📄 srpclient.java
字号:
final ByteArrayOutputStream out = new ByteArrayOutputStream(); // Process the data if (outCipher != null) { // data = outCipher.doFinal(data); result = outCipher.doFinal(outgoing, offset, len); if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding c (encrypted plaintext): " + Util.dumpString(result)); // frameOut.setEOS(data); out.write(result); if (outMac != null) { outMac.update(result); if (replayDetection) { outCounter++; if (DEBUG && debuglevel > 6) debug(TRACE, "outCounter=" + String.valueOf(outCounter)); outMac.update(new byte[] { (byte) (outCounter >>> 24), (byte) (outCounter >>> 16), (byte) (outCounter >>> 8), (byte) outCounter }); } final byte[] C = outMac.doFinal(); // frameOut.setOS(C); out.write(C); if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding C (integrity checksum): " + Util.dumpString(C)); } // else confidentiality only; do nothing } else { // no confidentiality; just integrity [+ replay detection] // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding p (plaintext): "+Util.dumpString(data)); if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding p (plaintext): " + Util.dumpString(outgoing, offset, len)); // frameOut.setEOS(data); out.write(outgoing, offset, len); // if (outMac != null) { // outMac.update(data); outMac.update(outgoing, offset, len); if (replayDetection) { outCounter++; if (DEBUG && debuglevel > 6) debug(TRACE, "outCounter=" + String.valueOf(outCounter)); outMac.update(new byte[] { (byte) (outCounter >>> 24), (byte) (outCounter >>> 16), (byte) (outCounter >>> 8), (byte) outCounter }); } final byte[] C = outMac.doFinal(); // frameOut.setOS(C); out.write(C); if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding C (integrity checksum): " + Util.dumpString(C)); // } } // frameOut.setEOS(data); // // if (outMac != null) { // outMac.update(data); // if (replayDetection) { // outCounter++; // if (DEBUG && debuglevel > 6) debug(TRACE, "outCounter="+String.valueOf(outCounter)); // outMac.update(new byte[] { // (byte)(outCounter >>> 24), // (byte)(outCounter >>> 16), // (byte)(outCounter >>> 8), // (byte) outCounter }); // } // byte[] C = outMac.doFinal(); // frameOut.setOS(C); // if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding C (integrity checksum): "+Util.dumpString(C)); // } // result = frameOut.wrap(); result = out.toByteArray(); } catch (IOException x) { if (x instanceof SaslException) { throw (SaslException) x; } throw new SaslException("engineWrap()", x); } if (DEBUG && debuglevel > 8) debug(TRACE, "<== engineWrap()"); return result; } protected String getNegotiatedQOP() { if (inMac != null) { if (inCipher != null) { return Registry.QOP_AUTH_CONF; } else { return Registry.QOP_AUTH_INT; } } return Registry.QOP_AUTH; } protected String getNegotiatedStrength() { if (inMac != null) { if (inCipher != null) { return Registry.STRENGTH_HIGH; } else { return Registry.STRENGTH_MEDIUM; } } return Registry.STRENGTH_LOW; } protected String getNegotiatedRawSendSize() { return String.valueOf(rawSendSize); } protected String getReuse() { return Registry.REUSE_TRUE; } // other methods ----------------------------------------------------------- private byte[] sendIdentities() throws SaslException { if (DEBUG && debuglevel > 8) debug(TRACE, "==> sendIdentities()"); // If necessary, prompt the client for the username and password getUsernameAndPassword(); if (DEBUG && debuglevel > 6) debug(TRACE, "Password: \"" + new String(password.getPassword()) + "\""); if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding U (username): \"" + U + "\""); if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding I (userid): \"" + authorizationID + "\""); // if session re-use generate new 16-byte nonce if (sid.length != 0) { cn = new byte[16]; getDefaultPRNG().nextBytes(cn); } else { cn = new byte[0]; } final OutputBuffer frameOut = new OutputBuffer(); try { frameOut.setText(U); frameOut.setText(authorizationID); frameOut.setEOS(sid); // session ID to re-use frameOut.setOS(cn); // client nonce frameOut.setEOS(channelBinding); } catch (IOException x) { if (x instanceof SaslException) { throw (SaslException) x; } throw new AuthenticationException("sendIdentities()", x); } final byte[] result = frameOut.encode(); if (DEBUG && debuglevel > 8) debug(TRACE, "<== sendIdentities()"); if (DEBUG && debuglevel > 2) debug(INFO, "C: " + Util.dumpString(result)); if (DEBUG && debuglevel > 2) debug(INFO, " U = " + U); if (DEBUG && debuglevel > 2) debug(INFO, " I = " + authorizationID); if (DEBUG && debuglevel > 2) debug(INFO, "sid = " + new String(sid)); if (DEBUG && debuglevel > 2) debug(INFO, " cn = " + Util.dumpString(cn)); if (DEBUG && debuglevel > 2) debug(INFO, "cCB = " + Util.dumpString(channelBinding)); return result; } private byte[] sendPublicKey(final byte[] input) throws SaslException { if (DEBUG && debuglevel > 8) debug(TRACE, "==> sendPublicKey()"); if (DEBUG && debuglevel > 6) debug(TRACE, "S: " + Util.dumpString(input)); // Server sends [00], N, g, s, B, L // or [FF], sn, sCB final InputBuffer frameIn = new InputBuffer(input); final int ack; try { ack = (int) frameIn.getScalar(1); if (ack == 0x00) { // new session N = frameIn.getMPI(); if (DEBUG && debuglevel > 6) debug(TRACE, "Got N (modulus): " + Util.dump(N)); g = frameIn.getMPI(); if (DEBUG && debuglevel > 6) debug(TRACE, "Got g (generator): " + Util.dump(g)); s = frameIn.getOS(); if (DEBUG && debuglevel > 6) debug(TRACE, "Got s (salt): " + Util.dumpString(s)); B = frameIn.getMPI(); if (DEBUG && debuglevel > 6) debug(TRACE, "Got B (server ephermeral public key): " + Util.dump(B)); L = frameIn.getText(); if (DEBUG && debuglevel > 6) debug(TRACE, "Got L (available options): \"" + L + "\""); } else if (ack == 0xFF) { // session re-use sn = frameIn.getOS(); if (DEBUG && debuglevel > 6) debug(TRACE, "Got sn (server nonce): " + Util.dumpString(sn)); sCB = frameIn.getEOS(); if (DEBUG && debuglevel > 6) debug(TRACE, "Got sCB (server channel binding): " + Util.dumpString(sCB)); } else { // unexpected scalar throw new SaslException("sendPublicKey(): Invalid scalar (" + ack + ") in server's request"); } } catch (IOException x) { if (x instanceof SaslException) { throw (SaslException) x; } throw new SaslException("sendPublicKey()", x); } if (ack == 0x00) { // new session --------------------------------------- o = createO(L.toLowerCase()); // do this first to initialise the SRP hash final byte[] pBytes; // use ASCII encoding to inter-operate w/ non-java pBytes = password.getBytes(); // ---------------------------------------------------------------------- final HashMap mapA = new HashMap(); // mapA.put(SRP6KeyAgreement.HASH_FUNCTION, srp.newDigest()); mapA.put(SRP6KeyAgreement.HASH_FUNCTION, srp.getAlgorithm()); mapA.put(SRP6KeyAgreement.USER_IDENTITY, U); mapA.put(SRP6KeyAgreement.USER_PASSWORD, pBytes); try { clientHandler.init(mapA); clientHandler.processMessage(null); } catch (KeyAgreementException x) { throw new SaslException("sendPublicKey()", x); } // ---------------------------------------------------------------------- // ------------------------------------------------------------------- try { OutgoingMessage out = new OutgoingMessage(); out.writeMPI(N); out.writeMPI(g); out.writeMPI(new BigInteger(1, s)); out.writeMPI(B); IncomingMessage in = new IncomingMessage(out.toByteArray()); out = clientHandler.processMessage(in); in = new IncomingMessage(out.toByteArray()); A = in.readMPI(); K = clientHandler.getSharedSecret(); } catch (KeyAgreementException x) { throw new SaslException("sendPublicKey()", x); } // ------------------------------------------------------------------- if (DEBUG && debuglevel > 6) debug(TRACE, "K: " + Util.dumpString(K)); if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding A (client ephemeral public key): " + Util.dump(A)); try { M1 = srp.generateM1(N, g, U, s, A, B, K, authorizationID, L, cn, channelBinding); } catch (UnsupportedEncodingException x) { throw new AuthenticationException("sendPublicKey()", x); } if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding o (client chosen options): \"" + o + "\""); if (DEBUG && debuglevel > 6) debug(TRACE, "Encoding cIV (client IV): \"" + Util.dumpString(cIV) + "\""); final OutputBuffer frameOut = new OutputBuffer(); try { frameOut.setMPI(A); frameOut.setOS(M1); frameOut.setText(o); frameOut.setOS(cIV); } catch (IOException x) { if (x instanceof SaslException) { throw (SaslException) x; } throw new AuthenticationException("sendPublicKey()", x); } final byte[] result = frameOut.encode(); if (DEBUG && debuglevel > 8) debug(TRACE, "<== sendPublicKey()"); if (DEBUG && debuglevel > 2) debug(INFO, "New session, or session re-use rejected..."); if (DEBUG && debuglevel > 2) debug(INFO, "C: " + Util.dumpString(result)); if (DEBUG && debuglevel > 2) debug(INFO, " A = 0x" + A.toString(16)); if (DEBUG && debuglevel > 2) debug(INFO, " M1 = " + Util.dumpString(M1)); if (DEBUG && debuglevel > 2) debug(INFO, " o = " + o); if (DEBUG && debuglevel > 2) debug(INFO, "cIV = " + Util.dumpString(cIV)); return result; } else { // session re-use accepted ------------------------------------- setupSecurityServices(true); if (DEBUG && debuglevel > 8) debug(TRACE, "<== sendPublicKey()"); if (DEBUG && debuglevel > 2) debug(INFO, "Session re-use accepted..."); return null; } } private byte[] receiveEvidence(byte[] input) throws SaslException { if (DEBUG && debuglevel > 8) debug(TRACE, "==> receiveEvidence()"); if (DEBUG && debuglevel > 6) debug(TRACE, "S: " + Util.dumpString(input)); // Server send M2, sIV, sCB, sid, ttl final InputBuffer frameIn = new InputBuffer(input); try { M2 = frameIn.getOS(); if (DEBUG && debuglevel > 6) debug(TRACE, "Got M2 (server evidence): " + Util.dumpString(M2)); sIV = frameIn.getOS(); if (DEBUG && debuglevel > 6) debug(TRACE, "Got sIV (server IV): " + Util.dumpString(sIV)); sid = frameIn.getEOS(); if (DEBUG && debuglevel > 6) debug(TRACE, "Got sid (session ID): " + new String(sid)); ttl = (int) frameIn.getScalar(4); if (DEBUG && debuglevel > 6) debug(TRACE, "Got ttl (session time-to-live): " + ttl + "sec."); sCB = frameIn.getEOS(); if (DEBUG && debuglevel > 6) debug(TRACE, "Got sCB (server channel binding): "⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -