private void testMutualVerification(Srp6GroupParameters group)
{
byte[] I = Encoding.UTF8.GetBytes("username");
byte[] P = Encoding.UTF8.GetBytes("password");
byte[] s = new byte[16];
random.NextBytes(s);
Srp6VerifierGenerator gen = new Srp6VerifierGenerator();
gen.Init(group, new Sha256Digest());
BigInteger v = gen.GenerateVerifier(s, I, P);
Srp6Client client = new Srp6Client();
client.Init(group, new Sha256Digest(), random);
Srp6Server server = new Srp6Server();
server.Init(group, v, new Sha256Digest(), random);
BigInteger A = client.GenerateClientCredentials(s, I, P);
BigInteger B = server.GenerateServerCredentials();
BigInteger clientS = client.CalculateSecret(B);
BigInteger serverS = server.CalculateSecret(A);
if (!clientS.Equals(serverS))
{
Fail("SRP agreement failed - client/server calculated different secrets");
}
}
private void testClientCatchesBadB(Srp6GroupParameters group)
{
byte[] I = Encoding.UTF8.GetBytes("username");
byte[] P = Encoding.UTF8.GetBytes("password");
byte[] s = new byte[16];
random.NextBytes(s);
Srp6Client client = new Srp6Client();
client.Init(group, new Sha256Digest(), random);
client.GenerateClientCredentials(s, I, P);
try
{
client.CalculateSecret(BigInteger.Zero);
Fail("Client failed to detect invalid value for 'B'");
}
catch (CryptoException)
{
// Expected
}
try
{
client.CalculateSecret(group.N);
Fail("Client failed to detect invalid value for 'B'");
}
catch (CryptoException)
{
// Expected
}
}
public TlsSrpKeyExchange(int keyExchange, IList supportedSignatureAlgorithms, byte[] identity, TlsSrpLoginParameters loginParameters) : base(keyExchange, supportedSignatureAlgorithms)
{
this.mTlsSigner = TlsSrpKeyExchange.CreateSigner(keyExchange);
this.mIdentity = identity;
this.mSrpServer = new Srp6Server();
this.mSrpGroup = loginParameters.Group;
this.mSrpVerifier = loginParameters.Verifier;
this.mSrpSalt = loginParameters.Salt;
}
/**
* Create a {@link SimulatedTlsSRPIdentityManager} that implements the algorithm from RFC 5054 2.5.1.3
*
* @param group the {@link SRP6GroupParameters} defining the group that SRP is operating in
* @param seedKey the secret "seed key" referred to in RFC 5054 2.5.1.3
* @return an instance of {@link SimulatedTlsSRPIdentityManager}
*/
public static SimulatedTlsSrpIdentityManager GetRfc5054Default(Srp6GroupParameters group, byte[] seedKey)
{
Srp6VerifierGenerator verifierGenerator = new Srp6VerifierGenerator();
verifierGenerator.Init(group, TlsUtilities.CreateHash(HashAlgorithm.sha1));
HMac mac = new HMac(TlsUtilities.CreateHash(HashAlgorithm.sha1));
mac.Init(new KeyParameter(seedKey));
return new SimulatedTlsSrpIdentityManager(group, verifierGenerator, mac);
}
public TlsSrpKeyExchange(int keyExchange, global::System.Collections.IList supportedSignatureAlgorithms, byte[] identity, TlsSrpLoginParameters loginParameters)
: base(keyExchange, supportedSignatureAlgorithms)
{
mTlsSigner = CreateSigner(keyExchange);
mIdentity = identity;
mSrpServer = new Srp6Server();
mSrpGroup = loginParameters.Group;
mSrpVerifier = loginParameters.Verifier;
mSrpSalt = loginParameters.Salt;
}
public static SimulatedTlsSrpIdentityManager GetRfc5054Default(Srp6GroupParameters group, byte[] seedKey)
{
Srp6VerifierGenerator srp6VerifierGenerator = new Srp6VerifierGenerator();
srp6VerifierGenerator.Init(group, TlsUtilities.CreateHash(2));
HMac hMac = new HMac(TlsUtilities.CreateHash(2));
hMac.Init(new KeyParameter(seedKey));
return(new SimulatedTlsSrpIdentityManager(group, srp6VerifierGenerator, hMac));
}
public virtual bool Accept(Srp6GroupParameters group)
{
foreach (Srp6GroupParameters b in this.mGroups)
{
if (this.AreGroupsEqual(group, b))
{
return(true);
}
}
return(false);
}
public virtual bool Accept(Srp6GroupParameters group)
{
foreach (Srp6GroupParameters entry in mGroups)
{
if (AreGroupsEqual(group, entry))
{
return(true);
}
}
return(false);
}
protected virtual bool AreGroupsEqual(Srp6GroupParameters a, Srp6GroupParameters b)
{
if (a != b)
{
if (AreParametersEqual(a.N, b.N))
{
return(AreParametersEqual(a.G, b.G));
}
return(false);
}
return(true);
}
public override void ProcessServerKeyExchange(Stream input)
{
SecurityParameters securityParameters = mContext.SecurityParameters;
SignerInputBuffer buf = null;
Stream teeIn = input;
if (mTlsSigner != null)
{
buf = new SignerInputBuffer();
teeIn = new TeeInputStream(input, buf);
}
ServerSrpParams srpParams = ServerSrpParams.Parse(teeIn);
if (buf != null)
{
DigitallySigned signed_params = ParseSignature(input);
ISigner signer = InitVerifyer(mTlsSigner, signed_params.Algorithm, securityParameters);
buf.UpdateSigner(signer);
if (!signer.VerifySignature(signed_params.Signature))
{
throw new TlsFatalAlert(AlertDescription.decrypt_error);
}
}
this.mSrpGroup = new Srp6GroupParameters(srpParams.N, srpParams.G);
if (!mGroupVerifier.Accept(mSrpGroup))
{
throw new TlsFatalAlert(AlertDescription.insufficient_security);
}
this.mSrpSalt = srpParams.S;
/*
* RFC 5054 2.5.3: The client MUST abort the handshake with an "illegal_parameter" alert if
* B % N = 0.
