#include "SRP6.h"

Public Types
using	Salt = std::array< uint8, SALT_LENGTH >

using	Verifier = std::array< uint8, VERIFIER_LENGTH >

using	EphemeralKey = std::array< uint8, EPHEMERAL_KEY_LENGTH >

Public Member Functions
	SRP6 (std::string const &username, Salt const &salt, Verifier const &verifier)

std::optional< SessionKey >	VerifyChallengeResponse (EphemeralKey const &A, SHA1::Digest const &clientM)

Static Public Member Functions
static std::pair< Salt, Verifier >	MakeRegistrationData (std::string const &username, std::string const &password)

static bool	CheckLogin (std::string const &username, std::string const &password, Salt const &salt, Verifier const &verifier)

static SHA1::Digest	GetSessionVerifier (EphemeralKey const &A, SHA1::Digest const &clientM, SessionKey const &K)

Public Attributes
Salt const	s

EphemeralKey const	B

Static Public Attributes
static constexpr std::size_t	SALT_LENGTH = 32

static constexpr std::size_t	VERIFIER_LENGTH = 32

static constexpr std::size_t	EPHEMERAL_KEY_LENGTH = 32

static std::array< uint8, 1 > const	g = { 7 }

static std::array< uint8, 32 > const	N = HexStrToByteArray<32>("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7", true)

Static Private Member Functions
static Verifier	CalculateVerifier (std::string const &username, std::string const &password, Salt const &salt)

static SessionKey	SHA1Interleave (EphemeralKey const &S)

static EphemeralKey	_B (BigNumber const &b, BigNumber const &v)

Private Attributes
bool	_used = false

SHA1::Digest const	_I

BigNumber const	_b

BigNumber const	_v

Static Private Attributes
static BigNumber const	_g

static BigNumber const	_N

Detailed Description

Member Typedef Documentation

◆ EphemeralKey

using Acore::Crypto::SRP6::EphemeralKey = std::array<uint8, EPHEMERAL_KEY_LENGTH>

◆ Salt

using Acore::Crypto::SRP6::Salt = std::array<uint8, SALT_LENGTH>

◆ Verifier

using Acore::Crypto::SRP6::Verifier = std::array<uint8, VERIFIER_LENGTH>

Constructor & Destructor Documentation

◆ SRP6()

SRP6::SRP6	(	std::string const &	username,
		Salt const &	salt,
		Verifier const &	verifier
	)

85 : _I(SHA1::GetDigestOf(username)), _b(Crypto::GetRandomBytes<32>()), _v(verifier), s(salt), B(_B(_b, _v)) {}

Acore::Crypto::SRP6::B

EphemeralKey const B

Definition SRP6.h:79

Acore::Crypto::SRP6::_B

static EphemeralKey _B(BigNumber const &b, BigNumber const &v)

Definition SRP6.h:70

Acore::Crypto::SRP6::_v

BigNumber const _v

Definition SRP6.h:75

Acore::Crypto::SRP6::s

Salt const s

Definition SRP6.h:78

Acore::Crypto::SRP6::_I

SHA1::Digest const _I

Definition SRP6.h:73

Acore::Crypto::SRP6::_b

BigNumber const _b

Definition SRP6.h:74

Acore::Impl::GenericHash::GetDigestOf

static Digest GetDigestOf(uint8 const *data, std::size_t len)

Definition CryptoHash.h:48

Member Function Documentation

◆ _B()

static EphemeralKey Acore::Crypto::SRP6::_B	(	BigNumber const &	b,
		BigNumber const &	v
	)

inlinestaticprivate

70{ return ((_g.ModExp(b, _N) + (v * 3)) % N).ToByteArray<EPHEMERAL_KEY_LENGTH>(); }

Acore::Crypto::SRP6::N

static std::array< uint8, 32 > const N

Definition SRP6.h:41

Acore::Crypto::SRP6::_N

static BigNumber const _N

Definition SRP6.h:68

Acore::Crypto::SRP6::_g

static BigNumber const _g

Definition SRP6.h:67

Acore::Crypto::SRP6::EPHEMERAL_KEY_LENGTH

static constexpr std::size_t EPHEMERAL_KEY_LENGTH

Definition SRP6.h:37

BigNumber::ModExp

BigNumber ModExp(BigNumber const &bn1, BigNumber const &bn2) const

Definition BigNumber.cpp:153

References BigNumber::ModExp().

◆ CalculateVerifier()

SRP6::Verifier SRP6::CalculateVerifier	(	std::string const &	username,
		std::string const &	password,
		SRP6::Salt const &	salt
	)

staticprivate

{
    // v = g ^ H(s || H(u || ':' || p)) mod N
    return _g.ModExp(
        SHA1::GetDigestOf(
            salt,
            SHA1::GetDigestOf(username, ":", password)
        )
    ,_N).ToByteArray<32>();
}

References _g, _N, Acore::Impl::GenericHash< HashCreator, DigestLength >::GetDigestOf(), BigNumber::ModExp(), and BigNumber::ToByteArray().

