Examples of org.bouncycastle.crypto.agreement.jpake.JPAKEParticipant

Package org.bouncycastle.crypto.agreement.jpake

Examples of org.bouncycastle.crypto.agreement.jpake.JPAKEParticipant

org.bouncycastle.crypto.agreement.jpake.JPAKEParticipant
er.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf"> "Password Authenticated Key Exchange by Juggling, 2008."

The J-PAKE protocol is symmetric. There is no notion of a client or server, but rather just two participants. An instance of {@link JPAKEParticipant} represents one participant, andis the primary interface for executing the exchange.

To execute an exchange, construct a {@link JPAKEParticipant} on each end,and call the following 7 methods (once and only once, in the given order, for each participant, sending messages between them as described):
1. {@link #createRound1PayloadToSend()} - and send the payload to the other participant
2. {@link #validateRound1PayloadReceived(JPAKERound1Payload)} - use the payload received from the other participant
3. {@link #createRound2PayloadToSend()} - and send the payload to the other participant
4. {@link #validateRound2PayloadReceived(JPAKERound2Payload)} - use the payload received from the other participant
5. {@link #calculateKeyingMaterial()}
6. {@link #createRound3PayloadToSend(BigInteger)} - and send the payload to the other participant
7. {@link #validateRound3PayloadReceived(JPAKERound3Payload,BigInteger)} - use the payload received from the other participant
Each side should derive a session key from the keying material returned by {@link #calculateKeyingMaterial()}. The caller is responsible for deriving the session key using a secure key derivation function (KDF).

Round 3 is an optional key confirmation process. If you do not execute round 3, then there is no assurance that both participants are using the same key. (i.e. if the participants used different passwords, then their session keys will differ.)

If the round 3 validation succeeds, then the keys are guaranteed to be the same on both sides.

The symmetric design can easily support the asymmetric cases when one party initiates the communication. e.g. Sometimes the round1 payload and round2 payload may be sent in one pass. Also, in some cases, the key confirmation payload can be sent together with the round2 payload. These are the trivial techniques to optimize the communication.

The key confirmation process is implemented as specified in NIST SP 800-56A Revision 1, Section 8.2 Unilateral Key Confirmation for Key Agreement Schemes.

This class is stateful and NOT threadsafe. Each instance should only be used for ONE complete J-PAKE exchange (i.e. a new {@link JPAKEParticipant} should be constructed for each new J-PAKE exchange).

See {@link JPAKEExample} for example usage.

         * Both participants must use the same hashing algorithm.
         */
        Digest digest = new SHA256Digest();
        SecureRandom random = new SecureRandom();


        JPAKEParticipant alice = new JPAKEParticipant("alice", alicePassword.toCharArray(), group, digest, random);
        JPAKEParticipant bob = new JPAKEParticipant("bob", bobPassword.toCharArray(), group, digest, random);


        /*
         * Round 1
         * 
         * Alice and Bob each generate a round 1 payload, and send it to each other.
         */


        JPAKERound1Payload aliceRound1Payload = alice.createRound1PayloadToSend();
        JPAKERound1Payload bobRound1Payload = bob.createRound1PayloadToSend();


        System.out.println("************ Round 1 **************");
        System.out.println("Alice sends to Bob: ");
        System.out.println("g^{x1}=" + aliceRound1Payload.getGx1().toString(16));
        System.out.println("g^{x2}=" + aliceRound1Payload.getGx2().toString(16));
        System.out.println("KP{x1}={" + aliceRound1Payload.getKnowledgeProofForX1()[0].toString(16) + "};{" + aliceRound1Payload.getKnowledgeProofForX1()[1].toString(16) + "}");
        System.out.println("KP{x2}={" + aliceRound1Payload.getKnowledgeProofForX2()[0].toString(16) + "};{" + aliceRound1Payload.getKnowledgeProofForX2()[1].toString(16) + "}");
        System.out.println("");


        System.out.println("Bob sends to Alice: ");
        System.out.println("g^{x3}=" + bobRound1Payload.getGx1().toString(16));
        System.out.println("g^{x4}=" + bobRound1Payload.getGx2().toString(16));
        System.out.println("KP{x3}={" + bobRound1Payload.getKnowledgeProofForX1()[0].toString(16) + "};{" + bobRound1Payload.getKnowledgeProofForX1()[1].toString(16) + "}");
        System.out.println("KP{x4}={" + bobRound1Payload.getKnowledgeProofForX2()[0].toString(16) + "};{" + bobRound1Payload.getKnowledgeProofForX2()[1].toString(16) + "}");
        System.out.println("");


