@Override public byte[] encode(byte[] sig) { int rIndex = 3; int rLen = sig[rIndex++] & 0xff; byte[] r = new byte[rLen]; System.arraycopy(sig, rIndex, r, 0, r.length); int sIndex = rIndex + rLen + 1; int sLen = sig[sIndex++] & 0xff; byte[] s = new byte[sLen]; System.arraycopy(sig, sIndex, s, 0, s.length); System.arraycopy(sig, 4, r, 0, rLen); System.arraycopy(sig, 6 + rLen, s, 0, sLen); Buffer.PlainBuffer buf = new Buffer.PlainBuffer(); buf.putMPInt(new BigInteger(r)); buf.putMPInt(new BigInteger(s)); return buf.getCompactData(); }
/** * Computes the fingerprint for a public key, in the standard SSH format, e.g. "4b:69:6c:72:6f:79:20:77:61:73:20:68:65:72:65:21" * * @param key the public key * @return the fingerprint * @see <a href="http://tools.ietf.org/html/draft-friedl-secsh-fingerprint-00">specification</a> */ public static String getFingerprint(PublicKey key) { MessageDigest md5; try { md5 = getMessageDigest("MD5"); } catch (GeneralSecurityException e) { throw new SSHRuntimeException(e); } md5.update(new Buffer.PlainBuffer().putPublicKey(key).getCompactData()); final String undelimited = ByteArrayUtils.toHex(md5.digest()); assert undelimited.length() == 32 : "md5 contract"; StringBuilder fp = new StringBuilder(undelimited.substring(0, 2)); for (int i = 2; i <= undelimited.length() - 2; i += 2) fp.append(":").append(undelimited.substring(i, i + 2)); return fp.toString(); }
private static byte[] packString(String data) { if (data == null || data.isEmpty()) { return "".getBytes(); } return new Buffer.PlainBuffer().putString(data).getCompactData(); }
public static byte[] encode(Map<PTYMode, Integer> modes) { Buffer.PlainBuffer buf = new Buffer.PlainBuffer(); for (Entry<PTYMode, Integer> entry : modes.entrySet()) { buf.putByte(entry.getKey().getOpcode()); buf.putUInt32(entry.getValue()); } buf.putByte((byte) 0); return buf.getCompactData(); }
private SSHPacket putSig(SSHPacket reqBuf) throws UserAuthException { final byte[] dataToSign = new Buffer.PlainBuffer() .putString(params.getTransport().getSessionID()) .putBuffer(reqBuf) // & rest of the data for sig .getCompactData(); reqBuf.putBytes(agentProxy.sign(identity.getBlob(), dataToSign)); return reqBuf; }
protected SSHPacket req(String reqName, Forward forward) throws ConnectionException, TransportException { final byte[] specifics = new Buffer.PlainBuffer().putString(forward.address).putUInt32(forward.port) .getCompactData(); return conn.sendGlobalRequest(reqName, true, specifics) .retrieve(conn.getTimeoutMs(), TimeUnit.MILLISECONDS); }
protected SSHPacket req(String reqName, Forward forward) throws ConnectionException, TransportException { final byte[] specifics = new Buffer.PlainBuffer().putString(forward.address).putUInt32(forward.port) .getCompactData(); return conn.sendGlobalRequest(reqName, true, specifics) .retrieve(conn.getTimeoutMs(), TimeUnit.MILLISECONDS); }
private static byte[] packString(String data) { if (data == null || data.isEmpty()) { return "".getBytes(); } return new Buffer.PlainBuffer().putString(data).getCompactData(); }
@Override public boolean verify(String hostname, int port, PublicKey key) { MessageDigest digest; try { digest = SecurityUtils.getMessageDigest(digestAlgorithm); } catch (GeneralSecurityException e) { throw new SSHRuntimeException(e); } digest.update(new Buffer.PlainBuffer().putPublicKey(key).getCompactData()); byte[] digestData = digest.digest(); return Arrays.equals(fingerprintData, digestData); }
/** * @param key Public key * @return The fingerprint is the MD5 of the Base64-encoded public key */ public String fingerprint(final PublicKey key) throws ChecksumException { return this.fingerprint(new ByteArrayInputStream( new Buffer.PlainBuffer().putPublicKey(key).getCompactData())); }
