public static void Test()
        {
            SRPParameters srpParameters = new SRPParameters();
            BigInteger    bigInteger    = HashUtilities.HashToBigInteger(SRPParameters.Hash,
                                                                         (HashUtilities.HashDataBroker) "USER:PASSWORD");
            SecureRemotePassword secureRemotePassword1 =
                new SecureRemotePassword("USER", bigInteger, true, SRPParameters.Defaults);
            SecureRemotePassword secureRemotePassword2 = new SecureRemotePassword("USER", bigInteger, false,
                                                                                  SRPParameters.Defaults);

            Console.WriteLine("Client sending A = {0}",
                              secureRemotePassword2.PublicEphemeralValueA.ToHexString());
            secureRemotePassword1.PublicEphemeralValueA = secureRemotePassword2.PublicEphemeralValueA;
            Console.WriteLine("Server sending salt = {0}", secureRemotePassword1.Salt.ToHexString());
            Console.WriteLine("Server sending B = {0}",
                              secureRemotePassword1.PublicEphemeralValueB.ToHexString());
            secureRemotePassword2.Salt = secureRemotePassword1.Salt;
            secureRemotePassword2.PublicEphemeralValueB = secureRemotePassword1.PublicEphemeralValueB;
            Console.WriteLine("Server's session key = {0}", secureRemotePassword1.SessionKey.ToHexString());
            Console.WriteLine("Client's session key = {0}", secureRemotePassword2.SessionKey.ToHexString());
            Console.WriteLine("\nServer key == client key {0}",
                              secureRemotePassword1.SessionKey == secureRemotePassword2.SessionKey);
            Console.WriteLine("Client proof valid: {0}",
                              secureRemotePassword1.IsClientProofValid(secureRemotePassword2.ClientSessionKeyProof));
            Console.WriteLine("Server proof valid: {0}",
                              secureRemotePassword2.IsServerProofValid(secureRemotePassword1.ServerSessionKeyProof));
        }
Example #2
0
        public static void Test()
        {
            var srpParams = new SRPParameters();

            BigInteger credentials = HashUtilities.HashToBigInteger(SRPParameters.Hash, "USER:PASSWORD");

            var server = new SecureRemotePassword("USER", credentials, true, SRPParameters.Defaults);
            var client = new SecureRemotePassword("USER", credentials, false, SRPParameters.Defaults);

            /* Typical communication works something like this:
             *
             * client: I want to log in. Here is my username and here is my PublicEphemeralValueA.
             * server: Here is the Salt and here is my PublicEphemeralValueB.
             *
             * Server looks up the username in the database and finds the associated password.
             *
             * client: Here's proof I have the correct session key (hence correct password)
             *         (sends client.ClientSessionKeyProof)
             * server: Thats valid. Here's proof that *I* have the correct session key:
             *         (sends server.ServerSessionKeyProof)
             *
             * client: Cheerio. *encrypts stuff using SessionKey*
             */
            Console.WriteLine("Client sending A = {0}", client.PublicEphemeralValueA.ToHexString());
            server.PublicEphemeralValueA = client.PublicEphemeralValueA;

            Console.WriteLine("Server sending salt = {0}", server.Salt.ToHexString());
            Console.WriteLine("Server sending B = {0}", server.PublicEphemeralValueB.ToHexString());
            client.Salt = server.Salt;
            client.PublicEphemeralValueB = server.PublicEphemeralValueB;

            /*
             *  Console.WriteLine("X = {0}", server.CredentialsHash.ToHexString());
             *  Console.WriteLine("a = {0}", client.secretEphemeralValueA.ToHexString());
             *  Console.WriteLine("b = {0}", server.secretEphemeralValueB.ToHexString());
             *  Console.WriteLine("v = {0}", server.Verifier.ToHexString());
             *  Console.WriteLine("U = {0}", server.ScramblingParameter.ToHexString());
             */

            // Note that session keys are never sent.
            Console.WriteLine("Server's session key = {0}", server.SessionKey.ToHexString());
            Console.WriteLine("Client's session key = {0}", client.SessionKey.ToHexString());

            // Are the session keys actually the same?
            Console.WriteLine("\nServer key == client key {0}", server.SessionKey == client.SessionKey);

            // This is how we can test it without sending actual session keys over the wire
            Console.WriteLine("Client proof valid: {0}", server.IsClientProofValid(client.ClientSessionKeyProof));
            Console.WriteLine("Server proof valid: {0}", client.IsServerProofValid(server.ServerSessionKeyProof));
        }
Example #3
0
        public static void Test()
        {
            var srpParams = new SRPParameters();

