Source for gnu.javax.crypto.key.srp6.SRP6KeyAgreement

   1: /* SRP6KeyAgreement.java --
   2:    Copyright (C) 2003, 2006 Free Software Foundation, Inc.
   3: 
   4: This file is a part of GNU Classpath.
   5: 
   6: GNU Classpath is free software; you can redistribute it and/or modify
   7: it under the terms of the GNU General Public License as published by
   8: the Free Software Foundation; either version 2 of the License, or (at
   9: your option) any later version.
  10: 
  11: GNU Classpath is distributed in the hope that it will be useful, but
  12: WITHOUT ANY WARRANTY; without even the implied warranty of
  13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14: General Public License for more details.
  15: 
  16: You should have received a copy of the GNU General Public License
  17: along with GNU Classpath; if not, write to the Free Software
  18: Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
  19: USA
  20: 
  21: Linking this library statically or dynamically with other modules is
  22: making a combined work based on this library.  Thus, the terms and
  23: conditions of the GNU General Public License cover the whole
  24: combination.
  25: 
  26: As a special exception, the copyright holders of this library give you
  27: permission to link this library with independent modules to produce an
  28: executable, regardless of the license terms of these independent
  29: modules, and to copy and distribute the resulting executable under
  30: terms of your choice, provided that you also meet, for each linked
  31: independent module, the terms and conditions of the license of that
  32: module.  An independent module is a module which is not derived from
  33: or based on this library.  If you modify this library, you may extend
  34: this exception to your version of the library, but you are not
  35: obligated to do so.  If you do not wish to do so, delete this
  36: exception statement from your version.  */
  37: 
  38: 
  39: package gnu.javax.crypto.key.srp6;
  40: 
  41: import gnu.java.security.Registry;
  42: import gnu.java.security.hash.IMessageDigest;
  43: import gnu.java.security.util.Util;
  44: 
  45: import gnu.javax.crypto.key.BaseKeyAgreementParty;
  46: import gnu.javax.crypto.key.KeyAgreementException;
  47: import gnu.javax.crypto.sasl.srp.SRP;
  48: 
  49: import java.math.BigInteger;
  50: 
  51: /**
  52:  * The Secure Remote Password (SRP) key agreement protocol, also known as SRP-6,
  53:  * is designed by Thomas J. Wu (see references). The protocol, and its elements
  54:  * are described as follows:
  55:  * <pre>
  56:  *  N    A large safe prime (N = 2q+1, where q is prime)
  57:  *       All arithmetic is done modulo N.
  58:  *  g    A generator modulo N
  59:  *  s    User's salt
  60:  *  I    Username
  61:  *  p    Cleartext Password
  62:  *  H()  One-way hash function
  63:  *  &circ;    (Modular) Exponentiation
  64:  *  u    Random scrambling parameter
  65:  *  a,b  Secret ephemeral values
  66:  *  A,B  Public ephemeral values
  67:  *  x    Private key (derived from p and s)
  68:  *  v    Password verifier
  69:  *
  70:  *  The host stores passwords using the following formula:
  71:  *  x = H(s | H(I &quot;:&quot; p))           (s is chosen randomly)
  72:  *  v = g&circ;x                         (computes password verifier)
  73:  *
  74:  *  The host then keeps {I, s, v} in its password database.
  75:  *
  76:  *  The authentication protocol itself goes as follows:
  77:  *  User -&gt; Host:  I, A = g&circ;a         (identifies self, a = random number)
  78:  *  Host -&gt; User:  s, B = 3v + g&circ;b    (sends salt, b = random number)
  79:  *
  80:  *  Both:  u = H(A, B)
  81:  *
  82:  *  User:  x = H(s, p)               (user enters password)
  83:  *  User:  S = (B - 3g&circ;x) &circ; (a + ux) (computes session key)
  84:  *  User:  K = H(S)
  85:  *
  86:  *  Host:  S = (Av&circ;u) &circ; b            (computes session key)
  87:  *  Host:  K = H(S)
  88:  * </pre>
  89:  * <p>
  90:  * Reference:
  91:  * <ol>
  92:  * <li><a href="http://srp.stanford.edu/design.html">SRP Protocol Design</a><br>
  93:  * Thomas J. Wu.</li>
  94:  * </ol>
  95:  */
  96: public abstract class SRP6KeyAgreement
  97:     extends BaseKeyAgreementParty
  98: {
  99:   public static final String SOURCE_OF_RANDOMNESS = "gnu.crypto.srp6.ka.prng";
 100:   public static final String SHARED_MODULUS = "gnu.crypto.srp6.ka.N";
 101:   public static final String GENERATOR = "gnu.crypto.srp6.ka.g";
 102:   public static final String HASH_FUNCTION = "gnu.crypto.srp6.ka.H";
 103:   public static final String USER_IDENTITY = "gnu.crypto.srp6.ka.I";
 104:   public static final String USER_PASSWORD = "gnu.crypto.srp6.ka.p";
 105:   public static final String HOST_PASSWORD_DB = "gnu.crypto.srp6.ka.password.db";
 106:   protected static final BigInteger THREE = BigInteger.valueOf(3L);
 107:   protected SRP srp;
 108:   protected BigInteger N;
 109:   protected BigInteger g;
 110:   /** The shared secret key. */
 111:   protected BigInteger K;
 112: 
 113:   protected SRP6KeyAgreement()
 114:   {
 115:     super(Registry.SRP6_KA);
 116:   }
 117: 
 118:   protected byte[] engineSharedSecret() throws KeyAgreementException
 119:   {
 120:     return Util.trim(K);
 121:   }
 122: 
 123:   protected void engineReset()
 124:   {
 125:     srp = null;
 126:     N = null;
 127:     g = null;
 128:     K = null;
 129:   }
 130: 
 131:   protected BigInteger uValue(final BigInteger A, final BigInteger B)
 132:   {
 133:     final IMessageDigest hash = srp.newDigest();
 134:     byte[] b;
 135:     b = Util.trim(A);
 136:     hash.update(b, 0, b.length);
 137:     b = Util.trim(B);
 138:     hash.update(b, 0, b.length);
 139:     return new BigInteger(1, hash.digest());
 140:   }
 141: }