private void CalculateProofs() { var hash = Hash.Sha1(); var password = _saslprep.Run(Password); var saltedPassword = hash.ComputeHash( _encoding.GetBytes(password), _serverFirstMessage.Salt.Value, _serverFirstMessage.Iterations.Value); var clientKey = hash.ComputeHash(_encoding.GetBytes("Client Key"), saltedPassword); var serverKey = hash.ComputeHash(_encoding.GetBytes("Server Key"), saltedPassword); var storedKey = hash.ComputeHash(clientKey); var authMessage = $"{_clientFirstMessage.BareMessage},{_serverResponse},{_clientFinalMessage.MessageWithoutProof}"; Logger.Log(LogLevel.Debug, $"Auth message: {authMessage}"); var auth = _encoding.GetBytes(authMessage); var signature = hash.ComputeHash(auth, storedKey); _serverSignature = new List <byte>(hash.ComputeHash(auth, serverKey)); var proof = clientKey.ExclusiveOr(signature); _clientFinalMessage.SetProof(proof); }
public void Authenticate() { var clientFirstMessage = new ClientFirstMessage(_username, _nonce); Send(clientFirstMessage.Message); var serverFirstMessage = ServerFirstMessage.ParseResponse(Receive()); var hashedPassword = Hash.ComputeHash(Encoding.UTF8.GetBytes(_password), serverFirstMessage.Salt.Value, serverFirstMessage.Iterations.Value); var clientKey = Hash.ComputeHash(Encoding.UTF8.GetBytes("Client Key"), hashedPassword); var serverKey = Hash.ComputeHash(Encoding.UTF8.GetBytes("Server Key"), hashedPassword); var storedKey = Hash.ComputeHash(clientKey); var clientFinalMessage = new ClientFinalMessage(clientFirstMessage, serverFirstMessage); var authMessage = $"{clientFirstMessage.BareMessage},{serverFirstMessage},{clientFinalMessage.MessageWithoutProof}"; var clientSignature = Hash.ComputeHash(Encoding.UTF8.GetBytes(authMessage), storedKey); var serverSignature = Hash.ComputeHash(Encoding.UTF8.GetBytes(authMessage), serverKey); var clientProof = clientKey.ExclusiveOr(clientSignature); clientFinalMessage.SetProof(clientProof); Send(clientFinalMessage.Message); var serverFinalMessage = ServerFinalMessage.ParseResponse(Receive()); if (!serverFinalMessage.ServerSignature.Equals(serverSignature)) { throw new InvalidOperationException(); } }
public void When_ProofIsSetAsString_PropertiesShouldBeValid() { var clientFirst = new ClientFirstMessage("user", "nonce"); var serverFirst = new ServerFirstMessage(4096, "nonce", "salt"); var message = new ClientFinalMessage(clientFirst, serverFirst); message.SetProof("bf45fcbf7073d93d022466c94321745fe1c8e13b"); message.Channel.Value.ShouldBe("biws"); message.Nonce.Value.ShouldBe("nonce"); message.Proof?.ToString().ShouldBe("p=bf45fcbf7073d93d022466c94321745fe1c8e13b"); message.Message.ShouldBe("c=biws,r=nonce,p=bf45fcbf7073d93d022466c94321745fe1c8e13b"); message.MessageWithoutProof.ShouldBe("c=biws,r=nonce"); }