server_to_client() { return kp.languages_server_to_client; } public String[] getMac_algorithms_client_to_server() { return kp.mac_algorithms_client_to_server; } public String[] getMac_algorithms_server_to_client() { return kp.mac_algorithms_server_to_client; } public int getReserved_field1() { return kp.reserved_field1; } public String[] getServer_host_key_algorithms() { return kp.server_host_key_algorithms; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketNewKeys.java000066400000000000000000000020161370551253600305510ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; /** * PacketNewKeys. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketNewKeys { byte[] payload; public PacketNewKeys() { } public PacketNewKeys(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_NEWKEYS) throw new IOException("This is not a SSH_MSG_NEWKEYS! (" + packet_type + ")"); if (tr.remain() != 0) throw new IOException("Padding in SSH_MSG_NEWKEYS packet!"); } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_NEWKEYS); payload = tw.getBytes(); } return payload; } } PacketOpenDirectTCPIPChannel.java000066400000000000000000000027031370551253600332350ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; /** * PacketOpenDirectTCPIPChannel. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketOpenDirectTCPIPChannel { byte[] payload; int channelID; int initialWindowSize; int maxPacketSize; String host_to_connect; int port_to_connect; String originator_IP_address; int originator_port; public PacketOpenDirectTCPIPChannel(int channelID, int initialWindowSize, int maxPacketSize, String host_to_connect, int port_to_connect, String originator_IP_address, int originator_port) { this.channelID = channelID; this.initialWindowSize = initialWindowSize; this.maxPacketSize = maxPacketSize; this.host_to_connect = host_to_connect; this.port_to_connect = port_to_connect; this.originator_IP_address = originator_IP_address; this.originator_port = originator_port; } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_CHANNEL_OPEN); tw.writeString("direct-tcpip"); tw.writeUINT32(channelID); tw.writeUINT32(initialWindowSize); tw.writeUINT32(maxPacketSize); tw.writeString(host_to_connect); tw.writeUINT32(port_to_connect); tw.writeString(originator_IP_address); tw.writeUINT32(originator_port); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketOpenSessionChannel.java000066400000000000000000000030321370551253600327210ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; /** * PacketOpenSessionChannel. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketOpenSessionChannel { byte[] payload; int channelID; int initialWindowSize; int maxPacketSize; public PacketOpenSessionChannel(int channelID, int initialWindowSize, int maxPacketSize) { this.channelID = channelID; this.initialWindowSize = initialWindowSize; this.maxPacketSize = maxPacketSize; } public PacketOpenSessionChannel(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_CHANNEL_OPEN) throw new IOException("This is not a SSH_MSG_CHANNEL_OPEN! (" + packet_type + ")"); channelID = tr.readUINT32(); initialWindowSize = tr.readUINT32(); maxPacketSize = tr.readUINT32(); if (tr.remain() != 0) throw new IOException("Padding in SSH_MSG_CHANNEL_OPEN packet!"); } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_CHANNEL_OPEN); tw.writeString("session"); tw.writeUINT32(channelID); tw.writeUINT32(initialWindowSize); tw.writeUINT32(maxPacketSize); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketServiceAccept.java000066400000000000000000000022471370551253600317120ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; /** * PacketServiceAccept. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketServiceAccept { byte[] payload; String serviceName; public PacketServiceAccept(String serviceName) { this.serviceName = serviceName; } public PacketServiceAccept(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_SERVICE_ACCEPT) throw new IOException("This is not a SSH_MSG_SERVICE_ACCEPT! (" + packet_type + ")"); serviceName = ""; if (tr.remain() != 0) { serviceName = tr.readString(); } } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_SERVICE_ACCEPT); tw.writeString(serviceName); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketServiceRequest.java000066400000000000000000000024231370551253600321370ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; /** * PacketServiceRequest. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketServiceRequest { byte[] payload; String serviceName; public PacketServiceRequest(String serviceName) { this.serviceName = serviceName; } public String getServiceName() { return serviceName; } public PacketServiceRequest(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_SERVICE_REQUEST) throw new IOException("This is not a SSH_MSG_SERVICE_REQUEST! (" + packet_type + ")"); serviceName = tr.readString(); if (tr.remain() != 0) throw new IOException("Padding in SSH_MSG_SERVICE_REQUEST packet!"); } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_SERVICE_REQUEST); tw.writeString(serviceName); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketSessionExecCommand.java000066400000000000000000000021761370551253600327220ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; import java.io.UnsupportedEncodingException; /** * PacketSessionExecCommand. * * @author Christian Plattner * @version $Id$ */ public class PacketSessionExecCommand { byte[] payload; public int recipientChannelID; public boolean wantReply; public String command; public PacketSessionExecCommand(int recipientChannelID, boolean wantReply, String command) { this.recipientChannelID = recipientChannelID; this.wantReply = wantReply; this.command = command; } public byte[] getPayload() throws IOException { return this.getPayload(null); } public byte[] getPayload(String charsetName) throws UnsupportedEncodingException { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_CHANNEL_REQUEST); tw.writeUINT32(recipientChannelID); tw.writeString("exec"); tw.writeBoolean(wantReply); tw.writeString(command, charsetName); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketSessionPtyRequest.java000066400000000000000000000030331370551253600326550ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; /** * PacketSessionPtyRequest. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketSessionPtyRequest { byte[] payload; public int recipientChannelID; public boolean wantReply; public String term; public int character_width; public int character_height; public int pixel_width; public int pixel_height; public byte[] terminal_modes; public PacketSessionPtyRequest(int recipientChannelID, boolean wantReply, String term, int character_width, int character_height, int pixel_width, int pixel_height, byte[] terminal_modes) { this.recipientChannelID = recipientChannelID; this.wantReply = wantReply; this.term = term; this.character_width = character_width; this.character_height = character_height; this.pixel_width = pixel_width; this.pixel_height = pixel_height; this.terminal_modes = terminal_modes; } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_CHANNEL_REQUEST); tw.writeUINT32(recipientChannelID); tw.writeString("pty-req"); tw.writeBoolean(wantReply); tw.writeString(term); tw.writeUINT32(character_width); tw.writeUINT32(character_height); tw.writeUINT32(pixel_width); tw.writeUINT32(pixel_height); tw.writeString(terminal_modes, 0, terminal_modes.length); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketSessionStartShell.java000066400000000000000000000015061370551253600326200ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; /** * PacketSessionStartShell. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketSessionStartShell { byte[] payload; public int recipientChannelID; public boolean wantReply; public PacketSessionStartShell(int recipientChannelID, boolean wantReply) { this.recipientChannelID = recipientChannelID; this.wantReply = wantReply; } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_CHANNEL_REQUEST); tw.writeUINT32(recipientChannelID); tw.writeString("shell"); tw.writeBoolean(wantReply); payload = tw.getBytes(); } return payload; } } PacketSessionSubsystemRequest.java000066400000000000000000000017361370551253600340300ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; /** * PacketSessionSubsystemRequest. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketSessionSubsystemRequest { byte[] payload; public int recipientChannelID; public boolean wantReply; public String subsystem; public PacketSessionSubsystemRequest(int recipientChannelID, boolean wantReply, String subsystem) { this.recipientChannelID = recipientChannelID; this.wantReply = wantReply; this.subsystem = subsystem; } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_CHANNEL_REQUEST); tw.writeUINT32(recipientChannelID); tw.writeString("subsystem"); tw.writeBoolean(wantReply); tw.writeString(subsystem); payload = tw.getBytes(); tw.getBytes(payload); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketSessionX11Request.java000066400000000000000000000026561370551253600324640ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; /** * PacketSessionX11Request. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketSessionX11Request { byte[] payload; public int recipientChannelID; public boolean wantReply; public boolean singleConnection; String x11AuthenticationProtocol; String x11AuthenticationCookie; int x11ScreenNumber; public PacketSessionX11Request(int recipientChannelID, boolean wantReply, boolean singleConnection, String x11AuthenticationProtocol, String x11AuthenticationCookie, int x11ScreenNumber) { this.recipientChannelID = recipientChannelID; this.wantReply = wantReply; this.singleConnection = singleConnection; this.x11AuthenticationProtocol = x11AuthenticationProtocol; this.x11AuthenticationCookie = x11AuthenticationCookie; this.x11ScreenNumber = x11ScreenNumber; } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_CHANNEL_REQUEST); tw.writeUINT32(recipientChannelID); tw.writeString("x11-req"); tw.writeBoolean(wantReply); tw.writeBoolean(singleConnection); tw.writeString(x11AuthenticationProtocol); tw.writeString(x11AuthenticationCookie); tw.writeUINT32(x11ScreenNumber); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketUserauthBanner.java000066400000000000000000000025571370551253600321240ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; /** * PacketUserauthBanner. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketUserauthBanner { byte[] payload; String message; String language; public PacketUserauthBanner(String message, String language) { this.message = message; this.language = language; } public String getBanner() { return message; } public PacketUserauthBanner(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_USERAUTH_BANNER) throw new IOException("This is not a SSH_MSG_USERAUTH_BANNER! (" + packet_type + ")"); message = tr.readString("UTF-8"); language = tr.readString(); if (tr.remain() != 0) throw new IOException("Padding in SSH_MSG_USERAUTH_REQUEST packet!"); } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_USERAUTH_BANNER); tw.writeString(message); tw.writeString(language); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketUserauthFailure.java000066400000000000000000000031031370551253600322720ustar00rootroot00000000000000/* * Copyright (c) 2006-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; /** * PacketUserauthBanner. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketUserauthFailure { byte[] payload; String[] authThatCanContinue; boolean partialSuccess; public PacketUserauthFailure(String[] authThatCanContinue, boolean partialSuccess) { this.authThatCanContinue = authThatCanContinue; this.partialSuccess = partialSuccess; } public PacketUserauthFailure(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_USERAUTH_FAILURE) throw new IOException("This is not a SSH_MSG_USERAUTH_FAILURE! (" + packet_type + ")"); authThatCanContinue = tr.readNameList(); partialSuccess = tr.readBoolean(); if (tr.remain() != 0) throw new IOException("Padding in SSH_MSG_USERAUTH_FAILURE packet!"); } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_USERAUTH_FAILURE); tw.writeNameList(authThatCanContinue); tw.writeBoolean(partialSuccess); payload = tw.getBytes(); } return payload; } public String[] getAuthThatCanContinue() { return authThatCanContinue; } public boolean isPartialSuccess() { return partialSuccess; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketUserauthInfoRequest.java000066400000000000000000000031371370551253600331560ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; /** * PacketUserauthInfoRequest. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketUserauthInfoRequest { byte[] payload; String name; String instruction; String languageTag; int numPrompts; String prompt[]; boolean echo[]; public PacketUserauthInfoRequest(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_USERAUTH_INFO_REQUEST) throw new IOException("This is not a SSH_MSG_USERAUTH_INFO_REQUEST! (" + packet_type + ")"); name = tr.readString(); instruction = tr.readString(); languageTag = tr.readString(); numPrompts = tr.readUINT32(); prompt = new String[numPrompts]; echo = new boolean[numPrompts]; for (int i = 0; i < numPrompts; i++) { prompt[i] = tr.readString(); echo[i] = tr.readBoolean(); } if (tr.remain() != 0) throw new IOException("Padding in SSH_MSG_USERAUTH_INFO_REQUEST packet!"); } public boolean[] getEcho() { return echo; } public String getInstruction() { return instruction; } public String getLanguageTag() { return languageTag; } public String getName() { return name; } public int getNumPrompts() { return numPrompts; } public String[] getPrompt() { return prompt; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketUserauthInfoResponse.java000066400000000000000000000013751370551253600333260ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; /** * PacketUserauthInfoResponse. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketUserauthInfoResponse { byte[] payload; String[] responses; public PacketUserauthInfoResponse(String[] responses) { this.responses = responses; } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_USERAUTH_INFO_RESPONSE); tw.writeUINT32(responses.length); for (int i = 0; i < responses.length; i++) tw.writeString(responses[i]); payload = tw.getBytes(); } return payload; } } PacketUserauthRequestInteractive.java000066400000000000000000000020201370551253600344470ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; /** * PacketUserauthRequestInteractive. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketUserauthRequestInteractive { byte[] payload; String userName; String serviceName; String[] submethods; public PacketUserauthRequestInteractive(String serviceName, String user, String[] submethods) { this.serviceName = serviceName; this.userName = user; this.submethods = submethods; } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST); tw.writeString(userName); tw.writeString(serviceName); tw.writeString("keyboard-interactive"); tw.writeString(""); // draft-ietf-secsh-newmodes-04.txt says that // the language tag should be empty. tw.writeNameList(submethods); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketUserauthRequestNone.java000066400000000000000000000030301370551253600331520ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; /** * PacketUserauthRequestPassword. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketUserauthRequestNone { byte[] payload; String userName; String serviceName; public PacketUserauthRequestNone(String serviceName, String user) { this.serviceName = serviceName; this.userName = user; } public PacketUserauthRequestNone(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_USERAUTH_REQUEST) throw new IOException("This is not a SSH_MSG_USERAUTH_REQUEST! (" + packet_type + ")"); userName = tr.readString(); serviceName = tr.readString(); String method = tr.readString(); if (method.equals("none") == false) throw new IOException("This is not a SSH_MSG_USERAUTH_REQUEST with type none!"); if (tr.remain() != 0) throw new IOException("Padding in SSH_MSG_USERAUTH_REQUEST packet!"); } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST); tw.writeString(userName); tw.writeString(serviceName); tw.writeString("none"); payload = tw.getBytes(); } return payload; } } PacketUserauthRequestPassword.java000066400000000000000000000032561370551253600340100ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; /** * PacketUserauthRequestPassword. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketUserauthRequestPassword { byte[] payload; String userName; String serviceName; String password; public PacketUserauthRequestPassword(String serviceName, String user, String pass) { this.serviceName = serviceName; this.userName = user; this.password = pass; } public PacketUserauthRequestPassword(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_USERAUTH_REQUEST) throw new IOException("This is not a SSH_MSG_USERAUTH_REQUEST! (" + packet_type + ")"); userName = tr.readString(); serviceName = tr.readString(); String method = tr.readString(); if (method.equals("password") == false) throw new IOException("This is not a SSH_MSG_USERAUTH_REQUEST with type password!"); /* ... */ if (tr.remain() != 0) throw new IOException("Padding in SSH_MSG_USERAUTH_REQUEST packet!"); } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST); tw.writeString(userName); tw.writeString(serviceName); tw.writeString("password"); tw.writeBoolean(false); tw.writeString(password); payload = tw.getBytes(); } return payload; } } PacketUserauthRequestPublicKey.java000066400000000000000000000031341370551253600340700ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; /** * PacketUserauthRequestPublicKey. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class PacketUserauthRequestPublicKey { byte[] payload; String userName; String serviceName; String password; String pkAlgoName; byte[] pk; byte[] sig; public PacketUserauthRequestPublicKey(String serviceName, String user, String pkAlgorithmName, byte[] pk, byte[] sig) { this.serviceName = serviceName; this.userName = user; this.pkAlgoName = pkAlgorithmName; this.pk = pk; this.sig = sig; } public PacketUserauthRequestPublicKey(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_USERAUTH_REQUEST) throw new IOException("This is not a SSH_MSG_USERAUTH_REQUEST! (" + packet_type + ")"); throw new IOException("Not implemented!"); } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST); tw.writeString(userName); tw.writeString(serviceName); tw.writeString("publickey"); tw.writeBoolean(true); tw.writeString(pkAlgoName); tw.writeString(pk, 0, pk.length); tw.writeString(sig, 0, sig.length); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketUserauthSuccess.java000066400000000000000000000020641370551253600323200ustar00rootroot00000000000000/* * Copyright (c) 2006-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; /** * PacketUserauthBanner. * * @author Christian Plattner */ public class PacketUserauthSuccess { byte[] payload; public PacketUserauthSuccess() { } public PacketUserauthSuccess(byte payload[], int off, int len) throws IOException { this.payload = new byte[len]; System.arraycopy(payload, off, this.payload, 0, len); TypesReader tr = new TypesReader(payload, off, len); int packet_type = tr.readByte(); if (packet_type != Packets.SSH_MSG_USERAUTH_SUCCESS) throw new IOException("This is not a SSH_MSG_USERAUTH_SUCCESS! (" + packet_type + ")"); if (tr.remain() != 0) throw new IOException("Padding in SSH_MSG_USERAUTH_SUCCESS packet!"); } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_USERAUTH_SUCCESS); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/PacketWindowChange.java000066400000000000000000000024271370551253600315470ustar00rootroot00000000000000package ch.ethz.ssh2.packets; /** * Indicates that that size of the terminal (window) size has changed on the client side. * * See section 6.7 of RFC 4254. * * @author Kohsuke Kawaguchi */ public class PacketWindowChange { byte[] payload; public int recipientChannelID; public int character_width; public int character_height; public int pixel_width; public int pixel_height; public PacketWindowChange(int recipientChannelID, int character_width, int character_height, int pixel_width, int pixel_height) { this.recipientChannelID = recipientChannelID; this.character_width = character_width; this.character_height = character_height; this.pixel_width = pixel_width; this.pixel_height = pixel_height; } public byte[] getPayload() { if (payload == null) { TypesWriter tw = new TypesWriter(); tw.writeByte(Packets.SSH_MSG_CHANNEL_REQUEST); tw.writeUINT32(recipientChannelID); tw.writeString("window-change"); tw.writeBoolean(false); tw.writeUINT32(character_width); tw.writeUINT32(character_height); tw.writeUINT32(pixel_width); tw.writeUINT32(pixel_height); payload = tw.getBytes(); } return payload; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/Packets.java000066400000000000000000000133421370551253600274320ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; /** * Packets. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class Packets { public static final int SSH_MSG_DISCONNECT = 1; public static final int SSH_MSG_IGNORE = 2; public static final int SSH_MSG_UNIMPLEMENTED = 3; public static final int SSH_MSG_DEBUG = 4; public static final int SSH_MSG_SERVICE_REQUEST = 5; public static final int SSH_MSG_SERVICE_ACCEPT = 6; public static final int SSH_MSG_KEXINIT = 20; public static final int SSH_MSG_NEWKEYS = 21; public static final int SSH_MSG_KEXDH_INIT = 30; public static final int SSH_MSG_KEXDH_REPLY = 31; public static final int SSH_MSG_KEX_DH_GEX_REQUEST_OLD = 30; public static final int SSH_MSG_KEX_DH_GEX_REQUEST = 34; public static final int SSH_MSG_KEX_DH_GEX_GROUP = 31; public static final int SSH_MSG_KEX_DH_GEX_INIT = 32; public static final int SSH_MSG_KEX_DH_GEX_REPLY = 33; public static final int SSH_MSG_USERAUTH_REQUEST = 50; public static final int SSH_MSG_USERAUTH_FAILURE = 51; public static final int SSH_MSG_USERAUTH_SUCCESS = 52; public static final int SSH_MSG_USERAUTH_BANNER = 53; public static final int SSH_MSG_USERAUTH_INFO_REQUEST = 60; public static final int SSH_MSG_USERAUTH_INFO_RESPONSE = 61; public static final int SSH_MSG_GLOBAL_REQUEST = 80; public static final int SSH_MSG_REQUEST_SUCCESS = 81; public static final int SSH_MSG_REQUEST_FAILURE = 82; public static final int SSH_MSG_CHANNEL_OPEN = 90; public static final int SSH_MSG_CHANNEL_OPEN_CONFIRMATION = 91; public static final int SSH_MSG_CHANNEL_OPEN_FAILURE = 92; public static final int SSH_MSG_CHANNEL_WINDOW_ADJUST = 93; public static final int SSH_MSG_CHANNEL_DATA = 94; public static final int SSH_MSG_CHANNEL_EXTENDED_DATA = 95; public static final int SSH_MSG_CHANNEL_EOF = 96; public static final int SSH_MSG_CHANNEL_CLOSE = 97; public static final int SSH_MSG_CHANNEL_REQUEST = 98; public static final int SSH_MSG_CHANNEL_SUCCESS = 99; public static final int SSH_MSG_CHANNEL_FAILURE = 100; public static final int SSH_EXTENDED_DATA_STDERR = 1; public static final int SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT = 1; public static final int SSH_DISCONNECT_PROTOCOL_ERROR = 2; public static final int SSH_DISCONNECT_KEY_EXCHANGE_FAILED = 3; public static final int SSH_DISCONNECT_RESERVED = 4; public static final int SSH_DISCONNECT_MAC_ERROR = 5; public static final int SSH_DISCONNECT_COMPRESSION_ERROR = 6; public static final int SSH_DISCONNECT_SERVICE_NOT_AVAILABLE = 7; public static final int SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED = 8; public static final int SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE = 9; public static final int SSH_DISCONNECT_CONNECTION_LOST = 10; public static final int SSH_DISCONNECT_BY_APPLICATION = 11; public static final int SSH_DISCONNECT_TOO_MANY_CONNECTIONS = 12; public static final int SSH_DISCONNECT_AUTH_CANCELLED_BY_USER = 13; public static final int SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE = 14; public static final int SSH_DISCONNECT_ILLEGAL_USER_NAME = 15; public static final int SSH_OPEN_ADMINISTRATIVELY_PROHIBITED = 1; public static final int SSH_OPEN_CONNECT_FAILED = 2; public static final int SSH_OPEN_UNKNOWN_CHANNEL_TYPE = 3; public static final int SSH_OPEN_RESOURCE_SHORTAGE = 4; private static final String[] reverseNames = new String[101]; static { reverseNames[1] = "SSH_MSG_DISCONNECT"; reverseNames[2] = "SSH_MSG_IGNORE"; reverseNames[3] = "SSH_MSG_UNIMPLEMENTED"; reverseNames[4] = "SSH_MSG_DEBUG"; reverseNames[5] = "SSH_MSG_SERVICE_REQUEST"; reverseNames[6] = "SSH_MSG_SERVICE_ACCEPT"; reverseNames[20] = "SSH_MSG_KEXINIT"; reverseNames[21] = "SSH_MSG_NEWKEYS"; reverseNames[30] = "SSH_MSG_KEXDH_INIT"; reverseNames[31] = "SSH_MSG_KEXDH_REPLY/SSH_MSG_KEX_DH_GEX_GROUP"; reverseNames[32] = "SSH_MSG_KEX_DH_GEX_INIT"; reverseNames[33] = "SSH_MSG_KEX_DH_GEX_REPLY"; reverseNames[34] = "SSH_MSG_KEX_DH_GEX_REQUEST"; reverseNames[50] = "SSH_MSG_USERAUTH_REQUEST"; reverseNames[51] = "SSH_MSG_USERAUTH_FAILURE"; reverseNames[52] = "SSH_MSG_USERAUTH_SUCCESS"; reverseNames[53] = "SSH_MSG_USERAUTH_BANNER"; reverseNames[60] = "SSH_MSG_USERAUTH_INFO_REQUEST"; reverseNames[61] = "SSH_MSG_USERAUTH_INFO_RESPONSE"; reverseNames[80] = "SSH_MSG_GLOBAL_REQUEST"; reverseNames[81] = "SSH_MSG_REQUEST_SUCCESS"; reverseNames[82] = "SSH_MSG_REQUEST_FAILURE"; reverseNames[90] = "SSH_MSG_CHANNEL_OPEN"; reverseNames[91] = "SSH_MSG_CHANNEL_OPEN_CONFIRMATION"; reverseNames[92] = "SSH_MSG_CHANNEL_OPEN_FAILURE"; reverseNames[93] = "SSH_MSG_CHANNEL_WINDOW_ADJUST"; reverseNames[94] = "SSH_MSG_CHANNEL_DATA"; reverseNames[95] = "SSH_MSG_CHANNEL_EXTENDED_DATA"; reverseNames[96] = "SSH_MSG_CHANNEL_EOF"; reverseNames[97] = "SSH_MSG_CHANNEL_CLOSE"; reverseNames[98] = "SSH_MSG_CHANNEL_REQUEST"; reverseNames[99] = "SSH_MSG_CHANNEL_SUCCESS"; reverseNames[100] = "SSH_MSG_CHANNEL_FAILURE"; } public static final String getMessageName(int type) { String res = null; if ((type >= 0) && (type < reverseNames.length)) { res = reverseNames[type]; } return (res == null) ? ("UNKNOWN MSG " + type) : res; } // public static final void debug(String tag, byte[] msg) // { // System.err.println(tag + " Type: " + msg[0] + ", LEN: " + msg.length); // // for (int i = 0; i < msg.length; i++) // { // if (((msg[i] >= 'a') && (msg[i] <= 'z')) || ((msg[i] >= 'A') && (msg[i] <= 'Z')) // || ((msg[i] >= '0') && (msg[i] <= '9')) || (msg[i] == ' ')) // System.err.print((char) msg[i]); // else // System.err.print("."); // } // System.err.println(); // System.err.flush(); // } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/TypesReader.java000066400000000000000000000073501370551253600302710ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.IOException; import java.math.BigInteger; import ch.ethz.ssh2.util.StringEncoder; import ch.ethz.ssh2.util.Tokenizer; /** * TypesReader. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class TypesReader { byte[] arr; int pos = 0; int max = 0; public TypesReader(byte[] arr) { this.arr = arr; pos = 0; max = arr.length; } public TypesReader(byte[] arr, int off) { this.arr = arr; this.pos = off; this.max = arr.length; if ((pos < 0) || (pos > arr.length)) throw new IllegalArgumentException("Illegal offset."); } public TypesReader(byte[] arr, int off, int len) { this.arr = arr; this.pos = off; this.max = off + len; if ((pos < 0) || (pos > arr.length)) throw new IllegalArgumentException("Illegal offset."); if ((max < 0) || (max > arr.length)) throw new IllegalArgumentException("Illegal length."); } public int readByte() throws IOException { if (pos >= max) throw new IOException("Packet too short."); return (arr[pos++] & 0xff); } public byte[] readBytes(int len) throws IOException { if ((pos + len) > max) throw new IOException("Packet too short."); byte[] res = new byte[len]; System.arraycopy(arr, pos, res, 0, len); pos += len; return res; } public void readBytes(byte[] dst, int off, int len) throws IOException { if ((pos + len) > max) throw new IOException("Packet too short."); System.arraycopy(arr, pos, dst, off, len); pos += len; } public boolean readBoolean() throws IOException { if (pos >= max) throw new IOException("Packet too short."); return (arr[pos++] != 0); } public int readUINT32() throws IOException { if ((pos + 4) > max) throw new IOException("Packet too short."); return ((arr[pos++] & 0xff) << 24) | ((arr[pos++] & 0xff) << 16) | ((arr[pos++] & 0xff) << 8) | (arr[pos++] & 0xff); } public long readUINT64() throws IOException { if ((pos + 8) > max) throw new IOException("Packet too short."); long high = ((arr[pos++] & 0xff) << 24) | ((arr[pos++] & 0xff) << 16) | ((arr[pos++] & 0xff) << 8) | (arr[pos++] & 0xff); /* sign extension may take place - will be shifted away =) */ long low = ((arr[pos++] & 0xff) << 24) | ((arr[pos++] & 0xff) << 16) | ((arr[pos++] & 0xff) << 8) | (arr[pos++] & 0xff); /* sign extension may take place - handle below */ return (high << 32) | (low & 0xffffffffl); /* see Java language spec (15.22.1, 5.6.2) */ } public BigInteger readMPINT() throws IOException { BigInteger b; byte raw[] = readByteString(); if (raw.length == 0) b = BigInteger.ZERO; else b = new BigInteger(raw); return b; } public byte[] readByteString() throws IOException { int len = readUINT32(); if ((len + pos) > max) throw new IOException("Malformed SSH byte string."); byte[] res = new byte[len]; System.arraycopy(arr, pos, res, 0, len); pos += len; return res; } public String readString(String charsetName) throws IOException { int len = readUINT32(); if ((len + pos) > max) throw new IOException("Malformed SSH string."); String res = (charsetName == null) ? new String(arr, pos, len) : new String(arr, pos, len, charsetName); pos += len; return res; } public String readString() throws IOException { int len = readUINT32(); if ((len + pos) > max) throw new IOException("Malformed SSH string."); String res = StringEncoder.GetString(arr, pos, len); pos += len; return res; } public String[] readNameList() throws IOException { return Tokenizer.parseTokens(readString(), ','); } public int remain() { return max - pos; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/packets/TypesWriter.java000066400000000000000000000060111370551253600303340ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.packets; import java.io.UnsupportedEncodingException; import java.math.BigInteger; import ch.ethz.ssh2.util.StringEncoder; /** * TypesWriter. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class TypesWriter { byte arr[]; int pos; public TypesWriter() { arr = new byte[256]; pos = 0; } private void resize(int len) { byte new_arr[] = new byte[len]; System.arraycopy(arr, 0, new_arr, 0, arr.length); arr = new_arr; } public int length() { return pos; } public byte[] getBytes() { byte[] dst = new byte[pos]; System.arraycopy(arr, 0, dst, 0, pos); return dst; } public void getBytes(byte dst[]) { System.arraycopy(arr, 0, dst, 0, pos); } public void writeUINT32(int val, int off) { if ((off + 4) > arr.length) resize(off + 32); arr[off++] = (byte) (val >> 24); arr[off++] = (byte) (val >> 16); arr[off++] = (byte) (val >> 8); arr[off++] = (byte) val; } public void writeUINT32(int val) { writeUINT32(val, pos); pos += 4; } public void writeUINT64(long val) { if ((pos + 8) > arr.length) resize(arr.length + 32); arr[pos++] = (byte) (val >> 56); arr[pos++] = (byte) (val >> 48); arr[pos++] = (byte) (val >> 40); arr[pos++] = (byte) (val >> 32); arr[pos++] = (byte) (val >> 24); arr[pos++] = (byte) (val >> 16); arr[pos++] = (byte) (val >> 8); arr[pos++] = (byte) val; } public void writeBoolean(boolean v) { if ((pos + 1) > arr.length) resize(arr.length + 32); arr[pos++] = v ? (byte) 1 : (byte) 0; } public void writeByte(int v, int off) { if ((off + 1) > arr.length) resize(off + 32); arr[off] = (byte) v; } public void writeByte(int v) { writeByte(v, pos); pos++; } public void writeMPInt(BigInteger b) { byte raw[] = b.toByteArray(); if ((raw.length == 1) && (raw[0] == 0)) writeUINT32(0); /* String with zero bytes of data */ else writeString(raw, 0, raw.length); } public void writeBytes(byte[] buff) { writeBytes(buff, 0, buff.length); } public void writeBytes(byte[] buff, int off, int len) { if ((pos + len) > arr.length) resize(arr.length + len + 32); System.arraycopy(buff, off, arr, pos, len); pos += len; } public void writeString(byte[] buff, int off, int len) { writeUINT32(len); writeBytes(buff, off, len); } public void writeString(String v) { byte[] b = StringEncoder.GetBytes(v); writeUINT32(b.length); writeBytes(b, 0, b.length); } public void writeString(String v, String charsetName) throws UnsupportedEncodingException { byte[] b = (charsetName == null) ? StringEncoder.GetBytes(v) : v.getBytes(charsetName); writeUINT32(b.length); writeBytes(b, 0, b.length); } public void writeNameList(String v[]) { StringBuilder sb = new StringBuilder(); for (int i = 0; i < v.length; i++) { if (i > 0) sb.append(','); sb.append(v[i]); } writeString(sb.toString()); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/server/000077500000000000000000000000001370551253600250465ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/server/ServerConnectionState.java000066400000000000000000000030211370551253600321740ustar00rootroot00000000000000/* * Copyright (c) 2006-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.server; import java.net.Socket; import java.security.SecureRandom; import ch.ethz.ssh2.ServerAuthenticationCallback; import ch.ethz.ssh2.ServerConnection; import ch.ethz.ssh2.ServerConnectionCallback; import ch.ethz.ssh2.auth.ServerAuthenticationManager; import ch.ethz.ssh2.channel.ChannelManager; import ch.ethz.ssh2.crypto.CryptoWishList; import ch.ethz.ssh2.signature.DSAPrivateKey; import ch.ethz.ssh2.signature.RSAPrivateKey; import ch.ethz.ssh2.transport.ClientServerHello; import ch.ethz.ssh2.transport.ServerTransportManager; public class ServerConnectionState { public ServerConnection conn; public SecureRandom generator = new SecureRandom(); public String softwareversion; //public String auth_banner = null; public ServerConnectionCallback cb_conn; public ServerAuthenticationCallback cb_auth; /* Settings for the next key exchange */ public CryptoWishList next_cryptoWishList = CryptoWishList.forServer(); public DSAPrivateKey next_dsa_key; public RSAPrivateKey next_rsa_key; public Socket s; public ClientServerHello csh; public ServerTransportManager tm; public ServerAuthenticationManager am; public ChannelManager cm; public boolean flag_auth_serviceRequested = false; public boolean flag_auth_completed = false; public ServerConnectionState(ServerConnection conn) { this.conn = conn; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/sftp/000077500000000000000000000000001370551253600245145ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/sftp/AttrTextHints.java000066400000000000000000000021231370551253600301420ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.sftp; /** * * Values for the 'text-hint' field in the SFTP ATTRS data type. * * @author Christian Plattner * @version 2.50, 03/15/10 * */ public class AttrTextHints { /** * The server knows the file is a text file, and should be opened * using the SSH_FXF_ACCESS_TEXT_MODE flag. */ public static final int SSH_FILEXFER_ATTR_KNOWN_TEXT = 0x00; /** * The server has applied a heuristic or other mechanism and * believes that the file should be opened with the * SSH_FXF_ACCESS_TEXT_MODE flag. */ public static final int SSH_FILEXFER_ATTR_GUESSED_TEXT = 0x01; /** * The server knows the file has binary content. */ public static final int SSH_FILEXFER_ATTR_KNOWN_BINARY = 0x02; /** * The server has applied a heuristic or other mechanism and * believes has binary content, and should not be opened with the * SSH_FXF_ACCESS_TEXT_MODE flag. */ public static final int SSH_FILEXFER_ATTR_GUESSED_BINARY = 0x03; } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/sftp/AttribBits.java000066400000000000000000000120531370551253600274270ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.sftp; /** * * SFTP Attribute Bits for the "attrib-bits" and "attrib-bits-valid" fields * of the SFTP ATTR data type. *

