1

i tried to use implementing of srp6 spr4net (https://code.google.com/p/srp4net/) in my solution. So, i rewrited client side from javascript to C# to my WinForm App. And wondered, that session keys just doesn't match! I tried all day long to work it out, but without result.

here is my srp6a implementation:

        #region SRP6a client side

        // a - ephemeral private key
        // a = random between 2 and N-1
        var a = new BigInteger();
        {
            a.genRandomBits(Crypto.SRP.N.bitCount(), new Random());
            if (a >= Crypto.SRP.N) a = a%(Crypto.SRP.N - 1);
            if (a < 2) a = 2;
        }

        // A - public key
        // A = g ^ a (mod N)
        var A = Crypto.SRP.g.modPow(a, Crypto.SRP.N);
        var AHex = A.ToHexString();

            // AuthStep 1
            SRPReturn_AuthStep1 authStep1 = NETi.AuthStep1(_name, AHex);
            if (authStep1.error != 0)
                Status = "AuthStep1 error";
            // reg. Salt
            var SHex = authStep1.data.s;
            // BHex
            var BHex = authStep1.data.B;
            // u - scrambling parameter
            // u = H (A || B)

            var u = new BigInteger(authStep1.data.u, 16);
            var uHex = authStep1.data.u;

            //AuthStep 2
            var B = new BigInteger(BHex, 16);
            BigInteger x;
            {
                var xtmp = new BigInteger(HHex(
                    SHex + _name + _password
                    ), 16);
                if (xtmp < Crypto.SRP.N)
                {
                    x = xtmp;
                }
                else
                {
                    x = xtmp%(Crypto.SRP.N - new BigInteger("1", 16));
                }
            }
            var g = Crypto.SRP.g;
            var k = Crypto.SRP.k;
            var N = Crypto.SRP.N;
            var kgx = k*(g.modPow(x, N));
            var aux = a + u*x;
            var S = ((B - kgx)%N).modPow(aux, N); // Client Session Key
            var KHex = HHex(S.ToHexString());
            SessionKey = KHex;
            var m1 = HHex(A.ToHexString() + B.ToHexString() + KHex);
            SRPReturn_AuthStep2 y = NETi.AuthStep2(_name, authStep1.data.uniq1, m1);

        #endregion

...and server side.. ( http://code.ohloh.net/file?fid=Xxqdu2GY4_w8UD2b_4VNP_5Cp9I&cid=bLhc6E0xdjo&s=&fp=31372&projSelected=true#L0 )

        public static void AuthStep2(
            string vHex,
            string uHex,
            string AHex,
            string bHex,
            string BHex,
            out string m1serverHex,
            out string m2Hex)
        {
            BigInteger v = new BigInteger(vHex, 16);
            BigInteger u = new BigInteger(uHex, 16);
            BigInteger A = new BigInteger(AHex, 16);
            BigInteger b = new BigInteger(bHex, 16);
            BigInteger B = new BigInteger(BHex, 16);

            // S - common exponential value
            // S = (A * v^u) ^ b (mod N)
            BigInteger S = ((v.modPow(u, N) * A) % N).modPow(b, N); // Server Session Key


            Console.WriteLine(S);
            // K - the strong cryptographically session key
            // K = H(S)
            string KHex = HHex(S.ToHexString()).TrimStart('0');

            Console.WriteLine(KHex);

            // m2 - expected client's proof as computed by the server
            m1serverHex = HHex(
                AHex +
                BHex +
                KHex).TrimStart('0');

            // m2 - server's proof that it has the correct key
            m2Hex = HHex(
                AHex +
                m1serverHex +
                KHex).TrimStart('0');
        }

Perhaps there is a mistake in Session Key Formula, but i don't know where :C

animekun
  • 1,789
  • 4
  • 28
  • 45
  • 1
    I can see only one object called 'SessionKey' in your code. What does it not match and how do you compare it? It's difficult to understand what exactly is the problem here. Have you tried good old divide and conquer approach? Break down your implementation and compare each piece with the working code. – Piotr Justyna Mar 25 '14 at 17:09
  • @PiotrJustyna updated. see at // Client Session Key and // Server Session Key expressions, they must match, but they don't – animekun Mar 25 '14 at 17:17
  • @PiotrJustyna eveything is correct before session keys calculates. i think error is in formula, but can't understand where – animekun Mar 25 '14 at 17:21
  • I can see two possible checks here: 1. *b* must be equal to *aux*, 2. *v.modPow(u, N) * A* must be equal to *B - kgx* – Piotr Justyna Mar 25 '14 at 17:28
  • the server code is using `.Trimtart(0)` to drop leading zeros but you don't seem to be using it on the client code. – simbo1905 Dec 31 '14 at 12:47

0 Answers0