/**
* Create a {@link SimulatedTlsSRPIdentityManager} that implements the algorithm from RFC 5054 2.5.1.3
*
* @param group the {@link SRP6GroupParameters} defining the group that SRP is operating in
* @param seedKey the secret "seed key" referred to in RFC 5054 2.5.1.3
* @return an instance of {@link SimulatedTlsSRPIdentityManager}
*/
public static SimulatedTlsSrpIdentityManager GetRfc5054Default(Srp6GroupParameters group, byte[] seedKey)
{
Srp6VerifierGenerator verifierGenerator = new Srp6VerifierGenerator();
verifierGenerator.Init(group, TlsUtilities.CreateHash(HashAlgorithm.sha1));
HMac mac = new HMac(TlsUtilities.CreateHash(HashAlgorithm.sha1));
mac.Init(new KeyParameter(seedKey));
return new SimulatedTlsSrpIdentityManager(group, verifierGenerator, mac);
}
public TlsSrpKeyExchange(int keyExchange, IList supportedSignatureAlgorithms, byte[] identity,
TlsSrpLoginParameters loginParameters)
: base(keyExchange, supportedSignatureAlgorithms)
{
this.mTlsSigner = CreateSigner(keyExchange);
this.mIdentity = identity;
this.mSrpServer = new Srp6Server();
this.mSrpGroup = loginParameters.Group;
this.mSrpVerifier = loginParameters.Verifier;
this.mSrpSalt = loginParameters.Salt;
}
public virtual bool Accept(Srp6GroupParameters group)
{
foreach (Srp6GroupParameters entry in mGroups)
{
if (AreGroupsEqual(group, entry))
{
return true;
}
}
return false;
}
public TlsSrpLoginParameters(Srp6GroupParameters group, BigInteger verifier, byte[] salt)
{
this.mGroup = group;
this.mVerifier = verifier;
this.mSalt = salt;
}
public virtual void Init(Srp6GroupParameters group, BigInteger v, IDigest digest, SecureRandom random)
{
Init(group.N, group.G, v, digest, random);
}
public virtual void Init(Srp6GroupParameters group, IDigest digest)
{
Init(group.N, group.G, digest);
}
public override void ProcessServerKeyExchange(Stream input)
{
SecurityParameters securityParameters = mContext.SecurityParameters;
SignerInputBuffer buf = null;
Stream teeIn = input;
if (mTlsSigner != null)
{
buf = new SignerInputBuffer();
teeIn = new TeeInputStream(input, buf);
}
ServerSrpParams srpParams = ServerSrpParams.Parse(teeIn);
if (buf != null)
{
DigitallySigned signed_params = ParseSignature(input);
ISigner signer = InitVerifyer(mTlsSigner, signed_params.Algorithm, securityParameters);
buf.UpdateSigner(signer);
if (!signer.VerifySignature(signed_params.Signature))
throw new TlsFatalAlert(AlertDescription.decrypt_error);
}
this.mSrpGroup = new Srp6GroupParameters(srpParams.N, srpParams.G);
if (!mGroupVerifier.Accept(mSrpGroup))
throw new TlsFatalAlert(AlertDescription.insufficient_security);
this.mSrpSalt = srpParams.S;
/*
* RFC 5054 2.5.3: The client MUST abort the handshake with an "illegal_parameter" alert if
* B % N = 0.
*/
try
{
this.mSrpPeerCredentials = Srp6Utilities.ValidatePublicValue(mSrpGroup.N, srpParams.B);
}
catch (CryptoException e)
{
throw new TlsFatalAlert(AlertDescription.illegal_parameter, e);
}
this.mSrpClient.Init(mSrpGroup, TlsUtilities.CreateHash(HashAlgorithm.sha1), mContext.SecureRandom);
}
private void testServerCatchesBadA(Srp6GroupParameters group)
{
byte[] I = Encoding.UTF8.GetBytes("username");
byte[] P = Encoding.UTF8.GetBytes("password");
byte[] s = new byte[16];
random.NextBytes(s);
Srp6VerifierGenerator gen = new Srp6VerifierGenerator();
gen.Init(group, new Sha256Digest());
BigInteger v = gen.GenerateVerifier(s, I, P);
Srp6Server server = new Srp6Server();
server.Init(group, v, new Sha256Digest(), random);
server.GenerateServerCredentials();
try
{
server.CalculateSecret(BigInteger.Zero);
Fail("Client failed to detect invalid value for 'A'");
}
catch (CryptoException)
{
// Expected
}
try
{
server.CalculateSecret(group.N);
Fail("Client failed to detect invalid value for 'A'");
}
catch (CryptoException)
{
// Expected
}
}
private void testClientCatchesBadB(Srp6GroupParameters group)
{
byte[] I = Encoding.UTF8.GetBytes("username");
byte[] P = Encoding.UTF8.GetBytes("password");
byte[] s = new byte[16];
random.NextBytes(s);
Srp6Client client = new Srp6Client();
client.Init(group, new Sha256Digest(), random);
client.GenerateClientCredentials(s, I, P);
try
{
client.CalculateSecret(BigInteger.Zero);
Fail("Client failed to detect invalid value for 'B'");
}
catch (CryptoException)
{
// Expected
}
try
{
client.CalculateSecret(group.N);
Fail("Client failed to detect invalid value for 'B'");
}
catch (CryptoException)
{
// Expected
}
}
private void testMutualVerification(Srp6GroupParameters group)
{
byte[] I = Encoding.UTF8.GetBytes("username");
byte[] P = Encoding.UTF8.GetBytes("password");
byte[] s = new byte[16];
random.NextBytes(s);
Srp6VerifierGenerator gen = new Srp6VerifierGenerator();
gen.Init(group, new Sha256Digest());
BigInteger v = gen.GenerateVerifier(s, I, P);
Srp6Client client = new Srp6Client();
client.Init(group, new Sha256Digest(), random);
Srp6Server server = new Srp6Server();
server.Init(group, v, new Sha256Digest(), random);
BigInteger A = client.GenerateClientCredentials(s, I, P);
BigInteger B = server.GenerateServerCredentials();
BigInteger clientS = client.CalculateSecret(B);
BigInteger serverS = server.CalculateSecret(A);
if (!clientS.Equals(serverS))
{
Fail("SRP agreement failed - client/server calculated different secrets");
}
}
public SimulatedTlsSrpIdentityManager(Srp6GroupParameters group, Srp6VerifierGenerator verifierGenerator, IMac mac)
{
this.mGroup = group;
this.mVerifierGenerator = verifierGenerator;
this.mMac = mac;
}
protected virtual bool AreGroupsEqual(Srp6GroupParameters a, Srp6GroupParameters b)
{
return a == b || (AreParametersEqual(a.N, b.N) && AreParametersEqual(a.G, b.G));
}