Fixed SrpParameters thread safety issue, close #3.

Author: yallie

src/srp.tests/SrpAuthenticationTests.cs

@@ -1,7 +1,12 @@
 using System;
+using System.Linq;
 using System.Security.Cryptography;
 using NUnit.Framework;
 
+#if !NET_35
+using System.Threading.Tasks;
+#endif
+
 namespace SecureRemotePassword.Tests
 {
 	/// <summary>
@@ -123,5 +128,41 @@ private void SrpAuthentication(string username, string password, SrpParameters p
 				throw;
 			}
 		}
+
+#if !NET_35
+		[Test]
+		public async Task ParallelAuthenticationTest()
+		{
+			var username = "demo";
+			var password = "insecure";
+			var parameters = new SrpParameters();
+			var server = new SrpServer(parameters);
+
+			// spawn multiple parallel threads reusing the same SrpParameters instance
+			var tasks = Enumerable.Range(0, 100).Select(i => Task.Run(() =>
+			{
+				var client = new SrpClient(parameters);
+
+				// sign up
+				var salt = client.GenerateSalt();
+				var privateKey = client.DerivePrivateKey(salt, username, password);
+				var verifier = client.DeriveVerifier(privateKey);
+
+				// authenticate
+				var clientEphemeral = client.GenerateEphemeral();
+				var serverEphemeral = server.GenerateEphemeral(verifier);
+				var clientSession = client.DeriveSession(clientEphemeral.Secret, serverEphemeral.Public, salt, username, privateKey);
+
+				var serverSession = server.DeriveSession(serverEphemeral.Secret, clientEphemeral.Public, salt, username, verifier, clientSession.Proof);
+				client.VerifySession(clientEphemeral.Public, clientSession, serverSession.Proof);
+
+				// make sure both the client and the server have the same session key
+				Assert.AreEqual(clientSession.Key, serverSession.Key);
+			}));
+
+			await Task.WhenAll(tasks);
+		}
+#endif
+
 	}
 }

src/srp.tests/SrpParametersTests.cs

@@ -19,8 +19,7 @@ public void SrpParameterDefaultsAreReasonable()
 		[Test]
 		public void SrpParametersCanUseCustomHashAlgorithm()
 		{
-			var hasher = MD5.Create();
-			var parameters = new SrpParameters(hasher);
+			var parameters = new SrpParameters(MD5.Create);
 			Assert.NotNull(parameters.Prime);
 			Assert.NotNull(parameters.Generator);
 			Assert.AreEqual(16, parameters.HashSizeBytes);

src/srp.tests/TestVectorSet.cs

@@ -89,7 +89,7 @@ public SrpParameters CreateParameters()
 
 				// convert size in bits to padded length in chars
 				var paddedLength = Size / 4;
-				return new SrpParameters(hasher, N, g, paddedLength);
+				return new SrpParameters(CreateHasher, N, g, paddedLength);
 			}
 		}
 	}

src/srp.tests/srp.tests.csproj

@@ -18,15 +18,19 @@
     <ProjectReference Include="..\srp\srp.csproj" />
   </ItemGroup>
 
+  <PropertyGroup Condition=" '$(TargetFramework)' == 'net35' ">
+    <DefineConstants>$(DefineConstants);NET_35</DefineConstants>
+  </PropertyGroup>
+
   <PropertyGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.0' ">
     <DefineConstants>$(DefineConstants);NETCOREAPP_10</DefineConstants>
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.7.2" />
-    <PackageReference Include="Newtonsoft.Json" Version="11.0.2" />
-    <PackageReference Include="NUnit" Version="3.10.1" />
-    <PackageReference Include="NUnit3TestAdapter" Version="3.10.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.9.0" />
+    <PackageReference Include="Newtonsoft.Json" Version="12.0.1" />
+    <PackageReference Include="NUnit" Version="3.11.0" />
+    <PackageReference Include="NUnit3TestAdapter" Version="3.11.2" />
   </ItemGroup>
 
