Overview Package Class Use Source Tree Index Deprecated About
Frames | No Frames

Source for gnu.javax.crypto.key.srp6.SRP6TLSServer

   1: /* SRP6TLSServer.java --
   2:    Copyright (C) 2003, 2006 Free Software Foundation, Inc.
   3: 
   4: This file is a part of GNU Classpath.
   5: 
   6: GNU Classpath is free software; you can redistribute it and/or modify
   7: it under the terms of the GNU General Public License as published by
   8: the Free Software Foundation; either version 2 of the License, or (at
   9: your option) any later version.
  10: 
  11: GNU Classpath is distributed in the hope that it will be useful, but
  12: WITHOUT ANY WARRANTY; without even the implied warranty of
  13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14: General Public License for more details.
  15: 
  16: You should have received a copy of the GNU General Public License
  17: along with GNU Classpath; if not, write to the Free Software
  18: Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
  19: USA
  20: 
  21: Linking this library statically or dynamically with other modules is
  22: making a combined work based on this library.  Thus, the terms and
  23: conditions of the GNU General Public License cover the whole
  24: combination.
  25: 
  26: As a special exception, the copyright holders of this library give you
  27: permission to link this library with independent modules to produce an
  28: executable, regardless of the license terms of these independent
  29: modules, and to copy and distribute the resulting executable under
  30: terms of your choice, provided that you also meet, for each linked
  31: independent module, the terms and conditions of the license of that
  32: module.  An independent module is a module which is not derived from
  33: or based on this library.  If you modify this library, you may extend
  34: this exception to your version of the library, but you are not
  35: obligated to do so.  If you do not wish to do so, delete this
  36: exception statement from your version.  */
  37: 
  38: 
  39: package gnu.javax.crypto.key.srp6;
  40: 
  41: import gnu.java.security.Registry;
  42: import gnu.java.security.util.Util;
  43: import gnu.javax.crypto.key.KeyAgreementException;
  44: import gnu.javax.crypto.key.OutgoingMessage;
  45: import gnu.javax.crypto.key.IncomingMessage;
  46: import gnu.javax.crypto.sasl.srp.SRP;
  47: import gnu.javax.crypto.sasl.srp.SRPAuthInfoProvider;
  48: import gnu.javax.crypto.sasl.srp.SRPRegistry;
  49: 
  50: import java.io.IOException;
  51: import java.math.BigInteger;
  52: import java.security.KeyPair;
  53: import java.security.SecureRandom;
  54: import java.util.HashMap;
  55: import java.util.Map;
  56: 
  57: /**
  58:  * A variation of the SRP6 key agreement protocol, for the server-side as
  59:  * proposed in <a
  60:  * href="http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-05.txt">Using
  61:  * SRP for TLS Authentication</a>. The only difference between it and the SASL
  62:  * variant is that the shared secret is the entity <code>S</code> and not
  63:  * <code>H(S)</code>.
  64:  */
  65: public class SRP6TLSServer
  66:     extends SRP6KeyAgreement
  67: {
  68:   /** The user's ephemeral key pair. */
  69:   private KeyPair hostKeyPair;
  70:   /** The SRP password database. */
  71:   private SRPAuthInfoProvider passwordDB;
  72: 
  73:   // default 0-arguments constructor
  74: 
  75:   protected void engineInit(final Map attributes) throws KeyAgreementException
  76:   {
  77:     rnd = (SecureRandom) attributes.get(SOURCE_OF_RANDOMNESS);
  78:     final String md = (String) attributes.get(HASH_FUNCTION);
  79:     if (md == null || md.trim().length() == 0)
  80:       throw new KeyAgreementException("missing hash function");
  81:     srp = SRP.instance(md);
  82:     passwordDB = (SRPAuthInfoProvider) attributes.get(HOST_PASSWORD_DB);
