From c76718932382e6851e1ad9f004246bde3fc74de8 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Tue, 2 Oct 2012 15:45:07 +0200
Subject: starting to write a srp test with python srp lib

---
 users/test/integration/api/python/flow_with_srp.py | 58 ++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100755 users/test/integration/api/python/flow_with_srp.py

(limited to 'users/test/integration/api/python/flow_with_srp.py')

diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py
new file mode 100755
index 0000000..cb89f6e
--- /dev/null
+++ b/users/test/integration/api/python/flow_with_srp.py
@@ -0,0 +1,58 @@
+#!/usr/bin/env python
+
+# under development
+
+import requests
+import json
+import string
+import random
+import srp
+import binascii
+
+# let's have some random name
+def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
+  return ''.join(random.choice(chars) for x in range(size))
+
+# using globals for a start
+server = 'http://localhost:3000'
+login = id_generator()
+password = id_generator() + id_generator()
+
+# log the server communication
+def print_and_parse(response):
+  print response.request.method + ': ' + response.url
+  print "    " + json.dumps(response.request.data)
+  print " -> " + response.text
+  return json.loads(response.text)
+
+def signup(session):
+  salt, vkey = srp.create_salted_verification_key( login, password )
+  user_params = {
+      'user[login]': login,
+      'user[password_verifier]': binascii.hexlify(vkey),
+      'user[password_salt]': binascii.hexlify(salt)
+      }
+  return session.post(server + '/users.json', data = user_params)
+
+usr = srp.User( login, password )
+
+def authenticate(session, login):
+  uname, A = usr.start_authentication()
+  params = {
+      'login': uname,
+      'A': A
+      }
+  init = print_and_parse(session.post(server + '/sessions', data = params))
+  M = usr.process_challenge( init['salt'], init['B'] )
+  return session.put(server + '/sessions/' + login, data = {'client_auth': M})
+
+session = requests.session()
+user = print_and_parse(signup(session))
+
+# SRP signup would happen here and calculate M hex
+auth = print_and_parse(authenticate(session, user['login']))
+usr.verify_session( auth )
+
+# At this point the authentication process is complete.
+assert usr.authenticated()
+
-- 
cgit v1.2.3


From 793f36bb8063017cd8b48f084597f4e64b72d0f4 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Tue, 2 Oct 2012 15:52:48 +0200
Subject: use hexlify and unhexlify everywhere needed

except the final auth as this is still broken anyway
---
 users/test/integration/api/python/flow_with_srp.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'users/test/integration/api/python/flow_with_srp.py')

diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py
index cb89f6e..1aad555 100755
--- a/users/test/integration/api/python/flow_with_srp.py
+++ b/users/test/integration/api/python/flow_with_srp.py
@@ -40,11 +40,12 @@ def authenticate(session, login):
   uname, A = usr.start_authentication()
   params = {
       'login': uname,
-      'A': A
+      'A': binascii.hexlify(A)
       }
   init = print_and_parse(session.post(server + '/sessions', data = params))
-  M = usr.process_challenge( init['salt'], init['B'] )
-  return session.put(server + '/sessions/' + login, data = {'client_auth': M})
+  M = usr.process_challenge( binascii.unhexlify(init['salt']), binascii.unhexlify(init['B']) )
+  return session.put(server + '/sessions/' + login, 
+      data = {'client_auth': binascii.hexlify(M)})
 
 session = requests.session()
 user = print_and_parse(signup(session))
-- 
cgit v1.2.3


From 5fe296eb9f9b216e05921ac0c41f5defc1cc2054 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Tue, 2 Oct 2012 16:12:50 +0200
Subject: trying to use the same Hash Alg and Prime as webapp - still failing

---
 users/test/integration/api/python/flow_with_srp.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'users/test/integration/api/python/flow_with_srp.py')

diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py
index 1aad555..08ac94a 100755
--- a/users/test/integration/api/python/flow_with_srp.py
+++ b/users/test/integration/api/python/flow_with_srp.py
@@ -26,7 +26,7 @@ def print_and_parse(response):
   return json.loads(response.text)
 
 def signup(session):
-  salt, vkey = srp.create_salted_verification_key( login, password )
+  salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
   user_params = {
       'user[login]': login,
       'user[password_verifier]': binascii.hexlify(vkey),
@@ -34,7 +34,7 @@ def signup(session):
       }
   return session.post(server + '/users.json', data = user_params)
 
-usr = srp.User( login, password )
+usr = srp.User( login, password, srp.SHA256, srp.NG_1024 )
 
 def authenticate(session, login):
   uname, A = usr.start_authentication()
-- 
cgit v1.2.3


From 118d9ab5c9f4d7a82b7cf24774ef12d3c221f8ef Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Fri, 5 Oct 2012 13:59:39 +0200
Subject: moving to ruby_srp 0.1.0, works with python srp

---
 users/test/integration/api/python/flow_with_srp.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'users/test/integration/api/python/flow_with_srp.py')

diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py
index 08ac94a..ea630f2 100755
--- a/users/test/integration/api/python/flow_with_srp.py
+++ b/users/test/integration/api/python/flow_with_srp.py
@@ -52,7 +52,7 @@ user = print_and_parse(signup(session))
 
 # SRP signup would happen here and calculate M hex
 auth = print_and_parse(authenticate(session, user['login']))
-usr.verify_session( auth )
+usr.verify_session( binascii.unhexlify(auth["M2"]) )
 
 # At this point the authentication process is complete.
 assert usr.authenticated()
-- 
cgit v1.2.3


From e264e7354788c0b7eff7bb296eed9c59304cc8b8 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Fri, 5 Oct 2012 16:48:27 +0200
Subject: using safe_unhexlify to workaround 0 padding

also changed the debug output so it helps creating tests for ruby-srp
---
 users/test/integration/api/python/flow_with_srp.py | 29 ++++++++++++++++++----
 1 file changed, 24 insertions(+), 5 deletions(-)

