moved to ajax workflow and integrated srp-js - not quite there yet
authorAzul <azul@leap.se>
Wed, 27 Jun 2012 13:08:41 +0000 (15:08 +0200)
committerAzul <azul@leap.se>
Wed, 27 Jun 2012 13:08:41 +0000 (15:08 +0200)
* needs a bit of cleanup from the old workflow
* are client and server using the same primes right now?
* store multiple users on the server side

example/http-srp.rb
example/models/user.rb
example/public/srp.js [new file with mode: 0644]
example/public/srp.min.js [new file with mode: 0644]
example/views/authenticate.erb [new file with mode: 0644]
example/views/handshake.erb [new file with mode: 0644]
example/views/layout.erb
example/views/login.erb
lib/srp/server.rb
lib/srp/util.rb

index d0b32dd..4c34130 100644 (file)
@@ -24,12 +24,25 @@ end
 
 get '/login' do
   @user = User.current
-  Log.log(:init_server_login, params)
-  @auth = @user.initialize_auth(params)
-  Log.log(:init_client_login, @auth)
   erb :login
 end
 
+post '/handshake/' do
+  @user = User.current
+  Log.log(:handshake, params)
+  @auth = @user.initialize_auth(params)
+  Log.log(:init_auth, @auth)
+  erb :handshake, :layout => false, :content_type => :xml
+end
+
+post '/authenticate/' do
+  @user = User.current
+  Log.log(:authenticate, params)
+  @auth = @user.authenticate(params)
+  Log.log(:confirm_authentication, @auth)
+  erb :authenticate, :layout => false, :content_type => :xml
+end
+
 post '/login' do
   Log.log(:login, params)
   @user = User.current
@@ -54,6 +67,6 @@ helpers do
       klass += " btn-primary"
       label += " now..."
     end
-    %Q(<a href="#{action}" class="#{klass}" id="#{action}-btn">#{label}</a>)
+    %Q(<a href="#{action}" class="#{klass}" id="#{action}-view-btn">#{label}</a>)
   end
 end
index daea621..ffbdf62 100644 (file)
@@ -19,11 +19,20 @@ class User
   end
 
   def initialize_auth(params)
-    srp = SRP::Server.new(self.salt, self.verifier)
-    bb, u = srp.initialize_auth(params.delete('aa').to_i)
-    return {:bb => bb, :u => u}
+    self.srp = SRP::Server.new(self.salt, self.verifier)
+    bb, u = self.srp.initialize_auth(params.delete('A').to_i)
+    return {:B => bb, :u => u}
   end
 
+  def authenticate(params)
+    if m2 = self.srp.authenticate(params.delete('aa').to_i, params.delete('M').to_i)
+      return {:M2 => m2}
+    else
+      return {:error => "Access Denied"}
+    end
+  end
+
+
   def login!(params)
     self.active = valid_login?(params[:login], params[:password])
   end
diff --git a/example/public/srp.js b/example/public/srp.js
new file mode 100644 (file)
index 0000000..e68e220
--- /dev/null
@@ -0,0 +1,9 @@
+$(document).ready(function(){
+  $('#login-btn').click(on_login);
+});
+
+function on_login(event) {
+  srp = new SRP();
+  srp.identify();
+  event.preventDefault();
+}
diff --git a/example/public/srp.min.js b/example/public/srp.min.js
new file mode 100644 (file)
index 0000000..77f4f20
--- /dev/null
@@ -0,0 +1 @@
+eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('E 1A(s){D 2z=8;D 7r=0;E 1f(x,y){D 4o=(x&4n)+(y&4n);D 7z=(x>>16)+(y>>16)+(4o>>16);F(7z<<16)|(4o&4n)}E S(X,n){F(X>>>n)|(X<<(32-n))}E R(X,n){F(X>>>n)}E 7v(x,y,z){F((x&y)^((~x)&z))}E 7t(x,y,z){F((x&y)^(x&z)^(y&z))}E 7u(x){F(S(x,2)^S(x,13)^S(x,22))}E 7w(x){F(S(x,6)^S(x,11)^S(x,25))}E 7x(x){F(S(x,7)^S(x,18)^R(x,3))}E 7y(x){F(S(x,17)^S(x,19)^R(x,10))}E 7n(m,l){D K=V 1u(bI,bH,bG,bF,bE,bD,bC,bB,bA,bz,by,bx,bw,bv,bu,bt,br,bq,bp,bo,bn,bl,bk,bj,bi,bh,bg,bf,bd,bc,bb,b9,b8,b7,b6,b5,b4,b3,b2,b1,b0,aZ,aY,aX,aW,aV,aU,aT,aS,aR,aQ,aP,aO,aN,aM,aL,aK,aJ,aI,aH,aG,aF,aE,aD);D 1a=V 1u(aC,aB,aA,az,ay,ax,aw,av);D W=V 1u(64);D a,b,c,d,e,f,g,h,i,j;D 3C,4m;m[l>>5]|=2W<<(24-l%32);m[((l+64>>9)<<4)+15]=l;P(D i=0;i<m.T;i+=16){a=1a[0];b=1a[1];c=1a[2];d=1a[3];e=1a[4];f=1a[5];g=1a[6];h=1a[7];P(D