/** * Processes the client's credentials. If valid the shared secret is generated and returned. * @param clientA The client's credentials * @return A shared secret BigInteger * @throws CryptoException If client's credentials are invalid */ public BigInteger calculateSecret(BigInteger clientA) throws CryptoException { this.A = SRP6Util.validatePublicValue(N, clientA); this.u = SRP6Util.calculateU(digest, N, A, B); this.S = calculateS(); return S; }
public void init(SRP6GroupParameters group, BigInteger v, Digest digest, SecureRandom random) { init(group.getN(), group.getG(), v, digest, random); }
/** * Generates the server's credentials that are to be sent to the client. * @return The server's public value to the client */ public BigInteger generateServerCredentials() { BigInteger k = SRP6Util.calculateK(digest, N, g); this.b = selectPrivateValue(); this.B = k.multiply(v).mod(N).add(g.modPow(b, N)).mod(N); return B; }
public byte[] generateServerKeyExchange() throws IOException { srpServer.init(srpGroup, srpVerifier, TlsUtils.createHash(HashAlgorithm.sha1), context.getSecureRandom()); BigInteger B = srpServer.generateServerCredentials(); ServerSRPParams srpParams = new ServerSRPParams(srpGroup.getN(), srpGroup.getG(), srpSalt, B); DigestInputBuffer buf = new DigestInputBuffer(); srpParams.encode(buf); if (serverCredentials != null) { /* * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2 */ SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtils.getSignatureAndHashAlgorithm( context, serverCredentials); Digest d = TlsUtils.createHash(signatureAndHashAlgorithm); SecurityParameters securityParameters = context.getSecurityParameters(); d.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length); d.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length); buf.updateDigest(d); byte[] hash = new byte[d.getDigestSize()]; d.doFinal(hash, 0); byte[] signature = serverCredentials.generateCertificateSignature(hash); DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature); signed_params.encode(buf); } return buf.toByteArray(); }
public TlsSRPKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, byte[] identity, TlsSRPLoginParameters loginParameters) { super(keyExchange, supportedSignatureAlgorithms); this.tlsSigner = createSigner(keyExchange); this.identity = identity; this.srpServer = new SRP6Server(); this.srpGroup = loginParameters.getGroup(); this.srpVerifier = loginParameters.getVerifier(); this.srpSalt = loginParameters.getSalt(); }
public byte[] generatePremasterSecret() throws IOException { try { BigInteger S = srpServer != null ? srpServer.calculateSecret(srpPeerCredentials) : srpClient.calculateSecret(srpPeerCredentials); // TODO Check if this needs to be a fixed size return BigIntegers.asUnsignedByteArray(S); } catch (CryptoException e) { throw new TlsFatalAlert(AlertDescription.illegal_parameter, e); } }
public byte[] generateServerKeyExchange() throws IOException { srpServer.init(srpGroup, srpVerifier, TlsUtils.createHash(HashAlgorithm.sha1), context.getSecureRandom()); BigInteger B = srpServer.generateServerCredentials(); ServerSRPParams srpParams = new ServerSRPParams(srpGroup.getN(), srpGroup.getG(), srpSalt, B); DigestInputBuffer buf = new DigestInputBuffer(); srpParams.encode(buf); if (serverCredentials != null) { /* * RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2 */ SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtils.getSignatureAndHashAlgorithm( context, serverCredentials); Digest d = TlsUtils.createHash(signatureAndHashAlgorithm); SecurityParameters securityParameters = context.getSecurityParameters(); d.update(securityParameters.clientRandom, 0, securityParameters.clientRandom.length); d.update(securityParameters.serverRandom, 0, securityParameters.serverRandom.length); buf.updateDigest(d); byte[] hash = new byte[d.getDigestSize()]; d.doFinal(hash, 0); byte[] signature = serverCredentials.generateCertificateSignature(hash); DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature); signed_params.encode(buf); } return buf.toByteArray(); }
public TlsSRPKeyExchange(int keyExchange, Vector supportedSignatureAlgorithms, byte[] identity, TlsSRPLoginParameters loginParameters) { super(keyExchange, supportedSignatureAlgorithms); this.tlsSigner = createSigner(keyExchange); this.identity = identity; this.srpServer = new SRP6Server(); this.srpGroup = loginParameters.getGroup(); this.srpVerifier = loginParameters.getVerifier(); this.srpSalt = loginParameters.getSalt(); }
public byte[] generatePremasterSecret() throws IOException { try { BigInteger S = srpServer != null ? srpServer.calculateSecret(srpPeerCredentials) : srpClient.calculateSecret(srpPeerCredentials); // TODO Check if this needs to be a fixed size return BigIntegers.asUnsignedByteArray(S); } catch (CryptoException e) { throw new TlsFatalAlert(AlertDescription.illegal_parameter, e); } }
/** * Generates the server's credentials that are to be sent to the client. * @return The server's public value to the client */ public BigInteger generateServerCredentials() { BigInteger k = SRP6Util.calculateK(digest, N, g); this.b = selectPrivateValue(); this.B = k.multiply(v).mod(N).add(g.modPow(b, N)).mod(N); return B; }
/** * Processes the client's credentials. If valid the shared secret is generated and returned. * @param clientA The client's credentials * @return A shared secret BigInteger * @throws CryptoException If client's credentials are invalid */ public BigInteger calculateSecret(BigInteger clientA) throws CryptoException { this.A = SRP6Util.validatePublicValue(N, clientA); this.u = SRP6Util.calculateU(digest, N, A, B); this.S = calculateS(); return S; }
public void init(SRP6GroupParameters group, BigInteger v, Digest digest, SecureRandom random) { init(group.getN(), group.getG(), v, digest, random); }