Mercurial > 510Connectbot

view src/com/trilead/ssh2/signature/DSASHA1Verify.java @ 0:0ce5cc452d02

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
initial version
author Carl Byington <carl@five-ten-sg.com>
date Thu, 22 May 2014 10:41:19 -0700
parents
children
line wrap: on
line source


package com.trilead.ssh2.signature;

import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;

import com.trilead.ssh2.log.Logger;
import com.trilead.ssh2.packets.TypesReader;
import com.trilead.ssh2.packets.TypesWriter;


/**
 * DSASHA1Verify.
 *
 * @author Christian Plattner, plattner@trilead.com
 * @version $Id: DSASHA1Verify.java,v 1.2 2008/04/01 12:38:09 cplattne Exp $
 */
public class DSASHA1Verify {
    private static final Logger log = Logger.getLogger(DSASHA1Verify.class);

    public static DSAPublicKey decodeSSHDSAPublicKey(byte[] key) throws IOException {
        TypesReader tr = new TypesReader(key);
        String key_format = tr.readString();

        if (key_format.equals("ssh-dss") == false)
            throw new IllegalArgumentException("This is not a ssh-dss public key!");

        BigInteger p = tr.readMPINT();
        BigInteger q = tr.readMPINT();
        BigInteger g = tr.readMPINT();
        BigInteger y = tr.readMPINT();

        if (tr.remain() != 0)
            throw new IOException("Padding in DSA public key!");

        try {
            KeyFactory kf = KeyFactory.getInstance("DSA");
            KeySpec ks = new DSAPublicKeySpec(y, p, q, g);
            return (DSAPublicKey) kf.generatePublic(ks);
        }
        catch (NoSuchAlgorithmException e) {
            IOException ex = new IOException();
            ex.initCause(e);
            throw ex;
        }
        catch (InvalidKeySpecException e) {
            IOException ex = new IOException();
            ex.initCause(e);
            throw ex;
        }
    }

    public static byte[] encodeSSHDSAPublicKey(DSAPublicKey pk) throws IOException {
        TypesWriter tw = new TypesWriter();
        tw.writeString("ssh-dss");
        DSAParams params = pk.getParams();
        tw.writeMPInt(params.getP());
        tw.writeMPInt(params.getQ());
        tw.writeMPInt(params.getG());
        tw.writeMPInt(pk.getY());
        return tw.getBytes();
    }

    /**
     * Convert from Java's signature ASN.1 encoding to the SSH spec.
     * <p>
     * Java ASN.1 encoding:
     * <pre>
     * SEQUENCE ::= {
     *    r INTEGER,
     *    s INTEGER
     * }
     * </pre>
     */
    public static byte[] encodeSSHDSASignature(byte[] ds) {
        TypesWriter tw = new TypesWriter();
        tw.writeString("ssh-dss");
        int len, index;
        index = 3;
        len = ds[index++] & 0xff;
        byte[] r = new byte[len];
        System.arraycopy(ds, index, r, 0, r.length);
        index = index + len + 1;
        len = ds[index++] & 0xff;
        byte[] s = new byte[len];
        System.arraycopy(ds, index, s, 0, s.length);
        byte[] a40 = new byte[40];
        /* Patch (unsigned) r and s into the target array. */
        int r_copylen = (r.length < 20) ? r.length : 20;
        int s_copylen = (s.length < 20) ? s.length : 20;
        System.arraycopy(r, r.length - r_copylen, a40, 20 - r_copylen, r_copylen);
        System.arraycopy(s, s.length - s_copylen, a40, 40 - s_copylen, s_copylen);
        tw.writeString(a40, 0, 40);
        return tw.getBytes();
    }

    public static byte[] decodeSSHDSASignature(byte[] sig) throws IOException {
        byte[] rsArray = null;

        if (sig.length == 40) {
            /* OK, another broken SSH server. */
            rsArray = sig;
        }
        else {
            /* Hopefully a server obeying the standard... */
            TypesReader tr = new TypesReader(sig);
            String sig_format = tr.readString();

