private void testMutualVerification(Srp6GroupParameters group)
{
byte[] I = Encoding.UTF8.GetBytes("username");
byte[] P = Encoding.UTF8.GetBytes("password");
byte[] s = new byte[16];
random.NextBytes(s);
Srp6VerifierGenerator gen = new Srp6VerifierGenerator();
gen.Init(group, new Sha256Digest());
BigInteger v = gen.GenerateVerifier(s, I, P);
Srp6Client client = new Srp6Client();
client.Init(group, new Sha256Digest(), random);
Srp6Server server = new Srp6Server();
server.Init(group, v, new Sha256Digest(), random);
BigInteger A = client.GenerateClientCredentials(s, I, P);
BigInteger B = server.GenerateServerCredentials();
BigInteger clientS = client.CalculateSecret(B);
BigInteger serverS = server.CalculateSecret(A);
if (!clientS.Equals(serverS))
{
Fail("SRP agreement failed - client/server calculated different secrets");
}
}
public void InitSrp(string login)
{
const string password = "******"; //TODO: Get account password
BigInteger srpV = VerifierGenerator.GenerateVerifier(
SrpSBytes,
Encoding.ASCII.GetBytes(login),
Encoding.ASCII.GetBytes(password));
SrpServer = new Srp6Server();
SrpServer.Init(SrpN, SrpG, srpV, new Sha1Digest(), new SecureRandom());
SrpB = SrpServer.GenerateServerCredentials().ToByteArrayUnsigned();
}
private void testServerCatchesBadA(Srp6GroupParameters group)
{
byte[] I = Encoding.UTF8.GetBytes("username");
byte[] P = Encoding.UTF8.GetBytes("password");
byte[] s = new byte[16];
random.NextBytes(s);
Srp6VerifierGenerator gen = new Srp6VerifierGenerator();
gen.Init(group, new Sha256Digest());
BigInteger v = gen.GenerateVerifier(s, I, P);
Srp6Server server = new Srp6Server();
server.Init(group, v, new Sha256Digest(), random);
server.GenerateServerCredentials();
try
{
server.CalculateSecret(BigInteger.Zero);
Fail("Client failed to detect invalid value for 'A'");
}
catch (CryptoException)
{
// Expected
}
try
{
server.CalculateSecret(group.N);
Fail("Client failed to detect invalid value for 'A'");
}
catch (CryptoException)
{
// Expected
}
}
public override byte[] GenerateServerKeyExchange()
{
mSrpServer.Init(mSrpGroup, mSrpVerifier, TlsUtilities.CreateHash(HashAlgorithm.sha1), mContext.SecureRandom);
BigInteger B = mSrpServer.GenerateServerCredentials();
ServerSrpParams srpParams = new ServerSrpParams(mSrpGroup.N, mSrpGroup.G, mSrpSalt, B);
DigestInputBuffer buf = new DigestInputBuffer();
srpParams.Encode(buf);
if (mServerCredentials != null)
{
/*
* RFC 5246 4.7. digitally-signed element needs SignatureAndHashAlgorithm from TLS 1.2
*/
SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(
mContext, mServerCredentials);
IDigest d = TlsUtilities.CreateHash(signatureAndHashAlgorithm);
SecurityParameters securityParameters = mContext.SecurityParameters;
d.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
d.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
buf.UpdateDigest(d);
byte[] hash = new byte[d.GetDigestSize()];
d.DoFinal(hash, 0);
byte[] signature = mServerCredentials.GenerateCertificateSignature(hash);
DigitallySigned signed_params = new DigitallySigned(signatureAndHashAlgorithm, signature);
signed_params.Encode(buf);
}
return(buf.ToArray());
}
public override byte[] GenerateServerKeyExchange()
{
mSrpServer.Init(mSrpGroup, mSrpVerifier, TlsUtilities.CreateHash(2), mContext.SecureRandom);