   <ItemGroup>

src/srp/SrpClient.cs

@@ -125,7 +125,7 @@ internal SrpInteger ComputeU(SrpInteger A, SrpInteger B)
 		/// </summary>
 		/// <param name="a">Client secret ephemeral value.</param>
 		/// <param name="B">Server public ephemeral value.</param>
-		/// <param name="u">The computed value of u</param>
+		/// <param name="u">The computed value of u.</param>
 		/// <param name="x">The private key.</param>
 		internal SrpInteger ComputeS(SrpInteger a, SrpInteger B, SrpInteger u, SrpInteger x)
 		{
@@ -195,7 +195,7 @@ public SrpSession DeriveSession(string clientSecretEphemeral, string serverPubli
 			return new SrpSession
 			{
 				Key = K.ToHex(),
-				Proof = M1.ToHex()
+				Proof = M1.ToHex(),
 			};
 		}
 

src/srp/SrpConstants.cs

@@ -64,7 +64,7 @@ 94B5C803 D89F7AE4 35DE236D 525F5475 9B65E372 FCD68EF2 0FA7111F
 		/// Safe prime number, 3072-bit group.
 		/// </summary>
 		/// <remarks>
-		/// This prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
+		/// This prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }.
 		/// </remarks>
 		public const string SafePrime3072 = @"
 			FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08
@@ -91,7 +91,7 @@ BBE11757 7A615D6C 770988C0 BAD946E2 08E24FA0 74E5AB31 43DB5BFC
 		/// Safe prime number, 4096-bit group.
 		/// </summary>
 		/// <remarks>
-		/// This prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
+		/// This prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }.
 		/// </remarks>
 		public const string SafePrime4096 = @"
 			FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08
@@ -123,7 +123,7 @@ D5B05AA9 93B4EA98 8D8FDDC1 86FFB7DC 90A6C08F 4DF435C9 34063199
 		/// Safe prime number, 6144-bit group.
 		/// </summary>
 		/// <remarks>
-		/// This prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
+		/// This prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }.
 		/// </remarks>
 		public const string SafePrime6144 = @"
 			FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08
@@ -164,7 +164,7 @@ 387FE8D7 6E3C0468 043E8F66 3F4860EE 12BF2D5B 0B7474D6 E694F91E
 		/// Safe prime number, 8192-bit group.
 		/// </summary>
 		/// <remarks>
-		/// This prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
+		/// This prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }.
 		/// </remarks>
 		public const string SafePrime8192 = @"
 			FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08

src/srp/SrpHash.cs

@@ -14,15 +14,17 @@ public class SrpHash : ISrpHash
 		/// <summary>
 		/// Initializes a new instance of the <see cref="SrpHash"/> class.
 		/// </summary>
-		/// <param name="hasher">The hashing algorithm.</param>
+		/// <param name="hasherFactory">The hashing algorithm factory method.</param>
 		/// <param name="algorithmName">The name of the algorithm.</param>
-		public SrpHash(HashAlgorithm hasher, string algorithmName = null)
+		public SrpHash(Func<HashAlgorithm> hasherFactory, string algorithmName = null)
 		{
-			Hasher = hasher;
+			HasherFactory = hasherFactory;
 			AlgorithmName = algorithmName ?? Hasher.GetType().Name;
 		}
 
-		private HashAlgorithm Hasher { get; }
+		private Func<HashAlgorithm> HasherFactory { get; }
+
+		private HashAlgorithm Hasher => HasherFactory();
 
 		/// <summary>
 		/// Computes the hash of the specified <see cref="string"/> or <see cref="SrpInteger"/> values.

src/srp/SrpHashT.cs

@@ -13,13 +13,13 @@ public class SrpHash<T> : SrpHash
 		/// Initializes a new instance of the <see cref="SrpHash{T}"/> class.
 		/// </summary>
 		public SrpHash()
-			: base(CreateHasher())
+			: base(CreateHasher)
 		{
 		}
 
