diff options
Diffstat (limited to 'lib/srp')
| -rw-r--r-- | lib/srp/authentication.rb | 59 | ||||
| -rw-r--r-- | lib/srp/client.rb | 43 | ||||
| -rw-r--r-- | lib/srp/session.rb | 87 | ||||
| -rw-r--r-- | lib/srp/util.rb | 47 |
4 files changed, 129 insertions, 107 deletions
diff --git a/lib/srp/authentication.rb b/lib/srp/authentication.rb deleted file mode 100644 index 4afe20b..0000000 --- a/lib/srp/authentication.rb +++ /dev/null @@ -1,59 +0,0 @@ -require File.expand_path(File.dirname(__FILE__) + '/util') - -module SRP - module Authentication - - include Util - - class Session - include Util - attr_accessor :aa, :bb - - def initialize(aa, verifier) - @aa = aa - @b = bigrand(32).hex - # B = g^b + k v (mod N) - @bb = (modpow(GENERATOR, @b, PRIME_N) + multiplier * verifier) % PRIME_N - end - - def u - calculate_u(aa, bb, PRIME_N) - end - - # do not cache this - it's secret and someone might store the - # session in a CookieStore - def secret(verifier) - base = (modpow(verifier, u, PRIME_N) * aa) % PRIME_N - modpow(base, @b, PRIME_N) - end - - def m1(verifier) - calculate_m(aa, bb, secret(verifier)) - end - - def m2(m1, verifier) - calculate_m(aa, m1, secret(verifier)) - end - - end - - def initialize_auth(aa) - return Session.new(aa, verifier) - end - - def authenticate!(m, session) - authenticate(m, session) || raise(SRP::WrongPassword) - end - - def authenticate(m, session) - if(m == session.m1(verifier)) - return session.m2(m, verifier) - end - end - - - end - -end - - diff --git a/lib/srp/client.rb b/lib/srp/client.rb index 484d12b..94e36af 100644 --- a/lib/srp/client.rb +++ b/lib/srp/client.rb @@ -5,46 +5,37 @@ module SRP include Util - attr_reader :salt, :verifier + attr_reader :salt, :verifier, :username - def initialize(username, password) + def initialize(username, password, salt = nil) @username = username @password = password - @salt = "5d3055e0acd3ddcfc15".hex # bigrand(10).hex - @multiplier = multiplier # let's cache it + @salt = salt || bigrand(4).hex calculate_verifier end - def authenticate(server, username, password) - x = calculate_x(username, password, salt) - a = bigrand(32).hex - aa = modpow(GENERATOR, a, PRIME_N) # A = g^a (mod N) - bb = server.handshake(username, aa) - u = calculate_u(aa, bb, PRIME_N) - client_s = calculate_client_s(x, a, bb, u) - server.validate(calculate_m(aa, bb, client_s)) + def authenticate(server) + @session = SRP::Session.new(self) + @session.handshake(server) + @session.validate(server) + end + + def private_key + @private_key ||= calculate_private_key end protected + def calculate_verifier - x = calculate_x(@username, @password, @salt) - @verifier = modpow(GENERATOR, x, PRIME_N) - @verifier + @verifier ||= modpow(GENERATOR, private_key) end - def calculate_x(username, password, salt) - shex = '%x' % [salt] - spad = "" # if shex.length.odd? then '0' else '' end - sha256_str(spad + shex + sha256_str([username, password].join(':'))).hex + def calculate_private_key + shex = '%x' % [@salt] + inner = sha256_str([@username, @password].join(':')) + sha256_hex(shex, inner).hex end - def calculate_client_s(x, a, bb, u) - base = bb - base += PRIME_N * @multiplier - base -= modpow(GENERATOR, x, PRIME_N) * @multiplier - base = base % PRIME_N - modpow(base, x * u + a, PRIME_N) - end end end diff --git a/lib/srp/session.rb b/lib/srp/session.rb new file mode 100644 index 0000000..db8d428 --- /dev/null +++ b/lib/srp/session.rb @@ -0,0 +1,87 @@ +require File.expand_path(File.dirname(__FILE__) + '/util') + +module SRP + class Session + include Util + attr_accessor :user, :aa, :bb + + def initialize(user, aa=nil) + @user = user + aa ? initialize_server(aa) : initialize_client + end + + # client -> server: I, A = g^a + def handshake(server) + @bb = server.handshake(user.username, aa) + @u = calculate_u + end + + # client -> server: M = H(H(N) xor H(g), H(I), s, A, B, K) + def validate(server) + server.validate(calculate_m(client_secret)) + end + + def authenticate!