private void testClientCatchesBadB(Srp6GroupParameters group)
{
byte[] I = Encoding.UTF8.GetBytes("username");
byte[] P = Encoding.UTF8.GetBytes("password");
byte[] s = new byte[16];
random.NextBytes(s);
Srp6Client client = new Srp6Client();
client.Init(group, new Sha256Digest(), random);
client.GenerateClientCredentials(s, I, P);
try
{
client.CalculateSecret(BigInteger.Zero);
Fail("Client failed to detect invalid value for 'B'");
}
catch (CryptoException)
{
// Expected
}
try
{
client.CalculateSecret(group.N);
Fail("Client failed to detect invalid value for 'B'");
}
catch (CryptoException)
{
// Expected
}
}
private void testMutualVerification(Srp6GroupParameters group)
{
byte[] I = Encoding.UTF8.GetBytes("username");
byte[] P = Encoding.UTF8.GetBytes("password");
byte[] s = new byte[16];
random.NextBytes(s);
Srp6VerifierGenerator gen = new Srp6VerifierGenerator();
gen.Init(group, new Sha256Digest());
BigInteger v = gen.GenerateVerifier(s, I, P);
Srp6Client client = new Srp6Client();
client.Init(group, new Sha256Digest(), random);
Srp6Server server = new Srp6Server();
server.Init(group, v, new Sha256Digest(), random);
BigInteger A = client.GenerateClientCredentials(s, I, P);
BigInteger B = server.GenerateServerCredentials();
BigInteger clientS = client.CalculateSecret(B);
BigInteger serverS = server.CalculateSecret(A);
if (!clientS.Equals(serverS))
{
Fail("SRP agreement failed - client/server calculated different secrets");
}
}
public virtual byte[] GeneratePremasterSecret()
{
try
{
// TODO Check if this needs to be a fixed size
return(BigIntegers.AsUnsignedByteArray(srpClient.CalculateSecret(B)));
}
catch (CryptoException)
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
}
private bool Authenticate(Stream stream, byte[] additionalChallenge)
{
HashMethod passwordHashMethod = (HashMethod)stream.ReadNextByte();
byte[] salt = stream.ReadBytes(stream.ReadNextByte());
int iterations = stream.ReadInt32();
SetHashMethod((HashMethod)stream.ReadNextByte());
SetSrpStrength((SrpStrength)stream.ReadInt32());
m_credentials.TryUpdate(passwordHashMethod, salt, iterations);
BigInteger pubA = m_client.GenerateClientCredentials(m_hash, salt, m_credentials.UsernameBytes, m_credentials.SaltedPassword);
byte[] pubABytes = pubA.ToPaddedArray(m_srpByteLength);
stream.Write(pubABytes);
stream.Flush();
//Read from Server: B
byte[] pubBBytes = stream.ReadBytes(m_srpByteLength);
BigInteger pubB = new BigInteger(1, pubBBytes);
//Calculate Session Key
BigInteger S = m_client.CalculateSecret(m_hash, pubB);
byte[] SBytes = S.ToPaddedArray(m_srpByteLength);
byte[] clientProof = m_hash.ComputeHash(pubABytes, pubBBytes, SBytes, additionalChallenge);
stream.Write(clientProof);
stream.Flush();
byte[] serverProof = m_hash.ComputeHash(pubBBytes, pubABytes, SBytes, additionalChallenge);
if (stream.ReadBoolean())
{
byte[] serverProofCheck = stream.ReadBytes(m_hash.GetDigestSize());
int ticketLength = stream.ReadInt16();
if (ticketLength < 0 || ticketLength > 10000)
{
return(false);
}
if (serverProofCheck.SecureEquals(serverProof))
{
m_resumeTicket = stream.ReadBytes(ticketLength);
m_sessionSecret = m_hash.ComputeHash(pubABytes, SBytes, pubBBytes).Combine(m_hash.ComputeHash(pubBBytes, SBytes, pubABytes));
return(true);
}
return(false);
}
return(false);
}
public byte[] GeneratePremasterSecret()
{
try
{
// TODO Check if this needs to be a fixed size
return(BigIntegers.AsUnsignedByteArray(srpClient.CalculateSecret(B)));
}
catch (CryptoException)
{
handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_illegal_parameter);
return(null); // Unreachable!
}
}
public static BigInteger Srp6Response(string username, byte[] password, byte[] salt, BigInteger B, out BigInteger token)
{
var random = new SecureRandom(new CryptoApiRandomGenerator());
var I = Encoding.UTF8.GetBytes(username);
var p = FromInput(password, salt);
var client = new Srp6Client();
client.Init(GroupParameters, new Sha256Digest(), random);
token = client.GenerateClientCredentials(salt, I, p);
client.CalculateSecret(B);
return(client.CalculateClientEvidenceMessage());
}
public override byte[] GeneratePremasterSecret()
{
try
{
BigInteger S = mSrpServer != null
? mSrpServer.CalculateSecret(mSrpPeerCredentials)
: mSrpClient.CalculateSecret(mSrpPeerCredentials);
// TODO Check if this needs to be a fixed size
return(BigIntegers.AsUnsignedByteArray(S));
}
catch (CryptoException e)
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter, e);
}
}
public override byte[] GeneratePremasterSecret()
{
try
{
BigInteger n = ((mSrpServer != null) ? mSrpServer.CalculateSecret(mSrpPeerCredentials) : mSrpClient.CalculateSecret(mSrpPeerCredentials));
return(BigIntegers.AsUnsignedByteArray(n));
}
catch (CryptoException alertCause)
{
throw new TlsFatalAlert(47, alertCause);
}
}
