moved to ajax workflow and integrated srp-js - not quite there yet

* needs a bit of cleanup from the old workflow
* are client and server using the same primes right now?
* store multiple users on the server side

2 files changed, 20 insertions, 3 deletions

diff --git a/lib/srp/server.rb b/lib/srp/server.rb
index a1189a1..79d1b75 100644
--- a/lib/srp/server.rb
+++ b/lib/srp/server.rb
@@ -18,11 +18,13 @@ module SRP
       return @bb, u
     end
 
-    def authenticate(aa, client_s)
+    def authenticate(aa, m)
       u = calculate_u(aa, @bb, PRIME_N)
       base = (modpow(@verifier, u, PRIME_N) * aa) % PRIME_N
       server_s = modpow(base, @b, PRIME_N)
-      return client_s == server_s
+      if(m == calculate_m(aa, @bb, server_s))
+        return calculate_m(aa, m, server_s)
+      end
     end
 
 
@@ -34,8 +36,15 @@ module SRP
       bbhex = '%x' % [bb]
       hashin = '0' * (nlen - aahex.length) + aahex \
         + '0' * (nlen - bbhex.length) + bbhex
-      sha1_hex(hashin).hex
+      sha256_hex(hashin).hex
     end
+
+    def calculate_m(aa, bb, s)
+      # todo: we might want to 0fill this like for u
+      hashin = '%x%x%x' % [aa, bb, s]
+      sha256_hex(hashin).hex
+    end
+
   end
 end
 
diff --git a/lib/srp/util.rb b/lib/srp/util.rb
index 6792105..0da1f8f 100644
--- a/lib/srp/util.rb
+++ b/lib/srp/util.rb
@@ -33,6 +33,14 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5
       Digest::SHA1.hexdigest(s)
     end
 
+    def sha256_hex(h)
+      Digest::SHA2.hexdigest([h].pack('H*'))
+    end
+
+    def sha256_str(s)
+      Digest::SHA2.hexdigest(s)
+    end
+
     def bigrand(bytes)
       OpenSSL::Random.random_bytes(bytes).unpack("H*")[0]
     end