[SSHD-846] Re-use original curve (if provided) when returning ECDH used digest
Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/14ef05ad Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/14ef05ad Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/14ef05ad Branch: refs/heads/master Commit: 14ef05adfd4f8c3262aa7b8560025048af68351a Parents: 9335f22 Author: Goldstein Lyor <[email protected]> Authored: Tue Oct 2 09:17:28 2018 +0300 Committer: Lyor Goldstein <[email protected]> Committed: Wed Oct 3 20:05:17 2018 +0300 ---------------------------------------------------------------------- .../main/java/org/apache/sshd/common/kex/ECDH.java | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/14ef05ad/sshd-core/src/main/java/org/apache/sshd/common/kex/ECDH.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/common/kex/ECDH.java b/sshd-core/src/main/java/org/apache/sshd/common/kex/ECDH.java index f5b5070..16f9b25 100644 --- a/sshd-core/src/main/java/org/apache/sshd/common/kex/ECDH.java +++ b/sshd-core/src/main/java/org/apache/sshd/common/kex/ECDH.java @@ -40,6 +40,9 @@ import org.apache.sshd.common.util.security.SecurityUtils; * @author <a href="mailto:[email protected]";>Apache MINA SSHD Project</a> */ public class ECDH extends AbstractDH { + public static final String KEX_TYPE = "ECDH"; + + private ECCurves curve; private ECParameterSpec params; private ECPoint f; @@ -53,10 +56,11 @@ public class ECDH extends AbstractDH { public ECDH(ECCurves curve) throws Exception { this(Objects.requireNonNull(curve, "No known curve instance provided").getParameters()); + this.curve = curve; } public ECDH(ECParameterSpec paramSpec) throws Exception { - myKeyAgree = SecurityUtils.getKeyAgreement("ECDH"); + myKeyAgree = SecurityUtils.getKeyAgreement(KEX_TYPE); params = paramSpec; // do not check for null-ity since in some cases it can be } @@ -76,8 +80,9 @@ public class ECDH extends AbstractDH { @Override protected byte[] calculateK() throws Exception { Objects.requireNonNull(params, "No ECParameterSpec(s)"); - KeyFactory myKeyFac = SecurityUtils.getKeyFactory(KeyUtils.EC_ALGORITHM); + Objects.requireNonNull(f, "Missing 'f' value"); ECPublicKeySpec keySpec = new ECPublicKeySpec(f, params); + KeyFactory myKeyFac = SecurityUtils.getKeyFactory(KeyUtils.EC_ALGORITHM); PublicKey yourPubKey = myKeyFac.generatePublic(keySpec); myKeyAgree.doPhase(yourPubKey, true); return stripLeadingZeroes(myKeyAgree.generateSecret()); @@ -90,13 +95,17 @@ public class ECDH extends AbstractDH { @Override public void setF(byte[] f) { Objects.requireNonNull(params, "No ECParameterSpec(s)"); + Objects.requireNonNull(f, "No 'f' value specified"); this.f = ECCurves.octetStringToEcPoint(f); } @Override public Digest getHash() throws Exception { - Objects.requireNonNull(params, "No ECParameterSpec(s)"); - ECCurves curve = Objects.requireNonNull(ECCurves.fromCurveParameters(params), "Unknown curve parameters"); + if (curve == null) { + Objects.requireNonNull(params, "No ECParameterSpec(s)"); + curve = Objects.requireNonNull(ECCurves.fromCurveParameters(params), "Unknown curve parameters"); + } + return curve.getDigestForParams(); } }
