diff options
author | Azul <azul@leap.se> | 2012-07-26 12:08:55 +0200 |
---|---|---|
committer | Azul <azul@leap.se> | 2012-07-26 12:08:55 +0200 |
commit | fe55f0cd2707507649d5979beae6fa3400252d56 (patch) | |
tree | b12fc700ec096cf50954bafcd6cb8e49624996fe /lib/srp | |
parent | b9510e0c035a26b6d2aa55f82278d1743f2e3e07 (diff) |
we cache neither the verifier nor the secret in the session just in case
People might store the session in a CookieStore - which would probably be a bad idea anyway - but let's be save rather than sorry.
Diffstat (limited to 'lib/srp')
-rw-r--r-- | lib/srp/authentication.rb | 26 |
1 files changed, 11 insertions, 15 deletions
diff --git a/lib/srp/authentication.rb b/lib/srp/authentication.rb index 96f68fe..a2431d0 100644 --- a/lib/srp/authentication.rb +++ b/lib/srp/authentication.rb @@ -14,31 +14,27 @@ module SRP @b = bigrand(32).hex # B = g^b + k v (mod N) @bb = (modpow(GENERATOR, @b, PRIME_N) + multiplier * verifier) % PRIME_N - @verifier = verifier end def u calculate_u(aa, bb, PRIME_N) end - def secret - @s ||= calculate_secret + # do not cache this - it's secret and someone might store the + # session in a CookieStore + def secret(verifier) + base = (modpow(verifier, u, PRIME_N) * aa) % PRIME_N + modpow(base, @b, PRIME_N) end - def m1 - calculate_m(aa, bb, secret) + def m1(verifier) + calculate_m(aa, bb, secret(verifier)) end - def m2 - calculate_m(aa, m1, secret) + def m2(m1, verifier) + calculate_m(aa, m1, secret(verifier)) end - protected - - def calculate_secret - base = (modpow(@verifier, u, PRIME_N) * aa) % PRIME_N - modpow(base, @b, PRIME_N) - end end def initialize_auth(aa) @@ -46,8 +42,8 @@ module SRP end def authenticate(m, session) - if(m == session.m1) - return session.m2 + if(m == session.m1(verifier)) + return session.m2(m, verifier) end end |