summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/srp/authentication.rb68
-rw-r--r--lib/srp/session.rb14
-rw-r--r--test/auth_test.rb18
3 files changed, 15 insertions, 85 deletions
diff --git a/lib/srp/authentication.rb b/lib/srp/authentication.rb
deleted file mode 100644
index c87fe1d..0000000
--- a/lib/srp/authentication.rb
+++ /dev/null
@@ -1,68 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + '/util')
-
-module SRP
- module Authentication
-
- include Util
-
- class Session
- include Util
- attr_accessor :aa, :bb
-
- def initialize(aa, verifier)
- @aa = aa
- @b = bigrand(32).hex
- # B = g^b + k v (mod N)
- @bb = (modpow(GENERATOR, @b) + multiplier * verifier) % BIG_PRIME_N
- end
-
- def u
- @u ||= calculate_u
- end
-
- # do not cache this - it's secret and someone might store the
- # session in a CookieStore
- def secret(verifier)
- base = (modpow(verifier, u) * aa) % BIG_PRIME_N
- modpow(base, @b)
- end
-
- def m1(verifier)
- calculate_m(secret(verifier))
- end
-
- def m2(m1, verifier)
- sha256_int(@aa, m1, secret(verifier)).hex
- end
-
- protected
- def calculate_u
- sha256_int(@aa, @bb).hex
- end
-
- def calculate_m(s)
- sha256_int(@aa, @bb, s).hex
- end
-
- end
-
- def initialize_auth(aa)
- return Session.new(aa, verifier)
- end
-
- def authenticate!(m, session)
- authenticate(m, session) || raise(SRP::WrongPassword)
- end
-
- def authenticate(m, session)
- if(m == session.m1(verifier))
- return session.m2(m, verifier)
- end
- end
-
-
- end
-
-end
-
-
diff --git a/lib/srp/session.rb b/lib/srp/session.rb
index b61058b..367f5e2 100644
--- a/lib/srp/session.rb
+++ b/lib/srp/session.rb
@@ -27,7 +27,7 @@ module SRP
def authenticate(m)
if(m == calculate_m(server_secret))
- return m2
+ return calculate_m2(m, server_secret)
end
end
@@ -63,20 +63,16 @@ module SRP
modpow(base, @b)
end
- def m1
- calculate_m(server_secret)
- end
-
- def m2
- sha256_int(@aa, m1, server_secret).hex
- end
-
# this is outdated - SRP 6a uses
# M = H(H(N) xor H(g), H(I), s, A, B, K)
def calculate_m(s)
sha256_int(@aa, @bb, s).hex
end
+ def calculate_m2(m, secret)
+ sha256_int(@aa, m, secret).hex
+ end
+
def calculate_u
sha256_int(@aa, @bb).hex
end
diff --git a/test/auth_test.rb b/test/auth_test.rb
index c1bffd0..24bc42f 100644
--- a/test/auth_test.rb
+++ b/test/auth_test.rb
@@ -1,23 +1,25 @@
require File.expand_path(File.dirname(__FILE__) + '/test_helper')
-class User
+# single user test server.
+# You obviously want sth. different for real life.
+class Server
- include SRP::Authentication
+ attr_accessor :salt, :verifier, :username
- attr_accessor :salt, :verifier
-
- def initialize(salt, verifier)
+ def initialize(salt, verifier, username)
@salt = salt
@verifier = verifier
+ @username = username
end
def handshake(login, aa)
- @session = initialize_auth(aa)
+ # this can be serialized and needs to be persisted between requests
+ @session = SRP::Session.new(self, aa)
return @session.bb
end
def validate(m)
- authenticate(m, @session)
+ @session.authenticate(m)
end
end
@@ -28,7 +30,7 @@ class AuthTest < Test::Unit::TestCase
@username = 'user'
@password = 'opensesami'
@client = SRP::Client.new(@username, @password)
- @server = User.new(@client.salt, @client.verifier)
+ @server = Server.new(@client.salt, @client.verifier, @username)
end
def test_successful_auth