com.ongres.scram.common

Class ScramFunctions

java.lang.Object

com.ongres.scram.common.ScramFunctions

public class ScramFunctions
extends java.lang.Object

Utility functions (e.g. crypto) for SCRAM.

Field Summary

Fields

Modifier and Type	Field and Description
private static byte[]	CLIENT_KEY_HMAC_KEY
private static byte[]	SERVER_KEY_HMAC_KEY

Constructor Summary

Constructors

Constructor and Description
ScramFunctions()

Method Summary

Modifier and Type	Method and Description
static byte[]	clientKey(ScramMechanism scramMechanism, byte[] saltedPassword) Generates a client key, from the salted password.
static byte[]	clientKey(ScramMechanism scramMechanism, StringPreparation stringPreparation, java.lang.String password, byte[] salt, int iteration) Generates a client key from the password and salt.
static byte[]	clientProof(byte[] clientKey, byte[] clientSignature) Computes the SCRAM client proof to be sent to the server on the client-final-message.
static byte[]	clientSignature(ScramMechanism scramMechanism, byte[] storedKey, java.lang.String authMessage) Computes the SCRAM client signature.
static byte[]	hash(ScramMechanism scramMechanism, byte[] value) Computes the hash function of a given value, based on the SCRAM mechanism hash function.
static byte[]	hmac(ScramMechanism scramMechanism, byte[] message, byte[] key) Computes the HMAC of the message and key, using the given SCRAM mechanism.
static byte[]	saltedPassword(ScramMechanism scramMechanism, StringPreparation stringPreparation, java.lang.String password, byte[] salt, int iteration) Compute the salted password, based on the given SCRAM mechanism, the String preparation algorithm, the provided salt and the number of iterations.
static byte[]	serverKey(ScramMechanism scramMechanism, byte[] saltedPassword) Generates a server key, from the salted password.
static byte[]	serverKey(ScramMechanism scramMechanism, StringPreparation stringPreparation, java.lang.String password, byte[] salt, int iteration) Generates a server key from the password and salt.
static byte[]	serverSignature(ScramMechanism scramMechanism, byte[] serverKey, java.lang.String authMessage) Compute the SCRAM server signature.
static byte[]	storedKey(ScramMechanism scramMechanism, byte[] clientKey) Generates a stored key, from the salted password.
static boolean	verifyClientProof(ScramMechanism scramMechanism, byte[] clientProof, byte[] storedKey, java.lang.String authMessage) Verifies that a provided client proof is correct.
static boolean	verifyServerSignature(ScramMechanism scramMechanism, byte[] serverKey, java.lang.String authMessage, byte[] serverSignature) Verifies that a provided server proof is correct.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CLIENT_KEY_HMAC_KEY

private static final byte[] CLIENT_KEY_HMAC_KEY

SERVER_KEY_HMAC_KEY

private static final byte[] SERVER_KEY_HMAC_KEY

Constructor Detail

ScramFunctions

public ScramFunctions()

Method Detail

saltedPassword

public static byte[] saltedPassword(ScramMechanism scramMechanism,
                                    StringPreparation stringPreparation,
                                    java.lang.String password,
                                    byte[] salt,
                                    int iteration)

Compute the salted password, based on the given SCRAM mechanism, the String preparation algorithm, the provided salt and the number of iterations. SaltedPassword := Hi(Normalize(password), salt, i)

Parameters:

scramMechanism - The SCRAM mechanism

stringPreparation - The String preparation

password - The non-salted password

salt - The bytes representing the salt

iteration - The number of iterations

Returns:

The salted password

hmac

public static byte[] hmac(ScramMechanism scramMechanism,
                          byte[] message,
                          byte[] key)

Computes the HMAC of the message and key, using the given SCRAM mechanism.

