/** * Processes the client's credentials. If valid the shared secret is generated and returned. * @param clientA The client's credentials * @return A shared secret BigInteger * @throws CryptoException If client's credentials are invalid */ public BigInteger calculateSecret(BigInteger clientA) throws CryptoException { this.A = SRP6Util.validatePublicValue(N, clientA); this.u = SRP6Util.calculateU(digest, N, A, B); this.S = calculateS(); return S; }
protected BigInteger selectPrivateValue() { return SRP6Util.generatePrivateValue(digest, N, g, random); }
/** * Creates a new SRP verifier * @param salt The salt to use, generally should be large and random * @param identity The user's identifying information (eg. username) * @param password The user's password * @return A new verifier for use in future SRP authentication */ public BigInteger generateVerifier(byte[] salt, byte[] identity, byte[] password) { BigInteger x = SRP6Util.calculateX(digest, N, salt, identity, password); return g.modPow(x, N); } }
public void processClientKeyExchange(InputStream input) throws IOException { /* * RFC 5054 2.5.4: The server MUST abort the handshake with an "illegal_parameter" alert if * A % N = 0. */ try { this.srpPeerCredentials = SRP6Util.validatePublicValue(srpGroup.getN(), TlsSRPUtils.readSRPParameter(input)); } catch (CryptoException e) { throw new TlsFatalAlert(AlertDescription.illegal_parameter, e); } context.getSecurityParameters().srpIdentity = Arrays.clone(identity); }
private static BigInteger hashPaddedTriplet(Digest digest, BigInteger N, BigInteger n1, BigInteger n2, BigInteger n3){ int padLength = (N.bitLength() + 7) / 8; byte[] n1_bytes = getPadded(n1, padLength); byte[] n2_bytes = getPadded(n2, padLength); byte[] n3_bytes = getPadded(n3, padLength); digest.update(n1_bytes, 0, n1_bytes.length); digest.update(n2_bytes, 0, n2_bytes.length); digest.update(n3_bytes, 0, n3_bytes.length); byte[] output = new byte[digest.getDigestSize()]; digest.doFinal(output, 0); return new BigInteger(1, output); }
private BigInteger calculateS() { BigInteger k = SRP6Util.calculateK(digest, N, g); BigInteger exp = u.multiply(x).add(a); BigInteger tmp = g.modPow(x, N).multiply(k).mod(N); return B.subtract(tmp).mod(N).modPow(exp, N); }
public static BigInteger calculateK(Digest digest, BigInteger N, BigInteger g) { return hashPaddedPair(digest, N, N, g); }
/** * Computes the client evidence message M1 using the previously received values. * To be called after calculating the secret S. * @return M1: the client side generated evidence message * @throws CryptoException */ public BigInteger calculateClientEvidenceMessage() throws CryptoException{ // verify pre-requirements if ((this.A==null)||(this.B==null)||(this.S==null)){ throw new CryptoException("Impossible to compute M1: " + "some data are missing from the previous operations (A,B,S)"); } // compute the client evidence message 'M1' this.M1 = SRP6Util.calculateM1(digest, N, A, B, S); return M1; }
/** * Computes the final session key as a result of the SRP successful mutual authentication * To be called after calculating the server evidence message M2. * @return Key: the mutual authenticated symmetric session key * @throws CryptoException */ public BigInteger calculateSessionKey() throws CryptoException{ //verify pre-requirements if ((this.S==null)||(this.M1==null)||(this.M2==null)){ throw new CryptoException("Impossible to compute Key: " + "some data are missing from the previous operations (S,M1,M2)"); } this.Key = SRP6Util.calculateKey(digest, N, S); return Key; } }
/** * Computes the server evidence message M2 using the previously verified values. * To be called after successfully verifying the client evidence message M1. * @return M2: the server side generated evidence message * @throws CryptoException */ public BigInteger calculateServerEvidenceMessage() throws CryptoException{ //verify pre-requirements if ((this.A==null)||(this.M1==null)||(this.S==null)){ throw new CryptoException("Impossible to compute M2: " + "some data are missing from the previous operations (A,M1,S)"); } // Compute the server evidence message 'M2' this.M2 = SRP6Util.calculateM2(digest, N, A, M1, S); return M2; }
