moved all server side auth stuff into session so i can remove the authentication module

author: Azul <azul@riseup.net> 2012-10-04 11:48:38 +0200
committer: Azul <azul@riseup.net> 2012-10-04 11:52:27 +0200
commit: 777254f7ba10a0dd8fbee433e6a631d96e9d76f0 (patch)
tree: 2b8c6a3e5379eb1cf065de4bfe920ec432b7f1bd /lib
parent: 0e5f57d3e07db606a779485e1537d4db8b5d3da2 (diff)
2 files changed, 5 insertions, 77 deletions
diff --git a/lib/srp/authentication.rb b/lib/srp/authentication.rb
deleted file mode 100644
index c87fe1d..0000000
--- a/lib/srp/authentication.rb
+++ /dev/null
@@ -1,68 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + '/util')
-
-module SRP
-  module Authentication
-
-    include Util
-
-    class Session
-      include Util
-      attr_accessor :aa, :bb
-
-      def initialize(aa, verifier)
-        @aa = aa
-        @b = bigrand(32).hex
-        # B = g^b + k v (mod N)
-        @bb = (modpow(GENERATOR, @b) + multiplier * verifier) % BIG_PRIME_N
-      end
-
-      def u
-        @u ||= calculate_u
-      end
-
-      # do not cache this - it's secret and someone might store the
-      # session in a CookieStore
-      def secret(verifier)
-        base = (modpow(verifier, u) * aa) % BIG_PRIME_N
-        modpow(base, @b)
-      end
-
-      def m1(verifier)
-        calculate_m(secret(verifier))
-      end
-
-      def m2(m1, verifier)
-        sha256_int(@aa, m1, secret(verifier)).hex
-      end
-
-      protected
-      def calculate_u
-        sha256_int(@aa, @bb).hex
-      end
-
-      def calculate_m(s)
-        sha256_int(@aa, @bb, s).hex
-      end
-
-    end
-
-    def initialize_auth(aa)
-      return Session.new(aa, verifier)
-    end
-
-    def authenticate!(m, session)
-      authenticate(m, session) || raise(SRP::WrongPassword)
-    end
-
-    def authenticate(m, session)
-      if(m == session.m1(verifier))
-        return session.m2(m, verifier)
-      end
-    end
-
-
-  end
-
-end
-
-
diff --git a/lib/srp/session.rb b/lib/srp/session.rb
index b61058b..367f5e2 100644
--- a/lib/srp/session.rb
+++ b/lib/srp/session.rb
@@ -27,7 +27,7 @@ module SRP
 
     def authenticate(m)
       if(m == calculate_m(server_secret))
-        return m2
+        return calculate_m2(m, server_secret)
       end
     end
 
@@ -63,20 +63,16 @@ module SRP
       modpow(base, @b)
     end
 
-    def m1
-      calculate_m(server_secret)
-    end
-
-    def m2
-      sha256_int(@aa, m1, server_secret).hex
-    end
-
     # this is outdated - SRP 6a uses
     # M = H(H(N) xor H(g), H(I), s, A, B, K)
     def calculate_m(s)
       sha256_int(@aa, @bb, s).hex
     end
 
+    def calculate_m2(m, secret)
+      sha256_int(@aa, m, secret).hex
+    end
+
     def calculate_u
       sha256_int(@aa, @bb).hex
     end
author	Azul <azul@riseup.net>	2012-10-04 11:48:38 +0200
committer	Azul <azul@riseup.net>	2012-10-04 11:52:27 +0200
commit	777254f7ba10a0dd8fbee433e6a631d96e9d76f0 (patch)
tree	2b8c6a3e5379eb1cf065de4bfe920ec432b7f1bd /lib
parent	0e5f57d3e07db606a779485e1537d4db8b5d3da2 (diff)