可認證的DH密鑰交換協議
一、實驗目的
通過使用密碼學庫實現可認證的DH密鑰交換協議(簡化STS協議),能夠編寫簡單的實驗代碼進行正確的協議實現和驗證。
二、實驗要求
- 熟悉DH密鑰交換算法基本原理;
- 理解原始DH密鑰交換算法存在的中間人攻擊;
- 理解簡化STS協議抗中間人攻擊的原理。
- 掌握使用java編寫實驗代碼進行正確的簡化STS協議實現和驗證。
三、 開發環境
JDK 1.7,Java開發環境(本實驗採用Windows+eclipse作爲實驗環境),要求參與實驗的同學按照對稱加密提供的方法,提前安裝好JDK。
四、實驗原理
通過使用密碼學庫實現可認證的DH密鑰交換協議(簡化STS協議),能夠編寫簡單的實驗代碼進行正確的協議實現和驗證。
代碼段:
AuthDHKeyAgree
import java.math.BigInteger;
import java.util.Random;
public class AuthDHKeyAgree {
private static final int securityParam = 1023;
public static BigInteger p;
public static BigInteger q;
public static BigInteger g;
//生成安全素數p,p=2q+1,q爲一個1023 bits的大素數
public static void safePGen() {
BigInteger one = new BigInteger("1",10);
BigInteger two = new BigInteger("2",10);
do {
p = new BigInteger("0",10);
q = new BigInteger(securityParam, 100, new Random());
p = p.add(q.multiply(two).add(one));
}while( p.isProbablePrime(100) == false );
}
//選取隨機生成元g,通過隨機選擇[2,p-2]之間的數g,然後判斷g^q mod p是否等於1,如果不等於1,則g爲生成元
public static void generatorGGen() {
BigInteger one = new BigInteger("1",10);
BigInteger two = new BigInteger("2",10);
BigInteger result;
do {
g = new BigInteger(securityParam, new Random());
g = g.mod(p.subtract(one));
result = g.modPow(q, p);
}while( g.compareTo(two) < 0 || result.compareTo(one) == 0 );
}
public static void main(String[] args) {
System.out.println("系統初始化,生成安全素數p,選取隨機生成元g...");
safePGen();
System.out.println("p: "+p.toString(16));
System.out.println("q: "+q.toString(16));
generatorGGen();
System.out.println("g: "+g.toString(16));
//Alice選擇隨機祕密值 0<=r1<=p-1
BigInteger r1 = new BigInteger(securityParam, new Random());
BigInteger A;
r1 = r1.mod(p);
//Alice計算g^r1 mod p
A = g.modPow(r1, p);
//Bob選擇隨機祕密值0<=r2<=p-1
BigInteger r2 = new BigInteger(securityParam, new Random());
BigInteger B;
//Bob計算g^r2 mod p
B = g.modPow(r2, p);
//Bob初始化一個RSA簽名算法對象
RSASignatureAlgorithm BobRSA = new RSASignatureAlgorithm();
BobRSA.initKeys();
byte[] BobM = (A.toString()+B.toString()+"Alice"+"Bob").getBytes();
//Bob生成簽名
BigInteger BobSig = BobRSA.signature(BobM);
//Alice驗證簽名
BobM = (A.toString()+B.toString()+"Alice"+"Bob").getBytes();
boolean result = BobRSA.verify(BobM, BobSig);
if( result == true ) System.out.println("Alice驗證簽名通過。");
else System.out.println("Alice驗證簽名不通過。");
//Alice計算會話密鑰
BigInteger sessionKey = (A.multiply(B)).mod(p);
System.out.println("Alice計算得到的會話密鑰爲:"+sessionKey.toString(16));
//Alice初始化一個RSA簽名算法對象
RSASignatureAlgorithm AliceRSA = new RSASignatureAlgorithm();
AliceRSA.initKeys();
byte[] AliceM = (A.toString()+B.toString()+"Alice"+"Bob").getBytes();
//Alice生成簽名
BigInteger AliceSig = AliceRSA.signature(AliceM);
//Bob驗證簽名
AliceM = (A.toString()+B.toString()+"Alice"+"Bob").getBytes();
result = AliceRSA.verify(AliceM, AliceSig);
if ( result == true ) System.out.println("Bob驗證簽名通過。");
else System.out.println("Bob驗證簽名不通過");
//Bob計算會話密鑰
sessionKey = (B.multiply(A)).mod(p);
System.out.println("Bob計算得到的會話密鑰爲:"+sessionKey.toString(16));
}
}
RSASignatureAlgorithm
import java.math.BigInteger;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
public class RSASignatureAlgorithm {
BigInteger n;
BigInteger e;
BigInteger d;
public BigInteger __hash(byte m[]) {
MessageDigest md;
try {
md = MessageDigest.getInstance("SHA-256");
md.update(m);
byte b[] = new byte[33];
System.arraycopy(md.digest(), 0, b, 1, 32);
return new BigInteger(b);
} catch (NoSuchAlgorithmException e) {
System.out.println("this cannot happen.");
}
return null;
}
public void initKeys() {
BigInteger p = new BigInteger(1024, 500, new Random());
BigInteger q = new BigInteger(1024, 500, new Random());
assert(p.compareTo(q) != 0);
n = p.multiply(q);
BigInteger fi_n = p.subtract(BigInteger.ONE)
.multiply(q.subtract(BigInteger.ONE));
e = new BigInteger(512, 100, new Random());
d = e.modInverse(fi_n);
System.out.println("n : " + n.toString(16));
System.out.println("e : " + e.toString(16));
System.out.println("d : " + d.toString(16));
}
public BigInteger signature(byte m[]) {
BigInteger s = __hash(m).modPow(d, n);
System.out.println("s : " + s);
return s;
}
public boolean verify(byte m[], BigInteger s) {
BigInteger left = __hash(m).mod(n);
BigInteger right = s.modPow(e, n);
return left.compareTo(right) == 0;
}
}