com.maverick.ssh.components.jce.client

Class DiffieHellmanGroupExchangeSha1

java.lang.Object

com.maverick.ssh2.SshKeyExchangeClient

com.maverick.ssh.components.jce.client.DiffieHellmanGroupExchangeSha1

All Implemented Interfaces:

AbstractKeyExchange, SshComponent, SshKeyExchange, SecureComponent

Direct Known Subclasses:

DiffieHellmanGroupExchangeSha256

public class DiffieHellmanGroupExchangeSha1
extends SshKeyExchangeClient
implements AbstractKeyExchange

An implementation of the diffie-hellman-group-exchange key exchange mechanism that uses JCE provider for DH agreement and Digest.

Author:

Lee David Painter

Field Summary

Fields

Modifier and Type	Field and Description
static String	DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA1 Constant for the algorithm name "diffie-hellman-group-exchange-sha1".

Fields inherited from class com.maverick.ssh2.SshKeyExchangeClient

exchangeHash, hashAlgorithm, hostKey, secret, signature, transport

Constructor Summary

Constructors

Modifier	Constructor and Description
	DiffieHellmanGroupExchangeSha1() Construct an uninitialized instance.
protected	DiffieHellmanGroupExchangeSha1(String algorithm, SecurityLevel securityLevel, int priority)

Method Summary

Modifier and Type	Method and Description
protected void	calculateExchangeHash(boolean disableBackwardsCompatibility, int minimumSize, int preferredKeySize, int maximumSize) Calculates the exchange hash as an SHA1 hash of the following data.
String	getAlgorithm() Get the algorithm name for this key exchange
String	getProvider()
boolean	isKeyExchangeMessage(int messageid)
void	performClientExchange(String clientIdentification, String serverIdentification, byte[] clientKexInit, byte[] serverKexInit) The client requests a modulus from the server indicating the pre- ferred size.
void	test()

Methods inherited from class com.maverick.ssh2.SshKeyExchangeClient

getExchangeHash, getHashAlgorithm, getHostKey, getPriority, getSecret, getSecurityLevel, getSignature, init, reset

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA1

public static final String DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA1

Constant for the algorithm name "diffie-hellman-group-exchange-sha1".

See Also:

Constant Field Values

Constructor Detail

DiffieHellmanGroupExchangeSha1

public DiffieHellmanGroupExchangeSha1()

Construct an uninitialized instance.

DiffieHellmanGroupExchangeSha1

protected DiffieHellmanGroupExchangeSha1(String algorithm,
                                         SecurityLevel securityLevel,
                                         int priority)

Method Detail

isKeyExchangeMessage

public boolean isKeyExchangeMessage(int messageid)

Specified by:

isKeyExchangeMessage in class SshKeyExchangeClient

getAlgorithm

public String getAlgorithm()

Get the algorithm name for this key exchange

Specified by:

getAlgorithm in interface SshComponent

Specified by:

getAlgorithm in interface SecureComponent

Specified by:

getAlgorithm in class SshKeyExchangeClient

Returns:

"diffie-hellman-group1-sha1"

test

public void test()

Specified by:

test in interface SshKeyExchange

performClientExchange

public void performClientExchange(String clientIdentification,
                                  String serverIdentification,
                                  byte[] clientKexInit,
                                  byte[] serverKexInit)
                           throws SshException

The client requests a modulus from the server indicating the pre- ferred size. In the following description (C is the client, S is the server; the modulus p is a large safe prime and g is a genera- tor for a subgroup of GF(p); min is the minimal size of p in bits that is acceptable to the client; n is the size of the modulus p in bits that the client would like to receive from the server; max is the maximal size of p in bits that the client can accept; V_S is S's version string; V_C is C's version string; K_S is S's public host key; I_C is C's KEXINIT message and I_S S's KEXINIT message which have been exchanged before this part begins):

  1.   C sends "min || n || max" to S, indicating the minimal accept-
       able group size, the preferred size of the group and the maxi-
       mal group size in bits the client will accept.
 
  2.   S finds a group that best matches the client's request, and
       sends "p || g" to C.
 
  3.   C generates a random number x (1 < x < (p-1)/2). It computes e
       = g^x mod p, and sends "e" to S.
 
  4.   S generates a random number y (0 < y < (p-1)/2) and computes f
       = g^y mod p. S receives "e".  It computes K = e^y mod p, H =
       hash(V_C || V_S || I_C || I_S || K_S || min || n || max || p
       || g || e || f || K) (these elements are encoded according to
       their types; see below), and signature s on H with its private
       host key.  S sends "K_S || f || s" to C.  The signing opera-
       tion may involve a second hashing operation.
 
       Implementation Notes:
 
            To increase the speed of the key exchange, both client
            and server may reduce the size of their private expo-
            nents. It should be at least twice as long as the key
            material that is generated from the shared secret.  For
            more details see the paper by van Oorschot and Wiener
            [1].
 
  5.   C verifies that K_S really is the host key for S (e.g. using
       certificates or a local database).  C is also allowed to
       accept the key without verification; however, doing so will
       render the protocol insecure against active attacks (but may
       be desirable for practical reasons in the short term in many
       environments).  C then computes K = f^x mod p, H = hash(V_C ||
       V_S || I_C || I_S || K_S || min || n || max || p || g || e ||
       f || K), and verifies the signature s on H.
 

Specified by:

performClientExchange in class SshKeyExchangeClient

Parameters:

clientIdentification -

serverIdentification -

clientKexInit -

serverKexInit -

Throws:

IOException

SshException

getProvider

public String getProvider()

Specified by:

getProvider in interface AbstractKeyExchange

Specified by:

getProvider in interface SshKeyExchange

calculateExchangeHash

protected void calculateExchangeHash(boolean disableBackwardsCompatibility,
                                     int minimumSize,
                                     int preferredKeySize,
                                     int maximumSize)
                              throws SshException

Calculates the exchange hash as an SHA1 hash of the following data.

  String         the client's version string (CR and NL excluded)
  String         the server's version string (CR and NL excluded)
  String         the payload of the client's SSH_MSG_KEXINIT
  String         the payload of the server's SSH_MSG_KEXINIT
  String         the host key
  UINT32         minimum size in bits of the acceptable group
  UINT32         preferred size in bits of the acceptable group
  UNIT32         maximum size in bits of the acceptable group
  BigInteger     p, safe prime
  BigInteger     g, generator for subgroup
  BigInteger     e, exchange value sent by the client
  BigInteger     f, exchange value sent by the server
  BigInteger     K, the shared secret
 

Throws:

IOException

SshException