        /*
         * Each participant must then validate the received payload for round 1
         */


        alice.validateRound1PayloadReceived(bobRound1Payload);
        System.out.println("Alice checks g^{x4}!=1: OK");
        System.out.println("Alice checks KP{x3}: OK");
        System.out.println("Alice checks KP{x4}: OK");
        System.out.println("");


        bob.validateRound1PayloadReceived(aliceRound1Payload);
        System.out.println("Bob checks g^{x2}!=1: OK");
        System.out.println("Bob checks KP{x1},: OK");
        System.out.println("Bob checks KP{x2},: OK");
        System.out.println("");


        /*
         * Round 2
         * 
         * Alice and Bob each generate a round 2 payload, and send it to each other.
         */


        JPAKERound2Payload aliceRound2Payload = alice.createRound2PayloadToSend();
        JPAKERound2Payload bobRound2Payload = bob.createRound2PayloadToSend();


        System.out.println("************ Round 2 **************");
        System.out.println("Alice sends to Bob: ");
        System.out.println("A=" + aliceRound2Payload.getA().toString(16));
        System.out.println("KP{x2*s}={" + aliceRound2Payload.getKnowledgeProofForX2s()[0].toString(16) + "},{" + aliceRound2Payload.getKnowledgeProofForX2s()[1].toString(16) + "}");
        System.out.println("");


        System.out.println("Bob sends to Alice");
        System.out.println("B=" + bobRound2Payload.getA().toString(16));
        System.out.println("KP{x4*s}={" + bobRound2Payload.getKnowledgeProofForX2s()[0].toString(16) + "},{" + bobRound2Payload.getKnowledgeProofForX2s()[1].toString(16) + "}");
        System.out.println("");


        /*
         * Each participant must then validate the received payload for round 2
         */


        alice.validateRound2PayloadReceived(bobRound2Payload);
        System.out.println("Alice checks KP{x4*s}: OK\n");


        bob.validateRound2PayloadReceived(aliceRound2Payload);
        System.out.println("Bob checks KP{x2*s}: OK\n");


        /*
         * After round 2, each participant computes the keying material.
         */


        BigInteger aliceKeyingMaterial = alice.calculateKeyingMaterial();
        BigInteger bobKeyingMaterial = bob.calculateKeyingMaterial();


        System.out.println("********* After round 2 ***********");
        System.out.println("Alice computes key material \t K=" + aliceKeyingMaterial.toString(16));
        System.out.println("Bob computes key material \t K=" + bobKeyingMaterial.toString(16));
        System.out.println();
        
        
        /*
         * You must derive a session key from the keying material applicable
         * to whatever encryption algorithm you want to use.
         */
        
        BigInteger aliceKey = deriveSessionKey(aliceKeyingMaterial);
        BigInteger bobKey = deriveSessionKey(bobKeyingMaterial);
        
        /*
         * At this point, you can stop and use the session keys if you want.
         * This is implicit key confirmation.
         * 
         * If you want to explicitly confirm that the key material matches,
         * you can continue on and perform round 3.
         */
        
        /*
         * Round 3
         * 
         * Alice and Bob each generate a round 3 payload, and send it to each other.
         */


        JPAKERound3Payload aliceRound3Payload = alice.createRound3PayloadToSend(aliceKeyingMaterial);
        JPAKERound3Payload bobRound3Payload = bob.createRound3PayloadToSend(bobKeyingMaterial);


        System.out.println("************ Round 3 **************");
        System.out.println("Alice sends to Bob: ");
        System.out.println("MacTag=" + aliceRound3Payload.getMacTag().toString(16));
        System.out.println("");
        System.out.println("Bob sends to Alice: ");
        System.out.println("MacTag=" + bobRound3Payload.getMacTag().toString(16));
        System.out.println("");


        /*
         * Each participant must then validate the received payload for round 3
         */


        alice.validateRound3PayloadReceived(bobRound3Payload, aliceKeyingMaterial);
        System.out.println("Alice checks MacTag: OK\n");


        bob.validateRound3PayloadReceived(aliceRound3Payload, bobKeyingMaterial);
        System.out.println("Bob checks MacTag: OK\n");


        System.out.println();
        System.out.println("MacTags validated, therefore the keying material matches.");
    }

View Full Code Here

TOP

Related Classes of org.bouncycastle.crypto.agreement.jpake.JPAKEParticipant

org.bouncycastle.crypto.digests.SHA256Digest

org.bouncycastle.crypto.examples.JPAKEExample

java.security.SecureRandom

java.math.BigInteger

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.