I'm trying to get SRP6 to work using this library (in C#), but I'm confused.
As of right now, I'm doing:
Client sends: Username, N, G, Verification (which is generated by calling Srp6VerifierGenerator.GenerateVerifier()) and PublicEphemeralValueA (which is generated by calling Srp6Client.GenerateClientCredentials).
Server receives all of this and uses it to generate its secret.
What I don't get is... how does the server know that the client has the right password? Right now the server and client each has their own secret (which can be used to encrypt communication), but the server has no way of knowing if the client issued the right password!
I tried doing this:
/// <summary>
/// Verifies the client's credentials.
/// </summary>
/// <returns>Returns true if the credentials were valid, otherwise returns false.</returns>
public bool VerifyClient()
{
if (m_Secret.Equals(m_Server.CalculateSecret(m_PublicEphemeralValueA)))
return true;
return false;
}
But it keeps returning false.
The test-case included with the library does this:
private void testWithRandomParams(int bits)
{
DHParametersGenerator paramGen = new DHParametersGenerator();
paramGen.Init(bits, 25, random);
DHParameters parameters = paramGen.GenerateParameters();
BigInteger g = parameters.G;
BigInteger p = parameters.P;
testMutualVerification(p, g);
}
private void testMutualVerification(BigInteger N, BigInteger g)
{
byte[] I = Encoding.UTF8.GetBytes("username");
byte[] P = Encoding.UTF8.GetBytes("password");
byte[] s = new byte[16];
random.NextBytes(s);
Srp6VerifierGenerator gen = new Srp6VerifierGenerator();
gen.Init(N, g, new Sha256Digest());
BigInteger v = gen.GenerateVerifier(s, I, P);
Srp6Client client = new Srp6Client();
client.Init(N, g, new Sha256Digest(), random);
Srp6Server server = new Srp6Server();
server.Init(N, g, v, new Sha256Digest(), random);
BigInteger A = client.GenerateClientCredentials(s, I, P);
BigInteger B = server.GenerateServerCredentials();
BigInteger clientS = client.CalculateSecret(B);
BigInteger serverS = server.CalculateSecret(A);
if (!clientS.Equals(serverS))
{
Fail("SRP agreement failed - client/server calculated different secrets");
}
}
I still fail to see how the server knows if the client issued the right password! Has anyone used the SRP6 part of this library before (it's a pretty huge library)? Does anyone have any tips?