public static void Test()
        {
            SRPParameters srpParameters = new SRPParameters();
            BigInteger    bigInteger    = HashUtilities.HashToBigInteger(SRPParameters.Hash,
                                                                         (HashUtilities.HashDataBroker) "USER:PASSWORD");
            SecureRemotePassword secureRemotePassword1 =
                new SecureRemotePassword("USER", bigInteger, true, SRPParameters.Defaults);
            SecureRemotePassword secureRemotePassword2 = new SecureRemotePassword("USER", bigInteger, false,
                                                                                  SRPParameters.Defaults);

            Console.WriteLine("Client sending A = {0}",
                              secureRemotePassword2.PublicEphemeralValueA.ToHexString());
            secureRemotePassword1.PublicEphemeralValueA = secureRemotePassword2.PublicEphemeralValueA;
            Console.WriteLine("Server sending salt = {0}", secureRemotePassword1.Salt.ToHexString());
            Console.WriteLine("Server sending B = {0}",
                              secureRemotePassword1.PublicEphemeralValueB.ToHexString());
            secureRemotePassword2.Salt = secureRemotePassword1.Salt;
            secureRemotePassword2.PublicEphemeralValueB = secureRemotePassword1.PublicEphemeralValueB;
            Console.WriteLine("Server's session key = {0}", secureRemotePassword1.SessionKey.ToHexString());
            Console.WriteLine("Client's session key = {0}", secureRemotePassword2.SessionKey.ToHexString());
            Console.WriteLine("\nServer key == client key {0}",
                              secureRemotePassword1.SessionKey == secureRemotePassword2.SessionKey);
            Console.WriteLine("Client proof valid: {0}",
                              secureRemotePassword1.IsClientProofValid(secureRemotePassword2.ClientSessionKeyProof));
            Console.WriteLine("Server proof valid: {0}",
                              secureRemotePassword2.IsServerProofValid(secureRemotePassword1.ServerSessionKeyProof));
        }
 public SecureRemotePassword(string username, BigInteger credentials, bool isServer,
                             SRPParameters parameters)
 {
     if (!parameters.CaseSensitive)
     {
         username = username.ToUpper();
     }
     m_srpParams = parameters;
     m_isServer  = isServer;
     Username    = username;
     Credentials = credentials;
 }
示例#3
0
        public SecureRemotePassword(string username, BigInteger credentials, bool isServer, SRPParameters parameters)
        {
            if (parameters.CaseSensitive == false)
            {
                username = username.ToUpper();
            }

            m_srpParams = parameters;

            m_isServer = isServer;
            Username = username;
            Credentials = credentials;
        }
 /// <summary>
 /// Make an SRP for user authentication. You use something like this when your
 /// verifier and salt are stored in a database
 /// </summary>
 /// <param name="username"></param>
 /// <param name="verifier"></param>
 /// <param name="salt"></param>
 /// <param name="parameters"></param>
 public SecureRemotePassword(string username, BigInteger verifier, BigInteger salt,
                             SRPParameters parameters)
 {
     if (!parameters.CaseSensitive)
     {
         username = username.ToUpper();
     }
     m_srpParams = parameters;
     m_isServer  = true;
     Username    = username;
     Verifier    = verifier;
     m_salt      = salt;
 }
示例#5
0
        public SRP6(string username, BigInteger credentials, bool isServer, SRPParameters parameters)
        {
            if (parameters.CaseSensitive == false)
            {
                username = username.ToUpper();
            }

            m_srpParams = parameters;

            m_isServer  = isServer;
            Username    = username;
            Credentials = credentials;
        }
示例#6
0
        public static void Test()
        {
            var srpParams = new SRPParameters();

            BigInteger credentials = HashUtilities.HashToBigInteger(SRPParameters.Hash, "USER:PASSWORD");

            var server = new SecureRemotePassword("USER", credentials, true, SRPParameters.Defaults);
            var client = new SecureRemotePassword("USER", credentials, false, SRPParameters.Defaults);

            /* Typical communication works something like this:
             *
             * client: I want to log in. Here is my username and here is my PublicEphemeralValueA.
             * server: Here is the Salt and here is my PublicEphemeralValueB.
             *
             * Server looks up the username in the database and finds the associated password.
             *
             * client: Here's proof I have the correct session key (hence correct password)
             *         (sends client.ClientSessionKeyProof)
             * server: Thats valid. Here's proof that *I* have the correct session key:
             *         (sends server.ServerSessionKeyProof)
             *
             * client: Cheerio. *encrypts stuff using SessionKey*
             */
            Console.WriteLine("Client sending A = {0}", client.PublicEphemeralValueA.ToHexString());
            server.PublicEphemeralValueA = client.PublicEphemeralValueA;

            Console.WriteLine("Server sending salt = {0}", server.Salt.ToHexString());
            Console.WriteLine("Server sending B = {0}", server.PublicEphemeralValueB.ToHexString());
            client.Salt = server.Salt;
            client.PublicEphemeralValueB = server.PublicEphemeralValueB;

            /*
             *  Console.WriteLine("X = {0}", server.CredentialsHash.ToHexString());
             *  Console.WriteLine("a = {0}", client.secretEphemeralValueA.ToHexString());
             *  Console.WriteLine("b = {0}", server.secretEphemeralValueB.ToHexString());
             *  Console.WriteLine("v = {0}", server.Verifier.ToHexString());
             *  Console.WriteLine("U = {0}", server.ScramblingParameter.ToHexString());
             */

            // Note that session keys are never sent.
            Console.WriteLine("Server's session key = {0}", server.SessionKey.ToHexString());
            Console.WriteLine("Client's session key = {0}", client.SessionKey.ToHexString());

            // Are the session keys actually the same?
            Console.WriteLine("\nServer key == client key {0}", server.SessionKey == client.SessionKey);

            // This is how we can test it without sending actual session keys over the wire
            Console.WriteLine("Client proof valid: {0}", server.IsClientProofValid(client.ClientSessionKeyProof));
            Console.WriteLine("Server proof valid: {0}", client.IsServerProofValid(server.ServerSessionKeyProof));
        }
示例#7
0
        /// <summary>
        /// Make an SRP for user authentication. You use something like this when your
        /// verifier and salt are stored in a database
        /// </summary>
        /// <param name="username"></param>
        /// <param name="verifier"></param>
        /// <param name="salt"></param>
        /// <param name="parameters"></param>
        public SRP6(string username, BigInteger verifier, BigInteger salt, SRPParameters parameters)
        {
            if (parameters.CaseSensitive == false)
            {
                username = username.ToUpper();
            }

            m_srpParams = parameters;

            m_isServer = true;
            Username   = username;
            Verifier   = verifier;
            m_salt     = salt;
        }
示例#8
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="username"></param>
        /// <param name="password"></param>
        /// <param name="isServer"></param>
        /// <param name="parameters"></param>
        public SecureRemotePassword(bool isServer, string username, string password, SRPParameters parameters)
        {
            if (parameters.CaseSensitive == false)
            {
                username = username.ToUpper();
                password = password.ToUpper();
            }

            m_srpParams = parameters;

            m_isServer = isServer;
            m_Username = username;
            m_Password = password;
        }
示例#9
0
文件: SRPTest.cs 项目: stweily/Encore
        private static void TestSRP(SRPParameters srpParams)
        {
            var password = Password.GenerateCredentialsHash(srpParams.Hash, "TEST", "TESTPW");
            var server   = new SRPServer("TEST", password, srpParams);
            var client   = new SRPClient("TEST", password, srpParams);

            // Client sends A to the server.
            server.PublicEphemeralValueA = client.PublicEphemeralValueA;

            // Server sends s and B to the client.
            client.Salt = server.Salt;
            client.PublicEphemeralValueB = server.PublicEphemeralValueB;

            Assert.IsTrue(client.SessionKey == server.SessionKey);
            Assert.IsTrue(server.Validator.IsClientProofValid(client.Validator.ClientSessionKeyProof));
            Assert.IsTrue(client.Validator.IsServerProofValid(server.Validator.ServerSessionKeyProof));
        }
示例#10
0
 public SecureRemotePassword(bool isServer, SRPParameters parameters)
 {
     m_srpParams = parameters;
     m_isServer = isServer;
 }
示例#11
0
        public static void Test()
        {
            var srpParams = new SRPParameters();

