summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/ruby-srp.rb2
-rw-r--r--lib/srp/authentication.rb59
-rw-r--r--lib/srp/client.rb43
-rw-r--r--lib/srp/session.rb87
-rw-r--r--lib/srp/util.rb47
5 files changed, 131 insertions, 107 deletions
diff --git a/lib/ruby-srp.rb b/lib/ruby-srp.rb
index 7cbe06f..383cbca 100644
--- a/lib/ruby-srp.rb
+++ b/lib/ruby-srp.rb
@@ -10,6 +10,8 @@ $:.unshift File.dirname(__FILE__)
module SRP
autoload :Client, 'srp/client'
autoload :Authentication, 'srp/authentication'
+ autoload :Util, 'srp/util'
+ autoload :Session, 'srp/session'
class WrongPassword < StandardError
end
end
diff --git a/lib/srp/authentication.rb b/lib/srp/authentication.rb
deleted file mode 100644
index 4afe20b..0000000
--- a/lib/srp/authentication.rb
+++ /dev/null
@@ -1,59 +0,0 @@
-require File.expand_path(File.dirname(__FILE__) + '/util')
-
-module SRP
- module Authentication
-
- include Util
-
- class Session
- include Util
- attr_accessor :aa, :bb
-
- def initialize(aa, verifier)
- @aa = aa
- @b = bigrand(32).hex
- # B = g^b + k v (mod N)
- @bb = (modpow(GENERATOR, @b, PRIME_N) + multiplier * verifier) % PRIME_N
- end
-
- def u
- calculate_u(aa, bb, PRIME_N)
- end
-
- # do not cache this - it's secret and someone might store the
- # session in a CookieStore
- def secret(verifier)
- base = (modpow(verifier, u, PRIME_N) * aa) % PRIME_N
- modpow(base, @b, PRIME_N)
- end
-
- def m1(verifier)
- calculate_m(aa, bb, secret(verifier))
- end
-
- def m2(m1, verifier)
- calculate_m(aa, m1, secret(verifier))
- end
-
- end
-
- def initialize_auth(aa)
- return Session.new(aa, verifier)
- end
-
- def authenticate!(m, session)
- authenticate(m, session) || raise(SRP::WrongPassword)
- end
-
- def authenticate(m, session)
- if(m == session.m1(verifier))
- return session.m2(m, verifier)
- end
- end
-
-
- end
-
-end
-
-
diff --git a/lib/srp/client.rb b/lib/srp/client.rb
index 484d12b..94e36af 100644
--- a/lib/srp/client.rb
+++ b/lib/srp/client.rb
@@ -5,46 +5,37 @@ module SRP
include Util
- attr_reader :salt, :verifier
+ attr_reader :salt, :verifier, :username
- def initialize(username, password)
+ def initialize(username, password, salt = nil)
@username = username
@password = password
- @salt = "5d3055e0acd3ddcfc15".hex # bigrand(10).hex
- @multiplier = multiplier # let's cache it
+ @salt = salt || bigrand(4).hex
calculate_verifier
end
- def authenticate(server, username, password)
- x = calculate_x(username, password, salt)
- a = bigrand(32).hex
- aa = modpow(GENERATOR, a, PRIME_N) # A = g^a (mod N)
- bb = server.handshake(username, aa)
- u = calculate_u(aa, bb, PRIME_N)
- client_s = calculate_client_s(x, a, bb, u)
- server.validate(calculate_m(aa, bb, client_s))
+ def authenticate(server)
+ @session = SRP::Session.new(self)
+ @session.handshake(server)
+ @session.validate(server)
+ end
+
+ def private_key
+ @private_key ||= calculate_private_key
end
protected
+
def calculate_verifier
- x = calculate_x(@username, @password, @salt)
- @verifier = modpow(GENERATOR, x, PRIME_N)
- @verifier
+ @verifier ||= modpow(GENERATOR, private_key)
end
- def calculate_x(username, password, salt)
- shex = '%x' % [salt]
- spad = "" # if shex.length.odd? then '0' else '' end
- sha256_str(spad + shex + sha256_str([username, password].join(':'))).hex
+ def calculate_private_key
+ shex = '%x' % [@salt]
+ inner = sha256_str([@username, @password].join(':'))
+ sha256_hex(shex, inner).hex
end
- def calculate_client_s(x, a, bb, u)
- base = bb
- base += PRIME_N * @multiplier
- base -= modpow(GENERATOR, x, PRIME_N) * @multiplier
- base = base % PRIME_N
- modpow(base, x * u + a, PRIME_N)
- end
end
end
diff --git a/lib/srp/session.rb b/lib/srp/session.rb
new file mode 100644
index 0000000..db8d428
--- /dev/null
+++ b/lib/srp/session.rb
@@ -0,0 +1,87 @@
+require File.expand_path(File.dirname(__FILE__) + '/util')
+
+module SRP
+ class Session
+ include Util
+ attr_accessor :user, :aa, :bb
+
+ def initialize(user, aa=nil)
+ @user = user
+ aa ? initialize_server(aa) : initialize_client
+ end
+
+ # client -> server: I, A = g^a
+ def handshake(server)
+ @bb = server.handshake(user.username, aa)
+ @u = calculate_u
+ end
+
+ # client -> server: M = H(H(N) xor H(g), H(I), s, A, B, K)
+ def validate(server)
+ server.validate(calculate_m(client_secret))
+ end
+
+ def authenticate!(m)
+ authenticate(m) || raise(SRP::WrongPassword)
+ end
+
+ def authenticate(m)
+ if(m == calculate_m(server_secret))
+ return calculate_m2
+ end
+ end
+
+ protected
+
+ # only seed b for testing purposes.
