1. 技术文章
  2. different Session Keys in SRP6a

different Session Keys in SRP6a

|▌冷眼眸甩不掉的悲伤 提交于 2019-12-24 07:19:47

问题


i tried to use implementing of srp6 spr4net (https://code.google.com/p/srp4net/) in my solution. So, i rewrited client side from javascript to C# to my WinForm App. And wondered, that session keys just doesn't match! I tried all day long to work it out, but without result.

here is my srp6a implementation:

        #region SRP6a client side

        // a - ephemeral private key
        // a = random between 2 and N-1
        var a = new BigInteger();
        {
            a.genRandomBits(Crypto.SRP.N.bitCount(), new Random());
            if (a >= Crypto.SRP.N) a = a%(Crypto.SRP.N - 1);
            if (a < 2) a = 2;
        }

        // A - public key
        // A = g ^ a (mod N)
        var A = Crypto.SRP.g.modPow(a, Crypto.SRP.N);
        var AHex = A.ToHexString();

            // AuthStep 1
            SRPReturn_AuthStep1 authStep1 = NETi.AuthStep1(_name, AHex);
            if (authStep1.error != 0)
                Status = "AuthStep1 error";
            // reg. Salt
            var SHex = authStep1.data.s;
            // BHex
            var BHex = authStep1.data.B;
            // u - scrambling parameter
            // u = H (A || B)

            var u = new BigInteger(authStep1.data.u, 16);
            var uHex = authStep1.data.u;

            //AuthStep 2
            var B = new BigInteger(BHex, 16);
            BigInteger x;
            {
                var xtmp = new BigInteger(HHex(
                    SHex + _name + _password
                    ), 16);
                if (xtmp < Crypto.SRP.N)
                {
                    x = xtmp;
                }
                else
                {
                    x = xtmp%(Crypto.SRP.N - new BigInteger("1", 16));
                }
            }
            var g = Crypto.SRP.g;
            var k = Crypto.SRP.k;
            var N = Crypto.SRP.N;
            var kgx = k*(g.modPow(x, N));
            var aux = a + u*x;
            var S = ((B - kgx)%N).modPow(aux, N); // Client Session Key
            var KHex = HHex(S.ToHexString());
            SessionKey = KHex;
            var m1 = HHex(A.ToHexString() + B.ToHexString() + KHex);
            SRPReturn_AuthStep2 y = NETi.AuthStep2(_name, authStep1.data.uniq1, m1);

        #endregion

...and server side.. ( http://code.ohloh.net/file?fid=Xxqdu2GY4_w8UD2b_4VNP_5Cp9I&cid=bLhc6E0xdjo&s=&fp=31372&projSelected=true#L0 )

        public static void AuthStep2(
            string vHex,
            string uHex,
            string AHex,
            string bHex,
            string BHex,
            out string m1serverHex,
            out string m2Hex)
        {
            BigInteger v = new BigInteger(vHex, 16);
            BigInteger u = new BigInteger(uHex, 16);
            BigInteger A = new BigInteger(AHex, 16);
            BigInteger b = new BigInteger(bHex, 16);
            BigInteger B = new BigInteger(BHex, 16);

            // S - common exponential value
            // S = (A * v^u) ^ b (mod N)
            BigInteger S = ((v.modPow(u, N) * A) % N).modPow(b, N); // Server Session Key


            Console.WriteLine(S);
            // K - the strong cryptographically session key
            // K = H(S)
            string KHex = HHex(S.ToHexString()).TrimStart('0');

            Console.WriteLine(KHex);

            // m2 - expected client's proof as computed by the server
            m1serverHex = HHex(
                AHex +
                BHex +
                KHex).TrimStart('0');

            // m2 - server's proof that it has the correct key
            m2Hex = HHex(
                AHex +
                m1serverHex +
                KHex).TrimStart('0');
        }

Perhaps there is a mistake in Session Key Formula, but i don't know where :C

来源:https://stackoverflow.com/questions/22641543/different-session-keys-in-srp6a

标签
c#
security
authentication
srp-protocol
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!