com.nimbusds.srp6.SRP6Routines
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
public class SRP6Routines
Secure Remote Password (SRP-6a) routines for computing the various protocol variables and messages.
The routines comply with RFC 5054 (SRP for TLS), with the following exceptions:
This class contains portions of code from Bouncy Castle's SRP6 implementation.
| Method Summary | |
|---|---|
protected static byte[] |
bigIntegerToUnsignedByteArray(java.math.BigInteger value)
Returns the specified big integer as an unsigned byte array. |
static java.math.BigInteger |
computeClientEvidence(java.security.MessageDigest digest,
java.math.BigInteger A,
java.math.BigInteger B,
java.math.BigInteger S)
Computes the client evidence message M1 = H(A | B | S) |
static java.math.BigInteger |
computeK(java.security.MessageDigest digest,
java.math.BigInteger N,
java.math.BigInteger g)
Computes the SRP-6 multiplier k = H(N | PAD(g)) |
static java.math.BigInteger |
computePublicClientValue(java.math.BigInteger N,
java.math.BigInteger g,
java.math.BigInteger a)
Computes the public client value A = g^a (mod N) |
static java.math.BigInteger |
computePublicServerValue(java.math.BigInteger N,
java.math.BigInteger g,
java.math.BigInteger k,
java.math.BigInteger v,
java.math.BigInteger b)
Computes the public server value B = k * v + g^b (mod N) |
protected static java.math.BigInteger |
computeServerEvidence(java.security.MessageDigest digest,
java.math.BigInteger A,
java.math.BigInteger M1,
java.math.BigInteger S)
Computes the server evidence message M2 = H(A | M1 | S) |
static java.math.BigInteger |
computeSessionKey(java.math.BigInteger N,
java.math.BigInteger v,
java.math.BigInteger u,
java.math.BigInteger A,
java.math.BigInteger b)
Computes the session key S = (A * v^u) ^ b (mod N) from server-side parameters. |
static java.math.BigInteger |
computeSessionKey(java.math.BigInteger N,
java.math.BigInteger g,
java.math.BigInteger k,
java.math.BigInteger x,
java.math.BigInteger u,
java.math.BigInteger a,
java.math.BigInteger B)
Computes the session key S = (B - k * g^x) ^ (a + u * x) (mod N) from client-side parameters. |
static java.math.BigInteger |
computeU(java.security.MessageDigest digest,
java.math.BigInteger N,
java.math.BigInteger A,
java.math.BigInteger B)
Computes the random scrambling parameter u = H(PAD(A) | PAD(B)) |
static java.math.BigInteger |
computeVerifier(java.math.BigInteger N,
java.math.BigInteger g,
java.math.BigInteger x)
Computes a verifier v = g^x (mod N) |
static java.math.BigInteger |
computeX(java.security.MessageDigest digest,
byte[] salt,
byte[] password)
Computes x = H(s | H(P)) |
protected static java.math.BigInteger |
createRandomBigIntegerInRange(java.math.BigInteger min,
java.math.BigInteger max,
java.security.SecureRandom random)
Returns a random big integer in the specified range [min, max]. |
static java.math.BigInteger |
generatePrivateValue(java.security.MessageDigest digest,
java.math.BigInteger N,
java.security.SecureRandom random)
Generates a random SRP-6a client or server private value ('a' or 'b') which is 256 bits long. |
static byte[] |
generateRandomSalt(int numBytes)
Generates a random salt 's'. |
protected static byte[] |
getPadded(java.math.BigInteger n,
int length)
Pads a big integer with leading zeros up to the specified length. |
protected static java.math.BigInteger |
hashPaddedPair(java.security.MessageDigest digest,
java.math.BigInteger N,
java.math.BigInteger n1,
java.math.BigInteger n2)
Hashes two padded values 'n1' and 'n2' where the total length is determined by the size of N. |
static boolean |
isValidPublicValue(java.math.BigInteger N,
java.math.BigInteger value)
Validates an SRP6 client or server public value ('A' or 'B'). |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Method Detail |
|---|
public static java.math.BigInteger computeK(java.security.MessageDigest digest,
java.math.BigInteger N,
java.math.BigInteger g)
Specification: RFC 5054.
digest - The hash function 'H'. Must not be null.N - The prime parameter 'N'. Must not be null.g - The generator parameter 'g'. Must not be null.
public static byte[] generateRandomSalt(int numBytes)
numBytes - The number of bytes the salt 's' must have.
public static java.math.BigInteger computeX(java.security.MessageDigest digest,
byte[] salt,
byte[] password)
Note that this method differs from the RFC 5054 recommendation which includes the user identity 'I', i.e. x = H(s | H(I | ":" | P))
digest - The hash function 'H'. Must not be null.salt - The salt 's'. Must not be null.password - The user password 'P'. Must not be null.
public static java.math.BigInteger computeVerifier(java.math.BigInteger N,
java.math.BigInteger g,
java.math.BigInteger x)
Specification: RFC 5054.
