lib/srp/srp6_util.dart - third_party/pc-dart - Git at Google

 library src.srp_util;

 import 'dart:math' as math;
 import 'dart:typed_data';

 import 'package:pointycastle/pointycastle.dart';

 class SRP6Util {
   static final _byteMask = BigInt.from(0xff);

   static BigInt calculateK(Digest digest, BigInt N, BigInt g) {
     return hashPaddedPair(digest, N, N, g);
   }

   static BigInt calculateU(Digest digest, BigInt N, BigInt? A, BigInt? B) {
     return hashPaddedPair(digest, N, A, B);
   }

   static BigInt calculateX(Digest digest, BigInt N, Uint8List salt,
       Uint8List identity, Uint8List password) {
     var output = Uint8List(digest.digestSize);

     digest.update(identity, 0, identity.length);
     digest.updateByte(':'.codeUnitAt(0));
     digest.update(password, 0, password.length);
     digest.doFinal(output, 0);

     digest.update(salt, 0, salt.length);
     digest.update(output, 0, output.length);
     digest.doFinal(output, 0);

     return decodeBigInt(output);
   }

   /// Decode a BigInt from bytes in big-endian encoding.
   static BigInt decodeBigInt(List<int> bytes) {
     var result = BigInt.from(0);
     for (var i = 0; i < bytes.length; i++) {
       result += BigInt.from(bytes[bytes.length - i - 1]) << (8 * i);
     }
     return result;
   }

   /// Encode a BigInt into bytes using big-endian encoding.
   static Uint8List encodeBigInt(BigInt number) {
     // Not handling negative numbers. Decide how you want to do that.
     var size = (number.bitLength + 7) >> 3;
     var result = Uint8List(size);
     for (var i = 0; i < size; i++) {
       result[size - i - 1] = (number & _byteMask).toInt();
       number = number >> 8;
     }
     return result;
   }

   static BigInt? generatePrivateValue(
       Digest digest, BigInt N, BigInt g, SecureRandom random) {
     var minBits = math.min(256, N.bitLength ~/ 2);
     var min = BigInt.one << (minBits - 1);
     var max = N - BigInt.one;

     BigInt result;
     do {
       result = random.nextBigInteger(minBits);
     } while (result > max || result < min);
     return result;
   }

   static BigInt validatePublicValue(BigInt N, BigInt val) {
     val = val % N;

     // Check that val % N != 0
     if (val == BigInt.zero) {
       throw Exception('Invalid public value: 0');
     }

     return val;
   }

   /// Computes the client evidence message (M1) according to the standard routine:
   /// M1 = H( A | B | S )
   /// [digest] The Digest used as the hashing function H
   /// [N] Modulus used to get the pad length
   /// [A] The public client value
   /// [B] The public server value
   /// [S] The secret calculated by both sides
   /// [M1] The calculated client evidence message
   static BigInt calculateM1(
       Digest digest, BigInt N, BigInt? A, BigInt? B, BigInt? S) {
     return hashPaddedTriplet(digest, N, A, B, S);
   }

   /// Computes the server evidence message (M2) according to the standard routine:
   /// M2 = H( A | M1 | S )
   /// [digest] The Digest used as the hashing function H
   /// [N] Modulus used to get the pad length
   /// [A] The public client value
   /// [M1] The client evidence message
   /// [S] The secret calculated by both sides
   /// @return M2 The calculated server evidence message
   static BigInt calculateM2(
       Digest digest, BigInt N, BigInt? A, BigInt? M1, BigInt? S) {
     return hashPaddedTriplet(digest, N, A, M1, S);
   }

   /// Computes the final Key according to the standard routine: Key = H(S)
   /// [digest] The Digest used as the hashing function H
   /// [N] Modulus used to get the pad length
   /// [S] The secret calculated by both sides
   /// @return the final Key value.
   static BigInt calculateKey(Digest digest, BigInt N, BigInt? S) {
     var padLength = (N.bitLength + 7) ~/ 8;
     var S0 = getPadded(S!, padLength);
     digest.update(S0, 0, S0.length);

     var output = Uint8List(digest.digestSize);
     digest.doFinal(output, 0);
     return decodeBigInt(output);
   }

   static BigInt hashPaddedTriplet(
       Digest digest, BigInt N, BigInt? n1, BigInt? n2, BigInt? n3) {
     var padLength = (N.bitLength + 7) ~/ 8;

     var n1Bytes = getPadded(n1!, padLength);
     var n2Bytes = getPadded(n2!, padLength);
     var n3Bytes = getPadded(n3!, padLength);

     digest.update(n1Bytes, 0, n1Bytes.length);
     digest.update(n2Bytes, 0, n2Bytes.length);
     digest.update(n3Bytes, 0, n3Bytes.length);

     var output = Uint8List(digest.digestSize);
     digest.doFinal(output, 0);

     return decodeBigInt(output);
   }

   static Uint8List getPadded(BigInt n, int length) {
     var bs = encodeBigInt(n);
     if (bs.length < length) {
       var tmp = Uint8List(length);
       var start = length - bs.length;
       for (var i = 0; start < length; i++, start++) {
         tmp[start] = bs[i];
       }
       bs = tmp;
     }
     return bs;
   }

   static BigInt hashPaddedPair(
       Digest digest, BigInt N, BigInt? n1, BigInt? n2) {
     var padLength = (N.bitLength + 7) ~/ 8;

     var n1Bytes = getPadded(n1!, padLength);
     var n2Bytes = getPadded(n2!, padLength);

     digest.update(n1Bytes, 0, n1Bytes.length);
     digest.update(n2Bytes, 0, n2Bytes.length);

     var output = Uint8List(digest.digestSize);
     digest.doFinal(output, 0);

