/**
* Call to save the public key (value B in the docs) when received from the server
*
* @param publicKey_B B
* @throws SRPAuthenticationFailedException if B is invalid
*/
public void setServerPublicKey_B(BigInteger publicKey_B) throws SRPAuthenticationFailedException {
if (fPublicKey_A == null) {
throw new IllegalStateException("setSalt_s() has not been called yet.");
}
if (publicKey_B.mod(fConstants.largePrime_N).equals(BigInteger.ZERO)) {
throw new SRPAuthenticationFailedException("B%N == 0");
}
BigInteger SRP6_u = SRPUtils.calc_u(fPublicKey_A, publicKey_B);
if (SRP6_u.mod(fConstants.largePrime_N).equals(BigInteger.ZERO)) {
throw new SRPAuthenticationFailedException("u%N == 0");
}
// S = (B - 3(g^x))^(a + ux)
BigInteger three_g_pow_x =
fConstants.srp6Multiplier_k.multiply(
fConstants.primitiveRoot_g.modPow(fPrivateKey_x, fConstants.largePrime_N));
BigInteger B_minus_g_pow_x = publicKey_B.subtract(three_g_pow_x);
BigInteger ux = SRP6_u.multiply(fPrivateKey_x);
fCommonValue_S =
B_minus_g_pow_x.modPow(fRandom_a.add(ux), fConstants.largePrime_N)
.mod(fConstants.largePrime_N);
fEvidenceValue_M1 = SRPUtils.calcM1(fPublicKey_A, publicKey_B, fCommonValue_S);
// the MD5 output is the same as the AES key length
fSessionKey_K = SRPUtils.hashToBytesMD5(fCommonValue_S);
}
/** Call to calculate the common session key (S/K in the docs) */
public void computeCommonValue_S() {
if (fPublicKey_A == null) {
throw new IllegalStateException("setClientPublicKey_A() has not been called yet.");
}
fCommonValue_S =
fPublicKey_A
.multiply(fVerifier.verifier_v.modPow(fSRP6_u, fConstants.largePrime_N))
.modPow(fRandom_b, fConstants.largePrime_N);
fEvidenceValue_M1 = SRPUtils.calcM1(fPublicKey_A, fPublicKey_B, fCommonValue_S);
// the MD5 output is the same as the AES key length
fSessionKey_K = SRPUtils.hashToBytesMD5(fCommonValue_S);
}