510Connectbot: src/ch/ethz/ssh2/signature/RSASHA1Verify.java comparison

comparison src/ch/ethz/ssh2/signature/RSASHA1Verify.java @ 278:d7e088fa2123 ganymed

start conversion from trilead to ganymed

author	Carl Byington <carl@five-ten-sg.com>
date	Fri, 18 Jul 2014 16:45:43 -0700
parents	91a31873c42a
children	e1c445af8e46

comparison

equal deleted inserted replaced

-:e0da43026046
+:d7e088fa2123
-/*
-* Copyright (c) 2006-2011 Christian Plattner. All rights reserved.
+package com.trilead.ssh2.signature;
-* Please refer to the LICENSE.txt for licensing details.
-*/
-package ch.ethz.ssh2.signature;
 import java.io.IOException;
 import java.math.BigInteger;
-import java.security.DigestException;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.security.spec.RSAPublicKeySpec;
-import ch.ethz.ssh2.PacketFormatException;
+import com.trilead.ssh2.log.Logger;
-import ch.ethz.ssh2.crypto.SimpleDERReader;
+import com.trilead.ssh2.packets.TypesReader;
-import ch.ethz.ssh2.crypto.digest.SHA1;
+import com.trilead.ssh2.packets.TypesWriter;
-import ch.ethz.ssh2.log.Logger;
-import ch.ethz.ssh2.packets.TypesReader;
-import ch.ethz.ssh2.packets.TypesWriter;
 /**
 * RSASHA1Verify.
 *
-* @author Christian Plattner
+* @author Christian Plattner, plattner@trilead.com
-* @version $Id: RSASHA1Verify.java 154 2014-04-28 11:45:02Z dkocher@sudo.ch $
+* @version $Id: RSASHA1Verify.java,v 1.1 2007/10/15 12:49:57 cplattne Exp $
 */
 public class RSASHA1Verify {
 private static final Logger log = Logger.getLogger(RSASHA1Verify.class);
 public static RSAPublicKey decodeSSHRSAPublicKey(byte[] key) throws IOException {
 TypesReader tr = new TypesReader(key);
 String key_format = tr.readString();
-if(!key_format.equals("ssh-rsa")) {
+if (key_format.equals("ssh-rsa") == false)
-throw new IllegalArgumentException("Not a ssh-rsa public key");
+throw new IllegalArgumentException("This is not a ssh-rsa public key");
-}
 BigInteger e = tr.readMPINT();
 BigInteger n = tr.readMPINT();
-if(tr.remain() != 0) {
+if (tr.remain() != 0)
-throw new PacketFormatException("Padding in RSA public key");
+throw new IOException("Padding in RSA public key!");
+KeySpec keySpec = new RSAPublicKeySpec(n, e);
+try {
+KeyFactory kf = KeyFactory.getInstance("RSA");
+return (RSAPublicKey) kf.generatePublic(keySpec);
 }
+catch (NoSuchAlgorithmException nsae) {
-return new RSAPublicKey(e, n);
+IOException ioe = new IOException("No RSA KeyFactory available");
+ioe.initCause(nsae);
+throw ioe;
+}
+catch (InvalidKeySpecException ikse) {
+IOException ioe = new IOException("No RSA KeyFactory available");
+ioe.initCause(ikse);
+throw ioe;
+}
 }
 public static byte[] encodeSSHRSAPublicKey(RSAPublicKey pk) throws IOException {
 TypesWriter tw = new TypesWriter();
+tw.writeString("ssh-rsa");
+tw.writeMPInt(pk.getPublicExponent());
+tw.writeMPInt(pk.getModulus());
+return tw.getBytes();
+}
+public static byte[] decodeSSHRSASignature(byte[] sig) throws IOException {
+TypesReader tr = new TypesReader(sig);
+String sig_format = tr.readString();
+if (sig_format.equals("ssh-rsa") == false)
+throw new IOException("Peer sent wrong signature format");
+/* S is NOT an MPINT. "The value for 'rsa_signature_blob' is encoded as a string
+* containing s (which is an integer, without lengths or padding, unsigned and in
+* network byte order)." See also below.
+*/
+byte[] s = tr.readByteString();
+if (s.length == 0)
+throw new IOException("Error in RSA signature, S is empty.");
+if (log.isEnabled()) {
+log.log(80, "Decoding ssh-rsa signature string (length: " + s.length + ")");
+}
+if (tr.remain() != 0)
+throw new IOException("Padding in RSA signature!");
+if (s[0] == 0 && s[1] == 0 && s[2] == 0) {
+int i = 0;
+int j = ((s[i++] << 24) & 0xff000000) | ((s[i++] << 16) & 0x00ff0000)