     return decodeBigInt(output);
   }
 }
	library src.srp_util;

	import 'dart:math' as math;
	import 'dart:typed_data';

	import 'package:pointycastle/pointycastle.dart';

	class SRP6Util {
	static final _byteMask = BigInt.from(0xff);

	static BigInt calculateK(Digest digest, BigInt N, BigInt g) {
	return hashPaddedPair(digest, N, N, g);
	}

	static BigInt calculateU(Digest digest, BigInt N, BigInt? A, BigInt? B) {
	return hashPaddedPair(digest, N, A, B);
	}

	static BigInt calculateX(Digest digest, BigInt N, Uint8List salt,
	Uint8List identity, Uint8List password) {
	var output = Uint8List(digest.digestSize);

	digest.update(identity, 0, identity.length);
	digest.updateByte(':'.codeUnitAt(0));
	digest.update(password, 0, password.length);
	digest.doFinal(output, 0);

	digest.update(salt, 0, salt.length);
	digest.update(output, 0, output.length);
	digest.doFinal(output, 0);

	return decodeBigInt(output);
	}

	/// Decode a BigInt from bytes in big-endian encoding.
	static BigInt decodeBigInt(List<int> bytes) {
	var result = BigInt.from(0);
	for (var i = 0; i < bytes.length; i++) {
	result += BigInt.from(bytes[bytes.length - i - 1]) << (8 * i);
	}
	return result;
	}

	/// Encode a BigInt into bytes using big-endian encoding.
	static Uint8List encodeBigInt(BigInt number) {
	// Not handling negative numbers. Decide how you want to do that.
	var size = (number.bitLength + 7) >> 3;
	var result = Uint8List(size);
	for (var i = 0; i < size; i++) {
	result[size - i - 1] = (number & _byteMask).toInt();
	number = number >> 8;
	}
	return result;
	}

	static BigInt? generatePrivateValue(
	Digest digest, BigInt N, BigInt g, SecureRandom random) {
	var minBits = math.min(256, N.bitLength ~/ 2);
	var min = BigInt.one << (minBits - 1);
	var max = N - BigInt.one;

	BigInt result;
	do {
	result = random.nextBigInteger(minBits);
	} while (result > max \|\| result < min);
	return result;
	}

	static BigInt validatePublicValue(BigInt N, BigInt val) {
	val = val % N;

	// Check that val % N != 0
	if (val == BigInt.zero) {
	throw Exception('Invalid public value: 0');
	}

	return val;
	}

	/// Computes the client evidence message (M1) according to the standard routine:
	/// M1 = H( A \| B \| S )
	/// [digest] The Digest used as the hashing function H
	/// [N] Modulus used to get the pad length
	/// [A] The public client value
	/// [B] The public server value
	/// [S] The secret calculated by both sides
	/// [M1] The calculated client evidence message
	static BigInt calculateM1(
	Digest digest, BigInt N, BigInt? A, BigInt? B, BigInt? S) {
	return hashPaddedTriplet(digest, N, A, B, S);
	}

	/// Computes the server evidence message (M2) according to the standard routine:
	/// M2 = H( A \| M1 \| S )
	/// [digest] The Digest used as the hashing function H
	/// [N] Modulus used to get the pad length
	/// [A] The public client value
	/// [M1] The client evidence message
	/// [S] The secret calculated by both sides
	/// @return M2 The calculated server evidence message
	static BigInt calculateM2(
	Digest digest, BigInt N, BigInt? A, BigInt? M1, BigInt? S) {
	return hashPaddedTriplet(digest, N, A, M1, S);
	}

	/// Computes the final Key according to the standard routine: Key = H(S)
	/// [digest] The Digest used as the hashing function H
	/// [N] Modulus used to get the pad length
	/// [S] The secret calculated by both sides
	/// @return the final Key value.
	static BigInt calculateKey(Digest digest, BigInt N, BigInt? S) {
	var padLength = (N.bitLength + 7) ~/ 8;
	var S0 = getPadded(S!, padLength);
	digest.update(S0, 0, S0.length);

	var output = Uint8List(digest.digestSize);
	digest.doFinal(output, 0);
	return decodeBigInt(output);
	}

	static BigInt hashPaddedTriplet(
	Digest digest, BigInt N, BigInt? n1, BigInt? n2, BigInt? n3) {
	var padLength = (N.bitLength + 7) ~/ 8;

	var n1Bytes = getPadded(n1!, padLength);
	var n2Bytes = getPadded(n2!, padLength);
	var n3Bytes = getPadded(n3!, padLength);

	digest.update(n1Bytes, 0, n1Bytes.length);
	digest.update(n2Bytes, 0, n2Bytes.length);
	digest.update(n3Bytes, 0, n3Bytes.length);

	var output = Uint8List(digest.digestSize);
	digest.doFinal(output, 0);

	return decodeBigInt(output);
	}

	static Uint8List getPadded(BigInt n, int length) {
	var bs = encodeBigInt(n);
	if (bs.length < length) {
	var tmp = Uint8List(length);
	var start = length - bs.length;
	for (var i = 0; start < length; i++, start++) {
	tmp[start] = bs[i];
	}
	bs = tmp;
	}
	return bs;
	}

	static BigInt hashPaddedPair(
	Digest digest, BigInt N, BigInt? n1, BigInt? n2) {
	var padLength = (N.bitLength + 7) ~/ 8;

	var n1Bytes = getPadded(n1!, padLength);
	var n2Bytes = getPadded(n2!, padLength);

	digest.update(n1Bytes, 0, n1Bytes.length);
	digest.update(n2Bytes, 0, n2Bytes.length);

	var output = Uint8List(digest.digestSize);
	digest.doFinal(output, 0);

	return decodeBigInt(output);
	}
	}