blob: 870a3b4b4c452314ba73e72498ef144056e9cc5b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
/**
*
*/
package com.trilead.ssh2.crypto.dh;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.KeyAgreement;
import com.trilead.ssh2.signature.ECDSASHA2Verify;
/**
* @author kenny
*
*/
public class EcDhExchange extends GenericDhExchange {
private ECPrivateKey clientPrivate;
private ECPublicKey clientPublic;
private ECPublicKey serverPublic;
@Override
public void init(String name) throws IOException {
final ECParameterSpec spec;
if ("ecdh-sha2-nistp256".equals(name)) {
spec = ECDSASHA2Verify.EllipticCurves.nistp256;
} else if ("ecdh-sha2-nistp384".equals(name)) {
spec = ECDSASHA2Verify.EllipticCurves.nistp384;
} else if ("ecdh-sha2-nistp521".equals(name)) {
spec = ECDSASHA2Verify.EllipticCurves.nistp521;
} else {
throw new IllegalArgumentException("Unknown EC curve " + name);
}
KeyPairGenerator kpg;
try {
kpg = KeyPairGenerator.getInstance("EC");
kpg.initialize(spec);
KeyPair pair = kpg.generateKeyPair();
clientPrivate = (ECPrivateKey) pair.getPrivate();
clientPublic = (ECPublicKey) pair.getPublic();
} catch (NoSuchAlgorithmException e) {
throw (IOException) new IOException("No DH keypair generator").initCause(e);
} catch (InvalidAlgorithmParameterException e) {
throw (IOException) new IOException("Invalid DH parameters").initCause(e);
}
}
@Override
public byte[] getE() {
return ECDSASHA2Verify.encodeECPoint(clientPublic.getW(), clientPublic.getParams()
.getCurve());
}
@Override
protected byte[] getServerE() {
return ECDSASHA2Verify.encodeECPoint(serverPublic.getW(), serverPublic.getParams()
.getCurve());
}
@Override
public void setF(byte[] f) throws IOException {
if (clientPublic == null)
throw new IllegalStateException("DhDsaExchange not initialized!");
final KeyAgreement ka;
try {
KeyFactory kf = KeyFactory.getInstance("EC");
ECParameterSpec params = clientPublic.getParams();
ECPoint serverPoint = ECDSASHA2Verify.decodeECPoint(f, params.getCurve());
this.serverPublic = (ECPublicKey) kf.generatePublic(new ECPublicKeySpec(serverPoint,
params));
ka = KeyAgreement.getInstance("ECDH");
ka.init(clientPrivate);
ka.doPhase(serverPublic, true);
} catch (NoSuchAlgorithmException e) {
throw (IOException) new IOException("No ECDH key agreement method").initCause(e);
} catch (InvalidKeyException e) {
throw (IOException) new IOException("Invalid ECDH key").initCause(e);
} catch (InvalidKeySpecException e) {
throw (IOException) new IOException("Invalid ECDH key").initCause(e);
}
sharedSecret = new BigInteger(1, ka.generateSecret());
}
@Override
public String getHashAlgo() {
return ECDSASHA2Verify.getDigestAlgorithmForParams(clientPublic.getParams());
}
}
|
