📄 srpserver.java
字号:
// frameOut.setOS(C); // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding C (integrity checksum): "+Util.dumpString(C)); // } // result = frameOut.wrap(); // // } catch (IOException x) { // if (x instanceof SaslException) { // throw (SaslException) x; // } // throw new SaslException("engineWrap()", x); // } // // if (DEBUG && debuglevel > 8) debug(TRACE, "<== engineWrap()"); // return result; if (DEBUG && debuglevel > 8) debug(TRACE, "==> engineWrap()"); if (outMac == null && outCipher == null) { throw new IllegalStateException("connection is not protected"); } if (DEBUG && debuglevel > 6) debug(TRACE, "Outgoing buffer (before security) (hex): " + Util.dumpString(outgoing, offset, len)); if (DEBUG && debuglevel > 6) debug(TRACE, "Outgoing buffer (before security) (str): \"" + new String(outgoing, offset, len) + "\""); // at this point one, or both, of confidentiality and integrity protection // services are active. byte[] result; try { final ByteArrayOutputStream out = new ByteArrayOutputStream(); if (outCipher != null) { result = outCipher.doFinal(outgoing, offset, len); if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding c (encrypted plaintext): " + Util.dumpString(result)); out.write(result); if (outMac != null) { outMac.update(result); if (replayDetection) { outCounter++; if (DEBUG && debuglevel > 6) debug(TRACE, "outCounter=" + String.valueOf(outCounter)); outMac.update(new byte[] { (byte) (outCounter >>> 24), (byte) (outCounter >>> 16), (byte) (outCounter >>> 8), (byte) outCounter }); } final byte[] C = outMac.doFinal(); out.write(C); if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding C (integrity checksum): " + Util.dumpString(C)); } // else ciphertext only; do nothing } else { // no confidentiality; just integrity [+ replay detection] if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding p (plaintext): " + Util.dumpString(outgoing, offset, len)); out.write(outgoing, offset, len); // if (outMac != null) { outMac.update(outgoing, offset, len); if (replayDetection) { outCounter++; if (DEBUG && debuglevel > 6) debug(TRACE, "outCounter=" + String.valueOf(outCounter)); outMac.update(new byte[] { (byte) (outCounter >>> 24), (byte) (outCounter >>> 16), (byte) (outCounter >>> 8), (byte) outCounter }); } final byte[] C = outMac.doFinal(); out.write(C); if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding C (integrity checksum): " + Util.dumpString(C)); // } // else plaintext only; do nothing } result = out.toByteArray(); } catch (IOException x) { if (x instanceof SaslException) { throw (SaslException) x; } throw new SaslException("engineWrap()", x); } if (DEBUG && debuglevel > 8) debug(TRACE, "<== engineWrap()"); return result; } protected String getNegotiatedQOP() { if (inMac != null) { if (inCipher != null) { return Registry.QOP_AUTH_CONF; } else { return Registry.QOP_AUTH_INT; } } return Registry.QOP_AUTH; } protected String getNegotiatedStrength() { if (inMac != null) { if (inCipher != null) { return Registry.STRENGTH_HIGH; } else { return Registry.STRENGTH_MEDIUM; } } return Registry.STRENGTH_LOW; } protected String getNegotiatedRawSendSize() { return String.valueOf(rawSendSize); } protected String getReuse() { return Registry.REUSE_TRUE; } // other methods ----------------------------------------------------------- private byte[] sendProtocolElements(final byte[] input) throws SaslException { if (DEBUG && debuglevel > 8) debug(TRACE, "==> sendProtocolElements()"); if (DEBUG && debuglevel > 6) debug(TRACE, "C: " + Util.dumpString(input)); // Client send U, I, sid, cn final InputBuffer frameIn = new InputBuffer(input); try { U = frameIn.getText(); // Extract username if (DEBUG && debuglevel > 6) debug(TRACE, "Got U (username): \"" + U + "\""); authorizationID = frameIn.getText(); // Extract authorisation ID if (DEBUG && debuglevel > 6) debug(TRACE, "Got I (userid): \"" + authorizationID + "\""); sid = frameIn.getEOS(); if (DEBUG && debuglevel > 6) debug(TRACE, "Got sid (session ID): " + new String(sid)); cn = frameIn.getOS(); if (DEBUG && debuglevel > 6) debug(TRACE, "Got cn (client nonce): " + Util.dumpString(cn)); cCB = frameIn.getEOS(); if (DEBUG && debuglevel > 6) debug(TRACE, "Got cCB (client channel binding): " + Util.dumpString(cCB)); } catch (IOException x) { if (x instanceof SaslException) { throw (SaslException) x; } throw new AuthenticationException("sendProtocolElements()", x); } // do/can we re-use? if (ServerStore.instance().isAlive(sid)) { final SecurityContext ctx = ServerStore.instance().restoreSession(sid); srp = SRP.instance(ctx.getMdName()); K = ctx.getK(); cIV = ctx.getClientIV(); sIV = ctx.getServerIV(); replayDetection = ctx.hasReplayDetection(); inCounter = ctx.getInCounter(); outCounter = ctx.getOutCounter(); inMac = ctx.getInMac(); outMac = ctx.getOutMac(); inCipher = ctx.getInCipher(); outCipher = ctx.getOutCipher(); if (sn == null || sn.length != 16) { sn = new byte[16]; } getDefaultPRNG().nextBytes(sn); setupSecurityServices(false); final