Mercurial > 510Connectbot
annotate src/ch/ethz/ssh2/crypto/dh/EcDhExchange.java @ 404:ec74f347ab5f
fix bad args to arrays.fill(); bump version number
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Tue, 21 Oct 2014 13:11:59 -0700 |
parents | 1d400fd78e4a |
children |
rev | line source |
---|---|
309
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
1 /** |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
2 * |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
3 */ |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
4 package ch.ethz.ssh2.crypto.dh; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
5 |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
6 import java.io.IOException; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
7 import java.math.BigInteger; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
8 import java.security.InvalidAlgorithmParameterException; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
9 import java.security.InvalidKeyException; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
10 import java.security.KeyFactory; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
11 import java.security.KeyPair; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
12 import java.security.KeyPairGenerator; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
13 import java.security.NoSuchAlgorithmException; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
14 import java.security.interfaces.ECPrivateKey; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
15 import java.security.interfaces.ECPublicKey; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
16 import java.security.spec.ECParameterSpec; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
17 import java.security.spec.ECPoint; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
18 import java.security.spec.ECPublicKeySpec; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
19 import java.security.spec.InvalidKeySpecException; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
20 |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
21 import javax.crypto.KeyAgreement; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
22 |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
23 import ch.ethz.ssh2.signature.ECDSASHA2Verify; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
24 |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
25 /** |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
26 * @author kenny |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
27 * |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
28 */ |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
29 public class EcDhExchange extends GenericDhExchange { |
313
1d400fd78e4a
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
309
diff
changeset
|
30 |
1d400fd78e4a
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
309
diff
changeset
|
31 /* Client public and private */ |
1d400fd78e4a
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
309
diff
changeset
|
32 |
309
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
33 private ECPrivateKey clientPrivate; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
34 private ECPublicKey clientPublic; |
313
1d400fd78e4a
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
309
diff
changeset
|
35 |
1d400fd78e4a
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
309
diff
changeset
|
36 /* Server public */ |
1d400fd78e4a
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
309
diff
changeset
|
37 |
309
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
38 private ECPublicKey serverPublic; |
313
1d400fd78e4a
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
309
diff
changeset
|
39 private byte[] f; |
309
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
40 |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
41 @Override |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
42 public void init(String name) throws IOException { |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
43 final ECParameterSpec spec; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
44 |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
45 if ("ecdh-sha2-nistp256".equals(name)) { |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
46 spec = ECDSASHA2Verify.EllipticCurves.nistp256; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
47 } |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
48 else if ("ecdh-sha2-nistp384".equals(name)) { |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
49 spec = ECDSASHA2Verify.EllipticCurves.nistp384; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
50 } |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
51 else if ("ecdh-sha2-nistp521".equals(name)) { |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
52 spec = ECDSASHA2Verify.EllipticCurves.nistp521; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
53 } |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
54 else { |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
55 throw new IllegalArgumentException("Unknown EC curve " + name); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
56 } |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
57 |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
58 KeyPairGenerator kpg; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
59 |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
60 try { |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
61 kpg = KeyPairGenerator.getInstance("EC"); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
62 kpg.initialize(spec); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
63 KeyPair pair = kpg.generateKeyPair(); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
64 clientPrivate = (ECPrivateKey) pair.getPrivate(); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
65 clientPublic = (ECPublicKey) pair.getPublic(); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
66 } |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
67 catch (NoSuchAlgorithmException e) { |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
68 throw(IOException) new IOException("No DH keypair generator").initCause(e); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
69 } |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
70 catch (InvalidAlgorithmParameterException e) { |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
71 throw(IOException) new IOException("Invalid DH parameters").initCause(e); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
72 } |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
73 } |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
74 |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
75 @Override |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
76 public byte[] getE() { |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
77 return ECDSASHA2Verify.encodeECPoint(clientPublic.getW(), clientPublic.getParams() |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
78 .getCurve()); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
79 } |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
80 |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
81 @Override |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
82 protected byte[] getServerE() { |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
83 return ECDSASHA2Verify.encodeECPoint(serverPublic.getW(), serverPublic.getParams() |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
84 .getCurve()); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
85 } |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
86 |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
87 @Override |
313
1d400fd78e4a
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
309
diff
changeset
|
88 public byte[] getF() { |
1d400fd78e4a
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
309
diff
changeset
|
89 return f; |
1d400fd78e4a
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
309
diff
changeset
|
90 } |
1d400fd78e4a
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
309
diff
changeset
|
91 |
1d400fd78e4a
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
309
diff
changeset
|
92 @Override |
309
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
93 public void setF(byte[] f) throws IOException { |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
94 if (clientPublic == null) |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
95 throw new IllegalStateException("DhDsaExchange not initialized!"); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
96 |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
97 final KeyAgreement ka; |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
98 |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
99 try { |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
100 KeyFactory kf = KeyFactory.getInstance("EC"); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
101 ECParameterSpec params = clientPublic.getParams(); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
102 ECPoint serverPoint = ECDSASHA2Verify.decodeECPoint(f, params.getCurve()); |
313
1d400fd78e4a
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
309
diff
changeset
|
103 this.f = f; |
309
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
104 this.serverPublic = (ECPublicKey) kf.generatePublic(new ECPublicKeySpec(serverPoint, |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
105 params)); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
106 ka = KeyAgreement.getInstance("ECDH"); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
107 ka.init(clientPrivate); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
108 ka.doPhase(serverPublic, true); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
109 } |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
110 catch (NoSuchAlgorithmException e) { |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
111 throw(IOException) new IOException("No ECDH key agreement method").initCause(e); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
112 } |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
113 catch (InvalidKeyException e) { |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
114 throw(IOException) new IOException("Invalid ECDH key").initCause(e); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
115 } |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
116 catch (InvalidKeySpecException e) { |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
117 throw(IOException) new IOException("Invalid ECDH key").initCause(e); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
118 } |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
119 |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
120 sharedSecret = new BigInteger(ka.generateSecret()); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
121 } |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
122 |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
123 @Override |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
124 public String getHashAlgo() { |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
125 return ECDSASHA2Verify.getDigestAlgorithmForParams(clientPublic.getParams()); |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
126 } |
cb179051f0f2
add ecdsa key support everywhere
Carl Byington <carl@five-ten-sg.com>
parents:
diff
changeset
|
127 } |