diff options
author | azul <azul@riseup.net> | 2017-03-23 13:23:42 +0000 |
---|---|---|
committer | azul <azul@riseup.net> | 2017-03-23 13:23:42 +0000 |
commit | 94ba8eae189ef6d60ddfa194e73b672123e17d6f (patch) | |
tree | 0e901532c839d7d0db922cb97d064df279090116 /app/assets/javascripts/srp/src/srp_session.js | |
parent | fca8411e2359eafd4c50dbb6a6b8539a7e8593c7 (diff) | |
parent | 372b15afed0b7477bd83062feaa7f24c4d40e38d (diff) |
Merge branch 'install/subrepos' into 'master'
Install/subrepos
See merge request !28
Fixes github issue #238
Diffstat (limited to 'app/assets/javascripts/srp/src/srp_session.js')
m--------- | app/assets/javascripts/srp | 0 | ||||
-rw-r--r-- | app/assets/javascripts/srp/src/srp_session.js | 122 |
2 files changed, 122 insertions, 0 deletions
diff --git a/app/assets/javascripts/srp b/app/assets/javascripts/srp deleted file mode 160000 -Subproject 9e1a41733468d4a3f5102b04277b9cd7b52d0a4 diff --git a/app/assets/javascripts/srp/src/srp_session.js b/app/assets/javascripts/srp/src/srp_session.js new file mode 100644 index 0000000..88f19d5 --- /dev/null +++ b/app/assets/javascripts/srp/src/srp_session.js @@ -0,0 +1,122 @@ +srp.Session = function(account, calculate) { + + // default for injected dependency + account = account || new srp.Account(); + calculate = calculate || new srp.Calculate(); + + var a = calculate.randomEphemeral(); + var A = calculate.A(a); + var S = null; + var K = null; + var M = null; + var M2 = null; + var authenticated = false; + + // *** Accessor methods *** + + // allows setting the random number A for testing + + this.calculateAndSetA = function(_a) { + a = _a; + A = calculate.A(_a); + return A; + }; + + this.update = function() { + var salt = calculate.randomSalt(); + var x = calculate.X(account.login(), account.password(), salt); + return { + login: account.login(), + password_salt: salt, + password_verifier: calculate.V(x) + }; + } + + this.signup = function() { + var loginParams = this.update(); + + if (account.loginParams) { + var extraParams = account.loginParams(); + for (var attr in extraParams) { + loginParams[attr] = extraParams[attr]; + } + } + + return loginParams; + }; + + this.handshake = function() { + return { + login: account.login(), + A: this.getA() + }; + }; + + this.getA = function() { + return A; + } + + // Delegate login & id so they can be used when talking to the remote + this.login = account.login; + this.id = account.id; + + // Calculate S, M, and M2 + // This is the client side of the SRP specification + this.calculations = function(salt, ephemeral) + { + //S -> C: s | B + var B = calculate.zeroPrefix(ephemeral); + salt = calculate.zeroPrefix(salt); + var x = calculate.X(account.login(), account.password(), salt); + S = calculate.S(a, A, B, x); + K = calculate.K(S); + + // M = H(H(N) xor H(g), H(I), s, A, B, K) + var xor = calculate.nXorG(); + var hash_i = calculate.hash(account.login()) + M = calculate.hashHex(xor + hash_i + salt + A + B + K); + //M2 = H(A, M, K) + M2 = calculate.hashHex(A + M + K); + }; + + + this.getS = function() { + return S; + } + + this.getM = function() { + return M; + } + + this.validate = function(serverM2) { + authenticated = (serverM2 && serverM2 == M2) + return authenticated; + } + + // If someone wants to use the session key for encrypting traffic, they can + // access the key with this function. + this.key = function() + { + if(K) { + return K; + } else { + this.onError("User has not been authenticated."); + } + }; + + // Encrypt plaintext using slowAES + this.encrypt = function(plaintext) + { + var key = cryptoHelpers.toNumbers(session.key()); + var byteMessage = cryptoHelpers.convertStringToByteArray(plaintext); + var iv = new Array(16); + rng.nextBytes(iv); + var paddedByteMessage = slowAES.getPaddedBlock(byteMessage, 0, byteMessage.length, slowAES.modeOfOperation.CFB); + var ciphertext = slowAES.encrypt(paddedByteMessage, slowAES.modeOfOperation.CFB, key, key.length, iv).cipher; + var retstring = cryptoHelpers.base64.encode(iv.concat(ciphertext)); + while(retstring.indexOf("+",0) > -1) + retstring = retstring.replace("+", "_"); + return retstring; + }; +}; + |