public virtual JPakeRound1Payload CreateRound1PayloadToSend()
{
if (state >= STATE_ROUND_1_CREATED)
{
throw new InvalidOperationException("Round 1 payload already created for " + participantId);
}
x1 = JPakeUtilities.GenerateX1(q, random);
x2 = JPakeUtilities.GenerateX2(q, random);
gx1 = JPakeUtilities.CalculateGx(p, g, x1);
gx2 = JPakeUtilities.CalculateGx(p, g, x2);
BigInteger[] knowledgeProofForX = JPakeUtilities.CalculateZeroKnowledgeProof(p, q, g, gx1, x1, participantId, digest, random);
BigInteger[] knowledgeProofForX2 = JPakeUtilities.CalculateZeroKnowledgeProof(p, q, g, gx2, x2, participantId, digest, random);
state = STATE_ROUND_1_CREATED;
return(new JPakeRound1Payload(participantId, gx1, gx2, knowledgeProofForX, knowledgeProofForX2));
}
public virtual JPakeRound2Payload CreateRound2PayloadToSend()
{
if (state >= STATE_ROUND_2_CREATED)
{
throw new InvalidOperationException("Round 2 payload already created for " + participantId);
}
if (state < STATE_ROUND_1_VALIDATED)
{
throw new InvalidOperationException("Round 1 payload must be validated prior to creating round 2 payload for " + participantId);
}
BigInteger gA = JPakeUtilities.CalculateGA(p, gx1, gx3, gx4);
BigInteger s = JPakeUtilities.CalculateS(password);
BigInteger bigInteger = JPakeUtilities.CalculateX2s(q, x2, s);
BigInteger bigInteger2 = JPakeUtilities.CalculateA(p, q, gA, bigInteger);
BigInteger[] knowledgeProofForX2s = JPakeUtilities.CalculateZeroKnowledgeProof(p, q, gA, bigInteger2, bigInteger, participantId, digest, random);
state = STATE_ROUND_2_CREATED;
return(new JPakeRound2Payload(participantId, bigInteger2, knowledgeProofForX2s));
}
public void TestValidateZeroKnowledgeProof()
{
JPakePrimeOrderGroup pg1 = JPakePrimeOrderGroups.SUN_JCE_1024;
SecureRandom random = new SecureRandom();
IDigest digest1 = new Sha256Digest();
BigInteger x1 = JPakeUtilities.GenerateX1(pg1.Q, random);
BigInteger gx1 = JPakeUtilities.CalculateGx(pg1.P, pg1.G, x1);
string participantId1 = "participant1";
BigInteger[] zkp1 = JPakeUtilities.CalculateZeroKnowledgeProof(pg1.P, pg1.Q, pg1.G, gx1, x1, participantId1, digest1, random);
// should succeed
JPakeUtilities.ValidateZeroKnowledgeProof(pg1.P, pg1.Q, pg1.G, gx1, zkp1, participantId1, digest1);
// wrong group
JPakePrimeOrderGroup pg2 = JPakePrimeOrderGroups.NIST_3072;
try
{
JPakeUtilities.ValidateZeroKnowledgeProof(pg2.P, pg2.Q, pg2.G, gx1, zkp1, participantId1, digest1);
Fail("failed to throw exception on wrong prime order group");
}
catch (CryptoException)
{
// expected
}
// wrong digest
IDigest digest2 = new Sha1Digest();
try
{
JPakeUtilities.ValidateZeroKnowledgeProof(pg1.P, pg1.Q, pg1.G, gx1, zkp1, participantId1, digest2);
Fail("failed to throw exception on wrong digest");
}
catch (CryptoException)
{
// expected
}
// wrong participant
string participantId2 = "participant2";
try
{
JPakeUtilities.ValidateZeroKnowledgeProof(pg1.P, pg1.Q, pg1.G, gx1, zkp1, participantId2, digest1);
Fail("failed to throw exception on wrong participant");
}
catch (CryptoException)
{
// expected
}
// wrong gx
BigInteger x2 = JPakeUtilities.GenerateX2(pg1.Q, random);
BigInteger gx2 = JPakeUtilities.CalculateGx(pg1.P, pg1.G, x2);
try
{
JPakeUtilities.ValidateZeroKnowledgeProof(pg1.P, pg1.Q, pg1.G, gx2, zkp1, participantId1, digest1);
Fail("failed to throw exception on wrong gx");
}
catch (CryptoException)
{
// expected
}
// wrong zkp
BigInteger[] zkp2 = JPakeUtilities.CalculateZeroKnowledgeProof(pg1.P, pg1.Q, pg1.G, gx2, x2, participantId1, digest1, random);
try
{
JPakeUtilities.ValidateZeroKnowledgeProof(pg1.P, pg1.Q, pg1.G, gx1, zkp2, participantId1, digest1);
Fail("failed to throw exception on wrong zero knowledge proof");
}
catch (CryptoException)
{
// expected
}
// gx <= 0
try
{
JPakeUtilities.ValidateZeroKnowledgeProof(pg1.P, pg1.Q, pg1.G, BigInteger.Zero, zkp1, participantId1, digest1);
Fail("failed to throw exception on g^x <= 0");
}
catch (CryptoException)
{
// expected
}
// gx >= p
try
{
JPakeUtilities.ValidateZeroKnowledgeProof(pg1.P, pg1.Q, pg1.G, pg1.P, zkp1, participantId1, digest1);
Fail("failed to throw exception on g^x >= p");
}
catch (CryptoException)
{
// expected
}
// gx mod q == 1
try
{
JPakeUtilities.ValidateZeroKnowledgeProof(pg1.P, pg1.Q, pg1.G, pg1.Q.Add(BigInteger.One), zkp1, participantId1, digest1);
Fail("failed to throw exception on g^x mod q == 1");
}
catch (CryptoException)
{
// expected
}
}
