summaryrefslogtreecommitdiff
path: root/app/assets/javascripts/srp/src
diff options
context:
space:
mode:
authorAzul <azul@riseup.net>2017-03-23 14:12:30 +0100
committerAzul <azul@riseup.net>2017-03-23 14:12:30 +0100
commit372b15afed0b7477bd83062feaa7f24c4d40e38d (patch)
tree0e901532c839d7d0db922cb97d064df279090116 /app/assets/javascripts/srp/src
parentac4cf4a1da4dcc697f1f5219f0073c5991a135e0 (diff)
git subrepo clone https://leap.se/git/srp_js app/assets/javascripts/srp
subrepo: subdir: "app/assets/javascripts/srp" merged: "9e1a417" upstream: origin: "https://leap.se/git/srp_js" branch: "master" commit: "9e1a417" git-subrepo: version: "0.3.1" origin: "https://github.com/ingydotnet/git-subrepo" commit: "a7ee886"
Diffstat (limited to 'app/assets/javascripts/srp/src')
m---------app/assets/javascripts/srp0
-rw-r--r--app/assets/javascripts/srp/src/jqueryRest.js103
-rw-r--r--app/assets/javascripts/srp/src/srp.js24
-rw-r--r--app/assets/javascripts/srp/src/srp_account.js17
-rw-r--r--app/assets/javascripts/srp/src/srp_calculate.js141
-rw-r--r--app/assets/javascripts/srp/src/srp_session.js122
6 files changed, 407 insertions, 0 deletions
diff --git a/app/assets/javascripts/srp b/app/assets/javascripts/srp
deleted file mode 160000
-Subproject 9e1a41733468d4a3f5102b04277b9cd7b52d0a4
diff --git a/app/assets/javascripts/srp/src/jqueryRest.js b/app/assets/javascripts/srp/src/jqueryRest.js
new file mode 100644
index 0000000..0c58eb2
--- /dev/null
+++ b/app/assets/javascripts/srp/src/jqueryRest.js
@@ -0,0 +1,103 @@
+srp.remote = (function(){
+ var jqueryRest = (function() {
+
+ // TODO: Do we need to differentiate between PUT and POST?
+ function register(session) {
+ return $.post("/1/users.json", {user: session.signup() });
+ }
+
+ function update(session, token) {
+ return $.ajax({
+ url: "/1/users/" + session.id() + ".json",
+ type: 'PUT',
+ headers: { Authorization: 'Token token="' + token + '"' },
+ data: {user: session.update() }
+ });
+ }
+
+ function handshake(session) {
+ return $.post("/1/sessions.json", session.handshake());
+ }
+
+ function authenticate(session) {
+ return $.ajax({
+ url: "/1/sessions/" + session.login() + ".json",
+ type: 'PUT',
+ data: {client_auth: session.getM()}
+ });
+ }
+
+ return {
+ register: register,
+ update: update,
+ handshake: handshake,
+ authenticate: authenticate
+ };
+ }());
+
+
+ function signup(){
+ jqueryRest.register(srp.session)
+ .done(srp.signedUp)
+ .fail(error)
+ };
+
+ function update(submitEvent){
+ var form = submitEvent.target;
+ var token = form.dataset.token;
+ jqueryRest.update(srp.session, token)
+ .done(srp.updated)
+ .fail(error)
+ };
+
+ function login(){
+ jqueryRest.handshake(srp.session)
+ .done(receiveSalts)
+ .fail(error)
+ };
+
+ function receiveSalts(response){
+ // B = 0 will make the algorithm always succeed
+ // -> refuse such a server answer
+ if(response.B === 0) {
+ srp.error("Server send random number 0 - could not login.");
+ }
+ else if(! response.salt || response.salt === 0) {
+ srp.error("Server failed to send salt - could not login.");
+ }
+ else
+ {
+ srp.session.calculations(response.salt, response.B);
+ jqueryRest.authenticate(srp.session)
+ .done(confirmAuthentication)
+ .fail(error);
+ }
+ };
+
+ // Receive M2 from the server and verify it
+ // If an error occurs, raise it as an alert.
+ function confirmAuthentication(response)
+ {
+ if (srp.session.validate(response.M2))
+ srp.loggedIn();
+ else
+ srp.error("Server key does not match");
+ };
+
+ // The server will send error messages as json alongside
+ // the http error response.
