Class Blake2bX509AuthenticationSuite
- java.lang.Object
-
- jadex.platform.service.security.auth.Blake2bX509AuthenticationSuite
-
- All Implemented Interfaces:
IAuthenticationSuite
public class Blake2bX509AuthenticationSuite extends java.lang.Object implements IAuthenticationSuite
Symmetric authentication based on Blake2b MACs.
-
-
Field Summary
Fields Modifier and Type Field Description protected static intAUTH_SUITE_IDAuthentication Suite ID.protected static intDERIVED_KEY_SIZESize of the derived key.protected static intMAC_SIZESize of the MAC.protected java.util.Map<PasswordSecret,JadexJPakeParticipant>pakestateState for password-authenticated key exchange.protected Tuple2<PasswordSecret,JadexJPakeParticipant>remotepwpakeSpecial pake participant for negotiating with platforms who have a remote password.protected static intSALT_SIZESize of the salt.
-
Constructor Summary
Constructors Constructor Description Blake2bX509AuthenticationSuite()Creates the suite.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected static byte[]bigIntegerArrayToByteArray(java.math.BigInteger[] bigintarr)Converts a big integer array to a byte array.protected static java.math.BigInteger[]byteArrayToBigIntegerArray(byte[] bytes)Converts a byte array back into a big integer array.protected static org.bouncycastle.crypto.agreement.jpake.JPAKERound1PayloadbytesToRound1(byte[] bytes)Decodes JPAKE round 1.protected static org.bouncycastle.crypto.agreement.jpake.JPAKERound2PayloadbytesToRound2(byte[] bytes)Decodes JPAKE round 2.AuthTokencreateAuthenticationToken(byte[] msg, AbstractAuthenticationSecret secret)Creates an authentication token for a message based on an abstract implementation-dependent "key".protected static JadexJPakeParticipantcreateJPakeParticipant(java.lang.String pid, java.lang.String password)Creates a new participant for JPAKE.protected byte[]createSaltedId(java.lang.String id, byte[] idsalt)Hashes an id with a salt.voidfinalizePake(SecurityAgent agent, IComponentIdentifier remoteid, byte[] round2data)Finalizes the password-authenticated key exchange.intgetId()Gets the authentication suite ID.protected static byte[]getMessageHash(byte[] msg, byte[] salt)Create message hash.byte[]getPakeRound1(SecurityAgent agent, IComponentIdentifier remoteid)Gets the first round of the password-authenticated key-exchange.byte[]getPakeRound2(SecurityAgent agent, IComponentIdentifier remoteid, byte[] round1data)Gets the second round of the password-authenticated key-exchange.protected static byte[]round1ToBytes(org.bouncycastle.crypto.agreement.jpake.JPAKERound1Payload r1pl)Encodes JPAKE round 1.protected static byte[]round2ToBytes(org.bouncycastle.crypto.agreement.jpake.JPAKERound2Payload r2pl)Encodes JPAKE round 2.booleanverifyAuthenticationToken(byte[] msg, AbstractAuthenticationSecret secret, AuthToken authtoken)Creates an authentication token for a message based on an abstract implementation-dependent "key".
-
-
-
Field Detail
-
AUTH_SUITE_ID
protected static final int AUTH_SUITE_ID
Authentication Suite ID.- See Also:
- Constant Field Values
-
MAC_SIZE
protected static final int MAC_SIZE
Size of the MAC.- See Also:
- Constant Field Values
-
DERIVED_KEY_SIZE
protected static final int DERIVED_KEY_SIZE
Size of the derived key.- See Also:
- Constant Field Values
-
SALT_SIZE
protected static final int SALT_SIZE
Size of the salt.- See Also:
- Constant Field Values
-
pakestate
protected java.util.Map<PasswordSecret,JadexJPakeParticipant> pakestate
State for password-authenticated key exchange.
-
remotepwpake
protected Tuple2<PasswordSecret,JadexJPakeParticipant> remotepwpake
Special pake participant for negotiating with platforms who have a remote password.
