[dumload.git] / src / com / jcraft / jsch / DHGEX.java

/* -*-mode:java; c-basic-offset:2; indent-tabs-mode:nil -*- */
/*
Copyright (c) 2002-2010 ymnk, JCraft,Inc. All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice,
     this list of conditions and the following disclaimer.

  2. Redistributions in binary form must reproduce the above copyright 
     notice, this list of conditions and the following disclaimer in 
     the documentation and/or other materials provided with the distribution.

  3. The names of the authors may not be used to endorse or promote products
     derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,
INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/

package com.jcraft.jsch;

public class DHGEX extends KeyExchange{

  private static final int SSH_MSG_KEX_DH_GEX_GROUP=               31;
  private static final int SSH_MSG_KEX_DH_GEX_INIT=                32;
  private static final int SSH_MSG_KEX_DH_GEX_REPLY=               33;
  private static final int SSH_MSG_KEX_DH_GEX_REQUEST=             34;

  static int min=1024;

//  static int min=512;
  static int preferred=1024;
  static int max=1024;

//  static int preferred=1024;
//  static int max=2000;

  static final int RSA=0;
  static final int DSS=1;
  private int type=0;

  private int state;

//  com.jcraft.jsch.DH dh;
  DH dh;

  byte[] V_S;
  byte[] V_C;
  byte[] I_S;
  byte[] I_C;

  private Buffer buf;
  private Packet packet;

  private byte[] p;
  private byte[] g;
  private byte[] e;
  //private byte[] f;

  public void init(Session session,
		   byte[] V_S, byte[] V_C, byte[] I_S, byte[] I_C) throws Exception{
    this.session=session;
    this.V_S=V_S;      
    this.V_C=V_C;      
    this.I_S=I_S;      
    this.I_C=I_C;      

    try{
      Class c=Class.forName(session.getConfig("sha-1"));
      sha=(HASH)(c.newInstance());
      sha.init();
    }
    catch(Exception e){
      System.err.println(e);
    }

    buf=new Buffer();
    packet=new Packet(buf);

    try{
      Class c=Class.forName(session.getConfig("dh"));
      dh=(com.jcraft.jsch.DH)(c.newInstance());
      dh.init();
    }
    catch(Exception e){
//      System.err.println(e);
      throw e;
    }

    packet.reset();
    buf.putByte((byte)SSH_MSG_KEX_DH_GEX_REQUEST);
    buf.putInt(min);
    buf.putInt(preferred);
    buf.putInt(max);
    session.write(packet); 

    if(JSch.getLogger().isEnabled(Logger.INFO)){
      JSch.getLogger().log(Logger.INFO, 
                           "SSH_MSG_KEX_DH_GEX_REQUEST("+min+"<"+preferred+"<"+max+") sent");
      JSch.getLogger().log(Logger.INFO, 
                           "expecting SSH_MSG_KEX_DH_GEX_GROUP");
    }

    state=SSH_MSG_KEX_DH_GEX_GROUP;
  }

  public boolean next(Buffer _buf) throws Exception{
    int i,j;
    switch(state){
    case SSH_MSG_KEX_DH_GEX_GROUP:
      // byte  SSH_MSG_KEX_DH_GEX_GROUP(31)
      // mpint p, safe prime
      // mpint g, generator for subgroup in GF (p)
      _buf.getInt();
      _buf.getByte();
      j=_buf.getByte();
      if(j!=SSH_MSG_KEX_DH_GEX_GROUP){
	System.err.println("type: must be SSH_MSG_KEX_DH_GEX_GROUP "+j);
	return false;
      }

      p=_buf.getMPInt();
      g=_buf.getMPInt();
      /*
for(int iii=0; iii<p.length; iii++){
System.err.println("0x"+Integer.toHexString(p[iii]&0xff)+",");
}
System.err.println("");
for(int iii=0; iii<g.length; iii++){
System.err.println("0x"+Integer.toHexString(g[iii]&0xff)+",");
}
      */
      dh.setP(p);
      dh.setG(g);

      // The client responds with:
      // byte  SSH_MSG_KEX_DH_GEX_INIT(32)
      // mpint e <- g^x mod p
      //         x is a random number (1 < x < (p-1)/2)

      e=dh.getE();

      packet.reset();
      buf.putByte((byte)SSH_MSG_KEX_DH_GEX_INIT);
      buf.putMPInt(e);
      session.write(packet);

      if(JSch.getLogger().isEnabled(Logger.INFO)){
        JSch.getLogger().log(Logger.INFO, 
                             "SSH_MSG_KEX_DH_GEX_INIT sent");
        JSch.getLogger().log(Logger.INFO, 
                             "expecting SSH_MSG_KEX_DH_GEX_REPLY");
      }

      state=SSH_MSG_KEX_DH_GEX_REPLY;
      return true;
      //break;

    case SSH_MSG_KEX_DH_GEX_REPLY:
      // The server responds with:
      // byte      SSH_MSG_KEX_DH_GEX_REPLY(33)
      // string    server public host key and certificates (K_S)
      // mpint     f
      // string    signature of H
      j=_buf.getInt();
      j=_buf.getByte();
      j=_buf.getByte();
      if(j!=SSH_MSG_KEX_DH_GEX_REPLY){
	System.err.println("type: must be SSH_MSG_KEX_DH_GEX_REPLY "+j);
	return false;
      }

      K_S=_buf.getString();
      // K_S is server_key_blob, which includes ....
      // string ssh-dss
      // impint p of dsa
      // impint q of dsa
      // impint g of dsa
      // impint pub_key of dsa
      //System.err.print("K_S: "); dump(K_S, 0, K_S.length);

      byte[] f=_buf.getMPInt();
      byte[] sig_of_H=_buf.getString();

      dh.setF(f);
      K=dh.getK();

      //The hash H is computed as the HASH hash of the concatenation of the
      //following:
      // string    V_C, the client's version string (CR and NL excluded)
      // string    V_S, the server's version string (CR and NL excluded)
      // string    I_C, the payload of the client's SSH_MSG_KEXINIT
      // string    I_S, the payload of the server's SSH_MSG_KEXINIT
      // string    K_S, the host key
      // uint32    min, minimal size in bits of an acceptable group
      // uint32   n, preferred size in bits of the group the server should send
      // uint32    max, maximal size in bits of an acceptable group
      // mpint     p, safe prime
      // mpint     g, generator for subgroup
      // mpint     e, exchange value sent by the client
      // mpint     f, exchange value sent by the server
      // mpint     K, the shared secret
      // This value is called the exchange hash, and it is used to authenti-
      // cate the key exchange.

      buf.reset();
      buf.putString(V_C); buf.putString(V_S);
      buf.putString(I_C); buf.putString(I_S);
      buf.putString(K_S);
      buf.putInt(min); buf.putInt(preferred); buf.putInt(max);
      buf.putMPInt(p); buf.putMPInt(g); buf.putMPInt(e); buf.putMPInt(f);
      buf.putMPInt(K);

      byte[] foo=new byte[buf.getLength()];
      buf.getByte(foo);
      sha.update(foo, 0, foo.length);

      H=sha.digest();

      // System.err.print("H -> "); dump(H, 0, H.length);

      i=0;
      j=0;
      j=((K_S[i++]<<24)&0xff000000)|((K_S[i++]<<16)&0x00ff0000)|
	((K_S[i++]<<8)&0x0000ff00)|((K_S[i++])&0x000000ff);
      String alg=Util.byte2str(K_S, i, j);
      i+=j;

      boolean result=false;
      if(alg.equals("ssh-rsa")){
	byte[] tmp;
	byte[] ee;
	byte[] n;
	
	type=RSA;

	j=((K_S[i++]<<24)&0xff000000)|((K_S[i++]<<16)&0x00ff0000)|
	  ((K_S[i++]<<8)&0x0000ff00)|((K_S[i++])&0x000000ff);
	tmp=new byte[j]; System.arraycopy(K_S, i, tmp, 0, j); i+=j;
	ee=tmp;
	j=((K_S[i++]<<24)&0xff000000)|((K_S[i++]<<16)&0x00ff0000)|
	  ((K_S[i++]<<8)&0x0000ff00)|((K_S[i++])&0x000000ff);
	tmp=new byte[j]; System.arraycopy(K_S, i, tmp, 0, j); i+=j;
	n=tmp;

//	SignatureRSA sig=new SignatureRSA();
//	sig.init();

	SignatureRSA sig=null;
	try{
	  Class c=Class.forName(session.getConfig("signature.rsa"));
	  sig=(SignatureRSA)(c.newInstance());
	  sig.init();
	}
	catch(Exception e){
	  System.err.println(e);
	}

	sig.setPubKey(ee, n);   
	sig.update(H);
	result=sig.verify(sig_of_H);

        if(JSch.getLogger().isEnabled(Logger.INFO)){
          JSch.getLogger().log(Logger.INFO, 
                               "ssh_rsa_verify: signature "+result);
        }

      }
      else if(alg.equals("ssh-dss")){
	byte[] q=null;
	byte[] tmp;

	type=DSS;

	j=((K_S[i++]<<24)&0xff000000)|((K_S[i++]<<16)&0x00ff0000)|
	  ((K_S[i++]<<8)&0x0000ff00)|((K_S[i++])&0x000000ff);
	tmp=new byte[j]; System.arraycopy(K_S, i, tmp, 0, j); i+=j;
	p=tmp;
	j=((K_S[i++]<<24)&0xff000000)|((K_S[i++]<<16)&0x00ff0000)|
	  ((K_S[i++]<<8)&0x0000ff00)|((K_S[i++])&0x000000ff);
	tmp=new byte[j]; System.arraycopy(K_S, i, tmp, 0, j); i+=j;
	q=tmp;
	j=((K_S[i++]<<24)&0xff000000)|((K_S[i++]<<16)&0x00ff0000)|
	  ((K_S[i++]<<8)&0x0000ff00)|((K_S[i++])&0x000000ff);
	tmp=new byte[j]; System.arraycopy(K_S, i, tmp, 0, j); i+=j;
	g=tmp;
	j=((K_S[i++]<<24)&0xff000000)|((K_S[i++]<<16)&0x00ff0000)|
	  ((K_S[i++]<<8)&0x0000ff00)|((K_S[i++])&0x000000ff);
	tmp=new byte[j]; System.arraycopy(K_S, i, tmp, 0, j); i+=j;
	f=tmp;
	
//	SignatureDSA sig=new SignatureDSA();
//	sig.init();

	SignatureDSA sig=null;
	try{
	  Class c=Class.forName(session.getConfig("signature.dss"));
	  sig=(SignatureDSA)(c.newInstance());
	  sig.init();
	}
	catch(Exception e){
	  System.err.println(e);
	}

	sig.setPubKey(f, p, q, g);   
	sig.update(H);
	result=sig.verify(sig_of_H);

        if(JSch.getLogger().isEnabled(Logger.INFO)){
          JSch.getLogger().log(Logger.INFO, 
                               "ssh_dss_verify: signature "+result);
        }

      }
      else{
	System.err.println("unknown alg");
      }	    
      state=STATE_END;
      return result;
    }
    return false;
  }

  public String getKeyType(){
    if(type==DSS) return "DSA";
    return "RSA";
  }

  public int getState(){return state; }
}
Commit	Line	Data
0763e16d JW	1	/* --mode:java; c-basic-offset:2; indent-tabs-mode:nil -- */
	2	/*
	3	Copyright (c) 2002-2010 ymnk, JCraft,Inc. All rights reserved.
	4
	5	Redistribution and use in source and binary forms, with or without
	6	modification, are permitted provided that the following conditions are met:
	7
	8	1. Redistributions of source code must retain the above copyright notice,
	9	this list of conditions and the following disclaimer.
	10
	11	2. Redistributions in binary form must reproduce the above copyright
	12	notice, this list of conditions and the following disclaimer in
	13	the documentation and/or other materials provided with the distribution.
	14
	15	3. The names of the authors may not be used to endorse or promote products
	16	derived from this software without specific prior written permission.
	17
	18	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
	19	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
	20	FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,
	21	INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
	22	INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
	23	LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
	24	OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
	25	LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	26	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	27	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	28	*/
	29
	30	package com.jcraft.jsch;
	31
	32	public class DHGEX extends KeyExchange{
	33
	34	private static final int SSH_MSG_KEX_DH_GEX_GROUP= 31;
	35	private static final int SSH_MSG_KEX_DH_GEX_INIT= 32;
	36	private static final int SSH_MSG_KEX_DH_GEX_REPLY= 33;
	37	private static final int SSH_MSG_KEX_DH_GEX_REQUEST= 34;
	38
	39	static int min=1024;
	40
	41	// static int min=512;
	42	static int preferred=1024;
	43	static int max=1024;
	44
	45	// static int preferred=1024;
	46	// static int max=2000;
	47
	48	static final int RSA=0;
	49	static final int DSS=1;
	50	private int type=0;
	51
	52	private int state;
	53
	54	// com.jcraft.jsch.DH dh;
	55	DH dh;
	56
	57	byte[] V_S;
	58	byte[] V_C;
	59	byte[] I_S;
	60	byte[] I_C;
	61
	62	private Buffer buf;
	63	private Packet packet;
	64
65	private byte[] p;
66	private byte[] g;
67	private byte[] e;
68	//private byte[] f;
69
70	public void init(Session session,
71	byte[] V_S, byte[] V_C, byte[] I_S, byte[] I_C) throws Exception{
72	this.session=session;
73	this.V_S=V_S;
74	this.V_C=V_C;
75	this.I_S=I_S;
76	this.I_C=I_C;
77
78	try{
79	Class c=Class.forName(session.getConfig("sha-1"));
80	sha=(HASH)(c.newInstance());
81	sha.init();
82	}
83	catch(Exception e){
84	System.err.println(e);
85	}
86
87	buf=new Buffer();
88	packet=new Packet(buf);
89
90	try{
91	Class c=Class.forName(session.getConfig("dh"));
92	dh=(com.jcraft.jsch.DH)(c.newInstance());
93	dh.init();
94	}
95	catch(Exception e){
96	// System.err.println(e);
97	throw e;
98	}
99
100	packet.reset();
101	buf.putByte((byte)SSH_MSG_KEX_DH_GEX_REQUEST);
102	buf.putInt(min);
103	buf.putInt(preferred);
104	buf.putInt(max);
105	session.write(packet);
106
107	if(JSch.getLogger().isEnabled(Logger.INFO)){
108	JSch.getLogger().log(Logger.INFO,
109	"SSH_MSG_KEX_DH_GEX_REQUEST("+min+"<"+preferred+"<"+max+") sent");
110	JSch.getLogger().log(Logger.INFO,
111	"expecting SSH_MSG_KEX_DH_GEX_GROUP");
112	}
113
114	state=SSH_MSG_KEX_DH_GEX_GROUP;
115	}
116
117	public boolean next(Buffer _buf) throws Exception{
118	int i,j;
119	switch(state){
120	case SSH_MSG_KEX_DH_GEX_GROUP:
121	// byte SSH_MSG_KEX_DH_GEX_GROUP(31)
122	// mpint p, safe prime
123	// mpint g, generator for subgroup in GF (p)
124	_buf.getInt();
125	_buf.getByte();
126	j=_buf.getByte();
127	if(j!=SSH_MSG_KEX_DH_GEX_GROUP){
128	System.err.println("type: must be SSH_MSG_KEX_DH_GEX_GROUP "+j);
129	return false;
130	}
131
132	p=_buf.getMPInt();
133	g=_buf.getMPInt();
134	/*
135	for(int iii=0; iii<p.length; iii++){
136	System.err.println("0x"+Integer.toHexString(p[iii]&0xff)+",");
137	}
138	System.err.println("");
139	for(int iii=0; iii<g.length; iii++){
140	System.err.println("0x"+Integer.toHexString(g[iii]&0xff)+",");
141	}
142	*/
143	dh.setP(p);
144	dh.setG(g);
145
146	// The client responds with:
147	// byte SSH_MSG_KEX_DH_GEX_INIT(32)
148	// mpint e <- g^x mod p
149	// x is a random number (1 < x < (p-1)/2)
150
151	e=dh.getE();
152
153	packet.reset();
154	buf.putByte((byte)SSH_MSG_KEX_DH_GEX_INIT);
155	buf.putMPInt(e);
156	session.write(packet);
157
158	if(JSch.getLogger().isEnabled(Logger.INFO)){
159	JSch.getLogger().log(Logger.INFO,
160	"SSH_MSG_KEX_DH_GEX_INIT sent");
161	JSch.getLogger().log(Logger.INFO,
162	"expecting SSH_MSG_KEX_DH_GEX_REPLY");
163	}
164
165	state=SSH_MSG_KEX_DH_GEX_REPLY;
166	return true;
167	//break;
168
169	case SSH_MSG_KEX_DH_GEX_REPLY:
170	// The server responds with:
171	// byte SSH_MSG_KEX_DH_GEX_REPLY(33)
172	// string server public host key and certificates (K_S)
173	// mpint f
174	// string signature of H
175	j=_buf.getInt();
176	j=_buf.getByte();
177	j=_buf.getByte();
178	if(j!=SSH_MSG_KEX_DH_GEX_REPLY){
179	System.err.println("type: must be SSH_MSG_KEX_DH_GEX_REPLY "+j);
180	return false;
181	}
182
183	K_S=_buf.getString();
184	// K_S is server_key_blob, which includes ....
185	// string ssh-dss
186	// impint p of dsa
187	// impint q of dsa
188	// impint g of dsa
189	// impint pub_key of dsa
190	//System.err.print("K_S: "); dump(K_S, 0, K_S.length);
191
192	byte[] f=_buf.getMPInt();
193	byte[] sig_of_H=_buf.getString();
194
195	dh.setF(f);
196	K=dh.getK();
197
198	//The hash H is computed as the HASH hash of the concatenation of the
199	//following:
200	// string V_C, the client's version string (CR and NL excluded)
201	// string V_S, the server's version string (CR and NL excluded)
202	// string I_C, the payload of the client's SSH_MSG_KEXINIT
203	// string I_S, the payload of the server's SSH_MSG_KEXINIT
204	// string K_S, the host key
205	// uint32 min, minimal size in bits of an acceptable group
206	// uint32 n, preferred size in bits of the group the server should send
207	// uint32 max, maximal size in bits of an acceptable group
208	// mpint p, safe prime
209	// mpint g, generator for subgroup
210	// mpint e, exchange value sent by the client
211	// mpint f, exchange value sent by the server
212	// mpint K, the shared secret
213	// This value is called the exchange hash, and it is used to authenti-
214	// cate the key exchange.
215
216	buf.reset();
217	buf.putString(V_C); buf.putString(V_S);
218	buf.putString(I_C); buf.putString(I_S);
