public void WriteServerChallenge(PacketWriter packet) { packet.WriteBigInt(SRP.PublicEphemeralValueB, 32); packet.WriteBigIntLength(SRP.Generator, 1); // We will pad this out to 32 bytes. packet.WriteBigIntLength(SRP.Modulus, 32); packet.WriteBigInt(SRP.Salt); packet.WriteBigInt(SecureRemotePassword.RandomNumber(16)); }
public static void Test() { var srpParams = new SRPParameters(); BigInteger credentials = HashUtilities.HashToBigInteger(SRPParameters.Hash, "ADMIN:CHANGEME"); var server = new SecureRemotePassword("ADMIN", credentials, true, SRPParameters.Defaults); var client = new SecureRemotePassword("ADMIN", credentials, false, SRPParameters.Defaults); /* Typical communication works something like this: * * client: I want to log in. Here is my username and here is my PublicEphemeralValueA. * server: Here is the Salt and here is my PublicEphemeralValueB. * * Server looks up the username in the database and finds the associated password. * * client: Here's proof I have the correct session key (hence correct password) * (sends client.ClientSessionKeyProof) * server: Thats valid. Here's proof that *I* have the correct session key: * (sends server.ServerSessionKeyProof) * * client: Cheerio. *encrypts stuff using SessionKey* */ Console.WriteLine("Client sending A = {0}", client.PublicEphemeralValueA.ToHexString()); server.PublicEphemeralValueA = client.PublicEphemeralValueA; Console.WriteLine("Server sending salt = {0}", server.Salt.ToHexString()); Console.WriteLine("Server sending B = {0}", server.PublicEphemeralValueB.ToHexString()); client.Salt = server.Salt; client.PublicEphemeralValueB = server.PublicEphemeralValueB; /* * Console.WriteLine("X = {0}", server.CredentialsHash.ToHexString()); * Console.WriteLine("a = {0}", client.secretEphemeralValueA.ToHexString()); * Console.WriteLine("b = {0}", server.secretEphemeralValueB.ToHexString()); * Console.WriteLine("v = {0}", server.Verifier.ToHexString()); * Console.WriteLine("U = {0}", server.ScramblingParameter.ToHexString()); */ // Note that session keys are never sent. Console.WriteLine("Server's session key = {0}", server.SessionKey.ToHexString()); Console.WriteLine("Client's session key = {0}", client.SessionKey.ToHexString()); // Are the session keys actually the same? Console.WriteLine("\nServer key == client key {0}", server.SessionKey == client.SessionKey); // This is how we can test it without sending actual session keys over the wire Console.WriteLine("Client proof valid: {0}", server.IsClientProofValid(client.ClientSessionKeyProof)); Console.WriteLine("Server proof valid: {0}", client.IsServerProofValid(server.ServerSessionKeyProof)); }
public Authenticator(SecureRemotePassword srp) { this.srp = srp; }