* Yes, these are the "attrib-bits", even though they have "_FLAGS_" in * their name. Don't ask - I did not invent it. *

* "These fields, taken together, reflect various attributes of the file * or directory, on the server. Bits not set in 'attrib-bits-valid' MUST be * ignored in the 'attrib-bits' field. This allows both the server and the * client to communicate only the bits it knows about without inadvertently * twiddling bits they don't understand." * * @author Christian Plattner * @version 2.50, 03/15/10 * */ public class AttribBits { /** * Advisory, read-only bit. This bit is not part of the access * control information on the file, but is rather an advisory field * indicating that the file should not be written. */ public static final int SSH_FILEXFER_ATTR_FLAGS_READONLY = 0x00000001; /** * The file is part of the operating system. */ public static final int SSH_FILEXFER_ATTR_FLAGS_SYSTEM = 0x00000002; /** * File SHOULD NOT be shown to user unless specifically requested. * For example, most UNIX systems SHOULD set this bit if the filename * begins with a 'period'. This bit may be read-only (see section 5.4 of * the SFTP standard draft). Most UNIX systems will not allow this to be * changed. */ public static final int SSH_FILEXFER_ATTR_FLAGS_HIDDEN = 0x00000004; /** * This attribute applies only to directories. This attribute is * always read-only, and cannot be modified. This attribute means * that files and directory names in this directory should be compared * without regard to case. *

