org.bouncycastle.crypto.agreement.srp

Class SRP6Client

java.lang.Object

org.bouncycastle.crypto.agreement.srp.SRP6Client

public class SRP6Client
extends java.lang.Object

Implements the client side SRP-6a protocol. Note that this class is stateful, and therefore NOT threadsafe. This implementation of SRP is based on the optimized message sequence put forth by Thomas Wu in the paper "SRP-6: Improvements and Refinements to the Secure Remote Password Protocol, 2002"

Field Summary

Fields

Modifier and Type	Field and Description
protected java.math.BigInteger	a
protected java.math.BigInteger	A
protected java.math.BigInteger	B
protected Digest	digest
protected java.math.BigInteger	g
protected java.math.BigInteger	Key
protected java.math.BigInteger	M1
protected java.math.BigInteger	M2
protected java.math.BigInteger	N
protected java.security.SecureRandom	random
protected java.math.BigInteger	S
protected java.math.BigInteger	u
protected java.math.BigInteger	x

Constructor Summary

Constructors

Constructor and Description
SRP6Client()

Method Summary

Methods

Modifier and Type	Method and Description
java.math.BigInteger	calculateClientEvidenceMessage() Computes the client evidence message M1 using the previously received values.
java.math.BigInteger	calculateSecret(java.math.BigInteger serverB) Generates the secret S given the server's credentials
java.math.BigInteger	calculateSessionKey() Computes the final session key as a result of the SRP successful mutual authentication To be called after verifying the server evidence message M2.
java.math.BigInteger	generateClientCredentials(byte[] salt, byte[] identity, byte[] password) Generates client's credentials given the client's salt, identity and password
void	init(java.math.BigInteger N, java.math.BigInteger g, Digest digest, java.security.SecureRandom random) Initialises the client to begin new authentication attempt
void	init(SRP6GroupParameters group, Digest digest, java.security.SecureRandom random)
protected java.math.BigInteger	selectPrivateValue()
boolean	verifyServerEvidenceMessage(java.math.BigInteger serverM2) Authenticates the server evidence message M2 received and saves it only if correct.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

N

protected java.math.BigInteger N

g

protected java.math.BigInteger g

a

protected java.math.BigInteger a

A

protected java.math.BigInteger A

B

protected java.math.BigInteger B

x

protected java.math.BigInteger x

u

protected java.math.BigInteger u

S

protected java.math.BigInteger S

M1

protected java.math.BigInteger M1

M2

protected java.math.BigInteger M2

Key

protected java.math.BigInteger Key

digest

protected Digest digest

random

protected java.security.SecureRandom random

Constructor Detail

SRP6Client

public SRP6Client()

Method Detail

init

public void init(java.math.BigInteger N,
        java.math.BigInteger g,
        Digest digest,
        java.security.SecureRandom random)

Initialises the client to begin new authentication attempt

Parameters:

N - The safe prime associated with the client's verifier

g - The group parameter associated with the client's verifier

digest - The digest algorithm associated with the client's verifier

random - For key generation

init

public void init(SRP6GroupParameters group,
        Digest digest,
        java.security.SecureRandom random)

generateClientCredentials

public java.math.BigInteger generateClientCredentials(byte[] salt,
                                             byte[] identity,
                                             byte[] password)

Generates client's credentials given the client's salt, identity and password

Parameters:

salt - The salt used in the client's verifier.

identity - The user's identity (eg. username)

password - The user's password

Returns:

Client's public value to send to server

calculateSecret

public java.math.BigInteger calculateSecret(java.math.BigInteger serverB)
                                     throws CryptoException

Generates the secret S given the server's credentials

Parameters:

serverB - The server's credentials

Returns:

Client's verification message for the server

Throws:

CryptoException - If server's credentials are invalid

selectPrivateValue

protected java.math.BigInteger selectPrivateValue()

calculateClientEvidenceMessage

public java.math.BigInteger calculateClientEvidenceMessage()
                                                    throws CryptoException

Computes the client evidence message M1 using the previously received values. To be called after calculating the secret S.

Returns:

M1: the client side generated evidence message

Throws:

CryptoException

verifyServerEvidenceMessage

public boolean verifyServerEvidenceMessage(java.math.BigInteger serverM2)
                                    throws CryptoException

Authenticates the server evidence message M2 received and saves it only if correct.

Parameters:

serverM2 - the server side generated evidence message

Returns:

A boolean indicating if the server message M2 was the expected one.

Throws:

CryptoException

calculateSessionKey

public java.math.BigInteger calculateSessionKey()
                                         throws CryptoException

Computes the final session key as a result of the SRP successful mutual authentication To be called after verifying the server evidence message M2.

Returns:

Key: the mutually authenticated symmetric session key

Throws:

CryptoException