diff options
author | Azul <azul@riseup.net> | 2017-03-23 14:12:30 +0100 |
---|---|---|
committer | Azul <azul@riseup.net> | 2017-03-23 14:12:30 +0100 |
commit | 372b15afed0b7477bd83062feaa7f24c4d40e38d (patch) | |
tree | 0e901532c839d7d0db922cb97d064df279090116 /app/assets/javascripts/srp/src | |
parent | ac4cf4a1da4dcc697f1f5219f0073c5991a135e0 (diff) |
git subrepo clone https://leap.se/git/srp_js app/assets/javascripts/srp
subrepo:
subdir: "app/assets/javascripts/srp"
merged: "9e1a417"
upstream:
origin: "https://leap.se/git/srp_js"
branch: "master"
commit: "9e1a417"
git-subrepo:
version: "0.3.1"
origin: "https://github.com/ingydotnet/git-subrepo"
commit: "a7ee886"
Diffstat (limited to 'app/assets/javascripts/srp/src')
m--------- | app/assets/javascripts/srp | 0 | ||||
-rw-r--r-- | app/assets/javascripts/srp/src/jqueryRest.js | 103 | ||||
-rw-r--r-- | app/assets/javascripts/srp/src/srp.js | 24 | ||||
-rw-r--r-- | app/assets/javascripts/srp/src/srp_account.js | 17 | ||||
-rw-r--r-- | app/assets/javascripts/srp/src/srp_calculate.js | 141 | ||||
-rw-r--r-- | app/assets/javascripts/srp/src/srp_session.js | 122 |
6 files changed, 407 insertions, 0 deletions
diff --git a/app/assets/javascripts/srp b/app/assets/javascripts/srp deleted file mode 160000 -Subproject 9e1a41733468d4a3f5102b04277b9cd7b52d0a4 diff --git a/app/assets/javascripts/srp/src/jqueryRest.js b/app/assets/javascripts/srp/src/jqueryRest.js new file mode 100644 index 0000000..0c58eb2 --- /dev/null +++ b/app/assets/javascripts/srp/src/jqueryRest.js @@ -0,0 +1,103 @@ +srp.remote = (function(){ + var jqueryRest = (function() { + + // TODO: Do we need to differentiate between PUT and POST? + function register(session) { + return $.post("/1/users.json", {user: session.signup() }); + } + + function update(session, token) { + return $.ajax({ + url: "/1/users/" + session.id() + ".json", + type: 'PUT', + headers: { Authorization: 'Token token="' + token + '"' }, + data: {user: session.update() } + }); + } + + function handshake(session) { + return $.post("/1/sessions.json", session.handshake()); + } + + function authenticate(session) { + return $.ajax({ + url: "/1/sessions/" + session.login() + ".json", + type: 'PUT', + data: {client_auth: session.getM()} + }); + } + + return { + register: register, + update: update, + handshake: handshake, + authenticate: authenticate + }; + }()); + + + function signup(){ + jqueryRest.register(srp.session) + .done(srp.signedUp) + .fail(error) + }; + + function update(submitEvent){ + var form = submitEvent.target; + var token = form.dataset.token; + jqueryRest.update(srp.session, token) + .done(srp.updated) + .fail(error) + }; + + function login(){ + jqueryRest.handshake(srp.session) + .done(receiveSalts) + .fail(error) + }; + + function receiveSalts(response){ + // B = 0 will make the algorithm always succeed + // -> refuse such a server answer + if(response.B === 0) { + srp.error("Server send random number 0 - could not login."); + } + else if(! response.salt || response.salt === 0) { + srp.error("Server failed to send salt - could not login."); + } + else + { + srp.session.calculations(response.salt, response.B); + jqueryRest.authenticate(srp.session) + .done(confirmAuthentication) + .fail(error); + } + }; + + // Receive M2 from the server and verify it + // If an error occurs, raise it as an alert. + function confirmAuthentication(response) + { + if (srp.session.validate(response.M2)) + srp.loggedIn(); + else + srp.error("Server key does not match"); + }; + + // The server will send error messages as json alongside + // the http error response. + function error(xhr, text, thrown) + { + if (xhr.responseText && xhr.responseText != "") + srp.error($.parseJSON(xhr.responseText)); + else + srp.error("Server did not respond."); + }; + + return { + signup: signup, + update: update, + login: login + } + +}()); diff --git a/app/assets/javascripts/srp/src/srp.js