annotate src/ch/ethz/ssh2/crypto/dh/EcDhExchange.java @ 327:9a657362519c ganymed

pickup compression from trilead
author Carl Byington <carl@five-ten-sg.com>
date Thu, 31 Jul 2014 11:18:21 -0700
parents 1d400fd78e4a
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
1 /**
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
2 *
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
3 */
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
4 package ch.ethz.ssh2.crypto.dh;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
5
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
6 import java.io.IOException;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
7 import java.math.BigInteger;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
8 import java.security.InvalidAlgorithmParameterException;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
9 import java.security.InvalidKeyException;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
10 import java.security.KeyFactory;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
11 import java.security.KeyPair;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
12 import java.security.KeyPairGenerator;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
13 import java.security.NoSuchAlgorithmException;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
14 import java.security.interfaces.ECPrivateKey;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
15 import java.security.interfaces.ECPublicKey;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
16 import java.security.spec.ECParameterSpec;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
17 import java.security.spec.ECPoint;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
18 import java.security.spec.ECPublicKeySpec;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
19 import java.security.spec.InvalidKeySpecException;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
20
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
21 import javax.crypto.KeyAgreement;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
22
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
23 import ch.ethz.ssh2.signature.ECDSASHA2Verify;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
24
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
25 /**
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
26 * @author kenny
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
27 *
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
28 */
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
29 public class EcDhExchange extends GenericDhExchange {
313
1d400fd78e4a add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 309
diff changeset
30
1d400fd78e4a add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 309
diff changeset
31 /* Client public and private */
1d400fd78e4a add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 309
diff changeset
32
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
33 private ECPrivateKey clientPrivate;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
34 private ECPublicKey clientPublic;
313
1d400fd78e4a add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 309
diff changeset
35
1d400fd78e4a add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 309
diff changeset
36 /* Server public */
1d400fd78e4a add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 309
diff changeset
37
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
38 private ECPublicKey serverPublic;
313
1d400fd78e4a add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 309
diff changeset
39 private byte[] f;
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
40
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
41 @Override
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
42 public void init(String name) throws IOException {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
43 final ECParameterSpec spec;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
44
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
45 if ("ecdh-sha2-nistp256".equals(name)) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
46 spec = ECDSASHA2Verify.EllipticCurves.nistp256;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
47 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
48 else if ("ecdh-sha2-nistp384".equals(name)) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
49 spec = ECDSASHA2Verify.EllipticCurves.nistp384;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
50 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
51 else if ("ecdh-sha2-nistp521".equals(name)) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
52 spec = ECDSASHA2Verify.EllipticCurves.nistp521;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
53 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
54 else {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
55 throw new IllegalArgumentException("Unknown EC curve " + name);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
56 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
57
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
58 KeyPairGenerator kpg;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
59
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
60 try {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
61 kpg = KeyPairGenerator.getInstance("EC");
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
62 kpg.initialize(spec);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
63 KeyPair pair = kpg.generateKeyPair();
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
64 clientPrivate = (ECPrivateKey) pair.getPrivate();
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
65 clientPublic = (ECPublicKey) pair.getPublic();
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
66 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
67 catch (NoSuchAlgorithmException e) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
68 throw(IOException) new IOException("No DH keypair generator").initCause(e);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
69 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
70 catch (InvalidAlgorithmParameterException e) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
71 throw(IOException) new IOException("Invalid DH parameters").initCause(e);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
72 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
73 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
74
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
75 @Override
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
76 public byte[] getE() {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
77 return ECDSASHA2Verify.encodeECPoint(clientPublic.getW(), clientPublic.getParams()
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
78 .getCurve());
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
79 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
80
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
81 @Override
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
82 protected byte[] getServerE() {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
83 return ECDSASHA2Verify.encodeECPoint(serverPublic.getW(), serverPublic.getParams()
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
84 .getCurve());
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
85 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
86
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
87 @Override
313
1d400fd78e4a add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 309
diff changeset
88 public byte[] getF() {
1d400fd78e4a add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 309
diff changeset
89 return f;
1d400fd78e4a add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 309
diff changeset
90 }
1d400fd78e4a add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 309
diff changeset
91
1d400fd78e4a add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 309
diff changeset
92 @Override
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
93 public void setF(byte[] f) throws IOException {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
94 if (clientPublic == null)
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
95 throw new IllegalStateException("DhDsaExchange not initialized!");
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
96
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
97 final KeyAgreement ka;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
98
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
99 try {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
100 KeyFactory kf = KeyFactory.getInstance("EC");
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
101 ECParameterSpec params = clientPublic.getParams();
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
102 ECPoint serverPoint = ECDSASHA2Verify.decodeECPoint(f, params.getCurve());
313
1d400fd78e4a add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 309
diff changeset
103 this.f = f;
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
104 this.serverPublic = (ECPublicKey) kf.generatePublic(new ECPublicKeySpec(serverPoint,
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
105 params));
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
106 ka = KeyAgreement.getInstance("ECDH");
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
107 ka.init(clientPrivate);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
108 ka.doPhase(serverPublic, true);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
109 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
110 catch (NoSuchAlgorithmException e) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
111 throw(IOException) new IOException("No ECDH key agreement method").initCause(e);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
112 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
113 catch (InvalidKeyException e) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
114 throw(IOException) new IOException("Invalid ECDH key").initCause(e);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
115 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
116 catch (InvalidKeySpecException e) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
117 throw(IOException) new IOException("Invalid ECDH key").initCause(e);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
118 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
119
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
120 sharedSecret = new BigInteger(ka.generateSecret());
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
121 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
122
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
123 @Override
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
124 public String getHashAlgo() {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
125 return ECDSASHA2Verify.getDigestAlgorithmForParams(clientPublic.getParams());
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
126 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
127 }