			BigInteger credentials = HashUtilities.HashToBigInteger(SRPParameters.Hash, "USER:PASSWORD");

            var server = new SecureRemotePassword("USER", credentials, true, SRPParameters.Defaults);
            var client = new SecureRemotePassword("USER", credentials, false, SRPParameters.Defaults);

            /* Typical communication works something like this:
             * 
             * client: I want to log in. Here is my username and here is my PublicEphemeralValueA.
             * server: Here is the Salt and here is my PublicEphemeralValueB.
             * 
             * Server looks up the username in the database and finds the associated password.
             * 
             * client: Here's proof I have the correct session key (hence correct password)
             *         (sends client.ClientSessionKeyProof)
             * server: Thats valid. Here's proof that *I* have the correct session key:
             *         (sends server.ServerSessionKeyProof)
             * 
             * client: Cheerio. *encrypts stuff using SessionKey*
             */
            Console.WriteLine("Client sending A = {0}", client.PublicEphemeralValueA.ToHexString());
            server.PublicEphemeralValueA = client.PublicEphemeralValueA;

            Console.WriteLine("Server sending salt = {0}", server.Salt.ToHexString());
            Console.WriteLine("Server sending B = {0}", server.PublicEphemeralValueB.ToHexString());
            client.Salt = server.Salt;
            client.PublicEphemeralValueB = server.PublicEphemeralValueB;

            /*
                Console.WriteLine("X = {0}", server.CredentialsHash.ToHexString());
                Console.WriteLine("a = {0}", client.secretEphemeralValueA.ToHexString());
                Console.WriteLine("b = {0}", server.secretEphemeralValueB.ToHexString());
                Console.WriteLine("v = {0}", server.Verifier.ToHexString());
                Console.WriteLine("U = {0}", server.ScramblingParameter.ToHexString());
                */

            // Note that session keys are never sent.
            Console.WriteLine("Server's session key = {0}", server.SessionKey.ToHexString());
            Console.WriteLine("Client's session key = {0}", client.SessionKey.ToHexString());

            // Are the session keys actually the same?
            Console.WriteLine("\nServer key == client key {0}", server.SessionKey == client.SessionKey);

            // This is how we can test it without sending actual session keys over the wire
            Console.WriteLine("Client proof valid: {0}", server.IsClientProofValid(client.ClientSessionKeyProof));
            Console.WriteLine("Server proof valid: {0}", client.IsServerProofValid(server.ServerSessionKeyProof));
        }
示例#12
0
        /// <summary>
        /// Make an SRP for user authentication. You use something like this when your
        /// verifier and salt are stored in a database
        /// </summary>
        /// <param name="username"></param>
        /// <param name="verifier"></param>
        /// <param name="salt"></param>
        /// <param name="parameters"></param>
        public SecureRemotePassword(string username, BigInteger verifier, BigInteger salt, SRPParameters parameters)
        {
            if (parameters.CaseSensitive == false)
            {
                username = username.ToUpper();
            }

            m_srpParams = parameters;

            m_isServer = true;
            Username = username;
            Verifier = verifier;
            m_salt = salt;
        }
        /// <summary>
        /// 
        /// </summary>
        /// <param name="username"></param>
        /// <param name="password"></param>
        /// <param name="isServer"></param>
        /// <param name="parameters"></param>
        public SecureRemotePassword( bool isServer, string username, string password, SRPParameters parameters )
        {
            if ( parameters.CaseSensitive == false )
            {
                username = username.ToUpper();
                password = password.ToUpper();
            }

            m_srpParams = parameters;

            m_isServer = isServer;
            m_Username = username;
            m_Password = password;
        }
示例#14
0
 public SecureRemotePassword(bool isServer, SRPParameters parameters)
 {
     m_srpParams = parameters;
     m_isServer  = isServer;
 }
示例#15
0
 public SRP6(bool isServer, SRPParameters parameters)
 {
     m_srpParams = parameters;
     m_isServer  = isServer;
 }