|
Bouncy Castle Cryptography Library 1.48 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.bouncycastle.crypto.agreement.jpake.JPAKEUtil
public class JPAKEUtil
Primitives needed for a J-PAKE exchange.
The recommended way to perform a J-PAKE exchange is by using twoJPAKEParticipant
s. Internally, those participants
call these primitive operations in JPAKEUtil
.
The primitives, however, can be used without a JPAKEParticipant
if needed.
Constructor Summary | |
---|---|
JPAKEUtil()
|
Method Summary | |
---|---|
static java.math.BigInteger |
calculateA(java.math.BigInteger p,
java.math.BigInteger q,
java.math.BigInteger gA,
java.math.BigInteger x2s)
Calculate A as done in round 2. |
static java.math.BigInteger |
calculateGA(java.math.BigInteger p,
java.math.BigInteger gx1,
java.math.BigInteger gx3,
java.math.BigInteger gx4)
Calculate ga as done in round 2. |
static java.math.BigInteger |
calculateGx(java.math.BigInteger p,
java.math.BigInteger g,
java.math.BigInteger x)
Calculate g^x mod p as done in round 1. |
static java.math.BigInteger |
calculateKeyingMaterial(java.math.BigInteger p,
java.math.BigInteger q,
java.math.BigInteger gx4,
java.math.BigInteger x2,
java.math.BigInteger s,
java.math.BigInteger B)
Calculates the keying material, which can be done after round 2 has completed. |
static java.math.BigInteger |
calculateMacTag(java.lang.String participantId,
java.lang.String partnerParticipantId,
java.math.BigInteger gx1,
java.math.BigInteger gx2,
java.math.BigInteger gx3,
java.math.BigInteger gx4,
java.math.BigInteger keyingMaterial,
Digest digest)
Calculates the MacTag (to be used for key confirmation), as defined by NIST SP 800-56A Revision 1, Section 8.2 Unilateral Key Confirmation for Key Agreement Schemes. |
static java.math.BigInteger |
calculateS(char[] password)
Converts the given password to a BigInteger
for use in arithmetic calculations. |
static java.math.BigInteger |
calculateX2s(java.math.BigInteger q,
java.math.BigInteger x2,
java.math.BigInteger s)
Calculate x2 * s as done in round 2. |
static java.math.BigInteger[] |
calculateZeroKnowledgeProof(java.math.BigInteger p,
java.math.BigInteger q,
java.math.BigInteger g,
java.math.BigInteger gx,
java.math.BigInteger x,
java.lang.String participantId,
Digest digest,
java.security.SecureRandom random)
Calculate a zero knowledge proof of x using Schnorr's signature. |
static java.math.BigInteger |
generateX1(java.math.BigInteger q,
java.security.SecureRandom random)
Return a value that can be used as x1 or x3 during round 1. |
static java.math.BigInteger |
generateX2(java.math.BigInteger q,
java.security.SecureRandom random)
Return a value that can be used as x2 or x4 during round 1. |
static void |
validateGa(java.math.BigInteger ga)
Validates that ga is not 1. |
static void |
validateGx4(java.math.BigInteger gx4)
Validates that g^x4 is not 1. |
static void |
validateMacTag(java.lang.String participantId,
java.lang.String partnerParticipantId,
java.math.BigInteger gx1,
java.math.BigInteger gx2,
java.math.BigInteger gx3,
java.math.BigInteger gx4,
java.math.BigInteger keyingMaterial,
Digest digest,
java.math.BigInteger partnerMacTag)
Validates the MacTag received from the partner participant. |
static void |
validateNotNull(java.lang.Object object,
java.lang.String description)
Validates that the given object is not null. |
static void |
validateParticipantIdsDiffer(java.lang.String participantId1,
java.lang.String participantId2)
Validates that the given participant ids are not equal. |
static void |
validateParticipantIdsEqual(java.lang.String expectedParticipantId,
java.lang.String actualParticipantId)
Validates that the given participant ids are equal. |
static void |
validateZeroKnowledgeProof(java.math.BigInteger p,
java.math.BigInteger q,
java.math.BigInteger g,
java.math.BigInteger gx,
java.math.BigInteger[] zeroKnowledgeProof,
java.lang.String participantId,
Digest digest)
Validates the zero knowledge proof (generated by calculateZeroKnowledgeProof(BigInteger, BigInteger, BigInteger, BigInteger, BigInteger, String, Digest, SecureRandom) )
is correct. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public JPAKEUtil()
Method Detail |
---|
public static java.math.BigInteger generateX1(java.math.BigInteger q, java.security.SecureRandom random)
public static java.math.BigInteger generateX2(java.math.BigInteger q, java.security.SecureRandom random)
public static java.math.BigInteger calculateS(char[] password)
BigInteger
for use in arithmetic calculations.