j=0;j<64;j++){C(j<16)W[j]=m[j+i];J W[j]=1f(1f(1f(7y(W[j-2]),W[j-7]),7x(W[j-15])),W[j-16]);3C=1f(1f(1f(1f(h,7w(e)),7v(e,f,g)),K[j]),W[j]);4m=1f(7u(a),7t(a,b,c));h=g;g=f;f=e;e=1f(d,3C);d=c;c=b;b=a;a=1f(3C,4m)}1a[0]=1f(a,1a[0]);1a[1]=1f(b,1a[1]);1a[2]=1f(c,1a[2]);1a[3]=1f(d,1a[3]);1a[4]=1f(e,1a[4]);1a[5]=1f(f,1a[5]);1a[6]=1f(g,1a[6]);1a[7]=1f(h,1a[7])}F 1a}E 7m(1R){D 4l=1u();D 7s=(1<<2z)-1;P(D i=0;i<1R.T*2z;i+=2z){4l[i>>5]|=(1R.2a(i/2z)&7s)<<(24-i%32)}F 4l}E 7p(2y){2y=2y.4E(/\\r\\n/g,"\\n");D 1V="";P(D n=0;n<2y.T;n++){D c=2y.2a(n);C(c<3B){1V+=2B.2A(c)}J C((c>69)&&(c<au)){1V+=2B.2A((c>>6)|at);1V+=2B.2A((c&63)|3B)}J{1V+=2B.2A((c>>12)|as);1V+=2B.2A(((c>>6)&63)|3B);1V+=2B.2A((c&63)|3B)}}F 1V}E 7o(3A){D 4k=7r?"ar":"aq";D 1R="";P(D i=0;i<3A.T*4;i++){1R+=4k.2d((3A[i>>2]>>((3-i%4)*8+4))&7q)+4k.2d((3A[i>>2]>>((3-i%4)*8))&7q)}F 1R}s=7p(s);F 7o(7n(7m(s),s.T*2z))}E 3z(){o.i=0;o.j=0;o.S=V 1u()}E 7l(1B){D i,j,t;P(i=0;i<1U;++i)o.S[i]=i;j=0;P(i=0;i<1U;++i){j=(j+o.S[i]+1B[i%1B.T])&1E;t=o.S[i];o.S[i]=o.S[j];o.S[j]=t}o.i=0;o.j=0}E 7k(){D t;o.i=(o.i+1)&1E;o.j=(o.j+o.S[o.i])&1E;t=o.S[o.i];o.S[o.i]=o.S[o.j];o.S[o.j]=t;F o.S[(t+o.S[o.i])&1E]}3z.H.7f=7l;3z.H.7e=7k;E 7g(){F V 3z()}D 3y=1U;D 33;D 1s;D 1g;E 7j(x){1s[1g++]^=x&1E;1s[1g++]^=(x>>8)&1E;1s[1g++]^=(x>>16)&1E;1s[1g++]^=(x>>24)&1E;C(1g>=3y)1g-=3y}E 4j(){7j(V ap().ao())}C(1s==1b){1s=V 1u();1g=0;D t;C(3x.4g=="77"&&3x.an<"5"&&1G.7i){D z=1G.7i.7h(32);P(t=0;t<z.T;++t)1s[1g++]=z.2a(t)&1E}L(1g<3y){t=1e.20(al*1e.7h());1s[1g++]=t>>>8;1s[1g++]=t&1E}1g=0;4j();}E 7d(){C(33==1b){4j();33=7g();33.7f(1s);P(1g=0;1g<1s.T;++1g)1s[1g]=0;1g=0;}F 33.7e()}E 7c(ba){D i;P(i=0;i<ba.T;++i)ba[i]=7d()}E 3P(){}3P.H.3G=7c;D 1N;D 7b=ak;D 4h=((7b&aj)==ai);E G(a,b,c){C(a!=1b)C("6l"==3m a)o.3T(a,b,c);J C(b==1b&&"2y"!=3m a)o.3s(a,1U);J o.3s(a,b)}E Q(){F V G(1b)}E 76(i,x,w,j,c,n){L(--n>=0){D v=x*o[i++]+w[j]+c;c=1e.20(v/ah);w[j++]=v&ag}F c}E 78(i,x,w,j,c,n){D 2x=x&2Y,2w=x>>15;L(--n>=0){D l=o[i]&2Y;D h=o[i++]>>15;D m=2w*l+h*2x;l=2x*l+((m&2Y)<<15)+w[j]+(c&7a);c=(l>>>30)+(m>>>15)+2w*h+(c>>>30);w[j++]=l&7a}F c}E 75(i,x,w,j,c,n){D 2x=x&4i,2w=x>>14;L(--n>=0){D l=o[i]&4i;D h=o[i++]>>14;D m=2w*l+h*2x;l=2x*l+((m&4i)<<14)+w[j]+c;c=(l>>28)+(m>>14)+2w*h;w[j++]=l&af}F c}C(4h&&(3x.4g=="4Z ae ad")){G.H.am=78;1N=30}J C(4h&&(3x.4g!="77")){G.H.am=76;1N=26}J{G.H.am=75;1N=28}G.H.O=1N;G.H.1h=((1<<1N)-1);G.H.1m=(1<<1N);D 3w=52;G.H.72=1e.2M(2,3w);G.H.4e=3w-1N;G.H.4c=2*1N-3w;D 74="ab";D 2Z=V 1u();D 2b,1r;2b="0".2a(0);P(1r=0;1r<=9;++1r)2Z[2b++]=1r;2b="a".2a(0);P(1r=10;1r<36;++1r)2Z[2b++]=1r;2b="A".2a(0);P(1r=10;1r<36;++1r)2Z[2b++]=1r;E 4f(n){F 74.2d(n)}E 46(s,i){D c=2Z[s.2a(i)];F(c==1b)?-1:c}E 6J(r){P(D i=o.t-1;i>=0;--i)r[i]=o[i];r.t=o.t;r.s=o.s}E 6I(x){o.t=1;o.s=(x<0)?-1:0;C(x>0)o[0]=x;J C(x<-1)o[0]=x+1m;J o.t=0}E 1K(i){D r=Q();r.2n(i);F r}E 6H(s,b){D k;C(b==16)k=4;J C(b==8)k=3;J C(b==1U)k=8;J C(b==2)k=1;J C(b==32)k=5;J C(b==4)k=2;J{o.5Z(s,b);F}o.t=0;o.s=0;D i=s.T,21=1v,1q=0;L(--i>=0){D x=(k==8)?s[i]&2V:46(s,i);C(x<0){C(s.2d(i)=="-")21=1H;6m}21=1v;C(1q==0)o[o.t++]=x;J C(1q+k>o.O){o[o.t-1]|=(x&((1<<(o.O-1q))-1))<<1q;o[o.t++]=(x>>(o.O-1q))}J o[o.t-1]|=x<<1q;1q+=k;C(1q>=o.O)1q-=o.O}C(k==8&&(s[0]&2W)!=0){o.s=-1;C(1q>0)o[o.t-1]|=((1<<(o.O-1q))-1)<<1q}o.1n();C(21)G.1x.Y(o,o)}E 6G(){D c=o.s&o.1h;L(o.t>0&&o[o.t-1]==c)--o.t}E 6t(b){C(o.s<0)F"-"+o.2P().1t(b);D k;C(b==16)k=4;J C(b==8)k=3;J C(b==2)k=1;J C(b==32)k=5;J C(b==4)k=2;J F o.62(b);D 2R=(1<<k)-1,d,m=1v,r="",i=o.t;D p=o.O-(i*o.O)%k;C(i-->0){C(p<o.O&&(d=o[i]>>p)>0){m=1H;r=4f(d)}L(i>=0){C(p<k){d=(o[i]&((1<<p)-1))<<(k-p);d|=o[--i]>>(p+=o.O-k)}J{d=(o[i]>>(p-=k))&2R;C(p<=0){p+=o.O;--i}}C(d>0)m=1H;C(m)r+=4f(d)}}F m?r:"0"}E 6s(){D r=Q();G.1x.Y(o,r);F r}E 6r(){F(o.s<0)?o.2P():o}E 6q(a){D r=o.s-a.s;C(r!