Ejemplo n.º 1
0
        public static void HandleAuthKeyData(Packet packet, Session session)
        {
            var keyData = new BinaryReader(new MemoryStream(Convert.FromBase64String(packet["KeyData"].ToString())));
            var a = keyData.ReadBytes(keyData.ReadInt32());
            var m = keyData.ReadBytes(keyData.ReadInt32());

            session.SecureRemotePassword.CalculateU(a);
            session.SecureRemotePassword.CalculateClientM(a);

            if (session.SecureRemotePassword.ClientM.Compare(m))
            {
                session.SecureRemotePassword.CalculateServerM(m, a);

                session.ClientCrypt = new RC4();
                session.ClientCrypt.PrepareKey(session.SecureRemotePassword.SessionKey);

                session.State = 1;

                var SKeyData = new BinaryWriter(new MemoryStream());

                SKeyData.Write(session.SecureRemotePassword.ServerM.Length);
                SKeyData.Write(session.SecureRemotePassword.ServerM);

                var reply = new Packet(StsReason.OK, packet.Header.Sequence);

                reply.Xml.WriteElementRoot("Reply");
                reply.Xml.WriteElement("KeyData", Convert.ToBase64String(SKeyData.ToArray()));

                session.Send(reply);
            }
            else
            {
                session.Account = null;

                var reply = new Packet(StsReason.Error, packet.Header.Sequence);

                reply.WriteError(AuthResult.ErrBadPasswd);

                session.Send(reply);
            }
        }
Ejemplo n.º 2
0
        public static void HandleAuthLoginStart(Packet packet, Session session)
        {
            // Account.Email
            var loginName = packet["LoginName"].ToString();

            session.Account = DB.Auth.Single<Account>(a => a.Email == loginName);

            // Support for email only.
            if (loginName != null && session.Account != null)
            {
                session.SecureRemotePassword = new SRP6a(session.Account.Salt, loginName, session.Account.PasswordVerifier);
                session.SecureRemotePassword.CalculateB();

                var keyData = new BinaryWriter(new MemoryStream());

                keyData.Write(session.SecureRemotePassword.S.Length);
                keyData.Write(session.SecureRemotePassword.S);
                keyData.Write(session.SecureRemotePassword.B.Length);
                keyData.Write(session.SecureRemotePassword.B);

                var reply = new Packet(StsReason.OK, packet.Header.Sequence);

                reply.Xml.WriteElementRoot("Reply");
                reply.Xml.WriteElement("KeyData", Convert.ToBase64String(keyData.ToArray()));

                session.Send(reply);
            }
            else
            {
                // Let's use ErrBadPasswd instead of ErrAccountNotFound.
                var reply = new Packet(StsReason.Error, packet.Header.Sequence);

                reply.WriteError(AuthResult.ErrBadPasswd);

                session.Send(reply);
            }
        }