diff options
author | Azul <azul@leap.se> | 2012-06-27 15:08:41 +0200 |
---|---|---|
committer | Azul <azul@leap.se> | 2012-06-27 15:08:41 +0200 |
commit | 95df478b7d3f62e2893499aa7a801b0cacb19dcd (patch) | |
tree | 309b85fff49ad0108eb3413104a3379a7d91d347 /lib | |
parent | bd88f52b03c2b8061aa753b7d925dd9bc4057e6e (diff) |
moved to ajax workflow and integrated srp-js - not quite there yet
* needs a bit of cleanup from the old workflow
* are client and server using the same primes right now?
* store multiple users on the server side
Diffstat (limited to 'lib')
-rw-r--r-- | lib/srp/server.rb | 15 | ||||
-rw-r--r-- | lib/srp/util.rb | 8 |
2 files changed, 20 insertions, 3 deletions
diff --git a/lib/srp/server.rb b/lib/srp/server.rb index a1189a1..79d1b75 100644 --- a/lib/srp/server.rb +++ b/lib/srp/server.rb @@ -18,11 +18,13 @@ module SRP return @bb, u end - def authenticate(aa, client_s) + def authenticate(aa, m) u = calculate_u(aa, @bb, PRIME_N) base = (modpow(@verifier, u, PRIME_N) * aa) % PRIME_N server_s = modpow(base, @b, PRIME_N) - return client_s == server_s + if(m == calculate_m(aa, @bb, server_s)) + return calculate_m(aa, m, server_s) + end end @@ -34,8 +36,15 @@ module SRP bbhex = '%x' % [bb] hashin = '0' * (nlen - aahex.length) + aahex \ + '0' * (nlen - bbhex.length) + bbhex - sha1_hex(hashin).hex + sha256_hex(hashin).hex end + + def calculate_m(aa, bb, s) + # todo: we might want to 0fill this like for u + hashin = '%x%x%x' % [aa, bb, s] + sha256_hex(hashin).hex + end + end end diff --git a/lib/srp/util.rb b/lib/srp/util.rb index 6792105..0da1f8f 100644 --- a/lib/srp/util.rb +++ b/lib/srp/util.rb @@ -33,6 +33,14 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5 Digest::SHA1.hexdigest(s) end + def sha256_hex(h) + Digest::SHA2.hexdigest([h].pack('H*')) + end + + def sha256_str(s) + Digest::SHA2.hexdigest(s) + end + def bigrand(bytes) OpenSSL::Random.random_bytes(bytes).unpack("H*")[0] end |