=0)F r;D i=o.t;r=i-a.t;C(r!=0)F r;L(--i>=0)C((r=o[i]-a[i])!=0)F r;F 0}E 2S(x){D r=1,t;C((t=x>>>16)!=0){x=t;r+=16}C((t=x>>8)!=0){x=t;r+=8}C((t=x>>4)!=0){x=t;r+=4}C((t=x>>2)!=0){x=t;r+=2}C((t=x>>1)!=0){x=t;r+=1}F r}E 6p(){C(o.t<=0)F 0;F o.O*(o.t-1)+2S(o[o.t-1]^(o.s&o.1h))}E 6F(n,r){D i;P(i=o.t-1;i>=0;--i)r[i+n]=o[i];P(i=n-1;i>=0;--i)r[i]=0;r.t=o.t+n;r.s=o.s}E 6E(n,r){P(D i=n;i<o.t;++i)r[i-n]=o[i];r.t=1e.3Q(o.t-n,0);r.s=o.s}E 6D(n,r){D bs=n%o.O;D 2v=o.O-bs;D bm=(1<<2v)-1;D 1p=1e.20(n/o.O),c=(o.s<<bs)&o.1h,i;P(i=o.t-1;i>=0;--i){r[i+1p+1]=(o[i]>>2v)|c;c=(o[i]&bm)<<bs}P(i=1p-1;i>=0;--i)r[i]=0;r[1p]=c;r.t=o.t+1p+1;r.s=o.s;r.1n()}E 6C(n,r){r.s=o.s;D 1p=1e.20(n/o.O);C(1p>=o.t){r.t=0;F}D bs=n%o.O;D 2v=o.O-bs;D bm=(1<<bs)-1;r[0]=o[1p]>>bs;P(D i=1p+1;i<o.t;++i){r[i-1p-1]|=(o[i]&bm)<<2v;r[i-1p]=o[i]>>bs}C(bs>0)r[o.t-1p-1]|=(o.s&bm)<<2v;r.t=o.t-1p;r.1n()}E 6B(a,r){D i=0,c=0,m=1e.1P(a.t,o.t);L(i<m){c+=o[i]-a[i];r[i++]=c&o.1h;c>>=o.O}C(a.t<o.t){c-=a.s;L(i<o.t){c+=o[i];r[i++]=c&o.1h;c>>=o.O}c+=o.s}J{c+=o.s;L(i<a.t){c-=a[i];r[i++]=c&o.1h;c>>=o.O}c-=a.s}r.s=(c<0)?-1:0;C(c<-1)r[i++]=o.1m+c;J C(c>0)r[i++]=c;r.t=i;r.1n()}E 6A(a,r){D x=o.1J(),y=a.1J();D i=x.t;r.t=i+y.t;L(--i>=0)r[i]=0;P(i=0;i<y.t;++i)r[i+x.t]=x.am(0,y[i],r,i,0,x.t);r.s=0;r.1n();C(o.s!=a.s)G.1x.Y(r,r)}E 6z(r){D x=o.1J();D i=r.t=2*x.t;L(--i>=0)r[i]=0;P(i=0;i<x.t-1;++i){D c=x.am(i,x[i],r,2*i,0,1);C((r[i+x.t]+=x.am(i+1,2*x[i],r,2*i+1,c,x.t-i-1))>=x.1m){r[i+x.t]-=x.1m;r[i+x.t+1]=1}}C(r.t>0)r[r.t-1]+=x.am(i,x[i],r,2*i,0,1);r.s=0;r.1n()}E 6y(m,q,r){D 27=m.1J();C(27.t<=0)F;D 3v=o.1J();C(3v.t<27.t){C(q!=1b)q.2n(0);C(r!=1b)o.1L(r);F}C(r==1b)r=Q();D y=Q(),4b=o.s,6Y=m.s;D 2u=o.O-2S(27[27.t-1]);C(2u>0){27.2o(2u,y);3v.2o(2u,r)}J{27.1L(y);3v.1L(r)}D 1D=y.t;D 3u=y[1D-1];C(3u==0)F;D 4d=3u*(1<<o.4e)+((1D>1)?y[1D-2]>>o.4c:0);D 70=o.72/4d,6Z=(1<<o.4e)/4d,e=1<<o.4c;D i=r.t,j=i-1D,t=(q==1b)?Q():q;y.2s(j,t);C(r.1d(t)>=0){r[r.t++]=1;r.Y(t,r)}G.1w.2s(1D,t);t.Y(y,y);L(y.t<1D)y[y.t++]=0;L(--j>=0){D 3t=(r[--i]==3u)?o.1h:1e.20(r[i]*70+(r[i-1]+e)*6Z);C((r[i]+=y.am(0,3t,r,j,0,1D))<3t){y.2s(j,t);r.Y(t,r);L(r[i]<--3t)r.Y(t,r)}}C(q!=1b){r.2U(1D,q);C(4b!=6Y)G.1x.Y(q,q)}r.t=1D;r.1n();C(2u>0)r.1j(2u,r);C(4b<0)G.1x.Y(r,r)}E 6o(a){D r=Q();o.1J().1M(a,1b,r);C(o.s<0&&r.1d(G.1x)>0)a.Y(r,r);F r}E 1T(m){o.m=m}E 6X(x){C(x.s<0||x.1d(o.m)>=0)F x.3n(o.m);J F x}E 6W(x){F x}E 6V(x){x.1M(o.m,1b,x)}E 6U(x,y,r){x.2r(y,r);o.1y(r)}E 6T(x,r){x.2T(r);o.1y(r)}1T.H.2q=6X;1T.H.2p=6W;1T.H.1y=6V;1T.H.1X=6U;1T.H.1C=6T;E 6w(){C(o.t<1)F 0;D x=o[0];C((x&1)==0)F 0;D y=x&3;y=(y*(2-(x&45)*y))&45;y=(y*(2-(x&2V)*y))&2V;y=(y*(2-(((x&3r)*y)&3r)))&3r;y=(y*(2-x*y%o.1m))%o.1m;F(y>0)?o.1m-y:-y}E 1S(m){o.m=m;o.4a=m.6x();o.49=o.4a&2Y;o.6R=o.4a>>15;o.6Q=(1<<(m.O-15))-1;o.6S=2*m.t}E 6O(x){D r=Q();x.1J().2s(o.m.t,r);r.1M(o.m,1b,r);C(x.s<0&&r.1d(G.1x)>0)o.m.Y(r,r);F r}E 6N(x){D r=Q();x.1L(r);o.1y(r);F r}E 6M(x){L(x.t<=o.6S)x[x.t++]=0;P(D i=0;i<o.m.t;++i){D j=x[i]&2Y;D 6P=(j*o.49+(((j*o.6R+(x[i]>>15)*o.49)&o.6Q)<<15))&x.1h;j=i+o.m.t;x[j]+=o.m.am(0,6P,x,i,0,o.m.t);L(x[j]>=x.1m){x[j]-=x.1m;x[++j]++}}x.1n();x.2U(o.m.t,x);C(x.1d(o.m)>=0)x.Y(o.m,x)}E 6K(x,r){x.2T(r);o.1y(r)}E 6L(x,y,r){x.2r(y,r);o.1y(r)}1S.H.2q=6O;1S.H.2p=6N;1S.H.1y=6M;1S.H.1X=6L;1S.H.1C=6K;E 6v(){F((o.t>0)?