+ def initialize_server(aa, b = nil)
+ @aa = aa
+ @b = b || bigrand(32).hex
+ # B = g^b + k v (mod N)
+ @bb = (modpow(GENERATOR, @b) + multiplier * @user.verifier) % BIG_PRIME_N
+ @u = calculate_u
+ end
+
+ def initialize_client
+ @a = bigrand(32).hex
+ @aa = modpow(GENERATOR, @a) # A = g^a (mod N)
+ end
+
+ # client: K = H( (B - kg^x) ^ (a + ux) )
+ def client_secret
+ base = @bb
+ # base += BIG_PRIME_N * @multiplier
+ base -= modpow(GENERATOR, @user.private_key) * multiplier
+ base = base % BIG_PRIME_N
+ modpow(base, @user.private_key * @u + @a)
+ end
+
+ # server: K = H( (Av^u) ^ b )
+ # do not cache this - it's secret and someone might store the
+ # session in a CookieStore
+ def server_secret
+ base = (modpow(@user.verifier, @u) * @aa) % BIG_PRIME_N
+ modpow(base, @b)
+ end
+
+ # this is outdated - SRP 6a uses
+ # M = H(H(N) xor H(g), H(I), s, A, B, K)
+ def calculate_m(secret)
+ @k = sha256_int(secret).hex
+ n_xor_g_long = hn_xor_hg.bytes.map{|b| "%02x" % b.ord}.join.hex
+ username_hash = sha256_str(@user.username).hex
+ @m = sha256_int(n_xor_g_long, username_hash, @user.salt, @aa, @bb, @k).hex
+ end
+
+ def calculate_m2
+ sha256_int(@aa, @m, @k).hex
+ end
+
+ def calculate_u
+ sha256_int(@aa, @bb).hex
+ end
+ end
+end
+
+
+
diff --git a/lib/srp/util.rb b/lib/srp/util.rb
index bf4c248..1e4beac 100644
--- a/lib/srp/util.rb
+++ b/lib/srp/util.rb
@@ -10,7 +10,7 @@ module SRP
115b8b692e0e045692cf280b436735c77a5a9e8a9e7ed56c965f87db5b2a2ece3
EOS
- BIG_PRIME_N = <<-EOS # 1024 bits modulus (N)
+ BIG_PRIME_N = <<-EOS.split.join.hex # 1024 bits modulus (N)
eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c25657
6d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089da
d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5
@@ -19,8 +19,12 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5
EOS
GENERATOR = 2 # g
+ def hn_xor_hg
+ byte_xor_hex(sha256_int(BIG_PRIME_N), sha256_int(GENERATOR))
+ end
+
# a^n (mod m)
- def modpow(a, n, m)
+ def modpow(a, n, m = BIG_PRIME_N)
r = 1
while true
r = r * a % m if n[0] == 1
@@ -30,8 +34,15 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5
end
end
- def sha256_hex(h)
- Digest::SHA2.hexdigest([h].pack('H*'))
+ # Hashes the (long) int args
+ def sha256_int(*args)
+ sha256_hex(*args.map{|a| "%02x" % a})
+ end
+
+ # Hashes the hex args
+ def sha256_hex(*args)
+ h = args.join('')
+ sha256_str([h].pack('H*'))
end
def sha256_str(s)
@@ -43,34 +54,26 @@ d15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e5
end
def multiplier
- return "c46d46600d87fef149bd79b81119842f3c20241fda67d06ef412d8f6d9479c58".hex % PRIME_N
@k ||= calculate_multiplier
end
protected
def calculate_multiplier
- n = PRIME_N
- g = GENERATOR
- nhex = '%x' % [n]
- nlen = nhex.length + (nhex.length.odd? ? 1 : 0 )
- ghex = '%x' % [g]
- hashin = '0' * (nlen - nhex.length) + nhex \
- + '0' * (nlen - ghex.length) + ghex
- sha256_hex(hashin).hex % n
+ sha256_int(BIG_PRIME_N, GENERATOR).hex
end
- def calculate_m(aa, bb, s)
- hashin = '%x%x%x' % [aa, bb, s]
- sha256_str(hashin).hex
+ # turn two hex strings into byte arrays and xor them
+ #
+ # returns byte array
+ def byte_xor_hex(a, b)
+ a = [a].pack('H*')
+ b = [b].pack('H*')
+ a.bytes.each_with_index.map do |a_byte, i|
+ (a_byte ^ (b[i] || 0)).chr
+ end.join
end
- def calculate_u(aa, bb, n)
- nlen = 2 * ((('%x' % [n]).length * 4 + 7) >> 3)
- aahex = '%x' % [aa]
- bbhex = '%x' % [bb]
- return sha256_str("%x%x" % [aa, bb]).hex
- end
end
end