OutputBuffer frameOut = new OutputBuffer(); try { frameOut.setScalar(1, 0xFF); frameOut.setOS(sn); frameOut.setEOS(channelBinding); } catch (IOException x) { if (x instanceof SaslException) { throw (SaslException) x; } throw new AuthenticationException("sendProtocolElements()", x); } final byte[] result = frameOut.encode(); if (DEBUG && debuglevel > 8) debug(TRACE, "<== sendProtocolElements()"); if (DEBUG && debuglevel > 2) debug(INFO, "Old session..."); if (DEBUG && debuglevel > 2) debug(INFO, "S: " + Util.dumpString(result)); if (DEBUG && debuglevel > 2) debug(INFO, " sn = " + Util.dumpString(sn)); if (DEBUG && debuglevel > 2) debug(INFO, " sCB = " + Util.dumpString(channelBinding)); return result; } else { // new session authenticator.activate(properties); // ------------------------------------------------------------------- final HashMap mapB = new HashMap(); // mapB.put(SRP6KeyAgreement.HASH_FUNCTION, srp.newDigest()); mapB.put(SRP6KeyAgreement.HASH_FUNCTION, srp.getAlgorithm()); mapB.put(SRP6KeyAgreement.HOST_PASSWORD_DB, authenticator); try { serverHandler.init(mapB); OutgoingMessage out = new OutgoingMessage(); out.writeString(U); IncomingMessage in = new IncomingMessage(out.toByteArray()); out = serverHandler.processMessage(in); in = new IncomingMessage(out.toByteArray()); N = in.readMPI(); g = in.readMPI(); s = in.readMPI().toByteArray(); B = in.readMPI(); } catch (KeyAgreementException x) { throw new SaslException("sendProtocolElements()", x); } // ------------------------------------------------------------------- if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding N (modulus): " + Util.dump(N)); if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding g (generator): " + Util.dump(g)); if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding s (client's salt): " + Util.dumpString(s)); if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding B (server ephemeral public key): " + Util.dump(B)); // The server creates an options list (L), which consists of a // comma-separated list of option strings that specify the security // service options the server supports. L = createL(); if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding L (available options): \"" + L + "\""); if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding sIV (server IV): " + Util.dumpString(sIV)); final OutputBuffer frameOut = new OutputBuffer(); try { frameOut.setScalar(1, 0x00); frameOut.setMPI(N); frameOut.setMPI(g); frameOut.setOS(s); frameOut.setMPI(B); frameOut.setText(L); } catch (IOException x) { if (x instanceof SaslException) { throw (SaslException) x; } throw new AuthenticationException("sendProtocolElements()", x); } final byte[] result = frameOut.encode(); if (DEBUG && debuglevel > 8) debug(TRACE, "<== sendProtocolElements()"); if (DEBUG && debuglevel > 2) debug(INFO, "New session..."); if (DEBUG && debuglevel > 2) debug(INFO, "S: " + Util.dumpString(result)); if (DEBUG && debuglevel > 2) debug(INFO, " N = 0x" + N.toString(16)); if (DEBUG && debuglevel > 2) debug(INFO, " g = 0x" + g.toString(16)); if (DEBUG && debuglevel > 2) debug(INFO, " s = " + Util.dumpString(s)); if (DEBUG && debuglevel > 2) debug(INFO, " B = 0x" + B.toString(16)); if (DEBUG && debuglevel > 2) debug(INFO, " L = " + L); return result; } } private byte[] sendEvidence(final byte[] input) throws SaslException { if (DEBUG && debuglevel > 8) debug(TRACE, "==> sendEvidence()"); if (DEBUG && debuglevel > 6) debug(TRACE, "C: " + Util.dumpString(input)); // Client send A, M1, o, cIV final InputBuffer frameIn = new InputBuffer(input); final byte[] M1; try { A = frameIn.getMPI(); // Extract client's ephemeral public key if (DEBUG && debuglevel > 6) debug(TRACE, "Got A (client ephemeral public key): " + Util.dump(A)); M1 = frameIn.getOS(); // Extract evidence if (DEBUG && debuglevel > 6) debug(TRACE, "Got M1 (client evidence): " + Util.dumpString(M1)); o = frameIn.getText(); // Extract client's options list if (DEBUG && debuglevel > 6) debug(TRACE, "Got o (client chosen options): \"" + o + "\""); cIV = frameIn.getOS(); // Extract client's IV if (DEBUG && debuglevel > 6) debug(TRACE, "Got cIV (client IV): " + Util.dumpString(cIV)); } catch (IOException x) { if (x instanceof SaslException) { throw (SaslException) x; } throw new AuthenticationException("sendEvidence()", x); } // Parse client's options and set security layer variables parseO(o); // ---------------------------------------------------------------------- try { final OutgoingMessage out = new OutgoingMessage(); out.writeMPI(A); final IncomingMessage in = new IncomingMessage(out.toByteArray()); serverHandler.processMessage(in); K = serverHandler.getSharedSecret(); } catch (KeyAgreementException x) { throw new SaslException("sendEvidence()", x); } // ---------------------------------------------------------------------- if (DEBUG && debuglevel > 6) debug(TRACE, "K: " + Util.dumpString(K));⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -