Overview  Package   Class  Use  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.maverick.ssh.components.standalone
Class DiffieHellmanGroup14Sha1

java.lang.Object
  extended bycom.maverick.ssh.components.SshKeyExchangeClient
      extended bycom.maverick.ssh.components.standalone.DiffieHellmanGroup14Sha1
All Implemented Interfaces:
SshKeyExchange
public class DiffieHellmanGroup14Sha1
extends SshKeyExchangeClient

Implementation of the required SSH Transport Protocol key exchange method "diffie-hellman-group1-sha1".

Author:
Lee David Painter

Field Summary
static java.lang.String DIFFIE_HELLMAN_GROUP14_SHA1
          Constant for the algorithm name "diffie-hellman-group1-sha1".
 
Fields inherited from class com.maverick.ssh.components.SshKeyExchangeClient
exchangeHash, hostKey, secret, signature, transport
 
Constructor Summary
DiffieHellmanGroup14Sha1()
          Construct an uninitialized instance.
 
Method Summary
protected  void calculateExchangeHash()
          Calculates the exchange hash as an SHA1 hash of the following data.
 java.lang.String getAlgorithm()
          Get the algorithm name for this key exchange
 boolean isKeyExchangeMessage(int messageid)
           
 void performClientExchange(java.lang.String clientId, java.lang.String serverId, byte[] clientKexInit, byte[] serverKexInit)
           Performs the client side of the key exchange.
 
Methods inherited from class com.maverick.ssh.components.SshKeyExchangeClient
getExchangeHash, getHostKey, getSecret, getSignature, init, reset
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DIFFIE_HELLMAN_GROUP14_SHA1

public static final java.lang.String DIFFIE_HELLMAN_GROUP14_SHA1
Constant for the algorithm name "diffie-hellman-group1-sha1".

See Also:
Constant Field Values
Constructor Detail

DiffieHellmanGroup14Sha1

public DiffieHellmanGroup14Sha1()
Construct an uninitialized instance.

Method Detail

isKeyExchangeMessage

public boolean isKeyExchangeMessage(int messageid)
Specified by:
isKeyExchangeMessage in class SshKeyExchangeClient

getAlgorithm

public java.lang.String getAlgorithm()
Get the algorithm name for this key exchange

Specified by:
getAlgorithm in class SshKeyExchangeClient
Returns:
"diffie-hellman-group1-sha1"

performClientExchange

public void performClientExchange(java.lang.String clientId,
                                  java.lang.String serverId,
                                  byte[] clientKexInit,
                                  byte[] serverKexInit)
                           throws SshException

Performs the client side of the key exchange. 

 
 The Diffie-Hellman key exchange provides a shared secret that can not be
 determined by either party alone. The key exchange is combined with a
 signature with the host key to provide host authentication.
 
 In the following description (C is the client, S is the server; p is a
 large safe prime, g is a generator for a subgroup of GF(p), and q is the
 order of the subgroup; V_S is S's version string; V_C is C's version
 string; K_S is S's public host key; I_C is C's KEXINIT message and
 I_S S's KEXINIT message which have been exchanged before this part begins):
 
 1. C generates a random number x (1 < x < q) and computes e = gˆx mod p.
    C sends "e" to S.
 
 2. S generates a random number y (0 < y < q) and computes f = gˆy mod p.
    S receives "e". It computes K = eˆy mod p, H = hash(V_C || V_S || I_C
    || I_S || K_S || e || f || K) (these elements are encoded according to
    their types; see below), and signature s on H with its private host key.
    S sends "K_S || f || s" to C. The signing operation may involve a second
    hashing operation.
 
 3. C verifies that K_S really is the host key for S (e.g. using certificates
    or a local database). C is also allowed to accept the key without
    verification; however, doing so will render the protocol insecure
    against active attacks (but may be desirable for practical reasons in
    the short term in many environments). C then computes K = fˆx mod p,
    H = hash(V_C || V_S || I_C || I_S || K_S || e || f || K), and verifies
    the signature s on H.
 
 Either side MUST NOT send or accept e or f values that are not in the
 range [1, p-1]. If this condition is violated, the key exchange fails.
 
 
 p is a large safe prime
 
 	p=2q+1
 
 	We use a fixed p, so q=(p-1)/2
 
 	The difference between group1 and group14 is that group 14 uses a larger value of p therefore the size(order) or q is larger.
 
 	A random number x has to be generated in the range 1<x<q, this range of numbers is the group.
 
 	If p is larger then q is larger therefore the range(group) of x is larger.
 
 	In group exchange the client requests p from the server and specifies the size of the group and the minimum value of x.

Specified by:
performClientExchange in class SshKeyExchangeClient
Parameters:
clientId -
serverId -
clientKexInit -
serverKexInit -
Throws:
java.io.IOException
SshException

calculateExchangeHash

protected void calculateExchangeHash()
                              throws SshException

Calculates the exchange hash as an SHA1 hash of the following data. 

  String         the client's version string (CR and NL excluded)
  String         the server's version string (CR and NL excluded)
  String         the payload of the client's SSH_MSG_KEXINIT
  String         the payload of the server's SSH_MSG_KEXINIT
  String         the host key
  BigInteger     e, exchange value sent by the client
  BigInteger     f, exchange value sent by the server
  BigInteger     K, the shared secret

Throws:
java.io.IOException
SshException
Overview  Package   Class  Use  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2003 3SP LTD. All Rights Reserved.