  83:     if (passwordDB == null)
  84:       throw new KeyAgreementException("missing SRP password database");
  85:   }
  86: 
  87:   protected OutgoingMessage engineProcessMessage(final IncomingMessage in)
  88:       throws KeyAgreementException
  89:   {
  90:     switch (step)
  91:       {
  92:       case 0:
  93:         return sendParameters(in);
  94:       case 1:
  95:         return computeSharedSecret(in);
  96:       default:
  97:         throw new IllegalStateException("unexpected state");
  98:       }
  99:   }
 100: 
 101:   protected void engineReset()
 102:   {
 103:     hostKeyPair = null;
 104:     super.engineReset();
 105:   }
 106: 
 107:   private OutgoingMessage sendParameters(final IncomingMessage in)
 108:       throws KeyAgreementException
 109:   {
 110:     final String I = in.readString();
 111:     // get s and v for user identified by I
 112:     // ----------------------------------------------------------------------
 113:     final Map credentials;
 114:     try
 115:       {
 116:         final Map userID = new HashMap();
 117:         userID.put(Registry.SASL_USERNAME, I);
 118:         userID.put(SRPRegistry.MD_NAME_FIELD, srp.getAlgorithm());
 119:         credentials = passwordDB.lookup(userID);
 120:       }
 121:     catch (IOException x)
 122:       {
 123:         throw new KeyAgreementException("computeSharedSecret()", x);
 124:       }
 125: 
 126:     final BigInteger s = new BigInteger(
 127:         1, Util.fromBase64((String) credentials.get(SRPRegistry.SALT_FIELD)));
 128:     final BigInteger v = new BigInteger(
 129:         1, Util.fromBase64((String) credentials.get(SRPRegistry.USER_VERIFIER_FIELD)));
 130:     final Map configuration;
 131:     try
 132:       {
 133:         final String mode = (String) credentials.get(SRPRegistry.CONFIG_NDX_FIELD);
 134:         configuration = passwordDB.getConfiguration(mode);
 135:       }
 136:     catch (IOException x)
 137:       {
 138:         throw new KeyAgreementException("computeSharedSecret()", x);
 139:       }
 140:     N = new BigInteger(
 141:         1, Util.fromBase64((String) configuration.get(SRPRegistry.SHARED_MODULUS)));
 142:     g = new BigInteger(
 143:         1, Util.fromBase64((String) configuration.get(SRPRegistry.FIELD_GENERATOR)));
 144:     // generate an ephemeral keypair
 145:     final SRPKeyPairGenerator kpg = new SRPKeyPairGenerator();
 146:     final Map attributes = new HashMap();
 147:     if (rnd != null)
 148:       attributes.put(SRPKeyPairGenerator.SOURCE_OF_RANDOMNESS, rnd);
 149:     attributes.put(SRPKeyPairGenerator.SHARED_MODULUS, N);
 150:     attributes.put(SRPKeyPairGenerator.GENERATOR, g);
 151:     attributes.put(SRPKeyPairGenerator.USER_VERIFIER, v);
 152:     kpg.setup(attributes);
 153:     hostKeyPair = kpg.generate();
 154:     final BigInteger B = ((SRPPublicKey) hostKeyPair.getPublic()).getY();
 155:     final OutgoingMessage result = new OutgoingMessage();
 156:     result.writeMPI(N);
 157:     result.writeMPI(g);
 158:     result.writeMPI(s);
 159:     result.writeMPI(B);
 160:     return result;
 161:   }
 162: 
 163:   protected OutgoingMessage computeSharedSecret(final IncomingMessage in)
 164:       throws KeyAgreementException
 165:   {
 166:     final BigInteger A = in.readMPI();
 167:     final BigInteger B = ((SRPPublicKey) hostKeyPair.getPublic()).getY();
 168:     final BigInteger u = uValue(A, B); // u = H(A | B)
 169:     // compute S = (Av^u) ^ b
 170:     final BigInteger b = ((SRPPrivateKey) hostKeyPair.getPrivate()).getX();
 171:     final BigInteger v = ((SRPPrivateKey) hostKeyPair.getPrivate()).getV();
 172:     final BigInteger S = A.multiply(v.modPow(u, N)).modPow(b, N);
 173:     K = S;
 174:     complete = true;
 175:     return null;
 176:   }
 177: }

Overview Package Class Use Source Tree Index Deprecated About