com.sshtools.jce
Class DiffieHellmanGroupExchangeSha1

java.lang.Object
  extended bycom.maverick.ssh2.SshKeyExchange
      extended bycom.sshtools.jce.DiffieHellmanGroupExchangeSha1

public class DiffieHellmanGroupExchangeSha1
extends SshKeyExchange

An implementation of the diffie-hellman-group-exchange key exchange mechanism that uses JCE provider for DH agreement and Digest.

Author:
Lee David Painter

Field Summary
static java.lang.String DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA1
          Constant for the algorithm name "diffie-hellman-group1-sha1".
 
Fields inherited from class com.maverick.ssh2.SshKeyExchange
exchangeHash, hostKey, secret, signature, transport
 
Constructor Summary
DiffieHellmanGroupExchangeSha1()
          Contruct an uninitialized instance.
 
Method Summary
protected  void calculateExchangeHash()
          Calculates the exchange hash as an SHA1 hash of the following data.
 java.lang.String getAlgorithm()
          Get the algorithm name for this key exchange
 boolean isKeyExchangeMessage(int messageid)
           
 void performClientExchange(java.lang.String clientId, java.lang.String serverId, byte[] clientKexInit, byte[] serverKexInit)
          The client requests a modulus from the server indicating the pre- ferred size.
 
Methods inherited from class com.maverick.ssh2.SshKeyExchange
getExchangeHash, getHostKey, getSecret, getSignature, init, reset
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA1

public static final java.lang.String DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA1
Constant for the algorithm name "diffie-hellman-group1-sha1".

See Also:
Constant Field Values
Constructor Detail

DiffieHellmanGroupExchangeSha1

public DiffieHellmanGroupExchangeSha1()
Contruct an uninitialized instance.

Method Detail

isKeyExchangeMessage

public boolean isKeyExchangeMessage(int messageid)
Specified by:
isKeyExchangeMessage in class SshKeyExchange

getAlgorithm

public java.lang.String getAlgorithm()
Get the algorithm name for this key exchange

Specified by:
getAlgorithm in class SshKeyExchange
Returns:
"diffie-hellman-group1-sha1"

performClientExchange

public void performClientExchange(java.lang.String clientId,
                                  java.lang.String serverId,
                                  byte[] clientKexInit,
                                  byte[] serverKexInit)
                           throws SshException
The client requests a modulus from the server indicating the pre- ferred size. In the following description (C is the client, S is the server; the modulus p is a large safe prime and g is a genera- tor for a subgroup of GF(p); min is the minimal size of p in bits that is acceptable to the client; n is the size of the modulus p in bits that the client would like to receive from the server; max is the maximal size of p in bits that the client can accept; V_S is S's version string; V_C is C's version string; K_S is S's public host key; I_C is C's KEXINIT message and I_S S's KEXINIT message which have been exchanged before this part begins):
  1.   C sends "min || n || max" to S, indicating the minimal accept-
       able group size, the preferred size of the group and the maxi-
       mal group size in bits the client will accept.

  2.   S finds a group that best matches the client's request, and
       sends "p || g" to C.

  3.   C generates a random number x (1 < x < (p-1)/2). It computes e
       = g^x mod p, and sends "e" to S.

  4.   S generates a random number y (0 < y < (p-1)/2) and computes f
       = g^y mod p. S receives "e".  It computes K = e^y mod p, H =
       hash(V_C || V_S || I_C || I_S || K_S || min || n || max || p
       || g || e || f || K) (these elements are encoded according to
       their types; see below), and signature s on H with its private
       host key.  S sends "K_S || f || s" to C.  The signing opera-
       tion may involve a second hashing operation.

       Implementation Notes:

            To increase the speed of the key exchange, both client
            and server may reduce the size of their private expo-
            nents. It should be at least twice as long as the key
            material that is generated from the shared secret.  For
            more details see the paper by van Oorschot and Wiener
            [1].

  5.   C verifies that K_S really is the host key for S (e.g. using
       certificates or a local database).  C is also allowed to
       accept the key without verification; however, doing so will
       render the protocol insecure against active attacks (but may
       be desirable for practical reasons in the short term in many
       environments).  C then computes K = f^x mod p, H = hash(V_C ||
       V_S || I_C || I_S || K_S || min || n || max || p || g || e ||
       f || K), and verifies the signature s on H.
 

Specified by:
performClientExchange in class SshKeyExchange
Parameters:
clientId -
serverId -
clientKexInit -
serverKexInit -
Throws:
java.io.IOException
SshException

calculateExchangeHash

protected void calculateExchangeHash()
                              throws SshException

Calculates the exchange hash as an SHA1 hash of the following data.

  String         the client's version string (CR and NL excluded)
  String         the server's version string (CR and NL excluded)
  String         the payload of the client's SSH_MSG_KEXINIT
  String         the payload of the server's SSH_MSG_KEXINIT
  String         the host key
  UINT32         minimum size in bits of the acceptable group
  UINT32         preferred size in bits of the acceptable group
  UNIT32         maximum size in bits of the acceptable group
  BigInteger     p, safe prime
  BigInteger     g, generator for subgroup
  BigInteger     e, exchange value sent by the client
  BigInteger     f, exchange value sent by the server
  BigInteger     K, the shared secret
 

Throws:
java.io.IOException
SshException


Copyright © 2003 3SP LTD. All Rights Reserved.