first take on a hex based api
authorAzul <azul@riseup.net>
Sun, 14 Jul 2013 12:01:04 +0000 (14:01 +0200)
committerAzul <azul@riseup.net>
Sun, 14 Jul 2013 12:10:18 +0000 (14:10 +0200)
lib/srp/session.rb
test/fixtures/failed_js_login.json
test/session_test.rb

index abf91cc..30ff15e 100644 (file)
@@ -3,9 +3,12 @@ module SRP
     include SRP::Util
     attr_accessor :user
 
+    # params:
+    # user: user object that represents and account (username, salt, verifier)
+    # aa: SRPs A ephemeral value. encoded as a hex string.
     def initialize(user, aa=nil)
       @user = user
-      aa ? initialize_server(aa) : initialize_client
+      aa ? initialize_server(aa.hex) : initialize_client
     end
 
     # client -> server: I, A = g^a
@@ -31,7 +34,7 @@ module SRP
 
     def to_hash
       if @authenticated
-        { :M2 => m2.to_s(16) }
+        { :M2 => m2 }
       else
         { :B => bb.to_s(16),
 #         :b => @b.to_s(16),    # only use for debugging
@@ -53,9 +56,9 @@ module SRP
         aa: aa.to_s(16),
         bb: bb.to_s(16),
         s: secret.to_s(16),
-        k: k.to_s(16),
-        m: m.to_s(16),
-        m2: m2.to_s(16)
+        k: k,
+        m: m,
+        m2: m2
       }
     end
 
@@ -107,23 +110,23 @@ module SRP
     # SRP 6a uses
     # M = H(H(N) xor H(g), H(I), s, A, B, K)
     def m
-      @m ||= sha256_int(n_xor_g_long, login_hash, @user.salt, aa, bb, k).hex
+      @m ||= sha256_hex(n_xor_g_long, login_hash, @user.salt.to_s(16), aa.to_s(16), bb.to_s(16), k)
     end
 
     def m2
-      @m2 ||= sha256_int(aa, m, k).hex
+      @m2 ||= sha256_hex(aa.to_s(16), m, k)
     end
 
     def k
-      @k ||= sha256_int(secret).hex
+      @k ||= sha256_int(secret)
     end
 
     def n_xor_g_long
-      @n_xor_g_long ||= hn_xor_hg.bytes.map{|b| "%02x" % b.ord}.join.hex
+      @n_xor_g_long ||= hn_xor_hg.bytes.map{|b| "%02x" % b.ord}.join
     end
 
     def login_hash
-      @login_hash ||= sha256_str(@user.username).hex
+      @login_hash ||= sha256_str(@user.username)
     end
 
     def u
index 0de652c..37a67f3 100644 (file)
@@ -6,7 +6,7 @@
   "aa": "4decb8543891f5a744b1e9b5bc375a474bfe3c5417e1db176cefcc7ba915338a14f309f8e0a4c7641bc9c9b9bd2e91c4d1beda1772c30d0350c9ba44f7c5911dfe6bb593ac2a2b30f1f6e5ec8a656cb4947c1907cf62f8d7283cbe32eb44b02158b51091ae130afa6063bb28cdea9ae159d4f222571e146f8715bfa31af09868",
   "b": "f393e04f8a0463b90227742217d7e1bbba82241a43beb372c4fc90539d24bdaf",
   "bb": "dee64fd54daafc18b338c5783ade3ff4275dfee8c97008e2d9fb445880a2e1d452c822a35e8e3f012bc6facaa28022f8de3fb1d632667d635abde0afc0ca4ed06c9197ea88f379042b10bc7b7f816a1ec14fefe6e9adef4ab904315b3a3f36749f3f6d1083b0eb0029173770f8e9342b098298389ba49a88d4ea6b78a7f576a4",
-  "m": "ccf0c492f715484dc8343e22cd5967c2c5d01de743c5f0a9c5cfd017db1804c",
+  "m": "0ccf0c492f715484dc8343e22cd5967c2c5d01de743c5f0a9c5cfd017db1804c",
   "s": "50973f6e8134f95bd04f54f522e6e57d957d0640f91f0a989ff775712b81d5856ae3bdd2aa9c5eda8019e9db18065519c99c33a62c7f12f98e7aed60b153feee9ab73ba1272b4d76aa002da8cd47c6da733c88a0e70d4c3d6752fd366d66efe40870d26fd5d1755883b9489721e1881376628bf6ef89902f35e5e7e31227e2f",
   "k": "dd93e648abfe2ac6c6d46e062ded60b31ec043e55ceca1946ec29508f4c68461"
 }
index ff3f4f3..41d66b3 100644 (file)
@@ -11,7 +11,7 @@ class SessionTest < Test::Unit::TestCase
     session = init_session(client, data)
 
     assert_same_values(data, session.internal_state)
-    assert_equal client, session.authenticate(data[:m].hex)
+    assert_equal client, session.authenticate(data[:m])
     assert_equal({:M2 => data[:m2]}, session.to_hash)
     assert_equal({'M2' => data[:m2]}.to_json, session.to_json)
   end
@@ -26,7 +26,7 @@ class SessionTest < Test::Unit::TestCase
     state.delete(:salt)
 
     assert_same_values(data, state)
-    assert_equal client, session.authenticate(data[:m].hex)
+    assert_equal client, session.authenticate(data[:m])
   end
 
   def test_failing_js_login
@@ -35,7 +35,7 @@ class SessionTest < Test::Unit::TestCase
     session = init_session(client, data)
 
     assert_same_values(data, session.internal_state)
-    assert_equal client, session.authenticate(data[:m].hex)
+    assert_equal client, session.authenticate(data[:m])
   end
 
   def stub_client(data)
@@ -50,11 +50,11 @@ class SessionTest < Test::Unit::TestCase
   end
 
   def init_session(client, data)
-    aa = data[:aa].hex
+    aa = data[:aa]
     b  = data[:b].hex
     session = SRP::Session.new(client, aa)
     # seed b to compare to py_srp
-    session.send(:initialize_server, aa, b)
+    session.send(:initialize_server, aa.hex, b)
     session
   end