*/
try
{
this.mSrpPeerCredentials = Srp6Utilities.ValidatePublicValue(mSrpGroup.N, srpParams.B);
}
catch (CryptoException e)
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter, e);
}
this.mSrpClient.Init(mSrpGroup, TlsUtilities.CreateHash(HashAlgorithm.sha1), mContext.SecureRandom);
}
public override void ProcessServerKeyExchange(Stream input)
{
SecurityParameters securityParameters = mContext.SecurityParameters;
SignerInputBuffer signerInputBuffer = null;
Stream input2 = input;
if (mTlsSigner != null)
{
signerInputBuffer = new SignerInputBuffer();
input2 = (Stream)(object)new TeeInputStream(input, (Stream)(object)signerInputBuffer);
}
ServerSrpParams serverSrpParams = ServerSrpParams.Parse(input2);
if (signerInputBuffer != null)
{
DigitallySigned digitallySigned = ParseSignature(input);
ISigner signer = InitVerifyer(mTlsSigner, digitallySigned.Algorithm, securityParameters);
signerInputBuffer.UpdateSigner(signer);
if (!signer.VerifySignature(digitallySigned.Signature))
{
throw new TlsFatalAlert(51);
}
}
mSrpGroup = new Srp6GroupParameters(serverSrpParams.N, serverSrpParams.G);
if (!mGroupVerifier.Accept(mSrpGroup))
{
throw new TlsFatalAlert(71);
}
mSrpSalt = serverSrpParams.S;
try
{
mSrpPeerCredentials = Srp6Utilities.ValidatePublicValue(mSrpGroup.N, serverSrpParams.B);
}
catch (CryptoException alertCause)
{
throw new TlsFatalAlert(47, alertCause);
}
mSrpClient.Init(mSrpGroup, TlsUtilities.CreateHash(2), mContext.SecureRandom);
}
private void testServerCatchesBadA(Srp6GroupParameters group)
{
byte[] I = Encoding.UTF8.GetBytes("username");
byte[] P = Encoding.UTF8.GetBytes("password");
byte[] s = new byte[16];
random.NextBytes(s);
Srp6VerifierGenerator gen = new Srp6VerifierGenerator();
gen.Init(group, new Sha256Digest());
BigInteger v = gen.GenerateVerifier(s, I, P);
Srp6Server server = new Srp6Server();
server.Init(group, v, new Sha256Digest(), random);
server.GenerateServerCredentials();
try
{
server.CalculateSecret(BigInteger.Zero);
Fail("Client failed to detect invalid value for 'A'");
}
catch (CryptoException)
{
// Expected
}
try
{
server.CalculateSecret(group.N);
Fail("Client failed to detect invalid value for 'A'");
}
catch (CryptoException)
{
// Expected
}
}
public virtual bool Accept(Srp6GroupParameters group)
{
global::System.Collections.IEnumerator enumerator = ((global::System.Collections.IEnumerable)mGroups).GetEnumerator();
try
{
while (enumerator.MoveNext())
{
Srp6GroupParameters b = (Srp6GroupParameters)enumerator.get_Current();
if (AreGroupsEqual(group, b))
{
return(true);
}
}
}
finally
{
global::System.IDisposable disposable = enumerator as global::System.IDisposable;
if (disposable != null)
{
disposable.Dispose();
}
}
return(false);
}
public SimulatedTlsSrpIdentityManager(Srp6GroupParameters group, Srp6VerifierGenerator verifierGenerator, IMac mac)
{
this.mGroup = group;
this.mVerifierGenerator = verifierGenerator;
this.mMac = mac;
}
public virtual void Init(Srp6GroupParameters group, IDigest digest, SecureRandom random)
{
Init(group.N, group.G, digest, random);
}
public virtual void Init(Srp6GroupParameters group, BigInteger v, IDigest digest, SecureRandom random)
{
this.Init(group.N, group.G, v, digest, random);
}
public TlsSrpLoginParameters(Srp6GroupParameters group, BigInteger verifier, byte[] salt)
{
this.mGroup = group;
this.mVerifier = verifier;
this.mSalt = salt;
}
public virtual void Init(Srp6GroupParameters group, IDigest digest)
{
Init(group.N, group.G, digest);
}
protected virtual bool AreGroupsEqual(Srp6GroupParameters a, Srp6GroupParameters b)
{
return(a == b || (AreParametersEqual(a.N, b.N) && AreParametersEqual(a.G, b.G)));
}