+ function error(xhr, text, thrown)
+ {
+ if (xhr.responseText && xhr.responseText != "")
+ srp.error($.parseJSON(xhr.responseText));
+ else
+ srp.error("Server did not respond.");
+ };
+
+ return {
+ signup: signup,
+ update: update,
+ login: login
+ }
+
+}());
diff --git a/app/assets/javascripts/srp/src/srp.js b/app/assets/javascripts/srp/src/srp.js
new file mode 100644
index 0000000..efd50d2
--- /dev/null
+++ b/app/assets/javascripts/srp/src/srp.js
@@ -0,0 +1,24 @@
+var srp = (function(){
+
+ function signup()
+ {
+ srp.remote.signup();
+ };
+
+ function login()
+ {
+ srp.remote.login();
+ };
+
+ function update(submitEvent)
+ {
+ srp.remote.update(submitEvent);
+ };
+
+ return {
+ signup: signup,
+ update: update,
+ login: login
+ }
+}());
+
diff --git a/app/assets/javascripts/srp/src/srp_account.js b/app/assets/javascripts/srp/src/srp_account.js
new file mode 100644
index 0000000..e949f12
--- /dev/null
+++ b/app/assets/javascripts/srp/src/srp_account.js
@@ -0,0 +1,17 @@
+srp.Account = function(login, password, id) {
+
+ // Returns the user's identity
+ this.login = function() {
+ return login || document.getElementById("srp_username").value;
+ };
+
+ // Returns the password currently typed in
+ this.password = function() {
+ return password || document.getElementById("srp_password").value;
+ };
+
+ // The user's id
+ this.id = function() {
+ return id || document.getElementById("user_param").value;
+ };
+}
diff --git a/app/assets/javascripts/srp/src/srp_calculate.js b/app/assets/javascripts/srp/src/srp_calculate.js
new file mode 100644
index 0000000..e32def8
--- /dev/null
+++ b/app/assets/javascripts/srp/src/srp_calculate.js
@@ -0,0 +1,141 @@
+srp.Calculate = function() {
+
+ // Variables used in the SRP protocol
+ var Nstr = "eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3";
+ var N = new BigInteger(Nstr, 16);
+ var g = new BigInteger("2");
+ var k = new BigInteger("bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0", 16);
+ var rng = new SecureRandom();
+
+ this.A = function(_a) {
+ a = new BigInteger(_a, 16);
+ return zeroPrefix(g.modPow(a, N).toString(16));
+ };
+
+ // Calculates the X value
+ // x = H(s, H(I:p))
+ this.X = function(login, password, salt) {
+ var salted = salt + this.hash(login + ":" + password)
+ return this.hashHex(salted);
+ };
+
+ this.V = this.A;
+
+ // u = H(A,B)
+ this.U = function(A, B) {
+ return this.hashHex(A + B);
+ };
+
+ //S = (B - kg^x) ^ (a + ux)
+ this.S = function(_a, _A, _B, _x) {
+ var a = new BigInteger(_a, 16);
+ var x = new BigInteger(_x, 16);
+ var u = new BigInteger(this.U(_A, _B), 16);
+ var B = new BigInteger(_B, 16);
+
+ var kgx = k.multiply(g.modPow(x, N));
+ var aux = a.add(u.multiply(x));
+
+ return zeroPrefix(B.subtract(kgx).modPow(aux, N).toString(16));
+ }
+
+ this.K = function(_S) {
+ return this.hashHex(_S);
+ }
+
+ this.nXorG = function() {
+ var hashN = this.hashHex(Nstr);
+ var hashG = this.hashHex(g.toString(16));
+ return hexXor(hashN, hashG);
+ };
+
+ this.hashHex = function(hexString) {
+ return SHA256(hex2a(hexString));
+ };
+
+ this.hash = function(string) {
+ return SHA256(utf8Encode(string));
+ };
+
+ this.isInvalidEphemeral = function(a) {
+ return (g.modPow(a, N) == 0);
+ };
+
+ this.randomEphemeral = function() {
+ var a = new BigInteger(32, rng);
+ while(this.isInvalidEphemeral(a))
+ {
+ a = new BigInteger(32, rng);
+ }
+ return zeroPrefix(a.toString(16));
+ };
+
+ // some 16 byte random number
+ this.randomSalt = function() {
+ var salt = new BigInteger(64, rng);
+ return zeroPrefix(salt.toString(16));
+ }
+
+ // expose zeroPrefix for received values.