+| ((s[i++] << 8) & 0x0000ff00) | ((s[i++]) & 0x000000ff);
+i += j;
+j = ((s[i++] << 24) & 0xff000000) | ((s[i++] << 16) & 0x00ff0000)
+| ((s[i++] << 8) & 0x0000ff00) | ((s[i++]) & 0x000000ff);
+byte[] tmp = new byte[j];
+System.arraycopy(s, i, tmp, 0, j);
+sig = tmp;
+}
+return s;
+}
+public static byte[] encodeSSHRSASignature(byte[] s) throws IOException {
+TypesWriter tw = new TypesWriter();
 tw.writeString("ssh-rsa");
-tw.writeMPInt(pk.getE());
-tw.writeMPInt(pk.getN());
+/* S is NOT an MPINT. "The value for 'rsa_signature_blob' is encoded as a string
+* containing s (which is an integer, without lengths or padding, unsigned and in
+* network byte order)."
+*/
+/* Remove first zero sign byte, if present */
+if ((s.length > 1) && (s[0] == 0x00))
+tw.writeString(s, 1, s.length - 1);
+else
+tw.writeString(s, 0, s.length);
 return tw.getBytes();
 }
-public static RSASignature decodeSSHRSASignature(byte[] sig) throws IOException {
+public static byte[] generateSignature(byte[] message, RSAPrivateKey pk) throws IOException {
-TypesReader tr = new TypesReader(sig);
+try {
+Signature s = Signature.getInstance("SHA1withRSA");
-String sig_format = tr.readString();
+s.initSign(pk);
+s.update(message);
-if(!sig_format.equals("ssh-rsa")) {
+return s.sign();
-throw new PacketFormatException("Peer sent wrong signature format");
 }
+catch (NoSuchAlgorithmException e) {
-		/* S is NOT an MPINT. "The value for 'rsa_signature_blob' is encoded as a string
+IOException ex = new IOException();
-* containing s (which is an integer, without lengths or padding, unsigned and in
+ex.initCause(e);
-		 * network byte order)." See also below.
+throw ex;
-		 */
-byte[] s = tr.readByteString();
-if(s.length == 0) {
-throw new PacketFormatException("Error in RSA signature, S is empty.");
 }
+catch (InvalidKeyException e) {
-if(log.isDebugEnabled()) {
+IOException ex =  new IOException();
-log.debug("Decoding ssh-rsa signature string (length: " + s.length + ")");
+ex.initCause(e);
+throw ex;
 }
+catch (SignatureException e) {
-if(tr.remain() != 0) {
+IOException ex =  new IOException();
-throw new PacketFormatException("Padding in RSA signature!");
+ex.initCause(e);
+throw ex;
 }
-return new RSASignature(new BigInteger(1, s));
 }
-public static byte[] encodeSSHRSASignature(RSASignature sig) throws IOException {
+public static boolean verifySignature(byte[] message, byte[] ds, RSAPublicKey dpk) throws IOException {
-TypesWriter tw = new TypesWriter();
+try {
+Signature s = Signature.getInstance("SHA1withRSA");
-tw.writeString("ssh-rsa");
+s.initVerify(dpk);
+s.update(message);
-		/* S is NOT an MPINT. "The value for 'rsa_signature_blob' is encoded as a string
+return s.verify(ds);
-		 * containing s (which is an integer, without lengths or padding, unsigned and in
-		 * network byte order)."
-		 */
-byte[] s = sig.getS().toByteArray();
-		/* Remove first zero sign byte, if present */
-if((s.length > 1) && (s[0] == 0x00)) {
-tw.writeString(s, 1, s.length - 1);
 }
-else {
+catch (NoSuchAlgorithmException e) {
-tw.writeString(s, 0, s.length);
+IOException ex = new IOException();
+ex.initCause(e);
+throw ex;
 }
+catch (InvalidKeyException e) {
-return tw.getBytes();
+IOException ex = new IOException();
-}
+ex.initCause(e);
+throw ex;
-public static RSASignature generateSignature(byte[] message, RSAPrivateKey pk) throws IOException {
-SHA1 md = new SHA1();
-md.update(message);
-byte[] sha_message = new byte[md.getDigestLength()];
-try {
-md.digest(sha_message);
 }
-catch(DigestException e) {
+catch (SignatureException e) {
-throw new IOException(e);
+IOException ex = new IOException();
+ex.initCause(e);
+throw ex;
 }
-byte[] der_header = new byte[]{0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00,