            if (sig_format.equals("ssh-dss") == false)
                throw new IOException("Peer sent wrong signature format");

            rsArray = tr.readByteString();

            if (rsArray.length != 40)
                throw new IOException("Peer sent corrupt signature");

            if (tr.remain() != 0)
                throw new IOException("Padding in DSA signature!");
        }

        int i = 0;
        int j = 0;
        byte[] tmp;

        if (rsArray[0] == 0 && rsArray[1] == 0 && rsArray[2] == 0) {
            j = ((rsArray[i++] << 24) & 0xff000000) | ((rsArray[i++] << 16) & 0x00ff0000)
                | ((rsArray[i++] << 8) & 0x0000ff00) | ((rsArray[i++]) & 0x000000ff);
            i += j;
            j = ((rsArray[i++] << 24) & 0xff000000) | ((rsArray[i++] << 16) & 0x00ff0000)
                | ((rsArray[i++] << 8) & 0x0000ff00) | ((rsArray[i++]) & 0x000000ff);
            tmp = new byte[j];
            System.arraycopy(rsArray, i, tmp, 0, j);
            rsArray = tmp;
        }

        /* ASN.1 */
        int frst = ((rsArray[0] & 0x80) != 0 ? 1 : 0);
        int scnd = ((rsArray[20] & 0x80) != 0 ? 1 : 0);
        /* Calculate output length */
        int length = rsArray.length + 6 + frst + scnd;
        tmp = new byte[length];
        /* DER-encoding to match Java */
        tmp[0] = (byte) 0x30;

        if (rsArray.length != 40)
            throw new IOException("Peer sent corrupt signature");

        /* Calculate length */
        tmp[1] = (byte) 0x2c;
        tmp[1] += frst;
        tmp[1] += scnd;
        /* First item */
        tmp[2] = (byte) 0x02;
        /* First item length */
        tmp[3] = (byte) 0x14;
        tmp[3] += frst;
        /* Copy in the data for first item */
        System.arraycopy(rsArray, 0, tmp, 4 + frst, 20);
        /* Second item */
        tmp[4 + tmp[3]] = (byte) 0x02;
        /* Second item length */
        tmp[5 + tmp[3]] = (byte) 0x14;
        tmp[5 + tmp[3]] += scnd;
        /* Copy in the data for the second item */
        System.arraycopy(rsArray, 20, tmp, 6 + tmp[3] + scnd, 20);
        /* Swap buffers */
        rsArray = tmp;
        return rsArray;
    }

    public static boolean verifySignature(byte[] message, byte[] ds, DSAPublicKey dpk) throws IOException {
        try {
            Signature s = Signature.getInstance("SHA1withDSA");
            s.initVerify(dpk);
            s.update(message);
            return s.verify(ds);
        }
        catch (NoSuchAlgorithmException e) {
            IOException ex = new IOException("No such algorithm");
            ex.initCause(e);
            throw ex;
        }
        catch (InvalidKeyException e) {
            IOException ex = new IOException("No such algorithm");
            ex.initCause(e);
            throw ex;
        }
        catch (SignatureException e) {
            IOException ex = new IOException();
            ex.initCause(e);
            throw ex;
        }
    }

    public static byte[] generateSignature(byte[] message, DSAPrivateKey pk, SecureRandom rnd) throws IOException {
        try {
            Signature s = Signature.getInstance("SHA1withDSA");
            s.initSign(pk);
            s.update(message);
            return s.sign();
        }
        catch (NoSuchAlgorithmException e) {
            IOException ex = new IOException();
            ex.initCause(e);
            throw ex;
        }
        catch (InvalidKeyException e) {
            IOException ex = new IOException();
            ex.initCause(e);
            throw ex;
        }
        catch (SignatureException e) {
            IOException ex = new IOException();
            ex.initCause(e);
            throw ex;
        }
    }
}