public byte[] toBytes() { Buffer.PlainBuffer buf = new Buffer.PlainBuffer(); buf.putUInt32(mask); if (has(Flag.SIZE)) buf.putUInt64(size); if (has(Flag.UIDGID)) { buf.putUInt32(uid); buf.putUInt32(gid); } if (has(Flag.MODE)) buf.putUInt32(mode.getMask()); if (has(Flag.ACMODTIME)) { buf.putUInt32(atime); buf.putUInt32(mtime); } if (has(Flag.EXTENDED)) { buf.putUInt32(ext.size()); for (Entry<String, String> entry : ext.entrySet()) { buf.putString(entry.getKey()); buf.putString(entry.getValue()); } } return buf.getCompactData(); }
protected SSHPacket putSig(SSHPacket reqBuf) throws UserAuthException { PrivateKey key; try { key = kProv.getPrivate(); } catch (IOException ioe) { throw new UserAuthException("Problem getting private key from " + kProv, ioe); } final String kt = KeyType.fromKey(key).toString(); Signature signature = Factory.Named.Util.create(params.getTransport().getConfig().getSignatureFactories(), kt); if (signature == null) throw new UserAuthException("Could not create signature instance for " + kt + " key"); signature.initSign(key); signature.update(new Buffer.PlainBuffer() .putString(params.getTransport().getSessionID()) .putBuffer(reqBuf) // & rest of the data for sig .getCompactData()); reqBuf.putSignature(kt, signature.encode(signature.sign())); return reqBuf; }
@Test public void testSignAndVerify() throws Exception { BigInteger x = new BigInteger(new byte[] { 58, 19, -71, -30, 89, -111, 75, 98, 110, 38, -56, -23, 68, 74, -40, 17, -30, 37, 50, 35 }); BigInteger y = new BigInteger(new byte[] { 32, -91, -39, 54, 19, 14, 26, 113, -109, -92, -45, 83, -86, 23, -103, 108, 102, 86, 110, 78, -45, -41, -37, 38, -94, -92, -124, -36, -93, 92, 127, 113, 97, -119, -10, -73, -41, -45, 98, -104, -54, -9, -92, 66, 15, 31, 68, -32, 32, -121, -51, 68, 29, 100, 59, 60, 109, 111, -81, 80, 7, 127, 116, -107, 88, -114, -114, -69, 41, -15, 59, 81, 70, 9, -113, 36, 119, 28, 16, -127, -65, 32, -19, 109, -27, 24, -48, -80, 84, 47, 119, 25, 57, -118, -66, -22, -105, -11, 112, 16, -91, -127, 62, 23, 89, -17, -43, -105, -4, -43, 60, 42, -81, -95, -27, -8, 98, -37, 120, 80, -76, 93, -24, -104, -117, 38, -56, -68 }); BigInteger p = new BigInteger(new byte[] { 0, -3, 127, 83, -127, 29, 117, 18, 41, 82, -33, 74, -100, 46, -20, -28, -25, -10, 17, -73, 82, 60, -17, 68, 0, -61, 30, 63, -128, -74, 81, 38, 105, 69, 93, 64, 34, 81, -5, 89, 61, -115, 88, -6, -65, -59, -11, -70, 48, -10, -53, -101, 85, 108, -41, -127, 59, -128, 29, 52, 111, -14, 102, 96, -73, 107, -103, 80, -91, -92, -97, -97, -24, 4, 123, 16, 34, -62, 79, -69, -87, -41, -2, -73, -58, 27, -8, 59, 87, -25, -58, -88, -90, 21, 15, 4, -5, -125, -10, -45, -59, 30, -61, 2, 53, 84, 19, 90, 22, -111, 50, -10, 117, -13, -82, 43, 97, -41, 42, -17, -14, 34, 3, 25, -99, -47, 72, 1, -57 }); BigInteger q = new BigInteger(new byte[] { 0, -105, 96, 80, -113, 21, 35, 11, -52, -78, -110, -71, -126, -94, -21, -124, 11, -16, 88, 28, -11 }); BigInteger g = new BigInteger(new byte[] { 0, -9, -31, -96, -123, -42, -101, 61, -34, -53, -68, -85, 92, 54, -72, 87, -71, 121, -108, -81, -69, -6, 58, -22, -126, -7, 87, 76, 11, 61, 7, -126, 103, 81, 89, 87, -114, -70, -44, 89, 79, -26, 113, 7, 16, -127, -128, -76, 73, 22, 113, 35, -24, 76, 40, 22, 19, -73, -49, 9, 50, -116, -56, -90, -31, 60, 22, 122, -117, 84, 124, -115, 40, -32, -93, -82, 30, 43, -77, -90, 117, -111, 110, -93, 127, 11, -6, 33, 53, 98, -15, -5, 98, 122, 1, 36, 59, -52, -92, -15, -66, -88, 81, -112, -119, -88, -125, -33, -31, 90, -27, -97, 6, -110, -117, 102, 94, -128, 123, 85, 37, 100, 1, 76, 59, -2, -49, 73, 42 }); byte[] data = "The Magic Words are Squeamish Ossifrage".getBytes(IOUtils.UTF8); // A