public static void Test()
{
SRPParameters srpParameters = new SRPParameters();
BigInteger bigInteger = HashUtilities.HashToBigInteger(SRPParameters.Hash,
(HashUtilities.HashDataBroker) "USER:PASSWORD");
SecureRemotePassword secureRemotePassword1 =
new SecureRemotePassword("USER", bigInteger, true, SRPParameters.Defaults);
SecureRemotePassword secureRemotePassword2 = new SecureRemotePassword("USER", bigInteger, false,
SRPParameters.Defaults);
Console.WriteLine("Client sending A = {0}",
secureRemotePassword2.PublicEphemeralValueA.ToHexString());
secureRemotePassword1.PublicEphemeralValueA = secureRemotePassword2.PublicEphemeralValueA;
Console.WriteLine("Server sending salt = {0}", secureRemotePassword1.Salt.ToHexString());
Console.WriteLine("Server sending B = {0}",
secureRemotePassword1.PublicEphemeralValueB.ToHexString());
secureRemotePassword2.Salt = secureRemotePassword1.Salt;
secureRemotePassword2.PublicEphemeralValueB = secureRemotePassword1.PublicEphemeralValueB;
Console.WriteLine("Server's session key = {0}", secureRemotePassword1.SessionKey.ToHexString());
Console.WriteLine("Client's session key = {0}", secureRemotePassword2.SessionKey.ToHexString());
Console.WriteLine("\nServer key == client key {0}",
secureRemotePassword1.SessionKey == secureRemotePassword2.SessionKey);
Console.WriteLine("Client proof valid: {0}",
secureRemotePassword1.IsClientProofValid(secureRemotePassword2.ClientSessionKeyProof));
Console.WriteLine("Server proof valid: {0}",
secureRemotePassword2.IsServerProofValid(secureRemotePassword1.ServerSessionKeyProof));
}
public static void Test()
{
var srpParams = new SRPParameters();
BigInteger credentials = HashUtilities.HashToBigInteger(SRPParameters.Hash, "USER:PASSWORD");
var server = new SecureRemotePassword("USER", credentials, true, SRPParameters.Defaults);
var client = new SecureRemotePassword("USER", credentials, false, SRPParameters.Defaults);
/* Typical communication works something like this:
*
* client: I want to log in. Here is my username and here is my PublicEphemeralValueA.
* server: Here is the Salt and here is my PublicEphemeralValueB.
*
* Server looks up the username in the database and finds the associated password.
*
* client: Here's proof I have the correct session key (hence correct password)
* (sends client.ClientSessionKeyProof)
* server: Thats valid. Here's proof that *I* have the correct session key:
* (sends server.ServerSessionKeyProof)
*
* client: Cheerio. *encrypts stuff using SessionKey*
*/
Console.WriteLine("Client sending A = {0}", client.PublicEphemeralValueA.ToHexString());
server.PublicEphemeralValueA = client.PublicEphemeralValueA;
Console.WriteLine("Server sending salt = {0}", server.Salt.ToHexString());
Console.WriteLine("Server sending B = {0}", server.PublicEphemeralValueB.ToHexString());
client.Salt = server.Salt;
client.PublicEphemeralValueB = server.PublicEphemeralValueB;
/*
* Console.WriteLine("X = {0}", server.CredentialsHash.ToHexString());
* Console.WriteLine("a = {0}", client.secretEphemeralValueA.ToHexString());
* Console.WriteLine("b = {0}", server.secretEphemeralValueB.ToHexString());
* Console.WriteLine("v = {0}", server.Verifier.ToHexString());
* Console.WriteLine("U = {0}", server.ScramblingParameter.ToHexString());
*/
// Note that session keys are never sent.
Console.WriteLine("Server's session key = {0}", server.SessionKey.ToHexString());
Console.WriteLine("Client's session key = {0}", client.SessionKey.ToHexString());
// Are the session keys actually the same?
Console.WriteLine("\nServer key == client key {0}", server.SessionKey == client.SessionKey);
// This is how we can test it without sending actual session keys over the wire
Console.WriteLine("Client proof valid: {0}", server.IsClientProofValid(client.ClientSessionKeyProof));
Console.WriteLine("Server proof valid: {0}", client.IsServerProofValid(server.ServerSessionKeyProof));
}
/// <summary>
/// Checks if the client's proof matches our proof.