b/app/assets/javascripts/srp/src/srp.js new file mode 100644 index 0000000..efd50d2 --- /dev/null +++ b/app/assets/javascripts/srp/src/srp.js @@ -0,0 +1,24 @@ +var srp = (function(){ + + function signup() + { + srp.remote.signup(); + }; + + function login() + { + srp.remote.login(); + }; + + function update(submitEvent) + { + srp.remote.update(submitEvent); + }; + + return { + signup: signup, + update: update, + login: login + } +}()); + diff --git a/app/assets/javascripts/srp/src/srp_account.js b/app/assets/javascripts/srp/src/srp_account.js new file mode 100644 index 0000000..e949f12 --- /dev/null +++ b/app/assets/javascripts/srp/src/srp_account.js @@ -0,0 +1,17 @@ +srp.Account = function(login, password, id) { + + // Returns the user's identity + this.login = function() { + return login || document.getElementById("srp_username").value; + }; + + // Returns the password currently typed in + this.password = function() { + return password || document.getElementById("srp_password").value; + }; + + // The user's id + this.id = function() { + return id || document.getElementById("user_param").value; + }; +} diff --git a/app/assets/javascripts/srp/src/srp_calculate.js b/app/assets/javascripts/srp/src/srp_calculate.js new file mode 100644 index 0000000..e32def8 --- /dev/null +++ b/app/assets/javascripts/srp/src/srp_calculate.js @@ -0,0 +1,141 @@ +srp.Calculate = function() { + + // Variables used in the SRP protocol + var Nstr = "eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3"; + var N = new BigInteger(Nstr, 16); + var g = new BigInteger("2"); + var k = new BigInteger("bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0", 16); + var rng = new SecureRandom(); + + this.A = function(_a) { + a = new BigInteger(_a, 16); + return zeroPrefix(g.modPow(a, N).toString(16)); + }; + + // Calculates the X value + // x = H(s, H(I:p)) + this.X = function(login, password, salt) { + var salted = salt + this.hash(login + ":" + password) + return this.hashHex(salted); + }; + + this.V = this.A; + + // u = H(A,B) + this.U = function(A, B) { + return this.hashHex(A + B); + }; + + //S = (B - kg^x) ^ (a + ux) + this.S = function(_a, _A, _B, _x) { + var a = new BigInteger(_a, 16); + var x = new BigInteger(_x, 16); + var u = new BigInteger(this.U(_A, _B), 16); + var B = new BigInteger(_B, 16); + + var kgx = k.multiply(g.modPow(x, N)); + var aux = a.add(u.multiply(x)); + + return zeroPrefix(B.subtract(kgx).modPow(aux, N).toString(16)); + } + + this.K = function(_S) { + return this.hashHex(_S); + } + + this.nXorG = function() { + var hashN = this.hashHex(Nstr); + var hashG = this.hashHex(g.toString(16)); + return hexXor(hashN, hashG); + }; + + this.hashHex = function(hexString) { + return SHA256(hex2a(hexString)); + }; + + this.hash = function(string) { + return SHA256(utf8Encode(string)); + }; + + this.isInvalidEphemeral = function(a) { + return (g.modPow(a, N) == 0); + }; + + this.randomEphemeral = function() { + var a = new BigInteger(32, rng); + while(this.isInvalidEphemeral(a)) + { + a = new BigInteger(32, rng); + } + return zeroPrefix(a.toString(16)); + }; + + // some 16 byte random number + this.randomSalt = function() { + var salt = new BigInteger(64, rng); + return zeroPrefix(salt.toString(16)); + } + + // expose zeroPrefix for received values. + this.zeroPrefix = zeroPrefix; + + function hex2a(hex) { + var str = ''; + if(hex.length % 2) { + hex = "0" + hex; + } + for (var i = 0; i < hex.length; i += 2) + str += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); + return str; + } + + + function zeroPrefix(hex) { + if (hex.length % 2) { + return "0" + hex; + } else { + return hex; + } + } + + + function removeLeading0(hex) { + if (hex[0] == "0") { + return hex.substr(1); + } else { + return hex; + } + } + + function hexXor(a, b) { + var str = ''; + for (var i = 0; i < a.length; i += 2) { + var xor = parseInt(a.substr(i, 2), 16) ^ parseInt(b.substr(i, 2), 16) + xor = xor.toString(16); + str += (xor.length == 1) ? ("0" + xor) : xor + } + return str; + } + + function utf8Encode(string) { + string = string.replace(/\r\n/g,"\n"); + var utftext = ""; + + for (var n = 0; n < string.length; n++) { + var c = string.charCodeAt(n); + if (c < 128) { + utftext += String.fromCharCode(c); + } + else if((c > 127) && (c < 2048)) { + utftext += String.fromCharCode((c >> 6) | 192); + utftext += String.fromCharCode((c & 63) | 128); + } + else { + utftext += String.fromCharCode((c >> 12) | 224); + utftext += String.fromCharCode(((c >> 6) & 63) | 128); + utftext += String.fromCharCode((c & 63) | 128); + } + } + return utftext; + } +}; diff --git a/app/assets/javascripts/srp/src/srp_session.js b/app/assets/javascripts/srp/src/srp_session.js new file mode 100644 index 0000000..88f19d5 --- /dev/null +++ b/app/assets/javascripts/srp/src/srp_session.js @@ -0,0 +1,122 @@ +srp.Session = function(account, calculate) { + + // default for injected dependency + account = account || new srp.Account(); + calculate = calculate || new srp.Calculate(); + + var a = calculate.randomEphemeral(); + var A = calculate.A(a); + var S = null; + var K = null; + var M = null; + var M2 = null; + var authenticated = false; + + // *** Accessor methods *** + + // allows setting the random number A for testing + + this.calculateAndSetA = function(_a) { + a = _a; + A = calculate.A(_a); + return A; + }; + + this.update = function() { + var salt = calculate.randomSalt(); + var x = calculate.X(account.login(), account.password(), salt); + return { + login: account.login(), + password_salt: salt, + password_verifier: calculate.V(x) + }; + } + + this.signup = function() { + var loginParams = this.update(); + + if (account.loginParams) { + var extraParams = account.loginParams(); + for (var attr in extraParams) { + loginParams[attr] = extraParams[attr]; + } + } + + return loginParams; + }; + + this.handshake = function() { + return { + login: account.login(), + A: this.getA() + }; + }; + + this.getA = function() { + return A; + } + + // Delegate login & id so they can be used when talking to the remote + this.login = account.login; + this.id = account.id; + + // Calculate S, M, and M2 + // This is the client side of the SRP specification + this.calculations = function(salt, ephemeral) + { + //S -> C: s | B + var B = calculate.zeroPrefix(ephemeral); + salt = calculate.zeroPrefix(salt); + var x = calculate.X(account.login(), account.password(), salt); + S = calculate.S(a, A, B, x); + K = calculate.K(S); + + // M = H(H(N) xor H(g), H(I), s, A, B, K) + var xor = calculate.nXorG(); + var hash_i = calculate.hash(account.login()) + M = calculate.hashHex(xor + hash_i + salt + A + B + K); + //M2 = H(A, M, K) + M2 = calculate.hashHex(A + M + K); + }; + + + this.getS = function() { + return S; + } + + this.getM = function() { + return M; + } + + this.validate = function(serverM2) { + authenticated = (serverM2 && serverM2 == M2) + return authenticated; + } + + // If someone wants to use the session key for encrypting traffic, they can + // access the key with this function. + this.key = function() + { + if(K) { + return K; + } else { + this.onError("User has not been authenticated."); + } + }; + + // Encrypt plaintext using slowAES + this.encrypt = function(plaintext) + { + var key = cryptoHelpers.toNumbers(session.key()); + var byteMessage = cryptoHelpers.convertStringToByteArray(plaintext); + var iv = new Array(16); + rng.nextBytes(iv); + var paddedByteMessage = slowAES.getPaddedBlock(byteMessage, 0, byteMessage.length, slowAES.modeOfOperation.CFB); + var ciphertext = slowAES.encrypt(paddedByteMessage, slowAES.modeOfOperation.CFB, key, key.length, iv).cipher; + var retstring = cryptoHelpers.base64.encode(iv.concat(ciphertext)); + while(retstring.indexOf("+",0) > -1) + retstring = retstring.replace("+", "_"); + return retstring; + }; +}; + |