private byte[] calculatePadding(BigInteger modulus, BigInteger topad) { byte[] padding; int modulusByteLength = ArrayConverter.bigIntegerToByteArray(modulus).length; byte[] paddingArray = ArrayConverter.bigIntegerToByteArray(topad); if (modulusByteLength == paddingArray.length) { return paddingArray; } int paddingByteLength = modulusByteLength - paddingArray.length; if (paddingByteLength < 0) { LOGGER.warn("Negative SRP Padding Size. Using 0"); paddingByteLength = 0; } padding = new byte[paddingByteLength]; return ArrayConverter.concatenate(padding, paddingArray); }
private byte[] calculatePadding(BigInteger modulus, BigInteger topad) { byte[] padding; int modulusByteLength = ArrayConverter.bigIntegerToByteArray(modulus).length; byte[] paddingArray = ArrayConverter.bigIntegerToByteArray(topad); if (modulusByteLength == paddingArray.length) { return paddingArray; } int paddingByteLength = modulusByteLength - paddingArray.length; if (paddingByteLength < 0) { LOGGER.warn("Padding ByteLength negative, Using Zero instead"); paddingByteLength = 0; } padding = new byte[paddingByteLength]; return ArrayConverter.concatenate(padding, paddingArray); }
/** * * @param message * @return */ protected boolean queryOracle(BigInteger message) { byte[] msg = ArrayConverter.bigIntegerToByteArray(message, blockSize, true); return oracle.checkPKCSConformity(msg); }
/** * @param m * original message to be changed * @param si * factor * @return (m*si) mod N, or (m*si^e) mod N, depending on the oracle type, in * a byte array */ protected byte[] prepareMsg(BigInteger m, BigInteger si) { byte[] msg; BigInteger tmp = multiply(m, si); msg = ArrayConverter.bigIntegerToByteArray(tmp, blockSize, true); return msg; }
private byte[] calculatePremasterSecretServer(BigInteger modulus, BigInteger generator, BigInteger serverPrivateKey, BigInteger serverPublicKey, BigInteger clientPublicKey, byte[] salt, byte[] identity, byte[] password) { // PremasterSecret: (ClientPublicKey * v^u) ^ServerPrivatKey % modulus BigInteger u = calculateU(clientPublicKey, serverPublicKey, modulus); LOGGER.debug("Intermediate Value U" + ArrayConverter.bytesToHexString(ArrayConverter.bigIntegerToByteArray(u))); BigInteger x = calculateX(salt, identity, password); LOGGER.debug("Intermediate Value X" + ArrayConverter.bytesToHexString(ArrayConverter.bigIntegerToByteArray(x))); BigInteger v = calculateV(x, generator, modulus); LOGGER.debug("Intermediate Value V" + ArrayConverter.bytesToHexString(ArrayConverter.bigIntegerToByteArray(v))); BigInteger helpValue1 = v.modPow(u, modulus); LOGGER.debug("v^u" + ArrayConverter.bytesToHexString(ArrayConverter.bigIntegerToByteArray(helpValue1))); BigInteger helpValue2 = clientPublicKey.multiply(helpValue1); BigInteger helpValue3 = helpValue2.mod(modulus); LOGGER.debug("A * v^u" + ArrayConverter.bytesToHexString(ArrayConverter.bigIntegerToByteArray(helpValue3))); helpValue1 = helpValue3.modPow(serverPrivateKey, modulus); LOGGER.debug("PremstSercret" + ArrayConverter.bytesToHexString(ArrayConverter.bigIntegerToByteArray(helpValue1))); return ArrayConverter.bigIntegerToByteArray(helpValue1); }