public void processClientKeyExchange(InputStream input) throws IOException { /* * RFC 5054 2.5.4: The server MUST abort the handshake with an "illegal_parameter" alert if * A % N = 0. */ try { this.srpPeerCredentials = SRP6Util.validatePublicValue(srpGroup.getN(), TlsSRPUtils.readSRPParameter(input)); } catch (CryptoException e) { throw new TlsFatalAlert(AlertDescription.illegal_parameter, e); } context.getSecurityParameters().srpIdentity = Arrays.clone(identity); }
private static BigInteger hashPaddedTriplet(Digest digest, BigInteger N, BigInteger n1, BigInteger n2, BigInteger n3){ int padLength = (N.bitLength() + 7) / 8; byte[] n1_bytes = getPadded(n1, padLength); byte[] n2_bytes = getPadded(n2, padLength); byte[] n3_bytes = getPadded(n3, padLength); digest.update(n1_bytes, 0, n1_bytes.length); digest.update(n2_bytes, 0, n2_bytes.length); digest.update(n3_bytes, 0, n3_bytes.length); byte[] output = new byte[digest.getDigestSize()]; digest.doFinal(output, 0); return new BigInteger(1, output); }
private BigInteger calculateS() { BigInteger k = SRP6Util.calculateK(digest, N, g); BigInteger exp = u.multiply(x).add(a); BigInteger tmp = g.modPow(x, N).multiply(k).mod(N); return B.subtract(tmp).mod(N).modPow(exp, N); }
public static BigInteger calculateU(Digest digest, BigInteger N, BigInteger A, BigInteger B) { return hashPaddedPair(digest, N, A, B); }
/** * Computes the client evidence message M1 using the previously received values. * To be called after calculating the secret S. * @return M1: the client side generated evidence message * @throws CryptoException */ public BigInteger calculateClientEvidenceMessage() throws CryptoException { // Verify pre-requirements if (this.A == null || this.B == null || this.S == null) { throw new CryptoException("Impossible to compute M1: " + "some data are missing from the previous operations (A,B,S)"); } // compute the client evidence message 'M1' this.M1 = SRP6Util.calculateM1(digest, N, A, B, S); return M1; }
/** * Computes the final session key as a result of the SRP successful mutual authentication * To be called after verifying the server evidence message M2. * @return Key: the mutually authenticated symmetric session key * @throws CryptoException */ public BigInteger calculateSessionKey() throws CryptoException{ //verify pre-requirements (here we enforce a previous calculation of M1 and M2) if ((this.S==null)||(this.M1==null)||(this.M2==null)){ throw new CryptoException("Impossible to compute Key: " + "some data are missing from the previous operations (S,M1,M2)"); } this.Key = SRP6Util.calculateKey(digest, N, S); return Key; } }
/** * Computes the server evidence message M2 using the previously verified values. * To be called after successfully verifying the client evidence message M1. * @return M2: the server side generated evidence message * @throws CryptoException */ public BigInteger calculateServerEvidenceMessage() throws CryptoException { // Verify pre-requirements if (this.A == null || this.M1 == null || this.S == null) { throw new CryptoException("Impossible to compute M2: " + "some data are missing from the previous operations (A,M1,S)"); } // Compute the server evidence message 'M2' this.M2 = SRP6Util.calculateM2(digest, N, A, M1, S); return M2; }
/** * Generates the secret S given the server's credentials * @param serverB The server's credentials * @return Client's verification message for the server * @throws CryptoException If server's credentials are invalid */ public BigInteger calculateSecret(BigInteger serverB) throws CryptoException { this.B = SRP6Util.validatePublicValue(N, serverB); this.u = SRP6Util.calculateU(digest, N, A, B); this.S = calculateS(); return S; }
this.B = SRP6Util.validatePublicValue(N, new BigInteger(1, BBytes));
protected BigInteger selectPrivateValue() { return SRP6Util.generatePrivateValue(digest, N, g, random); }