public void WriteServerChallenge(PacketWriter packet)
{
packet.WriteBigInt(SRP.PublicEphemeralValueB, 32);
packet.WriteBigIntLength(SRP.Generator, 1);
// We will pad this out to 32 bytes.
packet.WriteBigIntLength(SRP.Modulus, 32);
packet.WriteBigInt(SRP.Salt);
packet.WriteBigInt(SecureRemotePassword.RandomNumber(16));
}
public static void Test()
{
var srpParams = new SRPParameters();
BigInteger credentials = HashUtilities.HashToBigInteger(SRPParameters.Hash, "ADMIN:CHANGEME");
var server = new SecureRemotePassword("ADMIN", credentials, true, SRPParameters.Defaults);
var client = new SecureRemotePassword("ADMIN", credentials, false, SRPParameters.Defaults);
/* Typical communication works something like this:
*
* client: I want to log in. Here is my username and here is my PublicEphemeralValueA.
* server: Here is the Salt and here is my PublicEphemeralValueB.
*
* Server looks up the username in the database and finds the associated password.
*
* client: Here's proof I have the correct session key (hence correct password)
* (sends client.ClientSessionKeyProof)
* server: Thats valid. Here's proof that *I* have the correct session key:
* (sends server.ServerSessionKeyProof)
*
* client: Cheerio. *encrypts stuff using SessionKey*
*/
Console.WriteLine("Client sending A = {0}", client.PublicEphemeralValueA.ToHexString());
server.PublicEphemeralValueA = client.PublicEphemeralValueA;
Console.WriteLine("Server sending salt = {0}", server.Salt.ToHexString());
Console.WriteLine("Server sending B = {0}", server.PublicEphemeralValueB.ToHexString());
client.Salt = server.Salt;
client.PublicEphemeralValueB = server.PublicEphemeralValueB;
/*
* Console.WriteLine("X = {0}", server.CredentialsHash.ToHexString());
* Console.WriteLine("a = {0}", client.secretEphemeralValueA.ToHexString());
* Console.WriteLine("b = {0}", server.secretEphemeralValueB.ToHexString());
* Console.WriteLine("v = {0}", server.Verifier.ToHexString());
* Console.WriteLine("U = {0}", server.ScramblingParameter.ToHexString());
*/
// Note that session keys are never sent.
Console.WriteLine("Server's session key = {0}", server.SessionKey.ToHexString());
Console.WriteLine("Client's session key = {0}", client.SessionKey.ToHexString());
// Are the session keys actually the same?
Console.WriteLine("\nServer key == client key {0}", server.SessionKey == client.SessionKey);
// This is how we can test it without sending actual session keys over the wire
Console.WriteLine("Client proof valid: {0}", server.IsClientProofValid(client.ClientSessionKeyProof));
Console.WriteLine("Server proof valid: {0}", client.IsServerProofValid(server.ServerSessionKeyProof));
}
public Authenticator(SecureRemotePassword srp)
{
this.srp = srp;
}
