public void EphemeralKeyLengthTest()
{
// The -1 is to account for the byte that BigInteger.ToByteArray() adds to account for the sign.
var ephemeralLengthBits = (AuthenticationHelper.CreateBigIntegerRandom().ToBigEndianByteArray().Length - 1) * BitsInByte;
Assert.True(ephemeralLengthBits >= EphemeralBitSize);
}
public void TestSrpProtocol()
{
// Choose hash algorithm, g, N, username, password, salt
SHA256 sha256 = SHA256.Create();
BigInteger g = AuthenticationHelper.g;
BigInteger N = AuthenticationHelper.N;
string password = "******";
string saltString = "fef2871d83ce2120f9c47a46db303d37"; //Does not have to always be this string
BigInteger salt = BigIntegerExtensions.FromUnsignedLittleEndianHex(saltString);
// Compute x = H(s,p)
byte[] passBytes = Encoding.UTF8.GetBytes(password);
byte[] userIdHash = sha256.ComputeHash(passBytes);
byte[] saltBytes = salt.ToByteArray();
byte[] xBytes = new byte[saltBytes.Length + userIdHash.Length];
Buffer.BlockCopy(saltBytes, 0, xBytes, 0, saltBytes.Length);
Buffer.BlockCopy(userIdHash, 0, xBytes, saltBytes.Length, userIdHash.Length);
byte[] xDigest = sha256.ComputeHash(xBytes);
BigInteger x = BigIntegerExtensions.FromUnsignedBigEndian(xDigest);
// Compute v = g^x
BigInteger v = BigInteger.ModPow(g, x, N);
// Generate random a, b, A
BigInteger a, b, A;
do
{
a = AuthenticationHelper.CreateBigIntegerRandom();
b = AuthenticationHelper.CreateBigIntegerRandom();
A = BigInteger.ModPow(g, a, N);
} while ((A.TrueMod(N)).Equals(BigInteger.Zero));
// Calculate k = H(N, g)
byte[] nBytes = N.ToByteArray();
byte[] gBytes = g.ToByteArray();
byte[] content = new byte[nBytes.Length + gBytes.Length];
Buffer.BlockCopy(nBytes, 0, content, 0, nBytes.Length);
Buffer.BlockCopy(gBytes, 0, content, nBytes.Length, gBytes.Length);
byte[] digest = sha256.ComputeHash(content);
BigInteger k = BigIntegerExtensions.FromUnsignedBigEndian(digest);
//Calculate B = kv + g^b
BigInteger B = k * v + (BigInteger.ModPow(g, b, N));
// Calculate u = H(A,B)
byte[] ABytes = A.ToByteArray();
byte[] BBytes = B.ToByteArray();
byte[] ABcat = new byte[ABytes.Length + BBytes.Length];
Buffer.BlockCopy(ABytes, 0, ABcat, 0, ABytes.Length);
Buffer.BlockCopy(BBytes, 0, ABcat, ABytes.Length, BBytes.Length);
byte[] ABdigest = sha256.ComputeHash(ABcat);
BigInteger u = BigIntegerExtensions.FromUnsignedBigEndian(ABdigest);
// Calculate user side userS = (B - kg^x) ^ (a + ux)
BigInteger userS = BigInteger.ModPow((B - k * BigInteger.ModPow(g, x, N)), a + u * x, N);
// Calculate user side userK = H(userS)
byte[] userSBytes = userS.ToByteArray();
byte[] userSDigest = sha256.ComputeHash(userSBytes);
BigInteger userK = BigIntegerExtensions.FromUnsignedBigEndian(userSDigest);
// Calculate host side hostS = (Av^u) ^ b
BigInteger hostS = BigInteger.ModPow((A * BigInteger.ModPow(v, u, N)), b, N);
// Calculate host side hostK = H(hostS)
byte[] hostSBytes = hostS.ToByteArray();
byte[] hostSDigest = sha256.ComputeHash(hostSBytes);
BigInteger hostK = BigIntegerExtensions.FromUnsignedBigEndian(hostSDigest);
Assert.Equal(hostS, userS);
Assert.Equal(hostK, userK);
}