* It is recommended that where possible, the server's filesystem be * allowed to do comparisons. For example, if a client wished to prompt * a user before overwriting a file, it should not compare the new name * with the previously retrieved list of names in the directory. Rather, * it should first try to create the new file by specifying * SSH_FXF_CREATE_NEW flag. Then, if this fails and returns * SSH_FX_FILE_ALREADY_EXISTS, it should prompt the user and then retry * the create specifying SSH_FXF_CREATE_TRUNCATE. *

* Unless otherwise specified, filenames are assumed to be case sensitive. */ public static final int SSH_FILEXFER_ATTR_FLAGS_CASE_INSENSITIVE = 0x00000008; /** * The file should be included in backup / archive operations. */ public static final int SSH_FILEXFER_ATTR_FLAGS_ARCHIVE = 0x00000010; /** * The file is stored on disk using file-system level transparent * encryption. This flag does not affect the file data on the wire * (for either READ or WRITE requests.) */ public static final int SSH_FILEXFER_ATTR_FLAGS_ENCRYPTED = 0x00000020; /** * The file is stored on disk using file-system level transparent * compression. This flag does not affect the file data on the wire. */ public static final int SSH_FILEXFER_ATTR_FLAGS_COMPRESSED = 0x00000040; /** * The file is a sparse file; this means that file blocks that have * not been explicitly written are not stored on disk. For example, if * a client writes a buffer at 10 M from the beginning of the file, * the blocks between the previous EOF marker and the 10 M offset would * not consume physical disk space. *

* Some servers may store all files as sparse files, in which case * this bit will be unconditionally set. Other servers may not have * a mechanism for determining if the file is sparse, and so the file * MAY be stored sparse even if this flag is not set. */ public static final int SSH_FILEXFER_ATTR_FLAGS_SPARSE = 0x00000080; /** * Opening the file without either the SSH_FXF_ACCESS_APPEND_DATA or * the SSH_FXF_ACCESS_APPEND_DATA_ATOMIC flag (see section 8.1.1.3 * of the SFTP standard draft) MUST result in an * SSH_FX_INVALID_PARAMETER error. */ public static final int SSH_FILEXFER_ATTR_FLAGS_APPEND_ONLY = 0x00000100; /** * The file cannot be deleted or renamed, no hard link can be created * to this file, and no data can be written to the file. *

* This bit implies a stronger level of protection than * SSH_FILEXFER_ATTR_FLAGS_READONLY, the file permission mask or ACLs. * Typically even the superuser cannot write to immutable files, and * only the superuser can set or remove the bit. */ public static final int SSH_FILEXFER_ATTR_FLAGS_IMMUTABLE = 0x00000200; /** * When the file is modified, the changes are written synchronously * to the disk. */ public static final int SSH_FILEXFER_ATTR_FLAGS_SYNC = 0x00000400; /** * The server MAY include this bit in a directory listing or realpath * response. It indicates there was a failure in the translation to UTF-8. * If this flag is included, the server SHOULD also include the * UNTRANSLATED_NAME attribute. */ public static final int SSH_FILEXFER_ATTR_FLAGS_TRANSLATION_ERR = 0x00000800; } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/sftp/AttribFlags.java000066400000000000000000000062021370551253600275610ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.sftp; /** * * Attribute Flags. The 'valid-attribute-flags' field in * the SFTP ATTRS data type specifies which of the fields are actually present. * * @author Christian Plattner * @version 2.50, 03/15/10 * */ public class AttribFlags { /** * Indicates that the 'allocation-size' field is present. */ public static final int SSH_FILEXFER_ATTR_SIZE = 0x00000001; /** Protocol version 6: * 0x00000002 was used in a previous version of this protocol. * It is now a reserved value and MUST NOT appear in the mask. * Some future version of this protocol may reuse this value. */ public static final int SSH_FILEXFER_ATTR_V3_UIDGID = 0x00000002; /** * Indicates that the 'permissions' field is present. */ public static final int SSH_FILEXFER_ATTR_PERMISSIONS = 0x00000004; /** * Indicates that the 'atime' and 'mtime' field are present * (protocol v3). */ public static final int SSH_FILEXFER_ATTR_V3_ACMODTIME = 0x00000008; /** * Indicates that the 'atime' field is present. */ public static final int SSH_FILEXFER_ATTR_ACCESSTIME = 0x00000008; /** * Indicates that the 'createtime' field is present. */ public static final int SSH_FILEXFER_ATTR_CREATETIME = 0x00000010; /** * Indicates that the 'mtime' field is present. */ public static final int SSH_FILEXFER_ATTR_MODIFYTIME = 0x00000020; /** * Indicates that the 'acl' field is present. */ public static final int SSH_FILEXFER_ATTR_ACL = 0x00000040; /** * Indicates that the 'owner' and 'group' fields are present. */ public static final int SSH_FILEXFER_ATTR_OWNERGROUP = 0x00000080; /** * Indicates that additionally to the 'atime', 'createtime', * 'mtime' and 'ctime' fields (if present), there is also * 'atime-nseconds', 'createtime-nseconds', 'mtime-nseconds' * and 'ctime-nseconds'. */ public static final int SSH_FILEXFER_ATTR_SUBSECOND_TIMES = 0x00000100; /** * Indicates that the 'attrib-bits' and 'attrib-bits-valid' * fields are present. */ public static final int SSH_FILEXFER_ATTR_BITS = 0x00000200; /** * Indicates that the 'allocation-size' field is present. */ public static final int SSH_FILEXFER_ATTR_ALLOCATION_SIZE = 0x00000400; /** * Indicates that the 'text-hint' field is present. */ public static final int SSH_FILEXFER_ATTR_TEXT_HINT = 0x00000800; /** * Indicates that the 'mime-type' field is present. */ public static final int SSH_FILEXFER_ATTR_MIME_TYPE = 0x00001000; /** * Indicates that the 'link-count' field is present. */ public static final int SSH_FILEXFER_ATTR_LINK_COUNT = 0x00002000; /** * Indicates that the 'untranslated-name' field is present. */ public static final int SSH_FILEXFER_ATTR_UNTRANSLATED_NAME = 0x00004000; /** * Indicates that the 'ctime' field is present. */ public static final int SSH_FILEXFER_ATTR_CTIME = 0x00008000; /** * Indicates that the 'extended-count' field (and probablby some * 'extensions') is present. */ public static final int SSH_FILEXFER_ATTR_EXTENDED = 0x80000000; } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/sftp/AttribPermissions.java000066400000000000000000000020531370551253600310400ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.sftp; /** * * Permissions for the 'permissions' field in the SFTP ATTRS data type. *

* "The 'permissions' field contains a bit mask specifying file permissions. * These permissions correspond to the st_mode field of the stat structure * defined by POSIX [IEEE.1003-1.1996]." * * @author Christian Plattner * @version 2.50, 03/15/10 * */ public class AttribPermissions { /* Octal values! */ public static final int S_IRUSR = 0400; public static final int S_IWUSR = 0200; public static final int S_IXUSR = 0100; public static final int S_IRGRP = 0040; public static final int S_IWGRP = 0020; public static final int S_IXGRP = 0010; public static final int S_IROTH = 0004; public static final int S_IWOTH = 0002; public static final int S_IXOTH = 0001; public static final int S_ISUID = 04000; public static final int S_ISGID = 02000; public static final int S_ISVTX = 01000; } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/sftp/AttribTypes.java000066400000000000000000000021221370551253600276260ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.sftp; /** * * Types for the 'type' field in the SFTP ATTRS data type. *

* "On a POSIX system, these values would be derived from the mode field * of the stat structure. SPECIAL should be used for files that are of * a known type which cannot be expressed in the protocol. UNKNOWN * should be used if the type is not known." * * @author Christian Plattner * @version 2.50, 03/15/10 * */ public class AttribTypes { public static final int SSH_FILEXFER_TYPE_REGULAR = 1; public static final int SSH_FILEXFER_TYPE_DIRECTORY = 2; public static final int SSH_FILEXFER_TYPE_SYMLINK = 3; public static final int SSH_FILEXFER_TYPE_SPECIAL = 4; public static final int SSH_FILEXFER_TYPE_UNKNOWN = 5; public static final int SSH_FILEXFER_TYPE_SOCKET = 6; public static final int SSH_FILEXFER_TYPE_CHAR_DEVICE = 7; public static final int SSH_FILEXFER_TYPE_BLOCK_DEVICE = 8; public static final int SSH_FILEXFER_TYPE_FIFO = 9; } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/sftp/ErrorCodes.java000066400000000000000000000131371370551253600274330ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.sftp; /** * * SFTP Error Codes * * @author Christian Plattner * @version 2.50, 03/15/10 * */ public class ErrorCodes { public static final int SSH_FX_OK = 0; public static final int SSH_FX_EOF = 1; public static final int SSH_FX_NO_SUCH_FILE = 2; public static final int SSH_FX_PERMISSION_DENIED = 3; public static final int SSH_FX_FAILURE = 4; public static final int SSH_FX_BAD_MESSAGE = 5; public static final int SSH_FX_NO_CONNECTION = 6; public static final int SSH_FX_CONNECTION_LOST = 7; public static final int SSH_FX_OP_UNSUPPORTED = 8; public static final int SSH_FX_INVALID_HANDLE = 9; public static final int SSH_FX_NO_SUCH_PATH = 10; public static final int SSH_FX_FILE_ALREADY_EXISTS = 11; public static final int SSH_FX_WRITE_PROTECT = 12; public static final int SSH_FX_NO_MEDIA = 13; public static final int SSH_FX_NO_SPACE_ON_FILESYSTEM = 14; public static final int SSH_FX_QUOTA_EXCEEDED = 15; public static final int SSH_FX_UNKNOWN_PRINCIPAL = 16; public static final int SSH_FX_LOCK_CONFLICT = 17; public static final int SSH_FX_DIR_NOT_EMPTY = 18; public static final int SSH_FX_NOT_A_DIRECTORY = 19; public static final int SSH_FX_INVALID_FILENAME = 20; public static final int SSH_FX_LINK_LOOP = 21; public static final int SSH_FX_CANNOT_DELETE = 22; public static final int SSH_FX_INVALID_PARAMETER = 23; public static final int SSH_FX_FILE_IS_A_DIRECTORY = 24; public static final int SSH_FX_BYTE_RANGE_LOCK_CONFLICT = 25; public static final int SSH_FX_BYTE_RANGE_LOCK_REFUSED = 26; public static final int SSH_FX_DELETE_PENDING = 27; public static final int SSH_FX_FILE_CORRUPT = 28; public static final int SSH_FX_OWNER_INVALID = 29; public static final int SSH_FX_GROUP_INVALID = 30; public static final int SSH_FX_NO_MATCHING_BYTE_RANGE_LOCK = 31; private static final String[][] messages = { { "SSH_FX_OK", "Indicates successful completion of the operation." }, { "SSH_FX_EOF", "An attempt to read past the end-of-file was made; or, there are no more directory entries to return." }, { "SSH_FX_NO_SUCH_FILE", "A reference was made to a file which does not exist." }, { "SSH_FX_PERMISSION_DENIED", "The user does not have sufficient permissions to perform the operation." }, { "SSH_FX_FAILURE", "An error occurred, but no specific error code exists to describe the failure." }, { "SSH_FX_BAD_MESSAGE", "A badly formatted packet or other SFTP protocol incompatibility was detected." }, { "SSH_FX_NO_CONNECTION", "There is no connection to the server." }, { "SSH_FX_CONNECTION_LOST", "The connection to the server was lost." }, { "SSH_FX_OP_UNSUPPORTED", "An attempted operation could not be completed by the server because the server does not support the operation." }, { "SSH_FX_INVALID_HANDLE", "The handle value was invalid." }, { "SSH_FX_NO_SUCH_PATH", "The file path does not exist or is invalid." }, { "SSH_FX_FILE_ALREADY_EXISTS", "The file already exists." }, { "SSH_FX_WRITE_PROTECT", "The file is on read-only media, or the media is write protected." }, { "SSH_FX_NO_MEDIA", "The requested operation cannot be completed because there is no media available in the drive." }, { "SSH_FX_NO_SPACE_ON_FILESYSTEM", "The requested operation cannot be completed because there is insufficient free space on the filesystem." }, { "SSH_FX_QUOTA_EXCEEDED", "The operation cannot be completed because it would exceed the user's storage quota." }, { "SSH_FX_UNKNOWN_PRINCIPAL", "A principal referenced by the request (either the 'owner', 'group', or 'who' field of an ACL), was unknown. The error specific data contains the problematic names." }, { "SSH_FX_LOCK_CONFLICT", "The file could not be opened because it is locked by another process." }, { "SSH_FX_DIR_NOT_EMPTY", "The directory is not empty." }, { "SSH_FX_NOT_A_DIRECTORY", "The specified file is not a directory." }, { "SSH_FX_INVALID_FILENAME", "The filename is not valid." }, { "SSH_FX_LINK_LOOP", "Too many symbolic links encountered or, an SSH_FXF_NOFOLLOW open encountered a symbolic link as the final component." }, { "SSH_FX_CANNOT_DELETE", "The file cannot be deleted. One possible reason is that the advisory READONLY attribute-bit is set." }, { "SSH_FX_INVALID_PARAMETER", "One of the parameters was out of range, or the parameters specified cannot be used together." }, { "SSH_FX_FILE_IS_A_DIRECTORY", "The specified file was a directory in a context where a directory cannot be used." }, { "SSH_FX_BYTE_RANGE_LOCK_CONFLICT", " A read or write operation failed because another process's mandatory byte-range lock overlaps with the request." }, { "SSH_FX_BYTE_RANGE_LOCK_REFUSED", "A request for a byte range lock was refused." }, { "SSH_FX_DELETE_PENDING", "An operation was attempted on a file for which a delete operation is pending." }, { "SSH_FX_FILE_CORRUPT", "The file is corrupt; an filesystem integrity check should be run." }, { "SSH_FX_OWNER_INVALID", "The principal specified can not be assigned as an owner of a file." }, { "SSH_FX_GROUP_INVALID", "The principal specified can not be assigned as the primary group of a file." }, { "SSH_FX_NO_MATCHING_BYTE_RANGE_LOCK", "The requested operation could not be completed because the specifed byte range lock has not been granted." }, }; public static final String[] getDescription(int errorCode) { if ((errorCode < 0) || (errorCode >= messages.length)) return null; return messages[errorCode]; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/sftp/OpenFlags.java000066400000000000000000000171271370551253600272450ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.sftp; /** * * SFTP Open Flags. * * The following table is provided to assist in mapping POSIX semantics * to equivalent SFTP file open parameters: *

* TODO: This comment should be moved to the open method. *

*

    *
  • O_RDONLY *
    • desired-access = READ_DATA | READ_ATTRIBUTES
    *
  • *
*
    *
  • O_WRONLY *
    • desired-access = WRITE_DATA | WRITE_ATTRIBUTES
    *
  • *
*
    *
  • O_RDWR *
    • desired-access = READ_DATA | READ_ATTRIBUTES | WRITE_DATA | WRITE_ATTRIBUTES
    *
  • *
*
    *
  • O_APPEND *
      *
    • desired-access = WRITE_DATA | WRITE_ATTRIBUTES | APPEND_DATA
    • *
    • flags = SSH_FXF_ACCESS_APPEND_DATA and or SSH_FXF_ACCESS_APPEND_DATA_ATOMIC
    • *
    *
  • *
*
    *
  • O_CREAT *
      *
    • flags = SSH_FXF_OPEN_OR_CREATE
    • *
    *
  • *
*
    *
  • O_TRUNC *
      *
    • flags = SSH_FXF_TRUNCATE_EXISTING
    • *
    *
  • *
*
    *
  • O_TRUNC|O_CREATE *
      *
    • flags = SSH_FXF_CREATE_TRUNCATE
    • *
    *
  • *
* * @author Christian Plattner * @version 2.50, 03/15/10 */ public class OpenFlags { /** * Disposition is a 3 bit field that controls how the file is opened. * The server MUST support these bits (possible enumaration values: * SSH_FXF_CREATE_NEW, SSH_FXF_CREATE_TRUNCATE, SSH_FXF_OPEN_EXISTING, * SSH_FXF_OPEN_OR_CREATE or SSH_FXF_TRUNCATE_EXISTING). */ public static final int SSH_FXF_ACCESS_DISPOSITION = 0x00000007; /** * A new file is created; if the file already exists, the server * MUST return status SSH_FX_FILE_ALREADY_EXISTS. */ public static final int SSH_FXF_CREATE_NEW = 0x00000000; /** * A new file is created; if the file already exists, it is opened * and truncated. */ public static final int SSH_FXF_CREATE_TRUNCATE = 0x00000001; /** * An existing file is opened. If the file does not exist, the * server MUST return SSH_FX_NO_SUCH_FILE. If a directory in the * path does not exist, the server SHOULD return * SSH_FX_NO_SUCH_PATH. It is also acceptable if the server * returns SSH_FX_NO_SUCH_FILE in this case. */ public static final int SSH_FXF_OPEN_EXISTING = 0x00000002; /** * If the file exists, it is opened. If the file does not exist, * it is created. */ public static final int SSH_FXF_OPEN_OR_CREATE = 0x00000003; /** * An existing file is opened and truncated. If the file does not * exist, the server MUST return the same error codes as defined * for SSH_FXF_OPEN_EXISTING. */ public static final int SSH_FXF_TRUNCATE_EXISTING = 0x00000004; /** * Data is always written at the end of the file. The offset field * of the SSH_FXP_WRITE requests are ignored. *

