diff options
| author | Azul <azul@riseup.net> | 2012-10-04 09:54:47 +0200 | 
|---|---|---|
| committer | Azul <azul@riseup.net> | 2012-10-04 09:54:47 +0200 | 
| commit | 693b6d1e36828fa17915a9297595f65c739b611a (patch) | |
| tree | 2bafa7d9fd2cb311f36f7a68c3ff54fa5ecac794 /lib | |
| parent | 4f57d8010a90fe1221c351f695d15d29a9cdc37f (diff) | |
using BIG_PRIME_N and hashing the byte array - tests pass
We still calculate M differently than in SRP 6a
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/srp/authentication.rb | 8 | ||||
| -rw-r--r-- | lib/srp/client.rb | 20 | ||||
| -rw-r--r-- | lib/srp/util.rb | 5 | 
3 files changed, 16 insertions, 17 deletions
| diff --git a/lib/srp/authentication.rb b/lib/srp/authentication.rb index 4afe20b..0505a58 100644 --- a/lib/srp/authentication.rb +++ b/lib/srp/authentication.rb @@ -13,18 +13,18 @@ module SRP          @aa = aa          @b = bigrand(32).hex          # B = g^b + k v (mod N) -        @bb = (modpow(GENERATOR, @b, PRIME_N) + multiplier * verifier) % PRIME_N +        @bb = (modpow(GENERATOR, @b, BIG_PRIME_N) + multiplier * verifier) % BIG_PRIME_N        end        def u -        calculate_u(aa, bb, PRIME_N) +        calculate_u(aa, bb, BIG_PRIME_N)        end        # do not cache this - it's secret and someone might store the        # session in a CookieStore        def secret(verifier) -        base = (modpow(verifier, u, PRIME_N) * aa) % PRIME_N -        modpow(base, @b, PRIME_N) +        base = (modpow(verifier, u, BIG_PRIME_N) * aa) % BIG_PRIME_N +        modpow(base, @b, BIG_PRIME_N)        end        def m1(verifier) diff --git a/lib/srp/client.rb b/lib/srp/client.rb index 37f37d7..947bd7b 100644 --- a/lib/srp/client.rb +++ b/lib/srp/client.rb @@ -10,17 +10,17 @@ module SRP      def initialize(username, password, salt = nil)        @username = username        @password = password -      @salt = salt.hex || bigrand(4).hex +      @salt = (salt || bigrand(4)).hex        @multiplier = multiplier # let's cache it        calculate_verifier      end      def authenticate(server, username, password) -      x = calculate_x(username, password, salt) +      x = calculate_x(username, password)        a = bigrand(32).hex -      aa = modpow(GENERATOR, a, PRIME_N) # A = g^a (mod N) +      aa = modpow(GENERATOR, a, BIG_PRIME_N) # A = g^a (mod N)        bb = server.handshake(username, aa) -      u = calculate_u(aa, bb, PRIME_N) +      u = calculate_u(aa, bb, BIG_PRIME_N)        client_s = calculate_client_s(x, a, bb, u)        server.validate(calculate_m(aa, bb, client_s))      end @@ -32,18 +32,18 @@ module SRP        @verifier      end -    def calculate_x +    def calculate_x(username = @username, password = @password)        shex = '%x' % [@salt] -      inner = sha256_str([@username, @password].join(':')) +      inner = sha256_str([username, password].join(':'))        sha256_str([shex].pack('H*') + [inner].pack('H*')).hex      end      def calculate_client_s(x, a, bb, u)        base = bb -      base += PRIME_N * @multiplier -      base -= modpow(GENERATOR, x, PRIME_N) * @multiplier -      base = base % PRIME_N -      modpow(base, x * u + a, PRIME_N) +      base += BIG_PRIME_N * @multiplier +      base -= modpow(GENERATOR, x, BIG_PRIME_N) * @multiplier +      base = base % BIG_PRIME_N +      modpow(base, x * u + a, BIG_PRIME_N)      end    end  end diff --git a/lib/srp/util.rb b/lib/srp/util.rb index 66bd9e7..cafa5f4 100644 --- a/lib/srp/util.rb +++ b/lib/srp/util.rb @@ -59,14 +59,13 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5      def calculate_m(aa, bb, s)        hashin = '%x%x%x' % [aa, bb, s] -      sha256_str(hashin).hex +      sha256_hex(hashin).hex      end      def calculate_u(aa, bb, n) -      nlen = 2 * ((('%x' % [n]).length * 4 + 7) >> 3)        aahex = '%x' % [aa]        bbhex = '%x' % [bb] -      return sha256_str("%x%x" % [aa, bb]).hex +      return sha256_hex("%x%x" % [aa, bb]).hex      end    end | 
