diff options
| author | Daniele Grasso <danielegrasso86@gmail.com> | 2013-09-17 22:08:58 +0400 |
|---|---|---|
| committer | Daniele Grasso <danielegrasso86@gmail.com> | 2013-09-17 22:08:58 +0400 |
| commit | ce293096c411c1c7c1bdcd91fb455a09cec91ecf (patch) | |
| tree | a830945ca90292f3932a4e509c741652a962088f /core/src/main/java/org/bouncycastle/crypto/agreement | |
| parent | a7bf2a8b5dbf0068776cb2f75a42e17caf6f97d0 (diff) | |
Update SRP6Util.java
fixed missing padding of Biginteger during hashes
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/agreement')
| -rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Util.java | 66 |
1 files changed, 35 insertions, 31 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Util.java b/core/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Util.java index 9b555874..6bcf0183 100644 --- a/core/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Util.java +++ b/core/src/main/java/org/bouncycastle/crypto/agreement/srp/SRP6Util.java @@ -60,65 +60,69 @@ public class SRP6Util return val; } - - /** + /** * Computes the client evidence message (M1) according to the standard routine: * M1 = H( A | B | S ) * @param digest The Digest used as the hashing function H + * @param N Modulus used to get the pad length * @param A The public client value * @param B The public server value * @param S The secret calculated by both sides * @return M1 The calculated client evidence message */ - public static BigInteger calculateM1(Digest digest, BigInteger A, BigInteger B, BigInteger S) { - byte[] _output = new byte[digest.getDigestSize()]; - byte[] _A = A.toByteArray(); - byte[] _B = B.toByteArray(); - byte[] _S = S.toByteArray(); - digest.update(_A, 0, _A.length); - digest.update(_B, 0, _B.length); - digest.update(_S, 0, _S.length); - digest.doFinal(_output, 0); - BigInteger M1 = new BigInteger(1, _output); + public static BigInteger calculateM1(Digest digest, BigInteger N, BigInteger A, BigInteger B, BigInteger S) { + BigInteger M1 = hashPaddedTriplet(digest,N,A,B,S); return M1; } - /** + /** * Computes the server evidence message (M2) according to the standard routine: * M2 = H( A | M1 | S ) * @param digest The Digest used as the hashing function H + * @param N Modulus used to get the pad length * @param A The public client value * @param M1 The client evidence message * @param S The secret calculated by both sides * @return M2 The calculated server evidence message */ - public static BigInteger calculateM2(Digest digest, BigInteger A, BigInteger M1, BigInteger S){ - byte[] _output = new byte[digest.getDigestSize()]; - byte[] _A = A.toByteArray(); - byte[] _M1 = M1.toByteArray(); - byte[] _S = S.toByteArray(); - digest.update(_A, 0, _A.length); - digest.update(_M1,0,_M1.length); - digest.update(_S, 0, _S.length); - digest.doFinal(_output, 0); - BigInteger M2 = new BigInteger(1, _output); + public static BigInteger calculateM2(Digest digest, BigInteger N, BigInteger A, BigInteger M1, BigInteger S){ + BigInteger M2 = hashPaddedTriplet(digest,N,A,M1,S); return M2; } /** * Computes the final Key according to the standard routine: Key = H(S) * @param digest The Digest used as the hashing function H - * @param S the secret calculated by both sides - * @return Key for the current session, derived from the secret S + * @param N Modulus used to get the pad length + * @param S The secret calculated by both sides + * @return */ - public static BigInteger calculateKey(Digest digest, BigInteger S) { - byte[] _output = new byte[digest.getDigestSize()]; - byte[] _S = S.toByteArray(); + public static BigInteger calculateKey(Digest digest, BigInteger N, BigInteger S) { + int padLength = (N.bitLength() + 7) / 8; + byte[] _S = getPadded(S,padLength); digest.update(_S, 0, _S.length); - digest.doFinal(_output, 0); - BigInteger Key = new BigInteger(1, _output); - return Key; + + byte[] output = new byte[digest.getDigestSize()]; + digest.doFinal(output, 0); + return new BigInteger(1, output); } + + private static BigInteger hashPaddedTriplet(Digest digest, BigInteger N, BigInteger n1, BigInteger n2, BigInteger n3){ + int padLength = (N.bitLength() + 7) / 8; + + byte[] n1_bytes = getPadded(n1, padLength); + byte[] n2_bytes = getPadded(n2, padLength); + byte[] n3_bytes = getPadded(n3, padLength); + + digest.update(n1_bytes, 0, n1_bytes.length); + digest.update(n2_bytes, 0, n2_bytes.length); + digest.update(n3_bytes, 0, n3_bytes.length); + + byte[] output = new byte[digest.getDigestSize()]; + digest.doFinal(output, 0); + + return new BigInteger(1, output); + } private static BigInteger hashPaddedPair(Digest digest, BigInteger N, BigInteger n1, BigInteger n2) { |