+ this.zeroPrefix = zeroPrefix;
+
+ function hex2a(hex) {
+ var str = '';
+ if(hex.length % 2) {
+ hex = "0" + hex;
+ }
+ for (var i = 0; i < hex.length; i += 2)
+ str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
+ return str;
+ }
+
+
+ function zeroPrefix(hex) {
+ if (hex.length % 2) {
+ return "0" + hex;
+ } else {
+ return hex;
+ }
+ }
+
+
+ function removeLeading0(hex) {
+ if (hex[0] == "0") {
+ return hex.substr(1);
+ } else {
+ return hex;
+ }
+ }
+
+ function hexXor(a, b) {
+ var str = '';
+ for (var i = 0; i < a.length; i += 2) {
+ var xor = parseInt(a.substr(i, 2), 16) ^ parseInt(b.substr(i, 2), 16)
+ xor = xor.toString(16);
+ str += (xor.length == 1) ? ("0" + xor) : xor
+ }
+ return str;
+ }
+
+ function utf8Encode(string) {
+ string = string.replace(/\r\n/g,"\n");
+ var utftext = "";
+
+ for (var n = 0; n < string.length; n++) {
+ var c = string.charCodeAt(n);
+ if (c < 128) {
+ utftext += String.fromCharCode(c);
+ }
+ else if((c > 127) && (c < 2048)) {
+ utftext += String.fromCharCode((c >> 6) | 192);
+ utftext += String.fromCharCode((c & 63) | 128);
+ }
+ else {
+ utftext += String.fromCharCode((c >> 12) | 224);
+ utftext += String.fromCharCode(((c >> 6) & 63) | 128);
+ utftext += String.fromCharCode((c & 63) | 128);
+ }
+ }
+ return utftext;
+ }
+};
diff --git a/app/assets/javascripts/srp/src/srp_session.js b/app/assets/javascripts/srp/src/srp_session.js
new file mode 100644
index 0000000..88f19d5
--- /dev/null
+++ b/app/assets/javascripts/srp/src/srp_session.js
@@ -0,0 +1,122 @@
+srp.Session = function(account, calculate) {
+
+ // default for injected dependency
+ account = account || new srp.Account();
+ calculate = calculate || new srp.Calculate();
+
+ var a = calculate.randomEphemeral();
+ var A = calculate.A(a);
+ var S = null;
+ var K = null;
+ var M = null;
+ var M2 = null;
+ var authenticated = false;
+
+ // *** Accessor methods ***
+
+ // allows setting the random number A for testing
+
+ this.calculateAndSetA = function(_a) {
+ a = _a;
+ A = calculate.A(_a);
+ return A;
+ };
+
+ this.update = function() {
+ var salt = calculate.randomSalt();
+ var x = calculate.X(account.login(), account.password(), salt);
+ return {
+ login: account.login(),
+ password_salt: salt,
+ password_verifier: calculate.V(x)
+ };
+ }
+
+ this.signup = function() {
+ var loginParams = this.update();
+
+ if (account.loginParams) {
+ var extraParams = account.loginParams();
+ for (var attr in extraParams) {
+ loginParams[attr] = extraParams[attr];
+ }
+ }
+
+ return loginParams;
+ };
+
+ this.handshake = function() {
+ return {
+ login: account.login(),
+ A: this.getA()
+ };
+ };
+
+ this.getA = function() {
+ return A;
+ }
+
+ // Delegate login & id so they can be used when talking to the remote
+ this.login = account.login;
+ this.id = account.id;
+
+ // Calculate S, M, and M2
+ // This is the client side of the SRP specification
+ this.calculations = function(salt, ephemeral)
+ {
+ //S -> C: s | B
+ var B = calculate.zeroPrefix(ephemeral);
+ salt = calculate.zeroPrefix(salt);
+ var x = calculate.X(account.login(), account.password(), salt);
+ S = calculate.S(a, A, B, x);
+ K = calculate.K(S);
+
+ // M = H(H(N) xor H(g), H(I), s, A, B, K)
+ var xor = calculate.nXorG();
+ var hash_i = calculate.hash(account.login())
+ M = calculate.hashHex(xor + hash_i + salt + A + B + K);
+ //M2 = H(A, M, K)
+ M2 = calculate.hashHex(A + M + K);
+ };
+
+
+ this.getS = function() {
+ return S;
+ }
+
+ this.getM = function() {
+ return M;
+ }
+
+ this.validate = function(serverM2) {
+ authenticated = (serverM2 && serverM2 == M2)
+ return authenticated;
+ }
+
+ // If someone wants to use the session key for encrypting traffic, they can
+ // access the key with this function.
+ this.key = function()
+ {
+ if(K) {
+ return K;
+ } else {
+ this.onError("User has not been authenticated.");
+ }
+ };
+
+ // Encrypt plaintext using slowAES
+ this.encrypt = function(plaintext)
+ {
+ var key = cryptoHelpers.toNumbers(session.key());
+ var byteMessage = cryptoHelpers.convertStringToByteArray(plaintext);
+ var iv = new Array(16);
+ rng.nextBytes(iv);
+ var paddedByteMessage = slowAES.getPaddedBlock(byteMessage, 0, byteMessage.length, slowAES.modeOfOperation.CFB);
+ var ciphertext = slowAES.encrypt(paddedByteMessage, slowAES.modeOfOperation.CFB, key, key.length, iv).cipher;
+ var retstring = cryptoHelpers.base64.encode(iv.concat(ciphertext));
+ while(retstring.indexOf("+",0) > -1)
+ retstring = retstring.replace("+", "_");
+ return retstring;
+ };
+};
+