Feature request: Methods to validate salt/verifier on sign up
alexrp opened this issue · comments
Alex Rønne Petersen commented
Right now, I have code looking like the following when processing sign-ups on the server:
string salt = ..., verifier = ...;
var param = SrpParameters.Create8192<SHA512>();
var valid = salt.Length == param.HashSizeBytes * 2 && verifier.Length == param.PaddedLength;
try
{
_ = new SrpInteger(salt);
_ = new SrpInteger(verifier);
}
catch (Exception)
{
valid = false;
}
if (valid)
{
// Save to DB...
}
It would be convenient if the library exposed methods to do this kind of validation.
Alexey Yakovlev commented
Hello @alexrp,
What's the proposed API?
Something like this?
srpParameters.IsValidSalt(salt);
srpParameters.IsValidVerifier(verifier);
Alex Rønne Petersen commented
That looks reasonable.
Alexey Yakovlev commented
Here you are: https://www.nuget.org/packages/srp/1.0.5
if (param.IsValidSalt(salt) && param.IsValidVerifier(verifier))
{
// Save to DB...
}