btest-rs

manawenuz/btest-rs

Fork 0

Commit Graph

Author	SHA1	Message	Date
Siavash Sameni	b28c553e10	Fix EC-SRP5 server: use lift_x not redp1 for verification All checks were successful CI / test (push) Successful in 1m20s Details Server-side shared secret used redp1(x_gamma) which is the hash-to-curve blinding function, but verification needs lift_x(x_gamma) — the raw validator public key point. Also fixed prime_mod_sqrt for p ≡ 5 (mod 8) using Atkin's algorithm instead of Tonelli-Shanks. Removed unused password parameter from server_authenticate. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-31 17:10:31 +04:00
Siavash Sameni	58274da859	Add EC-SRP5 authentication (RouterOS >= 6.43) All checks were successful CI / test (push) Successful in 1m18s Details Client: auto-detects 03 response and performs EC-SRP5 handshake Server: --ecsrp5 flag enables Curve25519 Weierstrass EC-SRP5 auth btest -s -a admin -p password --ecsrp5 Protocol: [len][payload] framing (no 0x06 handler, unlike Winbox) Crypto: Curve25519 in Weierstrass form, SHA256, SRP key exchange Based on MarginResearch/mikrotik_authentication (Apache 2.0). Verified against MikroTik RouterOS 7.x via MITM protocol analysis. 34 tests (10 unit, 6 EC-SRP5 integration, 8 base integration, 10 doc-tests). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-31 16:56:38 +04:00

Author

SHA1

Message

Date

Siavash Sameni

b28c553e10

Fix EC-SRP5 server: use lift_x not redp1 for verification

CI / test (push) Successful in 1m20s

Details

Server-side shared secret used redp1(x_gamma) which is the hash-to-curve
blinding function, but verification needs lift_x(x_gamma) — the raw
validator public key point. Also fixed prime_mod_sqrt for p ≡ 5 (mod 8)
using Atkin's algorithm instead of Tonelli-Shanks.

Removed unused password parameter from server_authenticate.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-31 17:10:31 +04:00

Siavash Sameni

58274da859

Add EC-SRP5 authentication (RouterOS >= 6.43)

CI / test (push) Successful in 1m18s

Details

Client: auto-detects 03 response and performs EC-SRP5 handshake
Server: --ecsrp5 flag enables Curve25519 Weierstrass EC-SRP5 auth
  btest -s -a admin -p password --ecsrp5

Protocol: [len][payload] framing (no 0x06 handler, unlike Winbox)
Crypto: Curve25519 in Weierstrass form, SHA256, SRP key exchange

Based on MarginResearch/mikrotik_authentication (Apache 2.0).
Verified against MikroTik RouterOS 7.x via MITM protocol analysis.

34 tests (10 unit, 6 EC-SRP5 integration, 8 base integration, 10 doc-tests).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-31 16:56:38 +04:00

2 Commits