Mercurial > 510Connectbot
comparison src/ch/ethz/ssh2/crypto/KeyMaterial.java @ 273:91a31873c42a ganymed
start conversion from trilead to ganymed
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Fri, 18 Jul 2014 11:21:46 -0700 |
| parents | |
| children | 071eccdff8ea |
comparison
equal
deleted
inserted
replaced
| 272:ce2f4e397703 | 273:91a31873c42a |
|---|---|
| 1 /* | |
| 2 * Copyright (c) 2006-2011 Christian Plattner. All rights reserved. | |
| 3 * Please refer to the LICENSE.txt for licensing details. | |
| 4 */ | |
| 5 package ch.ethz.ssh2.crypto; | |
| 6 | |
| 7 import java.io.IOException; | |
| 8 import java.math.BigInteger; | |
| 9 | |
| 10 import ch.ethz.ssh2.crypto.digest.HashForSSH2Types; | |
| 11 | |
| 12 /** | |
| 13 * Establishes key material for iv/key/mac (both directions). | |
| 14 * | |
| 15 * @author Christian Plattner | |
| 16 * @version 2.50, 03/15/10 | |
| 17 */ | |
| 18 public class KeyMaterial { | |
| 19 public byte[] initial_iv_client_to_server; | |
| 20 public byte[] initial_iv_server_to_client; | |
| 21 public byte[] enc_key_client_to_server; | |
| 22 public byte[] enc_key_server_to_client; | |
| 23 public byte[] integrity_key_client_to_server; | |
| 24 public byte[] integrity_key_server_to_client; | |
| 25 | |
| 26 private static byte[] calculateKey(HashForSSH2Types sh, BigInteger K, byte[] H, byte type, byte[] SessionID, | |
| 27 int keyLength) throws IOException { | |
| 28 byte[] res = new byte[keyLength]; | |
| 29 | |
| 30 int dglen = sh.getDigestLength(); | |
| 31 int numRounds = (keyLength + dglen - 1) / dglen; | |
| 32 | |
| 33 byte[][] tmp = new byte[numRounds][]; | |
| 34 | |
| 35 sh.reset(); | |
| 36 sh.updateBigInt(K); | |
| 37 sh.updateBytes(H); | |
| 38 sh.updateByte(type); | |
| 39 sh.updateBytes(SessionID); | |
| 40 | |
| 41 tmp[0] = sh.getDigest(); | |
| 42 | |
| 43 int off = 0; | |
| 44 int produced = Math.min(dglen, keyLength); | |
| 45 | |
| 46 System.arraycopy(tmp[0], 0, res, off, produced); | |
| 47 | |
| 48 keyLength -= produced; | |
| 49 off += produced; | |
| 50 | |
| 51 for(int i = 1; i < numRounds; i++) { | |
| 52 sh.updateBigInt(K); | |
| 53 sh.updateBytes(H); | |
| 54 | |
| 55 for(int j = 0; j < i; j++) { | |
| 56 sh.updateBytes(tmp[j]); | |
| 57 } | |
| 58 | |
| 59 tmp[i] = sh.getDigest(); | |
| 60 | |
| 61 produced = Math.min(dglen, keyLength); | |
| 62 System.arraycopy(tmp[i], 0, res, off, produced); | |
| 63 keyLength -= produced; | |
| 64 off += produced; | |
| 65 } | |
| 66 | |
| 67 return res; | |
| 68 } | |
| 69 | |
| 70 public static KeyMaterial create(String hashType, byte[] H, BigInteger K, byte[] SessionID, int keyLengthCS, | |
| 71 int blockSizeCS, int macLengthCS, int keyLengthSC, int blockSizeSC, int macLengthSC) | |
| 72 throws IOException { | |
| 73 KeyMaterial km = new KeyMaterial(); | |
| 74 | |
| 75 HashForSSH2Types sh = new HashForSSH2Types(hashType); | |
| 76 | |
| 77 km.initial_iv_client_to_server = calculateKey(sh, K, H, (byte) 'A', SessionID, blockSizeCS); | |
| 78 | |
| 79 km.initial_iv_server_to_client = calculateKey(sh, K, H, (byte) 'B', SessionID, blockSizeSC); | |
| 80 | |
| 81 km.enc_key_client_to_server = calculateKey(sh, K, H, (byte) 'C', SessionID, keyLengthCS); | |
| 82 | |
| 83 km.enc_key_server_to_client = calculateKey(sh, K, H, (byte) 'D', SessionID, keyLengthSC); | |
| 84 | |
| 85 km.integrity_key_client_to_server = calculateKey(sh, K, H, (byte) 'E', SessionID, macLengthCS); | |
| 86 | |
| 87 km.integrity_key_server_to_client = calculateKey(sh, K, H, (byte) 'F', SessionID, macLengthSC); | |
| 88 | |
| 89 return km; | |
| 90 } | |
| 91 } |