previously signed and verified signature using the data and DSA key parameters above. byte[] dataSig = new byte[] { 0, 0, 0, 7, 115, 115, 104, 45, 100, 115, 115, 0, 0, 0, 40, 40, -71, 33, 105, -89, -107, 8, 26, -13, -90, 73, -103, 105, 112, 7, -59, -66, 46, 85, -27, 20, 82, 22, -113, -75, -86, -121, -42, -73, 78, 66, 93, -34, 39, -50, -93, 27, -5, 37, -92 }; SignatureDSA signatureForSigning = new SignatureDSA(); signatureForSigning.initSign(keyFactory.generatePrivate(new DSAPrivateKeySpec(x, p, q, g))); signatureForSigning.update(data); byte[] sigBlob = signatureForSigning.encode(signatureForSigning.sign()); byte[] sigFull = new Buffer.PlainBuffer().putString("ssh-dss").putBytes(sigBlob).getCompactData(); SignatureDSA signatureForVerifying = new SignatureDSA(); signatureForVerifying.initVerify(keyFactory.generatePublic(new DSAPublicKeySpec(y, p, q, g))); signatureForVerifying.update(data); Assert.assertTrue("Failed to verify signature: " + Arrays.toString(sigFull), signatureForVerifying.verify(sigFull)); signatureForVerifying.update(data); Assert.assertTrue("Failed to verify signature: " + Arrays.toString(dataSig), signatureForVerifying.verify(dataSig)); }
protected SSHPacket putPubKey(SSHPacket reqBuf) throws UserAuthException { PublicKey key; try { key = kProv.getPublic(); } catch (IOException ioe) { throw new UserAuthException("Problem getting public key from " + kProv, ioe); } // public key as 2 strings: [ key type | key blob ] reqBuf.putString(KeyType.fromKey(key).toString()) .putString(new Buffer.PlainBuffer().putPublicKey(key).getCompactData()); return reqBuf; }
private byte[] generateMIC() throws UserAuthException { byte[] msg = new PlainBuffer().putString(params.getTransport().getSessionID()) .putByte(Message.USERAUTH_REQUEST.toByte()) .putString(params.getUsername()) .putString(params.getNextServiceName()) .putString(getName()) .getCompactData(); try { return secContext.getMIC(msg, 0, msg.length, null); } catch (GSSException e) { throw new UserAuthException("Exception getting message integrity code", e); } }
public T putSignature(String sigFormat, byte[] sigData) { final byte[] sig = new PlainBuffer().putString(sigFormat).putBytes(sigData).getCompactData(); return putString(sig); }
@Test public void shouldHaveSameUInt64EncodingForBigIntegerAndLong() { long[] values = { 0l, 1l, 232634978082517765l, Long.MAX_VALUE - 1, Long.MAX_VALUE }; for (long value : values) { byte[] bytesBigInt = new PlainBuffer().putUInt64(BigInteger.valueOf(value)).getCompactData(); byte[] bytesLong = new PlainBuffer().putUInt64(value).getCompactData(); assertArrayEquals("Value: " + value, bytesLong, bytesBigInt); } }
@Override public boolean verify(String hostname, int port, PublicKey key) { MessageDigest digest; try { digest = SecurityUtils.getMessageDigest(digestAlgorithm); } catch (GeneralSecurityException e) { throw new SSHRuntimeException(e); } digest.update(new Buffer.PlainBuffer().putPublicKey(key).getCompactData()); byte[] digestData = digest.digest(); return Arrays.equals(fingerprintData, digestData); }
protected SSHPacket req(String reqName, Forward forward) throws ConnectionException, TransportException { final byte[] specifics = new Buffer.PlainBuffer().putString(forward.address).putUInt32(forward.port) .getCompactData(); return conn.sendGlobalRequest(reqName, true, specifics) .retrieve(conn.getTimeoutMs(), TimeUnit.MILLISECONDS); }
public static byte[] encode(Map<PTYMode, Integer> modes) { Buffer.PlainBuffer buf = new Buffer.PlainBuffer(); for (Entry<PTYMode, Integer> entry : modes.entrySet()) { buf.putByte(entry.getKey().getOpcode()); buf.putUInt32(entry.getValue()); } buf.putByte((byte) 0); return buf.getCompactData(); }