001: package ch.ethz.ssh2.signature;
002:
003: import java.io.IOException;
004: import java.math.BigInteger;
005: import java.security.SecureRandom;
006:
007: import ch.ethz.ssh2.crypto.digest.SHA1;
008: import ch.ethz.ssh2.log.Logger;
009: import ch.ethz.ssh2.packets.TypesReader;
010: import ch.ethz.ssh2.packets.TypesWriter;
011:
012: /**
013: * DSASHA1Verify.
014: *
015: * @author Christian Plattner, plattner@inf.ethz.ch
016: * @version $Id: DSASHA1Verify.java,v 1.5 2006/02/14 19:43:16 cplattne Exp $
017: */
018: public class DSASHA1Verify {
019: private static final Logger log = Logger
020: .getLogger(DSASHA1Verify.class);
021:
022: public static DSAPublicKey decodeSSHDSAPublicKey(byte[] key)
023: throws IOException {
024: TypesReader tr = new TypesReader(key);
025:
026: String key_format = tr.readString();
027:
028: if (key_format.equals("ssh-dss") == false)
029: throw new IllegalArgumentException(
030: "This is not a ssh-dss public key!");
031:
032: BigInteger p = tr.readMPINT();
033: BigInteger q = tr.readMPINT();
034: BigInteger g = tr.readMPINT();
035: BigInteger y = tr.readMPINT();
036:
037: if (tr.remain() != 0)
038: throw new IOException("Padding in DSA public key!");
039:
040: return new DSAPublicKey(p, q, g, y);
041: }
042:
043: public static byte[] encodeSSHDSAPublicKey(DSAPublicKey pk)
044: throws IOException {
045: TypesWriter tw = new TypesWriter();
046:
047: tw.writeString("ssh-dss");
048: tw.writeMPInt(pk.getP());
049: tw.writeMPInt(pk.getQ());
050: tw.writeMPInt(pk.getG());
051: tw.writeMPInt(pk.getY());
052:
053: return tw.getBytes();
054: }
055:
056: public static byte[] encodeSSHDSASignature(DSASignature ds) {
057: TypesWriter tw = new TypesWriter();
058:
059: tw.writeString("ssh-dss");
060:
061: byte[] r = ds.getR().toByteArray();
062: byte[] s = ds.getS().toByteArray();
063:
064: byte[] a40 = new byte[40];
065:
066: /* Patch (unsigned) r and s into the target array. */
067:
068: int r_copylen = (r.length < 20) ? r.length : 20;
069: int s_copylen = (s.length < 20) ? s.length : 20;
070:
071: System.arraycopy(r, r.length - r_copylen, a40, 20 - r_copylen,
072: r_copylen);
073: System.arraycopy(s, s.length - s_copylen, a40, 40 - s_copylen,
074: s_copylen);
075:
076: tw.writeString(a40, 0, 40);
077:
078: return tw.getBytes();
079: }
080:
081: public static DSASignature decodeSSHDSASignature(byte[] sig)
082: throws IOException {
083: TypesReader tr = new TypesReader(sig);
084:
085: String sig_format = tr.readString();
086:
087: if (sig_format.equals("ssh-dss") == false)
088: throw new IOException("Peer sent wrong signature format");
089:
090: byte[] rsArray = tr.readByteString();
091:
092: if (rsArray.length != 40)
093: throw new IOException("Peer sent corrupt signature");
094:
095: if (tr.remain() != 0)
096: throw new IOException("Padding in DSA signature!");
097:
098: /* Remember, s and r are unsigned ints. */
099:
100: byte[] tmp = new byte[20];
101:
102: System.arraycopy(rsArray, 0, tmp, 0, 20);
103: BigInteger r = new BigInteger(1, tmp);
104:
105: System.arraycopy(rsArray, 20, tmp, 0, 20);
106: BigInteger s = new BigInteger(1, tmp);
107:
108: if (log.isEnabled()) {
109: log.log(30, "decoded ssh-dss signature: first bytes r("
110: + ((rsArray[0]) & 0xff) + "), s("
111: + ((rsArray[20]) & 0xff) + ")");
112: }
113:
114: return new DSASignature(r, s);
115: }
116:
117: public static boolean verifySignature(byte[] message,
118: DSASignature ds, DSAPublicKey dpk) throws IOException {
119: /* Inspired by Bouncycastle's DSASigner class */
120:
121: SHA1 md = new SHA1();
122: md.update(message);
123: byte[] sha_message = new byte[md.getDigestLength()];
124: md.digest(sha_message);
125:
126: BigInteger m = new BigInteger(1, sha_message);
127:
128: BigInteger r = ds.getR();
129: BigInteger s = ds.getS();
130:
131: BigInteger g = dpk.getG();
132: BigInteger p = dpk.getP();
133: BigInteger q = dpk.getQ();
134: BigInteger y = dpk.getY();
135:
136: BigInteger zero = BigInteger.ZERO;
137:
138: if (log.isEnabled()) {
139: log.log(60, "ssh-dss signature: m: " + m.toString(16));
140: log.log(60, "ssh-dss signature: r: " + r.toString(16));
141: log.log(60, "ssh-dss signature: s: " + s.toString(16));
142: log.log(60, "ssh-dss signature: g: " + g.toString(16));
143: log.log(60, "ssh-dss signature: p: " + p.toString(16));
144: log.log(60, "ssh-dss signature: q: " + q.toString(16));
145: log.log(60, "ssh-dss signature: y: " + y.toString(16));
146: }
147:
148: if (zero.compareTo(r) >= 0 || q.compareTo(r) <= 0) {
149: log
150: .log(20,
151: "ssh-dss signature: zero.compareTo(r) >= 0 || q.compareTo(r) <= 0");
152: return false;
153: }
154:
155: if (zero.compareTo(s) >= 0 || q.compareTo(s) <= 0) {
156: log
157: .log(20,
158: "ssh-dss signature: zero.compareTo(s) >= 0 || q.compareTo(s) <= 0");
159: return false;
160: }
161:
162: BigInteger w = s.modInverse(q);
163:
164: BigInteger u1 = m.multiply(w).mod(q);
165: BigInteger u2 = r.multiply(w).mod(q);
166:
167: u1 = g.modPow(u1, p);
168: u2 = y.modPow(u2, p);
169:
170: BigInteger v = u1.multiply(u2).mod(p).mod(q);
171:
172: return v.equals(r);
173: }
174:
175: public static DSASignature generateSignature(byte[] message,
176: DSAPrivateKey pk, SecureRandom rnd) {
177: SHA1 md = new SHA1();
178: md.update(message);
179: byte[] sha_message = new byte[md.getDigestLength()];
180: md.digest(sha_message);
181:
182: BigInteger m = new BigInteger(1, sha_message);
183: BigInteger k;
184: int qBitLength = pk.getQ().bitLength();
185:
186: do {
187: k = new BigInteger(qBitLength, rnd);
188: } while (k.compareTo(pk.getQ()) >= 0);
189:
190: BigInteger r = pk.getG().modPow(k, pk.getP()).mod(pk.getQ());
191:
192: k = k.modInverse(pk.getQ()).multiply(
193: m.add((pk).getX().multiply(r)));
194:
195: BigInteger s = k.mod(pk.getQ());
196:
197: return new DSASignature(r, s);
198: }
199: }
|