* Data is not required to be appended atomically. This means that * if multiple writers attempt to append data simultaneously, data * from the first may be lost. However, data MAY be appended * atomically. */ public static final int SSH_FXF_ACCESS_APPEND_DATA = 0x00000008; /** * Data is always written at the end of the file. The offset field * of the SSH_FXP_WRITE requests are ignored. *

* Data MUST be written atomically so that there is no chance that * multiple appenders can collide and result in data being lost. *

* If both append flags are specified, the server SHOULD use atomic * append if it is available, but SHOULD use non-atomic appends * otherwise. The server SHOULD NOT fail the request in this case. */ public static final int SSH_FXF_ACCESS_APPEND_DATA_ATOMIC = 0x00000010; /** * Indicates that the server should treat the file as text and * convert it to the canonical newline convention in use. * (See Determining Server Newline Convention in section 5.3 in the * SFTP standard draft). *

* When a file is opened with this flag, the offset field in the read * and write functions is ignored. *

* Servers MUST process multiple, parallel reads and writes correctly * in this mode. Naturally, it is permissible for them to do this by * serializing the requests. *

* Clients SHOULD use the SSH_FXF_ACCESS_APPEND_DATA flag to append * data to a text file rather then using write with a calculated offset. */ public static final int SSH_FXF_ACCESS_TEXT_MODE = 0x00000020; /** * The server MUST guarantee that no other handle has been opened * with ACE4_READ_DATA access, and that no other handle will be * opened with ACE4_READ_DATA access until the client closes the * handle. (This MUST apply both to other clients and to other * processes on the server.) *

* If there is a conflicting lock the server MUST return * SSH_FX_LOCK_CONFLICT. If the server cannot make the locking * guarantee, it MUST return SSH_FX_OP_UNSUPPORTED. *

* Other handles MAY be opened for ACE4_WRITE_DATA or any other * combination of accesses, as long as ACE4_READ_DATA is not included * in the mask. */ public static final int SSH_FXF_ACCESS_BLOCK_READ = 0x00000040; /** * The server MUST guarantee that no other handle has been opened * with ACE4_WRITE_DATA or ACE4_APPEND_DATA access, and that no other * handle will be opened with ACE4_WRITE_DATA or ACE4_APPEND_DATA * access until the client closes the handle. (This MUST apply both * to other clients and to other processes on the server.) *

* If there is a conflicting lock the server MUST return * SSH_FX_LOCK_CONFLICT. If the server cannot make the locking * guarantee, it MUST return SSH_FX_OP_UNSUPPORTED. *

* Other handles MAY be opened for ACE4_READ_DATA or any other * combination of accesses, as long as neither ACE4_WRITE_DATA nor * ACE4_APPEND_DATA are included in the mask. */ public static final int SSH_FXF_ACCESS_BLOCK_WRITE = 0x00000080; /** * The server MUST guarantee that no other handle has been opened * with ACE4_DELETE access, opened with the * SSH_FXF_ACCESS_DELETE_ON_CLOSE flag set, and that no other handle * will be opened with ACE4_DELETE access or with the * SSH_FXF_ACCESS_DELETE_ON_CLOSE flag set, and that the file itself * is not deleted in any other way until the client closes the handle. *

* If there is a conflicting lock the server MUST return * SSH_FX_LOCK_CONFLICT. If the server cannot make the locking * guarantee, it MUST return SSH_FX_OP_UNSUPPORTED. */ public static final int SSH_FXF_ACCESS_BLOCK_DELETE = 0x00000100; /** * If this bit is set, the above BLOCK modes are advisory. In advisory * mode, only other accesses that specify a BLOCK mode need be * considered when determining whether the BLOCK can be granted, * and the server need not prevent I/O operations that violate the * block mode. *

* The server MAY perform mandatory locking even if the BLOCK_ADVISORY * bit is set. */ public static final int SSH_FXF_ACCESS_BLOCK_ADVISORY = 0x00000200; /** * If the final component of the path is a symlink, then the open * MUST fail, and the error SSH_FX_LINK_LOOP MUST be returned. */ public static final int SSH_FXF_ACCESS_NOFOLLOW = 0x00000400; /** * The file should be deleted when the last handle to it is closed. * (The last handle may not be an sftp-handle.) This MAY be emulated * by a server if the OS doesn't support it by deleting the file when * this handle is closed. *

