Lidgren SRP-6a implementation that uses a lobby to separate authenticated users from guests.
Lidgren is a free super fast, very cool UDP Network library written by Michael Lidgren and available here. The library is used by a fast number of indie games and other hobby projects.
SRP stands for Secure Remote Password protocol and is a way to perform secure remote authentication without an external Certificate Authority (CA). Even if the remote database is compromised, users are not directly exposed in any way. Find more about that here.
Lidgren-SRP6a combines the two so SRP is available within any project that uses Lidgren.
Michael has provided us with a way to encrypt our data, but no way to authenticate in a secure manner. A modified version of this code is being implemented for my game and since there is a lot of community requesting an implementation I am sharing it. I can not be held responsible for any loss of data, any corruption or any breaking-in whatsoever, but you should be pretty safe taken that you heed the warnings provided.
Start the SRPServer project and then start the SRPClient project. The addresses are hardcoded (loopback) but comments show you where and how and what.
By default there is only ONE user allowed access. First try a lot of bogus usernames. Then try a lot of bogus passwords with the user test. Finally login with
username : test
password : pass
Although I've hidden the password while typing, it will be shown after you submit it for debugging purposes only. The password is NEVER sent over the network. Read more about SRP if you want to understand how that's possible.
When you are connected, you are allowed to send ONE encrypted message to the server, after which you will be kicked with a simple goodbye.
The code provides a way to separate authenticated users from guest users. Users should connect to your server and be processed by the NetworkLobby when they want to authenticate.
I suggest simply letting users connect, receive any updates if needed and then authenticate.
To implement this in your game
- add the
Network.AuthenticationDynamic Link Library (DLL) or project reference to both your server and client. - create a
LogonManagerclass on yourServerONLY - implement the lookup function in your
LogonManager(see the interface bewow) - choose a
keysizeand set it inNetLobby(see choices below) - write code to connect to the server and process any data message by the
NetLobby
You can see the examples in the example project.
The following keysizes are supported:
- 1024
- 1536
- 2048
- 3072
- 4096
Implemented but not supported yet are
- 6144
- 8192
You can add your own in NetSRP.Functions
Should be a class defined as:
internal class LogonManager : ILogonManager
Should implement the lookup method as:
public NetBigInteger Lookup(String username, Byte[] data, out Byte[] salt)
C = client S = server
First connect the normal way
> C -> connect request -> S
> S -> approve connection (optional)
> C -> receive connection approved
Starts sending/receiving Messagetype Data
> C -> authenticate [username : password]
> C and S process all through NetLobby.IncomingMessage
> C -> capture NetLobby.OnXXX
> C -> set a tag on connection
When a tag is set, you are authenticated and you can use the secure connection
> C and S Use Lidgren as you would before