private byte[] calculateClientPremasterSecret(BigInteger modulus, BigInteger generator, BigInteger privateKey, BigInteger serverPublicKey, BigInteger clientPublicKey, byte[] salt, byte[] identity, byte[] password) { // PremasterSecret: (ServerPublicKey -(k * g^x))^(ClientPrivatKey +(u * // x)) % modulus BigInteger u = calculateU(clientPublicKey, serverPublicKey, modulus); LOGGER.debug("Intermediate Value U" + ArrayConverter.bytesToHexString(ArrayConverter.bigIntegerToByteArray(u))); BigInteger k = calculateSRP6Multiplier(modulus, generator); BigInteger x = calculateX(salt, identity, password); LOGGER.debug("Intermediate Value X" + ArrayConverter.bytesToHexString(ArrayConverter.bigIntegerToByteArray(x))); BigInteger helpValue1 = generator.modPow(x, modulus); LOGGER.debug("Intermediate Value V" + ArrayConverter.bytesToHexString(ArrayConverter.bigIntegerToByteArray(helpValue1))); BigInteger helpValue2 = k.multiply(helpValue1); BigInteger helpValue3 = helpValue2.mod(modulus); // helpValue1 = helpValue2.subtract(serverPublicKey); helpValue1 = serverPublicKey.subtract(helpValue3); helpValue2 = helpValue1.mod(modulus); helpValue3 = u.multiply(x); helpValue1 = helpValue3.mod(modulus); helpValue3 = privateKey.add(helpValue1); helpValue1 = helpValue3.mod(modulus); helpValue3 = helpValue2.modPow(helpValue1, modulus); return ArrayConverter.bigIntegerToByteArray(helpValue3); }
private BigInteger calculateSRP6Multiplier(BigInteger modulus, BigInteger generator) { BigInteger srp6Multiplier; byte[] paddedGenerator = calculatePadding(modulus, generator); byte[] hashInput = ArrayConverter.concatenate(ArrayConverter.bigIntegerToByteArray(modulus), paddedGenerator); LOGGER.debug("HashInput SRP6Multi: " + ArrayConverter.bytesToHexString(hashInput)); byte[] hashOutput = SHAsum(hashInput); return new BigInteger(1, hashOutput); }
private BigInteger calculateSRP6Multiplier(BigInteger modulus, BigInteger generator) { BigInteger srp6Multiplier; byte[] paddedGenerator = calculatePadding(modulus, generator); byte[] hashInput = ArrayConverter.concatenate(ArrayConverter.bigIntegerToByteArray(modulus), paddedGenerator); LOGGER.debug("HashInput SRP6Multi: " + ArrayConverter.bytesToHexString(hashInput)); byte[] hashOutput = SHAsum(hashInput); return new BigInteger(1, hashOutput); }
private BigInteger generatePublicKey(BigInteger modulus, BigInteger generator, BigInteger privateKey, byte[] identity, byte[] password, byte[] salt) { BigInteger publickey; BigInteger k = calculateSRP6Multiplier(modulus, generator); BigInteger x = calculateX(salt, identity, password); BigInteger v = generator.modPow(x, modulus); BigInteger helpValue1 = k.multiply(v); BigInteger helpValue2 = helpValue1.mod(modulus); helpValue1 = generator.modPow(privateKey, modulus); BigInteger helpValue3 = helpValue1.add(helpValue2); helpValue1 = helpValue3.mod(modulus); publickey = helpValue1; LOGGER.debug("Server-Public-Key: " + ArrayConverter.bytesToHexString(ArrayConverter.bigIntegerToByteArray(publickey))); return publickey; }
private BigInteger calculateU(BigInteger clientPublic, BigInteger serverPublic, BigInteger modulus) { byte[] paddedClientPublic = calculatePadding(modulus, clientPublic); LOGGER.debug("ClientPublic Key:" + ArrayConverter.bytesToHexString(ArrayConverter.bigIntegerToByteArray(clientPublic))); LOGGER.debug("PaddedClientPublic. " + ArrayConverter.bytesToHexString(paddedClientPublic)); byte[] paddedServerPublic = calculatePadding(modulus, serverPublic); LOGGER.debug("ServerPublic Key:" + ArrayConverter.bytesToHexString(ArrayConverter.bigIntegerToByteArray(serverPublic))); LOGGER.debug("PaddedServerPublic. " + ArrayConverter.bytesToHexString(paddedServerPublic)); byte[] hashInput = ArrayConverter.concatenate(paddedClientPublic, paddedServerPublic); LOGGER.debug("HashInput for u: " + ArrayConverter.bytesToHexString(hashInput)); byte[] hashOutput = SHAsum(hashInput); LOGGER.debug("Hashvalue for u: " + ArrayConverter.bytesToHexString(hashOutput)); return new BigInteger(1, hashOutput); }