(o[0]&1):o.s)==0}E 6u(e,z){C(e>aa||e<1)F G.1w;D r=Q(),1c=Q(),g=z.2q(o),i=2S(e)-1;g.1L(r);L(--i>=0){z.1C(r,1c);C((e&(1<<i))>0)z.1X(1c,g,r);J{D t=r;r=1c;1c=t}}F z.2p(r)}E 6n(e,m){D z;C(e<1U||m.1l())z=V 1T(m);J z=V 1S(m);F o.3Z(e,z)}G.H.1L=6J;G.H.2n=6I;G.H.3s=6H;G.H.1n=6G;G.H.2s=6F;G.H.2U=6E;G.H.2o=6D;G.H.1j=6C;G.H.Y=6B;G.H.2r=6A;G.H.2T=6z;G.H.1M=6y;G.H.6x=6w;G.H.1l=6v;G.H.3Z=6u;G.H.1t=6t;G.H.2P=6s;G.H.1J=6r;G.H.1d=6q;G.H.3X=6p;G.H.3n=6o;G.H.66=6n;G.1x=1K(0);G.1w=1K(1);E 5J(){D r=Q();o.1L(r);F r}E 5I(){C(o.s<0){C(o.t==1)F o[0]-o.1m;J C(o.t==0)F-1}J C(o.t==1)F o[0];J C(o.t==0)F 0;F((o[1]&((1<<(32-o.O))-1))<<o.O)|o[0]}E 5H(){F(o.t==0)?o.s:(o[0]<<24)>>24}E 5G(){F(o.t==0)?o.s:(o[0]<<16)>>16}E 65(r){F 1e.20(1e.a9*o.O/1e.a8(r))}E 5F(){C(o.s<0)F-1;J C(o.t<=0||(o.t==1&&o[0]<=0))F 0;J F 1}E 60(b){C(b==1b)b=10;C(o.1I()==0||b<2||b>36)F"0";D 2X=o.3U(b);D a=1e.2M(b,2X);D d=1K(a),y=Q(),z=Q(),r="";o.1M(d,y,z);L(y.1I()>0){r=(a+z.3R()).1t(b).a7(1)+r;y.1M(d,y,z)}F z.3R().1t(b)+r}E 5Y(s,b){o.2n(0);C(b==1b)b=10;D 2X=o.3U(b);D d=1e.2M(b,2X),21=1v,j=0,w=0;P(D i=0;i<s.T;++i){D x=46(s,i);C(x<0){C(s.2d(i)=="-"&&o.1I()==0)21=1H;6m}w=b*w+x;C(++j>=2X){o.3S(d);o.2l(w,0);j=0;w=0}}C(j>0){o.3S(1e.2M(b,j));o.2l(w,0)}C(21)G.1x.Y(o,o)}E 5X(a,b,c){C("6l"==3m b){C(a<2)o.2n(1);J{o.3T(a,c);C(!o.5q(a-1))o.1W(G.1w.3o(a-1),3q,o);C(o.1l())o.2l(1,0);L(!o.5a(b)){o.2l(2,0);C(o.3X()>a)o.Y(G.1w.3o(a-1),o)}}}J{D x=V 1u(),t=a&7;x.T=(a>>3)+1;b.3G(x);C(t>0)x[0]&=((1<<t)-1);J x[0]=0;o.3s(x,1U)}}E 5E(){D i=o.t,r=V 1u();r[0]=o.s;D p=o.O-(i*o.O)%8,d,k=0;C(i-->0){C(p<o.O&&(d=o[i]>>p)!=(o.s&o.1h)>>p)r[k++]=d|(o.s<<(o.O-p));L(i>=0){C(p<8){d=(o[i]&((1<<p)-1))<<(8-p);d|=o[--i]>>(p+=o.O-8)}J{d=(o[i]>>(p-=8))&2V;C(p<=0){p+=o.O;--i}}C((d&2W)!=0)d|=-1U;C(k==0&&(o.s&2W)!=(d&2W))++k;C(k>0||d!=o.s)r[k++]=d}}F r}E 5D(a){F(o.1d(a)==0)}E 5C(a){F(o.1d(a)<0)?o:a}E 5B(a){F(o.1d(a)>0)?o:a}E 5W(a,1Z,r){D i,f,m=1e.1P(a.t,o.t);P(i=0;i<m;++i)r[i]=1Z(o[i],a[i]);C(a.t<o.t){f=a.s&o.1h;P(i=m;i<o.t;++i)r[i]=1Z(o[i],f);r.t=o.t}J{f=o.s&o.1h;P(i=m;i<a.t;++i)r[i]=1Z(f,a[i]);r.t=a.t}r.s=1Z(o.s,a.s);r.1n()}E 6k(x,y){F x&y}E 5A(a){D r=Q();o.1W(a,6k,r);F r}E 3q(x,y){F x|y}E 5z(a){D r=Q();o.1W(a,3q,r);F r}E 42(x,y){F x^y}E 5y(a){D r=Q();o.1W(a,42,r);F r}E 44(x,y){F x&~y}E 5x(a){D r=Q();o.1W(a,44,r);F r}E 5w(){D r=Q();P(D i=0;i<o.t;++i)r[i]=o.1h&~o[i];r.t=o.t;r.s=~o.s;F r}E 5v(n){D r=Q();C(n<0)o.1j(-n,r);J o.2o(n,r);F r}E 5t(n){D r=Q();C(n<0)o.2o(-n,r);J o.1j(n,r);F r}E 6j(x){C(x==0)F-1;D r=0;C((x&3r)==0){x>>=16;r+=16}C((x&2V)==0){x>>=8;r+=8}C((x&45)==0){x>>=4;r+=4}C((x&3)==0){x>>=2;r+=2}C((x&1)==0)++r;F r}E 5s(){P(D i=0;i<o.t;++i)C(o[i]!=0)F i*o.O+6j(o[i]);C(o.s<0)F o.t*o.O;F-1}E 6i(x){D r=0;L(x!=0){x&=x-1;++r}F r}E 5r(){D r=0,x=o.s&o.1h;P(D i=0;i<o.t;++i)r+=6i(o[i]^x);F r}E 5p(n){D j=1e.20(n/o.O);C(j>=o.t)F(o.s!=0);F((o[j]&(1<<(n%o.O)))!=0)}E 5V(n,1Z){D r=G.1w.3o(n);o.1W(r,1Z,r);F r}E 5o(n){F o.3p(n,3q)}E 5n(n){F o.3p(n,44)}E 5m(n){F o.3p(n,42)}E 5U(a,r){D i=0,c=0,m=1e.1P(a.t,o.t);L(i<m){c+=o[i]+a[i];r[i++]=c&o.1h;c>>=o.O}C(a.t<o.t){c+=a.s;L(i<o.t){c+=o[i];r[i++]=c&o.1h;c>>=o.O}c+=o.s}J{c+=o.s;L(i<a.t){c+=a[i];r[i++]=c&o.1h;c>>=o.O}c+=a.s}r.s=(c<0)?-1:0;C(c>0)r[i++]=c;J C(c<-1)r[i++]=o.1m+c;r.t=i;r.1n()}E 5l(a){D r=Q();o.2O(a,r);F r}E 5k(a){D r=Q();o.Y(a,r);F r}E 5j(a){D r=Q();o.2r(a,r);F r}E 5h(a){D r=Q();o.1M(a,r,1b);F r}E 5g(a){D r=Q();o.1M(a,1b,r);F r}E 5f(a){D q=Q(),r=Q();o.1M(a,q,r);F V 1u(q,r)}E 5T(n){o[o.t]=o.am(0,n-1,o,0,0,o.t);++o.t;o.1n()}E 5S(n,w){L(o.t<=w)o[o.t++]=0;o[w]+=n;L(o[w]>=o.1m){o[w]-=o.1m;C(++w>=o.t)o[o.t++]=0;++o[w]}}E 2t(){}E 40(x){F x}E 6h(x,y,r){x.2r(y,r)}E 6g(x,r){x.2T(r)}2t.H.2q=40;2t.H.2p=40;2t.H.1X=6h;2t.H.1C=6g;E 5c(e){F o.3Z(e,V 2t())}E 5Q(a,n,r){D i=1e.1P(o.t+a.t,n);r.s=0;r.t=i;L(i>0)r[--i]=0;D j;P(j=r.t-o.t;i<j;++i)r[i+o.t]=o.am(0,a[i],r,i,0,o.t);P(j=1e.1P(a.t,n);i<j;++i)o.am(0,a[i],r,i,0,n-i);r.1n()}E 5O(a,n,r){--n;D i=r.t=o.t+a.t-n;r.s=0;L(--i>=0)r[i]=0;P(i=1e.3Q(n-o.t,0);i<a.t;++i)r[o.t+i-n]=o.am(n-i,a[i],r,0,0,o.t+i-n);r.1n();r.2U(1,r)}E 1Y(m){o.1c=Q();o.3Y=Q();G.1w.2s(2*m.t,o.1c);o.6f=o.1c.5i(m);o.m=m}E 6e(x){C(x.s<0||x.t>2*o.m.t)F x.3n(o.m);J C(x.1d(o.m)<0)F x;J{D r=Q();x.1L(r);o.1y(r);F r}}E 6d(x){F x}E 