BigInteger b = mSrpServer.GenerateServerCredentials();
ServerSrpParams serverSrpParams = new ServerSrpParams(mSrpGroup.N, mSrpGroup.G, mSrpSalt, b);
DigestInputBuffer digestInputBuffer = new DigestInputBuffer();
serverSrpParams.Encode((Stream)(object)digestInputBuffer);
if (mServerCredentials != null)
{
SignatureAndHashAlgorithm signatureAndHashAlgorithm = TlsUtilities.GetSignatureAndHashAlgorithm(mContext, mServerCredentials);
IDigest digest = TlsUtilities.CreateHash(signatureAndHashAlgorithm);
SecurityParameters securityParameters = mContext.SecurityParameters;
digest.BlockUpdate(securityParameters.clientRandom, 0, securityParameters.clientRandom.Length);
digest.BlockUpdate(securityParameters.serverRandom, 0, securityParameters.serverRandom.Length);
digestInputBuffer.UpdateDigest(digest);
byte[] array = new byte[digest.GetDigestSize()];
digest.DoFinal(array, 0);
byte[] signature = mServerCredentials.GenerateCertificateSignature(array);
DigitallySigned digitallySigned = new DigitallySigned(signatureAndHashAlgorithm, signature);
digitallySigned.Encode((Stream)(object)digestInputBuffer);
}
return(((MemoryStream)digestInputBuffer).ToArray());
}
private bool StandardAuthentication(IDigest hash, Stream stream, byte[] additionalChallenge)
{
// Authenticate (If mode = 1)
// C <= S
// byte PasswordHashMethod
// byte SaltLength
// byte[] Salt
// int Iterations
// byte SrpHashMethod
// int Bit Strength
// byte[] Public B (Size equal to SRP Length)
// C => S
// byte[] Public A (Size equal to SRP Length)
// byte[] Client Proof: H(Public A | Public B | SessionKey)
// C <= S
// Bool Success (if false, done)
// byte[] Server Proof: H(Public B | Public A | SessionKey)
int srpNumberLength = ((int)m_user.SrpStrength) >> 3;
stream.WriteByte((byte)PasswordHashMethod);
stream.WriteByte((byte)m_user.Salt.Length);
stream.Write(m_user.Salt);
stream.Write(m_user.Iterations);
stream.WriteByte((byte)SrpHashMethod);
stream.Write((int)m_user.SrpStrength);
stream.Flush(); //since computing B takes a long time. Go ahead and flush
var param = SrpConstants.Lookup(m_user.SrpStrength);
Srp6Server server = new Srp6Server(param, m_user.VerificationInteger);
BigInteger pubB = server.GenerateServerCredentials();
byte[] pubBBytes = pubB.ToPaddedArray(srpNumberLength);
stream.Write(pubBBytes);
stream.Flush();
//Read from client: A
byte[] pubABytes = stream.ReadBytes(srpNumberLength);
BigInteger pubA = new BigInteger(1, pubABytes);
//Calculate Session Key
BigInteger S = server.CalculateSecret(hash, pubA);
byte[] SBytes = S.ToPaddedArray(srpNumberLength);
byte[] clientProofCheck = hash.ComputeHash(pubABytes, pubBBytes, SBytes, additionalChallenge);
byte[] serverProof = hash.ComputeHash(pubBBytes, pubABytes, SBytes, additionalChallenge);
byte[] clientProof = stream.ReadBytes(hash.GetDigestSize());
if (clientProof.SecureEquals(clientProofCheck))
{
stream.Write(true);
stream.Write(serverProof);
stream.Flush();
byte[] K = hash.ComputeHash(pubABytes, SBytes, pubBBytes).Combine(hash.ComputeHash(pubBBytes, SBytes, pubABytes));
byte[] ticket = CreateSessionData(K, m_user);
SessionSecret = K;
stream.Write((short)ticket.Length);
stream.Write(ticket);
stream.Flush();
return(true);
}
stream.Write(false);
stream.Flush();
return(false);
}