diff options
Diffstat (limited to 'app/assets/javascripts/srp/src')
-rw-r--r-- | app/assets/javascripts/srp/src/jqueryRest.js | 110 | ||||
-rw-r--r-- | app/assets/javascripts/srp/src/srp.js | 24 | ||||
-rw-r--r-- | app/assets/javascripts/srp/src/srp_account.js | 17 | ||||
-rw-r--r-- | app/assets/javascripts/srp/src/srp_calculate.js | 141 | ||||
-rw-r--r-- | app/assets/javascripts/srp/src/srp_session.js | 122 |
5 files changed, 0 insertions, 414 deletions
diff --git a/app/assets/javascripts/srp/src/jqueryRest.js b/app/assets/javascripts/srp/src/jqueryRest.js deleted file mode 100644 index 437bd65..0000000 --- a/app/assets/javascripts/srp/src/jqueryRest.js +++ /dev/null @@ -1,110 +0,0 @@ -srp.remote = (function(){ - var jqueryRest = (function() { - - // TODO: Do we need to differentiate between PUT and POST? - function register(session) { - return $.post("/1/users.json", {user: session.signup() }); - } - - function update(session, token) { - return $.ajax({ - url: "/1/users/" + session.id() + ".json", - type: 'PUT', - headers: { Authorization: 'Token token="' + token + '"' }, - data: {user: session.update() } - }); - } - - function handshake(session) { - return $.post("/1/sessions.json", session.handshake()); - } - - function authenticate(session) { - return $.ajax({ - url: "/1/sessions/" + session.login() + ".json", - type: 'PUT', - data: {client_auth: session.getM()} - }); - } - - return { - register: register, - update: update, - handshake: handshake, - authenticate: authenticate - }; - }()); - - - function signup(){ - jqueryRest.register(srp.session) - .done(srp.signedUp) - .fail(error) - }; - - function update(submitEvent){ - var form = submitEvent.target; - var token = form.dataset.token; - jqueryRest.update(srp.session, token) - .done(srp.updated) - .fail(error) - }; - - function login(){ - jqueryRest.handshake(srp.session) - .done(receiveSalts) - .fail(error) - }; - - function receiveSalts(response){ - // B = 0 will make the algorithm always succeed - // -> refuse such a server answer - if(response.B === 0) { - srp.error("Server send random number 0 - could not login."); - } - else if(! response.salt || response.salt === 0) { - srp.error("Server failed to send salt - could not login."); - } - else - { - srp.session.calculations(response.salt, response.B); - jqueryRest.authenticate(srp.session) - .done(confirmAuthentication) - .fail(error); - } - }; - - // Receive M2 from the server and verify it - // If an error occurs, raise it as an alert. - function confirmAuthentication(response) - { - if (srp.session.validate(response.M2)) - srp.loggedIn(); - else - srp.error("Server key does not match"); - }; - - // The server will send error messages as json alongside - // the http error response. - function error(xhr, text, thrown) - { - var message; - if (xhr.responseText && xhr.responseText != "") { - try { - message = $.parseJSON(xhr.responseText); - } catch (err) { - message = xhr.responseText; - } - } else { - message = "Server did not respond."; - } - srp.error(message); - }; - - return { - signup: signup, - update: update, - login: login - } - -}()); diff --git a/app/assets/javascripts/srp/src/srp.js b/app/assets/javascripts/srp/src/srp.js deleted file mode 100644 index efd50d2..0000000 --- a/app/assets/javascripts/srp/src/srp.js +++ /dev/null @@ -1,24 +0,0 @@ -var srp = (function(){ - - function signup() - { - srp.remote.signup(); - }; - - function login() - { - srp.remote.login(); - }; - - function update(submitEvent) - { - srp.remote.update(submitEvent); - }; - - return { - signup: signup, - update: update, - login: login - } -}()); - diff --git a/app/assets/javascripts/srp/src/srp_account.js