public static java.math.BigInteger calculateGx(java.math.BigInteger p, java.math.BigInteger g, java.math.BigInteger x)
public static java.math.BigInteger calculateGA(java.math.BigInteger p, java.math.BigInteger gx1, java.math.BigInteger gx3, java.math.BigInteger gx4)
public static java.math.BigInteger calculateX2s(java.math.BigInteger q, java.math.BigInteger x2, java.math.BigInteger s)
public static java.math.BigInteger calculateA(java.math.BigInteger p, java.math.BigInteger q, java.math.BigInteger gA, java.math.BigInteger x2s)
public static java.math.BigInteger[] calculateZeroKnowledgeProof(java.math.BigInteger p, java.math.BigInteger q, java.math.BigInteger g, java.math.BigInteger gx, java.math.BigInteger x, java.lang.String participantId, Digest digest, java.security.SecureRandom random)
public static void validateGx4(java.math.BigInteger gx4) throws CryptoException
CryptoException
- if g^x4 is 1public static void validateGa(java.math.BigInteger ga) throws CryptoException
Alice could simply check ga != 1 to ensure it is a generator. In fact, as we will explain in Section 3, (x1 + x3 + x4 ) is random over Zq even in the face of active attacks. Hence, the probability for ga = 1 is extremely small - on the order of 2^160 for 160-bit q.
CryptoException
- if ga is 1public static void validateZeroKnowledgeProof(java.math.BigInteger p, java.math.BigInteger q, java.math.BigInteger g, java.math.BigInteger gx, java.math.BigInteger[] zeroKnowledgeProof, java.lang.String participantId, Digest digest) throws CryptoException
calculateZeroKnowledgeProof(BigInteger, BigInteger, BigInteger, BigInteger, BigInteger, String, Digest, SecureRandom)
)
is correct.
CryptoException
- if the zero knowledge proof is not correctpublic static java.math.BigInteger calculateKeyingMaterial(java.math.BigInteger p, java.math.BigInteger q, java.math.BigInteger gx4, java.math.BigInteger x2, java.math.BigInteger s, java.math.BigInteger B)
JPAKEParticipant
).
KeyingMaterial = (B/g^{x2*x4*s})^x2
public static void validateParticipantIdsDiffer(java.lang.String participantId1, java.lang.String participantId2) throws CryptoException
CryptoException
- if the participantId strings are equal.public static void validateParticipantIdsEqual(java.lang.String expectedParticipantId, java.lang.String actualParticipantId) throws CryptoException
CryptoException
- if the participantId strings are equal.public static void validateNotNull(java.lang.Object object, java.lang.String description)
object
- object in questiondescription
- name of the object (to be used in exception message)
java.lang.NullPointerException
- if the object is null.public static java.math.BigInteger calculateMacTag(java.lang.String participantId, java.lang.String partnerParticipantId, java.math.BigInteger gx1, java.math.BigInteger gx2, java.math.BigInteger gx3, java.math.BigInteger gx4, java.math.BigInteger keyingMaterial, Digest digest)
MacTag = HMAC(MacKey, MacLen, MacData) MacKey = H(K || "JPAKE_KC") MacData = "KC_1_U" || participantId || partnerParticipantId || gx1 || gx2 || gx3 || gx4 Note that both participants use "KC_1_U" because the sender of the round 3 message is always the initiator for key confirmation. HMAC =HMac
used with the givenDigest
H = The givenDigest
MacLen = length of MacTag
public static void validateMacTag(java.lang.String participantId, java.lang.String partnerParticipantId, java.math.BigInteger gx1, java.math.BigInteger gx2, java.math.BigInteger gx3, java.math.BigInteger gx4, java.math.BigInteger keyingMaterial, Digest digest, java.math.BigInteger partnerMacTag) throws CryptoException
partnerMacTag
- the MacTag received from the partner.
CryptoException
- if the participantId strings are equal.
|
Bouncy Castle Cryptography Library 1.48 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |