public ClientMessage2(Mpi publicKey, byte[] proof)
: this()
{
publicKey.ThrowIfNull("publicKey");
proof.ThrowIfNull("proof");
PublicKey = publicKey;
Proof = proof;
}
public static byte[] ComputeClientProof(Mpi safePrimeModulus, Mpi generator, string username, byte[] salt, Mpi clientPublicKey, Mpi serverPublicKey, Mpi sharedKey, string authId, string options, HashAlgorithm hashAlgorithm)
{
byte[] n = safePrimeModulus.ToBytes(),
g = generator.ToBytes(),
u = Encoding.UTF8.GetBytes(username), s = salt,
a = clientPublicKey.ToBytes(), b = serverPublicKey.ToBytes(),
k = sharedKey.ToBytes(), i = Encoding.UTF8.GetBytes(authId),
l = Encoding.UTF8.GetBytes(options);
HashAlgorithm h = hashAlgorithm;
byte[] seq = new ByteBuilder()
.Append(Xor(h.ComputeHash(n), h.ComputeHash(g)))
.Append(h.ComputeHash(u))
.Append(s)
.Append(a)
.Append(b)
.Append(k)
.Append(h.ComputeHash(i))
.Append(h.ComputeHash(l))
.ToArray();
return h.ComputeHash(seq);
}
internal SaslSrp(string username, string password, byte[] privateKey)
: this(username, password)
{
PrivateKey = new Mpi(privateKey);
}
private byte[] ComputeFinalResponse(byte[] challenge)
{
ServerMessage1 m = ServerMessage1.Deserialize(challenge);
if (!string.IsNullOrEmpty(m.Options["mandatory"]))
{
throw new SaslException("Mandatory options are not supported.");
}
var mda = SelectHashAlgorithm(m.Options["mda"]);
HashAlgorithm = Activator.CreateInstance(mda.Item2) as HashAlgorithm;
PublicKey = Helper.ComputeClientPublicKey(m.Generator, m.SafePrimeModulus, PrivateKey);
SharedKey = Helper.ComputeSharedKey(m.Salt, Username, Password, PublicKey, m.PublicKey, PrivateKey, m.Generator, m.SafePrimeModulus, HashAlgorithm);
ClientProof = Helper.ComputeClientProof(m.SafePrimeModulus, m.Generator, Username, m.Salt, PublicKey, m.PublicKey, SharedKey, AuthId, m.RawOptions, HashAlgorithm);
ClientMessage2 response = new ClientMessage2(PublicKey, ClientProof);
response.Options["mda"] = mda.Item1;
Options = response.BuildOptionsString();
return response.Serialize();
}
public static byte[] ComputeServerProof(Mpi clientPublicKey, byte[] clientProof, Mpi sharedKey, string authId, string options, string sid, uint ttl, HashAlgorithm hashAlgorithm)
{
byte[] a =
clientPublicKey.ToBytes(),
m1 = clientProof,
k = sharedKey.ToBytes(),
i = Encoding.UTF8.GetBytes(authId),
o = Encoding.UTF8.GetBytes(options),
sid_ = Encoding.UTF8.GetBytes(sid);
HashAlgorithm h = hashAlgorithm;
byte[] seq = new ByteBuilder()
.Append(a)
.Append(m1)
.Append(k)
.Append(h.ComputeHash(i))
.Append(h.ComputeHash(o))
.Append(sid_)
.Append(ttl, true)
.ToArray();
return h.ComputeHash(seq);
}
public static Mpi ComputeClientPublicKey(Mpi generator, Mpi safePrimeModulus, Mpi privateKey)
{
BigInteger result = BigInteger.ModPow(generator.Value, privateKey.Value, safePrimeModulus.Value);
return new Mpi(result);
}
public static bool IsValidModulus(Mpi n)
{
foreach (string s in moduli)
{
BigInteger a = BigInteger.Parse(s, NumberStyles.HexNumber);
if (BigInteger.Compare(a, n.Value) == 0)
{
return true;
}
}
return false;
}
public static bool IsValidGenerator(Mpi g)
{
return BigInteger.Compare(new BigInteger(2), g.Value) == 0;
}
public static Mpi ComputeSharedKey(byte[] salt, string username, string password, Mpi clientPublicKey, Mpi serverPublicKey, Mpi clientPrivateKey, Mpi generator, Mpi safePrimeModulus, HashAlgorithm hashAlgorithm)
{
byte[] u = hashAlgorithm.ComputeHash(new ByteBuilder()
.Append(clientPublicKey.ToBytes())
.Append(serverPublicKey.ToBytes())
.ToArray());
byte[] up = hashAlgorithm.ComputeHash(Encoding.UTF8.GetBytes(username + ":" + password)), sup = new ByteBuilder().Append(salt).Append(up).ToArray(), x = hashAlgorithm.ComputeHash(sup);
Mpi u_ = new Mpi(u), x_ = new Mpi(x);
ts.TraceInformation("ComputeSharedKey: _u = " + u_.Value.ToString("X"));
ts.TraceInformation("ComputeSharedKey: _x = " + x_.Value.ToString("X"));
BigInteger base_ = BigInteger.Subtract(serverPublicKey.Value, BigInteger.Multiply(new BigInteger(3), BigInteger.ModPow(generator.Value, x_.Value, safePrimeModulus.Value)) % safePrimeModulus.Value);
if (base_.Sign < 0)
{
base_ = BigInteger.Add(base_, safePrimeModulus.Value);
}
ts.TraceInformation("ComputeSharedKey: _base = " + base_.ToString("X"));
BigInteger gx = BigInteger.ModPow(generator.Value, x_.Value, safePrimeModulus.Value), gx3 = BigInteger.Multiply(new BigInteger(3), gx) % safePrimeModulus.Value;
ts.TraceInformation("ComputeSharedKey: gx = " + gx.ToString("X"));
BigInteger @base = BigInteger.Subtract(serverPublicKey.Value, gx3) % safePrimeModulus.Value;
if (@base.Sign < 0)
{
@base = BigInteger.Add(@base, safePrimeModulus.Value);
}
ts.TraceInformation("ComputeSharedKey: @base = " + @base.ToString("X"));
BigInteger exp = BigInteger.Add(clientPrivateKey.Value, BigInteger.Multiply(u_.Value, x_.Value)),
s = BigInteger.ModPow(base_, exp, safePrimeModulus.Value);
ts.TraceInformation("ComputeSharedKey: exp = " + exp.ToString("X"));
ts.TraceInformation("ComputeSharedKey: S = " + s.ToString("X"));
return new Mpi(hashAlgorithm.ComputeHash(new Mpi(s).ToBytes()));
}