			BigInteger credentials = HashUtilities.HashToBigInteger(SRPParameters.Hash, "USER:PASSWORD");

            var server = new SecureRemotePassword("USER", credentials, true, SRPParameters.Defaults);
            var client = new SecureRemotePassword("USER", credentials, false, SRPParameters.Defaults);

            /* Typical communication works something like this:
             * 
             * client: I want to log in. Here is my username and here is my PublicEphemeralValueA.
             * server: Here is the Salt and here is my PublicEphemeralValueB.
             * 
             * Server looks up the username in the database and finds the associated password.
             * 
             * client: Here's proof I have the correct session key (hence correct password)
             *         (sends client.ClientSessionKeyProof)
             * server: Thats valid. Here's proof that *I* have the correct session key:
             *         (sends server.ServerSessionKeyProof)
             * 
             * client: Cheerio. *encrypts stuff using SessionKey*
             */
            Console.WriteLine("Client sending A = {0}", client.PublicEphemeralValueA.ToHexString());
            server.PublicEphemeralValueA = client.PublicEphemeralValueA;

            Console.WriteLine("Server sending salt = {0}", server.Salt.ToHexString());
            Console.WriteLine("Server sending B = {0}", server.PublicEphemeralValueB.ToHexString());
            client.Salt = server.Salt;
            client.PublicEphemeralValueB = server.PublicEphemeralValueB;

            /*
                Console.WriteLine("X = {0}", server.CredentialsHash.ToHexString());
                Console.WriteLine("a = {0}", client.secretEphemeralValueA.ToHexString());
                Console.WriteLine("b = {0}", server.secretEphemeralValueB.ToHexString());
                Console.WriteLine("v = {0}", server.Verifier.ToHexString());
                Console.WriteLine("U = {0}", server.ScramblingParameter.ToHexString());
                */

            // Note that session keys are never sent.
            Console.WriteLine("Server's session key = {0}", server.SessionKey.ToHexString());
            Console.WriteLine("Client's session key = {0}", client.SessionKey.ToHexString());

            // Are the session keys actually the same?
            Console.WriteLine("\nServer key == client key {0}", server.SessionKey == client.SessionKey);

            // This is how we can test it without sending actual session keys over the wire
            Console.WriteLine("Client proof valid: {0}", server.IsClientProofValid(client.ClientSessionKeyProof));
            Console.WriteLine("Server proof valid: {0}", client.IsServerProofValid(server.ServerSessionKeyProof));
        }
Example #4
0
		/// <summary>
		/// Validates the auth-info sent by the client.
		/// Called within the IO-Queue's Context
		/// </summary>
		/// <returns>The session key or null if authentication failed</returns>
		private static bool ValidateAuthentication(IRealmClient client, string accountName)
		{
			var authInfo = RealmServer.Instance.GetAuthenticationInfo(accountName);

			if (authInfo == null)
			{
				RealmServer.Instance.Error(client, Resources.FailedToRetrieveAccount, accountName);

				LoginHandler.SendAuthSessionErrorReply(client, LoginErrorCode.AUTH_FAILED);
			}
			else
			{
				try
				{
					client.SessionKey = authInfo.SessionKey;
					client.Info = ClientInformation.Deserialize(authInfo.SystemInformation);

					var srp = new SecureRemotePassword(accountName, authInfo.Verifier, authInfo.Salt);

					BigInteger clientVerifier = srp.Hash(srp.Username, new byte[4], client.ClientSeed, RealmServer.Instance.AuthSeed, client.SessionKey);

					if (clientVerifier != client.ClientDigest)
					{
						LoginHandler.SendAuthSessionErrorReply(client, LoginErrorCode.AUTH_FAILED);
					}
					else
					{
						return true;
					}
				}
				catch (Exception e)
				{
					LogUtil.ErrorException(e, false, "Failed to validate authentication of Account " + accountName);
					LoginHandler.SendAuthSessionErrorReply(client, LoginErrorCode.AUTH_FAILED);
				}
			}
			return false;
		}
Example #5
0
		/// <summary>
		/// Default constructor.
		/// </summary>
		/// <param name="srp">the SRP instance for our current session</param>
		public Authenticator(SecureRemotePassword srp)
		{
			m_srp = srp;
		}
Example #6
0
 /// <summary>Default constructor.</summary>
 /// <param name="srp">the SRP instance for our current session</param>
 public Authenticator(SecureRemotePassword srp)
 {
     this.m_srp = srp;
 }
Example #7
0
 /// <summary>Generate a random number of maximal size</summary>
 /// <returns></returns>
 public static BigInteger RandomNumber()
 {
     return(SecureRemotePassword.RandomNumber(32U));
 }