} else { sb.append("\n ServerRsaModulus (chooser): "); sb.append(toIndentedString(ArrayConverter.bigIntegerToByteArray(ctx.getChooser().getServerRsaModulus())));
private void prepareRSACiphertext(SSL2ClientMasterKeyMessage message) { // TODO: Maybe de-duplicate vs. RSAClientKeyExchangePreparator message.prepareComputations(); int keyByteLength = chooser.getServerRsaModulus().bitLength() / 8; // the number of random bytes in the pkcs1 message int unpaddedLength = EXPORT_RC4_NUM_OF_SECRET_KEY_BYTES; // Currently we only support 40-bit export RC4 int randomByteLength = keyByteLength - unpaddedLength - 3; padding = new byte[randomByteLength]; chooser.getContext().getRandom().nextBytes(padding); ArrayConverter.makeArrayNonZero(padding); preparePadding(message); premasterSecret = generatePremasterSecret(); preparePremasterSecret(message); preparePlainPaddedPremasterSecret(message); byte[] paddedPremasterSecret = message.getComputations().getPlainPaddedPremasterSecret().getValue(); BigInteger biPaddedPremasterSecret = new BigInteger(1, paddedPremasterSecret); BigInteger biEncrypted = biPaddedPremasterSecret.modPow(chooser.getServerRSAPublicKey(), chooser.getServerRsaModulus()); encryptedPremasterSecret = ArrayConverter.bigIntegerToByteArray(biEncrypted, chooser.getServerRsaModulus() .bitLength() / 8, true); prepareEncryptedKeyData(message); prepareEncryptedKeyDataLength(message); }
BigInteger biEncrypted = biPaddedPremasterSecret.modPow(chooser.getServerRSAPublicKey(), chooser.getServerRsaModulus()); encrypted = ArrayConverter.bigIntegerToByteArray(biEncrypted, chooser.getServerRsaModulus().bitLength() / 8, true); prepareSerializedPublicKey(msg);
private WorkflowTrace executeProtocolFlow() { Config tlsConfig = getTlsConfig(); WorkflowTrace trace = new WorkflowConfigurationFactory(tlsConfig).createWorkflowTrace(WorkflowTraceType.HELLO, RunningModeType.CLIENT); trace.addTlsAction(new SendAction(new ECDHClientKeyExchangeMessage(tlsConfig), new ChangeCipherSpecMessage( tlsConfig), new FinishedMessage(tlsConfig))); trace.addTlsAction(new ReceiveAction(new ChangeCipherSpecMessage(), new FinishedMessage())); State state = new State(tlsConfig, trace); WorkflowExecutor workflowExecutor = WorkflowExecutorFactory.createWorkflowExecutor( tlsConfig.getWorkflowExecutorType(), state); ECDHClientKeyExchangeMessage message = (ECDHClientKeyExchangeMessage) WorkflowTraceUtil.getFirstSendMessage( HandshakeMessageType.CLIENT_KEY_EXCHANGE, trace); ModifiableByteArray serializedPublicKey = ModifiableVariableFactory.createByteArrayModifiableVariable(); byte[] points = ArrayConverter.concatenate(ArrayConverter.bigIntegerToByteArray(config.getPublicPointBaseX()), ArrayConverter.bigIntegerToByteArray(config.getPublicPointBaseY())); byte[] serialized = ArrayConverter.concatenate(new byte[] { 4 }, points); serializedPublicKey.setModification(ByteArrayModificationFactory.explicitValue(serialized)); message.setPublicKey(serializedPublicKey); ModifiableByteArray pms = ModifiableVariableFactory.createByteArrayModifiableVariable(); byte[] explicitPMS = BigIntegers.asUnsignedByteArray(config.getCurveFieldSize(), premasterSecret); pms.setModification(ByteArrayModificationFactory.explicitValue(explicitPMS)); message.prepareComputations(); message.getComputations().setPremasterSecret(pms); LOGGER.info("working with the follwoing premaster secret: " + ArrayConverter.bytesToHexString(explicitPMS)); workflowExecutor.executeWorkflow(); return trace; } }