219	buf.putString(K_S);
220	buf.putInt(min); buf.putInt(preferred); buf.putInt(max);
221	buf.putMPInt(p); buf.putMPInt(g); buf.putMPInt(e); buf.putMPInt(f);
222	buf.putMPInt(K);
223
224	byte[] foo=new byte[buf.getLength()];
225	buf.getByte(foo);
226	sha.update(foo, 0, foo.length);
227
228	H=sha.digest();
229
230	// System.err.print("H -> "); dump(H, 0, H.length);
231
232	i=0;
233	j=0;
234	j=((K_S[i++]<<24)&0xff000000)\|((K_S[i++]<<16)&0x00ff0000)\|
235	((K_S[i++]<<8)&0x0000ff00)\|((K_S[i++])&0x000000ff);
236	String alg=Util.byte2str(K_S, i, j);
237	i+=j;
238
239	boolean result=false;
240	if(alg.equals("ssh-rsa")){
241	byte[] tmp;
242	byte[] ee;
243	byte[] n;
244
245	type=RSA;
246
247	j=((K_S[i++]<<24)&0xff000000)\|((K_S[i++]<<16)&0x00ff0000)\|
248	((K_S[i++]<<8)&0x0000ff00)\|((K_S[i++])&0x000000ff);
249	tmp=new byte[j]; System.arraycopy(K_S, i, tmp, 0, j); i+=j;
250	ee=tmp;
251	j=((K_S[i++]<<24)&0xff000000)\|((K_S[i++]<<16)&0x00ff0000)\|
252	((K_S[i++]<<8)&0x0000ff00)\|((K_S[i++])&0x000000ff);
253	tmp=new byte[j]; System.arraycopy(K_S, i, tmp, 0, j); i+=j;
254	n=tmp;
255
256	// SignatureRSA sig=new SignatureRSA();
257	// sig.init();
258
259	SignatureRSA sig=null;
260	try{
261	Class c=Class.forName(session.getConfig("signature.rsa"));
262	sig=(SignatureRSA)(c.newInstance());
263	sig.init();
264	}
265	catch(Exception e){
266	System.err.println(e);
267	}
268
269	sig.setPubKey(ee, n);
270	sig.update(H);
271	result=sig.verify(sig_of_H);
272
273	if(JSch.getLogger().isEnabled(Logger.INFO)){
274	JSch.getLogger().log(Logger.INFO,
275	"ssh_rsa_verify: signature "+result);
276	}
277
278	}
279	else if(alg.equals("ssh-dss")){
280	byte[] q=null;
281	byte[] tmp;
282
283	type=DSS;
284
285	j=((K_S[i++]<<24)&0xff000000)\|((K_S[i++]<<16)&0x00ff0000)\|
286	((K_S[i++]<<8)&0x0000ff00)\|((K_S[i++])&0x000000ff);
287	tmp=new byte[j]; System.arraycopy(K_S, i, tmp, 0, j); i+=j;
288	p=tmp;
289	j=((K_S[i++]<<24)&0xff000000)\|((K_S[i++]<<16)&0x00ff0000)\|
290	((K_S[i++]<<8)&0x0000ff00)\|((K_S[i++])&0x000000ff);
291	tmp=new byte[j]; System.arraycopy(K_S, i, tmp, 0, j); i+=j;
292	q=tmp;
293	j=((K_S[i++]<<24)&0xff000000)\|((K_S[i++]<<16)&0x00ff0000)\|
294	((K_S[i++]<<8)&0x0000ff00)\|((K_S[i++])&0x000000ff);
295	tmp=new byte[j]; System.arraycopy(K_S, i, tmp, 0, j); i+=j;
296	g=tmp;
297	j=((K_S[i++]<<24)&0xff000000)\|((K_S[i++]<<16)&0x00ff0000)\|
298	((K_S[i++]<<8)&0x0000ff00)\|((K_S[i++])&0x000000ff);
299	tmp=new byte[j]; System.arraycopy(K_S, i, tmp, 0, j); i+=j;
300	f=tmp;
301
302	// SignatureDSA sig=new SignatureDSA();
303	// sig.init();
304
305	SignatureDSA sig=null;
306	try{
307	Class c=Class.forName(session.getConfig("signature.dss"));
308	sig=(SignatureDSA)(c.newInstance());
309	sig.init();
310	}
311	catch(Exception e){
312	System.err.println(e);
313	}
314
315	sig.setPubKey(f, p, q, g);
316	sig.update(H);
317	result=sig.verify(sig_of_H);
318
319	if(JSch.getLogger().isEnabled(Logger.INFO)){
320	JSch.getLogger().log(Logger.INFO,
321	"ssh_dss_verify: signature "+result);
322	}
323
324	}
325	else{
326	System.err.println("unknown alg");
327	}
328	state=STATE_END;
329	return result;
330	}
331	return false;
332	}
333
334	public String getKeyType(){
335	if(type==DSS) return "DSA";
336	return "RSA";
337	}
338
339	public int getState(){return state; }
340	}