/**
* Call to save the public key (value B in the docs) when received from the server
*
* @param publicKey_B B
* @throws SRPAuthenticationFailedException if B is invalid
*/
public void setServerPublicKey_B(BigInteger publicKey_B) throws SRPAuthenticationFailedException {
if (fPublicKey_A == null) {
throw new IllegalStateException("setSalt_s() has not been called yet.");
}
if (publicKey_B.mod(fConstants.largePrime_N).equals(BigInteger.ZERO)) {
throw new SRPAuthenticationFailedException("B%N == 0");
}
BigInteger SRP6_u = SRPUtils.calc_u(fPublicKey_A, publicKey_B);
if (SRP6_u.mod(fConstants.largePrime_N).equals(BigInteger.ZERO)) {
throw new SRPAuthenticationFailedException("u%N == 0");
}
// S = (B - 3(g^x))^(a + ux)
BigInteger three_g_pow_x =
fConstants.srp6Multiplier_k.multiply(
fConstants.primitiveRoot_g.modPow(fPrivateKey_x, fConstants.largePrime_N));
BigInteger B_minus_g_pow_x = publicKey_B.subtract(three_g_pow_x);
BigInteger ux = SRP6_u.multiply(fPrivateKey_x);
fCommonValue_S =
B_minus_g_pow_x.modPow(fRandom_a.add(ux), fConstants.largePrime_N)
.mod(fConstants.largePrime_N);
fEvidenceValue_M1 = SRPUtils.calcM1(fPublicKey_A, publicKey_B, fCommonValue_S);
// the MD5 output is the same as the AES key length
fSessionKey_K = SRPUtils.hashToBytesMD5(fCommonValue_S);
}
/**
* When the client sends the public key (value A in the docs) call this method to store the value
*
* @param publicKey_A A
* @throws SRPAuthenticationFailedException if A is invalid
*/
public void setClientPublicKey_A(BigInteger publicKey_A) throws SRPAuthenticationFailedException {
if (publicKey_A.mod(fConstants.largePrime_N).equals(BigInteger.ZERO)) {
throw new SRPAuthenticationFailedException("A%N == 0");
}
fPublicKey_A = publicKey_A;
fSRP6_u = SRPUtils.calc_u(fPublicKey_A, fPublicKey_B);
if (fSRP6_u.mod(fConstants.largePrime_N).equals(BigInteger.ZERO)) {
throw new SRPAuthenticationFailedException("u%N == 0");
}
}