public void processClientKeyExchange(InputStream input) throws IOException { /* * RFC 5054 2.5.4: The server MUST abort the handshake with an "illegal_parameter" alert if * A % N = 0. */ try { this.srpPeerCredentials = SRP6Util.validatePublicValue(srpGroup.getN(), TlsSRPUtils.readSRPParameter(input)); } catch (CryptoException e) { throw new TlsFatalAlert(AlertDescription.illegal_parameter, e); } context.getSecurityParameters().srpIdentity = Arrays.clone(identity); }
public void processServerKeyExchange(InputStream input) throws IOException { SecurityParameters securityParameters = context.getSecurityParameters(); InputStream sigIn = input; Signer signer = null; if (tlsSigner != null) { signer = initVerifyer(tlsSigner, securityParameters); sigIn = new SignerInputStream(input, signer); } byte[] NBytes = TlsUtils.readOpaque16(sigIn); byte[] gBytes = TlsUtils.readOpaque16(sigIn); byte[] sBytes = TlsUtils.readOpaque8(sigIn); byte[] BBytes = TlsUtils.readOpaque16(sigIn); if (signer != null) { byte[] sigByte = TlsUtils.readOpaque16(input); if (!signer.verifySignature(sigByte)) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } } BigInteger N = new BigInteger(1, NBytes); BigInteger g = new BigInteger(1, gBytes); // TODO Validate group parameters (see RFC 5054) // handler.failWithError(AlertLevel.fatal, AlertDescription.insufficient_security); this.s = sBytes; /* * RFC 5054 2.5.3: The client MUST abort the handshake with an "illegal_parameter" alert if * B % N = 0. */ try { this.B = SRP6Util.validatePublicValue(N, new BigInteger(1, BBytes)); } catch (CryptoException e) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } this.srpClient.init(N, g, new SHA1Digest(), context.getSecureRandom()); }
public byte[] generateClientCredentials() { return generateClientCredentials(SRP6Util.generatePrivateValue(digest, N, g, random)); }
public void processServerKeyExchange(InputStream is, SecurityParameters securityParameters) throws IOException { InputStream sigIn = is; Signer signer = null; if (tlsSigner != null) { signer = initSigner(tlsSigner, securityParameters); sigIn = new SignerInputStream(is, signer); } byte[] NBytes = TlsUtils.readOpaque16(sigIn); byte[] gBytes = TlsUtils.readOpaque16(sigIn); byte[] sBytes = TlsUtils.readOpaque8(sigIn); byte[] BBytes = TlsUtils.readOpaque16(sigIn); if (signer != null) { byte[] sigByte = TlsUtils.readOpaque16(is); if (!signer.verifySignature(sigByte)) { handler.failWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_bad_certificate); } } BigInteger N = new BigInteger(1, NBytes); BigInteger g = new BigInteger(1, gBytes); // TODO Validate group parameters (see RFC 5054) // handler.failWithError(TlsProtocolHandler.AL_fatal, // TlsProtocolHandler.AP_insufficient_security); this.s = sBytes; /* * RFC 5054 2.5.3: The client MUST abort the handshake with an "illegal_parameter" * alert if B % N = 0. */ try { this.B = SRP6Util.validatePublicValue(N, new BigInteger(1, BBytes)); } catch (CryptoException e) { handler.failWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_illegal_parameter); } this.srpClient.init(N, g, new SHA1Digest(), handler.getRandom()); }