public class SRP6Routines extends Object
The routines comply with RFC 5054 (SRP for TLS), with the following exceptions:
This class contains portions of code from Bouncy Castle's SRP6 implementation.
Modifier and Type | Method and Description |
---|---|
static BigInteger |
computeClientEvidence(MessageDigest digest,
BigInteger A,
BigInteger B,
BigInteger S)
Computes the client evidence message M1 = H(A | B | S)
|
static BigInteger |
computeK(MessageDigest digest,
BigInteger N,
BigInteger g)
Computes the SRP-6 multiplier k = H(N | PAD(g))
|
static BigInteger |
computePublicClientValue(BigInteger N,
BigInteger g,
BigInteger a)
Computes the public client value A = g^a (mod N)
|
static BigInteger |
computePublicServerValue(BigInteger N,
BigInteger g,
BigInteger k,
BigInteger v,
BigInteger b)
Computes the public server value B = k * v + g^b (mod N)
|
protected static BigInteger |
computeServerEvidence(MessageDigest digest,
BigInteger A,
BigInteger M1,
BigInteger S)
Computes the server evidence message M2 = H(A | M1 | S)
|
static BigInteger |
computeSessionKey(BigInteger N,
BigInteger v,
BigInteger u,
BigInteger A,
BigInteger b)
Computes the session key S = (A * v^u) ^ b (mod N) from server-side
parameters.
|
static BigInteger |
computeSessionKey(BigInteger N,
BigInteger g,
BigInteger k,
BigInteger x,
BigInteger u,
BigInteger a,
BigInteger B)
Computes the session key S = (B - k * g^x) ^ (a + u * x) (mod N)
from client-side parameters.
|
static BigInteger |
computeU(MessageDigest digest,
BigInteger N,
BigInteger A,
BigInteger B)
Computes the random scrambling parameter u = H(PAD(A) | PAD(B))
|
static BigInteger |
computeVerifier(BigInteger N,
BigInteger g,
BigInteger x)
Computes a verifier v = g^x (mod N)
|
static BigInteger |
computeX(MessageDigest digest,
byte[] salt,
byte[] password)
Computes x = H(s | H(P))
|
protected static BigInteger |
createRandomBigIntegerInRange(BigInteger min,
BigInteger max,
SecureRandom random)
Returns a random big integer in the specified range [min, max].
|
static BigInteger |
generatePrivateValue(BigInteger N,
SecureRandom random)
Generates a random SRP-6a client or server private value ('a' or
'b') which is 256 bits long.
|
static byte[] |
generateRandomSalt(int numBytes)
Generates a random salt 's'.
|
protected static byte[] |
getPadded(BigInteger n,
int length)
Pads a big integer with leading zeros up to the specified length.
|
protected static BigInteger |
hashPaddedPair(MessageDigest digest,
BigInteger N,
BigInteger n1,
BigInteger n2)
Hashes two padded values 'n1' and 'n2' where the total length is
determined by the size of N.
|
static boolean |
isValidPublicValue(BigInteger N,
BigInteger value)
Validates an SRP6 client or server public value ('A' or 'B').
|
public static BigInteger computeK(MessageDigest digest, BigInteger N, BigInteger g)
Specification: RFC 5054.
digest
- The hash function 'H'. Must not be null
.N
- The prime parameter 'N'. Must not be null
.g
- The generator parameter 'g'. Must not be null
.public static byte[] generateRandomSalt(int numBytes)
numBytes
- The number of bytes the salt 's' must have.public static BigInteger computeX(MessageDigest digest, byte[] salt, byte[] password)
Note that this method differs from the RFC 5054 recommendation which includes the user identity 'I', i.e. x = H(s | H(I | ":" | P))
digest
- The hash function 'H'. Must not be null
.salt
- The salt 's'. Must not be null
.password
- The user password 'P'. Must not be null
.public static BigInteger computeVerifier(BigInteger N, BigInteger g, BigInteger x)
Specification: RFC 5054.
N
- The prime parameter 'N'. Must not be null
.g
- The generator parameter 'g'. Must not be null
.x
- The password key 'x', see computeX(java.security.MessageDigest, byte[], byte[])
. Must not be
null
.public static BigInteger generatePrivateValue(BigInteger N, SecureRandom random)
Specification: RFC 5054.