6c(x){x.2U(o.m.t-1,o.1c);C(x.t>o.m.t+1){x.t=o.m.t+1;x.1n()}o.6f.5P(o.1c,o.m.t+1,o.3Y);o.m.5R(o.3Y,o.m.t+1,o.1c);L(x.1d(o.1c)<0)x.2l(1,o.m.t+1);x.Y(o.1c,x);L(x.1d(o.m)>=0)x.Y(o.m,x)}E 6a(x,r){x.2T(r);o.1y(r)}E 6b(x,y,r){x.2r(y,r);o.1y(r)}1Y.H.2q=6e;1Y.H.2p=6d;1Y.H.1y=6c;1Y.H.1X=6b;1Y.H.1C=6a;E 5e(e,m){D i=e.3X(),k,r=1K(1),z;C(i<=0)F r;J C(i<18)k=1;J C(i<48)k=3;J C(i<a6)k=4;J C(i<a5)k=5;J k=6;C(i<8)z=V 1T(m);J C(m.1l())z=V 1Y(m);J z=V 1S(m);D g=V 1u(),n=3,2Q=k-1,2R=(1<<k)-1;g[1]=z.2q(o);C(k>1){D 3W=Q();z.1C(g[1],3W);L(n<=2R){g[n]=Q();z.1X(3W,g[n-2],g[n]);n+=2}}D j=e.t-1,w,3V=1H,1c=Q(),t;i=2S(e[j])-1;L(j>=0){C(i>=2Q)w=(e[j]>>(i-2Q))&2R;J{w=(e[j]&((1<<(i+1))-1))<<(2Q-i);C(j>0)w|=e[j-1]>>(o.O+i-2Q)}n=k;L((w&1)==0){w>>=1;--n}C((i-=n)<0){i+=o.O;--j}C(3V){g[w].1L(r);3V=1v}J{L(n>1){z.1C(r,1c);z.1C(1c,r);n-=2}C(n>0)z.1C(r,1c);J{t=r;r=1c;1c=t}z.1X(1c,g[w],r)}L(j>=0&&(e[j]&(1<<i))==0){z.1C(r,1c);t=r;r=1c;1c=t;C(--i<0){i=o.O-1;--j}}}F z.2p(r)}E 5b(a){D x=(o.s<0)?o.2P():o.2N();D y=(a.s<0)?a.2P():a.2N();C(x.1d(y)<0){D t=x;x=y;y=t}D i=x.2k(),g=y.2k();C(g<0)F x;C(i<g)g=i;C(g>0){x.1j(g,x);y.1j(g,y)}L(x.1I()>0){C((i=x.2k())>0)x.1j(i,x);C((i=y.2k())>0)y.1j(i,y);C(x.1d(y)>=0){x.Y(y,x);x.1j(1,x)}J{y.Y(x,y);y.1j(1,y)}}C(g>0)y.2o(g,y);F y}E 5M(n){C(n<=0)F 0;D d=o.1m%n,r=(o.s<0)?n-1:0;C(o.t>0)C(d==0)r=o[0]%n;J P(D i=o.t-1;i>=0;--i)r=(d*r+o[i])%n;F r}E 5d(m){D ac=m.1l();C((o.1l()&&ac)||m.1I()==0)F G.1x;D u=m.2N(),v=o.2N();D a=1K(1),b=1K(0),c=1K(0),d=1K(1);L(u.1I()!=0){L(u.1l()){u.1j(1,u);C(ac){C(!a.1l()||!b.1l()){a.2O(o,a);b.Y(m,b)}a.1j(1,a)}J C(!b.1l())b.Y(m,b);b.1j(1,b)}L(v.1l()){v.1j(1,v);C(ac){C(!c.1l()||!d.1l()){c.2O(o,c);d.Y(m,d)}c.1j(1,c)}J C(!d.1l())d.Y(m,d);d.1j(1,d)}C(u.1d(v)>=0){u.Y(v,u);C(ac)a.Y(c,a);b.Y(d,b)}J{v.Y(u,v);C(ac)c.Y(a,c);d.Y(b,d)}}C(v.1d(G.1w)!=0)F G.1x;C(d.1d(m)>=0)F d.3l(m);C(d.1I()<0)d.2O(m,d);J F d;C(d.1I()<0)F d.3M(m);J F d}D 1k=[2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,a4,a3,a2,a1,a0,69,9Z,9Y,9X,9W,9V,9U,9T,9S,9R,9Q,9P,9O,9N,9M,9L,9K,9J,9I,9H,9G,9F,9E,9D,9C,9B,9A,9z,9y,9x,9w,9v,9u,9t,9s,9r,9q,9p,9o,9n,9m,9l,9k,9j,9i,9h,9g,9f,9e,9d,9c,9b,9a,99,98,96,95,94,93,92,91,90,8Z,8Y,8X,8W,8V];D 68=(1<<26)/1k[1k.T-1];E 58(t){D i,x=o.1J();C(x.t==1&&x[0]<=1k[1k.T-1]){P(i=0;i<1k.T;++i)C(x[0]==1k[i])F 1H;F 1v}C(x.1l())F 1v;i=1;L(i<1k.T){D m=1k[i],j=i+1;L(j<1k.T&&m<68)m*=1k[j++];m=x.5N(m);L(i<j)C(m%1k[i++]==0)F 1v}F x.5L(t)}E 5K(t){D 2m=o.3l(G.1w);D k=2m.2k();C(k<=0)F 1v;D r=2m.5u(k);t=(t+1)>>1;C(t>1k.T)t=1k.T;D a=Q();P(D i=0;i<t;++i){a.2n(1k[i]);D y=a.2j(r,o);C(y.1d(G.1w)!=0&&y.1d(2m)!=0){D j=1;L(j++<k&&y.1d(2m)!=0){y=y.66(2,o);C(y.1d(G.1w)==0)F 1v}C(y.1d(2m)!=0)F 1v}}F 1H}G.H.3U=65;G.H.62=60;G.H.5Z=5Y;G.H.3T=5X;G.H.1W=5W;G.H.3p=5V;G.H.2O=5U;G.H.3S=5T;G.H.2l=5S;G.H.5R=5Q;G.H.5P=5O;G.H.5N=5M;G.H.5L=5K;G.H.2N=5J;G.H.3R=5I;G.H.8U=5H;G.H.8T=5G;G.H.1I=5F;G.H.8S=5E;G.H.8R=5D;G.H.1P=5C;G.H.3Q=5B;G.H.8Q=5A;G.H.8P=5z;G.H.8O=5y;G.H.8N=5x;G.H.2c=5w;G.H.3o=5v;G.H.5u=5t;G.H.2k=5s;G.H.8M=5r;G.H.5q=5p;G.H.8L=5o;G.H.8K=5n;G.H.8J=5m;G.H.3M=5l;G.H.3l=5k;G.H.3L=5j;G.H.5i=5h;G.H.8I=5g;G.H.8H=5f;G.H.2j=5e;G.H.8G=5d;G.H.2M=5c;G.H.8F=5b;G.H.5a=58;E 4r(){D 57="8E";D N=V G(57,16);D g=V G("2");D k=V G("8D",16);D 3k=V 3P();D a=V G(32,3k);D A=g.2j(a,N);L(A.3n(N)==0){a=V G(32,3k);A=g.2j(a,N)}D 3N=A.1t(16);D S=1b;D K=1b;D M=1b;D 3h=1b;D 2i=1F.2D("8C").2C;D 56=1F.2D("8B").2C;D Z=o;D 34=1v;D I=1F.2D("8A").2C;D p=1F.2D("8z").2C;D U=1b;o.8y=E(){F I};o.8x=E(){F U};o.8w=E(){F 2i};o.8v=E(){F g};o.8u=E(){F N};o.8t=E(s){F V G(1A(s+1A(I+":"+p)),16)};o.2I=E(1R){C(56=="8s"){F 1R}};o.2G=E(55){F 55.8r.8q};E 2F(54){F(3m(1G[54])!="8p")};o.2H=E(4X,2L,4Y){C(1G.51)U=V 51();J C(1G.50){8o{U=V 50("4Z.8n")}8m(e){}}J{Z.1z("4V 2c 8l.");F}C(U){U.8k=4Y;U.8j("8i",4X,1H);U.3O("4W-4w","8h/x-8g-8f-8e");U.3O("4W-T",2L.T);U.3O("8d","8c");U.8b(2L)}J{Z.1z("4V 8a.")