[SSHD-846] Validate non-null 'f' value during DH KEX
Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/dd542ce3 Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/dd542ce3 Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/dd542ce3 Branch: refs/heads/master Commit: dd542ce316e4eb4846698d885f9a52ceb2625367 Parents: 14ef05a Author: Goldstein Lyor <[email protected]> Authored: Tue Oct 2 09:18:09 2018 +0300 Committer: Lyor Goldstein <[email protected]> Committed: Wed Oct 3 20:05:17 2018 +0300 ---------------------------------------------------------------------- .../src/main/java/org/apache/sshd/client/kex/DHGClient.java | 2 +- sshd-core/src/main/java/org/apache/sshd/common/kex/DHG.java | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/dd542ce3/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java b/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java index be18517..337c956 100644 --- a/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java +++ b/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java @@ -106,7 +106,7 @@ public class DHGClient extends AbstractDHClientKeyExchange { } if (cmd != SshConstants.SSH_MSG_KEXDH_REPLY) { throw new SshException(SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED, - "Protocol error: expected packet SSH_MSG_KEXDH_REPLY, got " + KeyExchange.getSimpleKexOpcodeName(cmd)); + "Protocol error: expected packet SSH_MSG_KEXDH_REPLY, got " + KeyExchange.getSimpleKexOpcodeName(cmd)); } byte[] k_s = buffer.getBytes(); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/dd542ce3/sshd-core/src/main/java/org/apache/sshd/common/kex/DHG.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/common/kex/DHG.java b/sshd-core/src/main/java/org/apache/sshd/common/kex/DHG.java index 6cc1cb8..97f69be 100644 --- a/sshd-core/src/main/java/org/apache/sshd/common/kex/DHG.java +++ b/sshd-core/src/main/java/org/apache/sshd/common/kex/DHG.java @@ -23,6 +23,7 @@ import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PublicKey; +import java.util.Objects; import javax.crypto.interfaces.DHPublicKey; import javax.crypto.spec.DHParameterSpec; @@ -38,6 +39,8 @@ import org.apache.sshd.common.util.security.SecurityUtils; * @author <a href="mailto:[email protected]";>Apache MINA SSHD Project</a> */ public class DHG extends AbstractDH { + public static final String KEX_TYPE = "DH"; + private BigInteger p; private BigInteger g; private BigInteger f; // your public key @@ -48,7 +51,7 @@ public class DHG extends AbstractDH { } public DHG(Factory<? extends Digest> digestFactory, BigInteger pValue, BigInteger gValue) throws Exception { - myKeyAgree = SecurityUtils.getKeyAgreement("DH"); + myKeyAgree = SecurityUtils.getKeyAgreement(KEX_TYPE); factory = digestFactory; p = pValue; // do not check for null-ity since in some cases it can be g = gValue; // do not check for null-ity since in some cases it can be @@ -69,6 +72,7 @@ public class DHG extends AbstractDH { @Override protected byte[] calculateK() throws Exception { + Objects.requireNonNull(f, "Missing 'f' value"); DHPublicKeySpec keySpec = new DHPublicKeySpec(f, p, g); KeyFactory myKeyFac = SecurityUtils.getKeyFactory("DH"); PublicKey yourPubKey = myKeyFac.generatePublic(keySpec); @@ -106,7 +110,7 @@ public class DHG extends AbstractDH { } public void setF(BigInteger f) { - this.f = f; + this.f = Objects.requireNonNull(f, "No 'f' value specified"); } @Override