* It is implementation specific whether the directory entry is * removed immediately or when the handle is closed. */ public static final int SSH_FXF_ACCESS_DELETE_ON_CLOSE = 0x00000800; } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/sftp/Packet.java000066400000000000000000000057421370551253600265760ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.sftp; /** * * SFTP Paket Types * * @author Christian Plattner * @version 2.50, 03/15/10 * */ public class Packet { public static final int SSH_FXP_INIT = 1; public static final int SSH_FXP_VERSION = 2; public static final int SSH_FXP_OPEN = 3; public static final int SSH_FXP_CLOSE = 4; public static final int SSH_FXP_READ = 5; public static final int SSH_FXP_WRITE = 6; public static final int SSH_FXP_LSTAT = 7; public static final int SSH_FXP_FSTAT = 8; public static final int SSH_FXP_SETSTAT = 9; public static final int SSH_FXP_FSETSTAT = 10; public static final int SSH_FXP_OPENDIR = 11; public static final int SSH_FXP_READDIR = 12; public static final int SSH_FXP_REMOVE = 13; public static final int SSH_FXP_MKDIR = 14; public static final int SSH_FXP_RMDIR = 15; public static final int SSH_FXP_REALPATH = 16; public static final int SSH_FXP_STAT = 17; public static final int SSH_FXP_RENAME = 18; public static final int SSH_FXP_READLINK = 19; public static final int SSH_FXP_SYMLINK = 20; public static final int SSH_FXP_STATUS = 101; public static final int SSH_FXP_HANDLE = 102; public static final int SSH_FXP_DATA = 103; public static final int SSH_FXP_NAME = 104; public static final int SSH_FXP_ATTRS = 105; public static final int SSH_FXP_EXTENDED = 200; public static final int SSH_FXP_EXTENDED_REPLY = 201; public static String forName(int type) { switch(type) { case SSH_FXP_INIT: return "SSH_FXP_INIT"; case SSH_FXP_VERSION: return "SSH_FXP_VERSION"; case SSH_FXP_OPEN: return "SSH_FXP_OPEN"; case SSH_FXP_CLOSE: return "SSH_FXP_CLOSE"; case SSH_FXP_READ: return "SSH_FXP_READ"; case SSH_FXP_WRITE: return "SSH_FXP_WRITE"; case SSH_FXP_LSTAT: return "SSH_FXP_LSTAT"; case SSH_FXP_FSTAT: return "SSH_FXP_FSTAT"; case SSH_FXP_SETSTAT: return "SSH_FXP_SETSTAT"; case SSH_FXP_FSETSTAT: return "SSH_FXP_FSETSTAT"; case SSH_FXP_OPENDIR: return "SSH_FXP_OPENDIR"; case SSH_FXP_READDIR: return "SSH_FXP_READDIR"; case SSH_FXP_REMOVE: return "SSH_FXP_REMOVE"; case SSH_FXP_MKDIR: return "SSH_FXP_MKDIR"; case SSH_FXP_RMDIR: return "SSH_FXP_RMDIR"; case SSH_FXP_REALPATH: return "SSH_FXP_REALPATH"; case SSH_FXP_STAT: return "SSH_FXP_STAT"; case SSH_FXP_RENAME: return "SSH_FXP_RENAME"; case SSH_FXP_READLINK: return "SSH_FXP_READLINK"; case SSH_FXP_SYMLINK: return "SSH_FXP_SYMLINK"; case SSH_FXP_STATUS: return "SSH_FXP_STATUS"; case SSH_FXP_HANDLE: return "SSH_FXP_HANDLE"; case SSH_FXP_DATA: return "SSH_FXP_DATA"; case SSH_FXP_NAME: return "SSH_FXP_NAME"; case SSH_FXP_ATTRS: return "SSH_FXP_ATTRS"; case SSH_FXP_EXTENDED: return "SSH_FXP_EXTENDED"; case SSH_FXP_EXTENDED_REPLY: return "SSH_FXP_EXTENDED_REPLY"; } return null; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/signature/000077500000000000000000000000001370551253600255415ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/signature/DSAPrivateKey.java000066400000000000000000000016161370551253600310230ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.signature; import java.math.BigInteger; /** * DSAPrivateKey. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class DSAPrivateKey { private BigInteger p; private BigInteger q; private BigInteger g; private BigInteger x; private BigInteger y; public DSAPrivateKey(BigInteger p, BigInteger q, BigInteger g, BigInteger y, BigInteger x) { this.p = p; this.q = q; this.g = g; this.y = y; this.x = x; } public BigInteger getP() { return p; } public BigInteger getQ() { return q; } public BigInteger getG() { return g; } public BigInteger getY() { return y; } public BigInteger getX() { return x; } public DSAPublicKey getPublicKey() { return new DSAPublicKey(p, q, g, y); } }SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/signature/DSAPublicKey.java000066400000000000000000000013231370551253600306220ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.signature; import java.math.BigInteger; /** * DSAPublicKey. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class DSAPublicKey { private BigInteger p; private BigInteger q; private BigInteger g; private BigInteger y; public DSAPublicKey(BigInteger p, BigInteger q, BigInteger g, BigInteger y) { this.p = p; this.q = q; this.g = g; this.y = y; } public BigInteger getP() { return p; } public BigInteger getQ() { return q; } public BigInteger getG() { return g; } public BigInteger getY() { return y; } }SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/signature/DSASHA1Verify.java000066400000000000000000000122171370551253600306200ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.signature; import java.io.IOException; import java.math.BigInteger; import java.security.SecureRandom; import ch.ethz.ssh2.crypto.digest.SHA1; import ch.ethz.ssh2.log.Logger; import ch.ethz.ssh2.packets.TypesReader; import ch.ethz.ssh2.packets.TypesWriter; /** * DSASHA1Verify. * * @author Christian Plattner * @version $Id$ */ public class DSASHA1Verify { private static final Logger log = Logger.getLogger(DSASHA1Verify.class); public static DSAPublicKey decodeSSHDSAPublicKey(byte[] key) throws IOException { TypesReader tr = new TypesReader(key); String key_format = tr.readString(); if (key_format.equals("ssh-dss") == false) throw new IllegalArgumentException("This is not a ssh-dss public key!"); BigInteger p = tr.readMPINT(); BigInteger q = tr.readMPINT(); BigInteger g = tr.readMPINT(); BigInteger y = tr.readMPINT(); if (tr.remain() != 0) throw new IOException("Padding in DSA public key!"); return new DSAPublicKey(p, q, g, y); } public static byte[] encodeSSHDSAPublicKey(DSAPublicKey pk) throws IOException { TypesWriter tw = new TypesWriter(); tw.writeString("ssh-dss"); tw.writeMPInt(pk.getP()); tw.writeMPInt(pk.getQ()); tw.writeMPInt(pk.getG()); tw.writeMPInt(pk.getY()); return tw.getBytes(); } public static byte[] encodeSSHDSASignature(DSASignature ds) { TypesWriter tw = new TypesWriter(); tw.writeString("ssh-dss"); byte[] r = ds.getR().toByteArray(); byte[] s = ds.getS().toByteArray(); byte[] a40 = new byte[40]; /* Patch (unsigned) r and s into the target array. */ int r_copylen = (r.length < 20) ? r.length : 20; int s_copylen = (s.length < 20) ? s.length : 20; System.arraycopy(r, r.length - r_copylen, a40, 20 - r_copylen, r_copylen); System.arraycopy(s, s.length - s_copylen, a40, 40 - s_copylen, s_copylen); tw.writeString(a40, 0, 40); return tw.getBytes(); } public static DSASignature decodeSSHDSASignature(byte[] sig) throws IOException { byte[] rsArray; if (sig.length == 40) { rsArray = sig; } else { TypesReader tr = new TypesReader(sig); String sig_format = tr.readString(); if (sig_format.equals("ssh-dss") == false) throw new IOException("Peer sent wrong signature format"); rsArray = tr.readByteString(); if (rsArray.length != 40) throw new IOException("Peer sent corrupt signature"); if (tr.remain() != 0) throw new IOException("Padding in DSA signature!"); } /* Remember, s and r are unsigned ints. */ byte[] tmp = new byte[20]; System.arraycopy(rsArray, 0, tmp, 0, 20); BigInteger r = new BigInteger(1, tmp); System.arraycopy(rsArray, 20, tmp, 0, 20); BigInteger s = new BigInteger(1, tmp); if (log.isDebugEnabled()) { log.debug("decoded ssh-dss signature: first bytes r(" + ((rsArray[0]) & 0xff) + "), s(" + ((rsArray[20]) & 0xff) + ")"); } return new DSASignature(r, s); } public static boolean verifySignature(byte[] message, DSASignature ds, DSAPublicKey dpk) throws IOException { /* Inspired by Bouncycastle's DSASigner class */ SHA1 md = new SHA1(); md.update(message); byte[] sha_message = new byte[md.getDigestLength()]; md.digest(sha_message); BigInteger m = new BigInteger(1, sha_message); BigInteger r = ds.getR(); BigInteger s = ds.getS(); BigInteger g = dpk.getG(); BigInteger p = dpk.getP(); BigInteger q = dpk.getQ(); BigInteger y = dpk.getY(); BigInteger zero = BigInteger.ZERO; if (log.isDebugEnabled()) { log.debug("ssh-dss signature: m: " + m.toString(16)); log.debug("ssh-dss signature: r: " + r.toString(16)); log.debug("ssh-dss signature: s: " + s.toString(16)); log.debug("ssh-dss signature: g: " + g.toString(16)); log.debug("ssh-dss signature: p: " + p.toString(16)); log.debug("ssh-dss signature: q: " + q.toString(16)); log.debug("ssh-dss signature: y: " + y.toString(16)); } if (zero.compareTo(r) >= 0 || q.compareTo(r) <= 0) { log.warning("ssh-dss signature: zero.compareTo(r) >= 0 || q.compareTo(r) <= 0"); return false; } if (zero.compareTo(s) >= 0 || q.compareTo(s) <= 0) { log.warning("ssh-dss signature: zero.compareTo(s) >= 0 || q.compareTo(s) <= 0"); return false; } BigInteger w = s.modInverse(q); BigInteger u1 = m.multiply(w).mod(q); BigInteger u2 = r.multiply(w).mod(q); u1 = g.modPow(u1, p); u2 = y.modPow(u2, p); BigInteger v = u1.multiply(u2).mod(p).mod(q); return v.equals(r); } public static DSASignature generateSignature(byte[] message, DSAPrivateKey pk, SecureRandom rnd) { SHA1 md = new SHA1(); md.update(message); byte[] sha_message = new byte[md.getDigestLength()]; md.digest(sha_message); BigInteger m = new BigInteger(1, sha_message); BigInteger k; int qBitLength = pk.getQ().bitLength(); do { k = new BigInteger(qBitLength, rnd); } while (k.compareTo(pk.getQ()) >= 0); BigInteger r = pk.getG().modPow(k, pk.getP()).mod(pk.getQ()); k = k.modInverse(pk.getQ()).multiply(m.add((pk).getX().multiply(r))); BigInteger s = k.mod(pk.getQ()); return new DSASignature(r, s); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/signature/DSASignature.java000066400000000000000000000010241370551253600306720ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.signature; import java.math.BigInteger; /** * DSASignature. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class DSASignature { private BigInteger r; private BigInteger s; public DSASignature(BigInteger r, BigInteger s) { this.r = r; this.s = s; } public BigInteger getR() { return r; } public BigInteger getS() { return s; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/signature/RSAPrivateKey.java000066400000000000000000000030411370551253600310330ustar00rootroot00000000000000/* * Copyright (c) 2006-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.signature; import java.math.BigInteger; import java.security.SecureRandom; /** * RSAPrivateKey. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class RSAPrivateKey { private BigInteger d; private BigInteger e; private BigInteger n; public RSAPrivateKey(BigInteger d, BigInteger e, BigInteger n) { this.d = d; this.e = e; this.n = n; } public BigInteger getD() { return d; } public BigInteger getE() { return e; } public BigInteger getN() { return n; } public RSAPublicKey getPublicKey() { return new RSAPublicKey(e, n); } /** * Generate an RSA hostkey for testing purposes only. * * @param numbits Key length in bits * @return */ public static RSAPrivateKey generateKey(int numbits) { return generateKey(new SecureRandom(), numbits); } /** * Generate an RSA hostkey for testing purposes only. * * @param rnd Source for random bits * @param numbits Key length in bits * @return */ public static RSAPrivateKey generateKey(SecureRandom rnd, int numbits) { BigInteger p = BigInteger.probablePrime(numbits / 2, rnd); BigInteger q = BigInteger.probablePrime(numbits / 2, rnd); BigInteger phi = (p.subtract(BigInteger.ONE)).multiply(q.subtract(BigInteger.ONE)); BigInteger n = p.multiply(q); BigInteger e = new BigInteger("65537"); BigInteger d = e.modInverse(phi); return new RSAPrivateKey(d, e, n); } }SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/signature/RSAPublicKey.java000066400000000000000000000010031370551253600306330ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.signature; import java.math.BigInteger; /** * RSAPublicKey. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class RSAPublicKey { BigInteger e; BigInteger n; public RSAPublicKey(BigInteger e, BigInteger n) { this.e = e; this.n = n; } public BigInteger getE() { return e; } public BigInteger getN() { return n; } }SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/signature/RSASHA1Verify.java000066400000000000000000000153711370551253600306420ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.signature; import java.io.IOException; import java.math.BigInteger; import ch.ethz.ssh2.crypto.SimpleDERReader; import ch.ethz.ssh2.crypto.digest.SHA1; import ch.ethz.ssh2.log.Logger; import ch.ethz.ssh2.packets.TypesReader; import ch.ethz.ssh2.packets.TypesWriter; /** * RSASHA1Verify. * * @author Christian Plattner * @version $Id$ */ public class RSASHA1Verify { private static final Logger log = Logger.getLogger(RSASHA1Verify.class); public static RSAPublicKey decodeSSHRSAPublicKey(byte[] key) throws IOException { TypesReader tr = new TypesReader(key); String key_format = tr.readString(); if (key_format.equals("ssh-rsa") == false) throw new IllegalArgumentException("This is not a ssh-rsa public key"); BigInteger e = tr.readMPINT(); BigInteger n = tr.readMPINT(); if (tr.remain() != 0) throw new IOException("Padding in RSA public key!"); return new RSAPublicKey(e, n); } public static byte[] encodeSSHRSAPublicKey(RSAPublicKey pk) throws IOException { TypesWriter tw = new TypesWriter(); tw.writeString("ssh-rsa"); tw.writeMPInt(pk.getE()); tw.writeMPInt(pk.getN()); return tw.getBytes(); } public static RSASignature decodeSSHRSASignature(byte[] sig) throws IOException { TypesReader tr = new TypesReader(sig); String sig_format = tr.readString(); if (sig_format.equals("ssh-rsa") == false) throw new IOException("Peer sent wrong signature format"); /* S is NOT an MPINT. "The value for 'rsa_signature_blob' is encoded as a string * containing s (which is an integer, without lengths or padding, unsigned and in * network byte order)." See also below. */ byte[] s = tr.readByteString(); if (s.length == 0) throw new IOException("Error in RSA signature, S is empty."); if (log.isDebugEnabled()) { log.debug("Decoding ssh-rsa signature string (length: " + s.length + ")"); } if (tr.remain() != 0) throw new IOException("Padding in RSA signature!"); return new RSASignature(new BigInteger(1, s)); } public static byte[] encodeSSHRSASignature(RSASignature sig) throws IOException { TypesWriter tw = new TypesWriter(); tw.writeString("ssh-rsa"); /* S is NOT an MPINT. "The value for 'rsa_signature_blob' is encoded as a string * containing s (which is an integer, without lengths or padding, unsigned and in * network byte order)." */ byte[] s = sig.getS().toByteArray(); /* Remove first zero sign byte, if present */ if ((s.length > 1) && (s[0] == 0x00)) tw.writeString(s, 1, s.length - 1); else tw.writeString(s, 0, s.length); return tw.getBytes(); } public static RSASignature generateSignature(byte[] message, RSAPrivateKey pk) throws IOException { SHA1 md = new SHA1(); md.update(message); byte[] sha_message = new byte[md.getDigestLength()]; md.digest(sha_message); byte[] der_header = new byte[] { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 }; int rsa_block_len = (pk.getN().bitLength() + 7) / 8; int num_pad = rsa_block_len - (2 + der_header.length + sha_message.length) - 1; if (num_pad < 8) throw new IOException("Cannot sign with RSA, message too long"); byte[] sig = new byte[der_header.length + sha_message.length + 2 + num_pad]; sig[0] = 0x01; for (int i = 0; i < num_pad; i++) { sig[i + 1] = (byte) 0xff; } sig[num_pad + 1] = 0x00; System.arraycopy(der_header, 0, sig, 2 + num_pad, der_header.length); System.arraycopy(sha_message, 0, sig, 2 + num_pad + der_header.length, sha_message.length); BigInteger m = new BigInteger(1, sig); BigInteger s = m.modPow(pk.getD(), pk.getN()); return new RSASignature(s); } public static boolean verifySignature(byte[] message, RSASignature ds, RSAPublicKey dpk) throws IOException { SHA1 md = new SHA1(); md.update(message); byte[] sha_message = new byte[md.getDigestLength()]; md.digest(sha_message); BigInteger n = dpk.getN(); BigInteger e = dpk.getE(); BigInteger s = ds.getS(); if (n.compareTo(s) <= 0) { log.warning("ssh-rsa signature: n.compareTo(s) <= 0"); return false; } int rsa_block_len = (n.bitLength() + 7) / 8; /* And now the show begins */ if (rsa_block_len < 1) { log.warning("ssh-rsa signature: rsa_block_len < 1"); return false; } byte[] v = s.modPow(e, n).toByteArray(); int startpos = 0; if ((v.length > 0) && (v[0] == 0x00)) startpos++; if ((v.length - startpos) != (rsa_block_len - 1)) { log.warning("ssh-rsa signature: (v.length - startpos) != (rsa_block_len - 1)"); return false; } if (v[startpos] != 0x01) { log.warning("ssh-rsa signature: v[startpos] != 0x01"); return false; } int pos = startpos + 1; while (true) { if (pos >= v.length) { log.warning("ssh-rsa signature: pos >= v.length"); return false; } if (v[pos] == 0x00) break; if (v[pos] != (byte) 0xff) { log.warning("ssh-rsa signature: v[pos] != (byte) 0xff"); return false; } pos++; } int num_pad = pos - (startpos + 1); if (num_pad < 8) { log.warning("ssh-rsa signature: num_pad < 8"); return false; } pos++; if (pos >= v.length) { log.warning("ssh-rsa signature: pos >= v.length"); return false; } SimpleDERReader dr = new SimpleDERReader(v, pos, v.length - pos); byte[] seq = dr.readSequenceAsByteArray(); if (dr.available() != 0) { log.warning("ssh-rsa signature: dr.available() != 0"); return false; } dr.resetInput(seq); /* Read digestAlgorithm */ byte digestAlgorithm[] = dr.readSequenceAsByteArray(); /* Inspired by RFC 3347, however, ignoring the comment regarding old BER based implementations */ if ((digestAlgorithm.length < 8) || (digestAlgorithm.length > 9)) { log.warning("ssh-rsa signature: (digestAlgorithm.length < 8) || (digestAlgorithm.length > 9)"); return false; } byte[] digestAlgorithm_sha1 = new byte[] { 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00 }; for (int i = 0; i < digestAlgorithm.length; i++) { if (digestAlgorithm[i] != digestAlgorithm_sha1[i]) { log.warning("ssh-rsa signature: digestAlgorithm[i] != digestAlgorithm_sha1[i]"); return false; } } byte[] digest = dr.readOctetString(); if (dr.available() != 0) { log.warning("ssh-rsa signature: dr.available() != 0 (II)"); return false; } if (digest.length != sha_message.length) { log.warning("ssh-rsa signature: digest.length != sha_message.length"); return false; } for (int i = 0; i < sha_message.length; i++) { if (sha_message[i] != digest[i]) { log.warning("ssh-rsa signature: sha_message[i] != digest[i]"); return false; } } return true; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/signature/RSASignature.java000066400000000000000000000006551370551253600307210ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.signature; import java.math.BigInteger; /** * RSASignature. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class RSASignature { BigInteger s; public BigInteger getS() { return s; } public RSASignature(BigInteger s) { this.s = s; } }SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/transport/000077500000000000000000000000001370551253600255745ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/transport/ClientKexManager.java000066400000000000000000000241431370551253600316240ustar00rootroot00000000000000/* * Copyright (c) 2006-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.transport; import java.io.IOException; import java.security.SecureRandom; import ch.ethz.ssh2.ConnectionInfo; import ch.ethz.ssh2.ServerHostKeyVerifier; import ch.ethz.ssh2.crypto.CryptoWishList; import ch.ethz.ssh2.crypto.cipher.BlockCipher; import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory; import ch.ethz.ssh2.crypto.dh.DhExchange; import ch.ethz.ssh2.crypto.dh.DhGroupExchange; import ch.ethz.ssh2.crypto.digest.MAC; import ch.ethz.ssh2.packets.PacketKexDHInit; import ch.ethz.ssh2.packets.PacketKexDHReply; import ch.ethz.ssh2.packets.PacketKexDhGexGroup; import ch.ethz.ssh2.packets.PacketKexDhGexInit; import ch.ethz.ssh2.packets.PacketKexDhGexReply; import ch.ethz.ssh2.packets.PacketKexDhGexRequest; import ch.ethz.ssh2.packets.PacketKexDhGexRequestOld; import ch.ethz.ssh2.packets.PacketKexInit; import ch.ethz.ssh2.packets.Packets; import ch.ethz.ssh2.signature.DSAPublicKey; import ch.ethz.ssh2.signature.DSASHA1Verify; import ch.ethz.ssh2.signature.DSASignature; import ch.ethz.ssh2.signature.RSAPublicKey; import ch.ethz.ssh2.signature.RSASHA1Verify; import ch.ethz.ssh2.signature.RSASignature; public class ClientKexManager extends KexManager { ServerHostKeyVerifier verifier; final String hostname; final int port; public ClientKexManager(TransportManager tm, ClientServerHello csh, CryptoWishList initialCwl, String hostname, int port, ServerHostKeyVerifier keyVerifier, SecureRandom rnd) { super(tm, csh, initialCwl, rnd); this.hostname = hostname; this.port = port; this.verifier = keyVerifier; } protected boolean verifySignature(byte[] sig, byte[] hostkey) throws IOException { if (kxs.np.server_host_key_algo.equals("ssh-rsa")) { RSASignature rs = RSASHA1Verify.decodeSSHRSASignature(sig); RSAPublicKey rpk = RSASHA1Verify.decodeSSHRSAPublicKey(hostkey); log.debug("Verifying ssh-rsa signature"); return RSASHA1Verify.verifySignature(kxs.H, rs, rpk); } if (kxs.np.server_host_key_algo.equals("ssh-dss")) { DSASignature ds = DSASHA1Verify.decodeSSHDSASignature(sig); DSAPublicKey dpk = DSASHA1Verify.decodeSSHDSAPublicKey(hostkey); log.debug("Verifying ssh-dss signature"); return DSASHA1Verify.verifySignature(kxs.H, ds, dpk); } throw new IOException("Unknown server host key algorithm '" + kxs.np.server_host_key_algo + "'"); } public synchronized void handleMessage(byte[] msg, int msglen) throws IOException { PacketKexInit kip; if (msg == null) { synchronized (accessLock) { connectionClosed = true; accessLock.notifyAll(); return; } } if ((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) throw new IOException("Unexpected KEX message (type " + msg[0] + ")"); if (ignore_next_kex_packet) { ignore_next_kex_packet = false; return; } if (msg[0] == Packets.SSH_MSG_KEXINIT) { if ((kxs != null) && (kxs.state != 0)) throw new IOException("Unexpected SSH_MSG_KEXINIT message during on-going kex exchange!"); if (kxs == null) { /* * Ah, OK, peer wants to do KEX. Let's be nice and play * together. */ kxs = new KexState(); kxs.dhgexParameters = nextKEXdhgexParameters; kip = new PacketKexInit(nextKEXcryptoWishList, rnd); kxs.localKEX = kip; tm.sendKexMessage(kip.getPayload()); } kip = new PacketKexInit(msg, 0, msglen); kxs.remoteKEX = kip; kxs.np = mergeKexParameters(kxs.localKEX.getKexParameters(), kxs.remoteKEX.getKexParameters()); if (kxs.np == null) throw new IOException("Cannot negotiate, proposals do not match."); if (kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { /* * Guess was wrong, we need to ignore the next kex packet. */ ignore_next_kex_packet = true; } if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")) { if (kxs.dhgexParameters.getMin_group_len() == 0) { PacketKexDhGexRequestOld dhgexreq = new PacketKexDhGexRequestOld(kxs.dhgexParameters); tm.sendKexMessage(dhgexreq.getPayload()); } else { PacketKexDhGexRequest dhgexreq = new PacketKexDhGexRequest(kxs.dhgexParameters); tm.sendKexMessage(dhgexreq.getPayload()); } kxs.state = 1; return; } if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")) { sendKexDhInit("SHA1", 1); return; } if (kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) { sendKexDhInit("SHA1", 14); return; } if (kxs.np.kex_algo.equals("diffie-hellman-group14-sha256")) { sendKexDhInit("SHA2-256", 14); return; } if (kxs.np.kex_algo.equals("diffie-hellman-group16-sha512")) { sendKexDhInit("SHA2-512", 16); return; } if (kxs.np.kex_algo.equals("diffie-hellman-group18-sha512")) { sendKexDhInit("SHA2-512", 18); return; } throw new IllegalStateException("Unkown KEX method!"); } if (msg[0] == Packets.SSH_MSG_NEWKEYS) { if (km == null) throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!"); BlockCipher cbc; MAC mac; try { cbc = BlockCipherFactory.createCipher(kxs.np.enc_algo_server_to_client, false, km.enc_key_server_to_client, km.initial_iv_server_to_client); mac = new MAC(kxs.np.mac_algo_server_to_client, km.integrity_key_server_to_client); } catch (IllegalArgumentException e1) { throw new IOException("Fatal error during MAC startup!"); } tm.changeRecvCipher(cbc, mac); ConnectionInfo sci = new ConnectionInfo(); kexCount++; sci.keyExchangeAlgorithm = kxs.np.kex_algo; sci.keyExchangeCounter = kexCount; sci.clientToServerCryptoAlgorithm = kxs.np.enc_algo_client_to_server; sci.serverToClientCryptoAlgorithm = kxs.np.enc_algo_server_to_client; sci.clientToServerMACAlgorithm = kxs.np.mac_algo_client_to_server; sci.serverToClientMACAlgorithm = kxs.np.mac_algo_server_to_client; sci.serverHostKeyAlgorithm = kxs.np.server_host_key_algo; sci.serverHostKey = kxs.remote_hostkey; synchronized (accessLock) { lastConnInfo = sci; accessLock.notifyAll(); } kxs = null; return; } if ((kxs == null) || (kxs.state == 0)) throw new IOException("Unexpected Kex submessage!"); if (kxs.