You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by gn...@apache.org on 2014/10/15 23:33:54 UTC

[2/2] git commit: [SSHD-348] Backport SSHD-330 to 0.9.x branch

[SSHD-348] Backport SSHD-330 to 0.9.x branch

Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo
Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/cc7162ac
Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/cc7162ac
Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/cc7162ac

Branch: refs/heads/0.9.x
Commit: cc7162acf7ca89561ca57a9c68de735f17bf168b
Parents: aede198
Author: Guillaume Nodet <gn...@apache.org>
Authored: Wed Oct 15 23:32:23 2014 +0200
Committer: Guillaume Nodet <gn...@apache.org>
Committed: Wed Oct 15 23:33:03 2014 +0200

----------------------------------------------------------------------
 .../main/java/org/apache/sshd/common/kex/DH.java   | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/cc7162ac/sshd-core/src/main/java/org/apache/sshd/common/kex/DH.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/main/java/org/apache/sshd/common/kex/DH.java b/sshd-core/src/main/java/org/apache/sshd/common/kex/DH.java
index 8b05f29..4102e2e 100644
--- a/sshd-core/src/main/java/org/apache/sshd/common/kex/DH.java
+++ b/sshd-core/src/main/java/org/apache/sshd/common/kex/DH.java
@@ -70,7 +70,7 @@ public class DH {
             DHPublicKeySpec keySpec = new DHPublicKeySpec(f, p, g);
             PublicKey yourPubKey = myKeyFac.generatePublic(keySpec);
             myKeyAgree.doPhase(yourPubKey, true);
-            byte[] mySharedSecret = myKeyAgree.generateSecret();
+            byte[] mySharedSecret = stripLeadingZeroes(myKeyAgree.generateSecret());
             K = new BigInteger(mySharedSecret);
             K_array = mySharedSecret;
         }
@@ -100,4 +100,19 @@ public class DH {
     void setF(BigInteger f) {
         this.f = f;
     }
+
+    // The shared secret returned by KeyAgreement.generateSecret() is
+    // a byte array, which can (by chance, roughly 1 out of 256 times)
+    // begin with zero byte (some JCE providers might strip this, though).
+    // In SSH, the shared secret is an integer, so we need to strip
+    // the leading zero(es).
+    private static byte[] stripLeadingZeroes(byte[] x) {
+        int i = 0;
+        while ((i < x.length - 1) && (x[i] == 0)) {
+            i++;
+        }
+        byte[] ret = new byte[x.length - i];
+        System.arraycopy(x, i, ret, 0, ret.length);
+        return ret;
+    }
 }