(limited to 'users/test/integration/api/python/flow_with_srp.py')

diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py
index ea630f2..3bbbc71 100755
--- a/users/test/integration/api/python/flow_with_srp.py
+++ b/users/test/integration/api/python/flow_with_srp.py
@@ -6,9 +6,11 @@ import requests
 import json
 import string
 import random
-import srp
+import srp._pysrp as srp
 import binascii
 
+safe_unhexlify = lambda x: binascii.unhexlify(x) if (len(x) % 2 == 0) else binascii.unhexlify('0'+x)
+
 # let's have some random name
 def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
   return ''.join(random.choice(chars) for x in range(size))
@@ -18,15 +20,20 @@ server = 'http://localhost:3000'
 login = id_generator()
 password = id_generator() + id_generator()
 
+print '    username = "' + login + '"'
+print '    password = "' + password + '"'
+
 # log the server communication
 def print_and_parse(response):
-  print response.request.method + ': ' + response.url
-  print "    " + json.dumps(response.request.data)
+  # print response.request.method + ': ' + response.url
+  # print "    " + json.dumps(response.request.data)
   print " -> " + response.text
   return json.loads(response.text)
 
 def signup(session):
   salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
+  print '    salt = "' + binascii.hexlify(salt) + '"'
+  print '    v = "' + binascii.hexlify(vkey) + '"'
   user_params = {
       'user[login]': login,
       'user[password_verifier]': binascii.hexlify(vkey),
@@ -38,12 +45,16 @@ usr = srp.User( login, password, srp.SHA256, srp.NG_1024 )
 
 def authenticate(session, login):
   uname, A = usr.start_authentication()
+  print '    aa = "' + binascii.hexlify(A) + '"'
   params = {
       'login': uname,
       'A': binascii.hexlify(A)
       }
   init = print_and_parse(session.post(server + '/sessions', data = params))
-  M = usr.process_challenge( binascii.unhexlify(init['salt']), binascii.unhexlify(init['B']) )
+  # print '    b = "' + init['b'] + '"'
+  print '    bb = "' + init['B'] + '"'
+  M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B']) )
+  print '    m = "' + binascii.hexlify(M) + '"'
   return session.put(server + '/sessions/' + login, 
       data = {'client_auth': binascii.hexlify(M)})
 
@@ -52,7 +63,15 @@ user = print_and_parse(signup(session))
 
 # SRP signup would happen here and calculate M hex
 auth = print_and_parse(authenticate(session, user['login']))
-usr.verify_session( binascii.unhexlify(auth["M2"]) )
+if ( 'errors' in auth ):
+  print '    u = "%x"' % usr.u
+  print '    x = "%x"' % usr.x
+  print '    v = "%x"' % usr.v
+  print '    S = "%x"' % usr.S
+  print '    K = "' + binascii.hexlify(usr.K) + '"'
+  print '    M = "%x"' % usr.M
+else:
+  usr.verify_session( safe_unhexlify(auth["M2"]) )
 
 # At this point the authentication process is complete.
 assert usr.authenticated()
-- 
cgit v1.2.3


From 5267a127ee967b1d89df6033cc9869715e960886 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Sat, 6 Oct 2012 19:39:48 +0200
Subject: comment out debugging lines

---
 users/test/integration/api/python/flow_with_srp.py | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

(limited to 'users/test/integration/api/python/flow_with_srp.py')

diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py
index 3bbbc71..0a11aec 100755
--- a/users/test/integration/api/python/flow_with_srp.py
+++ b/users/test/integration/api/python/flow_with_srp.py
@@ -16,24 +16,24 @@ def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
   return ''.join(random.choice(chars) for x in range(size))
 
 # using globals for a start
-server = 'http://localhost:3000'
+server = 'http://springbok/1/'
 login = id_generator()
 password = id_generator() + id_generator()
 
-print '    username = "' + login + '"'
-print '    password = "' + password + '"'
+# print '    username = "' + login + '"'
+# print '    password = "' + password + '"'
 
 # log the server communication
 def print_and_parse(response):
   # print response.request.method + ': ' + response.url
   # print "    " + json.dumps(response.request.data)
-  print " -> " + response.text
+  # print " -> " + response.text
   return json.loads(response.text)
 
 def signup(session):
   salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
-  print '    salt = "' + binascii.hexlify(salt) + '"'
-  print '    v = "' + binascii.hexlify(vkey) + '"'
+  # print '    salt = "' + binascii.hexlify(salt) + '"'
+  # print '    v = "' + binascii.hexlify(vkey) + '"'
   user_params = {
       'user[login]': login,
       'user[password_verifier]': binascii.hexlify(vkey),
@@ -45,16 +45,16 @@ usr = srp.User( login, password, srp.SHA256, srp.NG_1024 )
 
 def authenticate(session, login):
   uname, A = usr.start_authentication()
-  print '    aa = "' + binascii.hexlify(A) + '"'
+  # print '    aa = "' + binascii.hexlify(A) + '"'
   params = {
       'login': uname,
       'A': binascii.hexlify(A)
       }
   init = print_and_parse(session.post(server + '/sessions', data = params))
   # print '    b = "' + init['b'] + '"'
-  print '    bb = "' + init['B'] + '"'
+  # print '    bb = "' + init['B'] + '"'
   M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B']) )
-  print '    m = "' + binascii.hexlify(M) + '"'
+  # print '    m = "' + binascii.hexlify(M) + '"'
   return session.put(server + '/sessions/' + login, 
       data = {'client_auth': binascii.hexlify(M)})
 
-- 
cgit v1.2.3