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")) { if (kxs.state == 1) { PacketKexDhGexGroup dhgexgrp = new PacketKexDhGexGroup(msg, 0, msglen); kxs.dhgx = new DhGroupExchange(dhgexgrp.getP(), dhgexgrp.getG()); kxs.dhgx.init(rnd); PacketKexDhGexInit dhgexinit = new PacketKexDhGexInit(kxs.dhgx.getE()); tm.sendKexMessage(dhgexinit.getPayload()); kxs.state = 2; return; } if (kxs.state == 2) { PacketKexDhGexReply dhgexrpl = new PacketKexDhGexReply(msg, 0, msglen); kxs.remote_hostkey = dhgexrpl.getHostKey(); if (verifier != null) { boolean vres = false; try { vres = verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.remote_hostkey); } catch (Exception e) { throw new IOException( "The server hostkey was not accepted by the verifier callback.", e); } if (vres == false) throw new IOException("The server hostkey was not accepted by the verifier callback"); } kxs.dhgx.setF(dhgexrpl.getF()); try { kxs.H = kxs.dhgx.calculateH(csh.getClientString(), csh.getServerString(), kxs.localKEX.getPayload(), kxs.remoteKEX.getPayload(), dhgexrpl.getHostKey(), kxs.dhgexParameters); } catch (IllegalArgumentException e) { throw new IOException("KEX error.", e); } boolean res = verifySignature(dhgexrpl.getSignature(), kxs.remote_hostkey); if (res == false) throw new IOException("Hostkey signature sent by remote is wrong!"); kxs.K = kxs.dhgx.getK(); finishKex(true); kxs.state = -1; return; } throw new IllegalStateException("Illegal State in KEX Exchange!"); } if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || kxs.np.kex_algo.equals("diffie-hellman-group14-sha256") || kxs.np.kex_algo.equals("diffie-hellman-group16-sha512") || kxs.np.kex_algo.equals("diffie-hellman-group18-sha512")) { if (kxs.state == 1) { PacketKexDHReply dhr = new PacketKexDHReply(msg, 0, msglen); kxs.remote_hostkey = dhr.getHostKey(); if (verifier != null) { boolean vres = false; try { vres = verifier.verifyServerHostKey(hostname, port, kxs.np.server_host_key_algo, kxs.remote_hostkey); } catch (Exception e) { throw new IOException( "The server hostkey was not accepted by the verifier callback.", e); } if (vres == false) throw new IOException("The server hostkey was not accepted by the verifier callback"); } kxs.dhx.setF(dhr.getF()); try { kxs.H = kxs.dhx.calculateH(csh.getClientString(), csh.getServerString(), kxs.localKEX.getPayload(), kxs.remoteKEX.getPayload(), dhr.getHostKey()); } catch (IllegalArgumentException e) { throw new IOException("KEX error.", e); } boolean res = verifySignature(dhr.getSignature(), kxs.remote_hostkey); if (res == false) throw new IOException("Hostkey signature sent by remote is wrong!"); kxs.K = kxs.dhx.getK(); finishKex(true); kxs.state = -1; return; } } throw new IllegalStateException("Unkown KEX method! (" + kxs.np.kex_algo + ")"); } private void sendKexDhInit(String hash, int group) throws IOException { kxs.dhx = new DhExchange(hash); kxs.dhx.clientInit(group, rnd); PacketKexDHInit kp = new PacketKexDHInit(kxs.dhx.getE()); tm.sendKexMessage(kp.getPayload()); kxs.state = 1; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/transport/ClientServerHello.java000066400000000000000000000056701370551253600320400ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.transport; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import ch.ethz.ssh2.util.StringEncoder; /** * ClientServerHello. * * @author Christian Plattner * @version $Id$ */ public class ClientServerHello { String client_line; String server_line; private ClientServerHello(String client_line, String server_line) { this.client_line = client_line; this.server_line = server_line; } public final static int readLineRN(InputStream is, byte[] buffer) throws IOException { int pos = 0; boolean need10 = false; int len = 0; while (true) { int c = is.read(); if (c == -1) throw new IOException("Premature connection close"); buffer[pos++] = (byte) c; if (c == 13) { need10 = true; continue; } if (c == 10) break; if (need10 == true) throw new IOException("Malformed line received, the line does not end correctly."); len++; if (pos >= buffer.length) throw new IOException("The server sent a too long line: " + StringEncoder.GetString(buffer)); } return len; } public static ClientServerHello clientHello(String softwareversion, InputStream bi, OutputStream bo) throws IOException { return exchange(softwareversion, bi, bo, true); } public static ClientServerHello serverHello(String softwareversion, InputStream bi, OutputStream bo) throws IOException { return exchange(softwareversion, bi, bo, false); } private static ClientServerHello exchange(String softwareversion, InputStream bi, OutputStream bo, boolean clientMode) throws IOException { String localIdentifier = "SSH-2.0-" + softwareversion; String remoteIdentifier = null; bo.write(StringEncoder.GetBytes(localIdentifier + "\r\n")); bo.flush(); byte[] remoteData = new byte[1024]; for (int i = 0; i < 50; i++) { int len = readLineRN(bi, remoteData); remoteIdentifier = StringEncoder.GetString(remoteData, 0, len); if (remoteIdentifier.startsWith("SSH-")) break; } if (remoteIdentifier.startsWith("SSH-") == false) throw new IOException( "Malformed SSH identification string. There was no line starting with 'SSH-' amongst the first 50 lines."); if (!remoteIdentifier.startsWith("SSH-1.99-") && !remoteIdentifier.startsWith("SSH-2.0-")) throw new IOException("Remote party uses incompatible protocol, it is not SSH-2 compatible."); if (clientMode) return new ClientServerHello(localIdentifier, remoteIdentifier); else return new ClientServerHello(remoteIdentifier, localIdentifier); } /** * @return Returns the client_versioncomment. */ public byte[] getClientString() { return StringEncoder.GetBytes(client_line); } /** * @return Returns the server_versioncomment. */ public byte[] getServerString() { return StringEncoder.GetBytes(server_line); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/transport/ClientTransportManager.java000066400000000000000000000074361370551253600330770ustar00rootroot00000000000000package ch.ethz.ssh2.transport; import java.io.IOException; import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.Socket; import java.net.UnknownHostException; import java.security.SecureRandom; import ch.ethz.ssh2.DHGexParameters; import ch.ethz.ssh2.ServerHostKeyVerifier; import ch.ethz.ssh2.crypto.CryptoWishList; import ch.ethz.ssh2.util.Tokenizer; /** * @version $Id:$ */ public class ClientTransportManager extends TransportManager { protected final Socket sock = new Socket(); public void setTcpNoDelay(boolean state) throws IOException { sock.setTcpNoDelay(state); } public void setSoTimeout(int timeout) throws IOException { sock.setSoTimeout(timeout); } public void connect(String hostname, int port, String softwareversion, CryptoWishList cwl, ServerHostKeyVerifier verifier, DHGexParameters dhgex, int connectTimeout, SecureRandom rnd) throws IOException { // Establish the TCP connection to the SSH-2 server this.connect(hostname, port, connectTimeout); // Parse the server line and say hello - important: this information is later needed for the // key exchange (to stop man-in-the-middle attacks) - that is why we wrap it into an object // for later use. ClientServerHello csh = ClientServerHello.clientHello(softwareversion, sock.getInputStream(), sock.getOutputStream()); TransportConnection tc = new TransportConnection(sock.getInputStream(), sock.getOutputStream(), rnd); KexManager km = new ClientKexManager(this, csh, cwl, hostname, port, verifier, rnd); super.init(tc, km); km.initiateKEX(cwl, dhgex, null, null); this.startReceiver(); } @Override public void close(final Throwable cause, final boolean useDisconnectPacket) { this.close(sock, cause, useDisconnectPacket); } protected void connect(String hostname, int port, int connectTimeout) throws IOException { InetAddress addr = createInetAddress(hostname); sock.connect(new InetSocketAddress(addr, port), connectTimeout); } /** * There were reports that there are JDKs which use * the resolver even though one supplies a dotted IP * address in the Socket constructor. That is why we * try to generate the InetAdress "by hand". * * @param host * @return the InetAddress * @throws java.net.UnknownHostException */ protected static InetAddress createInetAddress(String host) throws UnknownHostException { /* Check if it is a dotted IP4 address */ InetAddress addr = parseIPv4Address(host); if(addr != null) { return addr; } return InetAddress.getByName(host); } private static InetAddress parseIPv4Address(String host) throws UnknownHostException { if(host == null) { return null; } String[] quad = Tokenizer.parseTokens(host, '.'); if((quad == null) || (quad.length != 4)) { return null; } byte[] addr = new byte[4]; for(int i = 0; i < 4; i++) { int part = 0; if((quad[i].length() == 0) || (quad[i].length() > 3)) { return null; } for(int k = 0; k < quad[i].length(); k++) { char c = quad[i].charAt(k); /* No, Character.isDigit is not the same */ if((c < '0') || (c > '9')) { return null; } part = part * 10 + (c - '0'); } if(part > 255) /* 300.1.2.3 is invalid =) */ { return null; } addr[i] = (byte) part; } return InetAddress.getByAddress(host, addr); } }HTTPProxyClientTransportManager.java000066400000000000000000000066401370551253600345560ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/transportpackage ch.ethz.ssh2.transport; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.net.InetAddress; import java.net.InetSocketAddress; import ch.ethz.ssh2.HTTPProxyData; import ch.ethz.ssh2.HTTPProxyException; import ch.ethz.ssh2.crypto.Base64; import ch.ethz.ssh2.util.StringEncoder; /** * @version $Id:$ */ public class HTTPProxyClientTransportManager extends ClientTransportManager { /** * Used to tell the library that the connection shall be established through a proxy server. */ private HTTPProxyData pd; public HTTPProxyClientTransportManager(final HTTPProxyData pd) { this.pd = pd; } @Override protected void connect(final String hostname, final int port, final int connectTimeout) throws IOException { /* At the moment, we only support HTTP proxies */ InetAddress addr = createInetAddress(pd.proxyHost); sock.connect(new InetSocketAddress(addr, pd.proxyPort), connectTimeout); /* OK, now tell the proxy where we actually want to connect to */ StringBuilder sb = new StringBuilder(); sb.append("CONNECT "); sb.append(hostname); sb.append(':'); sb.append(port); sb.append(" HTTP/1.0\r\n"); if((pd.proxyUser != null) && (pd.proxyPass != null)) { String credentials = pd.proxyUser + ":" + pd.proxyPass; char[] encoded = Base64.encode(StringEncoder.GetBytes(credentials)); sb.append("Proxy-Authorization: Basic "); sb.append(encoded); sb.append("\r\n"); } if(pd.requestHeaderLines != null) { for(int i = 0; i < pd.requestHeaderLines.length; i++) { if(pd.requestHeaderLines[i] != null) { sb.append(pd.requestHeaderLines[i]); sb.append("\r\n"); } } } sb.append("\r\n"); OutputStream out = sock.getOutputStream(); out.write(StringEncoder.GetBytes(sb.toString())); out.flush(); /* Now parse the HTTP response */ byte[] buffer = new byte[1024]; InputStream in = sock.getInputStream(); int len = ClientServerHello.readLineRN(in, buffer); String httpReponse = StringEncoder.GetString(buffer, 0, len); if(httpReponse.startsWith("HTTP/") == false) { throw new IOException("The proxy did not send back a valid HTTP response."); } /* "HTTP/1.X XYZ X" => 14 characters minimum */ if((httpReponse.length() < 14) || (httpReponse.charAt(8) != ' ') || (httpReponse.charAt(12) != ' ')) { throw new IOException("The proxy did not send back a valid HTTP response."); } int errorCode; try { errorCode = Integer.parseInt(httpReponse.substring(9, 12)); } catch(NumberFormatException ignore) { throw new IOException("The proxy did not send back a valid HTTP response."); } if((errorCode < 0) || (errorCode > 999)) { throw new IOException("The proxy did not send back a valid HTTP response."); } if(errorCode != 200) { throw new HTTPProxyException(httpReponse.substring(13), errorCode); } /* OK, read until empty line */ while(true) { len = ClientServerHello.readLineRN(in, buffer); if(len == 0) { break; } } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/transport/KexManager.java000066400000000000000000000230261370551253600304640ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.transport; import java.io.IOException; import java.io.InterruptedIOException; import java.security.SecureRandom; import java.util.Arrays; import ch.ethz.ssh2.ConnectionInfo; import ch.ethz.ssh2.DHGexParameters; import ch.ethz.ssh2.crypto.CryptoWishList; import ch.ethz.ssh2.crypto.KeyMaterial; import ch.ethz.ssh2.crypto.cipher.BlockCipher; import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory; import ch.ethz.ssh2.crypto.digest.MAC; import ch.ethz.ssh2.log.Logger; import ch.ethz.ssh2.packets.PacketKexInit; import ch.ethz.ssh2.packets.PacketNewKeys; import ch.ethz.ssh2.signature.DSAPrivateKey; import ch.ethz.ssh2.signature.RSAPrivateKey; /** * KexManager. * * @author Christian Plattner * @version $Id$ */ public abstract class KexManager implements MessageHandler { protected static final Logger log = Logger.getLogger(KexManager.class); KexState kxs; int kexCount = 0; KeyMaterial km; byte[] sessionId; ClientServerHello csh; final Object accessLock = new Object(); ConnectionInfo lastConnInfo = null; boolean connectionClosed = false; boolean ignore_next_kex_packet = false; final TransportManager tm; CryptoWishList nextKEXcryptoWishList; DHGexParameters nextKEXdhgexParameters; DSAPrivateKey nextKEXdsakey; RSAPrivateKey nextKEXrsakey; final SecureRandom rnd; public KexManager(TransportManager tm, ClientServerHello csh, CryptoWishList initialCwl, SecureRandom rnd) { this.tm = tm; this.csh = csh; this.nextKEXcryptoWishList = initialCwl; this.nextKEXdhgexParameters = new DHGexParameters(); this.rnd = rnd; } public ConnectionInfo getOrWaitForConnectionInfo(int minKexCount) throws IOException { synchronized (accessLock) { while (true) { if ((lastConnInfo != null) && (lastConnInfo.keyExchangeCounter >= minKexCount)) return lastConnInfo; if (connectionClosed) throw new IOException("Key exchange was not finished, connection is closed.", tm.getReasonClosedCause()); try { accessLock.wait(); } catch (InterruptedException e) { throw new InterruptedIOException(e.getMessage()); } } } } private String getFirstMatch(String[] client, String[] server) throws NegotiateException { if (client == null || server == null) throw new IllegalArgumentException(); if (client.length == 0) return null; for (int i = 0; i < client.length; i++) { for (int j = 0; j < server.length; j++) { if (client[i].equals(server[j])) return client[i]; } } throw new NegotiateException(); } private boolean compareFirstOfNameList(String[] a, String[] b) { if (a == null || b == null) throw new IllegalArgumentException(); if ((a.length == 0) && (b.length == 0)) return true; if ((a.length == 0) || (b.length == 0)) return false; return (a[0].equals(b[0])); } private boolean isGuessOK(KexParameters cpar, KexParameters spar) { if (cpar == null || spar == null) throw new IllegalArgumentException(); if (compareFirstOfNameList(cpar.kex_algorithms, spar.kex_algorithms) == false) { return false; } if (compareFirstOfNameList(cpar.server_host_key_algorithms, spar.server_host_key_algorithms) == false) { return false; } /* * We do NOT check here if the other algorithms can be agreed on, this * is just a check if kex_algorithms and server_host_key_algorithms were * guessed right! */ return true; } protected NegotiatedParameters mergeKexParameters(KexParameters client, KexParameters server) { NegotiatedParameters np = new NegotiatedParameters(); try { np.kex_algo = getFirstMatch(client.kex_algorithms, server.kex_algorithms); log.info("kex_algo=" + np.kex_algo); np.server_host_key_algo = getFirstMatch(client.server_host_key_algorithms, server.server_host_key_algorithms); log.info("server_host_key_algo=" + np.server_host_key_algo); np.enc_algo_client_to_server = getFirstMatch(client.encryption_algorithms_client_to_server, server.encryption_algorithms_client_to_server); np.enc_algo_server_to_client = getFirstMatch(client.encryption_algorithms_server_to_client, server.encryption_algorithms_server_to_client); log.info("enc_algo_client_to_server=" + np.enc_algo_client_to_server); log.info("enc_algo_server_to_client=" + np.enc_algo_server_to_client); np.mac_algo_client_to_server = getFirstMatch(client.mac_algorithms_client_to_server, server.mac_algorithms_client_to_server); np.mac_algo_server_to_client = getFirstMatch(client.mac_algorithms_server_to_client, server.mac_algorithms_server_to_client); log.info("mac_algo_client_to_server=" + np.mac_algo_client_to_server); log.info("mac_algo_server_to_client=" + np.mac_algo_server_to_client); np.comp_algo_client_to_server = getFirstMatch(client.compression_algorithms_client_to_server, server.compression_algorithms_client_to_server); np.comp_algo_server_to_client = getFirstMatch(client.compression_algorithms_server_to_client, server.compression_algorithms_server_to_client); log.info("comp_algo_client_to_server=" + np.comp_algo_client_to_server); log.info("comp_algo_server_to_client=" + np.comp_algo_server_to_client); } catch (NegotiateException e) { return null; } try { np.lang_client_to_server = getFirstMatch(client.languages_client_to_server, server.languages_client_to_server); } catch (NegotiateException e1) { np.lang_client_to_server = null; } try { np.lang_server_to_client = getFirstMatch(client.languages_server_to_client, server.languages_server_to_client); } catch (NegotiateException e2) { np.lang_server_to_client = null; } if (isGuessOK(client, server)) np.guessOK = true; return np; } public synchronized void initiateKEX(CryptoWishList cwl, DHGexParameters dhgex, DSAPrivateKey dsa, RSAPrivateKey rsa) throws IOException { nextKEXcryptoWishList = cwl; nextKEXdhgexParameters = dhgex; nextKEXdsakey = dsa; nextKEXrsakey = rsa; if (kxs == null) { kxs = new KexState(); kxs.local_dsa_key = dsa; kxs.local_rsa_key = rsa; kxs.dhgexParameters = nextKEXdhgexParameters; kxs.localKEX = new PacketKexInit(nextKEXcryptoWishList, rnd); tm.sendKexMessage(kxs.localKEX.getPayload()); } } private boolean establishKeyMaterial() { try { int mac_cs_key_len = MAC.getKeyLen(kxs.np.mac_algo_client_to_server); int enc_cs_key_len = BlockCipherFactory.getKeySize(kxs.np.enc_algo_client_to_server); int enc_cs_block_len = BlockCipherFactory.getBlockSize(kxs.np.enc_algo_client_to_server); int mac_sc_key_len = MAC.getKeyLen(kxs.np.mac_algo_server_to_client); int enc_sc_key_len = BlockCipherFactory.getKeySize(kxs.np.enc_algo_server_to_client); int enc_sc_block_len = BlockCipherFactory.getBlockSize(kxs.np.enc_algo_server_to_client); String hash = (null != kxs.dhx) ? kxs.dhx.getHashFunction() : "SHA1"; km = KeyMaterial.create(hash, kxs.H, kxs.K, sessionId, enc_cs_key_len, enc_cs_block_len, mac_cs_key_len, enc_sc_key_len, enc_sc_block_len, mac_sc_key_len); } catch (IllegalArgumentException e) { return false; } return true; } protected void finishKex(boolean clientMode) throws IOException { if (sessionId == null) sessionId = kxs.H; establishKeyMaterial(); /* Tell the other side that we start using the new material */ PacketNewKeys ign = new PacketNewKeys(); tm.sendKexMessage(ign.getPayload()); BlockCipher cbc; MAC mac; try { cbc = BlockCipherFactory.createCipher(clientMode ? kxs.np.enc_algo_client_to_server : kxs.np.enc_algo_server_to_client, true, clientMode ? km.enc_key_client_to_server : km.enc_key_server_to_client, clientMode ? km.initial_iv_client_to_server : km.initial_iv_server_to_client); mac = new MAC(clientMode ? kxs.np.mac_algo_client_to_server : kxs.np.mac_algo_server_to_client, clientMode ? km.integrity_key_client_to_server : km.integrity_key_server_to_client); } catch (IllegalArgumentException e1) { throw new IOException("Fatal error during MAC startup!"); } tm.changeSendCipher(cbc, mac); tm.kexFinished(); } public static final String[] getDefaultServerHostkeyAlgorithmList() { return new String[] { "ssh-rsa", "ssh-dss" }; } public static final void checkServerHostkeyAlgorithmsList(String[] algos) { for (int i = 0; i < algos.length; i++) { if (("ssh-rsa".equals(algos[i]) == false) && ("ssh-dss".equals(algos[i]) == false)) throw new IllegalArgumentException("Unknown server host key algorithm '" + algos[i] + "'"); } } public static final String[] getDefaultClientKexAlgorithmList() { return new String[] { "diffie-hellman-group14-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1", "diffie-hellman-group-exchange-sha1" }; } public static final void checkClientKexAlgorithmList(String[] algos) { String[] defaultAlgos = getDefaultClientKexAlgorithmList(); Arrays.sort(defaultAlgos); for (String algo : algos) { if (Arrays.binarySearch(defaultAlgos, algo) < 0) { throw new IllegalArgumentException("Unknown KEX method " + algo); } } } public static final String[] getDefaultServerKexAlgorithmList() { return new String[] { "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1" }; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/transport/KexParameters.java000066400000000000000000000015541370551253600312170ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.transport; /** * KexParameters. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class KexParameters { public byte[] cookie; public String[] kex_algorithms; public String[] server_host_key_algorithms; public String[] encryption_algorithms_client_to_server; public String[] encryption_algorithms_server_to_client; public String[] mac_algorithms_client_to_server; public String[] mac_algorithms_server_to_client; public String[] compression_algorithms_client_to_server; public String[] compression_algorithms_server_to_client; public String[] languages_client_to_server; public String[] languages_server_to_client; public boolean first_kex_packet_follows; public int reserved_field1; } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/transport/KexState.java000066400000000000000000000016431370551253600301730ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.transport; import ch.ethz.ssh2.DHGexParameters; import ch.ethz.ssh2.crypto.dh.DhExchange; import ch.ethz.ssh2.crypto.dh.DhGroupExchange; import java.math.BigInteger; import ch.ethz.ssh2.packets.PacketKexInit; import ch.ethz.ssh2.signature.DSAPrivateKey; import ch.ethz.ssh2.signature.RSAPrivateKey; /** * KexState. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class KexState { public PacketKexInit localKEX; public PacketKexInit remoteKEX; public NegotiatedParameters np; public int state = 0; public BigInteger K; public byte[] H; public byte[] remote_hostkey; public DhExchange dhx; public DhGroupExchange dhgx; public DHGexParameters dhgexParameters; public DSAPrivateKey local_dsa_key; public RSAPrivateKey local_rsa_key; } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/transport/MessageHandler.java000066400000000000000000000006061370551253600313230ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.transport; import java.io.IOException; /** * MessageHandler. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public interface MessageHandler { public void handleMessage(byte[] msg, int msglen) throws IOException; } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/transport/NegotiateException.java000066400000000000000000000005741370551253600322430ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.transport; /** * NegotiateException. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class NegotiateException extends Exception { private static final long serialVersionUID = 3689910669428143157L; } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/transport/NegotiatedParameters.java000066400000000000000000000013131370551253600325440ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.transport; /** * NegotiatedParameters. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class NegotiatedParameters { public boolean guessOK; public String kex_algo; public String server_host_key_algo; public String enc_algo_client_to_server; public String enc_algo_server_to_client; public String mac_algo_client_to_server; public String mac_algo_server_to_client; public String comp_algo_client_to_server; public String comp_algo_server_to_client; public String lang_client_to_server; public String lang_server_to_client; } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/transport/ServerKexManager.java000066400000000000000000000144201370551253600316510ustar00rootroot00000000000000/* * Copyright (c) 2006-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.transport; import java.io.IOException; import ch.ethz.ssh2.ConnectionInfo; import ch.ethz.ssh2.auth.ServerAuthenticationManager; import ch.ethz.ssh2.crypto.cipher.BlockCipher; import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory; import ch.ethz.ssh2.crypto.dh.DhExchange; import ch.ethz.ssh2.crypto.digest.MAC; import ch.ethz.ssh2.packets.PacketKexDHInit; import ch.ethz.ssh2.packets.PacketKexDHReply; import ch.ethz.ssh2.packets.PacketKexInit; import ch.ethz.ssh2.packets.Packets; import ch.ethz.ssh2.server.ServerConnectionState; import ch.ethz.ssh2.signature.DSASHA1Verify; import ch.ethz.ssh2.signature.DSASignature; import ch.ethz.ssh2.signature.RSASHA1Verify; import ch.ethz.ssh2.signature.RSASignature; public class ServerKexManager extends KexManager { private final ServerConnectionState state; private boolean authenticationStarted = false; public ServerKexManager(ServerConnectionState state) { super(state.tm, state.csh, state.next_cryptoWishList, state.generator); this.state = state; } public void handleMessage(byte[] msg, int msglen) throws IOException { PacketKexInit kip; if (msg == null) { synchronized (accessLock) { connectionClosed = true; accessLock.notifyAll(); return; } } if ((kxs == null) && (msg[0] != Packets.SSH_MSG_KEXINIT)) throw new IOException("Unexpected KEX message (type " + msg[0] + ")"); if (ignore_next_kex_packet) { ignore_next_kex_packet = false; return; } if (msg[0] == Packets.SSH_MSG_KEXINIT) { if ((kxs != null) && (kxs.state != 0)) throw new IOException("Unexpected SSH_MSG_KEXINIT message during on-going kex exchange!"); if (kxs == null) { /* * Ah, OK, peer wants to do KEX. Let's be nice and play * together. */ kxs = new KexState(); kxs.local_dsa_key = nextKEXdsakey; kxs.local_rsa_key = nextKEXrsakey; kxs.dhgexParameters = nextKEXdhgexParameters; kip = new PacketKexInit(nextKEXcryptoWishList, rnd); kxs.localKEX = kip; tm.sendKexMessage(kip.getPayload()); } kip = new PacketKexInit(msg, 0, msglen); kxs.remoteKEX = kip; kxs.np = mergeKexParameters(kxs.remoteKEX.getKexParameters(), kxs.localKEX.getKexParameters()); if (kxs.np == null) throw new IOException("Cannot negotiate, proposals do not match."); if (kxs.remoteKEX.isFirst_kex_packet_follows() && (kxs.np.guessOK == false)) { /* * Guess was wrong, we need to ignore the next kex packet. */ ignore_next_kex_packet = true; } if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) { kxs.dhx = new DhExchange("SHA1"); if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")) kxs.dhx.serverInit(1, rnd); else kxs.dhx.serverInit(14, rnd); kxs.state = 1; return; } throw new IllegalStateException("Unkown KEX method!"); } if (msg[0] == Packets.SSH_MSG_NEWKEYS) { if (km == null) throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!"); BlockCipher cbc; MAC mac; try { cbc = BlockCipherFactory.createCipher(kxs.np.enc_algo_client_to_server, false, km.enc_key_client_to_server, km.initial_iv_client_to_server); mac = new MAC(kxs.np.mac_algo_client_to_server, km.integrity_key_client_to_server); } catch (IllegalArgumentException e1) { throw new IOException("Fatal error during MAC startup!"); } tm.changeRecvCipher(cbc, mac); ConnectionInfo sci = new ConnectionInfo(); kexCount++; sci.keyExchangeAlgorithm = kxs.np.kex_algo; sci.keyExchangeCounter = kexCount; sci.clientToServerCryptoAlgorithm = kxs.np.enc_algo_client_to_server; sci.serverToClientCryptoAlgorithm = kxs.np.enc_algo_server_to_client; sci.clientToServerMACAlgorithm = kxs.np.mac_algo_client_to_server; sci.serverToClientMACAlgorithm = kxs.np.mac_algo_server_to_client; sci.serverHostKeyAlgorithm = kxs.np.server_host_key_algo; sci.serverHostKey = kxs.remote_hostkey; synchronized (accessLock) { lastConnInfo = sci; accessLock.notifyAll(); } kxs = null; return; } if ((kxs == null) || (kxs.state == 0)) throw new IOException("Unexpected Kex submessage!"); if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) { if (kxs.state == 1) { PacketKexDHInit dhi = new PacketKexDHInit(msg, 0, msglen); kxs.dhx.setE(dhi.getE()); byte[] hostKey = null; if (kxs.np.server_host_key_algo.equals("ssh-rsa")) { hostKey = RSASHA1Verify.encodeSSHRSAPublicKey(kxs.local_rsa_key.getPublicKey()); } if (kxs.np.server_host_key_algo.equals("ssh-dss")) { hostKey = DSASHA1Verify.encodeSSHDSAPublicKey(kxs.local_dsa_key.getPublicKey()); } try { kxs.H = kxs.dhx.calculateH(csh.getClientString(), csh.getServerString(), kxs.remoteKEX.getPayload(), kxs.localKEX.getPayload(), hostKey); } catch (IllegalArgumentException e) { throw new IOException("KEX error.", e); } kxs.K = kxs.dhx.getK(); byte[] signature = null; if (kxs.np.server_host_key_algo.equals("ssh-rsa")) { RSASignature rs = RSASHA1Verify.generateSignature(kxs.H, kxs.local_rsa_key); signature = RSASHA1Verify.encodeSSHRSASignature(rs); } if (kxs.np.server_host_key_algo.equals("ssh-dss")) { DSASignature ds = DSASHA1Verify.generateSignature(kxs.H, kxs.local_dsa_key, rnd); signature = DSASHA1Verify.encodeSSHDSASignature(ds); } PacketKexDHReply dhr = new PacketKexDHReply(hostKey, kxs.dhx.getF(), signature); tm.sendKexMessage(dhr.getPayload()); finishKex(false); kxs.state = -1; if (authenticationStarted == false) { authenticationStarted = true; state.am = new ServerAuthenticationManager(state); } return; } } throw new IllegalStateException("Unkown KEX method! (" + kxs.np.kex_algo + ")"); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/transport/ServerTransportManager.java000066400000000000000000000024601370551253600331170ustar00rootroot00000000000000package ch.ethz.ssh2.transport; import java.io.IOException; import java.net.Socket; import ch.ethz.ssh2.server.ServerConnectionState; /** * @version $Id:$ */ public class ServerTransportManager extends TransportManager { private final Socket sock; public ServerTransportManager(final Socket socket) { // TCP connection is already established this.sock = socket; } public void connect(ServerConnectionState state) throws IOException { /* Parse the client line and say hello - important: this information is later needed for the * key exchange (to stop man-in-the-middle attacks) - that is why we wrap it into an object * for later use. */ state.csh = ClientServerHello.serverHello(state.softwareversion, sock.getInputStream(), sock.getOutputStream()); TransportConnection tc = new TransportConnection(sock.getInputStream(), sock.getOutputStream(), state.generator); KexManager km = new ServerKexManager(state); super.init(tc, km); km.initiateKEX(state.next_cryptoWishList, null, state.next_dsa_key, state.next_rsa_key); this.startReceiver(); } @Override public void close(final Throwable cause, final boolean useDisconnectPacket) { this.close(sock, cause, useDisconnectPacket); } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/transport/TransportConnection.java000066400000000000000000000172471370551253600324660ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.transport; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.security.SecureRandom; import ch.ethz.ssh2.crypto.cipher.BlockCipher; import ch.ethz.ssh2.crypto.cipher.CipherInputStream; import ch.ethz.ssh2.crypto.cipher.CipherOutputStream; import ch.ethz.ssh2.crypto.cipher.NullCipher; import ch.ethz.ssh2.crypto.digest.MAC; import ch.ethz.ssh2.log.Logger; import ch.ethz.ssh2.packets.Packets; /** * TransportConnection. * * @author Christian Plattner * @version $Id$ */ public class TransportConnection { private static final Logger log = Logger.getLogger(TransportConnection.class); int send_seq_number = 0; int recv_seq_number = 0; CipherInputStream cis; CipherOutputStream cos; boolean useRandomPadding = false; /* Depends on current MAC and CIPHER */ MAC send_mac; byte[] send_mac_buffer; int send_padd_blocksize = 8; MAC recv_mac; byte[] recv_mac_buffer; byte[] recv_mac_buffer_cmp; int recv_padd_blocksize = 8; /* won't change */ final byte[] send_padding_buffer = new byte[256]; final byte[] send_packet_header_buffer = new byte[5]; final byte[] recv_padding_buffer = new byte[256]; final byte[] recv_packet_header_buffer = new byte[5]; boolean recv_packet_header_present = false; ClientServerHello csh; final SecureRandom rnd; public TransportConnection(InputStream is, OutputStream os, SecureRandom rnd) { this.cis = new CipherInputStream(new NullCipher(), is); this.cos = new CipherOutputStream(new NullCipher(), os); this.rnd = rnd; } public void changeRecvCipher(BlockCipher bc, MAC mac) { cis.changeCipher(bc); recv_mac = mac; recv_mac_buffer = (mac != null) ? new byte[mac.size()] : null; recv_mac_buffer_cmp = (mac != null) ? new byte[mac.size()] : null; recv_padd_blocksize = bc.getBlockSize(); if (recv_padd_blocksize < 8) recv_padd_blocksize = 8; } public void changeSendCipher(BlockCipher bc, MAC mac) { if ((bc instanceof NullCipher) == false) { /* Only use zero byte padding for the first few packets */ useRandomPadding = true; /* Once we start encrypting, there is no way back */ } cos.changeCipher(bc); send_mac = mac; send_mac_buffer = (mac != null) ? new byte[mac.size()] : null; send_padd_blocksize = bc.getBlockSize(); if (send_padd_blocksize < 8) send_padd_blocksize = 8; } public void sendMessage(byte[] message) throws IOException { sendMessage(message, 0, message.length, 0); } public void sendMessage(byte[] message, int off, int len) throws IOException { sendMessage(message, off, len, 0); } public int getPacketOverheadEstimate() { // return an estimate for the paket overhead (for send operations) return 5 + 4 + (send_padd_blocksize - 1) + send_mac_buffer.length; } public void sendMessage(byte[] message, int off, int len, int padd) throws IOException { if (padd < 4) padd = 4; else if (padd > 64) padd = 64; int packet_len = 5 + len + padd; /* Minimum allowed padding is 4 */ int slack = packet_len % send_padd_blocksize; if (slack != 0) { packet_len += (send_padd_blocksize - slack); } if (packet_len < 16) packet_len = 16; int padd_len = packet_len - (5 + len); if (useRandomPadding) { for (int i = 0; i < padd_len; i = i + 4) { /* * don't waste calls to rnd.nextInt() (by using only 8bit of the * output). just believe me: even though we may write here up to 3 * bytes which won't be used, there is no "buffer overflow" (i.e., * arrayindexoutofbounds). the padding buffer is big enough =) (256 * bytes, and that is bigger than any current cipher block size + 64). */ int r = rnd.nextInt(); send_padding_buffer[i] = (byte) r; send_padding_buffer[i + 1] = (byte) (r >> 8); send_padding_buffer[i + 2] = (byte) (r >> 16); send_padding_buffer[i + 3] = (byte) (r >> 24); } } else { /* use zero padding for unencrypted traffic */ for (int i = 0; i < padd_len; i++) send_padding_buffer[i] = 0; /* Actually this code is paranoid: we never filled any * bytes into the padding buffer so far, therefore it should * consist of zeros only. */ } send_packet_header_buffer[0] = (byte) ((packet_len - 4) >> 24); send_packet_header_buffer[1] = (byte) ((packet_len - 4) >> 16); send_packet_header_buffer[2] = (byte) ((packet_len - 4) >> 8); send_packet_header_buffer[3] = (byte) ((packet_len - 4)); send_packet_header_buffer[4] = (byte) padd_len; cos.write(send_packet_header_buffer, 0, 5); cos.write(message, off, len); cos.write(send_padding_buffer, 0, padd_len); if (send_mac != null) { send_mac.initMac(send_seq_number); send_mac.update(send_packet_header_buffer, 0, 5); send_mac.update(message, off, len); send_mac.update(send_padding_buffer, 0, padd_len); send_mac.getMac(send_mac_buffer, 0); cos.writePlain(send_mac_buffer, 0, send_mac_buffer.length); } cos.flush(); if (log.isDebugEnabled()) { log.debug("Sent " + Packets.getMessageName(message[off] & 0xff) + " " + len + " bytes payload"); } send_seq_number++; } public int peekNextMessageLength() throws IOException { if (recv_packet_header_present == false) { cis.read(recv_packet_header_buffer, 0, 5); recv_packet_header_present = true; } int packet_length = ((recv_packet_header_buffer[0] & 0xff) << 24) | ((recv_packet_header_buffer[1] & 0xff) << 16) | ((recv_packet_header_buffer[2] & 0xff) << 8) | ((recv_packet_header_buffer[3] & 0xff)); int padding_length = recv_packet_header_buffer[4] & 0xff; if (packet_length > 35000 || packet_length < 12) throw new IOException("Illegal packet size! (" + packet_length + ")"); int payload_length = packet_length - padding_length - 1; if (payload_length < 0) throw new IOException("Illegal padding_length in packet from remote (" + padding_length + ")"); return payload_length; } public int receiveMessage(byte buffer[], int off, int len) throws IOException { if (recv_packet_header_present == false) { cis.read(recv_packet_header_buffer, 0, 5); } else recv_packet_header_present = false; int packet_length = ((recv_packet_header_buffer[0] & 0xff) << 24) | ((recv_packet_header_buffer[1] & 0xff) << 16) | ((recv_packet_header_buffer[2] & 0xff) << 8) | ((recv_packet_header_buffer[3] & 0xff)); int padding_length = recv_packet_header_buffer[4] & 0xff; if (packet_length > 35000 || packet_length < 12) throw new IOException("Illegal packet size! (" + packet_length + ")"); int payload_length = packet_length - padding_length - 1; if (payload_length < 0) throw new IOException("Illegal padding_length in packet from remote (" + padding_length + ")"); if (payload_length >= len) throw new IOException("Receive buffer too small (" + len + ", need " + payload_length + ")"); cis.read(buffer, off, payload_length); cis.read(recv_padding_buffer, 0, padding_length); if (recv_mac != null) { cis.readPlain(recv_mac_buffer, 0, recv_mac_buffer.length); recv_mac.initMac(recv_seq_number); recv_mac.update(recv_packet_header_buffer, 0, 5); recv_mac.update(buffer, off, payload_length); recv_mac.update(recv_padding_buffer, 0, padding_length); recv_mac.getMac(recv_mac_buffer_cmp, 0); for (int i = 0; i < recv_mac_buffer.length; i++) { if (recv_mac_buffer[i] != recv_mac_buffer_cmp[i]) throw new IOException("Remote sent corrupt MAC."); } } recv_seq_number++; if (log.isDebugEnabled()) { log.debug("Received " + Packets.getMessageName(buffer[off] & 0xff) + " " + payload_length + " bytes payload"); } return payload_length; } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/transport/TransportManager.java000066400000000000000000000452311370551253600317330ustar00rootroot00000000000000/* * Copyright (c) 2006-2013 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.transport; import java.io.IOException; import java.io.InterruptedIOException; import java.net.Socket; import java.net.SocketTimeoutException; import java.util.ArrayList; import java.util.List; import ch.ethz.ssh2.ConnectionInfo; import ch.ethz.ssh2.ConnectionMonitor; import ch.ethz.ssh2.DHGexParameters; import ch.ethz.ssh2.crypto.CryptoWishList; import ch.ethz.ssh2.crypto.cipher.BlockCipher; import ch.ethz.ssh2.crypto.digest.MAC; import ch.ethz.ssh2.log.Logger; import ch.ethz.ssh2.packets.PacketDisconnect; import ch.ethz.ssh2.packets.Packets; import ch.ethz.ssh2.packets.TypesReader; import ch.ethz.ssh2.signature.DSAPrivateKey; import ch.ethz.ssh2.signature.RSAPrivateKey; /* * Yes, the "standard" is a big mess. On one side, the say that arbitary channel * packets are allowed during kex exchange, on the other side we need to blindly * ignore the next _packet_ if the KEX guess was wrong. Where do we know from that * the next packet is not a channel data packet? Yes, we could check if it is in * the KEX range. But the standard says nothing about this. The OpenSSH guys * block local "normal" traffic during KEX. That's fine - however, they assume * that the other side is doing the same. During re-key, if they receive traffic * other than KEX, they become horribly irritated and kill the connection. Since * we are very likely going to communicate with OpenSSH servers, we have to play * the same game - even though we could do better. * * btw: having stdout and stderr on the same channel, with a shared window, is * also a VERY good idea... =( */ /** * TransportManager. * * @author Christian Plattner * @version $Id$ */ public abstract class TransportManager { private static final Logger log = Logger.getLogger(TransportManager.class); private static final class HandlerEntry { MessageHandler mh; int low; int high; } private final List asynchronousQueue = new ArrayList(); private Thread asynchronousThread = null; private boolean asynchronousPending = false; private static final class AsynchronousEntry { public byte[] msg; public Runnable run; public AsynchronousEntry(byte[] msg, Runnable run) { this.msg = msg; this.run = run; } } private final class AsynchronousWorker extends Thread { @Override public void run() { while(true) { AsynchronousEntry item; synchronized(asynchronousQueue) { if(asynchronousQueue.size() == 0) { /* Only now we may reset the flag, since we are sure that all queued items * have been sent (there is a slight delay between de-queuing and sending, * this is why we need this flag! See code below. Sending takes place outside * of this lock, this is why a test for size()==0 (from another thread) does not ensure * that all messages have been sent. */ asynchronousPending = false; /* Notify any senders that they can proceed, all async messages have been delivered */ asynchronousQueue.notifyAll(); /* After the queue is empty for about 2 seconds, stop this thread */ try { asynchronousQueue.wait(2000); } catch(InterruptedException ignore) { } if(asynchronousQueue.size() == 0) { asynchronousThread = null; return; } } item = asynchronousQueue.remove(0); } /* The following invocation may throw an IOException. * There is no point in handling it - it simply means * that the connection has a problem and we should stop * sending asynchronously messages. We do not need to signal that * we have exited (asynchronousThread = null): further * messages in the queue cannot be sent by this or any * other thread. * Other threads will sooner or later (when receiving or * sending the next message) get the same IOException and * get to the same conclusion. */ try { sendMessageImmediate(item.msg); } catch(IOException e) { return; } if(item.run != null) { try { item.run.run(); } catch(Exception ignore) { } } } } } private final Object connectionSemaphore = new Object(); private boolean flagKexOngoing = false; private boolean connectionClosed = false; private Throwable reasonClosedCause = null; private TransportConnection tc; private KexManager km; private final List messageHandlers = new ArrayList(); private Thread receiveThread; private List connectionMonitors = new ArrayList(); private boolean monitorsWereInformed = false; protected void init(TransportConnection tc, KexManager km) { this.tc = tc; this.km = km; } public int getPacketOverheadEstimate() { return tc.getPacketOverheadEstimate(); } public ConnectionInfo getConnectionInfo(int kexNumber) throws IOException { return km.getOrWaitForConnectionInfo(kexNumber); } public Throwable getReasonClosedCause() { synchronized(connectionSemaphore) { return reasonClosedCause; } } public byte[] getSessionIdentifier() { return km.sessionId; } public void close(Throwable cause) { this.close(cause, false); } public abstract void close(Throwable cause, boolean useDisconnectPacket); public void close(Socket sock, Throwable cause, boolean useDisconnectPacket) { if(useDisconnectPacket == false) { /* OK, hard shutdown - do not aquire the semaphore, * perhaps somebody is inside (and waits until the remote * side is ready to accept new data). */ try { sock.close(); } catch(IOException ignore) { } /* OK, whoever tried to send data, should now agree that * there is no point in further waiting =) * It is safe now to aquire the semaphore. */ } synchronized(connectionSemaphore) { if(connectionClosed == false) { if(useDisconnectPacket == true) { try { byte[] msg = new PacketDisconnect(Packets.SSH_DISCONNECT_BY_APPLICATION, cause.getMessage(), "") .getPayload(); if(tc != null) { tc.sendMessage(msg); } } catch(IOException ignore) { } try { sock.close(); } catch(IOException ignore) { } } connectionClosed = true; reasonClosedCause = cause; /* may be null */ } connectionSemaphore.notifyAll(); } /* No check if we need to inform the monitors */ List monitors = new ArrayList(); synchronized(this) { /* Short term lock to protect "connectionMonitors" * and "monitorsWereInformed" * (they may be modified concurrently) */ if(monitorsWereInformed == false) { monitorsWereInformed = true; monitors.addAll(connectionMonitors); } } for(ConnectionMonitor cmon : monitors) { try { cmon.connectionLost(reasonClosedCause); } catch(Exception ignore) { } } } protected void startReceiver() throws IOException { receiveThread = new Thread(new Runnable() { public void run() { try { receiveLoop(); } catch(IOException e) { close(e); log.warning("Receive thread: error in receiveLoop: " + e.getMessage()); } if(log.isDebugEnabled()) { log.debug("Receive thread: back from receiveLoop"); } /* Tell all handlers that it is time to say goodbye */ if(km != null) { try { km.handleMessage(null, 0); } catch(IOException ignored) { } } for(HandlerEntry he : messageHandlers) { try { he.mh.handleMessage(null, 0); } catch(IOException ignored) { } } } }); receiveThread.setDaemon(true); receiveThread.start(); } public void registerMessageHandler(MessageHandler mh, int low, int high) { HandlerEntry he = new HandlerEntry(); he.mh = mh; he.low = low; he.high = high; synchronized(messageHandlers) { messageHandlers.add(he); } } public void removeMessageHandler(MessageHandler mh, int low, int high) { synchronized(messageHandlers) { for(int i = 0; i < messageHandlers.size(); i++) { HandlerEntry he = messageHandlers.get(i); if((he.mh == mh) && (he.low == low) && (he.high == high)) { messageHandlers.remove(i); break; } } } } public void sendKexMessage(byte[] msg) throws IOException { synchronized(connectionSemaphore) { if(connectionClosed) { throw new IOException("Sorry, this connection is closed.", reasonClosedCause); } flagKexOngoing = true; try { tc.sendMessage(msg); } catch(IOException e) { close(e); throw e; } } } public void kexFinished() throws IOException { synchronized(connectionSemaphore) { flagKexOngoing = false; connectionSemaphore.notifyAll(); } } /** * @param cwl * @param dhgex * @param dsa may be null if this is a client connection * @param rsa may be null if this is a client connection * @throws IOException */ public void forceKeyExchange(CryptoWishList cwl, DHGexParameters dhgex, DSAPrivateKey dsa, RSAPrivateKey rsa) throws IOException { synchronized(connectionSemaphore) { if(connectionClosed) /* Inform the caller that there is no point in triggering a new kex */ { throw new IOException("Sorry, this connection is closed.", reasonClosedCause); } } km.initiateKEX(cwl, dhgex, dsa, rsa); } public void changeRecvCipher(BlockCipher bc, MAC mac) { tc.changeRecvCipher(bc, mac); } public void changeSendCipher(BlockCipher bc, MAC mac) { tc.changeSendCipher(bc, mac); } public void sendAsynchronousMessage(byte[] msg) throws IOException { sendAsynchronousMessage(msg, null); } public void sendAsynchronousMessage(byte[] msg, Runnable run) throws IOException { synchronized(asynchronousQueue) { asynchronousQueue.add(new AsynchronousEntry(msg, run)); asynchronousPending = true; /* This limit should be flexible enough. We need this, otherwise the peer * can flood us with global requests (and other stuff where we have to reply * with an asynchronous message) and (if the server just sends data and does not * read what we send) this will probably put us in a low memory situation * (our send queue would grow and grow and...) */ if(asynchronousQueue.size() > 100) { throw new IOException("Error: the peer is not consuming our asynchronous replies."); } /* Check if we have an asynchronous sending thread */ if(asynchronousThread == null) { asynchronousThread = new AsynchronousWorker(); asynchronousThread.setDaemon(true); asynchronousThread.start(); /* The thread will stop after 2 seconds of inactivity (i.e., empty queue) */ } asynchronousQueue.notifyAll(); } } public void setConnectionMonitors(List monitors) { synchronized(this) { connectionMonitors = new ArrayList(); connectionMonitors.addAll(monitors); } } /** * True if no response message expected. */ private boolean idle; /** * Send a message but ensure that all queued messages are being sent first. * * @param msg * @throws IOException */ public void sendMessage(byte[] msg) throws IOException { synchronized(asynchronousQueue) { while(asynchronousPending) { try { asynchronousQueue.wait(1000); } catch(InterruptedException e) { throw new InterruptedIOException(e.getMessage()); } } } sendMessageImmediate(msg); } /** * Send message, ignore queued async messages that have not been delivered yet. * Will be called directly from the asynchronousThread thread. * * @param msg * @throws IOException */ public void sendMessageImmediate(byte[] msg) throws IOException { if(Thread.currentThread() == receiveThread) { throw new IOException("Assertion error: sendMessage may never be invoked by the receiver thread!"); } synchronized(connectionSemaphore) { while(true) { if(connectionClosed) { throw new IOException("Sorry, this connection is closed.", reasonClosedCause); } if(flagKexOngoing == false) { break; } try { connectionSemaphore.wait(); } catch(InterruptedException e) { throw new InterruptedIOException(e.getMessage()); } } try { tc.sendMessage(msg); idle = false; } catch(IOException e) { close(e); throw e; } } } public void receiveLoop() throws IOException { byte[] msg = new byte[35000]; while(true) { int msglen; try { msglen = tc.receiveMessage(msg, 0, msg.length); } catch(SocketTimeoutException e) { // Timeout in read if(idle) { log.debug("Ignoring socket timeout"); continue; } throw e; } idle = true; int type = msg[0] & 0xff; if(type == Packets.SSH_MSG_IGNORE) { continue; } if(type == Packets.SSH_MSG_DEBUG) { if(log.isDebugEnabled()) { TypesReader tr = new TypesReader(msg, 0, msglen); tr.readByte(); tr.readBoolean(); StringBuilder debugMessageBuffer = new StringBuilder(); debugMessageBuffer.append(tr.readString("UTF-8")); for(int i = 0; i < debugMessageBuffer.length(); i++) { char c = debugMessageBuffer.charAt(i); if((c >= 32) && (c <= 126)) { continue; } debugMessageBuffer.setCharAt(i, '\uFFFD'); } log.debug("DEBUG Message from remote: '" + debugMessageBuffer.toString() + "'"); } continue; } if(type == Packets.SSH_MSG_UNIMPLEMENTED) { throw new IOException("Peer sent UNIMPLEMENTED message, that should not happen."); } if(type == Packets.SSH_MSG_DISCONNECT) { TypesReader tr = new TypesReader(msg, 0, msglen); tr.readByte(); int reason_code = tr.readUINT32(); StringBuilder reasonBuffer = new StringBuilder(); reasonBuffer.append(tr.readString("UTF-8")); /* * Do not get fooled by servers that send abnormal long error * messages */ if(reasonBuffer.length() > 255) { reasonBuffer.setLength(255); reasonBuffer.setCharAt(254, '.'); reasonBuffer.setCharAt(253, '.'); reasonBuffer.setCharAt(252, '.'); } /* * Also, check that the server did not send characters that may * screw up the receiver -> restrict to reasonable US-ASCII * subset -> "printable characters" (ASCII 32 - 126). Replace * all others with 0xFFFD (UNICODE replacement character). */ for(int i = 0; i < reasonBuffer.length(); i++) { char c = reasonBuffer.charAt(i); if((c >= 32) && (c <= 126)) { continue; } reasonBuffer.setCharAt(i, '\uFFFD'); } throw new IOException("Peer sent DISCONNECT message (reason code " + reason_code + "): " + reasonBuffer.toString()); } /* * Is it a KEX Packet? */ if((type == Packets.SSH_MSG_KEXINIT) || (type == Packets.SSH_MSG_NEWKEYS) || ((type >= 30) && (type <= 49))) { km.handleMessage(msg, msglen); continue; } MessageHandler mh = null; for(HandlerEntry he : messageHandlers) { if((he.low <= type) && (type <= he.high)) { mh = he.mh; break; } } if(mh == null) { throw new IOException("Unexpected SSH message (type " + type + ")"); } mh.handleMessage(msg, msglen); } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/util/000077500000000000000000000000001370551253600245155ustar00rootroot00000000000000SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/util/StringEncoder.java000066400000000000000000000016111370551253600301250ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. * All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.util; import java.io.UnsupportedEncodingException; /** * @author Christian Plattner * @version $Id$ */ public class StringEncoder { public static byte[] GetBytes(String data) { try { return data.getBytes("UTF-8"); } catch(UnsupportedEncodingException e) { throw new RuntimeException(e); } } public static String GetString(byte[] data) { return GetString(data, 0, data.length); } public static String GetString(byte[] data, int off, int len) { try { return new String(data, off, len, "UTF-8"); } catch(UnsupportedEncodingException e) { throw new RuntimeException(e); } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/util/TimeoutService.java000066400000000000000000000065421370551253600303360ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.util; import java.io.PrintWriter; import java.io.StringWriter; import java.util.Collections; import java.util.Comparator; import java.util.LinkedList; import ch.ethz.ssh2.log.Logger; /** * TimeoutService (beta). Here you can register a timeout. *

