SRP6 and WoW Authentication Process

**doityourself** · 07-29-2017

Is this your full srp6 class? What does your BigIntegerExtensions class do? Any samples about your results?

**julienguillot** · 07-29-2017

My SRP class changed a bit => SRP6
Here is the BigIntegerExtensions class, this is BigInteger Extensions Methods to perform some operations as ModPow, Multiply.... => BigIntegerExtensions

Some results :

N : 894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7
g : 7
s : 7C7204B6166AB55E8F273E6FFEF75D0141EECF1B3B5F68B70E2ED538B9E532A2
v : 15AB8A30B27F221645BB5E55DED1F9926A1DF84A3E5FA44F84EA3C8260397FF0
b : 12FBF3A724428D21BB9DF245E079B7F3
B : BD6176EDA7FE5CF1A1E13317A09A03AE89EF78FA27D511B29EA2F966C9EBC0FD
k : 3

This result failed after ServerLogonChallenge be sent to client...

Sucessful try :

N : 894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7
g : 7
s : 7C7204B6166AB55E8F273E6FFEF75D0141EECF1B3B5F68B70E2ED538B9E532A2
v : 15AB8A30B27F221645BB5E55DED1F9926A1DF84A3E5FA44F84EA3C8260397FF0
b : 3955043DDB869018C82938703C69B7E3
B : 6B21489E6EE8C7BC68328BDCF738BD1881AD165620A7C8196A1E8CF7BD500B1E
k : 3
u : 10789433402BC2A5C041B4788DFB87CAC9CE4178
K : 40129C9BDC07B135CF32AFDA50BA821524F8FEEB
M : 9F93CA126B5B036396915CF940E017535A23961E
M1 : C67C4E33F9F47F8D75F7E4A573D6D5429021B472
M2 : AD86FCDB37FCD6D3E15272C5AEA26834CE5D8F27

M and M1 are not equal.... password is correct though

Any idea ?

Thanks !

**doityourself** · 07-29-2017

I wonder.... why do you use additonal big methods to create bigintegers^^?
You can just new BigInteger(array.Concat(new byte[1])); if you want to create a new one from a byte array / random byte array^^.

Also the multiply, etc. extensions are not needed.

**julienguillot** · 07-29-2017

Because i can reduce code with this Extension Methods ^^
But i will try to do without it and see if it's OK but i'm not sure....

**doityourself** · 07-29-2017

Originally Posted by julienguillot

Because i can reduce code with this Extension Methods ^^
But i will try to do without it and see if it's OK but i'm not sure....

oh right now it's more code with all these extensions :P

**julienguillot** · 07-29-2017

To be honest, i took theses Extensions from other projects ^^... Seems we don't need it ^^

What do you use to generate random values ? Like b

**doityourself** · 07-29-2017

In my old class I used this: Arctium/SRP6.cs at 8199c3f0d8f9974e0b0ebf1215953e8b39a7e7cf * mansemino/Arctium * GitHub

The MakeBigInteger method just does 'new BigInteger(array.Concat(new byte[1]));'

**julienguillot** · 07-29-2017

Ok i modified my code.

But... salt is genereted as negative value....

s = new byte[32];
var random = RNGCryptoServiceProvider.Create();
random.GetBytes(s);
Salt = new BigInteger(s);

**doityourself** · 07-29-2017

As I said use 'new BigInteger(array.Concat(new byte[1]));' For this you can use an extensions method

to create them from array. Adding a 0 at the end of the byte arrays makes them non negative!

**julienguillot** · 07-29-2017

Here is my new class SRP6, thanks to you and your methods like MakeBigInteger, my first problem disappears !

I could create 10 accounts without error and they pass the ServerAuthChallenge many times !

Next step : make M = M1 !

I will stay in touch ^^

Thank you, i learned today much what i learn in one week ^^

**julienguillot** · 07-29-2017

Hello,

Here is my method to generate u, S, K, M et M2 :

public void Step2(byte[] A, byte[] M1, string username)
{
// Generation de u = H(A | B)
byte[] u = SHA1.Create().ComputeHash(CombineData(A, B));
Scrambler = MakeBigInteger(u);

// Generation de S = (A * v^u) ^ b % N
ClientPublicEphemeral = MakeBigInteger(A);
BigInteger t1 = ClientPublicEphemeral * BigInteger.ModPow(Verifier, Scrambler, Modulus); // (A * v^u)
byte[] ss = BigInteger.ModPow(t1, ServerPrivateEphemeral, Modulus).ToByteArray();

//// Generation de K = H(S))
byte[] K = SHA1.Create().ComputeHash(ss);
SessionKey = MakeBigInteger(K);

// Generation de M1
//Client -> Serveur : M = H(H(N) xor H(g), H(I), s, A, B, K) (xor correspond au OU exclusif)
//Serveur->Client : H(A, M, K)
byte[] HN = SHA1.Create().ComputeHash(N);
byte[] Hg = SHA1.Create().ComputeHash(g);
byte[] HI = SHA1.Create().ComputeHash(Encoding.UTF8.GetBytes(username));

for (int i = 0; i < HN.Length; i++)
HN[i] ^= Hg[i];

byte[] M = SHA1.Create().ComputeHash(CombineData(HN, HI, s, A, B, K));
ClientSessionKeyProof = MakeBigInteger(M);

// Generation de M2 = H(A | M1 | K)
byte[] M2 = SHA1.Create().ComputeHash(CombineData(A, M, K));
ServerSessionKeyProof = MakeBigInteger(M2);

bool OK = M.Equals(M1);
}

But M always differs from M1. Where is the problem ?

To calculate M i need to do M = H(H(N) xor H(g), H(I), s, A, B, K), and compare it to M1 isn't it ?

**doityourself** · 07-30-2017

Oh I think your sessionkey (K) generation is wrong.
I think it's not just a 'SHA1.Create().ComputeHash(ss)'

If you look at the srp6 class on github, you see, that you have to do a bit more stuff for that one (CalculateK), because blizz likes to do other stuff