N - The prime parameter 'N'. Must not be null.g - The generator parameter 'g'. Must not be null.x - The password key 'x', see computeX(java.security.MessageDigest, byte[], byte[]). Must not be
null.
public static java.math.BigInteger generatePrivateValue(java.security.MessageDigest digest,
java.math.BigInteger N,
java.security.SecureRandom random)
Specification: RFC 5054.
digest - The hash function 'H'. Must not be null.N - The prime parameter 'N'. Must not be null.random - Source of randomness. Must not be null.
public static java.math.BigInteger computePublicClientValue(java.math.BigInteger N,
java.math.BigInteger g,
java.math.BigInteger a)
Specification: RFC 5054.
N - The prime parameter 'N'. Must not be null.g - The generator parameter 'g'. Must not be null.a - The private client value 'a'. Must not be null.
public static java.math.BigInteger computePublicServerValue(java.math.BigInteger N,
java.math.BigInteger g,
java.math.BigInteger k,
java.math.BigInteger v,
java.math.BigInteger b)
Specification: RFC 5054.
N - The prime parameter 'N'. Must not be null.g - The generator parameter 'g'. Must not be null.k - The SRP-6a multiplier 'k'. Must not be null.v - The password verifier 'v'. Must not be null.b - The private server value 'b'. Must not be null.
public static boolean isValidPublicValue(java.math.BigInteger N,
java.math.BigInteger value)
Specification: RFC 5054.
N - The prime parameter 'N'. Must not be null.value - The public value ('A' or 'B') to validate.
true on successful validation, else false.
public static java.math.BigInteger computeU(java.security.MessageDigest digest,
java.math.BigInteger N,
java.math.BigInteger A,
java.math.BigInteger B)
Specification: RFC 5054.
digest - The hash function 'H'. Must not be null.N - The prime parameter 'N'. Must not be null.A - The public client value 'A'. Must not be null.B - The public server value 'B'. Must not be null.
public static java.math.BigInteger computeSessionKey(java.math.BigInteger N,
java.math.BigInteger g,
java.math.BigInteger k,
java.math.BigInteger x,
java.math.BigInteger u,
java.math.BigInteger a,
java.math.BigInteger B)
Specification: RFC 5054
N - The prime parameter 'N'. Must not be null.g - The generator parameter 'g'. Must not be null.k - The SRP-6a multiplier 'k'. Must not be null.x - The 'x' value, see computeX(java.security.MessageDigest, byte[], byte[]). Must not be
null.u - The random scrambling parameter 'u'. Must not be
null.a - The private client value 'a'. Must not be null.B - The public server value 'B'. Must note be null.
public static java.math.BigInteger computeSessionKey(java.math.BigInteger N,
java.math.BigInteger v,
java.math.BigInteger u,
java.math.BigInteger A,
java.math.BigInteger b)
Specification: RFC 5054
N - The prime parameter 'N'. Must not be null.v - The password verifier 'v'. Must not be null.u - The random scrambling parameter 'u'. Must not be
null.A - The public client value 'A'. Must not be null.b - The private server value 'b'. Must not be null.
public static java.math.BigInteger computeClientEvidence(java.security.MessageDigest digest,
java.math.BigInteger A,
java.math.BigInteger B,
java.math.BigInteger S)
Specification: Tom Wu's paper "SRP-6: Improvements and refinements to the Secure Remote Password protocol", table 5, from 2002.
digest - The hash function 'H'. Must not be null.A - The public client value 'A'. Must not be null.B - The public server value 'B'. Must note be null.S - The session key 'S'. Must not be null.
protected static java.math.BigInteger computeServerEvidence(java.security.MessageDigest digest,
java.math.BigInteger A,
java.math.BigInteger M1,
java.math.BigInteger S)
Specification: Tom Wu's paper "SRP-6: Improvements and refinements to the Secure Remote Password protocol", table 5, from 2002.
digest - The hash function 'H'. Must not be null.A - The public client value 'A'. Must not be null.M1 - The client evidence message 'M1'. Must not be
null.S - The session key 'S'. Must not be null.
protected static java.math.BigInteger hashPaddedPair(java.security.MessageDigest digest,
java.math.BigInteger N,
java.math.BigInteger n1,
java.math.BigInteger n2)
H(PAD(n1) | PAD(n2))
digest - The hash function 'H'. Must not be null.N - Its size determines the pad length. Must not be
null.n1 - The first value to pad and hash.n2 - The second value to pad and hash.
protected static byte[] getPadded(java.math.BigInteger n,
int length)
n - The big integer to pad. Must not be null.length - The required length of the padded big integer as a
byte array.
protected static byte[] bigIntegerToUnsignedByteArray(java.math.BigInteger value)
value - The big integer, must not be null.
protected static java.math.BigInteger createRandomBigIntegerInRange(java.math.BigInteger min,
java.math.BigInteger max,
java.security.SecureRandom random)
min - The least value that may be generated. Must not be
null.max - The greatest value that may be generated. Must not be
null.random - Source of randomness. Must not be null.
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||