diff options
author | Azul <azul@riseup.net> | 2013-07-14 15:39:10 +0200 |
---|---|---|
committer | Azul <azul@riseup.net> | 2013-07-14 15:39:10 +0200 |
commit | ec05ed9a4cc4b4c0760ddf475e0bbb78ea407ce6 (patch) | |
tree | 4dbb2edb86f03c39f0779191af709b27dfcd926a | |
parent | a0adb2d7a12876df48b309e3949b2675b53b6634 (diff) | |
parent | cac0949c86209c7174bb5b4edc2f8eca65079429 (diff) |
-rw-r--r-- | lib/srp/session.rb | 42 | ||||
-rw-r--r-- | ruby-srp.gemspec | 2 | ||||
-rw-r--r-- | test/fixtures/failed_js_client.json | 12 | ||||
-rw-r--r-- | test/fixtures/failed_js_login.json | 2 | ||||
-rw-r--r-- | test/session_test.rb | 15 | ||||
-rw-r--r-- | test/test_helper.rb | 8 |
6 files changed, 50 insertions, 31 deletions
diff --git a/lib/srp/session.rb b/lib/srp/session.rb index abf91cc..53d9a33 100644 --- a/lib/srp/session.rb +++ b/lib/srp/session.rb @@ -3,6 +3,9 @@ module SRP include SRP::Util attr_accessor :user + # params: + # user: user object that represents and account (username, salt, verifier) + # aa: SRPs A ephemeral value. encoded as a hex string. def initialize(user, aa=nil) @user = user aa ? initialize_server(aa) : initialize_client @@ -31,9 +34,9 @@ module SRP def to_hash if @authenticated - { :M2 => m2.to_s(16) } + { :M2 => m2 } else - { :B => bb.to_s(16), + { :B => bb, # :b => @b.to_s(16), # only use for debugging :salt => @user.salt.to_s(16) } @@ -50,26 +53,29 @@ module SRP username: @user.username, salt: @user.salt.to_s(16), verifier: @user.verifier.to_s(16), - aa: aa.to_s(16), - bb: bb.to_s(16), + aa: aa, + bb: bb, s: secret.to_s(16), - k: k.to_s(16), - m: m.to_s(16), - m2: m2.to_s(16) + k: k, + m: m, + m2: m2 } end def aa - @aa ||= modpow(GENERATOR, @a) # A = g^a (mod N) + @aa ||= modpow(GENERATOR, @a).to_s(16) # A = g^a (mod N) end # B = g^b + k v (mod N) def bb - @bb ||= (modpow(GENERATOR, @b) + multiplier * @user.verifier) % BIG_PRIME_N + @bb ||= calculate_bb.to_s(16) end protected + def calculate_bb + (modpow(GENERATOR, @b) + multiplier * @user.verifier) % BIG_PRIME_N + end # only seed b for testing purposes. def initialize_server(aa, ephemeral = nil) @@ -89,45 +95,45 @@ module SRP # client: K = H( (B - kg^x) ^ (a + ux) ) def client_secret - base = bb + base = bb.hex # base += BIG_PRIME_N * @multiplier base -= modpow(GENERATOR, @user.private_key) * multiplier base = base % BIG_PRIME_N - modpow(base, @user.private_key * u + @a) + modpow(base, @user.private_key * u.hex + @a) end # server: K = H( (Av^u) ^ b ) # do not cache this - it's secret and someone might store the # session in a CookieStore def server_secret - base = (modpow(@user.verifier, u) * aa) % BIG_PRIME_N + base = (modpow(@user.verifier, u.hex) * aa.hex) % BIG_PRIME_N modpow(base, @b) end # SRP 6a uses # M = H(H(N) xor H(g), H(I), s, A, B, K) def m - @m ||= sha256_int(n_xor_g_long, login_hash, @user.salt, aa, bb, k).hex + @m ||= sha256_hex(n_xor_g_long, login_hash, @user.salt.to_s(16), aa, bb, k) end def m2 - @m2 ||= sha256_int(aa, m, k).hex + @m2 ||= sha256_hex(aa, m, k) end def k - @k ||= sha256_int(secret).hex + @k ||= sha256_int(secret) end def n_xor_g_long - @n_xor_g_long ||= hn_xor_hg.bytes.map{|b| "%02x" % b.ord}.join.hex + @n_xor_g_long ||= hn_xor_hg.bytes.map{|b| "%02x" % b.ord}.join end def login_hash - @login_hash ||= sha256_str(@user.username).hex + @login_hash ||= sha256_str(@user.username) end def u - @u ||= sha256_int(aa, bb).hex + @u ||= sha256_hex(aa, bb) end end diff --git a/ruby-srp.gemspec b/ruby-srp.gemspec index 0712e59..c782309 100644 --- a/ruby-srp.gemspec +++ b/ruby-srp.gemspec @@ -1,6 +1,6 @@ Gem::Specification.new do |s| s.name = "ruby-srp" - s.version = "0.1.7" + s.version = "0.2.0" s.platform = Gem::Platform::RUBY s.authors = ["Azul"] s.email = ["azul@leap.se"] diff --git a/test/fixtures/failed_js_client.json b/test/fixtures/failed_js_client.json new file mode 100644 index 0000000..374128a --- /dev/null +++ b/test/fixtures/failed_js_client.json @@ -0,0 +1,12 @@ +{ + "username": "asre", + "salt": "ae631d2d5ed2c41d", + "verifier": "8abe157957f22cc3b0b004e964d8f4d036636b23c6489877db9a9f7e19f21b78df5b489171996dd4a57ab6714e31ed0f3187c930dd0b00654cab60aaf73d701cf71d3faed99da9cd37c0161c93f3e12c2627e286df9217bad7731d51c7558a7d07d9888808c5b62b275b07706cf2e3d0cdc628791c69975580f760c7bf28bae8", + "a": "eb9784d9", + "aa": "ab0109064a2da3c02c0cc6da028495d402affb814f4b40898c9c87922718bd03dbd41cf2fa0e23f4abd0f19722c3687b673177328ae4f74f48f7d8fafc30466652e97a2f8c438b471eb0ccbe66fb5bf0837ac7b2aa34bfc731714c3ce4fbb288abd59458e2e563391925a8b74b4179652839ea91da40a467702b1574728c9e22", + "bb": "ccc834b851d7d6e1aa86969705ecd53fd47c5e94c1e31f739db3534a73dee8eed362747d7b4c60ea9169352000dfe42ca8ae5d3b20bb8f40590106021e7a4cd398ca2df55cc209ad9732c8d6bd6c6acf8a27254dac3c74cbb326ee53a4519e6a630ccadebf1434f5e3d9bf99c7cd301255c94710445383808638394dd641aa27", + "s": "919418fb396e125dc8e881b01f3925029e8049e0f15032f601317a99489526fd46b8e8edb62962177b97efe2106a7da44b381e65a500ff1a86459683475b86b31fd81e73accc835a5e0da37b71ed68612c68fbe43a96b57bf3f5d560f71f37a3dbc7a2080c8a4dd7de1bb42cc6e1a21e66e3845f775cb4559ba9ac1faf551a39", + "k": "aa8c328244c426c6165be08a1fa8b07e2949c1df577466b4815109221e2da6b", + "m": "8438a6e4f31334588b826ee92b7669dd8db59856c5934a9c659e1481bcdcae86", + "m2": "ec1fd1de67a08b981016272222f54f4b1c42768cb46cd3675fe6573fd60eb186" +} diff --git a/test/fixtures/failed_js_login.json b/test/fixtures/failed_js_login.json index 0de652c..37a67f3 100644 --- a/test/fixtures/failed_js_login.json +++ b/test/fixtures/failed_js_login.json @@ -6,7 +6,7 @@ "aa": "4decb8543891f5a744b1e9b5bc375a474bfe3c5417e1db176cefcc7ba915338a14f309f8e0a4c7641bc9c9b9bd2e91c4d1beda1772c30d0350c9ba44f7c5911dfe6bb593ac2a2b30f1f6e5ec8a656cb4947c1907cf62f8d7283cbe32eb44b02158b51091ae130afa6063bb28cdea9ae159d4f222571e146f8715bfa31af09868", "b": "f393e04f8a0463b90227742217d7e1bbba82241a43beb372c4fc90539d24bdaf", "bb": "dee64fd54daafc18b338c5783ade3ff4275dfee8c97008e2d9fb445880a2e1d452c822a35e8e3f012bc6facaa28022f8de3fb1d632667d635abde0afc0ca4ed06c9197ea88f379042b10bc7b7f816a1ec14fefe6e9adef4ab904315b3a3f36749f3f6d1083b0eb0029173770f8e9342b098298389ba49a88d4ea6b78a7f576a4", - "m": "ccf0c492f715484dc8343e22cd5967c2c5d01de743c5f0a9c5cfd017db1804c", + "m": "0ccf0c492f715484dc8343e22cd5967c2c5d01de743c5f0a9c5cfd017db1804c", "s": "50973f6e8134f95bd04f54f522e6e57d957d0640f91f0a989ff775712b81d5856ae3bdd2aa9c5eda8019e9db18065519c99c33a62c7f12f98e7aed60b153feee9ab73ba1272b4d76aa002da8cd47c6da733c88a0e70d4c3d6752fd366d66efe40870d26fd5d1755883b9489721e1881376628bf6ef89902f35e5e7e31227e2f", "k": "dd93e648abfe2ac6c6d46e062ded60b31ec043e55ceca1946ec29508f4c68461" } diff --git a/test/session_test.rb b/test/session_test.rb index dc97077..6864de7 100644 --- a/test/session_test.rb +++ b/test/session_test.rb @@ -11,7 +11,7 @@ class SessionTest < Test::Unit::TestCase session = init_session(client, data) assert_same_values(data, session.internal_state) - assert_equal client, session.authenticate(data[:m].hex) + assert_equal client, session.authenticate(data[:m]) assert_equal({:M2 => data[:m2]}, session.to_hash) assert_equal({'M2' => data[:m2]}.to_json, session.to_json) end @@ -26,7 +26,7 @@ class SessionTest < Test::Unit::TestCase state.delete(:salt) assert_same_values(data, state) - assert_equal client, session.authenticate(data[:m].hex) + assert_equal client, session.authenticate(data[:m]) end def test_failing_js_login @@ -35,16 +35,9 @@ class SessionTest < Test::Unit::TestCase session = init_session(client, data) assert_same_values(data, session.internal_state) - assert_equal client, session.authenticate(data[:m].hex) + assert_equal client, session.authenticate(data[:m]) end - def fixture(filename) - path = File.expand_path("../fixtures/#{filename}.json", __FILE__) - HashWithIndifferentAccess[JSON.parse(File.read(path))] - end - - - def stub_client(data) @username = data[:username] @password = data[:password] @@ -57,7 +50,7 @@ class SessionTest < Test::Unit::TestCase end def init_session(client, data) - aa = data[:aa].hex + aa = data[:aa] b = data[:b].hex session = SRP::Session.new(client, aa) # seed b to compare to py_srp diff --git a/test/test_helper.rb b/test/test_helper.rb index 23ff39a..3f85b7a 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -2,3 +2,11 @@ require "rubygems" require 'test/unit' require 'activesupport' # for HashWithIndifferentAccess require File.expand_path(File.dirname(__FILE__) + '/../lib/ruby-srp.rb') + +class Test::Unit::TestCase + def fixture(filename) + path = File.expand_path("../fixtures/#{filename}.json", __FILE__) + HashWithIndifferentAccess[JSON.parse(File.read(path))] + end +end + |