annotate src/ch/ethz/ssh2/crypto/dh/DhExchange.java @ 309:cb179051f0f2 ganymed

add ecdsa key support everywhere
author Carl Byington <carl@five-ten-sg.com>
date Wed, 30 Jul 2014 14:29:39 -0700
parents 071eccdff8ea
children 1d400fd78e4a
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
1 /**
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
2 *
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
3 */
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
4 package ch.ethz.ssh2.crypto.dh;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
5
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
6 import java.io.IOException;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
7 import java.math.BigInteger;
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
8 import java.security.InvalidAlgorithmParameterException;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
9 import java.security.InvalidKeyException;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
10 import java.security.KeyFactory;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
11 import java.security.KeyPair;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
12 import java.security.KeyPairGenerator;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
13 import java.security.NoSuchAlgorithmException;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
14 import java.security.spec.InvalidKeySpecException;
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
15
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
16 import javax.crypto.KeyAgreement;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
17 import javax.crypto.interfaces.DHPrivateKey;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
18 import javax.crypto.interfaces.DHPublicKey;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
19 import javax.crypto.spec.DHParameterSpec;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
20 import javax.crypto.spec.DHPublicKeySpec;
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
21
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
22 /**
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
23 * @author kenny
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
24 *
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
25 */
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
26 public class DhExchange extends GenericDhExchange {
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
27
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 273
diff changeset
28 /* Given by the standard */
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
29
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
30 private static final BigInteger P1 = new BigInteger(
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
31 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
32 + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
33 + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
34 + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
35 + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381"
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
36 + "FFFFFFFFFFFFFFFF", 16);
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
37
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
38 private static final BigInteger P14 = new BigInteger(
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
39 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
40 + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
41 + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
42 + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
43 + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
44 + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
45 + "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
46 + "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
47 + "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
48 + "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
49 + "15728E5A8AACAA68FFFFFFFFFFFFFFFF", 16);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
50
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
51 private static final BigInteger G = BigInteger.valueOf(2);
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
52
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 273
diff changeset
53 /* Client public and private */
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
54
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
55 private DHPrivateKey clientPrivate;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
56 private DHPublicKey clientPublic;
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
57
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
58 /* Server public */
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
59
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
60 private DHPublicKey serverPublic;
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
61
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
62 @Override
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
63 public void init(String name) throws IOException {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
64 final DHParameterSpec spec;
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
65
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
66 if ("diffie-hellman-group1-sha1".equals(name)) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
67 spec = new DHParameterSpec(P1, G);
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
68 }
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
69 else if ("diffie-hellman-group14-sha1".equals(name)) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
70 spec = new DHParameterSpec(P14, G);
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
71 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
72 else {
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
73 throw new IllegalArgumentException("Unknown DH group " + name);
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
74 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
75
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
76 try {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
77 KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH");
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
78 kpg.initialize(spec);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
79 KeyPair pair = kpg.generateKeyPair();
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
80 clientPrivate = (DHPrivateKey) pair.getPrivate();
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
81 clientPublic = (DHPublicKey) pair.getPublic();
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
82 }
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
83 catch (NoSuchAlgorithmException e) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
84 throw(IOException) new IOException("No DH keypair generator").initCause(e);
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
85 }
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
86 catch (InvalidAlgorithmParameterException e) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
87 throw(IOException) new IOException("Invalid DH parameters").initCause(e);
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
88 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
89 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
90
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
91 @Override
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
92 public byte[] getE() {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
93 if (clientPublic == null)
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
94 throw new IllegalStateException("DhExchange not initialized!");
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
95
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
96 return clientPublic.getY().toByteArray();
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
97 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
98
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
99 @Override
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
100 protected byte[] getServerE() {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
101 if (serverPublic == null)
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
102 throw new IllegalStateException("DhExchange not initialized!");
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
103
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
104 return serverPublic.getY().toByteArray();
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
105 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
106
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
107 @Override
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
108 public void setF(byte[] f) throws IOException {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
109 if (clientPublic == null)
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
110 throw new IllegalStateException("DhExchange not initialized!");
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
111
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
112 final KeyAgreement ka;
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
113
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
114 try {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
115 KeyFactory kf = KeyFactory.getInstance("DH");
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
116 DHParameterSpec params = clientPublic.getParams();
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
117 this.serverPublic = (DHPublicKey) kf.generatePublic(new DHPublicKeySpec(
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
118 new BigInteger(f), params.getP(), params.getG()));
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
119 ka = KeyAgreement.getInstance("DH");
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
120 ka.init(clientPrivate);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
121 ka.doPhase(serverPublic, true);
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
122 }
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
123 catch (NoSuchAlgorithmException e) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
124 throw(IOException) new IOException("No DH key agreement method").initCause(e);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
125 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
126 catch (InvalidKeyException e) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
127 throw(IOException) new IOException("Invalid DH key").initCause(e);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
128 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
129 catch (InvalidKeySpecException e) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
130 throw(IOException) new IOException("Invalid DH key").initCause(e);
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
131 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
132
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
133 sharedSecret = new BigInteger(ka.generateSecret());
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
134 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
135
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
136 @Override
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
137 public String getHashAlgo() {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents: 307
diff changeset
138 return "SHA1";
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
139 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
140 }