1 files changed, 24 insertions, 18 deletions

diff --git a/lib/srp/session.rb b/lib/srp/session.rb
index abf91cc..53d9a33 100644
--- a/lib/srp/session.rb
+++ b/lib/srp/session.rb
@@ -3,6 +3,9 @@ module SRP
     include SRP::Util
     attr_accessor :user
 
+    # params:
+    # user: user object that represents and account (username, salt, verifier)
+    # aa: SRPs A ephemeral value. encoded as a hex string.
     def initialize(user, aa=nil)
       @user = user
       aa ? initialize_server(aa) : initialize_client
@@ -31,9 +34,9 @@ module SRP
 
     def to_hash
       if @authenticated
-        { :M2 => m2.to_s(16) }
+        { :M2 => m2 }
       else
-        { :B => bb.to_s(16),
+        { :B => bb,
 #         :b => @b.to_s(16),    # only use for debugging
           :salt => @user.salt.to_s(16)
         }
@@ -50,26 +53,29 @@ module SRP
         username: @user.username,
         salt: @user.salt.to_s(16),
         verifier: @user.verifier.to_s(16),
-        aa: aa.to_s(16),
-        bb: bb.to_s(16),
+        aa: aa,
+        bb: bb,
         s: secret.to_s(16),
-        k: k.to_s(16),
-        m: m.to_s(16),
-        m2: m2.to_s(16)
+        k: k,
+        m: m,
+        m2: m2
       }
     end
 
     def aa
-      @aa ||= modpow(GENERATOR, @a) # A = g^a (mod N)
+      @aa ||= modpow(GENERATOR, @a).to_s(16) # A = g^a (mod N)
     end
 
     # B = g^b + k v (mod N)
     def bb
-      @bb ||= (modpow(GENERATOR, @b) + multiplier * @user.verifier) % BIG_PRIME_N
+      @bb ||= calculate_bb.to_s(16)
     end
 
     protected
 
+    def calculate_bb
+      (modpow(GENERATOR, @b) + multiplier * @user.verifier) % BIG_PRIME_N
+    end
 
     # only seed b for testing purposes.
     def initialize_server(aa, ephemeral = nil)
@@ -89,45 +95,45 @@ module SRP
 
     # client: K = H( (B - kg^x) ^ (a + ux) )
     def client_secret
-      base = bb
+      base = bb.hex
       # base += BIG_PRIME_N * @multiplier
       base -= modpow(GENERATOR, @user.private_key) * multiplier
       base = base % BIG_PRIME_N
-      modpow(base, @user.private_key * u + @a)
+      modpow(base, @user.private_key * u.hex + @a)
     end
 
     # server: K = H( (Av^u) ^ b )
     # do not cache this - it's secret and someone might store the
     # session in a CookieStore
     def server_secret
-      base = (modpow(@user.verifier, u) * aa) % BIG_PRIME_N
+      base = (modpow(@user.verifier, u.hex) * aa.hex) % BIG_PRIME_N
       modpow(base, @b)
     end
 
     # SRP 6a uses
     # M = H(H(N) xor H(g), H(I), s, A, B, K)
     def m
-      @m ||= sha256_int(n_xor_g_long, login_hash, @user.salt, aa, bb, k).hex
+      @m ||= sha256_hex(n_xor_g_long, login_hash, @user.salt.to_s(16), aa, bb, k)
     end
 
     def m2
-      @m2 ||= sha256_int(aa, m, k).hex
+      @m2 ||= sha256_hex(aa, m, k)
     end
 
     def k
-      @k ||= sha256_int(secret).hex
+      @k ||= sha256_int(secret)
     end
 
     def n_xor_g_long
-      @n_xor_g_long ||= hn_xor_hg.bytes.map{|b| "%02x" % b.ord}.join.hex
+      @n_xor_g_long ||= hn_xor_hg.bytes.map{|b| "%02x" % b.ord}.join
     end
 
     def login_hash
-      @login_hash ||= sha256_str(@user.username).hex
+      @login_hash ||= sha256_str(@user.username)
     end
 
     def u
-      @u ||= sha256_int(aa, bb).hex
+      @u ||= sha256_hex(aa, bb)
     end
 
   end