}};o.4x=E(){D 4U=2i+Z.2I("88/");D 2L="I="+I+"&A="+3N;Z.2H(4U,2L,4T)};E 4T(){C(U.3f==4&&U.3e==3d){C(U.1o.1i("r").T>0){D 1Q=U.1o.1i("r")[0];C(!1Q.1O("a")){3J(1Q.1O("s"),1Q.1O("B"),p);Z.2H(2i+Z.2I("4L/"),"M="+M,4N)}J 3g(1Q.1O("s"),1Q.1O("B"),1Q.1O("a"),1Q.1O("d"))}J C(U.1o.1i("2h").T>0)Z.1z(U.1o.1i("2h")[0])}};E 3J(s,2K,4R){D B=V G(2K,16);D 4S=2K;D u=V G(1A(3N+4S),16);D x=V G(1A(s+1A(I+":"+4R)),16);D 4Q=k.3L(g.2j(x,N));D 4P=a.3M(u.3L(x));S=B.3l(4Q).2j(4P,N);D 4O=A.1t(16)+B.1t(16)+S.1t(16);M=1A(4O);3h=1A(A.1t(16)+M+S.1t(16));};E 4N(){C(U.3f==4&&U.3e==3d){C(U.1o.1i("M").T>0){C(Z.2G(U.1o.1i("M")[0])==3h){34=1H;35()}J Z.1z("4B 1B 4A 2c 4z")}J C(U.1o.1i("2h").T>0)Z.1z(Z.2G(U.1o.1i("2h")[0]))}};E 3g(s,2K,3K,4M){4u();E 3H(){C(!2F("3a")||!2F("3b")){1G.4K(3H,10);F}C(3K=="87")3I=3a;J C(3K=="86")3I=3b;3J(s,2K,3I(4M+p));Z.2H(2i+Z.2I("3g/4L/"),"M="+M,4D)};1G.4K(3H,10)};E 3E(4J){D 1B=39.85(Z.1B());D 3F=39.84(4J);D 3i=V 1u(16);3k.3G(3i);D 4I=3j.82(3F,0,3F.T,3j.4H.4G);D 4F=3j.3E(4I,3j.4H.4G,1B,1B.T,3i).81;D 2J=39.80.7Z(3i.7Y(4F));L(2J.7X("+",0)>-1)2J=2J.4E("+","7W");F 2J};E 4D(){C(U.3f==4&&U.3e==3d){C(U.1o.1i("M").T>0){C(Z.2G(U.1o.1i("M")[0])==3h){K=1A(S.1t(16));D 4C=2i+Z.2I("3g/7V/");Z.2H(4C,"p="+3E(p)+"&l="+p.T,4y)}J Z.1z("4B 1B 4A 2c 4z")}J C(U.1o.1i("2h").T>0){Z.1z(Z.2G(U.1o.1i("2h")[0]))}}};E 4y(){C(U.3f==4&&U.3e==3d){K=1b;C(U.1o.1i("7U").T>0)Z.4x();J Z.1z("7T 7S 2c be 7R")}};E 2g(4v){D 3c=1F.7Q(\'3D\');3c.4w=\'7P/7O\';3c.4p=4v;1F.1i(\'7N\')[0].7M(3c)};E 4u(){C(2F("3a")&&2F("3b"))F;D 2E=Z.4q.7L("/");D 2f=2E.7K(0,2E.T-1).7J("/");C(2E[2E.T-1]=="7I.1P.2e")2g(2f+"/7H.1P.2e");J{2g(2f+"/3b.2e");2g(2f+"/3a.2e");2g(2f+"/39.2e");2g(2f+"/7G.2e")}}E 35(){D 38=1F.2D("7F").2C;C(38.2d(0)!="#")1G.4t=38;J{1G.4t=38;Z.35()}};o.35=E(){4s("7E 7D.")};o.1B=E(){C(K==1b)C(34){K=1A(S.1t(16));F K}J Z.1z("7C 7B 2c 7A 34.");J F K};o.1z=E(t){4s(t)}};4r.H.4q=1F.1i(\'3D\')[1F.1i(\'3D\').T-1].1O("4p");',62,727,'||||||||||||||||||||||||this||||||||||||||if|var|function|return|BigInteger|prototype||else||while|||DB|for|nbi|||length|xhr|new|||subTo|that|||||||||||HASH|null|r2|compareTo|Math|safe_add|rng_pptr|DM|getElementsByTagName|rShiftTo|lowprimes|isEven|DV|clamp|responseXML|ds|sh|vv|rng_pool|toString|Array|false|ONE|ZERO|reduce|error_message|SHA256|key|sqrTo|ys|255|document|window|true|signum|abs|nbv|copyTo|divRemTo|dbits|getAttribute|min|response|str|Montgomery|Classic|256|utftext|bitwiseTo|mulTo|Barrett|op|floor|mi||||||pm|||charCodeAt|rr|not|charAt|js|path|import_file|error|url|modPow|getLowestSetBit|dAddOffset|n1|fromInt|lShiftTo|revert|convert|multiplyTo|dlShiftTo|NullExp|nsh|cbs|xh|xl|string|chrsz|fromCharCode|String|value|getElementById|arr|isdefined|innerxml|ajaxRequest|paths|retstring|ephemeral|params|pow|clone|addTo|negate|k1|km|nbits|squareTo|drShiftTo|0xff|0x80|cs|0x7fff|BI_RC||||rng_state|authenticated|success|||forward_url|cryptoHelpers|SHA1|MD5|scriptElt|200|status|readyState|upgrade|M2|iv|slowAES|rng|subtract|typeof|mod|shiftLeft|changeBit|op_or|0xffff|fromString|qd|y0|pt|BI_FP|navigator|rng_psize|Arcfour|binarray|128|T1|script|encrypt|byteMessage|nextBytes|do_upgrade|hashfun|calculations|algo|multiply|add|Astr|setRequestHeader|SecureRandom|max|intValue|dMultiply|fromNumber|chunkSize|is1|g2|bitLength|q3|exp|nNop||op_xor||op_andnot|0xf|intAt|||mpl|mp|ts|F2|yt|F1|int2char|appName|j_lm|0x3fff|rng_seed_time|hex_tab|bin|T2|0xFFFF|lsw|src|srpPath|SRP|alert|location|import_hashes|fname|type|identify|confirm_verifier|match|does|Server|auth_url|confirm_upgrade|replace|ciphertext|CFB|modeOfOperation|paddedByteMessage|plaintext|setTimeout|authenticate|dsalt|confirm_authentication|Mstr|aux|kgx|pass|Bstr|receive_salts|handshake_url|Ajax|Content|full_url|callback|Microsoft|ActiveXObject|XMLHttpRequest|||variable|node|server|Nstr|bnIsProbablePrime||isProbablePrime|bnGCD|bnPow|bnModInverse|bnModPow|bnDivideAndRemainder|bnRemainder|bnDivide|divide|bnMultiply|bnSubtract|bnAdd|bnFlipBit|bnClearBit|bnSetBit|bnTestBit|testBit|bnBitCount|bnGetLowestSetBit|bnShiftRight|shiftRight|bnShiftLeft|bnNot|bnAndNot|bnXor|bnOr|bnAnd|bnMax|bnMin|bnEquals|bnToByteArray|bnSigNum|bnShortValue|bnByteValue|bnIntValue|bnClone|bnpMillerRabin|millerRabin|bnpModInt|modInt|bnpMultiplyUpperTo|multiplyUpperTo|bnpMultiplyLowerTo|multiplyLowerTo|bnpDAddOffset|bnpDMultiply|bnpAddTo|bnpChangeBit|bnpBitwiseTo|bnpFromNumber|bnpFromRadix|fromRadix|bnpToRadix||toRadix|||bnpChunkSize|modPowInt||lplim|127|barrettSqrTo|barrettMulTo|barrettReduce|barrettRevert|barrettConvert|mu|nSqrTo|nMulTo|cbit|lbit|op_and|number|continue|bnModPowInt|bnMod|bnBitLength|bnCompareTo|bnAbs|bnNegate|bnToString|bnpExp|bnpIsEven|bnpInvDigit|invDigit|bnpDivRemTo|bnpSquareTo|bnpMultiplyTo|bnpSubTo|bnpRShiftTo|bnpLShiftTo|bnpDRShiftTo|bnpDLShiftTo|bnpClamp|bnpFromString|bnpFromInt|bnpCopyTo|montSqrTo|montMulTo|montReduce|montRevert|montConvert|u0|um|mph|mt2|cSqrTo|cMulTo|cReduce|cRevert|cConvert|ms|d2|d1||FV||BI_RM|am3|am1|Netscape|am2||0x3fffffff|canary|rng_get_bytes|rng_get_byte|next|init|prng_newstate|random|crypto|rng_seed_int|ARC4next|ARC4init|str2binb|core_sha256|binb2hex|Utf8Encode|0xF|hexcase|mask|Maj|Sigma0256|Ch|Sigma1256|Gamma0256|Gamma1256|msw|been|has|User|successful|Login|srp_forward|aes|hash|srp|join|slice|split|appendChild|head|javascript|text|createElement|confirmed|could|Verifier|ok|verifier|_|indexOf|concat|encode|base64|cipher|getPaddedBlock||convertStringToByteArray|toNumbers|md5|sha1|handshake||failed|send|close|Connection|urlencoded|form|www|application|POST|open|onreadystatechange|supported|catch|XMLHTTP|try|undefined|nodeValue|firstChild|django|calcX|getN|getg|geturl|getxhr|getI|srp_password|srp_username|srp_server|srp_url|c46d46600d87fef149bd79b81119842f3c20241fda67d06ef412d8f6d9479c58|115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3|gcd|modInverse|divideAndRemainder|remainder|flipBit|clearBit|setBit|bitCount|andNot|xor|or|and|equals|toByteArray|shortValue|byteValue|509|503|499|491|487|479|467|463|461|457|449|443||439|433|431|421|419|409|401|397|389|383|379|373|367|359|353|349|347|337|331|317|313|311|307|293|283|281|277|271|269|263|257|251|241|239|233|229|227|223|211|199|197|193|191|181|179|173|167|163|157|151|149|139|137|131|113|109|107|103|101|768|144|substr|log|LN2|0xffffffff|0123456789abcdefghijklmnopqrstuvwxyz||Explorer|Internet|0xfffffff|0x3ffffff|0x4000000|0xefcafe|0xffffff|0xdeadbeefcafe|65536||appVersion|getTime|Date|0123456789abcdef|0123456789ABCDEF|224|192|2048|0x5BE0CD19|0x1F83D9AB|0x9B05688C|0x510E527F|0xA54FF53A|0x3C6EF372|0xBB67AE85|0x6A09E667|0xC67178F2|0xBEF9A3F7|0xA4506CEB|0x90BEFFFA|0x8CC70208|0x84C87814|0x78A5636F|0x748F82EE|0x682E6FF3|0x5B9CCA4F|0x4ED8AA4A|0x391C0CB3|0x34B0BCB5|0x2748774C|0x1E376C08|0x19A4C116|0x106AA070|0xF40E3585|0xD6990624|0xD192E819|0xC76C51A3|0xC24B8B70|0xA81A664B|0xA2BFE8A1|0x92722C85|0x81C2C92E|0x766A0ABB|0x650A7354|0x53380D13|0x4D2C6DFC|0x2E1B2138|0x27B70A85|0x14292967||0x6CA6351|0xD5A79147|0xC6E00BF3||0xBF597FC7|0xB00327C8|0xA831C66D|0x983E5152|0x76F988DA|0x5CB0A9DC|0x4A7484AA||0x2DE92C6F|0x240CA1CC|0xFC19DC6|0xEFBE4786|0xE49B69C1||0xC19BF174|0x9BDC06A7|0x80DEB1FE|0x72BE5D74|0x550C7DC3|0x243185BE|0x12835B01|0xD807AA98|0xAB1C5ED5|0x923F82A4|0x59F111F1|0x3956C25B|0xE9B5DBA5|0xB5C0FBCF|0x71374491|0x428A2F98'.split('|'),0,{}))
diff --git a/example/views/authenticate.erb b/example/views/authenticate.erb
new file mode 100644 (file)
index 0000000..7d6e39f
--- /dev/null