Parameters:

scramMechanism - The SCRAM mechanism

message - The message to compute the HMAC

key - The key used to initialize the MAC

Returns:

The computed HMAC

clientKey

public static byte[] clientKey(ScramMechanism scramMechanism,
                               byte[] saltedPassword)

Generates a client key, from the salted password. ClientKey := HMAC(SaltedPassword, "Client Key")

Parameters:

scramMechanism - The SCRAM mechanism

saltedPassword - The salted password

Returns:

The client key

clientKey

public static byte[] clientKey(ScramMechanism scramMechanism,
                               StringPreparation stringPreparation,
                               java.lang.String password,
                               byte[] salt,
                               int iteration)

Generates a client key from the password and salt. SaltedPassword := Hi(Normalize(password), salt, i) ClientKey := HMAC(SaltedPassword, "Client Key")

Parameters:

scramMechanism - The SCRAM mechanism

stringPreparation - The String preparation

password - The non-salted password

salt - The bytes representing the salt

iteration - The number of iterations

Returns:

The client key

serverKey

public static byte[] serverKey(ScramMechanism scramMechanism,
                               byte[] saltedPassword)

Generates a server key, from the salted password. ServerKey := HMAC(SaltedPassword, "Server Key")

Parameters:

scramMechanism - The SCRAM mechanism

saltedPassword - The salted password

Returns:

The server key

serverKey

public static byte[] serverKey(ScramMechanism scramMechanism,
                               StringPreparation stringPreparation,
                               java.lang.String password,
                               byte[] salt,
                               int iteration)

Generates a server key from the password and salt. SaltedPassword := Hi(Normalize(password), salt, i) ServerKey := HMAC(SaltedPassword, "Server Key")

Parameters:

scramMechanism - The SCRAM mechanism

stringPreparation - The String preparation

password - The non-salted password

salt - The bytes representing the salt

iteration - The number of iterations

Returns:

The server key

hash

public static byte[] hash(ScramMechanism scramMechanism,
                          byte[] value)

Computes the hash function of a given value, based on the SCRAM mechanism hash function.

Parameters:

scramMechanism - The SCRAM mechanism

value - The value to hash

Returns:

The hashed value

storedKey

public static byte[] storedKey(ScramMechanism scramMechanism,
                               byte[] clientKey)

Generates a stored key, from the salted password. StoredKey := H(ClientKey)

Parameters:

scramMechanism - The SCRAM mechanism

clientKey - The client key

Returns:

The stored key

clientSignature

public static byte[] clientSignature(ScramMechanism scramMechanism,
                                     byte[] storedKey,
                                     java.lang.String authMessage)

Computes the SCRAM client signature. ClientSignature := HMAC(StoredKey, AuthMessage)

Parameters:

scramMechanism - The SCRAM mechanism

storedKey - The stored key

authMessage - The auth message

Returns:

The client signature

clientProof

public static byte[] clientProof(byte[] clientKey,
                                 byte[] clientSignature)

Computes the SCRAM client proof to be sent to the server on the client-final-message. ClientProof := ClientKey XOR ClientSignature

Parameters:

clientKey - The client key

clientSignature - The client signature

Returns:

The client proof

serverSignature

public static byte[] serverSignature(ScramMechanism scramMechanism,
                                     byte[] serverKey,
                                     java.lang.String authMessage)

Compute the SCRAM server signature. ServerSignature := HMAC(ServerKey, AuthMessage)

Parameters:

scramMechanism - The SCRAM mechanism

serverKey - The server key

authMessage - The auth message

Returns:

The server signature

verifyClientProof

public static boolean verifyClientProof(ScramMechanism scramMechanism,
                                        byte[] clientProof,
                                        byte[] storedKey,
                                        java.lang.String authMessage)

Verifies that a provided client proof is correct.

Parameters:

scramMechanism - The SCRAM mechanism

clientProof - The provided client proof

storedKey - The stored key

authMessage - The auth message

Returns:

True if the client proof is correct

verifyServerSignature

public static boolean verifyServerSignature(ScramMechanism scramMechanism,
                                            byte[] serverKey,
                                            java.lang.String authMessage,
                                            byte[] serverSignature)

Verifies that a provided server proof is correct.

Parameters:

scramMechanism - The SCRAM mechanism

serverKey - The server key

authMessage - The auth message

serverSignature - The provided server signature

Returns:

True if the server signature is correct