N
- The prime parameter 'N'. Must not be null
.random
- Source of randomness. Must not be null
.public static BigInteger computePublicClientValue(BigInteger N, BigInteger g, BigInteger a)
Specification: RFC 5054.
N
- The prime parameter 'N'. Must not be null
.g
- The generator parameter 'g'. Must not be null
.a
- The private client value 'a'. Must not be null
.public static BigInteger computePublicServerValue(BigInteger N, BigInteger g, BigInteger k, BigInteger v, BigInteger b)
Specification: RFC 5054.
N
- The prime parameter 'N'. Must not be null
.g
- The generator parameter 'g'. Must not be null
.k
- The SRP-6a multiplier 'k'. Must not be null
.v
- The password verifier 'v'. Must not be null
.b
- The private server value 'b'. Must not be null
.public static boolean isValidPublicValue(BigInteger N, BigInteger value)
Specification: RFC 5054.
N
- The prime parameter 'N'. Must not be null
.value
- The public value ('A' or 'B') to validate.true
on successful validation, else false
.public static BigInteger computeU(MessageDigest digest, BigInteger N, BigInteger A, BigInteger B)
Specification: RFC 5054.
digest
- The hash function 'H'. Must not be null
.N
- The prime parameter 'N'. Must not be null
.A
- The public client value 'A'. Must not be null
.B
- The public server value 'B'. Must not be null
.public static BigInteger computeSessionKey(BigInteger N, BigInteger g, BigInteger k, BigInteger x, BigInteger u, BigInteger a, BigInteger B)
Specification: RFC 5054
N
- The prime parameter 'N'. Must not be null
.g
- The generator parameter 'g'. Must not be null
.k
- The SRP-6a multiplier 'k'. Must not be null
.x
- The 'x' value, see computeX(java.security.MessageDigest, byte[], byte[])
. Must not be
null
.u
- The random scrambling parameter 'u'. Must not be
null
.a
- The private client value 'a'. Must not be null
.B
- The public server value 'B'. Must note be null
.public static BigInteger computeSessionKey(BigInteger N, BigInteger v, BigInteger u, BigInteger A, BigInteger b)
Specification: RFC 5054
N
- The prime parameter 'N'. Must not be null
.v
- The password verifier 'v'. Must not be null
.u
- The random scrambling parameter 'u'. Must not be
null
.A
- The public client value 'A'. Must not be null
.b
- The private server value 'b'. Must not be null
.public static BigInteger computeClientEvidence(MessageDigest digest, BigInteger A, BigInteger B, BigInteger S)
Specification: Tom Wu's paper "SRP-6: Improvements and refinements to the Secure Remote Password protocol", table 5, from 2002.
digest
- The hash function 'H'. Must not be null
.A
- The public client value 'A'. Must not be null
.B
- The public server value 'B'. Must note be null
.S
- The session key 'S'. Must not be null
.protected static BigInteger computeServerEvidence(MessageDigest digest, BigInteger A, BigInteger M1, BigInteger S)
Specification: Tom Wu's paper "SRP-6: Improvements and refinements to the Secure Remote Password protocol", table 5, from 2002.
digest
- The hash function 'H'. Must not be null
.A
- The public client value 'A'. Must not be null
.M1
- The client evidence message 'M1'. Must not be
null
.S
- The session key 'S'. Must not be null
.protected static BigInteger hashPaddedPair(MessageDigest digest, BigInteger N, BigInteger n1, BigInteger n2)
H(PAD(n1) | PAD(n2))
digest
- The hash function 'H'. Must not be null
.N
- Its size determines the pad length. Must not be
null
.n1
- The first value to pad and hash.n2
- The second value to pad and hash.protected static byte[] getPadded(BigInteger n, int length)
n
- The big integer to pad. Must not be null
.length
- The required length of the padded big integer as a
byte array.protected static BigInteger createRandomBigIntegerInRange(BigInteger min, BigInteger max, SecureRandom random)
min
- The least value that may be generated. Must not be
null
.max
- The greatest value that may be generated. Must not be
null
.random
- Source of randomness. Must not be null
.Copyright © 2016 Connect2id Ltd.. All Rights Reserved.