diff --git a/src/main/java/com/trilead/ssh2/transport/KexManager.java b/src/main/java/com/trilead/ssh2/transport/KexManager.java index 49d07a28..99eea051 100644 --- a/src/main/java/com/trilead/ssh2/transport/KexManager.java +++ b/src/main/java/com/trilead/ssh2/transport/KexManager.java @@ -897,7 +897,15 @@ public synchronized void handleMessage(byte[] msg, int msglen) throws IOExceptio throw new IllegalStateException("Unkown KEX method! (" + kxs.np.kex_algo + ")"); } + /** + * Returns whether strict key exchange has been negotiated for the current exchange. + * + * @return {@code true} if strict key exchange has been negotiated, or {@code false} + * if negotiation has not completed or strict key exchange is not enabled + */ public boolean isStrictKex() { - return kxs.np.isStrictKex; + KexState currentKex = kxs; + NegotiatedParameters negotiatedParameters = currentKex == null ? null : currentKex.np; + return negotiatedParameters != null && negotiatedParameters.isStrictKex; } } diff --git a/src/test/java/com/trilead/ssh2/transport/KexManagerTest.java b/src/test/java/com/trilead/ssh2/transport/KexManagerTest.java index 5ca9650e..906daec0 100644 --- a/src/test/java/com/trilead/ssh2/transport/KexManagerTest.java +++ b/src/test/java/com/trilead/ssh2/transport/KexManagerTest.java @@ -18,6 +18,7 @@ import java.io.IOException; import java.security.SecureRandom; +import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.hamcrest.MatcherAssert.assertThat; @@ -76,6 +77,13 @@ public void twoKEXCalls_OneOutputPacket() throws Exception { verify(tm, times(1)).sendKexMessage(any()); } + @Test + public void strictKexBeforeNegotiation_ReturnsFalse() throws Exception { + kexManager.initiateKEX(new CryptoWishList(), new DHGexParameters()); + + assertFalse(kexManager.isStrictKex()); + } + @Test public void handlePacket_BeforeKex_NotKexInit_ThrowsException() throws Exception { assertThrows(IOException.class, () -> {