(m) + authenticate(m) || raise(SRP::WrongPassword) + end + + def authenticate(m) + if(m == calculate_m(server_secret)) + return calculate_m2 + end + end + + protected + + # only seed b for testing purposes. + def initialize_server(aa, b = nil) + @aa = aa + @b = b || bigrand(32).hex + # B = g^b + k v (mod N) + @bb = (modpow(GENERATOR, @b) + multiplier * @user.verifier) % BIG_PRIME_N + @u = calculate_u + end + + def initialize_client + @a = bigrand(32).hex + @aa = modpow(GENERATOR, @a) # A = g^a (mod N) + end + + # client: K = H( (B - kg^x) ^ (a + ux) ) + def client_secret + base = @bb + # base += BIG_PRIME_N * @multiplier + base -= modpow(GENERATOR, @user.private_key) * multiplier + base = base % BIG_PRIME_N + modpow(base, @user.private_key * @u + @a) + end + + # server: K = H( (Av^u) ^ b ) + # do not cache this - it's secret and someone might store the + # session in a CookieStore + def server_secret + base = (modpow(@user.verifier, @u) * @aa) % BIG_PRIME_N + modpow(base, @b) + end + + # this is outdated - SRP 6a uses + # M = H(H(N) xor H(g), H(I), s, A, B, K) + def calculate_m(secret) + @k = sha256_int(secret).hex + n_xor_g_long = hn_xor_hg.bytes.map{|b| "%02x" % b.ord}.join.hex + username_hash = sha256_str(@user.username).hex + @m = sha256_int(n_xor_g_long, username_hash, @user.salt, @aa, @bb, @k).hex + end + + def calculate_m2 + sha256_int(@aa, @m, @k).hex + end + + def calculate_u + sha256_int(@aa, @bb).hex + end + end +end + + + diff --git a/lib/srp/util.rb b/lib/srp/util.rb index bf4c248..1e4beac 100644 --- a/lib/srp/util.rb +++ b/lib/srp/util.rb @@ -10,7 +10,7 @@ module SRP 115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3 EOS - BIG_PRIME_N = <<-EOS # 1024 bits modulus (N) + BIG_PRIME_N = <<-EOS.split.join.hex # 1024 bits modulus (N) eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c25657 6d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089da d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5 @@ -19,8 +19,12 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5 EOS GENERATOR = 2 # g + def hn_xor_hg + byte_xor_hex(sha256_int(BIG_PRIME_N), sha256_int(GENERATOR)) + end + # a^n (mod m) - def modpow(a, n, m) + def modpow(a, n, m = BIG_PRIME_N) r = 1 while true r = r * a % m if n[0] == 1 @@ -30,8 +34,15 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5 end end - def sha256_hex(h) - Digest::SHA2.hexdigest([h].pack('H*')) + # Hashes the (long) int args + def sha256_int(*args) + sha256_hex(*args.map{|a| "%02x" % a}) + end + + # Hashes the hex args + def sha256_hex(*args) + h = args.join('') + sha256_str([h].pack('H*')) end def sha256_str(s) @@ -43,34 +54,26 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5 end def multiplier - return "c46d46600d87fef149bd79b81119842f3c20241fda67d06ef412d8f6d9479c58".hex % PRIME_N @k ||= calculate_multiplier end protected def calculate_multiplier - n = PRIME_N - g = GENERATOR - nhex = '%x' % [n] - nlen = nhex.length + (nhex.length.odd? ? 1 : 0 ) - ghex = '%x' % [g] - hashin = '0' * (nlen - nhex.length) + nhex \ - + '0' * (nlen - ghex.length) + ghex - sha256_hex(hashin).hex % n + sha256_int(BIG_PRIME_N, GENERATOR).hex end - def calculate_m(aa, bb, s) - hashin = '%x%x%x' % [aa, bb, s] - sha256_str(hashin).hex + # turn two hex strings into byte arrays and xor them + # + # returns byte array + def byte_xor_hex(a, b) + a = [a].pack('H*') + b = [b].pack('H*') + a.bytes.each_with_index.map do |a_byte, i| + (a_byte ^ (b[i] || 0)).chr + end.join end - def calculate_u(aa, bb, n) - nlen = 2 * ((('%x' % [n]).length * 4 + 7) >> 3) - aahex = '%x' % [aa] - bbhex = '%x' % [bb] - return sha256_str("%x%x" % [aa, bb]).hex - end end end |