org.bouncycastle.crypto.agreement.srp

Class SRP6Client

java.lang.Object

org.bouncycastle.crypto.agreement.srp.SRP6Client

public class SRP6Client
extends Object

Implements the client side SRP-6a protocol. Note that this class is stateful, and therefore NOT threadsafe. This implementation of SRP is based on the optimized message sequence put forth by Thomas Wu in the paper "SRP-6: Improvements and Refinements to the Secure Remote Password Protocol, 2002"

Field Summary

Fields

Modifier and Type	Field and Description
protected BigInteger	a
protected BigInteger	A
protected BigInteger	B
protected Digest	digest
protected BigInteger	g
protected BigInteger	Key
protected BigInteger	M1
protected BigInteger	M2
protected BigInteger	N
protected SecureRandom	random
protected BigInteger	S
protected BigInteger	u
protected BigInteger	x

Constructor Summary

Constructors

Constructor and Description
SRP6Client()

Method Summary

Modifier and Type	Method and Description
BigInteger	calculateClientEvidenceMessage() Computes the client evidence message M1 using the previously received values.
BigInteger	calculateSecret(BigInteger serverB) Generates the secret S given the server's credentials
BigInteger	calculateSessionKey() Computes the final session key as a result of the SRP successful mutual authentication To be called after verifying the server evidence message M2.
BigInteger	generateClientCredentials(byte[] salt, byte[] identity, byte[] password) Generates client's credentials given the client's salt, identity and password
void	init(BigInteger N, BigInteger g, Digest digest, SecureRandom random) Initialises the client to begin new authentication attempt
void	init(SRP6GroupParameters group, Digest digest, SecureRandom random)
protected BigInteger	selectPrivateValue()
boolean	verifyServerEvidenceMessage(BigInteger serverM2) Authenticates the server evidence message M2 received and saves it only if correct.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

N

protected BigInteger N

g

protected BigInteger g

a

protected BigInteger a

A

protected BigInteger A

B

protected BigInteger B

x

protected BigInteger x

u

protected BigInteger u

S

protected BigInteger S

M1

protected BigInteger M1

M2

protected BigInteger M2

Key

protected BigInteger Key

digest

protected Digest digest

random

protected SecureRandom random

Constructor Detail

SRP6Client

public SRP6Client()

Method Detail

init

public void init(BigInteger N,
                 BigInteger g,
                 Digest digest,
                 SecureRandom random)

Initialises the client to begin new authentication attempt

Parameters:

N - The safe prime associated with the client's verifier

g - The group parameter associated with the client's verifier

digest - The digest algorithm associated with the client's verifier

random - For key generation

init

public void init(SRP6GroupParameters group,
                 Digest digest,
                 SecureRandom random)

generateClientCredentials

public BigInteger generateClientCredentials(byte[] salt,
                                            byte[] identity,
                                            byte[] password)

Generates client's credentials given the client's salt, identity and password

Parameters:

salt - The salt used in the client's verifier.

identity - The user's identity (eg. username)

password - The user's password

Returns:

Client's public value to send to server

calculateSecret

public BigInteger calculateSecret(BigInteger serverB)
                           throws CryptoException

Generates the secret S given the server's credentials

Parameters:

serverB - The server's credentials

Returns:

Client's verification message for the server

Throws:

CryptoException - If server's credentials are invalid

selectPrivateValue

protected BigInteger selectPrivateValue()

calculateClientEvidenceMessage

public BigInteger calculateClientEvidenceMessage()
                                          throws CryptoException

Computes the client evidence message M1 using the previously received values. To be called after calculating the secret S.

Returns:

M1: the client side generated evidence message

Throws:

CryptoException

verifyServerEvidenceMessage

public boolean verifyServerEvidenceMessage(BigInteger serverM2)
                                    throws CryptoException

Authenticates the server evidence message M2 received and saves it only if correct.

Parameters:

serverM2 - the server side generated evidence message

Returns:

A boolean indicating if the server message M2 was the expected one.

Throws:

CryptoException

calculateSessionKey

public BigInteger calculateSessionKey()
                               throws CryptoException

Computes the final session key as a result of the SRP successful mutual authentication To be called after verifying the server evidence message M2.

Returns:

Key: the mutually authenticated symmetric session key

Throws:

CryptoException