b/app/assets/javascripts/srp/src/srp_account.js deleted file mode 100644 index e949f12..0000000 --- a/app/assets/javascripts/srp/src/srp_account.js +++ /dev/null @@ -1,17 +0,0 @@ -srp.Account = function(login, password, id) { - - // Returns the user's identity - this.login = function() { - return login || document.getElementById("srp_username").value; - }; - - // Returns the password currently typed in - this.password = function() { - return password || document.getElementById("srp_password").value; - }; - - // The user's id - this.id = function() { - return id || document.getElementById("user_param").value; - }; -} diff --git a/app/assets/javascripts/srp/src/srp_calculate.js b/app/assets/javascripts/srp/src/srp_calculate.js deleted file mode 100644 index e32def8..0000000 --- a/app/assets/javascripts/srp/src/srp_calculate.js +++ /dev/null @@ -1,141 +0,0 @@ -srp.Calculate = function() { - - // Variables used in the SRP protocol - var Nstr = "eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3"; - var N = new BigInteger(Nstr, 16); - var g = new BigInteger("2"); - var k = new BigInteger("bf66c44a428916cad64aa7c679f3fd897ad4c375e9bbb4cbf2f5de241d618ef0", 16); - var rng = new SecureRandom(); - - this.A = function(_a) { - a = new BigInteger(_a, 16); - return zeroPrefix(g.modPow(a, N).toString(16)); - }; - - // Calculates the X value - // x = H(s, H(I:p)) - this.X = function(login, password, salt) { - var salted = salt + this.hash(login + ":" + password) - return this.hashHex(salted); - }; - - this.V = this.A; - - // u = H(A,B) - this.U = function(A, B) { - return this.hashHex(A + B); - }; - - //S = (B - kg^x) ^ (a + ux) - this.S = function(_a, _A, _B, _x) { - var a = new BigInteger(_a, 16); - var x = new BigInteger(_x, 16); - var u = new BigInteger(this.U(_A, _B), 16); - var B = new BigInteger(_B, 16); - - var kgx = k.multiply(g.modPow(x, N)); - var aux = a.add(u.multiply(x)); - - return zeroPrefix(B.subtract(kgx).modPow(aux, N).toString(16)); - } - - this.K = function(_S) { - return this.hashHex(_S); - } - - this.nXorG = function() { - var hashN = this.hashHex(Nstr); - var hashG = this.hashHex(g.toString(16)); - return hexXor(hashN, hashG); - }; - - this.hashHex = function(hexString) { - return SHA256(hex2a(hexString)); - }; - - this.hash = function(string) { - return SHA256(utf8Encode(string)); - }; - - this.isInvalidEphemeral = function(a) { - return (g.modPow(a, N) == 0); - }; - - this.randomEphemeral = function() { - var a = new BigInteger(32, rng); - while(this.isInvalidEphemeral(a)) - { - a = new BigInteger(32, rng); - } - return zeroPrefix(a.toString(16)); - }; - - // some 16 byte random number - this.randomSalt = function() { - var salt = new BigInteger(64, rng); - return zeroPrefix(salt.toString(16)); - } - - // expose zeroPrefix for received values. - this.zeroPrefix = zeroPrefix; - - function hex2a(hex) { - var str = ''; - if(hex.length % 2) { - hex = "0" + hex; - } - for (var i = 0; i < hex.length; i += 2) - str += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); - return str; - } - - - function zeroPrefix(hex) { - if (hex.length % 2) { - return "0" + hex; - } else { - return hex; - } - } - - - function removeLeading0(hex) { - if (hex[0] == "0") { - return hex.substr(1); - } else { - return hex; - } - } - - function hexXor(a, b) { - var str = ''; - for (var i = 0; i < a.length; i += 2) { - var xor = parseInt(a.substr(i, 2), 16) ^ parseInt(b.substr(i, 2), 16) - xor = xor.toString(16); - str += (xor.length == 1) ? ("0" + xor) : xor - } - return str; - } - - function utf8Encode(string) { - string = string.replace(/\r\n/g,"\n"); - var utftext = ""; - - for (var n = 0; n < string.length; n++) { - var c = string.charCodeAt(n); - if (c < 128) { - utftext += String.fromCharCode(c); - } - else if((c > 127) && (c < 2048)) { - utftext += String.fromCharCode((c >> 6) | 192); - utftext += String.fromCharCode((c & 63) | 128); - } - else { - utftext += String.fromCharCode((c >> 12) | 224); - utftext += String.fromCharCode(((c >> 6) & 63) | 128); - utftext += String.fromCharCode((c & 63) | 128); - } - } - return utftext; - } -}; diff --git a/app/assets/javascripts/srp/src/srp_session.js b/app/assets/javascripts/srp/src/srp_session.js deleted file mode 100644 index 88f19d5..0000000 --- a/app/assets/javascripts/srp/src/srp_session.js +++ /dev/null @@ -1,122 +0,0 @@ -srp.Session = function(account, calculate) { - - // default for injected dependency - account = account || new srp.Account(); - calculate = calculate || new srp.Calculate(); - - var a = calculate.randomEphemeral(); - var A = calculate.A(a); - var S = null; - var K = null; - var M = null; - var M2 = null; - var authenticated = false; - - // *** Accessor methods *** - - // allows setting the random number A for testing - - this.calculateAndSetA = function(_a) { - a = _a; - A = calculate.A(_a); - return A; - }; - - this.update = function() { - var salt = calculate.randomSalt(); - var x = calculate.X(account.login(), account.password(), salt); - return { - login: account.login(), - password_salt: salt, - password_verifier: calculate.V(x) - }; - } - - this.signup = function() { - var loginParams = this.update(); - - if (account.loginParams) { - var extraParams = account.loginParams(); - for (var attr in extraParams) { - loginParams[attr] = extraParams[attr]; - } - } - - return loginParams; - }; - - this.handshake = function() { - return { - login: account.login(), - A: this.getA() - }; - }; - - this.getA = function() { - return A; - } - - // Delegate login & id so they can be used when talking to the remote - this.login = account.login; - this.id = account.id; - - // Calculate S, M, and M2 - // This is the client side of the SRP specification - this.calculations = function(salt, ephemeral) - { - //S -> C: s | B - var B = calculate.zeroPrefix(ephemeral); - salt = calculate.zeroPrefix(salt); - var x = calculate.X(account.login(), account.password(), salt); - S = calculate.S(a, A, B, x); - K = calculate.K(S); - - // M = H(H(N) xor H(g), H(I), s, A, B, K) - var xor = calculate.nXorG(); - var hash_i = calculate.hash(account.login()) - M = calculate.hashHex(xor + hash_i + salt + A + B + K); - //M2 = H(A, M, K) - M2 = calculate.hashHex(A + M + K); - }; - - - this.getS = function() { - return S; - } - - this.getM = function() { - return M; - } - - this.validate = function(serverM2) { - authenticated = (serverM2 && serverM2 == M2) - return authenticated; - } - - // If someone wants to use the session key for encrypting traffic, they can - // access the key with this function. - this.key = function() - { - if(K) { - return K; - } else { - this.onError("User has not been authenticated."); - } - }; - - // Encrypt plaintext using slowAES - this.encrypt = function(plaintext) - { - var key = cryptoHelpers.toNumbers(session.key()); - var byteMessage = cryptoHelpers.convertStringToByteArray(plaintext); - var iv = new Array(16); - rng.nextBytes(iv); - var paddedByteMessage = slowAES.getPaddedBlock(byteMessage, 0, byteMessage.length, slowAES.modeOfOperation.CFB); - var ciphertext = slowAES.encrypt(paddedByteMessage, slowAES.modeOfOperation.CFB, key, key.length, iv).cipher; - var retstring = cryptoHelpers.base64.encode(iv.concat(ciphertext)); - while(retstring.indexOf("+",0) > -1) - retstring = retstring.replace("+", "_"); - return retstring; - }; -}; - |