-0x04, 0x14};
-int rsa_block_len = (pk.getN().bitLength() + 7) / 8;
-int num_pad = rsa_block_len - (2 + der_header.length + sha_message.length) - 1;
-if(num_pad < 8) {
-throw new PacketFormatException("Cannot sign with RSA, message too long");
-}
-byte[] sig = new byte[der_header.length + sha_message.length + 2 + num_pad];
-sig[0] = 0x01;
-for(int i = 0; i < num_pad; i++) {
-sig[i + 1] = (byte) 0xff;
-}
-sig[num_pad + 1] = 0x00;
-System.arraycopy(der_header, 0, sig, 2 + num_pad, der_header.length);
-System.arraycopy(sha_message, 0, sig, 2 + num_pad + der_header.length, sha_message.length);
-BigInteger m = new BigInteger(1, sig);
-BigInteger s = m.modPow(pk.getD(), pk.getN());
-return new RSASignature(s);
-}
-public static boolean verifySignature(byte[] message, RSASignature ds, RSAPublicKey dpk) throws IOException {
-SHA1 md = new SHA1();
-md.update(message);
-byte[] sha_message = new byte[md.getDigestLength()];
-try {
-md.digest(sha_message);
-}
-catch(DigestException e) {
-throw new IOException(e);
-}
-BigInteger n = dpk.getN();
-BigInteger e = dpk.getE();
-BigInteger s = ds.getS();
-if(n.compareTo(s) <= 0) {
-log.warning("ssh-rsa signature: n.compareTo(s) <= 0");
-return false;
-}
-int rsa_block_len = (n.bitLength() + 7) / 8;
-		/* And now the show begins */
-if(rsa_block_len < 1) {
-log.warning("ssh-rsa signature: rsa_block_len < 1");
-return false;
-}
-byte[] v = s.modPow(e, n).toByteArray();
-int startpos = 0;
-if((v.length > 0) && (v[0] == 0x00)) {
-startpos++;
-}
-if((v.length - startpos) != (rsa_block_len - 1)) {
-log.warning("ssh-rsa signature: (v.length - startpos) != (rsa_block_len - 1)");
-return false;
-}
-if(v[startpos] != 0x01) {
-log.warning("ssh-rsa signature: v[startpos] != 0x01");
-return false;
-}
-int pos = startpos + 1;
-while(true) {
-if(pos >= v.length) {
-log.warning("ssh-rsa signature: pos >= v.length");
-return false;
-}
-if(v[pos] == 0x00) {
-break;
-}
-if(v[pos] != (byte) 0xff) {
-log.warning("ssh-rsa signature: v[pos] != (byte) 0xff");
-return false;
-}
-pos++;
-}
-int num_pad = pos - (startpos + 1);
-if(num_pad < 8) {
-log.warning("ssh-rsa signature: num_pad < 8");
-return false;
-}
-pos++;
-if(pos >= v.length) {
-log.warning("ssh-rsa signature: pos >= v.length");
-return false;
-}
-SimpleDERReader dr = new SimpleDERReader(v, pos, v.length - pos);
-byte[] seq = dr.readSequenceAsByteArray();
-if(dr.available() != 0) {
-log.warning("ssh-rsa signature: dr.available() != 0");
-return false;
-}
-dr.resetInput(seq);
-		/* Read digestAlgorithm */
-byte digestAlgorithm[] = dr.readSequenceAsByteArray();
-		/* Inspired by RFC 3347, however, ignoring the comment regarding old BER based implementations */
-if((digestAlgorithm.length < 8) || (digestAlgorithm.length > 9)) {
-log.warning("ssh-rsa signature: (digestAlgorithm.length < 8) || (digestAlgorithm.length > 9)");
-return false;
-}
-byte[] digestAlgorithm_sha1 = new byte[]{0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00};
-for(int i = 0; i < digestAlgorithm.length; i++) {
-if(digestAlgorithm[i] != digestAlgorithm_sha1[i]) {
-log.warning("ssh-rsa signature: digestAlgorithm[i] != digestAlgorithm_sha1[i]");
-return false;
-}
-}
-byte[] digest = dr.readOctetString();
-if(dr.available() != 0) {
-log.warning("ssh-rsa signature: dr.available() != 0 (II)");
-return false;
-}
-if(digest.length != sha_message.length) {
-log.warning("ssh-rsa signature: digest.length != sha_message.length");
-return false;
-}
-for(int i = 0; i < sha_message.length; i++) {
-if(sha_message[i] != digest[i]) {
-log.warning("ssh-rsa signature: sha_message[i] != digest[i]");
-return false;
-}
-}
-return true;
 }
 }

Mercurial > 510Connectbot

comparison src/ch/ethz/ssh2/signature/RSASHA1Verify.java @ 278:d7e088fa2123 ganymed