-
-
Method Detail
-
getId
public int getId()
Gets the authentication suite ID.- Specified by:
getIdin interfaceIAuthenticationSuite- Returns:
- The authentication suite ID.
-
getPakeRound1
public byte[] getPakeRound1(SecurityAgent agent, IComponentIdentifier remoteid)
Gets the first round of the password-authenticated key-exchange.- Specified by:
getPakeRound1in interfaceIAuthenticationSuite- Returns:
- First round payload.
-
getPakeRound2
public byte[] getPakeRound2(SecurityAgent agent, IComponentIdentifier remoteid, byte[] round1data)
Gets the second round of the password-authenticated key-exchange.- Specified by:
getPakeRound2in interfaceIAuthenticationSuite- Returns:
- Second round payload.
-
finalizePake
public void finalizePake(SecurityAgent agent, IComponentIdentifier remoteid, byte[] round2data)
Finalizes the password-authenticated key exchange.- Specified by:
finalizePakein interfaceIAuthenticationSuite
-
createAuthenticationToken
public AuthToken createAuthenticationToken(byte[] msg, AbstractAuthenticationSecret secret)
Creates an authentication token for a message based on an abstract implementation-dependent "key".- Specified by:
createAuthenticationTokenin interfaceIAuthenticationSuite- Parameters:
msg- The message being authenticated.secret- The secret used for authentication.- Returns:
- Authentication token.
-
verifyAuthenticationToken
public boolean verifyAuthenticationToken(byte[] msg, AbstractAuthenticationSecret secret, AuthToken authtoken)Creates an authentication token for a message based on an abstract implementation-dependent "key".- Specified by:
verifyAuthenticationTokenin interfaceIAuthenticationSuite- Parameters:
msg- The message being authenticated.secret- The secret used for authentication.authtoken- Authentication token.- Returns:
- True if authenticated, false otherwise.
-
getMessageHash
protected static final byte[] getMessageHash(byte[] msg, byte[] salt)Create message hash.- Parameters:
msg- The message.- Returns:
- Hashed message.
-
createJPakeParticipant
protected static final JadexJPakeParticipant createJPakeParticipant(java.lang.String pid, java.lang.String password)
Creates a new participant for JPAKE.- Parameters:
pid-- Returns:
-
round1ToBytes
protected static final byte[] round1ToBytes(org.bouncycastle.crypto.agreement.jpake.JPAKERound1Payload r1pl)
Encodes JPAKE round 1.- Parameters:
r1pl- JPAKE round 1.- Returns:
- Encoded round.
-
bytesToRound1
protected static final org.bouncycastle.crypto.agreement.jpake.JPAKERound1Payload bytesToRound1(byte[] bytes)
Decodes JPAKE round 1.- Parameters:
bytes- Encoded round.- Returns:
- JPAKE round 1.
-
round2ToBytes
protected static final byte[] round2ToBytes(org.bouncycastle.crypto.agreement.jpake.JPAKERound2Payload r2pl)
Encodes JPAKE round 2.- Parameters:
r1pl- JPAKE round 2.- Returns:
- Encoded round.
-
bytesToRound2
protected static final org.bouncycastle.crypto.agreement.jpake.JPAKERound2Payload bytesToRound2(byte[] bytes)
Decodes JPAKE round 2.- Parameters:
bytes- Encoded round.- Returns:
- JPAKE round 2.
-
createSaltedId
protected byte[] createSaltedId(java.lang.String id, byte[] idsalt)Hashes an id with a salt.- Parameters:
id- The clear id.idsalt- The salt.- Returns:
- Salted ID.
-
bigIntegerArrayToByteArray
protected static final byte[] bigIntegerArrayToByteArray(java.math.BigInteger[] bigintarr)
Converts a big integer array to a byte array.- Parameters:
bigintarr- Big integer array.- Returns:
- Byte array.
-
byteArrayToBigIntegerArray
protected static final java.math.BigInteger[] byteArrayToBigIntegerArray(byte[] bytes)
Converts a byte array back into a big integer array.- Parameters:
bytes- The byte array.- Returns:
- The big integer array
-
-