* Implemented having large scale programs in mind: if you open many concurrent SSH connections * that rely on timeouts, then there will be only one timeout thread. Once all timeouts * have expired/are cancelled, the thread will (sooner or later) exit. * Only after new timeouts arrive a new thread (singleton) will be instantiated. * * @author Christian Plattner * @version $Id$ */ public class TimeoutService { private static final Logger log = Logger.getLogger(TimeoutService.class); public static class TimeoutToken { private long runTime; private Runnable handler; private TimeoutToken(long runTime, Runnable handler) { this.runTime = runTime; this.handler = handler; } } private static class TimeoutThread extends Thread { @Override public void run() { synchronized (todolist) { while (true) { if (todolist.size() == 0) { timeoutThread = null; return; } long now = System.currentTimeMillis(); TimeoutToken tt = todolist.getFirst(); if (tt.runTime > now) { /* Not ready yet, sleep a little bit */ try { todolist.wait(tt.runTime - now); } catch (InterruptedException ignored) { } /* We cannot simply go on, since it could be that the token * was removed (cancelled) or another one has been inserted in * the meantime. */ continue; } todolist.removeFirst(); try { tt.handler.run(); } catch (Exception e) { StringWriter sw = new StringWriter(); e.printStackTrace(new PrintWriter(sw)); log.warning("Exeception in Timeout handler:" + e.getMessage() + "(" + sw.toString() + ")"); } } } } } /* The list object is also used for locking purposes */ private static final LinkedList todolist = new LinkedList(); private static Thread timeoutThread = null; /** * It is assumed that the passed handler will not execute for a long time. * * @param runTime * @param handler * @return a TimeoutToken that can be used to cancel the timeout. */ public static TimeoutToken addTimeoutHandler(long runTime, Runnable handler) { TimeoutToken token = new TimeoutToken(runTime, handler); synchronized (todolist) { todolist.add(token); Collections.sort(todolist, new Comparator() { public int compare(TimeoutToken o1, TimeoutToken o2) { if (o1.runTime > o2.runTime) return 1; if (o1.runTime == o2.runTime) return 0; return -1; } }); if (timeoutThread != null) timeoutThread.interrupt(); else { timeoutThread = new TimeoutThread(); timeoutThread.setDaemon(true); timeoutThread.start(); } } return token; } public static void cancelTimeoutHandler(TimeoutToken token) { synchronized (todolist) { todolist.remove(token); if (timeoutThread != null) timeoutThread.interrupt(); } } } SoftwareAG-ganymed-ssh-2-ef7fbc4/src/main/java/ch/ethz/ssh2/util/Tokenizer.java000066400000000000000000000021311370551253600273270ustar00rootroot00000000000000/* * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. * Please refer to the LICENSE.txt for licensing details. */ package ch.ethz.ssh2.util; /** * Tokenizer. Why? Because StringTokenizer is not available in J2ME. * * @author Christian Plattner * @version 2.50, 03/15/10 */ public class Tokenizer { /** * Exists because StringTokenizer is not available in J2ME. * Returns an array with at least 1 entry. * * @param source must be non-null * @param delimiter * @return an array of Strings */ public static String[] parseTokens(String source, char delimiter) { int numtoken = 1; for (int i = 0; i < source.length(); i++) { if (source.charAt(i) == delimiter) numtoken++; } String list[] = new String[numtoken]; int nextfield = 0; for (int i = 0; i < numtoken; i++) { if (nextfield >= source.length()) { list[i] = ""; } else { int idx = source.indexOf(delimiter, nextfield); if (idx == -1) idx = source.length(); list[i] = source.substring(nextfield, idx); nextfield = idx + 1; } } return list; } }