1

我尝试在我的解决方案中使用 srp6 spr4net ( https://code.google.com/p/srp4net/ ) 的实现。因此,我将客户端从 javascript 重写为 C# 到我的 WinForm 应用程序。并且想知道,会话密钥不匹配!我整天都在努力解决它,但没有结果。

这是我的 srp6a 实现:

        #region SRP6a client side

        // a - ephemeral private key
        // a = random between 2 and N-1
        var a = new BigInteger();
        {
            a.genRandomBits(Crypto.SRP.N.bitCount(), new Random());
            if (a >= Crypto.SRP.N) a = a%(Crypto.SRP.N - 1);
            if (a < 2) a = 2;
        }

        // A - public key
        // A = g ^ a (mod N)
        var A = Crypto.SRP.g.modPow(a, Crypto.SRP.N);
        var AHex = A.ToHexString();

            // AuthStep 1
            SRPReturn_AuthStep1 authStep1 = NETi.AuthStep1(_name, AHex);
            if (authStep1.error != 0)
                Status = "AuthStep1 error";
            // reg. Salt
            var SHex = authStep1.data.s;
            // BHex
            var BHex = authStep1.data.B;
            // u - scrambling parameter
            // u = H (A || B)

            var u = new BigInteger(authStep1.data.u, 16);
            var uHex = authStep1.data.u;

            //AuthStep 2
            var B = new BigInteger(BHex, 16);
            BigInteger x;
            {
                var xtmp = new BigInteger(HHex(
                    SHex + _name + _password
                    ), 16);
                if (xtmp < Crypto.SRP.N)
                {
                    x = xtmp;
                }
                else
                {
                    x = xtmp%(Crypto.SRP.N - new BigInteger("1", 16));
                }
            }
            var g = Crypto.SRP.g;
            var k = Crypto.SRP.k;
            var N = Crypto.SRP.N;
            var kgx = k*(g.modPow(x, N));
            var aux = a + u*x;
            var S = ((B - kgx)%N).modPow(aux, N); // Client Session Key
            var KHex = HHex(S.ToHexString());
            SessionKey = KHex;
            var m1 = HHex(A.ToHexString() + B.ToHexString() + KHex);
            SRPReturn_AuthStep2 y = NETi.AuthStep2(_name, authStep1.data.uniq1, m1);

        #endregion

...和服务器端..(http://code.ohloh.net/file?fid=Xxqdu2GY4_w8UD2b_4VNP_5Cp9I&cid=bLhc6E0xdjo&s=&fp=31372&projSelected=true#L0

        public static void AuthStep2(
            string vHex,
            string uHex,
            string AHex,
            string bHex,
            string BHex,
            out string m1serverHex,
            out string m2Hex)
        {
            BigInteger v = new BigInteger(vHex, 16);
            BigInteger u = new BigInteger(uHex, 16);
            BigInteger A = new BigInteger(AHex, 16);
            BigInteger b = new BigInteger(bHex, 16);
            BigInteger B = new BigInteger(BHex, 16);

            // S - common exponential value
            // S = (A * v^u) ^ b (mod N)
            BigInteger S = ((v.modPow(u, N) * A) % N).modPow(b, N); // Server Session Key


            Console.WriteLine(S);
            // K - the strong cryptographically session key
            // K = H(S)
            string KHex = HHex(S.ToHexString()).TrimStart('0');

            Console.WriteLine(KHex);

            // m2 - expected client's proof as computed by the server
            m1serverHex = HHex(
                AHex +
                BHex +
                KHex).TrimStart('0');

            // m2 - server's proof that it has the correct key
            m2Hex = HHex(
                AHex +
                m1serverHex +
                KHex).TrimStart('0');
        }

会话密钥公式中可能有错误,但我不知道在哪里:C

4

0 回答 0