private final boolean checkHashed(String entry, String hostname) {
if (entry.startsWith("|1|") == false) return false;
int delim_idx = entry.indexOf('|', 3);
if (delim_idx == -1) return false;
String salt_base64 = entry.substring(3, delim_idx);
String hash_base64 = entry.substring(delim_idx + 1);
byte[] salt = null;
byte[] hash = null;
try {
salt = Base64.decode(salt_base64.toCharArray());
hash = Base64.decode(hash_base64.toCharArray());
} catch (IOException e) {
return false;
}
SHA1 sha1 = new SHA1();
if (salt.length != sha1.getDigestLength()) return false;
byte[] dig = hmacSha1Hash(salt, hostname);
for (int i = 0; i < dig.length; i++) if (dig[i] != hash[i]) return false;
return true;
}
public static boolean verifySignature(byte[] message, DSASignature ds, DSAPublicKey dpk)
throws IOException {
/* Inspired by Bouncycastle's DSASigner class */
SHA1 md = new SHA1();
md.update(message);
byte[] sha_message = new byte[md.getDigestLength()];
md.digest(sha_message);
BigInteger m = new BigInteger(1, sha_message);
BigInteger r = ds.getR();
BigInteger s = ds.getS();
BigInteger g = dpk.getG();
BigInteger p = dpk.getP();
BigInteger q = dpk.getQ();
BigInteger y = dpk.getY();
BigInteger zero = BigInteger.ZERO;
if (log.isEnabled()) {
log.log(60, "ssh-dss signature: m: " + m.toString(16));
log.log(60, "ssh-dss signature: r: " + r.toString(16));
log.log(60, "ssh-dss signature: s: " + s.toString(16));
log.log(60, "ssh-dss signature: g: " + g.toString(16));
log.log(60, "ssh-dss signature: p: " + p.toString(16));
log.log(60, "ssh-dss signature: q: " + q.toString(16));
log.log(60, "ssh-dss signature: y: " + y.toString(16));
}
if (zero.compareTo(r) >= 0 || q.compareTo(r) <= 0) {
log.log(20, "ssh-dss signature: zero.compareTo(r) >= 0 || q.compareTo(r) <= 0");
return false;
}
if (zero.compareTo(s) >= 0 || q.compareTo(s) <= 0) {
log.log(20, "ssh-dss signature: zero.compareTo(s) >= 0 || q.compareTo(s) <= 0");
return false;
}
BigInteger w = s.modInverse(q);
BigInteger u1 = m.multiply(w).mod(q);
BigInteger u2 = r.multiply(w).mod(q);
u1 = g.modPow(u1, p);
u2 = y.modPow(u2, p);
BigInteger v = u1.multiply(u2).mod(p).mod(q);
return v.equals(r);
}
/**
* Generate the hashed representation of the given hostname. Useful for adding entries with hashed
* hostnames to a known_hosts file. (see -H option of OpenSSH key-gen).
*
* @param hostname
* @return the hashed representation, e.g.,
* "|1|cDhrv7zwEUV3k71CEPHnhHZezhA=|Xo+2y6rUXo2OIWRAYhBOIijbJMA="
*/
public static final String createHashedHostname(String hostname) {
SHA1 sha1 = new SHA1();
byte[] salt = new byte[sha1.getDigestLength()];
new SecureRandom().nextBytes(salt);
byte[] hash = hmacSha1Hash(salt, hostname);
String base64_salt = new String(Base64.encode(salt));
String base64_hash = new String(Base64.encode(hash));
return new String("|1|" + base64_salt + "|" + base64_hash);
}
private static final byte[] hmacSha1Hash(byte[] salt, String hostname) {
SHA1 sha1 = new SHA1();
if (salt.length != sha1.getDigestLength())
throw new IllegalArgumentException("Salt has wrong length (" + salt.length + ")");
HMAC hmac = new HMAC(sha1, salt, salt.length);
try {
hmac.update(hostname.getBytes("ISO-8859-1"));
} catch (UnsupportedEncodingException ignore) {
/* Actually, ISO-8859-1 is supported by all correct
* Java implementations. But... you never know. */
hmac.update(hostname.getBytes());
}
byte[] dig = new byte[hmac.getDigestLength()];
hmac.digest(dig);
return dig;
}
public static DSASignature generateSignature(byte[] message, DSAPrivateKey pk, SecureRandom rnd) {
SHA1 md = new SHA1();
md.update(message);
byte[] sha_message = new byte[md.getDigestLength()];
md.digest(sha_message);
BigInteger m = new BigInteger(1, sha_message);
BigInteger k;
int qBitLength = pk.getQ().bitLength();
do {
k = new BigInteger(qBitLength, rnd);
} while (k.compareTo(pk.getQ()) >= 0);
BigInteger r = pk.getG().modPow(k, pk.getP()).mod(pk.getQ());
k = k.modInverse(pk.getQ()).multiply(m.add((pk).getX().multiply(r)));
BigInteger s = k.mod(pk.getQ());
return new DSASignature(r, s);
}