annotate app/src/main/java/ch/ethz/ssh2/crypto/dh/DhGroupExchange.java @ 513:13a922d1fc5c

update docs
author Carl Byington <carl@five-ten-sg.com>
date Fri, 10 Feb 2023 17:16:47 -0700
parents d29cce60f393
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
1
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
2 package ch.ethz.ssh2.crypto.dh;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
3
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
4 import java.math.BigInteger;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
5 import java.security.SecureRandom;
313
1d400fd78e4a add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 312
diff changeset
6 import java.io.IOException;
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
7
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
8 import ch.ethz.ssh2.DHGexParameters;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
9 import ch.ethz.ssh2.crypto.digest.HashForSSH2Types;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
10
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
11
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
12 /**
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
13 * DhGroupExchange.
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
14 *
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
15 * @author Christian Plattner, plattner@trilead.com
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
16 * @version $Id: DhGroupExchange.java,v 1.1 2007/10/15 12:49:57 cplattne Exp $
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
17 */
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
18 public class DhGroupExchange {
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
19 /* Given by the standard */
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
20
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
21 private BigInteger p;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
22 private BigInteger g;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
23
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 273
diff changeset
24 /* Client public and private */
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
25
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
26 private BigInteger e;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
27 private BigInteger x;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
28
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 273
diff changeset
29 /* Server public */
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
30
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
31 private BigInteger f;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
32
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 273
diff changeset
33 /* Shared secret */
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
34
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
35 private BigInteger k;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
36
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
37 public DhGroupExchange(BigInteger p, BigInteger g) {
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
38 this.p = p;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
39 this.g = g;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
40 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
41
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
42 public void init(SecureRandom rnd) {
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
43 k = null;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
44 x = new BigInteger(p.bitLength() - 1, rnd);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
45 e = g.modPow(x, p);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
46 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
47
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
48 /**
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
49 * @return Returns the e.
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
50 */
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
51 public BigInteger getE() {
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
52 if (e == null)
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
53 throw new IllegalStateException("Not initialized!");
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
54
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
55 return e;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
56 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
57
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
58 /**
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
59 * @return Returns the shared secret k.
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
60 */
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
61 public BigInteger getK() {
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
62 if (k == null)
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
63 throw new IllegalStateException("Shared secret not yet known, need f first!");
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
64
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
65 return k;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
66 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
67
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
68 /**
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
69 * Sets f and calculates the shared secret.
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
70 */
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
71 public void setF(BigInteger f) {
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
72 if (e == null)
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
73 throw new IllegalStateException("Not initialized!");
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
74
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
75 BigInteger zero = BigInteger.valueOf(0);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
76
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
77 if (zero.compareTo(f) >= 0 || p.compareTo(f) <= 0)
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
78 throw new IllegalArgumentException("Invalid f specified!");
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
79
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
80 this.f = f;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
81 this.k = f.modPow(x, p);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
82 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
83
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
84 public byte[] calculateH(String hashAlgo, byte[] clientversion, byte[] serverversion,
312
1442be38051b add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 309
diff changeset
85 byte[] clientKexPayload, byte[] serverKexPayload, byte[] hostKey, DHGexParameters para) throws IOException {
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
86 HashForSSH2Types hash = new HashForSSH2Types(hashAlgo);
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
87 hash.updateByteString(clientversion);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
88 hash.updateByteString(serverversion);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
89 hash.updateByteString(clientKexPayload);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
90 hash.updateByteString(serverKexPayload);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
91 hash.updateByteString(hostKey);
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 273
diff changeset
92
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
93 if (para.getMin_group_len() > 0)
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
94 hash.updateUINT32(para.getMin_group_len());
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 273
diff changeset
95
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
96 hash.updateUINT32(para.getPref_group_len());
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 273
diff changeset
97
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
98 if (para.getMax_group_len() > 0)
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
99 hash.updateUINT32(para.getMax_group_len());
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 273
diff changeset
100
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
101 hash.updateBigInt(p);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
102 hash.updateBigInt(g);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
103 hash.updateBigInt(e);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
104 hash.updateBigInt(f);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
105 hash.updateBigInt(k);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
106 return hash.getDigest();
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
107 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
108 }