 		/// <summary>
 		/// Creates the hasher of the given type <typeparamref name="T"/>.
 		/// </summary>
-		public static T CreateHasher() => (T)CreateHasher(typeof(T).Name);
+		public static HashAlgorithm CreateHasher() => CreateHasher(typeof(T).Name);
 	}
 }

src/srp/SrpParameters.cs

@@ -18,16 +18,16 @@ public class SrpParameters
 		/// <summary>
 		/// Initializes a new instance of the <see cref="SrpParameters"/> class.
 		/// </summary>
-		/// <param name="hashAlgorithm">The hashing algorithm.</param>
+		/// <param name="hashAlgorithmFactory">The hashing algorithm factory.</param>
 		/// <param name="largeSafePrime">Large safe prime number N (hexadecimal).</param>
 		/// <param name="generator">The generator value modulo N (hexadecimal).</param>
 		/// <param name="paddedLength">The hexadecimal length of N and g.</param>
-		public SrpParameters(HashAlgorithm hashAlgorithm = null, string largeSafePrime = null, string generator = null, int? paddedLength = null)
+		public SrpParameters(Func<HashAlgorithm> hashAlgorithmFactory = null, string largeSafePrime = null, string generator = null, int? paddedLength = null)
 		{
 			Prime = SrpInteger.FromHex(largeSafePrime ?? SrpConstants.SafePrime2048);
 			Generator = SrpInteger.FromHex(generator ?? SrpConstants.Generator2048);
 			PaddedLength = paddedLength ?? Prime.HexLength.Value;
-			Hasher = hashAlgorithm != null ? new SrpHash(hashAlgorithm) : new SrpHash<SHA256>();
+			Hasher = hashAlgorithmFactory != null ? new SrpHash(hashAlgorithmFactory) : new SrpHash<SHA256>();
 			Pad = i => i.Pad(PaddedLength);
 		}
 
@@ -43,7 +43,7 @@ public static SrpParameters Create<T>(string largeSafePrime = null, string gener
 		{
 			var result = new SrpParameters
 			{
-				Hasher = new SrpHash<T>()
+				Hasher = new SrpHash<T>(),
 			};
 
 			if (largeSafePrime != null)

src/srp/SrpServer.cs

@@ -64,7 +64,7 @@ internal SrpInteger ComputeB(string verifier, SrpInteger b)
 		/// </summary>
 		/// <param name="A">Client public ephemeral value.</param>
 		/// <param name="b">Server secret ephemeral value.</param>
-		/// <param name="u">The computed value of u</param>
+		/// <param name="u">The computed value of u.</param>
 		/// <param name="v">The verifier.</param>
 		internal SrpInteger ComputeS(SrpInteger A, SrpInteger b, SrpInteger u, SrpInteger v)
 		{

src/srp/srp.csproj

@@ -4,9 +4,9 @@
     <Description>SRP-6a protocol implementation for .NET Standard 2.0 and .NET Framework 3.5+</Description>
     <Copyright>Copyright © 2018 Alexey Yakovlev</Copyright>
     <AssemblyTitle>srp</AssemblyTitle>
-    <Version>1.0.2</Version>
+    <Version>1.0.3</Version>
     <AssemblyVersion>1.0.0.0</AssemblyVersion>
-    <FileVersion>1.0.2.0</FileVersion>
+    <FileVersion>1.0.3.0</FileVersion>
     <Authors>Alexey Yakovlev</Authors>
     <TargetFrameworks>net35;net40;net45;netstandard1.6;netstandard2.0</TargetFrameworks>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
@@ -24,6 +24,9 @@
     <RootNamespace>SecureRemotePassword</RootNamespace>
     <PackageReleaseNotes>What's new:
 
+      v1.0.3:
+      - Fixed SrpParameters thread safety issue.
+
       v1.0.2:
       - Fixed sha384/sha512 support in .NET Standard 1.6 version.
 
@@ -38,7 +41,10 @@
   </PropertyGroup>
 
   <ItemGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
-    <PackageReference Include="StyleCop.Analyzers" Version="1.0.2" />
+    <PackageReference Include="StyleCop.Analyzers" Version="1.1.1-beta.61">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
+    </PackageReference>
   </ItemGroup>
 
   <ItemGroup Condition=" '$(TargetFramework)' != 'net35'">