Add support for sntrup761x25519-sha512 KEX algorithm.

mwiede · Nov 8, 2024 · 3d2fd88 · 3d2fd88
1 parent b0d1f44
commit 3d2fd88
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 17 deletions.
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -1,3 +1,5 @@
+* [0.2.22](https://github.com/mwiede/jsch/releases/tag/jsch-0.2.22)
+  * Add support for sntrup761x25519-sha512 KEX algorithm.
 * [0.2.21](https://github.com/mwiede/jsch/releases/tag/jsch-0.2.21)
   * [#692](https://github.com/mwiede/jsch/pull/692) Update Deflate.java by @mjmst74.
 * [0.2.20](https://github.com/mwiede/jsch/releases/tag/jsch-0.2.20)

diff --git a/src/main/java/com/jcraft/jsch/JSch.java b/src/main/java/com/jcraft/jsch/JSch.java
@@ -102,6 +102,7 @@ public class JSch {
     config.put("curve25519-sha256", "com.jcraft.jsch.DH25519");
     config.put("curve25519-sha256@libssh.org", "com.jcraft.jsch.DH25519");
     config.put("curve448-sha512", "com.jcraft.jsch.DH448");
+    config.put("sntrup761x25519-sha512", "com.jcraft.jsch.DH25519SNTRUP761");
     config.put("sntrup761x25519-sha512@openssh.com", "com.jcraft.jsch.DH25519SNTRUP761");
 
     config.put("sntrup761", "com.jcraft.jsch.bc.SNTRUP761");
@@ -243,7 +244,7 @@ public class JSch {
         Util.getSystemProperty("jsch.check_ciphers", "chacha20-poly1305@openssh.com"));
     config.put("CheckMacs", Util.getSystemProperty("jsch.check_macs", ""));
     config.put("CheckKexes", Util.getSystemProperty("jsch.check_kexes",
-        "sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512"));
+        "sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512"));
     config.put("CheckSignatures",
         Util.getSystemProperty("jsch.check_signatures", "ssh-ed25519,ssh-ed448"));
     config.put("FingerprintHash", Util.getSystemProperty("jsch.fingerprint_hash", "sha256"));

diff --git a/src/test/java/com/jcraft/jsch/Algorithms4IT.java b/src/test/java/com/jcraft/jsch/Algorithms4IT.java
@@ -57,11 +57,9 @@ public class Algorithms4IT {
           .withFileFromClasspath("ssh_host_ecdsa521_key.pub", "docker/ssh_host_ecdsa521_key.pub")
           .withFileFromClasspath("ssh_host_ed25519_key", "docker/ssh_host_ed25519_key")
           .withFileFromClasspath("ssh_host_ed25519_key.pub", "docker/ssh_host_ed25519_key.pub")
-          .withFileFromClasspath("ssh_host_dsa_key", "docker/ssh_host_dsa_key")
-          .withFileFromClasspath("ssh_host_dsa_key.pub", "docker/ssh_host_dsa_key.pub")
-          .withFileFromClasspath("sshd_config", "docker/sshd_config.openssh96")
+          .withFileFromClasspath("sshd_config", "docker/sshd_config.openssh99")
           .withFileFromClasspath("authorized_keys", "docker/authorized_keys")
-          .withFileFromClasspath("Dockerfile", "docker/Dockerfile.openssh96"))
+          .withFileFromClasspath("Dockerfile", "docker/Dockerfile.openssh99"))
       .withExposedPorts(22);
 
   @BeforeAll
@@ -100,7 +98,7 @@ public static void afterAll() {
   }
 
   @ParameterizedTest
-  @ValueSource(strings = {"sntrup761x25519-sha512@openssh.com"})
+  @ValueSource(strings = {"sntrup761x25519-sha512", "sntrup761x25519-sha512@openssh.com"})
   public void testBCKEXs(String kex) throws Exception {
     JSch ssh = createRSAIdentity();
     Session session = createSession(ssh);

diff --git a/src/test/java/com/jcraft/jsch/StrictKexIT.java b/src/test/java/com/jcraft/jsch/StrictKexIT.java
@@ -58,11 +58,9 @@ public class StrictKexIT {
           .withFileFromClasspath("ssh_host_ecdsa521_key.pub", "docker/ssh_host_ecdsa521_key.pub")
           .withFileFromClasspath("ssh_host_ed25519_key", "docker/ssh_host_ed25519_key")
           .withFileFromClasspath("ssh_host_ed25519_key.pub", "docker/ssh_host_ed25519_key.pub")
-          .withFileFromClasspath("ssh_host_dsa_key", "docker/ssh_host_dsa_key")
-          .withFileFromClasspath("ssh_host_dsa_key.pub", "docker/ssh_host_dsa_key.pub")
-          .withFileFromClasspath("sshd_config", "docker/sshd_config.openssh96")
+          .withFileFromClasspath("sshd_config", "docker/sshd_config.openssh99")
           .withFileFromClasspath("authorized_keys", "docker/authorized_keys")
-          .withFileFromClasspath("Dockerfile", "docker/Dockerfile.openssh96"))
+          .withFileFromClasspath("Dockerfile", "docker/Dockerfile.openssh99"))
       .withExposedPorts(22);
 
   @BeforeAll

diff --git a/...est/resources/docker/Dockerfile.openssh96 → ...est/resources/docker/Dockerfile.openssh99 b/...est/resources/docker/Dockerfile.openssh96 → ...est/resources/docker/Dockerfile.openssh99
@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:edge
 RUN apk update && \
     apk upgrade && \
     apk add openssh && \
@@ -15,8 +15,6 @@ COPY ssh_host_ecdsa521_key /etc/ssh/
 COPY ssh_host_ecdsa521_key.pub /etc/ssh/
 COPY ssh_host_ed25519_key /etc/ssh/
 COPY ssh_host_ed25519_key.pub /etc/ssh/
-COPY ssh_host_dsa_key /etc/ssh/
-COPY ssh_host_dsa_key.pub /etc/ssh/
 COPY sshd_config /etc/ssh/
 COPY authorized_keys /root/.ssh/
 RUN chmod 600 /etc/ssh/ssh_*_key /root/.ssh/authorized_keys

diff --git a/...st/resources/docker/sshd_config.openssh96 → ...st/resources/docker/sshd_config.openssh99 b/...st/resources/docker/sshd_config.openssh96 → ...st/resources/docker/sshd_config.openssh99
@@ -3,7 +3,7 @@ HostbasedAuthentication no
 PasswordAuthentication no
 PubkeyAuthentication yes
 AuthenticationMethods publickey
-PubkeyAcceptedAlgorithms ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
+PubkeyAcceptedAlgorithms ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 UseDNS no
 PrintMotd no
 PermitRootLogin yes
@@ -13,9 +13,8 @@ HostKey /etc/ssh/ssh_host_ecdsa384_key
 HostKey /etc/ssh/ssh_host_ecdsa521_key
 HostKey /etc/ssh/ssh_host_ed25519_key
 HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
-KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
-HostKeyAlgorithms ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
+KexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
+HostKeyAlgorithms ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc
 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-sha1-96-etm@openssh.com,hmac-sha1-96,hmac-md5-etm@openssh.com,hmac-md5,hmac-md5-96-etm@openssh.com,hmac-md5-96
 LogLevel DEBUG3