Referenced by MakeRegistrationData().

◆ CheckLogin()

static bool Acore::Crypto::SRP6::CheckLogin	(	std::string const &	username,
		std::string const &	password,
		Salt const &	salt,
		Verifier const &	verifier
	)

inlinestatic

        {
            return (verifier == CalculateVerifier(username, password, salt));
        }

Referenced by RASession::CheckPassword(), and AccountMgr::CheckPassword().

◆ GetSessionVerifier()

static SHA1::Digest Acore::Crypto::SRP6::GetSessionVerifier	(	EphemeralKey const &	A,
		SHA1::Digest const &	clientM,
		SessionKey const &	K
	)

inlinestatic

        {
            return SHA1::GetDigestOf(A, clientM, K);
        }

References Acore::Impl::GenericHash< HashCreator, DigestLength >::GetDigestOf().

Referenced by AuthSession::HandleLogonProof().

◆ MakeRegistrationData()

std::pair< SRP6::Salt, SRP6::Verifier > SRP6::MakeRegistrationData	(	std::string const &	username,
		std::string const &	password
	)

static

{
    std::pair<SRP6::Salt, SRP6::Verifier> res;
    Crypto::GetRandomBytes(res.first); // random salt
    res.second = CalculateVerifier(username, password, res.first);
    return res;
}

References CalculateVerifier(), and Acore::Crypto::GetRandomBytes().

Referenced by AccountMgr::ChangePassword(), AccountMgr::ChangeUsername(), and AccountMgr::CreateAccount().

◆ SHA1Interleave()

SessionKey SRP6::SHA1Interleave ( SRP6::EphemeralKey const & S )

staticprivate

{
    // split S into two buffers
    std::array<uint8, EPHEMERAL_KEY_LENGTH / 2> buf0{}, buf1{};
    for (std::size_t i = 0; i < EPHEMERAL_KEY_LENGTH / 2; ++i)
    {
        buf0[i] = S[2 * i + 0];
        buf1[i] = S[2 * i + 1];
    }
 
    // find position of first nonzero byte
    std::size_t p = 0;
    while (p < EPHEMERAL_KEY_LENGTH && !S[p])
        ++p;
 
    if (p & 1)
        ++p; // skip one extra byte if p is odd
 
    p /= 2; // offset into buffers
 
    // hash each of the halves, starting at the first nonzero byte
    SHA1::Digest const hash0 = SHA1::GetDigestOf(buf0.data() + p, EPHEMERAL_KEY_LENGTH / 2 - p);
    SHA1::Digest const hash1 = SHA1::GetDigestOf(buf1.data() + p, EPHEMERAL_KEY_LENGTH / 2 - p);
 
    // stick the two hashes back together
    SessionKey K;
    for (std::size_t i = 0; i < SHA1::DIGEST_LENGTH; ++i)
    {
        K[2 * i + 0] = hash0[i];
        K[2 * i + 1] = hash1[i];
    }
    return K;
}

References Acore::Impl::GenericHash< HashCreator, DigestLength >::DIGEST_LENGTH, EPHEMERAL_KEY_LENGTH, and Acore::Impl::GenericHash< HashCreator, DigestLength >::GetDigestOf().

Referenced by VerifyChallengeResponse().

◆ VerifyChallengeResponse()

std::optional< SessionKey > SRP6::VerifyChallengeResponse	(	EphemeralKey const &	A,
		SHA1::Digest const &	clientM
	)

{
    ASSERT(!_used, "A single SRP6 object must only ever be used to verify ONCE!");
    _used = true;
 
    BigNumber const _A(A);
    if ((_A % _N).IsZero())
        return std::nullopt;
 
    BigNumber const u(SHA1::GetDigestOf(A, B));
    EphemeralKey const S = (_A * (_v.ModExp(u, _N))).ModExp(_b, N).ToByteArray<32>();
 
    SessionKey K = SHA1Interleave(S);
 
    // NgHash = H(N) xor H(g)
    SHA1::Digest const NHash = SHA1::GetDigestOf(N);
    SHA1::Digest const gHash = SHA1::GetDigestOf(g);
    SHA1::Digest NgHash;
    std::transform(NHash.begin(), NHash.end(), gHash.begin(), NgHash.begin(), std::bit_xor<>());
 
    SHA1::Digest const ourM = SHA1::GetDigestOf(NgHash, _I, s, A, B, K);
    if (ourM == clientM)
        return K;
 
    return std::nullopt;
}