diff options
| author | Azul <azul@riseup.net> | 2012-10-05 16:34:07 +0200 |
|---|---|---|
| committer | Azul <azul@riseup.net> | 2012-10-05 16:34:07 +0200 |
| commit | b35bf766a6bbd5857853ac25d27091a7cf566539 (patch) | |
| tree | eb5e2e39fd1380215e7606a10c12da771f98582d | |
| parent | 41ef9b34b7cfb94574868db401aaf17b82733670 (diff) | |
bugfix - zero padded salts do not break login anymore
| -rw-r--r-- | lib/srp/util.rb | 2 | ||||
| -rw-r--r-- | test/session_test.rb | 17 |
2 files changed, 17 insertions, 2 deletions
diff --git a/lib/srp/util.rb b/lib/srp/util.rb index 1e4beac..3bed1d3 100644 --- a/lib/srp/util.rb +++ b/lib/srp/util.rb @@ -41,7 +41,7 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5 # Hashes the hex args def sha256_hex(*args) - h = args.join('') + h = args.map{|a| a.length.odd? ? "0#{a}" : a }.join('') sha256_str([h].pack('H*')) end diff --git a/test/session_test.rb b/test/session_test.rb index f41b34b..9d1b92f 100644 --- a/test/session_test.rb +++ b/test/session_test.rb @@ -24,5 +24,20 @@ class SessionTest < Test::Unit::TestCase assert_equal m2, session.authenticate(m) end - + def test_zero_padded_salt + @username = "RLNFB7" + password = "NRH9NRT958BO" + @salt = "0401b02e".hex + @verifier = "943c7bf983b9afd0e08ba7d9c9da68cbf8bc88f05d564f002bd669130bb66ceb2b5aafa5c4a9cac09f42a17f7079b67a964365022283cc249446a165ca9e02855d188ca193bf0b4703d0d83254623e3e91576ba1f3b353981836226f3e9c36b7592a6a0daa608018273e7d3a3cb8615eee3606af9eec4a83e1947c8717f9415e".hex + aa = "ea40a95b4ccf1934767e9098f0f5639f5b83321eb77137f3c7b50bb90323651ebbe14b08956e471d4b96ae12c96814fbc56bfe408afd4cffca17d53dc30653a2e9e0e57f5b97e8736a5a90470708a32f63e6417651303e331d6c3bf3d229379dd746fb9f47220ee52b6da008ce88710de27c058841d56644d58e98e1c8795371".hex + b = "78e12fc099be1409e0fce3bf84484d89d58710bcc3d8a0e05227fb291be3fb28".hex + bb = "d8d50a862b7e8a897f8b0554c4a474e8aa152bd08f23436773fbb977e81cbf5e8262937ffb7ad6b72e3aa7f72deec947cdb286ab466e490d7c544bf443331ad12657c8f9bb2aabf508b73ea1ed29d03a060f5f2a70baef858bdb79c5c878844c058fe10c2cc746b0fb701e98d8d6405ab7d0b65bb4f87cf8e47b25ae4ee6e53b".hex + m = "d5cbec7254ce66f421ceddbfe8a0a8991b5be2aa9c25d868f073f4459dfc358b".hex + client = SRP::Client.new(@username, password, @salt) + assert_equal @verifier.to_s(16), client.verifier.to_s(16) + session = SRP::Session.new(self, aa) + session.send(:initialize_server, aa, b) # seeding b to compare to py_srp + assert_equal bb.to_s(16), session.bb.to_s(16) + assert session.authenticate(m) + end end |