complete ajax flow is working - just auth fails

Also we currently generate the salt on the server - this should happen on the client but for now i stick to the srp-js workflow.
author: Azul <azul@leap.se> 2012-06-28 16:13:13 +0200
committer: Azul <azul@leap.se> 2012-06-28 16:13:13 +0200
commit: e55ff681bcc5a6c479530d1411a3da75912d78e5 (patch)
tree: aca518663d05f3093520fd3b5d0449efe0b7eb84 /lib
parent: 424c80fde151d4507cd34aaf8f116016df405c8a (diff)
3 files changed, 23 insertions, 21 deletions
diff --git a/lib/srp/client.rb b/lib/srp/client.rb
index 7aa147c..9a27174 100644
--- a/lib/srp/client.rb
+++ b/lib/srp/client.rb
@@ -21,10 +21,7 @@ module SRP
       aa = modpow(GENERATOR, a, PRIME_N) # A = g^a (mod N)
       bb, u = server.initialize_auth(aa)
       client_s = calculate_client_s(x, a, bb, u)
-      puts "bb: " + bb.to_s
-      puts "aa: " + aa.to_s
-      puts "client_s: " + client_s.to_s
-      server.authenticate(aa, client_s)
+      server.authenticate(aa, calculate_m(aa,bb,client_s))
     end
 
     protected
@@ -36,7 +33,7 @@ module SRP
     def calculate_x(username, password, salt)
       shex = '%x' % [salt]
       spad = if shex.length.odd? then '0' else '' end
-      sha1_hex(spad + shex + sha1_str([username, password].join(':'))).hex
+      sha256_hex(spad + shex + sha256_str([username, password].join(':'))).hex
     end
 
     def calculate_client_s(x, a, bb, u)
diff --git a/lib/srp/server.rb b/lib/srp/server.rb
index 79d1b75..02d5d8b 100644
--- a/lib/srp/server.rb
+++ b/lib/srp/server.rb
@@ -39,12 +39,6 @@ module SRP
       sha256_hex(hashin).hex
     end
 
-    def calculate_m(aa, bb, s)
-      # todo: we might want to 0fill this like for u
-      hashin = '%x%x%x' % [aa, bb, s]
-      sha256_hex(hashin).hex
-    end
-
   end
 end
 
diff --git a/lib/srp/util.rb b/lib/srp/util.rb
index 0da1f8f..4325537 100644
--- a/lib/srp/util.rb
+++ b/lib/srp/util.rb
@@ -5,7 +5,12 @@ module SRP
   module Util
 
     # constants both sides know
-    PRIME_N = <<-EOS.split.join.hex # 1024 bits modulus (N)
+    # in this case taken from srp-js
+    PRIME_N = <<-EOS.split.join.hex
+115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3
+    EOS
+
+    BIG_PRIME_N = <<-EOS # 1024 bits modulus (N)
 eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c25657
 6d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089da
 d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5
@@ -25,14 +30,6 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5
       end
     end
 
-    def sha1_hex(h)
-      Digest::SHA1.hexdigest([h].pack('H*'))
-    end
-
-    def sha1_str(s)
-      Digest::SHA1.hexdigest(s)
-    end
-
     def sha256_hex(h)
       Digest::SHA2.hexdigest([h].pack('H*'))
     end
@@ -46,6 +43,13 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5
     end
 
     def multiplier
+      return "c46d46600d87fef149bd79b81119842f3c20241fda67d06ef412d8f6d9479c58".hex % PRIME_N
+      @k ||= calculate_multiplier
+    end
+
+    protected
+
+    def calculate_multiplier
       n = PRIME_N
       g = GENERATOR
       nhex = '%x' % [n]
@@ -53,8 +57,15 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5
       ghex = '%x' % [g]
       hashin = '0' * (nlen - nhex.length) + nhex \
         + '0' * (nlen - ghex.length) + ghex
-      sha1_hex(hashin).hex % n
+      sha256_hex(hashin).hex % n
     end
+
+    def calculate_m(aa, bb, s)
+      # todo: we might want to 0fill this like for u
+      hashin = '%x%x%x' % [aa, bb, s]
+      sha256_hex(hashin).hex
+    end
+
   end
 
 end
author	Azul <azul@leap.se>	2012-06-28 16:13:13 +0200
committer	Azul <azul@leap.se>	2012-06-28 16:13:13 +0200
commit	e55ff681bcc5a6c479530d1411a3da75912d78e5 (patch)
tree	aca518663d05f3093520fd3b5d0449efe0b7eb84 /lib
parent	424c80fde151d4507cd34aaf8f116016df405c8a (diff)