Mercurial > 510Connectbot

annotate src/ch/ethz/ssh2/crypto/dh/EcDhExchange.java @ 309:cb179051f0f2 ganymed

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add ecdsa key support everywhere
author Carl Byington <carl@five-ten-sg.com>
date Wed, 30 Jul 2014 14:29:39 -0700
parents
children 1d400fd78e4a
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
309
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
1 /**
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
2 *
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
3 */
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
4 package ch.ethz.ssh2.crypto.dh;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
5
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
6 import java.io.IOException;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
7 import java.math.BigInteger;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
8 import java.security.InvalidAlgorithmParameterException;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
9 import java.security.InvalidKeyException;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
10 import java.security.KeyFactory;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
11 import java.security.KeyPair;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
12 import java.security.KeyPairGenerator;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
13 import java.security.NoSuchAlgorithmException;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
14 import java.security.interfaces.ECPrivateKey;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
15 import java.security.interfaces.ECPublicKey;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
16 import java.security.spec.ECParameterSpec;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
17 import java.security.spec.ECPoint;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
18 import java.security.spec.ECPublicKeySpec;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
19 import java.security.spec.InvalidKeySpecException;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
20
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
21 import javax.crypto.KeyAgreement;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
22
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
23 import ch.ethz.ssh2.signature.ECDSASHA2Verify;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
24
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
25 /**
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
26 * @author kenny
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
27 *
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
28 */
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
29 public class EcDhExchange extends GenericDhExchange {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
30 private ECPrivateKey clientPrivate;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
31 private ECPublicKey clientPublic;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
32 private ECPublicKey serverPublic;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
33
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
34 @Override
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
35 public void init(String name) throws IOException {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
36 final ECParameterSpec spec;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
37
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
38 if ("ecdh-sha2-nistp256".equals(name)) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
39 spec = ECDSASHA2Verify.EllipticCurves.nistp256;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
40 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
41 else if ("ecdh-sha2-nistp384".equals(name)) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
42 spec = ECDSASHA2Verify.EllipticCurves.nistp384;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
43 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
44 else if ("ecdh-sha2-nistp521".equals(name)) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
45 spec = ECDSASHA2Verify.EllipticCurves.nistp521;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
46 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
47 else {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
48 throw new IllegalArgumentException("Unknown EC curve " + name);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
49 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
50
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
51 KeyPairGenerator kpg;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
52
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
53 try {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
54 kpg = KeyPairGenerator.getInstance("EC");
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
55 kpg.initialize(spec);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
56 KeyPair pair = kpg.generateKeyPair();
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
57 clientPrivate = (ECPrivateKey) pair.getPrivate();
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
58 clientPublic = (ECPublicKey) pair.getPublic();
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
59 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
60 catch (NoSuchAlgorithmException e) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
61 throw(IOException) new IOException("No DH keypair generator").initCause(e);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
62 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
63 catch (InvalidAlgorithmParameterException e) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
64 throw(IOException) new IOException("Invalid DH parameters").initCause(e);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
65 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
66 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
67
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
68 @Override
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
69 public byte[] getE() {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
70 return ECDSASHA2Verify.encodeECPoint(clientPublic.getW(), clientPublic.getParams()
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
71 .getCurve());
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
72 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
73
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
74 @Override
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
75 protected byte[] getServerE() {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
76 return ECDSASHA2Verify.encodeECPoint(serverPublic.getW(), serverPublic.getParams()
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
77 .getCurve());
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
78 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
79
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
80 @Override
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
81 public void setF(byte[] f) throws IOException {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
82 if (clientPublic == null)
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
83 throw new IllegalStateException("DhDsaExchange not initialized!");
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
84
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
85 final KeyAgreement ka;
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
86
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
87 try {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
88 KeyFactory kf = KeyFactory.getInstance("EC");
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
89 ECParameterSpec params = clientPublic.getParams();
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
90 ECPoint serverPoint = ECDSASHA2Verify.decodeECPoint(f, params.getCurve());
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
91 this.serverPublic = (ECPublicKey) kf.generatePublic(new ECPublicKeySpec(serverPoint,
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
92 params));
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
93 ka = KeyAgreement.getInstance("ECDH");
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
94 ka.init(clientPrivate);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
95 ka.doPhase(serverPublic, true);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
96 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
97 catch (NoSuchAlgorithmException e) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
98 throw(IOException) new IOException("No ECDH key agreement method").initCause(e);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
99 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
100 catch (InvalidKeyException e) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
101 throw(IOException) new IOException("Invalid ECDH key").initCause(e);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
102 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
103 catch (InvalidKeySpecException e) {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
104 throw(IOException) new IOException("Invalid ECDH key").initCause(e);
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
105 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
106
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
107 sharedSecret = new BigInteger(ka.generateSecret());
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
108 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
109
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
110 @Override
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
111 public String getHashAlgo() {
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
112 return ECDSASHA2Verify.getDigestAlgorithmForParams(clientPublic.getParams());
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
113 }
cb179051f0f2 add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
114 }