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<% if @auth[:M2] %>
+  <M><%=@auth[:M2]%></M>
+<% end %>
+<% if @auth[:error] %>
+  <error><%=@auth[:error]%></error>
+<% end %>
+
diff --git a/example/views/handshake.erb b/example/views/handshake.erb
new file mode 100644 (file)
index 0000000..66fac73
--- /dev/null
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<r s="<%=@user.salt%>" B="<%=@auth[:B]%>" />
index d7e9985..ab980c8 100644 (file)
@@ -22,6 +22,7 @@
     <%= yield %>
 
     <script type="text/javascript" src="jquery.min.js"> </script>
+    <script type="text/javascript" src="srp.min.js"> </script>
     <script type="text/javascript" src="srp.js"> </script>
 
   </body>
index 131b0b9..eb750a4 100644 (file)
@@ -1,26 +1,20 @@
 <h2>2. Login</h2>
 <form class="form-horizontal" action="/login" method="POST">
-  <legend>Login with the user you <a href="/signup.html">created</a>.</legend>
+  <legend>Login with the user you <a href="/signup">created</a>.</legend>
   <div class="control-group">
-    <label class="control-label" for="login">Login</label>
-    <input type="text" class="input-xlarge" name="login"></input>
+    <label class="control-label" for="srp_username">Login</label>
+    <input type="text" class="input-xlarge" id="srp_username" name="srp_username"></input>
   </div>
 
   <div class="control-group">
-    <label class="control-label" for="password">Password</label>
-    <input type="password" class="input-xlarge" name="password"></input>
-  </div>
-  <div class="control-group">
-    <label class="control-label" for="srp-bb">B</label>
-    <input type="text" class="input-xlarge" disabled id="srp-bb" name="srp-bb" value="<%=@auth[:bb]%>"></input>
-  </div>
-  <div class="control-group">
-    <label class="control-label" for="srp-u">u</label>
-    <input type="text" class="input-xlarge" disabled id="srp-u" name="srp-u" value="<%=@auth[:u]%>"></input>
+    <label class="control-label" for="srp_password">Password</label>
+    <input type="password" class="input-xlarge" id="srp_password" name="srp_password"></input>
   </div>
+  <input type="hidden" id="srp_url" name="srp_url" value="/"></input>
+  <input type="hidden" id="srp_server" name="srp_server" value="django"></input>
 
   <div class="form-actions">
-    <button type="submit" class="btn btn-primary">Login</button>
+    <button type="submit" class="btn btn-primary" id="login-btn">Login</button>
     <a href="/" class="btn">Cancel</a>
   </div>
 </form>
index a1189a1..79d1b75 100644 (file)
@@ -18,11 +18,13 @@ module SRP
       return @bb, u
     end
 
-    def authenticate(aa, client_s)
+    def authenticate(aa, m)
       u = calculate_u(aa, @bb, PRIME_N)
       base = (modpow(@verifier, u, PRIME_N) * aa) % PRIME_N
       server_s = modpow(base, @b, PRIME_N)
-      return client_s == server_s
+      if(m == calculate_m(aa, @bb, server_s))
+        return calculate_m(aa, m, server_s)
+      end
     end
 
 
@@ -34,8 +36,15 @@ module SRP
       bbhex = '%x' % [bb]
       hashin = '0' * (nlen - aahex.length) + aahex \
         + '0' * (nlen - bbhex.length) + bbhex
-      sha1_hex(hashin).hex
+      sha256_hex(hashin).hex
     end
+
+    def calculate_m(aa, bb, s)
+      # todo: we might want to 0fill this like for u
+      hashin = '%x%x%x' % [aa, bb, s]
+      sha256_hex(hashin).hex
+    end
+
   end
 end
 
index 6792105..0da1f8f 100644 (file)
@@ -33,6 +33,14 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5
       Digest::SHA1.hexdigest(s)
     end
 
+    def sha256_hex(h)
+      Digest::SHA2.hexdigest([h].pack('H*'))
+    end
+
+    def sha256_str(s)
+      Digest::SHA2.hexdigest(s)
+    end
+
     def bigrand(bytes)
       OpenSSL::Random.random_bytes(bytes).unpack("H*")[0]
     end