eclipse實現可認證的DH金鑰交換協議
阿新 • • 發佈:2020-06-24
可認證的DH金鑰交換協議,供大家參考,具體內容如下
一、實驗目的
通過使用密碼學庫實現可認證的DH金鑰交換協議(簡化STS協議),能夠編寫簡單的實驗程式碼進行正確的協議實現和驗證。
二、實驗要求
1、熟悉DH金鑰交換演算法基本原理;
2、理解原始DH金鑰交換演算法存在的中間人攻擊;
3、理解簡化STS協議抗中間人攻擊的原理。
4、掌握使用java編寫實驗程式碼進行正確的簡化STS協議實現和驗證。
三、 開發環境
JDK 1.7,Java開發環境(本實驗採用Windows+eclipse作為實驗環境),要求參與實驗的同學按照對稱加密提供的方法,提前安裝好JDK。
四、實驗原理
通過使用密碼學庫實現可認證的DH金鑰交換協議(簡化STS協議),能夠編寫簡單的實驗程式碼進行正確的協議實現和驗證。
程式碼段:
AuthDHKeyAgree
import java.math.BigInteger; import java.util.Random; public class AuthDHKeyAgree { private static final int securityParam = 1023; public static BigInteger p; public static BigInteger q; public static BigInteger g; //生成安全素數p,p=2q+1,q為一個1023 bits的大素數 public static void safePGen() { BigInteger one = new BigInteger("1",10); BigInteger two = new BigInteger("2",10); do { p = new BigInteger("0",10); q = new BigInteger(securityParam,100,new Random()); p = p.add(q.multiply(two).add(one)); }while( p.isProbablePrime(100) == false ); } //選取隨機生成元g,通過隨機選擇[2,p-2]之間的數g,然後判斷g^q mod p是否等於1,如果不等於1,則g為生成元 public static void generatorGGen() { BigInteger one = new BigInteger("1",10); BigInteger result; do { g = new BigInteger(securityParam,new Random()); g = g.mod(p.subtract(one)); result = g.modPow(q,p); }while( g.compareTo(two) < 0 || result.compareTo(one) == 0 ); } public static void main(String[] args) { System.out.println("系統初始化,生成安全素數p,選取隨機生成元g..."); safePGen(); System.out.println("p: "+p.toString(16)); System.out.println("q: "+q.toString(16)); generatorGGen(); System.out.println("g: "+g.toString(16)); //Alice選擇隨機祕密值 0<=r1<=p-1 BigInteger r1 = new BigInteger(securityParam,new Random()); BigInteger A; r1 = r1.mod(p); //Alice計算g^r1 mod p A = g.modPow(r1,p); //Bob選擇隨機祕密值0<=r2<=p-1 BigInteger r2 = new BigInteger(securityParam,new Random()); BigInteger B; //Bob計算g^r2 mod p B = g.modPow(r2,p); //Bob初始化一個RSA簽名演算法物件 RSASignatureAlgorithm BobRSA = new RSASignatureAlgorithm(); BobRSA.initKeys(); byte[] BobM = (A.toString()+B.toString()+"Alice"+"Bob").getBytes(); //Bob生成簽名 BigInteger BobSig = BobRSA.signature(BobM); //Alice驗證簽名 BobM = (A.toString()+B.toString()+"Alice"+"Bob").getBytes(); boolean result = BobRSA.verify(BobM,BobSig); if( result == true ) System.out.println("Alice驗證簽名通過。"); else System.out.println("Alice驗證簽名不通過。"); //Alice計算會話金鑰 BigInteger sessionKey = (A.multiply(B)).mod(p); System.out.println("Alice計算得到的會話金鑰為:"+sessionKey.toString(16)); //Alice初始化一個RSA簽名演算法物件 RSASignatureAlgorithm AliceRSA = new RSASignatureAlgorithm(); AliceRSA.initKeys(); byte[] AliceM = (A.toString()+B.toString()+"Alice"+"Bob").getBytes(); //Alice生成簽名 BigInteger AliceSig = AliceRSA.signature(AliceM); //Bob驗證簽名 AliceM = (A.toString()+B.toString()+"Alice"+"Bob").getBytes(); result = AliceRSA.verify(AliceM,AliceSig); if ( result == true ) System.out.println("Bob驗證簽名通過。"); else System.out.println("Bob驗證簽名不通過"); //Bob計算會話金鑰 sessionKey = (B.multiply(A)).mod(p); System.out.println("Bob計算得到的會話金鑰為:"+sessionKey.toString(16)); } }
RSASignatureAlgorithm
import java.math.BigInteger; import java.math.BigInteger; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Random; public class RSASignatureAlgorithm { BigInteger n; BigInteger e; BigInteger d; public BigInteger __hash(byte m[]) { MessageDigest md; try { md = MessageDigest.getInstance("SHA-256"); md.update(m); byte b[] = new byte[33]; System.arraycopy(md.digest(),b,1,32); return new BigInteger(b); } catch (NoSuchAlgorithmException e) { System.out.println("this cannot happen."); } return null; } public void initKeys() { BigInteger p = new BigInteger(1024,500,new Random()); BigInteger q = new BigInteger(1024,new Random()); assert(p.compareTo(q) != 0); n = p.multiply(q); BigInteger fi_n = p.subtract(BigInteger.ONE) .multiply(q.subtract(BigInteger.ONE)); e = new BigInteger(512,new Random()); d = e.modInverse(fi_n); System.out.println("n : " + n.toString(16)); System.out.println("e : " + e.toString(16)); System.out.println("d : " + d.toString(16)); } public BigInteger signature(byte m[]) { BigInteger s = __hash(m).modPow(d,n); System.out.println("s : " + s); return s; } public boolean verify(byte m[],BigInteger s) { BigInteger left = __hash(m).mod(n); BigInteger right = s.modPow(e,n); return left.compareTo(right) == 0; } }
以上就是本文的全部內容,希望對大家的學習有所幫助,也希望大家多多支援我們。