/// </summary>
/// <param name="packet">the packet to read from</param>
/// <returns>true if the client proof matches; false otherwise</returns>
public bool IsClientProofValid(PacketIn packet)
{
m_srp.PublicEphemeralValueA = packet.ReadBigInteger(32);
BigInteger proof = packet.ReadBigInteger(20);
// SHA1 of PublicEphemeralValueA and the 16 random bytes sent in
// AUTH_LOGON_CHALLENGE from the server
byte[] arr = packet.ReadBytes(20);
byte keyCount = packet.ReadByte();
for (int i = 0; i < keyCount; i++)
{
ushort keyUnk1 = packet.ReadUInt16();
uint keyUnk2 = packet.ReadUInt32();
byte[] keyUnkArray = packet.ReadBytes(4);
// sha of the SRP's PublicEphemeralValueA, PublicEphemeralValueB,
// and 20 unknown bytes
byte[] keyUnkSha = packet.ReadBytes(20);
}
byte securityFlags = packet.ReadByte();
if ((securityFlags & 1) != 0)
{
// PIN
byte[] pinRandom = packet.ReadBytes(16);
byte[] pinSha = packet.ReadBytes(20);
}
if ((securityFlags & 2) != 0)
{
byte[] security2Buf = packet.ReadBytes(20);
}
if ((securityFlags & 4) != 0)
{
byte arrLen = packet.ReadByte();
byte[] security4Buf = packet.ReadBytes(arrLen);
}
return(m_srp.IsClientProofValid(proof));
}
/// <summary>Checks if the client's proof matches our proof.</summary>
/// <param name="packet">the packet to read from</param>
/// <returns>true if the client proof matches; false otherwise</returns>
public bool IsClientProofValid(PacketIn packet)
{
m_srp.PublicEphemeralValueA = packet.ReadBigInteger(32);
BigInteger client_proof = packet.ReadBigInteger(20);
packet.ReadBytes(20);
byte num1 = packet.ReadByte();
for (int index = 0; index < (int)num1; ++index)
{
packet.ReadUInt16();
packet.ReadUInt32();
packet.ReadBytes(4);
packet.ReadBytes(20);
}
byte num2 = packet.ReadByte();
if ((num2 & 1) != 0)
{
packet.ReadBytes(16);
packet.ReadBytes(20);
}
if ((num2 & 2) != 0)
{
packet.ReadBytes(20);
}
if ((num2 & 4) != 0)
{
byte num3 = packet.ReadByte();
packet.ReadBytes(num3);
}
return(m_srp.IsClientProofValid(client_proof));
}
public static void Test()
{
var srpParams = new SRPParameters();
BigInteger credentials = HashUtilities.HashToBigInteger(SRPParameters.Hash, "USER:PASSWORD");
var server = new SecureRemotePassword("USER", credentials, true, SRPParameters.Defaults);
var client = new SecureRemotePassword("USER", credentials, false, SRPParameters.Defaults);
/* Typical communication works something like this:
*
* client: I want to log in. Here is my username and here is my PublicEphemeralValueA.
* server: Here is the Salt and here is my PublicEphemeralValueB.
*
* Server looks up the username in the database and finds the associated password.
*
* client: Here's proof I have the correct session key (hence correct password)
* (sends client.ClientSessionKeyProof)
* server: Thats valid. Here's proof that *I* have the correct session key:
* (sends server.ServerSessionKeyProof)
*
* client: Cheerio. *encrypts stuff using SessionKey*
*/
Console.WriteLine("Client sending A = {0}", client.PublicEphemeralValueA.ToHexString());
server.PublicEphemeralValueA = client.PublicEphemeralValueA;
Console.WriteLine("Server sending salt = {0}", server.Salt.ToHexString());
Console.WriteLine("Server sending B = {0}", server.PublicEphemeralValueB.ToHexString());
client.Salt = server.Salt;
client.PublicEphemeralValueB = server.PublicEphemeralValueB;
/*
Console.WriteLine("X = {0}", server.CredentialsHash.ToHexString());
Console.WriteLine("a = {0}", client.secretEphemeralValueA.ToHexString());
Console.WriteLine("b = {0}", server.secretEphemeralValueB.ToHexString());
Console.WriteLine("v = {0}", server.Verifier.ToHexString());
Console.WriteLine("U = {0}", server.ScramblingParameter.ToHexString());
*/
// Note that session keys are never sent.
Console.WriteLine("Server's session key = {0}", server.SessionKey.ToHexString());
Console.WriteLine("Client's session key = {0}", client.SessionKey.ToHexString());
// Are the session keys actually the same?
Console.WriteLine("\nServer key == client key {0}", server.SessionKey == client.SessionKey);
// This is how we can test it without sending actual session keys over the wire
Console.WriteLine("Client proof valid: {0}", server.IsClientProofValid(client.ClientSessionKeyProof));
Console.WriteLine("Server proof valid: {0}", client.IsServerProofValid(server.ServerSessionKeyProof));
}